1. Manuals
  2. Brands
  3. Foundry Networks Manuals
  4. Network Router
  5. AR1208
  6. User manual

Foundry Networks AR1208 User Manual

Ar-series
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Foundry AR-Series Router User Guide
For AR1202, AR1204, AR1208, AR1216, AR3201-CH/CL, and AR3202-CH/CL Routers
2100 Gold Street
P.O. Box 649100
San Jose, CA 95164-9100
Tel 408.586.1700
Fax 408.586.1900
June 2004
June 2004
© 2004 Foundry Networks, Inc.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the AR1208 and is the answer not in the manual?

Questions and answers

Related Manuals for Foundry Networks AR1208

Summary of Contents for Foundry Networks AR1208

  • Page 1 Foundry AR-Series Router User Guide For AR1202, AR1204, AR1208, AR1216, AR3201-CH/CL, and AR3202-CH/CL Routers 2100 Gold Street P.O. Box 649100 San Jose, CA 95164-9100 Tel 408.586.1700 Fax 408.586.1900 June 2004 June 2004 © 2004 Foundry Networks, Inc.
  • Page 2 You are not permitted to use these Marks without the prior written consent of Foundry or such appropriate third party. Foundry Networks, BigIron, FastIron, IronView, JetCore, NetIron, ServerIron, TurboIron, IronWare, EdgeIron, IronPoint, AccessIron, the Iron family of marks and the Foundry Logo are trademarks or registered trademarks of Foundry Networks, Inc.

  • Page 3: Table Of Contents

    ENSITIVE OMMANDS ...2-2 OMMAND ONVENTIONS ...2-3 BBREVIATED OMMANDS CLI N ...2-4 AVIGATION ...2-4 AVIGATION ...2-4 OMMAND ...2-4 ...2-5 UESTION CREEN ...2-6 LOBAL OMMANDS HAPTER ... 3-1 OLICY OMMANDS June 2004 ... 2-1 ...2-1 ...2-5 © 2004 Foundry Networks, Inc. Contents...
  • Page 4 SHOW IP ROUTES ...3-3 ...3-4 COMMUNITY ...3-5 COMMUNITY ...3-6 ...3-10 ...3-11 PATH ...3-12 ...3-13 ADDRESS ...3-14 ...3-15 PATH ...3-16 ...3-17 ...3-18 PREFERENCE ...3-19 ...3-20 TYPE ...3-21 (PIM) ...4-4 VPN ...4-4 ... 5-1 ... 6-1 © 2004 Foundry Networks, Inc. June 2004...
  • Page 5 ...7-14 ...7-16 INTERVAL ...7-17 ...7-18 ORIGINATE ...7-19 ...7-20 LIST ...7-21 MULTIHOP ...7-22 LIST ...7-23 ...7-24 ...7-25 PREFIX ...7-26 GROUP ...7-27 SELF ...7-28 ...7-29 ...7-30 ...7-31 SOURCE ...7-32 ...7-33 ...7-34 ...7-35 ...7-36 ... 8-1 ...8-2 © 2004 Foundry Networks, Inc. Contents...
  • Page 6 LINK HELLO INTERVAL LINK RETRANSMIT INTERVAL ...9-18 LINK TRANSMIT DELAY ...9-19 ...9-20 ...9-21 ...9-22 EXTERNAL ...9-23 ...9-24 ...9-25 ...9-26 INTERVAL ...9-27 INTERVAL ...9-28 ...9-29 ...9-31 INTERVAL ...9-32 ...9-33 INTERVAL ...9-34 DELAY ...9-35 ...9-36 © 2004 Foundry Networks, Inc..9-17 June 2004...
  • Page 7 June 2004 ...9-37 ...9-38 ...9-39 ...9-40 ...9-41 ... 10-1 ...10-5 ...10-6 SUMMARY ...10-7 ...10-8 ...10-9 ...10-10 ...10-11 ...10-12 ...10-16 ...10-17 ...10-21 ...10-22 ...10-23 ...10-26 ... 11-1 ...11-3 METRIC ...11-4 ...11-5 ...11-6 ...11-7 LIST ...11-8 ...11-9 © 2004 Foundry Networks, Inc. Contents...
  • Page 8 ULTIPATH OMMANDS viii ...11-10 ...11-11 ...11-12 HORIZON ...11-16 ...11-17 ...11-18 ...11-19 ...11-20 ...11-22 ...11-23 ...11-24 ...12-7 ...12-8 ... 13-1 ) ...13-1 REGEX (PIM) ...14-1 OURCE PECIFIC ULTICAST (IGMP) ...14-4 ROTOCOL ...14-6 © 2004 Foundry Networks, Inc. (PIM-SSM) ...14-3 June 2004...
  • Page 9 VPN ...15-2 AR1204 O OUNDRY VER AN IP S ETWORKS WITH AN ECURITY UNNEL USING ...15-28 CCESS EMOTE CCESS TO ORPORATE ...15-50 ...15-58 ...15-61 LGORITHMS ...15-62 © 2004 Foundry Networks, Inc. Contents ...15-3 UNNEL ...15-10 UNNEL .15-19 ULTIPLE ROPOSALS WITH ONFIGURATION...

  • Page 10: Chapter 1 Getting Started

    WARNING: A warning calls your attention to a possible hazard that can cause injury or death. CAUTION: A caution calls your attention to a possible hazard that can damage equipment. June 2004 © 2004 Foundry Networks, Inc. Chapter 1 Getting Started 1 - 1...

  • Page 11: Related Publications

    Foundry AR-Series Router User Guide Related Publications The following Foundry Networks documents supplement the information in this guide. • Release Notes Printed release notes provide the latest information. If release notes are provided with your product, follow the instructions contained within them instead of those provided in other documentation.
  • Page 12 Time and rate limiting Denial of Service protection Network attack detection Application Level Gateway support Packet-level logging and syslog support June 2004 AR1202 AR3201-T-CL AR1204 AR3202-T-CL AR1208 AR1216 © 2004 Foundry Networks, Inc. Getting Started AR3201-T-CH AR3202-T-CH 1 - 3...
  • Page 13 SNMP Monitoring syslog Statistics Alarms Diagnostics BERT Loopback testing Traceroute Reverse Telnet Specialized Hospitality Web Redirection Features 1 - 4 AR1202 AR3201-T-CL AR1204 AR3202-T-CL AR1208 AR1216 optional on the AR1202 AR1204 © 2004 Foundry Networks, Inc. AR3201-T-CH AR3202-T-CH June 2004...

  • Page 14: How To Get Help

    Table 1.1: Feature Supported in AccessIron Devices (Continued) Category Feature Timed Access List How to Get Help Foundry Networks technical support will ensure that the fast and easy access that you have come to expect from your Foundry Networks products will be maintained. Web Access • http://www.foundrynetworks.com...
  • Page 15 Foundry AR-Series Router User Guide 1 - 6 © 2004 Foundry Networks, Inc. June 2004...

  • Page 16: Command Line Interface

    Some commands are context-sensitive. Once a module, bundle, or Ethernet port has been selected for configuration, all further configuration applies only to the selected interface. Table 2.1: shows a context-sensitive command string for a AR1208 system. In this example, T1 link 1 remains selected for configuration until you exit from the Foundry-AR1208/configure/module/t1# prompt.

  • Page 17: Command Conventions

    The second occurence of the word “connections” must NOT be entered because it is followed by a setting enclosed in angled brackets. This value of the setting must be entered to execute the command. © 2004 Foundry Networks, Inc. June 2004...

  • Page 18: Abbreviated Commands

    Prompts and commands that are part of the main prompt are shown in normal type. Examples: Foundry-AR1208# Foundry-AR1208/show# All character strings that a user must enter to execute a command are in bold type. Example: Foundry-AR1208# configure term © 2004 Foundry Networks, Inc. Command Line Interface 2 - 3...

  • Page 19: Cli Navigation

    Type help at the main CLI prompt to see the basic Foundry system help information. Or, type help followed by a command name to view information about that command. shows the help screen. 2 - 4 © 2004 Foundry Networks, Inc. June 2004...

  • Page 20: Tree

    (or the routing mode for example). Figure 2.3 shows two command tree examples. If you type tree at the main (Foundry-AR1208# or equivalent) prompt, the entire list of system commands appears. If you type tree within a command mode, such as Foundry-AR3201-CH/clear# tree, the commands associated with this command mode are displayed.

  • Page 21: Global Commands

    Similarly, the ping and save commands are available at any level of the CLI command. The ping command verifies connectivity between the Foundry system and other network hosts; access to the save commands from anywhere in the CLI ensures that your configurations may be saved periodically. 2 - 6 © 2004 Foundry Networks, Inc. June 2004...
  • Page 22 The CLI commands show and display can be used interchangeably. NOTE: The tab completion feature is not currently available for global commands. June 2004 time name -------- AR0x_###x AR0x_###y system.cfg oldsystem.cfg AR0x_###z © 2004 Foundry Networks, Inc. Command Line Interface 2 - 7...
  • Page 23 Foundry AR-Series Router User Guide 2 - 8 © 2004 Foundry Networks, Inc. June 2004...

  • Page 24: Policy Commands

    This chapter provides information about routing policy commands that are supported by Foundry. configure policy This command provides access to the next-level commands. related commands: configure policy as_path configure policy community_list configure policy ip_access_list configure policy route_map June 2004 © 2004 Foundry Networks, Inc. Chapter 3 Policy Commands 3 - 1...

  • Page 25: Applicable Systems

    [ no ] policy as_path access_list < n > number < n > action < deny | permit > regular_expression < “string” > example: Foundry-AR1208/configure# policy as_path 1 120 permit “100” example: Foundry-AR1208/configure# policy as_path 1 121 deny “.* 101 .*” applicable systems: All models. 3 - 2 ©...

  • Page 26: Related Commands

    The route will even be matched if the community path attribute is not present. Any number of community list lines may be declared. They are evaluated in the order declared. related commands: configure policy community_list extended_community configure policy community_list standard_community June 2004 © 2004 Foundry Networks, Inc. Policy Commands 3 - 3...
  • Page 27 > [ community < n > ] [ generate _local_as < local_as > ] [ aa_nn < n > ] [ generate_no_advertise < no_advertise > ] [ generate_no_export < no_export > ] example: Foundry-AR1208/configure# policy community_list extended_community 100 1 deny community 44 45 local_as aa_nn 400:500 no_advertise applicable systems: All models.
  • Page 28 [ aa_nn < n > ] [ generate_no_advertise <no_advertise > ] [ generate_no_export < no_export > ] example: Foundry-AR1208/configure# policy community_list standard_community 90 150 permit community 40 45 local_as aa_nn 655:232592 no_advertise example: Foundry-AR1208/configure/policy# community_list standard_community 90 150 permit community...

  • Page 29: Configure Policy Ip Access List

    < IP address > ] [ mask < IP address > ] [ maskmask < IP address > ] example: Foundry-AR1208/configure# policy ip_access_list 1 1 permit network 10.0.0.0 netmask 0.255.255.255 This example permits prefixes 10.0.0.0/8, 10.0.0.0/9 and so on.
  • Page 30 Foundry-AR1208/configure# policy ip_access_list 1 1 permit network 10.0.0.0 netmask 0.255.255.255 mask 255.0.0.0 maskmask 0.255.255.255 This example restricts the prefixes to 10.0.0.0/8 only. applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. Policy Commands 3 - 7...

  • Page 31: Configure Policy Route Map

    This is the default value. permit Permit the route map. syntax: [ no ] policy route_map name number [ action < deny | permit > ] example: Foundry-AR1208/configure# policy route_map Block100 1 permit 3 - 8 © 2004 Foundry Networks, Inc. June 2004...
  • Page 32 Policy Commands related commands: configure policy route_map commit configure policy route_map match configure policy route_map set applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. 3 - 9...

  • Page 33: Configure Policy Route Map Match

    This command accesses next-level commands for configuring the policy for matching parameters of the routes. related commands: configure policy route_map match as_path configure policy route_map match community configure policy route_map match ip 3 - 10 © 2004 Foundry Networks, Inc. June 2004...

  • Page 34: Configure Policy Route Map Match As Path

    The range is 1 - 199; the maximum list size is 32. syntax: [ no ] policy match as_path path_list < n > example: Foundry-AR1208/configure#/policy/route_map Block100 1# match as_path 1 related commands: configure policy route_map match ip configure policy route_map match community applicable systems: All models.

  • Page 35: Configure Policy Route_Map Match Community

    This command matches any of the specified BGP community lists. syntax: [ no ] policy match community example: Foundry-AR1208/configure/policy/route_map Block100 1# match community related commands: configure policy route_map match as_path configure policy route_map match ip applicable systems: All models.

  • Page 36: Configure Policy Route Map Match Ip Ip Address

    A maximum of 32 numbers can be in the list. syntax: [ no ] match ip ip_address ip_list < n > example: Foundry-AR1208/configure/policy/route_map Block100 1# match ip ip_address 20 applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc.
  • Page 37 3 - 14 © 2004 Foundry Networks, Inc. June 2004...

  • Page 38: Configure Policy Route Map Set As Path

    [ no ] set as_path [ prepend < n > ] [ tag < n > ] example: Foundry-AR1208/configure/policy/route_map Block100 1# set as_path prepend 100 250 tag 0 related commands: configure policy route_map set community configure policy route_map set distance...
  • Page 39 [ no ] set community number [ < n > ] [aa_nn < n > ] [ generate_additive < additive > ] [ generate_local_as < local_as > ] [ generate_no_advertise < no_advertise > ] [ generate_no_export < no_export > ] example: Foundry-AR1208/configure/policy/route_map Block100 1# set community aa:nn 500:60 related commands: configure policy route_map set as_path configure policy route_map set distance...

  • Page 40: Configure Policy Route _ Map Set Distance

    The range is 0 - 255. syntax: [ no ] set distance distance < n > example: Foundry-AR1208/configure/policy/route_map Block100 1# set distance 20 related commands: configure policy route_map set as_path configure policy route_map set community configure policy route_map set local_preference...

  • Page 41: Configure Policy Route Map Set Local Preference

    All models. 3 - 18 © 2004 Foundry Networks, Inc. June 2004...

  • Page 42: Configure Policy Route _ Map Set Metric

    The range is 1 - 4294967294. syntax: [ no ] set metric metric < n > example: Foundry-AR1208/configure/policy/route_map Block100 1# set metric 120 related commands: configure policy route_map set as_path configure policy route_map set community configure policy route_map set distance...

  • Page 43: Configure Policy Route _ Map Set Metric

    Use the IGP metric as the MED for BGP. syntax: [ no ] set metric_type type < internal > example: Foundry-AR1208/configure/policy/route_map Block100 1# set metric_type internal related commands: configure policy route_map set as_path configure policy route_map set community configure policy route_map set distance...

  • Page 44: Configure Policy Route _ Map Set Origin

    Unknown protocol type syntax: [ no ] set origin origin < egp | igp | incomplete > example: Foundry-AR1208/configure/policy/route_map Block100 1# set origin igp applicable systems: All models. related commands: configure policy route_map set origin egp configure policy route_map set origin igp...
  • Page 45 Foundry AR-Series Router User Guide 3 - 22 © 2004 Foundry Networks, Inc. June 2004...

  • Page 46: Chapter 4 Protocols Overview

    BGP session to another (only from an exterior BGP session to an IBGP session or another EBGP session), BGP speakers must be fully meshed. June 2004 Protocols Overview © 2004 Foundry Networks, Inc. Chapter 4 4 - 1...

  • Page 47: Ospf

    Authentication – simple & MD5 • RFC 1583 backwards compatibility • Equal cost multipath • Configurable routing interface parameters • Non-intrusive reconfiguration 4 - 2 Table 4.1: BGP RFC Compliance © 2004 Foundry Networks, Inc. Exterior Gateway Protocols June 2004...

  • Page 48: Rip

    The following table provides Foundry Network’s RIP RFC compliance information. Description 1058 Routing Information Protocol 2453/ RIP Version 2 STD0056 1724 RIP Version 2 MIB extension June 2004 Table 4.2: OSPF RFC Compliance Table 4.3: RIP RFC Compliance © 2004 Foundry Networks, Inc. Protocols Overview 4 - 3...

  • Page 49: Multicasting

    2082 RIP-II MD5 Authentication Multicasting Traditional multicast routing mechanisms such as Distance Vector Multicast Routing Protocol (DVMRP) and Multicast Open Shortest Path First (MOSPF) were intended for use within regions where groups are densely populated or bandwidth is universally plentiful. When groups, and senders to these groups, are distributed sparsely across a wide area, these “dense mode”...

  • Page 50: Bgp4 Clear Commands

    Foundry-AR1208# clear ip bgp applicable systems: All models. June 2004 BGP4 Clear Commands © 2004 Foundry Networks, Inc. Chapter 5 5 - 1...

  • Page 51: Clear Ip Bgp All

    Foundry AR-Series Router User Guide clear ip bgp all This command removes all BGP neighbor connections. syntax: clear ip bgp all example: Foundry-AR1208# clear ip bgp all related commands: clear ip bgp group clear ip bgp neighbor applicable systems: All models.

  • Page 52: Clear Ip Bgp Group

    Name of the group syntax: clear ip bgp group group_name < name > example: Foundry-AR1208# clear ip bgp group north In this example, all BGP connections that belong to neighbor group north will be cleared. related commands: clear ip bgp all...

  • Page 53: Clear Ip Bgp Neighbor

    The range is from 1 - 65535. syntax: clear ip bgp neighbor ip_address < IP address > remote_as < n > example: Foundry-AR1208# clear ip bgp neighbor 10.1.1.1 200 related commands: clear ip bgp all clear ip bgp group applicable systems: All models.

  • Page 54: Generic Routing Commands

    This chapter contains routing commands that are not protocol specific. These commands can be used interchangeably with the three routing protocols supported by Foundry. configure router This command provides access to next-level commands. related commands: configure router routerid June 2004 Generic Routing Commands © 2004 Foundry Networks, Inc. Chapter 6 6 - 1...

  • Page 55: Configure Router Routerid

    Foundry AR-Series Router User Guide configure router routerid This command configures a router for routing operation. syntax: [ no ] router routerid < IP address# example: Foundry-AR1208/configure# router routerid 10.10.10.10 applicable systems: All models. 6 - 2 © 2004 Foundry Networks, Inc. June 2004...

  • Page 56: Show Ip Routes

    By default, information is displayed for all routes in the routing table. To display only specific route information, specify the appropriate protocol or the network mask. June 2004 Table 6.1: Parameter Definitions © 2004 Foundry Networks, Inc. Generic Routing Commands 6 - 3...
  • Page 57 To display ospf routes, issue the show ip routes ospf command. example: Foundry-AR1208/show# ip routes bgp The following screen display example is a typical display showing the destination IP address, metric, netmask and gateway, status, Ethernet interface, and type of route.

  • Page 58: Bgp4 Configure Commands

    The number of an autonomous system. The range is 1 - 65535. syntax: [ no ] router bgp as_number < n > example: Foundry-AR1208/configure# router bgp 10 related commands: configure router bgp aggregate_address configure router bgp always_compare_med configure router bgp distance...

  • Page 59: Configure Router Bgp Aggregate Address

    < as_set > ] [ generate_summary_only < summary_only > ] [ suppress_map < name > ] [advertise_map < name > ] [ attribute_map < name > ] example: Foundry-AR1208/configure/router/bgp 10# aggregate_address 100.3.0.0 255.255.0.0 related commands: configure router bgp always_compare_med configure router bgp distance 7 - 2 ©...
  • Page 60 BGP4 Configure Commands configure router bgp default_metric configure router bgp group configure router bgp neighbor configure router bgp redistribute applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. 7 - 3...
  • Page 61 All models. 7 - 4 © 2004 Foundry Networks, Inc. June 2004...

  • Page 62: Configure Router Bgp Default Metric

    The default metric value. The range is 1 - 4294967294. syntax: [ no ] default_metric default_metric < n > example: Foundry-AR1208/configure/router/bgp 10# default_metric 2000 related commands: configure router bgp aggregate_address configure router bgp always_compare_med configure router bgp distance configure router bgp group...

  • Page 63: Configure Router Bgp Distance

    Default preference value The range is 0-255; the default is 170. syntax: [ no ] distance distance < n > example: Foundry-AR1208/configure/router/bgp 10# distance 20 Table 7.1: Default Route Preference (Administrative Distance) Values How Route is Learned Directly connected network...

  • Page 64: Configure Router Bgp Group

    [ no ] group name < name > group_type < external | external_rt | internal | internal_ rt > example: Foundry-AR1208/configure/router/bgp 10# group toronto internal related commands: configure router bgp group distribute_list configure router bgp group filter_list configure router bgp group next_hop_self...

  • Page 65: Configure Router Bgp Group Distribute List

    Outbound direction syntax: [ no ] distribute_list access_list < n > filter_option < out > example: Foundry-AR1208/configure/router/bgp 10/group toronto internal# distribute_list 101 out related commands: configure router bgp group filter_list configure router bgp group next_hop_self configure router bgp group password...

  • Page 66: Configure Router Bgp Group Filter List

    Outbound direction syntax: [ no ] filter_list access list < n > filter_option < out > example: Foundry-AR1208/configure/router/bgp 10/group toronto internal# filter_list 103 out related commands: configure router bgp group distribute_list configure router bgp group next_hop_self configure router bgp group password...

  • Page 67: Configure Router Bgp Group Next Hop Self

    This command disables the next hop calculation for all peers in the group. syntax: next_hop_self example: Foundry-AR1208/configure/router/bgp 10/group blue external# next_hop_self related commands: configure router bgp group distribute_list configure router bgp group filter_list configure router bgp group password...

  • Page 68: Configure Router Bgp Group Password

    TCP MD5 password (string) for the group Enter a word. syntax: [ no ] password md5_password < string > example: Foundry-AR1208/configure/router/bgp 10/group toronto internal# password rt56htd related commands: configure router bgp group distribute_list configure router bgp group filter_list configure router bgp group next_hop_self...

  • Page 69: Configure Router Bgp Group Remove _ Private

    This command removes the private AS number from updates that are sent out. syntax: [ no ] remove_private_AS example: Foundry-AR1208/configure/router/bgp 10/group toronto internal# remove_private_AS related commands: configure router bgp group distribute_list configure router bgp group filter_list configure router bgp group next_hop_self...

  • Page 70: Configure Router Bgp Group Route Map

    Outbound direction syntax: [ no ] route_map route_map < name > route_map_options < out > example: Foundry-AR1208/configure/router bgp 10/group toronto internal# route_map foo out related commands: configure router bgp group distribute_list configure router bgp group filter_list configure router bgp group next_hop_self...

  • Page 71: Configure Router Bgp Neighbor

    The range is 1 - 65535. syntax: [ no ] neighbor IP address < IP address > remote_as < n > example: Foundry-AR1208/configure/router/bgp 10# neighbor 101.101.1.2 4 related commands: configure router bgp neighbor advertisement_interval configure router bgp neighbor allowbadid configure router bgp neighbor default_originate...
  • Page 72 BGP4 Configure Commands configure router bgp redistribute applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. 7 - 15...

  • Page 73: Configure Router Bgp Neighbor Advertisement Interval

    Time, in seconds The range is 1 - 600 seconds. syntax: [ no ] advertisement_interval advertisement_interval < n > example: Foundry-AR1208/configure/router/bgp 10/neighbor 101.101.1.2 4# advertisement_interval 60 applicable systems: All models. 7 - 16 © 2004 Foundry Networks, Inc. June 2004...

  • Page 74: Configure Router Bgp Neighbor Allowbadid

    This command permits BGP sessions to be established with routers that represent their router ID as 0.0.0.0 or 255.255.255.255. syntax: [ no ] allowbadid example: Foundry-AR1208/configure/router/bgp 10/neighbor 101.101.1.2 4# allowbadid applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc.

  • Page 75: Configure Router Bgp Neighbor Default Originate

    Description route_map The name of the route map syntax: [ no ] default_originate [ route_map < name > ] example: Foundry-AR1208/configure/router/bgp 10/neighbor 101.101.1.2 4# default_originate altmap5 applicable systems: All models. 7 - 18 © 2004 Foundry Networks, Inc. June 2004...

  • Page 76: Configure Router Bgp Neighbor Description

    Description neighbor_description Text string in quotes describing neighbor syntax: [ no ] description neighbor_description < “string” > example: Foundry-AR1208/configure/router/bgp 10/neighbor 101.101.1.2 4# description “foo1” applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. BGP4 Configure Commands 7 - 19...

  • Page 77: Configure Router Bgp Neighbor Distribute _ List

    The range is 1 - 199. filter_option Inbound filter list syntax: [ no ] distribute_list access_list < n > filter_option < in > example: Foundry-AR1208/configure/router/bgp 10/neighbor 101.101.1.2 4# distribute_list 101 in applicable systems: All models. 7 - 20 © 2004 Foundry Networks, Inc. June 2004...

  • Page 78: Configure Router Bgp Neighbor Ebgp Multihop

    This command configures multihop EBGP on a neighbor. syntax: [ no ] ebgp_multihop example: Foundry-AR1208/configure/router/bgp 10/neighbor 101.101.1.2 4# ebgp_multihop applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. BGP4 Configure Commands 7 - 21...

  • Page 79: Configure Router Bgp Neighbor Filter _ List

    The range is 1 - 199. access_list_option Inbound filter list syntax: [ no ] filter_list access_list < n > access_list_option < in > example: Foundry-AR1208/configure/router/bgp 10/neighbor 101.101.1.2 4# filter_list 103 in applicable systems: All models. 7 - 22 © 2004 Foundry Networks, Inc. June 2004...

  • Page 80: Configure Router Bgp Neighbor Keep

    Keep all non-active routes none Don’t store non-active routes syntax: keep keep_option < all | none > example: Foundry-AR1208/configure/router/bgp 10/neighbor 10.10.20.1 2# keep all applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. BGP4 Configure Commands 7 - 23...

  • Page 81: Configure Router Bgp Neighbor Logupdown

    This command configures logging of established state transition changes of a neighbor. syntax: [ no ] logupdown example: Foundry-AR1208/configure/router/bgp10/neighbor 101.101.1.2 4# logupdown applicable systems: All models. 7 - 24 © 2004 Foundry Networks, Inc. June 2004...

  • Page 82: Configure Router Bgp Neighbor Maximum Prefix

    Maximum prefix limit The range is 1 - 1000000. syntax: maximum_prefix prefix_number < n > example: Foundry-AR1208/configure/router/bgp 10/neighbor 101.101.1.2 4# maximum_prefix 100000 applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. BGP4 Configure Commands 7 - 25...

  • Page 83: Configure Router Bgp Neighbor Neighbor Group

    This command configures a neighbor to a specific group. Parameter Description neighbor_group The name of a neighbor group. syntax: [ no ] neighbor_group neighbor_group < name > example: Foundry-AR1208/configure/router/bgp 10/neighbor 101.101.1.2 4# neighbor_group internal-group applicable systems: All models. 7 - 26 © 2004 Foundry Networks, Inc. June 2004...

  • Page 84: Configure Router Bgp Neighbor Next Hop Self

    This command disables the next hop calculation for this neighbor. syntax: next_hop_self example: Foundry-AR1208/configure/router/bgp 10/neighbor 10.10.20.1 2# next_hop_self applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. BGP4 Configure Commands 7 - 27...

  • Page 85: Configure Router Bgp Neighbor Password

    TCP MD5 password for the BGP session Enter a word (maximum 80 characters). syntax: md5_password < string > example: Foundry-AR1208/configure/router/bgp 10/neighbor 10.10.20.1 2# md5_password asdf applicable systems: All models. 7 - 28 © 2004 Foundry Networks, Inc. June 2004...

  • Page 86: Configure Router Bgp Neighbor Route Map

    Filter options Inbound direction syntax: [ no ] route_map route_map < name > route_map_options < in > example: Foundry-AR1208/configure/router/bgp 10/neighbor 100.50.23.3 4# route_map B01 in applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. BGP4 Configure Commands...

  • Page 87: Configure Router Bgp Neighbor Timers

    The keepalive interval The range is 2 - 21845; the default is 60. syntax: [ no ] timers keepalive < n > example: Foundry-AR1208/configure/router/bgp 10/neighbor 101.101.1.2 4# timers 120 applicable systems: All models. 7 - 30 © 2004 Foundry Networks, Inc.

  • Page 88: Configure Router Bgp Neighbor Update Source

    IP address of a physical interface. This address will be used as the source address for routing updates. syntax: [ no ] update_source < IP address > example: Foundry-AR1208/configure/router/bgp 10/neighbor 101.101.1.2 4# update_source 10.10.2.1 applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc.

  • Page 89: Configure Router Bgp Redistribute

    7 - 32 © 2004 Foundry Networks, Inc. June 2004...

  • Page 90: Configure Router Bgp Redistribute Connected

    Name of the route map to use syntax: [ no ] redistribute connected [ metric < n > ] [ route_map < name > ] example: Foundry-AR1208/configure/router/bgp 10# redistribute connected metric 5000 related commands: configure router bgp redistribute ospf configure router bgp redistribute rip...

  • Page 91: Configure Router Bgp Redistribute Ospf

    Name of the route map to use syntax: [ no ] redistribute ospf [ metric < n > ] [ route_map < name > ] example: Foundry-AR1208/configure/router/bgp 10# redistribute ospf metric AR1208 related commands: configure router bgp redistribute connected configure router bgp redistribute rip...

  • Page 92: Configure Router Bgp Redistribute Rip

    Name or ID of the route map to use syntax: [ no ] redistribute rip [ metric < n > ] [ route_map < name > ] example: Foundry-AR1208/configure/router/bgp 10# redistribute rip route_map east8 related commands: configure router bgp redistribute connected configure router bgp redistribute ospf...

  • Page 93: Configure Router Bgp Redistribute Static

    Name of the route map to use syntax: [ no ] redistribute static [ metric < n > ] [ route_map < name > ] example: Foundry-AR1208/configure/router/bgp 10# redistribute static metric 25 related commands: configure router bgp redistribute connected configure router bgp redistribute ospf...

  • Page 94: Bgp4 Show Commands

    June 2004 BGP4 show Commands © 2004 Foundry Networks, Inc. Chapter 8 8 - 1...

  • Page 95: Show Ip Bgp Aggregate Address

    Enter a subnet mask. syntax: show ip bgp aggregate_address [ address < IP address > [ mask < subnet mask > ] ] example: Foundry-AR1208# show ip bgp aggregate_address address 100.12.23.0 mask 255.255.255.0 applicable systems: All models. 8 - 2 ©...

  • Page 96: Show Ip Bgp Community

    [ number < n > ] [ aa:nn < n > ] [ match_local_as < local_as > ] [ match_no_advertise < no_advertise > ] [ match_no_export < no_export > ] [ match_exact_match < exact_match > ] example: Foundry-AR1208# show ip bgp community aa:nn 0:999 June 2004 © 2004 Foundry Networks, Inc. BGP4 show Commands...
  • Page 97 The table entry is the best entry to use for that network. The table entry was learned via an internal BGP session. Internal BGP External BGP Protocol of unknown origin. Typically redistributed into BGP from an IGP. © 2004 Foundry Networks, Inc. June 2004...

  • Page 98: Show Ip Bgp Groups

    This command provides information about BGP groups. syntax: show ip bgp groups [ < name > ] example: Foundry-AR1208# show ip bgp groups north applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. BGP4 show Commands...

  • Page 99: Show Ip Bgp Neighbors

    [ group < name > ] [ address < IP address# ] [ routes < advertised_routes | received_routes > ] example: Foundry-AR1208# show ip bgp neighbors 8 - 6 © 2004 Foundry Networks, Inc. June 2004...
  • Page 100 Minimum time between advertisements Number of received BGP messages Number of received BGP notifications Number of received BGP updates Number of sent BGP messages Number of sent BGP notifications © 2004 Foundry Networks, Inc. BGP4 show Commands 8 - 7...
  • Page 101 Table 8.3: Other BGP show Descriptions (Continued) updates Maximum prefixes applicable systems: All models. 8 - 8 Number of sent BGP updates The maximum number of prefixes that can be received from this neighbor. © 2004 Foundry Networks, Inc. June 2004...

  • Page 102: Show Ip Bgp Paths

    This command shows all BGP paths in the database. syntax: show ip bgp paths example: Foundry-AR1208# show ip bgp paths # show ip bgp paths Hash Refcount Path Foundry/configure# Table 2 Interpreting BGP Paths term hash...

  • Page 103: Show Ip Bgp Regexp

    A regular expression to match the BGP AS paths. Strings must be enclosed by quotation marks. syntax: show ip bgp regexp reg_exp < “string” > example: Foundry-AR1208# show ip bgp regexp “.* 600 .*“ applicable systems: All models. 8 - 10 © 2004 Foundry Networks, Inc.

  • Page 104: Show Ip Bgp Summary

    BGP version (v), AS number, messages received and transmitted, and operating status. syntax: show ip bgp summary example: Foundry-AR1208# show ip bgp summary # show ip bgp summary BGP router identifier 10.1.1.0, local AS member 200 Neighbor 192.168.123.1 172.10.16.1...

  • Page 105: Show Ip Bgp Table

    Foundry AR-Series Router User Guide show ip bgp table This command shows entries in the BGP route table. syntax: show ip bgp table example: Foundry-AR1208# show ip bgp table Status codes * ( valid ) i ( internal ) Origin codes i ( IGP)

  • Page 106: Show Policy

    BGP4 show Commands show policy This command provides access to the following next-level policy display commands: related commands: show policy as_path show policy community_list show policy ip_access_list show policy route_map June 2004 © 2004 Foundry Networks, Inc. 8 - 13...

  • Page 107: Show Policy As Path

    The access list number. The range is 1 - 199. syntax: show policy as_path [ access_list < n > ] example: Foundry-AR1208# show policy as_path # show policy as_path AS path access list 1 permit .* 699 .* permit .* 500 deny 40 .*...

  • Page 108: Show Policy Community List

    The community list number. The range is 1 - 199. syntax: show policy community_list [ community < n > ] example: Foundry-AR1208# show policy community_list #show policy community_list Community extended access list 100 deny 0:44 ... permit 655: ... related commands:...

  • Page 109: Show Policy Ip Access List

    10.0.0.0 255.255.255.255 0.255.255.255 255.255.255.255 permit 20.0.0.0 255.255.255.255 255.255.255.255 255.255.255.255 IP access list 2 permit 20.0.0.0 255.255.255.255 0.255.255.255 255.255.255.255 related commands: show policy as_path show policy community_list show policy route_map applicable systems: All models. 8 - 16 © 2004 Foundry Networks, Inc. June 2004...

  • Page 110: Show Policy Route Map

    Description name The name of the route map. syntax: show policy route_map [ < name > ] example: Foundry-AR1208# show policy route_map # show policy route_map route-map Block100, deny, sequence 1 Batch clauses: as_path (as-path filter): 99 Set clauses: origin bgp...
  • Page 111 Foundry AR-Series Router User Guide 8 - 18 © 2004 Foundry Networks, Inc. June 2004...

  • Page 112: Ospf Configure Commands

    Foundry AR3201-CH/configure/interface/bundle wan1# no ip address 2.2.2.2 24 Foundry AR3201-CH/configure/interface/bundle wan1# ip address 2.2.2.2 24 type broadcast • Adjacencies will not form if hello_interval, dead_interval, or area_type mismatches are present. June 2004 OSPF Configure Commands © 2004 Foundry Networks, Inc. Chapter 9 9 - 1...

  • Page 113: Configure Router Ospf

    1583Compatability configure router ospf area configure router ospf distance configure router ospf interface configure router ospf redistribute configure router ospf ref_bw configure router ospf timers applicable systems: All models. 9 - 2 © 2004 Foundry Networks, Inc. June 2004...

  • Page 114: Configure Router Ospf 1583 Compatibility

    All models. June 2004 © 2004 Foundry Networks, Inc. OSPF Configure Commands 9 - 3...

  • Page 115: Configure Router Ospf Area

    1583Compatibility configure router ospf distance configure router ospf interface configure router ospf redistribute configure router ospf ref_bw configure router ospf timers applicable systems: All models. 9 - 4 © 2004 Foundry Networks, Inc. June 2004...

  • Page 116: Configure Router Ospf Area Area _ Type

    All models. June 2004 © 2004 Foundry Networks, Inc. 9 - 5...

  • Page 117: Configure Router Ospf Area Area _ Type Normal

    This command specifies an area area type as normal. syntax: area_type normal example: Foundry-AR1208/configure/router/ospf/area 0# area_type normal related commands: configure router ospf area area_type nssa configure router ospf area area_type stub applicable systems: All models.

  • Page 118: Configure Router Ospf Area Area _ Type Nssa

    This command specifies an area type as (nssa) not-so-stubby area. syntax: area_type nssa example: Foundry-AR1208/configure/router/ospf/area 1# area_type nssa related commands: configure router ospf area area_type nssa no_summary related commands: configure router ospf area area_type normal...

  • Page 119: Configure Router Ospf Area Area _ Type Nssa No _ Summary

    This command prevents an nssa area boundary router from sending summary link advertisements into an nssa area. syntax: no_summary example: Foundry-AR1208/configure/router/ospf/area 1/area_type/nssa# no_summary applicable systems: All models. 9 - 8 © 2004 Foundry Networks, Inc. June 2004...

  • Page 120: Configure Router Ospf Area Area _ Type Stub

    Stub areas are not flooded with AS external advertisements. Stub areas reduce the amount of memory required on stub area routers. syntax: [ no ] area_type stub example: Foundry-AR1208/configure/router/ospf/area 1# area_type stub related commands: configure router ospf area area_type stub no_summary related commands: configure router ospf area area_type normal...

  • Page 121: Configure Router Ospf Area Area _ Type Stub No _ Summary

    This command prevents an area boundary router from sending summary link advertisements into the stub area. syntax: no_summary example: Foundry-AR1208/configure/router/ospf/area 1/area_type/stub# no_summary applicable systems: All models. 9 - 10 © 2004 Foundry Networks, Inc. June 2004...

  • Page 122: Configure Router Ospf Area Default _ Cost

    Enter a number. The range is 0 - 16777215; the default is 1. syntax: default_cost < n > example: Foundry-AR1208/configure/router/ospf/area 1# default_cost 10 related commands: configure router ospf area area_type configure router ospf area range configure router ospf area virtual_link applicable systems: All models.

  • Page 123: Configure Router Ospf Area Range

    [ no ] range networknumber < IP address > mask < netmask > [ advertise_enum < advertise | not_advertise > ] example: Foundry-AR1208/configure/router/ospf/area 0# range 100.1.0.0 255.255.0.0 advertise related commands: configure router ospf area_type configure router ospf area default_cost...

  • Page 124: Configure Router Ospf Area Virtual _ Link

    IP address for the virtual link. Enter an IP address. syntax: [ no ] virtual_link < IP address > example: Foundry-AR1208/configure/router/ospf/area 1# virtual_link 100.10.1.5 related commands: configure router ospf area virtual_link authentication configure router ospf area virtual_link dead_interval configure router ospf area virtual_link hello_interval...

  • Page 125: Configure Router Ospf Area Virtual _ Link Authentication

    < none | simple | md5 | md5_cisco > < line > example: Foundry-AR1208/configure/router/ospf/area 1/virtual_link 100.10.1.5# authentication simple Foundry related commands: configure router ospf area virtual_link dead_interval configure router ospf area virtual_link hello_interval configure router ospf area virtual_link retransmit_interval...

  • Page 126: Configure Router Ospf Area Virtual _ Link Dead _ Interval

    The recommended value to configure is four times the value configured for the hello interval. syntax: [ no ] dead_interval < n > example: Foundry-AR1208/configure/router/opsf/area 1/virtual_link 100.10.1.5# dead_interval 10 related commands: configure router ospf area virtual_link authentication configure router ospf area virtual_link hello_interval configure router ospf area virtual_link retransmit_interval...

  • Page 127: Configure Router Ospf Area Virtual _ Link Hello _ Interval

    The range is 1 - 65535: the default is 10 seconds. syntax: [ no ] hello_interval < n > example: Foundry-AR1208/configure/router/ospf/area 1/virtual_link 100.10.1.5# hello_interval 10 related commands: configure router ospf area virtual_link authentication configure router ospf area virtual_link dead_interval configure router ospf area virtual_link retransmit_interval...

  • Page 128: Configure Router Ospf Area Virtual _ Link Retransmit _ Interval

    The range is 1 - 65535; the default is 5. syntax: [ no ] retransmit_interval < n > example: Foundry-AR1208/configure/router/ospf/area 1/virtual_link 100.10.1.5# retransmit_interval 5 related commands: configure router ospf area virtual_link authentication configure router ospf area virtual_link dead_interval configure router ospf area virtual_link hello_interval...

  • Page 129: Configure Router Ospf Area Virtual _ Link Transmit _ Delay

    The value must be greater than zero. syntax: [ no ] transmit_delay < n > example: Foundry-AR1208/configure/router/ospf/area 1/virtual_link 100.10.1.5# transmit_delay 1 related commands: configure router ospf area virtual_link authentication configure router ospf area virtual_link dead_interval configure router ospf area virtual_link hello_interval...

  • Page 130: Configure Router Ospf Distance

    1583Compatability configure router ospf area configure router ospf interface configure router ospf redistribute configure router ospf ref_bw configure router ospf timers applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. OSPF Configure Commands 9 - 19...

  • Page 131: Configure Router Ospf Distance Ospf

    This command accesses next-level commands that configure OSPF administrative distances based on route type. related commands: configure router ospf distance ospf external configure router ospf distance ospf non_external applicable systems: All models. 9 - 20 © 2004 Foundry Networks, Inc. June 2004...

  • Page 132: Configure Router Ospf Distance Ospf External

    The range is 1 - 255; the default is 150. syntax: [ no ] distance ospf external < n > example: Foundry-AR1208/configure/router/ospf# distance ospf external 25 Table 9.1: Default Route Preference (Administrative Distance) Values How Route is Learned Directly connected network...

  • Page 133: Configure Router Ospf Distance Ospf Non _ External

    The range is 1 - 255; the default is 10. syntax: [ no ] distance ospf non_external < n > example: Foundry-AR1208/configure/router/ospf# distance ospf non_external 25 Table 9.2: Default Route Preference (Administrative Distance) Values How Route is Learned Directly connected network...

  • Page 134: Configure Router Ospf Interface

    [ no ] interface < name > [ dlci < n > ] [ < area _id > ] NOTE: When the “ospf” interface is created for the first time, area id must be specified. Thereafter, it is optional. example: Foundry-AR1208/configure/router/ospf# interface Toronto 5 related commands: configure router ospf 1583Compatibility...

  • Page 135: Configure Router Ospf Interface Authentication

    A 16-character (maximum) password string beginning with an alpha character. syntax: [ no ] authentication < type > < line > example: Foundry-AR1208/configure/router/ospf/interface toBoston# authentication md5 Foundry related commands: configure router ospf interface cost configure router ospf interface dead_interval configure router ospf interface hello_interval...

  • Page 136: Configure Router Ospf Interface Cost

    The range is 1 - 65535; the default is computed based on the interface bandwidth. syntax: [ no ] cost < n > example: Foundry-AR1208/configure/router/ospf/interface toBoston# cost 10 related commands: configure router ospf interface authentication configure router ospf interface dead_interval configure router ospf interface hello_interval...

  • Page 137: Configure Router Ospf Interface Dead _ Interval

    All models. 9 - 26 © 2004 Foundry Networks, Inc. June 2004...

  • Page 138: Configure Router Ospf Interface Hello _ Interval

    The default is 10; the range is 1 - 65535. syntax: [ no ] hello_interval < n > example: Foundry-AR1208/configure/router/ospf/interface toBoston# hello_interval 30 related commands: configure router ospf interface authentication configure router ospf interface cost configure router ospf interface dead_interval...

  • Page 139: Configure Router Ospf Interface Neighbor

    The range is 0 - 255; the default is 1. syntax: [ no ] neighbor < IP address > [ priority < n > ] example: Foundry-AR1208/configure/router/ospf/interface toBoston# neighbor 100.22.12.2 7 related commands: configure router ospf interface authentication configure router ospf interface cost...

  • Page 140: Configure Router Ospf Interface Network

    NOTE: The “non_broadcast” and “point_to_multipoint” parameters are not supported in this release. example: Foundry-AR1208/configure/router/ospf/interface toBoston# network non_broadcast related commands: configure router ospf interface authentication configure router ospf interface cost...
  • Page 141 Foundry AR-Series Router User Guide applicable systems: All models. 9 - 30 © 2004 Foundry Networks, Inc. June 2004...

  • Page 142: Configure Router Ospf Interface Poll _ Interval

    The range is 0 - 2147483647; the default is 120. syntax: [ no ] poll_interval < n > example: Foundry-AR1208/configure/router/ospf/interface toBoston# poll_interval 15 related commands: configure router ospf interface authentication configure router ospf interface cost configure router ospf interface dead_interval...

  • Page 143: Configure Router Ospf Interface Priority

    The range is 0 - 255; the default is 1. syntax: [ no ] priority < n > example: Foundry-AR1208/configure/router/ospf/interface toBoston# priority 5 related commands: configure router ospf interface authentication configure router ospf interface cost configure router ospf interface dead_interval...

  • Page 144: Configure Router Ospf Interface Retransmit _ Interval

    The range is 1- 65535; the default is 5. syntax: [ no ] retransmit_interval < n > example: Foundry-AR1208/configure/router/ospf/interface toBoston# retransmit_interval 60 related commands: configure router ospf interface authentication configure router ospf interface cost configure router ospf interface dead_interval...

  • Page 145: Configure Router Ospf Interface Transmit _ Delay

    Usage of this command is most appropriate for low speed links. The range is 1- 65535; the default is 1. syntax: [ no ] transmit_delay < n > example: Foundry-AR1208/router/ospf/interface toBoston# transmit_delay 3 related commands: configure router ospf interface authentication configure router ospf interface cost configure router ospf interface dead_interval...

  • Page 146: Configure Router Ospf Redistribute

    1583Compatability configure router ospf area configure router ospf distance configure router ospf interface configure router ospf ref_bw configure router ospf timers applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. OSPF Configure Commands 9 - 35...

  • Page 147: Configure Router Ospf Redistribute Bgp

    < n > [ metric < n > ] [ < metric_type < n > ] [ route_map < name > ] [ tag < n > ] example: Foundry-AR1208/configure/router/ospf# redistribute bgp as_number 10 related commands: configure router ospf redistribute connected...

  • Page 148: Configure Router Ospf Redistribute Connected

    [ tag < n > ] example: Foundry-AR1208/configure/router/ospf# redistribute connected related commands: configure router ospf redistribute bgp configure router ospf redistribute rip configure router ospf redistribute static applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. OSPF Configure Commands 9 - 37...

  • Page 149: Configure Router Ospf Redistribute Rip

    [ metric < n > ] [ < metric_type < n > ] [ route_map < name > ] [ tag < n > ] example: Foundry-AR1208/configure/router/ospf# redistribute rip related commands: configure router ospf redistribute bgp configure router ospf redistribute connected configure router ospf redistribute static applicable systems: All models. 9 - 38 © 2004 Foundry Networks, Inc. June 2004...

  • Page 150: Configure Router Ospf Redistribute Static

    [ tag < n > ] example: Foundry-AR1208/configure/router/ospf# redistribute static related commands: configure router ospf redistribute bgp configure router ospf redistribute connected configure router ospf redistribute static applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. OSPF Configure Commands 9 - 39...

  • Page 151: Configure Router Ospf Ref Bw

    1583Compatability configure router ospf area configure router ospf distance configure router ospf interface configure router ospf redistribute configure router ospf timers applicable systems: All models. 9 - 40 © 2004 Foundry Networks, Inc. June 2004...

  • Page 152: Configure Router Ospf Timers

    The range is 1 - 65535; the default is 10. syntax: timers [ spf_delay < n > | spf_holdtime < n > ] example: Foundry-AR1208/configure/router/ospf# timers spf_delay 20 related commands: configure router ospf 1583Compatibility configure router ospf area configure router ospf distance...
  • Page 153 Foundry AR-Series Router User Guide 9 - 42 © 2004 Foundry Networks, Inc. June 2004...

  • Page 154: Ospf Show Commands

    Enter either a decimal number or an IP address. syntax: area [ area_id ] example: Foundry-AR1208# show ip ospf area 1 # show ip ospf area_id 1 Area 1 Number of interfaces in this area is 0 Area type is NORM...
  • Page 155 All models. 10 - 2 © 2004 Foundry Networks, Inc. June 2004...

  • Page 156: Show Ip Ospf Database

    This command provides access to commands that display information about an OSPF database. syntax: database example: Foundry-AR1208# show ip ospf database related commands: show ip ospf database all show ip ospf database asbr_summary show ip ospf database database_summary...

  • Page 157: Show Ip Ospf Database All

    [ area_id < n > ] [ advt_rtr < IP address > ] [ link_id < IP address > ] example: Foundry-AR1208# show ip ospf database all # show ip ospf database all Router LSAs for Area 0...
  • Page 158 [ area_id < decimal form or IP address > ] [ advt_rtr < IP address > ] [ link_id < IP address > ] example: Foundry-AR1208# show ip ospf database asbr_summary related commands: show ip ospf database all...
  • Page 159 Foundry AR-Series Router User Guide show ip ospf database database_summary This command displays OSPF database summary information. syntax: database database_summary example: Foundry-AR1208# show ip ospf database database_summary # show ip ospf database database_summary Area ID Router Deleted Maxaged ------- ------...

  • Page 160: Show Ip Ospf Database External

    [area_id < decimal form or IP address > ] [ advt_rtr < IP address > ] [ link_id < IP address > ] example: Foundry-AR1208# show ip ospf database external related commands: show ip ospf database all show ip ospf database asbr_summary...

  • Page 161: Show Ip Ospf Database Network

    [area_id < decimal form or IP address > ] [ advt_rtr < IP address > ] [ link_id < IP address > ] example: Foundry-AR1208# show ip ospf database network related commands: show ip ospf database all show ip ospf database asbr_summary...
  • Page 162 [area_id < decimal value or IP address > ] [ advt_rtr < IP address > ] [ link_id < IP address > ] example: Foundry-AR1208# show ip ospf database nssa_external related commands: show ip ospf database all show ip ospf database asbr_summary...

  • Page 163: Show Ip Ospf Database Router

    [area_id < decimal form or IP address > ] [ advt_rtr < IP address > ] [ link_id < IP address > ] example: Foundry-AR1208# show ip ospf database router # show ip ospf database router Router LSAs for Area 0...
  • Page 164 Enter either a decimal number or an IP address. syntax: database self_originate [area_id < n > ] example: Foundry-AR1208# show ip ospf database self_originate # show ip ospf database self_originate Router LSAs for Area 0 related commands: show ip ospf database all...

  • Page 165: Show Ip Ospf Database Summary

    [area_id < decimal form or IP address > ] [ advt_rtr < IP address > ] [ link_id < IP address > ] example: Foundry-AR1208# show ip ospf database summary related commands: show ip ospf database all show ip ospf database asbr_summary...

  • Page 166: Show Ip Ospf Global

    This command displays global OSPF information. syntax: global example: Foundry-AR1208# show ip ospf global # show ip ospf global Routing Process 'ospf 30583' with ID 10.1.1.1 It is rfc1583 incompatible Summary Link update interval is 1800...

  • Page 167: Show Ip Ospf Interface

    This command provides access to commands that display information about configured OSPF interfaces. syntax: interface example: Foundry-AR1208# show ip ospf interface related commands: show ip ospf interface all show ip ospf interface bundle show ip ospf interface ethernet...

  • Page 168: Show Ip Ospf Interface All

    This command displays configuration information about all configured OSPF interfaces. syntax: interface all example: Foundry-AR1208# show ip ospf interface all related commands: show ip ospf interface bundle show ip ospf interface ethernet applicable systems: All models.

  • Page 169: Show Ip Ospf Interface Bundle

    This command displays configuration information about an OSPF bundle. syntax: interface bundle < name > [ pvc < n > ] example: Foundry-AR1208# show ip ospf interface bundle Boise related commands: show ip ospf interface all show ip ospf interface ethernet applicable systems: All models.

  • Page 170: Show Ip Ospf Interface Ethernet

    This command displays OSPF configuration information about an Ethernet interface. syntax: interface ethernet < n > example: Foundry-AR1208# show ip ospf interface ethernet 1 related commands: show ip ospf interface all show ip ospf interface bundle applicable systems: All models.

  • Page 171: Show Ip Ospf Neighbor

    This command provides access to next-level commands that display configuration information about OSPF neighbors. syntax: neighbor example: Foundry-AR1208# show ip ospf neighbor related commands: show ip ospf neighbor detail show ip ospf neighbor id show ip ospf neighbor interface show ip ospf neighbor list...

  • Page 172: Show Ip Ospf Neighbor Detail

    This command displays detailed OSPF configuration information about all neighbors. syntax: neighbor detail example: Foundry-AR1208# show ip ospf neighbor detail related commands: show ip ospf neighbor id show ip ospf neighbor interface show ip ospf neighbor list applicable systems: All models.

  • Page 173: Show Ip Ospf Neighbor Id

    This command displays OSPF configuration information about a specific neighbor. syntax: neighbor id < IP address > example: Foundry-AR1208# show ip ospf neighbor id 10.3.1.2 related commands: show ip ospf neighbor detail show ip ospf neighbor interface show ip ospf neighbor list applicable systems: All models.

  • Page 174: Show Ip Ospf Neighbor Interface

    < n > | bundle < name > [ pvc < n > ] example: Foundry-AR1208# show ip ospf neighbor interface ethernet 1 related commands: show ip ospf neighbor interface bundle show ip ospf neighbor interface ethernet applicable systems: All models.

  • Page 175: Show Ip Ospf Neighbor Interface Bundle

    This command displays information about an OSPF neighbors on a bundle interface. syntax: neighbor interface bundle < name > [ pvc < n > ] example: Foundry-AR1208# show ip ospf neighbor interface bundle Boise related commands: show ip ospf neighbor interface ethernet applicable systems: All models.

  • Page 176: Show Ip Ospf Neighbor Interface Ethernet

    This command displays configuration information about a neighbor on an Ethernet interface. syntax: neighbor interface ethernet < n > example: Foundry-AR1208# show ip ospf neighbor interface ethernet 1 related commands: show ip ospf neighbor interface bundle applicable systems: All models.

  • Page 177: Show Ip Ospf Neighbor List

    This command displays a list of neighbors attached to this router. syntax: neighbor list example: Foundry-AR1208# show ip ospf neighbor list related commands: show ip ospf neighbor detail show ip ospf neighbor id show ip ospf neighbor interface applicable systems: All models.

  • Page 178: Show Ip Ospf Request List

    This command displays the LSAs in the request list of the specified neighbor. syntax: request_list < IP address > example: Foundry-AR1208# show ip ospf request_list 10.10.10.1 related commands: show ip ospf area show ip ospf global show ip ospf database...

  • Page 179: Show Ip Ospf Retransmission List

    This command displays the LSAs in the retransmission list of the specified neighbor. syntax: retransmission_list < IP address > example: Foundry-AR1208# show ip ospf retransmission_list 10.10.10.1 related commands: show ip ospf area show ip ospf database show ip ospf global...
  • Page 180 This command displays information about configured OSPF virtual links. syntax: virtual_links [ < IP address > ] example: Foundry-AR1208# show ip ospf virtual_links related commands: show ip ospf area show ip ospf global show ip ospf database...
  • Page 181 Foundry AR-Series Router User Guide 10 - 28 © 2004 Foundry Networks, Inc. June 2004...

  • Page 182: C Hapter 11 Rip C Onfigure C Ommands

    RIP Configure Commands Use RIP configure commands to configure all RIP parameters. NOTE: See the command configure interface loopback in the Command Reference Guide: Domestic Products for important information about loopback interfaces. June 2004 © 2004 Foundry Networks, Inc. 11 - 1...

  • Page 183: Configure Router Rip

    All models. 11 - 2 © 2004 Foundry Networks, Inc. June 2004...

  • Page 184: Configure Router Rip Default Metric

    All models. June 2004 © 2004 Foundry Networks, Inc. RIP Configure Commands 11 - 3...
  • Page 185 Preferenc Not configurable. Not configurable. configure router ospf distance ospf non_external configure router rip distance Applicable to BGP only, and is not configurable. configure router ospf distance ospf external configure router bgp distance © 2004 Foundry Networks, Inc. June 2004...

  • Page 186: Configure Router Rip Interface

    All models. June 2004 © 2004 Foundry Networks, Inc. RIP Configure Commands 11 - 5...

  • Page 187: Configure Router Rip Interface Authentication

    Enter an alphanumeric string of up to a maximum of 16 characters. syntax: [ no ] authentication auth_type line example: Foundry-AR1208/configure/router/rip/interface ethernet1# authentication md5 mymd5keyvalue This example configures RIP interface Ethernet 1 for MD5 authentication. related commands: configure router rip interface distribute_list...

  • Page 188: Configure Router Rip Interface Distribute List

    [ no ] distribute_list < n > < in | out > example: Foundry-AR1208/configure/router/rip/interface ethernet0# distribute_list 2 in This example sets access list >2 to be used for all inbound routes for this interface. related commands: configure router rip interface authentication...

  • Page 189: Configure Router Rip Interface Metric

    The range is 1 - 4294967294; the default is 1. syntax: [ no ] metric < n > example: Foundry-AR1208/configure/router/rip/interface ethernet0# metric 3 This example configures the RIP routes metric for interface Ethernet 0 to 3. related commands: configure router rip interface authentication...

  • Page 190: Configure Router Rip Interface Mode

    RIP version 2 (V1 compatible) syntax: [ no ] mode < n > example: Foundry-AR1208/configure/router/rip/interface ethernet0# mode 1 This example configures interface Ethernet 0 for RIP version 1. related commands: configure router rip interface authentication configure router rip interface distribute_list...

  • Page 191: Configure Router Rip Interface Neighbor

    Neighbor IP address syntax: [ no ] neighbor < ip_address > example: Foundry-AR1208/configure/router/rip/interface ethernet0# neighbor 192.168.31.2 This example configures IP address 192.168.31.2 as a RIP neighbor of interface Ethernet 0. related commands: configure router rip interface authentication configure router rip interface distribute_list...

  • Page 192: Configure Router Rip Interface Passive

    All models. June 2004 © 2004 Foundry Networks, Inc. RIP Configure Commands 11 - 11...

  • Page 193: Configure Router Rip Interface Split Horizon

    Enables poison reverse (default) syntax: [ no ] split_horizon < none | simple | poison > example: Foundry-AR1208/configure/router/rip/interface ethernet0# split_horizon simple This example configures interface Ethernet 0 to do simple split-horizon. related commands: configure router rip interface authentication configure router rip interface distribute_list...

  • Page 194: Configure Router Rip Mode

    All models. June 2004 © 2004 Foundry Networks, Inc. RIP Configure Commands 11 - 13...

  • Page 195: Configure Router Rip Pacing

    All models. 11 - 14 © 2004 Foundry Networks, Inc. June 2004...

  • Page 196: Configure Router Rip Passive

    All models. June 2004 © 2004 Foundry Networks, Inc. RIP Configure Commands 11 - 15...

  • Page 197: Configure Router Rip Redistribute

    All models. 11 - 16 © 2004 Foundry Networks, Inc. June 2004...

  • Page 198: Configure Router Rip Redistribute Bgp

    The range is 1 - 16; the default is 1. syntax: redistribute bgp as_number [ metric < n > ] example: Foundry-AR1208/configure/router/rip# redistribute bgp 1 related commands: configure router rip redistribute connected configure router rip redistribute ospf configure router rip redistribute static applicable systems: All models.

  • Page 199: Configure Router Rip Redistribute Connected

    Foundry-AR1208/configure/router/rip# redistribute connected This example configures RIP to redistribute connected routes. related commands: configure router rip redistribute bgp configure router rip redistribute ospf configure router rip redistribute static applicable systems: All models. 11 - 18 © 2004 Foundry Networks, Inc. June 2004...

  • Page 200: Configure Router Rip Redistribute Ospf

    [ no ] redistribute ospf [ metric < n > ] example: Foundry-AR1208/configure/router/rip# redistribute ospf related commands: configure router rip redistribute bgp configure router rip redistribute connected configure router rip redistribute static applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. RIP Configure Commands 11 - 19...

  • Page 201: Configure Router Rip Redistribute Static

    Foundry-AR1208/configure/router/rip# redistribute static This example configures RIP to redistribute static routes. related commands: configure router rip redistribute bgp configure router rip redistribute connected configure router rip redistribute ospf applicable systems: All models. 11 - 20 © 2004 Foundry Networks, Inc. June 2004...

  • Page 202: Configure Router Rip Timers

    This command accesses the following next-level commands that configure the global RIP timers. related commands: configure router rip timers flush configure router rip timers holddown configure router rip timers update applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. 11 - 21...

  • Page 203: Configure Router Rip Timers Flush

    Foundry-AR1208/configure/router/rip/timers# flush 300 This example configures the global RIP flush timer to 300 seconds. related commands: configure router rip timers holddown configure router rip timers update applicable systems: All models. 11 - 22 © 2004 Foundry Networks, Inc. June 2004...

  • Page 204: Configure Router Rip Timers Holddown

    This example configures the global RIP hold down timers to suppress information about routes for 200 seconds. related commands: configure router rip timers flush configure router rip timers update applicable systems: All models. June 2004 © 2004 Foundry Networks, Inc. RIP Configure Commands 11 - 23...

  • Page 205: Configure Router Rip Timers Update

    Foundry-AR1208/configure/router/rip/timers# update 45 This example globally configures RIP updates to occur every 45 seconds. related commands: configure router rip timers flush configure router rip timers holddown applicable systems: All models. 11 - 24 © 2004 Foundry Networks, Inc. June 2004...

  • Page 206: Chapter 12 Rip Show Commands

    Chapter 12 RIP show Commands Use RIP display/show commands to display all configured RIP information. NOTE: The CLI commands “show” and “display” can be used interchangeably. June 2004 © 2004 Foundry Networks, Inc. 12 - 1...

  • Page 207: Show Ip Rip

    This command accesses the following next-level commands that display more specific information. related commands: show ip rip global show ip rip interface show ip rip statistics applicable systems: All models. 12 - 2 © 2004 Foundry Networks, Inc. June 2004...

  • Page 208: Show Ip Rip Global

    This command displays global configured information about mode, distance, default metric, and timers for RIP. syntax: show ip rip global example: Foundry-AR1208# show ip rip global # show ip rip global Router RIP is enabled Mode: RIP 2 Distance: 100...

  • Page 209: Show Ip Rip Interface

    RIP interface. related commands: show ip rip interface all show ip rip interface bundle show ip rip interface ethernet show ip rip interface statistics applicable systems: All models. 12 - 4 © 2004 Foundry Networks, Inc. June 2004...

  • Page 210: Show Ip Rip Interface All

    This command displays information about all configured RIP interfaces. syntax: show ip rip interface all example: Foundry-AR1208# show ip rip interface all # show ip rip interface all RIP is configured for interface <ethernet0# Mode: RIP 2 Metric: 5...

  • Page 211: Show Ip Rip Interface Bundle

    The range is 16 - 1022. syntax: show ip rip interface bundle < name > example: Foundry-AR1208# show ip rip interface bundle Dallas related commands: show ip rip interface all show ip rip interface ethernet show ip rip interface statistics applicable systems: All models.

  • Page 212: Show Ip Rip Interface Ethernet

    This command displays RIP information about the Ethernet interface. syntax: show ip rip interface ethernet < 0 | 1 > example: Foundry-AR1208# show ip rip interface ethernet0 # show ip rip interface ethernet 0 RIP is configured for interface <ethernet0# Mode: RIP 2...

  • Page 213: Show Ip Rip Interface Statistics

    This command displays global RIP interface statistics, such as the number of pad packets received, the number or bad routes received, and the number of triggered updates sent. syntax: show ip rip interface statistics example: Foundry-AR1208# show ip rip interface statistics # show ip rip interface statistics RIP Interface Statistics: ========================= Interface: <ethernet0#...

  • Page 214: Show Ip Rip Statistics

    This command shows global RIP statistics, such as route changes and queries. syntax: show ip rip statistics example: Foundry-AR1208# show ip rip statistics how ip rip statistics RIP Global Statistics: =============================== Number of Global Route Changes : <0#...
  • Page 215 Foundry AR-Series Router User Guide 12 - 10 © 2004 Foundry Networks, Inc. June 2004...

  • Page 216: Matching A Path

    Matches the given number, which is any positive 16-bit number from 0-65535 inclusive. Note that valid AS numbers range from one through 65534 inclusive. June 2004 AS Path Regular Expressions © 2004 Foundry Networks, Inc. Chapter 13 13 - 1...
  • Page 217 Parentheses group expressions to make a term out of any regex. An operator, such as * or ?, works on a regular expression enclosed in parentheses as it would any term. 13 - 2 © 2004 Foundry Networks, Inc. June 2004...

  • Page 218: Chapter 14 Multicasting

    Configure Hello Interval Configure Hello Holdtime Configure Hello priority June 2004 4 PIM C ABLE OMMANDS Foundry/configure/ip# pim Foundry/configure/ip/pim# mode [sparse | dense] Foundry/configure/ip/pim#assert-holdtime <time# Foundry/configure/ip/pim#hello-interval <time# Foundry/configure/ip/pim#hello-holdtime <time# Foundry/configure/ip/pim#hello-priority <value# © 2004 Foundry Networks, Inc. Chapter 14 Multicasting 14 - 1...
  • Page 219 Foundry/configure/ip/pim#mrt-spt-multiplier <number# Foundry/configure/ip/pim#probe-period <time# Foundry/configure/ip/pim#register-suppress-timeout <time# Foundry/configure/ip/pim#dr-switch-immediate Foundry/configure/ip/pim#rp-switch-immediate Foundry/configure/ip/pim#threshold-dr <bps# Foundry/configure/ip/pim#threshold-rp <bps# Foundry/configure/ip/pim#whole-packet-checksum Foundry/configure/ip/pim/cbsr# address <address# Foundry/configure/ip/pim/cbsr# period <time# Foundry/configure/ip/pim/cbsr#holdtime <time# Foundry/configure/ip/pim/cbsr#priority <value# Foundry/configure/ip/pim#crp Foundry/configure/ip/pim/crp# address <ipaddress# Foundry/configure/ip/pim/crp# group-add <address# [mask] [priority] Foundry/configure/ip/pim/crp#holdtime <time# © 2004 Foundry Networks, Inc. June 2004...
  • Page 220 Foundry/configure/ip/pim# ssm-range <group-address# <group-mask 5 PIM S HOW AND EBUG OMMANDS Foundry#show ip pim global Foundry#show ip pim timers Foundry#show ip pim interfaces Foundry#show ip pim neighbors Foundry#show ip pim bsr-info © 2004 Foundry Networks, Inc. Multicasting 14 - 3...

  • Page 221: Protocol Independent Multicast - Source Specific Multicast (Pim-Ssm)

    Foundry# debug ip pim packet <pkt_type# <direction# [interface_name ] [ dlci ] Foundry# debug ip pim state Foundry# debug ip pim route Foundry# debug ip pim detail Foundry# debug ip pim debug Foundry#debug ip pim all © 2004 Foundry Networks, Inc. ONTINUED June 2004...

  • Page 222: Igmp Commands

    <interval# Foundry/configure/ip/igmp/interface ethernet0# last- member-query-count <value# Foundry/configure/ip/igmp/interface ethernet0# startup- query-interval <interval# Foundry/configure/ip/igmp/interface ethernet0# startup- query-count <count# Foundry/configure/ip/igmp/interface ethernet0# robustness <value# Foundry/configure/ip/igmp/interface ethernet0# [no] ignore- v1-messages Foundry/configure/ip/igmp/interface ethernet0# [no] ignore- v2-messages © 2004 Foundry Networks, Inc. Multicasting 14 - 5...

  • Page 223: Traceroute Facility For Ip Multicast

    Foundry/debug#[no] ip igmp packet leave [inbound | outbound] Foundry# show ip igmp groups {all | <interface-name#} [detail] Foundry# show ip igmp interface {all | <interface-name#} Foundry# clear ip igmp groups [interface <name#] [group- addr <addr#] [source-addr <source-addr# ] © 2004 Foundry Networks, Inc. June 2004...

  • Page 224: M Ultipath C Ommands

    Disabling Multipath Display RPF selection June 2004 ULTIPATH OMMANDS Foundry/configure/ip/multicast# multipath Foundry/configure/ip/multicast# multipath cisco Foundry/configure/ip/multicast# no multipath Foundry/configure/ip/multicast# no multipath cisco Foundry#show ip rpf <addr# <addr# - source or RP address © 2004 Foundry Networks, Inc. Multicasting 14 - 7...

  • Page 225: Generic Routing Encapsulation (Gre)

    By connecting multiprotocol subnetworks in a single- protocol backbone environment, IP tunneling using GRE allows network expansion across a single-protocol backbone environment. For more information on GRE, refer to the GRE Configuration Guide. 14 - 8 © 2004 Foundry Networks, Inc. June 2004...

  • Page 226: Security Features

    To install the advanced VPN and firewall license and use all the security features available in this release, enter: June 2004 ) license allows users to manage remote LANs. This license also advance_vpn © 2004 Foundry Networks, Inc. Chapter 15 Security Features 15 - 1...

  • Page 227: Access Methods

    The VPN client is allocated a private IP address by the VPN server and the client uses this as the source IP address in the inner IP header in tunnel mode. 15 - 2 © 2004 Foundry Networks, Inc. June 2004...
  • Page 228 Router1/configure# interface bundle wan1 Configuring new bundle Router1/configure/interface/bundle wan1# link t1 1 Router1/configure/interface/bundle wan1# encapsulation ppp Router1/configure/interface/bundle wan1# ip address 172.16.0.1 24 Router1/configure/interface/bundle wan1# crypto untrusted Router1/configure/interface/bundle wan1# exit June 2004 © 2004 Foundry Networks, Inc. Security Features 15 - 3...

  • Page 229: Step 2: Configure The Ethernet Interface With Trusted Network Type

    Step 2: Configure the Ethernet interface with trusted network type: Router1/configure# interface ethernet 0 Configuring existing Ethernet interface Router1/configure interface/ethernet 0# ip address 10.0.1.1 24 Router1/configure/interface/ethernet 0# crypto trusted Router1/configure/interface/ethernet 0# exit Step 3: Display the crypto interfaces: Router1# show crypto interfaces Interface Network Name...
  • Page 230 NOTE: For IPSec only – when you create an outbound tunnel, an inbound tunnel is automatically created. The inbound tunnel applies the name that you provide for the outbound tunnel and adds the prefix “IN” to the name. June 2004 Mode Transform ---- --------- Main P1 pre-g1-3des-sha1 © 2004 Foundry Networks, Inc. Security Features 15 - 5...
  • Page 231 Encryption Algorithm: aes128(key length=128 bits) Hash Algorithm: sha1 Lifetime in seconds: 3600 Lifetime in Kilobytes: 4608000 15 - 6 Match Proto Transform ----- ----- --------- S 172.16.0.1/32/any D 10.0.2.0/24/any S 10.0.2.0/24/any © 2004 Foundry Networks, Inc. P1 esp-aes- P1 esp-aes- June 2004...
  • Page 232 1002 in 1003 in 1024 out any June 2004 Sport Dport Proto Action Advanced ----------------- ------ -------- PERMIT SE snmp PERMIT SE telnet PERMIT SE icmp PERMIT SE PERMIT SE © 2004 Foundry Networks, Inc. Security Features 15 - 7...
  • Page 233 Logging is disable Source Address is any, Dest Address is any Source Port is any, Dest Port is any, any Schedule is disabled, Ftp-Filter is disabled Smtp-Filter is disabled, Http-Filter is disabled 15 - 8 © 2004 Foundry Networks, Inc. June 2004...
  • Page 234 Policy Dest IP ------ ------- INRouter2 172.16.0.1 Router2 172.16.0.2 June 2004 State Bytes Transform ----- ----- --------- SA_MATURE 2020 pre-g1-3des-sha1 Bytes Transform ----- --------- 0xe8453c2b 256 esp-aes-sha1-tunl 0xa1f673aa 256 esp-aes-sha1-tunl © 2004 Foundry Networks, Inc. Security Features 15 - 9...

  • Page 235: Example 2: Joining Two Private Networks With An Ip Security Tunnel

    The following example demonstrates how to form an IP security tunnel to join two private networks: 10.0.1.0/24 and 10.0.2.0/24. The security requirements are as follows: • Phase 1: 3DES with SHA1 • Phase 2: IPSec ESP with AES (256-bit) and HMAC-SHA1 15 - 10 © 2004 Foundry Networks, Inc. June 2004...
  • Page 236 Step 3: Display the crypto interfaces: Router1# show crypto interfaces Interface Network Name Type --------- ------- ethernet0 trusted wan1 untrusted Step 4: Add route to peer LAN: Router1/configure# ip route 10.0.2.0 24 wan1 June 2004 © 2004 Foundry Networks, Inc. Security Features 15 - 11...
  • Page 237 Proposal of priority 1 Encryption algorithm: 3des Hash Algorithm: sha1 Authentication Mode: pre-shared-key DH Group: group1 Lifetime in seconds: 86400 Lifetime in kilobytes: unlimited 15 - 12 Mode Transform ---- --------- Main P1 pre-g1-3des-sha1 © 2004 Foundry Networks, Inc. June 2004...
  • Page 238 Step 9: Display IPSec policies: Router1# show crypto ipsec policy all Policy Peer ------ ---- Router2 172.16.0.2 sha1-tunl June 2004 Match Proto Transform ----- ----- --------- S 10.0.1.0/24/any © 2004 Foundry Networks, Inc. Security Features P1 esp-aes- 15 - 13...
  • Page 239 Step 11: Configure firewall policies to allow IKE negotiation through untrusted interface (applicable only if firewall license is also enabled): Router1/configure# firewall internet Router1/configure/firewall internet# policy 1000 in service ike self Router1/configure/firewall internet/policy 1000 in# exit Router1/configure/firewall internet# exit 15 - 14 © 2004 Foundry Networks, Inc. June 2004...
  • Page 240 Router1/configure/firewall corp# policy 1000 in address 10.0.2.0 24 10.0.1.0 24 Router1/configure/firewall corp/policy 1000 in# exit Router1/configure/firewall corp# exit June 2004 Sport Dport Proto Action Advanced ----------------- ------ -------- PERMIT SE PERMIT SE © 2004 Foundry Networks, Inc. Security Features 15 - 15...
  • Page 241 R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging, E - Policy Enabled, M - Smtp-Filter Dir Source Addr Action Advanced --- ----------- -- -------- 15 - 16 Destination Addr Sport Dport Proto ---------------- ----------------- ---- © 2004 Foundry Networks, Inc. June 2004...
  • Page 242 Schedule is disabled, Ftp-Filter is disabled Smtp-Filter is disabled, Http-Filter is disabled Rpc-Filter is disabled, Nat is disabled Max-Connections 1024, Connection-Rate is disabled Policing is disabled, Bandwidth is disabled June 2004 © 2004 Foundry Networks, Inc. Security Features 15 - 17...
  • Page 243 Router1# show crypto ipsec sa all Policy Dest IP ------ ------- INRouter2 172.16.0.1 Router2 172.16.0.2 15 - 18 State Bytes Transform ----- ----- --------- SA_MATURE 1796 pre-g1-3des-sha1 Bytes Transform ----- --------- 0xd603a513 256 esp-aes-sha1-tunl 0xb013de87 256 esp-aes-sha1-tunl © 2004 Foundry Networks, Inc. June 2004...

  • Page 244: Example 3: Joining Two Networks With An Ipsec Tunnel Using Multiple Ipsec Proposals

    As a result of quick mode negotiation, the two routers are expected to converge on a mutually acceptable proposal, which is the proposal “IPSec ESP with AES (256-bit) and HMAC-SHA1” in this example. June 2004 © 2004 Foundry Networks, Inc. Security Features 15 - 19...
  • Page 245 Step 3: Display the crypto interfaces: Router1# show crypto interfaces Interface Network Name Type --------- ------- ethernet0 trusted wan1 untrusted Step 4: Add the route to the peer LAN: Router1/configure# ip route 10.0.2.0 24 wan1 15 - 20 © 2004 Foundry Networks, Inc. June 2004...
  • Page 246 Proposal of priority 1 Encryption algorithm: 3des Hash Algorithm: sha1 Authentication Mode: pre-shared-key DH Group: group1 Lifetime in seconds: 86400 Lifetime in kilobytes: unlimited June 2004 Mode Transform ---- --------- Main P1 pre-g1-3des-sha1 © 2004 Foundry Networks, Inc. Security Features 15 - 21...
  • Page 247 “IN” to the name. Step 9: Display the IPSec policies: Router1# show crypto ipsec policy all Policy Peer ------ ---- Router2 172.16.0.2 sha1-tunl 15 - 22 Match Proto Transform ----- ----- --------- S 10.0.1.0/24/any © 2004 Foundry Networks, Inc. P1 esp-des- June 2004...
  • Page 248 Step 10: Configure firewall policies to allow IKE negotiation through untrusted interface (applicable only if firewall license is also enabled): Router1/configure# firewall internet Router1/configure/firewall internet# policy 1000 in service ike self Router1/configure/firewall internet/policy 1000 in# exit Router1/configure/firewall internet# exit June 2004 © 2004 Foundry Networks, Inc. Security Features 15 - 23...
  • Page 249 Router1/configure/firewall corp# policy 1000 in address 10.0.2.0 24 10.0.1.0 24 Router1/configure/firewall corp/policy 1000 in# exit Router1/configure/firewall corp# exit 15 - 24 Sport Dport Proto Action Advanced ----------------- ------ -------- PERMIT SE PERMIT SE © 2004 Foundry Networks, Inc. June 2004...
  • Page 250 R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging, E - Policy Enabled, M - Smtp-Filter Dir Source Addr Action Advanced --- ----------- -- -------- June 2004 Destination Addr Sport Dport Proto ---------------- ----------------- ---- © 2004 Foundry Networks, Inc. Security Features 15 - 25...
  • Page 251 Schedule is disabled, Ftp-Filter is disabled Smtp-Filter is disabled, Http-Filter is disabled Rpc-Filter is disabled, Nat is disabled Max-Connections 1024, Connection-Rate is disabled Policing is disabled, Bandwidth is disabled Bytes In 11258, Bytes Out 5813 15 - 26 © 2004 Foundry Networks, Inc. June 2004...
  • Page 252 Policy Dest IP ------ ------- INRouter2 172.16.0.1 Router2 172.16.0.2 June 2004 State Bytes Transform ----- ----- --------- SA_MATURE 1796 pre-g1-3des-sha1 Bytes Transform ----- --------- 0x8eabe4b3 256 esp-aes-sha1-tunl 0xa9a506f9 256 esp-aes-sha1-tunl © 2004 Foundry Networks, Inc. Security Features 15 - 27...

  • Page 253: Example 4: Supporting Remote User Access

    In this example, the client needs to access the corporate private network 10.0.1.0/24 through the VPN tunnel. The security requirements are as follows: • Phase 1: 3DES with SHA1, Xauth (Radius PAP) • Phase 2: IPSec ESP tunnel with AES256 and HMAC-SHA1 15 - 28 © 2004 Foundry Networks, Inc. June 2004...
  • Page 254 Step 2: Configure the Ethernet interface with trusted network type: Router1/configure# interface ethernet 0 Configuring existing Ethernet interface Router1/configure interface/ethernet 0# ip address 10.0.1.1 24 Router1/configure/interface/ethernet 0# crypto trusted Router1/configure/interface/ethernet 0# exit June 2004 © 2004 Foundry Networks, Inc. Security Features 15 - 29...
  • Page 255 Router1/configure/crypto/dynamic# Step 5: Display dynamic IKE policies: Router1# show crypto dynamic ike policy all Policy Remote-id ------ --------- sales U david@foun... Aggressive P1 15 - 30 Mode Transform ---- --------- © 2004 Foundry Networks, Inc. Address-Pool ------------ pre-g1-3des- June 2004...
  • Page 256 Router1# show crypto dynamic ipsec policy all Policy Match ------ ----- sales S 10.0.1.0/24/any D any/any/any INsales S any/any/any D 10.0.1.0/24/any June 2004 Proto Transform ----- --------- P1 esp-aes-sha1-tunl P1 esp-aes-sha1-tunl © 2004 Foundry Networks, Inc. Security Features 15 - 31...
  • Page 257 Step 10: Configure radius server (applicable only if client authentication is configured in dynamic IKE policy): Router1/configure# aaa Router1/configure/aaa# radius Router1/configure/aaa/radius# primary_server 172.168.2.1 Primary Radius server configured. Router1/configure/aaa/radius# secondary_server 192.168.2.1 Secondary Radius server configured. Router1/configure/aaa/radius# exit Router1/configure/aaa# exit 15 - 32 © 2004 Foundry Networks, Inc. June 2004...
  • Page 258 Schedule is disabled, Ftp-Filter is disabled Smtp-Filter is disabled, Http-Filter is disabled Rpc-Filter is disabled, Nat is disabled Bytes In 0, Bytes Out 0 June 2004 Destination Addr Sport Dport Proto Action © 2004 Foundry Networks, Inc. Security Features 15 - 33...
  • Page 259 R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging, E - Policy Enabled, M - Smtp-Filter Dir Source Addr Action Advanced --- ----------- 15 - 34 Destination Addr Sport Dport Proto ---------------- ----------------- ---- © 2004 Foundry Networks, Inc. June 2004...
  • Page 260 Smtp-Filter is disabled, Http-Filter is disabled Rpc-Filter is disabled, Nat is disabled Max-Connections 1024, Connection-Rate is disabled Policing is disabled, Bandwidth is disabled Bytes In 11258, Bytes Out 5813 June 2004 © 2004 Foundry Networks, Inc. Security Features 15 - 35...
  • Page 261 Dest IP ------ ------- INsales 172.16.0.1 0xf43c5e3b 360 sales 192.168.107.105 0xcfea8435 240 15 - 36 Policy ------ sales State Bytes Transform ----- ----- --------- Bytes Transform ----- --------- esp-aes-sha1-tunl esp-aes-sha1-tunl © 2004 Foundry Networks, Inc. Advanced -------- UserGrp June 2004...

  • Page 262: Example 5: Configuring Ipsec Remote Access To Corporate Lan With Mode-Configuration Method

    The outer IP header will carry the dynamic IP address assigned by the Internet Service Provider as the source address. The security requirements are as follows: • Phase 1: 3DES with SHA1, Mode Configuration • Phase 2: IPSec ESP tunnel with AES256 and HMAC-SHA1 June 2004 © 2004 Foundry Networks, Inc. Security Features 15 - 37...
  • Page 263 Step 2: Configure the Ethernet interface with trusted network type: Router1/configure# interface ethernet 0 Configuring existing Ethernet interface Router1/configure interface/ethernet 0# ip address 10.0.1.1 24 Router1/configure/interface/ethernet 0# crypto trusted Router1/configure/interface/ethernet 0# exit 15 - 38 © 2004 Foundry Networks, Inc. June 2004...
  • Page 264 Step 5: Display dynamic IKE policies: Router1# show crypto dynamic ike policy all Policy Remote-id ------ --------- sales U david@foun... Aggressive P1 pre-g1-3des-sha1 June 2004 Mode Transform ---- --------- © 2004 Foundry Networks, Inc. Security Features Address-Pool ------------ 15 - 39...
  • Page 265 Router1/configure/crypto/dynamic# exit Step 8: Display dynamic IPSec policies: Router1# show crypto dynamic ipsec policy all Policy Match ------ ----- sales S 10.0.1.0/24/any D any/any/any 15 - 40 Proto Transform ----- --------- P1 esp-aes-sha1-tunl © 2004 Foundry Networks, Inc. June 2004...
  • Page 266 R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging, E - Policy Enabled, M - Smtp-Filter Dir Source Addr Action Advanced --- ----------- June 2004 Destination Addr Sport Dport Proto ---------------- ----------------- ---- © 2004 Foundry Networks, Inc. Security Features 15 - 41...
  • Page 267 ---------------- 1000 in 20.1.1.100 10.0.1.0/24 20.1.1.150 1022 out any 1023 in 1024 out any 15 - 42 Sport Dport Proto Action Advanced ----------------- ------ -------- PERMIT E PERMIT SE PERMIT SE PERMIT E © 2004 Foundry Networks, Inc. June 2004...
  • Page 268 Smtp-Filter is disabled, Http-Filter is disabled Rpc-Filter is disabled, Nat is disabled Max-Connections 1024, Connection-Rate is disabled Policing is disabled, Bandwidth is disabled Bytes In 11258, Bytes Out 5813 June 2004 © 2004 Foundry Networks, Inc. Security Features 15 - 43...
  • Page 269 Router1# show crypto ipsec sa all Policy Dest IP ------ ------- INsales 172.16.0.10xbba97427 840 sales 192.168.107.1050xcb0e23f3 560 15 - 44 Policy ------ State Bytes Transform ----- ----- --------- 2052 pre-g1-3des-sha1 Bytes Transform ----- --------- esp-aes-sha1-tunl esp-aes-sha1-tunl © 2004 Foundry Networks, Inc. ModecfgGrp June 2004...

  • Page 270: Configuring Gre

    IPSec and GRE complement each other well, while IPSec provides a secure method of transporting data across the internet GRE provides the capability to transport routing protocols (for example: OSPF) that use broadcast and multicast. June 2004 Bytes Transform ----- --------- esp-aes-sha1-tunl esp-aes-sha1-tunl © 2004 Foundry Networks, Inc. Security Features 15 - 45...
  • Page 271 Configure the tunnel: Foundry/configure# interface tunnel t0 Foundry/configure/interface/tunnel t0# ip 103.1.1.2 24 Foundry/configure/interface/tunnel t0# tunnel source 192.168.94.220 Foundry/configure/interface/tunnel t0# tunnel destination 192.168.55.75 Foundry/configure/interface/tunnel t0# exit Configure the IP routes: 15 - 46 40.1.1.0 192.168.55.75 © 2004 Foundry Networks, Inc. June 2004...
  • Page 272 Gateway Protocol: GRE ICMP redirect: will be sent Protection: policy grecisco key Keepalive: disabled Path MTU discovery: disabled Checksum: disabled 95112 Bytes Tx Packets Tx Output Errs © 2004 Foundry Networks, Inc. Security Features fields.) Source Address 15 - 47...
  • Page 273 Foundry/ configure/interface/tunnel t0# ip address 103.1.1.2 24 Foundry/ configure/interface/tunnel t0# tunnel source 192.168.94.220 Foundry/ configure/interface/tunnel t0# tunnel destination 192.168.55.75 Foundry/ configure/interface/tunnel t0# tunnel protection grecisco secretkeyfortest Foundry/ configure/interface/tunnel t0# crypto untrusted Foundry/ configure/interface/tunnel t0# exit 15 - 48 © 2004 Foundry Networks, Inc. June 2004...
  • Page 274 Add to the Cisco configuration above: cisco > config t cisco(config)#router ospf 1 cisco(config-router)# network 103.1.1.0 0.0.0.255 area 0 To verify the OSPF configuration, enter: Foundry# show ip ospf interface all June 2004 © 2004 Foundry Networks, Inc. Security Features 15 - 49...

  • Page 275: Firewall Configuration Examples

    DMZ from unauthorized access from the Internet. To create this basic three-armed firewall configuration, complete these steps: 15 - 50 www.yahoo.com Web server Internet Reverse NAT 10.3.1.0/24 FTP Server © 2004 Foundry Networks, Inc. June 2004...
  • Page 276 Create an object of type http-filter to block java traffic • Modify policy 1024 to pat all outgoing traffic using public IP 193.168.94.220 • Modify policy 1024 to add a java HTTP filter. June 2004 © 2004 Foundry Networks, Inc. Security Features 15 - 51...
  • Page 277 Modify policy 100 to add NAT pool object to translate incoming traffic for FTP server from public IP to private • Modify policy 100 to add an FTP filter. 15 - 52 Sport Dport Proto Action Advanced ----------------- ------ -------- DENY PERMIT SE PERMIT SE PERMIT HNE *.java © 2004 Foundry Networks, Inc. June 2004...
  • Page 278 Step 10: Create a default route out of the WAN: Foundry/configure# ip route 0.0.0.0 0 wan Foundry/configure# June 2004 Sport Dport Proto Action Advanced ----------------- ------ -------- PERMIT FNE PERMIT SE PERMIT SE PERMIT E put mkdir © 2004 Foundry Networks, Inc. Security Features 15 - 53...
  • Page 279 2 time_out 5 server_port 49 exit tacacs radius exit radius exit aaa interface ethernet 0 address 10.2.1.1 255.255.255.0 multicast mode ospfrip2 exit multicast mtu 4000 icmp exit icmp 15 - 54 © 2004 Foundry Networks, Inc. June 2004...
  • Page 280 Foundry enable_trap exit enable_trap exit snmp hostname Foundry log utc telnet_banner exit telnet_banner event exit event system logging no console syslog host_ipaddr 193.168.94.35 exit syslog exit logging June 2004 © 2004 Foundry Networks, Inc. Security Features 15 - 55...

  • Page 281: Stopping Dos Attacks

    Foundry provides protection against FTP bounce, ICMP error checks, IP sequence number checks, unaligned timestamps, MIME flooding, source routing checks, SYN flooding, and WIN nuke attacks. To configure the firewall for protection against all of these attacks, enter: 15 - 56 © 2004 Foundry Networks, Inc. June 2004...

  • Page 282: Nat Configurations

    Foundry system forwards the packets to the correct PC within the LAN, according to the mapping relationship established. June 2004 © 2004 Foundry Networks, Inc. Security Features 15 - 57...

  • Page 283: Nat Configuration Examples

    Foundry/configure/firewall corp/object# exit Foundry/configure/firewall corp# policy 8 out address 10.1.1.1 10.1.1.4 any any Foundry/configure/firewall corp/policy 8 out# apply-object nat- pool addresspoolDyna Foundry/configure/firewall corp/policy 8 out# exit 2 Foundry/configure# 15 - 58 OPAL INTERNET © 2004 Foundry Networks, Inc. June 2004...
  • Page 284 Foundry/configure/firewall corp/policy 7 out# exit 2 Foundry/configure# Port Address Translation (Many to one) NAT allows multiple IP addresses to be mapped to one address. June 2004 OPAL INTERNET © 2004 Foundry Networks, Inc. Security Features 15 - 59...
  • Page 285 IP address range. Finally, attach the NAT pool to the policy. 15 - 60 INTERNET parameter in the command. In the second method, create a pool policy exit 2 and specify the IP address. Then add the © 2004 Foundry Networks, Inc. nat-ip June 2004...

  • Page 286: Ipsec Supported Protocols And Algorithms

    Null Encryption June 2004 Table 15.1: IPSec Protocols Support Mode Tunnel Transport Tunnel Transport Table 15.2: Encryption Algorithms Block Size 56 bits 168 bits 128 bits 192 bits 256 bits © 2004 Foundry Networks, Inc. Security Features 15 - 61...
  • Page 287 Table 15.5: IKE Default Values Foundry Default Value: Site to Site Main mode Disabled SHA1 PreShared Group 1 86400 seconds Initiator and responder © 2004 Foundry Networks, Inc. Foundry Default Value: Remote Access Aggressive mode Disabled SHA1 PreShared Group 1 86400 seconds Responder only...
  • Page 288 Traffic Permit All (Priority 1024) Permit All (Priority 1024) Table 15.8: Firewall per policy defaults Default Value No Default © 2004 Foundry Networks, Inc. Security Features Incoming Firewall Outgoing Firewall Policy for Self Policy for Self Traffic Traffic Permit All (Priority...
  • Page 289 Table 15.8: Firewall per policy defaults No Default Permit Transit Disabled Disabled Disabled Disabled Disabled Disabled 1024 Disabled Disabled Disabled Maximum Connections Default 1024 outgoing connections 1024 outgoing connections 3072 Maximum Connections Default Enabled Enabled Disabled © 2004 Foundry Networks, Inc. June 2004...
  • Page 290 Disabled Table 15.11: Tunnel Interface Defaults Default Value No Default No Default No Default 1476 - Not configurable Enabled Enabled Disabled Disabled Copy from Inner Disabled Disabled Disabled Disabled Disabled © 2004 Foundry Networks, Inc. Security Features 15 - 65...
  • Page 291 Foundry AR-Series Router User Guide 15 - 66 © 2004 Foundry Networks, Inc. June 2004...

  • Page 292: C Ommand L Ine I Nterface

    Help,online 4-4 Introduction 3-1 navigation 4-4 nomenclature 3-1 normal type 4-2 online help, see Help show/display command 4-7 spacebar 4-4 Tab key 4-4 telephone Access 3-5 tree command 4-5 Web access 3-5 © 2004 Foundry Networks, Inc. Index Index - 1...

  • Page 293: Foundry Networks, Inc. June

    Foundry AR-Series Router User Guide Index - 2 © 2004 Foundry Networks, Inc. June 2004...

This manual is also suitable for:

Ar1204Ar1216Ar3202Ar3201Ar3202-clAr3201-cl ... Show all

Table of Contents

Save PDF