H3C SR6600 Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Network Router
  5. SR6600 SPE-FWM
  6. Configuration manual
H3C SR6600 Configuration Manual

H3C SR6600 Configuration Manual

Layer 2 – wan configuration
Hide thumbs Also See for SR6600:
Table of Contents

Advertisement

Quick Links

Download this manual
H3C SR6600 Routers
Layer 2 – WAN
Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Document Version: 20100930-C-1.08
Product Version: SR6600-CMW520-R2420

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SR6600 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C SR6600

Summary of Contents for H3C SR6600

  • Page 1 H3C SR6600 Routers Layer 2 – WAN Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document Version: 20100930-C-1.08 Product Version: SR6600-CMW520-R2420...
  • Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners.
  • Page 3 The H3C SR6600 documentation set includes 13 configuration guides, which describe the software features for the H3C SR6600 Routers and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
  • Page 4 Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. About the H3C SR6600 Documentation Set The H3C SR6600 documentation set includes: Category...
  • Page 5 Obtaining Documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support &...

  • Page 6: Table Of Contents

    Table of Contents 1 ATM Configuration ............................1-1 Introduction to ATM Technology ......................1-1 ATM Overview ..........................1-1 ATM Architecture..........................1-2 Overview of IPoA, IPoEoA, PPPoA and PPPoEoA Applications............1-3 IPoA ..............................1-3 IPoEoA ............................1-3 PPPoA .............................1-3 PPPoEoA............................1-3 ATM Service Types..........................1-4 CBR ..............................1-4 rt_VBR .............................1-4 nrt_VBR ............................1-4 UBR ..............................1-4 Introduction to InARP ..........................1-4 ATM OAM ...............................1-5...
  • Page 7 PPPoA Configuration Example .....................1-20 PPPoEoA Server Configuration Example ..................1-22 ATM PVC Transmit Priority Configuration Example..............1-23 Troubleshooting ATM..........................1-24 Link State Error in IPoA Application ....................1-24 Link Report Error in PPPoA Application ..................1-24 Ping Failure ...........................1-24 ATM Interface State Error ......................1-25 PVC State is Down while ATM Interface State is Up ..............1-25 Ping Failure after PPPoA Configuration ..................1-25 Packet Loss and CRC Errors and Changes of Interface State .............1-26 2 PPP and MP Configuration ........................2-27...
  • Page 8 4 L2TP Configuration ..........................4-67 L2TP Overview............................4-67 Introduction............................4-67 Typical L2TP Networking Application....................4-68 Basic Concepts of L2TP ........................4-69 L2TP Tunneling Modes and Tunnel Establishment Process ............4-70 L2TP Features..........................4-73 Protocols and Standards .......................4-73 L2TP Configuration Task List........................4-73 Configuring Basic L2TP Capability .......................4-74 Configuring an LAC..........................4-75 Configuring an LAC to Initiate Tunneling Requests for Specified Users........4-75 Configuring an LAC to Transfer AVP Data in Hidden Mode ............4-75 Configuring AAA Authentication of VPN Users on LAC Side............4-76...
  • Page 9 Configuring the Link State Polling Interval ....................6-99 HDLC Configuration Examples ......................6-99 Basic HDLC Configuration Example .....................6-99 HDLC in Conjunction with IP Unnumbered Interface Configuration Example ......6-100 7 HDLC Link Bundling Configuration .....................7-103 Overview .............................7-103 Basic Concepts of HDLC Link Bundling ..................7-103 How HDLC Link Bundling Works....................7-104 Configuring an HDLC Link Bundle Interface..................7-105 Assigning an Interface to an HDLC Link Bundle.................7-107...
  • Page 10 MFR Direct Connection Configuration Example .................9-127 MFR Switched Connection Configuration Example ..............9-128 10 Modem Management Configuration ....................10-131 Overview ............................10-131 Modem Management Configuration....................10-131 Setting the Modem Answer Mode .....................10-132 Issuing an AT Command to a Modem..................10-132 Troubleshooting ..........................10-132 11 Index ..............................11-134...

  • Page 11: Atm Configuration

    ATM Configuration This chapter includes these sections: Introduction to ATM Technology Overview of IPoA, IPoEoA, PPPoA and PPPoEoA Applications ATM Service Types ATM Configuration Task list Configuring an ATM Interface Configuring an ATM Subinterface Configuring a PVC and the Maximum Number of PVCs Allowed on an Interface Configuring an ATM Class Configuring VP Policing Configuring Applications Carried by ATM...

  • Page 12: Atm Architecture

    ATM Architecture ATM has a three-dimensional architecture. It consists of three planes: user plane, control plane, and management plane. Both the user plane and the control plane are divided into four layers, namely, physical layer, ATM layer, ATM Adaptation Layer (AAL), and upper layer, each of which are further divided into sub-layers.

  • Page 13: Overview Of Ipoa, Ipoeoa, Pppoa And Pppoeoa Applications

    specific services provided in an ATM network. Most ATM equipment vendors adopt AAL5 for data communication services. ATM upper layer protocols take charge of WAN interconnection, voice interconnection, Layer 3 interconnection, encapsulation, LAN emulation, multi-protocol over ATM, and traditional IP. Overview of IPoA, IPoEoA, PPPoA and PPPoEoA Applications ATM interfaces support the IPoA, IPoEoA, PPPoA and PPPoEoA applications.

  • Page 14: Atm Service Types

    ATM Service Types ATM supports four service types: constant bit rate (CBR), unspecified bit rate (UBR), real-time variable bit rate (rt_VBR) and non-real-time variable bit rate (nrt_VBR). They are used for the QoS purpose. CBR provides ensured, constant bandwidth. The bandwidth assigned to the CBR service is decided by the peak cell rate (PCR).

  • Page 15: Atm Oam

    Figure 1-2 Inverse address resolution procedure of InARP ATM OAM OAM stands for Operation And Maintenance in the ITU-T I.610 recommendation (02/99) and Operation Administration and Maintenance in LUCENT APC User Manual (03/99). Whichever expansion is adopted, OAM provides a way of detecting faults, isolating faults, and monitoring network performance without interrupting ongoing services.

  • Page 16: Configuring An Atm Interface

    Task Remarks Configuring an ATM Interface Required Configuring an ATM Subinterface Configuring an ATM Optional Checking Existence of PVCs When Determining Subinterface the Protocol State of an ATM P2P Subinterface Configuring PVC Parameters Required Assigning a Transmission Priority to an ATM Optional Configuring a PVC and the Maximum Number of PVCs...

  • Page 17: Checking Existence Of Pvcs When Determining The Protocol State Of An Atm P2P Subinterface

    To do… Use the command… Remarks Optional Set the MTU for the ATM mtu mtu-number subinterface 1500 bytes by default Optional Shut down the ATM interface shutdown By default, an ATM interface is up. The keywords p2mp and p2p are available with the interface atm interface-number.subnumber only when you are creating an ATM subinterface.

  • Page 18: Setting The Clp Bit For Atm Cells

    To do... Use the command… Remarks Optional Set the AAL5 encapsulation protocol encapsulation aal5-encap By default, aal5snap encapsulation type for the specified PVC is adopted. Optional By default, OAM F5 Loopback cell Start transmission and retransmission oam frequency frequency [ up transmission is disabled.

  • Page 19: Assigning A Transmission Priority To An Atm Pvc

    To do… Use the command… Remarks Enter system view — system-view traffic classifier tcl-name Create a class and enter class view — [ operator { and | or } ] Configure the match criteria if-match [ not ] match-criteria — Quit to system view —...

  • Page 20: Configuring Pvc Service Mapping

    To do… Use the command… Remarks Optional Assign a transmission priority to By default, the priority value is 0 for transmit-priority value the ATM PVC the UBR service, 5 for the nrt_VBR service and 8 for the rt_VBR. Currently, you can assign transmission priorities to ATM PVCs only on a MIM-ATM card. Configuring PVC Service Mapping PVC service mapping allows different PVCs from the same PVC-Group to carry IP packets of different priorities.

  • Page 21: Configuring An Atm Class

    To do… Use the command… Remarks Configure the maximum number of PVCs allowed on Optional pvc max-number max-number the ATM interface This command applies to both a main ATM interface and its subinterfaces. However, you cannot configure this command in ATM subinterface view. Configuring an ATM Class An ATM class facilitates ATM configuration.
  • Page 22 To do… Use the command… Remarks Set the PVC’s service type to variable bit service vbr-rt output-pcr rate-real time output-scr output-mbs (rt_VBR), and set the rate-related parameters Optional By default, mapping is not configured. When a mapping is configured, pseudo-broadcast is Configure IPoA not supported by default.

  • Page 23: Configuring Vp Policing

    Error messages appear when configurations performed to a PVC are invalid. Configuring VP Policing VP policing is used to set the sustainable rate of a virtual path identifier (VPI). When applying VP policing, the parameters of PVC are still valid. Only when the parameters of PVC and VP policing are satisfied, will the packets be transmitted or received.

  • Page 24: Configuring Ipoeoa

    To do… Use the command… Remarks Required By default, no mapping is configured. If a mapping is configured, pseudo-broadcast is Configure an IPoA mapping for the map ip { ip-address [ ip-mask ] | not supported by default. PVC, and enable the PVC to carry default | inarp [ minutes ] } Before configuring InARP, make IP packets...

  • Page 25: Configuring Pppoa

    When multiple Layer-3 virtual Ethernet interfaces are connected through PVCs to a DHCP server that assigns IP addresses to the interfaces through static address binding, you must configure different MAC addresses for the interfaces with the mac-address command. For more information, see Ethernet Interface in the Interface Configuration Guide.

  • Page 26: Configuring Pppoeoa

    When you configure a static route for a virtual template interface, you are recommended to specify the next hop rather than the outgoing interface. If you want to specify the outgoing interface, make sure the physical interface bound to the virtual template is valid to ensure correct transmission. Configuring PPPoEoA PPPoE adopts the Client/Server model.

  • Page 27: Displaying And Maintaining Atm

    When you configure a static route for a virtual template interface, you are recommended to specify the next hop rather than the outgoing interface. If you want to specify the outgoing interface, make sure the physical interface bound to the virtual template is valid to ensure correct transmission. When multiple Layer-3 virtual Ethernet interfaces are connected through PVCs to a DHCP server that assigns IP addresses to the interfaces through static address binding, you must configure different MAC addresses for the interfaces with the mac-address command.

  • Page 28: Ipoa Configuration Example

    IPoA Configuration Example Network requirements As shown in Figure 1-3, Router A, B and C are connected to the ATM network for intercommunication. The requirements are: The IP addresses of their ATM interfaces of the three routers are 202.38.160.1/24, 202.38.160.2/24, and 202.38.160.3/24 respectively;...

  • Page 29: Ipoeoa Configuration Example

    # Establish a PVC that carries IP packets. [RouterB-Atm1/0/1] pvc to_a 0/0/50 [RouterB-atm-pvc-Atm1/0/1-0/0/50-to_a] map ip 202.38.160.1 [RouterB-atm-pvc-Atm1/0/1-0/0/50-to_a] quit [RouterB-Atm1/0/1] pvc to_c 0/0/51 [RouterB-atm-pvc-Atm1/0/1-0/0/51-to_c] map ip 202.38.160.3 Configure Router C # Enter the ATM interface, and configure an IP address for it. <RouterC>...

  • Page 30: Pppoa Configuration Example

    [RouterC-Virtual-Ethernet1] ip address 202.38.160.1 255.255.255.0 [RouterC-Virtual-Ethernet1] quit # Create a PVC and enable IPoEoA on it. [RouterC] interface atm 1/0/1.1 [RouterC-Atm1/0/1.1] pvc to_adsl_a 0/0/60 [RouterC-atm-pvc-Atm1/0/1.1-0/0/60-to_adsl_a] map bridge virtual-ethernet 1 [RouterC-atm-pvc-Atm1/0/1.1-0/0/60-to_adsl_a] quit [RouterC-Atm1/0/1.1] pvc to_adsl_b 0/0/61 [RouterC-atm-pvc-Atm1/0/1.1-0/0/61-to_adsl_b] map bridge virtual-ethernet 1 PPPoA Configuration Example Network requirements As shown in...
  • Page 31 [RouterC] domain system [RouterC-isp-system] authentication ppp local [RouterC-isp-system] ip pool 1 202.38.162.1 202.38.162.100 [RouterC-isp-system] quit # Create a VT interface, configure PAP authentication and an IP address, and allocate an IP address for the remote end from the IP address pool. [RouterC] interface virtual-template 10 [RouterC-Virtual-Template10] ip address 202.38.160.1 255.255.255.0 [RouterC-Virtual-Template10] ppp authentication-mode pap...

  • Page 32: Pppoeoa Server Configuration Example

    PPPoEoA Server Configuration Example Network requirements As shown in Figure 1-6, each host inside Ethernet dials into ATM network through an ADSL router, and communicates with the router through DSLAM. The requirements are: The IP addresses of the VT interface of router C are 202.38.160.1 and 202.38.161.1. The VPI/VCI addresses of two PVCs connecting router C with DSLAM are 0/0/60 and 0/0/61, pointing to ADSL Router A and ADSL Router B respectively.

  • Page 33: Atm Pvc Transmit Priority Configuration Example

    [RouterC-Virtual-Template10] ppp authentication-mode pap [RouterC-Virtual-Template10] quit [RouterC] interface virtual-template 11 [RouterC-Virtual-Template11] ip address 202.38.161.1 255.255.255.0 [RouterC-Virtual-Template11] ppp authentication-mode pap [RouterC-Virtual-Template11] quit # Create the VE interface to encapsulate the PPP protocol. [RouterC] interface virtual-ethernet 1 [RouterC-Virtual-Ethernet1] pppoe-server bind virtual-template 10 [RouterC-Virtual-Ethernet1] quit [RouterC] interface virtual-ethernet 2 [RouterC-Virtual-Ethernet2] pppoe-server bind virtual-template 11...

  • Page 34: Troubleshooting Atm

    [RouterA] interface atm 1/0/1 [RouterA-Atm1/0/1] ip address 202.38.160.1 255.255.255.0 # Create two PVCs and assign them different transmission priority values. [RouterA-Atm1/0/1] pvc 1 0/0/33 [RouterA-atm-pvc-Atm1/0/1-0/0/33-1] map ip 202.38.160.2 [RouterA-atm-pvc-Atm1/0/1-0/0/33-1] service ubr 100000 [RouterA-atm-pvc-Atm1/0/1-0/0/33-1] transmit-priority 1 [RouterA-atm-pvc-Atm1/0/1-0/0/33-1] quit [RouterA-Atm1/0/1] pvc 2 0/0/32 [RouterA-atm-pvc-Atm1/0/1-0/0/32-2] map ip 202.38.160.3 [RouterA-atm-pvc-Atm1/0/1-0/0/32-2] service ubr 100000 [RouterA-atm-pvc-Atm1/0/1-0/0/33-1] transmit-priority 3...

  • Page 35: Atm Interface State Error

    have the same VPI/VCI value as the remote PVC mapped to the local IP. In addition, the IP addresses of the two ends must also be in the same network segment. If two routers are connected back-to-back, make sure that at least one of interfaces uses internal transmission clock (master).

  • Page 36: Packet Loss And Crc Errors And Changes Of Interface State

    Solution Make sure that the remote node supports the same application as configured on the local node. For example, if the local node uses PPPoA, the remote node should also use PPPoA. If the remote node supports the same application configured on the local node, make sure that the two sides use the same type of AAL5 encapsulation protocol.

  • Page 37: Ppp And Mp Configuration

    PPP and MP Configuration This chapter includes these sections: Introduction to PPP and MP Configuring PPP Configuring MP Configuring PPP Link Efficiency Mechanisms Displaying and Maintaining PPP/MP/PPP Link Efficiency Mechanism PPP and MP Configuration Examples Introduction to PPP and MP Point-to-Point Protocol (PPP) is a link layer protocol that carries network layer packets over point-to-point links.
  • Page 38 Figure 2-1 PAP Authentication During PAP authentication, the password is transmitted on the link in plain text. In addition, the authenticatee sends the username and the password repeatedly through the established PPP link until the authentication is over. Therefore, PAP is not a secure authentication protocol. It cannot prevent attacks.
  • Page 39 The authenticator encrypts the original randomly-generated packet using the MD5 algorithm, with the password of the authenticatee it maintains as the parameter, compares the encrypted packet with the one received from the authenticatee, and returns an Acknowledge or Not Acknowledge packet depending on the comparison result.
  • Page 40 Figure 2-3 PPP operation flow chart For more information about PPP, see RFC 1661. Multilink PPP (MP) provides an approach to increasing bandwidth. It allows multiple PPP links to form an MP bundle. After receiving a packet that is larger than the minimum packet size for fragmentation, MP segments the packet into fragments and distributes them over multiple PPP links to the remote end.

  • Page 41: Configuring Ppp

    LCP negotiation, during which both sides negotiate the common LCP parameters and check whether their peer interface is working in the MP mode. If not, the LCP negotiation fails. After the LCP negotiation succeeds, NCP negotiation starts. NCP negotiation, which is performed based on the NCP parameters of the MP-group interface or the specified VT interface.

  • Page 42: Configuring Pap Authentication

    This document only discusses local authentication. For more information about remote AAA authentication, see AAA in the Security Configuration Guide. Configuring PAP Authentication Configuring the authenticator Follow these steps to configure the authenticator: To do… Use the command… Remarks Enter system view —...

  • Page 43: Configuring Chap Authentication

    To do… Use the command… Remarks Required Configure username and password By default, when being local-user sent from the local router to authenticated by the peer username password the peer when the local using PAP, the local router cipher simple router is authenticated by sends null username and password...
  • Page 44 For more information about local user and domain configuration, see AAA in the Security Configuration Guide. Configuring the authenticatee Follow these steps to configure the authenticatee: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view —...

  • Page 45: Configuring Ppp Negotiation

    To do… Use the command… Remarks Configure to authenticate the Optional authentication ppp local domain user locally For more information about local user and domain configuration, see AAA in the Security Configuration Guide. Configuring the authenticatee Follow these steps to configure the authenticatee: To do…...
  • Page 46 The router operating as the server: In this case, you need to configure a local IP address pool in domain view or system view to specify the range of the IP addresses to be allocated, and then bind the address pool to the interface. DNS address negotiation PPP address negotiation can also determine the DNS server address.
  • Page 47 To do... Use the command... Remarks Enter system view — system-view ip pool pool-number low-ip-address [ high-ip-address ] interface interface-type Define a global interface-number Required address pool and Assign an IP bind it to the Use either approach. address of a interface global address As for the remote address...

  • Page 48: Enabling The Generating Of Ppp Accounting Statistics

    Follow these steps to configure settings for DNS server address negotiation when the router is functioning as the client in PPP negotiation: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required Enable the local end to request the By default, a router does not...

  • Page 49: Configuring Mp

    Configuring MP Currently, the router does not support MP bundling cross board cards or line cards. Configuring MP Using a VT Interface Introduction When configuring MP using a VT interface, you can do one of the following: Associating physical interfaces to the virtual template using the ppp mp virtual-template command.
  • Page 50 To do… Use the command… Remarks Create a VT interface and enter VT Required interface virtual-template number interface view Set the maximum number of links that Optional can be used for transmitting multicast or broadcast-limit link number broadcast packets supported on the Default to 30.

  • Page 51: Configuring An Mp Through An Mp-Group

    To do... Use the command... Remarks Optional Set the minimum size of outgoing ppp mp min-fragment size MP fragments 128 bytes by default The ppp mp max-bind and ppp mp min-fragment commands can take effect on an MP bundle only after you re-enable all the physical interfaces contained in the MP bundle. When MP binding is based on descriptor only, users cannot be differentiated.

  • Page 52: Configuring Mp Endpoint Options

    If the local end wants to receive fragments with short sequence numbers, it should request the peer to transmit short sequence numbers during LCP negotiation. After the negotiation succeeds, the peer transmits fragments with short sequence numbers. If the local end wants to transmit fragments with short sequence numbers, it should ask the peer to send a request for receiving short sequence numbers during LCP negotiation.

  • Page 53: Configuring Ppp Link Efficiency Mechanisms

    Configuring PPP Link Efficiency Mechanisms Introduction to PPP Link Efficiency Mechanisms This mechanism is available for improving transmission efficiency on PPP links: Link Fragmentation and Interleaving (LFI). Link fragmentation and interleaving On a low speed serial link, packets of real-time interactive communications (such as Telnet and VoIP) may be blocked or delayed if packets of other applications are also transmitted across the link.

  • Page 54: Displaying And Maintaining Ppp/Mp/Ppp Link Efficiency Mechanism

    (on the SR6602) vt-number ] * Display the information about a VA display virtual-access [ va-number | peer interface (on any SR6600 router peer-address | slot slot-number | user Available in any view but the SR6602) user-name | vt vt-number ] *...
  • Page 55 Configuration procedure Configure Router A. # Create a user account for Router B. <RouterA> system-view [RouterA] local-user userb # Set a password for the user account. [RouterA-luser-userb] password simple passb # Set the service type of the user account to PPP. [RouterA-luser-userb] service-type ppp [RouterA-luser-userb] quit [RouterA] interface serial 2/0/1...

  • Page 56: Two-Way Pap Authentication Configuration Example

    Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 Interface is V35 206 packets input, 2496 bytes 206 packets output, 2492 bytes [RouterB-Serial2/0/1] ping 200.1.1.1 PING 200.1.1.1: 56 data bytes, press CTRL_C to break Reply from 200.1.1.1: bytes=56 Sequence=1 ttl=255 time=103 ms Reply from 200.1.1.1: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 200.1.1.1: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 200.1.1.1: bytes=56 Sequence=4 ttl=255 time=1 ms...
  • Page 57 [RouterA-isp-system] authentication ppp local Configure Router B. # Create a user account for Router A on Router B. <RouterB> system-view [RouterB] local-user usera # Set a password for the user account. [RouterB-luser-usera] password simple passa # Set the service type of the user account to PPP. [RouterB-luser-usera] service-type ppp [RouterB-luser-usera] quit [RouterB] interface serial 2/0/1...

  • Page 58: One-Way Chap Authentication Configuration Example

    Reply from 200.1.1.1: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 200.1.1.1: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 200.1.1.1: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 200.1.1.1: bytes=56 Sequence=5 ttl=255 time=10 ms --- 200.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/23/103 ms...
  • Page 59 [RouterB-luser-usera] password simple hello # Set the service type of the user account to PPP. [RouterB-luser-usera] service-type ppp [RouterB-luser-usera] quit [RouterB] interface serial 2/0/1 # Enable PPP encapsulation for Serial 2/0/1. [RouterB-Serial2/0/1] link-protocol ppp # Configure the username for Router B when Router B is authenticated. [RouterB-Serial2/0/1] ppp chap user userb # Assign an IP address to Serial 2/0/1.

  • Page 60: Ppp Ip Address Negotiation Configuration Example

    [RouterB-Serial2/0/1] display interface serial 2/0/1 Serial2/0/1 current state: UP Line protocol current state: UP Description: Serial2/0/1 Interface The Maximum Transmit Unit is 1500, Hold timer is 10(sec) Internet Address is 200.1.1.2/16 Primary Link layer protocol is PPP LCP opened, IPCP opened Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards)

  • Page 61: Mp Configuration Example

    [RouterA-Serial2/0/1] remote address pool 1 Configure Router B # Enable IP address negotiation on Serial 2/0/1. <RouterB> system-view [RouterB] interface serial 2/0/1 [RouterB-Serial2/0/1] ip address ppp-negotiate After the configuration finishes, display the summary information about Serial 2/0/1: [RouterB-Serial2/0/1] display brief interface serial 2/0/1 The brief information of interface(s) under route mode: Interface Link...
  • Page 62 Figure 2-7 Network diagram for MP configuration Configuration procedure Configure Router A: # Create user accounts for Router B and Router C and set the passwords. <RouterA> system-view [RouterA] local-user router-b [RouterA-luser-router-b] password simple router-b [RouterA-luser-router-b] service-type ppp [RouterA-luser-router-b] quit [RouterA] local-user router-c [RouterA-luser-router-c] password simple router-c [RouterA-luser-router-c] service-type ppp...
  • Page 63 # Create a user account for Router A. <RouterB> system-view [RouterB] local-user router-a [RouterB-luser-router-a] password simple router-a [RouterB-luser-router-a] service-type ppp [RouterB-luser-router-a] quit # Create a virtual-template for the user and specify to use the NCP information of this template for PPP negotiation.

  • Page 64: Mp Binding Mode Configuration Examples

    MP Binding Mode Configuration Examples Network requirements As showed in Figure 2-8, Router A and Router B are connected together through Serial 2/0/2 and Serial 2/0/1 interfaces. It is designed to bind the links in the three MP binding modes. Figure 2-8 Network diagram for MP binding mode configuration Configuration procedure Directly bind the physical interfaces to a virtual template interface...
  • Page 65 <RouterB> system-view [RouterB] local-user rta [RouterB-luser-rta] password simple rta [RouterB-luser-rta] service-type ppp [RouterB-luser-rta] quit # Create a virtual-template interface and assign an IP address to it. [RouterB] interface virtual-template 1 [RouterB-Virtual-Template1] ip address 8.1.1.2 24 [RouterB-Virtual-Template1] ppp mp binding-mode authentication [RouterB-Virtual-Template1] quit # Configure Serial 2/0/2.
  • Page 66 Physical is MP, baudrate: 64000 bps Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 Last 300 seconds input: 0 bytes/sec 0 packets/sec Last 300 seconds output: 0 bytes/sec 0 packets/sec 520 packets input, 44132 bytes, 0 drops 527 packets output, 44566 bytes, 4 drops...
  • Page 67 [RouterA-Serial2/0/2] ppp mp [RouterA-Serial2/0/2] shutdown [RouterA-Serial2/0/2] undo shutdown [RouterA-Serial2/0/2] quit # Configure Serial 2/0/1. [RouterA] interface serial 2/0/1 [RouterA-Serial2/0/1] link-protocol ppp [RouterA-Serial2/0/1] ppp authentication-mode pap domain system [RouterA-Serial2/0/1] ppp pap local-user rta password simple rta [RouterA-Serial2/0/1] ppp mp [RouterA-Serial2/0/1] shutdown [RouterA-Serial2/0/1] undo shutdown [RouterA-Serial2/0/1] quit # Configure the user in the domain to use the local authentication scheme.
  • Page 68 # Configure the user in the domain to use the local authentication scheme. [RouterB] domain system [RouterB-isp-system] authentication ppp local [RouterB-isp-system] quit # Verify the configuration on Router A. <RouterA> display ppp mp Template is Virtual-Template1 Bundle rtb, 2 member, Master link is Virtual-Template1:0 0 lost fragments, 0 reordered, 0 unassigned, 0 interleaved, sequence 0/0 rcvd/sent The bundled member channels are:...
  • Page 69 0.00% packet loss round-trip min/avg/max = 29/30/31 ms As for the configuration listed above, the following is incorrect. If you want to bind interfaces Serial 2/0/2 and Serial 2/0/1 to the same MP, but you configured one as ppp mp while the other as ppp mp virtual-template 1, the system will bind the two interfaces to different MPs.
  • Page 70 [RouterB-luser-rta] service-type ppp [RouterB-luser-rta] quit # Create an Mp-group interface and assign an IP address to it. [RouterB] interface mp-group 1 [RouterB-Mp-group1] ip address 111.1.1.2 24 [RouterB-Mp-group1] quit # Configure Serial 2/0/2. [RouterB] interface serial 2/0/2 [RouterB-Serial2/0/2] link-protocol ppp [RouterB-Serial2/0/2] ppp authentication-mode pap domain system [RouterB-Serial2/0/2] ppp pap local-user rtb password simple rtb [RouterB-Serial2/0/2] ppp mp mp-group 1 [RouterB-Serial2/0/2] shutdown...

  • Page 71: Troubleshooting Ppp Configuration

    5 minutes input rate 0 bytes/sec, 0 packets/sec 5 minutes output rate 0 bytes/sec, 0 packets/sec 5 packets input, 58 bytes, 0 drops 5 packets output, 54 bytes, 0 drops # Ping the IP address 111.1.1.2 on Router A. [RouterA] ping 111.1.1.2 PING 111.1.1.2: 56 data bytes, press CTRL_C to break Reply from 111.1.1.2: bytes=56 Sequence=1 ttl=255 time=29 ms...
  • Page 72 , which indicates that LCP negotiation succeeded. serial number is up, line protocol is up , which indicates that the interface is active, but LCP serial number is up, line protocol is down negotiation failed. Symptom 3 Configure an IPv6 address on a PPP-encapsulated interface when IPv6 is disabled. The PPP link fails IPv6CP negotiation and cannot go up.

  • Page 73: Pppoe Configuration

    PPPoE Configuration This chapter includes these sections: Introduction to PPPoE Configuring a PPPoE Server Displaying and Maintaining PPPoE PPPoE Configuration Example Introduction to PPPoE PPPoE Point-to-Point Protocol over Ethernet (PPPoE) can provide access to the Internet for the hosts in an Ethernet through a remote access device and implement access control and accounting on a per-host basis.

  • Page 74: Configuring A Pppoe Server

    Internet access for all the hosts in a LAN using a single ADSL account, even if the hosts do not have PPPoE client software installed. Figure 3-1 Network diagram for PPPoE client As shown in Figure 3-1, Host A and Host B are in an Ethernet and are connected to the router operating as a PPPoE client.

  • Page 75: Displaying And Maintaining Pppoe

    Set the maximum number of pppoe-server max-sessions slot PPPoE sessions allowed (on any The default varies with the I/O slot-number total number SR6600 router but the SR6602) cards. Optional Set the maximum number of pppoe-server max-sessions PPPoE sessions allowed (on an...
  • Page 76 The Router provides Internet access for Host A and Host B through GigabitEthernet 1/0/1. It connects to the Internet through Serial 2/0/1. Figure 3-2 Network diagram for PPPoE server configuration Configuration procedure # Add a PPPoE user. <Sysname> system-view [Sysname] local-user user1 [Sysname-luser-user1] password simple pass1 [Sysname-luser-user1] service-type ppp [Sysname-luser-user1] quit...

  • Page 77: L2Tp Configuration

    L2TP Configuration This chapter includes these sections: L2TP Overview L2TP Configuration Task List Displaying and Maintaining L2TP L2TP Configuration Examples Troubleshooting L2TP L2TP Overview This section covers these topics: Introduction Basic Concepts of L2TP L2TP Tunneling Modes and Tunnel Establishment Process L2TP Features Protocols and Standards Introduction...

  • Page 78: Typical L2Tp Networking Application

    However, users must install dedicated software, which means that they must use platforms supporting L2TP client. Usually, Windows 2000 platform is used. In general, a VPDN gateway can be a router or a dedicated VPN server. There are primarily three VPDN tunneling protocols: PPTP: Point-to-Point Tunneling Protocol L2F: Layer 2 Forwarding L2TP: Layer 2 Tunneling Protocol.

  • Page 79: Basic Concepts Of L2Tp

    An LNS is the other endpoint of an L2TP tunnel and is a peer to the LAC. It is the logical termination point of a PPP session tunneled by the LAC. The L2TP extends the termination point of a PPP session from a NAS to an LNS, logically. Basic Concepts of L2TP Background of L2TP PPP defines an encapsulation mechanism that allows a point-to-point link to carry packets...

  • Page 80: L2Tp Tunneling Modes And Tunnel Establishment Process

    A session corresponds to one PPP data stream between an LNS and a LAC and is multiplexed on a tunnel. A session can be set up only after the tunnel is created. Multiple L2TP tunnels can be established between an LNS and an LAC. Both control messages and PPP frames are transferred on the tunnel.
  • Page 81 In this mode, a LAC client needs a public network address to communicate with the LNS through the Internet. Figure 4-5 Client-initiated tunneling mode L2TP tunnel establishment process Figure 4-6 shows a typical L2TP network. Figure 4-6 Typical L2TP network Figure 4-7 depicts the setup procedure of an L2TP call in NAS-initiated mode.
  • Page 82 Figure 4-7 L2TP call setup procedure The setup procedure of an L2TP call is as follows: 2) A remote user on Host A places a PPP call. 3) Host A and the LAC (Router A) perform PPP LCP negotiation. 4) The LAC authenticates the remote user using the Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP).

  • Page 83: L2Tp Features

    15) The RADIUS server authenticates the access request and returns a response if the user passes authentication. 16) The LNS assigns an internal IP address to the remote user. Now, the user can access the internal resources of the enterprise network. L2TP Features 1) Flexible identity authentication mechanism and high security L2TP itself does not provide security for connections.

  • Page 84: Configuring Basic L2Tp Capability

    parameter configuration tasks apply to both LAC and LNS and are optional. You may configure them as needed. Complete the following tasks to configure L2TP: Task Remarks Enable L2TP Configuring Basic Required Create an L2TP group L2TP Capability Specify the local name of the tunnel Configuring an LAC to Initiate Tunneling Requests Required for Specified Users...

  • Page 85: Configuring An Lac

    To do… Use the command… Remarks Enter system view — system-view Required Enable L2TP l2tp enable Disabled by default Required Create an L2TP group and l2tp-group group-number By default, no L2TP group enter its view exists. Optional Specify the local name of the tunnel name name The system name of the router tunnel...

  • Page 86: Configuring Aaa Authentication Of Vpn Users On Lac Side

    To do… Use the command… Remarks Enter system view — system-view Enter L2TP group view l2tp-group group-number — Optional Specify that AVP data be tunnel avp-hidden By default, AVP data is transferred in hidden mode transferred in plain text. Configuring AAA Authentication of VPN Users on LAC Side You can configure an LAC to perform AAA authentication of VPN users and initiate tunneling request for only qualified users.

  • Page 87: Configuring An Lns

    For successful user authentication, configure PPP on the LAC’s corresponding interface, for example, the asynchronous serial interface that connects with users. For PPP configuration information, see PPP in the Layer 2 – WAN Configuration Guide. Configure the authentication type of PPP users as PAP or CHAP on the user access interfaces.

  • Page 88: Configuring An Lns To Grant Certain L2Tp Tunneling Requests

    For more information about the ip pool command, see AAA in the Security Command Reference. Follow these steps to configure a local address and address pool: To do… Use the command… Remarks Enter system view — system-view Enter virtual interface interface virtual-template —...

  • Page 89: Configuring User Authentication On An Lns

    Configuring User Authentication on an LNS An LNS may be configured to authenticate a user that has passed authentication on the LAC to increase security. In this case, the user is authenticated twice, once on the LAC and once on the LNS. Only when the two authentications succeed can an L2TP tunnel be set up. This helps raise security.

  • Page 90: Configuring Aaa Authentication Of Vpn Users On Lns Side

    Some PPP clients may not support re-authentication, in which case LNS side CHAP authentication will fail. Configuring LCP re-negotiation In an NAS-initiated dial-up VPDN, a user first negotiates with the NAS at the start of a PPP session. If the negotiation succeeds, the NAS initiates an L2TP tunneling request and sends the user information to the LNS.

  • Page 91: Enabling L2Tp Multi-Instance

    Enabling L2TP Multi-Instance For a router to act as LNS for multiple VPN domains, you need to enable the L2TP multi-instance function on it. In this case, multiple enterprises can share the same LNS device. In an L2TP multi-instance application, you need to specify the domain to which the VPN users belong by using the domain keyword in the allow l2tp virtual-template command.

  • Page 92: Configuring L2Tp Connection Parameters

    Configuring L2TP Connection Parameters These L2TP connection parameter configuration tasks apply to both LACs and LNSs and are optional. Configuring L2TP Tunnel Authentication You can specify whether tunnel authentication must be performed for a tunnel to be set up. Either the LAC or the LNS can initiate a tunnel authentication request. Whenever tunnel authentication is enabled on one side, a tunnel can be set up successfully only if tunnel authentication is also enabled on the other side and the two sides are configured with the same password that is not null.

  • Page 93: Enabling Tunnel Flow Control

    To do… Use the command… Remarks Optional Set the hello interval tunnel timer hello hello-interval 60 seconds by default Enabling Tunnel Flow Control The L2TP tunnel flow control function is for control of data packet in transmission. Data packets may arrive out of order and the flow control function helps in buffering and adjusting out-of-order data packets.

  • Page 94: Nas-Initiated Vpn

    NAS-Initiated VPN Network requirements A VPN user accesses the corporate headquarters as follows: 1) The user dials in to the NAS. 2) The NAS determines whether the user is a valid VPN client. If so, it initiates a tunneling request to the LNS. 3) After a tunnel is set up between the NAS and the LNS, the NAS transfers what it has negotiated with the VPN user to the LNS.
  • Page 95 # Configure IP addresses for the interfaces. (Omitted) # Create a local user named vpdnuser, set the password, and enable PPP service. Note that the username and password must match those configured on the client. <LNS> system-view [LNS] local-user vpdnuser [LNS-luser-vpdnuser] password simple Hello [LNS-luser-vpdnuser] service-type ppp [LNS-luser-vpdnuser] quit...

  • Page 96: Client-Initiated Vpn

    23142 Client-Initiated VPN Network requirements As shown in Figure 4-9, a VPN user accesses the corporate headquarters as follows: 1) The user first accesses the Internet, and then initiates a tunneling request to the LNS directly. 2) After the LNS accepts the connection request, an L2TP tunnel is set up between the LNS and the VPN user.

  • Page 97: L2Tp Multi-Domain Application

    [LNS-l2tp1] tunnel name LNS [LNS-l2tp1] allow l2tp virtual-template 1 2) Configure the VPN user On the user host, create a virtual private network connection by using the Windows system, or install the L2TP client software (such as WinVPN Client) on the host and connect the host to the Internet in dial-up mode.
  • Page 98 Figure 4-10 Network diagram for L2TP multi-domain application Corporate network 1 Ge1/0/3 1.1.1.1/24 Host A GE1/0/2 GE1/0/1 1.1.2.1/24 1.1.2.2/24 GE1/0/1 L2TP tunnel 1.1.1.2/24 Corporate network 2 Host B Configuration procedure 1) Configure the LAC In this example, GigabitEthernet 1/0/1 and GigabitEthernet 1/0/3 on the LAC are both user access interfaces.
  • Page 99 # Create the virtual interface templates and configure CHAP authentication. [LAC] interface virtual-template 100 [LAC-Virtual-Template100] ppp authentication-mode chap domain aaa.net [LAC-Virtual-Template100] quit [LAC] interface virtual-template 101 [LAC-Virtual-Template101] ppp authentication-mode chap domain bbb.net [LAC-Virtual-Template101] quit # Create two L2TP groups and configure related attributes. [LAC] l2tp enable [LAC] l2tp-group 1 [LAC-l2tp1] tunnel name LAC-1...
  • Page 100 [LNS-isp-bbb.net] quit # Create two virtual interface templates. [LNS] interface virtual-template 1 [LNS-Virtual-Template1] ip address 10.0.1.1 255.255.255.0 [LNS-Virtual-Template1] remote address pool 1 [LNS-Virtual-Template1] ppp authentication-mode chap domain aaa.net [LNS-Virtual-Template1] quit [LNS] interface virtual-template 2 [LNS-Virtual-Template2] ip address 10.0.2.1 255.255.255.0 [LNS-Virtual-Template2] remote address pool 1 [LNS-Virtual-Template2] ppp authentication-mode chap domain bbb.net [LNS-Virtual-Template2] quit # Create two L2TP groups.

  • Page 101: Complicated Network Application

    [LNS-l2tp1] display l2tp tunnel Total tunnel = 2 LocalTID RemoteTID RemoteAddress Port Sessions RemoteName 1.1.2.1 1701 LAC-1 1.1.2.1 1701 LAC-2 Complicated Network Application A security gateway can serve as an LAC and an LNS simultaneously. Additionally, it has the ability to support more than one incoming call. Should there be enough memory and physical lines, L2TP can receive and make multiple calls at the same time.
  • Page 102 Possible reasons for data transmission failure are as follows: 3) The user address is set incorrectly. Usually, the address of a user is allocated by the LNS. However it can also be set by the user. If the address set by the user is not in the same network segment as that allocated by the LNS, data transmission fails.

  • Page 103: L2Tp-Based Ead Configuration

    L2TP-Based EAD Configuration The H3C SR6600 routers support L2TP-based EAD without the need of any configuration. An SR6600 router determines whether to perform EAD authentication for an L2TP user according to whether the router receives the isolation ACL and security ACL from the CAMS/iMC server.

  • Page 104: L2Tp-Based Ead Configuration Example

    Ensure that the ACLs to be assigned by the authentication server are configured appropriately on the LNS device. An empty ACL or incorrect ACL rules can cause EAD authentication to fail. You can configure different ACLs for different hosts. The router filters packets of a host according to the corresponding ACL.

  • Page 105: Configuration Procedure

    Figure 5-1 Network diagram for L2TP-based EAD configuration 10.100.0.0/24 Host GE1/0/2 Router Internet 172.21.1.1/16 L2TP tunnel GE1/0/3 172.22.1.1/16 10.22.2.10/24 CAMS/iMC platform Quarantined RADIUS server area Security policy server Client agent Virus and patch server Portal server 10.22.2.1/24 10.22.2.2/24 10.110.91.146/24 Configuration Procedure 1) Configure the router # Assign an IP address to GigabitEthernet 1/0/1, which is connected to the CAMS/iMC server.
  • Page 106 [Router] domain system [Router-isp-system] authentication ppp radius-scheme cams [Router-isp-system] ip pool 1 10.200.1.2 10.200.1.254 [Router-isp-system] quit # Configure the IP address of the virtual template interface, enable PAP authentication on this interface, specify the address pool to be used to assign addresses for PPP users, enable L2TP access based EAD, and set fragment match mode to exactly.

  • Page 107: Hdlc Configuration

    HDLC Configuration This chapter includes these sections: Introduction to HDLC Enabling HDLC on an Interface Configuring an IP Address for an Interface Configuring the Link State Polling Interval HDLC Configuration Examples Introduction to HDLC HDLC Overview High-level Data Link Control (HDLC) is a bit-oriented link layer protocol. Its most prominent feature is that it can transmit any types of bit stream transparently.

  • Page 108: Enabling Hdlc On An Interface

    The information field can be an arbitrary binary bit set. The minimum length can be zero and the maximum length is decided by the Frame Check Sequence (FCS) field or the buffer size of the communicating node. Generally, the maximum length is between 1000 and 2000 bits.

  • Page 109: Configuring The Link State Polling Interval

    If you choose to use routing protocols, make sure that the mask of the learned route is longer than that of the peer IP address, because routes are searched following the longest prefix match. If you choose to use static routes and the mask of the peer IP address is of 32 bits, make sure that the mask of the static route is shorter than that of the peer IP address.

  • Page 110: Hdlc In Conjunction With Ip Unnumbered Interface Configuration Example

    Figure 6-1 Network diagram for basic HDLC configuration Configuration procedure 1) Configuration on Router A <RouterA> system-view [RouterA] interface pos 1/0/1 [RouterA-Pos1/0/1] clock master [RouterA-Pos1/0/1] link-protocol hdlc [RouterA-Pos1/0/1] ip address 12.1.1.1 24 [RouterA-Pos1/0/1] quit 2) Configuration on Router B <RouterB> system-view [RouterB] interface pos 1/0/1 [RouterB-Pos1/0/1] link-protocol hdlc [RouterB-Pos1/0/1] ip address 12.1.1.2 24...
  • Page 111 Figure 6-2 Network diagram for HDLC and IP unnumbered configuration Configuration procedure 1) Configure Router A <RouterA> system-view [RouterA] interface loopback 1 [RouterA-LoopBack1] ip address 12.1.1.2 32 [RouterA-LoopBack1] quit [RouterA] interface pos 1/0/1 [RouterA-Pos1/0/1] clock master [RouterA-Pos1/0/1] link-protocol hdlc [RouterA-Pos1/0/1] ip address unnumbered interface loopback 1 [RouterA-Pos1/0/1] quit 2) Configure Router B <RouterB>...
  • Page 112 12.1.1.2/32 Direct 0 127.0.0.1 InLoop0 12.1.2.0/24 Static 60 12.1.1.1 POS1/0/1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 6-102...

  • Page 113: Hdlc Link Bundling Configuration

    HDLC Link Bundling Configuration This chapter includes these sections: Overview Configuring an HDLC Link Bundle Interface Assigning an Interface to an HDLC Link Bundle Displaying and Maintaining HDLC Link Bundling HDLC Link Bundling Configuration Example Overview HDLC link bundling allows you to bundle multiple interfaces that use HDLC as the link layer protocol together to form one logical link.

  • Page 114: How Hdlc Link Bundling Works

    priority. You are recommended to configure a higher priority on the link you want to configure as the active link. States of member interfaces An HDLC link bundle member interface can be in one of the following states: Initial: The member interface is down at the link layer. Negotiated: The member interface is up at the link layer, but does not meet the conditions for being a selected interface in the HDLC link bundle.

  • Page 115: Configuring An Hdlc Link Bundle Interface

    If this upper limit is not set, the maximum number of selected member interfaces that the router supports for a bundle applies. The SR6600 routers support up to eight selected member interfaces in a bundle. 4) Suppose the number of member interfaces meet the above conditions for being selected is P.
  • Page 116 To do… Use the command… Remarks Required Assign an IP address to the ip address ip-address { mask | By default, no IP address is HDLC link bundle interface mask-length } [ sub ] assigned to an HDLC link bundle interface. Optional By default, when all member interfaces in an HDLC link...

  • Page 117: Assigning An Interface To An Hdlc Link Bundle

    The number of selected member interfaces required to bring up an HDLC link bundle should be no bigger than the limit on the number of selected member interfaces in the HDLC link bundle. To guarantee normal traffic transmission, on the HDLC link bundle interfaces on both ends of an HDLC link bundle, you are recommended to configure the same parameters, including the number of selected member interfaces required to bring up the HDLC link bundle, limit on the number of selected member interfaces in the HDLC link bundle,...

  • Page 118: Displaying And Maintaining Hdlc Link Bundling

    You cannot assign interfaces configured with the following features to an HDLC link bundle: IPv4 addresses, IP unnumbered, IPv6 addresses, URPF, NetStream, and IPv6 NetStream. After an interface is assigned to an HDLC link bundle, you cannot configure any of these features on the interface either. An interface can belong to only one HDLC link bundle at any point in time.
  • Page 119 Figure 7-1 Network diagram for HDLC link bundling configuration Router A Router B HDLC link bundle interface 1 1.1.1.1/24 POS1/0/1 POS1/0/1 POS2/0/1 POS2/0/1 HDLC link bundle interface 1 1.1.1.2/ 24 Configuration procedure Configure Router A # Create HDLC link bundle interface 1 and assign an IP address for it. <RouterA>...
  • Page 120 Line protocol current state: UP Description: Hdlc-bundle1 Interface The Maximum Transmit Unit is 1500 Internet Address is 1.1.1.1/24 Primary Link layer protocol is HDLC Physical is HDLC-BUNDLE, baudrate: 155520 kbps Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0...

  • Page 121: Frame Relay Configuration

    Frame Relay Configuration This chapter includes these sections: Overview Frame Relay Configuration Task List Configuring DTE Side Frame Relay Configuring DCE Side Frame Relay Enabling the Trap Function Displaying and Maintaining Frame Relay Frame Relay Configuration Examples Troubleshooting Frame Relay Overview Frame relay is essentially simplified X.25 WAN technology.

  • Page 122: Virtual Circuit

    As shown in Figure 8-1, Router B and Router C form a simple frame relay network, to which DTE devices Router A and Router D are attached. You can see that the DTE and DCE are identified on only the UNI interface; a virtual circuit between two DTE devices can be assigned different DLCIs on different segments.

  • Page 123: Frame Relay Address Mapping

    Frame Relay Address Mapping Frame relay address mapping associates the protocol address of a remote router with its frame relay address (local DLCI) so that the upper layer protocol, IP for example, can locate the remote router. Take delivering an IP packet across a frame relay network for example. After a DTE device receives an IP packet, it looks up the IP routing table for the outgoing interface and next hop address.

  • Page 124: Typical Application Scenarios

    Table 8-1 Parameter description for frame relay protocol Router Value Default Timer/counter Description role range value Sets the frequency with which status inquires expect a full status report. Full status polling Suppose the N391 is set to 5. Every fifth status 1 to 255 counter (N391) inquiry sent by the DTE will ask for a full status...

  • Page 125: Frame Relay Configuration Task List

    Figure 8-3 Connect LANs through a dedicated line Frame Relay Configuration Task List Complete the following tasks to configure frame relay: Task Remarks Configuring Basic DTE Side Frame Relay Required Configuring Frame Relay Address Mappings Required Configuring DTE Side Frame Relay Configuring a Frame Relay Local Virtual Circuit Required Configuring a Frame Relay Subinterface...

  • Page 126: Configuring Frame Relay Address Mappings

    To do... Use the command... Remarks Required link-protocol fr [ ietf | Enable frame relay on the interface The default link layer protocol of an nonstandard ] interface is PPP. Optional Configure the frame relay interface fr interface-type dte The default frame relay interface type as DTE type is DTE.

  • Page 127: Configuring A Frame Relay Local Virtual Circuit

    To do... Use the command... Remarks interface interface-type Enter interface view Required interface-number Optional Enable frame relay InARP for fr inarp [ ip [ dlci-number ] ] dynamic address mapping Enabled by default. You do not need to configure DLCIs for PVCs if static address mappings are configured. Do not configure any static address mapping on a P2P subinterface, because a P2P subinterface carries only one PVC.

  • Page 128: Configuring Dce Side Frame Relay

    interface can include multiple subinterfaces, which do not exist physically. However, for the network layer, the subinterface and main interface make no difference and both can be configured with virtual circuits to connect to remote routers. The subinterface of frame relay falls into two types: point-to-point (P2P) subinterface and point-to-multipoint (P2MP) subinterface.

  • Page 129: Configuring Frame Relay Address Mappings

    To do... Use the command... Remarks Required The link layer protocol for interface link-protocol fr [ ietf | encapsulation is PPP by default. Enable frame relay on the interface nonstandard ] When frame relay protocol is used for interface encapsulation, the default operating mode is IETF.

  • Page 130: Enabling The Trap Function

    To do... Use the command... Remarks interface interface-type Enter interface view — interface-number Required Set the type of an interface for The default frame relay interface frame relay switching to NNI or fr interface-type { dce | nni } type is DTE, which does not support frame relay switching.

  • Page 131: Displaying And Maintaining Frame Relay

    Displaying and Maintaining Frame Relay To do... Use the command... Remarks display fr interface [ interface-type Display frame relay protocol Available in any view { interface-number | status on an interface interface-number.subnumber } ] Display the mapping table of display fr map-info [ interface protocol address and frame interface-type { interface-number | Available in any view...
  • Page 132 # Assign an IP address to interface Serial 2/0/1. <RouterA> system-view [RouterA] interface serial 2/0/1 [RouterA-Serial2/0/1] ip address 202.38.163.251 255.255.255.0 # Enable frame relay on the interface. [RouterA-Serial2/0/1] link-protocol fr [RouterA-Serial2/0/1] fr interface-type dte # If the opposite router supports InARP, configure dynamic address mapping. [RouterA-Serial2/0/1] fr inarp # Otherwise, configure static address mapping.
  • Page 133 Figure 8-5 Network diagram for connecting LANs through a dedicated line Configuration procedure Approach I: On main interfaces Configuration on Router A # Assign an IP address to interface Serial 2/0/1. <RouterA> system-view [RouterA] interface serial 2/0/1 [RouterA-Serial2/0/1] ip address 202.38.163.251 255.255.255.0 # Enable frame relay on the interface and configure the interface to operate in DCE mode.

  • Page 134: Troubleshooting Frame Relay

    [RouterB-Serial2/0/1.1] ip address 202.38.163.252 255.255.255.0 [RouterB-Serial2/0/1.1] fr dlci 100 Troubleshooting Frame Relay Symptom 1: The physical layer is in down status. Solution: Check whether the physical line is normal. Check whether the remote router runs normally. Symptom 2: The physical layer is already up, but the link layer protocol is down. Solution: Ensure that both local router and remote router have been configured with the frame relay encapsulation.

  • Page 135: Multilink Frame Relay Configuration

    Multilink Frame Relay Configuration This chapter includes these sections: Overview Configuring Multilink Frame Relay Displaying and Maintaining Multilink Frame Relay Multilink Frame Relay Configuration Examples Overview Multilink frame relay (MFR) is a cost effective bandwidth solution for frame relay users. Based on the FRF.16 protocol of the frame relay forum, it implements the MFR function on DTE/DCE interfaces.

  • Page 136: Configuring Multilink Frame Relay

    as QoS queue mechanism. After physical interfaces are bundled into an MFR interface, their original network layer and frame relay link layer parameters become ineffective and they use the parameter settings of the MFR interface instead. Configuring Multilink Frame Relay Configuring an MFR Bundle Follow these steps to configure an MFR bundle: To do...

  • Page 137: Configuring An Mfr Bundle Link

    Configuring an MFR Bundle Link Follow these steps to configure an MFR bundle link: To do... Use the command... Remarks Enter system view — system-view interface interface-type Enter frame relay interface view — interface-number Required Assign the current interface to an link-protocol fr mfr An interface is not assigned to any MFR interface...

  • Page 138: Mfr Switched Connection Configuration Example

    Figure 9-2 Network diagram of MFR direct connection Configuration procedure Configuration on Router A # Create and configure MFR interface 4 (MFR4) <RouterA> system-view [RouterA] interface mfr 4 [Router`A-MFR4] ip address 10.140.10.1 255.255.255.0 [RouterA-MFR4] fr interface-type dte [RouterA-MFR4] fr map ip 10.140.10.2 100 [RouterA-MFR4] quit # Bundle Serial 2/0/1 and Serial 2/0/2 to MFR4.
  • Page 139 Figure 9-3 Network diagram for MFR switching Configuration procedure Configuration on Router A # Configure interface MFR1. <RouterA> system-view [RouterA] interface mfr 1 [RouterA-MFR1] ip address 1.1.1.1 255.0.0.0 [RouterA-MFR1] quit # Add Serial 2/0/1 and Serial 2/0/2 to interface MFR1. [RouterA] interface serial 2/0/1 [RouterA-Serial2/0/1] link-protocol fr mfr 1 [RouterA-Serial2/0/1] quit...
  • Page 140 [RouterB] interface serial 2/0/4 [RouterB-Serial2/0/4] link-protocol fr mfr 2 [RouterB-Serial2/0/4] quit # Configure static route for frame relay switching. [RouterB] fr switch pvc1 interface mfr 1 dlci 100 interface mfr 2 dlci 200 Configuration on Router C # Configure interface MFR2. <RouterC>...

  • Page 141: Modem Management Configuration

    Modem Management Configuration This chapter includes these sections: Overview Modem Management Configuration Troubleshooting Overview Modem is a network device that is widely used. It is important for a router to properly manage and control the use of modem in a network. However, there are many modem manufacturers and various modem models.

  • Page 142: Setting The Modem Answer Mode

    Setting the Modem Answer Mode Set the modem answer mode according to the actual answer mode of the modem. If the modem is in auto-answer mode (A modem is in auto-answer mode if its AA LED lights), you can use the modem auto-answer command to prevent the router from issuing answer instructions.
  • Page 143 Solution Use the shutdown command and undo shutdown command on the router’s physical interface connected to the modem to check whether the modem has recovered. If the modem is still in abnormal status, you can re-power the modem. 10-133...

  • Page 144: Index

    Index Configuring the Link State Polling Interval 6-99 Assigning an Interface to an HDLC Link Configuring VP Policing 1-13 Bundle 7-107 ATM Configuration Examples 1-17 ATM Configuration Task list Displaying and Maintaining ATM 1-17 ATM OAM Displaying and Maintaining Frame Relay ATM Service Types 8-121 Displaying and Maintaining HDLC Link...
  • Page 145 Introduction to PPPoE 3-63 L2TP Configuration Examples 4-83 L2TP Configuration Task List 4-73 L2TP Overview 4-67 L2TP-Based EAD Configuration Example 5-94 L2TP-Based EAD Overview 5-93 10-131 Modem Management Configuration Multilink Frame Relay Configuration Examples 9-127 Overview of IPoA, IPoEoA, PPPoA and PPPoEoA Applications Overview 10-131...

Table of Contents