3Com 3033 Configuration Manual
  1. Manuals
  2. Brands
  3. 3Com Manuals
  4. Network Router
  5. Router 3033
  6. Configuration manual

3Com 3033 Configuration Manual

For v1.20
Hide thumbs Also See for 3033:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual, Manual
3Com Router
Configuration Guide for V1.20
http://www.3com.com/
Part No. 10014303
Published January 2004

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 3033 and is the answer not in the manual?

Questions and answers

Related Manuals for 3Com 3033

Summary of Contents for 3Com 3033

  • Page 1 3Com Router Configuration Guide for V1.20 http://www.3com.com/ Part No. 10014303 Published January 2004...
  • Page 2 1.1. Introduction 1.1.1. Scope This manual provides configuration information for new software features found in V1.20 of the 3Com Router operating system. Use this addendum to supplement configuration information found in the 3Com Router Configuration Guide. 1.1.2. Online Resources Download the Router 3000 Installation Guide from: http://support.3com.com/infodeli/tools/routers/R3000Install.pdf...

  • Page 3: Chapter 1 Configuring Class-Based Queuing

    3Com Router Configuration Guide Addendum for V1.20 Chapter 1 Configuring Class-Based Queuing As an extension of WFQ, class based queuing (CBQ) provides users with class definition support. CBQ assigns individual FIFO reservation queues to the classes defined by each user to buffer data of the same class. When there is network congestion, CBQ matches outbound packets according to the classification rule defined by users to make them enter relevant queues.
  • Page 4 3Com Router Configuration Guide Addendum for V1.20 policing upon congestion. If no congestion occurs, the priority class is permitted to use bandwidth exceeding the assigned value. In case of congestion, packets exceeding the assigned bandwidth of the priority class will be discarded. Burst size is also configurable under LLQ.
  • Page 5 3Com Router Configuration Guide Addendum for V1.20 Table 1-2 Define/delete the rule matching all packets Operation Command Define the rule matching all packets if-match [logic-not ] any Delete the rule matching all packets undo if-match [logic- not ] any Define the class matching rule Perform the following configurations in class view.
  • Page 6 3Com Router Configuration Guide Addendum for V1.20 The matching rules of the source MAC address are only meaningful for the policies in inbound direction and the interface of Ethernet type. Define the inbound interface matching rule of a class Perform the following configurations in class view.
  • Page 7 3Com Router Configuration Guide Addendum for V1.20 Use the corresponding command to configure the value of ip precedence during the configuration; otherwise, the configuration of the if-match ip precedence command will overwrite the previous configurations. Define the RTP port matching rule Perform the following configurations in class view.
  • Page 8 3Com Router Configuration Guide Addendum for V1.20 Perform the following configurations in the system view. Table 1-12 Define the policy and enter the policy view Operation Command Define the policy and enter the policy qos policy policy-name view Delete the specified policy undo qos policy policy-name If an interface applies this policy, this policy is not allowed to be deleted.
  • Page 9 3Com Router Configuration Guide Addendum for V1.20 configured with a maximum bandwidth, the system will assign the class an individual queue, called the default queue. Theoretically, each class can be configured with bandwidth of any size, but generally, the priority classes can occupy 70% of the total bandwidth, and other ordinary classes and the default class occupy less than 10%.
  • Page 10 3Com Router Configuration Guide Addendum for V1.20 Configure the maximum queue length of the class Configure maximum queue length of the class and configure the drop type as tail drop. Perform the following configurations in the policy-class view. Table 1-16 Configure the maximum queue length of the class...
  • Page 11 3Com Router Configuration Guide Addendum for V1.20 Table 1-18 Configure exponential of average queue length calculated by WRED Operation Command Configure exponential of average queue wred weighting-constant exponent length calculated by WRED Delete the configuration of exponential of undo wred weighting-constant...
  • Page 12 3Com Router Configuration Guide Addendum for V1.20 The discarding mode based on WRED must already have been enabled via the wred ip-precedence command. When the configuration of qos wred is deleted, the wred ip-precedence is also deleted. When the af configuration is deleted, the configuration of discarding parameters will also be deleted.
  • Page 13 3Com Router Configuration Guide Addendum for V1.20 If qos gts is used in the class-policy that is applied to the interface, it can only be applied to the outbound interface. When the class including TS is applied to the interface, the original qos gts command that is configured on the interface will become invalid.

  • Page 14: Displaying And Debugging Cbq

    3Com Router Configuration Guide Addendum for V1.20 The following is the rule for a policy to be applied in interface view. A policy configured with various features (including remark, car, gts, af, ef, wfq, and wred,) apply to a common physical interface and a virtual template interface over MP.
  • Page 15 3Com Router Configuration Guide Addendum for V1.20 In terms of service, service flow 1 must occupy a bandwidth of 10K, service flow 2 must occupy a bandwidth of 20K, under the premise of ensuring voice service. 1.1.1.1/24 1.1.4.1/24 E0 1.1.4.2/24 1.1.1.2/24...
  • Page 16 3Com Router Configuration Guide Addendum for V1.20 [RouterA-qosclass-voip] if-match rtp start-port 16384 end-port 32767 [RouterA-qosclass-voip] quit Configure CBQ policy: [RouterA] qos policy 1 Configure the bandwidth of service 1 to be 10K: [RouterA-qospolicy-1]qos-class 1 [RouterA-qospolicy-c-1 1] af bandwidth 10 [RouterA-qospolicy-c-1 1] quit...

  • Page 17: Chapter 2 Configuring Tacacs

    3Com Router Configuration Guide Addendum for V1.20 Chapter 2 Configuring TACACS+ TACACS+ is facilitated with AAA to control PPP, VPDN, and login access to routers. CISCO ACS is the only application software that is supported. Compared to RADIUS, TACACS+ features more reliable transmission and encryption, and is more suitable for security control.
  • Page 18 3Com Router Configuration Guide Addendum for V1.20 2.2 The Basic Message Interaction Flow of TACACS+ For example, use TACACS+ to implement AAA on a telnet user, and the basic message interaction flow described below is used: A user requests access to the router. The router(TACACS+ client) sends the authentication start packet to the TACACS+ server upon receipt of the request.
  • Page 19 Accounting stop response packet Figure 2-3 The flow of implementing AAA for a telnet user 2.3 The TACACS+ Functions Implemented by 3Com Routers 3Com Routers support the following TACACS+ functions: AAA on login users (including console, Telnet, dumb terminal, PAD, terminal...
  • Page 20 3Com Router Configuration Guide Addendum for V1.20 Standby/Primary server switchover interval The shared key for the AAA negotiation between the router and TACACS+ Server Set the timeout time waiting for a TACACS+ server to make a response Specify a source IP address for all the TACACS+ packets to be transmitted 2.4.1 Create a TACACS+ server group...
  • Page 21 3Com Router Configuration Guide Addendum for V1.20 Note: When this command is used without being configured with the parameter shared-key key-string for negotiation, the default key configured using the shared-key command will be used. 2.4.3 Standby/Primary Server Switchover Interval If you have specified the primary and standby servers in a TACACS+ server group, the router regularly tests whether the primary server can work properly in the case that the current server used to provide AAA services is a standby server.
  • Page 22 3Com Router Configuration Guide Addendum for V1.20 Caution: 1) The entered key must match the key used by the TACACS+ server. 2) All the leading spaces and ending spaces in a key string will be ignored. In addition, a key that contains spaces in the middle is not supported.
  • Page 23 3Com Router Configuration Guide Addendum for V1.20 2.5 Displaying and Debugging TACACS+ Execute the following commands in all views. Table 2-7 Display and debug AAA and RADIUS Operation Command Display all the accounting details. display hwtacacs accounting [ verbose ]...
  • Page 24 3Com Router Configuration Guide Addendum for V1.20 Configure “mykey” as the shared key for the AAA negotiation with the TACACS+ server. [3Com-HWTACACS-tactemplate1]shared-key mykey [3Com-HWTACACS-tactemplate1] quit Enable AAA. [3Com]aaa-enable Implement authentication on telnet login users. [3Com]login telnet [3Com]aaa authentication-scheme login login-authen-list template tactemplate1...
  • Page 25 3Com Router Configuration Guide Addendum for V1.20 [3Com-serial0] quit Assign an IP address to the interface Ethernet0. [3Com]interface ethernet 0 [3Com-ethernet0]ip address 10.110.1.10 255.255.0.0 Assign an IP address to Ethernet1. [3Com-ethernet0]interface ethernet 1 [3Com-ethernet0]ip address 192.10.1.1 255.255.255.0 [3Com-ethernet0]return 2.6.2 Integrating TACACS+ and RADIUS In this example, a TACACS+ server is used for authentication and authorization for PPP and login users, and is also used as a standby accounting server.
  • Page 26 [3Com]aaa authorization-scheme ppp ppp-author-list template tactemplate1 [3Com]interface serial 0 [3Com-Serial0]link-protocol ppp [3Com-Serial0]ip address 168.1.1.1 255.255.255.0 [3Com-Serial0]ppp authorization-mode ppp-author-list [3Com-serial0] quit Enable accounting for login users and configure the default accounting scheme. [3Com] aaa accounting-scheme login default radius template tactemplate1 [3Com] aaa accounting-scheme optional...

  • Page 27: Troubleshooting

    Apply the default scheme for accounting on telnet login users. [3Com]login-method accounting-mode login telnet default Enable accounting on Serial0, and configure and apply the default accounting scheme. [3Com] aaa accounting-scheme ppp default radius template tactemplate1 [3Com]interface Serial0 [3Com-Serial0]link-protocol ppp [3Com-Serial0]ppp accounting default [3Com-serial0] quit Assign an IP address to Ethernet0.

  • Page 28: Chapter 3 Configuring Ssh Terminal Service

    3Com Router Configuration Guide Addendum for V1.20 Chapter 3 Configuring SSH Terminal Service Secure Shell (SSH) is a feature that provides information about security and powerful authentication functions, which can protect a router from the attacks such as IP address spoofing and plain text password. This is especially evident for remote users who access the router from a nonsecure network environment.

  • Page 29: Configuring Ssh

    3Com Router Configuration Guide Addendum for V1.20 To set up a secure and authenticated SSH connection, the server and client must go through the communication procedure that falls into five stages; version negotiation, key algorithm negotiation, authentication type negotiation, session request, and session interaction.
  • Page 30 3Com Router Configuration Guide Addendum for V1.20 Table 3-2 Configure and destroy RSA key-pairs Operation Command Generate RSA key-pairs rsa local-key-pair create Destroy the RSA key-pairs rsa local-key-pair destroy Caution: An essential operation underlying a successful SSH login is generating local RSA key-pairs. Before performing any other SSH configuration tasks, you must generate a local key-pair by configuring the rsa local-key-pair create command.
  • Page 31 3Com Router Configuration Guide Addendum for V1.20 Set a server key-pair updating ssh server rekey-interval hours interval Restore the default updating interval undo ssh server rekey-interval By default, the system does not update the server key-pair. Perform this task to set an SSH authentication timeout time period.
  • Page 32 3Com Router Configuration Guide Addendum for V1.20 when entering key data but they will be deleted by the system. The configured public key must be a consecutive hexadecimal character string coded in the public key format. Execute the public-key-code end command to stop public key editing and save the key.
  • Page 33 3Com Router Configuration Guide Addendum for V1.20 Perform the following configuration in system view. Table 3-11 Close SSH processes by force Operation Command Kill SSH process(es) by force kill ssh { all | userID userid } VI. Display and Debug SSH Information After finishing the configurations described above, view the running state of SSH by executing the display commands in all views to verify the configuration.
  • Page 34 3Com Router Configuration Guide Addendum for V1.20 Choose the proper SSH version. Generally the client provides several SSH versions. V1.20 supports SSH Server 1.5, so you must choose 1.5 or lower. Specify the RSA key file. If you have configured to choose RSA authentication at the server, you must specify the RSA key file at the client.
  • Page 35 3Com Router Configuration Guide Addendum for V1.20 III. Choose the SSH version Click “SSH” under “Connection” in the left “Category” of the interface, then the following interface appears. Figure 3-2 SSH Client configuration interface (2) Specify the SSH version to “1”, as shown in the above interface.
  • Page 36 3Com Router Configuration Guide Addendum for V1.20 Figure 3-3 SSH Client login interface (in password authentication mode ) After you have entered the correct user name and password, you can implement the connection. To log out, just use the logout command.
  • Page 37 3Com Router Configuration Guide Addendum for V1.20 Figure 3-4 PuTTY Generator Software interface (1) Choose “SSH1(RSA)” or “SSH2 RSA” as the parameter and enter the number of bits in the key. Click [Generate] button to generate the RSA key. To ensure the random key, you are required to move the mouse.
  • Page 38 3Com Router Configuration Guide Addendum for V1.20 Figure 3-5 PuTTY Key Generator interface (2) Enter a passphrase, if you want to use one. Save the key After you have generated the keys, you have an RSA public key and an RSA private key.
  • Page 39 3Com Router Configuration Guide Addendum for V1.20 If you need to perform an RSA authentication, you must specify the RSA private key file. If you only need to perform the password authentication, it is not necessary. Click the “auth” under “SSH” in the PuTTY configuration interface and the following figure appears.
  • Page 40 3Com Router Configuration Guide Addendum for V1.20 Figure 3-7 SSH Client login interface (in RSA authentication mode) After you have entered the correct username, you can perform the SSH connection. If a passphrase was used when generating the keys, the passphrase is also required before a successful SSH connection can be achieved.
  • Page 41 After finishing the configuration, you can run the SSH1.5-enabled client software on a terminal connected to the router and access the router from the terminal using the client name client001 and the password 3Com. Authenticate login users with the RSA approach...

  • Page 42: Chapter 4 Configuring Ntp

    3Com Router Configuration Guide Addendum for V1.20 Chapter 4 Configuring NTP As provisioned in RFC1305, Network Time Protocol (NTP) is a protocol of the TCP/IP suite, which is used to synchronize the timekeeping among a set of distributed time servers and clients on a network. The transmission relies on UDP.

  • Page 43: Ntp Configuration Tasks

    3Com Router Configuration Guide Addendum for V1.20 Upon the departure of the NTP message, Router B adds its timestamp 11:00:02am (T ) again. Upon the receipt of the response, Router A adds a new timestamp, that is, 10:00:03am (T In this way, Router A obtains adequate information for calculating two essential parameters.
  • Page 44 3Com Router Configuration Guide Addendum for V1.20 Configure the NTP server mode Configure the NTP peer mode Configure the NTP broadcast server mode Configure NTP broadcast client mode Configure NTP multicast server mode Configure NTP multicast client mode I. Configure NTP Server Mode This task sets a remote server as the local time server by specifying its address X.X.X.X.
  • Page 45 3Com Router Configuration Guide Addendum for V1.20 Table 4-2 Configure NTP peer mode Operation Command ntp-service unicast-peer X.X.X.X [ version number | authentication-key Configure NTP peer mode keyid | source-interface { { interface-name | interface-type } interface-number } | priority ] * Disable NTP peer mode undo ntp-service unicast-peer X.X.X.X...
  • Page 46 3Com Router Configuration Guide Addendum for V1.20 Table 4-4 Configure NTP broadcast client mode Operation Command Configure NTP broadcast client mode ntp-service broadcast - client Disable NTP broadcast client mode undo ntp-service broadcast - client This command must be configured on the interface to be used for receiving NTP broadcast messages.

  • Page 47: Configure Ntp Authentication

    3Com Router Configuration Guide Addendum for V1.20 Table 4-6 Configure NTP multicast client mode Operation Command Configure NTP multicast client mode ntp-service multicast - client [ X.X.X.X ] Disable NTP multicast client mode undo ntp-service multicast - client Multicast IP address X.X.X.X defaults to 224.0.1.1. This command must be configured on the interface to be used for receiving NTP multicast messages.

  • Page 48: Set Ntp Master Clock

    3Com Router Configuration Guide Addendum for V1.20 4.2.4 Specify Reliable Key You must specify a key to be a reliable one before it can be used for authentication. For example, if two routers want to use keyid 1 for authentication, both of them must specify it to be a reliable one.
  • Page 49 3Com Router Configuration Guide Addendum for V1.20 Table 4-11 Set an external reference clock or the local clock as the NTP master clock Operation Command Set an external reference clock or the local clock as the NTP master ntp-service refclock-master [ X.X.X.X ] [ stratum ]...
  • Page 50 3Com Router Configuration Guide Addendum for V1.20 Table 4-13 Set the right for accessing the NTP services provided by the local router Operation Command Set the right for accessing the NTP services provided by the local router ntp-service access { query | synchronization | server | peer }...
  • Page 51 3Com Router Configuration Guide Addendum for V1.20 Perform the debugging command in all views to debug the NTP information. Table 4-15 Display and debug the NTP information Operation Command Display the state information of the NTP display ntp-service status services...

  • Page 52: Ntp-Service Unicast-Peer

    3Com Router Configuration Guide Addendum for V1.20 4.3.2 ntp-service source-interface disable Syntax ntp-service source-interface disable undo ntp-service source-interface disable View Interface view Parameter None Description Using the ntp-service source-interface disable command, you can disable an interface to receive NTP messages. Using the undo ntp-service source-interface disable command, you can enable the interface to receive NTP messages.
  • Page 53 3Com Router Configuration Guide Addendum for V1.20 version: Defines NTP version number. number: NTP version number in the range of 1 to 3. authentication-keyid: Defines an authentication key. keyid: The key ID carried in the messages transmitted to the remote server, which is in the range of 1 to 4294967295.

  • Page 54: Ntp-Service Unicast-Server

    3Com Router Configuration Guide Addendum for V1.20 4.3.4 ntp-service unicast-server Syntax ntp-service unicast-server X.X.X.X [ version number | authentication-keyid keyid | source-interface { interface-name | interface-type interface-number } | priority ] * undo ntp-service unicast-server X.X.X.X View System view Parameter X.X.X.X: IP address of the remote server.
  • Page 55 3Com Router Configuration Guide Addendum for V1.20 This command declares that the local time server is the remote server specified by X.X.X.X. X.X.X.X represents a host address, which must not be a broadcast or multicast address, or the IP address of the reference clock. Configured with this command, the local device is working in client mode and therefore it is up to the local client to synchronize with the remote server rather than vice versa.

  • Page 56: Chapter 5 Configuring X2T

    3Com Router Configuration Guide Addendum for V1.20 Chapter 5 Configuring X2T The X.25 to TCP switch (X2T) technology can interconnect X.25 and IP networks and enables access between X.25 and IP hosts. X.25 TCP/IP Network Network X.25 Terminal Router IP Host X.25...
  • Page 57 For information about the configuration of the interface at the X.25 network side, see “Configure X.25” in Chapter 16 of the 3Com Router Configuration Guide. You do not need to configure an X.121 address when configuring the interface at the X.25 network side.
  • Page 58 3Com Router Configuration Guide Addendum for V1.20 forwarding route Delete the X.25-to-IP X2T undo translate x25 x.121-address forwarding route Configuring an IP-to-X.25 X2T forwarding route Perform the following configuration in system view. Table 5-4 Configure an IP-to-X.25 X2T forwarding route...
  • Page 59 3Com Router Configuration Guide Addendum for V1.20 Configure the interface at the X.25 network side. [3Com]interface serial 0 [3Com-Serial0]link-protocol x25 dce [3Com-Serial0]x25 x121-address 1111 Configure the interface at the IP network side. [3Com]interface ethernet 0 [3Com-Ethernet0]ip address 10.1.1.1 255.255.255.0 Configure an X.25 route...

  • Page 60: Chapter 6 Configuring Additional Isdn Support

    3Com Router Configuration Guide Addendum for V1.20 Chapter 6 Configuring Additional ISDN Support ISDN configuration includes the following tasks: • Configuring the ISDN signaling type. • Configuring the negotiation parameters of ISDN Layer 3. • Configuring the SPID parameters of the National (NI) ISDN protocol.
  • Page 61 3Com Router Configuration Guide Addendum for V1.20 Configure the router to become ACTIVE to start data exchange undo isdn waitconnectack before receiving CONNECT ACK messages. Configure the interval for the Q931 timers isdn q931-timer timer-name time-interval Restore the default interval timers...
  • Page 62 3Com Router Configuration Guide Addendum for V1.20 These can optionally be removed from the SETUP message. 6.2.3 ATT 5ESS (Lucent 5E) Table 6-5 Required ATT 5ESS Commands Operation Command Disable the Sending-Complete undo isdn sending-complete Information Element in the Setup message...
  • Page 63 3Com Router Configuration Guide Addendum for V1.20 Restore the SETUP message. undo isdn ignore llc Configure the router to wait for CONNECT ACK message isdn waitconnectack replies from the connected exchange until switching to the ACTIVE state. Configure the router to become ACTIVE to start data exchange undo isdn waitconnectack before receiving CONNECT ACK messages.

This manual is also suitable for:

3012

Table of Contents