Cabletron Systems SMARTSWITCH ROUTER 9032578-05 User's Reference Manual

Cabletron systems network router user manual

Table of Contents

Quick Links

Download this manual

SmartSwitch Router

User Reference Manual

9032578-05

Table of Contents

Need help?

Do you have a question about the SMARTSWITCH ROUTER 9032578-05 and is the answer not in the manual?

Questions and answers

Summary of Contents for Cabletron Systems SMARTSWITCH ROUTER 9032578-05

Page 1 SmartSwitch Router User Reference Manual 9032578-05...
Page 2 Printed in the United States of America Changes Cabletron Systems, Inc., reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems, Inc., to determine whether any such changes have been made.
Page 3: Regulatory Compliance Information
Regulatory Compliance Information Regulatory Compliance Information This product complies with the following: Safety UL 1950; CSA C22.2, No. 950; 73/23/EEC; EN 60950; IEC 950 Electromagnetic FCC Part 15; CSA C108.8; 89/336/EEC; EN 55022; EN 61000-3-2 Compatibility (EMC) EN 61000-3-3; EN 50082-1, AS/NZS 3548; VCCI V-3 Regulatory Compliance Statements FCC Compliance Statement This device complies with Part 15 of the FCC rules.
Page 4: Industry Canada Compliance Statement
Regulatory Compliance Statements Industry Canada Compliance Statement This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications. Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la class A prescrites dans le Règlement sur le brouillage radioélectrique édicté...
Page 5: Laser Radiation And Connectors
Safety Information: Class 1 Laser Transceivers This product may use Class 1 laser transceivers. Read the following safety information before installing or operating this product. The Class 1 laser transceivers use an optical feedback loop to maintain Class 1 operation limits. This control loop eliminates the need for maintenance checks or adjustments.
Page 6: Program License Agreement
BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between You, the end user, and Cabletron Systems, Inc. (“Cabletron”) that sets forth your rights and obligations with respect to the Cabletron software program (“Program”) in the package.
Page 7 EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, OR IN THE DURATION OR LIMITATION OF IMPLIED WARRANTIES IN SOME INSTANCES, THE ABOVE LIMITATION AND EXCLUSIONS MAY NOT APPLY TO YOU. SmartSwitch Router User Reference Manual Cabletron Systems, Inc. Program License Agreement...
Page 8 BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between You, the end user, and Cabletron Systems Sales and Service, Inc. (“Cabletron”) that sets forth your rights and obligations with respect to the Cabletron software program (“Program”) in the package.
Page 9 ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, OR IN THE DURATION OR LIMITATION OF IMPLIED WARRANTIES IN SOME INSTANCES, THE ABOVE LIMITATION AND EXCLUSIONS MAY NOT APPLY TO YOU. SmartSwitch Router User Reference Manual Cabletron Systems Sales and Service, Inc. Program License Agreement...
Page 10 BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between You, the end user, and Cabletron Systems Limited (“Cabletron”) that sets forth your rights and obligations with respect to the Cabletron software program (“Program”) in the package.
Page 11 EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, OR IN THE DURATION OR LIMITATION OF IMPLIED WARRANTIES IN SOME INSTANCES, THE ABOVE LIMITATION AND EXCLUSIONS MAY NOT APPLY TO YOU. SmartSwitch Router User Reference Manual Cabletron Systems Limited Program License Agreement...
Page 12: Declaration Of Conformity Addendum
Mr. Ronald Fotino Full Name Principal Compliance Engineer Title Rochester, NH, USA Location Addendum 89/336/EEC 73/23/EEC Cabletron Systems, Inc. 35 Industrial Way PO Box 5005 Rochester, NH 03867 Mr. J. Solari Cabletron Systems Limited Nexus House, Newbury Business Park London Road, Newbury...
Page 13: Table Of Contents
About This Manual ... 1 Related Documentation..1 Document Conventions...1 Chapter 1: Introduction ... 3 Configuration Files ..3 Using the Command Line Interface ...4 Command Modes...4 User Mode...4 Enable Mode...4 Configure Mode ...5 Boot PROM Mode...5 Getting Help with CLI Commands ...5 Line Editing Commands ...7 Displaying and Changing Configuration Information...9 Port Names...
Page 14 Contents MAC-address-based VLANs... 23 Protocol-based VLANs... 23 Subnet-based VLANs ... 23 Multicast-based VLANs... 24 Policy-based VLANs ... 24 SSR VLAN Support... 24 VLANs and the SSR... 24 Ports, VLANs, and L3 Interfaces ... 25 Access Ports and Trunk Ports (802.1Q support)... 25 Explicit and Implicit VLANs...
Page 15 Enabling Cell Scrambling ...45 Cell Mapping ...46 Selecting the Cell Mapping Format...46 Creating a Non-Zero VPI ...47 Setting the Bit Allocation for VPI...47 Displaying ATM Port Information ...48 ATM Sample Configuration 1 ...52 Configuring an Interface on an Ethernet Port ...53 Creating a Virtual Channel...53 Defining an ATM Service Class ...53 Applying an ATM Service Class...54...
Page 16 Contents Specifying Ethernet Encapsulation Method... 79 Configuring Jumbo Frames ... 80 Configuring Address Resolution Protocol (ARP) ... 81 Configuring ARP Cache Entries ... 81 Unresolved MAC Addresses for ARP Entries ... 81 Configuring Proxy ARP ... 82 Configuring Reverse Address Resolution Protocol (RARP)... 82 Specifying IP Interfaces for RARP...
Page 17 Configuring RIP Route Preference ...108 Configuring RIP Route Default-Metric...108 Monitoring RIP ...108 Configuration Example ...109 Chapter 11: OSPF Configuration Guide... 111 OSPF Overview ...111 OSPF Multipath...112 Configuring OSPF ...112 Enabling OSPF...113 Configuring OSPF Interface Parameters ...113 Default Cost of an OSPF Interface ...114 Configuring an OSPF Area ...115 Configuring OSPF Area Parameters ...116 Creating Virtual Links...116...
Page 18 Contents Notes on Using Route Reflection... 160 Chapter 13: Routing Policy Configuration Guide... 161 Route Import and Export Policy Overview... 161 Preference ... 162 Import Policies... 163 Import-Source... 163 Route-Filter ... 164 Export Policies ... 164 Export-Destination... 164 Export-Source ... 164 Route-Filter ...
Page 19 Importing a Selected Subset of Routes from All RIP Peers Accessible Over Example 2: Importing from OSPF ...184 Importing a Selected Subset of OSPF-ASE Routes ...186 Examples of Export Policies ...187 Example 1: Exporting to RIP ...187 Exporting a Given Static Route to All RIP Interfaces ...188 Exporting a Given Static Route to a Specific RIP Interface ...189 Exporting All Static Routes Reachable Over a Given Interface to a Specific Exporting Aggregate-Routes into RIP ...191...
Page 20 Contents Firewall Load Balancing... 214 Monitoring IP Policies ... 215 Chapter 16: Network Address Translation Configuration Guide ... 219 Overview ... 219 Configuring NAT ... 220 Setting Inside and Outside Interfaces ... 220 Setting NAT Rules... 221 Static... 221 Dynamic ... 221 Forcing Flows through NAT...
Page 21 Virtual IP Address Ranges ...242 Session and Netmask Persistence...243 Web Caching...244 Configuring Web Caching ...244 Creating the Cache Group...244 Specifying the Client(s) for the Cache Group (Optional)...245 Redirecting HTTP Traffic on an Interface ...245 Configuration Example ...246 Other Configurations ...246 Bypassing Cache Servers ...246 Proxy Server Redundancy ...247 Distributing Frequently-Accessed Sites Across Cache Servers...247...
Page 22 Contents Editing ACLs Offline ... 264 Maintaining ACLs Using the ACL Editor ... 265 Using ACLs ... 266 Applying ACLs to Interfaces... 266 Applying ACLs to Services... 267 Applying ACLs to Layer-4 Bridging Ports... 267 Using ACLs as Profiles ... 268 Using Profile ACLs with the IP Policy Facility...
Page 23 Layer-2 and Layer-3 & Layer-4 Flow Specification...292 Precedence for Layer-3 Flows ...293 SSR Queuing Policies...293 Traffic Prioritization for Layer-2 Flows ...293 Configuring Layer-2 QoS...294 802.1p Priority Mapping ...294 Creating and Applying a New Priority Map...295 Removing or Disabling Per-Port Priority Map...295 Displaying Priority Map Information...296 Traffic Prioritization for Layer-3 &...
Page 24 Contents Configuration Examples ... 321 Displaying RMON Information ... 322 RMON CLI Filters ... 323 Creating RMON CLI Filters... 325 Using RMON CLI Filters ... 325 Troubleshooting RMON... 325 Allocating Memory to RMON... 327 Chapter 24: LFAP Configuration Guide... 329 Overview ...
Page 25 Defining the Type and Location of a PPP Interface ...346 Setting up a PPP Service Profile...346 Applying a Service Profile to an Active PPP Port...347 Configuring Multilink PPP Bundles ...347 Compression on MLP Bundles or Links...347 Monitoring PPP WAN Ports...348 PPP Port Configuration ...348 WAN Configuration Examples ...350 Simple Configuration File...350...
Page 26 Contents xxvi SmartSwitch Router User Reference Manual...
Page 27: About This Manual
About This Manual This manual provides information and procedures for configuring the SmartSwitch Router (SSR) software. If you have not yet installed the SSR, use the instructions in the SmartSwitch Router Getting Started Guide to install the chassis and perform basic setup tasks, then return to this manual for more detailed configuration information.
Page 28 Preface Convention [x] or [<italics>] or [x <italics>] x|y|z|<italics> or [x|y|z|<italics>] {x|y|z|<italics>} Description Keywords and arguments within a set of square brackets are optional. Keywords or arguments separated by vertical bars indicate a choice. Select one keyword or argument. Braces group required choices. Select one keyword or argument.
Page 29: Chapter 1: Introduction
This chapter provides information that you need to know before configuring the SmartSwitch Router (SSR). If you have not yet installed the SSR, use the instructions in the SmartSwitch Router Getting Started Guide to install the chassis and perform basic setup tasks, then return to this manual for more detailed configuration information.
Page 30: Using The Command Line Interface
Chapter 1: Introduction Using the Command Line Interface Note: The SSR provides both a graphical user interface (CoreWatch) and a command line interface (CLI) to configure and manage the SSR. In this manual, example configurations show how to use the CLI commands to configure the SSR. Using CoreWatch is described in the CoreWatch User’s Manual.
Page 31: Configure Mode
(PROM) mode. You should then reboot the SSR (enter the command reboot at the boot PROM prompt) to restart the system. If the system fails to reboot successfully, please call Cabletron Systems Technical Support to resolve the problem.
Page 32 Chapter 1: Introduction you are. For example, if you are at the User mode prompt, enter a question mark (?) as shown in the following example to list the commands available in User mode: ssr> ? aging dvmrp enable exit file help igmp...
Page 33: Line Editing Commands
without typing the subsystem name in each time. For example, if you are configuring several entries for the IP routing table, you can simply enter ip at the CLI Configure prompt. The prompt changes to indicate that the context for the commands to be entered has changed to that of the IP subsystem.
Page 34 Chapter 1: Introduction Table 1. CLI Line Editing Commands Command Ctrl-k Kill line from cursor to end of line Ctrl-l Refresh current line Ctrl-m Carriage return (executes command) Ctrl-n Next command from history buffer Ctrl-o None Ctrl-p Previous command from history buffer Ctrl-q None Ctrl-r...
Page 35: Displaying And Changing Configuration Information
Table 1. CLI Line Editing Commands Command “<string>” Opaque strings may be specified using double quotes. This prevents interpretation of otherwise special CLI characters. Displaying and Changing Configuration Information The SSR provides many commands for displaying and changing configuration information. For example, the CLI allows for the “disabling” of a command in the active configuration.
Page 36 Chapter 1: Introduction Table 2. Commands to Display and Change Configuration Information Erase commands in scratchpad. Erase startup configuration. Negate one or more commands by line numbers. Negate commands that match a specified command string. Save scratchpad to active configuration. Save active configuration to startup.
Page 37: Port Names
Port Names The term port refers to a physical connector on a line card installed in the SSR. The figure below shows eight 10 Base-T/100 Base-TX ports on a line card. SSR-HTX12-08 Offline Online 10 BASE-T/100 BASE-TX ports Each port in the SSR is referred to in the following manner: <type>.<slot-number>.<port-number>...
Page 38 Chapter 1: Introduction Table 3. Port Numbers for Line Cards Line Card 1000 Base LLX Quad Serial WAN HSSI WAN SONET (OC-3c) SONET (OC-12c) ATM (OC-3) 16-slot 100 Base TX For example, the port name et.2.8 refers to the port on the Ethernet line card located in slot 2, connector 8, while the port name gi.3.2 refers to the port on the Gigabit Ethernet line card located in slot 3, connector 2.
Page 39: Chapter 2: Hot Swapping Line Cards And Control Modules
Hot Swapping Overview This chapter describes the hot swapping functionality of the SSR. Hot swapping is the ability to replace a line card or Control Module while the SSR is operating. Hot swapping allows you to remove or install line cards without switching off or rebooting the SSR. Swapped-in line cards are recognized by the SSR and begin functioning immediately after they are installed.
Page 40: Hot Swapping Line Cards
Chapter 2: Hot Swapping Line Cards and Control Modules Hot Swapping Line Cards The procedure for hot swapping a line card consists of deactivating the line card, removing it from its slot in the SSR chassis, and installing a new line card in the slot. Deactivating the Line Card To deactivate the line card, do one of the following: •...
Page 41: Removing The Line Card
Removing the Line Card To remove a line card from the SSR: Make sure the Offline LED on the line card is lit. : Do not remove the line card unless the Offline LED is lit. Doing so can cause the Warning SSR to crash.
Page 42: Hot Swapping A Secondary Control Module
Chapter 2: Hot Swapping Line Cards and Control Modules Hot Swapping a Secondary Control Module If you have a secondary Control Module installed on the SSR, you can hot swap it with another Control Module or line card. : You can only hot swap an inactive Control Module. You should never remove the Warning active Control Module from the SSR.
Page 43: Removing The Control Module
You can also use the system hotswap out command in the CLI to deactivate the Control Module. For example, to deactivate the secondary Control Module in slot CM/1, enter the following command in Enable mode: ssr# system hotswap out slot 1 After you enter this command, the Offline LED on the Control Module lights, and messages appear on the console indicating the Control Module is inoperative.
Page 44: Hot Swapping A Switching Fabric Module (Ssr 8600 Only)
Chapter 2: Hot Swapping Line Cards and Control Modules Hot Swapping a Switching Fabric Module (SSR 8600 only) The SSR 8600 has slots for two Switching Fabric Modules. While the SSR 8600 is operating, you can install a second Switching Fabric Module. If two Switching Fabric Modules are installed, you can hot swap one of them.
Page 45: Removing The Switching Fabric Module
Removing the Switching Fabric Module To remove the Switching Fabric Module: Loosen the captive screws on each side of the Switching Fabric Module. Pull the metal tabs on the Switching Fabric Module to free it from the connectors holding it in place in the chassis. Carefully remove the Switching Fabric Module from its slot.
Page 46 Chapter 2: Hot Swapping Line Cards and Control Modules SmartSwitch Router User Reference Manual...
Page 47: Chapter 3: Bridging Configuration Guide
Bridging Overview The SmartSwitch Router provides the following bridging functions: • Compliance with the IEEE 802.1d standard • Compliance with the IGMP multicast bridging standard • Wire-speed address-based bridging or flow-based bridging • Ability to logically segment a transparently bridged network into virtual local-area networks (VLANs), based on physical ports or protocol (IP or IPX or bridged protocols like Appletalk) •...
Page 48: Bridging Modes (Flow-Based And Address-Based)
Chapter 3: Bridging Configuration Guide Bridging Modes (Flow-Based and Address-Based) The SSR provides the following types of wire-speed bridging: Address-based bridging - The SSR performs this type of bridging by looking up the destination address in an L2 lookup table on the line card that receives the bridge packet from the network.
Page 49: Port-Based Vlans
• Multicast based • Policy based Detailed information about these types of VLANs is beyond the scope of this manual. Each type of VLAN is briefly explained in the following subsections. Port-based VLANs Ports of L2 devices (switches, bridges) are assigned to VLANs. Any traffic received by a port is classified as belonging to the VLAN to which the port belongs.
Page 50: Multicast-Based Vlans
Chapter 3: Bridging Configuration Guide Multicast-based VLANs Multicast-based VLANs are created dynamically for multicast groups. Typically, each multicast group corresponds to a different VLAN. This ensures that multicast frames are received only by those ports that are connected to members of the appropriate multicast group.
Page 51: Ports, Vlans, And L3 Interfaces
the SSR as a result of creating L3 interfaces for IP and/or IPX. However, these implicit VLANs do not need to be created or configured manually. The implicit VLANs created by the SSR are subnet-based VLANs. Most commonly, an SSR is used as a combined switch and router. For example, it may be connected to two subnets S1 and S2.
Page 52: Explicit And Implicit Vlans
Chapter 3: Bridging Configuration Guide For example, if port 1 belongs to VLAN IPX_VLAN for IPX, VLAN IP_VLAN for IP and VLAN OTHER_VLAN for any other protocol, then an IP frame received by port 1 is classified as belonging to VLAN IP_VLAN. Trunk ports (802.1Q) are usually used to connect one VLAN-aware switch to another.
Page 53 The corresponding bridge tables for address-based and flow-based bridging are shown below. As shown, the bridge table contains more information on the traffic patterns when flow-based bridging is enabled compared to address-based bridging. Address-Based Bridge Table A (source) B (source) C (destination) With the SSR configured in flow-based bridging mode, the network manager has “per flow”...
Page 54: Configuring Spanning Tree
Chapter 3: Bridging Configuration Guide Configuring Spanning Tree Note: Some commands in this facility require updated SSR hardware. Please refer to Appendix A The SSR supports per VLAN spanning tree. By default, all the VLANs defined belong to the default spanning tree. You can create a separate instance of spanning tree using the following command: Create spanning tree for a VLAN.
Page 55: Setting The Bridge Priority
Setting the Bridge Priority You can globally configure the priority of an individual bridge when two bridges tie for position as the root bridge, or you can configure the likelihood that a bridge will be selected as the root bridge. The lower the bridge's priority, the more likely the bridge will be selected as the root bridge.
Page 56: Adjusting Bridge Protocol Data Unit (Bpdu) Intervals
Chapter 3: Bridging Configuration Guide Adjusting Bridge Protocol Data Unit (BPDU) Intervals You can adjust BPDU intervals as described in the following sections: • Adjust the Interval between Hello BPDUs • Define the Forward Delay Interval • Define the Maximum Idle Interval Adjusting the Interval between Hello Times You can specify the interval between hello time.
Page 57: Configuring A Port- Or Protocol-Based Vlan
To change the default interval setting, enter the following command in Configure mode: Change the amount of time a bridge will wait to hear BPDUs from the root bridge for default spanning tree. Change the amount of time a bridge will wait to hear BPDUs from the root bridge for a particular instance of spanning tree.
Page 58: Configuring Vlans For Bridging
Chapter 3: Bridging Configuration Guide Configuring VLANs for Bridging The SSR allows you to create VLANs for AppleTalk, DECnet, SNA, and IPv6 traffic as well as for IP and IPX traffic. You can create a VLAN for handling traffic for a single protocol, such as a DECnet VLAN.
Page 59: Monitoring Bridging
Monitoring Bridging The SSR provides display of bridging statistics and configurations contained in the SSR. To display bridging information, enter the following commands in Enable mode. Show IP routing table. Show all MAC addresses currently in the l2 tables. Show l2 table information on a specific port.
Page 60: Creating A Non-Ip/Non-Ipx Vlan
Chapter 3: Bridging Configuration Guide Creating a non-IP/non-IPX VLAN In this example, SNA, DECnet, and AppleTalk hosts are connected to et.1.1 and et.2.(1-4). You can associate all the ports containing these hosts to a VLAN called ‘RED’ with the VLAN ID 5. First, create a VLAN named ‘RED’...
Page 61: Chapter 4: Smarttrunk Configuration Guide
Overview This chapter explains how to configure and monitor SmartTRUNKs on the SSR. A SmartTRUNK is Cabletron Systems’ technology for load balancing and load sharing. For a description of the SmartTRUNK commands, see the “smarttrunk commands” section of the SmartSwitch Router Command Line Interface Reference Manual.
Page 62: Configuring Smarttrunks
Chapter 4: SmartTRUNK Configuration Guide Configuring SmartTRUNKs To create a SmartTRUNK: Create a SmartTRUNK and specify a control protocol for it. Add physical ports to the SmartTRUNK. Specify the policy for distributing traffic across SmartTRUNK ports. This step is optional; by default, the SSR distributes traffic to ports in a round-robin (sequential) manner.
Page 63: Specify Traffic Distribution Policy (Optional)
To add ports to a SmartTRUNK, enter the following command in Configure mode:: Create a SmartTRUNK that will be connected to a device that supports the DEC Hunt Group control protocol. Specify Traffic Distribution Policy (Optional) The default policy for distributing traffic across the ports in a SmartTRUNK is “round- robin,”...
Page 64: Example Configurations
Chapter 4: SmartTRUNK Configuration Guide Example Configurations The following shows a network design based on SmartTRUNKs. R1 is an SSR operating as a router, while S1 and S2 are SSRs operating as switches. st.1 Cisco 7500 10.1.1.1/24 10.1.1.2/24 Router to-cisco The following is the configuration for the Cisco 7500 router: interface port-channel 1 ip address 10.1.1.1 255.255.255.0...
Page 65 The following is the SmartTRUNK configuration for the SSR labeled ‘R1’ in the diagram: smarttrunk create st.1 protocol no-protocol smarttrunk create st.2 protocol huntgroup smarttrunk create st.3 protocol huntgroup smarttrunk add ports et.1(1-2) to st.1 smarttrunk add ports et.2(1-2) to st.2 smarttrunk add ports et.3(1-2) to st.3 interface create ip to-cisco address-netmask 10.1.1.2/24 port st.1 interface create ip to-s1 address-netmask 11.1.1.2/24 port st.2...
Page 66 Chapter 4: SmartTRUNK Configuration Guide SmartSwitch Router User Reference Manual...
Page 67: Chapter 5: Atm Configuration Guide
ATM Configuration ATM Overview This chapter provides an overview of the Asynchronous Transfer Mode (ATM) features available for the SmartSwitch Router. ATM is a cell switching technology used to establish multiple connections over a physical link, and configure each of these connections with its own traffic parameters.
Page 68: Creating A Virtual Channel
Service Class Definition channel having its own traffic parameters. The name “virtual” implies that the connection is located in silicon instead of a physical wire. Refer to Definition” on page 43 virtual channel. Creating a Virtual Channel To create a virtual channel, enter the following command in Configure mode: Creates a virtual channel.
Page 69: Creating A Service Class Definition
Creating a Service Class Definition To create a service class definition, enter the following command in Configure mode: Creates a service class definition. The following is a description of the parameters used to create a service class definition: service <string> Specifies a name for the service class definition. The maximum length is 32 characters.
Page 70: Applying A Service Class Definition
Service Class Definition cells/sec). This is the same as PCR, but is expressed in kbits/sec, and therefore may be a more convenient form. However, since the natural unit for ATM is cells/sec, there may be a difference in the actual rate because the kbit/sec value may not be an integral number of cells.
Page 71: Cell Scrambling
port <port list> Specifies the port, in the format: media.slot.port.vpi.vci media Specifies the media type. This is at for ATM ports. slot Specifies the slot number where the module is installed. port Specifies the port number. Specifies the Virtual Path Identifier. This parameter identifies the virtual path.
Page 72: Cell Mapping
Cell Mapping The following is a description of the parameters used to enable cell scrambling: port <port list> Specifies the port, in the format: media.slot.port. Specify all-ports to enable cell scrambling on all ports. media Specifies the media type. This is at for ATM ports. Specifies the slot number where the module is installed.
Page 73: Creating A Non-Zero Vpi
Creating a Non-Zero VPI The Virtual Path Identifier defines a virtual path, a grouping of virtual channels transmitting across the same physical connection. The actual number of virtual paths and virtual channels available on an ATM port depends upon how many bits are allocated for the VPI and VCI, respectively.
Page 74: Displaying Atm Port Information
Displaying ATM Port Information Displaying ATM Port Information There are a variety of ATM statistics that can be accessed through the command line interface. The atm show commands can only be used in Enable mode. To display information about the VPL configurations on an ATM port: Displays the VPL configurations on an ATM port.
Page 75 To display information about the service definition on an ATM port: Displays the service definition on an ATM port. The following is an example of the information that is displayed with the command listed above: ssr# atm show service all ubr-default Service Class: Peak Bit Rate:...
Page 76 Displaying ATM Port Information To display information about the port settings on an ATM port: Displays the port setting configurations on an ATM port. The following is an example of the information that is displayed with the command listed above (for a PDH PHY interface): ssr(atm-show)# port-settings at.9.1 Port information for Slot 9, Port 1: Port Type:...
Page 77 • VC Mode • Service Definition The following is an example of the information that is displayed with the command listed above (for a SONET PHY interface): ssr(atm-show)# port-settings at.8.1 Port information for Slot 8, Port 1: Port Type: Xmt Clock Source: VC Mode: Service Definition: ubr-default Service Class:...
Page 78: Atm Sample Configuration 1
ATM Sample Configuration 1 ATM Sample Configuration 1 Consider the following network configuration: SSR 1 at.1.1 et.2.1 11.1.1.1/24 VLAN A Subnet 11.1.1.0 The network shown consists of two SmartSwitch Routers, VLAN A, and VLAN B. Both SSRs have an ATM module with two ATM ports. Also both SSRs contain a 10/100 TX Ethernet module.
Page 79: Configuring An Interface On An Ethernet Port
Configuring an Interface on an Ethernet Port There are two separate VLANs in this network, VLAN A and VLAN B. VLAN A is connected to Ethernet port et.2.1 on SSR1, and VLAN B is connected to Ethernet port et.1.1 on SSRSSR2. Apply an interface on both Ethernet ports.
Page 80: Applying An Atm Service Class
ATM Sample Configuration 1 Applying an ATM Service Class After defining a service class on SSR1 and SSR2, apply them to the VC connection we created earlier. The following command line applies the service class ‘cbr1m’ to the VC (vpi=0, vci=100) on ATM port at.1.1 of SSR1: ssr1(config)# atm apply service cbr1m port at.1.1.0.100 The following command line applies the service class ‘cbr1m’...
Page 81 Creating an IP route allows the interfaces on the ATM ports to act as gateways to any subnet. Traffic from VLAN A reaches the Ethernet port on SSR1 and is automatically directed to the gateway address (interface on the ATM port for SSR2). Then the traffic travels through the VC and arrives at the Ethernet port connected to VLAN B.
Page 82 ATM Sample Configuration 1 SmartSwitch Router User Reference Manual...
Page 83: Chapter 6: Packet-Over-Sonet Configuration Guide
Packet-over-SONET Overview This chapter explains how to configure and monitor packet-over-SONET (PoS) on the SSR. See the sonet commands section of the SmartSwitch Router Command Line Interface Reference Manual for a description of each command. PoS requires installation of the OC-3c or OC-12c PoS line cards in an SSR 8000 or an SSR 8600.
Page 84: Configuring Ip Interfaces For Pos Links
Chapter 6: Packet-over-SONET Configuration Guide Configuring IP Interfaces for PoS Links Configuring IP interfaces for PoS links is generally the same as for WANs and for LANs. You assign an IP address to each interface and define routing mechanisms such as OSPF or RIP as with any IP network.
Page 85: Configuring Automatic Protection Switching
Create a point-to-point interface with the interface create command, specifying the IP address and netmask for the interface on the SSR and the peer address of the other end of the connection: interface create ip pos11 address-netmask 20.11.11.20/24 peer-address 20.11.11.21 port so.13.1 When you create the point-to-point interface as shown above, the SSR creates an implicit VLAN called “SYS_L3_<interface-name>.”...
Page 86: Configuring Working And Protecting Ports
Chapter 6: Packet-over-SONET Configuration Guide Note: In APS terminology, bridge means to transmit identical traffic on both the working and protecting lines, while switch means to select traffic from either the protecting line or the working line. • Unidirectional switching, where one set of line terminating equipment (LTE) can switch the line independent of the other LTE.
Page 87: Specifying Bit Error Rate Thresholds
To manage the working and protecting PoS interfaces, enter the following commands in Configure mode: Prevent a working interface from switching to a protecting port. This command can only be applied to a port configured as a protecting port. Force a switch to the specified port. This command can be applied to either the working or protecting port.
Page 88: Monitoring Pos Ports
Chapter 6: Packet-over-SONET Configuration Guide • Signal failure BER threshold of 10 failure is associated with a “hard” failure. Signal fail is determined when any of the following conditions are detected: loss of signal (LOS), loss of frame (LOF), line alarm indication bridge and selector signal (AIS-L), or the BER threshold exceeds the configured rate.
Page 89: Example Configurations
Example Configurations This section shows example configurations for PoS links. APS PoS Links Between SSRs The following example shows APS PoS links between two SSRs, router A and router B. Router so.7.1 so.7.2 The following is the configuration for router A: interface create ip pos21 address-netmask 20.11.11.21/24 peer-address 20.11.11.20 type point-to-point port so.7.1 sonet set so.7.1 protection 1+1 protected-by so.7.2...
Page 90: Pos Link Between The Ssr And A Cisco Router
Chapter 6: Packet-over-SONET Configuration Guide PoS Link Between the SSR and a Cisco Router The following example shows a PoS link between an SSR, router A, and a Cisco 12000 series Gigabit Switch Router, router B. The MTU on both routers is configured for same size of 9216 octets.
Page 91: Bridging And Routing Traffic Over A Pos Link
Bridging and Routing Traffic Over a PoS Link The following example shows how to configure a VLAN ‘v1’ that includes the PoS ports on two connected SSRs, router A and router B. Bridged or routed traffic is transmitted over the PoS link. Router int1 1.1.1.1/8...
Page 92 Chapter 6: Packet-over-SONET Configuration Guide SmartSwitch Router User Reference Manual...
Page 93: Chapter 7: Dhcp Configuration Guide
DHCP Overview The Dynamic Host Configuration Protocol (DHCP) server on the SSR provides dynamic address assignment and configuration to DHCP capable end-user systems, such as Windows 95/98/NT and Apple Macintosh systems. You can configure the server to provide a dynamic IP address from a pre-allocated pool of IP addresses or a static IP address.
Page 94: Configuring Dhcp
Chapter 7: DHCP Configuration Guide Configuring DHCP By default, the DHCP server is not enabled on the SSR. You can selectively enable DHCP service on particular interfaces and not others. To enable DHCP service on an interface, you must first define a DHCP scope. A scope consists of a pool of IP addresses and a set of parameters for a DHCP client.
Page 95: Configuring A Static Ip Address
Table 5. Client Parameters Parameter netbios-name-server netbios-node-type netbios-scope To define the parameters that the DHCP server gives the clients, enter the following command in Configure mode: Define client parameters. Configuring a Static IP Address To define a static IP address that the DHCP server can assign to a client with a specific MAC address, enter the following command in Configure mode: Define static IP address for a particular MAC address.
Page 96: Configuring Dhcp Server Parameters
Chapter 7: DHCP Configuration Guide Configuring DHCP Server Parameters You can configure several “global” parameters that affect the behavior of the DHCP server itself. To configure global DHCP server parameters, enter the following commands in Configure mode: Specify a remote location to back up the lease database.
Page 97: Dhcp Configuration Examples
DHCP Configuration Examples The following configuration describes DHCP configuration for a simple network with just one interface on which DHCP service is enabled to provide both dynamic and static IP addresses. Create an IP VLAN called ‘client_vlan’. vlan create client_vlan ip Add all Fast Ethernet ports in the SSR to the VLAN ‘client_vlan’.
Page 98: Configuring Secondary Subnets
Chapter 7: DHCP Configuration Guide Specify a remote lease database on the TFTP server 10.1.89.88. dhcp global set lease-database tftp://10.1.89.88/lease.db 10. Specify a database update interval of every 15 minutes. dhcp global set commit-interval 15 Configuring Secondary Subnets In some network environments, multiple logical subnets can be imposed on a single physical segment.
Page 99: Secondary Subnets And Directly-Connected Clients
Include ‘scope2’ in the superscope ‘super1’. dhcp scope2 attach superscope super1 Since there are multiple pools of IP addresses, the pool associated with ‘scope1’ is used first since ‘scope1’ is applied to the interface before ‘scope2’. Clients that are given an address from ‘scope1’...
Page 100: Interacting With Relay Agents
Chapter 7: DHCP Configuration Guide Define the address pool for ‘scope2’. dhcp scope2 define pool 10.2.1.40-10.2.1.50 Create a superscope ‘super1’ that includes ‘scope1’. dhcp scope1 attach superscope super1 Include ‘scope2’ in the superscope ‘super1’. dhcp scope2 attach superscope super1 For clients on the secondary subnet, the default gateway is 10.2.1.1, which is also the secondary address for the interface ‘clients’.
Page 101 Chapter 7: DHCP Configuration Guide Define the address pool for ‘scope1’. dhcp scope1 define pool 10.5.1.10-10.5.1.20 SmartSwitch Router User Reference Manual...
Page 102 Chapter 7: DHCP Configuration Guide SmartSwitch Router User Reference Manual...
Page 103: Chapter 8: Ip Routing Configuration Guide
The SSR supports standards-based TCP, UDP, and IP. This chapter describes how to configure IP interfaces and general non-protocol-specific routing parameters. IP Routing Protocols The SSR supports standards-based unicast and multicast routing. Unicast routing protocol support includes Interior Gateway Protocols and Exterior Gateway Protocols. Multicast routing protocols are used to determine how multicast data is transferred in a routed environment.
Page 104: Multicast Routing Protocols
Chapter 8: IP Routing Configuration Guide Exterior Gateway Protocols are used to transfer information between different “autonomous systems”. The SSR supports the following Exterior Gateway Protocol: • Border Gateway Protocol (BGP) Version 3, 4 (RFC 1267, 1771). Configuring BGP for the SSR is described in Multicast Routing Protocols IP multicasting allows a host to send traffic to a subset of all hosts.
Page 105: Configuring Ip Interfaces To Ports
Configuring IP Interfaces to Ports You can configure an IP interface directly to a physical port. Each port can be assigned multiple IP addresses representing multiple subnets connected to the physical port. For example, to assign an IP interface ‘RED’ to physical port et.3.4, enter the following: ssr(config)# interface create ip RED address-netmask 10.50.0.0/255.255.0.0 port et.3.4 To configure a secondary address of 10.23.4.36 with a 24-bit netmask (255.255.255.0) on the...
Page 106: Configuring Jumbo Frames
Chapter 8: IP Routing Configuration Guide Configuring Jumbo Frames Certain SSR line cards support jumbo frames (frames larger than the standard Ethernet frame size of 1518 bytes). See on line cards. To transmit frames of up to 65535 octets, you increase the maximum transmission unit (MTU) size from the default of 1500.
Page 107: Configuring Address Resolution Protocol (Arp)
Configuring Address Resolution Protocol (ARP) The SSR allows you to configure Address Resolution Protocol (ARP) table entries and parameters. ARP is used to associate IP addresses with media or MAC addresses. Taking an IP address as input, ARP determines the associated MAC address. Once a media or MAC address is determined, the IP address/media address association is stored in an ARP cache for rapid retrieval.
Page 108: Configuring Proxy Arp
Chapter 8: IP Routing Configuration Guide When you enable packets to be dropped for hosts with unresolved MAC addresses, the SSR will still attempt to periodically resolve these MAC addresses. By default, the SSR sends ARP requests at 30-second intervals to try to resolve up to 50 dropped entries. To change the interval for sending ARP requests for unresolved entries to 45 seconds: ssr# arp set unresolve-timer 45 To change the number of unresolved entries that the SSR attempts to resolve to 75:...
Page 109: Specifying Ip Interfaces For Rarp
Specifying IP Interfaces for RARP The rarpd set interface command allows you to specify which interfaces the SSR’s RARP server responds to when sent RARP requests. You can specify individual interfaces or all interfaces. To cause the SSR’s RARP server to respond to RARP requests from interface int1: ssr(config)# rarpd set interface int1 Defining MAC-to-IP Address Mappings...
Page 110: Monitoring Rarp
Chapter 8: IP Routing Configuration Guide Monitoring RARP You can use the following commands to obtain information about the SSR’s RARP configuration: Display the interfaces to which the RARP server responds. Display the existing MAC-to-IP address mappings Display RARP statistics. Configuring DNS Parameters The SSR can be configured to specify DNS servers, which supply name services for DNS requests.
Page 111: Configuring Direct Broadcast
• BOOTP/DHCP (port 67 and 68) • DNS (port 37) • NetBIOS Name Server (port 137) • NetBIOS Datagram Server (port 138) • TACACS Server (port 49) • Time Service (port 37) To forward UDP broadcast packets received on interface int1 to the host 10.1.4.5 for the six default UDP services: ssr(config)# ip helper-address interface int1 10.1.4.5 To forward UDP broadcast packets received on interface int2 to the host 10.2.48.8 for...
Page 112: Configuring Denial Of Service (Dos)
Chapter 8: IP Routing Configuration Guide Configuring Denial of Service (DOS) By default, the SSR installs flows in the hardware so that packets sent as directed broadcasts are dropped in hardware, if directed broadcast is not enabled on the interface where the packet is received.
Page 113: Configuring Router Discovery
The following example displays the contents of the routing table. It shows that some of the route entries are for locally connected interfaces (“directly connected”), while some of the other routes are learned from RIP. ssr# ip show routes Destination ----------- 10.1.0.0/16 10.2.0.0/16...
Page 114 Chapter 8: IP Routing Configuration Guide To start router discovery on the SSR, enter the following command in Configure mode: ssr(config)# rdisc start The rdisc start command lets you start router discovery on the SSR. When router discovery is started, the SSR multicasts or broadcasts periodic router advertisements on each configured interface.
Page 115 To display router discovery information: ssr# rdisc show all Task State: <Foreground NoResolv NoDetach> Send buffer size 2048 at 812C68F8 Recv buffer size 2048 at 812C60D0 Timers: RouterDiscoveryServer Priority 30 RouterDiscoveryServer_SSR2_SSR3_IP <OneShot> last: 10:17:21 next: 10:25:05 Task RouterDiscoveryServer: Interfaces: Interface SSR2_SSR3_IP: Group 224.0.0.1: Interface policy: Interface SSR2_SSR3_IP* MaxAdvInt 10:00...
Page 116: Configuration Examples
Chapter 8: IP Routing Configuration Guide Configuration Examples Assigning IP/IPX Interfaces To enable routing on the SSR, you must assign an IP or IPX interface to a VLAN. To assign an IP or IPX interface named ‘RED’ to the ‘BLUE’ VLAN, enter the following command: ssr(config)# interface create ip RED address-netmask 10.50.0.1/255.255.0.0 vlan BLUE You can also assign an IP or IPX interface directly to a physical port.
Page 117: Chapter 9: Vrrp Configuration Guide
VRRP Overview This chapter explains how to set up and monitor the Virtual Router Redundancy Protocol (VRRP) on the SSR. VRRP is defined in RFC 2338. End host systems on a LAN are often configured to send packets to a statically configured default router.
Page 118: Basic Vrrp Configuration
Chapter 9: VRRP Configuration Guide Basic VRRP Configuration Figure 5 shows a basic VRRP configuration with a single virtual router. Routers R1 and R2 are both configured with one virtual router ( Router R2 serves as the Backup. The four end hosts are configured to use 10.0.0.1/16 as the default route.
Page 119: Configuration For Router R2
In VRRP, the router that owns the IP address associated with the virtual router is the Master. Any other routers that participate in this virtual router are Backups. In this configuration, Router R1 is the Master for virtual router 10.0.0.1/16, the IP address associated with virtual router Configuration for Router R2 The following is the configuration file for Router R2 in 1: interface create ip test address-netmask 10.0.0.2/16 port et.1.1...
Page 120: Configuration Of Router R1
Chapter 9: VRRP Configuration Guide Master for VRID=1 Backup for VRID=2 Interface Addr. = 10.0.0.1/16 VRID=1; Addr. = 10.0.0.1/16 VRID=2; Addr. = 10.0.0.2/16 Default Route = 10.0.0.1/16 In this configuration, half the hosts use 10.0.0.1/16 as their default route, and half use 10.0.0.2/16.
Page 121: Configuration Of Router R2
On line 5, Router R1 associates IP address 10.0.0.2/16 with virtual router However, since Router R1 does not own IP address 10.0.0.2/16, it is not the default Master for virtual router VRID=2 Configuration of Router R2 The following is the configuration file for Router R2 in 1: interface create ip test address-netmask 10.0.0.2/16 port et.1.1 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy create vrrp 2 interface test...
Page 122 Chapter 9: VRRP Configuration Guide Master for VRID=1 1st Backup for VRID=2 1st Backup for VRID=3 VRID=1 10.0.0.1/16 Default Route = 10.0.0.1/16 In this configuration, Router R1 is the Master for virtual router Backup for virtual routers Router R1 would assume the IP addresses associated with virtual routers VRID=3 Router R2 is the Master for virtual router , and the secondary Backup for virtual router...
Page 123: Configuration Of Router R1
Configuration of Router R1 The following is the configuration file for Router R1 in 1: interface create ip test address-netmask 10.0.0.1/16 port et.1.1 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy create vrrp 2 interface test 4: ip-redundancy create vrrp 3 interface test 5: ip-redundancy associate vrrp 1 interface test address 10.0.0.1/16 6: ip-redundancy associate vrrp 2 interface test address 10.0.0.2/16 7: ip-redundancy associate vrrp 3 interface test address 10.0.0.3/16...
Page 124: Configuration Of Router R2
Chapter 9: VRRP Configuration Guide The following table shows the priorities for each virtual router configured on Router R1. Virtual Router – IP address=10.0.0.1/16 VRID=1 – IP address=10.0.0.2/16 VRID=2 – IP address=10.0.0.3/16 VRID=3 Configuration of Router R2 The following is the configuration file for Router R2 in 1: interface create ip test address-netmask 10.0.0.2/16 port et.1.1 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy create vrrp 2 interface test...
Page 125: Configuration Of Router R3
Note: Since 100 is the default priority, line 9, which sets the priority to 100, is actually unnecessary. It is included for illustration purposes only. Configuration of Router R3 The following is the configuration file for Router R3 in 1: interface create ip test address-netmask 10.0.0.3/16 port et.1.1 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy create vrrp 2 interface test 4: ip-redundancy create vrrp 3 interface test...
Page 126: Setting The Backup Priority
Chapter 9: VRRP Configuration Guide Setting the Backup Priority As described in “Multi-Backup Configuration” on page router takes over when the Master router goes down by setting the priority for the Backup routers. To set the priority for a Backup router, enter the following command in Configure mode: To specify 200 as the priority used by virtual router 1 on interface int1: ssr(config)# ip-redundancy set vrrp 1 interface int1 priority 200...
Page 127: Setting An Authentication Key
Setting an Authentication Key By default, no authentication of VRRP packets is performed on the SSR. You can specify a clear-text password to be used to authenticate VRRP exchanges. To enable authentication, enter the following command in Configure mode To authenticate VRRP exchanges on virtual router 1 on interface int1 with a password of ‘yago’: ssr(config)# ip-redundancy set vrrp 1 interface int1 auth-type text auth-key yago Note:...
Page 128: Ip-Redundancy Show
Chapter 9: VRRP Configuration Guide ip-redundancy show The ip-redundancy show command reports information about a VRRP configuration. To display information about all virtual routers on interface int1: ssr# ip-redundancy show vrrp interface int1 VRRP Virtual Router 100 - Interface int1 ------------------------------------------ Uptime State...
Page 129: Vrrp Configuration Notes
To display VRRP statistics for virtual router 100 on interface int1: ssr# ip-redundancy show vrrp 1 interface int1 verbose VRRP Virtual Router 100 - Interface int1 ------------------------------------------ Uptime State Priority Virtual MAC address Advertise Interval Preempt Mode Authentication Primary Address Associated Addresses Stats: Number of transitions to master state...
Page 130 Chapter 9: VRRP Configuration Guide The skew-time depends on the Backup router's configured priority: Skew-time = ( (256 - Priority) / 256 ) Therefore, the higher the priority, the faster a Backup router will detect that the Master is down. For example: –...
Page 131: Chapter 10: Rip Configuration Guide
RIP Overview This chapter describes how to configure the Routing Information Protocol (RIP) on the SmartSwitch Router. RIP is a distance-vector routing protocol for use in small networks. RIP is described in RFC 1723. A router running RIP broadcasts updates at set intervals. Each update contains paired values where each pair consists of an IP network address and an integer distance to that network.
Page 132: Enabling And Disabling Rip
Chapter 10: RIP Configuration Guide Enabling and Disabling RIP To enable or disable RIP, enter one of the following commands in Configure mode. Enable RIP. Disable RIP. Configuring RIP Interfaces To configure RIP in the SSR, you must first add interfaces to inform RIP about attached interfaces.
Page 133 RIP Parameter Authentication Update interval To change RIP parameters, enter the following commands in Configure mode. Set RIP Version on an interface to RIP V1. Set RIP Version on an interface to RIP V2. Specify that RIP V2 packets should be multicast on this interface.
Page 134: Configuring Rip Route Preference
Chapter 10: RIP Configuration Guide Enable acceptance of RIP routes that have a metric of zero. Enable poison revers, as specified by RFC 1058. Configuring RIP Route Preference You can set the preference of routes learned from RIP. To configure RIP route preference, enter the following command in Configure mode. Set the preference of routes learned from RIP.
Page 135: Configuration Example
Show RIP information on the specified interface. Show RIP interface policy information. Show detailed information of all RIP packets. Show detailed information of all packets received by the router. Show detailed information of all packets sent by the router. Show detailed information of all request received by the router.
Page 136 Chapter 10: RIP Configuration Guide ! Change default metric-out rip set interface SSR1-if1 metric-out 3 SmartSwitch Router User Reference Manual...
Page 137: Chapter 11: Ospf Configuration Guide
OSPF Overview Open Shortest Path First Routing (OSPF) is a shortest path first or link-state protocol. The SSR supports OSPF Version 2.0, as defined in RFC 1583. OSPF is an interior gateway protocol that distributes routing information between routers in a single autonomous system.
Page 138: Ospf Multipath
Chapter 11: OSPF Configuration Guide • Type 1 ASE • Type 2 ASE Intra-area paths have destinations within the same area. Inter-area paths have destinations in other OSPF areas. Both types of Autonomous System External (ASE) routes are routes to destinations external to OSPF (and usually external to the AS). Routes exported into OSPF ASE as type 1 ASE routes are supposed to be from interior gateway protocols (e.g., RIP) whose external metrics are directly comparable to OSPF metrics.
Page 139: Enabling Ospf
• Add IP interfaces to OSPF areas. • Configure OSPF interface parameters, if necessary. • Add IP networks to OSPF areas. • Create virtual links, if necessary. Enabling OSPF OSPF is disabled by default on the SSR. To enable or disable OSPF, enter one of the following commands in Configure mode. Enable OSPF.
Page 140: Default Cost Of An Ospf Interface
Chapter 11: OSPF Configuration Guide Default Cost of an OSPF Interface The default cost of an OSPF interface is calculated using its bandwidth. A VLAN that is attached to an interface could have several ports of differing speeds. The bandwidth of an interface is represented by the highest bandwidth port that is part of the associated VLAN.
Page 141: Configuring An Ospf Area
Specify the number of seconds required to transmit a link state update on an OSPF interface. Specify the time a neighbor router will listen for OSPF hello packets before declaring the router down. Disable IP multicast for sending OSPF packets to neighbors on an OSPF interface.
Page 142: Configuring Ospf Area Parameters
Chapter 11: OSPF Configuration Guide Add a stub host to an OSPF area. Add a network to an OSPF area for summarization. Configuring OSPF Area Parameters The SSR allows configuration of various OSPF area parameters, including stub areas, stub cost and authentication method. Information about routes which are external to the OSPF routing domain is not sent into a stub area.
Page 143: Configuring Autonomous System External (Ase) Link Advertisements
To configure virtual links, enter the following commands in the Configure mode. Create a virtual link. Set virtual link parameters. Configuring Autonomous System External (ASE) Link Advertisements Because of the nature of OSPF, the rate at which ASEs are flooded may need to be limited. The following parameters can be used to adjust those rate limits.
Page 144: Monitoring Ospf
Chapter 11: OSPF Configuration Guide • Point-to-Point. A point-to-point interface can be a serial line using PPP. By default, an IP interface associated with a serial line that is using PPP is treated as an OSPF point- to-point network. If an IP interface that is using PPP is to be treated as an OSPF broadcast network, then use the type broadcast option of the interface create command.
Page 145 • ospf show commands allow you to display detailed versions of the various OSPF tables. The ospf show commands can only display OSPF tables for the router on which the commands are being entered. To display OSPF information, enter the following commands in Enable mode. Show IP routing table.
Page 146: Ospf Configuration Examples
Chapter 11: OSPF Configuration Guide Shows information about all valid next hops mostly derived from the SPF calculation. Show OSPF statistics. Shows information about OSPF Border Routes. Show OSPF timers. Show OSPF virtual-links. OSPF Configuration Examples For all examples in this section, refer to the configuration shown in The following configuration commands for router R1: •...
Page 147: Exporting All Interface & Static Routes To Ospf
ospf add interface 140.1.3.1 to-area 140.1.0.0 ospf add interface 130.1.1.1 to-area backbone Exporting All Interface & Static Routes to OSPF Router R1 has several static routes. We would export these static routes as type-2 OSPF routes. The interface routes would be redistributed as type-1 OSPF routes. Create a OSPF export destination for type-1 routes since we would like to redistribute certain routes into OSPF as type 1 OSPF-ASE routes.
Page 148 Chapter 11: OSPF Configuration Guide Router R1 would like to redistribute its OSPF, OSPF-ASE, RIP, Static and Interface/Direct routes into RIP. Enable RIP on interface 120.190.1.1/16. rip add interface 120.190.1.1 rip set interface 120.190.1.1 version 2 type multicast Create a OSPF export destination for type-1 routes. ip-router policy create ospf-export-destination ospfExpDstType1 type 1 metric 1 Create a OSPF export destination for type-2 routes.
Page 149 Create a RIP export destination. ip-router policy create rip-export-destination ripExpDst 10. Create OSPF export source. ip-router policy create ospf-export-source ospfExpSrc type OSPF 11. Create OSPF-ASE export source. ip-router policy create ospf-export-source ospfAseExpSrc type OSPF- 12. Create the Export-Policy for redistributing all interface, RIP, static, OSPF and OSPF- ASE routes into RIP.
Page 150 140.1.5/24 140.1.1.2/24 A r e a 140.1.0.0 140.1.4/24 140.1.1.1/24 130.1.1.1/16 140.1.3.1/24 140.1.2.1/24 190.1.1.1/16 120.190.1.1/16 120.190.1.2/16 202.1.2.2/16 160.1.5.2/24 Figure 8. Exporting to OSPF A r e a B a c k b o n e 130.1.1.3/16 160.1.5.2/24 150.20.3.1/16 150.20.3.2/16 A r e a 150.20.0.0...
Page 151: Chapter 12: Bgp Configuration Guide
BGP Overview The Border Gateway Protocol (BGP) is an exterior gateway protocol that allows IP routers to exchange network reachability information. BGP became an internet standard in 1989 (RFC 1105) and the current version, BGP-4, was published in 1994 (RFC 1771). BGP is typically run between Internet Service Providers.
Page 152: The Ssr Bgp Implementation
Chapter 12: BGP Configuration Guide The SSR BGP Implementation The SSR routing protocol implementation is based on GateD 4.0.3 code (http://www.gated.org). GateD is a modular software program consisting of core services, a routing database, and protocol modules supporting multiple routing protocols (RIP versions 1 and 2, OSPF version 2, BGP version 2 through 4, and Integrated IS-IS).
Page 153: Setting The Autonomous System Number
Setting the Autonomous System Number An autonomous system number identifies your autonomous system to other routers. To set the SSR’s autonomous system number, enter the following command in Configure mode. Set the SSR’s autonomous system number. The autonomous-system <num1> parameter sets the AS number for the router. Specify a number from 1–65534.
Page 154 Chapter 12: BGP Configuration Guide where: peer-group <number-or-string> Is a group ID, which can be a number or a character string. type Specifies the type of BGP group you are adding. You can specify one of the following: external In the classic external BGP group, full policy checking is applied to all incoming and outgoing advertisements.
Page 155: Adding And Removing A Bgp Peer
Adding and Removing a BGP Peer There are two ways to add BGP peers to peer groups. You can explicitly add a peer host, or you can add a network. Adding a network allows for peer connections from any addresses in the range of network and mask pairs specified in the bgp add network command.
Page 156 Chapter 12: BGP Configuration Guide ( aspath_regexp ) Parentheses group subexpressions. An operator, such as * or ? works on a single element or on a regular expression enclosed in parentheses. An AS-path operator is one of the following: aspath_term {m,n} A regular expression followed by {m,n} (where m and n are both non-negative integers and m <= n) means at least m and at most n repetitions.
Page 157: As-Path Regular Expression Examples
AS-Path Regular Expression Examples To import MCI routes with a preference of 165: ip-router policy create bgp-import-source mciRoutes aspath-regular- expression "(.* 3561 .*)" origin any sequence-number 10 ip-router policy import source mciRoutes network all preference 165 To import all routes (.* matches all AS paths) with the default preference: ip-router policy create bgp-import-source allOthers aspath-regular- expression "(.*)"...
Page 158: Notes On Using The As Path Prepend Feature
Chapter 12: BGP Configuration Guide The following is an example: # insert two instances of the AS when advertising the route to this peer bgp set peer-host 194.178.244.33 group nlnet as-count 2 # insert three instances of the AS when advertising the route to this # peer bgp set peer-host 194.109.86.5 group webnet as-count 3 Notes on Using the AS Path Prepend Feature...
Page 159: Bgp Peering Session Example
• BGP Multi-Exit Discriminator (MED) attribute • EBGP aggregation • Route reflection BGP Peering Session Example The router process used for a specific BGP peering session is known as a BGP speaker. A single router can have several BGP speakers. Successful BGP peering depends on the establishment of a neighbor relationship between BGP speakers.
Page 160 Chapter 12: BGP Configuration Guide Figure 9 illustrates a sample BGP peering session. AS-1 SSR1 10.0.0.1/16 The CLI configuration for router SSR1 is as follows: interface create ip et.1.1 address-netmask 10.0.0.1/16 port et.1.1 # Set the AS of the router ip-router global set autonomous-system 1 # Set the router ID ip-router global set router-id 10.0.0.1...
Page 161: Ibgp Configuration Example
The gated.conf file for router SSR1 is as follows: autonomoussystem 1 ; routerid 10.0.0.1 ; bgp yes { The CLI configuration for router SSR2 is as follows: interface create ip et.1.1 address-netmask 10.0.0.2/16 port et.1.1 ip-router global set autonomous-system 2 ip-router global set router-id 10.0.0.2 bgp create peer-group pg2w1 type external autonomous-system 1 bgp add peer-host 10.0.0.1 group pg2w1...
Page 162: Ibgp Routing Group Example
Chapter 12: BGP Configuration Guide An IGP, like OSPF, could possibly be used instead of IBGP to exchange routing information between EBGP speakers within an AS. However, injecting full Internet routes (50,000+ routes) into an IGP puts an expensive burden on the IGP routers. Additionally, IGPs cannot communicate all of the BGP attributes for a given route.
Page 163 Chapter 12: BGP Configuration Guide Figure 10 shows a sample BGP configuration that uses the Routing group type. AS-64801 10.12.1.1/30 10.12.1.6/30 Cisco lo0 172.23.1.25/30 OSPF 10.12.1.5/30 10.12.1.2/30 SSR4 SSR1 IBGP 172.23.1.10/30 172.23.1.5/30 lo0 172.23.1.26/30 SSR6 172.23.1.6/30 172.23.1.9/30 Figure 10. Sample IBGP Configuration (Routing Group Type) SmartSwitch Router User Reference Manual...
Page 164 Chapter 12: BGP Configuration Guide In this example, OSPF is configured as the IGP in the autonomous system. The following lines in the router SSR6 configuration file configure OSPF: # Create a secondary address for the loopback interface interface add ip lo0 address-netmask 172.23.1.26/30 ospf create area backbone ospf add interface to-SSR4 to-area backbone ospf add interface to-SSR1 to-area backbone...
Page 165: Ibgp Internal Group Example
The following lines on the Cisco router set up IBGP peering with router SSR6. router bgp 64801 ! Disable synchronization between BGP and IGP no synchronization neighbor 172.23.1.26 remote-as 64801 ! Allow internal BGP sessions to use any operational interface for TCP ! connections neighbor 172.23.1.26 update-source Loopback0 IBGP Internal Group Example...
Page 166 Chapter 12: BGP Configuration Guide Figure 11 illustrates a sample IBGP Internal group configuration. 16.122.128.8/24 AS-1 16.122.128.1/24 SSR1 17.122.128.1/24 Figure 11. Sample IBGP Configuration (Internal Group Type) The CLI configuration for router SSR1 is as follows: ip-router global set autonomous-system 1 bgp create peer-group int-ibgp-1 type internal autonomous-system 1 bgp add peer-host 16.122.128.2 group int-ibgp-1 bgp add peer-host 16.122.128.8 group int-ibgp-1...
Page 167 The gated.conf file for router SSR1 is as follows: autonomoussystem 1 ; routerid 16.122.128.1 ; bgp yes { traceoptions aspath detail packets detail open detail update ; group type internal peeras 1 The CLI configuration for router SSR2 is as follows: ip-router global set autonomous-system 1 bgp create peer-group int-ibgp-1 type internal autonomous-system 1 bgp add peer-host 16.122.128.1 group int-ibgp-1...
Page 168: Ebgp Multihop Configuration Example
Chapter 12: BGP Configuration Guide The configuration for router C1 (a Cisco router) is as follows: router bgp 1 no synchronization network 16.122.128.0 mask 255.255.255.0 network 17.122.128.0 mask 255.255.255.0 neighbor 16.122.128.1 remote-as 1 neighbor 16.122.128.1 next-hop-self neighbor 16.122.128.1 soft-reconfiguration inbound neighbor 16.122.128.2 remote-as 1 neighbor 16.122.128.2 next-hop-self neighbor 16.122.128.2 soft-reconfiguration inbound...
Page 169 This sample configuration shows External BGP peers, SSR1 and SSR4, which are not connected to the same subnet. AS-64800 SSR1 16.122.128.1/16 Legend: The CLI configuration for router SSR1 is as follows: bgp create peer-group ebgp_multihop autonomous-system 64801 type external bgp add peer-host 18.122.128.2 group ebgp_multihop ! Specify the gateway option, which indicates EBGP multihop.
Page 170 Chapter 12: BGP Configuration Guide The gated.conf file for router SSR1 is as follows: autonomoussystem 64800 ; routerid 0.0.0.1 ; bgp yes { traceoptions state ; group type external peeras 64801 static { 18.122.0.0 masklen 16 The CLI configuration for router SSR2 is as follows: interface create ip to-R1 address-netmask 16.122.128.3/16 port et.1.1 interface create ip to-R3 address-netmask 17.122.128.3/16 port et.1.2 # Static route needed to reach 18.122.0.0/16...
Page 171: Community Attribute Example
The gated.conf file for router SSR3 is as follows: static { 16.122.0.0 masklen 16 The CLI configuration for router SSR4 is as follows: bgp create peer-group ebgp_multihop autonomous-system 64801 type external bgp add peer-host 18.122.128.2 group ebgp_multihop ! Specify the gateway option, which indicates EBGP multihop. Set the ! gateway option to the address of the router that has a route to the ! peer.
Page 172 Chapter 12: BGP Configuration Guide AS-64901 ISP1 AS-64900 100.200.12.1/24 100.200.13.1/24 Figure 12. Sample BGP Configuration (Specific Community) AS-64902 172.25.1.1/16 172.25.1.2/16 192.168.20.2/16 AS-64899 192.168.20.1/16 192.169.20.1/16 192.169.20.2/16 SmartSwitch Router User Reference Manual ISP2 172.26.1.2/16 172.26.1.1/16 10.200.14.1/24 10.200.15.1/24 Legend: Physical Link Peering Relationship Information Flow...
Page 173 AS-64901 AS-64900 100.200.12.20/24 100.200.13.1/24 Figure 13. Sample BGP Configuration (Well-Known Community) The Community attribute can be used in three ways: In a BGP Group statement: Any packets sent to this group of BGP peers will have the communities attribute in the BGP packet modified to be this communities attribute value from this AS.
Page 174 Chapter 12: BGP Configuration Guide Figure 13, router SSR11 has the following configuration: # Create an optional attribute list with identifier color1 for a community # attribute (community-id 160 AS 64901) ip-router policy create optional-attributes-list color1 community-id 160 autonomous-system 64901 # Create an optional attribute list with identifier color2 for a community # attribute (community-id 155 AS 64901) ip-router policy create optional-attributes-list color2 community-id 155...
Page 175 Figure 13, router SSR13 has the following configuration: ip-router policy create optional-attributes-list color1 community-id 160 autonomous-system 64902 ip-router policy create optional-attributes-list color2 community-id 155 autonomous-system 64902 ip-router policy create bgp-import-source 902color1 optional-attributes-list color1 autonomous-system 64899 sequence-number 1 ip-router policy create bgp-import-source 902color2 optional-attributes-list color2 autonomous-system 64899 sequence-number 2 ip-router policy create bgp-import-source 902color3 optional-attributes-list color1 autonomous-system 64901 sequence-number 3...
Page 176 Chapter 12: BGP Configuration Guide Figure 13, router SSR10 has the following configuration: # Create an optional attribute list with identifier color1 for a community # attribute (community-id 160 AS 64902) ip-router policy create optional-attributes-list color1 community-id 160 autonomous-system 64902 # Create an optional attribute list with identifier color2 for a community # attribute (community-id 155 AS 64902) ip-router policy create optional-attributes-list color2 community-id 155...
Page 177 The community attribute may be a single community or a set of communities. A maximum of 10 communities may be specified. The community attribute can take any of the following forms: • Specific community The specific community consists of the combination of the AS-value and community •...
Page 178: Notes On Using Communities
Chapter 12: BGP Configuration Guide Notes on Using Communities When originating BGP communities, the set of communities that is actually sent is the union of the communities received with the route (if any), those specified in group policy (if any), and those specified in export policy (if any). When receiving BGP communities, the update is only matched if all communities specified in the optional-attributes-list option of the ip-router policy create command are present in the BGP update.
Page 179 SSR12. Because local preference is exchanged between the routers within the AS, all traffic from AS 64901 is sent to SSR13 as the exit point. 10.200.12.1/24 SSR10 SSR12 Figure 14. Sample BGP Configuration (Local Preference) The following sections explain how to configure the local preference using the local-pref and the set-pref options.
Page 180: Using The Local-Pref Option
Chapter 12: BGP Configuration Guide Using the local-pref Option For router SSR12’s CLI configuration file, local-pref is set to 194: bgp set peer-group as901 local-pref 194 For router SSR13, local-pref is set to 204. bgp set peer-group as901 local-pref 204 Using the set-pref Option The formula used to compute the local preference is as follows: Local_Pref = 254 –...
Page 181: Multi-Exit Discriminator Attribute Example
For example, in their CLI configuration files: bgp set peer-group as901 set-pref 100 • The value of the set-pref option should be consistent with the import policy in the network. The metric value should be set high enough to avoid conflicts between BGP routes and IGP or static routes.
Page 182: Ebgp Aggregation Example
Chapter 12: BGP Configuration Guide Routers SSR4 and SSR6 inform router C1 about network 172.16.200.0/24 through External BGP (EBGP). Router SSR6 announced the route with a MED of 10, whereas router SSR4 announces the route with a MED of 20. Of the two EBGP routes, router C1 chooses the one with a smaller MED.
Page 183: Route Reflection Example
Router SSR8 has the following CLI configuration: interface add ip xleapnl address-netmask 212.19.192.2/24 interface create ip hobbygate address-netmask 212.19.199.62/24 port et.1.2 interface create ip xenosite address-netmask 212.19.198.1/24 port et.1.7 interface add ip lo0 address-netmask 212.19.192.1/30 bgp create peer-group webnet type external autonomous system 64901 bgp add peer-host 194.109.86.5 group webnet # Create an aggregate route for 212.19.192.0/19 with all its subnets as # contributing routes...
Page 184 Chapter 12: BGP Configuration Guide Figure 17 shows a sample configuration that uses route reflection. AS-64900 SSR8 EBGP Peer AS-64901 SSR9 IBGP Cluster Client SSR10 Figure 17. Sample BGP Configuration (Route Reflection) In this example, there are two clusters. Router SSR10 is the route reflector for the first cluster and router SSR11 is the route reflector for the second cluster.
Page 185 Router SSR11 has router SSR12 and router SSR13 as client peers and router SSR10 as non- client peer. The following line in router SSR11’s configuration file specifies it to be a route reflector bgp set peer-group rtr11 reflector-client Even though the IBGP Peers are not fully meshed in AS 64901, the direct routes of router SSR14, that is, 192.68.222.0/24 in AS 64902 (which are redistributed in BGP) do show up in the route table of router SSR8 in AS64900, as shown below: *********************************************...
Page 186: Notes On Using Route Reflection
Chapter 12: BGP Configuration Guide Notes on Using Route Reflection • Two types of route reflection are supported: – By default, all routes received by the route reflector from a client are sent to all internal peers (including the client’s group, but not the client itself). –...
Page 187: Chapter 13: Routing Policy Configuration Guide
Route Import and Export Policy Overview The SSR family of routers supports extremely flexible routing policies. The SSR allows the network administrator to control import and export of routing information based on criteria including: • Individual protocol • Source and destination autonomous system •...
Page 188: Preference
Chapter 13: Routing Policy Configuration Guide Preference Preference is the value the SSR routing process uses to order preference of routes from one protocol or peer over another. Preference can be set using several different configuration commands. Preference can be set based on one network interface over another, from one protocol over another, or from one remote gateway over another.
Page 189: Import Policies
Import Policies Import policies control the importation of routes from routing protocols and their installation in the routing databases (Routing Information Base and Forwarding Information Base). Import Policies determine which routes received from other systems are used by the SSR routing process. Every import policy can have up to two components: •...
Page 190: Route-Filter
Chapter 13: Routing Policy Configuration Guide It is only possible to restrict the importation of OSPF ASE routes when functioning as an AS border router. Like the other interior protocols, preference cannot be used to choose between OSPF ASE routes. That is done by the OSPF costs. Route-Filter This component specifies the individual routes which are to be imported or restricted.
Page 191: Route-Filter
The routes to be exported can be identified by their associated attributes: • Their protocol type (RIP, OSPF, BGP, Static, Direct, Aggregate). • Interface or the gateway from which the route was received. • Autonomous system from which the route was learned. •...
Page 192: Aggregates And Generates
Chapter 13: Routing Policy Configuration Guide A route will match the most specific filter that applies. Specifying more than one filter with the same destination, mask, and modifiers generates an error. There are three possible formats for a route filter. Not all of these formats are available in all places.
Page 193: Aggregate-Destination
Route aggregation is also used by regional and national networks to reduce the amount of routing information passed around. With careful allocation of network addresses to clients, regional networks can just announce one route to regional networks instead of hundreds. Aggregate routes are not actually used for packet forwarding by the originator of the aggregate route, but only by the receiver (if it wishes).
Page 194: Route-Filter
Chapter 13: Routing Policy Configuration Guide Route-Filter This component specifies the individual routes that are to be aggregated or summarized. The preference to be associated with these routes can also be explicitly specified using this component. The contributing routes are ordered according to the aggregation preference that applies to them.
Page 195: Authentication Keys And Key Management
Many protocols allow the specification of two authentication keys per interface. Packets are always sent using the primary keys, but received packets are checked with both the primary and secondary keys before being discarded. Authentication Keys and Key Management An authentication key permits the generation and verification of the authentication field in protocol packets.
Page 196: Redistributing Static Routes
Chapter 13: Routing Policy Configuration Guide The from-proto parameter specifies the protocol of the source routes. The values for the from-proto parameter can be rip, ospf, bgp, direct, static, aggregate and ospf-ase. The to- proto parameter specifies the destination protocol where the routes are to be exported. The values for the to-proto parameter can be rip, ospf and bgp.
Page 197: Redistributing Rip Into Rip
Redistributing RIP into RIP The SSR routing process requires RIP redistribution into RIP if a protocol is redistributed into RIP. To redistribute RIP into RIP, enter the following command in Configure mode: To redistribute RIP into RIP. Redistributing RIP into OSPF RIP routes may be redistributed to OSPF.
Page 198: Simple Route Redistribution Examples
Chapter 13: Routing Policy Configuration Guide To redistribute aggregate routes, enter one of the following commands in Configure mode: To redistribute aggregate routes into RIP. To redistribute aggregate routes into OSPF. Simple Route Redistribution Examples Example 1: Redistribution into RIP For all examples given in this section, refer to the configurations shown in page 181.
Page 199: Exporting All Static Routes Except The Default Route To All Rip Interfaces
!++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! RIP Box Level Configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ rip start rip set default-metric 2 !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! RIP Interface Configuration. Create a RIP interfaces, and set ! their type to (version II, multicast). !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ rip add interface to-r41 rip add interface to-r42 rip add interface to-r6 rip set interface to-r41 version 2 type multicast rip set interface to-r42 version 2 type multicast...
Page 200: Exporting All Interface & Static Routes To Ospf
Chapter 13: Routing Policy Configuration Guide • Specify the static routes configured on the router • Determine its OSPF configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Create the various IP interfaces. !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface create ip to-r2 et.1.2 interface create ip to-r3 interface create ip to-r41 address-netmask interface create ip to-r42 address-netmask interface create ip to-r6 !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++...
Page 201: Configuring Advanced Routing Policies
In the configuration shown in Version 2 on network 120.190.0.0/16, connecting routers R1 and R2. Router R1 would like to export all RIP, interface, and static routes to OSPF. ip-router policy redistribute from-proto rip to-proto ospf ip-router policy redistribute from-proto direct to-proto ospf ip-router policy redistribute from-proto static to-proto ospf Router R1 would also like to export interface, static, RIP, OSPF, and OSPF-ASE routes into RIP.
Page 202 Chapter 13: Routing Policy Configuration Guide routes to be exported can be identified by their associated attributes, such as protocol type, interface or the gateway from which the route was received, and so on. • Route Filter - This component provides the means to define a filter for the routes to be distributed.
Page 203: Creating An Export Destination
Creating an Export Destination To create an export destination, enter one the following commands in Configure mode: Create a RIP export destination. Create an OSPF export destination. Creating an Export Source To create an export source, enter one of the following commands in Configure mode: Create a RIP export source.
Page 204: Creating An Import Source
Chapter 13: Routing Policy Configuration Guide To create route import policies, enter the following command in Configure mode: Create an import policy. The <imp-src-id> is the identifier of the import-source that determines the source of the imported routes. If no routes from a particular source are to be imported, then no additional parameters are required.
Page 205: Creating An Aggregate Route
Creating an Aggregate Route Route aggregation is a method of generating a more general route, given the presence of a specific route. The routing process does not perform any aggregation unless explicitly requested. Aggregate-routes can be constructed from one or more of the following building blocks: •...
Page 206: Creating An Aggregate Destination
Chapter 13: Routing Policy Configuration Guide The <filter-id> is the identifier of the route-filter associated with this aggregate. If there is more than one route-filter for any aggregate-destination and aggregate-source combination, then the ip-router policy aggr-gen destination <aggr-dest-id> source <aggr- src-id>...
Page 207 Figure 18. Exporting to RIP 160.1.1.1/16 RIP v2 140.1.2.1/24 120.190.1.1/16 120.190.1.2/16 202.1.0.0/10 10.51.0.0/16 140.1.1.4/24 135.3.1.1/24 140.1.1.1/24 (RIP V1) 130.1.1.1/16 130.1.1.3/16 170.1.1.1/16 160.1.5.0/24 170.1.1.7/16 135.3.2.1/24 135.3.3.1/24 Internet...
Page 208 Chapter 13: Routing Policy Configuration Guide The following configuration commands for router R1: • Determine the IP address for each interface. • Specify the static routes configured on the router. • Determine its RIP configuration. !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Create the various IP interfaces. !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface create ip to-r2 interface create ip to-r3...
Page 209: Importing A Selected Subset Of Routes From One Rip Trusted Gateway
Importing a Selected Subset of Routes from One RIP Trusted Gateway Router R1 has several RIP peers. Router R41 has an interface on the network 10.51.0.0. By default, router R41 advertises network 10.51.0.0/16 in its RIP updates. Router R1 would like to import all routes except the 10.51.0.0/16 route from its peer R41.
Page 210: Example 2: Importing From Ospf
Chapter 13: Routing Policy Configuration Guide Example 2: Importing from OSPF Due to the nature of OSPF, only the importation of ASE routes may be controlled. OSPF intra-and inter-area routes are always imported into the SSR routing table with a preference of 10.
Page 211 Figure 19. Exporting to OSPF 140.1.5/24 140.1.1.2/24 A r e a 140.1.0.0 140.1.4/24 140.1.1.1/24 130.1.1.1/16 140.1.3.1/24 140.1.2.1/24 190.1.1.1/16 120.190.1.1/16 120.190.1.2/16 202.1.2.2/16 160.1.5.2/24 A r e a B a c k b o n e 130.1.1.3/16 160.1.5.2/24 150.20.3.1/16 150.20.3.2/16 A r e a 150.20.0.0...
Page 212: Importing A Selected Subset Of Ospf-Ase Routes
Chapter 13: Routing Policy Configuration Guide The following configuration commands for router R1: • Determine the IP address for each interface • Specify the static routes configured on the router • Determine its OSPF configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Create the various IP interfaces. !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface create ip to-r2 interface create ip to-r3...
Page 213: Examples Of Export Policies
Examples of Export Policies Example 1: Exporting to RIP Exporting to RIP is controlled by any of protocol, interface or gateway. If more than one is specified, they are processed from most general (protocol) to most specific (gateway). It is not possible to set metrics for exporting RIP routes into RIP. Attempts to do this are silently ignored.
Page 214: Exporting A Given Static Route To All Rip Interfaces
Chapter 13: Routing Policy Configuration Guide !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ip add route 135.3.1.0/24 gateway 130.1.1.3 ip add route 135.3.2.0/24 gateway 130.1.1.3 ip add route 135.3.3.0/24 gateway 130.1.1.3 !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Configure default routes to the other subnets reachable through R2. !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ip add route 202.1.0.0/16 gateway 120.190.1.2 ip add route 160.1.5.0/24 gateway 120.190.1.2 !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! RIP Box Level Configuration...
Page 215: Exporting A Given Static Route To A Specific Rip Interface
Create a Direct export source since we would like to export direct/interface routes. ip-router policy create direct-export-source directExpSrc Create the export-policy redistributing the statically created default route, and all (RIP, Direct) routes into RIP. ip-router policy export destination ripExpDst source statExpSrc network default ip-router policy export destination ripExpDst source ripExpSrc network all...
Page 216: Exporting All Static Routes Reachable Over A Given Interface To A Specific Rip-Interface
Chapter 13: Routing Policy Configuration Guide Exporting All Static Routes Reachable Over a Given Interface to a Specific RIP- Interface In this case, router R1 would export/redistribute all static routes accessible through its interface 130.1.1.1 to its RIP-interface 140.1.1.1 only. Create a RIP export destination for interface with address 140.1.1.1, since we intend to change the rip export policy for interface 140.1.1.1 ip-router policy create rip-export-destination ripExpDst141...
Page 217: Exporting Aggregate-Routes Into Rip
Exporting Aggregate-Routes into RIP In the configuration shown in Version 1 on network 130.1.0.0/16, connecting routers R1 and R3. Router R1 desires to announce the 140.1.1.0/24 and 140.1.2.0/24 networks to router R3. RIP Version 1 does not carry any information about subnet masks in its packets. Thus it would not be possible to announce the subnets (140.1.1.0/24 and 140.1.2.0/24) into RIP Version 1 without aggregating them.
Page 218: Example 2: Exporting To Ospf
Chapter 13: Routing Policy Configuration Guide Create the Export-Policy redistributing all (RIP, Direct) routes and the aggregate route 140.1.0.0/16 into RIP. ip-router policy export destination ripExpDst130 source aggrExpSrc network 140.1.0.0/16 ip-router policy export destination ripExpDst130 source ripExpSrc network all ip-router policy export destination ripExpDst130 source directExpSrc network all Example 2: Exporting to OSPF It is not possible to create OSPF intra- or inter-area routes by exporting routes from the...
Page 219: Exporting All Interface & Static Routes To Ospf
!++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Create the various IP interfaces. !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface create ip to-r2 interface create ip to-r3 interface create ip to-r41 address-netmask interface create ip to-r42 address-netmask interface create ip to-r6 !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Configure default routes to the other subnets reachable through R2. !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ip add route 202.1.0.0/16 gateway 120.1.1.2 ip add route 160.1.5.0/24 gateway 120.1.1.2...
Page 220: Exporting All Rip, Interface & Static Routes To Ospf
Chapter 13: Routing Policy Configuration Guide Create a Direct export source since we would like to export interface/direct routes. ip-router policy create direct-export-source directExpSrc Create the Export-Policy for redistributing all interface routes and static routes into OSPF. ip-router policy export destination ospfExpDstType1 source directExpSrc network all ip-router policy export destination ospfExpDstType2 source statExpSrc network all...
Page 221 Create a RIP export source. ip-router policy export destination ripExpDst source ripExpSrc network all Create a Static export source. ip-router policy create static-export-source statExpSrc Create a Direct export source. ip-router policy create direct-export-source directExpSrc Create the Export-Policy for redistributing all interface, RIP and static routes into OSPF.
Page 222 Chapter 13: Routing Policy Configuration Guide 12. Create the Export-Policy for redistributing all interface, RIP, static, OSPF and OSPF- ASE routes into RIP. ip-router policy export destination ripExpDst source statExpSrc network all ip-router policy export destination ripExpDst source ripExpSrc network all ip-router policy export destination ripExpDst source directExpSrc network all ip-router policy export destination ripExpDst source ospfExpSrc...
Page 223: Chapter 14: Multicast Routing Configuration Guide
IP Multicast Overview Multicast routing on the SSR is supported through DVMRP and IGMP. IGMP is used to determine host membership on directly attached subnets. DVMRP is used to determine forwarding of multicast traffic between SSRs. This chapter: • Provides an overview of the SSR’s implementation of the Internet Group Management Protocol (IGMP) •...
Page 224: Dvmrp Overview
Chapter 14: Multicast Routing Configuration Guide The SSR allows per-interface control of the host query interval and response time. Query interval defines the time between IGMP queries. Response time defines the time the SSR will wait for host responses to IGMP queries. The SSR can be configured to deny or accept group membership filters.
Page 225: Configuring Igmp
Configuring IGMP You configure IGMP on the SSR by performing the following configuration tasks: • Creating IP interfaces • Setting global parameters that will be used for all the interfaces on which DVMRP is enabled • Configuring IGMP on individual interfaces. You do so by enabling and disabling IGMP on interfaces and then setting IGMP parameters on the interfaces on which IGMP is enabled •...
Page 226: Configuring Per-Interface Control Of Igmp Membership
Chapter 14: Multicast Routing Configuration Guide To configure the host response wait time, enter the following command in Configure mode: Configure the IGMP host response wait time. Configuring Per-Interface Control of IGMP Membership You can configure the SSR to control IGMP membership on a per-interface basis. An interface can be configured to be allowed or not allowed membership to a particular group.
Page 227: Starting And Stopping Dvmrp
• Configuring DVMRP on individual interfaces. You do so by enabling and disabling DVMRP on interfaces and then setting DVMRP parameters on the interfaces on which DVMRP is disabled • Defining DVMRP tunnels, which IP uses to send multicast traffic between two end points Starting and Stopping DVMRP DVMRP is disabled by default on the SSR.
Page 228: Configuring The Dvmrp Routing Metric
Chapter 14: Multicast Routing Configuration Guide Configuring the DVMRP Routing Metric You can configure the DVMRP routing metric associated with a set of destinations for DVMRP reports. The default metric is 1. To configure the DVMRP routing metric, enter the following command in Configure mode: Configure the DVMRP routing metric.
Page 229: Configuring A Dvmrp Tunnel
To prevent the SSR from forwarding any data destined to a scoped group on an interface, enter the following command in the Configure mode: Configure the DVMRP scope. Configuring a DVMRP Tunnel The SSR supports DVMRP tunnels to the MBONE (the multicast backbone of the Internet).
Page 230: Configuration Examples
Chapter 14: Multicast Routing Configuration Guide Shows all IGMP group memberships on a port basis. Show all IGMP timers. Show information about multicasts registered by IGMP. Show IGMP status on a VLAN. Show all multicast Source, Group entries. Show all interfaces running multicast protocols (IGMP, DVMRP).
Page 231 Chapter 14: Multicast Routing Configuration Guide dvmrp enable interface 172.1.1.10 dvmrp enable interface 207.135.122.11 dvmrp enable interface 207.135.89.64 dvmrp enable interface 10.40.1.10 ! Set DVMRP parameters dvmrp set interface 172.1.1.10 neighbor-timeout 200 ! Start DVMRP dvmrp start SmartSwitch Router User Reference Manual...
Page 232 Chapter 14: Multicast Routing Configuration Guide SmartSwitch Router User Reference Manual...
Page 233: Chapter 15: Ip Policy-Based Forwarding Configuration Guide
Overview You can configure the SSR to route IP packets according to policies that you define. IP policy-based routing allows network managers to engineer traffic to make the most efficient use of their network resources. IP policies forward packets based on layer-3 or layer-4 IP header information. You can define IP policies to route packets to a set of next-hop IP addresses based on any combination of the following IP header fields: •...
Page 234: Configuring Ip Policies
Chapter 15: IP Policy-Based Forwarding Configuration Guide ISPs. You can also create IP policies to select service providers based on various traffic types. Configuring IP Policies To implement an IP policy, you first create a profile for the packets to be forwarded using an IP policy.
Page 235: Creating Multi-Statement Ip Policies
For example, the following command creates an IP policy called “p1” and specifies that packets matching profile “prof1” are forwarded to next-hop gateway 10.10.10.10: ssr(config)# ip-policy p1 permit acl prof1 next-hop-list 10.10.10.10 You can also set up a policy to prevent packets from being forwarded by an IP policy. For example, the following command creates an IP policy called “p2”...
Page 236: Setting Load Distribution For Next-Hop Gateways
Chapter 15: IP Policy-Based Forwarding Configuration Guide Setting Load Distribution for Next-Hop Gateways You can specify up to four next-hop gateways in an ip-policy statement. If you specify more than one next-hop gateway, you can use the ip-policy set command to control how the load is distributed among them and to check the availability of the next-hop gateways.
Page 237: Ip Policy Configuration Examples
IP Policy Configuration Examples This section presents some examples of IP policy configurations. The following uses of IP policies are demonstrated: • Routing traffic to different ISPs • Prioritizing service to customers • Authenticating users through a firewall • Firewall load balancing Routing Traffic to Different ISPs Sites that have multiple Internet service providers can create IP policies that cause different user groups to use different ISPs.
Page 238: Prioritizing Service To Customers
Chapter 15: IP Policy-Based Forwarding Configuration Guide The following is the IP policy configuration for the Policy Router in interface create ip user-a address-netmask 10.50.1.1/16 port et.1.1 interface create ip user-b address-netmask 11.50.1.1/16 port et.1.2 acl user-a-http acl user-a permit ip 10.50.0.0/16 207.31.0.0/16 any any 0 acl user-b permit ip 11.50.0.0/16 any any any 0 ip-policy net-a permit acl user-a-http next-hop-list 100.1.1.1 action...
Page 239: Authenticating Users Through A Firewall
Traffic from the premium customer is load balanced across two next-hop gateways in the high-cost, high-availability network. If neither of these gateways is available, then packets are forwarded based on dynamic routes learned via routing protocols. Traffic from the standard customer always uses one gateway (200.1.1.1). If for some reason that gateway is not available, packets from the standard customer are dropped.
Page 240: Firewall Load Balancing
Chapter 15: IP Policy-Based Forwarding Configuration Guide Packets from users defined in the “contractors” group are sent through a firewall. If the firewall cannot be reached packets from the contractors group are dropped. Packets from users defined in the “full-timers” group do not have to go through the firewall. The following is the IP policy configuration for the Policy Router in interface create ip mls0 address-netmask 10.50.1.1/16 port et.1.1 acl contractors permit ip 10.50.1.0/24 any any any 0...
Page 241: Monitoring Ip Policies
The following is the configuration for Policy Router 1 in vlan create firewall vlan add ports et.1.(1-5) to firewall interface create ip firewall address-netmask 1.1.1.5/16 vlan firewall acl firewall permit ip any any any 0 ip-policy p1 permit acl firewall next-hop-list “1.1.1.1 1.1.1.2 1.1.1.3 1.1.1.4”...
Page 242 Chapter 15: IP Policy-Based Forwarding Configuration Guide For example, to display information about an active IP policy called “p1”, enter the following command in Enable mode: ssr# ip-policy show policy-name p1 -------------------------------------------------------------------------------- IP Policy name : p1 Applied Interfaces : int1 Load Policy : first available Source IP/Mask...
Page 243 11. The sequence in which the statement is evaluated. IP policy statements are listed in the order they are evaluated (lowest sequence number to highest). 12. The rule to apply to the packets matching the profile: either permit or deny 13.
Page 244 Chapter 15: IP Policy-Based Forwarding Configuration Guide SmartSwitch Router User Reference Manual...
Page 245: Chapter 16: Network Address Translation Configuration Guide
Overview Note: Some commands in this facility require updated SSR hardware. Please refer to Appendix A Network Address Translation (NAT) allows an IP address used within one network to be translated into a different IP address used within another network. NAT is often used to map addresses used in a private, local intranet to one or more addresses used in the public, global Internet.
Page 246: Configuring Nat
Chapter 16: Network Address Translation Configuration Guide The SSR allows you to create the following NAT address bindings: • Static, one-to-one binding of inside, local address or address pool to outside, global address or address pool. A static address binding does not expire until the command that defines the binding is negated.
Page 247: Setting Nat Rules
Setting NAT Rules Static You create NAT static bindings by entering the following command in Configure mode. Enable NAT with static address binding. Dynamic You create NAT dynamic bindings by entering the following command in Configure mode. Enable NAT with dynamic address binding.
Page 248: Managing Dynamic Bindings
Chapter 16: Network Address Translation Configuration Guide Managing Dynamic Bindings As mentioned previously, dynamic address bindings expire only after a period of non-use or when they are manually deleted. The default timeout for dynamic address bindings is 1440 minutes (24 hours). You can manually delete dynamic address bindings for a specific address pool or delete all dynamic address bindings.
Page 249: Nat And Icmp Packets
The default timeout for DNS dynamic address bindings is 30 minutes. You can change this timeout by entering the following command in Configure mode: Specify the timeout for DNS bindings. NAT and ICMP Packets NAT translates addresses embedded in the data portion of the following types of ICMP error messages: •...
Page 250: Monitoring Nat
Chapter 16: Network Address Translation Configuration Guide Monitoring NAT To display NAT information, enter the following command in Enable mode. Display NAT information. Configuration Examples This section shows examples of NAT configurations. Static Configuration The following example configures a static address binding for inside address 10.1.1.2 to outside address 192.50.20.2: Outbound: Translate source 10.1.1.2 to 192.50.20.2 Inbound: Translate destination 192.50.20.2 to 10.1.1.2...
Page 251: Using Static Nat
Using Static NAT Static NAT can be used when the local and global IP addresses are to be bound in a fixed manner. These bindings never get removed nor time out until the static NAT command itself is negated. Static binding is recommended when you have a need for a permanent type of binding.
Page 252: Using Dynamic Nat
Chapter 16: Network Address Translation Configuration Guide Next, define the interfaces to be NAT “inside” or “outside”: nat set interface 10-net inside nat set interface 192-net outside Then, define the NAT dynamic rules by first creating the source ACL pool and then configuring the dynamic bindings: acl lcl permit ip 10.1.1.0/24 nat create dynamic local-acl-pool lcl global-pool 192.50.20.0/24...
Page 253: Dynamic Nat With Ip Overload (Pat) Configuration
Dynamic NAT with IP Overload (PAT) Configuration The following example configures a dynamic address binding for inside addresses 10.1.1.0/24 to outside address 192.50.20.0/24: Outbound: Translate source pool 10.1.1.0/24 to global pool 192.50.20.1-192.50.20.3 10.1.1.4 IP network 10.1.1.0/24 10.1.1.2 10.1.1.3 The first step is to create the interfaces: interface create ip 10-net address-netmask 10.1.1.1/24 port et.2.1 interface create ip 192-net address-netmask 192.50.20.1/24 port et.2.2 Next, define the interfaces to be NAT “inside”...
Page 254: Dynamic Nat With Dns
Chapter 16: Network Address Translation Configuration Guide the pools and the SSR automatically chooses a free global IP from the global pool for the local IP. Dynamic bindings are removed when the flow count goes to zero or the timeout has been reached.
Page 255: Using Dynamic Nat With Dns
Using Dynamic NAT with DNS When a client from outside sends a query to the static global IP address of the DNS server, NAT will translate the global IP address to the local IP address of the DNS server. The DNS server will resolve the query and respond with a reply.
Page 256: Using Dynamic Nat With Matching Interface Redundancy
Chapter 16: Network Address Translation Configuration Guide Then, define the NAT dynamic rules by first creating the source ACL pool and then configuring the dynamic bindings: acl lcl permit ip 10.1.1.0/24 nat create dynamic local-acl-pool lcl global-pool 192.50.20.0/24 matching- if 192-net nat create dynamic local-acl-pool lcl global-pool 210.50.20.0/24 matching- if 201-net Using Dynamic NAT with Matching Interface Redundancy...
Page 257: Chapter 17: Web Hosting Configuration Guide
Overview Accessing information on websites for both work or personal purposes is becoming a normal practice for an increasing number of people. For many companies, fast and efficient web access is important for both external customers who need to access the company websites, as well as for users on the corporate intranet who need to access Internet websites.
Page 258: Load Balancing
Chapter 17: Web Hosting Configuration Guide Load Balancing Note: Load balancing requires updated SSR hardware. Please refer to details. You can use the load balancing feature on the SSR to distribute session load across a group of servers. If you configure the SSR to provide load balancing, client requests that go through the SSR can be redirected to any one of several predefined hosts.
Page 259: Session Persistence
redirects the request to the actual server address and port. Server selection is done according to the specified policy. To add servers to the server group, enter the following command in Configure mode: Add load balancing servers to a specific server group. Add range of load balancing servers to a range of server groups.
Page 260 Chapter 17: Web Hosting Configuration Guide directed to the same load balancing server (for example, the server with IP address 10.1.1.1). • Sticky persistence: a binding is determined by matching the source and destination IP addresses only. This allows all requests from a client to the same virtual address to be directed to the same load balancing server.
Page 261: Optional Group Or Server Operating Parameters
Optional Group or Server Operating Parameters There are several commands you can specify that affect the operating parameters of individual servers or the entire group of load balancing servers. In many cases, there are default parameter values and you only need to specify a command if you wish to change the default operation.
Page 262: Verifying Servers And Applications
Chapter 17: Web Hosting Configuration Guide Verifying Servers and Applications The SSR automatically performs the following types of verification for the attached load balancing servers/applications: • Verifies the state of the server by sending a ping to the server at 5-second intervals. If the SSR does not receive a reply from a server after four ping requests, the server is considered to be “down.”...
Page 263: Verifying Extended Content
Verifying Extended Content You can also have the SSR verify the content of an application on one or more load balancing servers. For this type of verification, you specify the following: • A string that the SSR sends to a single server or to the group of load balancing servers. The string can be a simple HTTP command to get a specific HTML page.
Page 264: Load Balancing And Ftp
Chapter 17: Web Hosting Configuration Guide To set the status of a load balancing server, enter the following command in Enable mode: Set status of load balancing server. Load Balancing and FTP File Transfer Protocol (FTP) packets require special handling with load balancing, because the FTP PORT command packets contain IP address information within the data portion of the packet.
Page 265: Displaying Load Balancing Information
To specify the timeout for load balancing mappings, enter the following command in Configure mode: Specify the timeout for source- destination mappings. Displaying Load Balancing Information To display load balancing information, enter the following commands in Enable mode: Show the groups of load balancing servers.
Page 266: Web Hosting With One Virtual Group And Multiple Destination Servers
Chapter 17: Web Hosting Configuration Guide Web Hosting with One Virtual Group and Multiple Destination Servers In the following example, a company web site is established with a URL of www.ctron.com. The system administrator configures the networks so that the SSR forwards web requests among four separate servers, as shown below.
Page 267: Web Hosting With Multiple Virtual Groups And Multiple Destination Servers
Web Hosting with Multiple Virtual Groups and Multiple Destination Servers In the following example, three different servers are used to provide different services for a site. 10.1.1.1 www.quick.com 10.1.1.2 10.1.1.3 ftp.quick.com smtp.quick.com Domain Name www.quick.com ftp.quick..com smtp.quick.com The network shown above can be created with the following load-balance commands: load-balance create group-name quick-www virtual-ip 207.135.89.16 virtual-port 80 protocol tcp load-balance create group-name quick-ftp virtual-ip 207.135.89.16 virtual-port 21...
Page 268: Virtual Ip Address Ranges
Chapter 17: Web Hosting Configuration Guide Virtual IP Address Ranges ISPs who provide web hosting services for their clients require a large number of virtual IP addresses (VIPs). The load-balance create vip-range-name and load-balance add host- to-vip-range commands were created specifically for this. An ISP can create a range of VIPs for up to an entire class C network with the load-balance create vip-range-name command.
Page 269: Session And Netmask Persistence
The network shown in the previous example can be created with the following load- balance commands: load-balance create vip-range-name mywwwrange 207.135.89.16-207.135.89.50 virtual-port 80 protocol tcp load-balance add host-to-vip-range 10.1.1.16-10.1.1.50 vip-range-name mywwwrange port 80 load-balance add host-to-vip-range 10.1.2.16-10.1.2.50 vip-range-name mywwwrange port 80 Session and Netmask Persistence In the following example, traffic to a company web site (www.ctron.com) is distributed between two separate servers.
Page 270: Web Caching
Chapter 17: Web Hosting Configuration Guide Web Caching Web caching provides a way to store frequently accessed Web objects on a cache of local servers. Each HTTP request is transparently redirected by the SSR to a configured cache server. When a user first accesses a Web object, that object is stored on a cache server. Each subsequent request for the object uses this cached object.
Page 271: Specifying The Client(S) For The Cache Group (Optional)
Specifying the Client(s) for the Cache Group (Optional) You can explicitly specify the hosts whose HTTP requests are or are not redirected to the cache servers. If you do not explicitly specify these hosts, then all HTTP requests are redirected to the cache servers. To specify the clients or non-clients for the cache group, enter the following commands in Configure mode: Define hosts whose requests are...
Page 272: Configuration Example
Chapter 17: Web Hosting Configuration Guide Configuration Example In the following example, a cache group of seven local servers is configured to store Web objects for users in the local network: Cache1 s2 Servers: 186.89.10.51 186.89.10.55 s1 Servers: 176.89.10.50 176.89.10.51 176.89.10.52 176.89.10.53 176.89.10.54...
Page 273: Proxy Server Redundancy
which HTTP requests are not redirected to the cache servers, enter the following command in Configure mode: Define destination sites to which HTTP requests are sent directly. Proxy Server Redundancy Some networks use proxy servers that receive HTTP requests on a non-standard port number (i.e., not port 80).
Page 274 Chapter 17: Web Hosting Configuration Guide Show caching policy information. Show cache server information. web-cache show cache-name web-cache show servers cache |all SmartSwitch Router User Reference Manual <cache-name> |all <cache-name>...
Page 275: Chapter 18: Ipx Routing Configuration Guide
IPX Routing Overview The Internetwork Packet Exchange (IPX) is a datagram connectionless protocol for the Novell NetWare environment. You can configure the SSR for IPX routing and SAP. Routers interconnect different network segments and by definitions are network layer devices. Thus routers receive their instructions for forwarding a packet from one segment to another from a network layer protocol.
Page 276: Sap (Service Advertising Protocol)
Chapter 18: IPX Routing Configuration Guide this information is immediately broadcast to any neighboring routers. Routers also send periodic RIP broadcast packets containing all routing information known to the router. The SSR uses IPX RIP to create and maintain a database of internetwork routing information.
Page 277: Configuring Ipx Rip & Sap
Configuring IPX RIP & SAP This section provides an overview of configuring various IPX parameters and setting up IPX interfaces. IPX RIP On the SSR, RIP automatically runs on all IPX interfaces. The SSR will keep multiple routes to the same network having the lowest ticks and hop count. Static routes can be configured on the SSR using the CLI’s ipx add route command.
Page 278: Configuring Ipx Interfaces And Parameters
Chapter 18: IPX Routing Configuration Guide Configuring IPX Interfaces and Parameters This section provides an overview of configuring various IPX parameters and setting up IPX interfaces. Configuring IPX Addresses to Ports You can configure one IPX interface directly to a physical port. To configure an IPX interface to a port, enter the following command in Configure mode: Configure an IPX interface to a physical port.
Page 279: Specifying Ipx Encapsulation Method
Specifying IPX Encapsulation Method The SmartSwitch Router supports four encapsulation types for IPX. You can configure encapsulation type on a per-interface basis. • Ethernet II: The standard ARPA Ethernet Version 2.0 encapsulation, which uses a 16- bit protocol type code (the default encapsulation method) •...
Page 280: Configuring Static Routes
Chapter 18: IPX Routing Configuration Guide Configuring Static Routes In a Novell NetWare network, the SSR uses RIP to determine the best paths for routing IPX. However, you can add static RIP routes to RIP routing table to explicitly specify a route.
Page 281: Creating An Ipx Type 20 Access Control List
To create an IPX access control list, perform the following task in the Configure mode: Create an IPX access control list. Once an IPX access control list has been created, you must apply the access control list to an IPX interface. To apply an IPX access control list, enter the following command in Configure mode: Apply an IPX access control list.
Page 282: Creating An Ipx Gns Access Control List
Chapter 18: IPX Routing Configuration Guide Creating an IPX GNS Access Control List IPX GNS access control lists control which SAP services the SSR can reply with to a get nearest server (GNS) request. To create an IPX GNS access control list, enter the following command in Configure mode: Create an IPX GNS access control list.
Page 283: Monitoring An Ipx Network
Monitoring an IPX Network The SSR reports IPX interface information and RIP or SAP routing information. To display IPX information, enter the following command in Enable mode: Show a RIP entry in the IPX RIP table. Show a SAP entry in the IPX SAP table. Show IPX interface information.
Page 284 Chapter 18: IPX Routing Configuration Guide !Add static sap ipx add sap 0004 FILESERVER1 9.03:04:05:06:07:08 452 1 AAAAAAAA !RIP Access List acl 100 deny ipxrip 1 2 !RIP inbound filter acl 100 apply interface ipx1 input !SAP Access List acl 200 deny ipxsap A.01:03:05:07:02:03 0004 FILESERVER2 !SAP outbound filter to interface ipx2 acl 200 apply interface ipx2 output !IPX type 20 access list...
Page 285: Chapter 19: Access Control List Configuration Guide
This chapter explains how to configure and use Access Control Lists (ACLs) on the SSR. ACLs are lists of selection criteria for specific types of packets. When used in conjunction with certain SSR functions, ACLs allow you to restrict Layer-3/4 traffic going through the router.
Page 286: Chapter 19: Access Control List Configuration Guide
Chapter 19: Access Control List Configuration Guide ACL Basics An ACL consists of one or more rules describing a particular type of IP or IPX traffic. ACLs can be simple, consisting of only one rule, or complicated with many rules. Each rule tells the SSR to either permit or deny packets that match selection criteria specified in the rule.
Page 287 These selection criteria are specified as fields of an ACL rule. The following syntax description shows the fields of an IP ACL rule: <name> permit|deny ip <tos-mask> [accounting] Note: The acl permit|deny ip command restricts traffic for all IP-based protocols, such as TCP, UDP, ICMP, and IGMP.
Page 288: How Acl Rules Are Evaluated
Chapter 19: Access Control List Configuration Guide How ACL Rules are Evaluated For an ACL with multiple rules, the ordering of the rules is important. When the SSR checks a packet against an ACL, it goes through each rule in the ACL sequentially. If a packet matches a rule, it is forwarded or dropped based on the permit or deny keyword in the rule.
Page 289: Allowing External Responses To Established Tcp Connections
With the implicit deny rule, this ACL actually has three rules: acl 101 permit ip 1.2.3.4/24 any any any acl 101 permit ip 4.3.2.1/24 any nntp any acl 101 deny any any any any any If a packet comes in and doesn't match the first two rules, the packet is dropped. This is because the third rule (the implicit deny rule) matches all packets.
Page 290: Creating And Modifying Acls
Chapter 19: Access Control List Configuration Guide you would have to create an ACL to allow responses from each specific outside host. If the number of outside hosts that internal users need to access is large or changes frequently, this can be difficult to maintain. To address this problem, the SSR can be configured to accept outside TCP responses into the internal network, provided that the TCP connection was initiated internally.
Page 291: Maintaining Acls Using The Acl Editor
Suppose the following ACL commands are stored in a file on some hosts: no acl * acl 101 deny tcp 10.11.0.0/16 10.12.0.0/16 acl 101 permit tcp 10.11.0.0 any acl 101 apply interface int12 input The first command, no acl *, negates all commands that start with the keyword, “acl”. This tells the SSR to remove the application and the definition of any ACL.
Page 292: Using Acls
Chapter 19: Access Control List Configuration Guide If you edit and save changes to an ACL that is currently being used or applied to an interface, the changes will take effect immediately. There is no need to remove the ACL from the interface before making changes and reapply it after changes are made.
Page 293: Applying Acls To Services
application). Note that for an external agent to modify or remove an applied ACL from an interface, the acl-policy enable external command must be in the configuration. In general, you should try to apply ACLs at the inbound interfaces instead of the outbound interfaces.
Page 294: Using Acls As Profiles
Chapter 19: Access Control List Configuration Guide Like ACLs that are applied to interfaces, ACLs that are applied to Layer 4 bridging ports can be applied to either inbound or outbound traffic. For each port, only one ACL can be applied for the inbound direction and one for the outbound direction.
Page 295: Using Profile Acls With The Ip Policy Facility
• Unlike with other kinds of ACLs, there is no implicit deny rule for Profile ACLs. • Only certain ACL rule parameters are relevant for each configuration command. For example, the configuration command to create NAT address pools for dynamic bindings (the nat create dynamic command) only looks at the source IP address in the specified ACL rule.
Page 296: Using Profile Acls With Dynamic Nat
Chapter 19: Access Control List Configuration Guide criteria (in this case, flows from source address 1.2.2.2). Then you use a rate-limit command to specify what happens to packets that match the selection criteria (in this example, drop them if their bandwidth usage exceeds 10 Mbps). The following commands illustrate this example.
Page 297: Using Profile Acls With The Port Mirroring Facility
Once you have defined a Profile ACL, you can then use the nat create dynamic command to bind the range of IP addresses defined in the local profile to a range in network 192.50.20.0/24. ssr(config)# nat create dynamic local-acl-pool local global-pool 192.50.20.10/24 “Network Address Translation Configuration Guide”...
Page 298: Redirecting Http Traffic To Cache Servers
Chapter 19: Access Control List Configuration Guide Redirecting HTTP Traffic to Cache Servers You can use a Profile ACL to specify which HTTP traffic should always (or never) be redirected to the cache servers. (By default, when Web caching is enabled, all HTTP traffic from all hosts is redirected to the cache servers unless you specify otherwise.) For example, you can specify that packets with a source address of 10.10.10.10 and a destination address of 1.2.3.4 always are sent to the Internet and never to the cache...
Page 299: Enabling Acl Logging
Enabling ACL Logging To see whether incoming packets are permitted or denied because of an ACL, you can enable ACL logging. You can enable logging when applying the ACL or you can enable logging for a specific ACL rule. The following commands define an ACL and apply the ACL to an interface, with logging enabled for the ACL: acl 101 deny ip 10.2.0.0/16 any any any acl 101 permit ip any any any any...
Page 300: Monitoring Acls
Chapter 19: Access Control List Configuration Guide Monitoring ACLs The SSR provides a display of ACL configurations active in the system. To display ACL information, enter the following commands in Enable mode. Show all ACLs. Show a specific ACL. Show an ACL on a specific interface. Show ACLs on all IP interfaces.
Page 301: Chapter 20: Security Configuration Guide
Security Overview The SSR provides security features that help control access to the SSR and filter traffic going through the SSR. Access to the SSR can be controlled by: • Enabling RADIUS • Enabling TACACS • Enabling TACACS Plus • Password authentication Traffic filtering on the SSR enables: •...
Page 302: Configuring Ssr Access Security
Chapter 20: Security Configuration Guide Configuring SSR Access Security This section describes the following methods of controlling access to the SSR: • RADIUS • TACACS • TACACS Plus • Passwords Configuring RADIUS You can secure login or Enable mode access to the SSR by enabling a Remote Authentication Dial-In Service (RADIUS) client.
Page 303: Monitoring Radius
Monitoring RADIUS You can monitor RADIUS configuration and statistics within the SSR. To monitor RADIUS, enter the following commands in Enable mode: Show RADIUS server statistics. Show all RADIUS parameters. Configuring TACACS In addition, Enable mode access to the SSR can be made secure by enabling a Terminal Access Controller Access Control System (TACACS) client.
Page 304: Configuring Tacacs Plus
Chapter 20: Security Configuration Guide Configuring TACACS Plus You can secure login or Enable mode access to the SSR by enabling a TACACS Plus client. A TACACS Plus server responds to the SSR TACACS Plus client to provide authentication. You can configure up to five TACACS Plus server targets on the SSR. A timeout is set to tell the SSR how long to wait for a response from TACACS Plus servers.
Page 305: Monitoring Tacacs Plus
Monitoring TACACS Plus You can monitor TACACS Plus configuration and statistics within the SSR. To monitor TACACS Plus, enter the following commands in Enable mode: Show TACACS Plus server statistics. Show all TACACS Plus parameters. Configuring Passwords The SSR provides password authentication for accessing the User and Enable modes. If TACACS is not enabled on the SSR, only local password authentication is performed.
Page 306: Configuring Layer-2 Address Filters
Chapter 20: Security Configuration Guide A secure filter shuts down access to the SSR based on MAC addresses. All packets received by a port are dropped. When combined with static entries, however, these filters can be used to drop all received traffic but allow some frames to go through. Configuring Layer-2 Address Filters If you want to control access to a source or destination on a per-MAC address basis, you can configure an address filter.
Page 307: Configuring Layer-2 Port-To-Address Lock Filters
Configuring Layer-2 Port-to-Address Lock Filters Port address lock filters allow you to bind or “lock” specific source MAC addresses to a port or set of ports. Once a port is locked, only the specified source MAC address is allowed to connect to the locked port and the specified source MAC address is not allowed to connect to any other ports.
Page 308: Configuring Layer-2 Secure Port Filters
Chapter 20: Security Configuration Guide Configuring Layer-2 Secure Port Filters Secure port filters block access to a specified port. You can use a secure port filter by itself to secure unused ports. Secure port filters can be configured as source or destination port filters.
Page 309: Monitoring Layer-2 Security Filters
Monitoring Layer-2 Security Filters The SSR provides display of Layer-2 security filter configurations contained in the routing table. To display security filter information, enter the following commands in Enable mode. Show address filters. Show port address lock filters. Show secure port filters. Show static entry filters.
Page 310: Static Entries Example
Chapter 20: Security Configuration Guide Destination filter: No one from the engineering group (port et.1.1) should be allowed to access the finance server. All traffic destined to the finance server's MAC will be dropped. filters add address-filter name finance dest-mac AABBCC:DDEEFF vlan 1 in-port-list et.1.1 Flow filter: Only the consultant is restricted access to one of the finance file servers.
Page 311: Example 2 : Secure Ports
Note: If the consultant’s MAC is detected on a different port, all of its traffic will be blocked. Example 2 : Secure Ports Source secure port: To block all engineers on port 1 from accessing all other ports, enter the following command: filters add secure-port name engineers direction source vlan 1 in-port-list et.1.1 To allow ONLY the engineering manager access to the engineering servers, you must...
Page 312: Layer-4 Bridging And Filtering
Chapter 20: Security Configuration Guide Layer-4 Bridging and Filtering Layer-4 bridging is the SSR’s ability to use layer-3/4 information to perform filtering or QoS during bridging. As described in ports to filter traffic using MAC addresses. Layer-4 bridging adds the ability to use IP addresses, layer-4 protocol type, and port number to filter traffic in a bridged network.
Page 313: Creating A Port-Based Vlan For Layer-4 Bridging
Creating a Port-Based VLAN for Layer-4 Bridging The ports to be used in Layer-4 Bridging must all be on the same VLAN. To create a port- based VLAN, enter the following command in Configure mode: Create a port-based VLAN. For example, to create a port-based VLAN called “blue” with an ID of 21, enter the following command in Configure Mode: ssr(config)# vlan create blue port-based id 21 Placing the Ports on the Same VLAN...
Page 314: Applying A Layer-4 Bridging Acl To A Port
Chapter 20: Security Configuration Guide In the example in Figure 25 on page for e-mail (SMTP) traffic, but not for Web (HTTP) traffic — and allow e-mail, Web, and FTP traffic between the engineers and the file server, you would create ACLs that allow only SMTP traffic on the port to which the consultants are connected and allow SMTP, HTTP, and FTP traffic on the ports to which the engineers are connected.
Page 315 • If you use a SmartTRUNK in a with Layer-4 Bridging VLAN, the SSR maintains the packet order on a per-flow basis, rather than per-MAC pair. This means that for traffic between a MAC pair consisting of more than one flow, the packets may be disordered if they go through a SmartTRUNK.
Page 316 Chapter 20: Security Configuration Guide SmartSwitch Router User Reference Manual...
Page 317: Chapter 21: Qos Configuration Guide
QoS Configuration QoS & Layer-2/Layer-3/Layer-4 Flow Overview The SSR allows network managers to identify traffic and set Quality of Service (QoS) policies without compromising wire speed performance. The SSR can guarantee bandwidth on an application by application basis, thus accommodating high-priority traffic even during peak periods of usage.
Page 318: Layer-2 And Layer-3 & Layer-4 Flow Specification
Chapter 21: QoS Configuration Guide Within the SSR, QoS policies are used to classify Layer-2, Layer-3, and Layer-4 traffic into the following priority queues (in order from highest priority to lowest): • Control (for router control traffic; the remaining classes are for normal data flows) •...
Page 319: Precedence For Layer-3 Flows
Precedence for Layer-3 Flows A precedence from 1 - 7 is associated with each field in a flow. The SSR uses the precedence value associated with the fields to break ties if packets match more than one flow. The highest precedence is 1 and the lowest is 7. Here is the default precedence of the fields: •...
Page 320: Configuring Layer-2 Qos
Chapter 21: QoS Configuration Guide If a port operates in flow-bridging mode, you can be more specific and configure priorities for frames that match both a source AND a destination MAC address and a VLAN ID. You can also specify a list of ports to apply the policy. The VLAN ID in the QoS configuration must match the VLAN ID assigned to the list of ports to which the QoS policy is applied.
Page 321: Creating And Applying A New Priority Map
You can create one or more priority maps that are different from the default priority map and then apply these maps to some or all ports of the SSR. The new priority mapping replaces the default mappings for those ports to which they are applied. Creating and Applying a New Priority Map To specify a priority map on a per-port basis, enter the following commands in Configure mode:...
Page 322: Displaying Priority Map Information
Chapter 21: QoS Configuration Guide configured to use the default priority map only. If the commands to create and apply priority maps exist in the active configuration, they will remain in the configuration but be ineffective. To disable the use of priority maps, enter the following command in Configure mode: Disable use of per- port priority maps on the SSR.
Page 323: Setting An Ip Qos Policy
Setting an IP QoS Policy To set a QoS policy on an IP traffic flow, enter the following command in Configure mode: Set an IP QoS policy. For example, the following command assigns control priority to any traffic coming from the 10.10.11.0 network: ssr(config)# qos set ip xyz control 10.10.11.0/24 Specifying Precedence for an IP QoS Policy...
Page 324: Specifying Precedence For An Ipx Qos Policy
Chapter 21: QoS Configuration Guide Specifying Precedence for an IPX QoS Policy To specify the precedence for an IPX QoS policy, enter the following command in Configure mode: Specify precedence for an IPX QoS policy. Configuring SSR Queueing Policy The SSR queuing policy is set on a system-wide basis. The SSR default queuing policy is strict priority.
Page 325: Weighted Random Early Detection (Wred)
Weighted Random Early Detection (WRED) Random Early Detection (WRED) alleviates traffic congestion issues by selectively dropping packets before the queue becomes completely flooded. WRED parameters allow you to set conditions and limits for dropping packets in the queue. To enable WRED on input or output queues of specific ports, enter the following command in Configure mode: Enable WRED on input or output queue of specified...
Page 326: Configuring Tos Rewrite For Ip Packets
Chapter 21: QoS Configuration Guide For example, setting the ToS field to 0010 specifies that a packet will be routed on the most reliable paths. Setting the ToS field to 1000 specifies that a packet will be routed on the paths with the least delay.
Page 327 are rewritten to the <tos-precedence-rewrite> value and the lower five bits are rewritten to the <tos-rewrite> value. For example, the following command will rewrite the ToS Precedence field to 7 if the ToS Precedence field of the incoming packet is 6: ssr(config)# qos set ip tosp6to7 low any any any any 222 any any 224 7 In the above example, the <tos>...
Page 328: Monitoring Qos
Chapter 21: QoS Configuration Guide Monitoring QoS The SSR provides display of QoS statistics and configurations contained in the SSR. To display QoS information, enter the following commands in Enable mode: Show all IP QoS flows. Show all IPX QoS flows. Show all Layer-2 QoS flows.
Page 329: Limiting Traffic Rate
Limiting Traffic Rate Note: Some commands in this facility require updated SSR hardware. Please refer to Appendix A Rate limiting provides the ability to control the usage of a fundamental network resource, bandwidth. It allows you to limit the rate of traffic that flows through the specified interfaces, thus reserving bandwidth for critical applications.
Page 330: Per-Flow Rate Limiting
Chapter 21: QoS Configuration Guide To enable aggregate rate limiting mode on the SSR, enter the following command in Configure mode: Enable aggregate rate limiting mode on the SSR. To change the rate limiting mode on the SSR back to per-flow mode, negate the above command.
Page 331: Aggregate Rate Limiting
To define a port rate limit policy, enter one of the following commands in Configure mode: Define a port rate limit policy to limit incoming traffic on a port. Define a port rate limit policy to limit outgoing traffic on a port. Note that for output port policies, the only action that you can specify if traffic exceeds the specified rate is to drop packets.
Page 332: Example Configurations
Chapter 21: QoS Configuration Guide To define an aggregate rate limit policy and apply the policy to an interface, enter the following commands in Configure mode: Define an aggregate rate limit policy. Apply an aggregate rate limit policy to an interface. Note: You cannot use non-IP ACLs for aggregate rate limit policies.
Page 333: Aggregate Rate Limiting
Traffic from two interfaces, ‘ipclient1’ with IP address 1.2.2.2 and ‘ipclient2’ with IP address 3.1.1.1, is restricted to 10 Mbps for each flow with the following configuration: vlan create client1 ip vlan create backbone ip vlan create client2 ip vlan add ports et.1.1 to client1 vlan add ports et.1.2 to client2 vlan add ports et.1.8 to backbone interface create ip ipclient1 vlan client1 address-netmask 1.1.1.1/8...
Page 334: Displaying Rate Limit Information
Chapter 21: QoS Configuration Guide Displaying Rate Limit Information To show information about rate limit policies, enter the following command in Enable mode: Show rate limit policy information. rate-limit show all | policy-type <name> policy-name | interface <port> <name> {port-level } | rate-limiting- mode SmartSwitch Router User Reference Manual...
Page 335: Chapter 22: Performance Monitoring Guide
Performance Monitoring Overview The SSR is a full wire-speed layer-2, 3 and 4 switching router. As packets enter the SSR, layer-2, 3, and 4 flow tables are populated on each line card. The flow tables contain information on performance statistics and traffic forwarding. Thus the SSR provides the capability to monitor performance at Layer 2, 3, and 4.
Page 336 Chapter 22: Performance Monitoring Guide Show information about the master MAC table. Show information about a particular MAC address. Show info about multicasts registered by IGMP. Show whether IGMP is on or off on a VLAN. Show info about MACs registered by the system.
Page 337: Configuring The Ssr For Port Mirroring
Configuring the SSR for Port Mirroring The SSR allows you to monitor activity with port mirroring. Port mirroring allows you to monitor the performance and activities of ports on the SSR or for traffic defined by an ACL through just a single, separate port. While in Configure mode, you can configure your SSR for port mirroring with a simple command line like the following: Configure Port Mirroring.
Page 338 Chapter 22: Performance Monitoring Guide SmartSwitch Router User Reference Manual...
Page 339: Chapter 23: Rmon Configuration Guide
RMON Overview You can employ Remote Network Monitoring (RMON) in your network to help monitor traffic at remote points on the network. With RMON, data collection and processing is done with a remote probe, namely the SSR. The SSR also includes RMON agent software that communicates with a network management station via SNMP.
Page 340: Configuring And Enabling Rmon
1 : port flow-bridging et.5.(3-8) 2 : interface add ip en0 address-netmask 10.50.6.9/16 3 : system set contact "usama" 4 : system set location Cabletron Systems 5 : system set name "ssr" 6 : rmon set ports all-ports 7 : rmon set lite default-tables yes...
Page 341: Rmon Groups
RMON Groups The RMON MIB groups are defined in RFCs 1757 (RMON 1) and 2021 (RMON 2). On the SSR, you can configure one or more levels of RMON support for a set of ports. Each level—Lite, Standard, or Professional—enables different sets of RMON groups (described later in this section).
Page 342: Standard Rmon Groups
Chapter 23: RMON Configuration Guide Standard RMON Groups This section describes the RMON groups that are enabled when you specify the Standard support level. The Standard RMON groups are shown in the table below. Table 11. Standard RMON Groups Group Host Host Top N Matrix...
Page 343: Control Tables
Table 12. Professional RMON Groups Group Application Layer Matrix (and Top N) Network Layer Matrix (and Top N) Address Map User History Control Tables Many RMON groups contain both control and data tables. Control tables specify what statistics are to be collected. For example, you can specify the port for which statistics are to be collected and the owner (name, phone, or IP address) for that port.
Page 344: Using Rmon
Chapter 23: RMON Configuration Guide A row in the control table is created for each port on the SSR, with the owner set to “monitor”. If you want, you can change the owner by using the appropriate rmon command. See the section “Configuring RMON Groups” in this chapter for more the command to configure a specific group.
Page 345: Configuring Rmon Groups
following command: ssr# rmon show al-matrix et.5.5 RMON II Application Layer Host Table Index: 500, Port: et.5.5, Inserts: 4, Deletes: 0, Owner: monitor SrcAddr DstAddr ------- ------- 10.50.89.88 15.15.15.3 10.50.89.88 15.15.15.3 10.50.89.88 15.15.15.3 10.50.89.88 15.15.15.3 Configuring RMON Groups As mentioned previously, control tables in many RMON groups specify the data that is to be collected for the particular RMON group.
Page 346 Chapter 23: RMON Configuration Guide To configure the Filter group, you must configure both the Channel and Filter control tables. To configure the Etherstats group. To configure the Event group. To configure the History group. To configure the Application Layer and Network Layer Host groups.
Page 347: Configuration Examples
To configure the Protocol Distribution group. To configure the User History group, you must configure the group of objects to be monitored and apply the objects in the group to the User History control table. Configuration Examples This section shows examples of configuration commands that specify an event that generates an SNMP trap and the alarm condition that triggers the event.
Page 348: Displaying Rmon Information
Chapter 23: RMON Configuration Guide • Samples taken at 300 second (5 minute) intervals. • A “Startup” alarm generation condition instructing the SSR to generate an alarm if the sample is greater than or equal to the rising threshold or less than or equal to the falling threshold.
Page 349: Rmon Cli Filters
To display the RMON 2 Address Map table. To show Network Layer Host logs. To show Application Layer Host logs. To show Network Layer Matrix logs. To show Application Layer Matrix logs. To show all Network Layer Matrix Top N. To show all Application Layer Matrix Top N.
Page 350: Protocol Distribution
Chapter 23: RMON Configuration Guide The following shows Host table output without a CLI filter: ssr# rmon show hosts et.5.4 RMON I Host Table Index: 503, Port: et.5.4, Owner: monitor Address ------- 00001D:921086 00001D:9D8138 00001D:A9815F 00105A:08B98D 004005:40A0CD 006083:D65800 0080C8:E0F8F3 00E063:FDD700 01000C:CCCCCC 01005E:000009 0180C2:000000...
Page 351: Creating Rmon Cli Filters
Creating RMON CLI Filters To create RMON CLI filters, use the following CLI command in Configure mode: Creates an RMON CLI filter. Using RMON CLI Filters To see and use RMON CLI filters, use the following CLI command in User or Enable mode: Displays RMON CLI filters.
Page 352 Chapter 23: RMON Configuration Guide Check the following fields on the rmon show status command output: ssr# rmon show status RMON Status ----------- * RMON is ENABLED * RMON initialization successful. +--------------------------+ | RMON Group Status +-------+--------+---------+ | Group | Status | Default | +-------+--------+---------+ | Lite On |...
Page 353: Allocating Memory To Rmon
Allocating Memory to RMON RMON allocates memory depending on the number of ports enabled for RMON, the RMON groups that have been configured, and whether or not default tables have been turned on or off. Enabling RMON with all groups (Lite, Standard, and Professional) with default tables uses approximately 300 Kbytes per port.
Page 354 Chapter 23: RMON Configuration Guide To set the amount of memory allocated to RMON, use the following CLI command in User or Enable mode: Specifies the total amount of Mbytes of memory allocated to RMON. <number> rmon set memory SmartSwitch Router User Reference Manual...
Page 355: Chapter 24: Lfap Configuration Guide
Overview The Lightweight Flow Accounting Protocol (LFAP) agent, defined in RFC 2124, is a TCP- oriented protocol used to push accounting information collected on the SSR to a Flow Accounting Server (FAS). The LFAP agent uses ACLs to determine the IP traffic on which accounting information will be collected.
Page 356: Cabletron's Traffic Accounting Services
Chapter 24: LFAP Configuration Guide Cabletron’s Traffic Accounting Services Cabletron’s Accounting Services consists of the following components: • LFAP agent on the SSR that collects application flow accounting information and sends it to the Cabletron FAS. You can configure the SSR to collect information on an entire interface or on a specific host-to-host application flow.
Page 357 attempts to connect to it via TCP first. If the connection fails, then the next configured FAS is tried. A FAS can be configured as the primary FAS for one group of SSRs and the secondary FAS for another group of SSRs. Note: The Traffic Accountant is not designed to reconcile duplicate data records.
Page 358: Monitoring The Lfap Agent On The Ssr
Chapter 24: LFAP Configuration Guide Monitoring the LFAP Agent on the SSR The lfap show commands display information about the configuration of the LFAP agent on the SSR and its current status. Use the following commands in Enable mode to view LFAP agent information: Command lfap show configuration...
Page 359: Chapter 25: Wan Configuration Guide
This chapter provides an overview of Wide Area Network (WAN) applications as well as an overview of both Frame Relay and PPP configuration for the SSR. In addition, you can view an example of a multi-router WAN configuration complete with diagram and configuration files in WAN Overview On the SmartSwitch Router, Wide Area Network (WAN) routing is performed over a...
Page 360: Configuring Wan Interfaces
Chapter 25: WAN Configuration Guide Using the same approach, a PPP high-speed serial interface (HSSI) WAN port located at router slot 3, port 2 would be identified as “hs.3.2”. Configuring WAN Interfaces Configuring IP & IPX interfaces for the WAN is generally the same as for the LAN. You can configure IP/IPX interfaces on the physical port or you can configure the interface as part of a VLAN for WAN interfaces.
Page 361: Mapped Addresses
The following command line displays an example for a VLAN: interface create ip IPWAN address-netmask 10.50.1.1/16 peer-address 10.50.1.2 vlan BLUE Mapped Addresses Mapped peer IP/IPX addresses are very similar to static addresses in that InArp is disabled for Frame Relay and the address negotiated in IPCP/IPXCP is ignored for PPP. Mapped addresses are most useful when you do not want to specify the peer address using the interface create command.
Page 362: Forcing Bridged Encapsulation
Chapter 25: WAN Configuration Guide The following command line displays an example for a VLAN: interface create ip IPWAN address-netmask 10.50.1.1/16 vlan BLUE Forcing Bridged Encapsulation WAN for the SSR has the ability to force bridged packet encapsulation. This feature has been provided to facilitate seamless compatibility with Cisco routers, which expect bridged encapsulation in certain operating modes.
Page 363: Average Packet Size
Average Packet Size In most cases, the larger the packet size, the better the potential compression ratio. This is due to the overhead involved with compression, as well as the compression algorithm. For example a link which always deals with minimum size packets may not perform as well as a link whose average packet size is much larger.
Page 364: Packet Encryption
Chapter 25: WAN Configuration Guide The following command line displays an example for PPP: ppp set payload-compress port se.4.2 Packet Encryption Packet encryption allows data to travel through unsecured networks. You can enable packet encryption for PPP ports, however, both ends of a link must be configured to use packet encryption.
Page 365: Source Filtering And Acls
Source Filtering and ACLs Source filtering and ACLs can be applied to a WAN interface; however, they affect the entire module, not an individual port. For example, if you want to apply a source MAC address filter to a WAN serial card located in slot 5, port 2, your configuration command line would look like the following: ssr(config)# filters add address-filter name wan1 source-mac 000102:030405 vlan 2 in-port-list se.5...
Page 366: Adaptive Shaping
Chapter 25: WAN Configuration Guide works with IP Precedence or priority, as defined in the qos configuration command line, to provide preferential traffic handling for higher-priority traffic. The CLI commands related to RED in both the Frame Relay and PPP protocol environments allow you to set maximum and minimum threshold values for each of the low-, medium-, and high-priority categories of WAN traffic.
Page 367: Permanent Virtual Circuits (Pvcs)
Permanent Virtual Circuits (PVCs) WAN interfaces can take advantage of connections that assure a minimum level of available bandwidth at all times. These standing connections, called Permanent Virtual Circuits (PVCs), allow you to route critical packet transmissions from host to peer without concern for network congestion significantly slowing, let alone interrupting, your communications.
Page 368: Setting Up A Frame Relay Service Profile
Chapter 25: WAN Configuration Guide Setting up a Frame Relay Service Profile Once you have defined the type and location of your Frame Relay WAN interface(s), you can configure your SSR to more efficiently utilize available bandwidth for Frame Relay communications.
Page 369: Monitoring Frame Relay Wan Ports
Monitoring Frame Relay WAN Ports Once you have configured your frame relay WAN interface(s), you can use the CLI to monitor status and statistics for your WAN ports. The following table describes the monitoring commands for WAN interfaces, designed to be used in Enable mode: Display a particular frame relay service profile Display all available frame relay...
Page 370 Chapter 25: WAN Configuration Guide • Committed information rate (CIR) of 20 million bits per second • Leave high-, low-, and medium-priority queue depths set to factory defaults • Random Early Discard (RED) disabled • RMON enabled The command line necessary to set up a service profile with the above attributes would be as follows: ssr(config)# frame-relay define service profile1 Bc 2000000 Be 10000000 becn-adaptive-shaping 65 cir 20000000 red off rmon on...
Page 371: Point-To-Point Protocol (Ppp) Overview
Point-to-Point Protocol (PPP) Overview Because of its ability to quickly and easily accommodate IP and IPX protocol traffic, Point- to-Point Protocol (PPP) routing has become a very important aspect of WAN configuration. Using PPP, you can set up router-to-router, host-to-router, and host-to-host connections.
Page 372: Defining The Type And Location Of A Ppp Interface
Chapter 25: WAN Configuration Guide WAN interfaces, then apply a service profile to the desired interface(s). Examples of this process are displayed in Defining the Type and Location of a PPP Interface To configure a PPP WAN port, you need to first define the type and location of one or more PPP WAN ports on your SSR.
Page 373: Applying A Service Profile To An Active Ppp Port
Note: If it is necessary to specify a value for Bridging, IP, and/or IPX, you must specify all three of these values at the same time. You cannot specify just one or two of them in the command line without the other(s). Applying a Service Profile to an Active PPP Port Once you have created one or more PPP service profiles, you can specify their use on one or more active PPP ports on the SSR.
Page 374: Monitoring Ppp Wan Ports
Chapter 25: WAN Configuration Guide processing by MLP. If compression is enabled on a link, the packets will be compressed after the MLP processing. In general, choose bundle compression over link compression whenever possible. Compressing packets before they are “split” by MLP is much more efficient for both the compression algorithm and the WAN card.
Page 375 Suppose you wish to set up a service profile called “profile2” that includes the following characteristics: • Bridging enabled • Leave high-, low-, and medium-priority queue depths set to factory defaults • IP and IPX enabled • Sending of LCP Echo Requests disabled •...
Page 376: Wan Configuration Examples
Chapter 25: WAN Configuration Guide WAN Configuration Examples Simple Configuration File The following is an example of a simple configuration file used to test frame relay and PPP WAN ports: port set hs.5.1 wan-encapsulation frame-relay speed 45000000 port set hs.5.2 wan-encapsulation ppp speed 45000000 interface create ip fr1 address-netmask 10.1.1.1/16 port hs.5.1.100 interface create ip ppp2 address-netmask 10.2.1.1/16 port hs.5.2 interface create ip lan1 address-netmask 10.20.1.1/16 port et.1.1...
Page 377: Multi-Router Wan Configuration
Multi-Router WAN Configuration The following is a diagram of a multi-router WAN configuration encompassing three subnets. From the diagram, you can see that R1 is part of both Subnets 1 and 2; R2 is part of both Subnets 2 and 3; and R3 is part of subnets 1 and 3. You can click on the router label (in blue) to jump to the actual text configuration file for that router: PPP wan-encaps.
Page 378: Router R1 Configuration File
Chapter 25: WAN Configuration Guide Router R1 Configuration File The following configuration file applies to Router R1. ---------------------------------------------------------------------- Configuration for ROUTER R1 ---------------------------------------------------------------------- port set hs.7.1 wan-encapsulation frame-relay speed 45000000 port set hs.3.1 wan-encapsulation frame-relay speed 45000000 port set hs.3.2 wan-encapsulation ppp speed 45000000 port set et.1.* duplex full frame-relay create vc port hs.7.1.106 frame-relay create vc port hs.3.1.103...
Page 379: Router R3 Configuration File
rip add interface all rip set interface all version 2 rip set auto-summary enable rip start system set name R2 arp add 20.20.20.12 exit-port et.1.1 mac-addr 000202:020200 Router R3 Configuration File The following configuration file applies to Router R3. ---------------------------------------------------------------------- Configuration for ROUTER R3 ---------------------------------------------------------------------- port set se.2.1 wan-encapsulation frame-relay speed 1500000...
Page 380: Router R5 Configuration File
Chapter 25: WAN Configuration Guide port set et.1.* duplex full frame-relay create vc port se.6.1.304 vlan create s1 id 200 vlan add ports se.6.1.304,se.6.3 to s1 interface create ip s1 address-netmask 100.100.100.4/16 vlan s1 rip add interface all rip set interface all version 2 rip set interface all xmt-actual enable rip set broadcast-state always rip set auto-summary enable...
Page 381 Chapter 25: WAN Configuration Guide port set hs.3.1 wan-encapsulation frame-relay speed 45000000 frame-relay create vc port hs.3.1.106 frame-relay define service CIRforR1toR6 cir 45000000 bc 450000 frame-relay apply service CIRforR1toR6 ports hs.3.1.106 vlan create BridgeforR1toR6 port-based id 106 interface create ip FRforR1toR6 address-netmask 100.100.100.6/16 vlan BridgeforR1toR6 interface create ip lan1 address-netmask 60.60.60.6/16 port et.15.1 vlan add ports hs.3.1.106 to BridgeforR1toR6...
Page 382 Chapter 25: WAN Configuration Guide SmartSwitch Router User Reference Manual...
Page 383: Appendix A: New Features Supported On Line Cards
Introduction Some of the features in firmware versions 3.0 and 3.1 are only supported on certain line cards. The following sections list SSR line cards and the firmware features that are supported on each card. SSR 8000/8600 Line Cards This section describes the following categories of SSR line cards: •...
Page 384: Line Cards Introduced At The 3.0 Firmware Release (-Aa Revision)
Appendix A: New Features Supported on Line Cards The following table lists the line cards available for the SSR 8000/8600 prior to the 3.0 firmware release and the supported features. Line Card Part Number SSR-HTX12-08 SSR-HTX22-08 SSR-HFX11-08 SSR-HFX21-08 SSR-HFX29-08 SSR-GSX11-02 SSR-GSX21-02 SSR-GLX19-02 SSR-GLX29-02...
Page 385: Line Cards Introduced At The 3.1 Firmware Release (T-Series)
In addition, these cards support all pre-3.0 firmware features. All cards, except for the gigabit Ethernet cards, also support WFQ. The following table lists the line cards introduced for the SSR 8000/8600 with the 3.0 firmware release and the supported features. Line Card Part Number SSR-HTX12-08-AA...
Page 386 Appendix A: New Features Supported on Line Cards Pre-3.0 Line Card Part Firmware Number Features SSR-POS21-04 (POS OC-3c MMF) SSR-POS29-04 (POS OC-3c SMF) SSR-POS31-02 (POS OC-12c MMF) SSR-POS39-02-IR (POS OC-12cSMF- SSR-ATM29-02 (ATM OC-3c) SSR-ATM31-02 (ATM OC-12c MMF) SSR-ATM39-02-IR (ATM OC-12c SMF- SSR-HTX32-16 (16 port 10/100 TX) SSR-GSX31-02...
Page 387: Ssr 2000 Line Cards
SSR 2000 Line Cards The following table lists the line cards available for the SSR 2000 and the supported features: Line Card Part Number Standard Chassis Configurations: SSR-2-B SSR-2-PKG SSR-2-WAN SSR-2-GSX Line Cards Available Prior to the 3.0 Firmware Release (Non-AA Revision): SSR-2-TX SSR-2-FX SSR-2-SX...
Page 388: New Features That Require Specific Line Cards
Appendix A: New Features Supported on Line Cards SSR-2-SX-AA SSR-2-LX-AA SSR-2-LX70-AA SSR-2-SER-AA SSR-2-SERC-AA SSR-2-SERCE-AA New Features that Require Specific Line Cards T-series line cards, -AA revision line cards, and non -AA revision line cards can be used in the same chassis. Version 3.0 and later firmware can detect the revision number of each line card, and when configuring features that require -AA or T-series line cards, the system checks to see if the line card revision matches.
Page 389 Appendix A: New Features Supported on Line Cards SmartSwitch Router User Reference Manual...
Page 390: Load Balancing (Lsnat)
Appendix A: New Features Supported on Line Cards When multiple routers are connected together, only the router using Network Address Translation requires the -AA or T-series line card. In Diagram 2, only Router W requires the -AA or T-series line card since it is the only router performing translation to the global Internet.
Page 391: Layer 4 Bridging
When load balancing is implemented in a single system, the ports that attach to both incoming and outgoing interfaces must reside on -AA or T-series line cards. If the servers are load-sharing across multiple networks, ports assigned to the interfaces must also reside on -AA or T-series line cards.
Page 392: Per-Protocol Vlan
Appendix A: New Features Supported on Line Cards When a VLAN spans across multiple SSRs with 802.1Q trunk ports, the requirements for -AA or T-series line cards depend on how layer 4 bridging is deployed. In Diagram 4, yellow and blue VLANs are created across multiple SSRs and are interconnected through an 802.1Q trunk port.
Page 393: Qos Rate Limiting
on SSR C since SSR C does not have a -AA or T-series line card. SSR C would drop all SNA traffic since its module would not recognize SNA traffic. QoS Rate Limiting There are three types of rate limiting supported on the SSR: •...
Page 394: Tos Rewrite
Appendix A: New Features Supported on Line Cards ToS Rewrite The ToS rewrite command allows a network administrator to change the value in the ToS octet (which includes both the Precedence or ToS fields) in each IP packet. The SSR looks at every IP packet coming into the interface, and if a packet matches the defined parameters (Source IP, Destination IP, Source Port, Destination Port, or ToS Octet), the SSR rewrites the ToS Octet to a specific value.
Page 395: Weighted Random Early Detection (Wred)
Weighted Random Early Detection (WRED) Weighted Random Early Detection (WRED) algorithms can alleviate traffic congestion. WRED allows you to set conditions and limits for the selective dropping of packets on input or output queues of specific ports before the queues become completely flooded. The ports on which WRED are enabled must reside on T-series line cards.
Page 396: Identifying A Line Card
Appendix A: New Features Supported on Line Cards Multiple IPX Encapsulation WRED Aggregate rate limiting Port rate limiting Jumbo frame support *. 10/100 T-series line cards do not support jumbo frames. Identifying a Line Card ATM, packet-over-SONET, and 16-port 10/100 BASE-TX line cards are T-series line cards introduced with the 3.1 firmware release.
Page 397: Example 2
“Non -AA” Line Card D1.2 or less G2.1.1 or less I2.0 or less O2.0 or less Example 2: ssr# system show hardware verbose Slot CM/1, Module: 10/100-TX Rev. 1.0 Service String: 2_D1.2_0.512_I2.0_2_O2.0_0.512 The above Service String shows a “non -AA” 10/100 Base TX line card. Example 3: ssr# system show hardware verbose Slot CM/1, Module: 10/100-TX Rev.
Page 398 Appendix A: New Features Supported on Line Cards SmartSwitch Router User Reference Manual...

This manual is also suitable for:

Smartswitch ssr-htx12-08

Cabletron Systems SMARTSWITCH ROUTER 9032578-05 User's Reference Manual

About this Manual

Chapter 1: Introduction

Chapter 2: Hot Swapping Line Cards and Control Modules

Chapter 3: Bridging Configuration Guide

Chapter 4: Smarttrunk Configuration Guide

Chapter 5: ATM Configuration Guide

Chapter 6: Packet-Over-SONET Configuration Guide

Chapter 7: DHCP Configuration Guide

Chapter 8: IP Routing Configuration Guide

Chapter 9: VRRP Configuration Guide

Chapter 10: RIP Configuration Guide

Chapter 11: OSPF Configuration Guide

Chapter 12: BGP Configuration Guide

Chapter 13: Routing Policy Configuration Guide

Chapter 14: Multicast Routing Configuration Guide

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Cabletron Systems SMARTSWITCH ROUTER 9032578-05

Summary of Contents for Cabletron Systems SMARTSWITCH ROUTER 9032578-05