Download Print this page

Alcatel-Lucent OmniAccess 700 Cli Configuration Manual

Release versions: 2.2, 2.2-r02, 2.3

Hide thumbs Also See for OmniAccess 700:

Brochure (2 pages)

,

Getting started manual (25 pages)

,

User manual (359 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual

CLI Configuration Guide

Release Versions:

2.2

2.2-R02

2.3

Notes on numbered items on banner & legal pages

1

OmniAccess 700

Beta

US Customer Support—(800) 995-2696

International Customer Support—(818) 878-4507

Internet—service.esd.alcatel-lucent.com

Website: www.alcatel-lucent.com

Man26801 West Agoura Road

Calabasas, CA 91301

(818) 880-3500

FAX (818) 880-3505

support@ind.alcatel.com

Part No: 060223-00, Rev B

1

2

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the OmniAccess 700 and is the answer not in the manual?

Questions and answers

Summary of Contents for Alcatel-Lucent OmniAccess 700

Page 1 For final production, import color definitions from \\daldoc01\docteam\templates\framemaker\book-template\color-defs\ production-colors.fm. OmniAccess 700 CLI Configuration Guide Release Versions: 2.2-R02 Notes on numbered items on banner & legal pages Man26801 West Agoura Road Calabasas, CA 91301 (818) 880-3500 FAX (818) 880-3505 support@ind.alcatel.com Beta US Customer Support—(800) 995-2696...
Page 2 The following information is for the Users of the OmniAccess 700: If it is not installed in accordance with the installation instructions, it may not function exactly to the said specifications. Modifying the equipment without Alcatel-Lucent’s written authorization may result in the equipment no longer...
Page 3: Table Of Contents
Table of Contents Preface......................1 About This Guide ........................1 Audience ........................... 1 Organization..........................2 Part I - Introduction ......................2 Part II - LAN Interfaces ....................... 2 Part III- WAN Interfaces...................... 3 Part IV - Packet Classification .................... 4 Part V - Routing Protocols ....................
Page 4 Partial Commands ......................30 Command Line Editing ..................... 31 Command History ......................33 Configuring Interfaces ......................34 Interface Configuration Commands.................. 34 Interface Types and Limitations..................34 Common Interface Configuration Commands ..............34 Interface Show Commands ....................35 Clear Interface Commands....................39 Shutting Down and Bring Up an Interface ................
Page 5 Example 2......................... 86 Example 3......................... 86 Saving Log Messages......................87 Example..........................87 Viewing Tech Support ...................... 88 Example..........................88 The File System ........................89 Example 1......................... 89 Example 2......................... 90 Copying Files........................90 Example..........................90 Deleting Files........................91 Example..........................91 Configuration File Management ..................
Page 6 Ethernet Basics ......................152 Ethernet Terminologies ....................153 Switched Ethernet ......................154 Full-duplex Ethernet ....................... 154 Alcatel-Lucent Specific Overview on Ethernet Interfaces ..........154 Ethernet Configuration ......................155 Ethernet Interface Configuration Steps ................155 Ethernet Interface Configuration Flow ................156 Ethernet Interface Configuration Commands ..............
Page 7 Procedure ........................197 8 Integrated Routing and Bridging ..............199 Chapter Conventions ...................... 199 Integrated Routing and Bridging Overview ................200 Alcatel-Lucent Specific IRB Overview ................200 Configuration........................201 IRB Configuration Steps ....................201 IRB Commands ......................202 IRB Configuration using OA-700...................
Page 8 E1 Interface Overview......................237 E1 Timeslot Functionalities..................... 237 Mechanisms Supported by the E1 interface ..............238 E1 Modes of Operation....................239 Alcatel-Lucent Specific Overview ................... 239 E1 Configuration ........................240 E1 Configuration Steps....................240 E1 Configuration Flow ....................242 E1 Configuration Commands ..................
Page 9 16 Point-to-Point Protocol over Ethernet (PPPoE)........335 Chapter Conventions ...................... 335 PPPoE Overview........................336 PPPoE Operation ......................336 Alcatel-Lucent Specific Overview on PPPoE Features ..........336 PPPoE Configuration ......................337 PPPoE Configuration Steps ................... 338 PPPoE Configuration Flow ..................... 340 PPPoE Configuration Commands ..................
Page 10 Alcatel-Lucent Specific Overview on MLPPP Features ..........350 MLPPP Configuration......................351 MLPPP Configuration Steps ................... 352 MLPPP Configuration Flow .................... 354 MLPPP Configuration Commands.................. 355 MLPPP Show Commands ....................357 MLPPP Configuration Example..................... 358 18 Multilink Frame Relay.................361 Chapter Conventions ......................
Page 11 Part 4: Common Classification 20 Common Classifiers...................409 Chapter Conventions ...................... 409 CC Overview ......................... 410 Benefits of Alcatel-Lucent Devices Common Classifiers ..........411 CC Architecture ......................411 Before you Configure CC ....................412 Configuration........................413 CC Configuration Steps ....................413 Elements Used in Configuring CC ..................
Page 12 23 Border Gateway Protocol ................493 Chapter Conventions ...................... 493 Overview........................494 BGP Configuration ........................ 495 BGP Configuration Steps ....................495 BGP Configuration Flow ....................497 BGP Configuration Commands ..................498 BGP Show Commands....................500 BGP Clear Commands ....................503 A Typical BGP Example Using OA-700 ................
Page 13 Verifying Multicast Routing ..................... 575 26 Policy Based Routing.................577 Chapter Conventions ...................... 577 Overview........................578 Alcatel-Lucent Specific Overview ................... 578 PBR Configuration ........................ 579 PBR Configuration Steps....................579 PBR Configuration Flow ....................581 PBR Configuration Commands ..................582 Show Commands in PBR ....................
Page 14 DNAT Configuration Flow ....................631 DNAT Configuration Commands ..................632 Sample Configuration Example of DNAT on OA-700 ............. 635 Bypass IPsec Traffic....................... 636 NAT Show Commands ....................637 NAT Clear Commands ....................639 NAT Debug Commands ....................640 Modifying NAT Configuration ....................
Page 15 Customized-service Rule Based ALG Configuration ............720 Customizing ALG Commands ..................720 NOE ALG Configuration......................723 Persistent Memory......................723 Alcatel-Lucent Specific Overview ................... 723 NOE ALG Configuration Steps ..................724 NOE ALG Configuration Commands ................725 NOE Show Commands ....................727 NOE Clear Commands....................
Page 16 IPsec Tunnel Configuration Scenarios using OA-700............815 31 Intrusion Detection System ...............817 Chapter Conventions ...................... 817 IDS Overview ........................818 Alcatel-Lucent Specific Overview ................... 818 Configuration........................818 IDS Configuration Steps ....................819 IDS Configuration Flow....................821 IDS Configuration Commands ..................822 IDS Show Commands ....................
Page 17 ...................... 837 GRE Overview ........................838 GRE Tunnel Setup ......................838 GRE Tunnel Features..................... 839 Summary ........................840 Alcatel-Lucent Specific Overview ................... 840 GRE Tunnel Configuration ....................841 GRE Configuration Steps ....................841 GRE Configuration Flow ....................843 GRE Configuration Commands ..................
Page 18 36 Quality of Service ..................915 Chapter Conventions ...................... 915 QoS Overview ........................916 Generic terms used in QoS .................... 916 Alcatel-Lucent Specific Overview on QoS ..............918 Traffic Without Policing and Shaping................920 Traffic with Policing......................921 Traffic with Shaping ......................922 Hierarchical Queuing ......................
Page 19 QoS on Frame Relay (Per-PVC Queuing) ................965 QoS on FR and FR Sub Interface .................. 965 Frame Relay Queuing and Fragmentation at the Interface ..........966 Alcatel-Lucent Specific Overview ................... 967 QoS on FR Configuration Steps ..................968 QoS on FR Configuration Commands................971 QoS on FR Sub Interface Configuration Commands .............
Page 20 39 DHCP (Dynamic Host Configuration Protocol) Relay ......1001 Chapter Conventions ....................1001 DHCP Relay Overview......................1002 Alcatel-Lucent Specific Overview ................. 1002 DHCP Relay Configuration ....................1003 DHCP Relay Configuration Steps................. 1003 DHCP Relay Configuration Flow .................. 1004 DHCP Relay Configuration Commands ...............
Page 21 Part 10: Lifeline (Dedicated Management Framework) 42 Lifeline .......................1033 Chapter Conventions ....................1034 Lifeline Overview ......................1035 Lifeline Features ......................1036 Failure Modes supported by Lifeline................1038 Failure Detection ......................1039 Failure Notification......................1040 Interface Cards that are Currently Supported............... 1040 Functionality Available in Lifeline Mode................
Page 22 ............................14 ............................14 C Failure Scenarios While Installing OA-700 Software Package....15 Failure Scenarios While Installing ................... 15 D QoS Values and Mnemonics ...............17 Default Values for Random-detect ip-precedence............17 Default Values for Random-detect ip-dscp ............... 17 IP-DSCP Mnemonics......................20 IP-precedence Mnemonics....................
Page 23 e2fsprogs.......................... 57 InetUtils, gawk, GDB ......................57 cURL..........................58 PCRE..........................58 ..........................59 GNU General Public License.................... 60 GNU Lesser General Public License ................66 Mozilla Public License ...................... 75...
Page 24 LFI Configuration on MLPPP 389 End-to-End Fragmentation Format 392 LFI - FR Configuration Flow 398 LFI Configuration on FR 405 Depicting Alcatel-Lucent’s Common Classification 410 Elements in Common Classifiers 411 RIP Configuration Flow 472 BGP Configuration Flow 497 BGP Configuration Scenario 506...
Page 25 PIM Configuration Flow 551 IGMP Configuration Flow 563 Multicast Configuration Scenario 571 PBR Configuration Flow 581 VRF-CE Deployment Scenario 591 VRF CE with MPLS Backbone 592 VRF-CE Configuration Flow 595 SNAT Configuration Flow 620 DNAT Configuration Flow 631 Depicting ALG Scenario 649 Filter Configuration Flow 654 Network Attack Prevention Flowchart 677 Figure Depicting Three Zones 697...
Page 26 DNS Client Configuration Flow 1012 DNS Client Test Scenario using OA-780 1017 Separate Management Plane 1036 N+1 Redundant Management Architecture 1037 Uninterrupted Access to System Management 1038 Lifeline Configuration Scenario 1046 Web Cache Configuration Flow 1054 IPsec Interoperability Between OA-700 and VPN Firewall Brick 23 LAN Tunnel Editor - Endpoint 1 - Endpoint 2 - (a) 26 LAN Tunnel Editor - Endpoint 1 - Endpoint 2 - (b) 27 LAN Tunnel Editor - Endpoint 1 - Endpoint 2 - (c) 28...
Page 27: Preface
This guide describes the CLI commands used to configure different services available in the OmniAccess 700 (OA-700). It focuses on accessing the OmniAccess 700 by using the Command Line Interface (CLI). In addition to showing how to configure each feature, this guide also provides background on why user might need the service and how it works.
Page 28: Organization
VLAN commands in switching. Chapter 8 “Integrated Routing and Bridging” deals with Switching configuration integrated with routing. Chapter 9 “802.1X Port-Based Authentication” describes how to configure IEEE 802.1X port-based authentication on the OA-700. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 29: Part Iii- Wan Interfaces
Chapter 19 “Link Fragmentation and Interleaving (LFI)” provides the configuration commands for Link Fragmentation and Interleaving on a MLPPP and Frame Relay interface. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 30: Part Iv - Packet Classification
Virtual Routing and Forwarding Customer Edge (VRF-CE) configuration on the OmniAccess-700. VRF-CE is a feature that enables a service provider to support two or more VPNs, where IP addresses can be overlapped among the VPNs. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 31: Part Vi - Network Security Cli
Transparent Firewall (TF) configuration on the OA-700. Chapter 34 “Call Admission Controller” covers the Call Admission Controller (CAC) configuration for the OA-700. Chapter 35 “Telephony Services” covers the Telephony Service configuration in OA-700. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 32: Part Vii - Quality Of Service
OA-780. XI - A - ASE) PPLICATION OSTING PPLICATION ERVICES NGINE This part consists of Chapter 43 “Web Cache Server” that covers the Web Cache Server application configuration on OmniAccess 700. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 33: Document Conventions
“no” form of the The 'no' form of a command is issued to either set it to commands its default value or to negate it. [ ^ ] [ ^ ] in the command indicate negation. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 34: Obtaining Documentation
Warning: Warning is used in similar cases as caution. This also indicates a situation where the reader needs to pay extra attention to avoid hazardous situations. BTAINING OCUMENTATION Alcatel-Lucent provides several ways to obtain technical assistance and other technical resources. Documents can be downloaded from our support site service.esd.alcatel-lucent.com. EFERENCE...
Page 35: Obtaining Technical Assistance
Obtaining Technical Assistance BTAINING ECHNICAL SSISTANCE For all customers, partners, resellers, and distributors who hold valid Alcatel- Lucent service contracts, the Alcatel-Lucent Technical Support Team provides 24- hour-a-day, technical support services online and over the phone. For Customer issues and help, contact:...
Page 36 Left running head: Chapter name (automatic) CLI Configuration Guide Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 37: Part 1 Introduction
To switch to the beta version, import color def’ns from beta-colors.fm To switch to the beta version, import color def’ns from beta-colors.fm Part 1 Introduction Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle CLI Configuration Guide section of Beta...
Page 38 Left running head: Chapter name (automatic) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 39: The Command Line Interface
This chapter provides an overview of the CLI. For more detailed information on the CLI syntax and a description on its parameters, refer to the OmniAccess 700 CLI Command Reference Guide. Alcatel-Lucent...
Page 40: Introduction To Cli Modes
Configuration Mode (S-ICM). CLI S ODE (SCM) ONFIGURATION From configuration modes, you can enter configuration sub-modes. The sub- configuration modes are used for the configuration of specific features within the scope of a given configuration mode. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 41: Cli Modes
OSPF, Firewall, Filter, NAT, the operation of an interface. IPSec, Time-Range etc. Sub-Interface Configuration Mode (S-ICM) This mode is accessed from Interface Configuration Mode This is a sub-mode of the ICM. Figure 1: Configuration Modes Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 42 These commands allow you to go back to the previous mode or to exit totally out of the configuration and go to the super user mode. The command “top” is used to jump to configuration mode from which ever mode you are in. Alcatel-Lucent CLI Configuration Guide Beta...
Page 43: User Mode (Um)
Quit this session quit Set terminal line parameters service Show running system information show Open a SSH connection Open a telnet connection telnet Set terminal line parameters terminal Trace route to destination traceroute Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 44: Super User Mode (Sum)
List files on a filesystem Turn off privileged commands.Exits from disable the SUM to the UM mode. Erase a filesystem erase Exit from current mode exit Description of the interactive help help system Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 45 Show running system information show Open a ssh connection Open a telnet connection telnet Set terminal line parameters terminal Trace route to destination traceroute Disable debugging functions undebug Write running configuration to memory, write network, or terminal Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 46: Configuration Mode (Cm)
Create Auto-QoS template auto Define a login banner banner Set QoS Class Map. class-map Terminating the Session clear System clock settings clock Select a controller to configure controller IPSEC VPN module crypto Customize services customized-service Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 47 Negate a command or set its defaults Package Manipulation package Add a Policy-Map policy-map Modify RADIUS query parameters radius-server Create route-map or enter route-map route-map command mode Enable a routing process router Modify use of network based services service Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 48 To provide TFTP service for file requests tftp-server Define/Modify a time range object time-range Enter top level configuration mode Define/modify transparent-forward policy transparent-forward Debugging functions (see also undebug 'undebug') Go up one mode Establish user name authentication username Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 49: Interface Configuration Mode (Icm)
The following command configures a E1 controller and channelized serial interface: ALU(config)# controller E1 0/0 ALU(config-controller E1)# ALU(config-controller E1)# exit ALU(config)# ALU(config)#interface Serial 0/0:0 ALU(config-if Serial0/0:0)# To exit the ICM and return to the CM, enter the Exit command. ALU(config-if GigabitEthernet7/0)# exit ALU(config)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 50: Sub-Interface Configuration Mode (S-Icm)
ALU(config)# interface Serial 0/0:0.1 ALU(config-if Serial0/0:0.1)# To exit from the S-ICM and return to the ICM, use the Exit command. To end your configuration session and return to SUM mode, press Ctrl-Z or enter the End command. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 51: Router Configuration Mode (Rcm)
UM/SUM mode. You can use the Exit command in any configuration mode to return to the previous configuration mode. XAMPLE ALU# configure Enter configuration commands, one per line. End with CNTL/Z. ALU(config)# interface GigabitEthernet 7/0 ALU(config-if GigabitEthernet7/0)# ^Z ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 52: Initial Setup
Enter configuration commands, one per line. End with CNTL/Z. ALU(config)# interface GigabitEthernet 7/0 ALU(config-if GigabitEthernet7/0)# top ALU(config)# NITIAL ETUP Whenever the system configuration is empty, you are automatically entered into the initial setup program, which takes you through the basic configuration steps. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 53: Using The Command Line Interface
Enable Tab completion service completion tab-complete Disable Tab completion no service completion tab-complete XAMPLE ALU(config)# service completion spacebar-complete ALU(config)# no service completion spacebar-complete ALU(config)# service completion tab-complete ALU(config)# no service completion tab-complete Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 54 This type of Help is called the Word Help. XAMPLE ALU(config)# show i? ** PRIVILEGE COMMANDS ** inband inband interfaces Display information for all interfaces internal Internal info IP information ip-policy ip-policy keyword IPX protocol Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 55 Interface (slot/port:channel.subchannel - chan & subchan optional) ospf OSPF information PIM information protocols IP routing protocol process parameters and statistics IP RIP show commands route IP routing table traffic IP Traffic Statistics VPN Routing/Forwarding instance information Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 56: Partial Help
When you enter a partial command (part of a command) and press the Enter key, the CLI executes the best matched command. XAMPLE ALU(config)# sh ip int br Interface IP Address Admin State Oper State GigabitEthernet3/0 unassigned down GigabitEthernet3/1 10.91.1.146 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 57: Command Line Editing
Ctrl-P or the Up Arrow key. Repeat the key sequence to recall successively more recent commands. Ctrl-I Complete command. History This gives the list of all commands entered in the present session. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 58 Capitalizes the letter at the cursor. Esc, L Changes the letters from the cursor to the end of the word to lowercase. Esc, U Capitalizes letters from the cursor to the end of the word. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 59: Command History
10: ip address 10.91.0.24/24 11: top 12: configure t 13: interface GigabitEthernet 7/05B 14: interface GigabitEthernet 7/0.1 15: interface GigabitEthernet 7/0:3.1 16: service completion spacebar-complete 17: no service completion spacebar-complete 18: no service completion 19: show history Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 60: Configuring Interfaces
Adjusts the maximum packet size or mtu <64-1500> MTU (Maximum Transmission Unit) size. IP C NTERFACE ONFIGURATION Command (in ICM) Description Assigns an IP address and subnet mask ip address {<ip-address to the interface. subnet-mask>|<ip-address/ prefix-length>} Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 61: Interface Show Commands
0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer copied, 0 interrupts, 0 failures Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 62 0 output buffer failures, 0 output buffers swapped out Tunnel0 is up, line protocol is down Internet address is 192.168.1.2/30 MTU 1476 bytes, BW 1000000 Kbit, DLY 0 usec, reliability 255/255, txload 0/255, rxload 0/255 Loopback not set Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 63 Down switchport1/2 Down Down switchport1/3 Down Down switchport1/4 Down Down switchport1/5 Down Down switchport1/6 Down Down switchport1/7 Down Down GigabitEthernet7/0 Down GigabitEthernet7/1 Down Tunnel0 Down Tunnel1 Down Tunnel3 Down Tunnel5 Down mlppp1 Down Down Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 64 ALU# show ip interface brief Interface IP Address Admin State Oper State GigabitEthernet1/0 unassigned down down GigabitEthernet1/1 unassigned down down Vlan213 2.2.2.2 down down 4.4.4.4 (s) Loopback222 3.3.3.3 Loopback2 9.9.9.9 1.1.1.1 (s) 7.7.7.7 (s) Loopback1 unassigned Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 65: Clear Interface Commands
Mode. This command administratively brings down the interface. This is entered in the Interface Configuration no shutdown Mode. This command administratively brings up the interface. XAMPLE ALU(config-if GigabitEthernet7/0)# shutdown ALU(config-if GigabitEthernet7/0)# no shutdown Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 66: Backup Interface
Command (in ICM) Description Enter this command in the Interface backup interface <interface- Configuration mode. name> This command is used to configure an interface as a backup interface. XAMPLE ALU(config-if GigabitEthernet7/0)# backup interface Serial1/0:0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 67 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer copied, 0 interrupts, 0 failures Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 68 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions Timeslot(s) Used:1-24 (64Kbps each), Transmitter delay is 0 flags Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 69: System Configuration And Monitoring
Authentication, Authorization and Accounting Configuration Mode - ALU (config)# Interface Configuration Mode - ALU (config-if)# Management Information Base SNMP Simple Network Management Protocol Super User Mode - ALU# User Datagram Protocol User Security Model Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 70: Management Plane Overview
This command is used to configure baud line console baudrate rate. {115200|19200|2400| 38400|4800|57600|9600} Default baudrate is 9600. XAMPLE ALU(config)# line console exec-timeout 0 ALU(config)# line console exec-timeout 45 15 ALU(config)# no line console exec-timeout ALU(config)# line console baudrate 19200 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 71 ALU(config)# modem disable Note: (For more information on connecting the system to the external network (console and modem), refer to “Connecting the System to the Network” section in the OA-780/OA- 740 Hardware Users Guide). Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 72: Inband Management (Ssh And Telnet)
Also, the known_hosts file is not VRF aware and is based only on the IP address. Hence, it is required to clear the file before you can establish a session to the same IP address across VRFs. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 73 Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.25.19.1' (RSA) to the list of known hosts. root@172.25.19.1's password: Last login: Mon Dec 6 17:34:48 2004 [root@linux-sw root]# exit logout Connection to 172.25.19.1 closed. ALU(config)# clear known_hosts Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 74 Web. You can access the OA-700 using HTTP through a web browser after being authenticated. By default, the access is disabled. Command (in UM) Description Use this command to enable/disable the http {enable|disable} HTTP service. XAMPLE ALU(config)# http enable Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 75 ERVER TATUS Command (in UM) Description Use this command to see the list of show access-server status inband-management services that are currently enabled. XAMPLE ALU(config)# show access-server status http enable https enable ssh enable Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 76: Idle Timeout
OA-700 and any address>|<hostname>} remote machine. XAMPLE ALU> ping 192.168.10.121 Sending 5,64-byte ICMP Echos to 192.168.10.121, timeout is 10 seconds !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0.124/0.191/0.356 ms Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 77 Specify the timeout interval in the range Enter the Time out value[2]: 1-3600. The ping is declared successful only if the ECHO REPLY packet is received before this time interval. Default is 2 seconds. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 78 Success rate is 100 percent: Percentage of packets successfully echoed back to the router. Anything less than 80 percent is usually considered problematic. round-trip min/avg/max = 2/4/5 ms: Round-trip travel time intervals for the protocol echo packets, including minimum/ average/maximum (in milliseconds). Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 79 Enter the Time out value[2]: Set the df-bit value[n]: Set the ttl value[64]: Press ^C to Stop.. Sending 7,92-byte ICMP Echos to 2.2.2.12,timeout is 2 seconds !!!!!!! Success rate is 100 percent (7/7),round-trip min/avg/max = 3.499/3.833/3.915 ms Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 80: Traceroute
The command terminates when any of these happens: • the destination responds • the maximum TTL is exceeded • the user interrupts the trace with the escape sequence. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 81 The maximum TTL value should be greater than the minimum TTL value. The destination port to be used by the Enter the Destination UDP probe messages. Port number to Port[33434]: be between 1-65535. The default is 33434. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 82 Enter the Max TTL[30]: Enter the Destination Port[33434]: Enter the TOS value[0x0]: Set the df-bit value[n]: traceroute to 2.2.2.12 (2.2.2.12), 30 hops max, 38 byte packets. 2.2.2.12 (2.2.2.12) 3.151 ms 2.2.2.12 (2.2.2.12) 4.089 ms Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 83: Terminal Settings
By default, the System name is “ALU”. To give the system a more informative name, use the ‘hostname’ command. The host name shows up in the CLI prompt. Command (in CM) Description To configure the system name. hostname <name> XAMPLE ALU(config)# hostname ALU Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 84: Aaa Configuration On
Command (in CM) Description This command is used to enable the aaa services AAA services. This command is used to disable the no aaa services AAA services. XAMPLE ALU(config)# aaa services ALU(config)# no aaa services Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 85: Authentication Commands
Stores the user password in an encrypted format. The ‘no’ command deletes the no username <user-name> specified user account. XAMPLE ALU(config)# username ALU1 password pass1 ALU(config)# username ALU1 nopassword ALU(config)# username ALU1 secret pass2 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 86 The following error is displayed if you try to configure a RADIUS server group with the name ‘local’: ALU(config)# aaa server-group radius local The name of the Group is reserved ALU(config)# no aaa server-group radius rad1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 87 Timeout: This determines the number of seconds that the OA-700 should wait for a reply from the RADIUS server before retrying. • Retransmit: The number of retries after each “timeout” interval, before giving up on the server. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 88 The default key is “” (empty string). The ‘no’ command deletes the global RADIUS key from the configuration, and resets it to default (for all servers that do not have a server specific key). Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 89 (for all servers that do not have a server specific timeout value). XAMPLE ALU(config)# radius-server auth-port 1800 ALU(config)# radius-server deadtime 10 ALU(config)# radius-server key test ALU(config)# radius-server retransmit 5 ALU(config)# radius-server timeout 10 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 90 The following error is displayed if you try to configure a TACACS+ server group with the name ‘local’’: ALU(config)# aaa server-group tacacs local The Name of the Group is reserved ALU(config)# no aaa server-group tacacs tac1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 91 Key: This is the encryption key between the OA-700 and the TACACS+ server. • Timeout: This determines the number of seconds that the OA-700 should wait for a reply from the TACACS+ server before retrying. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 92 TACACS timeout value from the configuration, and resets it to default (for all servers that do not have a server specific timeout value). XAMPLE ALU(config)# tacacs-server auth-port 100 ALU(config)# tacacs-server key test1 ALU(config)# tacacs-server timeout 10 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 93 Remote clients will be denied access with the message 'No password Set'. This is the default behavior. XAMPLE ALU(config)# enable secret test Secret for level 15 is set Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 94 The following example shows that you cannot configure a method-list with an invalid method: ALU(config)# aaa method-list m1 tac2 One of the Specified Groups doesn't have any server in it ALU(config)# no aaa method-list m1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 95 802.1x client-type. This command associates an already [no] aaa authentication configured method-list with clients seeking enable <method-list-name> access to SUM. The 'no' command removes the associated method list from the enable client-type. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 96 The ‘no’ command removes the associated method-list from the web client-type. XAMPLE ALU(config)# aaa authentication console m1 ALU(config)# aaa authentication dot1x m2 ALU(config)# aaa authentication enable m1 ALU(config)# aaa authentication remotelogin m1 ALU(config)# aaa authentication web m1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 97 SE - Services engine (active) Slot number: 3 Part number: 902601-90 Manufacturer: Description: Services engine Serial number: DD0538002047 Version: 01 Revision: A00 Opteron CPU Version: 10 Opteron CPU Frequency: 1994 MHz LoL firmware version: 2.2.68 Loader version: 2.33 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 98 Part number: 902614-90 Manufacturer: Description: Fan tray Serial number: DD05XX000000 Version: 00 Revision: A00 BP - ALU OA780 chassis (passive) Slot number: 29 Part number: 902611-90 Manufacturer: Description: ALU OA780 chassis Serial number: ND0504000104 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 99 Mounting storage medium...OK. Checking storage medium...Done Services Engine [3] Starting internal services Services Engine [3] Starting daughter processor Services Engine [3] Installing image package Services Engine [3] (SE) Installing image package Services Engine [3] Initialization complete Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 100 [no] aaa authentication which is displayed to request the user trying password-prompt <prompt- to log in, to enter his password. The default text> password-prompt is "Password:". The 'no' command brings the default back into effect. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 101 System Configuration and Monitoring XAMPLE ALU(config)# aaa authentication banner @Only authorized access permitted.@ ALU(config)# aaa authentication success-message $Login attempt successfull.$ ALU(config)# aaa authentication fail-message $Login failed!$ ALU(config)# aaa authentication username-prompt u1 ALU(config)# aaa authentication password-prompt p1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 102: Show Commands
SSOCIATED WITH THE LIENT TYPE Command (in SUM/CM) Description This command displays the associations show aaa-client-methodlist- between client types and method-lists. associations XAMPLE ALU(config)# show aaa-client-methodlist-associations aaa authentication remotelogin m2 aaa authentication web m1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 103 Command (in SUM/CM) Description This command shows the details of all the show aaa-tacacs TACACS+ Server Groups configured. XAMPLE ALU(config)# show aaa-tacacs aaa server-group tacacs tac1 tacacs-server 12.34.42.2 tacacs-server 23.4.2.232 auth-port 2050 key some Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 104: Setting And Displaying The System Time And Date
The failure of the RTC to maintain the correct time after a power cycle may be a symptom of a discharged battery. The internal battery is not a field serviceable. Contact Services & Support for chassis replacement instructions. Alcatel-Lucent CLI Configuration Guide Beta...
Page 105: Clock Set
The system clock is changed. Current setting is Tue Sep 25 17:59:20 2007 ALU# show clock RTC set to Tue Sep 25 18:00:06 2007 System time is Tue Sep 25 18:00:06 2007 Not synchronized with external source Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 106: Clock Synchronize
3. The server name can be specified either in dotted numeric or domain name format. XAMPLE ALU(config)# clock synchronize using ntp server 10.91.2.87 every 2 hours This command has no output. To verify the settings, use the ‘show clock’ command described in this section. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 107: System Logging And Debugging
<0-7> higher on the console. This command is used to log all the [no] logging system Kernel messages. By default, messages with a priority of 5 and lower will be logged. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 108: Example
ALU(config)# logging on ALU(config)# logging buffered priority 5 ALU(config)# logging remote 1.1.1.1 priority 5 ALU(config)# logging console priority 5 ALU(config)# logging system ALU(config)# logging watermark 10000 ALU(config)# service timestamps log ALU(config)# terminal monitor ALU(config)# clear logging Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 109 2005 Oct 13 03:31:08: %CM-6-LOG: SCAN card removed from slot 2 2005 Oct 13 03:31:09: %CM-5-LOG: SLOT L2 (83000019) is vacated 2005 Oct 13 03:31:09: %CM-6-LOG: LIVENESS 2[83000019] will report once on failure 2005 Oct 13 03:31:12: %CM-6-LOG: SCAN card removed from slot 2 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 110: Example 1
2005 Oct 13 03:49:59: %CLI-6-LOG: User: successfully entered into Super user mode 2005 Oct 13 10:44:47: %CLI-6-LOG: A Client Logged in to the Box through SSH from 10.91.2.87 2005 Oct 13 10:45:41: %CLI-6-LOGSRV: Logging buffer size set to 128K by User:privileged user. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 111: Rate Limiting In Statlog
In case of conflict, wherein a message has more than one rate-limiting configuration applicable to it, say for example, for its tag and its subtag, the following order of preference is followed: • subtag • • priority Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 112: Example 1
ALU(config)#logging rate-limit 50 priority 5 The above command limits the messages of priority 5 (notification) or lower (level 6 and 7) to 50 per second. XAMPLE ALU(config)# logging rate-limit no unique ALU(config)# logging rate-limit unique Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 113: Saving Log Messages
This saves log messages with priority equal to 5. ALU# save logging string time This saves log messages with string time. This is case sensitive. ALU# save logging tag cli This saves log messages originating from CLI. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 114: Viewing Tech Support
IEWING UPPORT When a problem or a bug is encountered in the system, you can send the output of the following command to Alcatel-Lucent’s tech-support department. This provides enough information to the technical-support department to locate and debug the error.
Page 115: The File System
This command displays the contents of the ‘cores’ directory in the user area. ALU(config)# dir user:cores Permission Size Date modified Name --------- ---- ------------- ------ -rw- 147456 Sep 5 08:31 core.1329.3.clim-sh.1157445064.24 -rw- 147456 Sep 5 13:20 core.1355.3.clim-sh.1157462445.24 -rw- 147456 Aug 3 12:11 core.1363.3.clim-sh.1154607060.24 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 116: Example 2
Address name of remote host []? 10.91.2.87 Remote Port [ Enter for default ] : Source Path/File []? /tmp/test_file Username [anonymous]? admin Password []? Local filename []? test_file URL specification sanity OK, proceeding with copy (please wait) Copy successful Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 117: Deleting Files
ALU(config)# delete all fpkey: The following command deletes a file in fpkey: ALU(config)# delete fpkey:backup_package The following command deletes a file in fpkey: ALU(config)# delete user:backup_config The following command deletes a config file: ALU(config)# delete config-file config1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 118: Configuration File Management
0 ! Statlog Configuration logging on logging buffered priority 7 logging buffered size 128 logging console 3 logging system 5 logging remote 1.1.1.1 port 514 priority 7 service timestamps log hostname ndm-70 snmp enable Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 119 128 logging console 3 logging system 5 logging remote 1.1.1.1 port 514 priority 7 service timestamps log hostname ndm-70 ! PVST Global configuration spanning-tree snmp enable modem disable ! SNMP Configurations --More-- Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 120 To save the running configuration under a different file name use the following command: Command (in SUM) Description This command saves the running save running-config <file- configuration under the specified file name> name in the config directory. XAMPLE ALU# save running-config my-config Saving to my-config ... Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 121 10000 no logging console logging system 4 logging remote 10.91.0.94 port 514 priority 7 logging remote 10.91.0.173 port 514 priority 7 service timestamps log hostname OA700-BLR modem enable http enable https enable Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 122 The File System ssh enable snmp enable telnet enable ! Chassis manager configuration ! SNMP Configurations snmp system contact alcatel-lucentnetd snmp system location Bangalore snmp agent rocommunity netdro snmp agent rwcommunity public snmp trap 135.254.162.40 v2c public 162 snmp-server user default-user snmp-server group default-group default-user security-model v3 snmp-server view all .1 included...
Page 123 750000 commit-action transmit committed-burst 144000 exceed-action drop class exclude-police-map interface GigabitEthernet7/1 service-policy out traffic-out-policy service-policy in traffic-in-policy line vty 4 transport input none line con 0 no exec-timeout firewall session default timeout tcp 7200 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 124 This file should be present in the config directory. (Use the copy commands to copy the file to the config directory). XAMPLE ALU# load config-file config1 Loading config1 to running-config... /-------- Percent Complete -------- |********************************* Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 125 The command "erase startup-config" can also be used to delete the startup- config permanently. XAMPLE ALU# delete config-file my-config ALU(config)# write erase Are you sure you want to erase startup-config file yes/no [yes]:yes [OK] startup-config file erased. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 126: Software Package Management
SC (Switch Card), Services Engine (SE) and other line cards. 2. ALU-apps.<version>.npm This is the collection of application modules and is a complete software release of all features. 3. ALU-part.<version>.npm This is one application module by itself. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 127 Yes: Chassis will be rebooted automatically No : Manually run set-default at a later time Proceed? (y/[n]) : y Do you want to save config before proceeding ([y]/n) : y Building configuration... [OK] Setting Default image to 2.1.22.1... Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 128 Remote Host : 10.91.2.87 Remote Port [ Enter for default ] : Path : backup-apps.2.2.25.1.npm Username [Enter for none] : vinaykumar Password : Backing up Applications package... Creating... Uploading file. This could take a while...Completed. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 129 Yes: Chassis will be rebooted automatically No : Manually run set-default at a later time Proceed? (y/[n]) : y Do you want to save config before proceeding ([y]/n) : y Building configuration... [OK] Setting Default image to 2.1.23.1... Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 130 ModuLive Operating system 2.1.22.1 Networking-base Networking infrastructure 2.1.22.1 OSPF OSPF Protocol 2.1.22.1 Quality of Service 2.1.22.1 Routing Information Protocol 2.1.22.1 Routing-base Routing Infrastructure 2.1.22.1 SNMP SNMP-v2 support 2.1.22.1 Secure Shell Access 2.1.22.1 Security Network Security Services Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 131 2.1.22.1 VRRP Virtual Router Redundancy Protocol 21 Components Listed XAMPLE ALU# show version Alcatel-Lucent Software, Version 2.3.1, Build 30 Copyright (c) 2003-2008 by Alcatel-Lucent Inc. Built on Mon Dec 8 21:08:28 IST 2008 Flash version - 2.2.68 Alcatel-Lucent CLI Configuration Guide...
Page 132: Reloading The System
Do you want to save config before rebooting (y/[n])n ALU# The system is going down NOW !! Sending SIGTERM to all processes. Terminated Sending SIGKILL to all processes. Please stand by while rebooting the system. Restarting system. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 133: Managing Individual Slots
{up|down} has already been powered down. This command controls the power of slot 0-7 on the OA-780 and slot 0-2 on the OA-740. XAMPLE ALU# power slot 1 down ALU# power slot 1 up Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 134: System Monitoring And Troubleshooting
SC - Switch card Slot number 24 Liveness failures will report once PCI configuration status: Ready Reported at Wed May 14 06:18:31 2008 (1 seconds ago) Temperature reading: 40.500C Voltage reading: 11.68V(-2%) 3.26V(-1%) 1.28V(0%) 2.50V(0%) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 135 C. Warnings will be logged and the fan speed adjusted if any of the cards show a temperature greater than 50 The Service Engine (part number 902601-90) has two temperature readings. Only the first one is monitored. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 136: System Hardware Information
Physical inventory at Thu Dec 11 19:06:36 2008 SC - Switch card (active) Slot number: 24 Part number: 902613-90 Manufacturer: Description: Switch card Serial number: DD0504001023 Version: 00 Revision: Q LoL firmware version: 2.2.68 Loader version: 2.33 ALU-OS version: 2.3.1.30 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 137 Manufacturer: Description: Universal serial port card Serial number: ND0652001055 Version: 01 Revision: A00 LoL firmware version: 2.2.68 Loader version: 2.33 MPC Loader version: 1.9 ALU-OS version: 2.3.1.30 Serial number: SM0645000014 Revision: R Version: 01 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 138 Serial number: DD05XX000000 Version: 00 Revision: A00 BP - ALU OA780 chassis (passive) Slot number: 29 Part number: 902611-90 Manufacturer: Description: ALU OA780 chassis Serial number: ND0504000104 Version: 00 Revision: Q Base MAC: 00:11:8b:00:1a:00 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 139: System Status
LEDs on the front panel and the switch card(s). XAMPLE ALU(config)# show led Name State ---- ----- Primary SC green Standby SC vacant Front panel ----- ----- Active green Modem Console green Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 140: To View Process Information
2328 bgp bgp initial 354 root /bin/sh /alu/usr/sbin/core_mover.sh 607 root 46028 snort-alu -i eth0 -c /alu/etc/snort/ snort.conf 7145 root sleep 30 7146 root rshd 7147 root sh -c ps aux 7148 root ps aux Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 141: Memory Information
371108 kB LowFree: 195028 kB SwapTotal: 0 kB SwapFree: 0 kB Note: In addition to the total memory displayed, 128 MB is reserved for data buffers. This is not displayed in the total system memory. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 142: Hot Key Support
The "Hot Key" functionality on OA-700 is activated when a BREAK is sent, followed by the command key within 5 seconds of sending the break as given in the following table: Action Key Combination Chassis Reboot BREAK + ‘b’ CLI restart BREAK + ‘c’ Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 143 Windows XP Ctrl-Break Kermit Linux/Unix Ctrl-\l Ctrl-\b Minicom Linux Ctrl-a f Telnet Ctrl-], then type send Teraterm Windows Alt-b Terminal Windows Break Ctrl-Break UNIX Ctrl-], then Break or Ctrl-c VT 100 Emulation Z-TERMINAL Apple Command-b Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 144: Snmp (Simple Network Management Protocol)
Some of the advantages of using SNMP are: • Standardized protocol • Universal acceptance • Portability • Lightweight • Extensibility • Widely deployed Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 145: Snmp Agent And Manager
MIBs on the agent. PDUs are encapsulated in the UDP (User Datagram Protocol) for transportation across the network. UDP is a connectionless transport protocol included in the TCP/IP suite and described in RFC. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 146: Snmp Version
SNMP packet. Three security models are available: SNMPv1, SNMPv2c, and SNMPv3. Three security levels are available: Auth, Noauth, and Priv. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 147: Snmp Configuration Commands
{rocommunity agent read-only/read-write |rwcommunity} <community-string> community. This command removes read-only/ no snmp agent {rocommunity read-write community string |rwcommunity} configured on the SNMP agent. XAMPLE ALU(config)# snmp agent rocommunity private ALU(config)# no snmp agent rocommunity Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 148 SNMP system name. This command removes the specified no snmp system {contact SNMP system details. |location|name} XAMPLE ALU(config)# snmp system contact support@alcatel-lucent.com ALU(config)# no snmp system contact SNMP T NALBE Command (in CM) Description This command enables the agent to...
Page 149 This command removes the configured no snmp-server group <group- USM group. name> <security-name> security-model {v1|v2c|v3} XAMPLE ALU(config)# snmp-server group testgroup user123 security-model ALU(config)# no snmp-server group testgroup user123 security- model v3 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 150 This command removes the access no snmp-server access <group- control configuration. name> security-model {v1|v2c|v3} {auth|noauth|priv} XAMPLE ALU(config)# snmp-server access testgroup security-model v3 auth read read-view write write-view notify notify-view ALU(config)# no snmp-server access testgroup security-model v3 auth Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 151: Snmp Show Commands
SNMP configuration details. XAMPLE ALU(config)# show snmp details SNMP status : Enabled Traps : Enabled System information ------------------ System Contact : support@alcatel-lucent.com name alu1 System Location : [Not configured] Community-Access Community-String ---------------- ---------------- read-only private read-write [Not configured]...
Page 152 SNMP users. If the user name is specified, the configuration for the specified user is displayed. XAMPLE ALU(config)# show snmp user --------------------------------------- User Name : user123 Authentication Protocol: MD5 Security Level: Auth --------------------------------------- Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 153 Command (in CM) Description This command displays the SNMP show snmp access access configuration. XAMPLE ALU(config)# show snmp access --------------------------------------- Group Name: testgroup Security Level: auth Security model: v3 Read View: read-view Write View: write-view --------------------------------------- Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 154 XAMPLE ALU(config)# show snmp ! SNMP Configurations snmp trap enable snmp system contact support@alcatel-lucent.com name alu1 snmp agent rocommunity private snmp trap 1.1.1.1 v1 test 10 snmp trap 1.1.1.11 v1 test1 11 snmp-server user user123 auth MD5 passpass1 snmp-server group testgroup user123 security-model v3 snmp-server view view123 .1.3.6.1 included...
Page 155: Snmp Mib Cli
The snmpgetnext command for v3 can be used to retrieve the value of the next available MIB object in the lexicographically ordered tree. snmpgetnext –v 3 –u <user-name> -l {noauthnopriv|authnopriv |authpriv} -a {MD5|SHA} -A <auth-password> -x <DES> -X <privilege-password> <host ip-address> <MIB object> Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 156: Snmp Mib Gui
SNMP operations on the agent running on the device. Note: Ensure that the version and community string settings of the MIB browser is compatible with the agent, before performing any operation from the MIB browser. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 157: Virtual Router Redundancy Protocol
HAPTER ONVENTIONS Acronym Description Super User Mode - ALU# Configuration Mode - ALU (config)# Interface Configuration Mode - ALU (config-interface name)# VRRP Virtual Router Redundancy Protocol Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 158: Vrrp Overview
VRRP group. VRRP I NTERFACE RACKING The VRRP Interface Tracking feature extends the capabilities of the VRRP to allow tracking of specific interfaces within the router that can alter the priority of a router. 3768 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 159: Vrrp Configuration
Step 6: Configure the optional parameters for the VRRP group like: Secondary IP address for the VRRP Group, Authentication, Priority, Preempt, Description, Set an Advertisement interval, Learning the advertisement interval, interface tracking. See “Modify Global VRRP Group Parameters” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 160 Left running head: Chapter name (automatic) Virtual Router Redundancy Protocol Step 7: Use the “show” and “debug” commands to monitor and debug the VRRP configuration. See “Monitor and Debug VRRP” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 161: Vrrp Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) VRRP Configuration VRRP C ONFIGURATION Figure 2: VRRP Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 162: Vrrp Cli Commands
VRRP group is disabled as a result. This command removes all configuration no vrrp <1-8> associated with the VRRP group on the interface. XAMPLE ALU(config-if GigabitEthernet7/0)#vrrp 5 ip 10.91.0.8 ALU(config-if GigabitEthernet7/0)#no vrrp 5 ip 10.91.0.8 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 163 ALU(config-if GigabitEthernet7/0)# ip address 10.1.1.1/24 ALU(config-if GigabitEthernet7/0)# ip address 10.2.1.1/24 secondary ALU(config-if GigabitEthernet7/0)# vrrp 1 ip 10.1.1.1 ALU(config-if GigabitEthernet7/0)# vrrp 2 ip 10.2.1.1 ALU(config-if GigabitEthernet7/0)# vrrp 3 ip 20.1.1.1 ALU(config-if GigabitEthernet7/0)# vrrp 4 ip 30.1.1.1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 164 ALU(config-if GigabitEthernet3/1)#ip address 10.1.1.1/24 Error - Address already configured in a VRRP group on an another interface ALU(config-if GigabitEthernet3/1)#ip address 10.2.1.1/24 secondary Error - Address already configured in a VRRP group on an another interface ALU(config-if GigabitEthernet3/1)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 165: Modify Global Vrrp Group Parameters
<1-8> priority <1-254> router for a specific VRRP group. The “no” command restores the default no vrrp <1-8> priority priority for the VRRP group. The default priority is 100. XAMPLE ALU(config-if GigabitEthernet7/0)# vrrp 7 priority 104 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 166 Note: User-defined string up to 80 characters is allowed. Command (in ICM) Description This command assigns a text description vrrp <1-8> description to the VRRP group. <string> XAMPLE ALU(config-if GigabitEthernet7/0)# vrrp 7 description ALU-vrrp Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 167 VRRP group. The “no” command restores the default no vrrp <1-8> timers advertisement interval. advertise The default interval value is 1 second. XAMPLE ALU(config-if GigabitEthernet7/0)# vrrp 7 timers advertise 5 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 168 <interface-name> of a virtual router in a VRRP group. The “no” command removes tracking of no vrrp <1-8> track-interface the interface. XAMPLE ALU(config-if GigabitEthernet7/0)# vrrp group track-interface serial1/0:0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 169: Monitor And Debug Vrrp
ALU(config-if GigabitEthernet3/0)# ALU(config-if GigabitEthernet3/0)# show vrrp all brief Interface Grp Prio Preempt State Master addr Group addr GigabitEthernet3/0 1 255 Y Master 10.1.1.1 10.1.1.1 GigabitEthernet3/0 2 100 Y Master 10.1.1.1 20.1.1.1 ALU(config- if GigabitEthernet3/0)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 170 Master Advertisement interval is 1.000 secs Master Down interval is 3.000 secs VRRP C ONTROL EBUG ESSAGES Command (in SUM/CM/ICM) Description This command displays VRRP control debug vrrp control debug messages. {rib|protocol|all} XAMPLE ALU# debug vrrp control all Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 171: Vrrp Interface Tracking
In the absence of another active router with the next highest priority, the current router will become the master again to provide some limited set of services. OUTER IN ACKUP TATE The router will not take any action when the track interface goes down. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 172 The router will send an advertisement with priority 20. • The router will switch to backup state if a router with the next highest priority overrides it. Else, the router will remain in master state to provide some minimal set of services. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 173: Vrrp Configuration Scenario Using Oa-700
VRRP C OA-700 ONFIGURATION CENARIO USING The topology consists of the following components: • OA-780 • Alcatel-Lucent OmniSwitch • Switch • PC/Laptop Figure 3: VRRP Topology ROCEDURE Configure LAN stations (192.168.1.4, 192.168.1.5, 192.168.1.6) with default gateway address of 192.168.1.3, which is IP address of Virtual Router.
Page 174: Vrrp Configuration
ALU(config-if-GigabitEthernet7/1)# ip address 192.168.1.3/24 ALU(config-if-GigabitEthernet7/1)# vrrp 1 ip 192.168.1.3 ALU(config-if-GigabitEthernet7/1)# vrrp 1 priority 120 OmniSwitch OS9000-> ip interface “vlan_10” address 192.168.1.2 vlan 10 OS9000-> vrrp 1 10 address 192.168.1.3 OS9000-> vrrp 1 10 priority 110 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 175: Part 2 Lan Interfaces And Configuration
To switch to the beta version, import color def’ns from beta-colors.fm To switch to the beta version, import color def’ns from beta-colors.fm Part 2 LAN Interfaces and Configuration Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle CLI Configuration Guide section of Beta Beta...
Page 176 Left running head: Chapter name (automatic) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 177: Ethernet Interfaces On Se
Ethernet Interfaces. You can skip this section and directly go to the configuration details “Ethernet Configuration” section. Refer “Alcatel-Lucent Specific Overview on Ethernet Interfaces” to get a detailed overview on the usage of Ethernet interfaces on the OA-700. HAPTER...
Page 178: Ethernet Overview
Modern advancements have increased these distances considerably allowing Ethernet networks to span tens of kilometers. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 179: Ethernet Terminologies
A and D will also receive and examine the frame. However, when a station first receives a frame, it checks the destination address to see if the frame is intended for itself. If it is not, the station discards the frame without even examining its contents. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 180: Switched Ethernet
Ethernet ports of SE card indicate Link Status and Activity. The SE card is a dual slot line card, and can be is installed in slots 2, 3 or slots 6, 7 in OA-780. In OA- 740, SE can be installed in slots 2, 3. Alcatel-Lucent CLI Configuration Guide Beta...
Page 181: Ethernet Configuration
• Configure Speed on the interface. See “To Configure Speed” Step 6: View the configuration details on the interface. See “Ethernet Interface Show Commands”. Step 7: Clear interface statistics. See “Ethernet Interface Clear Commands”. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 182: Ethernet Interface Configuration Flow
Left running head: Chapter name (automatic) Ethernet Interfaces on SE THERNET NTERFACE ONFIGURATION Figure 5: Ethernet Interface Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 183: Ethernet Interface Configuration Commands
The “no” command sets the flow control no flowcontrol {receive|send} to its default. By default, flow control is {off|on} set to “Off”. XAMPLE ALU(config-if GigabitEthernet7/0)# flowcontrol send on ALU(config-if GigabitEthernet7/0)# no flowcontrol send on Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 184 This command configures the interface speed {10|100|1000|auto} speed. The “no” command sets the interface no speed speed to its default. The default speed is “auto”. XAMPLE ALU(config-if GigabitEthernet7/0)# speed 100 ALU(config-if GigabitEthernet7/0)# no speed Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 185: Ethernet Interface Show Commands
0 packets input, 0 bytes Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 186 2503 packets output, 212146 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 1 lost carrier, 2 no carrier, 0 pause output 0 output buffer copied, 0 interrupts, 0 failures ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 187 3 packets output, 192 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer copied, 0 interrupts, 0 failures Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 188: Ethernet Interface Clear Commands
Command (in ICM) Description This command is used in the Interface clear Configuration Mode. This command clears the counters on a specific GigE interface. XAMPLE ALU(config-if GigabitEthernet7/0)# clear Clear counters on this interface [confirm]y ALU(config)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 189: Layer 2 Switching Configuration
You can skip this section, and directly go to the configuration details: “L2 Switching Configuration”. Refer to the “Alcatel-Lucent Specific Overview on Switching” for Alcatel-Lucent specific features. Basic scenarios using switching on OA-700 is given in the last section. You can...
Page 190: Switching Overview
Some bridges are MAC-layer bridges, which bridge between homogeneous networks, while other bridges can translate between different link layer protocols. The basic mechanics of such a translation is depicted in the graphic below. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 191: Layer 2 Switching
Switches operating at Layer 2 are very fast because they are just sorting physical addresses, but they usually are not very smart - that is, they do not look at the data packet very closely to learn anything more about where it is headed. Alcatel-Lucent CLI Configuration Guide Beta...
Page 192: Alcatel-Lucent Specific Overview On Switching
VLAN configuration, then the interface will be set to “access mode”. • If an interface has both access and trunk configuration, the interface can be set to trunk mode by using the command “switchport mode trunk”. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 193 VLAN tag information. Note: MTU configuration is not supported on switchport interfaces. However, MTU can be configured on VLAN interfaces. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 194: L2 Switching Configuration
Step 1: Configure L2 interface to Trunk mode. See “To Configure Mode for the L2 Interface” Step 2: Configure tagged VLANs that will be allowed when the interface is configured to Trunk mode. See “To Configure Trunk VLAN” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 195 “To Configure Speed” Step 6: Monitor and troubleshoot the configuration using the “show” commands. “L2 Switching Show Commands” Step 7: Use the clear command to clear the MAC address table entries. See “L2 Switching Clear Commands” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 196: L2 Switching Configuration Flow
Left running head: Chapter name (automatic) Layer 2 Switching Configuration L2 S WITCHING ONFIGURATION Figure 8: L2 Switching Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 197: L2 Switching Commands
If no access VLAN is configured, then the interface moves to pure bridging mode. XAMPLE ALU(config-if switchport1/0)# switchport mode trunk ALU(config-if switchport1/0)# no switchport mode Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 198 This command deletes the trunk VLANs no switchport trunk allowed configured on the interface. vlan <2-4094>... XAMPLE ALU(config-if switchport1/0)# switchport trunk allowed vlan 3 ALU(config-if switchport1/0)# switchport trunk allowed vlan 5 8 ALU(config-if switchport1/0)# no switchport trunk allowed vlan Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 199 This command configures the interface speed {10|100|1000|auto} speed. The “no” command sets the interface no speed speed to its default. The default speed is “auto”. XAMPLE ALU(config-if switchport1/0)# speed 100 ALU(config-if switchport1/0)# no speed Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 200: L2 Switching Show Commands
LoL firmware version: 2.2.68 Loader version: 2.33 ALU-OS version: 2.2.20-R02 PB - Power tray (active) Slot number: 22 Part number: 902612-90 Manufacturer: Description: Power tray Serial number: ND0533002043 Version: 00 Revision: A00 SC - Switch card (active) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 201 Serial number: DD0429000107 Version: 00 Revision: A00 BP - ALU OA780 chassis (passive) Slot number: 29 Part number: 902611-90 Manufacturer: Description: ALU OA780 chassis Serial number: DD05XX000000 Version: 00 Revision: A00 Base MAC: 00:00:00:00:01:00 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 202 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 Out multicast, 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 203 Access ALU(config)# show vlan Brief VLAN_ID Status Interface name Mode --------- ---------- ------------------- ----- Inactive switchport0/2 No-Mode switchport0/3 No-Mode switchport0/4 No-Mode switchport0/5 No-Mode Inactive switchport0/0 Access switchport0/7 Access switchport0/6 Trunk Inactive switchport0/1 Access Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 204 Dynamic 00c0.9f33.7c84 switchport0/0 Dynamic 0000.5e00.0101 switchport0/1 Dynamic 0008.a16b.6597 switchport0/1 Dynamic 0008.a170.59ea switchport0/1 Dynamic 0008.a170.5e1d switchport0/1 Dynamic 0008.a170.5e21 switchport0/1 Dynamic 0008.a177.fecc switchport0/1 Dynamic 0008.a177.fece switchport0/1 Dynamic 0008.a178.4b19 switchport0/1 Dynamic 0008.a17b.ba3d switchport0/1 Dynamic 000c.f1c3.85a9 switchport0/1 Dynamic Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 205: L2 Switching Clear Commands
LEAR OMMANDS MAC- LEAR THE ADDRESS TABLE Command (in CM) Description This command clears the mac-address- clear mac-address-table table learnt by the system. Dynamic [slot <slot-number>| vlan <1-4094>] XAMPLE ALU # clear mac-address-table Dynamic Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 206: Switching Configuration Using Oa-700
By default, all Switch ports will be in bridged mode. They belong to 1 broadcast domain. ALU(config)# interface switchport1/0 ALU(config-if switchport1/0)# ALU(config-if switchport1/0)# no shutdown To check for reachability between hosts, verify with ping from, say Host 1 to Host Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 207: As A Switch With Vlans
Hence, hosts 1 and 2 belong to VLAN1, hosts 3 and 4 belong to VLAN2, and hosts 5 and 6 belong to VLAN3. VLAN ONFIGURE CCESS ALU(config-if switchport1/0)# switchport access vlan 10 ALU(config-if switchport1/0)# VLAN C ELETE CCESS ONFIGURED ALU(config-if switchport1/0)# no switchport access vlan Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 208 Left running head: Chapter name (automatic) Layer 2 Switching Configuration Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 209: Per Vlan Spanning Tree
Per VLAN Spanning Tree Protocol Plus (PVST+). For a more detailed information on the parameter descriptions and their corresponding default values, refer to the OmniAccess 700 CLI Command Reference Guide. This chapter includes the configuration steps, CLI syntax with its description and configuration examples.
Page 210: Per Vlan Spanning Tree (Pvst+) Overview
VLAN configured in the network. Since PVST + treats each VLAN as a separate network, it has the ability to load balance traffic (at layer-2) by forwarding some VLANs on one trunk and other Vlans on another trunk without causing a Spanning Tree loop. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 211: Pvst+ Configuration
Set the PVST+ cost. See “To Calculate the PVST+ Cost” • Set the Port-priority. See “To Set PVST+ Port Priority” Step 5: Use the show commands to recheck and view the details configured. See “Show Commands in PVST+” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 212: Pvst+ Configuration Flow
Left running head: Chapter name (automatic) Per VLAN Spanning Tree + PVST+ C ONFIGURATION Figure 11: PVST+ Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 213: Pvst+ Configuration Commands
The deletion of the spanning tree will follow the same rule. ALU(config)# no spanning-tree The following example configures spanning tree for VLAN 100: ALU(config)# spanning-tree vlan 100 The deletion of the spanning tree will follow the same rule. ALU(config)# no spanning-tree vlan 100 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 214 ALU(config)# spanning-tree vlan 100 max-age 40 The following command resets the PVST+ Forward-time/Hello-time/Maximum- age/Bridge priority to its default: ALU(config)# no spanning-tree vlan 100 forward-time ALU(config)# no spanning-tree vlan 100 hello-time ALU(config)# no spanning-tree vlan 100 max-age Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 215 - When two bridges compete for position as the root bridge, configure the PVST cost to prioritize an interface. - The PVST+ cost is configured on a per port basis. XAMPLE ALU(config-if switchport1/0)# spanning-tree vlan 100 cost 1000 ALU(config-if switchport1/0)# no spanning-tree vlan 100 cost Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 216 - When two bridges compete for position as the root bridge, port-priority command is used to prioritize an interface. - PVST+ Port Priority is configured on a per port basis. XAMPLE ALU(config-if switchport1/0)# spanning-tree vlan 100 port- priority 250 ALU(config-if switchport1/0)# no spanning-tree vlan 100 port- priority Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 217: Show Commands In Pvst
DIS 0 00.11.8b.00.27.12 128.6 switchport0/3 128.5 DIS 0 00.11.8b.00.27.12 128.5 switchport0/4 128.4 DIS 0 00.11.8b.00.27.12 128.4 switchport0/5 128.3 DIS 0 00.11.8b.00.27.12 128.3 switchport0/6 128.2 DIS 0 00.11.8b.00.27.12 128.2 switchport0/7 128.1 DIS 0 00.11.8b.00.27.12 128.1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 218 XAMPLE ALU# show spanning-tree summary Name Blocking Listening Learning Forwarding STP Active --------- -------- --------- -------- ---------- ---------- VLAN1 VLAN2 VLAN3 --------------- -------- --------- -------- ---------------- 3 VLANs ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 219 Port path cost 4, Port priority 128 Designated root has priority 32768, address 00.11.8b.00.27.12 Designated bridge has priority 32768, address 00.11.8b.00.27.12 Designated port Id is 128.8 path cost 0 Timers: message age 0, forward delay 0, hold 0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 220 Designated root has priority 32768, address 00.11.8b.00.27.12 Designated bridge has priority 32768, address 00.11.8b.00.27.12 Designated port Id is 128.1 path cost 0 Timers: message age 0, forward delay 0, hold 0 BPDU: sent 0, received 0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 221: Pvst+ Configuration Examples
ALU(config)# spanning-tree vlan 2 ALU(config)# spanning-tree vlan 3 ALU(config)# spanning-tree vlan 3 priority 3 ALU(config)# interface switchport0/0 ALU(config-if switchport0/0)# switchport mode hybrid ALU(config-if switchport0/0)# switchport trunk allowed vlan 2 3 ALU(config-if switchport0/0)# no shutdown Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 222: Topology
All the L2 ports will participate in pure bridging if they are not configured for access or trunk or hybrid. OPOLOGY The topology consists of the following components: • 1 OA-700 • 6 PCs/Laptops Figure 13: PVST+ Topology on OA-700 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 223: Procedure
128.3 128 4 00.11.8b.00.27.12 128.3 switchport1/6 128.2 128 4 00.11.8b.00.27.12 128.2 switchport1/7 128.1 128 4 00.11.8b.00.27.12 128.1 HECK FOR EACHABILITY ETWEEN OSTS This can be verified with ping from, say Host 1 to Host 5. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 224 Left running head: Chapter name (automatic) Per VLAN Spanning Tree + Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 225: Integrated Routing And Bridging
IRB on the OA-700. The last section “IRB Configuration using OA-700” provides a real-time scenario for configuring IRB on the OA-700. HAPTER ONVENTIONS Acronym Description Configuration Mode - ALU (config)# Interface Configuration Mode - ALU (config-interface name)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 226: Integrated Routing And Bridging Overview
(e.g., a Frame Relay sub-interface), then everything proceeds as usual. If the egress interface is a logical VLAN interface, then it will be sent out of the appropriate physical interface port(s) that belong to the VLAN. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 227: Irb Configuration
VLAN interface (through known CLI commands for other services). Note: - A given VLAN interface for IRB can be used only on the 8 ports of the same L2-GE card. - The IRB VLANs cannot be configured on the Service Engine ports. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 228: Irb Commands
0 watchdog, 0 multicast, 0 pause input 2035879 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 229: Irb Configuration Using Oa-700
ONFIGURE RIDGING ALU(config)# interface switchport1/0 ALU(config-if-switchport1/0)# ALU(config-if-switchport1/0)# no shutdown ALU(config-if-switchport1/0)# switchport access vlan 100 ONFIGURE A IRTUAL NTERFACE ALU(config)# interface vlan 100 ALU(config-if Vlan 100)# no shutdown ALU(config-if Vlan 100)# ip address 10.10.10.20/24 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 230 Chapter name (automatic) Integrated Routing and Bridging HECK FOR EACHABILITY ETWEEN OSTS Verify by pinging from 10.10.10.5 to 10.10.10.20, and also ping to check for WAN connectivity. For ex: ping from 10.10.10.5 to any HTTP address. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 231: 802.1X Port-Based Authentication
The commands are described in sequential order of configuration. For a more detailed information on the parameter descriptions and their corresponding default values, refer to the OmniAccess 700 CLI Command Reference Guide. This chapter is divided into the following sections: •...
Page 232: Overview
The uncontrolled port in Authenticator system is basically used for sending/ receiving 802.1x control frame. Once authentication is successful, then the controlled port will be open to access the service offered by authenticator. Figure 15: 802.1X Deployment Scenario Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 233: Generic Terms Used In 802.1X
• If the supplicant provides proper identity, the authentication server responds with a success message, which is then passed onto the supplicant. The authenticator now allows access to the LAN. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 234: Message Exchange
Left running head: Chapter name (automatic) 802.1X Port-Based Authentication Figure 16: Message Exchange Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 235: Using 802.1X With Vlan Assignment
UCENT PECIFIC VERVIEW Alcatel-Lucent’s Gigabit Ethernet line card (L2GE Card) is used for layer-2 functionality. 802.1X is a port based authentication protocol, which provides the access to the port. Before giving any access to the hosts, which are connected to L2GE Ports, needs to be authenticated on L2GE ports.
Page 236: Configuration
For more details on AAA configuration commands, refer to the “System Configuration and Monitoring” chapter in this guide). Step 2: Enter Configuration Mode. ALU# configure terminal ALU(config)# Step 3: Enable 802.1X port-based authentication globally. See “To Enable 802.1X Port-based Authentication Globally” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 237 “To Configure Switch-to-client Retransmission Time” • Configure switch-to-client retransmission time for EAP-request frames. “To Configure Switch-to-client Retransmission Time for EAP-request Frames” • Configure switch-to-client frame retransmission number. See “To Configure Switch-to-client Frame Retransmission Number” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 238 “To Manually Reauthenticate the Client” • Initialize the authentication for the client. See “To Initialize the Authentication for the Client” Step 8: Use the show commands to recheck and view the details configured. See “802.1X Show Commands” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 239: Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) 802.1X Configuration 802.1X C ONFIGURATION Figure 17: 802.1X Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 240: Configuration Commands
L2 [auto|forced-unauthorized interface, and resets to its default. |forced-unauthorized] The default authentication is forced- authorized. XAMPLE ALU(config-if switchport5/0)# dot1x port-control auto ALU(config-if switchport5/0)# no dot1x port-control auto Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 241 This command sets the reauthentication no dot1x timeout reauth- period to its default. period [<1-65535>] The default is 3600 seconds. XAMPLE ALU(config-if switchport5/0)# dot1x timeout reauth-period 4500 ALU(config-if switchport5/0)# no dot1x timeout reauth-period Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 242 This command sets the tx-period to its no dot1x timeout tx-period default. [<1-3600>] The default is 30 seconds. XAMPLE ALU(config-if switchport5/0)# dot1x timeout tx-period 60 ALU(config-if switchport5/0)# no dot1x timeout tx-period Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 243 [<1-10>] This command sets the max-request to its default. The default is 2. XAMPLE ALU(config-if switchport5/0)# dot1x max-request 3 ALU(config-if switchport5/0)# no dot1x max-request Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 244 ALU(config-if switchport5/0)# no dot1x host-mode 802.1X P ESET ONFIGURABLE ARAMETERS EFAULT ALUES Command (in ICM) Description This command is used to reset the dot1x default configurable 802.1X parameters to the default values. XAMPLE ALU(config-if switchport5/0)# dot1x default Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 245 NITIALIZE THE UTHENTICATION FOR THE LIENT Command (in CM) Description This command initializes the dot1x initialize interface authentication for the client connected to a switchport <slot/port> port. XAMPLE ALU(config)# dot1x initialize interface switchport 5/0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 246: Show Commands
: Auto Supplicant : 00.0D.62.2B.76.FA Status : Authorized Current Identifier : Authenticator state machine State : Authenticated Reauth count: Backend state machine State : Idle Request count : Reauthentication state machine state : Initialize Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 247 DDRESS OF THE UTHENTICATED UPPLICANT Command (in SUM/CM) Description This command displays the mac- show dot1x interface address of the authenticated supplicant. switchport <slot/port> authenticated-mac XAMPLE ALU# show dot1x interface switchport 0/0 authenticated-mac 00.0D.62.2B.76.FA Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 248: Configuration Example
! Statlog Configuration logging on logging buffered priority 7 logging buffered size 128 logging console 7 logging system 5 service timestamps log hostname ALU !VRF Configuration ! MULTICAST Configuration dot1x system-auth-control ! SNMP Configurations aaa services Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 249 100 dot1x port-control auto no shutdown interface switchport0/1 switchport access vlan 100 dot1x port-control auto dot1x host-mode multi-auth no shutdown interface switchport0/2 shutdown interface switchport0/3 shutdown interface switchport0/4 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 250 : 3600 quiet-period : tx-period : supp-timeout : server-timeout : max-req : operation_mode : Single-Host port-control : Auto Supplicant : 00.00.00.00.00.00 Status : Unauthorized Current Identifier : Authenticator state machine State : Initialize Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 251 Backend state machine State : Idle Request count : Reauthentication state machine state : Initialize ---------------------------------------- 802.1X is disabled on switchport0/2 ---------------------------------------- 802.1X is disabled on switchport0/3 ---------------------------------------- 802.1X is disabled on switchport0/4 ---------------------------------------- Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 252 Left running head: Chapter name (automatic) 802.1X Port-Based Authentication 802.1X is disabled on switchport0/5 ---------------------------------------- 802.1X is disabled on switchport0/6 ---------------------------------------- 802.1X is disabled on switchport0/7 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 253: Port Monitoring
OA-700. For instructions on using the port monitoring commands and descriptions on each of their parameters with the corresponding default values for each, refer to the OmniAccess 700 CLI Command Reference Guide. This chapter includes the following sections: • “Port Monitoring Overview”...
Page 254: Port Monitoring Overview
The analyzer captures and evaluates the data without affecting the client on the original port. Note: Port Monitoring is not enabled across cards. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 255: Port Monitoring Configuration
Step 2: Administratively bring up the interface. ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if switchport1/0)# no shutdown Step 3: Configure Port Monitoring. See “To Configure Port Monitoring” Step 4: View port monitoring configuration details. “To View Port Monitor Details” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 256: Port Monitoring Commands
Description This command displays the port show port monitor [interface monitoring details on the specified port. switchport <slot/port>] XAMPLE ALU(config)# show port monitor PORT-MONITERING PORT-MONITERED TRAFFIC-TYPE --------------- -------------- ------------ switchport1/0 switchport1/6 both switchport1/7 ingress Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 257: Port Monitoring Configuration On Oa-700
To configure port monitoring, the following configuration is to be used: ONFIGURE ONITORING ALU(config)# interface switchport 1/3 ALU(config-if switchport1/3)# port monitor switchport 1/0 both HECK THE ONFIGURATION WITH THE OMMAND ALU(config)# show port monitor PORT-MONITERING PORT-MONITERED TRAFFIC-TYPE --------------- -------------- ------------ switchport1/3 switchport1/0 both Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 258 Left running head: Chapter name (automatic) Port Monitoring Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 259: Part 3 Wan Interfaces And Protocols
To switch to the beta version, import color def’ns from beta-colors.fm To switch to the beta version, import color def’ns from beta-colors.fm Part 3 WAN Interfaces and Protocols Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle CLI Configuration Guide section of Beta Beta...
Page 260 Left running head: Chapter name (automatic) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 261: T1E1 Line Card
• “T1 Interface Overview” • “T1 Configuration” HAPTER ONVENTIONS Acronym Description Super User Mode - ALU# Configuration Mode - ALU (config)# Controller Configuration Mode - ALU (config-controller)# Interface Configuration Mode - ALU (config-interface name)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 262: T1 And E1 Overview
Europe and most of the Asian countries, including India. The E1s and the T1s belong to the physical layer in the OSI reference model, thus Layer 2 technologies like the FR, PPP, Cisco HDLC, MLPPP, MLFR, etc., are carried over it. Alcatel-Lucent CLI Configuration Guide Beta...
Page 263: E1 Interface Overview
TS0 is dedicated for synchronization, alarms and messages, unless configured differently. • TS16 is usually used for signaling, but can carry data as well. • TS1-TS15 and TS17-TS31 are used for carrying user data. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 264: Mechanisms Supported By The E1 Interface
TS16 is usually used for this purpose. • Channel Associated Signaling (CAS) - In each Multiframe, each channel has a predetermined frame. In this frame, half of TS16 is dedicated for this channel signaling information. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 265: E1 Modes Of Operation
In E1 lines, cable-length is referred to as Line Termination. There is no variation of Long and Short cable length. • OA-700 supports fractional T1 or E1. • OA-700 supports Unframed E1. • OA-700 supports channelized T1 or E1. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 266: E1 Configuration
“To Set the Card type to E1” Step 6: Enter Interface Configuration Mode to configure the channelized serial interface. See “To Configure a Serial Interface” Note: Creation of a channel-group is a pre-requisite prior to configuring a serial interface. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 267 Configure MTU on the Interface” (Optional) Step 11: See “To View the E1 Controller Configuration” to view the E1 configuration details. Step 12: View the interface configuration details. See “To View Interface Configuration” command. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 268: E1 Configuration Flow
Left running head: Chapter name (automatic) T1E1 Line Card E1 C ONFIGURATION Figure 22: E1 Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 269: E1 Configuration Commands
E1 C ONFIGURE AN ONTROLLER Command (in CM) Description This command configures an E1 or T1 controller {E1|T1} <slot/port> controller. Use E1 keyword to configure an E1 controller. XAMPLE ALU(config)# controller E1 0/0 ALU(config-controller E1)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 270 To associate non-contiguous timeslots with the controller: ALU(config-controller E1)#channel-group 0 timeslots 1,4,20 2. In the above example, the channel-group command is shown only with a value of ‘0’. Now the values in the range of 0-30 can be used: Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 271 ALU(config)# controller E1 1/0 ALU(config-controller E1)# shutdown Note: Online Insertion and Removal (OIR) functionality is supported on the T1 and E1 cards. After re-insertion, the default state of the controller is in ‘shutdown’ state. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 272 ALU(config-controller E1)#no shutdown ALU(config-controller E1)#unframed ALU(config-controller E1)#no unframed As system is creating channel-group 0, serial interface will be available, and you will require to configure it too. ALU(config)#interface Serial 0/0:0 ALU(config-if Serial 0/0:0)#no shutdown Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 273 75 or 120. The “no” command sets the impedance no line-termination value to its default. The default line-termination value is 120 ohm. XAMPLE The following example selects 120 as the E1 line impedance: ALU(config-controller E1)#line-termination 120 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 274 The default value for clocksource is internal. XAMPLE The following example configures the E1 0 clocksource to line: ALU(config-controller E1)# clocksource line The following example configures the E1 0 clocksource to internal: ALU(config-controller E1)# no clocksource Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 275 XAMPLE ALU(config)#interface Serial 0/0:0 ALU(config-if Serial0/0:0)# shutdown ALU(config)#interface Serial 0/0:0 ALU(config-if Serial0/0:0)# no shutdown Note: We support Online Insertion and Removal (OIR) functionality for T1E1 line card. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 276 2 payload. The “no” command sets the MTU to its no mtu default. The default MTU is 1500 bytes. XAMPLE ALU(config-if Serial0/0:0)# mtu 1200 ALU(config-if Serial0/0:0)# no mtu Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 277: E1 Show Commands
No Alarm Detected Framing is crc4, Line Code is hdb3, Clock Source is internal Total Data (Since last clearing of counters) 1 Line Code Violation, 0 Framing Errors 0 CRC Errors, 0 Far End Block Errors Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 278 7 packets output, 154 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions Timeslot(s) Used:1 (64Kbps each), Transmitter delay is 0 flags Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 279: Troubleshooting E1 Lines
The following configuration establishes a loopback of the incoming E1 signal on controller E1 0: ALU(config)#controller E1 1/0 ALU(config-controller E1)# loopback network line The following example disables the loopback on controller E1 0: ALU(config)# controller E1 0/0 ALU(config-controller E1)# no loopback Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 280: T1 Interface Overview
The last bit of each TS is "robbed" for the purpose of signaling. These "robbed" bits form a channel with capacity of 10.666 Kbps. If CCS is in use, then one Timeslot (TS), usually TS 24, is dedicated for signaling purposes. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 281: T1 Modes Of Operation
• ESF + FDL • ESF + CAS/CRC/FDL. • CCS: Can be used in each of the framed formats by dedicating one channel (usually TS-24) for delivering the signaling messages in a predetermined protocol. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 282: T1 Configuration
“To Configure Clocksource” Step 6: Enter Interface Configuration Mode to configure the channelized serial interface. See “To Configure a Serial Interface” Note: Creation of a channel-group is a pre-requisite prior to configuring a serial interface. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 283 Step 10: Configure MTU (Maximum Transmission Unit) on the Interface. See “To Configure MTU on the Interface” (Optional) Step 11: See “To View the Controller Configuration” to view T1 configuration. Step 12: View the interface configuration details. See “To View Interface Configuration” command. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 284: T1 Configuration Flow
Left running head: Chapter name (automatic) T1E1 Line Card T1 C ONFIGURATION Figure 23: T1 Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 285: T1 Configuration Commands
This command configures a E1 or T1 controller {E1|T1} <slot/port> controller. Use T1 keyword to configure a port in the T1 mode. The T1 has a bandwidth of 1.544 Mbps. XAMPLE ALU(config)# controller T1 0/0 ALU(config-controller T1)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 286 To associate non-contiguous timeslots with the controller: ALU(config-controller T1)#channel-group 0 timeslots 1,4,20 2. In the above example, the channel-group command is shown only with a value of ‘0’. The following example uses value in the range of 0-23: Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 287 T1 controller. The keyword “shutdown” will administratively bring down the controller. XAMPLE ALU(config-controller T1)# no shutdown ALU(config-controller T1)# shutdown Note: We support Online Insertion and Removal (OIR) functionality for T1E1 line card. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 288 1 to the appropriate levels for a cable between 111 and 220 feet long: ALU(config)#controller T1 1/1 ALU(config-controller T1)# cablelength short 220 The following example sets the cablelength to its default: ALU(config)#controller T1 1/1 ALU(config-controller T1)# no cablelength Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 289 T1 circuit. XAMPLE The following example specifies AMI as the linecode type for a T1 line: ALU(config-controller T1)# linecode ami The following example sets b8zs, as the linecode type: ALU(config-controller T1)# no linecode Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 290 This command is entered in the Interface interface Serial <slot/ configuration mode to configure a serial port:channel> interface. XAMPLE The following example creates an interface at slot 0 and port 0 at group 0: ALU(config)#interface Serial0/0:0 ALU(config-if Serial0/0:0)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 291 <bundle_id>} The “no” command sets the no encapsulation encapsulation to its default. The default encapsulation is HDLC. XAMPLE ALU(config-if Serial0/0:0)# encapsulation frame-relay ALU(config-if Serial0/0:0)# encapsulation ppp ALU(config-if Serial0/0:0)# no encapsulation Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 292 2 payload. The “no” command sets the MTU to its no mtu default. The default MTU is 1500 bytes. XAMPLE ALU(config-if Serial0/0:0)# mtu 100 ALU(config-if Serial0/0:0)# no mtu Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 293: T1 Show Commands
No Alarm Detected Framing is esf, Line Code is b8zs, Clock Source is internal Total Data (Since last clearing of counters) 0 Line Code Violation, 0 Framing Errors 0 Out of Frame, 0 Bit Errors Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 294 7 packets output, 154 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions Timeslot(s) Used:1 (64Kbps each), Transmitter delay is 0 flag Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 295: Troubleshooting T1 Lines
The following example establishes a loopback of the incoming T1 signal on controller T1 0: ALU(config)# controller T1 0/0 ALU(config-controller T1)# loopback network payload The following example disables the loopback on the controller T1 0: ALU(config)# controller T1 0/0 ALU(config-controller T1)# no loopback Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 296 Left running head: Chapter name (automatic) T1E1 Line Card Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 297: Universal Serial Port (Usp) Line Card
For instructions on using the commands and to get a detailed description on each of their parameters, refer to the USP Line Card chapter in the OmniAccess 700 CLI Command Reference Guide. This chapter is divided into the following sections.
Page 298: Chapter Conventions
Acronym Description Cyclic Redundancy Check Data Circuit-Terminating Equipment Data Terminal Equipment Configuration Mode - ALU (config)# Interface Configuration Mode - ALU (config-interface name)# Maximum Transmission Unit Online Insertion and Removal Receive Clock Transmit Clock Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 299: Usp Line Card (V.35/X.21/Rs-232) Overview
Signal function includes signal for ground, data interchange, flow control, control of the remote modem, modem status and control signals. For synchronous communication, these signals provide timing information for the transmitter and receiver, which may operate at different baud rates. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 300: Alcatel-Lucent Specific Overview
DTE and DCE modes • Data rate up to 2 Mbps per interface • Layer2 protocols - HDLC, PPP, Frame Relay, Multilink PPP, Multilink Frame Relay on each serial interface • OIR of the line card Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 301: Configuration
• Configure Loopback. See “To Configure Loopback” • Set Encapsulation. See “To Set Encapsulation” • Configure MTU. See “To Configure MTU (Maximum Transmission Unit)” Step 6: See “Show Command” to view the interface configuration. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 302: V.35/X.21/Rs-232 Configuration Flow
Left running head: Chapter name (automatic) Universal Serial Port (USP) Line Card V.35/X.21/RS-232 C ONFIGURATION Figure 25: V.35/X.21/RS-232 Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 303: V.35/X.21/Rs-232 Configuration Commands
XAMPLE The following example administratively brings up the V.35/X.21/RS-232 interface: ALU(config)#interface Serial 0/0 ALU(config-if Serial0/0)# no shutdown The following example administratively brings down the V.35/X.21/RS-232 interface: ALU(config)#interface Serial 0/0 ALU(config-if Serial0/0)# shutdown Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 304: V.35/X.21/Rs-232 Dte And Dce Cli Configuration Commands
32: This command enables the 32 bit crc {16|32} CRC. 16: This command enables the 16 bit CRC. The “no” command sets CRC to default no crc {16|32} value 16. XAMPLE ALU(config-if Serial0/0)# crc 16 ALU(config-if Serial0/0)# no crc Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 305 Tx data and Tx clock. Command (in ICM) Description This command configures an interface in loopback loopback mode. The “no” command removes the no loopback loopback configured on the interface. XAMPLE ALU(config-if Serial0/0)# loopback ALU(config-if Serial0/0)# no loopback Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 306 The MTU command is used to configure the MTU value on the serial interface, i.e., the maximum size of the transmitted layer 2 payload. Command (in ICM) Description Configures the MTU value on the serial mtu <64-1500> interface. XAMPLE ALU(config-if Serial 0/0:0)# mtu 1200 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 307: Show Command
0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up Note: You can view the details of the interface in the Interface Configuration Mode with a ‘show’ command without entering into the user mode. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 308: Clear Command
Serial <slot/ interface. port> XAMPLE ALU# clear counters Serial 0/0 Note: You can clear the counters of the interface in the Interface Configuration Mode with a ‘clear’ command without entering into the user mode. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 309: High-Level Data Link Control
HDLC architecture with the steps involved to configure HDLC encapsulation with the necessary commands. To get an in-depth view on the description of the argument-list or parameters and the default values, refer to the OmniAccess 700 CLI Command Reference Guide.
Page 310: Hdlc Overview
Flag Field(F) 8 bits Address Field(A) 8 bits Control Field(C) 8 or 16 bits Information Field(I) Variable; Not used in some frames Frame Check Sequence(FCS) 16 or 32 bits Closing Flag Field(F) 8 bits Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 311: Hdlc Frame Formats
If two is differ by 3 or more, it considers the serial line as failed, and will not route further higher-level data across it until an acceptable keepalive response is received. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 312: Hdlc Configuration
HDLC C ONFIGURATION Refer to the following sections to enable HDLC encapsulation on a T1 or E1 interface or a Serial interface (V.35/X.21): • “HDLC Configuration Steps” • “HDLC Configuration Flow” • “HDLC Configuration Commands” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 313: Hdlc Configuration Steps
(V.35/X.21). The steps (Step 6 - Step 12) hold good for configuration of HDLC on a V.35/X.21 interface, except that there is no channel group number in the interface name. Configure serial interface using the following command: ALU(config)# interface Serial <slot/port> ALU(config-if Serial<slot/port>)# Example: Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 314 Step 10: Configure the HDLC Keepalive Interval. See “To Configure HDLC Keepalive Interval” (Optional) Step 11: Configure loopback detection. See “To Enable Loopback Detection” command. (Optional) Step 12: View the status of HDLC. See “Show Interface Status” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 315: Hdlc Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) HDLC Configuration HDLC C ONFIGURATION Figure 27: HDLC Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 316: Hdlc Configuration Commands
ONFIGURE NCAPSULATION Command (in ICM) Description This command is entered in the Interface encapsulation hdlc Configuration Mode. This command is used to configure encapsulation on an interface to HDLC. XAMPLE ALU(config-if Serial0/0:0)# encapsulation hdlc Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 317 This command disables bringing down of no hdlc down-when-looped the line protocol when loopback is detected on the interface. This is the default behavior. XAMPLE ALU(config-if Serial0/0:0)# no hdlc down-when-looped Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 318 367 packets output, 8074 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions Timeslot(s) Used:1-24 (64Kbps each), Transmitter delay is 0 flags ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 319 ALU(config)# debug hdlc keepalive HDLC ISABLE EBUGGING ON Command (in SUM or CM) Description The “no” command disables the debug no debug hdlc {all|keepalive} functionality. By default, debug is disabled. XAMPLE ALU(config)# no debug hdlc all Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 320 Left running head: Chapter name (automatic) High-level Data Link Control Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 321: Frame Relay
CLI. For instructions on using the FR commands and descriptions on each of their parameters with the corresponding default values for each, refer to the OmniAccess 700 CLI Command Reference Guide. This chapter is divided into the following sections: •...
Page 322: Frame Relay Overview
The actual deployment of SVCs is minimal in today's FR network. • Permanent Virtual Circuits (PVC) - These are permanently established connections that are used for frequent and consistent data transfers between DTE devices across a FR network. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 323: Frame Relay Network Deployments
The majority of today's FR networks are public carrier-provided networks. • Private Enterprise Networks - In private FR networks, the administration and maintenance of the network is the responsibility of an enterprise. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 324: Frame Relay Configuration
RAME ELAY ONFIGURATION Refer to the following sections to enable FR encapsulation on a T1 or E1 line card: • “Frame Relay Configuration Steps” • “Frame Relay Configuration Flow” • “Frame Relay Configuration Commands” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 325: Frame Relay Configuration Steps
(V.35/X.21). The steps (Step 6 - Step 11) hold good for configuration of FR on a V.35/ X.21 interface, except that there is no channel group number in the interface name. Configure a serial interface using the following command: ALU(config)# interface Serial <slot/port> ALU(config-if Serial<slot/port>)# Example: Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 326 FR DLCI can also be configured on a sub-interface. Multiple sub-interfaces with different FR DLCI are also configurable. Step 12: View the status of the Frame Relay protocol on a specified interface. “Frame Relay Show Commands” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 327: Frame Relay Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) Frame Relay Configuration RAME ELAY ONFIGURATION Figure 28: FR Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 328: Frame Relay Configuration Commands
QoS policy is more than three, after giving a warning message. You have to decrease the policy depth to less than or equal to three, and explicitly attach the policy to the interface. Alcatel-Lucent CLI Configuration Guide Beta...
Page 329 XAMPLE The following example sets the LMI to ANSI standard: ALU(config-if Serial0/0:0)# frame-relay lmi-type ansi The following example sets the LMI-type to its default, i.e., auto-sense: ALU(config-if Serial0/0:0)# no frame-relay lmi-type Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 330 The default polling interval is 6. XAMPLE The following example sets the polling interval to 8: ALU(config-if Serial0/0:0)#frame-relay lmi-n391dte 8 The following example sets the polling interval to default, i.e., 6: ALU(config-if Serial0/0:0)# no frame-relay lmi-n391dte Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 331 XAMPLE The following example sets the DTE monitored events count to 7: ALU(config-if Serial0/0:0)# frame-relay lmi-n393dte 7 The following example sets the lmi-n393dte to its default value, i.e., 4: ALU(config-if Serial0/0:0)# no frame-relay lmi-n393dte Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 332 Step 2: Configure sub-interface on the serial interface. ALU(config)# interface Serial <slot/port:channel.subchannel> ALU(config-if Serial <slot/port:channel.subchannel>)# Example: ALU(config)# interface Serial 0/0:0.1 ALU(config-if Serial0/0:0.1)# Step 3: Configure IP address for the sub-interface ALU(config-if Serial <slot/port:channel.subchannel>)# ip address {<ip-address subnet-mask>|<ip-address/prefix-length>} Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 333 Configuration Steps” Note: If you are configuring FR on a sub-interface on a Serial interface (V.35/X.21), configure a sub-interface using the following command: ALU(config)# interface Serial <slot/port>.subchannel ALU(config-if Serial<slot/port.subchannel>)# Example: ALU(config)#interface Serial0/0.1 ALU(config-if Serial0/0.1)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 334 FECN pkts out FECN pkts in BECN pkts out BECN pkts in DE pkts out DE pkts out bcast pkts out bcast bytes ALU(config-if Serial0/0:0)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 335 Invalid Status Message Invalid Lock Shift Invalid Information ID Invalid Report IE Len Invalid Report Request Invalid Keep IE Len Num Status Enq. Sent Num Status msgs Rcvd Num Update Status Rcvd Num Status Timeouts Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 336 ALU(config)# debug frame-relay fse ISABLE EBUGGING ON Command (in SUM or CM) Description The “no” command disables the debug no debug frame-relay functionality. By default, debug is {all|fse|keepalive|mlfr} disabled. XAMPLE ALU(config)# no debug frame-relay all Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 337: Point-To-Point Protocol
PPP through the CLI. For instructions on using the PPP commands and descriptions on each of their parameters, refer to the OmniAccess 700 CLI Command Reference Guide. Refer to the following to configure PPP encapsulation on an interface: •...
Page 338: Ppp Overview
• CHAP (RFC 1994) • EAP (RFC 3748) The Alcatel-Lucent implementation of PPP conforms to the above specifications. PPP C OMPONENTS PPP provides a method for transmitting datagrams over point-to-point links. On a serial interface, PPP contains four main components: •...
Page 339: Ppp Configuration
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) PPP Configuration PPP C ONFIGURATION • “PPP Configuration Steps” • “PPP Configuration Flow” • “PPP Configuration Commands” • “PPP Show Commands” • “PPP Debug Commands” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 340: Ppp Configuration Steps
(V.35/X.21). The steps (Step 6 - Step 10) hold good for configuration of PPP on a V.35/X.21 interface, except that there is no channel group number in the interface name. Configure serial interface using the following command: ALU(config)# interface Serial <slot/port> ALU(config-if Serial<slot/port>)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 341 • Configure Timers and Counters. See “PPP Counters and Timers Configuration” • Configure authentication through user name and password. See “PPP Authentication Configuration” Step 11: Use the “PPP Show Commands” to view PPP configuration. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 342: Ppp Configuration Flow
Left running head: Chapter name (automatic) Point-to-Point Protocol PPP C ONFIGURATION Figure 29: PPP Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 343: Ppp Configuration Commands
PPP. This command sets the encapsulation to no encapsulation ppp its default. The default encapsulation on a serial interface is HDLC. XAMPLE ALU(config)# interface Serial1/0:0 ALU(config-if Serial1/0:0)# encapsulation ppp ALU(config-if Serial1/0:0)# no encapsulation ppp Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 344: Ppp Optional Parameters
The “no” command sets the echo- no ppp lcp echo-interval interval to its default value. The default value is 10 seconds. XAMPLE ALU(config-if Serial1/0:0)# ppp lcp echo-interval 200 ALU(config-if Serial1/0:0)# no ppp lcp echo-interval Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 345 The “no” command sets the LCP/ no ppp timeout restart-interval NCP restart-interval to its default. The default LCP/NCP restart- interval is 30 seconds. XAMPLE ALU(config-if Serial0/0:0)# ppp timeout restart-interval 10 ALU(config-if Serial0/0:0)# no ppp timeout restart-interval Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 346 IP address given to it by its peer local during IPCP. This is the default behavior. XAMPLE ALU(config-if Serial0/0:0)# ppp ipcp address accept-local ALU(config-if Serial0/0:0)# no ppp ipcp address accept-local Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 347 IPCP. The “no” command removes the IP no ppp ipcp address pool local address pool for IPCP. XAMPLE ALU(config-if Serial0/0:0)# ppp ipcp address pool local 10.10.10.10 ALU(config-if Serial0/0:0)# no ppp ipcp address pool local Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 348 The “no” command sets the max- no ppp timeout max-terminate terminate value to its default. The default max-terminate value is “2 seconds”. XAMPLE ALU(config-if Serial0/0:0)# ppp timeout max-terminate 10 ALU(config-if Serial0/0:0)# no ppp timeout max-terminate Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 349 The “no” command sets the max-failure no ppp timeout max-failure value to its default. The default max-failure value is “5 seconds”. XAMPLE ALU(config-if Serial0/0:0)#ppp timeout max-failure 10 ALU(config-if Serial0/0:0)# no ppp timeout max-failure Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 350 <username> server side. The “no” command deletes the no ppp authentication username configured PPP authentication user name on the server side. XAMPLE ALU(config-if Serial0/0:0)# ppp authentication username ALU ALU(config-if Serial0/0:0)# no ppp authentication username Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 351 <password> client side. The “no” command deletes the no ppp authentication client- configured authentication password on password the client side. XAMPLE ALU(config-if Serial0/0:0)# ppp authentication client-password pass1 ALU(config-if Serial0/0:0)# no ppp authentication client- password Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 352: Ppp Show Commands
: 3 (sec) PPP Max Terminate PPP Max Configure : 10 PPP Max Failure Authentication protocol : pap Authentication username : user1 Authentication password : secret1 Authentication client-username : user2 Authentication client-password : secret2 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 353 IPCP Configure Requests: IPCP Configure Acks: IPCP Configure Naks: IPCP Configure Rejects: IPCP Terminate Requests: IPCP Terminate Acks: IPCP Code Rejects: IPCP Invalid Packets: PAP Authentication Requests: PAP Authentication Acks: PAP Authentication Naks: PAP Invalid Packets: Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 354 Conversations: 0/0/0/0 (active/max active/max total) Reserved Conversations: 0/0 (allocated/max allocated) Available Bandwidth 1544 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 50 packets input, 0 bytes, 0 no buffer Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 355 LCP Configure Requests: LCP Configure Acks: LCP Configure Naks: LCP Configure Rejects: LCP Terminate Requests: LCP Terminate Acks: LCP Code Rejects: LCP Protocol Rejects: LCP Echo Requests: LCP Echo Replies: LCP Discard Requests: LCP Invalid Packets: Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 356 <interface-name> XAMPLE ALU# show ppp ipcp statistics Serial 0/0:0 IPCP Configure Requests: IPCP Configure Acks: IPCP Configure Naks: IPCP Configure Rejects: IPCP Terminate Requests: IPCP Terminate Acks: IPCP Code Rejects: IPCP Invalid Packets: Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 357 <interface-name> XAMPLE ALU# show ppp session statistics Serial 0/0:0 PPP data packets received: PPP control packets received: Packets dropped: PPP sessions initiated: PPP sessions received: PPP sessions successful: PPP sessions terminated: Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 358 PAP Authentication Requests: PAP Authentication Acks: PAP Authentication Naks: PAP Invalid Packets: CHAP Challenges: CHAP Responses: CHAP Successes: CHAP Failures: CHAP Invalid Packets: EAP Requests: EAP Responses: EAP Successes: EAP Failures: EAP Invalid Packets: Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 359: Ppp Debug Commands
ALU(config)# debug ppp echo ISABLE EBUGGING ON Command (in SUM or CM) Description The “no” command disables the debug no debug ppp {all|echo} functionality. By default, debug is disabled. XAMPLE ALU(config)# no debug ppp echo Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 360 Left running head: Chapter name (automatic) Point-to-Point Protocol Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 361: Point-To-Point Protocol Over Ethernet (Pppoe)
“Ethernet Interfaces on SE” chapter before proceeding with this. For instructions on using the PPPoE commands and descriptions on each of their parameters, refer to the OmniAccess 700 CLI Command Reference Guide. The chapter is divided into the following sections: •...
Page 362: Pppoe Overview
• 1 PPPoE client session per SE Gigabit Ethernet interface. • LCP (RFC 1661), IPCP (RFC 1332), PAP (RFC 1334), CHAP (RFC 1994), EAP (RFC 3748) support. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 363: Pppoe Configuration
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) PPPoE Configuration ONFIGURATION • “PPPoE Configuration Steps” • “PPPoE Configuration Flow” • “PPPoE Configuration Commands” • “PPPoE Show Commands” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 364: Pppoe Configuration Steps
Step 6: Configure PPPoE Optional Parameters. See “PPPoE Optional Parameters” • Initiate PPPoE negotiation. See “To Initiate PPPoE Negotiation Manually” • Configure PPPoE retry timer. See “To Set Timer for Retransmission of PADI/PADR Packets” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 365 PPP chapter. The show commands are also similar to the PPP show commands. For more details on these commands, refer to the “Point-to-Point Protocol” chapter. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 366: Pppoe Configuration Flow
Left running head: Chapter name (automatic) Point-to-Point Protocol over Ethernet (PPPoE) ONFIGURATION Figure 30: PPPoE Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 367: Pppoe Configuration Commands
This also removes the PPPoE server given IP address, and restores the configured IP address on the interface (if any). XAMPLE ALU(config-if GigabitEthernet3/0)# encapsulation pppoe ALU(config-if GigabitEthernet3/0)# no encapsulation pppoe Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 368 ALU(config-if GigabitEthernet3/0)# no pppoe service-name Note: The PPPoE service-name configured on OA-700 should match the service-name supported on the server. If “service-name” is not configured, then the client accepts any service offered by the PPPoE server. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 369: Pppoe Optional Parameters
PPPoE negotiation is automatically started when the link is administratively brought up on a PPPoE interface. It starts off by sending a PADI. Also, whenever “encapsulation pppoe” is configured on an administratively up GigE interface. XAMPLE ALU(config-if GigabitEthernet3/0)# pppoe negotiate Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 370 PPPoE client sends only one PADI/ PADR. The ‘no’ command resets the retry- no pppoe retry-timer timer to its default. The default retry-timer value is 10 seconds. XAMPLE ALU(config-if GigabitEthernet3/0)# pppoe retry-timer 15 ALU(config-if GigabitEthernet3/0)# no pppoe retry-timer Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 371 After the negotiations, MTU is set to be either user configured MTU or server suggested MTU, whichever is lesser. • Irrespective of the MTU value, OA-700 will still be able to receive PPPoE packets with payload of 1492 bytes. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 372: Pppoe Show Commands
GigabitEthernet <slot/port> XAMPLE ALU(config)# show pppoe configuration GigabitEthernet 7/0 pppoe max-retry: 15 pppoe retry-timer: 5(s) pppoe service-name: ISP1 Note: You can also view the PPPoE configuration by using the “show interfaces GigabitEhternet <slot/port>” command. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 373: Multilink Point To Point Protocol
Port (USP) Line Card” chapters before proceeding to this. For instructions on using the MLPPP commands and descriptions on each of their parameters, refer to the OmniAccess 700 CLI Command Reference Guide. The chapter is divided into the following sections: •...
Page 374: Mlppp Overview
MLPPP is an extension to PPP. See “Point-to-Point Protocol” for information about PPP. Microsoft Windows, Linux, and other operating systems support MLPPP. Many routers also support Multilink PPP. Figure 31: Sample Deployment Scenario for MLPPP Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 375: Mlppp Components
PPP header. It contains a sequence number and additionally allows for fragmentation or re-assembly of the packet. MLPPP is also referred to as MP or MPPP. Figure 32: MLPPP Header in Long Sequence Number Format Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 376: Alcatel-Lucent Specific Overview On Mlppp Features
EATURES The following features are available with the current release: • The OmniAccess 700 supports RFC 1990 (MLPPP Protocol) without necessarily conforming to all the optional items mentioned in the specification. • Specifically, the system supports the logical aggregation, into a configured MLPPP bundle of any number of channelized or fractional T1 or E1 interfaces, Serial (V.35/X.21) interfaces, etc.
Page 377: Mlppp Configuration
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) MLPPP Configuration MLPPP C ONFIGURATION • “MLPPP Configuration Steps” • “MLPPP Configuration Flow” • “MLPPP Configuration Commands” • “MLPPP Show Commands” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 378: Mlppp Configuration Steps
(V.35/X.21). The steps (Step 6 - Step 12) hold good for configuration of MLPPP on a V.35/X.21 interface, except that there is no channel group number in the interface name. Configure a serial interface using the following command: ALU(config)# interface Serial <slot/port> ALU(config-if Serial<slot/port>)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 379 ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if Serial0/0:0)# no shutdown Step 12: Configure encapsulation on the interface. See “To Set MLPPP Encapsulation on an Interface” Step 13: Use the “MLPPP Show Commands” to view the MLPPP configuration. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 380: Mlppp Configuration Flow
Left running head: Chapter name (automatic) Multilink Point to Point Protocol MLPPP C ONFIGURATION Figure 34: MLPPP Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 381: Mlppp Configuration Commands
{outbound|inbound} <1- 255> This command removes the load threshold no mlppp load-threshold on the MLPPP bundle. {high|low} {outbound|inbound} XAMPLE ALU(config-if mlppp100)# mlppp load-threshold high outbound 100 ALU(config-if mlppp100)# no mlppp load-threshold high outbound Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 382 ALU(config-if serial1/0:0)# no encapsulation mlppp Note: If the encapsulation of a serial interface is changed to MLPPP from HDLC/PPP/FR, the QoS policy applied on the serial interface will be removed after giving a warning message. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 383: Mlppp Show Commands
0 lost received, 0 couldn't reassemble 0 fragments received, 0x0 received sequence ALU(config)# show mlppp 10 MLPPP bundle 10 link state information: IPCP: Open MEMBER LINKS AUTH CLIENT AUTH SERVER Serial0/0:1 Open ----- Serial0/0:0 Open ----- Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 384: Mlppp Configuration Example
255/255, txload 247/255, rxload 0/255 Loopback not set Encapsulation mlppp, MLPPP Bundle Id: 10 keepalive set (10 sec) LCP: Open Last input never, output never, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 385 0 lost received, 0 couldn't reassemble 0 fragments received, 0x0 received sequence ALU(config)# show mlppp 10 MLPPP bundle 10 link state information: IPCP: Open MEMBER LINKS AUTH CLIENT AUTH SERVER Serial0/0:1 Open ----- Serial0/0:0 Open ----- Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 386 Left running head: Chapter name (automatic) Multilink Point to Point Protocol Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 387: Multilink Frame Relay
The chapter is divided into the following sections: • “MLFR Overview” • “MLFR Configuration” HAPTER ONVENTIONS Acronym Description Configuration Mode - ALU (config)# Interface Configuration Mode - ALU (config-interface name)# MLFR Mutilink Frame Relay Super User Mode - ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 388: Mlfr Overview
The MLFR packet is encapsulated using an MLFR header, which is different from the standard Frame Relay header. It contains a sequence number and also allows for fragmentation/reassembly of the MLFR packet. MLFR is also referred to as MFR. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 389: Mlfr Frame Format For Data Packets
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) MLFR Overview Figure 35: MLFR frame format for data packets Figure 36: MLFR frame format for control packets Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 390: Alcatel-Lucent Specific Overview On Mlfr Features
IP routing protocols as well as policies such as ACL, NAT, IDS, IPsec, QoS, etc., may be applied on the bundle. • The Alcatel-Lucent OA-700 implementation does not include Link Fragmentation and Interleaving, Vendor Extension Information Element, and SNMP MIB support. MLFR C ONFIGURATION •...
Page 391: Mlfr Configuration Steps
(V.35/X.21). The steps (Step 6 - Step 16) hold good for configuration of MLFR on V.35/X.21 interface, except that there is no channel group number in the interface name. Configure a serial interface using the following command: ALU(config)# interface Serial <slot/port> ALU(config-if Serial<slot/port>)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 392 Step 12: Enter Serial interface configuration mode ALU(config)# interface Serial <slot/port:channel> ALU(config-if Serial<slot/port:channel>)# Example: ALU(config)#interface Serial0/0:0 ALU(config-if Serial0/0:0)# Step 13: Administratively bring up the interface ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if Serial0/0:0)# no shutdown Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 393 Configure the Acknowledge interval. See “To Configure the Acknowledge Interval” • Configure the retry count. See “To Configure the Retry Count” Step 16: Use the show commands to view the MLFR configuration. See “MLFR Show Commands” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 394: Mlfr Configuration Flow
Left running head: Chapter name (automatic) Multilink Frame Relay MLFR C ONFIGURATION Figure 37: MLFR Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 395: Mlfr Configuration Commands
XAMPLE The following example sets the LMI to ANSI standard: ALU(config-if mlfr100)# frame-relay lmi-type ansi The following example sets the LMI-type to its default, i.e., ‘auto-sense’: ALU(config-if mlfr100)# no frame-relay lmi-type Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 396 This command removes the configured no mlfr bid <name> bid name from the bundle interface. XAMPLE ALU(config-if mlfr100)# mlfr bid ALU1 Note: Configuring a Bundle Interface is a pre-requisite to Member Link configuration. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 397 The LID can be a maximum of 255 characters. This command removes the configured no mlfr lid <name> LID name from the interface that is part of the bundle. XAMPLE ALU(config-if Serial0/0:0)# mlfr lid ALU-wan-link ALU(config-if Serial0/0:0)# no mlfr lid ALU-wan-link Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 398 1 second to 10 seconds. This command resets the acknowledge no mlfr ack-interval <1-10> interval to its default, i.e., 4 seconds. XAMPLE ALU(config-if Serial0/0:0)# mlfr ack-interval 5 ALU(config-if Serial0/0:0)# no mlfr ack-interval 5 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 399: Mlfr Show Commands
Last input never, output never, output hang never Last clearing of "show interface" counters never 614 packets input( 325 controld packets, 289 data packets),34295 bytes 26599 packets output( 26216 controld packets, 383 data packets),458430 bytes 53 packets dropped 0 giant packets Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 400 0 output buffer failures, 0 output buffers swapped out 18 carrier transitions Timeslot(s) Used:1-24 (64Kbps each), Transmitter delay is 0 flags Note: All the show commands that take IP interface name as an argument will also take MLFR interface as a parameter. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 401: Link Fragmentation And Interleaving (Lfi)
Interface Configuration Mode - ALU (config-interface name)# Data Terminal Equipment Frame Relay Link Control Protocol MLPPP Multi Link Point to Point Protocol Maximum Receive Unit MRRU Maximum Receive Reconstructed Unit Point-to-Point Super User Mode - ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 402: Lfi Overview
PECIFIC VERVIEW ON EATURES The following features are available with the current release: • The OmniAccess 700 supports RFC 1990 (MLPPP) without necessarily conforming to all the optional items mentioned in the specification. • Multilink PPP with interleaving • FRF.12 LFI is used with Frame Relay data connections.
Page 403: Overview Of Lfi In Mlppp
Following the protocol identifier is a four byte header containing a sequence number, and two one bit fields indicating that the fragment begins a packet or terminates a packet. Individual fragments by default will have long sequence number, therefore, have the following format: Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 404: Mlppp Header In Long Sequence Number Format
The FCS field shown in the diagram is inherited from the normal framing mechanism from the member link on which the packet is transmitted. There is no separate FCS applied to the reconstituted packet as a whole if transmitted in more than one fragment. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 405: Configuration Of Lfi On Mlppp
Packets. Interleaving functionality will be performed by QoS configured on MLPPP bundle interface. Note: To achieve best latency results, it is recommended that all the constituent links in a MLPPP bundle have similar bandwidth. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 406: Lfi Configuration On Mlppp
MLPPP ONFIGURATION ON • “LFI - MLPPP Configuration Steps” • “LFI - MLPPP Configuration Flow” • “LFI - MLPPP Configuration Commands” • “LFI - MLPPP Show Commands” • “Configuration Example of LFI on MLPPP” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 407: Lfi - Mlppp Configuration Steps
Creation of a channel-group is a pre-requisite for configuring a Serial Interface on a T1 or an E1 controller. Step 4: Administratively bring up the controller. ALU(config-controller T1)# no shutdown Step 5: Exit from the controller mode ALU(config-controller T1)# exit ALU(config)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 408 “Quality of Service” chapter. Note: Configuring QoS out policy is mandatory for link fragmentation. If only fragment delay is configured and QoS out policy is not configured, then the link fragmentation will not come into effect. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 409 Step 14: Set MLPPP encapsulation on the interface. ALU(config-if <interface-name>)# encapsulation mlppp <1-256> Example: ALU(config)#interface Serial1/0:0 ALU(config-if Serial1/0:0)# encapsulation mlppp 100 Step 15: Use “LFI - MLPPP Show Commands” to view the LFI configuration. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 410: Lfi - Mlppp Configuration Flow
Left running head: Chapter name (automatic) Link Fragmentation and Interleaving (LFI) LFI - MLPPP C ONFIGURATION Figure 40: LFI - MLPPP Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 411: Lfi - Mlppp Configuration Commands
Configurations for the QoS policy map and the attributes within the policy is not shown in this section. For more information on configuring policy map, refer to QoS Configuration section in the “Quality of Service” chapter. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 412 ALU(config)# interface mlppp 100 ALU(config-if mlppp100)# fragment delay 10 ALU(config-if mlppp100)# no fragment delay Note: The MTU (Maximum Transmission Unit) of the individual links in a MLPPP bundle should be greater than the fragment size. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 413 The default slippage MRU value is 32 MRU. The ‘no’ command sets the slippage MRU no slippage mru to its default, i.e., 32 MRU. XAMPLE ALU(config)# interface mlppp 100 ALU(config-if mlppp100)# slippage mru 16 ALU(config-if mlppp100)# no slippage mru Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 414: Lfi - Mlppp Show Commands
10 fragments created, 0x9 sent sequence Reassembly: Slippage MRU 16 0 fragments in reassembly list 0 lost fragments, 0 reordered 11 discarded fragments, 0 reassembled 0 timeouts, 0 couldn't reassemble 0 fragments received, 0xb received sequence Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 415: Configuration Example Of Lfi On Mlppp
Configure policy map. Associate match-list and class map with the policy map. ALU(config)# match-list m1 ALU(config-match-list-m1)# tcp any any ALU(config)# class-map c1 ALU(config-qos-c1)# match m1 ALU(config)# policy-map P1 ALU(config-qos-P1)# class C1 ALU(config-qos-P1-C1)# priority Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 416 ALU(config-qos-P2)# class C2 c) Configure QoS out policy on the MLPPP interface. ALU(config-if mlppp2)# service-policy out P2 d) Configure fragment delay and slippage MRU over the MLPPP interface ALU-2(config-if mlppp2)#fragment delay 10 ALU-2(config-if mlppp2)#slippage mru 20 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 417 5 fragmented, 0 couldn't fragment 10 fragments created, 0x9 sent sequence Reassembly: Slippage MRU 20 0 fragments in reassembly list 0 lost fragments, 0 reordered 11 discarded fragments, 0 reassembled 0 timeouts, 0 couldn't reassemble 0x10 received sequence Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 418: Overview Of Lfi In Frame Relay
Figure 42: End-to-End Fragmentation Format The (C)ontrol bit is set to 0 in all fragments. It is reserved for future control functions. There is a separate sequence number maintained for each fragmented PVC between DTE peers. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 419: Configuration Of Lfi On Fr (And Fr Sub Interface)
80 is configured, fragments will have a serialization delay of 10 ms. The default value of fragment-size is 0. In that case, the fragmentation is not applicable. Minimum Fragment size is 16. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 420: Lfi Configuration On Fr
“LFI - FR Configuration Steps” • “LFI - FR Configuration Flow” • “LFI-FR Configuration Commands” • “LFI Configuration on FR Sub Interface” • “LFI - FR Show Commands” • “Configuration Example of LFI on FR” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 421: Lfi - Fr Configuration Steps
Creation of a channel-group is a pre-requisite for configuring a Serial Interface on a T1 or an E1 controller. Step 4: Administratively bring up the controller. ALU(config-controller T1)# no shutdown Step 5: Exit from the controller mode ALU(config-controller T1)# exit ALU(config)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 422 Step 8: Configure IP address for the interface ALU(config-if <interface-name>)# ip address {<ip- address subnet-mask>|<ip-address/prefix-length>} Example: ALU(config-if Serial0/0:0)# ip address 20.20.20.20/24 Step 9: Set FR encapsulation on the interface. ALU(config-if <interface-name>)# encapsulation frame- relay Example: ALU(config)#interface Serial0/0:0 ALU(config-if Serial0/0:0)# encapsulation frame-relay Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 423 “To Attach a Policy Map to the Interface” For more information on configuring policy map, refer to “Quality of Service” chapter. Step 14: Use “LFI - FR Show Commands” to view the LFI-FR configuration. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 424: Lfi - Fr Configuration Flow
Left running head: Chapter name (automatic) Link Fragmentation and Interleaving (LFI) LFI - FR C ONFIGURATION Figure 43: LFI - FR Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 425: Lfi-Fr Configuration Commands
- There are multiple VC present (one main interface and one sub-interface with DLCI configured or two sub-interfaces with DLCI configured). - QoS policy is configured on the FR Interface. It is recommended that the fragment size configured is greater than the priority packet size. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 426 This command is used to attach a policy- map to an interface. This command detaches the policy map no service-policy {in|out} from the interface. <policy-map name> XAMPLE ALU(config-if Serial 0/0:0)# service-policy out P1 ALU(config-if Serial 0/0:0)# no service-policy out P1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 427: Lfi Configuration On Fr Sub Interface
“LFI - FR Configuration Steps” Note: If you are configuring FR on a sub-interface on a Serial interface (V.35/X.21), configure a sub-interface using the following command: ALU(config)# interface Serial <slot/port>.subchannel ALU(config-if Serial<slot/port.subchannel>)# Example: ALU(config)#interface Serial0/0.1 ALU(config-if Serial0/0.1)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 428: Lfi - Fr Show Commands
0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions Timeslot(s) Used:1-24 (64Kbps each), Transmitter delay is 0 flags Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 429 Packets fragmented Fragments Created fragments failed End-to-End Reassembly Statistics fragments received fragments reassembled fragments dropped fragments timeout fragments reordered DLCI = 110, DLCI USAGE = LOCAL, PVC STATUS = STATIC, INTERFACE = Serial0/ 0:0.1 ………… Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 430 Left running head: Chapter name (automatic) Link Fragmentation and Interleaving (LFI) End-to-End Fragmentation Statistics Packets fragmented Fragments Created fragments failed End-to-End Reassembly Statistics fragments received fragments reassembled fragments dropped fragments timeout fragments reordered Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 431: Configuration Example Of Lfi On Fr
Configure policy map. Associate match-list and class map with the policy map. ALU(config)# match-list m1 ALU(config-match-list-m1)# tcp any any ALU(config)# class-map c1 ALU(config-qos-c1)# match m1 ALU(config)# policy-map P1 ALU(config-qos-P1)# class C1 ALU(config-qos-P1-C1)# priority Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 432 ALU-2(config-if Serial 1/0:0)# slippage mru 16 Verification with Show Command You can verify the LFI-FR configuration using the following commands: • show interface serial <slot/port> • show frame-relay fragments • show frame-relay pvc Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 433: Part 4 Common Classification
To switch to the beta version, import color def’ns from beta-colors.fm To switch to the beta version, import color def’ns from beta-colors.fm Part 4 Common Classification Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle CLI Configuration Guide section of Beta...
Page 434 Left running head: Chapter name (automatic) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 435: Common Classifiers
“CC Configuration” • “Sample examples on the usage of CC across applications” HAPTER ONVENTIONS Acronym Description Super User Mode - ALU# Configuration Mode - ALU (config)# Match-list CM Match-list Configuration Mode - ALU (config-match-list-name)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 436: Cc Overview
QoS. As part of our unified architecture, we have evolved a common classifier design which decouples classification and action. Thus, the same classifier can be used across all applications. Figure 2: Depicting Alcatel-Lucent’s Common Classification Alcatel-Lucent CLI Configuration Guide...
Page 437: Benefits Of Alcatel-Lucent Devices Common Classifiers
CC Overview ENEFITS OF LCATEL UCENT EVICES OMMON LASSIFIERS Following are the benefits of Alcatel-Lucent common classifiers: • Usage of common classification by different features. • Classification can be optimized and hence would lead to better performance of the devices. •...
Page 438: Before You Configure Cc
The keyword “from” defines the source port for a TCP or UDP protocol. • The keyword “service” defines the destination port for a TCP or UDP protocol. • The keyword “type” keyword kicks in ALGs (Application Level Gateways). Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 439: Cc Configuration
Step 6: To view the configuration, see “Show commands in CC”. Step 7: The configured rules and match-lists can be removed with the help of the respective deletion commands. See “Deletion Commands in CC” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 440: Elements Used In Configuring Cc
Traffic type or class (Type) A higher level description of the packet stored in the packet context, derived from some application or feature. Used by the ALGs (Application Level Gateways). DSCP Specifies IP Differential Service Code Point (DSCP). Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 441 Assured Forwarding 41 af42 Assured Forwarding 42 af43 Assured Forwarding 43 Class Selector 1 Class Selector 2 Class Selector 3 Class Selector 4 Class Selector 5 Class Selector 6 Class Selector 7 default Default Expedited Forwarding Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 442 The change applies to the following rule commands IP, TCP, UDP, AH, ESP. NEMONICS FOR Mnemonic Description max-reli Maximum reliability (2) max-tput Maximum throughput (4) min-cost Minimize monetary cost (1) min-delay Minimize delay (8) normal Normal Service (0) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 443: To Configure A Match-List
• The “service” keyword in TCP and UDP protocols refer to the destination port. Currently, the ‘service’ keyword in TCP or UDP can have only the following values: ftp-data|ftp|ssh|telnet|smtp|dns|tftp|http|pop2|pop3|imap| snmp|snmptrap|bgp Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 444 The above concept can be made clear by referring to the following examples: XAMPLE To classify traffic coming from network 192.168.10.0/24 and going to 192.168.11.0/24, the match-list would look as shown below. ALU(config)# match-list m1 ALU(config-match-list-m1)# tcp prefix 192.168.10.0/24 prefix 192.168.11.0/24 service ssh Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 445 UDP and ICMP protocols in CC. ALU(config)# match-list m1 ALU(config-match-list-m1)# 1 tcp prefix 192.168.10.0/24 prefix 192.168.11.0/24 service ssh ALU(config)# match-list m2 ALU(config-match-list-m2)# 1 udp interface GigabitEthernet 3/0 interface GigabitEthernet 7/0 ALU(config)# match-list m3 ALU(config-match-list-m3)# 1 icmp any any Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 446 ALU(config-match-list-m1)# 1 ip list i1 list i2 type normal ALU(config-match-list-m1)# 2 ip list i1 list i2 type rpc ALU(config-match-list-m1)# 3 ip list i1 list i2 type ftp ALU(config-match-list-m1)# 4 ip list i1 list i2 type tftp Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 447 ALU(config)# list i1 prefix 10.0.0.0/8 prefix 11.0.0.0/8 ALU(config)# list i2 prefix 20.0.0.0/8 prefix 21.0.0.0/8 ALU(config)# match-list m1 ALU(config-match-list-m1)# 1 tcp list i1 list i2 service telnet Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 448 This can be represented by the classifier as: ALU(config)# list L3 prefix 192.168.1.0/24 prefix 192.168.2.0/24 ALU(config)# list L4 prefix 192.168.18.0/24 prefix 192.168.19.0/24 ALU(config)# match-list m1 ALU(config-match-list-m1)# 1 udp list L3 list L4 service tftp Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 449: To Configure Rules Using The Protocol Numbers
|length {<1-1500> |{eq|ge|gt|le|lt|range <1-1500>}} |tos {<0-15>|<tos-mnemonics>}|type {ftp|normal|rpc|sip|tftp}] XAMPLE The following example configures a rule using the Protocol number ‘1’ with ‘any any’ and dscp value 10: ALU(config-match-list-test)# 10 protocol 1 any any dscp 10 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 450: Lists In Cc
ALU(config)# list L4 prefix 192.168.18.0/24 prefix 192.168.19.0/24 ALU(config)# match-list m1 ALU(config-match-list-m1)# 1 tcp list L3 list L4 service telnet ALU(config-match-list-m1)# 2 tcp list L3 list L4 service telnet ALU(config-match-list-m1)# 3 udp list L3 list L4 service snmp Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 451 192.168.12.0/24 and 192.168.13.0/24. ALU(config)# list L1 prefix 192.168.12.0/24 prefix 192.168.13.0/24 ALU(config)# match-list m1 ALU(config-match-list-m1)# 1 tcp any list L1 service ssh ALU(config-match-list-m1)# 2 tcp any list L1 service pop3 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 452: Nesting Of Match-Lists
ALU(config-match-list-m2)# 3 ip host 21.1.1.1 type rpc ALU(config-match-list-m2)# 4 include m1 Note: There is no ordering of rules inside a match-list. All the rules are of same priority. The rule numbers are used only for reference. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 453 ALU(config)# list l1 host 192.168.0.4 prefix 192.168.0.1/24 interface GigabitEthernet7/0 ALU(config)# list l2 host 192.168.0.3 include l1 ALU(config)# match-list m1 ALU(config-match-list-m1)# tcp any list l1 length 23 from ssh service range 23 35 ALU(config-match-list-m1)# exit ALU(config)# match-list m2 ALU(config-match-list-m2)# include m1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 454: Show Commands In Cc
The following example displays the details of the list L1 and L2 configured: ALU(config)# show list l1 list l1 host 5.5.5.5 host 4.4.4.4 prefix 6.6.6.0/24 ALU(config)# ALU(config)# show list l2 list l2 host 5.3.4.6 prefix 1.10.10.0/24 ALU(config)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 455 1 icmp any any 2 tcp any any service http 3 ip any any type tftp ALU(config-match-list-m1)# show match-list m2 match-list m2 1 tcp any any service ssh 2 udp any any Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 456 XAMPLE The following example displays the details of match-list m1: ALU(config-match-list-m2)# show include match-list m1 1 tcp any any service ssh 2 udp prefix 22.1.1.0/8 any Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 457: Deletion Commands In Cc
If a match-list is in use, it cannot be deleted. The deletion of match-lists, as in case of lists, cannot be globally applied to all the match-lists that are configured. They can be deleted only one at a time. XAMPLE The following example deletes the match-list M1: ALU(config)# no match-list M1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 458 ALU(config)# match-list m2 ALU(config-match-list-m2)# 1 tcp any any service ssh ALU(config-match-list-m2)# 2 udp prefix 22.1.1.0/8 any ALU(config-match-list-m2)# 3 include m1 Now, to delete the included match-list, use the ‘no include’ command: ALU(config-match-list-m2)# no include match-list m1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 459: Sample Examples On The Usage Of Cc Across Applications
1 udp host 64.174.59.66 host 203.196.196.74 from 500 match-list esp-SV 1 esp host 64.174.59.66 host 203.196.196.74 match-list icmp 1 icmp prefix 10.91.0.0/24 prefix 10.0.1.0/24 match-list icmp-traffic 1 icmp any any match-list dos 1 ip any any match-list ospf 89 any any Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 460: Example 2
11.0.0.0/8 host 12.1.1.1 IP Precedence 5 tcp L1 interface GigabitEthernet 7/1 service smtp ip any L2 ip any L1 include m2 ip filter f1 match all m1 m2 permit match m3 permit match m2 deny reset Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 461: Example 3
L3 list L4 service telnet Now, a filter can be created and applied to the appropriate interface. ip filter f1 match m1 permit interface GigabitEthernet 7/1 ip filter in f1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 462 Left running head: Chapter name (automatic) Common Classifiers Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 463: Part 5 Routing Protocols
To switch to the beta version, import color def’ns from beta-colors.fm To switch to the beta version, import color def’ns from beta-colors.fm Part 5 Routing Protocols Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle CLI Configuration Guide section of Beta...
Page 464 Left running head: Chapter name (automatic) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 465: Protocol Independent Features
• “Protocol-Independent Configuration” • “Protocol-Independent Configuration Commands” For instructions on using the commands and descriptions on each of their parameters with the corresponding default values, refer to the OmniAccess 700 CLI Command Reference Guide. HAPTER ONVENTIONS Acronym Description User Mode - ALU>...
Page 466: Protocol-Independent Configuration
“Configure AS-path Access-list” • “Configure Route Maps” • “Redistribute Routing Information” • “Filtering Routing Information” • “Configure Administrative Distance” • “Configure Maximum Paths” • “Protocol Independent Features Show Commands” • “Protocol Independent Features Clear Command” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 467: Protocol-Independent Configuration Commands
Command (in CM) Description This command is used to ip route {destination network subnet- configure a static route. mask|destination network/prefix- length} {<gateway-ip- address>|<interface-name> [<gateway- ip-address>]}[<1-255>] XAMPLE ALU(config)# ip route 1.1.1.0/24 2.2.2.2 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 468 Unnumbered IP on Serial interfaces shall support PPP, HDLC, FR, MLPPP, MLFR, encapsulations. Note: OA-700 supports static routing over unnumbered interfaces. Dynamic routing protocols on unnumbered interface (RIP, OSPF, and BGP) are not supported. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 469 Extended access-list uses both source IP addresses as well as destination IP address. Extended access lists are more convenient to use when some networks must be allowed and some disallowed, within the same major network. Alcatel-Lucent CLI Configuration Guide Beta...
Page 470 This command is used to configure an access-list {<100-199>|<2000- Extended Access-list. 2699>} {deny|permit} {<0-255> |gre|icmp|ipinip|pim|rsvp|tcp| udp} {source-ip-address [network-number]|source-ip- address/prefix-length|any|host <source-host-ipaddress>} {destination-ip-address [network-number]|destination- ip-address/prefix- length|any|host <destination- host-ipaddress>}[log] XAMPLE ALU(config)# access-list 101 permit ip 162.168.0.0 0.0.0.0 255.255.252.0 0.0.0.0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 471 CCESS Command (in CM) Description This command is used to define a named ip access-list extended {<100- access list. And, enters Extended 199>|<2000-2699>|<access-list- Access-list Configuration Mode. name>} XAMPLE ALU(config)# ip access-list extended test ALU(config-ext-nacl)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 472 IP access list. address/prefix-length>|<source- ip-address subnet-mask>} [operators] {any|host <host-ip- address>|<destination-ip-address/ prefix-length>|<destination-ip- address subnet-mask>} [log] [log- input] [enable fragment] [precedence [<0-7>|<keywords>] [tos [<0-15>|<keywords>]]] XAMPLE ALU(config-ext-nacl)# permit ip 24.0.0.0/8 25.0.0.0/8 ALU(config-ext-nacl)# deny ip any 13.0.0.0/8 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 473 ALU(config)# ip community-list 1 permit internet ALU(config)# ip community-list 2 permit no-export ONFIGURE XTENDED OMMUNITY LIST Command (in CM) Description This command is used to configure a ip community-list <100-199> Extended Community-list. {deny|permit} <regular- expression> Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 474 In the following example, the IP as-path access-list commands create an as-path access list named '1' to deny only those routes that include paths from or through autonomous systems 100: ALU(config)# ip as-path access-list 1 deny _100_ Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 475 1-65535. This sequence number signifies the priority of a route-map rule. XAMPLE ALU(config)# route-map rip-to-ospf deny 10 ALU(config-route-map)# match ip address prefix-list test ALU(config-route-map)# set route-type external type-1 ALU(config)# route-map ospf-to-eigrp permit 20 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 476 To redistribute route or to perform set action, all the match criteria should be satisfied. • If a set command is not present in a route-map, then the route is redistributed without modification of its current attributes. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 477 ALU(config-route-map)# match community 1 ALU(config-route-map)# match ip address prefix-list testprefix ALU(config-route-map)# match ip next-hop 1 ALU(config-route-map)# match ip route-source 5 ALU(config-route-map)# match metric 10 ALU(config-route-map)# match interface GigabitEthernet 7/0 ALU(config-route-map)# match route-type external type-2 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 478 Sets the metric type of the set metric-type redistributed routes. {internal|external|type-1|type- XAMPLE ALU(config-route-map)# set community 10 ALU(config-route-map)#set comm-list 130 delete ALU(config-route-map)# set dampening 10 2000 2000 15 ALU(config-route-map)# set local-preference 100 ALU(config-route-map)# set weight 10 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 479 65535>|route-map <name>]|ospf <1- 65535> [match [external [type1|type2] |internal|nssa-external [type1|type2]] metric <0-4294967295>|weight [0- 65535]|route-map <name>]} Causes the current routing default-metric <1-4294967295> protocol to use the same metric value for all redistributed routes (BGP, OSPF, and RIP). Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 480 To prevent routing updates through a specified interface, enter the following command: Command (in RCM) Description Enter this command in Router passive-interface <interface- Configuration Mode. name> Suppresses sending of routing updates through the specified interface. XAMPLE ALU(config-router ospf1)#passive-interface GigabitEthernet 7/0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 481 Activates only those interfaces no passive-interface <interface- that need to have adjacencies set. name> XAMPLE ALU(config-router ospf1)# passive-interface default ALU(config-router ospf1)# no passive-interface GigabitEthernet To verify the passive interfaces, use ‘show ip ospf interface’ command. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 482 <slot/port>|Loopback <0-14487>] used to filter networks in received routing updates. Note: The OA-700 does not support Distribute-list feature in OSPF. XAMPLE ALU(config-router bgp AS1)#distribute-list 1 in GigabitEthernet ALU(config-router rip)# distribute-list prefix prefix-example in GigabitEthernet 7/0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 483 By specifying administrative distance values, you enable the router to intelligently discriminate between sources of routing information. The router will always pick the route whose routing protocol has the lowest administrative distance. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 484 You can also use administrative distance to rate the routing information from routers running the same routing protocol. This application is generally discouraged if you are unfamiliar with this particular use of administrative distance as it can result in inconsistent routing information, including forwarding loops. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 485 Enter this command in the Router maximum-paths <number of Configuration Mode. paths> This command is used to configure the maximum number of ECMP paths to be allowed in a routing table. XAMPLE ALU(config-router ospf 1)# maximum-paths 5 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 486 4.0.0.0 Routing Information Sources: Gateway Interface Distance Last Update 1.1.1.1 GigabitEthernet7/1 00:00:00 Distance: (default is 120) ALU# show ip protocols summary Index Process Name ospf 1 ospf 2 bgp 200 static connected connected-ppp ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 487 LIST ONFIGURATION Show Command (in SUM) Description This command displays the IP Prefix-list show ip prefix-list configuration. [<prefix-list name>] XAMPLE ALU# show ip prefix-list ip prefix-list test seq 5 deny 10.0.0.0/8 ge 23 ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 488 1 Description: Exit Policy: Match clauses: community (community-list filter): 1 ip address (access-lists): prefix-list testprefix Set clauses: route-map test, deny, sequence 2 Description: Exit Policy: Match clauses: Set clauses: ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 489 Description This command displays the IP Community- show ip community-list [<1- list configuration. 199>] XAMPLE ALU# show ip community-list Community standard access list 1 permit internet Community standard access list 2 permit no-export ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 490 7.0.0.0/8 [1/0] is directly connected, Serial0/0:0 is directly connected, Serial0/0:1 10.0.0.0/24 is subnetted, 1 subnet 10.91.2.0 [0/0] is directly connected, GigabitEthernet7/0 99.0.0.0/24 is subnetted, 1 subnet 99.99.99.0 [0/0] is directly connected, loopback1 100.0.0.0/8 [1/0] via 10.91.2.5, GigabitEthernet7/0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 491 5.5.1.0 [0/0] is directly connected, Serial0/0:1 5.5.2.0 [0/0] is directly connected, Serial0/0:2 10.0.0.0/24 is subnetted, 1 subnet 10.91.2.0 [0/0] is directly connected, GigabitEthernet7/0 99.0.0.0/24 is subnetted, 1 subnet 99.99.99.0 [0/0] is directly connected, loopback1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 492 O E2 193.0.0.0/8 [110/20][1] via 1.1.1.2, GigabitEthernet7/1 ROTOCOL NDEPENDENT EATURES LEAR OMMAND Command (in SUM) Description Clears all routes from the IP routing clear ip route * table. XAMPLE ALU# clear ip route * Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 493: Routing Information Protocol
OA-700. It provides a broad overview on RIP V1 and V2 configuration including the timer, authentication, default route, and monitoring commands. For a detailed information on the RIP commands, refer to the RIP chapter in the OmniAccess 700 CLI Command Reference Guide. This chapter includes the following sections: •...
Page 494: Rip Overview
RIP uses User Datagram Protocol (UDP) data packets to exchange routing information. The routing information updates are sent at regular time intervals (by default, 30 seconds in Alcatel-Lucent’s implementation). If the router does not receive any updates from a neighboring router for a time interval known as the invalid timer, it marks all routes from the neighboring router as invalid.
Page 495: Rip Configuration
RIP C ONFIGURATION Refer to the following sections to configure RIP on your system: • “RIP Configuration Steps” • “RIP Configuration Flow” • “RIP Configuration Commands” • “RIP Show Commands” • “RIP Clear Commands” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 496: Rip Configuration Steps
Configure RIP Behavior on an Interface. See “To Configure RIP Behavior on an Interface” • Enable or Disable Split Horizon. See “To Enable/Disable Split Horizon” • Enable or Disable Broadcast Updates. See “To Enable/Disable Broadcast Updates” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 497 “To Apply Offsets to Routing Metrics” • RIP Authentication. See “RIP Authentication” • RIP and Default Route. See “RIP and Default Route” • Configure Auto Summary. See “To Configure Auto Summary” • RIP Redistribution. See “RIP Redistribution” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 498: Rip Configuration Flow
Left running head: Chapter name (automatic) Routing Information Protocol RIP C ONFIGURATION Figure 4: RIP Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 499: Rip Configuration Commands
<network-number> configured network. RIP stops sending updates through interfaces on this network. Also these interfaces will not be advertised in any RIP updates. XAMPLE ALU(config-router rip)# network 10.0.0.0 ALU(config-router rip)# no network 10.0.0.0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 500: Rip Optional Parameters
OA-700 system sends only RIPv1 messages but receives both RIPv1 and RIPv2 messages. no version This command resets the configured routing protocol version. XAMPLE ALU(config-router rip)# version 1 ALU(config-router rip)# no version Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 501 Description This command enables the split horizon ip split-horizon [poison- mechanism. reverse] This command disables the split horizon no ip split-horizon [poison- mechanism. reverse] XAMPLE ALU(config-if GigabitEthernet7/0)# ip split-horizon ALU(config-if GigabitEthernet7/0)# no ip split-horizon Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 502 {<interface- of interfaces with which you want to name>|default} exchange routing updates. The ‘no’ command disables the no passive-interface configured passive interfaces. {<interface-name>|default} XAMPLE ALU(config-router rip)# passive-interface GigabitEthernet 7/0 ALU(config-router rip)#no passive-interface GigabitEthernet 7/0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 503 The ‘no’ command sets administrative no distance <1-255> distance to default. ‘Show ip protocols’ command shows the default distance for all routing protocols. XAMPLE ALU(config-router rip)# distance 130 10.0.0.0/8 20 ALU(config-router rip)# no distance Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 504 As per the example, all the routes imported from the Static routing protocol will be assigned metric of 10. In case of routes imported from OSPF routing protocol, a metric of 5 is assigned to all the routes. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 505 Holddown values, the proper Holddown interval cannot elapse, which results in a new route being accepted before the Holddown interval expires. Choose these values properly to improve network convergence time and to control routing traffic. Alcatel-Lucent CLI Configuration Guide Beta...
Page 506 Serial0/0:1. For route entries matching the addresses specified in access-list 1, add 2 hops to the metric." If no interface is identified, the list will modify either all incoming updates or all outgoing updates specified by the access-list on any interface. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 507 ONFIGURE A Command (in Key-chain Mode) Description This command is used to configure a key key <0-2147483647> that can be used on an interface in the range 0-2147483647. XAMPLE ALU(config-keychain allen)# key 100 ALU(config-keychain-key 100)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 508 This chain <key-chain name> disables RIP authentication. XAMPLE ALU(config-if GigabitEthernet7/0)# ip rip authentication key- chain allen ALU(config-if GigabitEthernet7/0)# no ip rip authentication key-chain allen Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 509 By default, RIP validates the source IP address of incoming RIP routing updates. This command validates the source IP validate-update-source address of incoming RIP routing updates. XAMPLE ALU(config-router rip)# no validate-update-source ALU(config-router rip)# validate-update-source Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 510 By default, this feature is enabled. The ‘no’ command disables auto- no auto-summary summary, and sends sub-prefix routing information across classful network boundaries. XAMPLE ALU(config-router rip)# auto-summary ALU(config-router rip)# no auto-summary Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 511 Specify either an access list or a prefix list with the distribute-list command. Use the gateway keyword only with the prefix-list keyword. XAMPLE ALU(config-router rip)# distribute-list prefix prefix-example in GigabitEthernet 7/0 ALU(config-router rip)# no distribute-list prefix prefix- example in GigabitEthernet 7/0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 512 [metric {<1-16> |transparent}|route-map <route-map reference>] This command disables the redistribution no redistribute {bgp <1-65535> of routes. |connected|ospf <1-65535> [match {{external|nssa- external}[1|2]|internal}]| static} [metric {<1-16> |transparent}|route-map <route-map reference>] XAMPLE ALU(config-router rip)# redistribute bgp 1 metric 10 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 513: Rip Show Commands
Incoming update filter list for all interfaces is not set Interface Send Recv Key-chain GigabitEthernet7/1 loopback1 Routing for Networks: 1.0.0.0 4.0.0.0 Routing Information Sources: Gateway Interface Distance Last Update 1.1.1.1 GigabitEthernet7/1 00:00:00 Distance: (default is 120) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 514 ALU# show ip rip interfaces RIP Interface Table ------------------- Flags Interface Interface Address Interface Mask Send Ver Recv Ver GigabitEthernet7/0 1.1.1.2 255.255.255.0 GigabitEthernet7/1 10.91.2.6 255.255.255.0 (Flags - U: Unnumbered P:Passive B:V2 Broadcast S:Split horizon disabled) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 515 GigabitEthernet7/1 Routes learned Updates sent Bad msgs received Trig Updates sent Auth failures Responses sent *Unicast tx failure 0 Routes advertised Bcast tx failures Updates received Mcast tx failures Requests received Bad Rtes received Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 516 Displays the configured key chain on the show key-chain interface. XAMPLE ALU> show key-chain key-chain alu1 key 1 key-string alcatel-lucent Accept lifetime (00:00:00 01 Jan 2000) - (Infinite) [Valid Now] Send lifetime (00:00:00 02 Feb 2001) - (Infinite) [Valid Now] key-chain alu2 key 2 key-string lucent...
Page 517: Rip Clear Commands
The section below details the procedure to clear RIP configuration on your system. RIP P ESTART THE ROCESS Command (in SUM) Description Clears the RIP database or the RIP clear ip rip statistics. {database|statistics} XAMPLE ALU# clear ip rip database Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 518 Left running head: Chapter name (automatic) Routing Information Protocol Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 519: Border Gateway Protocol
For instructions on using the BGP commands and descriptions on each of their parameters with the corresponding default values for each, refer to the OmniAccess 700 CLI Command Reference Guide. This chapter includes the following sections: •...
Page 520: Bgp Overview
Autonomous Systems (ASs). This is sufficient to construct a graph of AS connectivity from which routing loops may be pruned and some policy decisions at the AS level may be enforced. The Alcatel-Lucent implementation of BGP supports BGP-4 specified in RFC 1771.
Page 521: Bgp Configuration
This chapter lists only the mandatory steps to configure BGP. There are various other optional parameters that can be configured for BGP. To know more about the optional commands, refer to the BGP chapter in the OmniAccess 700 CLI Command Reference Guide.
Page 522 Chapter name (automatic) Border Gateway Protocol Step 6: Configure the networks. See “To Configure Networks to be Advertised” Step 7: View BGP configuration. See “BGP Show Commands” Step 8: Reset BGP configuration. See “BGP Clear Commands” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 523: Bgp Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) BGP Configuration BGP C ONFIGURATION Figure 5: BGP Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 524: Bgp Configuration Commands
Command (in RCM) Description Configures a BGP neighbor and the AS neighbor {<ip-address>|<peer- to which this neighbor belongs. group-name>} remote-as <1-65535> XAMPLE ALU(config-router bgp AS30)# neighbor 1.1.1.1 remote-as 100 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 525 This specifies a backdoor [{backdoor|route-map route to a BGP border router that will <name>|weight <0-65535>}] provide better information about the network. 0-65535 specifies an absolute weight to a BGP network. XAMPLE ALU(config-router bgp AS30)#network 35.0.0.0/8 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 526: Bgp Show Commands
3 Path attribute entries using 672 bytes of memory 2 Aspath entries using 614 bytes of memory 2 Community entries using 44 bytes of memory Neighbor MsgRcvd MsgSent InQ OutQ Up/Down State/PfxRcd 1.1.1.2 00:12:46 111.111.111.112 4 00:17:39 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 527 Address family IPv4 Unicast: advertised and received Received 322 messages, 1 notifications, 0 in queue Sent 331 messages, 8 notifications, 0 in queue Minimum time between advertisement runs is 30 seconds For Address Family IPv4 Unicast Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 528 Local host: 111.111.111.111, Local port: 179 Foreign host: 111.111.111.112, Foreign port: 32832 iss: 0 snduna: 0 sndnxt: 0 sndwnd: 2 irs: 0 rcvnxt: 0 rcvwnd: 0 SRTT: 0 ms, RTTO: 18750 ms, RTV: 7500 ms, minRTT: 0 ms Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 529: Bgp Clear Commands
To do a hard reset of the BGP connection, use the following command: Command (in SUM) Description This command clears the set BGP clear ip bgp {*|<neighbor- configuration details. address>|<peer-group-name>} XAMPLE ALU# clear ip bgp 1.1.1.1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 530 BGP table updates based on the stored information. Command (in SUM) Description Performs a soft reset on the connection clear ip bgp {*|<neighbor- specified in the command, using the address>|<peer-group-name>} stored routing table information for that soft in connection. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 531 To perform an outbound soft reset, no pre-configuration is required. Enter this command in the Super User Mode and Configuration Mode as follows: Command (in SUM) Description Performs a outbound soft reset on the clear ip bgp {*|<neighbor- connection specified in the command. address>|<peer-group-name>} soft Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 532: A Typical Bgp Example Using
Figure 6: BGP Configuration Scenario OUTER hostname RouterA interface Serial0/0:0 ip address 10.10.1.6/30 encapsulation ppp interface GigabitEthernet7/0 ip address 10.1.1.1/24 router bgp 1 neighbor 10.10.1.5 remote-as 3 address-family ipv4 unicast network 10.1.1.0/24 neighbor 10.10.1.5 activate Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 533 Serial0/1:0 ip address 10.1.1.9/30 encapsulation ppp interface GigabitEthernet7/0 ip address 10.3.1.1/24 router bgp 3 neighbor 10.10.1.6 remote-as 1 neighbor 10.10.1.10 remote-as 2 address-family ipv4 unicast neighbor 10.10.1.6 activate neighbor 10.10.1.10 activate Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 534 Left running head: Chapter name (automatic) Border Gateway Protocol Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 535: Open Shortest Path First
This chapter covers the Open Shortest Path First (OSPF) configuration for the OA-700. For instructions on using the commands and descriptions on each of their parameters with the corresponding default values, refer to the OmniAccess 700 CLI Command Reference Guide. This chapter includes the following sections: •...
Page 536: Ospf Overview
OSPF also lets the user assign cost metrics to a given host router so that some paths are given preference. OSPF supports a variable network subnet mask so that a network can be subdivided. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 537: Ospf Configuration
Example: ALU(config-if GigabitEthernet7/0)# no shutdown Step 3: Configure IP address for the interface ALU(config-if <interface-name>)# ip address {<ip- address subnet-mask>|<ip-address/prefix-length>} Example: ALU(config-if GigabitEthernet7/0)# ip address 20.20.20.20/24 Step 4: Enable OSPF. See “To Enable OSPF” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 538 “To Control Default Metrics” • Configure OSPF Administrative Distances. See “To Configure OSPF Administrative Distances” • Configure Route Calculation Timers. See “To Configure Route Calculation Timers” • Log Adjacency Changes. See “To Log Adjacency Changes” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 539: Osfp Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) OSPF Configuration OSFP C ONFIGURATION Figure 7: OSPF Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 540: Ospf Configuration Commands
Enables routing on an IP network and network {<ip-address subnet- the area ID for that interface. mask>|<ip-address/prefix- length>} area {<0-4294967295>| <ip-address>} Note: Area ‘0’ is called the backbone area. XAMPLE ALU(config-router ospf 1)# network 10.0.0.0/8 area 1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 541: Ospf Optional Parameters
ABR. This prevents it from sending summary link advertisement (LSAs type 3) into the stub area. To specify an area parameter for your network, use the following commands: Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 542 <0- NSSA. 16777215> Removes the specific cost assigned to no area {<0-4294967295>|<ip- the default summary route used for the address>} default-cost <0- stub area/NSSA. 16777215> XAMPLE ALU(config-router ospf 1)# area 1 default-cost 100 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 543 When configured, the router generates a type 7 default route into the NSSA. Every router within the same area must agree that the area is NSSA; otherwise, the routers will not form adjacency. XAMPLE ALU(config-router ospf 1)# area 1 nssa Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 544 The ‘no’ command sets area to default. no area {<0-4294967295>|<ip- address>} stub [no-summary] Note: The area ‘0’ cannot be configured as a stub as it forms the backbone of the network. XAMPLE ALU(config-router ospf 1)# area 1 stub no-summary Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 545 To display information about virtual links, use the ‘show ip ospf virtual-links’ command. To display the router ID of an OSPF router, use the ‘show ip ospf’ command. XAMPLE ALU(config-router ospf 1)# area 1 virtual-link 202.202.202.5 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 546 Sets the number of seconds that a ip ospf dead-interval <1-65535> device must wait before it declares a neighbor OSPF router dead because it has not received a hello packet. On broadcast network, the dead- interval is 40 seconds. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 547 ALU(config-if GigabitEthernet7/0)# ip ospf transmit-delay 2 ALU(config-if GigabitEthernet7/0)# ip ospf priority 2 ALU(config-if GigabitEthernet7/0)# ip ospf hello-interval 20 ALU(config-if GigabitEthernet7/0)# ip ospf dead-interval 50 ALU(config-if GigabitEthernet7/0)# ip ospf mtu-ignore ALU(config-if GigabitEthernet7/0)# ip ospf database-filter all Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 548 The “no” form of these commands negates the configured authentication. XAMPLE ALU(config-if GigabitEthernet7/0)# ip ospf authentication ALU(config-if GigabitEthernet7/0)# ip ospf authentication-key passwordtest ALU(config-if GigabitEthernet7/0)# ip ospf authentication message-digest ALU(config-if GigabitEthernet7/0)# ip ospf message-digest-key 100 md5 passwordline Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 549 10 minutes. The router keeps track of the LSAs it generates and the LSAs it receives from other routers. The router refreshes the LSAs it generated and ages the LSAs it received from other routers. Alcatel-Lucent CLI Configuration Guide Beta...
Page 550 LSA expires. The OSPF flooding reduction solution works by reducing unnecessary refreshing and flooding of already known and unchanged information. Command (in ICM) Description Suppresses the unnecessary flooding of ip ospf flood-reduction LSAs in stable topologies. XAMPLE ALU(config-if GigabitEthernet7/0)# ip ospf flood-reduction Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 551 Cost: Assigns a cost to the neighbor. Neighbors with no specific cost configured will assume the cost of the interface. • Database-filter all: Filters the outgoing LSAs to an OSPF neighbor. XAMPLE ALU(config-router ospf 1)# neighbor 10.0.0.1 priority 1 poll- interval 130 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 552 [not-advertise|tag <0- 4294967295>] Use the optional not-advertise keyword to filter out a set of routes. XAMPLE ALU(config-router ospf 1)# summary-address 20.0.0.0/8 tag 20 ALU(config-router ospf 1)# summary-address 10.0.0.0/8 not advertise Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 553 100 ONFIGURE EDISTRIBUTION Command (RCM) Description This command is used redistribute redistribute routes to OSPF. {connected|static|bgp <1- 65535>|ospf <1-65535>}[metric <0-16777214>|metric-type <1- 2>|route-map <map-name>|tag <0-4294967295>|subnets] XAMPLE ALU(config-router ospf 1)#redistribute static metric 19 metric- type 1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 554 Default value for reference bandwidth is 100. The OSPF metric is calculated as the reference bandwidth value divided by the bandwidth, with reference bandwidth equal to 10 by default. XAMPLE ALU(config-router ospf 1)# auto-cost reference-bandwidth 100 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 555 ‘Distance ospf’ command is used when we have multiple OSPF instance and we want prefer routes of one OSPF instance over routes of other instance. XAMPLE ALU(config-router ospf 1)# distance 60 10.0.0.0/8 ALU(config-router ospf 1)# distance ospf external 10 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 556 Use ‘detail’ keyword to log the messages for all state changes. This command is used to disable no log-adjacency-changes logging. XAMPLE ALU(config-router ospf 1)# log-adjacency-changes detail ALU(config-router ospf 1)# no log-adjacency-changes Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 557 ALU(config-router ospf 1)# compatible rfc1583 ONFIGURE EFAULT ETRIC Command (in RCM) Description This command sets the default metric default-metric <1-4294967295> values for the OSPF routing protocol. The default metric is 20. XAMPLE ALU(config-router ospf 30)#default-metric 60000 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 558 <ip-address> router ID. XAMPLE ALU(config-router ospf 30)#router-id 35.0.0.1 OSPF R UNNING ONFIGURATION Command (in RCM) Description This command is used to view the OSPF write ospf running configuration. XAMPLE ALU(config-router ospf 30)#write ospf Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 559: Show Commands In Ospf
<0-14487>] XAMPLE ALU# show ip ospf flood-list OSPF Router with ID (1.1.1.2) (Process ID 1) Interface GigabitEthernet 7/0, Queue length 1 Type LS ID ADV RTR Seq NO Checksum 1.1.1.2 1.1.1.2 0x8000001D 0x04EA ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 560 [<1-65535>] request-list requested by a router. [neighbor-router-id] [{GigabitEthernet|Serial} <slot/ port>|Loopback <0-14487>}] Displays a list of all LSAs show ip ospf [<1-65535>] waiting to be resent. retransmission-list [neighbor-router- id] [{GigabitEthernet|Serial} <slot/ port>|Loopback <0-14487>}] Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 561 Area has no authentication SPF algorithm executed 8 times Area ranges are Number of LSA 5. Checksum Sum 0x234A3 Number of opaque link LSA 0. Checksum Sum 0x0 Flood list length 0 Ex 2: Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 562 Net Link States (Area 1) Link ID ADV Router Seq# Checksum 2.2.2.2 1.1.1.2 1747 0x80000001 0x4AA5 Summary Net Link States (Area 1) Link ID ADV Router Seq# Checksum 1.1.1.0 1.1.1.2 0x80000003 0x65AC Summary ASBR Link States (Area 1) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 563 Backup Designated router (ID) 1.1.1.2, Intf address 2.2.2.2 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:03 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 6.6.6.6 (Designated Router) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 564 LS Request Packets Received 0, LS Request Packets Sent 2 LS Update Packets Received 14, LS Update Packets Sent 38 LS Acknowledgment Packets Received 19, LS Acknowledgment Packets Sent 8 Errors 1, Events 0 ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 565 Neighbor priority is 1, State is FULL, 10 state changes DR is 2.2.2.2 BDR is 2.2.2.1 Options is 0x42 Dead timer due in 00:00:35 Neighbor is up for 00:31:32 retransmission queue length 0, number of retransmissions 0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 566 OSPF Router with ID (1.1.1.2) (Process ID 1) Neighbor 6.6.6.6, interface GigabitEthernet 7/1 address 2.2.2.2 Type LS ID ADV RTR Seq NO Checksum 1280 192.175.142.0 1.1.1.1 0x80000003 0x9FFB 1280 192.175.206.0 1.1.1.1 0x80000003 0xDC7E 1280 192.175.15.0 1.1.1.1 0x80000003 0x1A01 ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 567 Ext-2 0.0.0.0 2.2.2.2 45.5.5.0/24 Ext-2 0.0.0.0 0.0.0.0 Ex 12: ALU# show ip ospf summary-address OSPF Process 1, Summary-address 192.175.0.0/255.255.0.0 Metric -1, Type 2, Tag 4 2.0.0.0/ 255.0.0.0 Metric 20, Type 2, Tag 0 router-2(config)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 568: Clear Commands In Ospf
To restart an OSPF process, use the following command: Command (in SUM) Description Restarts OSPF router if only process clear ip ospf [[<1-65535> ID is specified. |process|redistribution|counters [neighbor] [neighbor-id] For other parameters, it restarts the [interface-name]|interface specified counters/feature. statistics [hello|ddp|lsupd |lsack|lsreq][interface-name]] Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 569: Ospf Configuration On Oa-700
ONFIGURATION ON XAMPLE Figure 8: OSPF Configuration Scenario OUTER hostname RouterA interface Serial0/0:0 ip address 10.1.1.9/30 encapsulation ppp interface GigabitEthernet7/0 ip address 10.5.1.1/24 router ospf 1 log-adjacency-changes network 10.1.1.0/24 area 0 network 10.5.0.0/16 area 5 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 570 10.5.0.0/16 area 5 OUTER hostname RouterC interface Serial0/0:0 ip address 10.1.1.6/30 encapsulation ppp interface GigabitEthernet7/0 ip address 10.8.1.1/24 interface GigabitEthernet7/1 ip address 10.8.2.1/24 shutdown router ospf 1 log-adjacency-changes network 10.1.1.0/24 area 0 network 10.8.0.0/16 area 8 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 571: Multicast Routing
This chapter covers the Muticast routing configuration for the OA-700. For instructions on using the commands and descriptions on each of their parameters with the corresponding default values, refer to the OmniAccess 700 CLI Command Reference Guide. This chapter includes the following sections: •...
Page 572: Multicast Overview
MRIB gives reverse-path information and indicates the path that a multicast data packet would take from its origin subnet to the router that has the MRIB. Alcatel-Lucent CLI Configuration Guide Beta...
Page 573: Internet Group Management Protocol (Igmp)
Report to the group, with IP TTL of 1. If the host receives another host's Report (version 1 or 2) while it has a timer running, it stops its timer for the specified group and does not send a Report, in order to suppress duplicate Reports. Alcatel-Lucent CLI Configuration Guide Beta...
Page 574: Rfcs
The OA-700 supports IGMPv2 as default IGMP version. As IGMPv2 is backward compatible, it works well with IGMPv1 host as well. • PIM-SM: Supported RFC 4601 • IGMP: Supported version 2. RFC 2236 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 575: Pim Configuration
Step 5: Enable PIM on an interface:. See “To Enable PIM on an Interface” Step 6: Configure PIM Static RP. See “To Configure PIM Static RP” Configure PIM RP candidate using BSR. See “To Configure PIM RP Candidate” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 576 Switching Threshold” • Configure PIM as BSR. See “To Configure PIM as BSR” • Configure RP candidate priority. See “To Configure RP Candidate Priority” Step 8: View PIM configuration. See “Show Commands in PIM” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 577: Pim Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) PIM Configuration PIM C ONFIGURATION Figure 9: PIM Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 578: Pim Configuration Commands
After enabling this command, PIM starts sending hello packets to form neighborship. This command is used to disable PIM on no ip pim sparse-mode an interface. XAMPLE ALU(config-if GigabitEthernet3/0)# ip pim sparse-mode Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 579 If more than one RP has the same hash value, the RP with the highest IP address is chosen. XAMPLE ALU(config)# ip pim rp-candidate GigabitEthernet3/0 group-list Note: All routers in the PIM domain should have same RP address for a multicast group. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 580 This command is used to see group show ip pim rp-hash <group- to RP mapping. If RP information for address> the given group does not exist then command gives error else output shows the RP information for the given group. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 581 RPT to SPT. In case, the access-list is specified, this threshold value is used only for the groups, which matches the access-list. The default spt-threshold is 0 Kbps. XAMPLE ALU(config)# ip pim spt-threshold 100 group-list 10 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 582 ALU(config)# ip pim bsr-candidate GigabitEthernet3/0 1 10 RP C ONFIGURE ANDIDATE RIORITY Command (in CM) Description This command is used to configure the ip pim rp-candidate-priority priority of the RP candidate. <0-255> XAMPLE ALU(config)# ip pim rp-candidate-priority 10 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 583: Show Commands In Pim
To see neighbors on a specific interface, use the interface name. XAMPLE ALU#show ip pim neighbor PIM Neighbor Table Neighbor Interface Uptime/Expires DR Address Prio/Mode 8.8.8.8 Serial0/0:0 00:09:37/00:01:39 1/ DR 6.6.6.7 Serial0/1:0 00:09:45/00:01:33 1/ DR Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 584 Info source: 1.1.1.1 (?), via bootstrap, priority 0, holdtime = 53760 Uptime: 00:00:45, expires 14:55:15 Group(s) 228.0.0.0/8 RP 2.2.2.1 (?) v2 Info source: 2.2.2.1 (?), via bootstrap, priority 0, holdtime = 38400 Uptime: 00:03:55, expires 10:39:05 (config)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 585 Flags: M - Nexthop from Mroute, T - Terminating K - KeepAlive Timer Running, S - SPT bit set (*,224.1.1.1), JOINED 00:00:55/00:00:05, RP 5.5.5.5, flags: Incoming interface: GigabitEthernet3/1, RPF neighbor 5.5.5.5 Downstream interface state: GigabitEthernet3/0, 00:00:55, flags:A inherited_olist: GigabitEthernet3/0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 586: Clear Commands In Pim
RP. address>] XAMPLE ALU# clear ip pim rp-mapping IP PIM BSR LEAR Command (in SUM/CM) Description This command clears the BSR clear ip pim bsr [<bsr-address>] address. XAMPLE ALU# clear ip pim bsr Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 587: Igmp Configuration
ALU(config-if <interface-name>)# ip address {<ip- address subnet-mask>|<ip-address/prefix-length>} Example: ALU(config-if GigabitEthernet3/0)# ip address 20.20.20.20/24 Step 4: Enable Multicast routing. See “To Enable Multicast Routing” Step 5: Enable IGMP on an interface:. See “To Enable IGMP on an Interface” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 588 “To Join Multicast Group” • Configure IGMP access group. See “To Configure IGMP Access Group” Step 7: View IGMP configuration. See “Show Commands in IGMP” Step 8: View Mutlicast configuration. See “Show Commands in Multicast” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 589: Igmp Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) IGMP Configuration IGMP C ONFIGURATION Figure 10: IGMP Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 590: Igmp Configuration Commands
After enabling this command, IGMP learns the multicast host information on given interface. This command is used to disable IGMP no ip pim sparse-mode on an interface. XAMPLE ALU(config-if GigabitEthernet3/0)# ip pim sparse-mode Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 591 Use this command to configure the ip igmp last-member-query- last-member query interval (in interval <100-65535> milliseconds) for the IGMP. The default last-member-query- interval is 1000 milliseconds. XAMPLE ALU(config-if GigabitEthernet3/0)# ip igmp last-member-query- interval 2000 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 592 This command is used to configure ip igmp query-interval <1-65535> the interval (in seconds) at which the IGMP router sends query messages on an interface. The default query-interval is 125 seconds. XAMPLE ALU(config-if GigabitEthernet3/0)# ip igmp query-interval 100 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 593 {<1- groups, which are not permitted by 99>|<access-list-name>} access-lists. This restricts the host on a subnet joining only multicast groups that are permitted by access-lists. XAMPLE ALU(config-if GigabitEthernet3/0)# ip igmp access-group 10 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 594: Show Commands In Igmp
Number of joins on this interface = 84 Number of leave message on this interface = 7 Querier on this interface = 7.7.7.3 Interface DR is 7.7.7.3 Total groups on this interface Group 1 224.1.1.1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 595: Show Commands In Multicast
ALU# show ip multicast traffic IP Multicast statistics: Rcvd: 4449 total, 838 link local Sent: 3334 forwarded, 0 send register 0 send assert, 3 first data pkt notice Errors: 1 rpf failure, 1 drop Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 596: Clear Commands In Multicast
XAMPLE ALU# clear ip mroute LEAR ULTICAST RAFFIC Command (in SUM/CM) Description This command resets the multicast clear ip multicast traffic traffic counters. XAMPLE ALU# clear ip multicast traffic Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 597: Multicast Configuration On Oa-700
Multicast sender for group 225.5.5.5 and 227.7.7.7 is connected to router R6. In the given scenario, you can see the multicast routing table entries on routers to verify multicast routing. Show command outputs on router R3 is given. Alcatel-Lucent CLI Configuration Guide Beta...
Page 598 GigabitEthernet7/1 ip address 2.2.2.1 255.255.255.0 ip pim sparse-mode router ospf 1 log-adjacency-changes network 1.0.0.0/8 area 0 network 2.0.0.0/8 area 0 network 6.0.0.0/8 area 0 ip pim rp-address 3.3.3.2 ip pim spt-threshold infinity Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 599 GigabitEthernet7/0 ip address 3.3.3.2 255.255.255.0 ip pim sparse-mode interface GigabitEthernet7/1 ip address 4.4.4.2 255.255.255.0 ip pim sparse-mode router ospf 1 log-adjacency-changes network 3.0.0.0/8 area 0 network 4.0.0.0/8 area 0 ip pim rp-address 3.3.3.2 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 600 6.6.6.2 255.255.255.0 ip pim sparse-mode interface GigabitEthernet7/1 ip address 7.7.7.2 255.255.255.0 ip pim sparse-mode router ospf 1 network 5.0.0.0/8 area 0 network 6.0.0.0/8 area 0 network 7.0.0.0/8 area 0 ip pim rp-address 3.3.3.2 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 601: Verifying Multicast Routing
R3(config)# show ip multicast traffic IP Multicast statistics: Rcvd: 11134 total, 4802 link local Sent: 5973 forwarded, 0 send register 5 send assert, 1 first data pkt notice Errors: 5 rpf failure, 5 drop R3(config)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 602 1/ DR 8.8.8.2 Serial0/0:0 00:02:36/00:01:44 v2 1/ DR R3(config)# R3(config)# show ip pim interface Address Interface Ver/ Query Mode Count Intvl Prior 2.2.2.2 GigabitEthernet7/0 v2/S 2.2.2.2 3.3.3.1 GigabitEthernet7/1 v2/S 3.3.3.2 8.8.8.1 Serial0/0:0 v2/S 8.8.8.2 R3(config)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 603: Policy Based Routing
This chapter covers the Policy Based Routing (PBR) configuration for the OA-700. For instructions on using the commands and descriptions on each of their parameters with the corresponding default values, refer to the OmniAccess 700 CLI Command Reference Guide. This chapter includes the following sections: •...
Page 604: Pbr Overview
• OA-700 shall support PBR as an infrastructure for other software components to add system PBR rules. This shall enable the applications to treat certain traffic in a special way. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 605: Pbr Configuration
Step 4: Administratively bring up the interface ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if GigabitEthernet3/0)# no shutdown Step 5: Configure IP address for the interface ALU(config-if <interface-name>)# ip address {<ip- address subnet-mask>|<ip-address/prefix-length>} Example: ALU(config-if GigabitEthernet3/0)# ip address 20.20.20.20/24 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 606 / Detach an IP Policy to an Interface” Note: An interface can have only one IP policy applied on it at any time. Step 7: Use the show commands to view PBR configuration. See “Show Commands in PBR” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 607: Pbr Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) PBR Configuration PBR C ONFIGURATION Figure 12: PBR Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 608: Pbr Configuration Commands
Note: When the interface option is chosen as Ethernet/VLAN, it is mandatory to specify the next hop. • The range for the rule is 1-65535. This rule number signifies the priority of a rule. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 609 The command deletes a rule no rule <1-65535> corresponding to the rule number. XAMPLE ALU(config-ip-policy-pbr1)# 10 match m1 m2 not m3 interface GigabitEthernet 3/0 next-hop 1.2.2.1 ALU(config-ip-policy-pbr1)# 20 match m1 m2 next-hop 1.2.2.2 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 610 The following example binds the IP policy ‘pbr1’ to interface GigabitEthernet3/1: ALU(config)# interface GigabitEthernet3/1 ALU(config-if GigabitEthernet3/1)# ip-policy pbr1 If the IP policy pbr1 is attached to the GigabitEthernet3/1, the following command detaches it from the interface: ALU(config)# interface GigabitEthernet3/1 ALU(config-if GigabitEthernet3/1)# no ip-policy pbr1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 611: Show Commands In Pbr
PBR - Policy Based Routed, Drop - Dropped 0 packets forwarded by best effort IP forwarding ip-policy pbr1 : PBR - 0 Drop - 0 0 hits on : 1 match any m1 next-hop 1.1.1.1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 612: Clear Commands
[<ip- all the IP policies configured in the policy name>] system. If a policy-name is specified, then the statistics for the specified IP policy are cleared. XAMPLE ALU(config)# clear ip-policy statistics Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 613: Pbr Configuration Example
ALU(config-ip-policy-xyz-corporate-policy)# 10 match fin- dept next-hop 203.121.10.1 ALU(config-ip-policy-xyz-corporate-policy)# 20 match engg-dept next-hop 150.23.221.50 ALU(config-ip-policy-corporate-policy)# exit ALU(config)# Step 3: Apply the IP policy on the interface. ALU(config)# interface vlan 10 ALU(config-if Vlan10)# ip-policy xyz-corporate-policy ALU(config-if Vlan10)# exit ALU(config)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 614: Show Commands
Verify the IP policy configuration by using the following show command: ALU(config)# show ip-policy xyz-corporate-policy ! IP-Policy configuration ip-policy xyz-corporate-policy 10 match any fin-dept next-hop 203.121.10.1 20 match any engg-dept next-hop 150.23.221.50 exit interface Vlan10 ip-policy xyz-corporate-policy exit Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 615: Virtual Routing And Forwarding
• “VRF-CE Configuration” “VRF-CE Overview” section provides an insight on the concept of VRF-CE. This information serves as an educational overview. You can skip this section and move onto the VRF-CE configuration directly. Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 616: Chapter Conventions
Virtual Routing and Forwarding Customer Edge Configuration Mode - ALU (config)# Interface Configuration Mode - ALU (config-interface name)# Router Configuration Mode - ALU (config-router)# OSPF Open Shortest Path First Border Gateway Protocol Routing Information Protocol Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 617: Vrf-Ce Overview
2 via PVC. Blue VPN site 1 connects to a non-VRF aware router at site 2 via an IP tunnel. Similarly, it connects to a VRF-aware router at site 3 via an IP tunnel. Figure 13: VRF-CE Deployment Scenario Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 618 Since multiple VPNs can connect to the same VRF-CE system, they all can use overlapping IP addresses. • VRF-CE lets multiple customers share the same physical link. • All routing protocols can be used between the CE and ISP. Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 619: Vrf-Ce Configuration
Step 4: Configure an interface. Enter Interface Configuration Mode. ALU(config)# interface <name> Example: ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# Step 5: Administratively bring up the interface ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if GigabitEthernet7/0)# no shutdown Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 620 Step 8: Using Management Utilities in a VRF. See “Using Management Utilities in a VRF” (Optional) Step 9: System Monitoring Commands in VRF. See “System Monitoring Commands in VRF” (Optional) Step 10: View the VRF-CE configuration. See “VRF Show Commands” Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 621: Vrf-Ce Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) VRF-CE Configuration VRF-CE C ONFIGURATION Figure 15: VRF-CE Configuration Flow Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 622: Vrf-Ce Cli Commands
Maximum number of VRFs supported is 64. ONFIGURE ESCRIPTION FOR A Command (in VRF CM) Description This command is used to specify description description <description- for a VRF. string> XAMPLE ALU(config-vrf)# description ALU-routing Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 623 OSPF instance with the [vrf <vrf-name>] specified VRF. If the VRF name is not specified, then the OSPF instance is associated with the Default VRF. XAMPLE ALU(config)# router ospf 1 vrf ALU-vrf ALU(config-router ospf 1)# Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 624 VRF and enters the address-family configuration mode. If the VRF name is not specified, then the configurations are associated with the Default VRF. XAMPLE ALU(config)# router bgp 30 ALU(config-router bgp AS30)# address-family ipv4 unicast vrf ALU_vrf ALU(config-router-af-ucast)# Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 625 Configuration Mode. vrf <vrf-name> This command associates the address family with the VRF and enters the VRF configuration mode. XAMPLE ALU(config)# router rip ALU(config-router rip)# address-family ipv4 unicast vrf ALU_vrf Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 626 ALU(config)# clear arp traffic ALU-vrf ALU(config)# show arp vrf ALU-vrf Protocol Address Age (min) Hardware Addr Type Interface Internet 4.4.4.4 0011.8b00.8491 ARPA GigabitEthernet3/0 Internet 4.4.4.2 Incomplete ARPA GigabitEthernet3/0 Internet 4.4.4.1 0002.166f.c4d0 ARPA GigabitEthernet3/0 Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 627 Note: IP address configuration on the interface is removed when this command is executed. Hence, associate a VRF to an interface prior to IP address configuration. XAMPLE ALU(config-if GigabitEthernet3/0)# ip vrf forwarding ALU-vrf Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 628 VRF on a interface associated with the VRF. XAMPLE ALU(config)# ping vrf ALU-vrf 1.2.3.1 ALU(config)# telnet vrf ALU-vrf 10.91.0.22 ALU(config)# ssh vrf ALU-vrf 10.91.0.25 ALU(config)# traceroute vrf ALU-vrf 1.2.3.1 Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 629 10 total, 0 errors, 0 dst unreach 0 time exceed, 0 param probs, 0 source quench 0 redirects, 10 echo req, 0 echo rpy 0 timestamp req, 0 timestamp rpy 0 addr mask req, 0 addr mask rpy ALU(config)# Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 630 Branch delete : 30 Branch extends: 41 Branch coalesc: 30 System Adjacency Counters: Adjacencies : 4294967291 Adj reference : 106 Adj unrefer : 53 Adj Memory : 496 ALU(config)# ALU(config)# clear ip traffic vrf ALU-vrf Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 631: Vrf Show Commands
Incoming update filter list for all interfaces is not set Routing for Networks: 4.0.0.0/8 Routing Information Sources: Gateway Distance Last Update 4.4.4.1 00:05:56 Distance: (default is 110) Routing Protocol is "bgp 100" IGP synchronization is enabled Automatic route summarization is disabled Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 632 1.0.0.0/8 [20/0] via 4.4.4.1, GigabitEthernet3/0 1.1.1.0/24 [110/110][1] via 4.4.4.1, GigabitEthernet3/0 4.0.0.0 is variably subnetted, 2 subnets, 2 masks 4.0.0.0/8 [20/0] via 4.4.4.1, GigabitEthernet3/0 4.4.4.0/24 [0/0] is directly connected, GigabitEthernet3/0 5.0.0.0/8 [20/0] via 4.4.4.1, GigabitEthernet3/0 (config)# Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 633 ALU(config)# show ip bgp vrf v1 BGP local router ID is 200.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 634 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Prefix/len From Flaps Duration Reuse Path * d 100.1.1.0/24 10.0.0.3 00:06:45 00:24:00 65002i Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 635 : 450000 : 40000 SND MSS : 1460 RCV MSS : 536 UNACKED SACKED LOST RETRANSMITS Last Data Sent: 25190 Lask Ack Sent : 0 Last Data Recv: 23590 Last Ack Recv : 23590 Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 636: Vrf Clear Commands
Clears the IP routing table. If the VRF name clear ip route [vrf <vrf- is specified, it clears the IP routing table for name>] * the specified VRF. XAMPLE ALU(config)# clear ip route vrf ALU-vrf * Alcatel-Lucent OA-780 CLI Configuration Guide Beta Beta...
Page 637: Part 6 Network Security
To switch to the beta version, import color def’ns from beta-colors.fm To switch to the beta version, import color def’ns from beta-colors.fm Part 6 Network Security Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle CLI Configuration Guide section of Beta...
Page 638 Left running head: Chapter name (automatic) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 639: Network Address Translation
NAT (SNAT) and Destination NAT (DNAT). For instructions on using the NAT commands and descriptions on each of their parameters, refer to the “NAT CLI Commands” in the OmniAccess 700 CLI Command Reference Guide. This chapter includes the following sections: •...
Page 640: Nat Overview
Refer the following section for more details on NAT: • “Types of NAT” • “Benefits of NAT” • “Before You Configure NAT” • “Alcatel-Lucent Specific Overview” YPES OF This section describes following types of NAT: • “Network Address Port Translation” • “Static NAT” •...
Page 641 The NAT device achieves this by building a mapping table between the internal and external hosts on the fly based on the traffic flow. Alcatel-Lucent CLI Configuration Guide Beta...
Page 642: Benefits Of Nat
OA-700 supports reflexive/stateful inspection. • For Source NAT, if no IP pool or host address is specified, the default is the box's IP address of the egress interface on which the NAT policy is applied. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 643: Source Nat Configuration
LAN to the Internet. Refer the following section to configure SNAT on your system: • “SNAT Configuration Steps” • “SNAT Configuration Flow” • “SNAT Configuration Commands” • “Sample Configurations of SNAT on OA-700” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 644: Snat Configuration Steps
Attach configured SNAT to an Interface Step 5: Enter into Interface Configuration Mode ALU(config)# interface <name> Example: ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# Step 6: Administratively bring up the interface ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if GigabitEthernet7/0)# no shutdown Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 645 “To Attach a NAT Policy to an Interface” Step 9: Turn On /Turn Off the statistics on an Interface “To Turn On/Off Statistics on an Interface” (Optional) Step 10: View NAT configuration. See “NAT Show Commands”. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 646: Snat Configuration Flow
Left running head: Chapter name (automatic) Network Address Translation SNAT C ONFIGURATION Figure 16: SNAT Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 647: Snat Configuration Commands
2. When you configure a SNAT without any IP address, the address used for natting is taken as the IP address of the interface to which the NAT policy is bound. XAMPLE ALU(config-nat-N1)# 10 match m1 source-nat Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 648 If a SNAT policy with the pool configuration is attached to an interface, and at any given point of time, the list is modified, you need to reapply the NAT policy on the interface. XAMPLE ALU(config-nat-N1)# match m1 source-nat pool l1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 649 By default, NAT enables dynamic mapping. Note: If no address is configured, the IP address of the egress interface on which the NAT policy is applied will be used. XAMPLE ALU(config-nat-N1)# match m1 source-nat static Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 650 Use this command to change the change <1-65535> <1-65535> priority/order of a specific SNAT rule configured. Note: Refer to the “Updations” section to know more on the “change” and “renumber” keywords. XAMPLE ALU(config-nat-N1)# renumber ALU(config-nat-N1)# change 10 20 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 651 ALU(config-filter f1)# match m1 deny ALU(config)# exit ALU(config)# ip nat n1 ALU(config-nat n1)# match m1 source-nat ALU(config)# exit ALU(config)# interface GigabitEthernet 7/0 ALU(config-if GigabitEthernet7/0)# ip filter in f1 ALU(config-if GigabitEthernet7/0)# ip nat out n1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 652 This command turns off the no ip nat statistics {in|out|both} statistics for a given interface. XAMPLE ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# ip nat statistics out ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# no ip nat statistics out Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 653: Sample Configurations Of Snat On Oa-700
11.1.1.0/24 any type ftp ip nat n2 match host1 source-nat host 192.168.10.1 static match host2 source-nat host 192.168.10.2 static match net11 source-nat pool p1 static interface GigabitEthernet7/0 ip nat out n2 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 654: Destination Nat Configuration
For DNAT, IP pool or host address must be specified. Refer the following sections to configure DNAT on your system: • “DNAT Configuration Steps” • “DNAT Configuration Flow” • “DNAT Configuration Commands” • “Sample Configuration Example of DNAT on OA-700” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 655: Dnat Configuration Steps
Step 6: Administratively bring up the interface ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if GigabitEthernet7/0)# no shutdown Step 7: Configure IP address for the interface ALU(config-if <interface-name>)# ip address {<ip- address subnet-mask>|<ip-address/prefix-length>} Example: ALU(config-if GigabitEthernet7/0)# ip address 20.20.20.20/24 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 656 “To Attach a NAT Policy to an Interface” Step 9: Turn On /Turn Off the statistics on an Interface “To Turn On Statistics on an Interface” (Optional) Step 10: View NAT configuration. See “NAT Show Commands”. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 657: Dnat Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) Destination NAT Configuration DNAT C ONFIGURATION Figure 17: DNAT Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 658: Dnat Configuration Commands
And, this command is used to configure a DNAT with host IP address or an IP address pool. Note: Presently, ‘Hostname’ option is not supported. Only host IP address can be configured. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 659 This command is used to configure a [<1-65535>] match [{all|any}] static DNAT that uses one-to-one <match-list name> destination- address mapping without port nat pool <list-name> static translation. XAMPLE ALU(config-nat-N2)# match m1 destination-nat pool l1 static Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 660 NAT, if all classifiers in this NAT object are matched. XAMPLE ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# ip nat in N2 Note: Each interface can have only one ingress and one egress NAT policy. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 661: Sample Configuration Example Of Dnat On
14.1.1.1 host 14.1.1.2 match-list m1 host 201.176.18.1 service http ip nat N1 10 match M1 destination-nat pool p1 match m1 destination-nat pool p1 port 8080 ALU(config-if GigabitEthernet7/0) ip nat in n1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 662: Bypass Ipsec Traffic
Command (in CM) Description This command is used in conjunction [<1-65535>] match [{all|any}] with the SNAT or DNAT commands to <match-list name> bypass bypass the traffic. XAMPLE ALU(config)# ip nat snat ALU(config-nat-snat)# match m1 bypass Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 663: Nat Show Commands
10 match any m1 source-nat host 1.1.1.1 Translated: 0, Bypassed: 0, PORTS Allocated: 0, Released: 0 20 match any m2 source-nat host 1.1.1.2 Translated: 0, Bypassed: 0, PORTS Allocated: 0, Released: 0 interface GigabitEthernet7/0 Out Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 664 ALU# show ip nat statistics GigabitEthernet7/0 Out ip nat n1 Dropped: 0, Bypassed: 0, Enqueued: 0 10 match any m1 source-nat host 1.1.1.1 NATted Packets: 0 20 match any m2 source-nat host 1.1.1.2 NATted Packets: 0 interface GigabitEthernet7/0 out Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 665: Nat Clear Commands
The following example clears the counters of NAT ‘n1’. ALU# clear ip nat statistics n1 ALU# The following example clears the statistics of the NAT for interface ‘GigabitEthernet7/0’. ALU# clear ip nat statistics GigabitEthernet7/0 in ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 666: Nat Debug Commands
<number> | sport <number>|dport <number>][output|permanent]| all [detail-level]} Notes: 1. saddr == source address 2. daddr == destination address 3. sport == source port 4. dport == destination port XAMPLE ALU# debug firewall nat Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 667: Modifying Nat Configuration
The output will be: ip nat N1 10 match m1 source-nat pool p1 15 match m4 source-nat pool p4 20 match m2 source-nat pool p2 30 match m3 source-nat pool p3 interface GigabitEthernet3/0 ip nat out N1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 668: Updations
The keyword “renumber” is used to re-order the numbers to the original scheme. ALU(config-nat-N1)# renumber The output of the show command would now be: ip nat N1 match M1 source-nat match M2 source-nat match M4 source-nat match M3 source-nat Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 669 M1 source-nat match M2 source-nat match M4 source-nat match M3 source-nat Now, to generate a numbering scheme with a proper order, use the keyword “renumber” as explained in the section “To Renumber the List”. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 670: Nat Deletion Commands
NAT policy from respective interfaces, and deletes the policy. This command when used also deletes all the associated NAT policy rules. XAMPLE To force deletion of the NAT N1: ALU(config)# no ip nat N1 force Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 671 This deletes only the rule in the NAT no rule <1-65535> policy corresponding to the line number. XAMPLE In the example below, the component or action corresponding to the rule 30 is deleted. ALU(config-nat-N1)# no rule 30 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 672 Left running head: Chapter name (automatic) Network Address Translation Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 673: Filter And Firewall
Firewall Configuration Mode - ALU (config-firewall)# F-PCM Firewall-Policy Sub Configuration Mode - ALU (config-firewall-policy name)# F-ACM Firewall-Attack Sub Configuration Mode - ALU (config-firewall-attack name)# Time-range Sub Configuration Mode - ALU (config-time-range name)# Interface Configuration Mode - ALU (config-interface name)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 674: Network Security - An Overview
• “Network Security Terminologies” • “Firewall Mechanisms” • “Before You Configure Filters and Firewalls” • “OA-700 Specific Overview” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 675: Network Security Terminologies
ALGs look for altered data, potentially harmful traffic, data appropriateness, and also have the capability to log these. Figure 18: Depicting ALG Scenario Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 676: Firewall Mechanisms
When the original connection is closed, however, the packet filter will block all further unsolicited packets from the untrusted zone. Stateful firewalls are also known as "dynamic" packet filters. Note: OA-700 supports stateful and stateless inspection. By default, OA-700 firewall is ‘stateful’. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 677: Before You Configure Filters And Firewalls
So the “proper installation” to enable firewall is for you to create a default ACL policy, and bind it to untrusted interfaces to deny all traffic, such as the following commands: Alcatel-Lucent CLI Configuration Guide Beta...
Page 678: Filter Configuration
ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# Note: Filter can be configured on Gigabit Ethernet, Loopback, Serial, Tunnel, VLAN interfaces. Step 5: Administratively bring up the interface ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if GigabitEthernet7/0)# no shutdown Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 679 “To Attach / Detach a Filter to an Interface” Note: An interface can have only one ingress and one egress filter. Step 8: Use the show commands to view the configured filters. See “Filter Show Commands”. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 680: Filter Configuration Flow
Left running head: Chapter name (automatic) Filter and Firewall ILTER ONFIGURATION Figure 19: Filter Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 681: Filter Configuration Commands
This command sets an action of either default {deny|permit}[log] permit or deny on the filter. [verbose] The default action for a filter is “deny”. Note: The ‘reset’ keyword can be used in conjunction only with the “deny” keyword. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 682 The filters on OA-700 are by default stateful. This behavior can be overridden by the keyword “stateless”. XAMPLE The following example sets the filter to stateless. ALU(config-filter-f1)# stateless In the example below, the filter f1 is changed to stateful/reflexive mode. ALU(config)# filter f1 ALU(config-filter-f1)# no stateless Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 683 To view the filter configuration after renumbering, give the show command. The output appears as shown: show ip filter f1 ip filter f1 match m1 deny match m4 deny reset match m2 deny log match m3 deny default permit Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 684 ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# ip filter in f1 If the filter f1 is interfaced to GigabitEthernet7/0, the following example detaches it from Gigabit Ethernet7/0: ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# no ip filter in f1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 685: Filter Show Commands
The following syntax displays the filter f1’s details: ALU(config-filter-f1)# show ip filter f1 ip filter f1 10 match any m1 permit 20 match any m1 permit default deny interface GigabitEthernet7/0 In, Stats Off Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 686 Hits 0 10 match any m1 permit Hits 2 default deny interface GigabitEthernet7/0 In, Stats On ip filter f2 20 match any m2 deny Hits 0 default deny Hits 0 interface GigabitEthernet7/0 In, Stats Off Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 687: Filter Deletion Commands
<1-65535> component in the filter with respect to the corresponding line number. XAMPLE The example below deletes the match corresponding to the line number 10 from the F1 filter. ALU(config-filter-f1)# no rule 10 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 688: Filter Clear Commands
This command is used to clear the clear ip filter statistics statistics of a filter on a particular [<interface-name> {in|out|both}| interface. <filter-name>] XAMPLE ALU# clear ip filter statistics GigabitEthernet7/0 in ALU# ALU# clear ip filter statistics GigabitEthernet3/0 out ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 689: Filter Debug Commands
XAMPLE The example below enables debugging for the source IP 10.91.0.52 ALU# debug firewall selector saddr 10.91.0.52 The example below disables debugging for the source IP 10.91.0.52 ALU# no debug firewall selector saddr 10.91.0.52 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 690: Sample Examples Of Configuring Filters On Oa-700
If you need to give access from the network 192.168.1.0/24 to 192.168.2.0/24, the CLI would be as follows: match-list m1 ip prefix 192.168.1.0/24 prefix 192.168.2.0/24 type ftp ip filter f1 10 match m1 permit default deny Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 691: Managing Security Configuration
15 match m4 deny reset To view the filter f1’s configuration: show ip filter f1 ip filter f1 match m1 permit match m4 deny reset match m2 deny log match m3 permit stateless Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 692: Updations
To view the filter configuration after renumbering, give the show command. show ip filter f1 ip filter f1 match m1 permit match m4 deny reset match m2 deny log match m3 permit stateless Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 693 Now, to generate a numbering scheme with a proper order, use the keyword “renumber”, as explained in the previous section. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 694: Network Attacks - An Overview
The Optional Attacks are the ones that are not present in the default attack prevention list of the OA-700. These attacks too can be either manually turned on for detection or filters can be applied to block them. “To Configure Individual Attack for an Attack Object” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 695: Default Attacks (Rate-Limiting / Stateful)
ICMP echo requests (or pings) to different hosts within a defined interval. The purpose of this scheme is to ping several hosts in the hope that one will reply, thus uncovering an address to target, resulting in system failure. This command is included in the Alcatel-Lucent’s default attack prevention list. ICMP PING FLOOD icmp-ping-flood [threshold <1-4294967295>...
Page 696 The malicious intruder could generate lots of these packets in order to totally overwhelm the systems and network. This keyword is included with appropriate parameters in the default list. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 697: Default Attacks (Non-Rate Limiting / Stateless)
Denial -of Service. To avoid the attack, this keyword is also placed in the default list. Alcatel-Lucent CLI Configuration Guide Beta...
Page 698 This command is implicitly included in the default attack prevention list to secure the system from this attack. Alcatel-Lucent CLI Configuration Guide Beta...
Page 699: Optional Attacks
During an attack, an attacker could use source routing to direct packets to bypass existing security restrictions. This command is included in the default attack protection list to secure the network from this attack. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 700 This will cause many frames to be unnecessarily transmitted, and dramatically reduce the performance of the network and the systems involved. To avoid this Denial of Service overload attempt, this command is placed in the default prevention list. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 701: Network Attack Prevention Configuration
To create a DoS Rule inside a Firewall Policy. See “To Create a DoS Rule Inside a Firewall Policy” Attach a Firewall Policy to an Interface Step 7: Enter into Interface Configuration Mode ALU(config)# interface <name> Example: ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 702 “IN/OUT”. See “To Attach a Firewall Policy to an Interface” Step 11: View the firewall configuration. See “Firewall Show Commands” Step 12: Delete the firewall configuration. See “Firewall Deletion Commands” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 703: Network Attack Prevention Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) Network Attack Prevention Configuration ETWORK TTACK REVENTION ONFIGURATION Figure 20: Network Attack Prevention Flowchart Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 704: Network Attack Prevention Configuration Commands
1. You can only modify the system default attack object but cannot delete it. 2. You cannot modify/delete the system default policy. 3. You can modify/delete the user created attack objects and the attack policies associated to it. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 705 "icmp-block-trace-route", "icmp-router- advertisement", "icmp-redirect" and "ip-rate-threshold". These attacks too can be either manually turned on for detection or filters can be applied to block them. The minimum time resolution you can enter is 5 milliseconds. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 706 This will happen for any traffic that is subject to any firewall configuration, i.e., either filter, NAT or DoS configuration. This is why you can see these attacks in the “show” output even when you have not configured them. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 707 This command is used to configure icmp-ip-address-sweep icmp-ip-address-sweep attack for an [threshold <1-4294967295> <1- attack object. 4294967295>] This command is used to configure icmp-dest-unrch-storm icmp-dest-unrch-storm attack for an [threshold <1-4294967295> <1- attack object. 4294967295>] Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 708 This command is used to configure tcp- tcp-header-frag header-frag attack for an attack object. This command is used to configure ip- ip-zero-length zero-length attack for an attack object. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 709 OG ALL THE TTACKS Command (in F-ACM) Description This command logs all the attacks in the log server. This ‘no’ command disables logging of no log the attacks. XAMPLE ALU(config-firewall-attack-A1)# log ALU(config-firewall-attack-A1)# no log Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 710 Note: Currently, multiple match-lists cannot be associated to a firewall policy rule. To configure more than one match-list within a firewall policy, add multiple rules with different match-lists. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 711 Now, to generate a numbering scheme with a proper order, use the keyword “renumber” as follows: ALU(config-firewall)# policy P1 ALU(config-firewall-P1)# renumber Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 712 Firewall policy is applied to the egress (outgoing) traffic if “out” keyword is used. Note: Firewall policy will take into effect once it is attached to an interface. XAMPLE ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# firewall policy in P1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 713 Timeout value ‘0’ stands for infinity. • Default TCP value is 15 minutes • Default UDP value is 5 minutes. • Default ICMP value is 30 seconds. XAMPLE ALU(config-firewall)# session ALU(config-firewall-session)# default timeout tcp 10 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 714: Firewall Show Commands
The following syntax is used to view the details of attack A1: ALU# show firewall attack A1 attack A1 udp-port-loopback 10 1000 udp-flood 200 1000 tcp-fin-scan icmp-ip-address-sweep 2 10 icmp-dest-unrch-storm 2 10 icmp-ping-flood 2 10 tcp-syn-flood 100 1000 5 udp-fraggle-attack Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 715 Free Sessions : 127999 The following syntax is used to view the details of firewall session ALU(config)# show firewall session detail ID 70 ICMP timeout 28 secs, used by NAT Initiator: (10.91.1.108:13)=>(10.91.0.1:13) Responder: (10.91.0.1:34416)=>(10.91.1.108:34416) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 716 10.91.1.108 ID 70 ICMP timeout 25 secs, used by NAT Initiator: (10.91.1.108:13)=>(10.91.0.1:13) Responder: (10.91.0.1:34416)=>(10.91.1.108:34416) ALU(config-if GigabitEthernet7/1)#show firewall session destination ip 10.91.0.1 ID 70 ICMP timeout 25 secs, used by NAT Initiator: (10.91.1.108:13)=>(10.91.0.1:13) Responder: (10.91.0.1:34416)=>(10.91.1.108:34416) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 717 ALU(config)# no policy P1 force ELETE A PECIFIC IREWALL OLICY Command (in F-PCM) Description This deletes only the rule in the firewall no rule <1-65535> policy corresponding to the line number. XAMPLE ALU(config-firewall-P1)# no rule 30 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 718 This command is used to view the show firewall policy system- system default policy configuration. default XAMPLE ALU# show firewall policy system-default policy system-default 10 match all attack system-default drop system-traffic firewall policy system-default Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 719 2. The “show running configuration” command displays only the newly created/non default attacks for the system default attack object. The deleted default attacks are displayed with a prefix “no”, and the modified default attacks are displayed with the modified parameters. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 720: Firewall Debug Commands
XAMPLE The example below enables debugging for the source IP 10.91.0.52 ALU# debug firewall selector saddr 10.91.0.52 The example below disables debugging for the source IP 10.91.0.52 ALU# no debug firewall selector saddr 10.91.0.52 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 721: Sample Firewall Policy Configurations On Oa-700
GigabitEthernet7/0 GigabitEthernet3/0 list inside-zone interface GigabitEthernet7/1 match-list m1 tcp list outside-zone list inside-zone type ftp firewall attack d1 default policy p1 match m1 attack d1 reset interface GigabitEthernet7/0 firewall policy in p1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 722 The following configuration selectively checks traffic from GigabitEthernet3/0 to subnet 10.0.0.0/8 for all default attacks: match-list m2 ip any prefix 10.0.0.0/8 type any firewall attack a2 default policy p2 match m2 attack a2 reset interface GigabitEthernet3/0 firewall policy in p2 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 723: Zone Configuration
The domain falling outside the "trusted zone" is the "untrusted zone". Hence, external networks which comprise traffic or systems that are not within the administrative purview of a private network, such as the Internet, is an example of "untrusted zone". Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 724: Semi-Trusted Zone Or Demilitarized Zone
• Web Server • Mail Server • Application Gateway • E-Commerce Systems Example of systems to place on a DMZ include Web servers and FTP servers. Figure 22: Three - Zone Network Topology Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 725: Three Zone Firewall Example
LAN. Since these servers are exposed in some form to the Internet, they are placed in the DMZ. 4. All traffic going out to the Internet is subject to NAT. Figure 23: Three Zone Firewall Network Topology Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 726 CHEME 1. LAN addresses fall in 3 subnets • 10.0.0.0/24 • 192.168.0.0/24 • 172.16.0.0/25 2. The Public IP of the link is 202.24.45.100. This is forwarded to Mail Server and Web Server using NAT. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 727 202.24.45.100 host 10.0.0.1 host 172.16.0.1 Note: Configuring Lists with IP addresses rather than interfaces lead to the more efficient system operation, as it does not have to a lookup to determine egress interface and then apply filter. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 728 ALU(config-match-list-DMZ-access)# 1 tcp list DMZ list Untrust service smtp ALU(config-match-list-DMZ-access)# 2 tcp list DMZ list Untrust service dns ALU(config-match-list-DMZ-access)# 3 udp list DMZ list Untrust service dns (vi) Internet access to Trust ALU(config)# match-list Internet-Trust ALU(config-match-list-Internet-Trust)#i p any any Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 729 ALU(config-match-list-DoS)# 1 ip any list trust ALU(config-match-list-DoS)# 2 ip any list DMZ 9. Configuring Rule for SNATing the Trusted and DMZ Network. ALU(config)# match-list source-nat ALU(config-match-list-source-nat)# 1 ip list Trust any ALU(config-match-list-source-nat)# 2 ip list DMZ any Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 730 ALU(config-firewall-attack-atk1)# icmp-block-trace-route ALU(config-firewall-attack-atk1)# icmp-dest-unrch-storm ALU(config-firewall-attack-atk1)# icmp-ip-address-sweep ALU(config-firewall-attack-atk1)# icmp-ping-flood threshold 2 10 ALU(config-firewall-attack-atk1)# icmp-ping-of-death ALU(config-firewall-attack-atk1)# icmp-ping-of-death max- total-length 64 ALU(config-firewall-attack-atk1)# icmp-redirect ALU(config-firewall-attack-atk1)# icmp-router-advertisement ALU(config-firewall-attack-atk1)# ip-land-attack ALU(config-firewall-attack-atk1)# ip-source-routing ALU(config-firewall-attack-atk1)# ip-spoofing ALU(config-firewall-attack-atk1)# ip-tear-drop ALU(config-firewall-attack-atk1)# ip-tiny-frag ALU(config-firewall-attack-atk1)# ip-zero-length Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 731 Applying the filter DMZ as a "IN" filter on the DMZ interface ALU(config-if GigabitEthernet3/1)#ip filter in DMZ-traffic ALU(config)#ip filter DMZ-out ALU(config-filter-DMZ-out)#10 match any DMZ-Trust ALU(config-filter-DMZ-out)#default deny Applying the filter as "out" on the DMZ interface ALU(config-if GigabitEthernet3/1)#ip filter out DMZ-out Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 732 ALU(config)# ip nat DNAT ALU(config-nat-DNAT)#match any Internet-mail-access destination-nat host 172.16.0.130 ALU(config-nat-DNAT)#match any webserver-access destination-nat host 172.16.0.131 Applying this DNAT rule as a IN nat policy for the mail and webserver access. ALU(config-if Serial0:0)#ip nat in DNAT Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 733: Example 2: Simple Zone Configuration In Oa-700
//This will NAT internal traffic Ip nat out nat-policy //This will permit DMZ traffic without Ip filter out permit-dmz-policy translation //This will deny all untrusted Ip filter in deny-untrusted-policy traffic originated from outside. //Done Exit Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 734 //This will NAT internal traffic Ip nat out nat-policy //This will permit DMZ traffic without Ip filter out permit-dmz-policy translation //This will deny all untrusted Ip filter in deny-untrusted-policy traffic originated from outside //Done Exit Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 735: Time-Range/Timer Configuration
Note: User must issue “clock” command to set the clock in OA-700, so that the time-range configuration can take effect precisely. XAMPLE ALU(config)# time-range t1 ALU(config-time-range-t1)# ALU(config)# no time-range t1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 736: Time-Range Show Command
XAMPLE If “t1” is a schedule, then to view the particulars in it, use the following command: ALU# show time-range time-range t1 absolute 10:10:10 5/6/2006 time-range t2 absolute 10:10:10 2/5/2006 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 737: Algs Supported In Oa-700
FTP is most commonly used to download a file from a server using the Internet or to upload a file to a server (e.g., uploading a Web page file to a server). Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 738 It is often used by servers to boot diskless workstations, X-terminals, and routers. Alcatel-Lucent uses its proprietary protocols New Office Environmentl (NOE) for IP phone signaling. NOE provides rich graphical display facilities in the IP phones. Since NOE is similar to other voice protocols like SIP for voice services, it carries dynamic data port information in the control packets.
Page 739: Alg Configuration Commands
ALU(config-match-list-m1)# udp any any service sip ALU(config)# match-list m1 ALU(config-match-list-m1)# tcp any any service dns Note: Use the port number to configure any other standard ALG service apart from those given in the above commands. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 740 Total Filter Port commands Total SNAT Pasv Response commands Total DNAT Pasv Response commands Total Filter Pasv Response commands : 0 Total Pinholes created Total Pinholes matched Total Pinholes timed out Total Pinholes failed Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 741 XAMPLE ALU(config)# show firewall alg rpc statistics Total SNAT RPC CALL Packets Total DNAT RPC REPLY Packets Total DNAT DUMP REPLY Packets Total Pinholes created Total Pinholes matched Total Pinholes failed Total Pinholes removed Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 742 Total RTCP Pinholes matched Total RTCP Pinholes timeout Total SIP Packets with Non-SDP message body Total SIP Packets with invalidate payload Total SIP Packets with invalidate SDP payload Total SIP Packets out of order Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 743 This command is used to show firewall alg tftp debug counters view the TFTP ALG debug counters. XAMPLE ALU(config)# show firewall alg tftp debug counters Total malloc operations Total failed malloc operations Total memory release operations Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 744 ALU(config)# show firewall alg sip debug counters Total malloc passed, sip sessions and calls Total malloc failed Total memory free count, sip sessions and calls Total sip packets translated Total sdp packets translated Total sip packets retransmitted Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 745 OMMANDS ALG SIP S LEAR IREWALL TATISTICS Command (in CM) Description This command is used to clear the clear firewall alg sip statistics the ALG SIP statistics. XAMPLE ALU(config)# clear firewall alg sip statistics Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 746: Customized-Service Rule Based Alg Configuration
ALG configuration is system wide firewall configuration and is not specific to any interface. ALG C USTOMIZING OMMANDS ONFIGURE USTOMIZED ERVICE Command (in CM) Description This command is used to configure ALG customized-service rule. This also enters into customized service configuration mode. XAMPLE ALU(config)# customized-service Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 747 This command creates a rule for [<1-65535>] match [any|all] mapping ALG action for a well known <match-list name>... service service to a non-standard port or disable {<service-name>|alcatel- a well known service on its well known tftp|dns|ftp|none|rpc| port. rtsp|sip|tftp} The range for the rule number is 1- 65535.
Page 748 ALG R IEW THE ETAILS OF A ASED ERVICE Command (in CM) Description This command shows the ALG rule show customized-service based service details. XAMPLE ALU(config)# show customized-service 20 match any m2 service none Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 749: Noe Alg Configuration
NOE ALG Configuration NOE ALG C ONFIGURATION Alcatel-Lucent uses its proprietary protocols New Office Environmentl (NOE) for IP phone signaling. NOE provides rich graphical display facilities in the IP phones. Since NOE is similar to other voice protocols like SIP for voice services, it carries dynamic data port information in the control packets.
Page 750: Noe Alg Configuration Steps
If you are configuring a NAT rule to nat NOE traffic, then you need to reserve NAT ports for NOE phones. This can be done by using the NAT Port reservation command. “To Configure Port Reservation in NAT”. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 751: Noe Alg Configuration Commands
The match-list configured should match the TFTP traffic. XAMPLE ALU(config)# match-list m1 ALU(config-match-list-m1)# udp any any service tftp ALU(config)# customized-service ALU(config-customized-service)# 10 match m1 service alcatel- tftp NOE T LASSIFY RAFFIC Command (in Match-list Mode) Description This command is entered in the match- udp any any type noe list mode.
Page 752 You need to reserve ports for NOE phones. You should know the base port configured on the server to reserve the port range. In Alcatel call server, the base port, symbolized by BASE_PORT, is a system-wide configuration value that defines the range of UDP ports occupied by signaling and media flows.
Page 753: Noe Show Commands
RTP pinholes outstanding RTP sessions created RTP sessions released RTP sessions terminated from noe time-outs : 0 RTCP pinholes outstanding RTCP sessions created RTCP sessions released RTCP sessions terminated from noe time-outs: 0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 754 Total malloc passed, noe sessions and calls : 2951 Total malloc failed Total memory free count, noe sessions and calls Total noe packets translated : 7690 Total sdp packets translated : 26 Total noe packets retransmitted : 330 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 755: Noe Clear Commands
ALU(config)# clear firewall alg noe subaddress-mapping NOE ALG S LEAR TATISTICS Command (in CM) Description This command is used to clear all clear firewall alg noe statistics the NOE ALG statistics. XAMPLE ALU(config)# clear firewall alg noe statistics Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 756: Typical Rule Based Alg And Dnat Example Using Oa-700
The following example illustrates how rule based ALG solves this problem by mapping the non-standard ports to standard service so that FTP ALG can be invoked on these non-standard ports. Figure 24: ALG Configuration Scenario Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 757 ALU(config-customized-service)#match m3 service ftp ALU(config-customized-service)#match m4 service none Show Customized-Service Configuration ALU(config)# show customized service 10 match m1 service ftp 20 match m2 service ftp 30 match m3 service ftp 40 match m4 service none Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 758: Security - Best Practices
These rules control the flow of several different kinds of packet through the firewall. The point to be noted here is that rules are evaluated by firewall from first to last. The rules are: • ICMP Rules • IP Rules • UDP Rules • TCP Rules Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 759 Internet user finds useful. • Drop X-Windows (packets using ports 600-6003). It is possible for a hacker to control mouse and keyboard for a host inside the network. • Drop SNMP (packets using ports 161 and 162). Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 760 IMITING Rate limiting is a good method of prevention against Denial -of -service attack. Most common of them are: Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 761 IP address within a defined interval. This is again can be prevented by setting a threshold (.005 seconds is the default). This can be shown as: dos p1 udp port scan threshold 10 per 0.005 seconds Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 762 Left running head: Chapter name (automatic) Filter and Firewall Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 763: Ip Security - Virtual Private Network
To get a succinct knowledge on the parameters and default values, refer to the VPN section in OmniAccess 700 CLI Command Reference Guide. Note: IPsec VPN is not supported in the no crypto image. For information on the no crypto release, refer to the release note.
Page 764: Chapter Conventions
IKE Policy Mode IKE Policy Configuration Mode - ALU (config-IKE policy name)# ISAKMP Internet Security Association and Key Management Protocol Perfect Forward Secrecy Public Key Infrastructure Security Association Security Policy Database Super User Mode - ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 765: Ipsec Vpn Overview
Road warrior connectivity access • Extranets with service agents, partners, etc. • Secure connectivity from home to the office network. Branch Offices Mobile Worker Head Office Home Office Branch Offices Figure 25: General VPN Usage Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 766 The following sections provide a conceptual overview of IPsec VPN: • “IPsec Enabled VPN” • “IPsec Connection Types” • “IPsec Concepts” • “Benefits of IPsec Enabled VPN” • “Default Configuration Setting on OA-700” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 767: Ipsec Enabled Vpn
This connection is for a single computer to connect to a remote network. This is typically known as the "Road Warrior" connection and the remote computer is not behind a firewall. The IP address that the remote computer will be using is normally not known for configuration. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 768 VPN channel that connects the Finance department and Accounts department of two geographically displaced locations. Tunnel 1 users have no access to this path. Figure 26: A General Scenario of IPsec - VPN Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 769: Ipsec Concepts
The outer IP header corresponds to these gateways. Since the tunnel mode hides the original IP header, it facilitates security of the networks with private IP address space. Figure 27: Tunnel Mode Note: The OA-700 supports only Tunnel Mode. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 770 IP header to the now encrypted packet. This new IP header contains the destination address needed to route the protected data through the network. Note: The OA-700 supports the ESP protocol, which also provides AH functionality. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 771 IP addresses, ports, etc. With each policy, a Security Association (SA) is associated. You should mainly configure the encryption algorithm and authentication algorithm that should be used. The cryptographic key should be configured. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 772 Key Exchange Payload (CH) Nonce Payload ISAKMP HEADER MESSAGE 5 Identity Payload Authentication Data Payload ENCRYPTED ISAKMP HEADER MESSAGE 6 Identity Payload Authentication Data Payload ENCRYPTED Figure 28: Phase 1 Negotiation - Main Mode Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 773 P a y lo a d E N C R Y P T E D Figure 29: Phase 2 Negotiation - Quick Mode A full Diffie-Hellman key exchange may be done to provide Perfect Forward Secrecy (PFS). Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 774: Benefits Of Ipsec Enabled Vpn
Reduces the operational costs versus traditional WAN since VPN works over the public network (Internet). • Extended geographic connectivity. • Reduces transit time and transportation costs for remote users. • Improves productivity. • Simplifies network topology. • Provides global networking opportunities. • Provides telecommuter support. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 775: Default Configuration Setting On Oa-700
Default IKE policy in crypto map: ‘default’ ike policy ii. Default transform set in crypto map: ‘default’ transform set iii. Default PFS group in crypto map: pfs group2. iv. Default lifetime in Seconds for a crypto map: 28800 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 776: Ipsec Vpn Configuration
“To Configure IPsec Crypto Map” Step 6: Enter the Interface Configuration Mode ALU(config)# interface <name> Example: ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# Step 7: Administratively bring up the interface ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if GigabitEthernet7/0)# no shutdown Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 777 Step 10: Configure Dead Peer Detection. See “Dead Peer Detection (DPD)” (Optional) Step 11: Know the default values allowed by the OA-700. See “Default Configuration Setting on OA-700” Step 12: View the IPsec configuration. See “IPsec VPN Show Commands”. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 778: Ipsec Vpn Configuration Flow
Left running head: Chapter name (automatic) IP Security - Virtual Private Network VPN C ONFIGURATION Figure 30: IPsec Configuration Flowchart Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 779: Ipsec Configuration Commands
The IKE key is given by means of a key-string. Currently, the preshared key length is restricted to 128 characters, and the minimum length is 8 characters. XAMPLE ALU(config)#crypto ike key top_secret1612 peer 10.10.1.2 ALU(config)#crypto ike key "!netsecret!" peer 202.54.30.100 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 780: Ipsec Configuration With X.509 Certificates
This command imports an RSA key pair crypto key import rsa <name> from a remote location. [fpkey <file-path>|ftp:|http: |https:|scp:|tftp:] Note: Currently, SCP option is not supported. XAMPLE ALU(config)# crypto key import rsa testKey ftp: Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 781: Example
Command (in CA Identity CM) Description This command specifies the subject subject-name <subject-name> distinguished name that would appear in the certificate request for this CSR, if generated on the OA-700. XAMPLE ALU(ca-ALUCA)# subject-name /CN=Bart Simpson/O=ALU/C=US Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 782 700. ENERATE A Command (in CM) Description This command generates a CSR for the crypto certificate-request specified CA. <name> generate key-name <name> ca <name> XAMPLE ALU(config)# crypto certificate-request req_Simpson generate key-name exampleKey ca ALUCA Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 783 This operation need not be performed after every certificate/key import, but once all the certificates/keys are imported. Note: The crypto certificates will take into effect only after issuing the ‘refresh’ command. XAMPLE ALU(config)# crypto certificate-database refresh Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 784 Command (in CM) Description This command imports trusted peer crypto peer-certificate <name> certificates in the OA-700. import [fpkey <file-path> |ftp:|tftp:|http:|https:|scp:] Note: Currently, SCP option is not supported. XAMPLE ALU(config)# crypto peer-certificate cert_Bouvier import ftp: Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 785 DENTITY Command (in IKE Identity CM) Description This command configures an ID for the peer-id {dn|fqdn|user-fqdn} peer. <name>)|address <ip-address> XAMPLE ALU(ike-identity-exampleidentity)# peer-id user-fqdn selma_bouvier@alcatel-lucent.com (CA) ’ PECIFY THE SSUER OF THE ERTIFICATE Command (in IKE Identity CM) Description This command specifies the issuer (CA) peer-ca <name>...
Page 786 This command specifies the imported my-cert <name> signed certificate to be used during IKE negotiation. This should be one among the certificates imported under the “To Import a Signed Certificate” command. XAMPLE ALU(ike-identity-exampleidentity)# my-cert cert_Simpson Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 787: To Export Rsa Keys
XAMPLE ALU(config)# crypto key export rsa examplekey tftp: CA C ELETE A ERTIFICATE Command (in CM) Description This command deletes the specified CA crypto ca-cert <name> delete certificate. XAMPLE ALU(config)# crypto ca-cert ALUca delete Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 788: To Delete A Signed Certificate
XAMPLE ALU(config)# crypto peer-certificate cert_Bouvier delete RSA K ELETE AN Command (in CM) Description This command deletes the specified crypto rsa-key <name> delete RSA key pair. XAMPLE ALU(config)# crypto rsa-key examplekey delete Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 789: Internet Key Exchange (Ike) Policy
The ike policy has to be first removed from the crypto map and then deleted. XAMPLE ALU(config)# crypto ike policy P1 ALU(config-crypto-ike-policy-P1)# Note: The “force“ keyword is used to modify or edit an IKE policy in use. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 790 The ‘no’ command resets the IKE policy to its default. Note: If no proposal is configured for an IKE policy, sha1-AES-128 is taken as the default proposal. XAMPLE ALU(config-crypto-ike-policy-P1)# proposal md5-aes-128 ALU(config-crypto-ike-policy-P1)# no proposal Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 791 There is no default value for IPsec security-association lifetime in Kilobytes. XAMPLE ALU(config-crypto-ike-policy-P1)# ipsec security-association lifetime kilobytes 5400 ALU(config-crypto-ike-policy-P1)# ipsec security-association lifetime seconds 5400 ALU(config-crypto-ike-policy-P1)# no ipsec security-association lifetime kilobytes ALU(config-crypto-ike-policy-P1)# no ipsec security-association lifetime seconds Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 792 Note: If the PFS group is not explicitly configured, group2 is used as the default PFS. The ‘no’ command resets the PFS no pfs group to default. XAMPLE ALU(config-crypto-ike-policy-P1)# pfs group1 ALU(config-crypto-ike-policy-P1)# no pfs Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 793: To Configure Transform-Set In Ipsec
SHA1 and 128 bit AES encryption • esp-sha1-aes192 encapsulation with SHA1 and 192 bit AES encryption • esp-sha1-aes256 encapsulation with SHA1 and 256 bit AES encryption • esp-sha1-des encapsulation with SHA1 and 56 bit DES encryption Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 794 Hence, the transform-set must be first disabled from the crypto map and then deleted. Command (in CM) Description This command deletes a transform-set. no crypto ipsec transform-set <name> XAMPLE ALU(config)# no crypto ipsec transform-set netset Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 795: To Configure Ipsec Crypto Map
Note: If you try to attach a match-list to a crypto map that already has one, it overrides the existing match-list. XAMPLE ALU(config-crypto-map-exampleMap)# match matchlist1 ALU(config-crypto-map-exampleMap)# no match matchlist1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 796 A transform-set must be first detached from the crypto map to delete it globally. Note: If no transform set is attached to a crypto map, Default transform set is used. XAMPLE ALU(config-crypto-map-exampleMap)# transform-set netset ALU(config-crypto-map-exampleMap)# no transform-set Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 797 [group1|group2|group5] crypto map. Note: If no PFS group is attached to a crypto map, group2 PFS is used. The ‘no’ command disables PFS no pfs completely. XAMPLE ALU(config-crypto-map-exampleMap)# pfs group1 ALU(config-crypto-map-exampleMap)# no pfs Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 798 Lifetime has a default value of 28800 seconds. There is no default value for lifetime in Kilobytes. XAMPLE ALU(config-crypto-map-exampleMap)# lifetime seconds 1000 ALU(config-crypto-map-exampleMap)# lifetime kilobytes 1005236 ALU(config-crypto-map-exampleMap)# no lifetime seconds ALU(config-crypto-map-exampleMap)# no lifetime kilobytes Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 799: To Attach Crypto Map To An Interface
You cannot delete a crypto map that is applied to an interface. To delete, first detach the crypto map from the interface. XAMPLE ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# crypto map exampleMap ALU(config-if GigabitEthernet7/0)# no crypto map exampleMap Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 800: Dead Peer Detection (Dpd)
The default value for DPD time-out is three times that of the DPD interval specified. This command disables DPD for IPsec no crypto ike dpd globally. XAMPLE ALU(config)# crypto ike dpd interval 10 timeout 35 ALU(config)# no crypto ike dpd Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 801 XAMPLE ALU(crypto-map-map1)# dpd delay 15 timeout 60 ALU(crypto-map-map1)# dpd NONE ALU(crypto-map-map1)# no dpd Note: If there is no global DPD defined, both the dpd none command and no dpd command produce the same result. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 802: Ipsec Vpn Show Commands
! Key in Use (by 1 cryptomap/s) crypto ike policy ike proposal md5-3des pfs group2 ipsec security-association lifetime seconds 590 lifetime seconds 1500 ! Policy in Use (by 1 cryptomap/s) crypto ipsec transform-set myset esp-md5-3des Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 803 28800 lifetime seconds 7200 pfs group5 authentication pre-shared ! Policy in Use (by 1 cryptomap/s) !crypto ipsec transform-set default esp-sha1-aes256 esp-sha1-3des esp-md5-aes256 esp-md5-3des Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 804 ALU2 The following example displays a the details for a specified crypto map: ALU# show crypto map india crypto map india ipsec-ike panchsheel peer 202.192.192.2 ! default transform set pfs group2 lifetime seconds 86400 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 805 The following is an example of the crypto policy with default values: ALU(config)# show crypto ike policy crypto ike policy sample ! proposal sha1-aes128 ! ipsec security-association lifetime seconds 28800 ! lifetime seconds 3600 ! pfs group2 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 806 XAMPLE ALU# show crypto ipsec transform-set crypto ipsec transform-set myset esp-md5-3des ! Transform-Set in Use (by 1 cryptomap/s) ALU# show crypto ipsec transform-set myset crypto ipsec transform-set myset esp-md5-3des Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 807 TUNNEL MODE Replay Detection Enabled: Yes ESP spi:0xc3fb59c time-left:28793secs/0kb esp-sa-id:12 Decaps:7 Decrypt:7 Auth:7 Errors:0 ********OUTBOUND******** ESP Algo:crypt:DES-CBC len:64 auth:SHA1-HMAC len:160 TUNNEL MODE Replay Detection Enabled: Yes ESP spi:0x541a7498 time-left:28793secs/0kb esp-sa-id:16 Encaps:7 Encrypt:7 Auth:7 Errors:0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 808 ALU(config)# show crypto rsa-key exampleKey # LENGTH = 512 -----BEGIN RSA PRIVATE KEY----- MIIBOwIBAAJBALrzr88JSfTvE9+n4+4oMrXvBuL4yTFtRESB0j9JgslrWtFz0Huv P16CNBVUSafTXmkpxHJXJWruAvgs3VkvA60CAwEAAQJATCC1Q6p1qj68qgOU5kMK O1mlRUGns+/Zr8fplInbrybL7aUyw0ZbOxwR47nhv2cPJmBEVYBgD3MJBpmoCoQ3 JQIhAPQF4cc793YnqQjDmMZlrU5EgW0+iTv7tZhBfu9Be6hzAiEAxCC2wzozczYb Vu34ghDwp8Bcr5dyRH1qqKXAWfhjO18CIHy5WOo1a0lYAhy5pKebJpZ/i0ukEA65 m9qjd1aguKyjAiEAsZOVJsppjyUsN9cbLFi+LITE5s9OzKhpi+0Xbd6xqi0CIQCR p2uSbE2LoC4r3XovZoVF1mLzZLrC3WZcMKRk0qeO0Q== -----END RSA PRIVATE KEY----- ALU(config)# show crypto rsa-key exampleKey public-key -----BEGIN PUBLIC KEY----- MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALrzr88JSfTvE9+n4+4oMrXvBuL4yTFt RESB0j9JgslrWtFz0HuvP16CNBVUSafTXmkpxHJXJWruAvgs3VkvA60CAwEAAQ== -----END PUBLIC KEY----- Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 809 CN=ALU, OU=Certificate Authority, C=US my-id DN /CN=Bart Simpson/O=ALU/C=US my-cert cert_Simpson ALU(config)# show crypto ike identity exampleIdentity crypto ike identity exampleIdentity peer-id user-fqdn selma_bouvier@ALU.com peer-ca CN=ALU, OU=Certificate Authority, C=US my-id DN /CN=Bart Simpson/O=ALU/C=US my-cert cert_Simpson Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 810 00:ba:f3:af:cf:09:49:f4:ef:13:df:a7:e3:ee:28: 32:b5:ef:06:e2:f8:c9:31:6d:44:44:81:d2:3f:49: 82:c9:6b:5a:d1:73:d0:7b:af:3f:5e:82:34:15:54: 49:a7:d3:5e:69:29:c4:72:57:25:6a:ee:02:f8:2c: dd:59:2f:03:ad Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 88:75:2D:47:AC:E8:AB:C3:5F:9F:E1:93:6B:7E:07:9C:A3:B0:24:CB X509v3 Authority Key Identifier: keyid:05:98:D2:25:D3:18:12:A1:C7:4B:7A:98:D2:D8:25:73:2B:6B:AE:B1 DirName:/CN=CA_0x01/O= serial:00 Signature Algorithm: md5WithRSAEncryption Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 811 <name> Displays the details of the specified peer show crypto peer-certificate certificate in the base64 pem format. [<name> [pem]] XAMPLE ALU(config)# show crypto peer-certificate cert_fred cert_barney cert_wilma Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 812 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: A8:80:7E:54:63:61:76:66:DE:E0:98:6C:10:31:6D:EB:1E:9D:4C:46 X509v3 Authority Key Identifier: keyid:A8:80:7E:54:63:61:76:66:DE:E0:98:6C:10:31:6D:EB:1E:9D:4C:46 DirName:/C=US/ST=Bedrock/CN=Fred Flintstone/ emailAddress=fred@flintstones.com serial:00 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: md5WithRSAEncryption 2d:b4:af:ef:cb:25:79:fe:11:9a:85:2e:a5:ef:27:9c:87:21: 00:c8:19:89:19:05:ae:6a:2f:d0:02:df:ba:70:e9:ac:81:29: f2:ff:dc:da:35:e4:d0:43:ec:ec:7c:73:24:c9:52:d8:c9:0a: 90:40:6f:64:df:0d:65:16:bf:96:22:fb:06:fb:6b:0b:17:24: c2:2e:33:0b:2d:f6:76:ec:8e:e7:9e:cc:4e:c6:fa:25:a2:7f: 4a:79:c9:ba:55:67:a9:74:4e:5e:30:ff:37:13:94:cd:db:47: 26:30:c6:19:38:31:62:12:70:5f:00:e7:80:01:2c:8a:da:d5: e0:e5 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 813 Heading1 or Heading1NewPage text (automatic) IPsec VPN Configuration ALU(config)# show crypto peer-certificate cert_fred pem -----BEGIN CERTIFICATE----- MIIC7DCCAlWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBeMQswCQYDVQQGEwJVUzEQ MA4GA1UECBMHQmVkcm9jazEYMBYGA1UEAxMPRnJlZCBGbGludHN0b25lMSMwIQYJ KoZIhvcNAQkBFhRmcmVkQGZsaW50c3RvbmVzLmNvbTAeFw0wNjA2MjIwNjU2MTNa Fw0wNjA3MjIwNjU2MTNaMF4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdCZWRyb2Nr MRgwFgYDVQQDEw9GcmVkIEZsaW50c3RvbmUxIzAhBgkqhkiG9w0BCQEWFGZyZWRA ZmxpbnRzdG9uZXMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMdzM1 ECyQan26CFuXaOvqkbvit6ydQpU2Otur0zgEOJs0GDEiaXjeETd/Hn8Qm7qWYOPd vXSTz9ytxafKaX/RdzM4amaJB2bSCNS4mD/gmRH4P3ibJ1GN7l7nKlo60tzc90W5 Ho7C7SpepSkDPatuLf1s68VyqFREpgNwTtA4MwIDAQABo4G5MIG2MB0GA1UdDgQW BBSogH5UY2F2Zt7gmGwQMW3rHp1MRjCBhgYDVR0jBH8wfYAUqIB+VGNhdmbe4Jhs EDFt6x6dTEahYqRgMF4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdCZWRyb2NrMRgw FgYDVQQDEw9GcmVkIEZsaW50c3RvbmUxIzAhBgkqhkiG9w0BCQEWFGZyZWRAZmxp bnRzdG9uZXMuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEA LbSv78slef4RmoUupe8nnIchAMgZiRkFrmov0ALfunDprIEp8v/c2jXk0EPs7Hxz JMlS2MkKkEBvZN8NZRa/liL7BvtrCxckwi4zCy32duyO557MTsb6JaJ/SnnJulVn qXROXjD/NxOUzdtHJjDGGTgxYhJwXwDngAEsitrV4OU= -----END CERTIFICATE----- Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 814 9 11:46:16 2006 GMT Signature Algorithm: md5WithRSAEncryption 45:6b:da:5f:10:09:77:7c:16:1e:a4:c2:aa:b6:3c:04:d1:ca: 4c:bc:9c:74:07:a7:a4:8a:09:cc:ad:e0:8b:9c:34:9d:05:c0: 63:3b:d7:01:9c:e0:29:44:38:e4:f8:e9:81:69:13:92:f4:14: f2:a6:7a:75:35:96:f5:12:3f:77:32:ef:c2:a7:28:4b:81:69: 10:a5:05:0d:dd:2f:73:20:70:58:b5:d9:2f:d9:13:c8:c1:20: c6:f7:34:c9:c0:23:06:b4:32:6c:65:48:06:78:18:48:fe:78: ab:ba:5c:a3:f5:0b:c8:64:95:5b:a6:27:c1:43:ca:d9:f5:d0: bd:5c XAMPLE ALU(config)# show crypto crl ca ALUCA pem -----BEGIN X509 CRL----- MIIBDzB6MA0GCSqGSIb3DQEBBAUAMCExEDAOBgNVBAMUB0NBXzB4MDExDTALBgNV BAoTBE5ldGQXDTA2MDEwOTExNDYzN1oXDTA2MDIwODExNDYzN1owKDASAgEBFw0w NjAxMDkxMTQ2MTJaMBICAQIXDTA2MDEwOTExNDYxNlowDQYJKoZIhvcNAQEEBQAD gYEARWvaXxAJd3wWHqTCqrY8BNHKTLycdAenpIoJzK3gi5w0nQXAYzvXAZzgKUQ4 5PjpgWkTkvQU8qZ6dTWW9RI/dzLvwqcoS4FpEKUFDd0vcyBwWLXZL9kTyMEgxvc0 ycAjBrQybGVIBngYSP54q7pco/ULyGSVW6YnwUPK2fXQvVw= -----END X509 CRL----- Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 815 10:4b:1a:98:c2:7d:b4:d0:cd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 05:98:D2:25:D3:18:12:A1:C7:4B:7A:98:D2:D8:25:73:2B:6B:AE:B1 X509v3 Authority Key Identifier: keyid:05:98:D2:25:D3:18:12:A1:C7:4B:7A:98:D2:D8:25:73:2B:6B:AE:B1 DirName:/CN=CA_0x01/O= serial:00 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: md5WithRSAEncryption 0c:0b:92:9c:1d:60:ac:62:e0:7f:f3:1d:9c:7b:e8:de:67:09: 43:a1:2e:47:d1:78:c1:17:f6:0c:aa:ef:51:55:e2:9b:5f:8a: 0e:9f:ba:51:55:57:48:2b:4c:8f:f7:6b:7c:65:4b:cf:99:b2: dc:83:2d:da:99:63:0c:ad:6b:33:66:19:91:ef:35:cb:dd:d8: 74:48:34:a6:40:c2:f0:8d:b6:8a:32:63:8c:f0:82:14:14:5a: a3:56:de:b1:50:42:6f:b3:0f:ea:f1:26:be:2e:ce:9e:61:f5: 24:c3:88:ab:13:42:70:82:80:f9:f1:d2:8f:02:d5:5b:62:ff: 3e:cc Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 816 <name> Displays the details of the specified CSR show crypto certificate- in the base64 pem format. request [<name> [pem]] XAMPLE ALU(config)# show crypto certificate-request req_Simpson req_Burns Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 817 00:ba:f3:af:cf:09:49:f4:ef:13:df:a7:e3:ee:28: 32:b5:ef:06:e2:f8:c9:31:6d:44:44:81:d2:3f:49: 82:c9:6b:5a:d1:73:d0:7b:af:3f:5e:82:34:15:54: 49:a7:d3:5e:69:29:c4:72:57:25:6a:ee:02:f8:2c: dd:59:2f:03:ad Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: md5WithRSAEncryption 57:7b:73:45:07:37:a3:c6:a3:fc:46:5d:a6:c7:00:b1:2c:c8: 15:00:8f:ef:47:c5:0d:fa:81:a3:82:90:15:76:ad:10:42:ef: 68:a5:58:5a:e8:7b:17:85:d3:2b:f5:c5:ca:ca:db:c1:f0:d5: a6:87:b6:0b:13:a2:35:2f:91:cb ALU(config)# show crypto certificate-request req_Simpson pem -----BEGIN CERTIFICATE REQUEST----- MIHtMIGYAgEAMDMxFTATBgNVBAMTDEJhcnQgU2ltcHNvbjENMAsGA1UEChMETmV0 RDELMAkGA1UEBhMCVVMwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuvOvzwlJ9O8T 36fj7igyte8G4vjJMW1ERIHSP0mCyWta0XPQe68/XoI0FVRJp9NeaSnEclclau4C +CzdWS8DrQIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQBXe3NFBzejxqP8Rl2mxwCx LMgVAI/vR8UN+oGjgpAVdq0QQu9opVha6HsXhdMr9cXKytvB8NWmh7YLE6I1L5HL -----END CERTIFICATE REQUEST----- Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 818: Clear Commands In Ipsec
As a result, the SA pair will be cleared and the tunnel will be brought down. Note: The sa-index must be a valid sa-index of an outbound SA. XAMPLE ALU# clear crypto ipsec sa all ALU# ALU# clear crypto ipsec sa 16 ALU# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 819: Ipsec Scenarios On Oa-700
28800 lifetime seconds 3600 pfs group2 !crypto ipsec transform-set default esp-sha1-aes256 esp-sha1-3des esp-md5-aes256 esp-md5-3des crypto map demomap ipsec-ike default peer 10.0.0.1 match m1 transform-set default pfs group2 ! Not Applied to Any Interface Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 820 Alternatively, you can modify the same rule. ALU(config)# match-list tunnel ALU(config-match-list-tunnel)# 1 ip prefix 10.91.0.0/24 prefix 10.0.0.0/24 ALU(config-match-list-tunnel)# 1 ip prefix 192.168.0.0/24 prefix 10.0.0.0/24 Note: The crypto map supports only one rule in a match-list. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 821 SPD. The modified rule should satisfy IPsec match-list criteria. DDING AN XTRA ULE TO THE ATCH LIST SED BY A RYPTO An extra rule cannot be added to a match-list if it is attached to a crypto map. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 822: Best Practices For Deploying Ipsec Vpn
It is up to you to decide upon the key length. It is recommended to use a minimum key length of 16 characters. Note: The OA-700 supports only unique preshared key to provide better security. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 823: Ipsec Access Control
PFS due to this reason. Enabling of PFS also depends upon the sensitivity of the data being tunneled. If the data mandates higher security, PFS can be enabled. The strength of Diffie-Hellman exponentiation is configurable. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 824: Network Address Translation
In addition, Internet Drafts such as IKE mode-configuration and vendor proprietary features increase the likelihood of interoperability challenges. For these reasons, check should be made with the vendor of the products for interoperability informations. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 825: Routing Entry
10.0.0.0/8 prefix 9.0.0.0/8 This is applied to the crypto map attached to interface gig3/1. Then, you should have a routing entry ip route 9.0.0.0/8 gig3/1 Otherwise the tunnel will not come up. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 826: Ipsec Nat-Traversal
RAVERSAL Command (in CM) Description This command is used to enable or disable crypto nat-traversal NAT traversal for IPsec on the OA-700. {enable|disable} By default, NAT Traversal is enabled. XAMPLE ALU(config)# crypto nat-traversal disable Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 827: Scenarios Depicting Ipsec Nat-Traversal
!crypto ipsec transform-set default esp-sha1-aes256 esp-sha1-3des esp-md5-aes256 esp-md5- 3des crypto map map1 ipsec-ike default peer 202.50.24.1 match m1 transform-set default pfs group2 ! Applied to : GigabitEthernet7/0 interface GigabitEthernet7/0 crypto map map1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 828 !crypto ipsec transform-set default esp-sha1-aes256 esp-sha1-3des esp-md5-aes256 esp-md5- 3des crypto map map1 ipsec-ike default peer 202.50.24.2 match m1 transform-set default pfs group2 ! Applied to : GigabitEthernet7/0 interface GigabitEthernet7/0 crypto map map1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 829: Ipsec Tunnel Interface
IPsec Tunnel Interface UNNEL NTERFACE Alcatel-Lucent provides support for IPsec in a tunnel mode with encryption, intended for secure site-to-site communications over an untrusted network. Currently IPsec can be configured through a crypto map and applied to a interface.In addition, IPsec as a tunnel interface is required so that, •...
Page 830: Default Configuration
Default IKE policy in crypto map: ‘default’ ike policy ii. Default transform set in crypto map: ‘default’ transform set iii. Default PFS group in crypto map: pfs group2. iv. Default lifetime in Seconds for a crypto map: 28800 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 831: Ipsec Tunnel Interface Configuration
“To Configure Transform-set in IPsec” Step 2: Configure IPsec Profile. See “To Configure IPsec Profile”. And, configure Profile related commands. Step 3: Enter Interface Configuration Mode ALU(config)# interface <name> Example: ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 832 Step 7: View the IPsec tunnel configuration. See “To View the IPsec Profile Configuration” Note: All the IPsec parameters related show commands are valid for this section also. For more details, see “IPsec VPN Show Commands” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 833: Ipsec Tunnel Interface Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) IPsec Tunnel Interface Configuration UNNEL NTERFACE ONFIGURATION Figure 32: IPsec Tunnel Interface Configuration Flowchart Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 834: Ipsec Tunnel Interface Configuration Commands
An IKE policy must be first detached from the profile to delete it globally. Note: If no IKE policy is attached to an IPsec profile, ‘default’ IKE policy is used. XAMPLE ALU(ipsec-profile-PF1)# ike-policy IKE1 ALU(ipsec-profile-PF1)# no ike-policy Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 835 IPsec profile. Note: If no PFS group is attached to an IPsec profile, group2 PFS is used. The ‘no’ command disables PFS no pfs completely. XAMPLE ALU(ipsec-profile-PF1)# pfs group2 ALU(ipsec-profile-PF1)# no pfs Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 836 The ‘no’ command detaches the specified no ike-identity IKE identity attached to a profile. Note: IKE identity should only be attached to an IPsec profile if the Authentication type is ‘rsa-sig’ XAMPLE ALU(ipsec-profile-PF1)# ike-identity ID01 ALU(ipsec-profile-PF1)# no ike-identity Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 837 Description This command is used to assign an IP ip address {<ip-address address and subnet mask to the tunnel subnet-mask>|<ip-address/ interface. prefix-length>} XAMPLE ALU(config-if Tunnel1)# ip address 20.20.20.20/24 ALU(config-if Tunnel1)# ip address 192.168.0.1 255.255.255.255 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 838 {<ip-address> configured source IP address of the |<interface-name>} tunnel. XAMPLE ALU(config-if Tunnel1)# tunnel source 2.2.2.1 ALU(config-if Tunnel1)# tunnel source GigabitEthernet7/0 ALU(config-if Tunnel1)# no tunnel source 2.2.2.1 ALU(config-if Tunnel1)# no tunnel source GigabitEthernet7/0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 839 Note: You cannot delete an IPsec profile that is applied to the interface. To delete, first detach the IPsec profile from the tunnel interface. XAMPLE ALU(config-if Tunnel1)# ipsec-profile PF1 ALU(config-if Tunnel1)# no ipsec-profile PF1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 840 [<profile-name>] XAMPLE ALU(config)# show crypto ipsec profile crypto ipsec profile PF1 ike-policy secret transform-set transet1 ike-identity ID01 pfs group2 lifetime seconds 28800 ! Applied to: interface Tunnel1 ipsec-profile PF1 ALU(config)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 841: Ipsec Tunnel Configuration Scenarios Using Oa-700
IPsec Tunnel Configuration Scenarios using OA-700 OA-700 UNNEL ONFIGURATION CENARIOS USING The OA-700 topology below consists of the following components: • 1 OA-700 • 1 Alcatel-Lucent Brick Figure 33: IPsec Tunnel Interface Configuration Topology Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 842 Consider a VPN Firewall Brick with specific IPsec tunnel configuration with tunnel source being 2.2.2.3 and tunnel destination as 2.2.2.1. ERIFICATION WITH OMMANDS Verify the configuration by using the ‘show crypto’ or ‘show crypto ipsec profile’ command. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 843: Intrusion Detection System
This chapter documents the Command Line Interface (CLI) commands for configuring IDS (Intrusion Detection System) on an interface. For instructions on using the commands and to get a detailed description on each of their parameters, refer to the “IDS” chapter in the OmniAccess 700 CLI Command Reference Guide. Note: IDS (IDS and IDS signature update) is a licensed feature, and not part of the basic security package.
Page 844: Ids Overview
IDS C ONFIGURATION Refer to the following sections to configure IDS: • “IDS Configuration Steps” • “IDS Configuration Flow” • “IDS Configuration Commands” • “IDS Show Commands” • “IDS Clear Commands” • “IDS Debug Commands” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 845: Ids Configuration Steps
ALU(config-firewall)# policy P1 ALU(config-firewall-policy-P1)# (For a detailed information on firewall, refer “Filter and Firewall” chapter.) Step 6: Attach the configured intrusion sensors to the firewall policy. See “To Create a Intrusion Rule Inside a Firewall Policy” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 846 Step 10: Attach the configured firewall policy to appropriate interfaces in the ingress direction of the interface. See “To Attach a Firewall Policy to an Interface” Step 11: View the intrusion sensor configuration using show commands. See “Show Commands” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 847: Ids Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) IDS Configuration IDS C ONFIGURATION Figure 34: IDS Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 848: Ids Configuration Commands
Detach the sensor from the firewall policy before deleting it. XAMPLE ALU(config)#firewall ALU(config-firewall)# intrusion sensor sensor1 snort threshold 10 1000 ALU(config-firewall-intrusion-sensor-sensor1)# ALU(config-firewall)# intrusion sensor sensor1 snort no threshold ALU(config-firewall)# no intrusion sensor sensor1 snort Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 849 Snort rule immediately or regularly on <url> {passive|rebuild}} the scheduled date and time. Use this command to remove the no update {passive|rebuild} scheduled Snort rule database update. XAMPLE ALU(config-firewall-intrusion-snort)# update instant https https://<uid:pwd>@ids.alu.com/signature.tar.gz rebuild Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 850 Left running head: Chapter name (automatic) Intrusion Detection System Note: It is preferable to upgrade the signatures from Alcatel-Lucent HTTPS server. For e.g., ‘update instant https https://<username:password@<server-name/ip>/signature.tar.gz passive/rebuild’. It will internally verify the signature versions and download the latest signatures.
Page 851 Serial Number"; classtype:bad-unknown; sid:1292; rev:8;) Modification of rule to $EXTERNAL_NET is shown below: ALU(config-firewall-intrusion-snort)# rule modify 1292 content alert tcp $EXTERNAL_NET any -> $EXTERNAL_NET any (msg:"ATTACK-RESPONSES directory listing"; flow:from_server,established; content:"Volume Serial Number"; classtype:bad-unknown; sid:1292; rev:8;) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 852 Currently, multiple match-lists cannot be associated to a firewall policy rule. To configure more than one match-list within a firewall policy, add multiple rules with different match-lists. XAMPLE ALU(config)#firewall ALU(config-firewall)#policy policy1 ALU(config-firewall-policy1)#1 match m1 intrusion sensor1 detection Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 853 Firewall policy is applied to the egress (outgoing) traffic if the “out” keyword is used. Note: The Firewall policy will take effect once it is attached to an interface. XAMPLE ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# firewall policy in P1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 854: Ids Show Commands
Command (in SUM) Description Use this command to display snort show firewall intrusion snort signature archives. archives XAMPLE ALU#show firewall intrusion snort archives Version no | Details Date of Download |Time of Downl- 2.3.0 Current initial Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 855 # we have started to see multiple versions of this beyond 003.003, so we have # expanded this signature to take that into account. alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"POLICY VNC server response";) --More-- Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 856 Command (in FwCM) Description Use this command to display the show firewall intrusion snort information of group of rules that are rule disable disabled. {category|classtype|priority| sid} XAMPLE ALU#show firewall intrusion snort rule disable SID Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 857 Use this command to display Snort rule show firewall intrusion snort statistics based on rule ID, category, statistics rule {<1- class type, or priority. 4294967295..>|all|category <name>|classtype <name>| priority {high|low|medium} XAMPLE ALU#show firewall intrusion snort statistics rule all Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 858 TATUS OF NORT IGNATURE PDATE Command (in SUM) Description Use this command to display the status show firewall intrusion snort of the Snort signature database update. update [(report|status)] XAMPLE ALU#show firewall intrusion snort update report Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 859: Ids Clear Commands
Command (in SUM) Description Use this command to clear group level clear firewall intrusion Snort statistics. snort statistics rule {<1- 4294967295..>|all|category <name>|classtype <name>| priority {high|low|medium} XAMPLE ALU#clear firewall intrusion snort statistics rule all num class-type class-type1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 860: Ids Debug Commands
<number>][output|permanent]| all [detail-level]} Notes: 1. saddr == source address 2. daddr == destination address 3. sport == source port 4. dport == destination port XAMPLE ALU# debug firewall intrusion ALU# no debug firewall intrusion Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 861: Ids Configuration Scenario Using Oa-700
1. To check firewall policy with IDS sensor information ALU#show firewall policy p1 ALU#show firewall intrusion sensor ids1 2. To verify firewall intrusion statistics and counters when device detects the intrusion ALU#show firewall intrusion snort statistics Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 862: Ids Topology
3 PCs - with 2 PCs running Nessus In the topology given below, OA-780 is configured in the Prevention mode. Attacks from PC-1 and PC-2 running application Nessus is intercepted by the OA-780 and dropped. Figure 35: IDS Topology Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 863: Generic Routing Encapsulation
For more detailed information on the parameter descriptions and their corresponding default values, refer to the OmniAccess 700 CLI Command Reference Guide. This chapter includes the configuration steps, CLI syntax with its description, and configuration examples. The commands are described in the sequential order of configuration.
Page 864: Gre Overview
Public addresses must be used for tunnel endpoint addresses. It is possible to use private IP addresses as the GRE tunnel interface IP address allowing a private address VPN to be carried over a public network. Alcatel-Lucent CLI Configuration Guide Beta...
Page 865: Gre Tunnel Features
Filters can be applied to GRE tunnel interfaces, which means that packet filtering with its corresponding benefits can be offered for GRE tunnels. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 866: Summary
Non IP Packets are not supported in the standard release. But it is available as a part of the component upgrade. • By default, when a tunnel is configured for a destination address, the mode is GRE. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 867: Gre Tunnel Configuration
Set the mode on the tunnel interface. See “To Configure Mode on a Tunnel Interface” (Optional) • Configure the tunnel source for the tunnel interface. See “To Configure Source IP Address for the Tunnel” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 868 Destination IP Address for the Tunnel” • Set the tunnel DF-BIT. See “To Set the Tunnel DF-BIT” (Optional) • To resolve tunnel source and destination. See “To Resolve Tunnel Source and Destination from a Different VRF” (Optional) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 869: Gre Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) GRE Tunnel Configuration GRE C ONFIGURATION Figure 36: GRE Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 870: Gre Configuration Commands
DDRESS ON A UNNEL NTERFACE Command (in ICM) Description This command is used to assign an IP ip address {<ip-address address and subnet mask to the tunnel subnet-mask>|<ip-address/ interface. prefix-length>} XAMPLE ALU(config-if Tunnel7)# ip address 20.20.20.20/24 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 871 {<ip-address> configured source IP address of the |<interface-name>} tunnel. XAMPLE ALU(config-if Tunnel7)# tunnel source 10.91.0.7 ALU(config-if Tunnel7)# tunnel source GigabitEthernet7/0 ALU(config-if Tunnel7)# no tunnel source 10.91.0.7 ALU(config-if Tunnel7)# no tunnel source GigabitEthernet7/0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 872 This command allows to resolve the tunnel vrf {<vrf-name> tunnel source and tunnel destination |default} from the specified VRF instead of the VRF associated with the tunnel interface. XAMPLE ALU(config-if Tunnel7)# tunnel vrf ALU-vrf1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 873: Gre Configuration Scenarios Using Oa-700
• • GRE + IP Filters + DoS • GRE over IPsec 1. GRE C ONFIGURATION The OA-700 topology below consists of the following components: • OA700-1 • OA700-2 Figure 37: GRE Configuration Topology Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 874 ALU-2(config)#interface tunnel 1 ALU-2(config-if Tunnel1)#ip address 192.168.0.2 255.255.255.0 ALU-2(config-if Tunnel1)#no shutdown b) Specify tunnel end-points ALU-2(config-if Tunnel1)#tunnel source 2.2.2.3 ALU-2(config-if Tunnel1)#tunnel destination 2.2.2.1 ERIFICATION WITH OMMAND Verfiry the configuration by issuing “show ip route” command. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 875: Gre + Ip Filters + Dos Configuration
GRE Configuration Scenarios using OA-700 2. GRE + IP F ILTERS ONFIGURATION Figure 38: GRE+ IP Filters + DoS Configuration Topology GRE + IP filters + Dos can be configured to deny/permit specific traffic through the GRE tunnel. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 876 Create firewall policy ALU-1(config)#policy p1 ALU-1(config-fiewall-p1)#match dos attack atk1 drop ALU-1(config-fiewall-p1)#exit d) Apply the firewall policy to the tunnel interface in the ingress direction ALU-1(config)#interface tunnel 1 ALU-1(config-if tunnel1)#firewall policy in p1 ALU-1(config-if tunnel1)#exit Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 877: Gre Over Ipsec Configuration
The following figure displays a typical scenario to configure GRE over IPsec: Figure 39: GRE + IPsec Configuration Topology IPsec is used for transport mode encryption for tunneled traffic only. Ensure tunnel end-point reachability from OA700-1. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 878 ALU-1(config)# crypto ipsec transform-set test esp-md5-des e) Configure a crypto map ALU-1(config)#crypto map test ipsec-ike test ALU-1(config-crypto-map-test)#peer 2.2.2.3 ALU-1(config-crypto-map-test)#match tunnel-traffic ALU-1(config-crypto-map-test)#transform-set test ALU-1(config-crypto-map-test)#pfs group2 f) Attach crypto map to the interface ALU(config)# interface GigabitEthernet7/1 ALU(config-if GigabitEthernet7/1)# crypto map test Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 879 ALU-2(config)# crypto ipsec transform-set test1 esp-md5-des e) Configure a crypto map ALU-2(config)#crypto map test1 ipsec-ike test1 ALU-2(config-crypto-map-test1)#peer 2.2.2.1 ALU-2(config)#match tunnel-traffic ALU-2(config)#transform-set test1 ALU-2(config)#pfs group2 f) Attach crypto map to the interface ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# crypto map test1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 880 Left running head: Chapter name (automatic) Generic Routing Encapsulation Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 881: Transparent Firewall
This chapter covers the Transparent Firewall (TF) configuration for the OA-700. For more detailed information on the parameter descriptions and their corresponding default values, refer to the OmniAccess 700 CLI Command Reference Guide. This chapter includes the configuration steps, CLI syntax with its description, and configuration examples.
Page 882: Tf Overview
• The TF framework allows ARP packets and IP packets to be bridged across the TF'ed interfaces. • The TF framework provides configuration for non-IP packets to be transparently bridged across the TF'ed interfaces. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 883: Tf Configuration
Configure a TF policy. See “To Configure a TF Policy” • Configure pass through protocol. See “To Configure Pass Through Protocol” Step 5: Use the show commands to view TF configuration. See “Show Commands in TF” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 884: Tf Configuration Flow
Left running head: Chapter name (automatic) Transparent Firewall TF C ONFIGURATION Figure 40: TF Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 885: Tf Configuration Commands
ALU(config)# interface GigabitEthernet3/0 ALU(config-if GigabitEthernet3/0)# transparent-forward TF1 interface Vlan 10 If the TF policy ‘TF1’ is attached to the GigabitEthernet3/0, the following command detaches it from the interface: ALU(config)# interface GigabitEthernet3/0 ALU(config-if GigabitEthernet3/0)# no transparent-forward Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 886 Note: By default, IP and ARP protocols are configured as passthrough protocols. The command removes the pass through no pass-through protocol {<1- configuration. 65535>|appletalk|ipx|nonip} XAMPLE ALU(config-transparent-forward-TF1)# pass-through protocol nonip ALU(config-transparent-forward-TF1)# no pass-through protocol nonip Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 887: Show Commands In Tf
XAMPLE ALU(config)# show transparent-forward ! Transparent-forward configuration interface GigabitEthernet7/1 transparent-forward interface GigabitEthernet7/0 exit transparent-forward tf pass-through protocol ipx exit interface GigabitEthernet7/0 transparent-forward tf interface GigabitEthernet7/1 exit ALU(config)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 888: Clear Commands In Tf
TF policies configured in the statistics [<tf-policy name>] system. If a TF policy is specified, then the statistics for the specified TF policy are cleared. XAMPLE ALU(config)# clear transparent-forward statistics Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 889: Tf Configuration On
ALU(config-if GigabitEthernet3/1)# transparent-forward TF1 interface GigabitEthernet 3/0 OMMANDS Verify the TF policy configuration by using the following show command: ALU(config)# show transparent-forward transparent-forward TF1 pass-through protocol ipx exit interface GigabitEthernet3/1 transparent-forward TF1 interface GigabitEthernet3/0 exit Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 890 Left running head: Chapter name (automatic) Transparent Firewall Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 891: Call Admission Controller
This chapter covers the Call Admission Controller (CAC) configuration for the OA- 700. For instructions on using the CAC commands and descriptions on each of their parameters with the corresponding default values, refer to the OmniAccess 700 CLI Command Reference Guide. This chapter includes the following sections: •...
Page 892: Cac Overview
Resources like CPU, memory availability can be used to make decision but cannot reserve. Link bandwidth can be reserved for specific calls and released when the call ends. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 893: Cac Functionality In Oa-700
Similarly, if egress QoS policy is applied, but priority bandwidth is not specified for ‘call traffic’, then too calls are permitted. In both these cases, call-threshold parameters are looked up if configured. Alcatel-Lucent CLI Configuration Guide Beta...
Page 894: Cac Configuration
“Common Classifiers” chapter, and refer to “Quality of Service” chapter for QoS configuration in this guide. Step 5: Configure an interface. Enter Interface Configuration Mode. ALU(config)# interface <name> Example: ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 895 “To Enable CAC on an Interface” Step 9: Enable priority call configuration. See “To Enable Priority Call Configuration” (Optional) Step 10: Use the show commands to view CAC configuration. See “Show Commands in CAC” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 896: Cac Configuration Flow
Left running head: Chapter name (automatic) Call Admission Controller CAC C ONFIGURATION Figure 41: CAC Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 897: Cac Configuration Commands
Command (in AC-CM) Description This command is used to create a CAC call-admission-control <cac- object. object-name> This command deletes the specified no call-admission-control CAC object. <cac-object-name> XAMPLE ALU(config-ac)# call-admission-control mycac1 ALU(config-ac-cac-mycac1)# ALU(config-ac)# no call-admission-control mycac1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 898 This command is used to remove the no protocol sip parameters set in a CAC object. [bandwidth|call-threshold] XAMPLE ALU(config-ac-cac-mycac1)# protocol sip bandwidth call- threshold 10 ALU(config-ac-cac-mycac1)# no protocol sip bandwidth Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 899 Other calls will be terminated gracefully. XAMPLE ALU(config)# interface GigabitEthernet7/0 ALU(config-if GigabitEthernet7/0)# admission-control cac mycac ALU(config-if GigabitEthernet7/0)# no admission-control cac mycac Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 900 <extension> {high|medium} The extension length should be of maximum 16 characters. This command unconfigures the no call-extension specified priority call. {exact|prefix} <extension> {high|medium} XAMPLE ALU(config-ac-cac-priority)# call-extension exact 9000 high ALU(config-ac-cac-priority)# no call-extension exact 9000 high Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 901: Show Commands In Cac
XAMPLE ALU(config)# show admission-control cac call-admission-control call-priority call-extension exact 911 high call-admission-control mycac1 protocol sip bandwidth call-threshold 10 interface GigabitEthernet7/0 admission-control cac mycac1 interface GigabitEthernet7/1 admission-control cac mycac1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 902 Call Threshold = 10 Active Call Count = 0 Priority Call Count = 0 Rejected Call Count = 0 Bandwidth Statistics Policy 2 Class 40 Total Bw = 1000000 bps Used Bw = 0 bps Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 903 XAMPLE ALU(config)# show admission-control statistics active-calls Interface: GigabitEthernet7/0 Protocol SIP : No. of Active Calls = 1 Priority Source IP Destination IP Call_id 5.5.5.1 2.2.2.2 5579eee99e407494 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 904: Clear Commands In Cac
(bandwidth/active count) for the specified active-calls interface call or all calls on an interface. This also <interface-name> [call-id releases CAC resources on the peer <extension>] interface of every call. XAMPLE ALU(config)# clear admission-control active-calls interface GigabitEthernet3/0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 905: Cac Configuration On Oa-700
Step 4: Apply QoS policy on the egress interface on which CAC is to be applied. ALU(config)# interface GigabitEthernet 7/0 ALU(config-if GigabitEthernet7/0)# no shutdown ALU(config-if GigabitEthernet7/0)# ip address 20.20.20.20/24 ALU(config-if GigabitEthernet7/0)# service-policy out cac-policy Attached QoS policy cac-policy to the interface. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 906: Verify Cac Configuration
Call Threshold = 20 Active Call Count = 0 Priority Call Count = 0 Rejected Call Count = 0 Bandwidth Statistics Policy 1 Class 10 Total Bw = 100000 bps Used Bw = 0 bps Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 907: Telephony Services
“Telephony Service Configuration” • “Telephony Service Configuration Example on OA-700” “Overview” section serves as an additional information on Telephony Service. You can skip this section, and directly go to the configuration section of this chapter. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 908: Chapter Conventions
Foreign Exchange Station Interactive Voice Response Music On Hold PSTN Public Switched Telephone Network PCRE PERL Compatible Regular Expression Remote Office Resiliency Session Initiation Protocol Small and Medium Enterprises Super User Mode - ALU# Voice Survivability Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 909: Overview
WAN links fail or goes down. So, some sort of voice related functionality needs to be made available at the branch office for proper functioning of local phones during the link failures. Alcatel-Lucent CLI Configuration Guide Beta...
Page 910 IP based call server running on it to provide communication between the local phones during survivability mode. It also shows a partner product being used as a PSTN gateway for external world connectivity of local phones during WAN link failure. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 911: Voice Survivability Process In Oa-700
ROR continuously finds the status of call servers/WAN link. And, directs the calls to alternate call severs (like secondary, tertiary) when primary is down. • The call server on OA-700 provides local server features. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 912 Call transfer • Caller ID/Caller ID blocking • Caller ID on call waiting • Do not disturb • Conference Note: Call forward, call transfer, special dial tone messages are not supported in this release. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 913: Specific Overview
The Call Server functionality/implementation uses freeSWITCH open source code distributed under the MPL License. freeSWITCH is used as a framework for delivering Voice over IP capabilities on the OmniAccess platform. Refer to www.freeswitch.org to find additional information on freeSWITCH. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 914: Additional Configuration On Oa-700 For Enhanced Telephony Service Functionality
It avoids network congestion by dropping connection requests that cannot be serviced with the required QoS parameters. For more information on CAC configuration on OA-700, see “Call Admission Controller” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 915: Telephony Service Configuration
If a third party PSTN gateway is being used for the external calls, then configuring dial plan rule for external calls is mandatory. Step 6: Use the show commands to view Call Server configuration. See “Show Commands in Telephony Service” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 916 Message Interval” • Configure IP address of the outbound proxy call server. See “To Configure Outbound Proxy” Step 7: Use the show commands to view Call Server configuration. See “Show Commands in Telephony Service” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 917: Telephony Service Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) Telephony Service Configuration ELEPHONY ERVICE ONFIGURATION Figure 44: OA-700 in Stand-alone Mode - Configuration Flow Figure 45: OA-700 in Survivability Mode - Configuration Flow Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 918: Telephony Service Configuration Commands
The telephony client name can be a maximum of 8 characters. Configuring VRF is mandatory if the WAN link is associated to a VRF. XAMPLE ALU(telephony-service)# telephony-identity address 3.3.3.50 name 2000 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 919 For more information on how to install the license, refer to “License Manager” chapter. This command disables telephony telephony disable functionality on OA-700. XAMPLE ALU(telephony-service)# telephony enable ALU(telephony-service)# telephony disable Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 920 Supports single VRF configuration across voice feature. The VRF being configured should be the one, which is configured on the WAN link. If the VRF is not specified, then the Default VRF is applied. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 921 2. You should configure mutually exclusive destination patterns for the dial plans. If default destination pattern matches any of the user defined dial plan rule, then the user defined rule will not be considered. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 922 2. In the following example, only 6 digits call will be successful: ALU(telephony-service)# telephony-default-dialplan dest-num- pattern [0-9]{6} 3. In the following example, calls to phones having 3 characters followed by 2 digits will be successful: ALU(telephony-service)# telephony-default-dialplan dest-num- pattern ([a-z]{3}[0-9]{2}) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 923 7. In the following example, calls with any number of digits will be successful except for four digit numbers. ALU(telephony-service)# telephony-default-dialplan dest-num- pattern (^(\d{4}))(\d+) 8. The following example removes the configured dial plan for local numbers, and reverts to its default pattern: ALU(telephony-service)# no telephony-default-dialplan Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 924 (Note: In the above example, 7 can appear more than once. The format 7{1,2,3} is not supported as curly braces does not support comma ",") ALU(telephony-service)# telephony-user-dialplan rule 2 pattern 2776407 user 2202 3.3.3.202 ALU(telephony-service)# telephony-user-dialplan rule 3 pattern \d+ user 3303 3.3.3.124 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 925 3.3.3.124. And, if the dialled number is 5000, then the call will be forwarded to 5000 @ 3.3.3.124. The following example removes the specified dial plan rule, and reverts to the default user defined dial plan. ALU(telephony-service)# no telephony-user-dialplan rule 1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 926 (1-4 seconds). The configured ‘retry after’ value will be considered only after getting the response for the keep alive. Retry Count X Retry After determines the time before the call servers are declared down. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 927 It is preferable to configure the IP address of the outbound proxy server on both the phone and OA-700. Also, the IP address of the outbound proxy server should not be the same as any of the ROR call servers. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 928: Show Commands In Telephony Service
Priority : 3 Status : False Survivability Mode : Enable Status : Active When no call servers are configured, OA-700 is in stand-alone mode. ALU(telephony-service)# show telephony status stand-alone Mode : enable Status : Active Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 929 =============================================================== User sij13@100.0.0.12 Contact <sip:sij13@3.3.3.101> Agent PolycomSoundPointIP-SPIP_300-UA/2.1.3.0028 Expires 2008-11-27 12:56:39 User sij13@100.0.0.10 Contact <sip:sij13@3.3.3.101> Agent PolycomSoundPointIP-SPIP_300-UA/2.1.3.0028 Expires 2008-11-27 12:54:42 User 3310@100.0.0.12 Contact <sip:3310@3.3.3.101> Agent PolycomSoundPointIP-SPIP_300-UA/2.1.3.0028 Expires 2008-11-27 12:56:44 User 3310@100.0.0.10 Contact <sip:3310@3.3.3.101> Agent PolycomSoundPointIP-SPIP_300-UA/2.1.3.0028 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 930 Displays the details regarding the type, show ror-keep-alive-message interval, and retry count for the keep alive details message. XAMPLE ALU(config)# show ror-keep-alive-message details keep_alive_message type is REGISTER keep_alive_message retry count 3 keep_alive_message retry interval 30 seconds Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 931 3310 1 total. ROR U PTIME Command (in SUM/CM) Description Displays the duration OA-700 was either show ror-uptime in survivability mode/stand-alone mode. XAMPLE ALU(config)# show ror-uptime 0:0:32 uptime is in hh:mm:ss format Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 932 1 retry-after 30 telephony-default-dialplan dest-num-pattern [0-9]{3} telephony-user-dialplan rule 1 pattern (2{1}(7,77,777)6{1}4{1}0{1}7{1})user 3301 3.3.3.124 telephony-user-dialplan rule 2 pattern 2776407 user 2202 3.3.3.202 telephony-user-dialplan rule 3 pattern \d+ user 3303 3.3.3.124 telephony-debug-level 6 ror-display-message interval 60 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 933: Debug Commands
Telephony Service features. 0 disables debugging. 1-7 specifies the depth of the debugging information to be viewed. Higher the number, detailed debugging information is displayed. The default debug level is 0. XAMPLE ALU(config)# telephony-debug-level 7 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 934: Telephony Service Configuration Example On Oa-700
Stand-alone Call Server to provide communication between the local phones. Also, a partner product is used as a PSTN gateway for external world connectivity of local phones during WAN link failure. Figure 46: OA-700 in Stand-alone Mode - Configuration Example Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 935: Configuration Steps
PSTN. All the calls destined to 1234 will be routed via the WAN link, provided the link is up. OMMANDS Verify the telephony configuration and status by using the show commands like, • show telephony status • show telephony config Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 936: In Survivability Mode
Also, a partner product is used as a PSTN gateway for external world connectivity of local phones during WAN link failure. Figure 47: OA-700 in Survivability Mode - Configuration Example Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 937: Configuration Steps
But with telephony service running on OA-700, when all the call servers are down, the system goes to the Survivability Mode, which means all the calls are now routed through OA-700. Any calls outside the local network is routed to the PSTN. Alcatel-Lucent CLI Configuration Guide Beta...
Page 938: Show Commands
Left running head: Chapter name (automatic) Telephony Services OMMANDS Verify the telephony configuration and status by using the show commands like, • show telephony status • show telephony config Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 939: Part 7: Quality Of Service
To switch to the beta version, import color def’ns from beta-colors.fm To switch to the beta version, import color def’ns from beta-colors.fm Part 7 Quality of Service Pagination: Numeric & continuous Optional footer: Alcatel-Lucent with Manual title (to set, preceding redefine ManualTitle CLI Configuration Guide section of Beta...
Page 940 Left running head: Chapter name (automatic) Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 941: Quality Of Service
Class Map configured - ALU (config-class-map)# Policy-map Mode Policy Map configured - ALU (config-policy-map)# Class Mode Traffic-class inside a policy-map- ALU (config-policy-map- class)# DSCP Differentiated Services Code Point Random Early Detection WRED Weighted Random Early Detection Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 942: Qos Overview
QoS treatment. We can use IP Precedence to assign values from 0 to 7 to classify and prioritize types of traffic. RED (Random Early Detection) is a congestion avoidance technique. WRED WRED (Weighted Random Early Detection) is also a congestion avoidance technique. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 943 (EF) XPEDITED ORWARDING The intent of the EF Per-Hop Behavior (PHB) is to provide a building block for low loss, low delay and low jitter services. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 944: Alcatel-Lucent Specific Overview On Qos
The class-default traffic class is a non-priority class. • Priority and network-control commands are not applicable for class-default traffic class. 4. Congestion Management • Tail Drop • Active queuing using WRED • Ingress traffic conditioning Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 945 Hierarchical up to 4 levels. 9. Bandwidth Management • Priority Queuing (Bandwidth Allocation) • Weighted Fair Queuing • CBQ (Class Based Queuing) 10. Management Support • • Support for simple configuration (Auto QoS) • Web GUI Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 946: Traffic Without Policing And Shaping
Figure 48: Data Traffic before Policing And Shaping In the above diagram, the portion marked red implies the packet flow exceeding the allowed bandwidth level. If QoS is not implemented, all these packets are dropped. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 947: Traffic With Policing
Figure 49: Data Traffic with Policing The diagram above depicts the traffic flow after implementing Policing. Here, the packets exceeding the available bandwidth are all dropped. This provides for a decent flow of traffic. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 948: Traffic With Shaping
The above diagram depicts the traffic flow after implementing Shaping. Here, the packets are all shaped and queued. The packets exceeding the available bandwidth, is queued up and there is no loss of data. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 949: Hierarchical Queuing
Case class will have more than two branches, for e.g., it could be specific IP source address with all the TCP ports as a leaf nodes. Root class is the tree root. Alcatel-Lucent CLI Configuration Guide Beta...
Page 950 Left running head: Chapter name (automatic) Quality of Service Figure 52: Link Sharing Solution Hierarchical queues are configured using ‘service-policy’ command within a policy. Thus policy-in-a-policy configuration provides hierarchal link sharing structure. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 951: Bandwidth Sharing In Tunnels
Also, in order to mange congestion on the physical interface, a policy has to be created on the physical interface, and this policy must include tunnel policy as child policy. Alcatel-Lucent CLI Configuration Guide Beta...
Page 952: Qos Configuration
ALU(config-if GigabitEthernet7/0)# no shutdown Step 3: Configure IP address for the interface ALU(config-if <interface-name>)# ip address {<ip- address subnet-mask>|<ip-address/prefix-length>} Example: ALU(config-if GigabitEthernet7/0)# ip address 20.20.20.20/24 Step 4: Configure Auto QoS. See “Auto QoS Configuration” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 953 Step 7: Administratively bring up the interface ALU(config-if <interface-name>)# no shutdown Example: ALU(config-if GigabitEthernet7/0)# no shutdown Step 8: Configure IP address for the interface ALU(config-if <interface-name>)# ip address {<ip- address subnet-mask>|<ip-address/prefix-length>} Example: ALU(config-if GigabitEthernet7/0)# ip address 20.20.20.20/24 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 954 QoS Optional Parameters • Configure attributes of a Traffic Class. See “Traffic Class Attributes Configuration” • Configure Hierarchical Policy. See “Hierarchical Policy Configuration” • Configure QoS over Tunnel Interface. See “QoS over Tunnel Interface” Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 955: Qos Configuration Flow
Except on the first page, right running head: Heading1 or Heading1NewPage text (automatic) QoS Configuration ONFIGURATION Figure 54: QoS Configuration Flow - Auto QoS Procedure Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 956 Left running head: Chapter name (automatic) Quality of Service Figure 55: QoS Configuration Flow - Standard Procedure Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 957: Qos Configuration Commands
This command enters the class-map sub-configuration mode. Default match-list relationship of a class- map is ‘match-any’. Deletes a configured class-map. no class-map <class-map name> XAMPLE ALU(config)# class-map C1 match-all ALU(config-qos-C1)# ALU(config)# no class-map C1 Class-Map C1 removed. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 958: Policy Map Configuration
Note: You cannot remove a policy map if it has been attached to an interface either in ingress or egress direction. XAMPLE ALU(config)# policy-map P1 ALU(config-qos-P1)# ALU(config-qos-P1)# no policy-map P1 Policy-map P1 deleted. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 959 It will not match any traffic. This command removes a traffic class no class <class-map name> associated with the policy map. XAMPLE ALU(config-qos-P1)# class C1 ALU(config-qos-P1-C1)# ALU(config-qos-P1-C1)# class class-default ALU(config-qos-P1-class-default)# ALU(config-qos-P1)# no class C1 Class C1 removed. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 960: Attaching A Policy Map To An Interface
3. You cannot attach a policy map on the tunnel interface in the ingress direction. XAMPLE ALU(config)# interface GigabitEthernet 7/0 ALU(config-if GigabitEthernet7/0)# service-policy in P1 ALU(config)# interface GigabitEthernet 7/0 ALU(config-if GigabitEthernet7/0)# no service-policy in P1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 961: Traffic Class Attributes Configuration
Excess Burst is utilized if configured. If packet cannot be transmitted (due to lack of tokens), packet is dropped and no tokens are removed from the bucket. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 962 FR interface. |transmit}] [peak-rate <8000-10000000>] This command removes the configured no police police on the traffic class of the policy map. Refer ‘Appendix B - QoS Values and Mnemonics’ for IP-DSCP, IP-Precedence, and ToS mnemonics. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 963 - Network-control class will have the highest priority among all the traffic classes. - Priority class will have the next priority. - Default class has the least priority. XAMPLE ALU(config-qos-P1-C1)# network-control ALU(config-pmap-P1-C1)# no network-control Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 964 <10-3500> scheduler for the traffic class. This command deletes the configured no queue-limit queue-limit. By default, a traffic class will have a queue limit of 150. XAMPLE ALU(config-qos-P1-C1)# queue-limit 155 ALU(config-qos-P1-C1)# no queue-limit Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 965 This command is used to enable fair fair-queue queue on the Default Class. This command disables fair queue on no fair-queue the Default Class. XAMPLE ALU(config-qos-P1-C1)# class class-default ALU(config-qos-P1-class-default)# fair-queue Note: Fair queuing is not applicable on hierarchical queuing. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 966 To enable this, use ‘random- detect ip-dscp’ command. Note: The queue limit of the traffic class should be greater than the max threshold value. And, for optimal results, difference between the two values should be minimum 10. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 967 Refer ‘Appendix - QoS Values and Mnemonics’ for IP-precedence and IP-dscp default values. XAMPLE ALU(config-qos-P1-C1)#random-detect ip-precedence ALU(config-qos-P1-C1)# random-detect ip-dscp 5 min-thresh 60 max-thresh max-thresh 600 ALU(config-qos-P1-C1)# no random-detect ALU(config-qos-P1-C1)# no random-detect ip-precedence ALU(config-qos-P1-C1)# no random-detect values Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 968 1-100 - bandwidth in percentage. This command removes the bandwidth no bandwidth configuration. Note: You cannot mix the absolute bandwidth command with percentage bandwidth command across policy hierarchy. XAMPLE ALU(config-pmap-P1-C1)# bandwidth 101 ALU(config-pmap-P1-C1)# no bandwidth Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 969 This command removes the priority no priority attribute of the traffic-class and the configured bandwidth. Note: You cannot mix the absolute bandwidth command with percentage bandwidth command across sibling classes. XAMPLE ALU(config-pmap-P1-C1)# priority bandwidth 101 ALU(config-pmap-P1-C1)# no priority Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 970: Auto Qos Configuration
This command enables Auto QoS VoIP auto qos voip on an interface. This command disables Auto QoS VoIP no auto qos voip on an interface. XAMPLE ALU(config-if Serial0/1:3)# auto qos voip ALU(config-if Serial0/1:3)# no auto qos Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 971 Interface”. This command removes the specified no auto qos template {diff- Auto QoS template. serv|voip} <policy-map name> XAMPLE ALU(config)# auto qos template voip p1 ALU(config)# no auto qos template voip p1 Auto-QoS template removed Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 972: Hierarchical Policy Configuration
ALU(config-qos-p1)# class c1 ALU(config-qos-p1-c1)# ALU(conifg)# policy-map p2 ALU(config-qos-p1)# class c2 ALU(config-qos-p1-c2)# Now, policy p2 can be included in the policy p1 using the ‘service-policy command. ALU(conifg)# policy-map p1 ALU(config-qos-p1)# class c1 ALU(config-qos-p1-c1)# service-policy p2 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 973 In this case, the class c2 will get 10% of the zero (class c11 share is 0). It is the time of the congestion but if the bandwidth is unused by the other classes, then c2 can have some bandwidth (10% of available bandwidth). Alcatel-Lucent CLI Configuration Guide Beta...
Page 974 ALU(conifg)# policy-map p2 ALU(config-qos-p2)# class c2 ALU(config-qos-p2-c2)# ALU(config-qos-p1-c1)# service-policy p2 In the above example, class c2 is child of the class c1. c1 is random-detect enable, it implies that c2 is also random-detect enable. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 975 ALU(config-qos-p1)# class c1 ALU(config-qos-p1-c1)# queue-limit 150 ALU(conifg)# policy-map p2 ALU(config-qos-p2)# class c2 ALU(config-qos-p2-c2)# ALU(config-qos-p1-c1)# service-policy p2 In the above example, class c2 will also have queue limit 150, which is inherited from its parent class. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 976 Queue limit for class c11 = (150+ 250)/2 Queue limit for class c11 = 200 You are not allowed to configure the queue limit of a parent class if one of its child is having the queue limit configured. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 977: Qos Over Tunnel Interface
Tunnel command is just like a class command in a policy map. The only difference is that service-policy command is not allowed in this mode. The commands like bandwidth, priority, shape, random-detect is allowed in this mode. XAMPLE ALU(config-qos-P1)# tunnel Tunnel 1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 978 This command is entered in the Tunnel qos-preclassify Interface Mode. This command is used to enable pre- classification on the tunnel interface. This command disables the pre- no qos-preclassify classification. XAMPLE ALU(config)# interface tunnel 1 ALU(config-tunnel1)# qos-preclassify ALU(config-tunnel1)# no qos-preclassify Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 979: Qos Show Commands
This command shows the details of all or show policy-map [<name>] specified policy map configured in the system. XAMPLE ALU(config)# show policy-map P1 policy-map p1 interface serial0/0:0 EGRESS 10 class cm_ef random-detect ip-dscp 20 class cm_af11 65535 class class-default Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 980 {ip-dscp|ip-precedence} XAMPLE ALU(config)# show random-detect-defaults ip-dscp ip-dscp Min-Thresh Max-Thresh Drop-Probability af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 ALU(config)# show random-detect-defaults ip-precedence ip-precedence Min-Thresh Max-Thresh Drop-Probability Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 981 0 bytes total, 0 packets transmitted, 0 bytes transmitted, 0 packets dropped, 0 bytes dropped, Class L2-network-control 0 packets total, 0 bytes total, 0 packets transmitted, 0 bytes transmitted, 0 packets dropped, 0 bytes dropped, Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 982 Bytes dequeued 0 class c1 Packets dropped 0 Packets dequeued 0 Bytes dequeued 0 interface GigabitEthernet7/1 service-policy out p1 class class-default Packets dropped 0 Packets dequeued 0 Bytes dequeued 0 Queue length (Packets) 0 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 983 0 min-thresh 50 max-thresh 150 policy-map p2 class c2 police committed-rate 1000000 commit-action transmit committed- burst 1600 exceed-action drop excess-burst 2600 violate-action drop interface GigabitEthernet7/0 service-policy in p1 interface GigabitEthernet7/1 service-policy out p1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 984 90000 committed-burst 6000 police committed-rate 9600 commit-action drop committed-burst 1500 exceed-action drop excess-burst 2000 violate-action transmit queue-limit 155 random-detect ip-dscp 0 min-thresh 50 max-thresh 150 interface GigabitEthernet7/0 service-policy in p1 interface GigabitEthernet7/1 service-policy out p1 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 985 100 max-threshold 300 random-detect ip-dscp class autoqos-class-af4 match ip any any dscp af41 match ip any any dscp af42 match ip any any dscp af43 bandwidth percent 20 queue-limit 350 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 986 5060 network-control set ip-dscp af31 class autoqos-voip-data-class match any udp any any type rtp udp any any type rtcp priority bandwidth percent 70 set ip-dscp ef class-default fair-queue set ip-dscp default Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 987: Qos Clear Commands
Success : Cleared egress stats for interface GigabitEthernet 7/0. EBUG OMMANDS EBUG REDITS Command (in SUM/CM) Description This command is used to get the credits qos credits debug used for all the interfaces. XAMPLE ALU(config)# qos credits debug Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 988: Qos Test Scenarios On Oa-780
1. Define Class-maps to Match Egress Traffic ALU(config)#match-list allow-traffic ALU(config-match-list-allow-traffic)#ip host 192.168.1.2 host 192.168.2.2 ALU(config)#class-map class1 ALU(config-cmap)#match any allow-traffic ALU(config-cmap)#exit 2. Define Policy-map With Class-names ALU(config)#policy-map flow-policy ALU(config-qos-flow-policy)#class class1 ALU(config-qos-flow-policy-class1)#shape committed-rate 5000000 commited-burst 1600 ALU(config-qos-flow-policy-class1)#exit Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 989: Priority Queuing
(by virtue of its high priority), ping will still go through even though IP traffic is dropped. 1. Define Class-maps to Match ICMP Egress Traffic ALU(config)#match-list icmp-traffic ALU(config-match-list-icmp-traffic)#icmp any any ALU(config)#class-map priority-traffic ALU(config-class-map priority-traffic)#match any icmp-traffic ALU(config-class-map priority-traffic)#exit Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 990 Since all egress traffic are given same treatment by OA-780, ping gets dropped randomly along with IP traffic. 2. By configuring Priority on OA-780, we can verify that IP traffic gets dropped without compromising ICMP. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 991: Qos On Frame Relay (Per-Pvc Queuing)
One of the examples is credit limit. Note: Currently, maximum 16 sub-interfaces can be created on a FR interface. So, there will be 17 PVCs (including the main interface) on a FR interface. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 992: Frame Relay Queuing And Fragmentation At The Interface
FR interface. • The QoS policy attached to the main/sub interface will be added as a child policy of the corresponding DLCI class, and the queuing will be based on the Hierarchical queuing techniques. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 993: Alcatel-Lucent Specific Overview
HQ is possible (including DLCI class). Whenever the tunnel policy will be added to the physical interface policy, it will add another two levels (i.e. one for DLCI class, another for tunnel class). Alcatel-Lucent CLI Configuration Guide Beta...
Page 994: Qos On Fr Configuration Steps
Creation of a channel-group is a pre-requisite for configuring a Serial Interface on a T1 or an E1 controller. Step 4: Administratively bring up the controller. ALU(config-controller T1)# no shutdown Step 5: Exit from the controller mode ALU(config-controller T1)# exit ALU(config)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 995 Step 8: Configure IP address for the interface ALU(config-if <interface-name>)# ip address {<ip- address subnet-mask>|<ip-address/prefix-length>} Example: ALU(config-if Serial0/0:0)# ip address 20.20.20.20/24 Step 9: Set FR encapsulation on the interface. ALU(config-if <interface-name>)# encapsulation frame- relay Example: ALU(config)#interface Serial0/0:0 ALU(config-if Serial0/0:0)# encapsulation frame-relay Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 996 Step 12: Configure QoS policy on the FR Interface. See “To Attach a Policy Map to a FR Interface” (Optional) For more information on configuring policy map, refer to “QoS Configuration” in this chapter. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 997: Qos On Fr Configuration Commands
In the above example, P1 is the QoS policy map attached to the interface. Configurations for the QoS policy map is not shown in this section. For more information on configuring policy map and other QoS attributes, refer to “QoS Configuration” in this chapter. Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 998: Qos On Fr Sub Interface Configuration Commands
“QoS on FR Configuration Steps” Note: If you are configuring FR on a sub-interface on a Serial interface (V.35/X.21), configure a sub-interface using the following command: ALU(config)# interface Serial <slot/port>.subchannel ALU(config-if Serial<slot/port.subchannel>)# Example: ALU(config)#interface Serial0/0.1 ALU(config-if Serial0/0.1)# Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 999: Qos On Fr Show Commands
Description This command displays the bandwidth show qos frame-relay configuration details on the FR bandwidth-config interfaces. XAMPLE ALU(config)# show qos frame-relay bandwidth-config interface Serial0/2 frame-relay qos-bandwidth percent 10 interface Serial0/2.0 frame-relay qos-bandwidth percent 90 Alcatel-Lucent CLI Configuration Guide Beta Beta...
Page 1000 Left running head: Chapter name (automatic) Quality of Service Alcatel-Lucent CLI Configuration Guide Beta Beta...