Alcatel-Lucent 7210 SAS M Configuration Manual
  1. Manuals
  2. Brands
  3. Alcatel-Lucent Manuals
  4. Network Router
  5. 7210 SAS E OS
  6. Configuration manual
Alcatel-Lucent 7210 SAS M Configuration Manual

Alcatel-Lucent 7210 SAS M Configuration Manual

Hide thumbs Also See for 7210 SAS M:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual
7210 SAS M, X OS
Router Configuration Guide
Software Version: 7210 SAS OS 4.0 Rev. 05
March 2012
Document Part Number: 93-0381-01-05
93-0381-01-05

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 7210 SAS M and is the answer not in the manual?

Questions and answers

Related Manuals for Alcatel-Lucent 7210 SAS M

Summary of Contents for Alcatel-Lucent 7210 SAS M

  • Page 1 7210 SAS M, X OS Router Configuration Guide Software Version: 7210 SAS OS 4.0 Rev. 05 March 2012 Document Part Number: 93-0381-01-05 93-0381-01-05...
  • Page 2 This document is protected by copyright. Except as specifically permitted herein, no portion of the provided information can be reproduced in any form, or by any means, without prior written permission from Alcatel-Lucent. Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners.

  • Page 3: Table Of Contents

    Getting Started Alcatel-Lucent 7210 SAS-Series Router Configuration Process ....... .13 IP Router Configuration Configuring IP Router Parameters .
  • Page 4 ................167 Page 4 7210 SAS M, X Router Configuration Guide...
  • Page 5 MAC Match Criteria Exclusivity Rules ..........101 Common CLI Command Descriptions 7210 SAS M, X Router Configuration Guide Page 5...
  • Page 6 List of Tables Page 6 7210 SAS M, X Router Configuration Guide...
  • Page 7 Applying an IP Filter to an Ingress Interface ........104 Common CLI Command Descriptions 7210 SAS M, X Router Configuration Guide Page 7...
  • Page 8 List of Figures Page 8 7210 SAS M, X Router Configuration Guide...

  • Page 9: Preface

    This guide describes logical IP routing interfaces, IP and MAC-based filtering support provided by the 7210 SAS M, X and presents configuration and implementation examples. All the variants of 7210 SAS-M can be configured in two modes, that is in network mode and in access-uplink mode.

  • Page 10: List Of Technical Publications

    This guide describes how to configure features such as service mirroring and Operations, Administration and Management (OAM) tools. • 7210 SAS M Quality of Service Guide This guide describes how to configure Quality of Service (QoS) policy management. Page 10...

  • Page 11: Technical Support

    If you purchased a service agreement for your 7210 SAS router and related products from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased an Alcatel-Lucent service agreement, contact your welcome center Web: http://www1.alcatel-lucent.com/comps/pages/carrier_support.jhtml...
  • Page 12 Preface Page 12 7210 SAS M, X Router Configuration Guide...

  • Page 13: Getting Started

    IDs, and autonomous systems. IP and MAC filters Filter Policies on page 87 Reference List of IEEE, IETF, and other Standards and Protocol Support on page 163 proprietary entities. 7210 SAS M, X Router Configuration Guide Page 13...

  • Page 14: Getting Started

    Getting Started Page 14 7210 SAS M, X Router Configuration Guide...

  • Page 15: Ip Router Configuration

    Topics in this chapter include: • Configuring IP Router Parameters on page 16 → Interfaces on page 16 → Autonomous Systems (AS) on page 20 • Configuration Notes on page 25 Page 15 7210 SAS M, X Router Configuration Guide...

  • Page 16: Configuring Ip Router Parameters

    An interface can be associated with the system (loopback address). Network Interface A network interface (a logical IP routing interface) can be configured on a physical port. Page 16 7210 SAS M, X Router Configuration Guide...

  • Page 17: Network Domains

    This means that all SAPs in VPLS will have queue reaching all fwd- complexes serving interfaces that belong to the same network-domains as the SDPs. It is possible to assign/remove network-domain association of the interface/SDP without requiring deletion of the respective object. 7210 SAS M, X Router Configuration Guide Page 17...

  • Page 18: System Interface

    The system interface is also referred to as the loopback address and is used as the router identifier. A system interface must have an IP address with a 32- bit subnet mask. Page 18 7210 SAS M, X Router Configuration Guide...

  • Page 19: Router Id

    OSPF and BGP routing protocols in the routing table manager instance. There are several ways to obtain the router ID. On each 7210 SAS M, X router, the router ID can be derived in the following ways.

  • Page 20: Autonomous Systems (As)

    AS path, with other ASs using BGP. Routing tables contain lists of next hops, reachable addresses, and associated path cost metrics to each router. BGP uses the information and path attributes to compile a network topology. Page 20 7210 SAS M, X Router Configuration Guide...

  • Page 21: Bi-Directional Forwarding Detection

    If authentication is enabled, the IP TTL should be 255. In case the IP TTL is not 255 the BFD packets are still processed, if packet passes the enabled authentication mechanism. 7210 SAS M, X Router Configuration Guide Page 21...

  • Page 22: Control Packet Format

    BFD packets from the remote system, or is in the process of tearing down the BFD session for some reason. Otherwise, during normal operation, it is set to 1. D Bit The “demand mode” bit. (Not supported) Page 22 7210 SAS M, X Router Configuration Guide...

  • Page 23: Echo Support

    This allows the echo sender to send BFD echo packets at any rate. The 7210 SAS supports only response to echo requests and does not support sending of echo requests. 7210 SAS M, X Router Configuration Guide Page 23...

  • Page 24: Process Overview

    Router ID — (Optional) The router ID specifies the router's IP address. • Autonomous system — (Optional) An autonomous system (AS) is a collection of networks that are subdivided into smaller, more manageable areas. Page 24 7210 SAS M, X Router Configuration Guide...

  • Page 25: Configuration Notes

    The following information describes router configuration caveats. • A system interface and associated IP address should be specified. • Boot options file (BOF) parameters must be configured prior to configuring router parameters. 7210 SAS M, X Router Configuration Guide Page 25...
  • Page 26 Configuration Notes Page 26 7210 SAS M, X Router Configuration Guide...

  • Page 27: Configuring An Ip Router With Cli

    • Service Management Tasks on page 35 → Changing the System Name on page 35 → Modifying Interface Parameters on page 36 → Deleting a Logical IP Interface on page 37 7210 SAS M, X Router Configuration Guide Page 27...

  • Page 28: Router Configuration Overview

    A system interface and network interface should be configured. System Interface The system interface is associated with the network entity (such as a specific 7210 SAS M, X), not a specific interface. The system interface is also referred to as the loopback address. The system interface is associated during the configuration of the following entities: •...

  • Page 29: Basic Configuration

    . . . #------------------------------------------ # Router Configuration #------------------------------------------ router interface "system" address 10.10.10.103/32 exit interface "to-104" address 10.0.0.103/24 port 1/1/1 exit exit autonomous-system 12345 router-id 10.10.10.103 exit isis exit #------------------------------------------ A:ALA-A> config# 7210 SAS M, X Router Configuration Guide Page 29...

  • Page 30: Common Configuration Tasks

    The following example displays the system name output. A:ALA-A>config>system# info #------------------------------------------ # System Configuration #------------------------------------------ name "ALA-A" location "Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." snmp exit . . . exit ---------------------------------------------- Page 30 7210 SAS M, X Router Configuration Guide...

  • Page 31: Configuring Interfaces

    Configuring a Network Interface To configure a network interface: CLI Syntax: config>router interface interface-name address ip-addr{/mask-length | mask} [broadcast {all- ones | host-ones}] egress filter ip ip-filter-id ingress filter ip ip-filter-id port port-name 7210 SAS M, X Router Configuration Guide Page 31...
  • Page 32 The following displays an IP configuration output showing interface information. A:ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.0.4/32 exit interface "to-ALA-2" address 10.10.24.4/24 port 1/1/1 egress filter ip 10 exit exit #------------------------------------------ A:ALA-A>config>router# Page 32 7210 SAS M, X Router Configuration Guide...

  • Page 33: Deriving The Router Id

    | host-ones] The following example displays a router ID configuration: A:ALA-4>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.0.4/32 exit . . . router-id 10.10.0.4 #------------------------------------------ A:ALA-4>config>router# 7210 SAS M, X Router Configuration Guide Page 33...

  • Page 34: Configuring An Autonomous System

    The following displays an autonomous system configuration example: A;ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.10.10.103/32 exit interface "to-104" address 10.0.0.103/24 port 1/1/1 exit exit autonomous-system 100 router-id 10.10.10.103 #------------------------------------------ A:ALA-A>config>router# Page 34 7210 SAS M, X Router Configuration Guide...

  • Page 35: Service Management Tasks

    "Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." synchronize snmp exit security snmp community "private" rwa version both exit exit . . . ---------------------------------------------- A:TGIF>config>system# 7210 SAS M, X Router Configuration Guide Page 35...

  • Page 36: Modifying Interface Parameters

    A:ALA-A>config>router>if# no shutdown The following example displays the interface configuration: A:ALA-A>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "system" address 10.0.0.103/32 exit interface "to-sr1" address 10.0.0.25/24 port 1/1/2 exit router-id 10.10.0.3 #------------------------------------------ A:ALA-A>config>router# Page 36 7210 SAS M, X Router Configuration Guide...

  • Page 37: Deleting A Logical Ip Interface

    2. After the interface has been shut down, it can then be deleted with the no interface command. CLI Syntax: config>router no interface ip-int-name Example config>router# interface test-interface config>router>if# shutdown config>router>if# exit config>router# no interface test-interface config>router# 7210 SAS M, X Router Configuration Guide Page 37...
  • Page 38 Service Management Tasks Page 38 7210 SAS M, X Router Configuration Guide...

  • Page 39: Ip Router Command Reference

    Router Interface Commands on page 41 • Router Advertisement Commands on page 47 • Show Commands on page 42 • Clear Commands on page 43 • Debug Commands on page 44 7210 SAS M, X Router Configuration Guide Page 39...
  • Page 40 {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [met- ric metric] [tag tag] [enable | disable] next-hop gateway [bfd-enable] — [no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [met- ric metric] [enable | disable] black-hole — [no] triggered-policy Page 40 7210 SAS M, X Router Configuration Guide...

  • Page 41: Router Interface Commands

    — no port — [no] proxy-arp-policy policy-name [policy-name...(upto 5 max)] — [no] remote-proxy-arp — [no] shutdown — static-arp ip-address ieee-address — no static-arp ip-address — tos-marking-state {trusted | untrusted} — no tos-marking-state 7210 SAS M, X Router Configuration Guide Page 41...

  • Page 42: Show Commands

    — rsvp — static-arp [ip-address | ip-int-name | mac ieee-mac-addr] — static-route | [preference preference] | [next-hop ip-address] | [detail] — status — tunnel-table [ip-address[/mask]] | [protocol protocol | sdp sdp-id] [summary] Page 42 7210 SAS M, X Router Configuration Guide...

  • Page 43: Clear Commands

    IP Router Configuration Clear Commands clear — router [router-instance] — {all | ip-addr | interface {ip-int-name | ip-addr}} — — session src-ip ip-address dst-ip ip-address — statistics src-ip ip-address dst-ip ip-address — statistics 7210 SAS M, X Router Configuration Guide Page 43...

  • Page 44: Debug Commands

    — icmp — no icmp — [no] interface [ip-int-name | ip-address] — packet [ip-int-name | ip-address] [headers] [protocol-id] — no packet [ip-int-name | ip-address] — route-table [ip-prefix/prefix-length] [longer] — no route-table Page 44 7210 SAS M, X Router Configuration Guide...

  • Page 45: Generic Commands

    — The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7210 SAS M, X Router Configuration Guide Page 45...

  • Page 46: Router Global Commands

    The mask associated with the network address expressed as a mask length. Values 0 — 32 summary-only — This optional parameter suppresses advertisement of more specific component routes for the aggregate. Page 46 7210 SAS M, X Router Configuration Guide...
  • Page 47 If a system interface address is not configured, use the last 32 bits of the chassis MAC address. Parameters router-id — The 32 bit router ID expressed in dotted decimal notation or as a decimal value. 7210 SAS M, X Router Configuration Guide Page 47...
  • Page 48 BGP peer on a 7210 SAS M, X router, the consequences could be dramatic. It would be more effective to control changes on a peer-by-peer basis.
  • Page 49 (with the exception of either the next-hop parameter), then this static route will be replaced with the newly entered command, and unless specified, the respective defaults for preference and metric will be applied. 7210 SAS M, X Router Configuration Guide Page 49...

  • Page 50: Table 3: Default Route Preferences

    Default enable bfd-enable — This parameter is supported on 7210 SAS M, X devices configured in Network mode. It associates the state of the static route to a BFD session between the local system and the configured nexthop. This keyword cannot be configured if the nexthop is indirect or blackhole keywords are specified.
  • Page 51 Although not a keyword, the ip-int-name “system” is associated with the network entity (such as a specific 7210 SAS M), not a specific interface. The system interface is also referred to as the loopback address.
  • Page 52 The mask parameter indicates the complete mask that will be used in a logical ‘AND’ function to derive the Page 52 7210 SAS M, X Router Configuration Guide...
  • Page 53 A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address of another IP interface. The allow-directed-broadcasts command on an IP interface enables or disables the transmission of packets destined to the subnet broadcast address of the egress IP interface. 7210 SAS M, X Router Configuration Guide Page 53...
  • Page 54 The no form of the command removes BFD from the router interface regardless of the RSVP. Important notes: On the 7210 SAS, the transmit-interval and receive receive-interval values can only be modified to a value less than 100 ms when: The service is shut down (shutdown) Page 54 7210 SAS M, X Router Configuration Guide...
  • Page 55 If the user changes the cost of an interface, the new value is advertised at the next flooding of link attributes by IGP. However, if the LDP synchronization timer is still running, the new cost value will 7210 SAS M, X Router Configuration Guide Page 55...
  • Page 56 This command enables local proxy ARP on the interface. Default no local-proxy-arp loopback Syntax [no] loopback Context config>router>interface Description This command configures the interface as a loopback interface. Default Not enabled Page 56 7210 SAS M, X Router Configuration Guide...
  • Page 57 If the card in the slot has MDAs, port-id is in the slot_number/MDA_number/port_number format; for example, 1/1/3 specifies port 3 of the MDA installed in MDA slot 1 on the card installed in chassis slot 1. 7210 SAS M, X Router Configuration Guide Page 57...
  • Page 58 QoS policy ID. The specified queue-group-name must exist as a port egress queue group on the port associated with the IP interface. Page 58 7210 SAS M, X Router Configuration Guide...
  • Page 59 The number of static-arp entries that can be configured on a single node is limited to 1000. Static ARP is used when a 7210 SAS M needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the 7210 SAS M OS configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address.
  • Page 60 IP interface has the remark-trusted state set untrusted — Specifies that all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface. Page 60 7210 SAS M, X Router Configuration Guide...
  • Page 61 — The filter name acts as the ID for the IP filter policy expressed as a decimal integer. The filter policy must already exist within the config>filter>ip context. Values 1 — 65535 7210 SAS M, X Router Configuration Guide Page 61...
  • Page 62 By default, generation of ICMP redirect messages is enabled at a maximum rate of 100 per 10 second time interval. The no form of the command disables the generation of ICMP redirects on the router interface. Page 62 7210 SAS M, X Router Configuration Guide...
  • Page 63 The rate at which ICMP unreachables is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a given time interval. 7210 SAS M, X Router Configuration Guide Page 63...
  • Page 64 10 — 1000 seconds — The time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued, expressed as a decimal integer. Values 1— 60 Page 64 7210 SAS M, X Router Configuration Guide...
  • Page 65 Oth — The ARP entry is a local or system ARP entry. Sta — The ARP entry is an active static ARP entry. *Man The ARP entry is a managed ARP entry. The ARP entry is an internal ARP entry. 7210 SAS M, X Router Configuration Guide Page 65...
  • Page 66 =============================================================================== IP Address MAC Address Expiry Type Interface ------------------------------------------------------------------------------- 10.10.13.1 04:5b:01:01:00:02 03:53:09 to-ser1 =============================================================================== A:ALA-A# Syntax Context show>router Description This command enables the context to display bi-directional forwarding detection (BFD) information. Page 66 7210 SAS M, X Router Configuration Guide...
  • Page 67 No. of BFD Interfaces: 3 =============================================================================== *A:7210-SAS>show>router>bfd# *A:7210-SAS>show>router>bfd# interface C_Lag =============================================================================== BFD Interface =============================================================================== Interface name Tx Interval Rx Interval Multiplier ------------------------------------------------------------------------------- C_Lag ------------------------------------------------------------------------------- No. of BFD Interfaces: 1 =============================================================================== *A:7210-SAS>show>router>bfd# 7210 SAS M, X Router Configuration Guide Page 67...
  • Page 68 Rx Pkts ------------------------------------------------------------------------------- F_Port Up (3) 22.1.1.1 ospf2 801259 801275 F_Lag Up (3) 23.1.1.1 ospf2 267087 267093 C_Lag Up (3) 25.1.1.2 ospf2 267005 266996 ------------------------------------------------------------------------------- No. of BFD sessions: 3 =============================================================================== *A:7210-SAS>show>router>bfd# Page 68 7210 SAS M, X Router Configuration Guide...
  • Page 69 (host bits must be 0) ipv4-prefix-length: 0 — 32 slot-number — Displays FIB entries only matching the specified slot number. Values longer — Displays FIB entries matching the ip-prefix/mask and routes with longer masks. 7210 SAS M, X Router Configuration Guide Page 69...
  • Page 70 The physical network port associated with the IP interface. Sample Output A:ALU-7210# show router interface =============================================================================== Interface Table (Router: Base) =============================================================================== Interface-Name Mode Port/SapId IP-Address PfxState ------------------------------------------------------------------------------- system Network system 72.22.24.169/32 ------------------------------------------------------------------------------- Page 70 7210 SAS M, X Router Configuration Guide...
  • Page 71 True — The IP interface will reply to a received ICMP mask request. Arp Populate Displays whether ARP is enabled or disabled. Sample Output A:SIM7# show router interface tosim6 detail =============================================================================== Interface Table (Router: Base) =============================================================================== Interface 7210 SAS M, X Router Configuration Guide Page 71...
  • Page 72 C-Mcast Import RT : target:10.20.1.3:2 ipmsi : pim-asm 224.1.1.1 admin status : Up three-way-hello : N/A hello-interval : N/A hello-multiplier : 35 * 0.1 tracking support : Disabled Improved Assert : N/A Page 72 7210 SAS M, X Router Configuration Guide...
  • Page 73 Label Description Dest Address The route destination address and mask. Next Hop The next hop IP address for the route destination. Type Local — The route is a local route. 7210 SAS M, X Router Configuration Guide Page 73...
  • Page 74 [ip-addr | ip-int-name | mac ieee-mac-addr] Context show>router Description This command displays the router static ARP table sorted by IP address. If no options are present, all ARP entries are displayed. Page 74 7210 SAS M, X Router Configuration Guide...
  • Page 75 A:ALA-A# show router static-arp 12.200.1.1 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Type Interface ------------------------------------------------------------------------------- 12.200.1.1 00:00:5a:01:00:33 00:00:00 Inv to-ser1 =============================================================================== A:ALA-A# A:ALA-A# show router static-arp to-ser1 =============================================================================== ARP Table =============================================================================== 7210 SAS M, X Router Configuration Guide Page 75...
  • Page 76 Type Nexthop route is black-hole ID — The static route is an indirect route, where the for this nexthop type of route is the non-directly connected next hop. Page 76 7210 SAS M, X Router Configuration Guide...
  • Page 77 Pref Metric Type Nexthop Interface Active ------------------------------------------------------------------------------- 192.168.250.0/24 10.200.10.1 to-ser1 =============================================================================== A:ALA-A# A:ALA-A# show router static-route preference 4 =============================================================================== Route Table =============================================================================== IP Addr/mask Pref Metric Type Nexthop Interface Active ------------------------------------------------------------------------------- 192.168.254.0/24 black-hole 7210 SAS M, X Router Configuration Guide Page 77...
  • Page 78 Yes — Triggered route policy re-evaluation is enabled. Sample Output Note that there are multiple instances of OSPF. OSPF-0 is persistent. OSPF-1 through OSPF-31 are present when that particular OSPF instance is configured. Page 78 7210 SAS M, X Router Configuration Guide...
  • Page 79 Tunnel Table Output — The following table describes tunnel table output fields. Label Description Destination The route’s destination address and mask. Owner Specifies the tunnel owner. Encap Specifies the tunnel’s encapsulation type. 7210 SAS M, X Router Configuration Guide Page 79...
  • Page 80 Pref Nexthop Metric ------------------------------------------------------------------------------- 10.0.0.1/32 0.0.0.1 10.0.0.1/32 10.0.0.1 10.0.0.1/32 10.0.0.1 10.0.0.1/32 10.0.0.1 =============================================================================== A:ALA-A>config>service# A:ALA-A>config>service# show router tunnel-table summary =============================================================================== Tunnel Table Summary (Router: Base) =============================================================================== Active Available ------------------------------------------------------------------------------- =============================================================================== A:ALA-A>config>service# Page 80 7210 SAS M, X Router Configuration Guide...
  • Page 81 — Clears all ARP cache entries for the specified IP interface with the specified IP address. Syntax bfd src-ip ip-address dst-ip ip-address bfd all Context clear>router Description This command enables the context to clear bi-directional forwarding (BFD) sessions and statistics. 7210 SAS M, X Router Configuration Guide Page 81...
  • Page 82 — Specifies the address of the local endpoint of this BFD session. dst-ip ip-address — Specifies the address of the remote endpoint of this BFD session. all — Clears statistics for all BFD sessions. Page 82 7210 SAS M, X Router Configuration Guide...
  • Page 83 Context debug>router Description This command configures debugging for IP. Syntax Context debug>router>ip Description This command configures route table debugging. icmp Syntax [no] icmp Context debug>router>ip Description This command enables ICMP debugging. 7210 SAS M, X Router Configuration Guide Page 83...
  • Page 84 * — udp/tcp wildcard Page 84 7210 SAS M, X Router Configuration Guide...
  • Page 85 (host bits must be 0) ipv4-prefix-length 0 — 32 longer — Specifies the prefix list entry matches any route that matches the specified ip-prefix and pre- fix mask length values greater than the specified mask. 7210 SAS M, X Router Configuration Guide Page 85...
  • Page 86 Debug Commands Page 86 7210 SAS M, X Router Configuration Guide...

  • Page 87: Filter Policies

    Filter Policy Entities on page 89 → Redirect Policies on page 99 → VID Filters on page 104 • Creating and Applying Policies on page 92 • Configuration Notes on page 100 7210 SAS M, X Router Configuration Guide Page 87...

  • Page 88: Filter Policy Configuration Overview

    The process stops when the first complete match is found and executes the action defined in the entry, either to drop or forward packets that match the criteria. Page 88 7210 SAS M, X Router Configuration Guide...

  • Page 89: Filter Policy Entities

    Mode (For 7210 SAS-M devices only) Network port IP interface Network port IP interface Network Epipe Epipe SAP Epipe SAP Access- uplink, Network VPLS VPLS SAP VPLS SAP Access- uplink, Network 7210 SAS M, X Router Configuration Guide Page 89...

  • Page 90: Table 5: Applying Filter Policies

    • Network ingress — IP filter policies are applied to network ingress IP interfaces. • Network egress — IP filter policies are applied to network egress IP interfaces. Page 90 7210 SAS M, X Router Configuration Guide...
  • Page 91 For PBB B-VPLS B-SAPs, the MAC filter matches the inner MAC header fields (that is, the customer MAC DA, SA and VLAN tags) for traffic received on a B-SAP and forwarded out of an I-SAP in the system. 7210 SAS M, X Router Configuration Guide Page 91...

  • Page 92: Creating And Applying Policies

    START SPECIFY SCOPE, DEFAULT ACTION, DESCRIPTION CREATE AN IP OR MAC FILTER (FILTER ID) CREATE FILTER ENTRIES (ENTRY ID) SPECIFY ACTION, PACKET MATCHING CRITERIA CREATE SERVICE ASSOCIATE FILTER ID SAVE CONFIGURATION Page 92 7210 SAS M, X Router Configuration Guide...

  • Page 93: Packet Matching Criteria

    Option present — Enabling the option presence allows the filter to search for presence or absence of IP options in the packet. Padding and EOOL are also considered as IP options. 7210 SAS M, X Router Configuration Guide Page 93...
  • Page 94 The Ethertype accepts decimal, hex, or binary in the range of 1536 to 65535. Note that the 7210 SAS M does not support frame-type “EthernetII” but ether-type is supported as a match field. By default the frame-type is set to “EthernetII in the 7210 SAS M, as compared to 803dot3 in the 7x50.

  • Page 95: Table 6: Dscp Name To Dscp Value Table

    Table 6: DSCP Name to DSCP Value Table DSCP Name Decimal Hexadecimal Binary DSCP Value DSCP Value DSCP Value default af10 af11 af12 cp13 cp14 cp15 cp17 af21 cp19 af22 cp21 af23 cp23 cp25 af31 cp27 af32 cp29 7210 SAS M, X Router Configuration Guide Page 95...
  • Page 96 DSCP Value af33 cp21 cp33 af41 cp35 af42 cp37 af43 cp39 cp41 cp42 cp43 cp44 cp45 cp47 (cs6) cp49 cp50 cp51 cp52 cp53 cp54 cp55 cp56 cp57 (cs7) cp60 cp61 cp62 Page 96 7210 SAS M, X Router Configuration Guide...

  • Page 97: Ordering Filter Entries

    If a packet does not completely match, the packet continues to the next entry, and then subsequent entries. • If a packet does not completely match any subsequent entries, then the default action is performed. 7210 SAS M, X Router Configuration Guide Page 97...

  • Page 98: Figure 2: Filtering Process Example

    Action: Forward REMAINING PACKETS ARE DROPPED PER THE DEFAULT ACTION (DROP) SA: 10.10.10.103, DA: 10.10.10.107 SA: 10.10.10.103, DA: 10.10.10.108 SA: 10.10.10.192, DA: 10.10.10.16 SA: 10.10.10.155, DA: 10.10.10.21 Figure 2: Filtering Process Example Page 98 7210 SAS M, X Router Configuration Guide...

  • Page 99: Applying Filters

    If permitted, the traffic is forwarded. If the packets do not match, they are discarded or forwarded based on the default action specified in the policy. 7210 SAS M, X Router Configuration Guide Page 99...

  • Page 100: Configuration Notes

    Some of the MAC match criteria fields are exclusive to each other, based on the type of Ethernet frame. Use the following table to determine the exclusivity of fields.In the 7210 SAS M, the default frame-format is “EthernetII” Page 100 7210 SAS M, X Router Configuration Guide...

  • Page 101: Table 7: Mac Match Criteria Exclusivity Rules

    Filter Policies Table 7: MAC Match Criteria Exclusivity Rules Frame Format Etype Ethernet – II 802.3 802.3 – snap 7210 SAS M, X Router Configuration Guide Page 101...

  • Page 102: Ip Filters

    • Action — An action parameter must be specified for the entry to be active. Any filter entry without an action parameter specified will be considered incomplete and be inactive. Page 102 7210 SAS M, X Router Configuration Guide...

  • Page 103: Configuring Filter Policies With Cli

    Modifying an IP Filter Policy on page 115 → Detaching/Deleting a Filter Policy on page 118 → Detaching/Deleting a Filter Policy on page 118 → Copying Filter Policies on page 120 7210 SAS M, X Router Configuration Guide Page 103...

  • Page 104: Basic Configuration

    20 create match protocol 6 tcp-syn true tcp-ack false exit action drop exit exit ---------------------------------------------- A:ALA-1>config>filter# Ingress Filter ALA-1 TCP Connection OSRG007 Figure 3: Applying an IP Filter to an Ingress Interface Page 104 7210 SAS M, X Router Configuration Guide...

  • Page 105: Common Configuration Tasks

    At least one filter entry with matching criteria specified IP Filter Policy The following displays an exclusive filter policy configuration example: A:ALA-7>config>filter# info ---------------------------------------------- ip-filter 12 create description "IP-filter" scope exclusive exit ---------------------------------------------- A:ALA-7>config>filter# 7210 SAS M, X Router Configuration Guide Page 105...

  • Page 106: Ip Filter Entry

    The following displays an IP filter entry configuration example. A:ALA-7>config>filter>ip-filter# info ---------------------------------------------- description "filter-main" scope exclusive entry 10 create description "no-91" match exit no action exit exit ---------------------------------------------- A:ALA-7>config>filter>ip-filter# Page 106 7210 SAS M, X Router Configuration Guide...

  • Page 107: Ip Entry Matching Criteria

    The following displays an IP filter matching configuration. *A:ALA-48>config>filter>ip-filter# info ---------------------------------------------- description "filter-mail" scope exclusive entry 10 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward exit ---------------------------------------------- *A:ALA-48>config>filter>ip-filter# 7210 SAS M, X Router Configuration Guide Page 107...

  • Page 108: Creating A Mac Filter Policy

    At least one filter entry. • Matching criteria specified. MAC Filter Policy The following displays an MAC filter policy configuration example: A:ALA-7>config>filter# info ---------------------------------------------- mac-filter 90 create description "filter-west" scope exclusive exit ---------------------------------------------- A:ALA-7>config>filter# Page 108 7210 SAS M, X Router Configuration Guide...

  • Page 109: Mac Filter Entry

    Specify matching criteria. The following displays a MAC filter entry configuration example: A:sim1>config>filter# info ---------------------------------------------- mac-filter 90 create entry 1 create description "allow-104" match exit action drop exit exit ---------------------------------------------- A:sim1>config>filter# 7210 SAS M, X Router Configuration Guide Page 109...

  • Page 110: Mac Entry Matching Criteria

    The following displays a filter matching configuration example. A;ALA-7>config>filter>mac-filter# info ---------------------------------------------- description "filter-west" scope exclusive entry 1 create description "allow-104" match src-mac 00:dc:98:1d:00:00 ff:ff:ff:ff:ff:ff dst-mac 02:dc:98:1d:00:01 ff:ff:ff:ff:ff:ff exit action drop exit ---------------------------------------------- A:ALA-7>config>filter# Page 110 7210 SAS M, X Router Configuration Guide...

  • Page 111: Apply Ip And Mac Filter Policies

    The following output displays IP and MAC filters assigned to an ingress and egress SAP: A:ALA-48>config>service>epipe# info ---------------------------------------------- sap 1/1/1.1.1 create ingress filter ip 10 exit egress filter mac 92 exit exit no shutdown ---------------------------------------------- A:ALA-48>config>service>epipe# 7210 SAS M, X Router Configuration Guide Page 111...

  • Page 112: Apply Filter Policies To A Network Ip Interface

    The following displays an IP filter applied to an interface at ingress. A:ALA-48>config>router# info #------------------------------------------ # IP Configuration #------------------------------------------ interface "to-104" address 10.0.0.103/24 port 1/1/1 ingress filter ip 10 exit egress filter ip 10 exit exit #------------------------------------------ A:ALA-48>config>router# Page 112 7210 SAS M, X Router Configuration Guide...

  • Page 113: Filter Management Tasks

    Use the following CLI syntax to renumber existing MAC or IP filter entries to re-sequence filter entries: CLI Syntax: config>filter ip-filter filter-id renum old-entry-number new-entry-number mac-filter filter-id renum old-entry-number new-entry-number Example config>filter>ip-filter# renum 10 15 config>filter>ip-filter# renum 20 10 config>filter>ip-filter# renum 40 1 7210 SAS M, X Router Configuration Guide Page 113...
  • Page 114 40 create entry 30 create match match dst-ip 10.10.10.91/24 dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 src-ip 10.10.0.200/24 exit exit action drop action forward exit exit exit exit ---------------------------------------------- ---------------------------------------------- A:ALA-7>config>filter# A:ALA-7>config>filter# Page 114 7210 SAS M, X Router Configuration Guide...

  • Page 115: Modifying An Ip Filter Policy

    10 create match dst-ip 10.10.10.91/24 src-ip 10.10.0.100/24 exit action drop exit entry 15 create description "no-91" match dst-ip 10.10.10.91/24 src-ip 10.10.10.103/24 exit action forward exit entry 30 create match 7210 SAS M, X Router Configuration Guide Page 115...
  • Page 116 Common Configuration Tasks dst-ip 10.10.10.91/24 src-ip 10.10.0.200/24 exit action forward exit exit ---------------------------------------------- A:ALA-7>config>filter# Page 116 7210 SAS M, X Router Configuration Guide...

  • Page 117: Modifying A Mac Filter Policy

    1 create description "New entry info" match src-mac 00:dc:98:1d:00:00 ff:ff:ff:ff:ff:ff dst-mac 02:dc:98:1d:00:01 ff:ff:ff:ff:ff:ff exit action forward exit entry 2 create match dot1p 7 7 exit action drop exit exit ---------------------------------------------- A:ALA-7>config>filter# 7210 SAS M, X Router Configuration Guide Page 117...

  • Page 118: Detaching/Deleting A Filter Policy

    To remove a filter from an egress SAP, enter the following CLI commands: CLI Syntax: config>service# [epipe | vpls] service-id sap port-id[:encap-val] egress no filter Example config>service# epipe 5 config>service>epipe# sap 1/1/2:3 config>service>epipe>sap# egress config>service>epipe>sap>egress# no filter Page 118 7210 SAS M, X Router Configuration Guide...

  • Page 119: From A Network Interface

    After you have removed the filter from the SAP, use the following CLI syntax to delete the filter. CLI Syntax: config>filter# no ip-filter filter-id CLI Syntax: config>filter# no mac-filter filter-id Example config>filter# no ip-filter 11 config>filter# no mac-filter 7210 SAS M, X Router Configuration Guide Page 119...

  • Page 120: Copying Filter Policies

    2 create ip-filter 12 create description "This is new" scope exclusive entry 1 create match dst-ip 10.10.10.91/24 src-ip 10.10.10.106/24 exit action drop exit entry 2 create ---------------------------------------------- A:ALA-7>config>filter# Page 120 7210 SAS M, X Router Configuration Guide...

  • Page 121: Filter Command Reference

    — dst-port {eq} dst-port-number — dst-port range — no dst-port — fragment {true | false} — no fragment — icmp-code icmp-code — no icmp-code — icmp-type icmp-type — no icmp-type 7210 SAS M, X Router Configuration Guide Page 121...

  • Page 122: Mac-Filter Filter-Id

    [ieee-address-mask] — no dst-mac — etype 0x0600..0xffff — no etype — src-mac ieee-address [ieee-address-mask] — no src-mac — renum old-entry-id new-entry-id — scope {exclusive | template} — no scope Page 122 7210 SAS M, X Router Configuration Guide...

  • Page 123: Monitor Commands

    [interval seconds] [repeat repeat] [absolute | rate] — filterip ip-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] — mac-filter-id entry entry-id [interval seconds] [repeat repeat] [absolute | rate] 7210 SAS M, X Router Configuration Guide Page 123...
  • Page 124 Filter Command Reference Page 124 7210 SAS M, X Router Configuration Guide...

  • Page 125: Configuration Commands

    — The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. 7210 SAS M, X Router Configuration Guide Page 125...

  • Page 126: Global Filter Commands

    That work-in-progress policy can be modified until complete and then written over the original filter Page 126 7210 SAS M, X Router Configuration Guide...
  • Page 127 — The MAC filter policy ID number. Values 1 — 65535 create — Keyword required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword. 7210 SAS M, X Router Configuration Guide Page 127...

  • Page 128: Filter Policy Commands

    If the policy is removed from the entity, it will become available for assignment to another entity. template — When the scope of a policy is defined as template, the policy can be applied to multiple SAPs or network IP interfaces. Page 128 7210 SAS M, X Router Configuration Guide...

  • Page 129: General Filter Entry Commands

    32 characters in length. The time-range name must already exist in the config>cron context. create — Keyword required when first creating the configuration context. Once the context is created, one can navigate into the context without the create keyword. 7210 SAS M, X Router Configuration Guide Page 129...

  • Page 130: Ip Filter Entry Commands

    — The protocol keyword configures an IP protocol to be used as an IP filter match criterion. The protocol type such as TCP or UDP is identified by its respective protocol number. Page 130 7210 SAS M, X Router Configuration Guide...
  • Page 131 Protocol Independent Multicast vrrp Virtual Router Redundancy Protocol l2tp Layer Two Tunneling Protocol Spanning Tree Protocol Performance Transparency Protocol isis ISIS over IPv4 crtp Combat Radio Transport Protocol crudp Combat Radio User Datagram 7210 SAS M, X Router Configuration Guide Page 131...

  • Page 132: Mac Filter Entry Commands

    A match context may consist of multiple match criteria, but multiple match statements cannot be entered per entry. The no form of the command removes the match criteria for the entry-id. Page 132 7210 SAS M, X Router Configuration Guide...
  • Page 133 Filter Policies Parameters frame-type keyword — The frame-type keyword configures an Ethernet frame type to be used for the MAC filter match criteria. Default ethernet_II 7210 SAS M, X Router Configuration Guide Page 133...

  • Page 134: Ip Filter Match Criteria

    0.0.0.0 — 255.255.255.255 mask — The subnet mask length expressed as a decimal integer. Values 0 — 32 netmask — Any mask epressed in dotted quad notation. Values 0.0.0.0 — 255.255.255.255 Page 134 7210 SAS M, X Router Configuration Guide...
  • Page 135 — Configures a match on all non-fragmented IP packets. Non-fragmented IP packets are packets that have the MF bit set to zero and have the Fragment Offset field also set to zero. icmp-code Syntax icmp-code icmp-code no icmp-code Context config>filter>ip-filter>entry>match 7210 SAS M, X Router Configuration Guide Page 135...
  • Page 136 — Specifies matching on all IP packets that contain the option field in the header. A match will occur for all packets that have the option field present. An option field of zero is considered as no option present. Page 136 7210 SAS M, X Router Configuration Guide...
  • Page 137 The eq keyword specifies that src-port-number must be an exact match. src-port-number — The source port number to be used as a match criteria expressed as a decimal integer. Values 0 — 65535 7210 SAS M, X Router Configuration Guide Page 137...
  • Page 138 — Specifies matching on IP packets that have the SYN bit set in the control bits of the TCP header. false — Specifies matching on IP packets that do not have the SYN bit set in the control bits of the TCP header. Page 138 7210 SAS M, X Router Configuration Guide...

  • Page 139: Mac Filter Match Criteria

    To select a range from 4 up to 7 specify p-value of 4 and a mask of 0b100 for value and mask. Default 7 (decimal) Values 1 — 7 (decimal) Values 7210 SAS M, X Router Configuration Guide Page 139...
  • Page 140 Table 8, MAC Match Criteria Exclusivity Rules, on page 122 describes fields that are exclusive based on the frame format. The no form of the command removes the previously entered etype field as the match criteria. Page 140 7210 SAS M, X Router Configuration Guide...
  • Page 141 To configure so that all packets with a source MAC OUI value of 00-03-FA are subject to a match condition then the entry should be specified as: 003FA000000 0xFFFFFF000000 Default 0xFFFFFFFFFFFF (exact match) Values 0x00000000000000 — 0xFFFFFFFFFFFF 7210 SAS M, X Router Configuration Guide Page 141...

  • Page 142: Policy And Entry Maintenance Commands

    This requires that entries be sequenced correctly from most to least explicit. Parameters old-entry-id — Enter the entry number of an existing entry. Values 1 — 65535 Page 142 7210 SAS M, X Router Configuration Guide...
  • Page 143 Filter Policies new-entry-id — Enter the new entry-number to be assigned to the old entry. Values 1 — 65535 7210 SAS M, X Router Configuration Guide Page 143...
  • Page 144 Configuration Commands Page 144 7210 SAS M, X Router Configuration Guide...
  • Page 145 — Displays detailed information for the specified filter ID and its filter entries. Values 1 — 65535 entry entry-id — Displays information on the specified filter entry ID for the specified filter ID only. Values 1 — 65535 7210 SAS M, X Router Configuration Guide Page 145...
  • Page 146 *A:Dut-C>config>filter# show filter ip =============================================================================== IP Filters Total: =============================================================================== Filter-Id Scope Applied Description ------------------------------------------------------------------------------- 10001 Template Yes fSpec-1 Template Yes BGP FlowSpec filter for the Base router ------------------------------------------------------------------------------- Num IP filters: 2 =============================================================================== Page 146 7210 SAS M, X Router Configuration Guide...
  • Page 147 If the filter entry ID indicates the entry is , the filter entry is incomplete, no action was specified. Inactive Drop packets matching the filter entry. Drop — 7210 SAS M, X Router Configuration Guide Page 147...
  • Page 148 : Undefined ICMP Code : Undefined TCP-syn : Off TCP-ack : Off Match action : Drop Ing. Matches : 0 Egr. Matches =============================================================================== A:ALA-49>config>filter# *A:Dut-C>config>filter# show filter ip fSpec-1 associations =============================================================================== Page 148 7210 SAS M, X Router Configuration Guide...
  • Page 149 : Undefined Fragment : Off Option-present : Off Sampling : Off Int. Sampling : On IP-Option : 0/0 Multiple Option: Off TCP-syn : Off TCP-ack : Off Match action : Drop 7210 SAS M, X Router Configuration Guide Page 149...
  • Page 150 ICMP Type : Undefined ICMP Code : Undefined Fragment : Off Option-present : Off TCP-syn : Off TCP-ack : Off Match action : Forward Ing. Matches : 0 Egr. Matches =============================================================================== A:ALA-49# Page 150 7210 SAS M, X Router Configuration Guide...
  • Page 151 Entries ------------------------------------------------------------------------------- Filter Association : IP ------------------------------------------------------------------------------- Service Id : 1001 Type : VPLS - SAP 1/1/1:1001 (Ingress) Service Id : 2000 Type : Epipe - SAP 1/1/1:2000 (Ingress) =============================================================================== A:ALA-49# 7210 SAS M, X Router Configuration Guide Page 151...
  • Page 152 The number of egress filter matches/hits for the filter entry. Note that egress counters count the packets without Layer 2 encapsula- tion. Ingress counters count the packets with Layer 2 encapsulation. Page 152 7210 SAS M, X Router Configuration Guide...
  • Page 153 The filter ID filter entry ID. If the filter entry ID indicates the entry is Entry , then the filter entry is incomplete as no action has been (Inactive) specified. The filter entry description. Description 7210 SAS M, X Router Configuration Guide Page 153...
  • Page 154 : Ethernet Description : Not Available Src Mac : 00:00:00:00:00:00 00:00:00:00:00:00 Dest Mac : 00:00:00:00:00:00 00:00:00:00:00:00 Dot1p : Undefined Ethertype : Ethernet Match action : Default Ing. Matches Egr. Matches =============================================================================== Page 154 7210 SAS M, X Router Configuration Guide...
  • Page 155 The MAC filter policy ID. Mac Filter Filter Id The filter policy is of type Template. Scope Template — The filter policy is of type Exclusive. Exclusive — The MAC filter policy description. Description 7210 SAS M, X Router Configuration Guide Page 155...
  • Page 156 Filter Match Criteria : Mac ------------------------------------------------------------------------------- Entry FrameType : Ethernet Ing. Matches: 80 pkts Egr. Matches: 62 pkts Entry : 10 FrameType : Ethernet Ing. Matches: 80 pkts Egr. Matches: 80 pkts Page 156 7210 SAS M, X Router Configuration Guide...
  • Page 157 — The filter log ID destination expressed as a decimal integer. Values 1 — 100 Syntax mac mac-filter-id [entry entry-id] [ingress | egress] Context clear>filter Clears the counters associated with the MAC filter policy. 7210 SAS M, X Router Configuration Guide Page 157...
  • Page 158 — Specifies that only the counters associated with the specified filter policy entry will be cleared. Values 1 — 65535 ingress — Specifies to only clear the ingress counters. egress — Specifies to only clear the egress counters. Page 158 7210 SAS M, X Router Configuration Guide...
  • Page 159 — The MAC filter policy ID. Values 1 — 65535 entry-id — Specifies that only the counters associated with the specified filter policy entry will be cleared. Values 1 — 65535 7210 SAS M, X Router Configuration Guide Page 159...
  • Page 160 — When the absolute keyword is specified, the raw statistics are displayed, without pro- cessing. No calculations are performed on the delta or rate statistics. rate — When the rate keyword is specified, the rate-per-second for each statistic is displayed instead of the delta. Page 160 7210 SAS M, X Router Configuration Guide...

  • Page 161: Common Cli Command Descriptions

    Common CLI Command Descriptions In This Chapter This section provides information about common Command Line Interface (CLI) syntax and command usage. Topics in this chapter include: • SAP syntax on page 162 7210 SAS M, X Router Configuration Guide Page 161...

  • Page 162: Common Service Commands

    The SAP is identified by the port. Ethernet Dot1q 0 — 4094 The SAP is identified by the 802.1Q tag on the port. Note that a 0 qtag1 value also accepts untagged packets on the dot1q port. Page 162 7210 SAS M, X Router Configuration Guide...

  • Page 163: Standards And Protocol Support

    Standards and Protocol Support Standards Compliance RFC 4360 BGP Extended Communities RFC 2463 Internet Control Message Attribute Protocol (ICMPv6) for the Internet IEEE 802.1ab-REV/D3 Station and Protocol Version 6 Specification RFC 4364 BGP/MPLS IP Virtual Private Media Access Control Connectivity Networks (VPNs)(previously RFC RFC 2464 Transmission of IPv6 Packets Discovery...

  • Page 164: Standards And Protocols

    Standards and Protocols RFC 4182 Removing a Restriction on the RFC 3273 HCRMON-MI RFC 3916 Requirements for Pseudo- use of MPLS Explicit NULL Wire Emulation Edge-to-Edge RFC 3411 An Architecture for (PWE3) draft-ietf-mpls-lsr-mib-06.txt Describing Simple Network Management Protocol (SNMP) RFC 4448 Encapsulation Methods for draft-ietf-mpls-te-mib-04.txt Management Frameworks Transport of Ethernet over MPLS...
  • Page 165 Standards and Protocols RFC 1812 Requirements for IPv4 TIMETRA-MIRROR-MIB.mib Routers TIMETRA-NTP-MIB.mib RFC 2347 TFTP option Extension TIMETRA-OAM-TEST-MIB.mib RFC 2328 TFTP Blocksize Option TIMETRA-PORT-MIB.mib RFC 2349 TFTP Timeout Interval and TIMETRA-QOS-MIB.mib Transfer Size option TIMETRA-SAS-ALARM-INPUT- MIB.mib Timing TIMETRA-SAS-IEEE8021-CFM- ITU-T G.781 Telecommunication MIB.mib Standardization Section of ITU, TIMETRA-SAS-GLOBAL-MIB.mib...
  • Page 166 Standards and Protocols Page 166 Standards and Protocols...

  • Page 167: Index

    IP Router overview autonomous systems interfaces network system Router ID configuring autonomous systems basic command reference interfaces network interface overview router ID service management tasks 7210 SAS M, X Router Configuration Guide Page 167...
  • Page 168 7210 SAS M, X Router Configuration Guide Page 168...

Table of Contents