Download Print this page

Alcatel-Lucent OmniAccess 5510 Cli Configuration Manual

Alcatel-Lucent OmniAccess 5510 Cli Configuration Manual

Unified services gateway release 2.2-r03

Hide thumbs Also See for OmniAccess 5510:

Getting started manual (21 pages)

,

Reference manual (792 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual

OmniAccess 5510

Unified Services Gateway

CLI Configuration Guide

1

2

Release 2.2-R03

Notes on numbered items on banner & legal pages

1

Man26801 West Agoura Road

Calabasas, CA 91301

(818) 880-3500

FAX (818) 880-3505

support@ind.alcatel.com

Beta

US Customer Support—(800) 995-2696

International Customer Support—(818) 878-4507

Internet—service.esd.alcatel-lucent.com

Website: www.alcatel-lucent.com

Part No: 060271-00, Rev A

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the OmniAccess 5510 and is the answer not in the manual?

Questions and answers

Summary of Contents for Alcatel-Lucent OmniAccess 5510

Page 1 For final production, import color definitions from \\daldoc01\docteam\templates\framemaker\book-template\color-defs\ production-colors.fm. OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Release 2.2-R03 Notes on numbered items on banner & legal pages Man26801 West Agoura Road Calabasas, CA 91301 (818) 880-3500 FAX (818) 880-3505 support@ind.alcatel.com...
Page 2 The following information is for the Users of the OmniAccess 5510 Unified Services Gateway: If it is not installed in accordance with the installation instructions, it may not function exactly to the said specifications.
Page 3: Table Of Contents
Table of Contents Preface......................1 About This Guide ........................1 Audience ........................... 1 Organization..........................2 Part I - Introduction ......................2 Part II - LAN Interfaces ....................... 2 Part III- WAN Interfaces...................... 3 Part IV - Packet Classification .................... 3 Part V - Routing Protocols ....................
Page 4 Clear Interface Commands....................35 Shutting Down and Bring Up an Interface ................ 35 Backup Interface....................... 36 3 System Configuration and Monitoring ............39 System Configuration and Monitoring Tasks ................39 Chapter Conventions ......................39 Management Plane Overview ....................40 Out of Band Management ....................
Page 5 Commands....................121 Modify Global VRRP Group Parameters ................ 123 Monitor and Debug VRRP ....................127 VRRP Interface Tracking ...................... 130 Alcatel-Lucent's Interface Tracking Design ..............130 VRRP Configuration Scenario using OA5510-TE ..............132 Procedure ........................132 VRRP Configuration ....................... 133...
Page 6 Fast Ethernet Interface Clear Commands ..............148 6 Layer 2 Switching Configuration ..............149 Chapter Conventions ...................... 149 Switching Overview....................... 150 Alcatel-Lucent Specific Overview on Switching .............. 152 L2 Switching Configuration ....................153 L2 Switching Configuration Steps................... 153 L2 Switching Configuration Flow ..................155 L2 Switching Commands....................
Page 7 Alcatel-Lucent Specific IRB Overview ................180 Configuration........................181 IRB Configuration Steps ....................181 IRB Commands ......................182 IRB Configuration using OA5510-TE ..................183 Topology for IRB Configuration on OA5510-TE ............. 183 Part 3: WAN Interfaces and Protocols 9 T1E1 Interface .....................187...
Page 8 ....................271 Part 4: Common Classification 13 Common Classifiers...................275 Chapter Conventions ...................... 275 CC Overview ......................... 276 Benefits of Alcatel-Lucent Devices Common Classifiers ..........277 CC Architecture ......................277 Before you Configure CC ....................278 Configuration........................279 CC Configuration Steps ....................
Page 9 Example 1........................300 Example 2........................301 Example 3........................302 Part 5: Routing Protocols 14 Protocol Independent Features..............305 Protocol Independent Features Configuration ..............305 Chapter Conventions ...................... 305 Protocol-Independent Configuration ................306 Protocol-Independent Configuration Commands ............307 15 Routing Information Protocol..............333 Chapter Conventions ......................
Page 10 Multicast Configuration on OA5510-TE................. 437 Verifying Multicast Routing ..................... 441 19 Policy Based Routing.................443 Chapter Conventions ...................... 443 Overview........................444 Alcatel-Lucent Specific Overview ................... 444 PBR Configuration ........................ 445 PBR Configuration Steps....................445 PBR Configuration Flow ....................447 PBR Configuration Commands ..................
Page 11 Types of NAT........................460 Benefits of NAT ......................462 Before You Configure NAT ..................... 462 Alcatel-Lucent Specific Overview ................... 462 Source NAT Configuration ....................463 SNAT Configuration Steps ..................... 464 SNAT Configuration Flow ....................466 SNAT Configuration Commands ..................467 Sample Configurations of SNAT on OA5510-TE............
Page 12 Customized-service Rule Based ALG Configuration ............564 Customizing ALG Commands ..................564 NOE ALG Configuration......................567 Persistent Memory......................567 Alcatel-Lucent Specific Overview ................... 567 NOE ALG Configuration Steps ..................568 NOE ALG Configuration Commands ................569 NOE Show Commands ....................571 NOE Clear Commands....................
Page 13 IPsec Tunnel Interface Configuration Flow..............651 IPsec Tunnel Interface Configuration Commands............652 IPsec Tunnel Configuration Scenarios using OA5510-TE ............ 659 23 Intrusion Detection/Intrusion Prevention System ........661 Chapter Conventions ...................... 661 IDS/IPS Overview ......................... 662 Alcatel-Lucent Specific Overview ................... 662 IDS/IPS Configuration ......................662...
Page 14 25 Quality of Service ..................703 Chapter Conventions ...................... 703 QoS Overview ........................704 Generic terms used in QoS .................... 704 Alcatel-Lucent Specific Overview on QoS ..............706 Traffic Without Policing and Shaping................708 Traffic with Policing......................709 Traffic with Shaping ......................710 Hierarchical Queuing ......................
Page 15 Part 8: TCP/IP Services 26 DHCP (Dynamic Host Configuration Protocol) Server......757 Chapter Conventions ...................... 757 DHCP Server Overview ......................758 Alcatel-Lucent Specific Overview ................... 758 DHCP Server Configuration ....................759 DHCP Server Configuration Steps ................. 759 DHCP Server Configuration Flow ...................
Page 16 DHCP Relay Test Scenarios using OA5510-TE ..............787 Configuration Steps ......................787 29 DNS (Domain Name Service) Client............789 Chapter Conventions ...................... 789 DNS Client Overview ......................790 DNS Client Configuration ...................... 790 DNS Client Configuration Steps ..................791 DNS Client Configuration Flow ..................
Page 17 Configuration ........................30 Configuring Sonicwall (PRO 3060) ................... 32 Verifying the Configuration ....................36 F Software Licenses and Acknowledgements..........37 Linux Kernel........................38 Freescale Copyrights......................38 Marvel..........................38 PMC-Sierra Linux Device Driver Software ............... 39 U-Boot ..........................39 Linux STP ......................... 40 Paul's PPP Package......................
Page 18 List of Figures Configuration Modes 13 VRRP Configuration Flow 120 VRRP Configuration Scenario 132 Ethernet Network 139 Fast Ethernet Interface Configuration Flow 142 Layer 2 Switching 151 L2 Switching Configuration Flow 155 Switching with no VLANs 163 Switching with VLAN 164 Spanning Tree Topology on OA5510-TE 176 IRB Topology 183 E1 Frame Structure 188...
Page 19 GRE Configuration Topology 693 GRE+ IP Filters + DoS Configuration Topology 695 GRE + IPsec Configuration Topology 697 Data Traffic before Policing And Shaping 708 Data Traffic with Policing 709 Data Traffic with Shaping 710 Link Sharing Requirement Example 711 Link Sharing Solution 712 Link Bandwidth sharing requirements over VPN tunnels 713 QoS Configuration Flow - Auto QoS Procedure 717...
Page 20: Preface
UIDE This guide describes the Command Line Interface (CLI) commands used to configure different services available in the OmniAccess 5510-TE Unified Services Gateway (OA5510-TE). It focuses on accessing OA5510-TE by using the CLI. In addition to showing how to configure each feature, this guide also provides background on why user might need the service and how it works.
Page 21: Organization
Left running head: Chapter name (automatic) OmniAccess 5510 Unified Services Gateway CLI Configuration Guide RGANIZATION The chapters in the CLI Configuration Guide are organized into seven parts. I - I NTRODUCTION The first part provides an introduction to CLI, “The Command Line Interface”...
Page 22: Part Iii- Wan Interfaces
Chapter 15 “Routing Information Protocol” and Chapter 16 “Border Gateway Protocol” and Chapter 17 “Open Shortest Path First” provides configuration commands for configuring RIP, BGP and OSPF routing protocols. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 23: Part Vi - Network Security Cli
Left running head: Chapter name (automatic) OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Chapter 18 “Multicast Routing” provides Multicast routing configuration on OA5510-TE. Chapter 19 “Policy Based Routing” covers the Policy Based Routing (PBR) configuration on OA5510-TE. VI - N...
Page 24: Part Vii - Quality Of Service
Chapter 28 “DHCP (Dynamic Host Configuration Protocol) Relay” focuses on DHCP Relay configuration. and Chapter 29 “DNS (Domain Name Service) Client” documents the DNS Client configuration commands. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 25: Document Conventions
Left running head: Chapter name (automatic) OmniAccess 5510 Unified Services Gateway CLI Configuration Guide OCUMENT ONVENTIONS The following table describes the document conventions used with the commands in this document: Convention Description Bold Indicates commands and keywords Italics Indicates arguments/command input supplied by you.
Page 26: Obtaining Documentation
Warning: Warning is used in similar cases as caution. This also indicates a situation where the reader needs to pay extra attention to avoid hazardous situations. BTAINING OCUMENTATION Alcatel-Lucent provides several ways to obtain technical assistance and other technical resources. Documents can be downloaded from our support site service.esd.alcatel-lucent.com. EFERENCE...
Page 27: Obtaining Technical Assistance
OmniAccess 5510 Unified Services Gateway CLI Configuration Guide BTAINING ECHNICAL SSISTANCE For all customers, partners, resellers, and distributors who hold valid Alcatel- Lucent service contracts, the Alcatel-Lucent Technical Support Team provides 24- hour-a-day, technical support services online and over the phone. For Customer issues and help, contact:...
Page 28: Part 1 Introduction
To switch to the beta version, import color def’ns from beta-colors.fm Part 1 Introduction Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle OmniAccess 5510 Unified Services Gateway CLI Configuration Guide section of Beta Beta Beta Beta variable) book...
Page 29 Left running head: Chapter name (automatic) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 30: The Command Line Interface
This chapter provides an overview of the CLI. For more detailed information on the CLI syntax and a description on its parameters, refer to the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 31: Introduction To Cli Modes
From the configuration modes, you can enter configuration sub-modes. The sub- configuration modes are used for the configuration of specific features within the scope of a given configuration mode. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 32: Cli Modes
IPSec, Time-Range etc. Sub-Interface Configuration Mode (S-ICM) This mode is accessed from Interface Configuration Mode This is a sub-mode of the ICM. Figure 1: Configuration Modes Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 33: Cli Modes
The command “top” is used to jump to configuration mode from which ever mode you are in. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 34: Failure Scenarios While Installing
Set terminal line parameters service Show running system information show Open a SSH connection Open a telnet connection telnet Set terminal line parameters terminal Trace route to destination traceroute Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 35 List files on a filesystem Turn off privileged commands.Exits from disable the SUM to the UM mode. Erase a filesystem erase Exit from current mode exit Description of the interactive help help system Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 36: Default Values For Random-Detect Ip-Precedence
Open a ssh connection Open a telnet connection telnet Set terminal line parameters terminal Trace route to destination traceroute Disable debugging functions undebug Write running configuration to memory, write network, or terminal Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 37 Select a controller to configure controller IPSEC VPN module crypto Customize services customized-service Debugging functions (see also debug 'undebug') Modify enable secret parameters enable Exit from configure mode Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 38 Show running system information show Configure SNMP parameters snmp Spanning-tree configurations spanning-tree SSH service Modify TACACS+ query parameters tacacs-server Telnet service telnet To provide TFTP service for file requests tftp-server Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 39 Define/modify a time range object time-range Enter top level configuration mode Define/modify transparent-forward policy transparent-forward Debugging functions (see also undebug 'undebug') Go up one mode Establish user name authentication username Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 40 ALU(config-controller E1)# ALU(config-controller E1)# exit ALU(config)# ALU(config)# interface Serial 0:0 ALU(config-if Serial0:0)# To exit the ICM and return to the CM, enter the Exit command. ALU(config-if FastEthernet0)# exit ALU(config)# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 41 To exit from the S-ICM and return to the ICM, use the Exit command. To end your configuration session and return to SUM mode, press Ctrl-Z or enter the End command. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 42: Exiting Configuration Modes
UM/SUM mode. You can use the Exit command in any configuration mode to return to the previous configuration mode. XAMPLE ALU# configure Enter configuration commands, one per line. End with CNTL/Z. ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# ^Z Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 43: Initial Setup
ALU(config-if FastEthernet0)# top ALU(config)# NITIAL ETUP Whenever the system configuration is empty, you are automatically entered into the initial setup program, which takes you through the basic configuration steps. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 44: Using The Command Line Interface
Disables tab completion no service completion tab-complete XAMPLE ALU(config)# service completion spacebar-complete ALU(config)# no service completion spacebar-complete ALU(config)# service completion tab-complete ALU(config)# no service completion tab-complete Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 45 This type of Help is called the Word Help. XAMPLE ALU(config)# show i? ** PRIVILEGE COMMANDS ** inband inband interfaces Display information for all interfaces internal Internal info IP information ip-policy ip-policy keyword IPX protocol Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 46 OSPF information PIM information protocols IP routing protocol process parameters and statistics IP RIP show commands route IP routing table traffic IP Traffic Statistics VPN Routing/Forwarding instance information Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 47: Partial Help
When you enter a partial command (part of a command) and press the Enter key, the CLI executes the best matched command. XAMPLE ALU(config)# sh ip int br Interface IP Address Status Protocol FastEthernet0 unassigned administratively down down Tunnel0 10.91.1.146 down Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 48: Command Line Editing
Ctrl-I Complete command. History This gives the list of all commands entered in the present session, with a maximum limit of 2000 commands. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 49 Esc, L Changes the letters from the cursor to the end of the word to lowercase. Esc, U Capitalizes letters from the cursor to the end of the word. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 50: Command History
16: interface switchport 2 17: interface switchport 1 18: interface switchport 0 19: service completion spacebar-complete 20: no service completion spacebar-complete 21: no service completion 22: show history Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 51: Configuring Interfaces
<64-1500> MTU (Maximum Transmission Unit) size. IP C NTERFACE ONFIGURATION Command (in ICM) Description Assigns an IP address and subnet mask ip address {<ip-address to the interface. subnet-mask>|<ip-address/ prefix-length>} Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 52: Interface Show Commands
0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer copied, 0 interrupts, 0 failures Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 53 This command displays information show ip interface brief about IP interfaces only. XAMPLE ALU(config)# show ip interface brief Interface IP Address Status Protocol FastEthernet0 unassigned administratively down down Loopback1 10.10.10.1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 54: Clear Interface Commands
Mode. This command administratively brings down the interface. This is entered in the Interface Configuration no shutdown Mode. This command administratively brings up the interface. XAMPLE ALU(config-if FastEthernet0)# shutdown ALU(config-if FastEthernet0)# no shutdown Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 55: Backup Interface
Enter this command in the Interface backup interface <interface- Configuration mode. name> This command is used to configure an interface as a backup interface. XAMPLE ALU(config-if FastEthernet0)# backup interface Serial 0:0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 56 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer copied, 0 interrupts, 0 failures Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 57 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions Timeslot(s) Used:1-24 (64Kbps each), Transmitter delay is 0 flags Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 58: System Configuration And Monitoring
Authentication, Authorization and Accounting Configuration Mode - ALU (config)# Interface Configuration Mode - ALU (config-if)# Management Information Base User Datagram Protocol Super User Mode - ALU# SNMP Simple Network Management Protocol Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 59: Management Plane Overview
ALU(config)# line console baudrate 19200 Note: For more information on connecting the system to the external network via console, refer to “Connecting the System to the Network” section in the OmniAccess 5510 Unified Services Gateway Hardware Users Guide. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide...
Page 60: Inband Management (Ssh And Telnet)
Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.25.19.1' (RSA) to the list of known hosts. root@172.25.19.1's password: Last login: Mon Dec 6 17:34:48 2004 [root@linux-sw root]# exit logout Connection to 172.25.19.1 closed. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 61 Note: For more information on connecting the system to the internal network, refer to the “Connecting the System to the Network” section in the OmniAccess 5510 Unified Services Gateway Hardware Users Guide. There is a limit on the number of non-console CLI sessions, using SSH and telnet.
Page 62: Idle Timeout
The default timeout is 20 minutes. A zero input specifies that the SSH, Telnet CLI sessions should never exit when left idle. XAMPLE ALU(config)# line vty exec-timeout 45 15 ALU(config)# no line vty exec-timeout Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 63: Ping
If source IP address does not belong to OA5510-TE, an error "Source IP Address does not belong to the box.Ping may not be successful" is thrown but still ping proceeds. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 64 Each router reduces the ttl value by one before forwarding it. It is a way of making sure that the packets destined to non- existing targets die out eventually. Default is 64. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 65 Set the df-bit value[n]: Set the ttl value[64]: Press ^C to Stop.. Sending 7,92-byte ICMP Echos to 2.2.2.12,timeout is 2 seconds !!!!!!! Success rate is 100 percent (7/7),round-trip min/avg/max = 3.499/3.833/3.915 ms Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 66: Traceroute
The command terminates when any of these happens: • the destination responds • the maximum TTL is exceeded • the user interrupts the trace with the escape sequence. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 67 TTL value. The destination port to be used by the Enter the Destination UDP probe messages. Port number to Port[33434]: be between 1-65535. The default is 33434. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 68 Enter the Destination Port[33434]: Enter the TOS value[0x0]: Set the df-bit value[n]: traceroute to 2.2.2.12 (2.2.2.12), 30 hops max, 38 byte packets. 2.2.2.12 (2.2.2.12) 3.151 ms 2.2.2.12 (2.2.2.12) 4.089 ms Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 69: Terminal Settings
‘hostname’ command. The host name shows up in the CLI prompt. Command (in CM) Description To configure the system name. hostname <name> XAMPLE ALU(config)# hostname ALU Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 70: Aaa Configuration On Oa5510-Te
This command is used to enable the aaa services AAA services. This command is used to disable the no aaa services AAA services. XAMPLE ALU(config)# aaa services ALU(config)# no aaa services Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 71: Authentication Commands
Stores the user password in an encrypted format. The ‘no’ command deletes the no username <user-name> specified user account. XAMPLE ALU(config)# username ALU1 password pass1 ALU(config)# username ALU1 nopassword ALU(config)# username ALU1 secret pass2 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 72 The following error is displayed if you try to configure a RADIUS server group with the name ‘local’: ALU(config)# aaa server-group radius local The name of the Group is reserved ALU(config)# no aaa server-group radius rad1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 73 Timeout: This determines the number of seconds that OA5510-TE should wait for a reply from the RADIUS server before retrying. • Retransmit: The number of retries after each “timeout” interval, before giving up on the server. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 74 The default key is “” (empty string). The ‘no’ command deletes the global RADIUS key from the configuration, and resets it to default (for all servers that do not have a server specific key). Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 75 XAMPLE ALU(config)# radius-server auth-port 1800 ALU(config)# radius-server deadtime 10 ALU(config)# radius-server key test ALU(config)# radius-server retransmit 5 ALU(config)# radius-server timeout 10 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 76 The following error is displayed if you try to configure a TACACS+ server group with the name ‘local’’: ALU(config)# aaa server-group tacacs local The Name of the Group is reserved ALU(config)# no aaa server-group tacacs tac1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 77 Key: This is the encryption key between OA5510-TE and the TACACS+ server. • Timeout: This determines the number of seconds that OA5510-TE should wait for a reply from the TACACS+ server before retrying. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 78 (for all servers that do not have a server specific timeout value). XAMPLE ALU(config)# tacacs-server auth-port 100 ALU(config)# tacacs-server key test1 ALU(config)# tacacs-server timeout 10 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 79 Remote clients will be denied access with the message 'No password Set'. This is the default behavior. XAMPLE ALU(config)# enable secret test Secret for level 15 is set Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 80 ALU(config)# aaa method-list m1 rad3 One of the Specified Groups doesn't have any server in it ALU(config)# no aaa method-list m1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 81 This command associates an already [no] aaa authentication web configured method-list with the web client- <method-list-name> type (HTTP clients). The ‘no’ command removes the associated method-list from the web client-type. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 82 Heading1 or Heading1NewPage text (automatic) AAA Configuration on OA5510-TE XAMPLE ALU(config)# aaa authentication console m1 ALU(config)# aaa authentication enable m1 ALU(config)# aaa authentication remotelogin m1 ALU(config)# aaa authentication web m1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 83 5. Select Reload Device option. 6. Once the reload is done, you can enter the new password for the superadmin. For more information on this, refer to “Rescue Mode Options” section. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 84 <prompt- to log in, to enter his password. The default text> password-prompt is "Password:". The 'no' command brings the default back into effect. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 85 ALU(config)# aaa authentication banner @Only authorized access permitted.@ ALU(config)# aaa authentication success-message $Login attempt successfull.$ ALU(config)# aaa authentication fail-message $Login failed!$ ALU(config)# aaa authentication username-prompt u1 ALU(config)# aaa authentication password-prompt p1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 86: Show Commands
.sorry!!!. aaa authentication console m1 aaa authentication remotelogin rad aaa authentication web rad enable password e Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 87 Command (in SUM/CM) Description This command displays all the configured show aaa-methodlists method-lists on the system. XAMPLE ALU(config)# show aaa-methodlists aaa method-list m1 rad1 tac1 local aaa method-list m2 tac1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 88 This command shows the details of all the show aaa-tacacs TACACS+ Server Groups configured. XAMPLE ALU(config)# show aaa-tacacs aaa server-group tacacs tac1 tacacs-server 12.34.42.2 tacacs-server 23.4.2.232 auth-port 2050 key some Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 89: Clear Commands
This can be used to clear a misbehaving or an unnecessary session. The session ID can be obtained from the ‘show aaa-users’ command. XAMPLE ALU(config)# clear session 5 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 90: Setting And Displaying The System Time And Date
The failure of the RTC to maintain the correct time after a power cycle may be a symptom of a discharged battery. The internal battery is not a field serviceable. Contact Services & Support for chassis replacement instructions. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 91: Clock Set
Current setting is Tue Sep 25 17:59:20 2007 ALU# show clock RTC set to Tue Sep 25 18:00:06 2007 System time is Tue Sep 25 18:00:06 2007 Not synchronized with external source Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 92: Clock Synchronize
XAMPLE ALU(config)# clock synchronize using ntp server 10.91.2.87 every 2 hours This command has no output. To verify the settings, use the ‘show clock’ command described in this section. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 93: System Logging And Debugging
This command is used to log all the [no] logging system [<0-7>] Kernel messages. By default, messages with a priority of 5 and lower will be logged. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 94: Example
ALU(config)# logging buffered priority 5 ALU(config)# logging remote 1.1.1.1 priority 5 ALU(config)# logging console 5 ALU(config)# logging system ALU(config)# logging watermark 10000 ALU(config)# service timestamps log ALU(config)# terminal monitor ALU(config)# clear logging Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 95: Example 1
2009 Feb 12 12:13:18 UTC: %AAAMgr-6-AAA: AAA services enabled by user superadmin@boot-time. 2009 Feb 12 12:13:19: %snort-5-LOG: Detection: 2009 Feb 12 12:13:19: %snort-5-LOG: Search-Method = Low-Mem Trie 2009 Feb 12 12:13:23: %AAAMgr-6-AAA: Connection with RIB MGR Succeded --More-- Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 96: Example 3
Oct 13 10:44:47: %CLI-6-LOG: A Client Logged in to the Box through SSH from 10.91.2.87 2005 Oct 13 10:45:41: %CLI-6-LOGSRV: Logging buffer size set to 128K by User:privileged user. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 97: Rate Limiting In Statlog
In case of conflict, wherein a message has more than one rate-limiting configuration applicable to it, say for example, for its tag and its subtag, the following order of preference is followed: • subtag • • priority Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 98: Example 1
The above command limits the messages of priority 5 (notification) or lower (level 6 and 7) to 50 per second. XAMPLE ALU(config)# logging rate-limit no unique ALU(config)# logging rate-limit unique Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 99: Saving Log Messages
This saves log messages with priority equal to 5. ALU# save logging string time This saves log messages with string time. This is case sensitive. ALU# save logging tag cli This saves log messages originating from CLI. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 100: Viewing Tech Support
IEWING UPPORT When a problem or a bug is encountered in the system, you can send the output of the following command to Alcatel-Lucent’s tech-support department. This provides enough information to the technical-support department to locate and debug the error.
Page 101: The File System
5 08:31 core.1329.3.clim-sh.1157445064.24 -rw- 147456 Sep 5 13:20 core.1355.3.clim-sh.1157462445.24 -rw- 147456 Aug 3 12:11 core.1363.3.clim-sh.1154607060.24 XAMPLE ALU(config) # mkdir fpkey: Directory []? ALUtest ALU(config) # mkdir user: Directory []? ALUtest Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 102: Copying Files
Remote Port [ Enter for default ] : Source Path/File []? /tmp/test_file Username [anonymous]? admin Password []? Local filename []? test_file URL specification sanity OK, proceeding with copy (please wait) Copy successful Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 103: Deleting Files
The following command deletes a file in fpkey: ALU(config)# delete fpkey:backup_package The following command deletes a file in fpkey: ALU(config)# delete user:backup_config The following command deletes a config file: ALU(config)# delete config-file config1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 104: Configuration File Management
1 10 tag SWE subtag DOS logging rate-limit 1 10 tag PVSTD subtag PKT logging rate-limit 1 10 tag SWE subtag SESSION !VRF Configuration ! MULTICAST Configuration !NOE port reservation !--More-- Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 105 The command "write memory" can also be used to save the running configuration to the start-up configuration. XAMPLE ALU# save running-config Saving to startup-config ... ALU# write memory Saving to startup-config ... Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 106 XAMPLE ALU# list config-files Permission Size Date modified Name --------- ---- ------------- ------ -rw- 10464 Dec 26 15:25 my-config -rw- 10461 Dec 25 08:13 startup-config Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 107 ! MULTICAST Configuration !NOE port reservation ! SNMP Configurations aaa services username recovery password 5 c69ab28cffbe009202b1dcf79f025b04 username superadmin password 5 8ec760e45da5b29afb19ed8d68a3eb5e interface FastEthernet0 shutdown interface switchport0 shutdown interface switchport1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 108 ! Filter Policy configuration ! Dos attack configuration !Snort configuration firewall intrusion snort ! Firewall configuration ! IPSEC Policy configuration !QoS Configuration !Customized-Services ! DHCP Server Configuration Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 109 This file should be present in the config directory. (Use the copy commands to copy the file to the config directory). XAMPLE ALU# load config-file config1 Loading config1 to running-config... /-------- Percent Complete -------- |********************************* Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 110 XAMPLE ALU# delete config-file my-config ALU(config)# write erase Are you sure you want to erase startup-config file yes/no [yes]:yes [OK] startup-config file erased. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 111: Software Package Management
This is the collection of files that installs the firmware on the boot flash. 2. alu-apps.<version>.npm This is the collection of application modules and is a complete software release of all features. 3. alu-part.<version>.npm This is one application module by itself. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 112 No : Manually run set-default at a later time Proceed? (y/[n]) : y Do you want to save config before proceeding ([y]/n) : y Building configuration... [OK] Setting Default image to 2.2.33.1-R03... Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 113 Remote Port [ Enter for default ] : Path : backup-apps.oa5510.2.3.2.30.2.npm Username [Enter for none] : user1 Password : Backing up Applications package... Creating... Uploading file. This could take a while...Completed. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 114 No : Manually run set-default at a later time Proceed? (y/[n]) : y Do you want to save config before proceeding ([y]/n) : y Building configuration... [OK] Setting Default image to 2.2.33.1-R03... Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 115 2.2.33.1-R03 OSPF OSPF Protocol 2.2.33.1-R03 Quality of Service 2.2.33.1-R03 Routing Information Protocol 2.2.33.1-R03 Routing-base Routing Infrastructure 2.2.33.1-R03 SNMP SNMP-v2 support 2.2.33.1-R03 Secure Shell Access 2.2.33.1-R03 Security Network Security Services Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 116 XAMPLE ALU# show version Alcatel-Lucent Software, Version 2.2.33.1-R03, for OmniAccess 5510 Copyright (c) 2003-2009 by Alcatel-Lucent Inc. Built on Tue Jan 6 19:57:03 IST 2009 Flash version - 1.4 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 117: Reloading The System
To reload the system, also referred to as reload [line] a soft reboot. XAMPLE ALU# reload Do you really want to reboot the Chassis (y/[n])?y Do you want to save config before rebooting (y/[n])n Restarting system. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 118: System Monitoring And Troubleshooting
Uptime is 0 days 6 hours 21 minutes 10 seconds Current temperature is 31.5 Celsius OA5510 - OA5510 T1/E1 (active) Part number: 050503-26T Module type: 00002001 Serial number: J4380178 Revision: 201 FRU#: 902696-90 Format: 3 Base MAC: 00:11:8B:90:45:B2 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 119: To View Process Information
648 root 4228 S snmpd -f 649 root 2220 S aclmgr aclmgr initial 650 root 2460 S rip rip initial 651 root 2416 S qosMgr 652 root 2004 S pppoed Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 120 1104 root 35940 S snort -i eth0 -c /apps/etc/snort/snort.conf 2347 root 380 S sleep 30 2348 root 452 S more 2349 root 688 R ps aux Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 121: Memory Information
44264 kB VmallocChunk: 595596 kB Note: In addition to the total memory displayed, 16 MB is reserved for data buffers. This is not displayed in the total system memory. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 122: Hot Key Support
5 seconds of sending the break as given in the following table: Action Key Combination Chassis Reboot BREAK + ‘b’ CLI restart BREAK + ‘c’ Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 123 Ctrl-\b Minicom Linux Ctrl-a f Telnet Ctrl-], then type send Teraterm Windows Alt-b Terminal Windows Break Ctrl-Break UNIX Ctrl-], then Break or Ctrl-c VT 100 Emulation Z-TERMINAL Apple Command-b Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 124: Rescue Mode Options
6. Install package from Front Panel USB 7. Remove Package 8. Disable Startup config 9. Backup Config area to Front Panel USB 10. Restore Config area from Front Panel USB Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 125 This is usually followed up by a package install, set default and optionally to restore configuration to get the system in working condition. • 4. List installed packages List all packages that have been installed and package details. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 126 Backup all config related files to the FPkey. This can be restored later. • 10. Restore Config area from Front Panel USB Restore config files that were backed up into a file on Front Panel USB (fpkey). Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 127: Snmp (Simple Network Management Protocol)
Some of the advantages of using SNMP are: • Standardized protocol • Universal acceptance • Portability • Lightweight • Extensibility Widely deployed Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 128: Snmp Agent And Manager
SNMPv3 defines the secure version of the SNMP. It also facilitates remote configuration of the SNMP entities and is defined in RFC 2571 to RFC 2575. Note: SNMPv3 is not supported in OA5510-TE. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 129: Snmp Configuration Commands
This command removes read-only/ no snmp agent {rocommunity read-write community string |rwcommunity} configured on the SNMP agent. XAMPLE ALU(config)# snmp agent rocommunity private ALU(config)# no snmp agent rocommunity Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 130 SNMP T NALBE Command (in CM) Description This command enables the agent to snmp trap enable send the SNMP traps to the configured host. XAMPLE ALU(config)# snmp trap enable Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 131 ALU(config)# no snmp trap 10.1.1.1 v1 162 SNMP V ONFIGURE ERSION Command (in CM) Description This command configures the SNMP snmp agent version {v1|v2c} agent version. XAMPLE ALU(config)# snmp agent version v2c Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 132: Snmp Show Commands
System Contact : test System Location : [Not configured] Community-Access Community-String ---------------- ---------------- read-only read-write [Not configured] Trap-Host Trap-Port Version Trap-Community --------- --------- ------- -------------- 10.91.0.224 8001 trapcomm 10.91.0.225 notifcomm Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 133 0 Silent drops 0 Proxy drops 557 SNMP packets output 0 Too big errors 2 No such name errors 0 Bad values errors 0 General errors 557 Get Responses 0 Traps Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 134: Snmp Mib Cli
The following command for v1 and v2 can be used to fetch all the MIB objects supported at the agent. snmpwalk -v {1|2c} -c <community-string> <agent ip-address> snmpbulkwalk -v 2c -c <community-string> <agent ip-address> Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 135: Snmp Mib Gui
SNMP operations on the agent running on the device. Note: Ensure that the version and community string settings of the MIB browser is compatible with the agent, before performing any operation from the MIB browser. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 136: Virtual Router Redundancy Protocol
“VRRP Interface Tracking” • “VRRP Configuration Scenario using OA5510-TE” HAPTER ONVENTIONS Acronym Description Configuration Mode - ALU (config)# Interface Configuration Mode - ALU (config-interface name)# VRRP Virtual Router Redundancy Protocol Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 137: Vrrp Overview
The VRRP Interface Tracking feature extends the capabilities of the VRRP to allow tracking of specific interfaces within the router that can alter the priority of a router. 3768 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 138: Vrrp Configuration
Set an Advertisement interval, Learning the advertisement interval, interface tracking. See “Modify Global VRRP Group Parameters” Step 7: Use the “show” and “debug” commands to monitor and debug the VRRP configuration. See “Monitor and Debug VRRP” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 139: Vrrp Configuration Flow
Left running head: Chapter name (automatic) Virtual Router Redundancy Protocol VRRP C ONFIGURATION Figure 2: VRRP Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 140: Vrrp Cli Commands
This command removes all configuration no vrrp <1-8> associated with the VRRP group on the interface. XAMPLE ALU(config-if FastEthernet0)# vrrp 5 ip 10.91.0.8 ALU(config-if FastEthernet0)# no vrrp 5 ip 10.91.0.8 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 141 Consider the following examples for incorrect configuration with corresponding error messages: XAMPLE ALU(config-if FastEthernet0)#ip address 10.1.1.1/24 ALU(config-if FastEthernet0)#ip address 10.2.1.1/24 secondary ALU(config-if FastEthernet0)#vrrp 1 ip 10.1.1.1 Error - 10.1.1.1 already assigned as interface IP to FastEthernet0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 142: Modify Global Vrrp Group Parameters
VRRP group. The “no” command restores the default no vrrp <1-8> priority priority for the VRRP group. The default priority is 100. XAMPLE ALU(config-if FastEthernet0)# vrrp 7 priority 104 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 143 This command assigns a text description vrrp <1-8> description to the VRRP group. <string> Note: User-defined string up to 80 characters is allowed. XAMPLE ALU(config-if FastEthernet0)# vrrp 7 description ALU-vrrp Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 144 VRRP group. The “no” command restores the default no vrrp <1-8> timers advertisement interval. advertise The default interval value is 1 second. XAMPLE ALU(config-if FastEthernet0)# vrrp 7 timers advertise 5 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 145 <interface-name> of a virtual router in a VRRP group. The “no” command removes tracking of no vrrp <1-8> track-interface the interface. XAMPLE ALU(config-if FastEthernet0)# vrrp group track-interface Serial Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 146: Monitor And Debug Vrrp
Master Down interval is 3.000 secs ALU(config)# show vrrp all brief Interface Prio Preempt State Master addr Group addr FastEthernet0 1 Master 10.1.1.1 10.1.1.1 FastEthernet0 2 Master 10.1.1.1 20.1.1.1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 147 Advertisement interval is 1.000 sec Preemption enabled Priority is 100 Master Router is 10.1.1.1 (local), priority is 100 Master Advertisement interval is 1.000 secs Master Down interval is 3.000 secs Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 148 ALU# debug vrrp control all VRRP M ANAGEMENT ESSAGES Command (SUM/CM/ICM) Description This command displays VRRP debug vrrp management management debug messages. {all|protocol|vrrpfs} XAMPLE ALU# debug vrrp management all Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 149: Vrrp Interface Tracking
ACKUP TATE The router will not take any action when the track interface goes down. When router is in backup state, the router will set its priority to 20. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 150 The router will switch to backup state if a router with the next highest priority overrides it. Else, the router will remain in master state to provide some minimal set of services. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 151: Vrrp Configuration Scenario Using Oa5510-Te
• Switch • PC/Laptop Figure 3: VRRP Configuration Scenario ROCEDURE Configure LAN stations (192.168.1.4, 192.168.1.5, 192.168.1.6) with default gateway address of 192.168.1.3, which is IP address of Virtual Router. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 152: Vrrp Configuration
ALU(config-if-FastEthernet0)# vrrp 1 ip 192.168.1.3 ALU(config-if-FastEthernet0)# vrrp 1 priority 120 OmniSwitch OS9000-> ip interface “vlan_10” address 192.168.1.2 vlan 10 OS9000-> vrrp 1 10 address 192.168.1.3 OS9000-> vrrp 1 10 priority 110 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 153 Left running head: Chapter name (automatic) Virtual Router Redundancy Protocol Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 154: Part 2 Lan Interfaces And Configuration
To switch to the beta version, import color def’ns from beta-colors.fm Part 2 LAN Interfaces and Configuration Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle OmniAccess 5510 Unified Services Gateway CLI Configuration Guide section of Beta Beta Beta Beta variable) book...
Page 155 Left running head: Chapter name (automatic) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 156: Fast Ethernet Interface
CLI. For instructions on using the Fast Ethernet commands and descriptions on each of their parameters with the corresponding default values for each, refer to the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. This chapter is divided into the following sections: •...
Page 157: Ethernet Overview
Modern advancements have increased these distances considerably allowing Ethernet networks to span tens of kilometers. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 158: Ethernet Terminologies
If it is not, the station discards the frame without even examining its contents. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 159: Switched Ethernet
This allows end stations to transmit to the switch at the same time that the switch transmits to them, achieving a collision-free environment. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 160: Fast Ethernet Configuration
“To Configure Speed” Step 6: View the configuration details on the interface. See “Fast Ethernet Interface Show Commands”. Step 7: Clear interface statistics. See “Fast Ethernet Interface Clear Commands”. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 161: Fast Ethernet Interface Configuration Flow
Left running head: Chapter name (automatic) Fast Ethernet Interface THERNET NTERFACE ONFIGURATION Figure 5: Fast Ethernet Interface Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 162: Ethernet Interface Configuration Commands
The “no” command sets the flow control no flowcontrol {receive|send} to its default. By default, flow control is {off|on} set to “Off”. XAMPLE ALU(config-if FastEthernet0)# flowcontrol send on ALU(config-if FastEthernet0)# no flowcontrol send on Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 163 [10|100|auto] speed. The “no” command sets the interface no speed speed to its default. The default speed is “auto”. XAMPLE ALU(config-if FastEthernet0)# speed 100 ALU(config-if FastEthernet0)# no speed Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 164: Fast Ethernet Interface Show Commands
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 165 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 multicast 0 lost carrier, 0 no carrier, 0 pause output Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 166 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 multicast 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer copied, 0 interrupts, 0 failures Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 167: Fast Ethernet Interface Clear Commands
This command is used in the Interface clear Configuration Mode. This command clears the counters on a specific Fast Ethernet interface. XAMPLE ALU(config-if FastEthernet0)# clear Clear counters on this interface [confirm]y ALU(config)# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 168: Layer 2 Switching Configuration
Configuration”. Refer to the “Alcatel-Lucent Specific Overview on Switching” for Alcatel-Lucent specific features. HAPTER ONVENTIONS Acronym Description Configuration Mode - ALU (config)# Interface Configuration Mode - ALU (config-interface name)# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 169: Switching Overview
The basic mechanics of such a translation is depicted in the graphic below. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 170: Layer 2 Switching
- that is, they do not look at the data packet very closely to learn anything more about where it is headed. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 171: Alcatel-Lucent Specific Overview On Switching
VLAN tag information. Note: MTU configuration is not supported on switchport interfaces. However, MTU can be configured on VLAN interfaces. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 172: L2 Switching Configuration
“To Configure Mode for the L2 Interface” Step 2: Configure tagged VLANs that will be allowed when the interface is configured to Trunk mode. See “To Configure Trunk VLAN” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 173 Step 6: Monitor and troubleshoot the configuration using the “show” commands. “L2 Switching Show Commands” Step 7: Use the clear command to clear the MAC address table entries. See “L2 Switching Clear Commands” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 174: L2 Switching Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) L2 Switching Configuration L2 S WITCHING ONFIGURATION Figure 7: L2 Switching Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 175: L2 Switching Commands
If no access VLAN is configured, then the interface moves to pure bridging mode. XAMPLE ALU(config-if switchport0)# switchport mode trunk ALU(config-if switchport0)# no switchport mode Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 176 <2-4094>... XAMPLE ALU(config-if switchport0)# switchport trunk allowed vlan 3 ALU(config-if switchport0)# switchport trunk allowed vlan 5 8 9 ALU(config-if switchport0)# no switchport trunk allowed vlan 3 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 177 {10|100|auto} speed. The “no” command sets the interface no speed speed to its default. The default speed is “auto”. XAMPLE ALU(config-if switchport0)# speed 100 ALU(config-if switchport0)# no speed Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 178: L2 Switching Show Commands
0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 Out multicast, 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 179 Interface name Mode --------- ---------- ------------------- ----- Inactive switchport0 Access ALU(config)# show vlan Brief VLAN_ID Interface name Mode --------- ----------------- -------- switchport0 No-Mode switchport1 No-Mode switchport2 No-Mode switchport3 No-Mode Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 180 Dynamic 0008.a16b.6597 switchport1 Dynamic 0008.a170.59ea switchport1 Dynamic 0008.a170.5e1d switchport1 Dynamic 0008.a170.5e21 switchport1 Dynamic 0008.a177.fecc switchport1 Dynamic 0008.a177.fece switchport1 Dynamic 0008.a178.4b19 switchport1 Dynamic 0008.a17b.ba3d switchport1 Dynamic 000c.f1c3.85a9 switchport1 Dynamic Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 181: L2 Switching Clear Commands
LEAR THE ADDRESS TABLE Command (in CM) Description This command clears the mac-address- clear mac-address-table table learnt by the system. Dynamic [vlan <1-4094>] XAMPLE ALU # clear mac-address-table Dynamic Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 182: Switching Configuration Using Oa5510-Te
By default, all switchports will be in bridged mode. They belong to 1 broadcast domain. ALU(config)# interface switchport0 ALU(config-if switchport0)# ALU(config-if switchport0)# no shutdown To check for reachability between hosts, verify with ping from, say Host 1 to Host Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 183: Oa5510-Te As A Switch With Vlans
Hence, hosts 1 and 2 belong to VLAN2, hosts 3 and 4 belong to VLAN3. VLAN ONFIGURE CCESS ALU(config-if switchport0)# switchport access vlan 2 ALU(config-if switchport0)# VLAN C ELETE CCESS ONFIGURED ALU(config-if switchport0)# no switchport access vlan Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 184 Each VLAN is a separate broadcast domain. There is reachability between hosts within same VLAN. This can be verified with ping from, say host 1 to host 2. However, ping from host 1 to host 4 would fail. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 185 Left running head: Chapter name (automatic) Layer 2 Switching Configuration Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 186: Spanning Tree Protocol
Spanning Tree Protocol (STP). For a more detailed information on the parameter descriptions and their corresponding default values, refer to the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. This chapter includes the configuration steps, CLI syntax with its description and configuration examples.
Page 187: Spanning Tree Protocol Overview
STP operation is transparent to end stations, which are unaware whether they are connected to a single LAN segment or a switched LAN of multiple segments. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 188: Stp Configuration
Set the STP port priority. See “To Set Spanning Tree Port Priority” Step 5: Use the show commands to recheck and view the details configured. See “Show Commands in Spanning Tree” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 189: Stp Configuration Commands
The following command enables the spanning tree for the default VLAN, i.e., VLAN-1: ALU(config)# spanning-tree The deletion of the spanning tree will follow the same rule. ALU(config)# no spanning-tree Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 190 The following command resets the spanning tree forward-time to 30, hello-time to 10 and maximum-age to its default: ALU(config)# no spanning-tree forward-time ALU(config)# no spanning-tree hello-time ALU(config)# no spanning-tree max-age Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 191 When two bridges compete for position as the root bridge, configure the spanning tree cost to prioritize an interface. The spanning tree cost is configured on a per port basis. XAMPLE ALU(config-if switchport1)# spanning-tree cost 1000 ALU(config-if switchport1)# no spanning-tree cost Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 192 When two bridges compete for position as the root bridge, port priority command is used to prioritize an interface. Spanning tree port priority is configured on a per port basis. XAMPLE ALU(config-if switchport1)# spanning-tree port-priority 250 ALU(config-if switchport1)# no spanning-tree port-priority Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 193: Show Commands In Spanning Tree
XAMPLE ALU(config)# show spanning-tree summary Name Blocking Listening Learning Forwarding STP Active --------------- -------- --------- -------- ---------- -------- VLAN1 --------------- -------- --------- -------- ---------- -------- 1 VLANs Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 194 Designated bridge has priority 32768, address 00.11.8b.00.27.13 Designated port Id is 128.14 path cost 0 Timers: message age 1, forward delay 0, hold 0 BPDU: sent 40, received 84 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 195: Stp Configuration Example
All the L2 ports will participate in pure bridging if they are not configured for access or trunk or hybrid. OPOLOGY The topology consists of the following components: • 3 OA5510-TE • PCs/Laptops Figure 10: Spanning Tree Topology on OA5510-TE Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 196: Procedure
OA5510-C(config)#interface switchport 1 OA5510-C(config-if switchport1)#no shutdown OA5510-C(config)# spanning-tree ERIFICATION Verify the spanning tree by using the following show commands: • show spanning-tree brief • show spanning-tree summary • show spanning-tree Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 197 Left running head: Chapter name (automatic) Spanning Tree Protocol Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 198: Integrated Routing And Bridging
This chapter covers the commands used to configure Integrated Routing and Bridging (IRB) on OA5510-TE. For instructions on using the commands and to get a detailed description on each of their parameters, refer to OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. HAPTER...
Page 199: Integrated Routing And Bridging Overview
If the egress interface is a logical VLAN interface, then it will be sent out of the appropriate physical interface port(s) that belong to the VLAN. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 200: Irb Configuration
Note: - A given VLAN interface for IRB can be used only on the four L2 ports. - The IRB VLANs cannot be configured on the Fast Ethernet port. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 201: Irb Commands
2035879 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 202: Irb Configuration Using Oa5510-Te
Based on the above given topology, configure VLAN 100 on Switchport 2. This will route the traffic to another interface. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 203 ALU(config-if Vlan 100)# ip address 10.10.10.20/24 ONFIGURE RIDGING ALU(config)# interface switchport 2 ALU(config-if-switchport2)# ALU(config-if-switchport2)# no shutdown ALU(config-if-switchport2)# switchport access vlan 100 ERFICATION Verify by pinging from 10.10.10.5 to 20.20.20.1. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 204: Part 3 Wan Interfaces And Protocols
To switch to the beta version, import color def’ns from beta-colors.fm Part 3 WAN Interfaces and Protocols Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle OmniAccess 5510 Unified Services Gateway CLI Configuration Guide section of Beta Beta Beta Beta variable) book...
Page 205 Left running head: Chapter name (automatic) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 206: T1E1 Interface
• “T1 Interface Overview” • “T1 Configuration” HAPTER ONVENTIONS Acronym Description Configuration Mode - ALU (config)# Controller Configuration Mode - ALU (config-controller)# Interface Configuration Mode - ALU (config-interface name)# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 207: T1 And E1 Overview
Figure 12: E1 Frame Structure The following sections detail on the E1 configuration: • “E1 Timeslot Functionalities” • “Mechanisms Supported by the E1 interface” • “E1 Modes of Operation” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 208: E1 Timeslot Functionalities
• Channel Associated Signaling (CAS) - In each Multiframe, each channel has a predetermined frame. In this frame, half of TS16 is dedicated for this channel signaling information. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 209: E1 Modes Of Operation
VERVIEW • In E1 lines, cable-length is referred to as Line Termination. There is no variation of Long and Short cable length. • OA5510-TE supports fractional T1 or E1. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 210: E1 Configuration
Step 6: Enter Interface Configuration Mode to configure a serial interface. See “To Configure a Serial Interface” Note: Creation of a channel-group is a pre-requisite prior to configuring a serial interface. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 211 (Optional) Step 11: See “To View the E1 Controller Configuration” to view the E1 configuration details. Step 12: View the interface configuration details. See “To View Interface Configuration” command. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 212: E1 Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) E1 Configuration E1 C ONFIGURATION Figure 13: E1 Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 213: E1 Configuration Commands
Command (in CM) Description This command configures an E1 or T1 controller {E1|T1} <port> controller. Use E1 keyword to configure an E1 controller. XAMPLE ALU(config)# controller E1 0 ALU(config-controller E1)# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 214 To associate contiguous timeslots with the controller: ALU(config-controller E1)#channel-group 0 timeslots 1-10 ALU(config-controller E1)#channel-group 0 timeslots 4,5,6 c) To associate non-contiguous timeslots with the controller: ALU(config-controller E1)#channel-group 0 timeslots 1,4,20 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 215 ALU(config-controller E1)# no shutdown The following example shuts down the controller: ALU(config)# controller E1 0 ALU(config-controller E1)# shutdown Note: By default, the controller will be in the shutdown state. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 216 The “no” command sets the impedance no line-termination value to its default. The default line-termination value is 120 ohm. XAMPLE The following example selects 120ohm as the E1 line impedance: ALU(config-controller E1)#line-termination 120 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 217 XAMPLE The following example configures the E1 0 clocksource to line: ALU(config-controller E1)# clocksource line The following example configures the E1 0 clocksource to internal: ALU(config-controller E1)# no clocksource Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 218 The “no” command sets the no encapsulation encapsulation to its default. The default encapsulation is HDLC. XAMPLE The following example shows how to set the FR encapsulation: ALU(config-if Serial0:0)# encapsulation frame-relay Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 219 2 payload. The “no” command sets the MTU to its no mtu default. The default MTU is 1500 bytes. XAMPLE ALU(config-if Serial0:0)# mtu 1200 ALU(config-if Serial0:0)# no mtu Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 220: E1 Show Commands
Framing is crc4, Line Code is hdb3, Clock Source is internal Total Data (Since last clearing of counters) 0 Line Code Violation, 0 Framing Errors 0 CRC Errors, 0 Far End Block Errors Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 221 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 222: Troubleshooting E1 Lines
E1 0: ALU(config)#controller E1 0 ALU(config-controller E1)# loopback network line The following example disables the loopback on controller E1 0: ALU(config)# controller E1 0 ALU(config-controller E1)# no loopback Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 223: T1 Interface Overview
These "robbed" bits form a channel with capacity of 10.666 Kbps. If CCS is in use, then one Timeslot (TS), usually TS 24, is dedicated for signaling purposes. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 224: T1 Modes Of Operation
ESF + CAS/CRC/FDL. • CCS: Can be used in each of the framed formats by dedicating one channel (usually TS-24) for delivering the signaling messages in a predetermined protocol. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 225: T1 Configuration
Step 6: Enter Interface Configuration Mode to configure the serial interface. See “To Configure a Serial Interface” Note: Creation of a channel-group is a pre-requisite prior to configuring a serial interface. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 226 Configure MTU on the Interface” (Optional) Step 11: See “To View the Controller Configuration” to view T1 configuration. Step 12: View the interface configuration details. See “To View Interface Configuration” command. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 227: T1 Configuration Flow
Left running head: Chapter name (automatic) T1E1 Interface T1 C ONFIGURATION Figure 14: T1 Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 228: T1 Configuration Commands
1-24. This enables the interface on the controller. The default speed is 64 Kbps. This command removes the channel- no channel-group <0-0> group configured on the controller. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 229 To associate contiguous timeslots with the controller: ALU(config-controller T1)#channel-group 0 timeslots 1-10 ALU(config-controller T1)#channel-group 0 timeslots 1,2,3 c) To associate non-contiguous timeslots with the controller: ALU(config-controller T1)#channel-group 0 timeslots 1,4,20 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 230 XAMPLE The following example changes transmit attenuation of controller T1 to appropriate level for long cables: ALU(config-controller T1)# cablelength long -22.5db Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 231 XAMPLE The following example configures frame type as super frame for T1: ALU(config-controller T1)#framing sf The following example resets the T1 frame type to esf: ALU(config-controller T1)# no framing Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 232 XAMPLE The following example configures the T1 0 clocksource for line: ALU(config-controller T1)# clocksource line The following example configures the T1 0 clocksource for internal: ALU(config-controller T1)# no clocksource Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 233 The “no” command sets the no encapsulation encapsulation to its default. The default encapsulation is HDLC. XAMPLE ALU(config-if Serial0:0)# encapsulation frame-relay ALU(config-if Serial0:0)# no encapsulation Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 234 2 payload. The “no” command sets the MTU to its no mtu default. The default MTU is 1500 bytes. XAMPLE ALU(config-if Serial0:0)# mtu 1000 ALU(config-if Serial0:0)# no mtu Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 235: T1 Show Commands
Framing is esf, Line Code is b8zs, Clock Source is internal Total Data (Since last clearing of counters) 0 Line Code Violation, 0 Framing Errors 0 Out of Frame, 0 Bit Errors Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 236 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions Timeslot(s) Used:1 (64Kbps each), Transmitter delay is 0 flags Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 237: Troubleshooting T1 Lines
T1 0: ALU(config)# controller T1 0 ALU(config-controller T1)# loopback network payload The following example disables the loopback on the controller T1 0: ALU(config)# controller T1 0 ALU(config-controller T1)# no loopback Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 238 Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) T1 Configuration Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 239 Left running head: Chapter name (automatic) T1E1 Interface Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 240: High-Level Data Link Control
OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. HAPTER ONVENTIONS Acronym Description HDLC High-level Data Link Control Interface Configuration Mode - ALU (config-interface name)# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 241: Hdlc Overview
Address Field(A) 8 bits Control Field(C) 8 or 16 bits Information Field(I) Variable; Not used in some frames Frame Check Sequence(FCS) 16 or 32 bits Closing Flag Field(F) 8 bits Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 242: Hdlc Frame Formats
If two is differ by 3 or more, it considers the serial line as failed, and will not route further higher-level data across it until an acceptable keepalive response is received. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 243: Hdlc Configuration
HDLC C ONFIGURATION Refer to the following sections to enable HDLC encapsulation on a T1 or E1 interface: • “HDLC Configuration Steps” • “HDLC Configuration Flow” • “HDLC Configuration Commands” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 244: Hdlc Configuration Steps
The above steps can be skipped if the T1 or E1 controller has already been configured. For more details on configuring a T1 or an E1 controller, refer to the “T1E1 Interface” chapter. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 245 “To Configure HDLC Keepalive Interval” (Optional) Step 12: Configure loopback detection. See “To Enable Loopback Detection” command. (Optional) Step 13: View the status of HDLC. See “HDLC Show Commands” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 246: Hdlc Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) HDLC Configuration HDLC C ONFIGURATION Figure 16: HDLC Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 247: Hdlc Configuration Commands
Description This command is entered in the Interface encapsulation hdlc Configuration Mode. This command is used to configure HDLC encapsulation on a serial interface. XAMPLE ALU(config-if Serial0:0)# encapsulation hdlc Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 248 This command disables bringing down of no hdlc down-when-looped the line protocol when loopback is detected on the interface. This is the default behavior. XAMPLE ALU(config-if Serial0:0)# no hdlc down-when-looped Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 249 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions Timeslot(s) Used:1 (64Kbps each), Transmitter delay is 0 flags Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 250 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions Timeslot(s) Used:1 (64Kbps each), Transmitter delay is 0 flags Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 251 EBUGGING ON Command (in SUM or CM) Description The “no” command disables the debug no debug hdlc {all|keepalive} functionality. By default, debug is disabled. XAMPLE ALU(config)# no debug hdlc all Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 252: Frame Relay
CLI. For instructions on using the FR commands and descriptions on each of their parameters with the corresponding default values for each, refer to the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. This chapter is divided into the following sections: •...
Page 253: Frame Relay Overview
The actual deployment of SVCs is minimal in today's FR network. • Permanent Virtual Circuits (PVC) - These are permanently established connections that are used for frequent and consistent data transfers between DTE devices across a FR network. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 254: Frame Relay Network Deployments
FR networks are public carrier-provided networks. • Private Enterprise Networks - In private FR networks, the administration and maintenance of the network is the responsibility of an enterprise. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 255: Frame Relay Configuration
Refer to the following sections to enable FR encapsulation on a T1 or E1 interface: • “Frame Relay Configuration Steps” • “Frame Relay Configuration Flow” • “Frame Relay Configuration Commands” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 256: Frame Relay Configuration Steps
The above steps can be skipped if the T1 or E1 controller has already been configured. For more details on configuring a T1 or an E1 controller, refer to the “T1E1 Interface” chapter. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 257 Step 12: Configure Frame Relay LMI (Local Management Interface). See “Local Management Interface (LMI)” (Optional) Step 13: View the status of the Frame Relay protocol on a specified interface. “Frame Relay Show Commands” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 258: Frame Relay Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) Frame Relay Configuration RAME ELAY ONFIGURATION Figure 17: FR Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 259: Frame Relay Configuration Commands
The “no” command resets the no encapsulation frame-relay encapsulation to its default. The default encapsulation on a serial interface is HDLC. XAMPLE ALU(config-if Serial0:0)# encapsulation frame-relay ALU(config-if Serial0:0)# no encapsulation frame-relay Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 260 Step 1: Repeat the steps Step 1 to Step 7 as given in the section “Frame Relay Configuration Steps” Step 2: Configure sub-interface on the serial interface. ALU(config)# interface Serial <port:channel.subchannel> ALU(config-if Serial <port:channel.subchannel>)# Example: ALU(config)# interface Serial 0:0.1 ALU(config-if Serial0:0.1)# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 261 The following example sets the LMI to ANSI standard: ALU(config-if Serial0:0)# frame-relay lmi-type ansi The following example sets the LMI-type to its default, i.e., auto-sense: ALU(config-if Serial0:0)# no frame-relay lmi-type Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 262 The following example sets the polling interval to 8: ALU(config-if Serial0:0)#frame-relay lmi-n391dte 8 The following example sets the polling interval to default, i.e., 6: ALU(config-if Serial0:0)# no frame-relay lmi-n391dte Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 263 The following example sets the DTE monitored events count to 7: ALU(config-if Serial0:0)# frame-relay lmi-n393dte 7 The following example sets the lmi-n393dte to its default value, i.e., 4: ALU(config-if Serial0:0)# no frame-relay lmi-n393dte Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 264 FECN pkts out FECN pkts in BECN pkts out BECN pkts in DE pkts out DE pkts out bcast pkts out bcast bytes Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 265 Invalid Information ID Invalid Report IE Len Invalid Report Request Invalid Keep IE Len Num Status Enq. Sent Num Status msgs Rcvd Num Update Status Rcvd Num Status Timeouts Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 266 EBUGGING ON Command (in SUM or CM) Description The “no” command disables the debug no debug frame-relay functionality. By default, debug is {all|fse|keepalive|mlfr} disabled. XAMPLE ALU(config)# no debug frame-relay all Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 267 Left running head: Chapter name (automatic) Frame Relay Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 268: Point-To-Point Protocol
PPP through the CLI. For instructions on using the PPP commands and descriptions on each of their parameters, refer to the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. Refer to the following to configure PPP encapsulation on an interface: •...
Page 269: Ppp Overview
• CHAP (RFC 1994) • EAP (RFC 3748) The Alcatel-Lucent implementation of PPP conforms to the above specifications. PPP C OMPONENTS PPP provides a method for transmitting datagrams over point-to-point links. On a serial interface, PPP contains four main components: •...
Page 270: Ppp Configuration
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) PPP Configuration PPP C ONFIGURATION • “PPP Configuration Steps” • “PPP Configuration Flow” • “PPP Configuration Commands” • “PPP Show Commands” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 271: Ppp Configuration Steps
The above steps can be skipped if the T1 or E1 controller has already been configured. For more details on configuring a T1 or an E1 controller, refer to the “T1E1 Interface” chapter. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 272 Configure Timers and Counters. See “PPP Counters and Timers Configuration” • Configure authentication through user name and password. See “PPP Authentication Configuration” Step 12: Use the “PPP Show Commands” to view PPP configuration. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 273: Ppp Configuration Flow
Left running head: Chapter name (automatic) Point-to-Point Protocol PPP C ONFIGURATION Figure 18: PPP Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 274: Ppp Configuration Commands
This command sets the encapsulation to no encapsulation ppp its default. The default encapsulation on a serial interface is HDLC. XAMPLE ALU(config)# interface Serial 0:0 ALU(config-if Serial0:0)# encapsulation ppp ALU(config-if Serial0:0)# no encapsulation ppp Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 275: Ppp Optional Parameters
The “no” command sets the echo- no ppp lcp echo-interval interval to its default value. The default value is 10 seconds. XAMPLE ALU(config-if Serial0:0)# ppp lcp echo-interval 200 ALU(config-if Serial0:0)# no ppp lcp echo-interval Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 276 NCP restart-interval to its default. The default LCP/NCP restart- interval is 30 seconds. XAMPLE ALU(config-if Serial0:0)# ppp timeout restart-interval 10 ALU(config-if Serial0:0)# no ppp timeout restart-interval Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 277 IP address given to it by its peer local during IPCP. This is the default behavior. XAMPLE ALU(config-if Serial0:0)# ppp ipcp address accept-local ALU(config-if Serial0:0)# no ppp ipcp address accept-local Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 278 The “no” command removes the IP no ppp ipcp address pool local address pool for IPCP. XAMPLE ALU(config-if Serial0:0)# ppp ipcp address pool local 10.10.10.10 ALU(config-if Serial0:0)# no ppp ipcp address pool local Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 279 The default max-terminate value is “2 seconds”. XAMPLE ALU(config-if Serial0:0)# ppp timeout max-terminate 10 ALU(config-if Serial0:0)# no ppp timeout max-terminate Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 280 The “no” command sets the max-failure no ppp timeout max-failure value to its default. The default max-failure value is “5 seconds”. XAMPLE ALU(config-if Serial0:0)#ppp timeout max-failure 10 ALU(config-if Serial0:0)# no ppp timeout max-failure Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 281 The “no” command deletes the no ppp authentication username configured PPP authentication user name on the server side. XAMPLE ALU(config-if Serial0:0)# ppp authentication username ALU ALU(config-if Serial0:0)# no ppp authentication username Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 282 The “no” command deletes the no ppp authentication client- configured authentication password on password the client side. XAMPLE ALU(config-if Serial0:0)# ppp authentication client-password pass1 ALU(config-if Serial0:0)# no ppp authentication client-password Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 283: Ppp Show Commands
PPP Max Terminate PPP Max Configure : 10 PPP Max Failure Authentication protocol : pap Authentication username : user1 Authentication password : secret1 Authentication client-username : user2 Authentication client-password : secret2 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 284 IPCP Configure Naks: IPCP Configure Rejects: IPCP Terminate Requests: IPCP Terminate Acks: IPCP Code Rejects: IPCP Invalid Packets: PAP Authentication Requests: PAP Authentication Acks: PAP Authentication Naks: PAP Invalid Packets: Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 285 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 50 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 286 LCP Configure Naks: LCP Configure Rejects: LCP Terminate Requests: LCP Terminate Acks: LCP Code Rejects: LCP Protocol Rejects: LCP Echo Requests: LCP Echo Replies: LCP Discard Requests: LCP Invalid Packets: Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 287 ALU# show ppp ipcp statistics Serial 0:0 IPCP Configure Requests: IPCP Configure Acks: IPCP Configure Naks: IPCP Configure Rejects: IPCP Terminate Requests: IPCP Terminate Acks: IPCP Code Rejects: IPCP Invalid Packets: Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 288 ALU# show ppp session statistics Serial 0:0 PPP data packets received: PPP control packets received: Packets dropped: PPP sessions initiated: PPP sessions received: PPP sessions successful: PPP sessions terminated: Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 289 PAP Authentication Acks: PAP Authentication Naks: PAP Invalid Packets: CHAP Challenges: CHAP Responses: CHAP Successes: CHAP Failures: CHAP Invalid Packets: EAP Requests: EAP Responses: EAP Successes: EAP Failures: EAP Invalid Packets: Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 290: Ppp Debug Commands
EBUGGING ON Command (in SUM or CM) Description The “no” command disables the debug no debug ppp {all|echo} functionality. By default, debug is disabled. XAMPLE ALU(config)# no debug ppp echo Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 291 Left running head: Chapter name (automatic) Point-to-Point Protocol Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 292: Part 4 Common Classification
To switch to the beta version, import color def’ns from beta-colors.fm Part 4 Common Classification Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle OmniAccess 5510 Unified Services Gateway CLI Configuration Guide section of Beta Beta Beta Beta variable) book...
Page 293 Left running head: Chapter name (automatic) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 294: Common Classifiers
“CC Configuration” • “Sample examples on the usage of CC across applications” HAPTER ONVENTIONS Acronym Description Configuration Mode - ALU (config)# Match-list CM Match-list Configuration Mode - ALU (config-match-list-name)# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 295: Cc Overview
QoS. As part of our unified architecture, we have evolved a common classifier design which decouples classification and action. Thus, the same classifier can be used across all applications. Figure 19: Depicting Common Classification Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 296: Benefits Of Alcatel-Lucent Devices Common Classifiers
Rules themselves can consist of individual elements arranged in a specific manner, and can include references to lists of elements. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 297: Before You Configure Cc
The keyword “service” defines the destination port for a TCP or UDP protocol. • The keyword type defines the header type and kicks in by ALGs (Application Level Gateways). Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 298: Cc Configuration
Step 6: To view the configuration, see “Show commands in CC”. Step 7: The configured rules and match-lists can be removed with the help of the respective deletion commands. See “Deletion Commands in CC” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 299: Elements Used In Configuring Cc
A higher level description of the packet stored in the packet context, derived from some application or feature. Used by the ALGs (Application Level Gateways). DSCP Specifies IP Differential Service Code Point (DSCP). Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 300 Assured Forwarding 43 Class Selector 1 Class Selector 2 Class Selector 3 Class Selector 4 Class Selector 5 Class Selector 6 Class Selector 7 default Default Expedited Forwarding Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 301 Match packets with network control precedence (7) NEMONICS FOR Mnemonic Description max-reli Maximum reliability (2) max-tput Maximum throughput (4) min-cost Minimize monetary cost (1) min-delay Minimize delay (8) normal Normal Service (0) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 302: To Configure A Match-List
The “service” keyword in TCP and UDP protocols refer to the destination port. Currently, the ‘service’ keyword in TCP or UDP can have only the following values: ftp-data|ftp|ssh|telnet|smtp|dns|tftp|http|pop2|pop3|imap| snmp|snmptrap|bgp|sip Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 303 To classify ssh traffic going between 192.168.10.0/24 and going to 192.168.11.0/ 24, the match-list would look as shown below. ALU(config)# match-list m1 ALU(config-match-list-m1)# tcp prefix 192.168.10.0/24 prefix 192.168.11.0/24 service ssh Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 304 ALU(config-match-list-m1)# 1 tcp prefix 192.168.10.0/24 prefix 192.168.11.0/24 service ssh ALU(config)# match-list m2 ALU(config-match-list-m2)# 1 udp interface FastEthernet 0 interface VLAN 1 ALU(config)# match-list m3 ALU(config-match-list-m3)# 1 icmp any any Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 305 ALU(config-match-list-m1)# 1 ip list i1 list i2 type normal ALU(config-match-list-m1)# 2 ip list i1 list i2 type rpc ALU(config-match-list-m1)# 3 ip list i1 list i2 type ftp ALU(config-match-list-m1)# 4 ip list i1 list i2 type tftp Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 306 ALU(config)# list i1 prefix 10.0.0.0/8 prefix 11.0.0.0/8 ALU(config)# list i2 prefix 20.0.0.0/8 prefix 21.0.0.0/8 ALU(config)# match-list m1 ALU(config-match-list-m1)# 1 tcp list i1 list i2 service telnet Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 307 This can be represented by the classifier as: ALU(config)# list L3 prefix 192.168.1.0/24 prefix 192.168.2.0/24 ALU(config)# list L4 prefix 192.168.18.0/24 prefix 192.168.19.0/24 ALU(config)# match-list m1 ALU(config-match-list-m1)# 1 udp list L3 list L4 service tftp Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 308 XAMPLE The following example configures a ICMP rule with ‘any any’ and icmp-type value 10, and icmp-subtype value 5’: ALU(config-match-list-test)# icmp any any icmp-type 10 icmp- subtype 5 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 309: To Configure Rules Using The Protocol Numbers
|sip |tftp}] XAMPLE The following example configures a rule using the protocol number ‘1’ with ‘any any’ and dscp value 10: ALU(config-match-list-test)# 10 protocol 1 any any dscp 10 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 310: Lists In Cc
192.168.2.0/24 ALU(config)# list L4 prefix 192.168.18.0/24 prefix 192.168.19.0/24 ALU(config)# match-list m1 ALU(config-match-list-m1)# 1 tcp list L3 list L4 service telnet ALU(config-match-list-m1)# 2 udp list L3 list L4 service snmp Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 311 192.168.12.0/24 and 192.168.13.0/24. ALU(config)# list L1 prefix 192.168.12.0/24 prefix 192.168.13.0/24 ALU(config)# match-list m1 ALU(config-match-list-m1)# 1 tcp any list L1 service ssh ALU(config-match-list-m1)# 2 tcp any list L1 service pop3 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 312: Nesting Of Match-Lists
ALU(config-match-list-m2)# 4 include m1 Note: There is no ordering of rules inside a match-list. All the rules are of same priority. The rule numbers are used only for reference. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 313 ALU(config)# list l2 host 192.168.0.3 include l1 ALU(config)# match-list m1 ALU(config-match-list-m1)# tcp any list l1 length 23 from ssh service range 23 35 ALU(config-match-list-m1)# exit ALU(config)# match-list m2 ALU(config-match-list-m2)# include m1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 314: Show Commands In Cc
The following example displays the details of the list L1 and L2 configured: ALU(config)# show list l1 list l1 host 5.5.5.5 host 4.4.4.4 prefix 6.6.6.0/24 ALU(config)# show list l2 list l2 host 5.3.4.6 prefix 1.10.10.0/24 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 315 1 icmp any any 2 tcp any any service http 3 ip any any ALU(config-match-list-m1)# show match-list m2 match-list m2 1 tcp any any service ssh 2 udp any any Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 316 XAMPLE The following example displays the details of match-list m1: ALU(config-match-list-m2)# show include match-list m1 1 tcp any any service ssh 2 udp prefix 22.1.1.0/8 any Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 317: Deletion Commands In Cc
They can be deleted only one at a time. XAMPLE The following example deletes the match-list M1: ALU(config)# no match-list M1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 318 ALU(config-match-list-m2)# 1 tcp any any service ssh ALU(config-match-list-m2)# 2 udp prefix 22.1.1.0/8 any ALU(config-match-list-m2)# 3 include m1 Now, to delete the included match-list, use the ‘no include’ command: ALU(config-match-list-m2)# no include m1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 319: Sample Examples On The Usage Of Cc Across Applications
1 esp host 64.174.59.66 host 203.196.196.74 match-list icmp 1 icmp prefix 10.91.0.0/24 prefix 10.0.1.0/24 match-list icmp-traffic 1 icmp any any match-list dos 1 ip any any match-list ospf 89 any any Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 320 L1 interface FastEthernet 0 service smtp ip any L2 ip any L1 include m2 ip filter f1 match all m1 permit match m3 permit match m2 deny reset Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 321 L3 list L4 service telnet Now, a filter can be created and applied to the appropriate interface. ip filter f1 match m1 permit interface FastEthernet 0 ip filter in f1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 322: Part 5 Routing Protocols
To switch to the beta version, import color def’ns from beta-colors.fm Part 5 Routing Protocols Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle OmniAccess 5510 Unified Services Gateway CLI Configuration Guide section of Beta Beta Beta Beta variable) book...
Page 323 Left running head: Chapter name (automatic) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 324: Protocol Independent Features
Route Map Configuration Mode -ALU (config-route-map)# Standard IP Configuration Mode - ALU (config-std-nac1)# Access list CM Extended IP Configuration Mode - ALU (config-ext-nac1)# Access list CM Interface Configuration Mode - ALU (config-if)# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 325: Protocol-Independent Configuration
“Configure Route Maps” • “Redistribute Routing Information” • “Filtering Routing Information” • “Configure Administrative Distance” • “Configure Maximum Paths” • “Protocol Independent Features Show Commands” • “Protocol Independent Features Clear Command” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 326: Protocol-Independent Configuration Commands
Command (in CM) Description This command is used to ip route {destination network subnet- configure a static route. mask|destination network/prefix- length} {<gateway-ip-address> |<interface-name> [<gateway-ip- address>]}[<1-255>] XAMPLE ALU(config)# ip route 1.1.1.0/24 2.2.2.2 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 327 Unnumbered IP on serial interfaces shall support PPP, HDLC, FR encapsulations. Note: OA5510-TE supports static routing over unnumbered interfaces. Dynamic routing protocols on unnumbered interface (RIP, OSPF, and BGP) are not supported. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 328 Extended access-list uses both source IP addresses as well as destination IP address. Extended access lists are more convenient to use when some networks must be allowed and some disallowed, within the same major network. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 329 {<100-199>|<2000- Extended Access-list. 2699>} {deny|permit} {<0-255> |gre|icmp|ipinip|pim|rsvp|tcp| udp} {source-ip-address [network-number]|source-ip- address/prefix-length|any|host <source-host-ipaddress>} {destination-ip-address [network-number]|destination- ip-address/prefix-length |any|host <destination-host- ipaddress>}[log] XAMPLE ALU(config)# access-list 101 permit ip 162.168.0.0 0.0.0.0 255.255.252.0 0.0.0.0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 330 This command is used to define a named ip access-list extended {<100- access list. And, enters Extended 199>|<2000-2699>|<access-list- Access-list Configuration Mode. name>} XAMPLE ALU(config)# ip access-list extended test ALU(config-ext-nacl)# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 331 [operators] {any|host <host-ip- address>|<destination-ip-address/ prefix-length>|<destination-ip- address subnet-mask>} [log] [log- input] [enable fragment] [precedence [<0-7>|<keywords>] [tos [<0-15>|<keywords>]]] XAMPLE ALU(config-ext-nacl)# permit ip 24.0.0.0/8 25.0.0.0/8 ALU(config-ext-nacl)# deny ip any 13.0.0.0/8 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 332 ALU(config)# ip community-list 2 permit no-export ONFIGURE XTENDED OMMUNITY LIST Command (in CM) Description This command is used to configure a ip community-list <100-199> Extended Community-list. {deny|permit} <regular- expression> Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 333 In the following example, the IP as-path access-list commands create an as-path access list named '1' to deny only those routes that include paths from or through autonomous systems 100: ALU(config)# ip as-path access-list 1 deny _100_ Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 334 This sequence number signifies the priority of a route-map rule. XAMPLE ALU(config)# route-map rip-to-ospf deny 10 ALU(config-route-map)# match ip address prefix-list test ALU(config-route-map)# set route-type external type-1 ALU(config)# route-map ospf-to-eigrp permit 20 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 335 To redistribute route or to perform set action, all the match criteria should be satisfied. • If a set command is not present in a route-map, then the route is redistributed without modification of its current attributes. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 336 ALU(config-route-map)# match ip address prefix-list testprefix ALU(config-route-map)# match ip next-hop 1 ALU(config-route-map)# match ip route-source 5 ALU(config-route-map)# match metric 10 ALU(config-route-map)# match interface FastEthernet 0 ALU(config-route-map)# match route-type external type-2 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 337 {internal|external|type-1|type- XAMPLE ALU(config-route-map)# set community 10 ALU(config-route-map)#set comm-list 130 delete ALU(config-route-map)# set dampening 10 2000 2000 15 ALU(config-route-map)# set local-preference 100 ALU(config-route-map)# set weight 10 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 338 65535> [match [external [type1|type2] |internal|nssa-external [type1|type2]] metric <0-4294967295>|weight [0- 65535]|route-map <name>]} Causes the current routing default-metric <1-4294967295> protocol to use the same metric value for all redistributed routes (BGP, OSPF, and RIP). Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 339 Command (in RCM) Description Enter this command in Router passive-interface <interface- Configuration Mode. name> Suppresses sending of routing updates through the specified interface. XAMPLE ALU(config-router ospf1)# passive-interface FastEthernet 0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 340 XAMPLE ALU(config-router ospf1)# passive-interface default ALU(config-router ospf1)# no passive-interface FastEthernet 0 To verify the passive interfaces, use ‘show ip ospf interface’ command. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 341 Note: OA5510-TE does not support Distribute-list feature in OSPF. XAMPLE ALU(config-router bgp AS1)# distribute-list 1 in ALU(config-router rip)# distribute-list prefix prefix-example in FastEthernet 0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 342 By specifying administrative distance values, you enable the router to intelligently discriminate between sources of routing information. The router will always pick the route whose routing protocol has the lowest administrative distance. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 343 This application is generally discouraged if you are unfamiliar with this particular use of administrative distance as it can result in inconsistent routing information, including forwarding loops. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 344 <number of Configuration Mode. paths> This command is used to configure the maximum number of ECMP paths to be allowed in a routing table. XAMPLE ALU(config-router ospf 1)# maximum-paths 5 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 345 Interface Send Recv Key-chain FastEthernet 0 ..loopback1 Routing for Networks: 1.0.0.0 4.0.0.0 Routing Information Sources: Gateway Interface Distance Last Update 1.1.1.1 FastEthernet0 ..00:00:00 Distance: (default is 120) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 346 199>|<1300-2699>|<access- list name>] XAMPLE ALU# show ip access-lists Standard IP access list test permit host 10.0.0.1 (0 packets) permit 11.0.0.0 0.255.255.255 (0 packets) deny 12.0.0.0 0.255.255.255 (0 packets) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 347 ONFIGURATION Show Command (in SUM) Description This command displays the AS-path - show ip as-path-access-list access-list configuration. [<1-199>] XAMPLE ALU# show ip as-path-access-list AS path access list 1 deny_100_ Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 348 5 Description: Exit Policy: Match clauses: ip address (access-lists): 1 Set clauses: metric 10 route-map testset, permit, sequence 10 Description: Exit Policy: Match clauses: Set clauses: metric 20 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 349 10.0.0.0/24 is subnetted, 1 subnet O E2 10.0.0.0 [110/20][100] via 2.2.2.2, FastEthernet0 100.0.0.0/8 [1/0] via 135.254.163.1, Vlan2 120.0.0.0/8 [1/0] via 135.254.163.1, Vlan2 135.254.0.0/24 is subnetted, 1 subnet 135.254.163.0 [0/0] is directly connected, Vlan2 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 350 Total Mask distribution: 1 route at length 0 4 routes at length 8 4 routes at length 24 XAMPLE # show ip route supernets-only 0.0.0.0/0 [1/0] via 135.254.163.1, Vlan2 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 351 Command (in SUM) Description Clears all routes from the IP routing clear ip route * table. This will not clear the static routes. XAMPLE ALU# clear ip route * Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 352: Routing Information Protocol
“RIP Configuration”. For a detailed information on the RIP commands, refer to the RIP chapter in the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. HAPTER ONVENTIONS Acronym...
Page 353: Rip Overview
RIP uses User Datagram Protocol (UDP) data packets to exchange routing information. The routing information updates are sent at regular time intervals (by default, 30 seconds in Alcatel-Lucent’s implementation). If the router does not receive any updates from a neighboring router for a time interval known as the invalid timer, it marks all routes from the neighboring router as invalid.
Page 354: Rip Configuration
RIP C ONFIGURATION Refer to the following sections to configure RIP on your system: • “RIP Configuration Steps” • “RIP Configuration Flow” • “RIP Configuration Commands” • “RIP Show Commands” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 355: Rip Configuration Steps
“To Configure RIP Behavior on an Interface” • Enable or Disable Split Horizon. See “To Enable/Disable Split Horizon” • Enable or Disable Broadcast Updates. See “To Enable/Disable Broadcast Updates” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 356 RIP Authentication. See “RIP Authentication” • RIP and Default Route. See “RIP and Default Route” • Configure Auto Summary. See “To Configure Auto Summary” • RIP Redistribution. See “RIP Redistribution” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 357: Rip Configuration Flow
Left running head: Chapter name (automatic) Routing Information Protocol RIP C ONFIGURATION Figure 21: RIP Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 358: Rip Configuration Commands
RIP stops sending updates through interfaces on this network. Also these interfaces will not be advertised in any RIP updates. XAMPLE ALU(config-router rip)# network 10.0.0.0 ALU(config-router rip)# no network 10.0.0.0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 359: Rip Optional Parameters
RIPv1 messages but receives both RIPv1 and RIPv2 messages. no version This command resets the configured routing protocol version. XAMPLE ALU(config-router rip)# version 1 ALU(config-router rip)# no version Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 360 This command enables the split horizon ip split-horizon [poison- mechanism. reverse] This command disables the split horizon no ip split-horizon [poison- mechanism. reverse] XAMPLE ALU(config-if FastEthernet00)# ip split-horizon ALU(config-if FastEthernet00)# no ip split-horizon Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 361 The ‘no’ command disables the no passive-interface configured passive interfaces. {<interface-name>|default} XAMPLE ALU(config-router rip)# passive-interface FastEthernet 0 ALU(config-router rip)#no passive-interface FastEthernet 0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 362 <1-255> distance to default. ‘Show ip protocols’ command shows the default distance for all routing protocols. XAMPLE ALU(config-router rip)# distance 130 10.0.0.0/8 20 ALU(config-router rip)# no distance Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 363 As per the example, all the routes imported from the Static routing protocol will be assigned metric of 10. In case of routes imported from OSPF routing protocol, a metric of 5 is assigned to all the routes. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 364 Holddown values, the proper Holddown interval cannot elapse, which results in a new route being accepted before the Holddown interval expires. Choose these values properly to improve network convergence time and to control routing traffic. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 365 1, add 2 hops to the metric." If no interface is identified, the list will modify either all incoming updates or all outgoing updates specified by the access-list on any interface. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 366 ALU(config-keychain allen)# ONFIGURE A Command (in Key-chain Mode) Description This command is used to configure a key key <0-2147483647> in the range 0-2147483647. XAMPLE ALU(config-keychain allen)# key 100 ALU(config-keychain-key 100)# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 367 This chain <key-chain name> disables RIP authentication. XAMPLE ALU(config-if FastEthernet0)# ip rip authentication key-chain allen ALU(config-if FastEthernet0)# no ip rip authentication key- chain allen Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 368 By default, RIP validates the source IP address of incoming RIP routing updates. This command validates the source IP validate-update-source address of incoming RIP routing updates. XAMPLE ALU(config-router rip)# no validate-update-source ALU(config-router rip)# validate-update-source Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 369 By default, this feature is enabled. The ‘no’ command disables auto- no auto-summary summary, and sends sub-prefix routing information across classful network boundaries. XAMPLE ALU(config-router rip)# auto-summary ALU(config-router rip)# no auto-summary Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 370 Specify either an access list or a prefix list with the distribute-list command. Use the gateway keyword only with the prefix-list keyword. XAMPLE ALU(config-router rip)# distribute-list prefix prefix-example in FastEthernet 0 ALU(config-router rip)# no distribute-list prefix prefix- example in FastEthernet 0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 371 This command disables the redistribution no redistribute {bgp <1-65535> of routes. |connected|ospf <1-65535> [match {{external|nssa- external}[1|2]|internal}]| static} [metric {<1-16> |transparent}|route-map <route-map reference>] XAMPLE ALU(config-router rip)# redistribute bgp 1 metric 10 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 372: Rip Show Commands
Displays all route entries in the RIP show ip rip database [<ip- routing database. prefix>|<ip-address/prefix- length>] XAMPLE ALU# show ip rip database RIP Route Table --------------- 1.0.0.0/8 auto-summary 1.1.1.0/24 directly connected, FastEthernet0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 373 Displays the RIP peer table details. show ip rip peers XAMPLE ALU# show ip rip peers RIP Peer Table -------------- Peer Address Interface LastUpd(sec) Rcv Ver Bad Pkts Bad Routes 4.4.4.1 Vlan3 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 374 Bad msgs received Trig Updates sent Auth failures Responses sent *Unicast tx failure 0 Routes advertised Bcast tx failures Updates received Mcast tx failures Requests received Bad Rtes received Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 375 ALU> show key-chain alu1 key-chain alu1 key 1 key-string alcatel-lucent Accept lifetime (00:00:00 01 Jan 2000) - (Infinite) [Valid Now] Send lifetime (00:00:00 02 Feb 2001) - (Infinite) [Valid Now] Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 376: Rip Clear Commands
The section below details the procedure to clear RIP configuration on your system. RIP P ESTART THE ROCESS Command (in SUM) Description Clears the RIP database or the RIP clear ip rip statistics. {database|statistics} XAMPLE ALU# clear ip rip database Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 377 Left running head: Chapter name (automatic) Routing Information Protocol Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 378: Border Gateway Protocol
For instructions on using the BGP commands and descriptions on each of their parameters with the corresponding default values for each, refer to the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. This chapter includes the following sections: •...
Page 379: Bgp Overview
Autonomous Systems (ASs). This is sufficient to construct a graph of AS connectivity from which routing loops may be pruned and some policy decisions at the AS level may be enforced. The Alcatel-Lucent implementation of BGP supports BGP-4 specified in RFC 1771.
Page 380: Bgp Configuration
This chapter lists only the mandatory steps to configure BGP. There are various other optional parameters that can be configured for BGP. To know more about the optional commands, refer to the BGP chapter in the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide.
Page 381 Step 6: Configure the networks. See “To Configure Networks to be Advertised” Step 7: View BGP configuration. See “BGP Show Commands” Step 8: Reset BGP configuration. See “BGP Clear Commands” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 382: Bgp Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) BGP Configuration BGP C ONFIGURATION Figure 22: BGP Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 383: Bgp Configuration Commands
Command (in RCM) Description Configures a BGP neighbor and the AS neighbor {<ip-address>|<peer- to which this neighbor belongs. group-name>} remote-as <1-65535> XAMPLE ALU(config-router bgp AS30)# neighbor 1.1.1.1 remote-as 100 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 384 BGP border router that will <name>|weight <0-65535>}] provide better information about the network. 0-65535 specifies an absolute weight to a BGP network. XAMPLE ALU(config-router bgp AS30)# network 35.0.0.0/8 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 385: Bgp Show Commands
3 Path attribute entries using 672 bytes of memory 2 Aspath entries using 614 bytes of memory 2 Community entries using 44 bytes of memory Neighbor MsgRcvd MsgSent InQ OutQ Up/Down State/PfxRcd 1.1.1.2 00:12:46 111.111.111.112 4 00:17:39 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 386 Received 322 messages, 1 notifications, 0 in queue Sent 331 messages, 8 notifications, 0 in queue Minimum time between advertisement runs is 30 seconds For Address Family IPv4 Unicast Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 387 Foreign host: 111.111.111.112, Foreign port: 32832 iss: 0 snduna: 0 sndnxt: 0 sndwnd: 2 irs: 0 rcvnxt: 0 rcvwnd: 0 SRTT: 0 ms, RTTO: 18750 ms, RTV: 7500 ms, minRTT: 0 ms Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 388: Bgp Clear Commands
To do a hard reset of the BGP connection, use the following command: Command (in SUM) Description This command clears the set BGP clear ip bgp {*|<neighbor- configuration details. address>|<peer-group-name>} XAMPLE ALU# clear ip bgp 1.1.1.1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 389 Command (in SUM) Description Performs a soft reset on the connection clear ip bgp {*|<neighbor- specified in the command, using the address>|<peer-group-name>} stored routing table information for that soft in connection. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 390 Super User Mode and Configuration Mode as follows: Command (in SUM/CM) Description Performs a outbound soft reset on the clear ip bgp {*|<neighbor- connection specified in the command. address>|<peer-group-name>} soft Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 391: A Typical Bgp Example Using Oa5510-Te
Vlan10 ip address 10.1.1.1/24 no shutdown interface switchport0 switchport access vlan 10 router bgp 1 address-family ipv4 unicast neighbor 10.10.1.5 remote-as 3 neighbor 10.10.1.5 activate network 10.1.1.0/24 network 10.10.1.0/24 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 392 5 router bgp 3 address-family ipv4 unicast neighbor 10.10.1.6 remote-as 1 neighbor 10.10.1.6 activate neighbor 10.10.2.10 remote-as 2 neighbor 10.10.2.10 activate network 10.10.1.0/24 network 10.10.2.0/24 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 393 Left running head: Chapter name (automatic) Border Gateway Protocol Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 394: Open Shortest Path First
This chapter covers the Open Shortest Path First (OSPF) configuration for OA5510-TE. For instructions on using the commands and descriptions on each of their parameters with the corresponding default values, refer to OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. This chapter includes the following sections: •...
Page 395: Ospf Overview
OSPF supports a variable network subnet mask so that a network can be subdivided. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 396: Ospf Configuration
ALU(config-if <interface-name>)# ip address {<ip- address subnet-mask>|<ip-address/prefix-length>} Example: ALU(config-if FastEthernet0)# ip address 20.20.20.20/ Step 4: Enable OSPF. See “To Enable OSPF” Step 5: Configure OSPF network. See “To Configure OSPF Network” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 397 Configure OSPF Administrative Distances. See “To Configure OSPF Administrative Distances” • Configure Route Calculation Timers. See “To Configure Route Calculation Timers” • Log Adjacency Changes. See “To Log Adjacency Changes” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 398: Osfp Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) OSPF Configuration OSFP C ONFIGURATION Figure 24: OSPF Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 399: Ospf Configuration Commands
{<ip-address subnet- the area ID for that interface. mask>|<ip-address/prefix- length>} area {<0-4294967295>| <ip-address>} Note: Area ‘0’ is called the backbone area. XAMPLE ALU(config-router ospf 1)# network 10.0.0.0/8 area 1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 400: Ospf Optional Parameters
ABR. This prevents it from sending summary link advertisement (LSAs type 3) into the stub area. To specify an area parameter for your network, use the following commands: Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 401 Removes the specific cost assigned to no area {<0-4294967295>|<ip- the default summary route used for the address>} default-cost <0- stub area/NSSA. 16777215> XAMPLE ALU(config-router ospf 1)# area 1 default-cost 100 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 402 When configured, the router generates a type 7 default route into the NSSA. Every router within the same area must agree that the area is NSSA; otherwise, the routers will not form adjacency. XAMPLE ALU(config-router ospf 1)# area 1 nssa Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 403 [no-summary] Note: The area ‘0’ cannot be configured as a stub as it forms the backbone of the network. XAMPLE ALU(config-router ospf 1)# area 1 stub no-summary Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 404 To display information about virtual links, use the ‘show ip ospf virtual-links’ command. To display the router ID of an OSPF router, use the ‘show ip ospf’ command. XAMPLE ALU(config-router ospf 1)# area 1 virtual-link 202.202.202.5 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 405 OSPF router dead because it has not received a hello packet. On broadcast network, the dead- interval is four times the hello- interval. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 406 ALU(config-if FastEthernet0)# ip ospf priority 2 ALU(config-if FastEthernet0)# ip ospf hello-interval 20 ALU(config-if FastEthernet0)# ip ospf dead-interval 50 ALU(config-if FastEthernet0)# ip ospf mtu-ignore ALU(config-if FastEthernet0)# ip ospf database-filter all out Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 407 The “no” form of these commands negates the configured authentication. XAMPLE ALU(config-if FastEthernet0)# ip ospf authentication ALU(config-if FastEthernet0)# ip ospf authentication-key passwordtest ALU(config-if FastEthernet0)# ip ospf message-digest-key 100 md5 passwordline Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 408 10 minutes. The router keeps track of the LSAs it generates and the LSAs it receives from other routers. The router refreshes the LSAs it generated and ages the LSAs it received from other routers. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 409 Command (in ICM) Description Suppresses the unnecessary flooding of ip ospf flood-reduction LSAs in stable topologies. XAMPLE ALU(config-if FastEthernet0)# ip ospf flood-reduction Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 410 • Database-filter all: Filters the outgoing LSAs to an OSPF neighbor. XAMPLE ALU(config-router ospf 1)# neighbor 10.0.0.1 priority 1 poll- interval 130 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 411 [not-advertise|tag <0- 4294967295>] Use the optional not-advertise keyword to filter out a set of routes. XAMPLE ALU(config-router ospf 1)# summary-address 20.0.0.0/8 tag 20 ALU(config-router ospf 1)# summary-address 10.0.0.0/8 not advertise Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 412 Description This command is used redistribute redistribute routes to OSPF. {connected|static|bgp <1- 65535>|ospf <1-65535>}[metric <0-16777214>|metric-type <1- 2>|route-map <map-name>|tag <0-4294967295>|subnets] XAMPLE ALU(config-router ospf 1)# redistribute static metric 19 metric-type 1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 413 The OSPF metric is calculated as the reference bandwidth value divided by the bandwidth, with reference bandwidth equal to 10 by default. XAMPLE ALU(config-router ospf 1)# auto-cost reference-bandwidth 100 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 414 ‘Distance ospf’ command is used when we have multiple OSPF instance and we want prefer routes of one OSPF instance over routes of other instance. XAMPLE ALU(config-router ospf 1)# distance 60 10.0.0.0/8 ALU(config-router ospf 1)# distance ospf external 10 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 415 Use ‘detail’ keyword to log the messages for all state changes. This command is used to disable no log-adjacency-changes logging. XAMPLE ALU(config-router ospf 1)# log-adjacency-changes detail ALU(config-router ospf 1)# no log-adjacency-changes Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 416 ETRIC Command (in RCM) Description This command sets the default metric default-metric <1-4294967295> values for the OSPF routing protocol. The default metric is 20. XAMPLE ALU(config-router ospf 30)#default-metric 60000 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 417 ALU(config-router ospf 30)#router-id 35.0.0.1 OSPF R UNNING ONFIGURATION Command (in RCM) Description This command is used to view the OSPF write ospf running configuration. XAMPLE ALU(config-router ospf 30)#write ospf Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 418: Show Commands In Ospf
ALU# show ip ospf flood-list OSPF Router with ID (1.1.1.2) (Process ID 1) Interface FastEthernet0, Queue length 1 Type LS ID ADV RTR Seq NO Checksum 1.1.1.2 1.1.1.2 0x8000001D 0x04EA ALU# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 419 Displays a list of all LSAs show ip ospf [<1-65535>] waiting to be resent. retransmission-list [neighbor-router- id] [<interface-name>] Displays the OSPF internal show ip ospf [<1-65535>] route routing table. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 420 SPF algorithm executed 8 times Area ranges are Number of LSA 5. Checksum Sum 0x234A3 Number of opaque link LSA 0. Checksum Sum 0x0 Flood list length 0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 421 ALU# show ip ospf flood-list OSPF Router with ID (1.1.1.2) (Process ID 1) Interface FastEthernet 0, Queue length 1 Type LS ID ADV RTR Seq NO Checksum 1.1.1.2 1.1.1.2 0x03000080 0x9109 Example 5: Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 422 LS Request Packets Received 1, LS Request Packets Sent 2 LS Update Packets Received 202, LS Update Packets Sent 39 LS Acknowledgment Packets Received 39, LS Acknowledgment Packets Sent Errors 0, Events 0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 423 Dead timer due in 00:00:32 Neighbor is up for 17:00:16 retransmission queue length 0, number of retransmissions 1 Example 7: ALU# show ip ospf process-interface Process-Interface Table: Process-Id Interfaces FastEthernet0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 424 OSPF Router with ID (1.1.1.2) (Process ID 1) Neighbor 6.6.6.6, interface FastEthernet0 address 2.2.2.2 Link state retransmission due in 0 sec, Queue length 1 Type LS ID ADV RTR Seq NO Checksum 1.1.1.0 1.1.1.2 0x80000001 0x69AA Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 425 Transmit Delay is 1 sec, State POINT-TO-POINT Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:04 Adjacency state FULL Retransmission queue length 2, number of retransmission 0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 426: Clear Commands In Ospf
Description Restarts OSPF router if only process clear ip ospf [[<1-65535> ID is specified. |process|redistribution|counters [neighbor] [neighbor-id] For other parameters, it restarts the [interface-name]|interface specified counters/feature. statistics [hello|ddp|lsupd |lsack|lsreq][<interface-name>]] Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 427: Ospf Configuration On Oa5510-Te
Left running head: Chapter name (automatic) Open Shortest Path First OSPF C OA5510-TE ONFIGURATION ON XAMPLE Figure 25: OSPF Configuration Scenario Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 428 FastEthernet0 ip address 10.8.1.1/24 interface Vlan10 ip address 10.8.2.1/24 no shutdown interface switchport0 switchport access vlan 10 router ospf 1 log-adjacency-changes network 10.1.0.0/16 area 0 network 10.8.0.0/16 area 8 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 429 Left running head: Chapter name (automatic) Open Shortest Path First Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 430: Multicast Routing
This chapter covers the Muticast routing configuration for the OA5510-TE. For instructions on using the commands and descriptions on each of their parameters with the corresponding default values, refer to the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide.
Page 431: Multicast Overview
MRIB gives reverse-path information and indicates the path that a multicast data packet would take from its origin subnet to the router that has the MRIB. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 432: Internet Group Management Protocol (Igmp)
(version 1 or 2) while it has a timer running, it stops its timer for the specified group and does not send a Report, in order to suppress duplicate Reports. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 433: Rfcs
OA5510-TE supports IGMPv2 as default IGMP version. As IGMPv2 is backward compatible, it works well with IGMPv1 host as well. • PIM-SM: Supported RFC 4601 • IGMP: Supported version 2. RFC 2236 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 434: Pim Configuration
“To Enable PIM on an Interface” Step 6: Configure PIM Static RP. See “To Configure PIM Static RP” Configure PIM RP candidate using BSR. See “To Configure PIM RP Candidate” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 435 Configure PIM as BSR. See “To Configure PIM as BSR” • Configure RP candidate priority. See “To Configure RP Candidate Priority” Step 8: View PIM configuration. See “Show Commands in PIM” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 436: Pim Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) PIM Configuration PIM C ONFIGURATION Figure 26: PIM Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 437: Pim Configuration Commands
After enabling this command, PIM starts sending hello packets to form neighborship. This command is used to disable PIM on no ip pim sparse-mode an interface. XAMPLE ALU(config-if FastEthernet0)# ip pim sparse-mode Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 438 RP with the highest IP address is chosen. XAMPLE ALU(config)# ip pim rp-candidate FastEthernet 0 group-list 30 Note: All routers in the PIM domain should have same RP address for a multicast group. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 439 <group- to RP mapping. If RP information for address> the given group does not exist then command gives error else output shows the RP information for the given group. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 440 In case, the access-list is specified, this threshold value is used only for the groups, which matches the access-list. The default spt-threshold is 0 Kbps. XAMPLE ALU(config)# ip pim spt-threshold 100 group-list 10 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 441 ONFIGURE ANDIDATE RIORITY Command (in CM) Description This command is used to configure the ip pim rp-candidate-priority priority of the RP candidate. <0-255> XAMPLE ALU(config)# ip pim rp-candidate-priority 10 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 442: Show Commands In Pim
To see neighbors on a specific interface, use the interface name. XAMPLE ALU#show ip pim neighbor PIM Neighbor Table Neighbor Interface Uptime/Expires DR Address Prio/Mode 2.2.2.3 FastEthernet0 18:28:59/00:01:37 v2 1/ Not DR Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 443 BSR Address: 1.1.1.2 (?) Uptime: 00:04:24, BSR Priority: 0, Hash Mask Length: 30 Next Bootstrap Message in 00:00:46 seconds Candidate RP: 2.2.2.1 (FastEthernet0), Group Acl: test Next Cand_RP_Advertisement in 00:00:35 seconds (config)# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 444 K - KeepAlive Timer Running, S - SPT bit set (8.0.0.1,226.1.1.25), NOT JOINED 00:00:04/00:00:00, flags:TK Register: PRUNE, RP 40.0.0.1, RST 00:01:03 Incoming interface: FastEthernet0, RPF neighbor 0.0.0.0 Downstream interface state: inherited_olist: Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 445: Clear Commands In Pim
ALU# clear ip pim rp-mapping IP PIM BSR LEAR Command (in SUM/CM) Description This command clears the BSR clear ip pim bsr [<bsr-address>] address. XAMPLE ALU# clear ip pim bsr Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 446: Igmp Configuration
ALU(config-if FastEthernet0)# ip address 20.20.20.20/ Step 4: Enable Multicast routing. See “To Enable Multicast Routing” Step 5: Enable IGMP on an interface:. See “To Enable IGMP on an Interface” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 447 Configure IGMP access group. See “To Configure IGMP Access Group” Step 7: View IGMP configuration. See “Show Commands in IGMP” Step 8: View Mutlicast configuration. See “Show Commands in Multicast” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 448: Igmp Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) IGMP Configuration IGMP C ONFIGURATION Figure 27: IGMP Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 449: Igmp Configuration Commands
After enabling this command, IGMP learns the multicast host information on given interface. This command is used to disable IGMP no ip pim sparse-mode on an interface. XAMPLE ALU(config-if FastEthernet0)# ip pim sparse-mode Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 450 Use this command to configure the ip igmp last-member-query- last-member query interval (in interval <100-65535> milliseconds) for the IGMP. The default last-member-query- interval is 1000 milliseconds. XAMPLE ALU(config-if FastEthernet0)# ip igmp last-member-query- interval 2000 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 451 <1-65535> the interval (in seconds) at which the IGMP router sends query messages on an interface. The default query-interval is 125 seconds. XAMPLE ALU(config-if FastEthernet0)# ip igmp query-interval 100 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 452 99>|<access-list-name>} access-lists. This restricts the host on a subnet joining only multicast groups that are permitted by access-lists. XAMPLE ALU(config-if FastEthernet0)# ip igmp access-group 10 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 453: Show Commands In Igmp
Number of leave message on this interface = 0 Number of query messages sent on this interface = 1 Querier on this interface = 2.2.2.3 Interface DR is 2.20.1.1 Total groups on this interface Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 454: Show Commands In Multicast
IP Multicast statistics: Rcvd: 4449 total, 838 link local Sent: 3334 forwarded, 0 send register 0 send assert, 3 first data pkt notice Errors: 1 rpf failure, 1 drop Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 455: Clear Commands In Multicast
XAMPLE ALU# clear ip mroute LEAR ULTICAST RAFFIC Command (in SUM/CM) Description This command resets the multicast clear ip multicast traffic traffic counters. XAMPLE ALU# clear ip multicast traffic Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 456: Multicast Configuration On Oa5510-Te
Multicast sender for group 225.5.5.5 and 227.7.7.7 is connected to router R6. In the given scenario, you can see the multicast routing table entries on routers to verify multicast routing. Show command outputs on router R3 is given. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 457 2.2.2.1 255.255.255.0 ip pim sparse-mode router ospf 1 log-adjacency-changes network 1.0.0.0/8 area 0 network 2.0.0.0/8 area 0 network 6.0.0.0/8 area 0 ip pim rp-address 3.3.3.2 ip pim spt-threshold infinity Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 458 30 no shutdown interface FastEthernet0 ip address 4.4.4.2 255.255.255.0 ip pim sparse-mode router ospf 1 log-adjacency-changes network 3.0.0.0/8 area 0 network 4.0.0.0/8 area 0 ip pim rp-address 3.3.3.2 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 459 FastEthernet0 ip address 7.7.7.2 255.255.255.0 ip pim sparse-mode router ospf 1 network 5.0.0.0/8 area 0 network 6.0.0.0/8 area 0 network 7.0.0.0/8 area 0 ip pim rp-address 3.3.3.2 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 460: Verifying Multicast Routing
You can use the following show commands to verify the configuration: • show ip pim state-info • show ip mroute • show ip multicast traffic • show ip pim neighbor • show ip pim interface Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 461 Left running head: Chapter name (automatic) Multicast Routing Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 462: Policy Based Routing
This chapter covers the Policy Based Routing (PBR) configuration for the OA5510-TE. For instructions on using the commands and descriptions on each of their parameters with the corresponding default values, refer to the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. This chapter includes the following sections: •...
Page 463: Pbr Overview
OA5510-TE shall support PBR as an infrastructure for other software components to add system PBR rules. This shall enable the applications to treat certain traffic in a special way. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 464: Pbr Configuration
ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if FastEthernet0)# no shutdown Step 5: Configure IP address for the interface ALU(config-if <interface-name>)# ip address {<ip- address subnet-mask>|<ip-address/prefix-length>} Example: ALU(config-if FastEthernet0)# ip address 20.20.20.20/ Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 465 An interface can have only one IP policy applied on it at any time. Step 7: Use the show commands to view PBR configuration. See “Show Commands in PBR” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 466: Pbr Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) PBR Configuration PBR C ONFIGURATION Figure 29: PBR Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 467: Pbr Configuration Commands
When the interface option is chosen as Ethernet/VLAN, it is mandatory to specify the next hop. • The range for the rule is 1-65535. This rule number signifies the priority of a rule. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 468 The command deletes a rule no rule <1-65535> corresponding to the rule number. XAMPLE ALU(config-ip-policy-pbr1)# 10 match m1 m2 not m3 interface FastEthernet 0 next-hop 1.2.2.1 ALU(config-ip-policy-pbr1)# 20 match m1 m2 next-hop 1.2.2.2 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 469 ALU(config-if FastEthernet0)# ip-policy pbr1 If the IP policy pbr1 is attached to the FastEthernet 0, the following command detaches it from the interface: ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# no ip-policy pbr1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 470: Show Commands In Pbr
PBR - Policy Based Routed, Drop - Dropped 0 packets forwarded by best effort IP forwarding ip-policy pbr1 : PBR - 0 Drop - 0 0 hits on : 1 match any m1 next-hop 1.1.1.1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 471: Clear Commands
IP policies configured in the policy name>] system. If a policy-name is specified, then the statistics for the specified IP policy are cleared. XAMPLE ALU(config)# clear ip-policy statistics Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 472: Pbr Configuration Example
L2 ports (configured as VLAN 10). In order to achieve this, you need to configure a routing policy and the following match conditions and forwarding action: Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 473: Configuration Steps
ALU(config-ip-policy-xyz-corporate-poli)# 20 match engg- dept next-hop 150.23.221.50 ALU(config-ip-policy-corporate-policy)# exit ALU(config)# Step 3: Apply the IP policy on the interface. ALU(config)# interface vlan 10 ALU(config-if Vlan10)# ip-policy xyz-corporate-policy ALU(config-if Vlan10)# exit ALU(config)# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 474: Verification
Verify the IP policy configuration by using the following show command: ALU(config)# show ip-policy xyz-corporate-policy ! IP-Policy configuration ip-policy xyz-corporate-policy 10 match any fin-dept next-hop 203.121.10.1 20 match any engg-dept next-hop 150.23.221.50 exit interface Vlan10 ip-policy xyz-corporate-policy exit Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 475 Left running head: Chapter name (automatic) Policy Based Routing Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 476: Part 6 Network Security
To switch to the beta version, import color def’ns from beta-colors.fm Part 6 Network Security Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle OmniAccess 5510 Unified Services Gateway CLI Configuration Guide section of Beta Beta Beta Beta variable) book...
Page 477 Left running head: Chapter name (automatic) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 478: Network Address Translation
Address Translation (NAT). This chapter includes steps for configuring the Source NAT (SNAT) and Destination NAT (DNAT). For instructions on using the NAT commands and descriptions on each of their parameters, refer to OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. This chapter includes the following sections: •...
Page 479: Nat Overview
In case of a firewall being used in conjunction with Static NAT, a filter or policy on the firewall must exist for each address map to allow inbound traffic. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 480 The NAT device achieves this by building a mapping table between the internal and external hosts on the fly based on the traffic flow. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 481: Benefits Of Nat
For Source NAT, if no IP pool or host address is specified, the default is the box's IP address of the egress interface on which the NAT policy is applied. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 482: Source Nat Configuration
LAN to the Internet. Refer the following section to configure SNAT on your system: • “SNAT Configuration Steps” • “SNAT Configuration Flow” • “SNAT Configuration Commands” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 483: Snat Configuration Steps
Step 5: Enter into Interface Configuration Mode ALU(config)# interface <name> Example: ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet)# Step 6: Administratively bring up the interface ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if FastEthernet)# no shutdown Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 484 “To Attach a NAT Policy to an Interface” Step 9: Turn On /Turn Off the statistics on an Interface “To Turn On/Off Statistics on an Interface” (Optional) Step 10: View NAT configuration. See “NAT Show Commands”. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 485: Snat Configuration Flow
Left running head: Chapter name (automatic) Network Address Translation SNAT C ONFIGURATION Figure 31: SNAT Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 486: Snat Configuration Commands
2. When you configure a SNAT without any IP address, the address used for natting is taken as the IP address of the interface to which the NAT policy is bound. XAMPLE ALU(config-nat-N1)# 10 match m1 source-nat Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 487 If a SNAT policy with the pool configuration is attached to an interface, and at any given point of time, the list is modified, you need to reapply the NAT policy on the interface. XAMPLE ALU(config-nat-N1)# match m1 source-nat pool l1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 488 Note: If no address is configured, the IP address of the egress interface on which the NAT policy is applied will be used. XAMPLE ALU(config-nat-N1)# match m1 source-nat static Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 489 SNAT rule configured. Note: Refer to the “Updations” section to know more on the “change” and “renumber” keywords. XAMPLE ALU(config-nat-N1)# renumber ALU(config-nat-N1)# change 10 20 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 490 ALU(config)# exit ALU(config)# ip nat n1 ALU(config-nat n1)# match m1 source-nat ALU(config)# exit ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# ip filter in f1 ALU(config-if FastEthernet0)# ip nat out n1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 491 {in|out|both} statistics for a given interface. XAMPLE ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# ip nat statistics out ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# no ip nat statistics out Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 492: Sample Configurations Of Snat On Oa5510-Te
11.1.1.0/24 any type ftp ip nat n2 match host1 source-nat host 192.168.10.1 static match host2 source-nat host 192.168.10.2 static match net11 source-nat pool p1 static interface FastEthernet 0 ip nat out n2 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 493: Destination Nat Configuration
For DNAT, IP pool or host address must be specified. Refer the following sections to configure DNAT on your system: • “DNAT Configuration Steps” • “DNAT Configuration Flow” • “DNAT Configuration Commands” • “NAT Show Commands” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 494: Dnat Configuration Steps
ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if FastEthernet0)# no shutdown Step 7: Configure IP address for the interface ALU(config-if <interface-name>)# ip address {<ip- address subnet-mask>|<ip-address/prefix-length>} Example: ALU(config-if FastEthernet0)# ip address 20.20.20.20/ Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 495 “To Attach a NAT Policy to an Interface” Step 9: Turn On /Turn Off the statistics on an Interface “To Turn On Statistics on an Interface” (Optional) Step 10: View NAT configuration. See “NAT Show Commands”. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 496: Dnat Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) Destination NAT Configuration DNAT C ONFIGURATION Figure 32: DNAT Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 497: Dnat Configuration Commands
And, this command is used to configure a DNAT with host IP address or an IP address pool. Note: Presently, ‘Hostname’ option is not supported. Only host IP address can be configured. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 498 This command is used to configure a [<1-65535>] match [{all|any}] static DNAT that uses one-to-one <match-list name> destination- address mapping without port nat pool <list-name> static translation. XAMPLE ALU(config-nat-N2)# match m1 destination-nat pool l1 static Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 499 NAT object are matched. XAMPLE ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# ip nat in N2 Note: Each interface can have only one ingress and one egress NAT policy. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 500: Sample Configuration Example Of Dnat On Oa5510-Te
14.1.1.2 match-list m1 host 201.176.18.1 service http ip nat N1 10 match M1 destination-nat pool p1 match m1 destination-nat pool p1 port 8080 ALU(config-if FastEthernet0) ip nat in n1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 501: Bypass
This command is used in conjunction [<1-65535>] match [{all|any}] with the SNAT or DNAT commands to <match-list name> bypass bypass the traffic. XAMPLE ALU(config)# ip nat snat ALU(config-nat-snat)# match m1 bypass Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 502: Nat Show Commands
Translated: 0, Bypassed: 0, PORTS Allocated: 0, Released: 0 20 match any m2 source-nat host 1.1.1.2 Translated: 0, Bypassed: 0, PORTS Allocated: 0, Released: 0 interface FastEthernet 0 Out Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 503 Dropped: 0, Bypassed: 0, Enqueued: 0 10 match any m1 source-nat host 1.1.1.1 NATted Packets: 0 20 match any m2 source-nat host 1.1.1.2 NATted Packets: 0 interface FastEthernet 0 out Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 504: Nat Clear Commands
The following example clears the counters of NAT ‘n1’. ALU# clear ip nat statistics n1 ALU# The following example clears the statistics of the NAT for FastEthernet interface: ALU# clear ip nat statistics FastEthernet 0 in ALU# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 505: Nat Debug Commands
<number>][output|permanent]| all [detail-level]} Notes: 1. saddr == source address 2. daddr == destination address 3. sport == source port 4. dport == destination port XAMPLE ALU# debug firewall nat Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 506: Modifying Nat Configuration
10 match m1 source-nat pool p1 15 match m4 source-nat pool p4 20 match m2 source-nat pool p2 30 match m3 source-nat pool p3 interface FastEthernet0 ip nat out N1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 507: Updations
The keyword “renumber” is used to re-order the numbers to the original scheme. ALU(config-nat-N1)# renumber The output of the show command would now be: ip nat N1 match M1 source-nat match M2 source-nat match M4 source-nat match M3 source-nat Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 508 M4 source-nat match M3 source-nat Now to generate a numbering scheme with a proper order, use the keyword “renumber” as explained in the section “To Renumber the List”. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 509: Nat Deletion Commands
This command when used also deletes all the associated NAT policy rules. XAMPLE To force deletion of the NAT N1: ALU(config)# no ip nat N1 force Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 510 <1-65535> policy corresponding to the line number. XAMPLE In the example below, the component or action corresponding to the rule 30 is deleted. ALU(config-nat-N1)# no rule 30 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 511 Left running head: Chapter name (automatic) Network Address Translation Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 512: Filter And Firewall
CLI commands for configuring the filters, firewall policies, and DoS attack prevention. For instructions on using the commands and to get a detailed description on each of their parameters, refer to OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. HAPTER...
Page 513: Network Security - An Overview
• “Network Security Terminologies” • “Firewall Mechanisms” • “Before You Configure Filters and Firewalls” • “OA5510-TE Specific Overview” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 514: Network Security Terminologies
ALGs look for altered data, potentially harmful traffic, data appropriateness, and also have the capability to log these. Figure 33: Depicting ALG Scenario Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 515: Firewall Mechanisms
Stateful firewalls are also known as "dynamic" packet filters. Note: OA5510-TE supports stateful and stateless inspection. By default, OA5510-TE firewall is ‘stateful’. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 516: Before You Configure Filters And Firewalls
So the “proper installation” to enable firewall is for you to create a default ACL policy, and bind it to untrusted interfaces to deny all traffic. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 517: Filter Configuration
Step 4: Enter into Interface Configuration Mode ALU(config)# interface <name> Example: ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# Step 5: Administratively bring up the interface ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if FastEthernet0)# no shutdown Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 518 Detach a Filter to an Interface” Note: An interface can have only one ingress and one egress filter. Step 8: Use the show commands to view the configured filters. See “Filter Show Commands”. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 519: Filter Configuration Flow
Left running head: Chapter name (automatic) Filter and Firewall ILTER ONFIGURATION Figure 34: Filter Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 520: Filter Configuration Commands
[verbose] The default action for a filter is “deny”. Note: The ‘reset’ keyword can be used in conjunction only with the “deny” keyword. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 521 XAMPLE The following example sets the filter to stateless. ALU(config-filter-f1)# stateless In the example below, the filter f1 is changed to stateful/reflexive mode. ALU(config)# filter f1 ALU(config-filter-f1)# no stateless Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 522 To view the filter configuration after renumbering, give the show command. The output appears as shown: show ip filter f1 ip filter f1 match m1 deny match m4 deny reset match m2 deny log match m3 deny default permit Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 523 ALU(config-if FastEthernet0)# ip filter in f1 If the filter f1 is interfaced to FastEthernet, the following command detaches it from FastEthernet interface: ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# no ip filter in f1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 524: Filter Show Commands
The following syntax displays the filter f1’s details: ALU(config-filter-f1)# show ip filter f1 ip filter f1 10 match any m1 permit default deny interface FastEthernet0 In, Stats Off Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 525 The following command displays the filter statistics: ALU(config)# show ip filter statistics FastEthernet 0 in ip filter f1 20 match any m1 permit Hits 0 default deny interface FastEthernet0 In, Stats On Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 526: Filter Deletion Commands
XAMPLE If the filter f1 has to be deleted when attached to a an interface, apply the following syntax: ALU(config)# no ip filter f1 force Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 527: Filter Clear Commands
[<interface-name> {in|out|both}| interface. <filter-name>] XAMPLE ALU# clear ip filter statistics FastEthernet 0 in ALU# clear ip filter statistics FastEthernet 0 out Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 528: Sample Examples Of Configuring Filters On Oa5510-Te
If you need to give access from the network 192.168.1.0/24 to 192.168.2.0/24 for FTP traffic, the CLI would be as follows: match-list m1 tcp prefix 192.168.1.0/24 prefix 192.168.2.0/24 type ftp ip filter f1 10 match m1 permit default deny Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 529: Managing Security Configuration
15 match m4 deny reset To view the filter f1’s configuration: show ip filter f1 ip filter f1 match m1 permit match m4 deny reset match m2 deny log match m3 permit stateless Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 530: Updations
To view the filter configuration after renumbering, give the show command. show ip filter f1 ip filter f1 10 match m1 permit 20 match m4 deny reset 30 match m2 deny log 40 match m3 permit stateless Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 531 10 match m1 permit Now, to change this to deny, then you need to enter “deny" in the filter configuration mode. ip filter f1 10 match m1 deny Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 532: Network Attacks - An Overview
OA5510-TE. These attacks too can be either manually turned on for detection or filters can be applied to block them. “To Configure Individual Attack for an Attack Object” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 533: Default Attacks (Rate-Limiting / Stateful)
Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 534 The malicious intruder could generate lots of these packets in order to totally overwhelm the systems and network. This keyword is included with appropriate parameters in the default list. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 535: Default Attacks (Non-Rate Limiting / Stateless)
Denial -of Service. To avoid the attack, this keyword is also placed in the default list. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 536 This has TCP packets with both SYN and FIN flag set, causing a denial of service. This attack is prevented by using the “default” keyword or can be inserted in the user-defined list. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 537: Optional Attacks
This command is not a default DoS setting. The square brackets around the whole command denotes its only optional. However the above command can be included in the DoS prevention list to avoid this kind of attacks. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 538 This will cause many frames to be unnecessarily transmitted, and dramatically reduce the performance of the network and the systems involved. To avoid this Denial of Service overload attempt, this command is placed in the default prevention list. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 539: Network Attack Prevention Configuration
“To Create a DoS Rule Inside a Firewall Policy” Attach a Firewall Policy to an Interface Step 7: Enter into Interface Configuration Mode ALU(config)# interface <name> Example: ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 540 “IN/OUT”. See “To Attach a Firewall Policy to an Interface” Step 11: View the firewall configuration. See “Firewall Show Commands” Step 12: Delete the firewall configuration. See “Firewall Deletion Commands” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 541: Network Attack Prevention Configuration Flow
Left running head: Chapter name (automatic) Filter and Firewall ETWORK TTACK REVENTION ONFIGURATION Figure 35: Network Attack Prevention Flowchart Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 542: Network Attack Prevention Configuration Commands
1. You can only modify the system default attack object but cannot delete it. 2. You cannot modify/delete the system default policy. 3. You can modify/delete the user created attack objects and the attack policies associated to it. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 543 "icmp-redirect" and "ip-rate-threshold". These attacks too can be either manually turned on for detection or filters can be applied to block them. The minimum time resolution you can enter is 5 milliseconds. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 544 NAT or DoS configuration. This is why you can see these attacks in the “show” output even when you have not configured them. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 545 This command is used to configure icmp-ip-address-sweep icmp-ip-address-sweep attack for an [threshold <1-4294967295> <1- attack object. 4294967295>] This command is used to configure icmp-dest-unrch-storm icmp-dest-unrch-storm attack for an [threshold <1-4294967295> <1- attack object. 4294967295>] Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 546 This command is used to configure tcp- tcp-header-frag header-frag attack for an attack object. This command is used to configure ip- ip-zero-length zero-length attack for an attack object. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 547 The ‘no’ command disables the individual attack configured for an attack object. Example: ALU(config-firewall-attack-A1)# no ip-tear-drop Note: You can also modify the System Default Attack Object by entering into the system- default attack object. Example: ALU(config-firewall)# attack system-default ALU(config-firewall-attack-system-default)# all Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 548 Note: Currently, multiple match-lists cannot be associated to a firewall policy rule. To configure more than one match-list within a firewall policy, add multiple rules with different match-lists. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 549 20 match m2 attack atk reset 30 match m3 attack atk reset Now, to generate a numbering scheme with a proper order, use the keyword “renumber” as follows: ALU(config-firewall)# policy P1 ALU(config-firewall-P1)# renumber Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 550 (outgoing) traffic if “out” keyword is used. Note: Firewall policy will take into effect once it is attached to an interface. XAMPLE ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# firewall policy in P1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 551 • Default TCP value is 15 minutes • Default UDP value is 5 minutes. • Default ICMP value is 30 seconds. XAMPLE ALU(config-firewall)# session ALU(config-firewall-session)# default timeout tcp 10 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 552: Firewall Show Commands
The following syntax is used to view the details of attack A1: ALU# show firewall attack A1 attack A1 udp-port-loopback 10 1000 udp-flood 200 1000 tcp-fin-scan icmp-ip-address-sweep 2 10 icmp-dest-unrch-storm 2 10 icmp-ping-flood 2 10 tcp-syn-flood 100 1000 5 udp-fraggle-attack Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 553 The following syntax is used to view the details of firewall session ALU(config)# show firewall session detail ID 70 ICMP timeout 28 secs, used by NAT Initiator: (10.91.1.108:13)=>(10.91.0.1:13) Responder: (10.91.0.1:34416)=>(10.91.1.108:34416) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 554 ID 70 ICMP timeout 25 secs, used by NAT Initiator: (10.91.1.108:13)=>(10.91.0.1:13) Responder: (10.91.0.1:34416)=>(10.91.1.108:34416) ALU(config)# show firewall session destination ip 10.91.0.1 ID 70 ICMP timeout 25 secs, used by NAT Initiator: (10.91.1.108:13)=>(10.91.0.1:13) Responder: (10.91.0.1:34416)=>(10.91.1.108:34416) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 555 PECIFIC IREWALL OLICY Command (in F-PCM) Description This deletes only the rule in the firewall no rule <1-65535> policy corresponding to the line number. XAMPLE ALU(config-firewall-P1)# no rule 30 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 556 This command is used to view the show firewall policy system- system default policy configuration. default XAMPLE ALU# show firewall policy system-default policy system-default 10 match all attack system-default drop system-traffic firewall policy system-default Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 557 The deleted default attacks are displayed with a prefix “no”, and the modified default attacks are displayed with the modified parameters. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 558: Sample Firewall Policy Configurations On Oa5510-Te
FastEthernet0 match-list m1 tcp list outside-zone list inside-zone type ftp firewall attack d1 default policy p1 match m1 attack d1 drop interface Serial0:0 firewall policy in p1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 559 10.0.0.0/8 for all default attacks: match-list m2 ip interface fastethernet 0 prefix 10.0.0.0/8 type any firewall attack a2 default policy p2 match m2 attack a2 reset interface FastEthernet0 firewall policy out p2 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 560: Zone Configuration
The domain falling outside the "trusted zone" is the "untrusted zone". Hence, external networks which comprise traffic or systems that are not within the administrative purview of a private network, such as the Internet, is an example of "untrusted zone". Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 561: Semi-Trusted Zone Or Demilitarized Zone
• Mail Server • Application Gateway • E-Commerce Systems Example of systems to place on a DMZ include Web servers and FTP servers. Figure 37: Three Zone Network Topology Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 562: Three Zone Firewall Example
LAN. Since these servers are exposed in some form to the Internet, they are placed in the DMZ. 4. All traffic going out to the Internet is subjected to NAT. Figure 38: Three Zone Firewall Network Topology Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 563 1. LAN addresses fall in 3 subnets • 10.0.0.0/24 • 192.168.0.0/24 • 172.16.0.0/25 2. The Public IP of the link is 202.24.45.100. This is forwarded to Mail Server and Web Server using DNAT. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 564 Configuring Lists with IP addresses rather than interfaces lead to the more efficient system operation, as it does not have to a lookup to determine egress interface and then apply filter. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 565 ALU(config-match-list-DMZ-access)# 2 tcp list DMZ list Untrust service dns ALU(config-match-list-DMZ-access)# 3 udp list DMZ list Untrust service dns (vi) Internet access to Trust ALU(config)# match-list Internet-Trust ALU(config-match-list-Internet-Trust)# ip any any Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 566 ALU(config-match-list-DoS)# 2 ip any list DMZ 9. Configuring rule for SNATing the trusted and DMZ network. ALU(config)# match-list source-nat ALU(config-match-list-source-nat)# 1 ip list Trust any ALU(config-match-list-source-nat)# 2 ip list DMZ any Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 567 ALU(config-firewall-attack-atk1)# icmp-ip-address-sweep ALU(config-firewall-attack-atk1)# icmp-ping-flood threshold 2 10 ALU(config-firewall-attack-atk1)# icmp-ping-of-death ALU(config-firewall-attack-atk1)# icmp-ping-of-death max- total-length 64 ALU(config-firewall-attack-atk1)# icmp-redirect ALU(config-firewall-attack-atk1)# icmp-router-advertisement ALU(config-firewall-attack-atk1)# ip-land-attack ALU(config-firewall-attack-atk1)# ip-source-routing ALU(config-firewall-attack-atk1)# ip-spoofing ALU(config-firewall-attack-atk1)# ip-tear-drop ALU(config-firewall-attack-atk1)# ip-tiny-frag ALU(config-firewall-attack-atk1)# ip-zero-length Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 568 ALU(config-if Vlan10)#ip filter in DMZ-traffic ALU(config)#ip filter DMZ-out ALU(config-filter-DMZ-out)#10 match any DMZ-Trust permit ALU(config-filter-DMZ-out)#default deny Applying the filter as "out" on the DMZ interface ALU(config-if Vlan10)#ip filter out DMZ-out Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 569 172.16.0.130 ALU(config-nat-DNAT)#match any webserver-access destination-nat host 172.16.0.131 Applying this DNAT rule as a IN nat policy for the mail and webserver access. ALU(config-if Serial0:0)#ip nat in DNAT Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 570: Example 2: Simple Zone Configuration In Oa5510-Te
//This will permit DMZ traffic without ip filter out permit-dmz-policy translation //This will deny all untrusted ip filter in deny-untrusted-policy traffic originated from outside. //Done Exit Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 571 //This will permit DMZ traffic without ip filter out permit-dmz-policy translation //This will deny all untrusted ip filter in deny-untrusted-policy traffic originated from outside //Done Exit Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 572: Time-Range/Timer Configuration
User must issue “clock” command to set the clock in OA5510-TE, so that the time- range configuration can take effect precisely. XAMPLE ALU(config)# time-range t1 ALU(config-time-range-t1)# ALU(config)# no time-range t1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 573: Time-Range Show Command
XAMPLE If “t1” is a schedule, then to view the particulars in it, use the following command: ALU# show time-range time-range t1 absolute 10:10:10 5/6/2006 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 574: Algs Supported In Oa5510-Te
FTP is most commonly used to download a file from a server using the Internet or to upload a file to a server (e.g., uploading a Web page file to a server). Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 575 It is often used by servers to boot diskless workstations, X-terminals, and routers. Alcatel-Lucent uses its proprietary protocols New Office Environmentl (NOE) for IP phone signaling. NOE provides rich graphical display facilities in the IP phones. Since NOE is similar to other voice protocols like SIP for voice services, it carries dynamic data port information in the control packets.
Page 576: Alg Configuration Commands
ALU(config)# match-list m1 ALU(config-match-list-m1)# tcp any any service dns Note: Use the port number to configure any other standard ALG service apart from those given in the above commands. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 577 Total SNAT Pasv Response commands Total DNAT Pasv Response commands Total Filter Pasv Response commands : 0 Total Pinholes created Total Pinholes matched Total Pinholes timed out Total Pinholes failed Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 578 ALU(config)# show firewall alg rpc statistics Total SNAT RPC CALL Packets Total DNAT RPC REPLY Packets Total DNAT DUMP REPLY Packets Total Pinholes created Total Pinholes matched Total Pinholes failed Total Pinholes removed Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 579 Total RTCP Pinholes timeout Total SIP Packets with Non-SDP message body Total SIP Packets with invalidate payload Total SIP Packets with invalidate SDP payload Total SIP Packets out of order Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 580 TFTP ALG debug counters. counters XAMPLE ALU(config)# show firewall alg tftp debug-counters Total malloc operations Total failed malloc operations Total memory release operations Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 581 Total malloc passed, sip sessions and calls Total malloc failed Total memory free count, sip sessions and calls Total sip packets translated Total sdp packets translated Total sip packets retransmitted Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 582 IREWALL TATISTICS Command (in CM) Description This command is used to clear the clear firewall alg sip statistics the ALG SIP statistics. XAMPLE ALU(config)# clear firewall alg sip statistics Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 583: Customized-Service Rule Based Alg Configuration
USTOMIZING OMMANDS ONFIGURE USTOMIZED ERVICE Command (in CM) Description This command is used to configure ALG customized-service rule. This also enters into customized service configuration mode. XAMPLE ALU(config)# customized-service Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 584 Use this command to change the priority change {<1-65535> <1-65535>} of a specific ALG rule configured. XAMPLE The following example shows how to change the priority of a rule; ALU(config-customized-service)# change 10 1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 585 ETAILS OF A ASED ERVICE Command (in CM) Description This command shows the ALG rule show customized-service based service details. XAMPLE ALU(config)# show customized-service 20 match any m2 service none Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 586: Noe Alg Configuration
NOE ALG Configuration NOE ALG C ONFIGURATION Alcatel-Lucent uses its proprietary protocols New Office Environmentl (NOE) for IP phone signaling. NOE provides rich graphical display facilities in the IP phones. Since NOE is similar to other voice protocols like SIP for voice services, it carries dynamic data port information in the control packets.
Page 587: Noe Alg Configuration Steps
If you are configuring a NAT rule to nat NOE traffic, then you need to reserve NAT ports for NOE phones. This can be done by using the NAT Port reservation command. “To Configure Port Reservation in NAT”. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 588: Noe Alg Configuration Commands
This command is entered in the match- udp any any type alcatel-ua list mode. Use this command to classify the NOE signalling traffic. XAMPLE ALU(config)# match-list m1-filter ALU(config-match-list-m1-filter)# udp any any type alcatel-ua Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 589 You need to reserve ports for NOE phones. You should know the base port configured on the server to reserve the port range. In Alcatel call server, the base port, symbolized by BASE_PORT, is a system-wide configuration value that defines the range of UDP ports occupied by signaling and media flows.
Page 590: Noe Show Commands
RTP sessions created RTP sessions released RTP sessions terminated from UA time-outs : 0 RTCP pinholes outstanding RTCP sessions created RTCP sessions released RTCP sessions terminated from UA time-outs: 0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 591 Total malloc failed Total memory free count, UA sessions and calls Total UA packets translated : 7690 Total sdp packets translated : 26 Total UA packets retransmitted : 330 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 592: Noe Clear Commands
LEAR TATISTICS Command (in CM) Description This command is used to clear all clear firewall alg noe statistics the NOE ALG statistics. XAMPLE ALU(config)# clear firewall alg noe statistics Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 593: Typical Rule Based Alg And Dnat Example Using Oa5510-Te
The following example illustrates how rule based ALG solves this problem by mapping the non-standard ports to standard service so that FTP ALG can be invoked on these non-standard ports. Figure 39: ALG Configuration Scenario Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 594 ALU(config-customized-service)#match m4 service none Show Customized-Service Configuration ALU(config)# show customized service 10 match m1 service ftp 20 match m2 service ftp 30 match m3 service ftp 40 match m4 service none Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 595: Security - Best Practices
The point to be noted here is that rules are evaluated by firewall from first to last. The rules are: • ICMP Rules • IP Rules • UDP Rules • TCP Rules Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 596 Drop X-Windows (packets using ports 6000-6003). It is possible for a hacker to control mouse and keyboard for a host inside the network. • Drop SNMP (packets using ports 161 and 162). Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 597 IMITING Rate limiting is a good method of prevention against Denial -of -service attack. Most common of them are: Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 598 IP address within a defined interval. This is again can be prevented by setting a threshold (.005 seconds is the default). This can be shown as: attack p1 udp port scan threshold 10 per 0.005 seconds Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 599 Left running head: Chapter name (automatic) Filter and Firewall Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 600: Ip Security - Virtual Private Network
IPsec VPN, its components, tunneling, and security. To get a succinct knowledge on the parameters and default values, refer to the VPN section in OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. This chapter includes instructions for configuring the IPsec through the CLI. It includes the following sections: •...
Page 601: Chapter Conventions
IKE Policy Mode IKE Policy Configuration Mode - ALU (config-IKE policy name)# ISAKMP Internet Security Association and Key Management Protocol Perfect Forward Secrecy Public Key Infrastructure Security Association Security Policy Database Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 602: Ipsec Vpn Overview
Secure connectivity from home to the office network. Note: Currently, road warrior connectivity access is not supported. Branch Offices Mobile Worker Head Office Home Office Branch Offices Figure 40: General VPN Usage Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 603 The following sections provide a conceptual overview of IPsec VPN: • “IPsec Enabled VPN” • “IPsec Connection Types” • “IPsec Concepts” • “Benefits of IPsec Enabled VPN” • “Default Configuration Setting on OA5510-TE” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 604: Ipsec Enabled Vpn
"Road Warrior" connection and the remote computer is not behind a firewall. The IP address that the remote computer will be using is normally not known for configuration. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 605 VPN channel that connects the Finance department and Accounts department of two geographically displaced locations. Tunnel 1 users have no access to this path. Figure 41: A General Scenario of IPsec - VPN Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 606: Ipsec Concepts
The outer IP header corresponds to these gateways. Since the tunnel mode hides the original IP header, it facilitates security of the networks with private IP address space. Figure 42: Tunnel Mode Note: OA5510-TE supports only Tunnel Mode. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 607 Triple DES (3DES) - A more powerful version of DES in which the original DES algorithm is applied in three rounds, using a 192-bit key. • Advanced Encryption Standard (AES) - AES uses a 128-bit, 192-bit, and 256- bit keys. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 608 IP addresses, ports, etc. With each policy, a Security Association (SA) is associated. You should mainly configure the encryption algorithm and authentication algorithm that should be used. The cryptographic key should be configured. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 609 Nonce Payload ISAKMP HEADER MESSAGE 5 Identity Payload Authentication Data Payload ENCRYPTED ISAKMP HEADER MESSAGE 6 Identity Payload Authentication Data Payload ENCRYPTED Figure 43: Phase 1 Negotiation - Main Mode Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 610 E N C R Y P T E D Figure 44: Phase 2 Negotiation - Quick Mode A full Diffie-Hellman key exchange may be done to provide Perfect Forward Secrecy (PFS). Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 611: Benefits Of Ipsec Enabled Vpn
Extended geographic connectivity. • Reduces transit time and transportation costs for remote users. • Improves productivity. • Simplifies network topology. • Provides global networking opportunities. • Provides telecommuter support. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 612: Default Configuration Setting On Oa5510-Te
Following are the default values for a newly configured crypto map: Default transform set in crypto map: ‘default’ transform set ii. Default PFS group in crypto map: pfs group2. iii. Default lifetime in seconds for a crypto map: 28800 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 613: Ipsec Vpn Configuration
Step 6: Enter the Interface Configuration Mode ALU(config)# interface <name> Example: ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# Step 7: Administratively bring up the interface ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if FastEthernet0)# no shutdown Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 614 “Dead Peer Detection (DPD)” (Optional) Step 11: Know the default values allowed by OA5510-TE. See “Default Configuration Setting on OA5510-TE” Step 12: View the IPsec configuration. See “IPsec VPN Show Commands”. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 615: Ipsec Vpn Configuration Flow
Left running head: Chapter name (automatic) IP Security - Virtual Private Network VPN C ONFIGURATION Figure 45: IPsec Configuration Flowchart Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 616: Ipsec Configuration Commands
The IKE key is given by means of a key-string. Currently, the preshared-key length is restricted to 128 characters, and the minimum length is 8 characters. XAMPLE ALU(config)#crypto ike key top_secret1612 peer 10.10.1.2 ALU(config)#crypto ike key "!netsecret!" peer 202.54.30.100 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 617: Ipsec Configuration With X.509 Certificates
This command imports an RSA key pair crypto key import rsa <name> from a remote location. [fpkey <file-path>|ftp:|http: |https:|scp:|tftp:] Note: Currently, SCP option is not supported. XAMPLE ALU(config)#crypto key import rsa testKey ftp: Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 618: Example
Command (in CA Identity CM) Description This command specifies the subject subject-name <subject-name> distinguished name that would appear in the certificate request for this CSR, if generated on OA5510-TE. XAMPLE ALU(config-ca-ALUCA)#subject-name /CN=Bart Simpson/O=ALU/C=US Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 619 Command (in CM) Description This command generates a CSR for the crypto certificate-request specified CA. <name> generate key-name <name> ca <name> XAMPLE ALU(config)# crypto certificate-request req_Simpson generate key-name exampleKey ca ALUCA Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 620 Note: The crypto certificates will take into effect only after issuing the ‘refresh’ command. XAMPLE ALU(config)# crypto certificate-database refresh Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 621 This command imports trusted peer crypto peer-certificate <name> certificates in OA5510-TE. import [fpkey <file-path> |ftp:|tftp:|http:|https:|scp:] Note: Currently, SCP option is not supported. XAMPLE ALU(config)# crypto peer-certificate cert_Bouvier import ftp: Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 622 SSUER OF THE ERTIFICATE Command (in IKE Identity CM) Description This command specifies the issuer (CA) peer-ca <name> of the peer's certificate. XAMPLE ALU(config-ike-identity-exampleidentity)# peer-ca CN=ALU, OU=Certificate Authority, C=US Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 623 <name> signed certificate to be used during IKE negotiation. This should be one among the certificates imported under the “To Import a Signed Certificate” command. XAMPLE ALU(config-ike-identity-exampleidentity)# my-cert cert_Simpson Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 624: To Export Rsa Keys
ALU(config)# crypto key export rsa examplekey tftp: CA C ELETE A ERTIFICATE Command (in CM) Description This command deletes the specified CA crypto ca-cert <name> delete certificate. XAMPLE ALU(config)# crypto ca-cert ALUca delete Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 625: To Delete A Signed Certificate
ALU(config)# crypto peer-certificate cert_Bouvier delete RSA K ELETE AN Command (in CM) Description This command deletes the specified crypto rsa-key <name> delete RSA key pair. XAMPLE ALU(config)# crypto rsa-key examplekey delete Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 626: Internet Key Exchange (Ike) Policy
XAMPLE ALU(config)# crypto ike policy P1 ALU(config-crypto-ike-policy-P1)# Note: The “force“ keyword is used to modify or edit an IKE policy in use. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 627 The ‘no’ command resets the IKE policy to its default. Note: If no proposal is configured for an IKE policy, sha1-AES-128 is taken as the default proposal. XAMPLE ALU(config-crypto-ike-policy-P1)# proposal md5-aes-128 ALU(config-crypto-ike-policy-P1)# no proposal Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 628 There is no default value for IPsec SA lifetime in Kilobytes. XAMPLE ALU(config-crypto-ike-policy-P1)# ipsec security-association lifetime kilobytes 5400 ALU(config-crypto-ike-policy-P1)# ipsec security-association lifetime seconds 5400 ALU(config-crypto-ike-policy-P1)# no ipsec security-association lifetime kilobytes ALU(config-crypto-ike-policy-P1)# no ipsec security-association lifetime seconds Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 629 If the PFS group is not explicitly configured, group2 is used as the default PFS. The ‘no’ command resets the PFS no pfs group to default. XAMPLE ALU(config-crypto-ike-policy-P1)# pfs group1 ALU(config-crypto-ike-policy-P1)# no pfs Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 630: To Configure Transform-Set In Ipsec
SHA1 and 192 bit AES encryption • esp-sha1-aes256 encapsulation with SHA1 and 256 bit AES encryption • esp-sha1-des encapsulation with SHA1 and 56 bit DES encryption Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 631 Hence, the transform-set must be first disabled from the crypto map and then deleted. Command (in CM) Description This command deletes a transform-set. no crypto ipsec transform-set <name> XAMPLE ALU(config)# no crypto ipsec transform-set netset Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 632: To Configure Ipsec Crypto Map
If you try to attach a match-list to a crypto map that already has one, it overrides the existing match-list provided it satisfies the match-list criteria for IPSec. XAMPLE ALU(config-crypto-map-exampleMap)# match matchlist1 ALU(config-crypto-map-exampleMap)# no match matchlist1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 633 Note: If no transform set is attached to a crypto map, Default transform set is used. XAMPLE ALU(config-crypto-map-exampleMap)# transform-set netset ALU(config-crypto-map-exampleMap)# no transform-set Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 634 If no PFS group is attached to a crypto map, group2 PFS is used. The ‘no’ command disables PFS no pfs completely. XAMPLE ALU(config-crypto-map-exampleMap)# pfs group1 ALU(config-crypto-map-exampleMap)# no pfs Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 635 IKE policy associated with the crypto map, then the default lifetime is considered. XAMPLE ALU(config-crypto-map-exampleMap)# lifetime seconds 1000 ALU(config-crypto-map-exampleMap)# lifetime kilobytes 1005236 ALU(config-crypto-map-exampleMap)# no lifetime seconds ALU(config-crypto-map-exampleMap)# no lifetime kilobytes Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 636: To Attach Crypto Map To An Interface
To delete, first detach the crypto map from the interface. XAMPLE ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# crypto map exampleMap ALU(config-if FastEthernet0)# no crypto map exampleMap Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 637: Dead Peer Detection (Dpd)
DPD interval specified. This command disables DPD for IKE no crypto ike dpd globally. XAMPLE ALU(config)# crypto ike dpd interval 10 timeout 35 ALU(config)# no crypto ike dpd Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 638 ALU(config-crypto-map-exampleMap)# dpd delay 15 timeout 60 ALU(config-crypto-map-exampleMap)# dpd NONE ALU(config-crypto-map-exampleMap)# no dpd Note: If there is no global DPD defined, both the dpd none command and no dpd command produce the same result. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 639: Ipsec Vpn Show Commands
! Policy in Use (by 1 cryptomaps/ipsec-profiles) crypto ike policy test proposal sha1-aes128 ipsec security-association lifetime seconds 28800 lifetime seconds 86400 pfs group2 crypto ike policy P1 proposal sha1-aes128 ipsec security-association lifetime seconds 28800 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 640 No Peer Defined No Match-List defined transform-set default pfs group2 ! Not Applied to Any Interface crypto ipsec profile pf1 ! Not Applied to Any Interface !QoS Configuration --More-- Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 641 ! Applied to : FastEthernet0 interface FastEthernet0 crypto map exampleMap !crypto ipsec profile default ike-policy default transform-set default pfs group2 lifetime seconds 28800 ! Not Applied to Any Interface Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 642 The following example displays the details for a specified crypto map: ALU(config)# show crypto map examplemap crypto map examplemap ipsec-ike P1 peer 10.10.10.1 match m1 transform-set default pfs group2 ! Applied to : FastEthernet0 interface FastEthernet0 crypto map examplemap Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 643 ! Policy in Use (by 1 cryptomaps/ipsec-profiles) crypto ike policy P1 proposal sha1-aes128 ipsec security-association lifetime seconds 28800 lifetime seconds 86400 pfs group2 authentication pre-shared ! Policy in Use (by 1 cryptomaps/ipsec-profiles) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 644 XAMPLE ALU(config)# show crypto ipsec transform-set !crypto ipsec transform-set default esp-md5-des esp-sha1-des crypto ipsec transform-set ts1 esp-md5-des ALU(config)# show crypto ipsec transform-set ts1 crypto ipsec transform-set ts1 esp-md5-des Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 645 TUNNEL MODE Replay Detection Enabled: Yes ESP spi:0xc3fb59c time-left:28793secs/0kb esp-sa-id:12 Decaps:7 Decrypt:7 Auth:7 Errors:0 ********OUTBOUND******** ESP Algo:crypt:DES-CBC len:64 auth:SHA1-HMAC len:160 TUNNEL MODE Replay Detection Enabled: Yes ESP spi:0x541a7498 time-left:28793secs/0kb esp-sa-id:16 Encaps:7 Encrypt:7 Auth:7 Errors:0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 646 -----BEGIN RSA PRIVATE KEY----- MIIBOwIBAAJBALrzr88JSfTvE9+n4+4oMrXvBuL4yTFtRESB0j9JgslrWtFz0Huv P16CNBVUSafTXmkpxHJXJWruAvgs3VkvA60CAwEAAQJATCC1Q6p1qj68qgOU5kMK O1mlRUGns+/Zr8fplInbrybL7aUyw0ZbOxwR47nhv2cPJmBEVYBgD3MJBpmoCoQ3 JQIhAPQF4cc793YnqQjDmMZlrU5EgW0+iTv7tZhBfu9Be6hzAiEAxCC2wzozczYb Vu34ghDwp8Bcr5dyRH1qqKXAWfhjO18CIHy5WOo1a0lYAhy5pKebJpZ/i0ukEA65 m9qjd1aguKyjAiEAsZOVJsppjyUsN9cbLFi+LITE5s9OzKhpi+0Xbd6xqi0CIQCR p2uSbE2LoC4r3XovZoVF1mLzZLrC3WZcMKRk0qeO0Q== -----END RSA PRIVATE KEY----- ALU(config)# show crypto rsa-key exampleKey public-key -----BEGIN PUBLIC KEY----- MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALrzr88JSfTvE9+n4+4oMrXvBuL4yTFt RESB0j9JgslrWtFz0HuvP16CNBVUSafTXmkpxHJXJWruAvgs3VkvA60CAwEAAQ== -----END PUBLIC KEY----- Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 647 DN /CN=Bart Simpson/O=ALU/C=US my-cert cert_Simpson ALU(config)# show crypto ike identity exampleIdentity crypto ike identity exampleIdentity peer-id user-fqdn selma_bouvier@ALU.com peer-ca CN=ALU, OU=Certificate Authority, C=US my-id DN /CN=Bart Simpson/O=ALU/C=US my-cert cert_Simpson Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 648 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 88:75:2D:47:AC:E8:AB:C3:5F:9F:E1:93:6B:7E:07:9C:A3:B0:24:CB X509v3 Authority Key Identifier: keyid:05:98:D2:25:D3:18:12:A1:C7:4B:7A:98:D2:D8:25:73:2B:6B:AE:B1 DirName:/CN=CA_0x01/O= serial:00 Signature Algorithm: md5WithRSAEncryption Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 649 <name> Displays the details of the specified peer show crypto peer-certificate certificate in the base64 pem format. [<name> [pem]] XAMPLE ALU(config)# show crypto peer-certificate cert_fred cert_barney cert_wilma Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 650 X509v3 Subject Key Identifier: A8:80:7E:54:63:61:76:66:DE:E0:98:6C:10:31:6D:EB:1E:9D:4C:46 X509v3 Authority Key Identifier: keyid:A8:80:7E:54:63:61:76:66:DE:E0:98:6C:10:31:6D:EB:1E:9D:4C:46 DirName:/C=US/ST=Bedrock/CN=Fred Flintstone/ emailAddress=fred@flintstones.com serial:00 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: md5WithRSAEncryption 2d:b4:af:ef:cb:25:79:fe:11:9a:85:2e:a5:ef:27:9c:87:21: 00:c8:19:89:19:05:ae:6a:2f:d0:02:df:ba:70:e9:ac:81:29: f2:ff:dc:da:35:e4:d0:43:ec:ec:7c:73:24:c9:52:d8:c9:0a: 90:40:6f:64:df:0d:65:16:bf:96:22:fb:06:fb:6b:0b:17:24: c2:2e:33:0b:2d:f6:76:ec:8e:e7:9e:cc:4e:c6:fa:25:a2:7f: 4a:79:c9:ba:55:67:a9:74:4e:5e:30:ff:37:13:94:cd:db:47: 26:30:c6:19:38:31:62:12:70:5f:00:e7:80:01:2c:8a:da:d5: e0:e5 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 651 IP Security - Virtual Private Network ALU(config)# show crypto peer-certificate cert_fred pem -----BEGIN CERTIFICATE----- MIIC7DCCAlWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBeMQswCQYDVQQGEwJVUzEQ MA4GA1UECBMHQmVkcm9jazEYMBYGA1UEAxMPRnJlZCBGbGludHN0b25lMSMwIQYJ KoZIhvcNAQkBFhRmcmVkQGZsaW50c3RvbmVzLmNvbTAeFw0wNjA2MjIwNjU2MTNa Fw0wNjA3MjIwNjU2MTNaMF4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdCZWRyb2Nr MRgwFgYDVQQDEw9GcmVkIEZsaW50c3RvbmUxIzAhBgkqhkiG9w0BCQEWFGZyZWRA ZmxpbnRzdG9uZXMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMdzM1 ECyQan26CFuXaOvqkbvit6ydQpU2Otur0zgEOJs0GDEiaXjeETd/Hn8Qm7qWYOPd vXSTz9ytxafKaX/RdzM4amaJB2bSCNS4mD/gmRH4P3ibJ1GN7l7nKlo60tzc90W5 Ho7C7SpepSkDPatuLf1s68VyqFREpgNwTtA4MwIDAQABo4G5MIG2MB0GA1UdDgQW BBSogH5UY2F2Zt7gmGwQMW3rHp1MRjCBhgYDVR0jBH8wfYAUqIB+VGNhdmbe4Jhs EDFt6x6dTEahYqRgMF4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdCZWRyb2NrMRgw FgYDVQQDEw9GcmVkIEZsaW50c3RvbmUxIzAhBgkqhkiG9w0BCQEWFGZyZWRAZmxp bnRzdG9uZXMuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEA LbSv78slef4RmoUupe8nnIchAMgZiRkFrmov0ALfunDprIEp8v/c2jXk0EPs7Hxz JMlS2MkKkEBvZN8NZRa/liL7BvtrCxckwi4zCy32duyO557MTsb6JaJ/SnnJulVn qXROXjD/NxOUzdtHJjDGGTgxYhJwXwDngAEsitrV4OU= -----END CERTIFICATE----- Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 652 Signature Algorithm: md5WithRSAEncryption 45:6b:da:5f:10:09:77:7c:16:1e:a4:c2:aa:b6:3c:04:d1:ca: 4c:bc:9c:74:07:a7:a4:8a:09:cc:ad:e0:8b:9c:34:9d:05:c0: 63:3b:d7:01:9c:e0:29:44:38:e4:f8:e9:81:69:13:92:f4:14: f2:a6:7a:75:35:96:f5:12:3f:77:32:ef:c2:a7:28:4b:81:69: 10:a5:05:0d:dd:2f:73:20:70:58:b5:d9:2f:d9:13:c8:c1:20: c6:f7:34:c9:c0:23:06:b4:32:6c:65:48:06:78:18:48:fe:78: ab:ba:5c:a3:f5:0b:c8:64:95:5b:a6:27:c1:43:ca:d9:f5:d0: bd:5c XAMPLE ALU(config)# show crypto crl ca ALUCA pem -----BEGIN X509 CRL----- MIIBDzB6MA0GCSqGSIb3DQEBBAUAMCExEDAOBgNVBAMUB0NBXzB4MDExDTALBgNV BAoTBE5ldGQXDTA2MDEwOTExNDYzN1oXDTA2MDIwODExNDYzN1owKDASAgEBFw0w NjAxMDkxMTQ2MTJaMBICAQIXDTA2MDEwOTExNDYxNlowDQYJKoZIhvcNAQEEBQAD gYEARWvaXxAJd3wWHqTCqrY8BNHKTLycdAenpIoJzK3gi5w0nQXAYzvXAZzgKUQ4 5PjpgWkTkvQU8qZ6dTWW9RI/dzLvwqcoS4FpEKUFDd0vcyBwWLXZL9kTyMEgxvc0 ycAjBrQybGVIBngYSP54q7pco/ULyGSVW6YnwUPK2fXQvVw= -----END X509 CRL----- Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 653 X509v3 extensions: X509v3 Subject Key Identifier: 05:98:D2:25:D3:18:12:A1:C7:4B:7A:98:D2:D8:25:73:2B:6B:AE:B1 X509v3 Authority Key Identifier: keyid:05:98:D2:25:D3:18:12:A1:C7:4B:7A:98:D2:D8:25:73:2B:6B:AE:B1 DirName:/CN=CA_0x01/O= serial:00 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: md5WithRSAEncryption 0c:0b:92:9c:1d:60:ac:62:e0:7f:f3:1d:9c:7b:e8:de:67:09: 43:a1:2e:47:d1:78:c1:17:f6:0c:aa:ef:51:55:e2:9b:5f:8a: 0e:9f:ba:51:55:57:48:2b:4c:8f:f7:6b:7c:65:4b:cf:99:b2: dc:83:2d:da:99:63:0c:ad:6b:33:66:19:91:ef:35:cb:dd:d8: 74:48:34:a6:40:c2:f0:8d:b6:8a:32:63:8c:f0:82:14:14:5a: a3:56:de:b1:50:42:6f:b3:0f:ea:f1:26:be:2e:ce:9e:61:f5: 24:c3:88:ab:13:42:70:82:80:f9:f1:d2:8f:02:d5:5b:62:ff: 3e:cc Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 654 <name> Displays the details of the specified CSR show crypto certificate- in the base64 pem format. request [<name> [pem]] XAMPLE ALU(config)# show crypto certificate-request req_Simpson req_Burns Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 655 Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: md5WithRSAEncryption 57:7b:73:45:07:37:a3:c6:a3:fc:46:5d:a6:c7:00:b1:2c:c8: 15:00:8f:ef:47:c5:0d:fa:81:a3:82:90:15:76:ad:10:42:ef: 68:a5:58:5a:e8:7b:17:85:d3:2b:f5:c5:ca:ca:db:c1:f0:d5: a6:87:b6:0b:13:a2:35:2f:91:cb ALU(config)# show crypto certificate-request req_Simpson pem -----BEGIN CERTIFICATE REQUEST----- MIHtMIGYAgEAMDMxFTATBgNVBAMTDEJhcnQgU2ltcHNvbjENMAsGA1UEChMETmV0 RDELMAkGA1UEBhMCVVMwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuvOvzwlJ9O8T 36fj7igyte8G4vjJMW1ERIHSP0mCyWta0XPQe68/XoI0FVRJp9NeaSnEclclau4C +CzdWS8DrQIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQBXe3NFBzejxqP8Rl2mxwCx LMgVAI/vR8UN+oGjgpAVdq0QQu9opVha6HsXhdMr9cXKytvB8NWmh7YLE6I1L5HL -----END CERTIFICATE REQUEST----- Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 656: Clear Commands In Ipsec
Note: The sa-index must be a valid sa-index of an outbound SA. XAMPLE ALU# clear crypto ipsec sa all ALU# clear crypto ipsec sa 16 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 657: Ipsec Scenarios On Oa5510-Te
86400 pfs group2 !crypto ipsec transform-set default esp-md5-des esp-sha1-des crypto map demomap ipsec-ike default peer 10.0.0.1 match m1 transform-set default pfs group2 ! Not Applied to Any Interface Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 658 Alternatively, you can modify the same rule. ALU(config)# match-list tunnel ALU(config-match-list-tunnel)# 1 ip prefix 10.91.0.0/24 prefix 10.0.0.0/24 ALU(config-match-list-tunnel)# 1 ip prefix 192.168.0.0/24 prefix 10.0.0.0/24 Note: The crypto map supports only one rule in a match-list. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 659 Case(iv) Adding an Extra Rule to the Match-list Used by a Crypto Map An extra rule cannot be added to a match-list if it is attached to a crypto map. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 660: Best Practices For Deploying Ipsec Vpn
It is up to you to decide upon the key length. It is recommended to use a minimum key length of 16 characters. Note: OA5510-TE supports only unique pre-shared key to provide better security. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 661: Ipsec Access Control
It is recommended to use Diffie-Hellmann PFS Group 5. • group1: Use Diffie-Hellman Group 1: 768 bits • group2: Use Diffie-Hellman Group 2: 1024 bits • group5: Use Diffie-Hellman Group 5: 1536 bits Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 662: Network Address Translation
This is applied to the crypto map attached to interface fastethernet 0. Then, you should have a routing entry ip route 9.0.0.0/8 FastEthernet0 Otherwise the tunnel will not come up. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 663: Ipsec Nat-Traversal
Description This command is used to enable or disable crypto nat-traversal NAT traversal for IPsec on OA5510-TE. {enable|disable} By default, NAT Traversal is enabled. XAMPLE ALU(config)# crypto nat-traversal disable Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 664: Scenarios Depicting Ipsec Nat-Traversal
!crypto ipsec transform-set default esp-md5-des esp-sha1-des crypto map map1 ipsec-ike default peer 202.50.24.1 match m1 transform-set default pfs group2 ! Applied to : FastEthernet0 interface FastEthernet0 crypto map map1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 665 !crypto ipsec transform-set default esp-md5-des esp-sha1-des crypto map map1 ipsec-ike default peer 202.50.24.2 match m1 transform-set default pfs group2 ! Applied to : FastEthernet0 interface FastEthernet0 crypto map map1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 666: Ipsec Tunnel Interface
IPsec Tunnel Interface UNNEL NTERFACE Alcatel-Lucent provides support for IPsec in a tunnel mode with encryption, intended for secure site-to-site communications over an untrusted network. Currently IPsec can be configured through a crypto map and applied to a interface.In addition, IPsec as a tunnel interface is required so that, •...
Page 667: Default Configuration
Default transform set in an IPsec profile: ‘default’ transform set iii. Default PFS group in an IPsec profile: pfs group2. iv. Default lifetime in seconds for an IPsec profile: 28800 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 668: Ipsec Tunnel Interface Configuration
Profile”. And, configure Profile related commands. Step 3: Enter Interface Configuration Mode ALU(config)# interface <name> Example: ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# Step 4: Administratively bring up the interface Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 669 Step 7: View the IPsec tunnel configuration. See “To View the IPsec Profile Configuration” Note: All the IPsec parameters related show commands are valid for this section also. For more details, see “IPsec VPN Show Commands” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 670: Ipsec Tunnel Interface Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) IPsec Tunnel Interface Configuration UNNEL NTERFACE ONFIGURATION Figure 47: IPsec Tunnel Interface Configuration Flowchart Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 671: Ipsec Tunnel Interface Configuration Commands
Note: If no IKE policy is attached to an IPsec profile, ‘default’ IKE policy is used. XAMPLE ALU(ipsec-profile-PF1)# ike-policy IKE1 ALU(ipsec-profile-PF1)# no ike-policy Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 672 If no PFS group is attached to an IPsec profile, group2 PFS is used. The ‘no’ command disables PFS no pfs completely. XAMPLE ALU(ipsec-profile-PF1)# pfs group2 ALU(ipsec-profile-PF1)# no pfs Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 673 The ‘no’ command detaches the specified no ike-identity IKE identity attached to a profile. Note: IKE identity should only be attached to an IPsec profile if the Authentication type is ‘rsa-sig’ Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 674 This command is used to assign an IP ip address {<ip-address address and subnet mask to the tunnel subnet-mask>|<ip-address/ interface. prefix-length>} XAMPLE ALU(config-if Tunnel1)# ip address 20.20.20.20/24 ALU(config-if Tunnel1)# ip address 192.168.0.1 255.255.255.255 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 675 IP address of the |<interface-name>} tunnel. XAMPLE ALU(config-if Tunnel1)# tunnel source 2.2.2.1 ALU(config-if Tunnel1)# tunnel source FastEthernet 0 ALU(config-if Tunnel1)# no tunnel source 2.2.2.1 ALU(config-if Tunnel1)# no tunnel source FastEthernet 0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 676 You cannot delete an IPsec profile that is applied to the interface. To delete, first detach the IPsec profile from the tunnel interface. XAMPLE ALU(config-if Tunnel1)# ipsec-profile PF1 ALU(config-if Tunnel1)# no ipsec-profile PF1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 677 ! Not Applied to Any Interface crypto ipsec profile PF1 ike-policy secret transform-set transet1 ike-identity ID01 pfs group2 lifetime seconds 28800 ! Applied to: interface Tunnel1 ipsec-profile PF1 ALU(config)# Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 678: Ipsec Tunnel Configuration Scenarios Using Oa5510-Te
IPsec Tunnel Configuration Scenarios using OA5510-TE OA5510-TE UNNEL ONFIGURATION CENARIOS USING The OA5510 topology below consists of the following components: • 1 OA5510 • 1 Alcatel-Lucent Brick Figure 48: IPsec Tunnel Interface Configuration Topology Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 679 Consider a VPN Firewall Brick with specific IPsec tunnel configuration with tunnel source being 2.2.2.3 and tunnel destination as 2.2.2.1. ERIFICATION WITH OMMANDS Verify the configuration by using the ‘show crypto’ or ‘show crypto ipsec profile’ command. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 680: Intrusion Detection/Intrusion Prevention System
For instructions on using the commands and to get a detailed description on each of their parameters, refer to the Intrusion Detection/Intrusion Prevention System chapter in the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. This chapter includes the following sections: •...
Page 681: Ids/Ips Overview
IDS/IPS C ONFIGURATION Refer to the following sections to configure IDS/IPS: • “IDS/IPS Configuration Steps” • “IDS/IPS Configuration Flow” • “IDS/IPS Configuration Commands” • “IDS/IPS Configuration Scenario Using OA5510-TE” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 682: Ids/Ips Configuration Steps
(For a detailed information on firewall, refer “Filter and Firewall” chapter.) Step 6: Attach the configured intrusion sensors to the firewall policy. See “To Create a Intrusion Rule Inside a Firewall Policy” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 683 Step 10: Attach the configured firewall policy to appropriate interfaces in the ingress direction of the interface. See “To Attach a Firewall Policy to an Interface” Step 11: View the intrusion sensor configuration using show commands. See “Show Commands” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 684: Ids/Ips Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) IDS/IPS Configuration IDS/IPS C ONFIGURATION Figure 49: IDS/IPS Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 685: Ids/Ips Configuration Commands
XAMPLE ALU(config)#firewall ALU(config-firewall)# intrusion sensor sensor1 snort threshold 10 1000 ALU(config-firewall-intrusion-sensor-sensor1)# ALU(config-firewall)# intrusion sensor sensor1 snort no threshold ALU(config-firewall)# no intrusion sensor sensor1 snort Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 686 OLLBACK NORT ATABASE Command (in Intrusion Snort CM) Description Use this command to rollback to different rollback <version-number> versions of the Snort rule database. XAMPLE ALU(config-firewall-intrusion-snort)#rollback 2.3.1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 687 This command enables you to modify the rule prevention {{{category group level prevention. <name>|classtype <name>| priority {high|low|medium}| reset {category <name>|classtype <name>| priority {high|low|medium}}} XAMPLE ALU(config-firewall-intrusion-snort)# rule prevention category attack-responses Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 688 Modification of rule to $EXTERNAL_NET is shown below: ALU(config-firewall-intrusion-snort)# rule modify 1292 content alert tcp $EXTERNAL_NET any -> $EXTERNAL_NET any (msg:"ATTACK-RESPONSES directory listing"; flow:from_server,established; content:"Volume Serial Number"; classtype:bad-unknown; sid:1292; rev:8;) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 689 Currently, multiple match-lists cannot be associated to a firewall policy rule. To configure more than one match-list within a firewall policy, add multiple rules with different match-lists. XAMPLE ALU(config)#firewall ALU(config-firewall)#policy policy1 ALU(config-firewall-policy1)#1 match m1 intrusion sensor1 detection Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 690 (outgoing) traffic if the “out” keyword is used. Note: The firewall policy will take effect once it is attached to an interface. XAMPLE ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# firewall policy in P1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 691: Ids/Ips Show Commands
Use this command to display snort show firewall intrusion snort signature archives. archives XAMPLE ALU#show firewall intrusion snort archives Version no | Details Date of Download |Time of Downl- 2.3.0 Current initial Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 692 00 00 00 00 00 00 00 00 00 0 0 00 00 00 00 00 00 00 00 00|"; reference:arachnids,449; classtype:attempted-rec on; sid:467; rev:3;) --More-- Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 693 Use this command to display the show firewall intrusion snort information of group of rules that are rule disable disabled. {category|classtype|priority |sid} XAMPLE ALU# show firewall intrusion snort rule disable sid Disable sid: Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 694 ID, category, statistics rule {<1- class type, or priority. 4294967295..>|all|category <name>|classtype <name>| priority {high|low|medium} XAMPLE ALU#show firewall intrusion snort statistics rule all Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 695 Command (in SUM) Description Use this command to display the status show firewall intrusion snort of the Snort signature database update. update [(report|status)] XAMPLE ALU#show firewall intrusion snort update report Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 696: Ids/Ips Clear Commands
Use this command to clear group level clear firewall intrusion Snort statistics. snort statistics rule {<1- 4294967295..>|all|category <name>|classtype <name>| priority {high|low|medium} XAMPLE ALU#clear firewall intrusion snort statistics rule all Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 697: Ids/Ips Debug Commands
Notes: 1. saddr == source address 2. daddr == destination address 3. sport == source port 4. dport == destination port XAMPLE ALU# debug firewall intrusion ALU# no debug firewall intrusion Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 698: Ids/Ips Configuration Scenario Using Oa5510-Te
1. To check firewall policy with IDS/IPS sensor information ALU#show firewall policy p1 ALU#show firewall intrusion sensor ids1 2. To verify firewall intrusion statistics and counters when device detects the intrusion ALU#show firewall intrusion snort statistics Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 699: Ids/Ips Topology
In the topology given below, OA5510 is configured in the Prevention mode. Attacks from PC-1 and PC-2 running application Nessus is intercepted by the OA5510 and dropped. Figure 50: IDS/IPS Topology Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 700 Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) IDS/IPS Configuration Scenario Using OA5510-TE Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 701 Left running head: Chapter name (automatic) Intrusion Detection/Intrusion Prevention System Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 702: Generic Routing Encapsulation
This chapter documents the commands for GRE (Generic Routing Encapsulation) configuration. For more detailed information on the parameter descriptions and their corresponding default values, refer to the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. This chapter includes the following sections: •...
Page 703: Gre Overview
Public addresses must be used for tunnel endpoint addresses. It is possible to use private IP addresses as the GRE tunnel interface IP address allowing a private address VPN to be carried over a public network. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 704: Gre Tunnel Features
Filters can be applied to GRE tunnel interfaces, which means that packet filtering with its corresponding benefits can be offered for GRE tunnels. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 705: Summary
Non IP Packets are not supported in the standard release. But it is available as a part of the component upgrade. • By default, when a tunnel is configured for a destination address, the mode is GRE. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 706: Gre Tunnel Configuration
Configure IP address for the tunnel interface. See “To Configure IP Address on a Tunnel Interface” • Set the mode on the tunnel interface. See “To Configure Mode on a Tunnel Interface” (Optional) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 707 Configure the tunnel destination on the tunnel interface. See “To Configure Destination IP Address for the Tunnel” • Set the Tunnel DF-BIT. See “To Set the Tunnel DF-BIT” (Optional) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 708: Gre Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) GRE Tunnel Configuration GRE C ONFIGURATION Figure 51: GRE Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 709: Gre Cli Commands
Command (in ICM) Description This command is used to assign an IP ip address {<ip-address address and subnet mask to the tunnel subnet-mask>|<ip-address/ interface. prefix-length>} XAMPLE ALU(config-if Tunnel7)# ip address 20.20.20.20/24 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 710 IP address of the address>| <interface-name>} tunnel. XAMPLE ALU(config-if Tunnel7)# tunnel source 10.91.0.7 ALU(config-if Tunnel7)# tunnel source FastEthernet 0 ALU(config-if Tunnel7)# no tunnel source 10.91.0.7 ALU(config-if Tunnel7)# no tunnel source FastEthernet 0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 711 This command sets the value of the DF- tunnel df-bit {clear|set|copy- bit for the Outer-IP header. from-inner-ip} The default DF-BIT value is ‘clear’. XAMPLE ALU(config-if Tunnel7)# tunnel df-bit clear Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 712: Gre Configuration Scenarios Using Oa5510-Te
GRE + IP Filters + DoS • GRE over IPsec 1. GRE C ONFIGURATION The OA5510 topology below consists of the following components: • OA5510-A • OA5510-B Figure 52: GRE Configuration Topology Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 713 ALU-2(config-if Tunnel1)#ip address 192.168.0.2 255.255.255.0 ALU-2(config-if Tunnel1)#no shutdown b) Specify tunnel end-points ALU-2(config-if Tunnel1)#tunnel source 2.2.2.3 ALU-2(config-if Tunnel1)#tunnel destination 2.2.2.1 ERIFICATION WITH OMMAND Verfiry the configuration by issuing “show ip route” command. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 714: Gre + Ip Filters + Dos Configuration
2. GRE + IP F ILTERS ONFIGURATION Figure 53: GRE+ IP Filters + DoS Configuration Topology GRE + IP filters + Dos can be configured to deny/permit specific traffic through the GRE tunnel. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 715 ALU-1(config-fiewall-p1)#match dos attack atk1 drop ALU-1(config-fiewall-p1)#exit d) Apply the firewall policy to the tunnel interface in the ingress direction ALU-1(config)#interface tunnel 1 ALU-1(config-if tunnel1)#firewall policy in p1 ALU-1(config-if tunnel1)#exit Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 716: Gre Over Ipsec Configuration
The following figure displays a typical scenario to configure GRE over IPsec: Figure 54: GRE + IPsec Configuration Topology IPsec is used for transport mode encryption for tunneled traffic only. Ensure tunnel end-point reachability from OA5510-A. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 717 ALU-1(config)#crypto map test ipsec-ike test ALU-1(config-crypto-map-test)#peer 2.2.2.3 ALU-1(config-crypto-map-test)#match tunnel-traffic ALU-1(config-crypto-map-test)#transform-set test ALU-1(config-crypto-map-test)#pfs group2 f) Attach crypto map to the interface ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# crypto map test Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 718 ALU-2(config)#crypto map test1 ipsec-ike test1 ALU-2(config-crypto-map-test1)#peer 2.2.2.1 ALU-2(config)#match tunnel-traffic ALU-2(config)#transform-set test1 ALU-2(config)#pfs group2 f) Attach crypto map to the interface ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# crypto map test1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 719 Left running head: Chapter name (automatic) Generic Routing Encapsulation Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 720: Part 7: Quality Of Service
To switch to the beta version, import color def’ns from beta-colors.fm Part 7 Quality of Service Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle OmniAccess 5510 Unified Services Gateway CLI Configuration Guide section of Beta Beta Beta Beta variable) book...
Page 721 Left running head: Chapter name (automatic) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 722: Quality Of Service
Policy-map Mode Policy Map configured - ALU (config-policy-map)# Class Mode Traffic-class inside a policy-map- ALU (config-policy-map- class)# DSCP Differentiated Services Code Point Random Early Detection WRED Weighted Random Early Detection Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 723: Qos Overview
QoS treatment. We can use IP Precedence to assign values from 0 to 7 to classify and prioritize types of traffic. RED (Random Early Detection) is a congestion avoidance technique. WRED WRED (Weighted Random Early Detection) is also a congestion avoidance technique. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 724 (EF) XPEDITED ORWARDING The intent of the EF Per-Hop Behavior (PHB) is to provide a building block for low loss, low delay and low jitter services. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 725: Alcatel-Lucent Specific Overview On Qos
The class-default traffic class is a non-priority class. • Priority and network-control commands are not applicable for class-default traffic class. 4. Congestion Management • Tail Drop • Active queuing using WRED • Ingress traffic conditioning Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 726 9. Bandwidth Management • Priority Queuing (Bandwidth Allocation) • Weighted Fair Queuing • CBQ (Class Based Queuing) 10. Management Support • • Support for simple configuration (Auto QoS) • Web GUI Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 727: Traffic Without Policing And Shaping
Figure 55: Data Traffic before Policing And Shaping In the above diagram, the portion marked red implies the packet flow exceeding the allowed bandwidth level. If QoS is not implemented, all these packets are dropped. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 728: Traffic With Policing
Figure 56: Data Traffic with Policing The diagram above depicts the traffic flow after implementing Policing. Here, the packets exceeding the available bandwidth are all dropped. This provides for a decent flow of traffic. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 729: Traffic With Shaping
The above diagram depicts the traffic flow after implementing Shaping. Here, the packets are all shaped and queued. The packets exceeding the available bandwidth, is queued up and there is no loss of data. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 730: Hierarchical Queuing
Case class will have more than two branches, for e.g., it could be specific IP source address with all the TCP ports as a leaf nodes. Root class is the tree root. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 731 Chapter name (automatic) Quality of Service Figure 59: Link Sharing Solution Hierarchical queues are configured using ‘service-policy’ command within a policy. Thus policy-in-a-policy configuration provides hierarchal link sharing structure. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 732: Bandwidth Sharing In Tunnels
Also, in order to mange congestion on the physical interface, a policy has to be created on the physical interface, and this policy must include tunnel policy as child policy. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 733: Qos Configuration
Step 3: Configure IP address for the interface ALU(config-if <interface-name>)# ip address {<ip- address subnet-mask>|<ip-address/prefix-length>} Example: ALU(config-if FastEthernet0)# ip address 20.20.20.20/ Step 4: Configure Auto QoS. See “Auto QoS Configuration” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 734 ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if FastEthernet0)# no shutdown Step 8: Configure IP address for the interface ALU(config-if <interface-name>)# ip address {<ip- address subnet-mask>|<ip-address/prefix-length>} Example: ALU(config-if FastEthernet0)# ip address 20.20.20.20/ Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 735 Configure attributes of a Traffic Class. See “Traffic Class Attributes Configuration” • Configure Hierarchical Policy. See “Hierarchical Policy Configuration” • Configure QoS over Tunnel Interface. See “QoS over Tunnel Interface” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 736: Qos Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) QoS Configuration ONFIGURATION Figure 61: QoS Configuration Flow - Auto QoS Procedure Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 737 Left running head: Chapter name (automatic) Quality of Service Figure 62: QoS Configuration Flow - Standard Procedure Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 738: Qos Configuration Commands
Default match-list relationship of a class- map is ‘match-any’. Deletes a configured class-map. no class-map <class-map name> XAMPLE ALU(config)# class-map C1 match-all ALU(config-qos-C1)# ALU(config)# no class-map C1 Class-Map C1 removed. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 739 ALU(config-qos-C1)# 1 match m1 ALU(config-qos-C1)# 2 match m2 Now, to delete the rule having rule number 1, use the ‘no rule’ command: ALU(config-qos-C1)# no rule 1 Rule 1 removed. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 740: Policy Map Configuration
The description for the policy map description <line> configured. XAMPLE ALU(config-qos-P1)# description P1 is the name of the policy- ALU(config-qos-P1)# show policy-map P1 policy-map P1 description P1 is the name of the Policy Map Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 741 This command removes a traffic class associated no class <class-map with the policy map. name> XAMPLE ALU(config-qos-P1)# class C1 ALU(config-qos-P1-C1)# ALU(config-qos-P1-C1)# class class-default ALU(config-qos-P1-class-default)# ALU(config-qos-P1)# no class C1 Class C1 removed. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 742: Attaching A Policy Map To An Interface
ALU(config-if FastEthernet0)# service-policy in P1 Attached QoS policy P1 to the interface. ALU(config)# interface FastEthernet 0 ALU(config-if FastEthernet0)# no service-policy in P1 Detached QoS policy P1 from the interface. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 743: Traffic Class Attributes Configuration
Excess Burst is utilized if configured. If packet cannot be transmitted (due to lack of tokens), packet is dropped and no tokens are removed from the bucket. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 744 Refer ‘Appendix B - QoS Values and Mnemonics’ for IP-DSCP, IP-Precedence, and ToS mnemonics. XAMPLE ALU(config-qos-P1-C1)# police committed-rate 9600 commit-action transmit committed-burst 1500 exceed-action drop ALU(config-qos-P1-C1)# no police Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 745 - Network-control class will have the highest priority among all the traffic classes. - Priority class will have the next priority. - Default class has the least priority. XAMPLE ALU(config-qos-P1-C1)# network-control ALU(config-pmap-P1-C1)# no network-control Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 746 This command deletes the configured no queue-limit queue-limit. By default, a traffic class will have a queue limit of 150. XAMPLE ALU(config-qos-P1-C1)# queue-limit 155 ALU(config-qos-P1-C1)# no queue-limit Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 747 Default Class. This command disables fair queue on no fair-queue the Default Class. XAMPLE ALU(config-qos-P1-C1)# class class-default ALU(config-qos-P1-class-default)# fair-queue Note: Fair queuing is not applicable on hierarchical queuing. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 748 To enable this, use ‘random- detect ip-dscp’ command. Note: The queue limit of the traffic class should be greater than the max thresh value. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 749 Refer ‘Appendix - QoS Values and Mnemonics’ for IP-precedence and IP-dscp default values. XAMPLE ALU(config-qos-P1-C1)#random-detect ip-precedence ALU(config-qos-P1-C1)# random-detect ip-dscp 5 min-thresh 60 max-thresh max-thresh 600 ALU(config-qos-P1-C1)# no random-detect ALU(config-qos-P1-C1)# no random-detect ip-precedence ALU(config-qos-P1-C1)# no random-detect values Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 750 This command removes the bandwidth no bandwidth configuration. Note: You cannot mix the absolute bandwidth command with percentage bandwidth command across sibling classes. XAMPLE ALU(config-pmap-P1-C1)# bandwidth 101 ALU(config-pmap-P1-C1)# no bandwidth Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 751 Note: You cannot mix the absolute bandwidth command with percentage bandwidth command across sibling classes. XAMPLE ALU(config-pmap-P1-C1)# priority bandwidth 101 ALU(config-pmap-P1-C1)# no priority Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 752: Auto Qos Configuration
This command disables Auto QoS VoIP no auto qos voip on an interface. XAMPLE ALU(config-if Serial0:0)# auto qos voip ALU(config-if Serial0:0)# no auto qos Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 753 This command removes the specified no auto qos template {diff- Auto QoS template. serv|voip} <policy-map name> XAMPLE ALU(config)# auto qos template voip p1 ALU(config)# no auto qos template voip p1 Auto-QoS template removed Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 754: Hierarchical Policy Configuration
ALU(conifg)# policy-map p2 ALU(config-qos-p1)# class c2 ALU(config-qos-p1-c2)# Now, policy p2 can be included in the policy p1 using the ‘service-policy command. ALU(conifg)# policy-map p1 ALU(config-qos-p1)# class c1 ALU(config-qos-p1-c1)# service-policy p2 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 755 In this case, the class c2 will get 10% of the zero (class c11 share is 0). It is the time of the congestion but if the bandwidth is unused by the other classes, then c2 can have some bandwidth (10% of available bandwidth). Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 756 ALU(config-qos-p2)# class c2 ALU(config-qos-p2-c2)# ALU(config-qos-p1-c1)# service-policy p2 In the above example, class c2 is child of the class c1. c1 is random-detect enable, it implies that c2 is also random-detect enable. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 757 ALU(conifg)# policy-map p2 ALU(config-qos-p2)# class c2 ALU(config-qos-p2-c2)# ALU(config-qos-p1-c1)# service-policy p2 In the above example, class c2 will also have queue limit 150, which is inherited from its parent class. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 758 Queue limit for class c11 = 200 You are not allowed to configure the queue limit of a parent class if one of its child is having the queue limit configured. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 759: Qos Over Tunnel Interface
Tunnel command is just like a class command in a policy map. The only difference is that service-policy command is not allowed in this mode. The commands like bandwidth, priority, shape, random-detect is allowed in this mode. XAMPLE ALU(config-qos-P1)# tunnel Tunnel 1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 760 This command is used to enable pre- classification on the tunnel interface. This command disables the pre- no qos-preclassify classification. XAMPLE ALU(config)# interface tunnel 1 ALU(config-tunnel1)# qos-preclassify ALU(config-tunnel1)# no qos-preclassify Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 761: Qos Show Commands
[<name>] specified policy map configured in the system. XAMPLE ALU# show policy-map P1 policy-map p1 interface serial0:0 EGRESS 10 class cm_ef random-detect ip-dscp 20 class cm_af11 65535 class class-default Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 762 XAMPLE ALU(config)# show random-detect-defaults ip-dscp ip-dscp Min-Thresh Max-Thresh Drop-Probability af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 ALU(config)# show random-detect-defaults ip-precedence ip-precedence Min-Thresh Max-Thresh Drop-Probability Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 763 0 bytes transmitted, 0 packets dropped, 0 bytes dropped, Class L2-network-control 0 packets total, 0 bytes total, 0 packets transmitted, 0 bytes transmitted, 0 packets dropped, 0 bytes dropped, Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 764 Packets dropped 0 Packets dequeued 0 Bytes dequeued 0 class c15 Packets dropped 0 Packets dequeued 0 Bytes dequeued 0 interface Serial0:0 service-policy out t class class-default Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 765 90000 committed-burst 6000 police committed-rate 9600 commit-action drop committed-burst 1500 exceed-action drop excess-burst 2000 violate-action transmit queue-limit 155 random-detect ip-dscp 0 min-thresh 50 max-thresh 150 policy-map p2 class c2 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 766 9600 commit-action drop committed-burst 1500 exceed-action drop excess-burst 2000 violate-action transmit queue-limit 155 random-detect ip-dscp 0 min-thresh 50 max-thresh 150 interface FastEthernet0 service-policy in p1 interface Serial0:0 service-policy out p1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 767 100 max-threshold 300 random-detect ip-dscp class autoqos-class-af4 match ip any any dscp af41 match ip any any dscp af42 match ip any any dscp af43 bandwidth percent 20 queue-limit 350 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 768 70 set ip-dscp ef class-default fair-queue set ip-dscp default Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 769: Qos Clear Commands
LEAR OMMANDS LEAR UEUING TATISTICS Command (in SUM/CM) Description This command clears the QoS statistics clear queuing statistics on that particular interface. [{<interface-name> {in|out}|in|out}] XAMPLE ALU# clear queuing statistics Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 770: Qos Test Scenarios On Oa5510
ALU(config)#match-list allow-traffic ALU(config-match-list-allow-traffic)#ip host 192.168.1.2 host 192.168.2.2 ALU(config)#class-map class1 ALU(config-cmap)#match any allow-traffic ALU(config-cmap)#exit 2. Define policy map with traffic class ALU(config)#policy-map flow-policy ALU(config-qos-flow-policy)#class class1 ALU(config-qos-flow-policy-class1)#shape committed-rate 5000000 commited-burst 1600 ALU(config-qos-flow-policy-class1)#exit Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 771: Priority Queuing
(by virtue of its high priority), ping will still go through even though IP traffic is dropped. 1. Define class map to match ICMP egress traffic ALU(config)#match-list icmp-traffic ALU(config-match-list-icmp-traffic)#icmp any any ALU(config)#class-map priority-traffic ALU(config-class-map priority-traffic)#match any icmp- traffic ALU(config-class-map priority-traffic)#exit Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 772 Since all egress traffic are given same treatment by OA5510- A, ping gets dropped randomly along with IP traffic. 2. By configuring priority on OA5510-A, we can verify that IP traffic gets dropped without compromising ICMP. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 773 Left running head: Chapter name (automatic) Quality of Service Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 774: Part 8 Tcp/Ip Services
To switch to the beta version, import color def’ns from beta-colors.fm Part 8 TCP/IP Services Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle OmniAccess 5510 Unified Services Gateway CLI Configuration Guide section of Beta Beta Beta Beta variable) book...
Page 775 Left running head: Chapter name (automatic) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 776: Dhcp (Dynamic Host Configuration Protocol)
For instructions on using the DHCP Server commands and descriptions on each of their parameters with the corresponding default values for each, refer to the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. This chapter includes the following sections: •...
Page 777: Dhcp Server Overview
If the pool specific options are not configured, the global options will be checked if both of them are not configured then the particular option will not be returned in the response message. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 778: Dhcp Server Configuration
Step 5: Configure DHCP pool. See “To Configure DHCP Pool” • Configure network pool. See “To Configure a Network Pool” • Configure Network range for the pool. See “To Configure a Network Range” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 779 “To Configure a Host Pool” • Configure DHCP Options. See “To Configure DHCP Options” Step 7: View the DHCP server configuration by using the show commands. See “DHCP Server Show Commands” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 780: Dhcp Server Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) DHCP Server Configuration DHCP S ERVER ONFIGURATION Figure 65: DHCP Server Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 781: Dhcp Server Configuration Commands
This command enters the DHCP pool sub-configuration mode. Deletes a configured DHCP pool. no ip dhcp pool <pool-name> XAMPLE ALU(config)# ip dhcp pool p1 ALU(config-dhcp-pool-p1)# ALU(config)# no ip dhcp pool p1 Pool Deleted Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 782 Deletes a configured network range. no range {<lower ip-address> <higher ip-address> |<automatic>} Note: The network configuration for a pool must exist before a range can be specified. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 783 Deletes the manual binding between the no host <ip-address> <mac- host and IP address specified for it. address> XAMPLE ALU(config-dhcp-pool-p2)# host 1.2.3.66 1122.aabb.55ff ALU(config-dhcp-pool-p2)# no host 1.2.3.66 1122.aabb.55ff Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 784 IP address from any available DHCP server. Typically this is used if the renewal request fails. Default value of the rebinding time is 87.5% of the lease time. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 785 ALU(config)# ip dhcp option renewal-time 86400 ALU(config)# ip dhcp option routers 1.1.1.1 ALU(config)# ip dhcp option subnet-mask 255.255.255.0 ALU(config)# ip dhcp option tftp-server 3.2.2.1 ALU(config)# ip dhcp option time-offset 100 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 786 [no] option tftp-server IP address/domain name of the TFTP <string> server. This command is used to determine the [no] option time-offset <1- time variation from GMT (in seconds). 4294967295> Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 787 ALU(config-dhcp-pool-p1)# option log-server 1.1.1.1 ALU(config-dhcp-pool-p1)# option ntp-server 1.1.1.1 ALU(config-dhcp-pool-p1)# option rebinding-time 50000 ALU(config-dhcp-pool-p1)# option renewal-time 86400 ALU(config-dhcp-pool-p1)# option routers 1.1.1.1 ALU(config-dhcp-pool-p1)# option subnet-mask 255.255.255.0 ALU(config-dhcp-pool-p1)# option tftp-server 3.2.2.1 ALU(config-dhcp-pool-p1)# option time-offset 100 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 788: Dhcp Server Show Commands
255.255.255.0 Number of leases Pool Range 1.2.3.50 / 1.2.3.100 Boot-File Name boot_image ALU(config)# show ip dhcp pools p2 Pool Name Pool Host Address 1.2.3.66 Pool Host Mac Address 11:22:aa:bb:55:ff Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 789 INFINITE MANUAL (config)# show ip dhcp bindings dynamic IP Address Hardware Address Lease Expiration Type Pool ========== ================= ======================== ======= ===== 10.91.2.87 00:0f:fe:3a:63:da Wed Jan 17 23:38:11 2007 DYNAMIC Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 790 This command shows the DHCP server show ip dhcp server statistics statistics. XAMPLE ALU(config)# show ip dhcp server statistics Message Received DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM Message Sent DHCPOFFER DHCPACK DHCPNAK Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 791: Dhcp Server Test Scenarios Using Oa5510-Te
Figure 66: DHCP Server Test Scenario using OA5510-TE Consider a scenario with OA5510 as a DHCP Server, with two hosts Host 1 and Host 2 connected to LAN, with MAC address 0100:0b6a:e295 and 1122:aabb:55ff respectively. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 792: Configuration Steps
DHCP server assigns the IP addresses within the network range configured for the pool p1. This can be verified by giving the show command ‘show ip dhcp bindings [{dynamic|manual|pool <name>}]’ Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 793 Left running head: Chapter name (automatic) DHCP (Dynamic Host Configuration Protocol) Server Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 794: Tftp (Trivial File Transfer Protocol) Server
For instructions on using the TFTP Server commands and descriptions on each of their parameters with the corresponding default values for each, refer to the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. This chapter includes the following sections: •...
Page 795: Tftp Server Overview
By default, the TFTP service is disabled and you should 'enable' the TFTP server explicitly for the service to become available. Note: Currently, we do not support uploading of files to the TFTP server running on OA5510- Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 796: Tftp Server Configuration
See “To Configure Files for Download Through TFTP and to Create File Alias” Step 3: View the TFTP files using the show command. See “To View TFTP Files” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 797: Tftp Server Configuration Flow
Left running head: Chapter name (automatic) TFTP (Trivial File Transfer Protocol) Server TFTP S ERVER ONFIGURATION Figure 67: TFTP Server Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 798: Tftp Server Configuration Commands
This command is used to remove the file no tftp-server from the tftp file-list. {user:<filename with path> |alias <file-alias>} If a file is removed from the tftp-file list, then all its aliases are also removed. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 799: Tftp Show Commands
This command shows the list of files show tftp files configured for download through the TFTP server. XAMPLE ALU(config)# show tftp files TFTP-File Alias ---------------------------------------------------- N.A. /tftpd N.A. /voip/www/voip/update.php N.A. /voip/www/voip/update.php voiptest Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 800: Dhcp (Dynamic Host Configuration Protocol) Relay
For instructions on using the DHCP Relay commands and descriptions on each of their parameters with the corresponding default values for each, refer to the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. This chapter includes the following sections: •...
Page 801: Dhcp Relay Overview
The relay agent allows the client and server to reside on different subnets. LCATEL UCENT PECIFIC VERVIEW DHCP Relay forwarding to the DHCP server is implemented directly or via rebroadcast on another interface on OA5510-TE. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 802: Dhcp Relay Configuration
“To Relay DHCP Packets to Server”, “To Relay Requests to Interface”. Step 5: View the DHCP Relay configuration by using the show commands. See “To View DHCP Relay Configuration”. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 803: Dhcp Relay Configuration Flow
Left running head: Chapter name (automatic) DHCP (Dynamic Host Configuration Protocol) Relay DHCP R ELAY ONFIGURATION Figure 68: DHCP Relay Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 804: Dhcp Relay Configuration Commands
This command is used to disable relay of no ip dhcp relay interface DHCP requests to the specified <interface-name> interface. XAMPLE ALU(config-if FastEthernet0)# ip dhcp relay interface Serial ALU(config-if FastEthernet0)# no ip dhcp relay interface Serial Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 805 Description This command shows the DHCP Relay show ip dhcp relay configuration of all/an interface. [<interface-name>] XAMPLE ALU(config)# show ip dhcp relay Interface Relay destination FastEthernet0 192.168.1.1 FastEthernet0 Serial0:0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 806: Dhcp Relay Test Scenarios Using Oa5510-Te
Note: If you configure relay via IP address and interface, preferred method of relaying DHCP would be via "relay to address" as it reduces broadcast load. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 807 Left running head: Chapter name (automatic) DHCP (Dynamic Host Configuration Protocol) Relay Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 808: Dns (Domain Name Service)
For instructions on using the DNS Client commands and descriptions on each of their parameters with the corresponding default values for each, refer to the OmniAccess 5510 Unified Services Gateway CLI Command Reference Guide. This chapter includes the following sections: •...
Page 809: Dns Client Overview
IP addresses, and vice-versa. DNS C LIENT ONFIGURATION This chapter includes the following sections: • “DNS Client Configuration Steps” • “DNS Client Configuration Flow” • “DNS Client Configuration Commands” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 810: Dns Client Configuration Steps
• To translate a DNS name to an IP address or vice-versa. Step 7: View the DNS Client by using the show commands. See “To View DNS Client Configuration” Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 811: Dns Client Configuration Flow
Left running head: Chapter name (automatic) DNS (Domain Name Service) Client DNS C LIENT ONFIGURATION Figure 70: DNS Client Configuration Flow Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 812: Dns Client Configuration Commands
XAMPLE ALU(config)# ip name-server 1.1.1.1 1.1.1.2 1.1.1.3 ALU(config)# ip name-server 1.1.1.1 primary ALU(config)# ip name-server 1.1.1.2 secondary ALU(config)# no ip name-server 1.1.1.1 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 813 This command is used to delete an entire no ip domain-list [<name>] domain list or a specific domain name from the domain list. XAMPLE ALU(config)# ip domain-list test ALU(config)# no ip domain-list Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 814 This command deletes the configured no ip host-max-age host-max-age, and resets to its default. The default host-max-age is 300 seconds. XAMPLE ALU(config)# ip host-max-age 100 ALU(config)# no ip host-max-age Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 815 NFORMATION Command (in SUM/CM) Description This command clears the dynamically clear host {*|<host-name>} learnt name/address mapping, or all such mappings if "*" is specified. XAMPLE ALU(config)# clear host * Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 816: Dns Client Test Scenario Using Oa5510-Te
IP address for the URL, it sends an echo request to that IP. If the query fails or the DNS server does not have any entry, the user is shown an error "% Unrecognized host or address." Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 817 Left running head: Chapter name (automatic) DNS (Domain Name Service) Client Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 818: Part 10 Appendices
To switch to the beta version, import color def’ns from beta-colors.fm Part 10 Appendices Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle OmniAccess 5510 Unified Services Gateway CLI Configuration Guide section of Beta Beta Beta Beta variable) book...
Page 819 Left running head: Chapter name (automatic) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 820: A Well Defined Port Numbers For Services
43/tcp/udp whois tacacs 49/tcp/udp TACACS re-mail-chk 50/tcp/udp Remote Mail Checking Protocol 53/tcp/udp Domain Name Server 1035, 1183, 2535, 1712, 1886, 1876, 2065, 2053, 2538, 2671 whois++ 63/tcp/udp Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 821 137/tcp/udp NETBIOS Name Service netbios-dgm 138/tcp/udp NETBIOS Datagram Service SMB/Netbios 139/tcp/udp NETBIOS Internet Drafts imap2 143/tcp/udp Interim Mail Access Proto v2 snmp 161/udp Simple Network Mgmt Protocol Internet Drafts Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 822 369/tcp/udp Coda portmapper codaauth2 370/tcp/udp Coda authentication server ulistproc 372/tcp/udp UNIX Listserv ldap 389/tcp/udp svrloc 427/tcp/udp Server Location Protocl mobile ip- 434/tcp/udp agent mobilip-mn 435/tcp/udp https 443/tcp/udp MCom Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 823 LDAP over SSL acap 674/tcp/udp ha-cluster 694/tcp/udp Heartbeat HA-cluster kerberos-adm 749/tcp/udp Kerberos `kadmin' (v5) kerberos-iv 750/tcp/udp kerberos4 kerberos-sec kdc webster 765/tcp/udp Network dictionary phonebook 767/tcp/udp Network phonebook rsync 873/tcp/udp rsync Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 824 / old radacct entry kermit 1649/tcp/udp l2tp 1701/tcp/udp h323gatedisc 1718/tcp/udp h323gatestat 1719/tcp/udp h323hostcall 1720/tcp/udp tftp-mcast 1758/tcp/udp mtftp 1759 udp hello 1789/tcp/udp radius 1812/tcp/udp Radius radius-acct 1813/tcp/udp Radius Accounting 1911/tcp/udp Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 825 Internet Cache Protocol V2 (Squid) mysql 3306/tcp/udp MySQL trnsprntproxy 3346/tcp/udp Transparent Proxy 4011/udp PXE server rwhois 4321/tcp/udp Remote Who Is krb52 4444/tcp/udp Kerberos 5 to 4 ticket xlator 5002/tcp/udp Radio Free Ethernet Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 826 NetBackup) bpjava-msvc 13722/tcp/udp BP Java MSVC Protocol vALU 13724/tcp/udp Veritas Network Utility bpcd 13782/tcp/udp VERITAS NetBackup vopied 13783/tcp/udp VOPIED Protocol wnn6 22273/tcp/udp wnn4 quake 26000/tcp/udp wnn6-ds 26208/tcp/udp traceroute 33434/tcp/udp Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 827 Left running head: Chapter name (automatic) Well Defined Port Numbers for Services RFCs/ Name Protocol Type Description References tfido 60177/tcp/udp Ifmail fido 60179/tcp/udp Ifmail Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 828: B Rfcs Supported By Oa5510-Te
RFC 4335 RFC 4344 RFC 4345 RFC 4419: Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol VRRP RFC 3768 802.1D-2004 - Spanning Tree 802.1Q - Virtual LANs Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 829: Layer-2 Protocols
RFC 1657 Definitions of Managed Objects for BGP-4 using SMIv2 RFC 2796 BGP Route Reflection An Alternative to full mesh IBGP RFC 2842 Capabilities Advertisement with BGP-4 [obsoleted by rfc3392] Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 830: Ipsec Vpn
RFC 2475 Architecture for Differentiated Service RFC 2597 Assured Forwarding PHB Group RFC 2598 Expedited Forwarding PHB RFC 2697 Single Rate Three Color Marker RFC 2698 Two Rate Three Color Marker Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 831 Left running head: Chapter name (automatic) RFCs Supported by OA5510-TE Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 832 Local backups can fail due to these reasons. 1. If the backup is being taken into fpkey and it cannot be mounted, then “Failed to mount Fpkey” is displayed. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 833: C Failure Scenarios While Installing Oa5510-Te Software Package
4. Write error at server side - There has been a write error at the remote site. Probably there was no space left. 5. Error in Connection Establishment - The connection to server timed-out. Maybe the remote server is not running. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 834: D Qos Values And Mnemonics
QoS Values and Mnemonics Appendix D QoS Values and Mnemonics EFAULT ALUES FOR ANDOM DETECT IP PRECEDENCE ip-precedence Min-Threshold Max-Threshold Drop-Probability EFAULT ALUES FOR ANDOM DETECT IP DSCP ip-dscp Min-Threshold Max-Threshold Drop-Probability Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 835 Left running head: Chapter name (automatic) QoS Values and Mnemonics ip-dscp Min-Threshold Max-Threshold Drop-Probability Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 836 Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) QoS Values and Mnemonics ip-dscp Min-Threshold Max-Threshold Drop-Probability Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 837: Ip-Dscp Mnemonics
Left running head: Chapter name (automatic) QoS Values and Mnemonics IP-DSCP M NEMONICS DSCP Mnemonics Values default af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 838: Ip-Precedence Mnemonics
Heading1 or Heading1NewPage text (automatic) QoS Values and Mnemonics PRECEDENCE NEMONICS IP-Precedence Mnemonics Values routine priority immediate flash flash-override critical internet network NEMONICS TOS Mnemonics Values min-delay max-tput max-reli flash normal Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 839 Left running head: Chapter name (automatic) QoS Values and Mnemonics Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 840 The test network consists of VPN Firewall Brick running a crypto image. The IPsec tunnel is created for the host 10.91.10.2/24 and 192.168.60.18/24 to communicate in a secure manner. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 841 IP address configured on the interface pointing the external network: interface Serial 0:0 ip address 203.124.152.254/24 no shutdown Default route pointing to the next hop: ip route 0.0.0.0/0 203.124.152.50 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 842: Configuring Ipsec Tunnel Between Oa5510-Te And Vpn Firewall Brick
! Applied to : Serial 0:0 Crypto map applied on the interface pointing to the external network: interface Serial 0:0 crypto map ALU line vty 4 transport input none line con 0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 843 VPN Firewall Brick offers a web Graphical User Interface (GUI), which enables you to configure the IPsec tunnel. The steps are as given below. Figure 73: LAN Tunnel Editor - Endpoint 1 - Endpoint 2 - (a) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 844 Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) Configuring IPsec Tunnel Between OA5510-TE and VPN Firewall Brick Figure 74: LAN Tunnel Editor - Endpoint 1 - Endpoint 2 - (b) Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 845: Verification
IP Security Interoperability of OA5510-TE Figure 75: LAN Tunnel Editor - Endpoint 1 - Endpoint 2 - (c) ERIFICATION On OA5510, the tunnel can be verified by issuing ‘show crypto ipsec sa’ command. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 846: Configuring Ipsec Between Oa5510-Te And Sonicwall (Pro 3060)
The tunnel is built to allow network behind the OA5510 gateway (192.168.1.0) to communicate with network behind Sonicwall (10.91.10.0). The IPsec tunnel hence built allows the networks to communicate with each other in a secure manner. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 847 ! Port Based VLAN Interface Configurations! no shutdown ip route 0.0.0.0/0 203.124.152.50 Match-list created for the two subnets to communicate with each other: match-list m1 1 ip prefix 192.168.1.0/24 prefix 10.91.10.0/24 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 848 Crypto map applied to the interface connected to public network: ! Applied to : Serial 0:0 interface Serial 0:0 crypto map mymap line vty 4 transport input none line con 0 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 849 IP address. This internal network is called "localnet" behind the Sonicwall. Figure 77: Configuring Local network behind Sonicwall • Enter the local IP address and the Subnet Mask. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 850 Figure 78: Configuring External IP Address for Sonicwall • Enter the WAN IP address and the Subnet Mask. Note: Reboot Sonicwall for the configured IP address to come into effect. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 851 Select VPN > Settings > Add > General to configure IPsec policy. Figure 79: Configuring IPsec Policy and Destination Network • Select the IPsec keying mode. Enter the policy name, peer IP address, key, and destination network. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 852 Figure 80: Configuring IPsec Phase 1 and Phase 2 Proposals • Select the appropriate algorithms for Phase 1 and Phase 2 Proposals. • Enable PFS Group and enter the lifetime. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 853: Verifying The Configuration
The VPN configuration on the OA5510 can be verified by using the commands ‘show crypto map’ and ‘show crypto’. The tunnel setup on Sonicwall can be verified by viewing the Log page. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 854: F Software Licenses And Acknowledgements
• libxslt • BusyBox • iputils • e2fsprogs • InetUtils, gawk, GDB • cURL • PCRE • Licenses • GNU General Public License • GNU Lesser General Public License Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 855 Marvell reserves the right at its sole discretion to request that this code be immediately returned to Marvell. This code is provided "as is". Marvell makes no warranties, express, implied or otherwise, regarding its accuracy, completeness or performance. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 856 Note: The CREDIT file distributed with uboot source acknowledges all other Authors who have contributed to uboot source and have copyright on specific files. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 857 RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 858 It is provided "as is" without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 859: Dhcp
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 860: Tftp-Hpa
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 861: Net-Snmp
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Copyright (c) 1990 The Regents of the University of California. All rights reserved. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 862 ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 863: Openssh
3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 864 SHALL TODD C. MILLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 865: Zebra Cli
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. A copy of the GNU General Public License is provided at the end of this chapter, and also available from http://www.gnu.org/licenses/gpl.html Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 866: Gnu Pth - The Gnu Portable Threads
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 867: Strongswan Ike
4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 868: Snort
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. A copy of the GNU General Public License is provided at the end of this chapter, and also available from http://www.gnu.org/licenses/gpl.html Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 869: Mbedthis Appweb
Except as contained in this notice, the name of the authors shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization from him. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 870: Busybox
3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 871 In no event will Sun Microsystems, Inc. be liable for any lost revenue or profits or other special, indirect and consequential damages, even if Sun has been advised of the possibility of such damages. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 872: E2Fsprogs
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. A copy of the GNU General Public License is provided at the end of this chapter, and also available from http://www.gnu.org/licenses/gpl.html Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 873: Curl
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 874: Md5
It is provided "as is" without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 875: Gnu General Public License
To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 876 But when you distribute the same sections as part of a whole which is a work based Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 877 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 878 General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 879 "copyright" line and a pointer to where the full notice is found. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 880 If this is what you want to do, use the GNU Lesser General Public License instead of this License. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 881: Gnu Lesser General Public License
Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 882 Lesser General Public License (also called "this License"). Each licensee is addressed as "you". Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 883 Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 884 Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 885 * e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 886 You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 887 For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 888 This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 889 Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker. signature of Ty Coon, 1 April 1990 Ty Coon, President of Vice Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 890 Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) Software Licenses and Acknowledgements Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 891 Left running head: Chapter name (automatic) Software Licenses and Acknowledgements Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 892 Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) Software Licenses and Acknowledgements Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 893 Left running head: Chapter name (automatic) Software Licenses and Acknowledgements Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 894 Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) Software Licenses and Acknowledgements Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...
Page 895 Left running head: Chapter name (automatic) Software Licenses and Acknowledgements Alcatel-Lucent OmniAccess 5510 Unified Services Gateway CLI Configuration Guide Beta Beta...