Table of Contents

Advertisement

Quick Links

CoreWatch User's Guide
9032564

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SSR-ATM29-02 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Cabletron Systems SSR-ATM29-02

  • Page 1 CoreWatch User’s Guide 9032564...
  • Page 3 Notice Notice Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.
  • Page 4: Fcc Notice

    Notice FCC Notice This device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules.
  • Page 5: Declaration Of Conformity

    Notice DECLARATION OF CONFORMITY ADDENDUM Application of Council Directive(s): 89/336/EEC 73/23/EEC Manufacturer’s Name: Cabletron Systems, Inc. Manufacturer’s Address: 35 Industrial Way PO Box 5005 Rochester, NH 03867 European Representative Name: Mr. J. Solari European Representative Address: Cabletron Systems Limited Nexus House, Newbury Business Park London Road, Newbury Berkshire RG13 2PZ, England...
  • Page 6 Notice...
  • Page 7: Table Of Contents

    About This Guide........................15 Who Should Read This Manual? ..................15 How to Use This Guide ......................15 Related Documentation......................17 What Are CoreWatch’s Features?..................19 System Requirements ......................20 CoreWatch Capabilities......................20 A Look at the Modes of CoreWatch ..................21 Which MIBs Does the SSR Support? ...................21 Installing CoreWatch ......................23 Installing on a Solaris System..................23 Installing on a Windows NT or Windows 95 System..........24...
  • Page 8 What Is Configuration Expert?.................... 35 Starting Configuration Expert ..................... 36 Opening Configuration Expert from the Front Panel View ........36 Opening Configuration Expert from the Schematic View ........37 A Look at the Configuration Expert Window..............38 Configuration Tree......................39 Configuration Files ....................
  • Page 9 A Look at VLANs on the SSR....................81 VLAN Configuration Tips ....................82 Defining Access Ports and Trunk Ports ................83 Creating a Protocol-Based VLAN ..................85 Creating a Port-Based VLAN ....................90 Modifying VLANs ........................ .94 Changing a Port-Based VLAN’s Name or ID .............95 Changing a Protocol-Based VLAN’s Name, ID, or Protocol Binding .....96 Replacing an Interface’s VLAN....................97 Changing Which Ports a VLAN Includes................97...
  • Page 10 What Is IPX? ......................... 147 Creating IPX Interfaces....................... 149 Creating IPX Interfaces Bound to a Single Port ............149 Creating IPX Interfaces Bound to a VLAN............... 155 Modifying IPX Interface Definitions ................160 Configuring Static IPX SAP Entries .................. 163 What to Do Next........................
  • Page 11 Setting OSPF Global Parameters..................235 Configuring OSPF Area Tables...................236 Creating OSPF Area Tables ..................237 Modifying Area Tables ..................253 Obtaining Chassis Information ..................255 Obtaining Port Information ....................256 Monitoring System Performance ..................259 Setting the Scaling of Dials ..................261 Monitoring Port Utilization ....................262 Obtaining Statistics About an Individual Port..............264 Obtaining Packet Statistics ..................265 Obtaining Port Byte Statistics..................266 Obtaining Port Error Statistics ..................267...
  • Page 12 Obtaining DVMRP Interface Information ..............305 Obtaining DVMRP Neighbor Information............... 307 Obtaining DVMRP Routing Information ..............309 Checking IGMP Status......................311 Obtaining IGMP Interface Information ..............312 Obtaining IGMP Cache Information ................. 314 Obtaining Layer-2 Priority Information................317 Obtaining Flow Priority Information ................319 Obtaining Layer-2 Switching Information ..............
  • Page 13 Missing or Invalid Field Error Messages ................351 Duplicate Objects Error Messages ..................355 Already Exists or in Use Error Messages................355 Unavailable Objects Error Messages .................356 Miscellaneous Error Messages ...................357...
  • Page 15 This guide provides a general overview of CoreWatch and provides procedures for using that application to configure and monitor a SmartSwitch Router (SSR). For product information not available in this guide, see the manuals listed in “Related Documentation” on page Read this manual if you are responsible for configuring or monitoring the SSR and you want to do so using CoreWatch rather than using Command Line Interface (CLI) commands.
  • Page 16 If You Want To Configure the SSR for the Distance Vector Multicast Chapter 10 on page 135 Routing Protocol (DVMRP) and Internet Group Management Protocol (IGMP), which IP uses to perform multicast routing Configure Internet Packet Exchange (IPX) routes on the Chapter 11 on page 147 Configure Quality of Service (QoS) policies Chapter 12 on page 167...
  • Page 17 The Cabletron Systems documentation set includes the following items. Refer to these other docu- ments to learn more about your product. For Information About See the The SmartSwitch Router (SSR) features and the SmartSwitch Router Getting procedures for installing the SSR and setting it up Started Guide for management using CoreWatch software.
  • Page 19: System Requirements

    Cabletron Systems’ CoreWatch is a comprehensive, easy-to-use, device management and configuration application for SmartSwitch Routers (SSRs). Based on Java Programming Language, CoreWatch provides configuration, monitoring, and reporting capabilities with the assistance of wizards, property sheets, and drag-and-drop operations. CoreWatch provides access to Configuration Expert, a utility that makes tasks such as configuring routers, virtual local area networks (VLANs), application-level Quality of Service (QoS) policies, and security filters simple and easy.
  • Page 20 • Simplified routing configuration. • Quality of Service (QoS) policy management. QoS is a set of parameters that assign priorities to different types of traffic, define flows for Internet Protocol (IP) and Internetwork Packet Exchange (IPX) packet fields, assign a precedence to the fields of the flows you define, and establish queuing policies. •...
  • Page 21: Which Mibs Does The Ssr Support

    – Check the status of each bridge table, routing table, and QoS table. These tables contain information that CoreWatch obtains from MIBs it supports. (For a list of these MIBS, see “Which MIBs Does the SSR Support?” on page 21.) –...
  • Page 22 – BGP4-MIB/RFC 1657 – RIPv2-MIB/RFC 1724 – EtherLike-MIB/RFC 1643 – BRIDGE-MIB/RFC 1493 • IETF Proposed Standard MIBS: – IF-MIB/RFC 1573 – IP-Group IPCIDRTable-MIB/RFC 2096 • Experimental/Enterprise MIBs: – DOT1Q-VLAN-MIB/draft-jeya-vlan-8021q-mib-00.txt – IGMP/draft-ietf-idmr-igmp-mib-05.txt – DVMRP/draft-thaler-dvmrp-mib-04.txt – NOVELL RIP-SAP MIB – NOVELL IPX MIB –...
  • Page 23: Installing Corewatch

    You can install CoreWatch on a Solaris 2.5.1, Solaris 2.6, Windows NT, or Windows 95 system. The method you use to install CoreWatch depends on your environment. Separate discussions on installing CoreWatch in the Solaris or Windows environments follow. To install CoreWatch from a CD onto a Solaris 2.5.1 or 2.6 system: If you plan to integrate CoreWatch with HP OpenView, be sure the HP OpenView daemon is running.
  • Page 24 CoreWatch is installed in on your system in the /opt/CScw directory. Add /opt/CScw/bin to your environment path. For details on adding items to a path, see your Solaris documentation. You must have Admin privileges to install CoreWatch on a Windows NT system. Note: To install CoreWatch on a Windows NT or Windows 95 system: If you plan to integrate CoreWatch with HP OpenView on a Windows NT system, be...
  • Page 25: Starting Corewatch

    Before using CoreWatch, you should be familiar with some basic CoreWatch tasks and be familiar with the application’s interface. This chapter • discusses starting CoreWatch. • provides an overview of the CoreWatch interface. • discusses changing CoreWatch passwords. • discusses how to access the CoreWatch online help. •...
  • Page 26 To start CoreWatch in the Solaris 2.5.1 or 2.6 environment: Enter the following command at the Solaris prompt: The Login Dialog dialog box appears. If the CoreWatch command is not found, you can locate it in /opt/CScw/bin. Note: Type the name or IP address and community string for the SSR. If you do not know this information, see your network administrator.
  • Page 27: Front Panel View

    To Start CoreWatch from within SPECTRUM: Start SPECTRUM. If you know the topology location for your SmartSwRtr model, proceed to that location. Otherwise, open the Find View by choosing the View menu, selecting New View, and then selecting Find. Select Model-Type Name and enter the SmartSwRtr command to display all the SmartSwRtr models or select Network Address to display a particular model.
  • Page 28 After you start CoreWatch, a Front Panel view similar to the following appears: Legend The Front Panel view is a graphical representation of an SSR-8's front-panel chassis. You can use this view to do the following: • Obtain port statistics •...
  • Page 29 Abbreviation Description Indicates the location of slot 5 of the SSR chassis. Indicates the location of slot 6 of the SSR chassis. Indicates the location of slot 7 of the SSR chassis. In the Front Panel view, an SSR’s modules appear similar to the following figure. This figure is for an Ethernet 10/100BASE-TX module, but the information CoreWatch displays to represent a module depends on that module’s type.
  • Page 30: Schematic View

    The Schematic view, which looks similar to the following figure, is a graphical representation of an SSR's functions (such as bridging, switching, and routing services) and data objects (such as QoS flows). It also indicates which functions are active, inactive, or in error.
  • Page 31: Corewatch Menus

    You can use the Schematic view to display the CoreWatch tables and dials discussed later in this manual, and configure QoS flows and security filters. To do so, perform one of the following operations: • Move the cursor to an object, click the right-mouse button, and choose a command from the menu that appears.
  • Page 32 • Privileged Password, which is the password you are prompted for when you start Configuration Expert. This password logs you in to Configuration Expert so that you can then use that utility to configure your SSR. If you can access Configuration Expert, you can change your CoreWatch Login password. To change your Login password: Select the Configure menu and choose Change Login Password.
  • Page 33 When using CoreWatch, you can access online help by choosing commands from the Help menu or clicking the Help button. If you click the Help button, CoreWatch displays help specific to the form, dialog box, or other item you are currently using. The following table describes the commands you can choose from the Help menu.
  • Page 34 To exit CoreWatch, select the File menu and choose Exit. CoreWatch prompts you to verify that you want to exit. Click the Quit button.
  • Page 35 Configuration Expert is a Cabletron Systems utility that lets you configure an SSR. This chapter • provides an overview of Configuration Expert. • explains how to start Configuration Expert. • discusses the Configuration Expert window. • describes the different configuration files Configuration Expert uses. •...
  • Page 36: Starting Configuration Expert

    • Configure VLANs • Configure IP and IPX routing • Configure multicast routing • Set QoS policies • Set ACLs and security filters • Configure multiple configuration files on the SSR Like CoreWatch, Configuration Expert is a Java-based GUI. This GUI offers drag-and- drop setup and administration for VLANs and ACLs.
  • Page 37 To open Configuration Expert from the Schematic view: If you are not currently in the Schematic view, switch to it by doing one of the following: – Select the File menu and then choose Open Schematic View. – Click the Open Schematic View button on the CoreWatch toolbar.
  • Page 38: A Look At The Configuration Expert Window

    Schematic View Command STP Bridging (Function) Configure STP Transparent Bridging (Function) Configure Bridging VLAN (Data Object for IP or IPX) Configure VLAN If the Configuration Expert login form appears, enter the Privileged password and click OK. The Configuration Expert window appears. For details on this window, see “A Look at the Configuration Expert Window”...
  • Page 39: Configuration Tree

    The left pane of the Configuration Expert window includes the configuration tree, which you use to navigate to the objects (modules, ports, system, bridging, routing, and so on) you want to create, edit, or delete while configuring the SSR. For details on the configuration tree, see “Configuration Tree”...
  • Page 40 display the contents of the Chassis Configuration object and the Module-1 object. As the figure shows, a plus sign (+) indicates an object can be expanded further and a minus sign (-) indicates an object cannot be expanded. You can close an expanded object by double- clicking it or clicking its minus sign (-).
  • Page 41: Configuration Files

    Configuration Expert stores SSR configuration information in the following configuration files: • Active Configuration—a file containing the configuration settings for the current SSR session. • Startup Configuration—a file containing the configuration settings used whenever the SSR is started. • Custom Configuration—a file in which you can save the settings of an Active Configuration file.
  • Page 42: Wizards And Dialog Boxes

    The configuration tree uses the icons described in the following table to represent configuration tree objects, to indicate that there is a wizard or dialog box associated with an object, and to identify configuration file changes and errors: Icon Description Represents a configuration file or configurable object, such as an interface, VLAN, QoS policy, ACL, and so on.
  • Page 43: Configuration Expert Toolbar

    Property sheets are used to add easily configurable objects and also to modify the configuration settings of objects once they have been added. If there is a dialog box associated with an object, there will be a dialog box icon next to that object.
  • Page 44: Copying Objects

    Object Apply To Effect Interface Applies the security settings of an IP ACL to an IP interface or an IPX, IPX RIP, or IPX SAP ACL to an IPX interface. VLAN Interface Adds a VLAN to an IP or IPX interface. Interface QoS profile Adds an IP or IPX interface to the QoS...
  • Page 45 Dragging an object from one location to another copies the object’s configuration Note: settings. It does not move the object. To drag objects to copy their configuration settings: Double-click objects in the configuration tree until you locate the object from which you want to copy configuration settings.
  • Page 46 servers, and configure the SSR for SNMP traps. For details on performing these tasks, Chapter 5: “Changing System Settings” on page Configure bridging on the SSR as discussed in Chapter 6: “Configuring SSR Bridging” on page Group physical ports on the SSR by configuring VLANs as discussed in Chapter 7: “Configuring VLANs on the SSR”...
  • Page 47 Select one of the options listed in the To Configuration list box to specify to which configuration file or files you want to apply your changes. You should commit changes made in the Active Configuration file to the Active Configuration file after normal business hours or at another time that would not disrupt the network.
  • Page 48 If you commit your changes to the Active Configuration file, the SSR checks the file for configuration errors. Configuration Expert displays a red indicator next to any object that the SSR Note: determines is not configured properly. If you selected Custom, you will be prompted to enter the name of the Custom Configuration file that you want to save your changes.
  • Page 49: Providing System Information

    You change system settings through the System Configuration object of a configuration file. This chapter discusses using Configuration Expert to perform the following tasks: • Providing system information to set the SSR’s name, identify who users should contact regarding the SSR, and indicate the SSR’s location. •...
  • Page 50 A System ID dialog box similar to the following appears: Enter the SSR’s name, the name of the SSR administrator, and the location of the SSR in the appropriate text boxes. Click OK. Configuration Expert lets you enable and disable ports as well as configure the following characteristics: •...
  • Page 51: Configuring An Individual Port

    Cabletron has configured the SSR’s hash mode to its optimal setting. It is recommended you not change the hash mode unless advised to do so by Cabletron Technical Support. You can configure global settings for all SSR ports as well as configure individual ports. If most of an SSR’s ports are to be configured with the same or similar settings, you can first apply global settings to all ports and then modify those settings on individual ports as needed.
  • Page 52 Negotiate Port Speed and Mode check box. Otherwise, clear the check box to disable auto negotiation on all Gigabit Ethernet ports. All Gigabit Ethernet ports use auto negotiation. If auto negotiation is not set on a Gigabit Ethernet port, that port uses the full-duplex mode and operates at 1000 Mbps. If you want to configure 10/100 Mbps Ethernet ports, do one of the following.
  • Page 53 Configuration file and automatically opens that port’s dialog box. If you are modifying that port in the Active Configuration file, go to step step Open the configuration file you want to modify and then double-click that file’s System Configuration object. Double-click the Chassis Configuration object.
  • Page 54 The module’s port list appears. The number of ports in the list depends on the module type. Select the port you want to configure.
  • Page 55 A Physical Attributes of Port dialog box similar to the following appears: Specify whether you want to enable or disable the port by selecting the appropriate option button. Disabled ports do not send or receive any traffic. You might want to disable unused ports to prevent network users from inadvertently or unscrupulously connecting to unoccupied but enabled ports on the SSR.
  • Page 56 Set the Layer 2 hash mode for the port. The hash mode controls the distribution of flow entries in Layer-2 and Layer-3 lookup tables. Assuming a MAC address of the value 0011:2233:4455, the following list describes the various hash modes: –...
  • Page 57 A System Log dialog box similar to the following appears: Enter the host name or IP address of the SYSLOG server. Select the level of messages you want the SSR to log. You may select one of the levels described in the following table: Level Description Fatal...
  • Page 58 As an alternative to a host table on every system, some networks use a centralized Domain Naming System (DNS) server to maintain name-to-IP-address mappings. You may configure the SSR to reach up to three DNS servers. When doing so, you can also specify the domain name the SSR uses for each DNS query and the order in which the SSR searches for the specified DNS servers.
  • Page 59: Establishing Community Strings

    b. In the Name Server Search Order text box, enter the IP address of the DNS server you want to add. Then click the Add button. You can specify the address in dotted-decimal notation. After you click the Add button, Configuration Expert adds the specified server to the list.
  • Page 60 Double-click the SNMP Trap Target object. Do one of the following: – If you are configuring a new trap target, select the Configure New Trap Target object from the list of trap targets. – If you are modifying an existing trap target, select it from the list that appeared after you expanded the SNMP Trap Target object.
  • Page 61 SNMP management stations that want to access the SSR must supply a community string that you establish on the SSR. You can establish an SSR community string by specifying the string’s name and selecting the access privileges for that string. To establish community strings on the SSR: Start Configuration Expert if you have not already done so.
  • Page 62 In the Community String text box, enter a character string for the community string. Set the level of access to the SSR by selecting one of the options described in the following table: Option Description Read-only Allows SNMP GETs but not SNMP SETs on the SNMP management stations that access the SSR through the specified community string.
  • Page 63: Configuring The Bridging Mode Of Ports

    The SSR provides bridging functions. This chapter • provides an overview of bridging on an SSR. • discusses configuring the bridging mode of ports. A port’s bridging mode determines the contents of that port’s Layer-2 lookup table. • discusses controlling the aging state of SSR bridging. The SSR’s aging state determines how long the SSR stores the MAC address information.
  • Page 64 You can configure ports to use either of the following bridging modes. Each port has a Layer-2 lookup table where MAC address or flows are stored. A port’s bridging mode determines the contents of each Layer-2 table entry. A port can use only one type of bridging at a time.
  • Page 65 To configure a port for flow-based bridging: Start Configuration Expert if you have not already done so. Open the configuration file you want to modify and then double-click that file’s Bridging Configuration object. Double-click the Bridging Mode object. A Bridging Mode dialog box similar to the following appears: In the Address Mode list, double-click the module on which the port you want to configure is located.
  • Page 66 Clicking a module in the Address Mode list rather than double-clicking it Note: selects all of the module’s ports that are currently using address-based bridging. Use this method if you are configuring all the ports on a module to use flow-based bridging. Click the Add button.
  • Page 67 In the Flow Mode list, double-click the module on which the port you want to configure is located. Configuration Expert displays the module’s ports that are currently using flow-based bridging. From the list of ports that appears, select the port that you want to configure. Clicking a module in the Flow Mode list rather than double-clicking it selects all of the module’s ports that are currently using flow-based bridging.
  • Page 68 this method if you are configuring all the ports on a module to use address- based bridging. Click the Remove button. Configuration Expert moves the selected port from the Flow Mode list to the corresponding module in the Address Mode list box. Click OK.
  • Page 69: Setting Up A Default Aging Timeout

    A Default Aging Timeout dialog box similar to the following appears: Enter the number of seconds that the SSR is to allow a learned MAC address to remain in the Layer-2 lookup table. You can specify from 15 to 1,000,000 seconds. The default is 300 seconds. Click OK.
  • Page 70: Disabling Aging On A Port

    From the Module drop-down list, select the module containing the port you want to configure. From the Port drop-down list, select the port you want to configure. In the Timeout box, enter the number of seconds that the SSR is to allow a learned MAC address to remain in the Layer-2 lookup table for the specified port.
  • Page 71 In the list of aging objects that appears, select the Aging State object. A Bridge Aging State dialog box similar to the following appears: In the Aging State Enabled list, double-click the module on which the port you want to disable is located. Configuration Expert displays the module’s ports on which aging is enabled.
  • Page 72 Clicking a module in the Aging State Enabled list rather than double-clicking Note: it selects all of the module’s ports on which aging is currently enabled. Use this method if you want to disable aging on all of those ports. Click the Add button.
  • Page 73 In the Aging State Disabled list, double-click the module on which the port you want to enable is located. Configuration Expert displays the module’s ports on which aging is disabled. From the list of ports that appears, select the port on which you want to enable aging.
  • Page 74 Click the Remove button. Configuration Expert moves the selected port from the Aging State Disabled list to the corresponding module in the Aging State Enabled list. Click OK. Configuration Expert adds the port to those found in the Aging Enabled Ports object, which is located in the Aging State object.
  • Page 75 You can define global STP settings that the SSR uses for bridging. To define global STP settings: Start Configuration Expert if you have not already done so. Open the configuration file you want to modify and then double-click that file’s Bridging Configuration object.
  • Page 76 The maximum age is the length of time the SSR keeps the STP-protocol information it receives. You can specify a number from 6 to 40. The default is 20. In the Forward Delay box, enter the number of seconds you want to elapse between the transitions of the different STP states.
  • Page 77 A Set STP Port Specific Settings dialog box similar to the following appears: From the Module drop-down list, select the module containing the port you want to configure. From the Port drop-down list, select the port you want to configure. In the Cost box, enter the STP cost you are assigning to the ports.
  • Page 78 In the list of STP objects that appears, select the STP Port State object. A Bridging STP dialog box similar to the following appears: In the STP Disabled Ports list, double-click the module containing the port you want to configure. Configuration Expert displays the module’s ports on which STP is disabled.
  • Page 79 Clicking a module in the STP Disabled Ports list rather than double-clicking it selects all of the module’s ports on which STP is currently disabled. Use this method if you want to enable STP on all of those ports. Click the Add button. Configuration Expert moves the selected port from the STP Disabled Ports list to the corresponding module in the STP Enabled Ports list.
  • Page 80 In the STP Enabled Ports list, double-click the module containing the port you want to configure. Configuration Expert displays the module’s ports on which STP is enabled. From the list of ports that appears, select the port on which you want to disable STP.
  • Page 81: Modifying Vlans

    You configure VLANs to limit the scope of traffic on the SSR. This chapter • provides an overview of VLANs on the SSR. • lists tips that make VLAN configuration easy. • discusses defining ports for VLANs. • discusses creating the different VLANs the SSR supports. •...
  • Page 82 • Protocol-based VLAN, which divides the physical network into logical VLANs based on one or more of the following protocols: – IP VLAN, which is a VLAN used for IP traffic. – IPX VLAN, which is a VLAN used for IPX traffic. –...
  • Page 83 • When removing ports from a VLAN, you can remove all of a module’s ports at one time rather than removing them individually.To do so, click rather than double-clock the module in the Selected Port List box of the dialog box you use to add ports. Then click the Remove button.
  • Page 84 Do one of the following: – Define an access port by double-clicking that port’s module in the Trunk Ports list. From the list of trunk ports that appears, select the port that you want to define as an access port. Then click the Remove button. After you click the Remove button, Configuration Expert moves the selected port from the Trunk Ports list to the corresponding module in the Access Ports list.
  • Page 85 – Define a trunk port by double-clicking that port’s module in the Access Ports list. From the list of access ports that appears, select the port that you want to define as a trunk port. Then click the Add button. After you click the Add button, Configuration Expert moves the selected port from the Access Ports list to the corresponding module in the Trunk Ports list.
  • Page 86 Open the configuration file you want to modify and then double-click that file’s Bridging Configuration object. Double-click the VLAN Configuration object. Click the Configure New VLAN object. Configuration Expert opens the VLAN wizard. Click Next. Configuration Expert prompts you to specify which type of VLAN you want to configure.
  • Page 87 Select the Protocol-Based VLAN option and then click Next. In the wizard panel that appears, define the VLAN by taking the following steps: In the VLAN Name box, enter a name for the VLAN. The VLAN name is a string up to 32 characters long. You cannot begin a VLAN name with an underscore ( _ ) or the prefix “SYS_.' b.
  • Page 88 or more of the options described in the following table: Option Description Specifies that the VLAN is for IP traffic. Specifies that the VLAN is for IPX traffic. Other Specifies that the VLAN is for bridged protocols. The following figure is an example of the information you enter to define a protocol- based VLAN: Click Next.
  • Page 89 Add a port to the VLAN by doing the following: In the Available Port list, double-click the module on which the port you want to add is located. From the list of available ports that appears, select the port that you want to add.
  • Page 90 b. Click the Add button. Configuration Expert moves the selected port from the Available Port list to the corresponding module in the Selected Port list. If you accidentally add a port that you do not want to include in the VLAN, you may remove it by double-clicking that port’s module in the Selected Port list.
  • Page 91 Click Next. Configuration Expert prompts you to specify which type of VLAN you want to configure. Select the Port-Based VLAN option, then click Next.
  • Page 92 In the wizard panel that appears, define the VLAN by taking the following steps: In the VLAN Name box, enter a name for the VLAN. The VLAN name is a string up to 32 characters long. You cannot begin a VLAN name with an underscore ( _ ) or the prefix “SYS_.”...
  • Page 93 Because port-based VLANs are used for all the different types of protocol traffic, Configuration Expert automatically selects all the Protocol Binding options described in the following table. You cannot change these selections. Option Description Specifies that the VLAN is for IP traffic. Specifies that the VLAN is for IPX traffic.
  • Page 94 b. Click the Add button. Configuration Expert moves the selected port from the Available Port list to the corresponding module in the Selected Port list. If you accidentally add a port that you do not want to include in the VLAN, you may remove it by double-clicking that port’s module in the Selected Port list.
  • Page 95 discussions on modifying the different types of VLANs and changing which ports are included in a VLAN follow. To change the name of a port-based VLAN: Start Configuration Expert if you have not already done so. If you start Configuration Expert from the Schematic view choosing the Configure VLAN command, Configuration Expert automatically expands the Active Configuration file’s tree to the VLAN Configuration object.
  • Page 96 To modify the name, ID, or protocol binding of a protocol-based VLAN: Start Configuration Expert if you have not already done so. If you start Configuration Expert from the Schematic view choosing the Configure VLAN command, Configuration Expert automatically expands the Active Configuration file’s tree to the VLAN Configuration object.
  • Page 97 You can quickly replace an interface’s VLAN with another VLAN. To do so, you either drag an IP VLAN to an IP interface or an IPX VLAN to an IPX interface. To replace an interface’s VLAN by dragging a VLAN to the interface: Start Configuration Expert if you have not already done so.
  • Page 98 Start Configuration Expert if you have not already done so. If you start Configuration Expert from the Schematic view using the Note: Configure VLAN command, Configuration Expert automatically expands the Active Configuration file’s tree to the VLAN Configuration object. If you are adding a VLAN to the Active Configuration file, go to step 3.
  • Page 99 Do one of the following: – If you want to change the ports of a port-based VLAN, double-click the Port Based VLANs object. – If you want to change the ports of a protocol-based VLAN, double-click the Protocol Based VLANs object. From the list of VLANs that appears, double-click the VLAN you want to modify and then click that VLAN’s Bound Port List object.
  • Page 100 Clicking a module rather than double-clicking it in a list box selects all of the module’s ports in that list box. This is a quick way to select all of a module’s ports if you want to add or remove them all at the same time. After you add and remove the desired ports, click OK.
  • Page 101 Configure IP interfaces for the SSR if you want to use the SSR for IP-based unicast or multicast traffic. This chapter • provides an overview of IP • describes creating and modifying IP interfaces • indicates what you need to do after you create IP interfaces The Internet Protocol (IP) is a Layer-3 (network) protocol that provides addressing and control information the SSR needs to route data packets in a network.
  • Page 102 10.0.0.0 11.0.0.0 Host A Router Host B 10.0.0.2 10.0.0.1 11.0.0.1 11.0.0.2 To communicate with one another through the router, the hosts make entries in routing tables as shown in the following table. For example, host A communicates with host B by using the route specified with the 11.0.0.0 10.0.0.1 entry in the host A routing table.
  • Page 103 The 32-bits of an IP address are grouped into four eight-bit octets, which are separated by decimal points. Each bit in an octet has a binary weight (128, 64, 32, 16, 8, 4, 2, 1). Each octet is represented in decimal format and ranges in value from 0 to 255. There are two forms of IP addresses.
  • Page 104 When you create IP interfaces on the SSR, you provide information about the interface (such as its name, IP address, netmask, broadcast address, and so on). You also enable or disable the interface and bind the interface to a single physical port or VLAN. If you want to apply an existing ACL to an interface, Configuration Expert lets you do so either when you create the interface or afterwards.
  • Page 105 Click Next. An IP Interface Definition panel similar to the following appears:...
  • Page 106 Enter the name of the interface in the Interface Name box. Then either select Up to enable the interface or select Down to disable it. Enter the number of bytes you want to specify for the Maximum Transmission Unit (MTU). The MTU is the largest packet size that the SSR can transmit on the network via the interface.
  • Page 107 11. Click Next. Configuration Expert displays a Bound Port List panel. 12. Bind the interface to a single port by doing the following:...
  • Page 108 In the Available Port list, double-click the module containing the desired port. From the list of available ports that appears, select the port that you want to bind to the interface. b. Click the Add button. You can bind only a single port to an interface. If you need to bind multiple ports to the interface, create a VLAN consisting of those ports and bind the interface to that VLAN.
  • Page 109 desired ACL and apply it as discussed in “Applying ACLs to IP or IPX Interfaces” on page 212. 15. If you specified you wanted to apply an ACL, use the Apply IP ACL panel that appears to apply an ACL to the interface. To use the wizard to apply an IP ACL, take the following steps: Select the ACL you want to apply from the ACL Name drop-down list.
  • Page 110 go through, you must explicitly define a rule to permit all traffic. To do so, make sure the last rule of the ACL permits all traffic. If you have created an IP VLAN, you can bind that VLAN to an IP interface while creating the interface.
  • Page 111 Enter the name of the interface in the Interface Name box, then either select Up to enable the interface or select Down to disable it. Enter the number of bytes you want to specify for the Maximum Transmission Unit (MTU). The MTU is the largest packet size that the SSR can transmit on the network via the interface.
  • Page 112 10. Click Next and then click the Bind the interface to VLAN option in the panel that appears. That option is available only if there are existing IP VLANs. 11. Click Next. In the panel that appears, select the name of the VLAN you want to bind to the interface.
  • Page 113 12. Click Next. The Apply ACLs panel appears.
  • Page 114 13. Specify whether you want to apply an ACL to the interface by doing one of the following: – To not apply an ACL, select No and then click Finish. This completes the configuration of the interface but does not apply any ACL to that interface. Configuration Expert adds the new interface to those found in the IP interfaces bound to VLAN object.
  • Page 115 Inbound traffic is packets coming into the interface while outbound traffic is packets going out of that interface. Select Input to filter inbound traffic and select Output to filter outbound traffic. Selecting both check boxes filters both inbound and outbound traffic. Click Finish.
  • Page 116 In the list of interfaces that appears, double-click the one you want to modify. Configuration Expert displays the contents of the object and the Interface Definition dialog box of the interface. If you want to edit the name, interface state, MTU, or MAC encapsulation fields, specify values as you do when creating an IP interface.
  • Page 117 You can add an ACL by selecting it in the Available IP ACLs list and then clicking Add. You can remove an ACL by selecting it in the Selected ACLs list and then clicking Remove. You may also apply an ACL by copying it as discussed in “Copying an ACL to Apply It to an Interface”...
  • Page 118 12. Select or clear the Filter State check boxes to specify whether you want the ACL to filter inbound traffic (Input), outbound traffic (Output), or both input and outbound traffic. Click OK. An IP interface can have up to two ACLs applied to it. If you applied two ACLs Caution: to an interface, one ACL must govern the inbound traffic and the other ACL must govern outbound traffic.
  • Page 119 IP can perform unicast routing using RIP. Configuration Expert lets you configure the SSR for RIP. This chapter • discusses configuring unicast parameters and static entries that can be used by RIP. • provides an overview of RIP. • discusses configuring RIP global parameters, defining IP RIP interfaces, and adding RIP gateways.
  • Page 120 Configuration Expert lets you configure global unicast routing parameters for RIP. To configure these global parameters: Start Configuration Expert if you have not already done so. Open the configuration file you want to modify and then double-click that file’s Routing Configuration object. Double-click the IP Routing Configuration object.
  • Page 121 then the router ID is set to the address of the first interface which is in the up state that the SSR encounters. The address of a non-point-to-point interface is preferred over the local address of a point-to-point interface. Click OK. ARP maps network addresses to MAC addresses.
  • Page 122 Enter the IP address and MAC address of the host’s ARP entry in the appropriate text boxes, then click Next. Configuration Expert displays a Bound Port List panel.
  • Page 123 Bind the entry to a port that the host is connected to by doing the following: In the Available Port list, double-click the module containing the desired port. From the list of available ports that appears, select the port that you want to bind to the entry.
  • Page 124 Enter the route’s IP address and network mask in the appropriate text boxes. In the Gateway IP Address box, enter the IP address of the next-hop gateway associated with the route. In the Next Hop Interface box, enter the IP address of the next-hop interface associated with the route.
  • Page 125 11. Specify whether you want to cause packets to be dropped and unreachable messages to be sent to packet originators by selecting Yes or No for both the Reject packets to this Host and Send Route Unreachable Msg on Rejection options. 12.
  • Page 126 the SSR's subnetwork. You could also configure the SSR to not accept RIP data from the subnetwork but to accept RIP packets from the other RIP router. In the IP environment, RIP bases routing on a hop count. RIP only supports routes that have 0 to 15 hops.
  • Page 127 Preference Default Aggregate/generate routes OSPF AS external routes BGP routes Do not change the default preference values unless you fully understand the implications of doing so. Even though you can set preference in several places, each route has only one preference value associated with it.
  • Page 128 Double-click the IP Routing Configuration object. Double-click the IP Unicast Routing object. Then double-click the RIP Routing object and click the RIP Global Parameters object. A RIP Global Parameters dialog box similar to the following appears: Specify whether you want to enable or disable RIP by selecting the appropriate option.
  • Page 129 The metric 16 (the default) is equivalent in RIP to “infinite” and makes a route Note: unreachable. You must set the default metric to a value other than 16 in order to allow the SSR to export routes from other protocols such as OSPF into RIP. Specify whether the SSR broadcasts RIP packets regardless of the number of interfaces present by doing one of the following: –...
  • Page 130: Creating Ip Interfaces

    Select the IP interface you want to define as an IP RIP interface from the Interface/Name Address drop-down list. The Interface/Name Address drop-down list includes existing IP interfaces. If you have not created the interface you want to configure for RIP, create one as discussed in “Creating IP Interfaces”...
  • Page 131 Parameter Description RIP Packet Transmission Specify whether the interface can send RIP updates. Select Enabled if you want to send RIP updates from the interface. Otherwise, select Disabled. The setting of this option does not affect the sending of updates to source gateways. RIP Protocol Version Select which version of RIP is used on the interface.
  • Page 132 Configuration Expert adds the interfaces on which RIP is enabled to the list of interfaces found in the RIP Enabled IP Interfaces object. Deleting the interface from that object will disable RIP on the interface, but the interface will still be configured for IP and available as an IP interface.
  • Page 133 Double-click the IP Unicast Routing object and then double-click the RIP Routing object. Double-click the RIP Source Gateways object. Click the Configure New RIP Source Gateway object. In the RIP Source Gateway dialog box that appears, enter the IP address or host name of a router that you want to send RIP updates rather than using broadcast or multicast messages.
  • Page 135: Configuring Dvmrp Routing On The Ssr

    Multicast routing on the SSR is supported through the Distance Vector Multicast Routing Protocol (DVMRP) and Internet Group Management Protocol (IGMP). DVMRP is used to determine forwarding of multicast traffic between SSRs. IGMP is used to determine host membership on directly attached subnets. This chapter •...
  • Page 136: Defining Dvmrp Tunnels

    Task Force (IETF) document. The SSR’s implementation of DVMRP supports the following: • mtrace, which is a utility that tracks the multicast path from a source to a receiver. • Generation identifiers, which are assigned to DVMRP whenever that protocol is started on a router.
  • Page 137: Enabling Or Disabling Dvmrp On Tunnels

    • Enabling or disabling DVMRP on tunnels. Set DVMRP global parameters to enable or disable multicast routing on the SSR and to specify whether or not the SSR performs pruning to exclude interfaces not in the shortest path tree. To set the SSR’s DVMRP global parameters: Start Configuration Expert if you have not already done so.
  • Page 138 When configuring the SSR for DVMRP, you can enable or disable that protocol on IP interfaces. If you enable DVMRP on an interface, you can set DVMRP parameters on that interface. To configure DVMRP interfaces: Start Configuration Expert if you have not already done so. Open the configuration file you want to modify and then double-click that file’s Routing Configuration object.
  • Page 139 If you are defining a new DVMRP interface, select the IP address or host name of the interface on which you are enabling or disabling DVMRP. You will not be able to change the IP address if you are modifying an existing DVMRP interface.
  • Page 140 – If you are modifying an existing tunnel, select that tunnel. – If you are creating a new tunnel, select the Configure New IP Tunnel option. An IP Tunnel Definition dialog box similar to the following appears: Enter the tunnel’s name. Enter the IP addresses of the local and remote end points of the tunnel.
  • Page 141 Set the DVMRP parameters as discussed in the following table: Field Description Metric Enter a number from 1 to 16 in the Metric box to specify the metric (cost) of the interface. Rate Enter the speed at which you want outgoing traffic to pass through the interface.
  • Page 142 Enable and disable DVMRP on tunnels. To enable DVMRP on a tunnel, select that tunnel from the Available Tunnels list and click the Add button. To disable DVMRP on a tunnel, select that tunnel from the DVMRP Tunnels list and click the Remove button.
  • Page 143: Setting Igmp Global Parameters

    On the SSR, IGMP can be configured on a per interface basis. You can configure an SSR interface to support IGMP only or both IGMP and DVMRP. If an interface is configured for both IGMP and DVMRP, IGMP starts and stops automatically with DVMRP. On the SSR, IGMP keeps track of members on a per port basis even though an interface might contain multiple ports.
  • Page 144 Open the configuration file you want to modify and then double-click that file’s Routing Configuration object. Double-click the IP Routing Configuration object. Double-click the IP Multicast Routing object. Then double-click the IGMP Protocol object and click the IGMP Global Parameters object. An IGMP Global Parameters Configuration dialog box similar to the following appears: In the Query Timer box, specify how often the SSR sends packets to learn which hosts...
  • Page 145 Start Configuration Expert if you have not already done so. Open the configuration file you want to modify and then double-click that file’s Routing Configuration object. Double-click the IP Routing Configuration object. Double-click the IP Multicast Routing object and then double-click the IGMP Protocol object.
  • Page 146 Specify whether you want to enable or disable IGMP on the interface by selecting the appropriate options. Click OK. Repeat step 5 through step 8 until you configure all the IGMP interfaces necessary for your network environment. Configuration Expert adds the interfaces on which IGMP is enabled to the list of interfaces found in the IGMP Enabled Interface object.
  • Page 147: Creating Ipx Interfaces

    The Internetwork Packet Exchange (IPX) is a datagram connectionless protocol for the Novell NetWare environment. You can configure the SSR for IPX routing and SAP. This chapter • provides an overview of IPX on the SSR. • discusses creating IPX interfaces, which are bound to either a port or VLAN. •...
  • Page 148 The SSR uses IPX RIP to create and maintain a database of internetwork routing information. The SSR's implementation of RIP allows the following exchanges of information: • Workstations locate the fastest route to a network number by broadcasting a route request.
  • Page 149 When you create IPX interfaces on the SSR, you provide information about the interface (such as its name, output MAC encapsulation, and IPX address). You also enable or disable the interface and bind the interface to a single port or VLAN. If you want to apply an existing ACL to an interface, Configuration Expert lets you do so either when you create the interface or afterwards.
  • Page 150 Click Next. An IPX Interface Definition panel similar to the following appears:...
  • Page 151 Enter the name of the interface in the Interface Name box. Then either select Up to enable the interface or select Down to disable it. Set the output MAC encapsulation you want associated with the interface by selecting one of the following from the Output MAC Encapsulation drop-down list: –...
  • Page 152 10. Click Next. Configuration Expert displays a Bound Port List panel similar to the following: 11. Bind the interface to a single port by doing the following:...
  • Page 153 In the Available Port list, double-click the module containing the desired port. From the list of available ports that appears, select the port that you want to bind to the interface. b. Click the Add button. You can bind only a single port to an interface. If you need to bind multiple ports to the interface, create a VLAN consisting of those ports and bind the interface to that VLAN.
  • Page 154 desired ACL and apply it as discussed in “Applying ACLs to IP or IPX Interfaces” on page 212. 14. If you specified you wanted to apply an ACL, use the Apply IPX ACL panel that appears to apply an ACL to the interface. To use the wizard to apply an IPX ACL, take the following steps: Select the ACL you want to apply from the ACL Name drop-down list.
  • Page 155 Configuration Expert adds the new interface to those found in the IPX interfaces bound to Ports object. When you apply an ACL to an interface, the SSR appends an implicit deny rule to that ACL. The implicit deny rule denies all traffic. If you intend to allow all traffic that does not match your specified ACL rules to go through, you must explicitly define a rule to permit all traffic.
  • Page 156 An IPX Interface Definition panel similar to the following appears: Enter the name of the interface in the Interface Name box. Then either select Up to enable the interface or select Down to disable it. Set the output MAC encapsulation you want associated with the interface by selecting one of the following from the Output MAC Encapsulation drop-down list: –...
  • Page 157 Click Next and then select the Bind the interface to VLAN option in the panel that appears. This option is available only if there are existing IPX VLANs. 10. Click Next. In the panel that appears, select the name of the VLAN you want to bind to the interface.
  • Page 158 11. Click Next. The Apply ACLs panel appears.
  • Page 159 12. Specify whether you want to apply an ACL to the interface by doing one of the following. – To not apply an ACL, select No. Then click Finish, which completes the configuration of the interface but does not apply any ACL to that interface. Configuration Expert adds the new interface to those found in the IPX interfaces bound to VLAN object.
  • Page 160 traffic, outbound traffic, or both inbound and outbound traffic. Inbound traffic is packets coming into the interface while outbound traffic is packets going out of that interface. Select Input to filter inbound traffic. Select Output to filter outbound traffic. Selecting both check boxes filters both inbound and outbound traffic. You can apply up to two of each of the different IPX ACLs (IPX, IPX RIP, and IPX SAP) to an IPX interface.
  • Page 161 Double-click the IPX Interface Configuration object. Then do one of the following: – If the interface you want to modify is bound to a port, double-click the IPX Interfaces bound to Ports object. – If the interface you want to modify is bound to a VLAN, double-click the IPX Interfaces bound to VLAN object.
  • Page 162 – If you are modifying a VLAN-bound interface, click the interface’s VLAN object, select a new VLAN from the VLAN Name drop-down list that appears in the Interface Definition dialog box, and click OK. If you want to change which ACLs are applied to the interface, double-click the Bound IPX Security object.
  • Page 163 12. Select or clear the Filter State check boxes to specify whether you want the ACL to filter inbound traffic (Input), outbound traffic (Output), or both input and outbound traffic. Click OK. : You can apply up to two of each of the different IPX ACLs (IPX, IPX RIP, and IPX Caution SAP) to an IPX interface.
  • Page 164 • A router request for the names and addresses of either all the servers or all the servers of a certain type on the internetwork • A response to either a workstation or router request • Periodic broadcast by servers and routers •...
  • Page 165 Configure the IPX SAP entry as discussed in the following table: Field Description Server Name Name of the IPX server. You can use any characters in the name except the following: " * . / : ; < = > ? [ ] \ | ]. Service Type The type of service.
  • Page 166 After configuring the SSR for IPX, you may perform the following tasks. Both tasks are optional. • Control traffic as discussed in Chapter 12: “Configuring QoS on the SSR” on page 167. • Set up security as discussed in Chapter 13: “Configuring Security on the SSR” on page 195.
  • Page 167: Establishing The Ssr's Queuing Policy

    After you define interfaces on the SSR, you can configure QoS policies to control traffic. This chapter • provides an overview of QoS. • lists the order in which you perform the various QoS-configuration tasks. • discusses establishing the SSR’s queuing policy. •...
  • Page 168 – medium – Setting priorities for network traffic helps ensure that critical traffic will reach its destination even if the exit ports for the traffic are experiencing greater than maximum utilization. Control priority is reserved for system control traffic. Assign that priority Note: only when necessary.
  • Page 169 Specify whether you want to use strict priority or weighted-fair queuing by selecting the appropriate option. If you selected the Use Weighted-Fair Queuing option, set the amount of bandwidth you want allocated to each of the control, high, medium, and low priorities. If you selected Use Strict Priority Based Queuing, skip to step The percentages you enter apply to all ports.
  • Page 170 • Destination TCP or UDP port • Destination IP address • Source TCP or UDP port • Source IP address • Type of Service (TOS) for the packet • Incoming interface • Protocol (TCP or UDP) To assign the IP QoS precedence: Start Configuration Expert if you have not already done so.
  • Page 171 select that field and then click the Up and Down buttons until the field is listed next to the desired precedence value. You may assign a precedence value from 1 to 7, where 1 is the highest precedence value. The default precedences of the fields are Destination Port (1), Destination IP Address (2), Source Port (3), Source IP Address (4), TOS (5), Interface (6), Protocol (7).
  • Page 172 Assign one of the precedence values shown in the Order list to each of the IP-flow fields shown in the Flow Components list. To assign a precedence value to a field, select that field and then click the Up and Down buttons until the field is listed next to the desired precedence value.
  • Page 173 • Specifying to what you want the flow to apply. You apply IP and IPX flows to one or more interfaces. You apply Layer-2 flows to one or more ports. The method you use to create a QoS profile depends on whether you are defining an IP, IPX, or Layer-2 flow.
  • Page 174 Click Next. A QoS L3/L4 Flow Priority panel similar to the following appears: Enter the flow’s name in the Flow Name box.
  • Page 175 From the Flow Priority drop-down list, select the priority you want to assign to the fields listed in the Flow Definition section of the panel. The following table describes the priorities you may set: Priority Description control Assigns control priority to the IP flow fields you specify. This is the highest priority.
  • Page 176 Field Description Source Mask Enter the network mask for which you are assigning a priority. You can specify the mask using the traditional IP address format (“255.255.0.0”). If you want to use the Classless Inter- Domain Routing (CIDR) format (“/16”), you may do so as discussed in the SmartSwitch Router Command Line Interface Reference Manual.
  • Page 177 10. Do one of the following: – If you selected No, click Finish. Configuration Expert adds the QoS Profile to those included in the IP QoS Profiles object. – If you selected Yes, click Next. In the Policy Input Interface List panel that appears, specify which interfaces you want to apply the flow to by selecting the desired interfaces from those included in the Available Interfaces list box and clicking the Add button.
  • Page 178 If you accidentally add a wrong interface, remove it by selecting it in the Selected Interfaces list and clicking the Delete button. After you click Finish, Configuration Expert adds the QoS Profile to those included in the IP QoS Profiles object. To create a QoS profile for an IPX flow: Start Configuration Expert if you have not already done so.
  • Page 179 Click Next. Configuration Expert prompts you to specify which type of flow you want to define. Select IPX Flow and click Next.
  • Page 180 An IPX Policy Definition panel similar to the following appears: Specify the flow’s name in the Name box. From the Flow Priority drop-down list, select the priority you want to assign to the fields listed in the Flow Definition section of the panel. The following table describes the priorities you may set: Priority Description...
  • Page 181 Define each flow field as discussed in the following table. You can enter ANY in a flow field to specify a wildcard (“don’t care”) condition. Field Description Source Network Enter the IPX source network address. Specify it in the following format: a1b2c3d4. Source Net Mask Enter the IPX source network mask.
  • Page 182 10. Do one of the following: – If you selected No, click Finish. Configuration Expert adds the QoS Profile to those included in the IPX QoS Profiles object. – If you selected Yes, click Next. In the panel that appears, specify which interfaces you want to apply the flow to by selecting the desired interfaces from those included in the Available Interfaces list and clicking the Add button.
  • Page 183 If you accidentally add a wrong interface, remove it by selecting it in the Selected Interfaces list and clicking the Delete button. After you click Finish, Configuration Expert adds the QoS Profile to those included in the IPX QoS Profiles object. To create a QoS profile for a Layer-2 flow: Start Configuration Expert if you have not already done so.
  • Page 184 Click Next. Configuration Expert prompts you to specify which type of flow you want to define. Select L2 Flow and click Next.
  • Page 185 An L2 Flow Priority Definition panel similar to the following appears: Specify the flow’s name in the Name box. From the Flow Priority drop-down list, select the priority you want to assign to the fields listed in the Flow Definition section of the panel. The following table describes the priorities you may set: Priority Description...
  • Page 186 Define each flow field as discussed in the following table: Field Description Source MAC Addr Enter the Layer-2 source MAC address. Specify the MAC xx:xx:xx:xx:xx:xx address in the format. Destination MAC Addr Enter the Layer-2 destination MAC address. VLAN ID Enter the ID of a VLAN.
  • Page 187 To specify a port, double-click that port’s module in the Update Port list, select the port from the port list that appears, and click the Add button. Clicking a module rather than double-clicking it selects all of that module’s ports. This is a quick way to specify all of a module’s ports.
  • Page 188: Creating A Qos Profile For An Ip Flow

    Start Configuration Expert if you have not already done so. Open the configuration file you want to modify and then double-click that file’s QoS Configuration object. Double-click the IP QoS Profiles object. From the list of IP QoS profiles that appears, click the one you want to edit. A QoS L3/L4 Flow Priority dialog box similar to the following appears: Change the flow’s name, priority, or fields by editing the appropriate options.
  • Page 189: Creating A Qos Profile For An Ipx Flow

    Open the configuration file you want to modify and then double-click that file’s QoS Configuration object. Double-click the IPX QoS Profiles object. From the list of IPX QoS profiles that appears, click the one you want to edit. An IPX Policy Definition dialog box similar to the following appears: Change the flow’s name, priority, or fields by editing the appropriate options.
  • Page 190: Creating A Qos Profile For A Layer-2 Flow

    Double-click the Layer-2 QoS Profiles object. From the list of Layer-2 QoS profiles that appears, click the one you want to edit. An L2 Flow Priority Definition dialog box similar to the following appears: Change the flow’s name, priority, or fields by editing the appropriate options. The values for these options were specified when the QoS profile was created.
  • Page 191 To use a dialog box to add an interface to a flow’s list of interfaces or delete one from the list: Start Configuration Expert if you have not already done so. Open the configuration file you want to modify and double-click the QoS Configuration object.
  • Page 192 – To delete interfaces, select them in the Selected Interfaces list and click the Delete button. Click OK. You can add an interface to a QoS profile’s list of interfaces by dragging the interface to the flow. This will apply the flow to the interface. To apply a flow by dragging an interface to a QoS profile flow: Start Configuration Expert if you have not already done so.
  • Page 193 From the list of flows that appears, double-click the flow associated with the port list you want to change. Click the flow’s Bound Port List object. A Bound Port List dialog box similar to the following appears: Specify which ports you want the flow to apply to by adding and removing ports in the port list.
  • Page 195 You configure security on the SSR by defining Access Control Lists (ACLs) for IP and IPX interfaces, applying those ACLs to interfaces, and setting Layer-2 filters. This chapter • provides an overview that briefly describes ACLs. • discusses setting security on IP networks. •...
  • Page 196 You can set security on an IP network by configuring ACLs that you will apply to IP interfaces. To set security: Start Configuration Expert if you have not already done so. Open the configuration file you want to modify and then double-click that file’s Security Configuration object.
  • Page 197 Enter the ACL’s name in the ACL Name box and click Next. An IP ACL Rule panel similar to the following appears:...
  • Page 198 If you want to permit traffic that meets the rule’s criteria, select the Permit option. Otherwise, block such traffic by selecting the Deny option. Specify the protocol to which the rule applies by selecting the appropriate option (IP, UDP, or TCP). Define the rule’s criteria by specifying values for the fields described in the following table.
  • Page 199 Field Description Source Port For TCP or UDP, enter the number of the source TCP or UDP port. This field applies only to TCP or UDP traffic. If the incoming packet is ICMP or another non-TCP or non-UDP packet and you specified a source or destination port, the SSR does not check the port value.
  • Page 200: Setting Ipx Security

    After you finish defining all of an ACL’s rules, Configuration Expert adds the ACL to the IP Security object. Configuration Expert also adds a separate object for each rule and places this list of rules in the ACL object. The rule numbers displayed in an ACL’s list of rules, are automatically assigned by Configuration Expert.
  • Page 201 Click Next. Configuration Expert prompts you for the ACL’s name. Enter the ACL’s name in the ACL Name box.
  • Page 202 You can use a string of characters or a number. Click Next. An IPX ACL Type panel similar to the following appears: Click Next. An IPX ACL Rule panel similar to the following appears:...
  • Page 203 If you want to permit IPX traffic that meets the rule’s criteria, select the Permit option. Otherwise, block such traffic by selecting the Deny option. 10. Define the rule’s criteria by specifying values for the fields described in the following table: Field Description...
  • Page 204 Field Description Source MAC Addr Enter the source’s MAC address. You can enter ANY to specify a wildcard (“don’t care”) condition. The SSR will interpret this number in hexadecimal format. You do not need to use a “Ox” prefix. Source Socket Enter the source’s IPX socket.
  • Page 205 After you finish defining all of an ACL’s rules, Configuration Expert adds the ACL to the IPX ACLs object. Configuration Expert also adds a separate object for each rule and places this list of rules in the ACL object. The rule numbers displayed in an ACL’s list of rules, are automatically assigned by Configuration Expert.
  • Page 206 Enter the ACL’s name in the ACL Name box. You can use a string of characters or a number. Click Next. An IPX ACL Type panel similar to the following appears:...
  • Page 207 Select IPX RIP and click Next. An IPX RIP ACL Rule panel similar to the following appears: If you want to permit IPX RIP network advertisements that meet the rule’s criteria, select the Permit option. Otherwise, block such advertisements by selecting the Deny option.
  • Page 208 10. Define the rule’s criteria by specifying values for the fields described in the following table: Field Description Source Network Enter the source’s network address. You can enter ANY to specify a wildcard (“don’t care”) condition. If you enter ANY, the SSR uses the value 0 for the source network address and ..
  • Page 209 Set up IPX SAP filters to permit or deny IPX SAP service advertisements. You set up such filters by configuring an ACL for IPX SAP interfaces. To do so, take the following steps: Start Configuration Expert if you have not already done so. Open the configuration file you want to modify and then double-click that file’s Security Configuration object.
  • Page 210 Enter the ACL’s name in the ACL Name box. You can use a string of characters or a number. Click Next. An IPX ACL Type panel similar to the following appears:...
  • Page 211 Select IPX SAP and click Next. An IPX SAP ACL Rule panel similar to the following appears: If you want to permit IPX SAP service advertisements that meet the rule’s criteria, select the Permit option. Otherwise, block such advertisements by selecting the Deny option.
  • Page 212 Field Description Service Type Enter the SAP service type. You may enter the service type as hexadecimal or select one of the choices from the Service Type drop-down list. You do not need to use a “0x” prefix. You can enter ANY to specify a wildcard (“don’t care”) condition.
  • Page 213 administrator to know ahead of time that a packet should be dropped at the inbound interface. Nonetheless, for performance reasons, whenever possible, one should create and apply an ACL to the inbound interface. When a packet comes into a router at an interface where an inbound ACL is applied, the router compares the packet with the rules specified by that ACL.
  • Page 214 Do one of the following: – If you are applying the ACL to an IP interface, double-click the interface’s Applied IP ACLs object. – If you are applying the ACL to an IPX interface, double-click the interface’s Bound IPX Security object and then its Applied IPX ACLs object. Expand the configuration tree until you locate the ACL you want to apply.
  • Page 215 Do one of the following: – If the interface you want to modify is bound to a port, double-click the bound to ports object of the interface to which you are applying the ACL. – If the interface you want to modify is bound to a VLAN, double-click the bound to VLAN object of the interface to which you are applying the ACL.
  • Page 216 If you are applying multiple ACLs to an interface, configure those ACLs to govern either inbound traffic or outbound traffic. To do so, take the following steps: Click an ACL that you want to apply to inbound traffic. In the Access Control List: Edit ACL dialog box that appears, select the Input check box and ensure that the Output check box is not selected.
  • Page 217 If you want to control access to a source or destination on a per-MAC address basis, you can configure address filters. Address filters are always configured and applied to the input port. You can set address filters on the following: •...
  • Page 218 Configuration Expert prompts you to select a filter type. Click Next. An L2 Address Filter panel similar to the following appears:...
  • Page 219 Enter the filter’s name, source MAC address, destination MAC address, and VLAN ID in the appropriate text boxes. Use the source MAC address for source or flow address filters. Use the Destination MAC Address for destination or flow static entries. Click Next.
  • Page 220 allowed to connect to the “locked” port and the specified source MAC address is not allowed to connect to any other ports. To configure a port-to-address lock filter: Start Configuration Expert if you have not already done so. Open the configuration file you want to modify and then double-click that file’s Security Configuration object.
  • Page 221 Select L2 Port Address Lock Filters and click Next. An L2 Port Address Lock Filter panel similar to the following appears:...
  • Page 222 Enter the filter’s name, source MAC address, and VLAN ID in the appropriate text boxes. Click Next. In the Bind to Port panel that appears, specify to which ports you want to apply the filter. If you apply a port address lock filter to a port, you can use a static- entry filter to allow packets from a specific source to use that port even though it is locked.
  • Page 223 MAC addresses in flow bridging mode. Static entries are always configured and applied at the input port. You can set the following static-entry filters: • Source static entry, which specifies that any frame coming from a specific source MAC address will be allowed or disallowed to go to a set of ports. •...
  • Page 224 Select L2 Static Filters and click Next. An L2 Static Filter panel similar to the following appears: Enter the filter’s name in the Name box.
  • Page 225 Specify the forwarding behavior of the static entry by doing one of the following: – Select ALLOW to allow packets to go to a specific set of ports. – Select DISALLOW to prohibit packets from going to a specific set of ports. –...
  • Page 226 11. Click Next. In the second Bind to Port panel that appears, specify the ports to which you are allowing, disallowing, or forcing packets. Then click Finish. Configuration Expert adds the filter to those found in the L2 Static Entries object. The ports to which the filter applies are included in that filter’s Bound Port List object.
  • Page 227 Click Next. Configuration Expert prompts you to select a filter type. Select L2 Secure Port Filters and click Next.
  • Page 228 An L2 Port Filter panel similar to the following appears: Enter the filter’s name in the Name box. Select either the Source or Destination option to specify whether the filter is to secure a source port or a destination port. Specify the VLAN by entering its ID in the VLAN ID box.
  • Page 229 If you want to apply the filter to a port, double-click that port’s module in the Available Port list, select the port from the port list that appears, and click the Add button. Clicking a module rather than double-clicking it selects all of that module’s ports. This is a quick way to apply the filter to all of a module’s ports.
  • Page 230 To change an ACL’s name: Start Configuration Expert if you have not already done so. Open the configuration file you want to modify and then double-click that file’s Security Configuration object. Do one of the following: – Double-click the IP Security object and then the IP ACLs object if you are modifying an IP ACL.
  • Page 231 To add a rule to an existing ACL or modify an ACL’s rule: Start Configuration Expert if you have not already done so. Open the configuration file you want to modify and then double-click that file’s Security Configuration object. Do one of the following: –...
  • Page 232 In the list of filters that appears, click the one you want to modify. Configuration Expert displays the selected filter’s dialog box. Edit the dialog box. The options of a filter’s dialog box are the same as those you specify when creating such a filter.
  • Page 233 Specify which port’s you want to bind to the filter by adding and removing ports in the port list. – To add a port, double-click its module in the Available Port list, select the port from the list of ports that appears, and click the Add button. –...
  • Page 235 You can use CoreWatch to set global OSPF parameters to start or stop OSPF on the SSR and specify how often autonomous-system export link-state advertisements will be generated and flooded into OSPF. To set the SSR’s global OSPF parameters: Start Configuration Expert if you have not already done so. Open the configuration file you want to modify and then double-click that file’s Routing Configuration object.
  • Page 236 An OSPF Global Parameters dialog box similar to the following appears: Set the OSPF Facility State option to Start or Stop. In the ASE LSA Export Interval box, enter the interval at which autonomous-system, link-state advertisements are generated and flooded into OSPF. Specify an integer value equal to or greater than 1.
  • Page 237 To create OSPF area tables: Start Configuration Expert if you have not already done so. Open the configuration file you want to modify and then double-click that file’s Routing Configuration object. Double-click the IP Routing Configuration object. Double-click the IP Unicast Routing object and then double-click the OSPF Area Table object.
  • Page 238 The OSPF Area Definition panel appears. Create an area by either selecting the Backbone option to add the backbone area or selecting the Other option and then entering an ID number in the Area ID box. Specify whether the area you are adding is a stub by selecting the appropriate option. If you select Stub, specify the cost to be used to inject a default route into the area.
  • Page 239 10. If you selected Yes to specify you want to associate a network with the area, use the OSPF Network Definition panel that appears to specify which network you want to associate with the area. Otherwise, skip to step Enter the network address and address mask in the appropriate text boxes.
  • Page 240 b. If the specified network is a host network, then check the host-network box. If you do not want to advertise the network or host network in the Summary Network link-state advertisements, select Restrict Network Advertisement. d. To associate another network with the area, select the Add More Address checkbox, click Next, and repeat step a through...
  • Page 241 To add a broadcast interface, take the following steps: From the Interface/Name Address drop-down list, select the IP interface you want to configure as a broadcast interface. b. Select the appropriate Interface State option to enable or disable the interface. Select or clear the Disallow Multicast Packets to Neighbors check box to specify whether the SSR is to send multicast packets to neighbors on point-to-point interfaces.
  • Page 242 d. Enter the interface cost and designated router priority for the broadcast interface in the appropriate text boxes. See the following table for more detailed information: Option Description Interface Cost Enter the sum of all interfaces a packet from the area must cross to reach the interface.
  • Page 243 g. Set the advanced options on the interface as discussed in the following table: Option Description LSA Retransmission Interval Enter the number of seconds between link-state advertisement retransmissions for adjacencies belonging to the interface. Specify an integer value equal to or greater than 1. The default is 5 seconds. Transit Delay Enter the estimated number of seconds required to transmit a link-state update over the interface.
  • Page 244 14. If you selected Yes to specify you want to add a non-broadcast interface, add the interface. Otherwise, skip to step To add a non-broadcast interface, take the following steps:...
  • Page 245 From the Interface/Name Address drop-down list, select the IP interface you want to configure as a non-broadcast interface. b. Select the appropriate Interface State option to enable or disable the interface. Select or clear the Disallow Multicast Packets to Neighbors check box to specify whether the SSR is to send multicast packets to neighbors on point-to-point interfaces.
  • Page 246 Set the advanced options on the interface as discussed in the following table: Option Description LSA Retransmission Interval Enter the number of seconds between link-state advertisement retransmissions for adjacencies belonging to the interface. Specify an integer value equal to or greater than 1. The default is 5 seconds. Transit Delay Enter the estimated number of seconds required to transmit a link-state update over the interface.
  • Page 247 Option Description Hello Interval Enter an integer value from 0 to 255 to specify the estimated number of seconds between Hello packets that the router sends on the interface. The default is 10 seconds for broadcast networks and 30 seconds for both point-to-point and non-broadcast interfaces.
  • Page 248 h. Add a neighbor to the interface by taking the following steps: Specify the IP address of the NBMA neighbor you want to add to the interface. ii. Select or clear the Eligible to Become Designated Router check box to specify whether the OSPF NBMA neighbor is eligible for becoming a designated router.
  • Page 249 Configuration Expert prompts you to specify whether you want to add a stub host. 15. Do one of the following: – If you do not want to add a stub host, select No. – If you want to add a stub host, select Yes and then define the host in the OSPF Area Stub Host panel that appears.
  • Page 250 To add a stub host, take the following steps: Enter the address of the stub host. b. Enter an integer value from 0 to 65535 to specify the cost that should be advertised for the directly attached stub host. To add another stub host, select the Add More Stub Hosts check box, click Next, and then repeat step a step b...
  • Page 251 b. Select Yes and then click Next. A Virtual Link panel similar to the following appears: Enter a virtual link name, then enter an IP address of an OSPF virtual link...
  • Page 252 neighbor and the Area ID of the transit area in the appropriate text boxes. d. Enable or disable the interfaces Select or clear the Disallow Multicast Packets to Neighbor check box to specify whether the SSR is to send multicast packets to neighbors on point-to-point interfaces.
  • Page 253 Option Description LSA Retransmission Enter the number of seconds between link-state Interval advertisement retransmissions for adjacencies belonging to the virtual link. Specify a number equal to or greater than 1. Transit Delay Enter the estimated number of seconds required to transmit a link-state update over the virtual link.
  • Page 254: Creating Ospf Area Tables

    The options of the dialog box are the same as those you specified while creating the area table. For details on specifying these options, see “Creating OSPF Area Tables” on page 237.
  • Page 255 CoreWatch can display the following system information: • Details about which modules are installed in the SSR chassis and the number of ports available on those modules. • Details about individual ports. This includes data about which module each port is on, a port’s bridging status, information about the VLAN associated with each port, and IP address information of a port.
  • Page 256 The following table describes the fields of the Chassis Info table’s upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables”...
  • Page 257 If you are not currently in the Front Panel view, switch to it by clicking the CoreWatch main window. Select the Monitor menu, choose System State, and then choose Port Table. A Port table similar to the following appears: The following table describes the fields of the Port table’s upper frame. The Selection Details frame displays information about the item currently selected in the upper frame.
  • Page 259 You may obtain current statistics about the following: • System performance, which indicates the speed at which the SSR is transmitting and receiving bytes and packets. • Overall use of all the ports of an SSR. • Packets, bytes, and errors on specific ports. •...
  • Page 260 Do one of the following: – Select the Monitor menu, choose Performance, and then choose System Dashboard. – Click the System Dashboard button on the CoreWatch toolbar. A Select Dials to be Displayed dialog box similar to the following appears: Specify which dials you want to display by selecting the desired dial names from the list box on the left.
  • Page 261 If you selected multiple dials, specify how you want CoreWatch to display the dials by selecting one of the options described in the following table: Select To display the dials Horizontal In a single row. Vertical In a single column. Tiled In multiple rows and columns.
  • Page 262 In the Dial Options dialog box that appears, select the check boxes of each dial you want to scale and also select the desired scale for those dials. If you selected multiple dials, specify the manner in which you want CoreWatch to display the dials by selecting one of the options described in the following table: Select To display the dials...
  • Page 263 – Click the Port Utilization Summary button on the CoreWatch toolbar. – Select the Monitor menu, choose Performance, and then choose Port Utilization Summary. A Port Utilization Summary dialog box similar to the one described in the following figure appears:...
  • Page 264 The following table describes the different items of the Port Utilization Summary dialog box: Item Description Module Identifier Indicates which of the following Ethernet modules are installed in an SSR slot: • 10/100-TX • 100-FX • Gigabit-LX • Gigabit-SX Port Identifier Identifies each port's number and indicates the speed of those ports.
  • Page 265 You can obtain statistics about a port's incoming and outgoing unicast, multicast, and broadcast packets. To display such information: In the Front Panel view, click the port that you want to monitor. Do one of the following: – Double-click the port that you want to monitor. –...
  • Page 266: Using The Graph Toolbar

    gathering of statistics by using the Graph toolbar as discussed in “Using the Graph Toolbar” on page 277. Abbreviation Description InUniPkts Incoming unicast packets. OutUniPkts Outgoing unicast packets. InMultiPkts Incoming multicast packets. OutMultiPkts Outgoing multicast packets. InBrdPkts Incoming broadcast packets. OutBrdPkts Outgoing broadcast packets.
  • Page 267 The following table describes the abbreviations used in the legend located at the bottom of the graph. You can control the graph's appearance and pause or resume the gathering of statistics by using the Graph toolbar as discussed in “Using the Graph Toolbar”...
  • Page 268 A Port Error Statistics graph similar to the following appears. By examining the graph, you can determine how many of the different errors a port is experiencing and the time at which those errors occurred. The following table describes the abbreviations used in the legend located at the bottom of the graph.
  • Page 269 CoreWatch lets you obtain current statistics for • the number of unicast, multicast, and broadcast packets being sent and received on the IP interfaces of an SSR. • reassembly and fragmentation activities on the IP interfaces of an SSR. • errors related to the IP data the SSR receives or sends.
  • Page 270 The following table describes the abbreviations used in the legend located at the bottom of the graph. You can control the graph's appearance and pause or resume the gathering of statistics by using the Graph toolbar as discussed in “Using the Graph Toolbar”...
  • Page 271 The following table describes the abbreviations used in the legend located at the bottom of the graph. You can control the graph's appearance and pause or resume the gathering of statistics by using the Graph toolbar as discussed in “Using the Graph Toolbar”...
  • Page 272 Obtain IP error statistics for an SSR if you want to determine how many datagrams that SSR discarded because there was not enough buffer space or there were problems that prevented the processing of datagrams. To display such information: If you are not currently in the Front Panel view, switch to it by clicking the CoreWatch main window.
  • Page 273 gathering of statistics by using the Graph toolbar as discussed in “Using the Graph Toolbar” on page 277. Abbreviation Description InHdrErr Incoming IP datagrams the SSR discarded because of problems in their headers (such as bad checksums, version number mismatching and other formatting errors, and problems in processing IP options).
  • Page 274 Obtain IPX packet statistics if you want to determine the following: • How many IPX packets the SSR received and how many of those packets were delivered on the SSR. • How many times the SSR was requested to send IPX information and how many IPX packets the SSR actually sent.
  • Page 275 gathering of statistics by using the Graph toolbar as discussed in “Using the Graph Toolbar” on page 277. Abbreviation Description InReceives Total of all IPX packets the SSR received. This includes packets that have errors. InDelivers IPX packets that were destined for the SSR and were successfully delivered.
  • Page 276 The following table describes the abbreviations used in the legend located at the bottom of the graph. You can control the graph's appearance and pause or resume the gathering of statistics by using the Graph toolbar as discussed in “Using the Graph Toolbar”...
  • Page 277 A toolbar is located at the top of each port-statistics graph. Use this toolbar to control a graph’s appearance and stop or start the gathering of statistics as summarized in the following figure:...
  • Page 279 CoreWatch lets you obtain tables that contain the following: • Information about which ports are associated with which VLANs and the type of module on which those ports are located. • Information about the ports on which STP is enabled. Obtain VLAN information to display information about which ports and modules are associated with the VLANs configured on an SSR.
  • Page 280 The following table describes the fields of the VLAN table’s upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables” on page 331.
  • Page 281 The following table describes the fields of the STP Port table’s upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables” on page 331.
  • Page 282 Field Description State Indicates whether or not the port is functioning. If the port is functioning, this field identifies the port's state as one of the following: • Blocking – signifies the SSR is not accepting any incoming frames except STP BPDUs. •...
  • Page 283 CoreWatch can display tables that include the following routing data: • Details about IP, IPX, OSPF, RIP, DVMRP, and IGMP interfaces. • Information about the routing of IP and IPX packets the SSR forwarded. • Information about OSPF areas, neighboring routers, and link-state advertisements. •...
  • Page 284 Obtain IP interface information to display details about the ports and addresses of each IP interface of an SSR. To access such information, do one of the following: – In the Front Panel view, select the Monitor menu, choose Routing State, choose IP State, and then choose IP Interface Table.
  • Page 285 Field Description Broadcast IP Address Identifies the destination address the interface uses when sending broadcast packets. Port ID Identifies the number of the port the interface uses. Module ID Identifies the slot number of the interface’s port. VLAN Name Indicates which VLAN is associated with the interface. Obtain IP forwarding information to display information about the routes used by the IP interfaces configured on an SSR.
  • Page 286 The following table describes the fields of the IP Forwarding table's upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables”...
  • Page 287 • Details about the packets sent from each IPX interface including information which WAN router an interface uses. • Routing information of an SSR’s IPX interfaces. This includes a list of each IPX destination and provides details about the routes IPX interfaces use to reach those destinations.
  • Page 288 upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables” on page 331. Field Description IPX Identifier Indicates which instance of IPX the interface is using. Index Indicates the number IPX uses to identify the interface. Exist State Indicates whether the interface is valid.
  • Page 289 Field Description Uncompressed Tx Indicates how many packets were sent without being compressed even though compression was turned on for the interface. Compressed Rx Indicates how many compressed packets were received. Compressed Init Rx Indicates how many compression initialization packets were received.
  • Page 290 An IPX Forwarding table similar to the following appears: The following table describes the fields of the IPX Forwarding table's upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables”...
  • Page 291 CoreWatch can display the following information for OSPF routes that can be configured through CLI commands: • The OSPF interfaces configured on an SSR. • The areas that the SSR can communicate with. • The neighboring routers of an SSR. •...
  • Page 292 The following table describes the fields of the OSPF Interface table's upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables”...
  • Page 293 Field Description Priority Indicates the interface's priority. In multi-access networks, this field is used in the designated router election algorithm. The value 0 signifies that the router is not eligible to become the designated router on this particular network. In the event of a tie in this value, routers use their router ID as a tie breaker.
  • Page 294 Field Description Backup Designated Lists the IP address of the backup designated router. Router Number of Events Indicates how many times the SPF interface has changed its state or that an error has occurred. Authentication Key Identifies the interface's authentication key. If the value of the Authentication Type field is simple, the key size is restricted to 8 bytes.
  • Page 295 Obtain OSPF area information if you want details about the configuration and cumulative statistics of the SSR's attached areas. To access such information: If you are not in the Front Panel view, switch to it by clicking the CoreWatch main window.
  • Page 296 Field Description Area Border Routers Indicates how many area border routers are reachable within the area. The value of this field is initially zero (0), and is calculated in each SPF run. Autonomous Sys. Indicates how many autonomous system border routers are Bdr Routers reachable within the area.
  • Page 297 An OSPF Neighbor table similar to the following appears: The following table describes the fields of the OSPF Neighbor table's upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables”...
  • Page 298 Field Description State Indicates the state of the relationship with the neighbor. Nbr. Events Indicates how many times the neighbor relationship has changed state or an error has occurred. Retransmission Q Indicates the current length of the retransmission queue. Length Status Indicates the status of the entry.
  • Page 299 The following table describes the fields of the OSPF Link State DB table's upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables”...
  • Page 300 Field Description Sequence Indicates the sequence number of the link-state advertisement. This field is used to detect old and duplicate link state advertisements. The larger the number the more recent the link-state advertisement. LS Age Indicates how old the link-state advertisement is. The value in this field is given in seconds.
  • Page 301 The following table describes the fields of the OSPF Area Aggregate table's upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables” on page 331.
  • Page 302 CoreWatch can display information about the following: • RIP interfaces configured on an SSR. This includes details about how many packets were discarded on each interface, how many route entries of valid RIP packets were ignored on each interface, how many RIP updates were sent on the interface, and whether a RIP interface is functioning.
  • Page 303 The following table describes the fields of the RIP Interface table's upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables”...
  • Page 304 A RIP Peer table similar to the following appears: The following table describes the fields of the RIP Peer table's upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables”...
  • Page 305 CoreWatch can display information about the following: • The DVMRP interfaces configured on an SSR. This includes details about the configuration of DVMRP interfaces, whether a DVMRP interface is functioning, how many packets were discarded on each interface, and how many route entries of valid DVMRP packets were ignored.
  • Page 306 The following table describes the fields of the DVMRP Interface table's upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables”...
  • Page 307 Obtain DVMRP Neighbor information if you want to examine details about DVMRP neighboring routers. This includes information about the length of time those routers have been neighbors to the SSR, the capabilities of those routers, and the traffic the SSR receives from those neighbors.
  • Page 308 the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables” on page 331. Field Description Index Identifies the value of the virtual interface index used to reach the neighbor. Address Identifies the IP address of the neighbor. Up Time Indicates how long ago the DVMRP neighbor last became a neighbor to the SSR.
  • Page 309 Obtain DVMRP routing information if you want details about the multicast routes DVMRP uses instead of unicast routes. This routing information includes such things as the identity of a route's source and upstream neighbor, the route's hop count, and an indication of how long ago the SSR learned of the route.
  • Page 310: Obtaining Dvmrp Next Hop Information

    the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables” on page 331. Field Description Source IP Address Indicates the network address of the source for which the table entry contains multicast routing information. This address is combined with a source's network mask to identify that source.
  • Page 311 The following table describes the fields of the DVMRP Next Hop table's upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables”...
  • Page 312 Obtain IGMP Interface information if you want to learn on which interfaces IGMP is enabled or examine details about the IGMP configuration of those interfaces. To access such information, do one of the following: • In the Front Panel view, select the Monitor menu, choose Routing State, choose IGMP State, and then choose IGMP Interface Table.
  • Page 313 upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables” on page 331. Field Description Index Identifies an IP interface on which IGMP is enabled. Query Interval Indicates how often the SSR sends IGMP Host-Query packets on the interface.
  • Page 314 Field Description Joins Indicates how many times a group membership has been added on the interface. By examining this field, you can determine the amount of IGMP activity over time. Groups Indicates how many groups are on the interface. Robustness Indicates the expected packet loss on a subnet.
  • Page 315 The following table describes the fields of the IGMP Cache table's upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables”...
  • Page 317 Examining Quality of Service (QoS) information in tables, you can identify historical trends. You can obtain the following QoS information in CoreWatch: • Details about QoS priorities of Layer-3/ Layer-4 flows. • Information about the routing of any Layer-2, Layer-3, or Layer-4 data sent to a port rather than being sent to the Control Module for further processing.
  • Page 318 The following table describes the fields of the L2 Priority table's upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables”...
  • Page 319 Obtain flow priority information if you want to examine the QoS priorities of Layer-3 and Layer-4 flows. CoreWatch indicates a flow's priority and provides information about the fields for which that priority applies. To access such information: If you are not currently in the Front Panel view, switch to it by clicking the CoreWatch main window.
  • Page 320 upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables” on page 331. Field Description Flow Name Identifies which flow is assigned the traffic priority shown in the IP flow's Priority field. Priority Indicates the traffic priority assigned to the flow. The value of this field will be control, high, medium, or low.
  • Page 321 Obtain Layer-2 switching information to examine details about the routing of Layer-2 data sent directly to a port rather than being sent to the Control Module for further processing. To access this information: In the Front Panel view, select the Monitor menu, choose QoS State, and then choose L2 Flows.
  • Page 322 Field Description VLAN ID Identifies the VLAN that is combined with a MAC address to uniquely identify the entry. The same MAC address may be learned on different VLANs. MAC addresses are combined with VLAN names to create unique identifiers for each entry. Dest.
  • Page 323 Do the following to restrict the amount of data CoreWatch receives from Layer 3 and Layer 4: – To include an item and not limit which values are accepted for that item, leave its box blank. This is the default for each item. –...
  • Page 324 The following table describes the fields of the Flow table's upper frame. The Selection Details frame displays information about the item currently selected in the upper frame. For details on using the Table toolbar, see Appendix A: “Working with Tables” on page 331.
  • Page 325 If you experience problems while using the SSR, you may want to obtain information from the SSR boot log as discussed in this chapter. The boot log is a file that contains the messages the SSR sends when it is starting up. Obtain the SSR boot log information to look at the messages the SSR sends when starting up.
  • Page 327 While monitoring an SSR, you may want to keep a record of the information found in the SSR boot log or any CoreWatch table. You may keep such records by saving the boot log or CoreWatch table information to a CoreWatch report, which is an HTML file. This chapter discusses obtaining reports that include boot log information or data from multiple CoreWatch tables.
  • Page 328 In the Please select reports list, select one or more items that you want the report to include. If you want the report to include information from the boot log and all CoreWatch tables, click the Select All button. If you make selections and then decide you do not want to select any of those tables, click the Unselect All button.
  • Page 329 While monitoring an SSR, you may want to keep a record of the information found in a CoreWatch table. You may do so by saving the table’s data to a CoreWatch report, which is an HTML file. To save the information of one CoreWatch table to a report: Open the table that you want to include in the report.
  • Page 331 You can perform the following operations in any CoreWatch table: • Find text in a table • Control the contents of tables • Refresh table information • Restore table information • Obtain additional records • Save a table as a report •...
  • Page 332 You can control which fields are included in a CoreWatch table and also limit which values are displayed in each of the table's fields. To control the contents of a CoreWatch table: Click the Filter button on the Table toolbar. The table's filter form appears.
  • Page 333 Select one of the options discussed in the following table: Select If the table is to include items matching All the selection criteria specified in each of the form's text boxes and check boxes. Any of the selection criteria specified in each of the form's text boxes and check boxes.
  • Page 334 Open the table that you want to include in the report. Click the Report button on the Table toolbar. The Save As dialog box appears. Enter a name for the report in the File Name box. If necessary, browse to the folder in which you want to save the report.
  • Page 335 This appendix describes the following CoreWatch menus that are located at the top of the CoreWatch main window. Use the commands available on these menus to perform tasks in CoreWatch. • File • Monitor • Window • Help The CoreWatch File menu includes the commands described in the following table: Command Description Open Schematic View...
  • Page 336 Command Description Properties Lets you change CoreWatch properties. Cabletron Systems has configured the CoreWatch properties to their optimal settings. Changing some of these properties may affect system performance. SSR name or IP address Opens the CoreWatch main window for the SSR represented by the name or IP address you select.
  • Page 337 Utilization Summary commands directly from the Performance submenu, but you choose the other commands from another submenu. Submenu Command Description System Dashboard Lets you select and then display the dials that permit you to monitor incoming and outgoing data. Port Utilization Displays information that indicates the status of Summary each SSR port and identifies the percentage of...
  • Page 338 If you select the Monitor menu and then choose System State, a submenu that includes the following commands appears: Command Description Chassis Table Displays information about which modules are installed in the SSR, the slot number of each module, and the number of ports on each module.
  • Page 339 If you select the Monitor menu and then choose Routing State, the Routing State submenu appears. That submenu provides access to the additional submenus listed in the following table. The table describes the commands available on these additional submenus. Submenu Command Description IP State...
  • Page 340 Submenu Command Description RIP Peer Table Displays information about RIP peers. DVMRP DVMRP Interface Table Displays information about the State configuration of an SSR's DVMRP interfaces, whether those interfaces are functioning, how many packets were discarded on those interfaces, and how many route entries of valid DVMRP packets the SSR ignored.
  • Page 341 Submenu Command Description IGMP State IGMP Interface Table Displays information about the configuration of the interfaces on which IGMP is enabled. IGMP Cache Table Displays information about the multicast groups of IGMP interfaces. If you select the Monitor menu and then choose QoS State, a submenu that includes the following commands appears: Command Description...
  • Page 342 The CoreWatch Window menu includes the commands described in the following table: Command Description Tile Horizontally Arranges all open windows in rows so that you can view them all at the same time. Tile Vertically Arranges all open windows in columns so that you can view them all at the same time.
  • Page 343 Submenu Command Description Frequently Asked Provides technical support for some Questions issues or concerns that you may have while using CoreWatch. Technical Support Displays information about how to contact Cabletron Systems technical support. Send Feedback Displays a form that you may use to let Cabletron Systems know what you think about its products.
  • Page 345 The Open Shortest Path Routing (OSPF) protocol is a link-state protocol. It is an Interior Gateway Protocol (IGP) that distributes routing information between routers in a single autonomous system. OSPF chooses the least cost path as the best path. In a link-state protocol, each router maintains a database describing the entire autonomous-system topology, which it builds out of the collected link-state advertisements of all routers.
  • Page 346 comparable to OSPF metrics. In this case, only the internal OSPF cost to the autonomous system border router is used in the routing decision. From the topology database, each router constructs a tree of the shortest paths with itself as the root. This shortest-path tree gives the route to each destination in the autonomous system.
  • Page 347 When controlling the contents of a CoreWatch table, you may find it useful to enter a regular expression that CoreWatch will use as a wildcard. CoreWatch will then filter entries in the table based on the specified regular expression. CoreWatch supports the following Perl5 regular expressions: •...
  • Page 348 • The following atoms: – Regular expression within parentheses – A . matches everything except \n – Character classes [such as (abcd) and ranges (such as (a-z)] You may include special backslashed characters within a character class (except for back-references and boundaries). To represent a backspace in a character class enter \b –...
  • Page 349 Character Description Matches the corresponding control character \nn or \nnn Octal representation of character unless a back-reference. \1, \2, \3, A back-reference, which matches whatever the first, second, third, and and so on so on parenthesized group matched. If there is no corresponding group, the number is interpreted as an octal representation of a character.
  • Page 350 • CoreWatch also supports all of the Perl5 extended regular expressions, which are described in the following table: Expression Description (?#text) An embedded comment that you enter if you want text to be ignored. (?:regexp) Groups items such as “()” without causing the group match to be saved.
  • Page 351 This appendix describes error messages you may encounter while using CoreWatch and Configuration Expert. This appendix also includes possible solutions to the errors. The error messages are presented alphabetically within the following categories: • Missing or invalid field error messages •...
  • Page 355 The following error messages are generated when you attempt to create or modify names of objects that conflict with another existing object. To resolve any of the following error messages, provide a unique name of that object to continue. The following error messages indicate that an object is either in use or already exists. To resolve any of the following error messages, either use another object to continue or re- examine the existing configuration to ensure consistency.
  • Page 357 Existing DVMRP interfaces may have used up existing IP addresses. Try to assign a new IP address to configure a new DVMPR interface. Existing IGMP interfaces may have used up all existing IP addresses. Try to assign a new IP address to configure a new DVMPR interface. No ACL is available which is required for this operation to complete.
  • Page 358 This error message is generally indicative of some network problem or other error that puts CoreWatch in the wrong state. CoreWatch sometimes displays this message if you try to log in and the SSR did not clean up an earlier session because it was busy. Normally, however, this should not occur.
  • Page 359 The selected object is being referenced by other objects and requires you to first delete these references before attempting to delete the object to ensure consistency. Eliminate the references. Otherwise, the configuration will be inconsistent and result in unknown behavior. Indicates you do not have permission to write to a file.
  • Page 360 Try exporting the table data again. In configuring QoS Global Queuing Discipline, which uses the weighted fair queuing method, the total bandwidth reservation for each of the priority levels (control, high, medium and low) should add up to 100 percent. Adjust the priority levels so they add up to 100 percent.
  • Page 361 Enter the correct password. If you are changing the CoreWatch Login password, enter the one you were prompted for when you last started CoreWatch. If you are changing the Privileged password, enter the one that currently provides access to Configuration Expert. Different passwords were entered in the New Password and the New Password Re-entry text boxes of the Change Login Password form or Change Privileged Password form.
  • Page 362 The selected object could be referenced by other configuration objects and requires you to first delete all the references before attempting to delete the object to ensure consistency. Eliminate the references. Otherwise, the configuration will be inconsistent and result in unknown behavior.
  • Page 363 List the SSR keeps to restrict Layer 3/4 traffic going through the router. Each ACL or each list consists of one or more rules describing a particular type of IP or IPX traffic. An ACL can be simple and consist of only one rule or complicated with many rules. Each rule tells the router to either permit or deny the packet that matches the rule’s packet description.
  • Page 364 A set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the autonomous system, and using an exterior gateway protocol to route packets to other autonomous systems. Since this classic definition was developed, it has become common for a single autonomous system to use several interior gateway protocols and sometimes several sets of metrics within an autonomous system.
  • Page 365 Network supporting two or more attached routers and is capable of addressing a single physical message to all of those routers. Neighboring routers are discovered dynamically on broadcast networks using OSPF’s Hello Protocol. The Hello Protocol takes advantage of the broadcast capability. The protocol also makes use of existing multicast capabilities.
  • Page 366 OSPF interface state that indicates the router itself is the designated router on the network to which the router is attached. OSPF interface state that indicates that the interface's router is neither the designated router nor the backup designated router. The interface's router forms adjacencies to both the designated router and the backup designated router (if applicable).
  • Page 367 Protocol that reports IP packet errors and provides other information about the processing of IP packets. Protocol IP hosts use to report their host group memberships to any multicast routers to which the IP hosts are connected. Packet an IGMP router sends to hosts to learn which hosts are available. Host queries help a router determine changes to host membership.
  • Page 368 Trait of a network likely to lose data when it becomes heavily loaded. Address of a port or computer that other devices use to locate those ports or computers. These addresses are also used to create and update routing tables. Network management information stored in a database.
  • Page 369 Network that supports two or more attached routers but does not have broadcast capability. OSPF is a link-state routing protocol that supports the distribution of routing information between routers belonging to a single autonomous system. A number from 1 to 65535. This number indicates how much a port is contributing to the total cost of the path to the root bridge when the port is the root port.
  • Page 370 • Define flows that act as templates for some IP and IPX packet fields. • Assign a precedence to the fields of the flows you define. • Establish queuing policies to specify how the SSR handles the different traffic priorities. Notes about the Internet that discuss a variety of topics regarding computing and computer communication.
  • Page 371 Cabletron Systems product that is capable of switching traffic at Layer-2, Layer-3, and Layer-4. The SSRs provide full-function routing at Gigabit speeds, pinpoint control over application usage, and can handle enterprise and ISP backbone traffic. Protocol that enables a bridge to create a spanning tree so that the bridge can dynamically work around loops.
  • Page 372 uses both the destination address and type of service fields in an IP header to choose a route. Packet sent to a single destination. The packet is going from one point to another point. Routing method in which a packet is sent to a single host. This differs from multicast routing in which individual packets are sent to many destinations.
  • Page 373 of SSR bridging 68–74 overriding default 69–70 About CoreWatch command 343 applying Access Control Lists. See ACLs ACLs 108, 113, 153, 158, 212–216 access modes 21 flows to interfaces 192 access ports 82 area aggregate information defining 83–85 OSPF 300–301 accessing area information online help 33...
  • Page 374: Checking Dvmrp Routing Status

    property sheet 83 DVMRP Next Hop Table 340 browser requirements 20 DVMRP Route Table 340 Error Statistics 337 byte statistics obtaining 266 Exit 336 Byte Statistics command 337 Frequently Asked Questions 343 Glossary 342 IGMP Cache Table 341 IGMP Interface Table 341 Cabletron Home Page command 343 IP Forwarding Table 339 Cabletron Web Site submenu 342...
  • Page 375 dragging objects 44–45 static-entry filters 222–226 finding objects of 45 the SSR 45–46 VLANs 81–100 icons 42 overview 35 contents pasting objects 44 controlling in tables 332 property sheets 42 Contents and Index command 342 starting 36–38 controlling contents tasks of 45–46 of tables 347–350 Toolbar 39, 43 copying...
  • Page 376 ARP entries 121–123 OSPF neighbor information 296–298 DVMRP tunnels 139–141 port information 256 RIP interface information 302–303 IP RIP interfaces 129–132 static route entries 123–125 RIP peer information 303–304 STP settings 75–76 STP Port information 280–282 trunk ports 83–85 VLAN information 279 deleting Distance Vector Multicast Routing Protocol.
  • Page 377 ports 55 dragging interfaces to 192 RIP 128 field of IPX 181 fields of IP 175 error messages 351–362 error statistics fields of Layer-2 186 obtaining 267, 272, 275 modifying list of interfaces 190–192 Error Statistics command 337 modifying port list of 192 errors redefining IP 187 listed in boot log 325...
  • Page 378 replacing VLANs on 97 Internet Group Management Protocol. See IGMP half-duplex 50 Internet Protocol. See IP hash mode 50, 52, 56 IP 101–103 help ACLs 196–200 accessing 33 addresses 102 Help menu 33, 336, 342 creating QoS profiles for 173–178 forwarding information 285 DVMRP information 310 obtaining error statistics 272...
  • Page 379: Obtaining Flow Priority Information

    obtaining error statistics 275 obtaining priority information 317 obtaining packet statistics 274 obtaining switching information 321–322 overview 147 setting filters on 216–233 QoS precedences 171 Layer-3/4 routing status 286–290 obtaining flow priority information 319–320 setting security on 200–205 obtaining switching information 322–324 IPX Error Statistics graph 275 Layer-3/4 flows IPX Forwarding table 290...
  • Page 380: Obtaining Boot Log Information

    IP interface statistics 269–273 port information 256 IPX interface statistics 273–276 port statistics 264, 268 reassembly statistics of IP 270 port utilization 262–264 real-time performance 259–277 reports 327–329 system performance 259–262 RIP interface information 302–303 MTU 106, 111, 116 RIP peer information 303–304 multicast routing 135–146 STP port information 280–282 table records 333...
  • Page 381 Packet Statistics command 337 obtaining byte statistics 266 passwords obtaining error statistics 267 obtaining information about 256, 280–282 Login 26, 27 pasting obtaining packet statistics 265 objects 44 overriding default aging 69–70 peer information priority 76 RIP 303–304 removing from VLANs 90, 94, 97, 98, 99 Performance submenu 336 trunk 82 Physical Attributes of Port...
  • Page 382 Policy Input Interface List 191 establishing 168 purpose of 42 quitting QoS L3/L4 Flow Priority 188 Configuration Expert 48 Queuing Discipline Configuration 168 CoreWatch 34 RIP Global Parameters 128 RIP Interface Definition 129 SAP Entry 164 RAM requirements 20 Set Aging Timeout 69 rate 141 Set STP Port Specific Settings 77 real-time performance...
  • Page 383: Sorting Table Information

    filters 200 using 31 global parameters 127, 129 secure port filters overview 125–127 combining with static entries 226 peer information 303–304 configuring 226–229 routing status 302–304 defined 216 setting up filters 205–208 security 195 RIP Global Parameters configuring 195–233 property sheet 128 modifying 229–233 RIP Interface Definition setting on IP networks 196–200...
  • Page 384: System State Submenu

    administrator 50 STP settings aging state 68–74 defining 75–76 STP Table command 338 and STP 74–80 and SYSLOG server 56–57 strict priority 168 bridging 63–80 submenus community strings 61–62 Bridging State 338 configuring for DVMRP 136–142 Cabletron Web Site 342 configuring for RIP 127–133 DVMRP State 340 location 50...
  • Page 385: Window Menu

    exporting data from 334 adding 132 finding text in 331 tunnels defining DVMRP 139–141 Flow 323 Flow Priority 319 disabling DVMRP on 141 IGMP Cache 314 DVMRP 139–142 IGMP Interface 312 enabling DVMRP on 141 IP Forwarding 285 IP Interface 284 IPX Forwarding 290 unicast routing 119–133 IPX Interface 287...
  • Page 386 starting CoreWatch 26 Windows NT CoreWatch requirements 20 installing CoreWatch 24 starting CoreWatch 26 wizards ARP 121 icon 42 IP Interface 104 IP interfaces 110 IP Security 196 IPX Interface 149, 155 IPX Security 200–212 L2 Security 217–229 purpose of 42 QoS 173, 183 VLAN 86, 90...

Table of Contents