1. Manuals
  2. Brands
  3. Cabletron Systems Manuals
  4. Network Router
  5. SmartSwitch Router
  6. User's reference manual

Cabletron Systems SmartSwitch Router User's Reference Manual

Hide thumbs Also See for SmartSwitch Router:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, User's Reference Manual
SmartSwitch Router
User Reference Manual
9032578-02

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SmartSwitch Router and is the answer not in the manual?

Questions and answers

Related Manuals for Cabletron Systems SmartSwitch Router

Summary of Contents for Cabletron Systems SmartSwitch Router

  • Page 1 SmartSwitch Router User Reference Manual 9032578-02...
  • Page 2 Notice SSR User Reference Manual...

  • Page 3: Fcc Notice

    Notice Notice Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made.
  • Page 4 Notice VCCI Notice This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions. DOC Notice This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications.

  • Page 5: Declaration Of Conformity

    Notice DECLARATION OF CONFORMITY ADDENDUM Application of Council Directive(s): 89/336/EEC 73/23/EEC Manufacturer’s Name: Cabletron Systems, Inc. Manufacturer’s Address: 35 Industrial Way PO Box 5005 Rochester, NH 03867 European Representative Name: Mr. J. Solari European Representative Address: Cabletron Systems Limited Nexus House, Newbury...
  • Page 6 Notice SSR User Reference Manual...

  • Page 7: Table Of Contents

    Configure the SSR CLI ....................30 Configure SNMP Services .....................31 Configure DNS ........................31 Monitoring Configuration ....................31 Chapter 2: Bridging Configuration Guide ..........33 Bridging Overview.........................33 Spanning Tree (IEEE 802.1d) ..................33 Bridging Modes (Flow-Based and Address-Based) ...........34 VLAN Overview ........................34 SmartSwitch Router User Reference Manual...
  • Page 8 Configure ARP Cache Entries ................48 Configure Proxy ARP..................... 48 Configure DNS Parameters ..................49 Configure IP Services (ICMP) ..................49 Configure IP Helper....................... 49 Configure Direct Broadcast ..................50 Monitor IP Parameters......................50 Configuration Examples....................... 51 SmartSwitch Router User Reference Manual...
  • Page 9 Notes on Using the AS Path Prepend Feature.............78 BGP Configuration Examples ....................78 BGP Peering Session Example ..................78 IBGP Configuration Example..................81 IBGP Routing Group Example................81 IBGP Internal Group Example................84 EBGP Multihop Configuration Example..............87 Community Attribute Example ..................90 SmartSwitch Router User Reference Manual...
  • Page 10 Export Policies ......................121 Creating an Export Destination.................. 123 Creating an Export Source ..................123 Import Policies......................123 Creating an Import Source..................124 Creating a Route Filter ....................124 Creating an Aggregate Route ..................124 SmartSwitch Router User Reference Manual...
  • Page 11 Chapter 9: IPX Routing Configuration Guide........151 IPX Routing Overview ......................151 RIP (Routing Information Protocol) ................151 SAP (Service Advertising Protocol) ................152 Configuring IPX RIP & SAP ....................153 IPX RIP..........................153 IPX SAP ..........................153 Creating IPX Interfaces ....................153 SmartSwitch Router User Reference Manual...
  • Page 12 Implicit Deny Rule ....................... 172 Applying ACLs to Interfaces..................173 Applying ACLs to Services..................174 ACL Logging ........................ 174 Maintaining ACLs Offline Using TFTP or RCP............175 Maintaining ACLs Using the ACL Editor ..............176 SmartSwitch Router User Reference Manual...
  • Page 13 Removing the Control Module ...................192 Installing the Control Module..................193 Hot Swapping a Switching Fabric Module (SSR 8600 only)..........193 Chapter 14: VRRP Configuration Guide..........195 VRRP Overview ........................195 Configuring VRRP .......................195 Basic VRRP Configuration...................196 Configuration of Router R1 ..................196 SmartSwitch Router User Reference Manual...
  • Page 14 Setting the Backup Priority.................. 204 Setting the Advertisement Interval ..............204 Setting Pre-empt Mode ..................204 Setting an Authentication Key ................205 Monitoring VRRP ........................ 205 ip-redundancy trace..................... 205 ip-redundancy show....................206 VRRP Configuration Notes....................206 SmartSwitch Router User Reference Manual...

  • Page 15: Preface

    Who Should Read This Manual? Read this manual if you are a network administrator responsible for configuring and monitoring the SSR. SmartSwitch Router User Reference Manual...

  • Page 16: How To Use This Manual

    Chapter 13 on page 189 Configure VRRP Chapter 14 on page 195 Related Documentation The Cabletron Systems documentation set includes the following items. Refer to these other documents to learn more about your product. For Information About See the Installing and setting up the SSR...

  • Page 17: Chapter 1: Smartswitch Router Product Overview

    Layer-3 (routing) and Layer-4 (application) switching. The hardware provides wire-speed performance regardless of the performance monitoring, filtering, and Quality of Service (QoS) features enabled by the software. You do not need to accept performance compromises to run QoS or access control lists (ACLs). SmartSwitch Router User Reference Manual...
  • Page 18 Layer-2 prioritization (802.1p) • Layer-3 source-destination flows • Layer-4 source-destination flows • Layer-4 application flows RMON • RMONv1/v2 for each port Management • SNMP • CoreWatch Element Manager (GUI) • Emacs-like Command Line Interface (CLI) SmartSwitch Router User Reference Manual...

  • Page 19: Supported Media (Encapsulation Type)

    • Exterior gateway protocol: – Border Gateway Protocol (BGP) Version 2,3,4 Chapter 6: “BGP Configuration Guide” on page 71 describes this protocol in detail. • Novell IPX routing protocols: – Routing Information Protocol (RIP) SmartSwitch Router User Reference Manual...

  • Page 20: Configuring The Cabletron Smartswitch Router

    Table 2. Common CLI key commands Key Sequence Command Ctrl+A Move cursor to beginning of line Ctrl+B Move cursor back one character Ctrl+D Delete character Ctrl+E Move cursor to end of line SmartSwitch Router User Reference Manual...

  • Page 21: Access Modes

    SmartSwitch Router’s configuration is changed accordingly. However, the changes are not written to the Startup configuration file in the Control Module’s boot flash and therefore are not reinstated after a reboot. SmartSwitch Router User Reference Manual...

  • Page 22: User Mode

    Enable mode provides more facilities than User mode. You can display critical features within Enable mode including router configuration, access control lists and SNMP statistics. To enter Enable mode, enter the enable command, then supply the password when prompted. SmartSwitch Router User Reference Manual...
  • Page 23 - Show SNMP related parameters. statistics - Show or clear SSR statistics - Show STP status system - Show system-wide parameters tacacs - Show TACACS related parameters traceroute - Traceroute utility vlan - Show VLAN-related parameters SmartSwitch Router User Reference Manual...

  • Page 24: Configure Mode

    - Configure Open Shortest Path Protocol (OSPF) port - Configure Port parameters - Configure Quality of Service parameters - Configure Routing Information Protocol (RIP) snmp - Configure SNMP related parameters. - Configure STP parameters system - Configure system-wide parameters SmartSwitch Router User Reference Manual...

  • Page 25: Boot Prom Mode

    (PROM) mode. You should then reboot the SSR at the boot PROM to restart the system. If the system fails to reboot successfully, please call Cabletron Systems Technical Support to resolve the problem. To reboot the SSR from the ROM monitor mode, enter the following command.

  • Page 26: Boot And System Image

    Here is an example: ctron-ssr-1# system show version Software Information Software Version : 1.0 Copyright : Copyright (c) 1996-1998 Cabletron Systems, Inc. Image Information : Version 1.0, built on Fri Mar 20 19:28:49 1998 Image Boot Location: file:/pc-flash/boot/ssr8/ SmartSwitch Router User Reference Manual...

  • Page 27: Loading Boot Prom Software

    The SSR boots using the boot PROM software installed on the Control Module’s internal memory. To upgrade the boot PROM software and boot using the upgraded image, use the following procedure. Display the current boot settings by entering the system show version command: SmartSwitch Router User Reference Manual...

  • Page 28: Activate The Configuration Commands In The Scratchpad

    Here is an example: ctron-ssr-1# system show version Software Information Software Version : 1.0 Copyright : Copyright (c) 1996-1998 Cabletron Systems, Inc. Image Information : Version 1.0.B.13, built on Wed Mar 25 22:49:07 1998 Image Boot Location: file:/pc-flash/boot/ssr8/ Boot Prom Version : prom-1.0...

  • Page 29: Copy The Configuration To The Startup Configuration File

    The SSR contains numerous system facilities for system management. You can perform configuration management tasks on the SSR including: • Setting the SSR name • Setting the SSR date and time • Configuring the CLI • Configuring SNMP services SmartSwitch Router User Reference Manual...

  • Page 30: Set Ssr Name

    You can customize the CLI display format to a desired line length or row count. To configure the CLI terminal display, enter the following command in Enable mode: Configure the CLI terminal display. <num> cli set terminal rows columns <num> SmartSwitch Router User Reference Manual...

  • Page 31: Configure Snmp Services

    Display history buffer. cli show history Show terminal settings. cli show terminal Show all accesses to the SNMP agent. snmp show access Show all SNMP information. snmp show all Show chassis ID. snmp show chassis-id SmartSwitch Router User Reference Manual...
  • Page 32 SSR. Show the default terminal settings (number of system show terminal rows, number of columns, and baud rate. Show SSR uptime. system show uptime Show the software version running on the system show version SSR. SmartSwitch Router User Reference Manual...

  • Page 33: Chapter 2: Bridging Configuration Guide

    Spanning Tree (IEEE 802.1d) Spanning tree (IEEE 802.1d) allows bridges to dynamically discover a subset of the topology that is loop-free. In addition, the loop-free tree that is discovered contains paths to every LAN segment. SmartSwitch Router User Reference Manual...

  • Page 34: Bridging Modes (Flow-Based And Address-Based)

    VLAN to which it belongs. This reduces the broadcast traffic on a network by an appreciable factor. The type of VLAN depends upon one criterion: how a received frame is classified as belonging to a particular VLAN. VLANs can be categorized into the following types: • Port based SmartSwitch Router User Reference Manual...

  • Page 35: Port-Based Vlans

    To do this, the switch must look into the network layer header of the incoming frame. This type of VLAN behaves similar to a router by segregating different subnets into different broadcast domains. SmartSwitch Router User Reference Manual...

  • Page 36: Multicast-Based Vlans

    The SSR can also be used purely as a router, i.e., each physical port of the SSR is a separate routing interface. Packets received at any interface are routed and not bridged. In this case, no VLAN configuration is required. Note that VLANs are still created implicitly by SmartSwitch Router User Reference Manual...

  • Page 37: Ports, Vlans, And L3 Interfaces

    VLAN to which they belong. Untagged frames are classified as belonging to a particular VLAN based on the protocol of the frame and the VLAN configured on the receiving port for that protocol. SmartSwitch Router User Reference Manual...

  • Page 38: Explicit And Implicit Vlans

    For example, the following illustration shows an SSR with traffic being sent from port A to port B, port B to port A, port B to port C, and port A to port C. SmartSwitch Router User Reference Manual...

  • Page 39: Configuring Spanning Tree

    The SSR supports only one spanning tree process per SSR. By default, spanning tree is disabled on the SSR. To enable spanning tree on the SSR, you perform the following task on the ports where you want spanning tree enabled. SmartSwitch Router User Reference Manual...

  • Page 40: Adjust Spanning-Tree Parameters

    You can set a priority for an interface. When two bridges tie for position as the root bridge, you configure an interface priority to break the tie. The bridge with the lowest interface value is elected. SmartSwitch Router User Reference Manual...

  • Page 41: Assign Port Costs

    To change the default interval setting, enter the following command in Configure mode: Set the default of the forward delay <num> stp set bridging forward-delay interval. SmartSwitch Router User Reference Manual...

  • Page 42: Define The Maximum Age

    VLAN id per trunk between two SSRs. These VLAN ids extend the VLAN broadcast domain to more than one SSR. To configure a VLAN trunk, perform the following command in the Configure mode. Configure 802.1Q VLAN trunks. <port-type> <port-list> vlan make SmartSwitch Router User Reference Manual...

  • Page 43: Configure Bridging For Non-Ip/Ipx Protocols

    The SSR provides display of bridging statistics and configurations contained in the SSR. To display bridging information, enter the following commands in Enable mode. Show IP routing table. ip show routes Show all MAC addresses currently l2-tables show all-macs in the l2 tables. SmartSwitch Router User Reference Manual...

  • Page 44: Configuration Examples

    You can associate all the ports containing the clients and servers to an IP VLAN called ‘BLUE’. First, create an IP VLAN named ‘BLUE’ ssr(config)# vlan create BLUE ip Next, assign ports to the ‘BLUE’ VLAN. ssr(config)# vlan add ports et.1.(1-8), gi.1.(1-2) to BLUE SmartSwitch Router User Reference Manual...

  • Page 45: Chapter 3: Ip Routing Configuration Guide

    UDP are responsible for ensuring successful data transfer by employing error handling, retransmission and sequencing techniques. TCP and UDP also specify “ports,” which identify the application which is using TCP/UDP. For example, a web server would typically use TCP/UDP port 80, which specifies HTTP-type traffic. SmartSwitch Router User Reference Manual...

  • Page 46: Ip Routing Protocols

    Distance Vector Multicast Routing Protocol (DVMRP) RFC 1075 • Internet Group Management Protocol (IGMP) as described in RFC 2236 The SSR also supports the latest DVMRP Version 3.0 draft specification, which includes mtrace, Generation ID and Pruning/Grafting. SmartSwitch Router User Reference Manual...

  • Page 47: Configuring Ip Interfaces And Parameters

    The SmartSwitch Router supports two encapsulation types for IP. You can configure encapsulation type on a per-interface basis. • Ethernet II: The standard ARPA Ethernet Version 2.0 encapsulation, which uses a 16- bit protocol type code (the default encapsulation method) SmartSwitch Router User Reference Manual...

  • Page 48: Configure Address Resolution Protocol

    ARP reply packet containing the SSR MAC address. Proxy ARP is enabled by default on the SSR. To disable proxy ARP, enter the following command in Configure mode: Disable Proxy ARP on <InterfaceName> ip disable-proxy-arp interface |all an interface. SmartSwitch Router User Reference Manual...

  • Page 49: Configure Dns Parameters

    By default, if no UDP port number is specified, the SSR will forward UDP broadcast packets for the following six services: • BOOTP/DHCP (port 67 and 68) • DNS (port 37) • NetBIOS Name Server (port 137) SmartSwitch Router User Reference Manual...

  • Page 50: Configure Direct Broadcast

    Show IP interface configuration interface show ip Show all TCP/UDP connections ip show connections [no-lookup] and services. <interface-name> Show configuration of IP interfaces. ip show interfaces [ Show IP routing table information. ip show routes SmartSwitch Router User Reference Manual...

  • Page 51: Configuration Examples

    You can also assign an IP or IPX interface directly to a physical port. For example, to assign an IP interface ‘RED’ to physical port et.3.4, perform the following: ssr(config)# interface create ip RED address-netmask 10.50.0.0/255.255.0.0 port et.3.4 SmartSwitch Router User Reference Manual...
  • Page 52 Chapter 3: IP Routing Configuration Guide SmartSwitch Router User Reference Manual...

  • Page 53: Chapter 4: Rip Configuration Guide

    By default, RIP is disabled on the SSR and on each of the attached interfaces. To configure RIP on the SSR, follow these steps: Start the RIP process by entering the rip start command. Use the rip add interface command to inform RIP about the attached interfaces. SmartSwitch Router User Reference Manual...

  • Page 54: Enabling And Disabling Rip

    RIP Parameter Default Value Version number RIP v1 Check-zero for RIP reserved parameters Enabled Whether RIP packets should be broadcast Choose Preference for RIP routes Metric for incoming routes Metric for outgoing routes SmartSwitch Router User Reference Manual...

  • Page 55: Configure Rip Route Preference

    Configure RIP Route Preference You can set the preference of routes learned from RIP. To configure RIP route preference, enter the following command in Configure mode. Set the preference of routes learned from RIP. <num> rip set preference SmartSwitch Router User Reference Manual...

  • Page 56: Configure Rip Route Default-Metric

    Show detailed information of all request rip trace request receive received by the router. Show detailed information of all response rip trace response receive received by the router. SmartSwitch Router User Reference Manual...

  • Page 57: Configuration Example

    2 rip start ! Set authentication method to md5 rip set interface ssr1-if1 authentication-method md5 Change default metric-in rip set interface ssr1-if1 metric-in 2 ! Change default metric-out rip set interface ssr1-if1 metric-out 3 SmartSwitch Router User Reference Manual...
  • Page 58 Chapter 4: RIP Configuration Guide SmartSwitch Router User Reference Manual...

  • Page 59: Chapter 5: Ospf Configuration Guide

    OSPF. OSPF routes can be redistributed into RIP or BGP • Interface Parameters: Parameters that can be configured include interface output cost, retransmission interval, interface transmit delay, router priority, router dead and hello intervals, and authentication key SmartSwitch Router User Reference Manual...

  • Page 60: Ospf Multipath

    Create virtual links, if necessary. Enable OSPF OSPF is disabled by default on the SSR. To enable or disable OSPF, enter one of the following commands in Configure mode. Enable OSPF. ospf start Disable OSPF. ospf stop SmartSwitch Router User Reference Manual...

  • Page 61: Configure Ospf Interface Parameters

    <name-or-IPaddr> ospf set interface |all hello packets on an OSPF interface. <num> hello-interval Configure the retransmission interval <name-or-IPaddr> ospf set interface |all between link state advertisements for <num> retransmit-interval adjacencies belonging to an OSPF interface. SmartSwitch Router User Reference Manual...

  • Page 62: Configure An Ospf Area

    To create areas and assign interfaces, enter the following commands in the Configure mode. Create an OSPF area. <area-num> ospf create area |backbone Add an interface to an OSPF area. <name-or-IPaddr> ospf add interface <area-addr> [to-area |backbone] [type broadcast|non-broadcast] SmartSwitch Router User Reference Manual...

  • Page 63: Configure Ospf Area Parameters

    To connect an area via a transit area to the backbone • To create a redundant backbone connection via another area Each Area Border Router must be configured with the same virtual link. Note that virtual links cannot be configured through a stub area. SmartSwitch Router User Reference Manual...

  • Page 64: Configure Autonomous System External (Ase) Link Advertisements

    Advertisements (LSAs). LSAs are limited to initial advertisements and any subsequent changes. Periodic LSAs over NBMA circuits are suppressed. To configure OSPF over WAN circuits, enter the following command in Configure mode: Configure OSPF over a WAN <hostname-or-IPaddr> ospf add nbma-neighbor circuit. <name-or-IPaddr> to-interface [eligible] SmartSwitch Router User Reference Manual...

  • Page 65: Monitoring Ospf

    Show information about OSPF export ospf show export-policies policies. Shows routes redistributed into OSPF. ospf show exported-routes Show all OSPF global parameters. ospf show globals Show information about OSPF import ospf show import-policies policies. SmartSwitch Router User Reference Manual...

  • Page 66: Ospf Configuration Examples

    160.1.5.0/24 gateway 120.1.1.2 !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! OSPF Box Level Configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ospf start ospf create area 140.1.0.0 ospf create area backbone ospf set ase-defaults cost 4 !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! OSPF Interface Configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ospf add interface 140.1.1.1 to-area 140.1.0.0 SmartSwitch Router User Reference Manual...

  • Page 67: Exporting All Interface & Static Routes To Ospf

    We would like to redistribute these RIP routes as OSPF type-2 routes, and associate the tag 100 with them. Router R1 would also like to redistribute its static routes as type 2 OSPF routes. The interface routes would redistributed as type 1 OSPF routes. SmartSwitch Router User Reference Manual...
  • Page 68 Create the Export-Policy for redistributing all interface, RIP and static routes into OSPF. ip-router policy export destination ospfExpDstType1 source directExpSrc network all ip-router policy export destination ospfExpDstType2 source statExpSrc network all ip-router policy export destination ospfExpDstType2t100 source ripExpSrc network all SmartSwitch Router User Reference Manual...
  • Page 69 SmartSwitch Router User Reference Manual...
  • Page 70 Figure 1. Exporting to OSPF 140.1.5/24 140.1.1.2/24 A r e a 140.1.0.0 140.1.4/24 A r e a B a c k b o n e 150.20.3.1/16 140.1.1.1/24 130.1.1.1/16 140.1.3.1/24 140.1.2.1/24 190.1.1.1/16 130.1.1.3/16 150.20.3.2/16 120.190.1.1/16 A r e a 150.20.0.0 120.190.1.2/16 202.1.2.2/16 160.1.5.2/24 160.1.5.2/24...

  • Page 71: Chapter 6: Bgp Configuration Guide

    AS topologies. BGP also provides the ability to create and enforce policies at the AS level, such as selectively determining which AS routes are to be accepted or what routes are to be advertised to BGP peers. SmartSwitch Router User Reference Manual...

  • Page 72: The Ssr Bgp Implementation

    Setting the autonomous system number • Setting the router ID • Creating a BGP peer group • Adding a BGP peer host • Starting BGP • Using AS path regular expressions • Using AS path prepend SmartSwitch Router User Reference Manual...

  • Page 73: Setting The Autonomous System Number

    A BGP peer group is a group of neighbor routers that have the same update policies. To configure a BGP peer group, enter the following command in Configure mode: Configure a BGP peer group bgp create peer-group <number-or-string> type external|internal|igp|routing [autonomous-system <number>] [proto any|rip|ospf|static] [interface <interface-name-or-ipaddr> |all] SmartSwitch Router User Reference Manual...
  • Page 74 <name-or-IPaddr> | all Interfaces whose routes are carried via the IGP for which third-party next hops may be used instead. Use only for type Routing group. Specify the interface or all for all interfaces. SmartSwitch Router User Reference Manual...

  • Page 75: Adding A Bgp Peer

    An AS-path operator is one of the following: aspath_term {m,n} A regular expression followed by {m,n} (where m and n are both non-negative integers and m <= n) means at least m and at most n repetitions. SmartSwitch Router User Reference Manual...

  • Page 76: As-Path Regular Expression Examples

    AS-Path Regular Expression Examples To import MCI routes with a preference of 165: ip-router policy create bgp-import-source mciRoutes aspath-regular- expression "(.* 3561 .*)" origin any sequence-number 10 ip-router policy import source mciRoutes network all preference 165 SmartSwitch Router User Reference Manual...

  • Page 77: Using The As Path Prepend Feature

    # insert two instances of the AS when advertising the route to this peer bgp set peer-host 194.178.244.33 group nlnet as-count 2 # insert three instances of the AS when advertising the route to this # peer bgp set peer-host 194.109.86.5 group webnet as-count 3 SmartSwitch Router User Reference Manual...

  • Page 78: Notes On Using The As Path Prepend Feature

    The router process used for a specific BGP peering session is known as a BGP speaker. A single router can have several BGP speakers. Successful BGP peering depends on the establishment of a neighbor relationship between BGP speakers. The first step in creating SmartSwitch Router User Reference Manual...
  • Page 79 BGP peer and the TCP connection is closed. Figure 2 illustrates a sample BGP peering session. AS-1 AS-2 SSR1 SSR2 10.0.0.1/16 10.0.0.2/16 Legend: Physical Link Peering Relationship Figure 2. Sample BGP Peering Session SmartSwitch Router User Reference Manual...
  • Page 80 The CLI configuration for router SSR2 is as follows: interface create ip et.1.1 address-netmask 10.0.0.2/16 port et.1.1 ip-router global set autonomous-system 2 ip-router global set router-id 10.0.0.2 bgp create peer-group pg2w1 type external autonomous-system 1 bgp add peer-host 10.0.0.1 group pg2w1 bgp start SmartSwitch Router User Reference Manual...

  • Page 81: Ibgp Configuration Example

    This implementation comes closest to the IBGP implementation of other router vendors. You should use the IBGP Routing group as the mechanism to configure the SSR for IBGP. If the peers are directly connected, then IBGP using group-type Internal can also be used. SmartSwitch Router User Reference Manual...
  • Page 82 BGP configuration that uses the Routing group type. AS-64801 10.12.1.1/30 10.12.1.6/30 Cisco lo0 172.23.1.25/30 OSPF 10.12.1.5/30 10.12.1.2/30 SSR4 SSR1 IBGP 172.23.1.10/30 172.23.1.5/30 lo0 172.23.1.26/30 SSR6 172.23.1.6/30 172.23.1.9/30 Figure 3. Sample IBGP Configuration (Routing Group Type) SmartSwitch Router User Reference Manual...
  • Page 83 172.23.1.25 group ibgp1 # Set our local address. This line is necessary because we want CISCO to # peer with our loopback bgp set peer-group ibgp1 local-address 172.23.1.26 # Start BGP bgp start SmartSwitch Router User Reference Manual...

  • Page 84: Ibgp Internal Group Example

    The IBGP Internal group expects all peers to be directly attached to a shared subnet so that, like external peers, the next hops received in BGP advertisements may be used directly for forwarding. All Internal group peers should be L2 adjacent. SmartSwitch Router User Reference Manual...
  • Page 85 The CLI configuration for router SSR1 is as follows: ip-router global set autonomous-system 1 bgp create peer-group int-ibgp-1 type internal autonomous-system 1 bgp add peer-host 16.122.128.2 group int-ibgp-1 bgp add peer-host 16.122.128.8 group int-ibgp-1 bgp add peer-host 16.122.128.9 group int-ibgp-1 SmartSwitch Router User Reference Manual...
  • Page 86 The gated.conf file for router SSR2 is as follows: autonomoussystem 1 ; routerid 16.122.128.2 ; bgp yes { traceoptions aspath detail packets detail open detail update ; group type internal peeras 1 peer 16.122.128.1 peer 16.122.128.8 peer 16.122.128.9 SmartSwitch Router User Reference Manual...

  • Page 87: Ebgp Multihop Configuration Example

    Such neighbors are logically, but not physically connected. For example, BGP can be run between external neighbors across non-BGP routers. Some additional configuration is required to indicate that the external peers are not physically attached. SmartSwitch Router User Reference Manual...
  • Page 88 ! Specify the gateway option, which indicates EBGP multihop. Set the ! gateway option to the address of the router that has a route to the ! peer. bgp set peer-host 18.122.128.2 gateway 16.122.128.3 group ebgp_multihop SmartSwitch Router User Reference Manual...
  • Page 89 18.122.0.0 masklen 16 gateway 17.122.128.4 The CLI configuration for router SSR3 is as follows: interface create ip to-yago3 address-netmask 17.122.128.4/16 port et.4.2 interface create ip to-yago2 address-netmask 18.122.128.4/16 port et.4.4 ip add route 16.122.0.0/16 gateway 17.122.128.3 SmartSwitch Router User Reference Manual...

  • Page 90: Community Attribute Example

    Figure 5 shows a BGP configuration where the specific community attribute is used. Figure 6 shows a BGP configuration where the well-known community attribute is used. SmartSwitch Router User Reference Manual...
  • Page 91 Chapter 6: BGP Configuration Guide AS-64901 AS-64902 ISP2 ISP1 172.25.1.1/16 172.25.1.2/16 172.26.1.2/16 192.168.20.2/16 AS-64900 AS-64899 192.168.20.1/16 172.26.1.1/16 10.200.14.1/24 100.200.12.1/24 192.169.20.1/16 192.169.20.2/16 10.200.15.1/24 100.200.13.1/24 Legend: Physical Link Peering Relationship Information Flow Figure 5. Sample BGP Configuration (Specific Community) SmartSwitch Router User Reference Manual...
  • Page 92 For this reason, it is generally desirable to order import clauses from most to least specific. An import clause without an optional- attributes-list option will match any update with any (or no) communities. SmartSwitch Router User Reference Manual...
  • Page 93 901color1 network all preference 160 ip-router policy import source 901color2 network all preference 155 ip-router policy import source 901color3 network all preference 160 ip-router policy import source 901color4 network all preference 155 SmartSwitch Router User Reference Manual...
  • Page 94 In an Export Statement: The optional-attributes-list option of the ip-router policy create bgp-export-destination command may be used to send the BGP community attribute. Any communities specified with the optional-attributes-list option are sent in addition to any received in the route or specified with the group. SmartSwitch Router User Reference Manual...
  • Page 95 899to900dest source 899toanydir network all ip-router policy export destination 899to902dest source 899toanydir network all Any communities specified with the optional-attributes-list option are sent in addition to any received with the route or associated with a BGP export destination. SmartSwitch Router User Reference Manual...
  • Page 96 Well-known-community none This is not actually a community, but rather a keyword that specifies that a received BGP update is only to be matched if no communities are present. It has no effect when originating communities. SmartSwitch Router User Reference Manual...

  • Page 97: Notes On Using Communities

    Local_Pref values that are greater than 254. When operating a mixed network of this type, you should make sure that all routers are restricted to sending Local_Pref values in the range metric to 254. SmartSwitch Router User Reference Manual...
  • Page 98 AS-64900 SSR10 SSR11 192.169.20.1/16 192.169.20.2/16 192.168.20.1/16 172.28.1.1/16 EBGP EBGP AS-64901 192.168.20.2/16 172.28.1.2/16 SSR12 SSR13 172.25.1.1/16 172.25.1.2/16 172.26.1.1/16 172.27.1.1/16 172.26.1.2/16 172.27.1.2/16 SSR14 Legend: Physical Link Peering Relationship Information Flow Figure 7. Sample BGP Configuration (Local_Pref Attribute) SmartSwitch Router User Reference Manual...

  • Page 99: Notes On Using The Local_Pref Attribute

    BGP speakers within the same AS. The MED attribute is never propagated to other BGP speakers in neighboring autonomous systems. Figure 8 shows a sample BGP configuration where the MED attribute has been used. SmartSwitch Router User Reference Manual...
  • Page 100 # Set the MED to be announced to peer group pg752to751 bgp set peer-group pg752to751 metric-out 20 Router SSR6 has the following CLI configuration: bgp create peer-group pg752to751 type external autonomous-system 64751 bgp add peer-host 10.200.12.15 group pg752to751 bgp set peer-group pg752to751 metric-out 10 SmartSwitch Router User Reference Manual...

  • Page 101: Ebgp Aggregation Example

    # Create an aggregate route for 212.19.192.0/19 with all its subnets as # contributing routes ip-router policy summarize route 212.19.192.0/19 ip-router policy redistribute from-proto aggregate to-proto bgp target- as 64901 network 212.19.192.0/19 ip-router policy redistribute from-proto direct to-proto bgp target-as 64901 network all restrict SmartSwitch Router User Reference Manual...

  • Page 102: Route Reflection Example

    All peers of the route reflector that are not part of the cluster are non-clients. The SSR supports client peers as well as non-client peers of a route reflector. SmartSwitch Router User Reference Manual...
  • Page 103 SSR11 is the route reflector for the second cluster. Router SSR10 has router SSR9 as a client peer and router SSR11 as a non-client peer. The following line in router SSR10’s configuration file causes it to be a route reflector. bgp set peer-group SSR9 reflector-client SmartSwitch Router User Reference Manual...
  • Page 104 Gateway Owner Netif ----------- ------- ----- ----- 10.50.0.0/16 directly connected 127.0.0.0/8 127.0.0.1 Static 127.0.0.1 127.0.0.1 172.16.20.0/24 192.68.20.1 mls1 172.16.30.0/24 192.68.20.1 mls1 172.16.90.0/24 192.68.20.1 mls1 192.68.11.0/24 192.68.20.1 mls1 192.68.20.0/24 directly connected mls1 192.68.222.0/24 directly connected mls0 SmartSwitch Router User Reference Manual...

  • Page 105: Notes On Using Route Reflection

    To accomplish this, routers SSR10 and SSR11 have the following line in their configuration files: ip-router policy redistribute from-proto bgp source-as 64901 to- proto bgp target-as 64901 • If the cluster ID is changed, all BGP sessions with reflector clients will be dropped and restarted. SmartSwitch Router User Reference Manual...
  • Page 106 Chapter 6: BGP Configuration Guide SmartSwitch Router User Reference Manual...

  • Page 107: Chapter 7: Routing Policy Configuration Guide

    The SSR also provides the ability to create advanced and simple routing policies. Simple routing policies provide a quick route redistribution between various routing protocols (RIP and OSPF). Advanced routing policies provide more control over route redistribution. SmartSwitch Router User Reference Manual...

  • Page 108: Preference

    RIP routes rip set preference Point-to-point interface Routes to interfaces that are ip-router global set interface down-preference down Aggregate/generate routes aggr-gen OSPF AS external routes ospf set ase-defaults preference BGP routes bgp set preference SmartSwitch Router User Reference Manual...

  • Page 109: Import Policies

    Due to the nature of OSPF, only the importation of ASE routes may be controlled. OSPF intra-and inter-area routes are always imported into the routing table with a preference of 10. If a tag is specified with the import policy, routes with the specified tag will only be imported. SmartSwitch Router User Reference Manual...

  • Page 110: Route-Filter

    The metric, type, tag, and AS-Path are a few examples of attributes associated with the exported routes. Export-Source This component specifies the source of the exported routes. It can also specify the metric to be associated with the routes exported from this source. SmartSwitch Router User Reference Manual...

  • Page 111: Route-Filter

    The action taken when no match is found is dependent on the context. For instance, a route that does match any of the route-filters associated with the specified import or export policies is rejected. SmartSwitch Router User Reference Manual...

  • Page 112: Aggregates And Generates

    It is used, for example, at an autonomous system border to generate a route to a network to be advertised via BGP given the presence of one or more subnets of that network learned via OSPF. The routing process does not perform any aggregation unless explicitly requested. SmartSwitch Router User Reference Manual...

  • Page 113: Aggregate-Destination

    Tag associated with a route. Both OSPF and RIP version 2 currently support tags. All other protocols have a tag of zero. In some cases, a combination of the associated attributes can be specified to identify the routes contributing to an aggregate. SmartSwitch Router User Reference Manual...

  • Page 114: Route-Filter

    In addition, a sequence number is maintained to prevent the replay of older packets. This method provides a much stronger assurance that routing data originated from a router with a valid authentication key. SmartSwitch Router User Reference Manual...

  • Page 115: Authentication Keys And Key Management

    Export Policies. The general syntax of the redistribute command is as follows: ip-router policy redistribute from-proto <protocol> to-proto <protocol> [network <ipAddr- mask> [exact|refines|between <low-high>]] [metric <number>|restrict] [source-as <number>] [target-as <number>] SmartSwitch Router User Reference Manual...

  • Page 116: Redistributing Static Routes

    To redistribute direct routes, enter one of the following commands in Configure mode: To redistribute direct routes ip-router policy redistribute from-proto direct to-proto rip network all into RIP. To redistribute direct routes ip-router policy redistribute from-proto direct to-proto ospf network all into OSPF. SmartSwitch Router User Reference Manual...

  • Page 117: Redistributing Rip Into Rip

    The aggregate parameter causes an aggregate route with the specified IP address and subnet mask to be redistributed. Note: The aggregate route must first be created using the aggr-gen command. This command creates a specified aggregate route for routes that match the aggregate. SmartSwitch Router User Reference Manual...

  • Page 118: Simple Route Redistribution Examples

    135.3.2.0/24 gateway 130.1.1.3 ip add route 135.3.3.0/24 gateway 130.1.1.3 !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Configure default routes to the other subnets reachable through R2. !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ip add route 202.1.0.0/16 gateway 120.190.1.2 ip add route 160.1.5.0/24 gateway 120.190.1.2 SmartSwitch Router User Reference Manual...

  • Page 119: Exporting A Given Static Route To All Rip Interfaces

    Example 2: Redistribution into OSPF For all examples given in this section, refer to the configurations shown in Figure 12 on page 131. The following configuration commands for router R1: • Determine the IP address for each interface SmartSwitch Router User Reference Manual...

  • Page 120: Exporting All Interface & Static Routes To Ospf

    OSPF, we have not specified this parameter. Export all RIP, Interface & Static Routes to OSPF Note: Also export interface, static, RIP, OSPF, and OSPF-ASE routes into RIP. SmartSwitch Router User Reference Manual...

  • Page 121: Configure Advanced Routing Policies

    Path are a few examples of attributes associated with the exported routes. • Export Sources - This component specifies the source of the exported routes. It can also specify the metric to be associated with the routes exported from this source. The SmartSwitch Router User Reference Manual...
  • Page 122 The <filter-id>, if specified, is the identifer of the route-filter associated with this export- policy. If there is more than one route-filter for any export-destination and export-source combination, then the ip-router policy export destination <exp-dest-id> source <exp-src-id> command should be repeated for each <filter-id>. SmartSwitch Router User Reference Manual...

  • Page 123: Creating An Export Destination

    It you do not have complex filter requirements, then use the second method. After you create one or more building blocks, they are tied together by the iprouter policy import command. SmartSwitch Router User Reference Manual...

  • Page 124: Creating An Import Source

    Route aggregation is a method of generating a more general route, given the presence of a specific route. The routing process does not perform any aggregation unless explicitly requested. Aggregate-routes can be constructed from one or more of the following building blocks: SmartSwitch Router User Reference Manual...
  • Page 125 The <filter-id> is the identifer of the route-filter associated with this aggregate. If there is more than one route-filter for any aggregate-destination and aggregate-source combination, then the ip-router policy aggr-gen destination <aggr-dest-id> source <aggr- src-id> command should be repeated for each <filter-id>. SmartSwitch Router User Reference Manual...

  • Page 126: Creating An Aggregate Destination

    RIP does not support the use of preference to choose between routes of the same protocol. That is left to the protocol metrics. For all examples in this section, refer to the configuration shown in Figure 11 on page 127. SmartSwitch Router User Reference Manual...
  • Page 127 Chapter 7: Routing Policy Configuration Guide RIP V2 The following configuration commands for router R1 • Determine the IP address for each interface. • Specify the static routes configured on the router. • Determine its RIP configuration. SmartSwitch Router User Reference Manual...

  • Page 128: Importing A Selected Subset Of Routes From One Rip Trusted Gateway

    Router R1 has several RIP peers. Router R41 has an interface on the network 10.51.0.0. By default, router R41 advertises network 10.51.0.0/16 in its RIP updates. Router R1 would like to import all routes except the 10.51.0.0/16 route from its peer R41. SmartSwitch Router User Reference Manual...

  • Page 129: Importing A Selected Subset Of Routes From All Rip Peers Accessible Over A Certain Interface

    Due to the nature of OSPF, only the importation of ASE routes may be controlled. OSPF intra-and inter-area routes are always imported into the SSR routing table with a preference of 10. If a tag is specified, the import clause will only apply to routes with the specified tag. SmartSwitch Router User Reference Manual...
  • Page 130 That is done by the OSPF costs. Routes that are rejected by policy are stored in the table with a negative preference. For all examples in this section, refer to the configuration shown in Figure 12 on page 131. SmartSwitch Router User Reference Manual...
  • Page 131 Figure 12: Exporting to OSPF 140.1.5/24 140.1.1.2/24 A r e a 140.1.0.0 140.1.4/24 A r e a B a c k b o n e 150.20.3.1/16 140.1.1.1/24 130.1.1.1/16 140.1.3.1/24 140.1.2.1/24 190.1.1.1/16 130.1.1.3/16 150.20.3.2/16 120.190.1.1/16 A r e a 150.20.0.0 120.190.1.2/16 202.1.2.2/16 160.1.5.2/24 160.1.5.2/24...

  • Page 132: Importing A Selected Subset Of Ospf-Ase Routes

    100 Create the Import-Policy importing all OSPF ASE routes with a tag of 100 except the default ASE route. ip-router policy import source ospfImpSrct100 network all ip-router policy import source ospfImpSrct100 network default restrict SmartSwitch Router User Reference Manual...

  • Page 133: Examples Of Export Policies

    170.1.1.1/16 port et.1.7 !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Configure a default route through 170.1.1.7 !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ip add route default gateway 170.1.1.7 !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Configure default routes to the 135.3.0.0 subnets reachable through ! R3. SmartSwitch Router User Reference Manual...

  • Page 134: Exporting A Given Static Route To All Rip Interfaces

    Since we would also like to export/redistribute RIP and direct routes into RIP, we would also create export-sources for those protocols. Create a RIP export source since we would like to export RIP routes. ip-router policy create rip-export-source ripExpSrc SmartSwitch Router User Reference Manual...

  • Page 135: Exporting A Given Static Route To A Specific Rip Interface

    Create the Export-Policy redistributing the statically created default route, and all (RIP, Direct) routes into RIP. ip-router policy export destination ripExpDst141 source statExpSrc network default ip-router policy export destination ripExpDst141 source ripExpSrc network all ip-router policy export destination ripExpDst141 source directExpSrc network all SmartSwitch Router User Reference Manual...

  • Page 136: Exporting All Static Routes Reachable Over A Given Interface To A Specific Rip-Interface

    140.1.1.0/24 and 140.1.2.0/24 networks to router R3. RIP Version 1 does not carry any information about subnet masks in its packets. Thus it would not be possible to announce the subnets (140.1.1.0/24 and 140.1.2.0/24) into RIP Version 1 without aggregating them. SmartSwitch Router User Reference Manual...
  • Page 137 Create a RIP export source since we would like to export RIP routes. ip-router policy create rip-export-source ripExpSrc Create a Direct export source since we would like to export Direct routes. ip-router policy create direct-export-source directExpSrc SmartSwitch Router User Reference Manual...

  • Page 138: Example 2: Exporting To Ospf

    For all examples in this section, refer to the configuration shown in Figure 12 on page 131. The following configuration commands for router R1: • Determine the IP address for each interface • Specify the static routes configured on the router • Determine its OSPF configuration SmartSwitch Router User Reference Manual...

  • Page 139: Exporting All Interface & Static Routes To Ospf

    OSPF as type 2 OSPF-ASE routes. ip-router policy create ospf-export-destination ospfExpDstType2 type 2 metric 4 Create a Static export source since we would like to export static routes. ip-router policy create static-export-source statExpSrc SmartSwitch Router User Reference Manual...

  • Page 140: Exporting All Rip, Interface & Static Routes To Ospf

    Create a OSPF export destination for type-2 routes. ip-router policy create ospf-export-destination ospfExpDstType2 type 2 metric 4 Create a OSPF export destination for type-2 routes with a tag of 100. ip-router policy create ospf-export-destination ospfExpDstType2t100 type 2 tag 100 metric 4 SmartSwitch Router User Reference Manual...
  • Page 141 Create a RIP export destination. ip-router policy create rip-export-destination ripExpDst 10. Create OSPF export source. ip-router policy create ospf-export-source ospfExpSrc type OSPF 11. Create OSPF-ASE export source. ip-router policy create ospf-export-source ospfAseExpSrc type OSPF-ASE SmartSwitch Router User Reference Manual...
  • Page 142 SmartSwitch Router User Reference Manual...

  • Page 143: Chapter 8: Multicast Routing Configuration Guide

    (VLANs) can be configured with the same IP interface on the SSR, IGMP keeps track of multicast host members on a per-port basis. Ports belonging to an IP VLAN without any IGMP membership will not be forwarded any multicast traffic. SmartSwitch Router User Reference Manual...

  • Page 144: Dvmrp Overview

    Tunnel traffic is not optimized on a per-port basis, and it goes to all ports on an interface, even though IGMP keeps per-port membership information. This is done to minimize CPU overload for tunneled traffic. SmartSwitch Router User Reference Manual...

  • Page 145: Configure Igmp

    You can configure the SSR with a wait time for IGMP Host Membership responses which is different from the default. The wait time you set then applies to all ports on the SSR. The default response time is 10 seconds. SmartSwitch Router User Reference Manual...

  • Page 146: Configure Per-Interface Control Of Igmp Membership

    DVMRP on interfaces and then setting DVMRP parameters on the interfaces on which DVMRP is disabled. • Defining DVMRP tunnels, which IP uses to send multicast traffic between two end points. Starting and Stopping DVMRP DVMRP is disabled by default on the SSR. SmartSwitch Router User Reference Manual...

  • Page 147: Configure Dvmrp On An Interface

    You can configure the DVMRP routing metric associated with a set of destinations for DVMRP reports. The default metric is 1. To configure the DVMRP routing metric, enter the following command in Configure mode: Configure the DVMRP routing dvmrp set interface <ip-addr> metric <number> metric. SmartSwitch Router User Reference Manual...

  • Page 148: Configure Dvmrp Ttl & Scope

    Internet). You can configure a DVMRP tunnel on a router if the other end is running DVMRP. The SSR then sends and receives multicast packets over the tunnel. Tunnels are CPU-intensive; they are not switched directly through the SSR’s multitasking ASICs. SmartSwitch Router User Reference Manual...

  • Page 149: Monitor Igmp & Dvmrp

    Show all IGMP timers. igmp show timers Show information about multicasts l2-tables show igmp-mcast-registration registered by IGMP. Show IGMP status on a VLAN. l2-tables show vlan-igmp-status Show all multicast Source, Group mulitcast show cache entries. SmartSwitch Router User Reference Manual...

  • Page 150: Configuration Examples

    10.135.89.10 dvmrp enable interface 172.1.1.10 dvmrp enable interface 207.135.122.11 dvmrp enable interface 207.135.89.64 dvmrp enable interface 10.40.1.10 ! Set DVMRP parameters dvmrp set interface 172.1.1.10 neighbor-timeout 200 ! Start DVMRP dvmrp start SmartSwitch Router User Reference Manual...

  • Page 151: Chapter 9: Ipx Routing Configuration Guide

    IPX routers use RIP to create and dynamically maintain a database of internetwork routing information. RIP allows a router to exchange routing information with a neighboring router. As a router becomes aware of any change in the internetwork layout, SmartSwitch Router User Reference Manual...

  • Page 152: Sap (Service Advertising Protocol)

    Router’s request for the names and addresses of either all or certain type of servers • Response to workstation or router’s request • Periodic broadcast to make sure all other routers are aware of the internetwork configuration • Perform broadcasting whenever they detect a change in the internetwork configurations SmartSwitch Router User Reference Manual...

  • Page 153: Configuring Ipx Rip & Sap

    The IPX address is a 12-byte number divided into three parts. The first part is the 4-byte (8-character) IPX external network number. The second part is the 6-byte (12-character) node number. The third part is the 2-byte (4-character) socket number. SmartSwitch Router User Reference Manual...

  • Page 154: Configuring Ipx Interfaces And Parameters

    802.3 SNAP: SNAP IEEE 802.3 encapsulation, in which the type code becomes the frame length for the IEEE 802.2 LLC encapsulation (destination and source Service Access Points, and a control byte) • 802.3: 802.3 encapsulation method used within Novell IPX environments SmartSwitch Router User Reference Manual...

  • Page 155: Configure Ipx Routing

    IPX. However, you can add static RIP routes to RIP routing table to explicitly specify a route. To add a static RIP route, enter the following command in Configure mode: Add a static RIP route. <networkaddr> ipx add route <nextrouter or network node> <metric> <ticks> SmartSwitch Router User Reference Manual...

  • Page 156: Configure Static Sap Table Entries

    Once an IPX access control list has been created, you must apply the access control list to an IPX interface. To apply an IPX access control list, enter the following command in Configure mode: Apply an IPX access control list. l <name> <Interface Name> apply interface input|output [logging [on|off]] SmartSwitch Router User Reference Manual...

  • Page 157: Create An Ipx Type 20 Access Control List

    Once an IPX GNS access control list has been created, you must apply the access control list to an IPX interface. To apply an IPX GNS access control list, enter the following command in Configure mode: Apply an IPX GNS access control list. <name> apply interface <InterfaceName> output [logging [on|off]] SmartSwitch Router User Reference Manual...

  • Page 158: Create An Ipx Rip Access Control List

    Show IPX RIP/SAP table summary ipx show tables summary Configuration Examples This example performs the following configuration: • Creates IPX interfaces • Adds static RIP routes • Adds static SAP entries7.pdf.zip • Adds a RIP access list SmartSwitch Router User Reference Manual...
  • Page 159 !IPX type 20 access list acl 300 deny ipxtype20 !IPX type 20 inbound filter to interface ipx2 acl 300 apply interface ipx2 input !GNS Access List acl 300 deny ipxgns A.01:03:05:07:02:03 0004 FILESERVER2 acl 200 apply interface ipx2 output SmartSwitch Router User Reference Manual...
  • Page 160 Chapter 9: IPX Routing Configuration Guide SmartSwitch Router User Reference Manual...

  • Page 161: Chapter 10: Security Configuration Guide

    Perform access control to services provided on the SSR, for example, Telnet server and HTTP server. Note: Currently, Source Filtering is available on Cabletron Systems WAN cards, however application must take place on the entire WAN card. SmartSwitch Router User Reference Manual...

  • Page 162: Configuring Ssr Access Security

    TACACS server responds to the SSR TACACS client to provide authentication. You can configure up to five TACACS server targets on the SSR. A timeout is set to tell the SSR how long to wait for a response from TACACS servers. SmartSwitch Router User Reference Manual...

  • Page 163: Monitor Tacacs

    TACACS Plus server reply. Determine the SSR action if no tacacs-plus set last-resort password|succeed server responds. Enable TACACS Plus. tacacs-plus enable Monitor TACACS Plus You can monitor TACACS Plus configuration and statistics within the SSR. SmartSwitch Router User Reference Manual...

  • Page 164: Configure Passwords

    A secure filter shuts down access to the SSR based on MAC addresses. All packets received by a port are dropped. When combined with static entries, however, these filters can be used to drop all received traffic but allow some frames to go through. SmartSwitch Router User Reference Manual...

  • Page 165: Configuring Layer-2 Address Filters

    To configure Layer-2 port address lock filters, enter the following commands in Configure mode: Configure a port address lock filter. filters add port-address-lock name <name> <MACaddr> source-mac vlan <VLAN-num> <port-list> in-port-list SmartSwitch Router User Reference Manual...

  • Page 166: Configuring Layer-2 Static Entry Filters

    MAC address to go through • Combine a destination secure port with a destination static entry to drop all received traffic but allow any frame destined to specific destination MAC address go through SmartSwitch Router User Reference Manual...

  • Page 167: Monitor Layer-2 Security Filters

    <port-list> <VLAN-num> [ports ] [vlan <MACaddr> [source-mac Show secure port filters. filters show secure-port Show static entry filters. filters show static-entry [all-source|all-destination|all-flow] <port-list> <VLAN-num> ports vlan <MACaddr> <MACaddr> [source-mac dest-mac SmartSwitch Router User Reference Manual...

  • Page 168: Layer-2 Filter Examples

    Static Entries Example Source static entry: The consultant is only allowed to access the engineering file servers on port et.1.2. filters add static-entry name consultant source-mac 001122:334455 vlan 1 in-port-list et.1.1 out-port-list et.1.2 restriction allow SmartSwitch Router User Reference Manual...

  • Page 169: Port-To-Address Lock Examples

    To allow ONLY the engineering manager access to the engineering servers, you must "punch" a hole through the secure-port wall. A "source static-entry" overrides a "source secure port". filters add static-entry name eng-mgr source-mac 080060:123456 vlan 1 in-port-list et.1.1 out-port-list et.1.2 restriction allow SmartSwitch Router User Reference Manual...

  • Page 170: Layer-3 Access Control Lists (Acls)

    TCP can use socket port numbers while IPX can use a network node address to define a rule. For IP, TCP and UDP ACLs, the following fields can be specified: • Source IP address • Destination IP address • Source port number • Destination port number SmartSwitch Router User Reference Manual...

  • Page 171: Ordering Of Acl Rules

    Nor is there precedence attached to each field. The router simply goes down the list, one rule at a time until there is a match. Consequently, rules that are more specific (i.e. with more details) should always be listed SmartSwitch Router User Reference Manual...

  • Page 172: Implicit Deny Rule

    With the implicit deny rule, this ACL actually has three rules: acl 101 permit ip 1.2.3.4/24 any any any acl 101 permit ip 4.3.2.1/24 any nntp any acl 101 deny any any any any any SmartSwitch Router User Reference Manual...

  • Page 173: Applying Acls To Interfaces

    However, this restriction does not prevent you from specifying many rules in an ACL. You just have to put all of these rules into one ACL and apply it to an interface. SmartSwitch Router User Reference Manual...

  • Page 174: Applying Acls To Services

    This can get worse if the console is connected at a low baud rate, for example, 1200 baud. Furthermore, if a Syslog server is configured then a Syslog packet must also be sent to the Syslog server, SmartSwitch Router User Reference Manual...

  • Page 175: Maintaining Acls Offline Using Tftp Or Rcp

    If the administrator needs to re-order or modify the ACL rules, one must make the changes in the acl.changes file on the remote host, download the changes and make them effective again. SmartSwitch Router User Reference Manual...

  • Page 176: Maintaining Acls Using The Acl Editor

    Defining an IP ACL To define an IP ACL, perform the following in the Configure mode: Define an IP ACL. <name> permit|deny ip|tcp|udp|icmp|igmp <srcaddr/mask> |any <dstaddr/mask> |any Note: Additional fields depend on the protocol type you select. SmartSwitch Router User Reference Manual...

  • Page 177: Defining An Ipx Acl

    Show all ACLs. acl show all Show a specific ACL. <Name> acl show aclname | all Show an ACL on a specific interface. <Name> acl show interface Show ACLs on all IP interfaces. acl show interface all-ip SmartSwitch Router User Reference Manual...
  • Page 178 Chapter 10: Security Configuration Guide Show ACLs on all IPX interfaces. acl show interface all-ipx Show static entry filters. acl show service SmartSwitch Router User Reference Manual...

  • Page 179: Chapter 11: Qos Configuration Guide

    For Layer-2 traffic, you can define a flow based on the MAC packet headers. • The MAC fields are source MAC address, destination MAC address and VLAN IDs. A list of incoming ports can also be specified SmartSwitch Router User Reference Manual...

  • Page 180: Precedence For Layer-3 Flows

    – distributes priority throughput among the four priorities (control, high, medium, and low) based on percentages. The SSR can use only one queuing policy at a time. The policy is used on the entire SSR. The default queuing policy is strict priority. SmartSwitch Router User Reference Manual...

  • Page 181: Configure Layer-2 Qos

    A QoS policy set on an IP or IPX flow allows you to classify the priority of traffic based on: SmartSwitch Router User Reference Manual...

  • Page 182: Configuring Ip Qos Policies

    Configuring IPX QoS Policies To configure an IPX QoS policy, perform the following tasks: Identify the Layer-3 or 4 flow and set the IPX QoS policy. Specify the precedence for the fields within an IPX flow. SmartSwitch Router User Reference Manual...

  • Page 183: Setting An Ipx Qos Policy

    SSR. To allocate bandwidth for each SSR queue, enter the following command in Configure mode: <percentage> Allocate bandwidth for a qos set weighted-fair control <percentage> <percentage> high medium weighted-fair queuing policy. <percentage> SmartSwitch Router User Reference Manual...

  • Page 184: Monitoring Qos

    To display QoS information, enter the following command in Enable mode: Show all IP QoS flows qos show ip Show all IPX QoS flows. qos show ipx Show all Layer-2 QoS flows. qos show l2 all-destination all-flow <port-list> <vlanID> ports vlan source-mac <MACaddr> <MACaddr> dest-mac SmartSwitch Router User Reference Manual...

  • Page 185: Chapter 12: Performance Monitoring Guide

    RMON/RMON2 and can be displayed by using the statistics show command in the CLI. In addition to the monitoring commands listed, you can find more monitoring commands listed in each chapter of the SmartSwitch Router User Reference Manual. To access statistics on the SSR, enter the following commands in Enable mode: Show DVMRP routes.
  • Page 186 Show RMON statistics. statistics show rmon Show traffic summary statistics. statistics show summary-stats Show TCP statistics. statistics show tcp Show UDP statistics. statistics show udp Show TACACS server statistics. tacacs show stats Show all VLANs. vlan list SmartSwitch Router User Reference Manual...

  • Page 187: Configuring The Ssr For Port Mirroring

    <port list> port Note: Port Mirroring is available for WAN ports, however, you cannot configure Port Mirroring on a port-by-port basis. (You can only configure Port Mirroring for the entire WAN card). SmartSwitch Router User Reference Manual...
  • Page 188 Chapter 12: Performance Monitoring Guide SmartSwitch Router User Reference Manual...

  • Page 189: Chapter 13: Hot Swapping Line Cards And Control Modules

    Hot Swapping Line Cards The procedure for hot swapping a line card consists of deactivating the line card, removing it from its slot in the SSR chassis, and installing a new line card in the slot. SmartSwitch Router User Reference Manual...

  • Page 190: Deactivating The Line Card

    For example, to reactivate a line card in slot 7, enter the following command in Enable mode: ctron-ssr-1# system hotswap in slot 7 Removing the Line Card To remove a line card from the SSR: Make sure the Offline LED on the line card is lit. SmartSwitch Router User Reference Manual...

  • Page 191: Installing A New Line Card

    If you have a secondary control module installed on the SSR, you can hot swap it with another Control Module or line card. Note: You can only hot swap an inactive Control Module. You should never remove the active Control Module from the SSR. Doing so will crash the system. SmartSwitch Router User Reference Manual...

  • Page 192: Deactivating The Control Module

    Make sure that none of the LEDs on the Control Module are lit. Loosen the captive screws on each side of the Control Module. Carefully remove the Control Module from its slot in the SSR chassis. SmartSwitch Router User Reference Manual...

  • Page 193: Installing The Control Module

    SSR, and insert another Switching Fabric Module in the slot. Note: You cannot deactivate the Switching Fabric Module with the system hotswap command. To deactivate the Switching Fabric Module: Press the Hot Swap button on the Switching Fabric Module you want to deactivate. SmartSwitch Router User Reference Manual...
  • Page 194 Make sure the circuit card (and not the metal plate) is between the card guides. Check both the upper and lower tracks. Tighten the captive screws on each side of the Switching Fabric Module to secure it to the chassis. SmartSwitch Router User Reference Manual...

  • Page 195: Chapter 14: Vrrp Configuration Guide

    Configuring VRRP This section presents three sample VRRP configurations: • A basic VRRP configuration with one virtual router • A symmetrical VRRP configuration with two virtual routers • A multi-backup VRRP configuration with three virtual routers SmartSwitch Router User Reference Manual...

  • Page 196: Basic Vrrp Configuration

    Line 1 adds IP address 10.0.0.1/16 to interface test, making Router R1 the owner of this IP address. Line 2 creates virtual router on interface test. Line 3 associates IP address VRID=1 10.0.0.1/16 with virtual router . Line 4 starts VRRP on interface test. VRID=1 SmartSwitch Router User Reference Manual...

  • Page 197: Configuration For Router R2

    This configuration allows you to load-balance traffic coming from the hosts on the 10.0.0.0/16 subnet and provides a redundant path to either virtual router. Note: This is the recommended configuration on a network using VRRP. SmartSwitch Router User Reference Manual...

  • Page 198: Configuration Of Router R1

    7: ip-redundancy start vrrp 2 interface test Router R1 is the owner of IP address 10.0.0.1/16. Line 4 associates this IP address with virtual router , so Router R1 is the Master for virtual router VRID=1 VRID=1 SmartSwitch Router User Reference Manual...

  • Page 199: Configuration Of Router R2

    In a VRRP configuration where more than one router is backing up a Master, you can specify which Backup router takes over when the Master goes down by setting the priority for the Backup routers. SmartSwitch Router User Reference Manual...
  • Page 200 Router R3 is the secondary Backup for virtual routers . It would VRID=1 VRID=2 become a Master router only if both Routers R1 and R2 should fail. In such a case, Router R3 would become the Master for all three virtual routers. SmartSwitch Router User Reference Manual...

  • Page 201: Configuration Of Router R1

    200. If no other routers in the VRRP VRID=2 VRID=3 configuration have a higher priority, Router R1 will take over as Master for virtual routers , should Router R2 or R3 go down. VRID=2 VRID=3 SmartSwitch Router User Reference Manual...

  • Page 202: Configuration Of Router R2

    The following table shows the priorities for each virtual router configured on Router R2. Virtual Router Default Priority Configured Priority – IP address=10.0.0.1/16 200 (see line 8) VRID=1 – IP address=10.0.0.2/16 255 (address owner) 255 (address owner) VRID=2 – IP address=10.0.0.3/16 100 (see line 9) VRID=3 SmartSwitch Router User Reference Manual...

  • Page 203: Configuration Of Router R3

    Since 100 is the default priority, lines 8 and 9, which set the priority to 100, are actually unnecessary. They are included for illustration purposes only. Additional Configuration This section covers settings you can modify in a VRRP configuration, including backup priority, advertisement interval, pre-empt mode, and authentication key. SmartSwitch Router User Reference Manual...

  • Page 204: Setting The Backup Priority

    <interface> preempt-mode disabled virtual router. Note: If the IP address owner is available, then it will always take over as the Master, regardless of whether pre-empt mode is on or off. SmartSwitch Router User Reference Manual...

  • Page 205: Setting An Authentication Key

    Backup to Master. (Enabled by default.) Display a message when a ip-redundancy trace vrrp packet-errors enabled VRRP packet error is detected. (Enabled by default.) Enable all VRRP tracing. ip-redundancy trace vrrp all enabled SmartSwitch Router User Reference Manual...

  • Page 206: Ip-Redundancy Show

    • If a Master router is manually rebooted, or if its interface is manually brought down, it will send a special keep-alive advertisement that lets the Backup routers that a new Master is needed immediately. SmartSwitch Router User Reference Manual...
  • Page 207 SNMP requests directed at the virtual router's IP address. Not responding allows network management to notice that the original Master router (i.e., the IP address owner) is down. SmartSwitch Router User Reference Manual...

Table of Contents