Download Print this page

Alcatel-Lucent 7450 ESS OS Configuration Manual

Hide thumbs Also See for 7450 ESS OS:

Quality of service manual (774 pages)

Table Of Contents

page of 480

/ 480
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual

7450 ESS OS

Router Configuration Guide

Software Version: 7450 ESS OS 9.0R1

March 2011

Document Part Number: 93-0103-08-01

*93-0103-08-01 *

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the 7450 ESS OS and is the answer not in the manual?

Questions and answers

Summary of Contents for Alcatel-Lucent 7450 ESS OS

Page 1 7450 ESS OS Router Configuration Guide Software Version: 7450 ESS OS 9.0R1 March 2011 Document Part Number: 93-0103-08-01 *93-0103-08-01 *...
Page 2 Except as specifically permitted herein, no portion of the provided information can be reproduced in any form, or by any means, without prior written permission from Alcatel-Lucent. Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners.
Page 3: Table Of Contents
Getting Started Alcatel-Lucent 7450 ESS-Series Router Configuration Process ....... .17 IP Router Configuration Configuring IP Router Parameters .
Page 4 Route Unknown Priority Event ........... .221 Page 4 7450 ESS OS Router Configuration Guide...
Page 5 Applying Filter Policies ............301 7450 ESS OS Router Configuration Guide...
Page 6 Global Filter Commands............362 Page 6 7450 ESS OS Router Configuration Guide...
Page 7 Clear Commands..............473 7450 ESS OS Router Configuration Guide...
Page 8 ................481 Page 8 7450 ESS OS Router Configuration Guide...
Page 9 Show Cflowd Status Output Fields ..........471 7450 ESS OS Router Configuration Guide...
Page 10 List of Tables Page 10 7450 ESS OS Router Configuration Guide...
Page 11 Cflowd Configuration and Implementation Flow ........432 7450 ESS OS Router Configuration Guide...
Page 12 List of Figures Page 12 7450 ESS OS Router Configuration Guide...
Page 13: Preface
About This Guide This guide describes logical IP routing interfaces, virtual routers, IP and MAC-based filtering, and cflowd support provided by the 7450 ESS OS and presents configuration and implementation examples. This document is organized into functional chapters and provides concepts and descriptions of the implementation flow, as well as Command Line Interface (CLI) syntax and command usage.
Page 14: List Of Technical Publications
Preface List of Technical Publications The 7450 ESS documentation set is composed of the following books: • 7450 ESS OS Basic System Configuration Guide This guide describes basic system configurations and operations. • 7450 ESS OS System Management Guide This guide describes system security and access configurations as well as event logging and accounting logs.
Page 15: Technical Support
If you purchased a service agreement for your router and related products from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased an Alcatel-Lucent service agreement, contact your welcome center at: Web: http://www1.alcatel-lucent.com/comps/pages/carrier_support.jhtml...
Page 16 Preface Page 16 7450 ESS OS Router Configuration Guide...
Page 17: Getting Started
VRRP on page 203 tion IP and MAC filters Filter Policies on page 299 Cflowd Cflowd on page 425 Reference List of IEEE, IETF, and other Standards and Protocol Support on page 475 proprietary entities. 7450 ESS OS Router Configuration Guide Page 17...
Page 18: Getting Started
Getting Started Page 18 7450 ESS OS Router Configuration Guide...
Page 19: Ip Router Configuration
Interfaces on page 20 → Autonomous Systems (AS) on page 25 → Confederations on page 26 → Proxy ARP on page 28 → Bi-directional Forwarding Detection on page 31 • Configuration Notes on page 29 Page 19 7450 ESS OS Router Configuration Guide...
Page 20: Configuring Ip Router Parameters
Confederations on page 26 • Proxy ARP on page 28 Refer to 7450 ESS OS Triple Play Guide for information about DHCP and support provided by the 7450 ESS as well as configuration examples. on page 33 Interfaces 7450 ESS-Series routers use different types of interfaces for various functions. Interfaces must be configured with parameters such as the interface type (network and system) and address.
Page 21: Network Domains
This means that all SAPs in VPLS will have queue reaching all fwd- complexes serving interfaces that belong to the same network-domains as the SDPs. It is possible to assign/remove network-domain association of the interface/SDP without requiring deletion of the respective object. 7450 ESS OS Router Configuration Guide Page 21...
Page 22: System Interface
The system interface is also referred to as the loopback address and is used as the router identifier. A system interface must have an IP address with a 32- bit subnet mask. Page 22 7450 ESS OS Router Configuration Guide...
Page 23: Creating An Ip Address Range
10.10.0.0/16, and a new service prefix is configured as 10.10.10.0/24, then the 10.10.0.0/16 entry will be removed, provided that no services are configured that use 10.10.x.x addresses other than 10.10.10.x. 7450 ESS OS Router Configuration Guide Page 23...
Page 24: Router Id
If neither the system interface or router ID are implicitly specified, then the router ID is inherited from the last four bytes of the MAC address. • The router can be derived on the protocol level; for example, BGP. Page 24 7450 ESS OS Router Configuration Guide...
Page 25: Autonomous Systems (As)
AS path, with other ASs using BGP. Routing tables contain lists of next hops, reachable addresses, and associated path cost metrics to each router. BGP uses the information and path attributes to compile a network topology. 7450 ESS OS Router Configuration Guide Page 25...
Page 26: Confederations
To migrate from a non-confederation configuration to a confederation configuration requires a major topology change and configuration modifications on each participating router. Setting BGP policies to select an optimal path through a confederation requires other BGP modifications. Page 26 7450 ESS OS Router Configuration Guide...
Page 27: Figure 1: Confederation Configuration
AS 200 AS 300 Confederation Member 1 Confederation Member 3 ALA-B ALA-C ALA-E ALA-F AS 100 ALA-A ALA-D ALA-G AS 400 Confederation Member 2 AS 500 ALA-H SRSG005 Figure 1: Confederation Configuration 7450 ESS OS Router Configuration Guide Page 27...
Page 28: Proxy Arp
Static ARP is used when a 7450 ESS OS needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the configuration can state that if it has a packet with a certain IP address to send it to the corresponding ARP address.
Page 29: Dhcp Relay
IP Router Configuration DHCP Relay Refer to 7450 ESS OS Triple Play Guide for information about DHCP and support provided by the 7450 ESS as well as configuration examples. 7450 ESS OS Router Configuration Guide Page 29...
Page 30: Internet Protocol Versions
Configuring IP Router Parameters Internet Protocol Versions The TiMOS implements IP routing functionality, providing support for IP version 4 (IPv4): Page 30 7450 ESS OS Router Configuration Guide...
Page 31: Bi-Directional Forwarding Detection
IP TTL should be 255 but can still be processed if it is not (assuming the packet passes the enabled authentication mechanism). If multiple BFD sessions exist between two nodes, the BFD discriminator is used to de-multiplex the BFD control packet to the appropriate BFD session. 7450 ESS OS Router Configuration Guide Page 31...
Page 32: Table 3: Bfd Control Packet Field Descriptions
BFD session for some reason. Otherwise, during normal operation, it is set to 1. D Bit The “demand mode” bit. (Not supported) P Bit The poll bit. If set, the transmitting system is requesting verification of connectivity, or of a parameter change. Page 32 7450 ESS OS Router Configuration Guide...
Page 33 This is the minimum interval, in microseconds, between received BFD echo Interval packets that this system is capable of supporting. If this value is zero, the transmitting system does not support the receipt of BFD echo packets. 7450 ESS OS Router Configuration Guide Page 33...
Page 34: Bfd For Rsvp-Te
As a result, it relies on the echo sender to send a high rate of BFD echo messages through the receiver node, which is only processed by the receiver’s forwarding path. This allows the echo sender to send BFD echo packets at any rate. Page 34 7450 ESS OS Router Configuration Guide...
Page 35: Bfd Support For Bgp
Spoke Headend Router Headend Router Secondary Path IES/ IES/ Note: VPRN VPRN In this case BFD is run between the IES/VPRN interfaces Metro Metro Figure 3: BFD for IES/VPRN over Spoke SDP 7450 ESS OS Router Configuration Guide Page 35...
Page 36: Figure 4: Bfd Over Lag
L2 Switch LAG i/f LAG i/f LAG i/f Note: In this case BFD is run between the IES interfaces independent of the LAG or its members Fig_32A Figure 4: BFD over LAG Page 36 7450 ESS OS Router Configuration Guide...
Page 37: Process Overview
Autonomous system — (Optional) An autonomous system (AS) is a collection of networks that are subdivided into smaller, more manageable areas. • Confederation — (Optional) Creates confederation autonomous systems within an AS to reduce the number of IBGP sessions required within an AS. 7450 ESS OS Router Configuration Guide Page 37...
Page 38: Configuration Notes
A system interface and associated IP address should be specified. • Boot options file (BOF) parameters must be configured prior to configuring router parameters. • Confederations can be configured before protocol connections (such as BGP) and peering parameters are configured. Page 38 7450 ESS OS Router Configuration Guide...
Page 39: Configuring An Ip Router With Cli
Service Management Tasks on page 46 • Service Management Tasks on page 46 → Changing the System Name on page 46 → Modifying Interface Parameters on page 47 → Deleting a Logical IP Interface on page 48 7450 ESS OS Router Configuration Guide Page 39...
Page 40: Router Configuration Overview
“1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. To create an interface on an Alcatel-Lucent 7450 ESS-Series router, the basic configuration tasks that must be performed are: •...
Page 41: Basic Configuration
# Router Configuration #------------------------------------------ router interface "system" address 10.10.10.103/32 exit interface "to-104" address 10.0.0.103/24 port 1/1/1 exit exit autonomous-system 100 confederation 1000 members 100 200 300 router-id 10.10.10.103 exit isis exit #------------------------------------------ A:ALA-A> config# 7450 ESS OS Router Configuration Guide Page 41...
Page 42: Common Configuration Tasks
The following example displays the system name output. A:ALA-A>config>system# info #------------------------------------------ # System Configuration #------------------------------------------ name "ALA-A" location "Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." snmp exit . . . exit ---------------------------------------------- Page 42 7450 ESS OS Router Configuration Guide...
Page 43: Configuring Interfaces
To configure a network interface: CLI Syntax: config>router interface interface-name address ip-addr{/mask-length | mask} [broadcast {all- ones | host-ones}] cflowd {acl | interface} egress filter ip ip-filter-id ingress filter ip ip-filter-id port port-name 7450 ESS OS Router Configuration Guide Page 43...
Page 44 To enable CPU protection: CLI Syntax: config>router interface interface-name cpu-protection policy-id CPU protection policies are configured in the config>sys>security>cpu-protection context. See the 7750 SR OS MG System Management Guide7450 ESS OS System Management Guide. Page 44 7450 ESS OS Router Configuration Guide...
Page 45: Router Advertisement
The following displays a router advertisement configuration example. *A:sim131>config>router>router-advert# info ---------------------------------------------- interface "n1" prefix 3::/64 exit use-virtual-mac no shutdown exit ---------------------------------------------- *A:sim131>config>router>router-advert# interface n1 *A:sim131>config>router>router-advert>if# prefix 3::/64 *A:sim131>config>router>router-advert>if>prefix# info detail ---------------------------------------------- autonomous on-link preferred-lifetime 604800 valid-lifetime 2592000 ---------------------------------------------- *A:tahi>config>router>router-advert>if>prefix# 7450 ESS OS Router Configuration Guide Page 45...
Page 46: Configuring Proxy Arp
→ In the policy statement entry>from context, specify network prefixes that ARP requests will or will not be forwarded to depending on the action if a match is found. For more information about route policies, refer to the 7450 ESS OS Routing Protocols Guide.
Page 47 "prefixlist2" exit action reject exit default-action accept exit exit ---------------------------------------------- A:ALA-49>config>router>policy-options# Use the following CLI to configure proxy ARP: CLI Syntax: config>router>interface interface-name local-proxy-arp proxy-arp-policy policy-name [policy-name...(upto 5 max)] remote-proxy-arp 7450 ESS OS Router Configuration Guide Page 47...
Page 48 Common Configuration Tasks The following displays a proxy ARP configuration example: A:ALA-49>config>router>if# info ---------------------------------------------- address 128.251.10.59/24 local-proxy-arp proxy-arp policy-statement "ProxyARPpolicy" exit ---------------------------------------------- A:ALA-49>config>router>if# Page 48 7450 ESS OS Router Configuration Guide...
Page 49: Creating An Ip Address Range
All user and specified control packets for which the longest prefix match in RTM yields the FEC prefix will be forwarded over the LDP LSP. The following is an example of the resolution process. 7450 ESS OS Router Configuration Guide Page 49...
Page 50 When ECMP is enabled and multiple equal-cost next-hops exit for the IGP route, the ingress IOM will spray the packets for this route based on hashing routine currently supported for IPv4 packets. Page 50 7450 ESS OS Router Configuration Guide...
Page 51 IGP route resolution. BGP will continue to resolve a BGP next-hop to an LDP shortcut if the user enabled the LDP shortcut option in BGP BGP-Shortcut: CLI Syntax: config>router>bgp>igp-shortcut ldp 7450 ESS OS Router Configuration Guide Page 51...
Page 52 FEC origination of IGP learned routes and subscriber/host routes statically configured or dynamically learned over subscriber IES interfaces. An LDP LSP used as a shortcut by IPv4 packets may also be tunneled using the LDP-over-RSVP feature. Page 52 7450 ESS OS Router Configuration Guide...
Page 53: Deriving The Router Id
{ip-address/mask | ip-address netmask} [broad- cast all-ones | host-ones] The following example displays a router ID configuration: A:ALA-4>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.0.4/32 exit . . . router-id 10.10.0.4 #------------------------------------------ A:ALA-4>config>router# 7450 ESS OS Router Configuration Guide Page 53...
Page 54: Configuring A Confederation
A:ALA-B>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.10.103/32 exit interface "to-104" shutdown address 10.0.0.103/24 port 1/1/1 exit autonomous-system 100 confederation 2002 members 200 300 400 router-id 10.10.10.103 #------------------------------------------ A:ALA-B>config>router# Page 54 7450 ESS OS Router Configuration Guide...
Page 55: Configuring An Autonomous System
The following displays an autonomous system configuration example: A;ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.10.103/32 exit interface "to-104" address 10.0.0.103/24 port 1/1/1 exit exit autonomous-system 100 router-id 10.10.10.103 #------------------------------------------ A:ALA-A>config>router# 7450 ESS OS Router Configuration Guide Page 55...
Page 56: Configuring Overload State On A Single Sfm
IGP will cause PIM to join the new path and prune the old path, which effectively reroutes the multicast traffic downstream. When the problem is resolved, the overload condition is cleared, which will cause the traffic to be routed back to the router. Page 56 7450 ESS OS Router Configuration Guide...
Page 57: Service Management Tasks
"TGIF" location "Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." synchronize snmp exit security snmp community "private" rwa version both exit exit . . . ---------------------------------------------- A:TGIF>config>system# 7450 ESS OS Router Configuration Guide Page 57...
Page 58: Modifying Interface Parameters
A:ALA-A>config>router>if# no shutdown The following example displays the interface configuration: A:ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.0.0.103/32 exit interface "to-sr1" address 10.0.0.25/24 port 1/1/2 exit router-id 10.10.0.3 #------------------------------------------ A:ALA-A>config>router# Page 58 7450 ESS OS Router Configuration Guide...
Page 59: Deleting A Logical Ip Interface
2. After the interface has been shut down, it can then be deleted with the no interface command. CLI Syntax: config>router no interface ip-int-name Example config>router# interface test-interface config>router>if# shutdown config>router>if# exit config>router# no interface test-interface config>router# 7450 ESS OS Router Configuration Guide Page 59...
Page 60 Service Management Tasks Page 60 7450 ESS OS Router Configuration Guide...
Page 61: Ip Router Command Reference
• Router Interface Commands on page 63 • Router Advertisement Commands on page 67 • Show Commands on page 64 • Clear Commands on page 65 • Debug Commands on page 65 7450 ESS OS Router Configuration Guide Page 61...
Page 62 [tag tag] [enable | disable] indirect ip-address [ldp | rsvp-te [disallow-igp]] [cpe-check cpe-ip-address [interval seconds] [drop-count count] [log]] — [no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [met- ric metric] [tag tag] [enable | disable] black-hole [mcast-family] — [no] triggered-policy Page 62 7450 ESS OS Router Configuration Guide...
Page 63 — [no] proxy-authentication — [no] proxy-lcp — user-db local-user-db-name — no user-db — session-assign-method weighted — no session-assign-method — session-limit session-limit — no session-limit — tunnel tunnel-name [create] — no tunnel tunnel-name 7450 ESS OS Router Configuration Guide Page 63...
Page 64 — remote-name host-name — no remote-name — session-limit session-limit — no session-limit — [no] shutdown — peer-address-change-policy {accept | ignore | reject} — receive-window-size [4..1024] — no receive-window-size — [no] shutdown Page 64 7450 ESS OS Router Configuration Guide...
Page 65 — [no] multihoming primary|secondary [hold-time holdover-time] — network-domain network-domain-name — no network-domain — [no] ntp-broadcast — port port-name — no port — [no] proxy-arp-policy — network-policy-id [queue-redirect-group queue-group-name] — no — [no] remote-proxy-arp 7450 ESS OS Router Configuration Guide Page 65...
Page 66 — [no] strip-label — tos-marking-state {trusted | untrusted} — no tos-marking-state — unnumbered [ip-addr | ip-int-name] — no unnumbered For router interface VRRP commands, see VRRP Command Reference on page 243. Page 66 7450 ESS OS Router Configuration Guide...
Page 67 — valid-lifetime {seconds | infinite} — no valid-lifetime — reachable-time milli-seconds — no reachable-time — retransmit-time milli-seconds — no retransmit-time — router-lifetime seconds — no router-lifetime — [no] shutdown — [no] use-virtual-mac 7450 ESS OS Router Configuration Guide Page 67...
Page 68 — neighbor [ip-address | ip-int-name | mac ieee-mac-address | summary] — network-domains [detail] [network-domain-name] — policy [name | damping | prefix-list name | as-path name | community name | admin] — policy-edits Page 68 7450 ESS OS Router Configuration Guide...
Page 69 [ip-address | ip-int-name | mac ieee-mac-addr] — static-route [family] [[ip-prefix /mask]| [preference preference] | [next-hop ip-address] | [tag tag] [detail] — status — tunnel-table [ip-address[/mask]] | [protocol protocol | sdp sdp-id] [summary] — neighbor [interface-name] 7450 ESS OS Router Configuration Guide Page 69...
Page 70 [ip-int-name | ip-addr] [icmp] [urpf-stats] [statistics] — l2tp — group tunnel-group-name — statistics — statistics — tunnel tunnel-id — statistics — router-advertisement — router-advertisement [interface interface-name] — forwarding-table [slot-number] — interface [ip-int-name | ip-addr] [icmp] Page 70 7450 ESS OS Router Configuration Guide...
Page 71 — [no] neighbor — packet [ip-int-name | ip-address] [headers] [protocol-id] — no packet [ip-int-name | ip-address] — route-table [ip-prefix/prefix-length] [longer] — no route-table — tunnel-table [ip-address] [ldp | rsvp [tunnel-id tunnel-id]| sdp [sdp-id sdp-id]] 7450 ESS OS Router Configuration Guide Page 71...
Page 72 IP Router Command Reference Page 72 7450 ESS OS Router Configuration Guide...
Page 73: Configuration Commands
— The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7450 ESS OS Router Configuration Guide Page 73...
Page 74: Router Global Commands
The no form of the command removes the aggregate. Default No aggregate routes are defined. Parameters ip-prefix — The destination address of the aggregate route in dotted decimal notation. Page 74 7450 ESS OS Router Configuration Guide...
Page 75 — The autonomous system number expressed as a decimal integer. Values 1 — 4294967295 confederation Syntax confederation confed-as-num members as-number [as-number...up to 15 max] no confederation [confed-as-num members as-number...up to 15 max] Context config>router 7450 ESS OS Router Configuration Guide Page 75...
Page 76 — The maximum number of equal cost routes allowed on this routing table instance, expressed as a decimal integer. Setting ECMP max-ecmp-routes to 1 yields the same result as entering no ecmp. Values 0 — 16 Page 76 7450 ESS OS Router Configuration Guide...
Page 77 Values 0 — 100 Default multicast-info Syntax multicast-info-policy policy-name no multicast-info-policy Context configure>router Description This command configures multicast information policy. Parameters policy-name — Specifies the policy name. Values 32 chars max 7450 ESS OS Router Configuration Guide Page 77...
Page 78 This command configures the router ID for the router instance. The router ID is used by both OSPF and BGP routing protocols in this instance of the routing table manager. IS-IS uses the router ID value as its system ID. Page 78 7450 ESS OS Router Configuration Guide...
Page 79 - no IP addresses are reserved for services. Parameters ip-prefix/mask — The IP address prefix to include in the service prefix allocation in dotted decimal notation. Values ipv4-prefix: a.b.c.d (host bits must be 0) ipv4-prefix-length: 0 — 32 exclusive 7450 ESS OS Router Configuration Guide Page 79...
Page 80 — Specifies the Dot1p priority. Values none, 0 — 7 dot1p-app-name — Specifies the Dot1p application name. Values arp, isis, pppoe dscp Syntax dscp dscp-name fc fc-name no dscp dscp-name Context config>router>sgt-qos Page 80 7450 ESS OS Router Configuration Guide...
Page 81 The no form of this command causes the overload state to be cleared. Default no single-sfm-overload Parameters holdoff-time — This parameter specifies the delay between the detection of a single SFM and enacting the overload state. Values 1— 600 seconds Default 0 seconds 7450 ESS OS Router Configuration Guide Page 81...
Page 82 LDP session comes up and the FECs exchanged. This option when enabled delays the activation of the static route until the LDP session comes up over the interface and the ldp-sync-timer configured on that interface has expired. Page 82 7450 ESS OS Router Configuration Guide...
Page 83 Another static route cannot be used to resolve the indirect address. The indirect keyword and the next-hop or black-hole keywords are mutually exclusive. If an identical command is entered (with the exception of either the next-hop or black-hole 7450 ESS OS Router Configuration Guide Page 83...
Page 84: Table 4: Default Route Preferences
In order to enable a static route, it must be uniquely identified by the IP address, mask, and any other parameter that is required to identify the exact static route. The administrative state is maintained in the configuration file. Default enable Page 84 7450 ESS OS Router Configuration Guide...
Page 85 CPE connectivity check. Events should be sent to the system log, syslog and SNMP traps. Sample Output *B:Dut-C# configure router "management" *B:Dut-C>config>router# info ---------------------------------------------- static-route 1.1.1.0/24 next-hop 172.31.117.1 static-route 1::/96 next-hop 3000::AC1F:7567 ---------------------------------------------- *B:Dut-C>config>router# 7450 ESS OS Router Configuration Guide Page 85...
Page 86 *B:Dut-C>config>router# show router "management" static-route =============================================================================== Static Route Table (Router: management) Family: IPv4 =============================================================================== Prefix Pref Type Act Next Hop Interface ------------------------------------------------------------------------------- 1.1.1.0/24 172.31.117.1 ------------------------------------------------------------------------------- No. of Static Routes: 1 =============================================================================== *B:Dut-C>config>router# Page 86 7450 ESS OS Router Configuration Guide...
Page 87: Router L2Tp Commands
: SAP ID, formatted as a character string exclude-avps Syntax exclude-avps calling-number no exclude-avps Context config>router>l2tp Description This command configures the L2TP AVPs to exclude. peer-address-change-policy Syntax peer-address-change-policy {accept | ignore | reject} Context config>router>l2tp 7450 ESS OS Router Configuration Guide Page 87...
Page 88 This command configures the L2TP receive window size. session-limit Syntax session-limit session-limit no session-limit Context config>router>l2tp Description This command configures the L2TP session limit of this router. Parameters session-limit — Specifies the session limit. Values 1..131071 Page 88 7450 ESS OS Router Configuration Guide...
Page 89 The no form of the command returns the value to never allow AVP hiding. Parameters avp-hiding — Specifies the method to be used for the authentication of the tunnels in this L2TP group. 7450 ESS OS Router Configuration Guide Page 89...
Page 90 The no form of the command removes the value from the configuration. Default no destruct-timeout Parameters destruct-timeout — [Specifies the automatic removal of dynamic L2TP sessions, in seconds, that are no longer active. Default no destruct-timeout Values 60 — 86400 Page 90 7450 ESS OS Router Configuration Guide...
Page 91 — Specifies the idle timeout value, in seconds until the group is removed. Default no idle-timeout Values 0 — 3600 lns-group Syntax lns-group lns-group-id no lns-group Context config>router>l2tp>group Description This command configures the ISA LNS group. 7450 ESS OS Router Configuration Guide Page 91...
Page 92 This command configures the number of retries allowed for this L2TP tunnel while it is established, before its control connection goes down. The no form of the command removes the value from the configuration. Default no max-retries-estab Page 92 7450 ESS OS Router Configuration Guide...
Page 93 For security, all keys are stored in encrypted hash2 — Specifies the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed. Default no password 7450 ESS OS Router Configuration Guide Page 93...
Page 94 — Specifies the interface name. Values 32 chars max service-id — Specifies the service ID. Values 1..2147483648 svc-name — Specifies the service name (instead of service ID). Values 64 chars max Page 94 7450 ESS OS Router Configuration Guide...
Page 95 — Specifies, in bytes, the maximum PPP MTU size. Values 512..9212 proxy-authentication Syntax [no] proxy-authentication Context config>router>l2tp>group>ppp Description This command configures the use of the authentication AVPs received from the LAC. 7450 ESS OS Router Configuration Guide Page 95...
Page 96 Default no session-assign-method. All new sessions are placed by preference in existing tunnels. Values weighted — Enables weighted preference to tunnels in the group. session-limit Syntax session-limit session-limit no session-limit Page 96 7450 ESS OS Router Configuration Guide...
Page 97 The no form of the command removes the value from the configuration. Default no session-limit Parameters session-limit — Specifies the allowed number of sessions within the given context. Values 1 — 131071 7450 ESS OS Router Configuration Guide Page 97...
Page 98 — Specifies the method to be used for the authentication of the tunnel. Values never — AVP hiding is not used. sensitive — AVP hiding is used only for sensitive information (such as username/ Page 98 7450 ESS OS Router Configuration Guide...
Page 99 — Specifies the time interval, in seconds, between two consecutive tunnel Hello messages. Values 60 — 3600 infinite — Specifies that no hello messages are sent. idle-timeout Syntax idle-timeout idle-timeout idle-timeout infinite no idle-timeout Context config>router>l2tp>group>tunnel 7450 ESS OS Router Configuration Guide Page 99...
Page 100 Parameters preference — Specifies the tunnel preference number with its group. The value 0 corresponds to the highest preference. Values 0 — 16777215 remote-name Syntax remote-name host-name no remote-name Context config>router>l2tp>group>tunnel Page 100 7450 ESS OS Router Configuration Guide...
Page 101 This command configures a string to be compared to the host name used by the tunnel peer during the authentication phase of tunnel establishment. Parameters host-name — Specifies a remote host name for the tunnel up to 64 characters in length. 7450 ESS OS Router Configuration Guide Page 101...
Page 102: Router Interface Commands
IP interface. If ip-int-name does not exist, the interface is created and the context is changed to that interface for further command processing. Page 102 7450 ESS OS Router Configuration Guide...
Page 103 IP address; the remainder of the IP address is used to determine the host portion of the IP address. Allowed values are integers in the range 1— 32. Note that a mask length of 32 is reserved for system IP addresses. Values 1 — 32 7450 ESS OS Router Configuration Guide Page 103...
Page 104 This command enables the forwarding of directed broadcasts out of the IP interface. A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address of another IP interface. The allow-directed-broadcasts command on an IP interface enables Page 104 7450 ESS OS Router Configuration Guide...
Page 105 BFD session state is changed to down and the upper level protocols (OSPF, IS-IS, BGP or PIM) is notified of the fault. The no form of the command removes BFD from the router interface regardless of the IGP/RSVP. Default no bfd 7450 ESS OS Router Configuration Guide Page 105...
Page 106 — cflowd policy associated with an IP interface. cpu-protection Syntax cpu-protection policy-id no cpu-protection Context config>router>interface Description This command assigns an existing CPU protection policy for the interface. The CPU protection policies are configured in the config>sys>security>cpu-protection>policy cpu-protection-policy-id context. Page 106 7450 ESS OS Router Configuration Guide...
Page 107 IES interface, the lookup of the packet by the ingress IOM will result in the packet being sent labeled with the label stack corresponding to the NHLFE of the LDP LSP when the preferred RTM entry corresponds to an LDP shortcut. 7450 ESS OS Router Configuration Guide Page 107...
Page 108 Also, the new cost value will be advertised after the user executes any of the following commands if the currently advertised cost is different: • tools>perform>router>isis>ldp-sync-exit • tools>perform>router>ospf>ldp-sync-exit • config>router>interface>no ldp-sync-timer • config>router>ospf>disable-ldp-sync • router>isis>disable-ldp-sync Page 108 7450 ESS OS Router Configuration Guide...
Page 109 — Only the label is used in the hashing algorithm. lbl-ip — The IP header is included in the hashing algorithm. ip-only — the IP header is used exclusively in the hashing algorithm Syntax mac ieee-mac-addr no mac 7450 ESS OS Router Configuration Guide Page 109...
Page 110 VPLS SAP. The network-domain association can only be done in a base-routing context. Associating a network domain with an loop-back or system interface will be rejected. Associating a network-domain with an Page 110 7450 ESS OS Router Configuration Guide...
Page 111 This command enables SNTP broadcasts received on the IP interface. This parameter is only valid when the SNTP broadcast-client global parameter is configured. The no form of the command disables SNTP broadcast received on the IP interface. Default no ntp-broadcast 7450 ESS OS Router Configuration Guide Page 111...
Page 112 Description This command enables and configure proxy ARP on the interface and specifies an existing policy- statement to analyze match and action criteria that controls the flow of routing information to and Page 112 7450 ESS OS Router Configuration Guide...
Page 113 7450 ESS needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the 7450 ESS OS configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address.
Page 114 ‘AND’ function to derive the local subnet of the IP address. Note that a mask of 255.255.255.255 is reserved for system IP addresses. Values 128.0.0.0 — 255.255.255.255 Page 114 7450 ESS OS Router Configuration Guide...
Page 115 Static ARP is used when a 7450 ESS needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the 7450 ESS OS configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address.
Page 116 IGP shortcuts (tunneled to a remote next-hop). However, the tunnel QoS markings are always derived from the egress network QoS definitions. Egress marking and remarking is based on the internal forwarding class and profile state of the packet Page 116 7450 ESS OS Router Configuration Guide...
Page 117 It is recommended to use the system IP address as it is not associated with a particular interface and is therefore always reachable. The system IP address is the default if no ip-addr or ip-int-name is configured. Default no unnumbered 7450 ESS OS Router Configuration Guide Page 117...
Page 118 The no form of the command removes flowspec filtering from an IP interface. Default No interfaces have flowspec enabled. filter Syntax filter ip ip-filter-id no filter [ip ip-filter-ip] Context config>router>if>ingress config>router>if>egress Page 118 7450 ESS OS Router Configuration Guide...
Page 119 — The filter name acts as the ID for the IP filter policy expressed as a decimal integer. The filter policy must already exist within the config>filter>ip context. Values 1 — 16384 7450 ESS OS Router Configuration Guide Page 119...
Page 120 By default, generation of ICMP redirect messages is enabled at a maximum rate of 100 per 10 second time interval. The no form of the command disables the generation of ICMP redirects on the router interface. Page 120 7450 ESS OS Router Configuration Guide...
Page 121 The rate at which ICMP unreachables is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a given time interval. 7450 ESS OS Router Configuration Guide Page 121...
Page 122 The seconds parameter must also be specified. Values 10 — 1000 seconds — The time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued, expressed as a decimal integer. Page 122 7450 ESS OS Router Configuration Guide...
Page 123: Router Advertisement Commands
Default Parameters number — Specifies the hop limit. Values 0 — 255. A value of zero means there is an unspecified number of hops. 7450 ESS OS Router Configuration Guide Page 123...
Page 124 This command configures the minimum interval between sending ICMPv6 neighbor discovery router advertisement messages. Default Parameters seconds — Specify the minimum interval in seconds between sending ICMPv6 neighbor discovery router advertisement messages. Values 3 — 1350 Syntax [no] mtu mtu-bytes Context config>router>router-advert>if Page 124 7450 ESS OS Router Configuration Guide...
Page 125 — Specifies a route must match the most significant bits and have a prefix length. Values 1 — 128 autonomous Syntax [no] autonomous Context config>router>router-advert>if>prefix Description This command specifies whether the prefix can be used for stateless address autoconfiguration. 7450 ESS OS Router Configuration Guide Page 125...
Page 126 — Specifies the remaining length of time in seconds that this prefix will continue to be valid. infinite — Specifies that the prefix will always be valid. A value of 4,294,967,295 represents infinity. Page 126 7450 ESS OS Router Configuration Guide...
Page 127 — The length of time, in seconds, (relative to the time the packet is sent) that the prefix is valid for route determination. Values 0, 4 — 9000 seconds. 0 means that the router is not a default router on this link. use-virtual-mac Syntax [no] use-virtual-mac 7450 ESS OS Router Configuration Guide Page 127...
Page 128 If the virtual router is not the master, no router advertisement messages are sent. The no form of the command disables sending router advertisement messages. Default no use-virtual-mac Page 128 7450 ESS OS Router Configuration Guide...
Page 129: Show Commands
Inv — The ARP entry is an inactive static ARP entry (invalid). Oth — The ARP entry is a local or system ARP entry. Sta — The ARP entry is an active static ARP entry. 7450 ESS OS Router Configuration Guide Page 129...
Page 130 Type Interface ------------------------------------------------------------------------------- 10.10.0.3 04:5d:ff:00:00:00 00:00:00 system =============================================================================== A:ALA-A# A:ALA-A# show router ARP to-ser1 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Expiry Type Interface ------------------------------------------------------------------------------- 10.10.13.1 04:5b:01:01:00:02 03:53:09 to-ser1 =============================================================================== A:ALA-A# Page 130 7450 ESS OS Router Configuration Guide...
Page 131 The number of packets that were authenticated. Client Packets Authenticate Ok Sample Output A:ALU-3>show>router>auth# statistics =================================================================== Authentication Global Statistics =================================================================== Client Packets Authenticate Fail Client Packets Authenticate Ok : 12 =================================================================== A:ALU-3> 7450 ESS OS Router Configuration Guide Page 131...
Page 132 Remote State : Up (3) Remote Diag : 0 (None) Remote Mode : Async Remote Min Tx : 1000 Remote Mult Last Recv (ms) : 367 Remote Min Rx : 10 =============================================================================== *A:Dut-C# Page 132 7450 ESS OS Router Configuration Guide...
Page 133 =============================================================================== *A:Dut-B# session Syntax session [src ip-address [dst ip-address] | detail] session [type type] session [summary] Context show>router>bfd Description This command displays session information. 7450 ESS OS Router Configuration Guide Page 133...
Page 134 Up (3) 10.2.1.3 pim isis 50968 50718 port-1-2 Up (3) 3FFE::A02:103 static bgp cpm-np port-1-2 Up (3) =============================================================================== *A:Dut-B# A:Dut-B# show router bfd session src 3FFE::A01:102 dest 3FFE::A01:103 =============================================================================== BFD Session Page 134 7450 ESS OS Router Configuration Guide...
Page 135 * indicates that the corresponding row element may have been truncated. *A:Dut-D# *A:Dut-B# show router bfd session ipv4 =============================================================================== BFD Session =============================================================================== Interface State Tx Intvl Rx Intvl Multipl Remote Address Protocols Tx Pkts Rx Pkts Type ------------------------------------------------------------------------------- port-1-1 Up (3) 7450 ESS OS Router Configuration Guide Page 135...
Page 136 *A:Dut-D# show router bfd session summary ============================= BFD Session Summary ============================= Termination Session Count ----------------------------- central cpm-np iom, slot 1 iom, slot 2 iom, slot 3 iom, slot 4 iom, slot 5 Total ============================= Page 136 7450 ESS OS Router Configuration Guide...
Page 137 The number of packets received from the DHCP clients. Transmitted Pack- The number of packets transmitted to the DHCP clients. Received Mal- The number of malformed packets received from the DHCP clients. formed Packets 7450 ESS OS Router Configuration Guide Page 137...
Page 138 4 Hop Count Limit reached 5 Missing Relay Msg option, or illegal msg type 6 Unable to determine destinatinon client Itf 7 Out of Memory 8 No global Pfx on Client Itf Page 138 7450 ESS OS Router Configuration Guide...
Page 139 Sample Output A:ALA-1# show router dhcp summary =============================================================================== DHCP6 Summary (Router: Base) =============================================================================== Interface Name Used/Max Relay Admin Oper Relay SapId Resol. Used/Max Server Admin Oper Server ------------------------------------------------------------------------------- interfaceServiceDefault NoServerCo* sap:1/2/12:1 0/8000 7450 ESS OS Router Configuration Guide Page 139...
Page 140 True — ECMP is enabled for the instance. The number of ECMP routes configured for path sharing. Configured-ECMP-Routes Sample Output A:ALA-A# show router ecmp =============================================================================== Router ECMP =============================================================================== Instance Router Name ECMP Configured-ECMP-Routes ------------------------------------------------------------------------------- Base True =============================================================================== A:ALA-A# Page 140 7450 ESS OS Router Configuration Guide...
Page 141 OSPF 66.66.66.66 (loop7) Next-hop type: tunneled, Owner: RSVP, Tunnel-ID: <out-ifindex-from-route> ------------------------------------------------------------------------ Total Entries : 1 ------------------------------------------------------------------------ ======================================================================== *A:Dut-C# show router fib 1 1.1.1.1/32 =============================================================================== FIB Display =============================================================================== Prefix Protocol NextHop ------------------------------------------------------------------------------- 1.1.1.1/32 7450 ESS OS Router Configuration Guide Page 141...
Page 142 Router Advertise- The number of times the router advertised its location. ments Neighbor Adver- The number of times the neighbor router advertised its location. tisements Sample Output A:SR-3>show>router>auth# show router icmp6 =============================================================================== Page 142 7450 ESS OS Router Configuration Guide...
Page 143 The number of times the neighbor router was solicited. Errors The number of error messages. Redirects The number of packet redirects. Pkt Too big The number of packets that exceed appropriate size. 7450 ESS OS Router Configuration Guide Page 143...
Page 144 Total : 47 Errors Destination Unreachable : 0 Redirects Time Exceeded Pkt Too Big Echo Request Echo Reply Router Solicits Router Advertisements Neighbor Solicits : 27 Neighbor Advertisements : 20 =============================================================================== B:CORE2# Page 144 7450 ESS OS Router Configuration Guide...
Page 145 Down — The IP interface is administratively disabled. Up — The IP interface is administratively enabled. Down — The IP interface is operationally disabled. Up — The IP interface is operationally disabled. 7450 ESS OS Router Configuration Guide Page 145...
Page 146 Network 3/1/3 13.2.4.4/24 3FFE::D02:404/120 ip-14.2.4.4 Up/Up Down/Down Network 3/1/4 14.2.4.4/24 3FFE::E02:404/120 ip-15.2.4.4 Up/Up Down/Down Network 3/1/5 15.2.4.4/24 3FFE::F02:404/120 ip-21.2.4.4 Up/Up Up/Up Network 6/2/11 21.2.4.4/24 3FFE::1502:404/120 PREFERRED FE80::200:FF:FE00:4/64 PREFERRED ip-22.2.4.4 Up/Up Up/Up Network 6/2/12 Page 146 7450 ESS OS Router Configuration Guide...
Page 147 A:ALA-A# show router interface exclude-services =============================================================================== Interface Table =============================================================================== Interface-Name Type IP-Address Mode ------------------------------------------------------------------------------- system 10.10.0.3/32 Network to-ser1 10.10.13.3/24 Network to-ser4 10.10.34.3/24 Network to-ser5 10.10.35.3/24 Network to-ser6 Down Network management 192.168.2.93/20 Network =============================================================================== A:ALA-A# 7450 ESS OS Router Configuration Guide Page 147...
Page 148 True — The IP interface will reply to a received ICMP mask request. Arp Populate Displays whether ARP is enabled or disabled. Host Conn Verify host connectivity verification. LdpSyncTimer Specifies the IGP/LDP sync timer value. Page 148 7450 ESS OS Router Configuration Guide...
Page 149 Rem Proxy ARP: Disabled Local Proxy ARP : Disabled Policies : none Proxy Neighbor Discovery Details Local Pxy ND : Disabled Policies : none ICMP Details Redirects : Number - 100 Time (seconds) - 10 7450 ESS OS Router Configuration Guide Page 149...
Page 150 The number of IP interfaces in the router instance. Interfaces The number of administratively enabled IP interfaces in the router Admin-Up instance. The number of operationally enabled IP interfaces in the router Oper-Up instance. Page 150 7450 ESS OS Router Configuration Guide...
Page 151 3 seconds data-threshold : 224.0.0.0/4 --> 1 kbps =============================================================================== neighbor Syntax neighbor [ip-int-name | ip-address | mac ieee-mac-address | summary] Context show>router Description This command displays information about the IPv6 neighbor cache. 7450 ESS OS Router Configuration Guide Page 151...
Page 152 — Displays information for a specific network domain. Sample *A:Dut-T>config>router# show router network-domains =============================================================================== Network Domain Table =============================================================================== Network Domain Description ------------------------------------------------------------------------------- net1 Network domain 1 default Default Network Domain ------------------------------------------------------------------------------- Network Domains : 2 =============================================================================== *A:Dut-T>config>router# Page 152 7450 ESS OS Router Configuration Guide...
Page 153 ------------------------------------------------------------------------------- SDPs : 1 =============================================================================== *A:Dut-T>config>service# policy Syntax policy [name | damping | prefix-list name | as-path name | community name | admin] Context show>router Description This command displays policy-related information. 7450 ESS OS Router Configuration Guide Page 153...
Page 154 Sample Output B:CORE2# show router policy =============================================================================== Route Policies =============================================================================== Policy Description ------------------------------------------------------------------------------- fromStatic ------------------------------------------------------------------------------- Policies : 1 =============================================================================== B:CORE2# policy-edits Syntax policy-edits Context show>router Description This command displays edited policy information. Page 154 7450 ESS OS Router Configuration Guide...
Page 155 Local — The route is a local route. Remote — The route is a remote route. Protocol The protocol through which the route was learned. The route age in seconds for the route. 7450 ESS OS Router Configuration Guide Page 155...
Page 156 21.2.4.2 11.2.103.0/24 Remote OSPF 00h59m02s 22.2.4.2 11.2.103.0/24 Remote OSPF 00h59m02s 23.2.4.2 11.2.103.0/24 Remote OSPF 00h59m02s 24.2.4.2 11.2.103.0/24 Remote OSPF 00h59m02s 100.0.0.1 11.2.103.0/24 Remote OSPF 00h59m02s 100.128.0.1 11.4.101.0/24 Local Local 02h14m29s ------------------------------------------------------------------------------- A:ALA# Page 156 7450 ESS OS Router Configuration Guide...
Page 157 58836 2000 10.10.24.0/24 10.10.34.4 Remote OSPF 3523 2000 10.10.25.0/24 10.10.35.5 Remote OSPF 399059 2000 10.10.45.0/24 10.10.34.4 Remote OSPF 3523 2000 ------------------------------------------------------------------------------- A:ALA-A# show router route-table 131.132.133.134/32 next-hop-type tunneled Route Table (Router: Base) 7450 ESS OS Router Configuration Guide Page 157...
Page 158 Total active and available routes are also displayed. Sample Output A:ALA-A# show router route-table summary =============================================================================== Route Table Summary =============================================================================== Active Available ------------------------------------------------------------------------------- Page 158 7450 ESS OS Router Configuration Guide...
Page 159 IP Router Configuration Static Direct OSPF ISIS Aggregate ------------------------------------------------------------------------------- Total =============================================================================== A:ALA-A# 7450 ESS OS Router Configuration Guide Page 159...
Page 160 The time, in milliseconds, between retransmitted neighbor solicitation messages. Link MTU The MTU number the nodes use for sending packets on the link. Rtr Solicitation The number of router solicitations received and time since they were received. Page 160 7450 ESS OS Router Configuration Guide...
Page 161 Valid Lifetime : 30d00h00m ------------------------------------------------------------------------------- Advertisement from: FE80::200:FF:FE00:2 Managed Config : FALSE Other Config : FALSE Reachable Time : 00h00m00s0ms Router Lifetime : 00h30m00s Retransmit Time : 00h00m00s0ms Hop Limit : 64 7450 ESS OS Router Configuration Guide Page 161...
Page 162 On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : infinite Prefix: 231::/120 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m ------------------------------------------------------------------------------- A:Dut-A# Page 162 7450 ESS OS Router Configuration Guide...
Page 163 Preferred Lifetime : 00h00m00s Valid Lifetime : 00h00m00s Prefix not present in neighbor router advertisement Prefix: 251::/120 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m 7450 ESS OS Router Configuration Guide Page 163...
Page 164 Valid Lifetime : infinite [30d00h00m] Prefix not present in own router advertisement Prefix: 231::/120 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m =============================================================================== A:Dut-A# Page 164 7450 ESS OS Router Configuration Guide...
Page 165 00:00:5a:40:00:01 00:00:00 Sta to-ser1 12.200.1.1 00:00:5a:01:00:33 00:00:00 Inv to-ser1a ------------------------------------------------------------------------------- No. of ARP Entries: 1 =============================================================================== A:ALA-A# A:ALA-A# show router static-arp 12.200.1.1 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Type Interface ------------------------------------------------------------------------------- 7450 ESS OS Router Configuration Guide Page 165...
Page 166 — Only displays static routes with the specified route preference. Values 0 — 65535 next-hop ip-address — Only displays static routes with the specified next hop IP address. Values ipv4-address: a.b.c.d (host bits must be 0) Page 166 7450 ESS OS Router Configuration Guide...
Page 167 Sample Output A:ALA-A# show router static-route =============================================================================== Route Table =============================================================================== IP Addr/mask Pref Metric Type Nexthop Interface Active ------------------------------------------------------------------------------- 192.168.250.0/24 10.200.10.1 to-ser1 192.168.252.0/24 10.10.0.254 192.168.253.0/24 to-ser1 192.168.253.0/24 10.10.0.254 192.168.254.0/24 black-hole =============================================================================== A:ALA-A# 7450 ESS OS Router Configuration Guide Page 167...
Page 168 — Addresses in the range are not exclusively for use for service Exclusive IP addresses. true — Addresses in the range are exclusively for use for service IP addresses and cannot be assigned to network IP interfaces. Page 168 7450 ESS OS Router Configuration Guide...
Page 169 7450 ESS OS Router Configuration Guide Page 169...
Page 170 Note that there are multiple instances of OSPF. OSPF-0 is persistent. OSPF-1 through OSPF-31 are present when that particular OSPF instance is configured. *A:Performance# show router status ================================================================ Router Status (Router: Base) ================================================================ Admin State Oper State ---------------------------------------------------------------- Router OSPFv2-0 Page 170 7450 ESS OS Router Configuration Guide...
Page 171 Down Down OSPFv2-22 Down Down OSPFv2-23 Down Down OSPFv2-24 Down Down OSPFv2-25 Down Down OSPFv2-26 Down Down OSPFv2-27 Down Down OSPFv2-28 Down Down OSPFv2-29 Down Down OSPFv2-30 Down Down OSPFv2-31 Down Down 7450 ESS OS Router Configuration Guide Page 171...
Page 172 Tunnel Table Output — The following table describes tunnel table output fields. Label Description Destination The route’s destination address and mask. Owner Specifies the tunnel owner. Encap Specifies the tunnel’s encapsulation type. Tunnel ID Specifies the tunnel (SDP) identifier. Page 172 7450 ESS OS Router Configuration Guide...
Page 173 Tunnel Id Pref Nexthop Metric ------------------------------------------------------------------------------- 10.0.0.1/32 0.0.0.1 10.0.0.1/32 10.0.0.1 10.0.0.1/32 10.0.0.1 10.0.0.1/32 10.0.0.1 =============================================================================== A:ALA-A>config>service# A:ALA-A>config>service# show router tunnel-table summary =============================================================================== Tunnel Table Summary (Router: Base) =============================================================================== Active Available ------------------------------------------------------------------------------- =============================================================================== A:ALA-A>config>service# 7450 ESS OS Router Configuration Guide Page 173...
Page 174: L2Tp Show Commands
------------------------------------------------------------------------------- No. of L2TP Groups: 2 =============================================================================== *A:Dut-C# *A:Dut-C# show router l2tp group isp1.group-2 =============================================================================== Group Name: isp1.group-2 =============================================================================== Conn ID Loc-Tu-ID Rem-Tu-ID State Ses Active Group Ses Total Assignment ------------------------------------------------------------------------------- Page 174 7450 ESS OS Router Configuration Guide...
Page 175 — Displays peer objects set to drain. unreachable — Displays peers that are deemed unreachable. statistics — Displays the statistics for the given IP address. Sample Output *A:Dut-C# show router l2tp peer =============================================================================== L2TP Peers 7450 ESS OS Router Configuration Guide Page 175...
Page 176 ------------------------------------------------------------------------------- No. of tunnels: 1 =============================================================================== *A:Dut-C# *A:Dut-C# show router l2tp peer draining =============================================================================== L2TP Peers =============================================================================== Peer IP Tun Active Ses Active Drain Unreach Role Tun Total Ses Total Page 176 7450 ESS OS Router Configuration Guide...
Page 177 [tunnel-id tunnel-id (v2)]| session [detail] [state session-state] [peer ip-address] [group group-name] [assignment-id assignment-id] [local-name local-host-name] [remote-name remote-host-name] [control- connection-id connection-id (v3)] Context show>router>l2tp Description This command displays L2TP session operational information. 7450 ESS OS Router Configuration Guide Page 177...
Page 178 14347 closed 236927915 236912640 3615 15275 closed 379407426 379387904 5789 19522 established 658187773 658178048 10043 9725 established 658198275 658178048 10043 20227 established 658210606 658178048 10043 32558 established ------------------------------------------------------------------------------- No. of sessions: 9 Page 178 7450 ESS OS Router Configuration Guide...
Page 179 Time Started : 04/17/2009 18:41:55 Time Established : 04/17/2009 18:41:55 Time Closed : 04/17/2009 18:43:20 CDN Result : generalError General Error : noError ------------------------------------------------------------------------------- =============================================================================== L2TP Session Status =============================================================================== Connection ID : 236927915 7450 ESS OS Router Configuration Guide Page 179...
Page 180 Session-ID State ------------------------------------------------------------------------------- 143524786 143523840 2190 established 143526923 143523840 2190 3083 established 143531662 143523840 2190 7822 closed 236926987 236912640 3615 14347 closed 236927915 236912640 3615 15275 closed 658187773 658178048 10043 9725 established Page 180 7450 ESS OS Router Configuration Guide...
Page 181 L2TP Session Summary =============================================================================== Control Conn ID Tunnel-ID Session-ID State ------------------------------------------------------------------------------- 658187773 658178048 10043 9725 established 658198275 658178048 10043 20227 established 658210606 658178048 10043 32558 established ------------------------------------------------------------------------------- No. of sessions: 3 =============================================================================== 7450 ESS OS Router Configuration Guide Page 181...
Page 182 : 04/17/2009 18:43:20 CDN Result : generalError General Error : noError ------------------------------------------------------------------------------- =============================================================================== L2TP Session Status =============================================================================== Connection ID : 236927915 State : closed Tunnel Group : isp1.group-2 Assignment ID : isp1.tunnel-2 Page 182 7450 ESS OS Router Configuration Guide...
Page 183 No. of sessions: 1 =============================================================================== *A:Dut-C# *A:Fden-Dut2-BSA2# show router l2tp session connection-id 600407016 =============================================================================== L2TP Session Summary =============================================================================== Control Conn ID Tunnel-ID Session-ID State ------------------------------------------------------------------------------- 600407016 600375296 9161 31720 established simon@base.lac.base.lns interface: gi_base_lns_base_lac service-id: 100 7450 ESS OS Router Configuration Guide Page 183...
Page 184 : N/A Primary NBNS : N/A Secondary NBNS : N/A Address-Pool : N/A Circuit-Id : (Not Specified) Remote-Id : (Not Specified) Session-Timeout : N/A Radius Class : (Not Specified) Radius User-Name : simon@base.lac.base.lns Page 184 7450 ESS OS Router Configuration Guide...
Page 185 This command displays L2TP statistics. Sample Output *A:Dut-C# show router l2tp statistics =============================================================================== L2TP Statistics =============================================================================== Tunnels Sessions ------------------------------------------------------------------------------- Active Active Setup history since 04/17/2009 18:38:41 Total Total Failed Failed Failed Auth =============================================================================== *A:Dut-C# 7450 ESS OS Router Configuration Guide Page 185...
Page 186 — Displays information for the specified peer IP address. ipv4-address a.b.c.d (host bits must be 0) tunnel-id tunnel-id (v2) — Displays information for the specified ID of a L2TP tunnel. Page 186 7450 ESS OS Router Configuration Guide...
Page 187 Idle TO (s) : 60 Destruct TO (s) : 7200 Max Retr Estab Max Retr Not Estab: 5 Session Limit : 1000 AVP Hiding : never Transport Type : udpIp Challenge : never 7450 ESS OS Router Configuration Guide Page 187...
Page 188 Ctrl Octets 1438 Error Packets 0 ------------------------------------------------------------------------------- *A:Dut-C# *A:Dut-C# show router l2tp tunnel connection-id 143523840 statistics =============================================================================== L2TP Tunnel Statistics =============================================================================== Connection ID: 143523840 ------------------------------------------------------------------------------- Attempts Failed Active Total ------------------------------------------------------------------------------- Sessions ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Page 188 7450 ESS OS Router Configuration Guide...
Page 189 L2TP Tunnel Statistics =============================================================================== Connection ID: 143523840 ------------------------------------------------------------------------------- Attempts Failed Active Total ------------------------------------------------------------------------------- Sessions ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Ctrl Packets Ctrl Octets 1014 1474 Error Packets 0 ------------------------------------------------------------------------------- No. of tunnels: 1 =============================================================================== 7450 ESS OS Router Configuration Guide Page 189...
Page 190 236912640 3615 58919 closedByPeer isp1.group-2 isp1.tunnel-2 658178048 10043 33762 draining isp1.group-2 isp1.tunnel-2 ------------------------------------------------------------------------------- No. of tunnels: 3 =============================================================================== *A:Dut-C# *A:Dut-C# show router l2tp tunnel assignment-id isp1.tunnel-3 state established sta- tistics =============================================================================== Page 190 7450 ESS OS Router Configuration Guide...
Page 191 *A:Fden-Dut2-BSA2# show router l2tp tunnel connection-id 600375296 statistics =============================================================================== L2TP Tunnel Statistics =============================================================================== Connection ID: 600375296 ------------------------------------------------------------------------------- Attempts Failed Active Total ------------------------------------------------------------------------------- Sessions ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Ctrl Packets Ctrl Octets Error Packets ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Accepted Duplicate Out-Of-Wnd 7450 ESS OS Router Configuration Guide Page 191...
Page 192 Unsent Max Unsent Cur Ack Max Ack Cur ------------------------------------------------------------------------------- Q Length ------------------------------------------------------------------------------- Window Size Cur acceptedMsgType StartControlConnectionRequest StartControlConnectionConnected IncomingCallRequest IncomingCallConnected ZeroLengthBody originalTransmittedMsgType StartControlConnectionReply Hello IncomingCallReply ZeroLengthBody last cleared time : N/A =============================================================================== Page 192 7450 ESS OS Router Configuration Guide...
Page 193: Clear Commands
— Clears all ARP cache entries for the specified IP interface with the specified IP address. Syntax bfd src-ip ip-address dst-ip ip-address bfd all Context clear>router Description This command enables the context to clear bi-directional forwarding (BFD) sessions and statistics. 7450 ESS OS Router Configuration Guide Page 193...
Page 194 Syntax dhcp Context clear>router Description This command enables the context to clear DHCP related information. dhcp6 Syntax dhcp6 Context clear>router Description This command enables the context to clear DHCP6 related information. Page 194 7450 ESS OS Router Configuration Guide...
Page 195 Context clear>router Description This command clears ICMP statistics. Parameters all — Clears all statistics. global — Clears global statistics. interface-name — Clears ICMP6 statistics for the specified interface. 7450 ESS OS Router Configuration Guide Page 195...
Page 196 This command clears L2PT data. Parameters tunnel-group-name — Specifies a Layer Two Tunneling Protocol Tunnel Group name. tunnel Syntax tunnel tunnel-id Context clear>router>l2tp Description This command clears L2PT data. Parameters tunnel-group-name — Clears L2TP tunnel statistics. Page 196 7450 ESS OS Router Configuration Guide...
Page 197 Context clear>router Description This command clears all router advertisement counters. Parameters all — Clears all router advertisement counters for all interfaces. interface interface-name — Clear router advertisement counters for the specified interface. 7450 ESS OS Router Configuration Guide Page 197...
Page 198: Debug Commands
Syntax router router-instance Context debug Description This command configures debugging for a router instance. Parameters router-instance — Specify the router name or service ID. Values router-name: Base, management service-id: 1 — 2147483647 Page 198 7450 ESS OS Router Configuration Guide...
Page 199 Context debug>router>ip Description This command enables ICMP6 debugging. interface Syntax [no] interface [ip-int-name | ip-address] Context debug>router>ip Description This command displays the router IP interface table sorted by interface index. 7450 ESS OS Router Configuration Guide Page 199...
Page 200 (host bits must be 0) ipv4-prefix-length 0 — 32 longer — Specifies the prefix list entry matches any route that matches the specified ip-prefix and pre- fix mask length values greater than the specified mask. Page 200 7450 ESS OS Router Configuration Guide...
Page 201 IP Router Configuration tunnel-table Syntax tunnel-table [ip-address] [ldp | rsvp [tunnel-id tunnel-id]| sdp [sdp-id sdp-id]] Context debug>router>ip Description This command enables debugging for tunnel tables. 7450 ESS OS Router Configuration Guide Page 201...
Page 202 Debug Commands Page 202 7450 ESS OS Router Configuration Guide...
Page 203: Vrrp
→ Non-Owner Access SSH on page 224 → VRRP Advertisement Message IP Address List Verification on page 214 • VRRP Configuration Process Overview on page 225 • Configuration Notes on page 226 7450 ESS OS Router Configuration Guide Page 203...
Page 204: Vrrp Overview
VRRP configuration. Internet Backup Master Backup Non-Owner Owner Non-Owner ALA-1 ALA-2 ALA-3 vrld 100 vrld 100 vrld 100 Priority 200 Priority 150 Virtual Router ID (VRID) OSRG006 Figure 5: VRRP Configuration Page 204 7450 ESS OS Router Configuration Guide...
Page 205: Vrrp Components
7450 ESS OS allows the virtual routers to be configured as non-owners of the IP address. VRRP on a 7450 ESS router can be configured to allow non-owners to respond to ICMP echo requests when they become the virtual router master for the virtual router.
Page 206: Primary And Secondary Ip Addresses
A 7450 ESS IP interface must always have a primary IP address assigned for VRRP to be active on the interface. 7450 ESS OS supports both primary and secondary IP addresses (multi-netting) on the IP interface. The virtual router’s VRID primary IP address is always the primary address on the IP interface.
Page 207: Virtual Router Backup
VRRP priority control policy. VRRP priority control policies can be used to either override or adjust the base priority value depending on events or conditions within the chassis. For information about non-owner access parameters, refer to VRRP Non-Owner Accessibility on page 223. 7450 ESS OS Router Configuration Guide Page 207...
Page 208: Configurable Parameters
The priority value affects the interaction between this VRID and the same VRID of other virtual routers participating on the same LAN. A higher priority value defines a greater priority in becoming the virtual router master for the VRID. The priority value can only be configured when Page 208 7450 ESS OS Router Configuration Guide...
Page 209: Ip Addresses
These are the IP addresses being used by hosts on the LAN as gateway addresses. Multi-netting supports 16 IP addresses on the IP interface, up to 16 addresses can be assigned to a specific a virtual router instance. 7450 ESS OS Router Configuration Guide Page 209...
Page 210: Message Interval And Master Inheritance
Skew Time = ((256 - priority) / 256) seconds The higher priority value, the smaller the skew time will be. This means that virtual routers with a lower priority will transition to master slower than virtual routers with higher priorities. Page 210 7450 ESS OS Router Configuration Guide...
Page 211: Master Down Interval
If preempt disabled, the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router. 7450 ESS OS Router Configuration Guide Page 211...
Page 212: Vrrp Message Authentication
→ IP header destination IP address – Must be 224.0.0.18 → IP header TTL field – Must be equal to 255, the packet must not have traversed any IP routed hops → IP header protocol field – must be 112 (decimal) Page 212 7450 ESS OS Router Configuration Guide...
Page 213 → Authentication data fields – Must be equal to the VRID configured simple text password Any VRRP message not meeting the type 0 verification checks with the exceptions above are silently discarded. 7450 ESS OS Router Configuration Guide Page 213...
Page 214: Authentication Data
VRRP advertisement messages contain an IP address count field that indicates the number of IP addresses listed in the sequential IP address fields at the end of the message. The 7450 ESS OS implementation always logs mismatching events. The decision on where and whether to forward the generated messages depends on the configuration of the event manager.
Page 215: Inherit Master Vrrp Router's Advertisement Interval Timer
Policies can only be configured in the non-owner VRRP context. For non-owner virtual router instances, if policies are not configured, then the base priority is used as the in-use priority. 7450 ESS OS Router Configuration Guide Page 215...
Page 216: Vrrp Priority Control Policies
The base priority is the starting priority for the VRRP instance. The actual in-use priority for the VRRP instance is derived from the base priority and an optional VRRP priority control policy. Page 216 7450 ESS OS Router Configuration Guide...
Page 217: Vrrp Priority Control Policy Delta In-Use Priority Limit
The allowed range of the Delta In-Use Priority Limit is 1 to 254. The default is 1, which prevents the delta priority events from operationally disabling the virtual router instance. 7450 ESS OS Router Configuration Guide Page 217...
Page 218: Vrrp Priority Control Policy Priority Events
This extends the amount of time that must expire before entering the cleared state. For an example of a hold-set timer setting, refer to LAG Degrade Priority Event on page 219. Page 218 7450 ESS OS Router Configuration Guide...
Page 219: Port Down Priority Event
Table 5: LAG Events Time LAG Port State Parameter State Comments All ports down Event State Set - 8 ports down Event Threshold 6 ports down Hold Set Timer 5 seconds Set to hold-set parameter 7450 ESS OS Router Configuration Guide Page 219...
Page 220 Event Threshold 2 ports down Hold Set Timer Expired Four ports down Event State Set - 2 ports down Event Threshold 4 ports down Hold Set Timer 5 seconds Set to hold-set parameter Page 220 7450 ESS OS Router Configuration Guide...
Page 221: Host Unreachable Priority Event
The source protocol can be defined to indicate the protocol the installed route must be populated from. To further define match criteria when multiple instances of the route prefix exist, an optional next hop parameter can be defined. 7450 ESS OS Router Configuration Guide Page 221...
Page 222 When a route prefix does not exist within the active route table matching the defined criteria, the route unknown priority event is considered true or set. Page 222 7450 ESS OS Router Configuration Guide...
Page 223: Vrrp Non-Owner Accessibility
Although the RFC states that only VRRP owners can respond to ping and other management- oriented protocols directed to the VRID IP addresses, 7450 ESS OS allows an override of this restraint on a per VRRP virtual router instance basis.
Page 224: Non-Owner Access Ssh
IP address. SSH is applicable to IPv4 VRRP only. When non-owner access SSH is disabled on a virtual router instance, SSH sessions destined to the non-owner virtual router instance IP addresses are silently discarded in both master and backup modes. Page 224 7450 ESS OS Router Configuration Guide...
Page 225: Vrrp Configuration Process Overview
SPECIFY ADDRESS, SECONDARY ADDRESS(ES) SPECIFY ADDRESS, SECONDARY ADDRESS(ES) CONFIGURE VRRP OWNER/NON-OWNER INSTANCE SPECIFY BACKUP IP ADDRESS(ES) CONFIGURE VRRP PARAMETERS APPLY VRRP PRIORITY CONTROL POLICIES (optional) ENABLE Figure 6: VRRP Configuration and Implementation Flow 7450 ESS OS Router Configuration Guide Page 225...
Page 226: Configuration Notes
→ In the owner mode, the backup IP address must be identical to one of the interface’s IP addresses. The backup address explicitly defines which IP addresses are in the VRRP advertisement message IP address list. Page 226 7450 ESS OS Router Configuration Guide...
Page 227: Configuring Vrrp With Cli
Modifying Service and Interface VRRP Parameters on page 241 • Modifying Non-Owner Parameters on page 241 • Modifying Owner Parameters on page 241 • Deleting VRRP on an Interface or Service on page 241 7450 ESS OS Router Configuration Guide Page 227...
Page 228: Vrrp Configuration Overview
The service customer account must be created prior to configuring an IES VRRP instance. • The interface address must be specified in the both the owner and non-owner IES or router interface instances. Page 228 7450 ESS OS Router Configuration Guide...
Page 229: Basic Vrrp Configurations
100 delta exit port-down 4/1/3 priority 200 explicit exit lag-port-down 1 number-down 3 priority 50 explicit exit exit host-unreachable 10.10.24.4 drop-count 25 exit route-unknown 10.10.0.0/32 priority 50 delta exit exit ---------------------------------------------- 7450 ESS OS Router Configuration Guide Page 229...
Page 230: Vrrp Ies Service Parameters
10.10.36.2 authentication-type password authentication-key "testabc" exit exit interface "testing" create address 10.10.10.16/24 sap 1/1/55:0 create vrrp 12 backup 10.10.10.15 policy 1 authentication-type password authentication-key "testabc" exit exit no shutdown ---------------------------------------------- A:SR2>config>service>ies# Page 230 7450 ESS OS Router Configuration Guide...
Page 231: Vrrp Router Interface Parameters
"system" address 10.10.0.4/32 exit interface "test1" address 10.10.14.1/24 secondary 10.10.16.1/24 secondary 10.10.17.1/24 secondary 10.10.18.1/24 exit interface "test2" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR4>config>router# 7450 ESS OS Router Configuration Guide Page 231...
Page 232: Common Configuration Tasks
In addition to the common parameters, the following non-owner commands can be configured: • master-int-inherit • priority • policy • ping-reply • preempt • telnet-reply • ssh-reply (IPv4 only) • [no] shutdown Page 232 7450 ESS OS Router Configuration Guide...
Page 233: Creating Interface Parameters
A:SR1>config>router# info #------------------------------------------ echo "IP Configuration " #------------------------------------------ interface "system" address 10.10.0.1/32 exit interface "testA" address 123.123.123.123/24 exit interface "testB" address 10.10.14.1/24 secondary 10.10.16.1/24 secondary 10.10.17.1/24 secondary 10.10.18.1/24 exit router-id 10.10.0.1 #------------------------------------------ A:SR1>config>router# 7450 ESS OS Router Configuration Guide Page 233...
Page 234: Configuring Vrrp Policy Components
The following displays a VRRP policy configuration example: A:SR1>config>vrrp# info ---------------------------------------------- policy 1 delta-in-use-limit 50 priority-event port-down 1/1/2 hold-set 43200 priority 100 delta exit route-unknown 0.0.0.0/0 protocol isis exit exit exit ---------------------------------------------- A:SR1>config>vrrp# Page 234 7450 ESS OS Router Configuration Guide...
Page 235: Configuring Service Vrrp Parameters
The following displays a basic non-owner VRRP configuration example: A:SR2>config>service>ies# info ---------------------------------------------- interface "testing" create address 10.10.10.16/24 sap 1/1/55:0 create vrrp 12 backup 10.10.10.15 policy 1 authentication-type password authentication-key "testabc" exit exit no shutdown ---------------------------------------------- A:SR2>config>service>ies# 7450 ESS OS Router Configuration Guide Page 235...
Page 236: Owner Service Vrrp
The following displays the owner VRRP configuration example: A:SR4>config>router# info #------------------------------------------ echo "IP Configuration " #------------------------------------------ interface "test2" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR4>config>router# Page 236 7450 ESS OS Router Configuration Guide...
Page 237: Configuring Router Interface Vrrp Parameters
A:SR2>config># info #------------------------------------------ interface "if-test" address 10.20.30.40/24 secondary 10.10.50.1/24 secondary 10.10.60.1/24 secondary 10.10.70.1/24 vrrp 1 backup 10.10.50.2 backup 10.10.60.2 backup 10.10.70.2 backup 10.20.30.41 ping-reply telnet-reply authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR2>config># 7450 ESS OS Router Configuration Guide Page 237...
Page 238: Router Interface Vrrp Owner
Router Interface VRRP Owner The following displays router interface owner VRRP configuration example: A:SR2>config>router# info #------------------------------------------ interface "vrrpowner" address 10.10.10.23/24 vrrp 1 owner backup 10.10.10.23 authentication-type password authentication-key "testabc" exit exit #------------------------------------------ A:SR2>config>router# Page 238 7450 ESS OS Router Configuration Guide...
Page 239: Vrrp Configuration Management Tasks
The following example displays the modified VRRP policy configuration: A:SR2>config>vrrp>policy# info ---------------------------------------------- delta-in-use-limit 50 priority-event port-down 1/1/2 hold-set 43200 priority 100 delta exit port-down 1/1/3 priority 200 explicit exit host-unreachable 10.10.24.4 drop-count 25 exit exit ---------------------------------------------- A:SR2>config>vrrp>policy# 7450 ESS OS Router Configuration Guide Page 239...
Page 240: Deleting A Vrrp Policy
Applied applied to an entity. A:SR2# =============================================================================== VRRP Policies =============================================================================== Policy Current Current Current Delta Applied Priority & Effect Explicit Delta Sum Limit ------------------------------------------------------------------------------- 200 Explicit None None None None =============================================================================== A:SR2# Page 240 7450 ESS OS Router Configuration Guide...
Page 241: Modifying Service And Interface Vrrp Parameters
The following example displays the command usage to delete a VRRP instance from an interface or IES service: Example: config>service#ies 10 config>service>ies# interface “test” config>service>ies>if# vrrp 1 config>service>ies>if>vrrp# shutdown config>service>ies>if>vrrp# exit config>service>ies>if# no vrrp 1 config>service>ies>if# exit all 7450 ESS OS Router Configuration Guide Page 241...
Page 242 VRRP Configuration Management Tasks Page 242 7450 ESS OS Router Configuration Guide...
Page 243: Vrrp Command Reference
Configuration Commands • VRRP Network Interface Commands on page 244 • VRRP Priority Control Event Policy Commands on page 245 • Show Commands on page 246 • Clear Commands on page 246 7450 ESS OS Router Configuration Guide Page 243...
Page 244 — no priority — [no] ssh-reply — [no] standby-forwarding — [no] telnet-reply — [no] shutdown — [no] traceroute-reply * Note that VRRP commands are applicable to router interfaces, and IES interfaces. Page 244 7450 ESS OS Router Configuration Guide...
Page 245 — priority priority-level [delta | explicit] — no priority — protocol protocol — no protocol[protocol] — [no] protocol ospf — [no] protocol isis — [no] protocol — [no] protocol static 7450 ESS OS Router Configuration Guide Page 245...
Page 246 — no events — no events interface ip-int-name [vrid virtual-router-id] — packets — packets interface ip-int-name [vrid virtual-router-id] — packets — no packets — no packets interface ip-int-name [vrid virtual-router-id] — no packets Page 246 7450 ESS OS Router Configuration Guide...
Page 247: Configuration Commands
— The authentication key. Allowed values are any string up to 8 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7450 ESS OS Router Configuration Guide Page 247...
Page 248 IP address from a given parental local subnet. Multiple virtual router instances can define a virtual router IP address from the same local subnet as long as each is a different IP address. Page 248 7450 ESS OS Router Configuration Guide...
Page 249 Parent IP addresses: 10.10.10.10/24 11.11.11.11/24 Virtual router IP addresses: 10.10.10.11 Invalid (not equal to parent IP address) 10.10.10.10 Associated (same as parent IP address 10.10.10.10) 10.10.11.11 Invalid (not equal to parent IP address) 7450 ESS OS Router Configuration Guide Page 249...
Page 250 IP interface IP address is attempted and fails. All virtual router IP addresses associated with the parental IP interface IP address must be deleted prior Page 250 7450 ESS OS Router Configuration Guide...
Page 251 BFD session. dst-ip ip-address — Specifies the destination address to be used for the BFD session. init-delay Syntax init-delay seconds no init-delay Context config>router>if>vrrp Description This command configures a VRRP initialization delay timer. 7450 ESS OS Router Configuration Guide Page 251...
Page 252 The master-int-inherit command is only available in the non-owner nodal context and is used to allow the current virtual router instance master to dictate the master down timer for all backup virtual Page 252 7450 ESS OS Router Configuration Guide...
Page 253 (3x (in-use message interval) + skew time) The skew time portion is used to slow down virtual routers with relatively low priority values when competing in the master election process. 7450 ESS OS Router Configuration Guide Page 253...
Page 254 — No VRRP priority control policy is associated with the virtual router instance. Parameters policy-id — The policy ID of the VRRP priority control expressed as a decimal integer. The vrrp- policy-id must already exist for the command to function. Values 1 — 9999 Page 254 7450 ESS OS Router Configuration Guide...
Page 255 Syntax priority base-priority no priority Context config>router>if>vrrp Description This command configures the base router priority for the virtual router instance used in the master election process. 7450 ESS OS Router Configuration Guide Page 255...
Page 256 IP addresses. Many network administrators find this limitation frustrating when troubleshooting VRRP connectivity issues. 7450 ESS OS allows this access limitation to be selectively lifted for certain applications. Ping, Telnet and SSH can be individually enabled or disabled on a per-virtual-router-instance basis.
Page 257 IP addresses and routing IP packets not addressed to the virtual router IP addresses. This limitation can be disregarded for certain applications. Ping, Telnet and SSH can be individually enabled or disabled on a per-virtual-router-instance basis. 7450 ESS OS Router Configuration Guide Page 257...
Page 258 The telnet-reply command enables the non-owner master to reply to Telnet requests directed at the virtual router instances’ IP addresses. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parental IP Page 258 7450 ESS OS Router Configuration Guide...
Page 259 All other virtual router instances participating in this message domain must have the same vrid configured and cannot be configured as owner. Once created, the owner keyword is optional when entering the vrid for configuration purposes. 7450 ESS OS Router Configuration Guide Page 259...
Page 260 Once created as owner, a vrid on an IP interface cannot have the owner parameter removed. The vrid must be deleted and than recreated without the owner keyword to remove ownership. Page 260 7450 ESS OS Router Configuration Guide...
Page 261: Priority Policy Commands
Setting the in-use-priority-limit to a value equal to or larger than the virtual router instance base- priority prevents the delta priority control events from having any effect on the virtual router instance in-use priority value. Values 1 — 254 7450 ESS OS Router Configuration Guide Page 261...
Page 262 The policy-id must be removed first from all virtual router instances before the no policy command can be issued. If the policy-id is associated with a virtual router instance, the command will fail. Default none Page 262 7450 ESS OS Router Configuration Guide...
Page 263 A priority control event specifies an object to monitor and the effect on the in-use priority level for an associated virtual router instance. Up to 32 priority control events can be configured within the priority-event node. The no form of the command clears any configured priority events. 7450 ESS OS Router Configuration Guide Page 263...
Page 264: Priority Policy Event Commands
It is possible, on some event types, to have another set action reload the hold-set timer. This extends the amount of time that must expire before entering the cleared state. Page 264 7450 ESS OS Router Configuration Guide...
Page 265 If the priority command is not configured on the priority event, the priority-value defaults to 0 and the qualifier keyword defaults to delta, thus, there is no impact on the in-use priority. The no form of the command reverts to the default values. 7450 ESS OS Router Configuration Guide Page 265...
Page 266 The set explicit priority value with the lowest priority-level determines the actual in-use protocol value for all virtual router instances associated with the policy. Default delta Values delta, explicit Page 266 7450 ESS OS Router Configuration Guide...
Page 267: Priority Policy Port Down Event Commands
The events hold-set timer has no effect on the removal procedure. Default no port-down — No port down priority control events are defined. Parameters port-id — The port ID of the port monitored by the VRRP priority control event. 7450 ESS OS Router Configuration Guide Page 267...
Page 268 If the port is not provisioned, the event operational state is Set – non-provisioned. If the POS interface is configured as a clear-channel, the channel-id is 1 and the channel bandwidth is the full bandwidth of the port. Page 268 7450 ESS OS Router Configuration Guide...
Page 269: Priority Policy Lag Events Commands
If the event clears and becomes set again before the hold set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect. 7450 ESS OS Router Configuration Guide Page 269...
Page 270 A number-down node is not required for each possible number of ports that could be down. The active threshold is always the closest lower threshold. When the number of ports down equals a given threshold, that is the active threshold. Page 270 7450 ESS OS Router Configuration Guide...
Page 271 LAG equals or exceeds number-of- lag-ports-down, but does not equal or exceed the next highest configured number-of-lag-ports- down. Values 1 — 8 7450 ESS OS Router Configuration Guide Page 271...
Page 272: Priority Policy Host Unreachable Event Commands
If a ping fails, the event is considered to be set. If a ping is successful, the event is considered to be cleared. Multiple unique (different ip-address) host-unreachable event nodes can be configured within the priority-event node to a maximum of 32 events. Page 272 7450 ESS OS Router Configuration Guide...
Page 273 If the event clears and becomes set again before the hold set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect. 7450 ESS OS Router Configuration Guide Page 273...
Page 274 ICMP echo request message. The timeout value is not directly related to the configured interval parameter. The timeout value may be larger, equal, or smaller, relative to the interval value. Page 274 7450 ESS OS Router Configuration Guide...
Page 275 — The number of seconds before an ICMP echo request message is timed out. Once a message is timed out, a reply with the same identifier and sequence number is discarded. Values 1 — 60 7450 ESS OS Router Configuration Guide Page 275...
Page 276: Priority Policy Route Unknown Event Commands
The next-hop command is optional. If no next-hop ip-address commands are configured, the comparison between the RTM prefix return and the route-unknown IP route prefix are not included in the next hop information. Page 276 7450 ESS OS Router Configuration Guide...
Page 277 — This parameter defines IS-IS as an eligible route source for a returned route prefix from the RTM when looking up the route-unknown route prefix. The is-is parameter is not exclusive from the other available protocol parameters. If protocol is executed without the is-is parameter, 7450 ESS OS Router Configuration Guide Page 277...
Page 278 Set – inactive The route exists in the route table but is not being used. Set – wrong next hop The route exists in the route table but does not meet the next-hop requirements. Page 278 7450 ESS OS Router Configuration Guide...
Page 279 — The subnet mask length expressed as a decimal integer associated with the IP prefix defining the route prefix to be monitored by the route unknown priority control event. Values 0 — 32 7450 ESS OS Router Configuration Guide Page 279...
Page 280 ICMP echo request messages it generates. This allows received ICMP echo reply messages to be directed to the appropriate sending application. Values ip-prefix/mask: ip-prefix a.b.c.d (host bits must be 0) mask 0 — 32 Page 280 7450 ESS OS Router Configuration Guide...
Page 281: Show Commands
Down — Indicates that the administrative state of the VRRP instance is down. Up — Indicates that the operational state of the VRRP instance is up. Down — Indicates that the operational state of the VRRP instance is down. 7450 ESS OS Router Configuration Guide Page 281...
Page 282 VRRP master with a lower priority. No — The preempt mode is disabled and prevents the non-owner vir- tual router instance from preempting another, less desirable virtual router. Page 282 7450 ESS OS Router Configuration Guide...
Page 283 The date and time when operational state of the virtual router changed to master. For a backup virtual router, this value specifies the date and time when it received the first VRRP advertisement message from the virtual router which is the current master. 7450 ESS OS Router Configuration Guide Page 283...
Page 284 Mesg Intvl Discards : 0 Mesg Intvl Errors : 0 Addr List Discards Addr List Errors Auth Type Mismatch Auth Failures Invalid Auth Type Invalid Pkt Type IP TTL Errors Pkt Length Errors : 0 Page 284 7450 ESS OS Router Configuration Guide...
Page 285 When multiple explicitly defined events associated with the priority control policy happen simultaneously, the lowest value of all the cur- rent explicit priorities will be used as the in-use priority for the virtual router. 7450 ESS OS Router Configuration Guide Page 285...
Page 286 If the delta priority event is cleared, the priority-level is no longer used in the in-use priority calculation. Page 286 7450 ESS OS Router Configuration Guide...
Page 287 Event Type & ID Event Oper State Hold Set Priority In Remaining &Effect ------------------------------------------------------------------------------- Host Unreach 10.10.200.252 Expired 20 Del Host Unreach 10.10.200.253 Expired 10 Del Route Unknown 10.10.100.0/24 Expired 1 Exp =============================================================================== A:ALA-A# 7450 ESS OS Router Configuration Guide Page 287...
Page 288 Down — Indicates that the operational state of the VRRP instance is down. Base Pri The base priority used by the virtual router instance. InUse Priority The current in-use priority associated with the VRRP virtual router instance. Page 288 7450 ESS OS Router Configuration Guide...
Page 289 Value In Use Yes — The event is currently affecting the in-use priority of some virtual router. 7450 ESS OS Router Configuration Guide Page 289...
Page 290 Priority Control Event Host Unreachable 10.10.200.252 ------------------------------------------------------------------------------- Priority : 20 Priority Effect : Delta Interval : 1 sec Timeout : 1 sec Drop Count Hold Set Config : 0 sec Hold Set Remaining: Expired Page 290 7450 ESS OS Router Configuration Guide...
Page 291 Table 6: Show VRRP Statistics Output Label Description Displays the number of virtual router ID errors. VR Id Errors Displays the number of version errors. Version Errors Displays the number of checksum errors. Checksum Errors 7450 ESS OS Router Configuration Guide Page 291...
Page 292 Show Commands Sample Output A:ALA-48# show router vrrp statistics =============================================================================== VRRP Global Statistics =============================================================================== VR Id Errors Version Errors Checksum Errors =============================================================================== A:ALA-48# Page 292 7450 ESS OS Router Configuration Guide...
Page 293: Monitor Commands
Mesg Intvl Errors : 0 Addr List Discards Addr List Errors Auth Type Mismatch Auth Failures Invalid Auth Type Invalid Pkt Type IP TTL Errors Pkt Length Errors : 0 Total Discards =============================================================================== *A:ALA-A# 7450 ESS OS Router Configuration Guide Page 293...
Page 294: Clear Commands
— Clears the VRRP statistics for all VRRP instances on the specified IP inter- face. vrid virtual-router-id — Clears the VRRP statistics for the specified VRRP instance on the IP inter- face. Default All VRRP instances on the IP interface. Values 1 — 255 Page 294 7450 ESS OS Router Configuration Guide...
Page 295 VRRP policy [vrrp-policy-id] — Clears VRRP statistics for all or the specified VRRP priority control pol- icy. Default All VRRP policies. Values 1 — 9999 7450 ESS OS Router Configuration Guide Page 295...
Page 296: Vrrp Debug Commands
Description This command enables debugging for VRRP packets. The no form of the command disables debugging. Parameters ip-int-name — Displays the specified interface name. vrid virtual-router-id — Displays the specified VRID. Page 296 7450 ESS OS Router Configuration Guide...
Page 297: Filter Policies
Filter Policy Entities on page 301 → Redirect Policies on page 304 → VID Filters on page 307 • Creating and Applying Policies on page 303 • Configuration Notes on page 311 7450 ESS OS Router Configuration Guide Page 299...
Page 298: Service And Network Port-Based Filtering
The process stops when the first complete match is found and executes the action defined in the entry, either to drop or forward packets that match the criteria. Page 300 7450 ESS OS Router Configuration Guide...
Page 299 Router interface Egress multicast group Egress multicast group VLL SAP, spoke SDP VLL SAP, spoke SDP IES interface SAP, subscriber-interface Ipipe SAP, spoke SDP VPLS mesh/spoke SDP, SAP VPLS mesh/spoke SDP, SAP 7450 ESS OS Router Configuration Guide Page 301...
Page 300: Filter Policy Configuration Overview
SAP ingress — IP and MAC filter policies applied on the SAP ingress define the Service Level Agreement (SLA) enforcement of service packets as they ingress a SAP according to the filter policy match criteria. Page 302 7450 ESS OS Router Configuration Guide...
Page 301: Filter Policy Entities
• IES interfaces • Network ingress — IP filter policies are applied to network ingress IP interfaces. • Network egress — IP filter policies are applied to network egress IP interfaces. 7450 ESS OS Router Configuration Guide Page 303...
Page 302: Redirect Policies
IP address as an indirect next hop Policy Based Route (PBR) action. Page 304 7450 ESS OS Router Configuration Guide...
Page 303 5. The customer’s web browser will then close the original connection and open a new connec- tion to the web portal. 6. The web portal updates the ACL (directly or through SSC) to remove the redirection policy. 7. The customer connects to the original site. 7450 ESS OS Router Configuration Guide Page 305...
Page 304: Figure 7: Web Redirect Traffic Flow
Customer’s subscriber identification string Note that the subscriber identification string is available only when used with subscriber management. Refer to the subscriber management section of the 7450 ESS OS Triple Play Guide and the 7450 ESS OS Router Configuration Guide.
Page 305 SAP-ingress QoS setting allows for MAC-criteria type VID which uses the VID filter matching capabilities QoS and VID Filters (moved to QoS guide) on page 313. A VID filter entry can be used as a debug or lawful intercept mirror source entry. 7450 ESS OS Router Configuration Guide Page 307...
Page 306: Figure 8: Vid Filtering Examples
Tag available for matching and indication of which match criteria to use Figure 8: VID Filtering Examples VID filters are available on Ethernet SAPs for Epipe, VPLS or I-VPLS including eth-tunnel and eth-ring services. Page 308 7450 ESS OS Router Configuration Guide...
Page 307: Vid Filters
Note that the outer-tag is the only tag available for filtering on egress for frames arriving from MPLS SDPs or from PBB services even though additional tags may be carried transparently. 7450 ESS OS Router Configuration Guide Page 309...
Page 308: Figure 9: Port Groups
In the example, port A sap 1/1/1:1.* would have a filter as shown below while port A sap 1/1/1:2.* would not.: mac-filter 4 create default-action forward type vid entry 1 create match frame-type ethernet_II outer-tag 30 4095 exit action drop exit exit Page 310 7450 ESS OS Router Configuration Guide...
Page 309: Figure 10: Filter Creation And Implementation Flow
ASSOCIATE FILTER ID TO SAP SAVE CONFIGURATION Figure 10: Filter Creation and Implementation Flow Figure 11 displays the process to create filter policies and apply them to a service or network port. 7450 ESS OS Router Configuration Guide Page 311...
Page 310: Figure 11: Creating And Applying Filter Policies
CREATE AN IP OR MAC FILTER (FILTER ID) CREATE FILTER ENTRIES (ENTRY ID) SPECIFY ACTION, PACKET MATCHING CRITERIA CREATE SERVICE SELECT NETWORK PORT OR IP INTERFACE ASSOCIATE FILTER ID SAVE CONFIGURATION Figure 11: Creating and Applying Filter Policies Page 312 7450 ESS OS Router Configuration Guide...
Page 311: Packet Matching Criteria
MF (more fragment) bit set or have the Fragment Offset field of the IP header set to a non-zero value. • Option value — Entering an option value enables the first filter to search for a specific IP option. 7450 ESS OS Router Configuration Guide Page 313...
Page 312 PID allows the filter to match the two-byte IEEE 802.3 LLC SNAP protocol ID that follows the three-byte OUI field. The DSAP and mask accepts decimal and hex in the range of 0 to 65535. Page 314 7450 ESS OS Router Configuration Guide...
Page 313 ISID match criteria and must be set to isid to allow the use of isid match criteria. The ISID tag is identified using the PBB ethertype provisioned under config>port>ethernet>pbb-etype. 7450 ESS OS Router Configuration Guide Page 315...
Page 314 Table 9: DSCP Name to DSCP Value Table DSCP Name Decimal Hexadecimal Binary DSCP Value DSCP Value DSCP Value default af10 af11 af12 cp13 cp14 cp15 cp17 af21 cp19 af22 cp21 af23 cp23 cp25 af31 cp27 af32 cp29 Page 316 7450 ESS OS Router Configuration Guide...
Page 315 DSCP Value DSCP Value af33 cp21 cp33 af41 cp35 af42 cp37 af43 cp39 cp41 cp42 cp43 cp44 cp45 cp47 (cs6) cp49 cp50 cp51 cp52 cp53 cp54 cp55 cp56 cp57 (cs7) cp60 cp61 cp62 7450 ESS OS Router Configuration Guide Page 317...
Page 316 Experimental Access Control [Estrin] IMITD IMI Traffic Descriptor Extended Internet Protocol ADDEXT Address Extension RTRALT Router alert Selective directed broadcast NSAPA NSAP addresses Dynamic packet state Upstream multicast packet FINN Experimental flow control Page 318 7450 ESS OS Router Configuration Guide...
Page 317: Ordering Filter Entries
If a packet does not completely match, the packet continues to the next entry, and then subsequent entries. • If a packet does not completely match any subsequent entries, then the default action is performed. 7450 ESS OS Router Configuration Guide Page 319...
Page 318: Figure 12: Filtering Process Example
Action: Forward REMAINING PACKETS ARE DROPPED PER THE DEFAULT ACTION (DROP) SA: 10.10.10.103, DA: 10.10.10.107 SA: 10.10.10.103, DA: 10.10.10.108 SA: 10.10.10.192, DA: 10.10.10.16 SA: 10.10.10.155, DA: 10.10.10.21 Figure 12: Filtering Process Example Page 320 7450 ESS OS Router Configuration Guide...
Page 319: Applying Filters
If the packet completely matches all criteria in an entry, the checking stops. If permitted, the traffic is forwarded. If the packets do not match, they are discarded or forwarded based on the default action specified in the policy. 7450 ESS OS Router Configuration Guide Page 321...
Page 320: Mac Filters
Table 11: MAC Match Criteria Exclusivity Rules Frame Format Etype LLC – Header SNAP-OUI SNAP- PID (ssap & dsap) Ethernet – II 802.3 802.3 – snap a. When snap header is present, this is always set to AA-AA. Page 322 7450 ESS OS Router Configuration Guide...
Page 321: Log Filter
In case the mini-table has no more free entries, only total counter is incremented. • At expiry of the summarization interval, the mini-table for each type is flushed to the syslog destination. 7450 ESS OS Router Configuration Guide Page 323...
Page 322: Configuration Notes
Configuration Notes Page 324 7450 ESS OS Router Configuration Guide...
Page 323: Ip Filters
→ Modifying an IP Filter Policy on page 339 → Detaching/Deleting a Filter Policy on page 342 → Detaching/Deleting a Filter Policy on page 342 → Copying Filter Policies on page 344 7450 ESS OS Router Configuration Guide Page 325...
Page 324: Figure 13: Applying An Ip Filter To An Ingress Interface
20 create match protocol 6 tcp-syn true tcp-ack false exit action drop exit exit ---------------------------------------------- A:ALA-1>config>filter# Ingress Filter ALA-1 TCP Connection OSRG007 Figure 13: Applying an IP Filter to an Ingress Interface Page 326 7450 ESS OS Router Configuration Guide...
Page 325: Creating An Ip Filter Policy
At least one filter entry with matching criteria specified IP Filter Policy The following displays an exclusive filter policy configuration example: A:ALA-7>config>filter# info ---------------------------------------------- ip-filter 12 create description "IP-filter" scope exclusive exit ---------------------------------------------- A:ALA-7>config>filter# 7450 ESS OS Router Configuration Guide Page 327...
Page 326: Ip Filter Entry
[time-range time-range-name] [create] description description-string The following displays an IP filter entry configuration example. A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "filter-main" scope exclusive entry 10 create description "no-91" match exit no action exit exit ---------------------------------------------- A:ALA-7>config>filter>ip-filter# Page 328 7450 ESS OS Router Configuration Guide...
Page 327 20 create match protocol tcp dst-ip 100.0.0.2/32 dst-port eq 80 exit action forward exit entry 30 create match protocol tcp dst-ip 10.10.10.91/24 dst-port eq 80 exit action http-redirect "http://100.0.0.2/login.cgi?mac=$MAC$sap=$S AP&ip=$IP&orig_url=$URL" exit ---------------------------------------------- A:ALA-48>config>filter>ip-filter# 7450 ESS OS Router Configuration Guide Page 329...
Page 328: Ip Filter Entry
The following displays an IP filter entry configuration example. A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "filter-main" scope exclusive entry 10 create description "no-91" filter-sample interface-disable-sample match exit action forward redirect-policy redirect1 exit ---------------------------------------------- A:ALA-7>config>filter>ip-filter# Page 330 7450 ESS OS Router Configuration Guide...
Page 329: Ip Entry Matching Criteria
The following displays an IP filter matching configuration. *A:ALA-48>config>filter>ip-filter# info ---------------------------------------------- description "filter-mail" scope exclusive entry 10 create description "no-91" filter-sample interface-disable-sample match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward redirect-policy redirect2 exit ---------------------------------------------- *A:ALA-48>config>filter>ip-filter# 7450 ESS OS Router Configuration Guide Page 331...
Page 330: Creating A Mac Filter Policy
At least one filter entry. • Matching criteria specified. MAC Filter Policy The following displays an MAC filter policy configuration example: A:ALA-7>config>filter# info ---------------------------------------------- mac-filter 90 create description "filter-west" scope exclusive exit ---------------------------------------------- A:ALA-7>config>filter# Page 332 7450 ESS OS Router Configuration Guide...
Page 331: Creating An Isid Filter
"filter-wan-man" scope template type isid entry 1 create description "drop-local-isids" match isid 100 to 1000 exit action drop exit entry 2 create description "allow-wan-isids" match isid 150 exit action forward exit 7450 ESS OS Router Configuration Guide Page 333...
Page 332 1 create match frame-type ethernet_II ouiter-tag 85 4095 exit action drop exit entry 2 create match frame-type ethernet_II ouiter-tag 43 4095 exit action drop exit ---------------------------------------------- A:TOP_NODE>config>filter>mac-filter# Page 334 7450 ESS OS Router Configuration Guide...
Page 333: Mac Filter Entry
• Specify matching criteria. The following displays a MAC filter entry configuration example: A:sim1>config>filter# info ---------------------------------------------- mac-filter 90 create entry 1 create description "allow-104" match exit action drop exit exit ---------------------------------------------- A:sim1>config>filter# 7450 ESS OS Router Configuration Guide Page 335...
Page 334: Mac Entry Matching Criteria
The following displays a filter matching configuration example. A;ALA-7>config>filter>mac-filter# info ---------------------------------------------- description "filter-west" scope exclusive entry 1 create description "allow-104" match src-mac 00:dc:98:1d:00:00 ff:ff:ff:ff:ff:ff dst-mac 02:dc:98:1d:00:01 ff:ff:ff:ff:ff:ff exit action drop exit ---------------------------------------------- A:ALA-7>config>filter# Page 336 7450 ESS OS Router Configuration Guide...
Page 335: Creating Filter Log Policies
Filter Policies Creating Filter Log Policies The following displays a filter matching configuration example. A:ALA-48>config>filter>log# info detail --------------------------------------------- description "Test filter log." destination memory 1000 wrap-around no shutdown --------------------------------------------- A:ALA-48>config>filter>log# 7450 ESS OS Router Configuration Guide Page 337...
Page 336: Apply Ip And Mac Filter Policies
The following output displays IP and MAC filters assigned to an ingress and egress SAP and spoke SDP: A:ALA-48>config>service>epipe# info ---------------------------------------------- sap 1/1/1.1.1 create ingress filter ip 10 exit egress filter mac 92 exit Page 338 7450 ESS OS Router Configuration Guide...
Page 337 Filter Policies exit spoke-sdp 8:8 create ingress filter ip 10 exit egress filter mac 91 exit exit no shutdown ---------------------------------------------- A:ALA-48>config>service>epipe# 7450 ESS OS Router Configuration Guide Page 339...
Page 338: Apply An Ip Interface
The following displays an IP filter applied to an interface at ingress. A:ALA-48>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "to-104" address 10.0.0.103/24 port 1/1/1 ingress filter ip 10 exit egress filter ip 10 exit exit #------------------------------------------ A:ALA-48>config>router# Page 340 7450 ESS OS Router Configuration Guide...
Page 339: Creating A Redirect Policy
95 ping-test timeout 30 drop-count 5 exit no shutdown exit destination 10.10.10.106 create priority 90 url-test "URL_to_106" url "http://aww.alcatel.com/ipd/" interval 60 return-code 2323 4567 raise-priority 96 exit no shutdown exit ---------------------------------------------- A:ALA-7>config>filter# 7450 ESS OS Router Configuration Guide Page 341...
Page 340: Figure 14: Policy-Based Forwarding For Deep Packet Inspection
SAP 1/1/23:5 (which it should not). Figure shows an example to configure policy-based forwarding for deep packet inspection on a VPLS service. For information about configuring services, refer to the 7450 ESS OS Services Guide. DPI Box...
Page 341 The following displays a MAC filter configuration example: *A:ALA-48>config>filter# info ---------------------------------------------- mac-filter 100 create default-action forward entry 10 create match dot1p 7 7 exit log 101 action forward sap 1/1/22:1 exit exit ---------------------------------------------- *A:ALA-48>config>filter# 7450 ESS OS Router Configuration Guide Page 343...
Page 342 00:00:00:31:11:01 create exit sap 1/1/22:1 split-horizon-group "dpi" create disable-learning static-mac 00:00:00:31:12:01 create exit sap 1/1/23:5 create static-mac 00:00:00:31:13:05 create exit spoke-sdp 3:5 create exit no shutdown exit ..---------------------------------------------- *A:ALA-48>config>service# Page 344 7450 ESS OS Router Configuration Guide...
Page 343: Filter Management Tasks
Use the following CLI syntax to renumber existing MAC or IP filter entries to re-sequence filter entries: CLI Syntax: config>filter ip-filter filter-id renum old-entry-number new-entry-number mac-filter filter-id renum old-entry-number new-entry-number Example config>filter>ip-filter# renum 10 15 config>filter>ip-filter# renum 20 10 config>filter>ip-filter# renum 40 1 7450 ESS OS Router Configuration Guide Page 345...
Page 344 40 create exit match entry 30 create dst-ip 10.10.10.91/24 match src-ip 10.10.10.106/24 dst-ip 10.10.10.91/24 exit src-ip 10.10.0.200/24 action drop exit exit action forward exit exit exit ---------------------------------------------- A:ALA-7>config>filter# ---------------------------------------------- A:ALA-7>config>filter# Page 346 7450 ESS OS Router Configuration Guide...
Page 345: Modifying An Ip Filter Policy
10 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.100/24 exit action drop exit entry 15 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward exit entry 30 create match 7450 ESS OS Router Configuration Guide Page 347...
Page 346 Filter Management Tasks dst-ip 10.10.10.91/24 src-ip 10.10.0.200/24 exit action forward exit exit ---------------------------------------------- A:ALA-7>config>filter# Page 348 7450 ESS OS Router Configuration Guide...
Page 347: Modifying A Mac Filter Policy
1 create description "New entry info" match src-mac 00:dc:98:1d:00:00 ff:ff:ff:ff:ff:ff dst-mac 02:dc:98:1d:00:01 ff:ff:ff:ff:ff:ff exit action forward exit entry 2 create match dot1p 7 7 exit action drop exit exit ---------------------------------------------- A:ALA-7>config>filter# 7450 ESS OS Router Configuration Guide Page 349...
Page 348: Deleting A Filter Policy
To remove a filter from an egress SAP, enter the following CLI commands: CLI Syntax: config>service# [epipe | ies | vpls] service-id sap port-id[:encap-val] egress no filter Example config>service# epipe 5 config>service>epipe# sap 1/1/2:3 config>service>epipe>sap# egress config>service>epipe>sap>egress# no filter Page 350 7450 ESS OS Router Configuration Guide...
Page 349: From A Network Interface
After you have removed the filter from the SAP, use the following CLI syntax to delete the filter. CLI Syntax: config>filter# no ip-filter filter-id CLI Syntax: config>filter# no mac-filter filter-id Example config>filter# no ip-filter 11 config>filter# no mac-filter 7450 ESS OS Router Configuration Guide Page 351...
Page 350: Modifying A Redirect Policy
5 exit no shutdown exit destination 10.10.10.106 create priority 90 url-test "URL_to_Proxy" url "http://www.alcatel.com" interval 10 timeout 10 return-code 1 4294967295 raise-priority 255 exit no shutdown exit no shutdown exit ---------------------------------------------- A:ALA-7>config>filter# Page 352 7450 ESS OS Router Configuration Guide...
Page 351: Deleting A Redirect Policy
A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "This is new" scope exclusive entry 1 create filter-sample interface-disable-sample match dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 exit action forward redirect-policy redirect2 exit entry 2 create description "new entry" ---------------------------------------------- A:ALA-7>config>filter>ip-filter# 7450 ESS OS Router Configuration Guide Page 353...
Page 352: Copying Filter Policies
2 create ip-filter 12 create description "This is new" scope exclusive entry 1 create match dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 exit action drop exit entry 2 create ---------------------------------------------- A:ALA-7>config>filter# Page 354 7450 ESS OS Router Configuration Guide...
Page 353: Filter Command Reference
DHCP Filter Policy Commands config — filter — dhcp-filter filter-id [create] — no dhcp-filter filter-id — description description-string — no description — entry entry-id [create] — no entry entry-id — action {bypass-host-creation} 7450 ESS OS Router Configuration Guide Page 355...
Page 354 — multiple-option {true | false} — no multiple-option — option-present {true | false} — no option-present — src-ip{ip-address/mask | ip-address netmask} — no src-ip — src-port {{lt | gt | eq} src-port-number Page 356 7450 ESS OS Router Configuration Guide...
Page 355 — no snap-pid — ssap ssap-value [ssap-mask] — no ssap — src-mac ieee-address [ieee-address-mask] — no src-mac — renum old-entry-id new-entry-id — scope {exclusive | template} — no scope — type filter-type 7450 ESS OS Router Configuration Guide Page 357...
Page 356: Configuration Commands
— no interval — return-code return-code-1 [return-code-2] [disable | lower- priority priority | raise-priority priority] — no return-code return-code-1 [return-code-2] — timeout seconds — no timeout — url-string [http-version version-string] — no Page 358 7450 ESS OS Router Configuration Guide...
Page 357 [entry entry-id] [ingress | egress] Monitor Commands monitor — filter ip ip-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] — filter mac mac-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] 7450 ESS OS Router Configuration Guide Page 359...
Page 358 Filter Command Reference Page 360 7450 ESS OS Router Configuration Guide...
Page 359: Generic Commands
— The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7450 ESS OS Router Configuration Guide Page 361...
Page 360: Global Filter Commands
— Specifies the IP filter policy ID number. Values 1 — 65535 create — Keyword required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword. Page 362 7450 ESS OS Router Configuration Guide...
Page 361 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. There is no limit to the number of redirect policies that can be configured. 7450 ESS OS Router Configuration Guide Page 363...
Page 362: Dhcp Filter Commands
The no form of the command reverts to the default. Parameters present — Specifies that the related DHCP option must be present. absent — Specifies that the related DHCP option must be absent. Page 364 7450 ESS OS Router Configuration Guide...
Page 363: Filter Log Destination Commands
1000 entries. The number of entries and wrap-around behavior can be edited. Default log 101 Parameters log-id — The filter log ID destination expressed as a decimal integer. Values 101 — 199 7450 ESS OS Router Configuration Guide Page 365...
Page 364 Log packets received during the reconfiguration time will be handled as if summary was not active. The no form of the command reverts to the default parameter. Page 366 7450 ESS OS Router Configuration Guide...
Page 365 The no form of the command configures the memory filter log to accept filter log entries until full. When the memory filter log is full, filter logging for the log filter ID ceases. Default wrap-around 7450 ESS OS Router Configuration Guide Page 367...
Page 366: Filter Policy Commands
If the policy is removed from the entity, it will become available for assignment to another entity. template — When the scope of a policy is defined as template, the policy can be applied to multiple SAPs or network ports. Page 368 7450 ESS OS Router Configuration Guide...
Page 367 — Regular match criteria are allowed; ISID match not allowed. isid — Only ISID match criteria are allowed. vid — Configures the VID filter type used to match on ethernet_II frame types. This allows matching VLAN tags for explicit filtering. 7450 ESS OS Router Configuration Guide Page 369...
Page 368: General Filter Entry Commands
32 characters in length. The time-range name must already exist in the config>cron context. create — Keyword required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword. Page 370 7450 ESS OS Router Configuration Guide...
Page 369 The no form of the command disables logging for the filter entry. Default no log Parameters log-id — The filter log ID destination expressed as a decimal integer. Values 101 — 199 7450 ESS OS Router Configuration Guide Page 371...
Page 370: Ip Filter Entry Commands
This parameter is only valid for unnumbered point-to-point interfaces. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. redirect policy-name — Specifies the redirect policy configured in the config>filter>redirect- policy context. Page 372 7450 ESS OS Router Configuration Guide...
Page 371 If the cflowd is either not enabled or set to cflowd acl mode, this command is ignored. The no form of this command enables sampling. Default no interface-disable-sample match Syntax match [protocol protocol-id] no match Context config>filter>ip-filter>entry 7450 ESS OS Router Configuration Guide Page 373...
Page 372 Reliable Data Protocol idrp Inter-Domain Routing Protocol rsvp Reservation Protocol General Routing Encapsulation iso-ip ISO Internet Protocol eigrp EIGRP ospf-igp OSPFIGP ether-ip Ethernet-within-IP Encapsulation encap Encapsulation Header pnni PNNI over IP Protocol Independent Multicast Page 374 7450 ESS OS Router Configuration Guide...
Page 373 Protocol ID Description vrrp Virtual Router Redundancy Protocol l2tp Layer Two Tunneling Protocol Spanning Tree Protocol Performance Transparency Protocol isis ISIS over IPv4 crtp Combat Radio Transport Protocol crudp Combat Radio User Datagram 7450 ESS OS Router Configuration Guide Page 375...
Page 374: Mac Filter Entry Commands
0 — 4094 The SAP is identified by two 802.1Q tags on the port. qtag2: 0 — 4094 Note that a 0 qtag1 value also accepts untagged packets on the dot1q port. Page 376 7450 ESS OS Router Configuration Guide...
Page 375 802dot2-llc — Specifies the frame type is Ethernet IEEE 802.2 LLC. 802dot2-snap — Specifies the frame type is Ethernet IEEE 802.2 SNAP. ethernet_II — Specifies the frame type is Ethernet Type II. 7450 ESS OS Router Configuration Guide Page 377...
Page 376: Ip Filter Match Criteria
Values 0.0.0.0 — 255.255.255.255 mask — The subnet mask length expressed as a decimal integer. Values 0 — 32 netmask — Any mask epressed in dotted quad notation. Values 0.0.0.0 — 255.255.255.255 Page 378 7450 ESS OS Router Configuration Guide...
Page 377 L4 match criteria will not match non-initial (2nd, 3rd, etc) fragments of a fragmented packet since only the first fragment contains the L4 information. The no form of the command removes the match criterion. Default no fragment 7450 ESS OS Router Configuration Guide Page 379...
Page 378 The no form of the command removes the criterion from the match entry. Default no icmp-type Parameters icmp-type — The ICMP type values that must be present to match. Values 0 — 255 Page 380 7450 ESS OS Router Configuration Guide...
Page 379 Format Style Format Syntax Example Decimal Hexadecimal 0xHH 0x14 Binary 0bBBBBBBBB 0b0010100 Default 255 (decimal) (exact match) Values 1 — 255 (decimal) multiple-option Syntax multiple-option {true | false} no multiple-option Context config>filter>ip-filter>entry>match 7450 ESS OS Router Configuration Guide Page 381...
Page 380 The no form of the command removes the source IP address match criterion. Default no src-ip Parameters ip-address — The IP prefix for the IP match criterion in dotted decimal notation. Values 0.0.0.0 — 255.255.255.255 Page 382 7450 ESS OS Router Configuration Guide...
Page 381 IP packet as an IP filter match criterion. Note that an entry containing L4 match criteria will not match non-initial (2nd, 3rd, etc) fragments of a fragmented packet since only the first 7450 ESS OS Router Configuration Guide Page 383...
Page 382 — Specifies matching on IP packets that have the SYN bit set in the control bits of the TCP header. false — Specifies matching on IP packets that do not have the SYN bit set in the control bits of the TCP header. Page 384 7450 ESS OS Router Configuration Guide...
Page 383: Mac Filter Match Criteria
0bBBB 0b100 To select a range from 4 up to 7 specify p-value of 4 and a mask of 0b100 for value and mask. Default 7 (decimal) Values 1 — 7 (decimal) 7450 ESS OS Router Configuration Guide Page 385...
Page 384 This 8 bit mask can be configured using the following formats: Format Style Format Syntax Example Decimal Hexadecimal 0xHH 0xF0 Binary 0bBBBBBBBB 0b11110000 Default FF (hex) (exact match) Values 0x00 — 0xFF Page 386 7450 ESS OS Router Configuration Guide...
Page 385 The snap-pid field, etype field, ssap and dsap fields are mutually exclusive and may not be part of the same match criteria. Table 11, MAC Match Criteria Exclusivity Rules, on page 322 describes fields 7450 ESS OS Router Configuration Guide Page 387...
Page 386 The inner-tag is not applicable in ingress on dot1Q SAPs. The inner-tag may be populated on egress depending on the ingress SAP type. On QinQ SAPs of null and default that do not strip tags inner-tag will contain the second tag (which Page 388 7450 ESS OS Router Configuration Guide...
Page 387 This command configures an IEEE 802.3 LLC SNAP Ethernet Frame OUI zero or non-zero value to be used as a MAC filter match criterion. The no form of the command removes the criterion from the match criteria. Default no snap-oui 7450 ESS OS Router Configuration Guide Page 389...
Page 388 The no form of the command removes the source mac as the match criteria. Default no src-mac Parameters ieee-address — Enter the 48-bit IEEE mac address to be used as a match criterion. Values HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is a hexadecimal digit Page 390 7450 ESS OS Router Configuration Guide...
Page 389 — The 8-bit ssap match criteria value in hex. Values 0x00 — 0xFF ssap-mask — This is optional and may be used when specifying a range of ssap values to use as the match criteria. 7450 ESS OS Router Configuration Guide Page 391...
Page 390 Configuration Commands This 8 bit mask can be configured using the following formats: Format Style Format Syntax Example Decimal Hexadecimal 0xHH 0xF0 Binary 0bBBBBBBBB 0b11110000 Default none Values 0x00 — 0xFF Page 392 7450 ESS OS Router Configuration Guide...
Page 391: Policy And Entry Maintenance Commands
ID. If the destination filter ID exists, either overwrite must be specified or an error message will be returned. If overwrite is specified, the function of copying from source to destination occurs in a ‘break before make’ manner and therefore should be handled with care. 7450 ESS OS Router Configuration Guide Page 393...
Page 392 Parameters old-entry-id — Enter the entry number of an existing entry. Values 1 — 65535 new-entry-id — Enter the new entry-number to be assigned to the old entry. Values 1 — 65535 Page 394 7450 ESS OS Router Configuration Guide...
Page 393: Redirect Policy Commands
This command specifies the number of consecutive requests that must fail for the destination to be declared unreachable. Default drop-count 3 hold-down 0 Parameters consecutive-failures — Specifies the number of consecutive ping test failures before declaring the destination down. Values 1 — 60 7450 ESS OS Router Configuration Guide Page 395...
Page 394 — Specifies the amount of time, in seconds, that is allowed for receiving a response from the far end host. Values 1 — 60 priority Syntax priority priority no priority Context config>filter>destination Page 396 7450 ESS OS Router Configuration Guide...
Page 395 This command specifies the criterion to adjust the priority based on the test result. Multiple criteria can be specified with the condition that they are not conflicting or overlap. If the returned value is 7450 ESS OS Router Configuration Guide Page 397...
Page 396 For example, error code 401 for HTTP is “page not found.” If, while performing this test, the URL is not reachable, you can lower the priority by 10 points so that other means of reaching this destination are prioritized higher than the older one. Page 398 7450 ESS OS Router Configuration Guide...
Page 397 This command specifies the URL to be probed by the URL test. Default none Parameters url-string — Specify a URL up to 255 characters in length. http-version version-string — Specifies the HTTP version, 80 characters in length. 7450 ESS OS Router Configuration Guide Page 399...
Page 398 Configuration Commands Page 400 7450 ESS OS Router Configuration Guide...
Page 399: Show Commands
— Displays information on the specified filter entry ID for the specified filter ID only. Values 1 — 65535 associations — Appends information as to where the filter policy ID is applied to the detailed filter policy ID output. 7450 ESS OS Router Configuration Guide Page 401...
Page 400 *A:Dut-C>config>filter# show filter ip =============================================================================== IP Filters Total: =============================================================================== Filter-Id Scope Applied Description ------------------------------------------------------------------------------- 10001 Template Yes fSpec-1 Template Yes BGP FlowSpec filter for the Base router ------------------------------------------------------------------------------- Num IP filters: 2 =============================================================================== *A:Dut-C>config>filter# Page 402 7450 ESS OS Router Configuration Guide...
Page 401 Specifies matching packets with a specific IP option or a range of IP options in the IP header for IP filter match criteria. TCP-syn Configures a match on packets with the SYN flag set to False — false. 7450 ESS OS Router Configuration Guide Page 403...
Page 402 Off — match criteria. as part of the match criteria. Egr. Matches The number of egress filter matches/hits for the filter entry. Sample Output A:ALA-49>config>filter# show filter ip 3 =============================================================================== IP Filter Page 404 7450 ESS OS Router Configuration Guide...
Page 403 Log Id : n/a Src. IP : 0.0.0.0/0 Src. Port : None Dest. IP : 0.0.0.0/0 Dest. Port : None Protocol Dscp : Undefined ICMP Type : Undefined ICMP Code : Undefined 7450 ESS OS Router Configuration Guide Page 405...
Page 404 Filter Id : 10 Applied : No Scope : Template Def. Action : Drop Entries ------------------------------------------------------------------------------- Filter Match Criteria : IP ------------------------------------------------------------------------------- Entry : 1010 time-range : day Cur. Status : Inactive Page 406 7450 ESS OS Router Configuration Guide...
Page 405 Int. Sampling : On IP-Option : 0/0 Multiple Option: Off TCP-syn : Off TCP-ack : Off Match action : Forward Next Hop : 172.22.184.101 Ing. Matches : 0 Egr. Matches =============================================================================== A:ALA-49# 7450 ESS OS Router Configuration Guide Page 407...
Page 406 The ICMP type match criterion. indicates no ICMP type ICMP Type Undefined specified. Configures a match on all non-fragmented IP packets. Fragment False — Configures a match on all fragmented IP packets. True — Page 408 7450 ESS OS Router Configuration Guide...
Page 407 On — The option fields are not checked. Multiple Option Off — Packets containing one or more option fields in the IP header On — will be used as IP filter match criteria. 7450 ESS OS Router Configuration Guide Page 409...
Page 408 Show Filter Associations (with TOD-suite specified) — If a filter is referred to in a TOD Suite assignment, it is displayed in the show filter associations command output: A:ALA-49# show filter ip 160 associations =============================================================================== IP Filter =============================================================================== Filter Id : 160 Applied : No Page 410 7450 ESS OS Router Configuration Guide...
Page 409 The number of egress filter matches/hits for the filter entry. Egr. Matches Note that egress counters count the packets without Layer 2 encapsula- tion. Ingress counters count the packets with Layer 2 encapsulation. 7450 ESS OS Router Configuration Guide Page 411...
Page 410 The MAC filter policy ID. Filter Id The filter policy is of type Template. Scope Template — The filter policy is of type Exclusive. Exclusiv — Description The IP filter policy description. Page 412 7450 ESS OS Router Configuration Guide...
Page 411 , the Inactive filter entry is incomplete, no action was specified. Packets matching the filter entry criteria will be dropped. Drop — Packets matching the filter entry criteria is forwarded. Forward — 7450 ESS OS Router Configuration Guide Page 413...
Page 412 The service ID on which the filter policy ID is applied. The Service Access Point on which the filter policy ID is applied. The type of service of the Service ID. Type Page 414 7450 ESS OS Router Configuration Guide...
Page 413 =============================================================================== A:ALA-49# Filter Entry Counters Output — When the counters keyword is specified, the filter entry output displays the filter matches/hit information. The following table describes the command output for the command. 7450 ESS OS Router Configuration Guide Page 415...
Page 414 Def. Action : Forward Entries Description : Description for Mac Filter Policy id # 8 ------------------------------------------------------------------------------- Filter Match Criteria : Mac ------------------------------------------------------------------------------- Entry FrameType : Ethernet Ing. Matches: 80 pkts (5440 bytes) Page 416 7450 ESS OS Router Configuration Guide...
Page 415 Specifies the amount of time in seconds that is allowed for receiving a response from the far-end host. If a reply is not received within this time the far-end host is considered unresponsive. 7450 ESS OS Router Configuration Guide Page 417...
Page 416 Admin State : Up Oper State : Up SNMP Test : SNMP-1 Interval : 30 Timeout Drop Count : 30 Hold Down : 120 Hold Remain Last Action at : None Taken ------------------------------------------------------------------------------- Page 418 7450 ESS OS Router Configuration Guide...
Page 417 URL Test : URL_to_Proxy Interval : 10 Timeout : 10 Drop Count Hold Down Hold Remain Last Action at : 03/19/2007 05:04:15 Action Taken : Disable Priority Change: 0 Return Code =============================================================================== ALA-A# 7450 ESS OS Router Configuration Guide Page 419...
Page 418 — The filter log ID destination expressed as a decimal integer. Values 101 — 199 Syntax mac mac-filter-id [entry entry-id] [ingress | egress] Context clear>filter Clears the counters associated with the MAC filter policy. Page 420 7450 ESS OS Router Configuration Guide...
Page 419 — Specifies that only the counters associated with the specified filter policy entry will be cleared. Values 1 — 65535 ingress — Specifies to only clear the ingress counters. egress — Specifies to only clear the egress counters. 7450 ESS OS Router Configuration Guide Page 421...
Page 420 [interval seconds] [repeat repeat] [absolute | rate] Context monitor Description This command monitors the counters associated with the MAC filter policy. Parameters mac-filter-id — The MAC filter policy ID. Values 1 — 65535 Page 422 7450 ESS OS Router Configuration Guide...
Page 421 — When the absolute keyword is specified, the raw statistics are displayed, without pro- cessing. No calculations are performed on the delta or rate statistics. rate — When the rate keyword is specified, the rate-per-second for each statistic is displayed instead of the delta. 7450 ESS OS Router Configuration Guide Page 423...
Page 422 Show Commands Page 424 7450 ESS OS Router Configuration Guide...
Page 423: Cflowd
• Cflowd Overview on page 426 → Operation on page 427 → Cflowd Filter Matching on page 431 • Cflowd Configuration Process Overview on page 432 • Configuration Notes on page 433 7450 ESS OS Router Configuration Guide Page 425...
Page 424: Cflowd Overview
Cflowd is not supported on the 7750 SR-1 chassis. For the 7450 guides, it is only supported on the ESS-7 and 12 if mixed mode is enabled. Page 426 7450 ESS OS Router Configuration Guide...
Page 425: Figure 15: Basic Cflowd Steps
6. If a flow has been active for a period of time equal to or greater than the active timer (default 30 minutes), then the entry is removed from the flow cache. 7450 ESS OS Router Configuration Guide Page 427...
Page 426: Cflowd Overview
V8 record format. Figure 16 depicts Version 5, Version 8, Version 9, and Version 10 flow processing. Page 428 7450 ESS OS Router Configuration Guide...
Page 427: Figure 16: V5, V8, V9, V10, And Flow Processing
• When the user executes a clear cflowd command. • When other measures are met that apply to aggressively age flows as the cache becomes too full (such as overflow percent). 7450 ESS OS Router Configuration Guide Page 429...
Page 428 IPv4, IPv6, and MPLS. Version 10 is interoperable with RFC 5150 and 5102. Page 430 7450 ESS OS Router Configuration Guide...
Page 429: Cflowd Filter Matching
Subsequent packets in the same flow are then forwarded without needing to be matched against the complete set of filters. Specific performance varies depending on the number and complexity of the filters. 7450 ESS OS Router Configuration Guide Page 431...
Page 430: Figure 17: Cflowd Configuration And Implementation Flow
Cflowd ACL, where IP filters must be created with entries containing the action filter- sampled. In this mode only traffic matching these filter entries will be subject to the cflowd sampling process. Page 432 7450 ESS OS Router Configuration Guide...
Page 431: Operation
Sampling must be enabled on either: → An IP filter which is applied to a port or service. → An interface on a port or service. Cflowd is only available when mixed-mode is enabled on the system. 7450 ESS OS Router Configuration Guide Page 433...
Page 432 Configuration Notes Page 434 7450 ESS OS Router Configuration Guide...
Page 433 Specifying Sampling Options in Filter Entries on page 452 • Cflowd Configuration Management Tasks on page 455 → Modifying Global Cflowd Components on page 455 → Modifying Cflowd Collector Parameters on page 456 7450 ESS OS Router Configuration Guide Page 435...
Page 434: Cflowd Configuration Overview
IP next hop • BGP next hop • ICMP type and code • IP version • Source prefix (from routing) • Destination prefix (from routing) • MPLS label stack from label 1 to 6 Page 436 7450 ESS OS Router Configuration Guide...
Page 435 The following aggregation schemes are supported: • AS matrix — Flows are aggregated based on source and destination AS and ingress and egress interface. 7450 ESS OS Router Configuration Guide Page 437...
Page 436: Cflowd Configuration Overview
Source-destination prefix — Flows are aggregated based on source prefix and mask, destination prefix and mask, source and destination AS, ingress interface and egress interface. • Raw — Flows are not aggregated and are sent to the collector in a V5 record. Page 438 7450 ESS OS Router Configuration Guide...
Page 437: Basic Cflowd Configuration
A:ALA-1>config>cflowd# info detail ---------------------------------------------- active-timeout 30 cache-size 65536inactive-timeout 15 overflow 1 rate 1000 collector 10.10.10.103:2055 version 9 no aggregation autonomous-system-type origin description "V9 collector" no shutdown exit template-retransmit 330 exit no shutdown ---------------------------------------------- A:ALA-1>config>cflowd# 7450 ESS OS Router Configuration Guide Page 439...
Page 438: Global Cflowd Components
Global Cflowd Components The components common (global) to all instances of cflowd include the following parameters: • Active timeout • Inactive timeout • Cache size • Overflow • Rate • Template retransmit Page 440 7450 ESS OS Router Configuration Guide...
Page 439: Configuring Cflowd
{version [5 | 8 | 9 |10]} aggregation as-matrix destination-prefix protocol-port source-destination-prefix source-prefix template-set {basic | mpls-ip} autonomous-system-type [origin | peer] description description-string no shutdown no shutdown 7450 ESS OS Router Configuration Guide Page 441...
Page 440: Enabling Cflowd
The following example displays the default values when cflowd is initially enabled. No collectors or collector options are configured. A:ALA-1>config# info detail #------------------------------------------ echo "Cflowd Configuration" #------------------------------------------ cflowd active-timeout 30 cache-size 65536 inactive-timeout 15 overflow 1 rate 1000 template-retransmit 600 no shutdown exit #------------------------------------------ A:ALA-1>config# Page 442 7450 ESS OS Router Configuration Guide...
Page 441: Configuring Global Cflowd Parameters
The following example displays a common cflowd component configuration: A:ALA-1>config>cflowd# info #------------------------------------------ active-timeout 20 inactive-timeout 10 overflow 10 rate 100 #------------------------------------------ A:ALA-1>config>cflowd# 7450 ESS OS Router Configuration Guide Page 443...
Page 442: Configuring Cflowd Collectors
"AS info collector" exit collector 10.10.10.2:5000 version 8 aggregation protocol-port source-destination-prefix exit autonomous-system-type peer description "Neighbor collector" exit ----------------------------------------- A:ALA-1>config>cflowd# Version 9 Collector example: collector 10.10.10.9:2000 version 9 description "v9collector" template-set mpls-ip no shutdown Page 444 7450 ESS OS Router Configuration Guide...
Page 443 IP version (60) ICMP Type & Code (32) BGP Source ASN (16) BGP Dest ASN (17) Source IPv4 Prefix Length (9) Dest IPv4 Prefix Length (13) MPLS-IPv4 Template: IPv4 Src Addr (8) 7450 ESS OS Router Configuration Guide Page 445...
Page 444 Protocol (4) IPv6 Options Hdr (64) IPv6 Next Header (193) IPv6 Flow Label (31) TOS (5) IP version (60) IPv6 ICMP Type & Code (139) BGP Source ASN (16) BGP Dest ASN (17) Page 446 7450 ESS OS Router Configuration Guide...
Page 445 Egress Interface (14) Packet Count (2) Byte Count (1) MPLS Label 1 (70) MPLS Label 2 (71) MPLS Label 3 (72) MPLS Label 4 (73) MPLS Label 5 (74) MPLS Label 6 (75) 7450 ESS OS Router Configuration Guide Page 447...
Page 446 IP version (60) ICMP Type & Code (32) MPLS Label 1 (70) MPLS Label 2 (71) MPLS Label 3 (72) MPLS Label 4 (73) MPLS Label 5 (74) MPLS Label 6 (75) Page 448 7450 ESS OS Router Configuration Guide...
Page 447: Enabling Cflowd On Interfaces And Filters
Specifying Cflowd Options on an IP Interface on page 450 → Interface Configurations on page 450 → Service Interfaces on page 451 • Specifying Sampling Options in Filter Entries on page 452 → Interface Configurations on page 450 7450 ESS OS Router Configuration Guide Page 449...
Page 448: Specifying Cflowd Options On An Ip Interface
If The interface cflowd is not enabled ( ) then traffic sampling will not occur on the interface. no cflowd Page 450 7450 ESS OS Router Configuration Guide...
Page 449: Service Interfaces
Cflowd is supported on IES and VPRN services interfaces only. Layer 2 traffic is excluded. All packets forwarded by the interface are analyzed according to the cflowd configuration. On the interface level, cflowd can be associated with a filter (ACL) or an IP interface. 7450 ESS OS Router Configuration Guide Page 451...
Page 450: Specifying Sampling Options In Filter Entries
When the interface-disable-sample command is enabled, then traffic matching the associated IP filter entry is not sampled if the IP interface is set to cflowd ACL mode. Page 452 7450 ESS OS Router Configuration Guide...
Page 451: Service Interfaces
Filter Configurations on page 452 Depending on the combination of interface and filter entry configurations determine if and when flow sampling occurs. Table 14 displays the expected results when specific features are enabled and disabled. 7450 ESS OS Router Configuration Guide Page 453...
Page 452: Dependencies
Interface mode All IP traffic ingressing the none interface interface is subject to sampling. Interface mode Filter level action is ignored. All filter sampled interface traffic ingressing the interface is subject to sampling. Page 454 7450 ESS OS Router Configuration Guide...
Page 453: Cflowd Configuration Management Tasks
Example: config>cflowd# active-timeout 60 config>cflowd# no inactive-timeout config>cflowd# overflow 2 config>cflowd# rate 10 The following example displays the common cflowd component configuration: A:ALA-1>config>cflowd# info #------------------------------------------ active-timeout 60 overflow 2 rate 10 #------------------------------------------ A:ALA-1>config>cflowd# 7450 ESS OS Router Configuration Guide Page 455...
Page 454: Modifying Cflowd Collector Parameters
The following displays basic cflowd modifications: A:ALA-1>config>cflowd# info ----------------------------------------- active-timeout 60 overflow 2 rate 10 collector 10.10.10.1:2000 version 5 description "AS info collector" exit collector 10.10.10.2:5000 version 8 aggregation source-prefix exit description "Test collector" exit ----------------------------------------- A:ALA-1>config>cflowd# Page 456 7450 ESS OS Router Configuration Guide...
Page 455: Cflowd Configuration Commands
The no form of this command resets the inactive timeout back to the default value. Default Parameters minutes — The value expressed in minutes before an active flow is exported. Values 1 — 600 7450 ESS OS Router Configuration Guide Page 457...
Page 456 — The IP address of the flow data collector in dotted decimal notation. :port — The UDP port of flow data collector. Values 1— 65535 Default 2055 version — The version of the flow data collector. Values 5, 8, 9, 10 Default Page 458 7450 ESS OS Router Configuration Guide...
Page 457 The no form removes this type of aggregation from the collector configuration. Default none protocol-port Syntax [no] protocol-port Context config>cflowd>collector>aggregation Description This command specifies that flows be aggregated based on the IP protocol, source port number, and destination port number. 7450 ESS OS Router Configuration Guide Page 459...
Page 458 [no] source-prefix Context config>cflowd>collector>aggregation Description This command configures cflowd aggregation based on source prefix information. The no form of this command removes this type of aggregation from the collector configuration. Default none Page 460 7450 ESS OS Router Configuration Guide...
Page 459 The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted. The no form of this command administratively enables an entity. 7450 ESS OS Router Configuration Guide Page 461...
Page 460 Parameters seconds — Specifies the amount of time, in seconds, that must elapse without a packet matching a flow in order for the flow to be considered inactive. Values 10 — 600 Page 462 7450 ESS OS Router Configuration Guide...
Page 461 Context config>cflowd Description This command specifies the interval for sending template definitions. Default Parameters seconds — The value expressed in seconds before sending template definitions. Values 10 — 600 7450 ESS OS Router Configuration Guide Page 463...
Page 462 Cflowd Configuration Commands Page 464 7450 ESS OS Router Configuration Guide...
Page 463: Cflowd Command Reference
— no rate — [no] shutdown — template-retransmit seconds — no template-retransmit Show Commands show — cflowd — collector [ip-address[:port]] [detail] — interface [ip-int-name | ip-address] — status Clear Commands clear — cflowd 7450 ESS OS Router Configuration Guide Page 465...
Page 464 Cflowd Command Reference Page 466 7450 ESS OS Router Configuration Guide...
Page 465: Show Commands
The current operational status of this Cflowd remote collector host. Oper The number of Cflowd records that have been transmitted to this Recs Sent remote collector host. The total number of collectors using this IP address. Collectors 7450 ESS OS Router Configuration Guide Page 467...
Page 466 The number of Cflowd records that have been transmitted to this remote collector host. The time when this row entry was last changed. Last Changed The time when the last Cflowd packet was sent to this remote collector Last Pkt Sent host. Page 468 7450 ESS OS Router Configuration Guide...
Page 467 Last Pkt Sent : 09/03/2009 18:06:41 ------------------------------------------------------------------------------- Aggregation Type Status Sent Open Errors ------------------------------------------------------------------------------- as-matrix Disabled protocol-port Disabled source-prefix Enabled destination-prefix Enabled source-destination-prefix Disabled Disabled =============================================================================== Address : 138.120.135.103 Port : 9996 7450 ESS OS Router Configuration Guide Page 469...
Page 468 Displays the administrative state of the interface. Admin Displays the operational state of the interface. Oper Sample Output B:sr-002# show cflowd interface =============================================================================== Cflowd Interfaces =============================================================================== Interface IP Address Mode Admin Oper Page 470 7450 ESS OS Router Configuration Guide...
Page 469 The rate at which traffic is sampled and forwarded for Cflowd anal- ysis. All packets are analyzed. one (1) — Every 1000th packet is analyzed. 1000 (default) — The current number of active flows being collected. Active Flows 7450 ESS OS Router Configuration Guide Page 471...
Page 470 Overflow : 1% Sample Rate Active Flows : 34 Total Pkts Rcvd : 801600 Total Pkts Dropped =============================================================================== Version Info =============================================================================== Version Status Sent Open Errors ------------------------------------------------------------------------------- Enabled Enabled Enabled Enabled =============================================================================== Page 472 7450 ESS OS Router Configuration Guide...
Page 471: Clear Commands
This action will trigger all the flows to be discarded. The cache restarts flow data collection from a fresh state. This command also clears global stats collector stats listed in the cflowd show commands. 7450 ESS OS Router Configuration Guide Page 473...
Page 472 Clear Commands Page 474 7450 ESS OS Router Configuration Guide...
Page 473: Standards And Protocol Support
Standards and Protocol Support Standards Compliance RFC 3623 Graceful OSPF Restart – GR RFC 5065 Confederations for BGP helper (obsoletes 3065) IEEE 802.1ab-REV/D3 Station and RFC 3630 Traffic Engineering (TE) Media Access Control Connectivity IS-IS Extensions to OSPF Version 2 Discovery RFC 1142 OSI IS-IS Intra-domain RFC 4203 - Shared Risk Link Group...
Page 474 Standards and Protocols draft-ietf-ipsec-isakmp-modecfg-05.txt – Multicast RFC 3443 Time To Live (TTL) The ISAKMP Configuration Processing in Multi-Protocol Label RFC 1112 Host Extensions for IP Method Switching (MPLS) Networks Multicasting (Snooping) RFC 4182 Removing a Restriction on the RFC 2236 Internet Group Management IPv6 use of MPLS Explicit NULL Protocol, (Snooping)
Page 475 Standards and Protocols to-Multipoint TE Label Switched draft-ietf-bfd-mib-00.txtBidirectional FRF.16.1 Multilink Frame Relay UNI/ Paths (LSPs) Forwarding Detection Management NNI Implementation Agreement Information Base RFC 5151 Inter-domain MPLS and ITU-T Q.933 Annex A- Additional GMPLS Traffic Engineering – RFC 5880 Bidirectional Forwarding procedures for Permanent Virtual RSVP-TE Extensions Detection...
Page 476 Standards and Protocols VPLS draft-ietf-pwe3-redundancy-bit-03.txt, MEF-8 Implementation Agreement for Pseudowire Preferential Forwarding the Emulation of PDH Circuits over RFC 4762 Virtual Private LAN Services Status bit definition Metro Ethernet Networks, October Using LDP 2004 draft-ietf-pwe3-redundancy-03.txt, draft-ietf-l2vpn-vpls-mcast-reqts-04 Pseudowire (PW) Redundancy RFC 5287 Control Protocol Extensions draft-ietf-l2vpn-signaling-08 for the Setup of Time-Division draft-ietf-pwe3-fat-pw-05 Flow Aware...
Page 477 Standards and Protocols ITU-T G.8261 Telecommunication RFC 2575 SNMP-View-based ACM- TIMETRA-FILTER-MIB.mib Standardization Section of ITU, TIMETRA-GLOBAL-MIB.mib Timing and synchronization aspects RFC 2576 SNMP-Community-MIB TIMETRA-IGMP-MIB.mib in packet networks, issued 04/2008. RFC 2665 EtherLike-MIB TIMETRA-ISIS-MIB.mib ITU-T G.8262 Telecommunication RFC 2819 RMON-MIB TIMETRA-LAG-MIB.mib Standardization Section of ITU, RFC 2863 IF-MIB TIMETRA-LDP-MIB.mib...
Page 478 Standards and Protocols Page 480 Standards and Protocols...
Page 479 IP address range network interface overview matching criteria router ID DSCP values service management tasks system interface IP option values system name packets policies policy entries VRRP port-based filtering overview 7450 ESS OS Router Configuration Guide Page 481...
Page 480 IP addresses owner and non-owner virtual router virtual router backup virtual router master VRID configuring basic command reference IES parameters non-owner owner management tasks overview router interface non-owner owner VRRP policy parameters Page 482 7450 ESS OS Router Configuration Guide...