HP ProCurve Secure 7102dl Manuals

Manuals and User Guides for HP ProCurve Secure 7102dl. We have 3 HP ProCurve Secure 7102dl manuals available for free PDF download: Reference Manual, Configuration Manual, Advanced Management And Configuration Manual

HP ProCurve Secure 7102dl Reference Manual

HP ProCurve Secure 7102dl Reference Manual (1455 pages)

Secure Router SROS Command Line Interface  
Brand: HP | Category: Network Router | Size: 4.62 MB
Table of contents
Table Of Contents5................................................................................................................................................................
Understanding Cli Error Messages11................................................................................................................................................................
Basic Mode Command Set14................................................................................................................................................................
Show Clock17................................................................................................................................................................
Enable Mode Command Set22................................................................................................................................................................
Clear Crypto Ipsec Sa35................................................................................................................................................................
Debug Arp84................................................................................................................................................................
Debug Backup88................................................................................................................................................................
Debug Ip Ospf114................................................................................................................................................................
Debug Ip Policy123................................................................................................................................................................
Debug Ip Udp128................................................................................................................................................................
Debug Radius139................................................................................................................................................................
Debug Sntp142................................................................................................................................................................
Show Configuration170................................................................................................................................................................
Show Debugging179................................................................................................................................................................
Show Ip Bgp Neighbors205................................................................................................................................................................
Show Ip Bgp Summary210................................................................................................................................................................
Show Ip Ospf221................................................................................................................................................................
Show Ip Ospf Database222................................................................................................................................................................
Show Ip Protocols239................................................................................................................................................................
Show Lldp248................................................................................................................................................................
Show Pppoe257................................................................................................................................................................
Show Processes259................................................................................................................................................................
Show Qos Map260................................................................................................................................................................
Show Radius Statistics265................................................................................................................................................................
Show Sntp277................................................................................................................................................................
Show System282................................................................................................................................................................
Show Track289................................................................................................................................................................
Undebug All298................................................................................................................................................................
Global Configuration Mode Command Set301................................................................................................................................................................
Aaa Accounting Exec308................................................................................................................................................................
Aaa Accounting Update311................................................................................................................................................................
Aaa Authentication312................................................................................................................................................................
Aaa Authentication Login316................................................................................................................................................................
Aaa Authorization318................................................................................................................................................................
Aaa Authorization Exec320................................................................................................................................................................
Aaa Group Server322................................................................................................................................................................
Crypto Map353................................................................................................................................................................
Administrative Distance440................................................................................................................................................................
Logging Console469................................................................................................................................................................
Router Ospf494................................................................................................................................................................
Router Rip496................................................................................................................................................................
Sntp Server520................................................................................................................................................................
Line (console) Interface Config Command Set536................................................................................................................................................................
Authorization Exec541................................................................................................................................................................
Line (telnet) Interface Config Command Set552................................................................................................................................................................
Line (ssh) Interface Config Command Set563................................................................................................................................................................
Adsl Interface Config Command Set572................................................................................................................................................................
Bri Interface Configuration Command Set577................................................................................................................................................................
Dsx-1 Interface Configuration Command Set593................................................................................................................................................................
E1 Interface Configuration Command Set603................................................................................................................................................................
Ethernet Interface Configuration Command Set618................................................................................................................................................................
G.703 Interface Configuration Command Set680................................................................................................................................................................
Serial Interface Configuration Command Set687................................................................................................................................................................
Invert Txclock692................................................................................................................................................................
Modem Interface Configuration Command Set696................................................................................................................................................................
T1 Interface Configuration Command Set701................................................................................................................................................................
Atm Interface Config Command Set716................................................................................................................................................................
Atm Sub-interface Config Command Set719................................................................................................................................................................
Bvi Interface Config Command Set788................................................................................................................................................................
Demand Interface Configuration Command Set819................................................................................................................................................................
Frame Relay Interface Config Command Set879................................................................................................................................................................
Frame Relay Sub-interface Config Command Set900................................................................................................................................................................
Hdlc Command Set971................................................................................................................................................................
Loopback Interface Configuration Command Set1033................................................................................................................................................................
Ppp Interface Configuration Command Set1068................................................................................................................................................................
Ppp Multilink1138................................................................................................................................................................
Tunnel Configuration Command Set1146................................................................................................................................................................
Tunnel Checksum1200................................................................................................................................................................
Tunnel Mode Gre1203................................................................................................................................................................
Isdn Group Config Command Set1206................................................................................................................................................................
Ca Profile Configuration Command Set1214................................................................................................................................................................
Certificate Configuration Command Set1225................................................................................................................................................................
Crypto Map Ike Command Set1229................................................................................................................................................................
Crypto Map Manual Command Set1241................................................................................................................................................................
Ike Client Command Set1252................................................................................................................................................................
Ike Policy Attributes Command Set1256................................................................................................................................................................
Ike Policy Command Set1262................................................................................................................................................................
As Path List Command Set1273................................................................................................................................................................
Route Map Command Set1276................................................................................................................................................................
Bgp Configuration Command Set1302................................................................................................................................................................
Bgp Neighbor Configuration Command Set1315................................................................................................................................................................
Community List Command Set1329................................................................................................................................................................
Network Monitor Probe Command Set1332................................................................................................................................................................
Network Monitor Track Configuration Command Set1349................................................................................................................................................................
Router (ospf) Configuration Command Set1362................................................................................................................................................................
Router (pim Sparse) Configuration Command Set1377................................................................................................................................................................
Router (rip) Configuration Command Set1381................................................................................................................................................................
Quality Of Service (qos) Map Commands1393................................................................................................................................................................
Set Dscp1405................................................................................................................................................................
Dhcp Pool Command Set1408................................................................................................................................................................
Radius Group Command Set1427................................................................................................................................................................
Tacacs+ Group Configuration Command Set1429................................................................................................................................................................
Common Commands1431................................................................................................................................................................
Index1445................................................................................................................................................................

Advertisement

HP ProCurve Secure 7102dl Configuration Manual

HP ProCurve Secure 7102dl Configuration Manual (1114 pages)

Owners Manual  
Brand: HP | Category: Network Router | Size: 9.85 MB
Table of contents
Procurve Secure Router3................................................................................................................................................................
Table Of Contents5................................................................................................................................................................
Configuring Backup Wan Connections7................................................................................................................................................................
Procurve Secure Router Os Firewall—protecting The Internal, Trusted Network11................................................................................................................................................................
Applying Access Control To Router Interfaces12................................................................................................................................................................
Inbound Interface Has An Acp; Outbound Interface13................................................................................................................................................................
Inbound Interface Does Not Have An Acp; Outbound13................................................................................................................................................................
Configuring Network Address Translation14................................................................................................................................................................
Content Filtering15................................................................................................................................................................
Setting Up Quality Of Service16................................................................................................................................................................
Enabling Application-level Gateways For Applications18................................................................................................................................................................
Network Monitoring18................................................................................................................................................................
Associating A Track With A Default Route Received With19................................................................................................................................................................
Virtual Private Networks20................................................................................................................................................................
Determining The Source Of The Problem: Permitting22................................................................................................................................................................
Building Rp And Sp Trees When The Source Begins25................................................................................................................................................................
Link Layer Discovery Protocol26................................................................................................................................................................
Ip Routing—configuring Rip, Ospf, Bgp, And Pbr27................................................................................................................................................................
Dynamic Routing Protocols Supported On The Procurve27................................................................................................................................................................
Speeding Convergence: Split Horizon, Poison Reverse27................................................................................................................................................................
Configuring A Passive Interface: Prohibiting An Interface27................................................................................................................................................................
Route Summarization (abrs): Advertising A Link To28................................................................................................................................................................
Other Routers Not Receiving Routes To The Local31................................................................................................................................................................
Configuring Policies To Control Management Access To The33................................................................................................................................................................
Using This Guide37................................................................................................................................................................
Understanding Command Syntax Statements38................................................................................................................................................................
Cli Prompt Convention38................................................................................................................................................................
Ip Address Convention39................................................................................................................................................................
Interface Numbering Convention39................................................................................................................................................................
Quick Start Sections40................................................................................................................................................................
Obtaining Additional Information40................................................................................................................................................................
Downloading Software Updates41................................................................................................................................................................
Interface Management Options43................................................................................................................................................................
Web Browser Interface43................................................................................................................................................................
Accessing The Web Browser Interface44................................................................................................................................................................
Using The Procurve Web Browser Interface45................................................................................................................................................................
Cli Tools47................................................................................................................................................................
Help Tools47................................................................................................................................................................
Cli Help Commands47................................................................................................................................................................
Editing Commands48................................................................................................................................................................
Basic Commands49................................................................................................................................................................
Exit49................................................................................................................................................................
File Management Commands50................................................................................................................................................................
Copy50................................................................................................................................................................
Erase53................................................................................................................................................................
Write53................................................................................................................................................................
Autosynch53................................................................................................................................................................
Troubleshooting Commands54................................................................................................................................................................
Reload In54................................................................................................................................................................
Show55................................................................................................................................................................
Show Tech55................................................................................................................................................................
Safe-mode56................................................................................................................................................................
Managing Configuration Files Using A Text Editor59................................................................................................................................................................
Using Error Messages To Repair A Configuration59................................................................................................................................................................
Quick Start62................................................................................................................................................................
Accessing The Secure Router Os62................................................................................................................................................................
Configuring The Enable Mode Password63................................................................................................................................................................
Configuring The Ethernet Interface63................................................................................................................................................................
Configuring Telnet Access64................................................................................................................................................................
Configuring Ssh Access64................................................................................................................................................................
Configuring Http Access65................................................................................................................................................................
Contents67................................................................................................................................................................
Overview68................................................................................................................................................................
Configuring Mlppp70................................................................................................................................................................
Mlppp71................................................................................................................................................................
Lcp Options71................................................................................................................................................................
Mlppp Header72................................................................................................................................................................
Mlppp Configuration Concerns72................................................................................................................................................................
Enabling Mlppp72................................................................................................................................................................
Binding Multiple Carrier Lines To A Ppp Interface73................................................................................................................................................................
Configuring Mlfr74................................................................................................................................................................
Enabling Mlfr75................................................................................................................................................................
Binding Multiple Carrier Lines To A Frame Relay Interface76................................................................................................................................................................
Configuring The Bundle Id77................................................................................................................................................................
Troubleshooting Multilinks78................................................................................................................................................................
Standard Procedure78................................................................................................................................................................
Physical Layer78................................................................................................................................................................
Data Link Layer78................................................................................................................................................................
Troubleshooting Mlppp81................................................................................................................................................................
Mrru81................................................................................................................................................................
Troubleshooting Mlfr82................................................................................................................................................................
Mlppp Configuration86................................................................................................................................................................
Mlfr Configuration87................................................................................................................................................................
Backing Up Primary Wan Connections93................................................................................................................................................................
Analog Backup Connections93................................................................................................................................................................
Isdn-backup Connections94................................................................................................................................................................
Bri Isdn95................................................................................................................................................................
Electrical Specifications For Bri Isdn97................................................................................................................................................................
Backup Modules For The Procurve Secure Router97................................................................................................................................................................
Standards98................................................................................................................................................................
Data Link Layer Protocols99................................................................................................................................................................
Determining A Backup Method99................................................................................................................................................................
Using Demand Routing For Backup Connections100................................................................................................................................................................
Using Persistent Backup Connections102................................................................................................................................................................
Connections102................................................................................................................................................................
Configuring Demand Routing For Backup Connections106................................................................................................................................................................
Define The Traffic That Triggers The Connection106................................................................................................................................................................
Specifying A Protocol107................................................................................................................................................................
Defining The Source And Destination Addresses107................................................................................................................................................................
Configuring The Demand Interface108................................................................................................................................................................
Creating The Demand Interface110................................................................................................................................................................
Configuring An Ip Address110................................................................................................................................................................
Matching The Interesting Traffic112................................................................................................................................................................
Specifying The Connect-mode Option115................................................................................................................................................................
Associating A Resource Pool With The Demand Interface116................................................................................................................................................................
Defining A Connect Sequence116................................................................................................................................................................
Specify The Order In Which Connect Sequences Are Used118................................................................................................................................................................
Configure The Number Of Connect Sequence Attempts118................................................................................................................................................................
Configure The Connect-sequence Interface-recovery Option119................................................................................................................................................................
Work121................................................................................................................................................................
Configuring The Idle-timeout Option124................................................................................................................................................................
Configuring The Fast-idle Option124................................................................................................................................................................
Defining The Caller-number125................................................................................................................................................................
Defining The Called-number125................................................................................................................................................................
Configuring The Hold Queue125................................................................................................................................................................
Configuring The Bri Or Modem Interface126................................................................................................................................................................
Accessing The Bri Or Modem Interface127................................................................................................................................................................
Configuring The Isdn Signaling (switch) Type127................................................................................................................................................................
Configuring An Ldn For Isdn Bri S/t Modules128................................................................................................................................................................
Configuring A Spid And Ldn For Isdn Bri U Modules129................................................................................................................................................................
Setting The Country For The Modem Interface129................................................................................................................................................................
Assigning Bri Or Modem Interface To The Resource Pool130................................................................................................................................................................
Activating The Interface130................................................................................................................................................................
Caller Id Options For Isdn Bri Backup Modules (optional)131................................................................................................................................................................
Configuring A Floating Static Route For The Demand Interface131................................................................................................................................................................
Configuring Ppp Authentication For An Isdn Connection132................................................................................................................................................................
Enabling Ppp Authentication For All Demand Interfaces133................................................................................................................................................................
Configuring Pap Authentication For A Demand Interface133................................................................................................................................................................
Configuring Chap Authentication For A Demand Interface133................................................................................................................................................................
Receive134................................................................................................................................................................
A Backup Connection134................................................................................................................................................................
Configuring Peer Ip Address135................................................................................................................................................................
Setting The Mtu For Demand Interfaces136................................................................................................................................................................
Configuring A Persistent Backup Connection137................................................................................................................................................................
Connection137................................................................................................................................................................
Configuring A Bri Interface (isdn Only)137................................................................................................................................................................
Configuring The Physical Interface For A Persistent Backup137................................................................................................................................................................
Configuring A Modem Interface (analog Only)141................................................................................................................................................................
Using The Modem For Console Dial-in143................................................................................................................................................................
Replacing Incoming Caller Id For Bri And Modem Interfaces143................................................................................................................................................................
Configuring A Logical Interface For A Persistent Backup144................................................................................................................................................................
Creating A Backup Ppp Interface145................................................................................................................................................................
Setting An Ip Address146................................................................................................................................................................
Enabling Ppp Authentication146................................................................................................................................................................
Accessing The Primary Connection's Logical Interface148................................................................................................................................................................
Configuring Persistent Backup Settings For A Primary148................................................................................................................................................................
Setting The Backup Call Mode149................................................................................................................................................................
Adding A Number To A Backup Dial List153................................................................................................................................................................
Established154................................................................................................................................................................
Setting Backup Timers156................................................................................................................................................................
Configuring A Floating Static Route For A Persistent Backup157................................................................................................................................................................
Configuring Persistent Backup For Multiple Connections159................................................................................................................................................................
Troubleshooting Problems160................................................................................................................................................................
Interfaces161................................................................................................................................................................
Viewing The Status And Configuration Of Backup Interfaces161................................................................................................................................................................
Viewing The Status Of The Demand Interface165................................................................................................................................................................
Interface167................................................................................................................................................................
Viewing Demand Sessions168................................................................................................................................................................
Viewing The Resource Pool168................................................................................................................................................................
Show The Running-config For The Demand Interface169................................................................................................................................................................
Troubleshooting Demand Routing169................................................................................................................................................................
Checking The Demand Interface169................................................................................................................................................................
Checking The Acl That Defines The Interesting Traffic170................................................................................................................................................................
Troubleshooting The Backup Connection171................................................................................................................................................................
Test Calls For Isdn Lines173................................................................................................................................................................
And Troubleshooting Problems174................................................................................................................................................................
Viewing Backup Settings175................................................................................................................................................................
Viewing The Backup Ppp Interface177................................................................................................................................................................
Monitoring The Dial-up Process177................................................................................................................................................................
Troubleshooting Persistent Backup Connections179................................................................................................................................................................
Standard Procedures179................................................................................................................................................................
Module196................................................................................................................................................................
Backing Up A Connection With An Analog Module198................................................................................................................................................................
Advantages Of An Integrated Firewall203................................................................................................................................................................
Stateful-inspection Firewalls204................................................................................................................................................................
Packet-filtering Firewall204................................................................................................................................................................
Circuit-level Gateway206................................................................................................................................................................
Application-level Gateway207................................................................................................................................................................
Attack Checking209................................................................................................................................................................
Syn-flood Attacks210................................................................................................................................................................
Winnuke Attacks211................................................................................................................................................................
Reflexive Traffic212................................................................................................................................................................
Event Logging212................................................................................................................................................................
Configuring Attack Checking214................................................................................................................................................................
Enabling The Secure Router Os Firewall214................................................................................................................................................................
Enabling And Disabling Optional Attack Checks215................................................................................................................................................................
Checking Reflexive Traffic216................................................................................................................................................................
Configuring Stealth Mode217................................................................................................................................................................
Configuring Algs218................................................................................................................................................................
Enabling The Ftp Alg219................................................................................................................................................................
Enabling The H.323 Alg For Voice And Videoconferencing219................................................................................................................................................................
Enabling The Sip Alg For Voice Over Ip219................................................................................................................................................................
Enabling The Pptp Alg For Vpns220................................................................................................................................................................
Enabling Firewall Traversal220................................................................................................................................................................
Configuring Timeouts For Sessions221................................................................................................................................................................
Setting The Timeout For A Protocol221................................................................................................................................................................
Setting Timeouts For Specific Tcp And Udp Applications222................................................................................................................................................................
Configuring Logging224................................................................................................................................................................
Specifying The Priority Level For Logged Events224................................................................................................................................................................
Specifying How Many Attacks Generate A Log226................................................................................................................................................................
Specifying How Many Policy Matches Generate A Log227................................................................................................................................................................
Forwarding Logs To A Syslog Server227................................................................................................................................................................
Forwarding Logs To An Email Address229................................................................................................................................................................
Access Control For Interfaces On The Procurve Secure Router235................................................................................................................................................................
Access Control Mechanisms236................................................................................................................................................................
Configure Acls238................................................................................................................................................................
Acl Entries238................................................................................................................................................................
Using Acls Alone To Configure Access Control238................................................................................................................................................................
Types Of Acls239................................................................................................................................................................
Creating An Acl241................................................................................................................................................................
Creating A Standard Acl241................................................................................................................................................................
Creating An Extended Acl243................................................................................................................................................................
Entry Order248................................................................................................................................................................
Adding A Descriptive Tag To An Acl249................................................................................................................................................................
Editing An Existing Acl250................................................................................................................................................................
Deleting An Existing Acl250................................................................................................................................................................
Applying The Acl To An Interface251................................................................................................................................................................
Selecting The Packet And Controlling The Action252................................................................................................................................................................
Controlling Ftp, Http, And Telnet Access To The Router253................................................................................................................................................................
Restricting Ftp Access254................................................................................................................................................................
Restricting Http Access254................................................................................................................................................................
Restricting Telnet Access255................................................................................................................................................................
Examples Of Applying Acls255................................................................................................................................................................
Enable The Firewall258................................................................................................................................................................
Using Acps To Control Access To Router Interfaces258................................................................................................................................................................
Configure Acps267................................................................................................................................................................
Action267................................................................................................................................................................
Selector268................................................................................................................................................................
Creating An Acp268................................................................................................................................................................
Creating Entries In The Acp269................................................................................................................................................................
Editing Acps269................................................................................................................................................................
Deleting An Acp269................................................................................................................................................................
Assigning The Acp To An Interface270................................................................................................................................................................
Using The Reload Command270................................................................................................................................................................
Processing Acps271................................................................................................................................................................
Acp Action Summary274................................................................................................................................................................
Traffic Flow Through Interfaces With Acps276................................................................................................................................................................
Does Not Have An Acp277................................................................................................................................................................
Has A Different Acp277................................................................................................................................................................
Interface Has An Acp278................................................................................................................................................................
Traffic In And Out Through A Single Interface279................................................................................................................................................................
Examples Of Acps279................................................................................................................................................................
Viewing Acls And Acps283................................................................................................................................................................
Displaying Acls283................................................................................................................................................................
Displaying Acps284................................................................................................................................................................
Viewing Access Policy Sessions285................................................................................................................................................................
Viewing Access Policy Statistics286................................................................................................................................................................
Troubleshooting288................................................................................................................................................................
Show Commands288................................................................................................................................................................
Monitoring Packets Matched To An Acp288................................................................................................................................................................
Clearing Existing Policy Sessions288................................................................................................................................................................
Clear Acl Counters290................................................................................................................................................................
Debug Acls291................................................................................................................................................................
Enabling The Built-in Firewall292................................................................................................................................................................
Configuring An Acl And Applying It Directly To An Interface293................................................................................................................................................................
Configuring Acps295................................................................................................................................................................
Nat Services On The Procurve Secure Router300................................................................................................................................................................
Many-to-one Nat For Outbound Traffic300................................................................................................................................................................
Using Nat With Pat301................................................................................................................................................................
One-to-one Nat For Inbound Traffic303................................................................................................................................................................
One-to-one Nat With Port Translation304................................................................................................................................................................
Configuring Nat306................................................................................................................................................................
Enabling The Firewall306................................................................................................................................................................
Configuring An Acl306................................................................................................................................................................
Configuring An Acp311................................................................................................................................................................
Configuring Many-to-one Nat For Outbound Traffic312................................................................................................................................................................
Configuring One-to-one Nat For Inbound Traffic312................................................................................................................................................................
Configuring One-to-one Nat With Port Translation313................................................................................................................................................................
Clearing Acl Counters322................................................................................................................................................................
Debugging Acls322................................................................................................................................................................
Using The Cli To Configure Many-to-one Nat323................................................................................................................................................................
Using The Cli To Configure One-to-one Nat325................................................................................................................................................................
Risks Posed By Non-work-related Use Of The Internet330................................................................................................................................................................
Dl Series331................................................................................................................................................................
The Role Of The Websense Enterprise Solution331................................................................................................................................................................
The Role Of The Procurve Secure Router332................................................................................................................................................................
Configuring Web Content Filtering333................................................................................................................................................................
Creating A Filter On The Procurve Secure Router333................................................................................................................................................................
Specifying The Websense Server's Ip Address334................................................................................................................................................................
Applying A Filter To A Router Interface334................................................................................................................................................................
Specifying Behavior When The Server Is Unreachable336................................................................................................................................................................
Allows Or Blocks336................................................................................................................................................................
To The Websense Server338................................................................................................................................................................
Responses338................................................................................................................................................................
Specifying The Maximum Number Of Outstanding Requests338................................................................................................................................................................
Troubleshooting Web Content Filtering339................................................................................................................................................................
Troubleshooting Tools—show, Debug, And Clear Commands339................................................................................................................................................................
Troubleshooting Common Problems342................................................................................................................................................................
Web Content Filtering Does Not Take Effect342................................................................................................................................................................
Users Cannot Access The Web Sites They Need345................................................................................................................................................................
The Router Cannot Connect To The Websense Server346................................................................................................................................................................
Incompletely348................................................................................................................................................................
Evaluating Traffic On Your Network354................................................................................................................................................................
Qos Mechanisms On The Procurve Secure Router355................................................................................................................................................................
Tos Field356................................................................................................................................................................
First In, First Out360................................................................................................................................................................
Cbwfq361................................................................................................................................................................
Frf.12362................................................................................................................................................................
Qos Maps362................................................................................................................................................................
Configuring Wfq364................................................................................................................................................................
Conversations364................................................................................................................................................................
Weight365................................................................................................................................................................
Shortcomings365................................................................................................................................................................
Packet Marking366................................................................................................................................................................
Enabling Wfq367................................................................................................................................................................
Setting The Queue Size368................................................................................................................................................................
Configuring Cbwfq369................................................................................................................................................................
Configuring Classes For Cbwfq369................................................................................................................................................................
Creating A Qos Map Entry370................................................................................................................................................................
Defining A Class371................................................................................................................................................................
Allocating Bandwidth To A Class376................................................................................................................................................................
Assigning The Qos Map To An Interface378................................................................................................................................................................
Special Considerations For Cbwfq With Multilinks379................................................................................................................................................................
Cbwfq Example Configuration380................................................................................................................................................................
Configuring Llq382................................................................................................................................................................
Determining Bandwidth For The Queue382................................................................................................................................................................
Determining Bandwidth For Voip383................................................................................................................................................................
Determining Bandwidth For Video Streaming386................................................................................................................................................................
Placing Traffic In A Low-latency Queue387................................................................................................................................................................
Selecting The Traffic To Be Placed In The Low-latency Queue387................................................................................................................................................................
Setting The Bandwidth Guaranteed The Queue392................................................................................................................................................................
Marking Low Latency Packets With A Tos Value394................................................................................................................................................................
Marking Packets With A Tos Value395................................................................................................................................................................
Selecting The Traffic To Be Marked396................................................................................................................................................................
Setting The Tos Value400................................................................................................................................................................
Example Packet Marking Configuration401................................................................................................................................................................
Configuring Rate Limiting For Frame Relay403................................................................................................................................................................
Rate Limiting403................................................................................................................................................................
Configuring Rate Limiting404................................................................................................................................................................
Setting The Committed Burst Rate405................................................................................................................................................................
Setting The Excessive Burst Rate405................................................................................................................................................................
Configuring Frame Relay Fragmentation406................................................................................................................................................................
Example Frame Relay Qos Configuration407................................................................................................................................................................
Configuring Qos For Ethernet408................................................................................................................................................................
Configuring Rate Limiting On An Ethernet Interface408................................................................................................................................................................
Configuring Qos Policies On An Ethernet Interface409................................................................................................................................................................
Example: Configuring Qos For Voip411................................................................................................................................................................
With Special Needs412................................................................................................................................................................
Enabling Sip Services412................................................................................................................................................................
Defining Voip Traffic414................................................................................................................................................................
Determining The Required Bandwidth415................................................................................................................................................................
Marking Signaling Traffic For Special Treatment416................................................................................................................................................................
Configuring Frame Relay Rate Limiting417................................................................................................................................................................
Monitoring Qos418................................................................................................................................................................
Viewing Qos Maps419................................................................................................................................................................
Managing Queues420................................................................................................................................................................
Troubleshooting Common Configuration Problems421................................................................................................................................................................
A Map Becoming Inactive421................................................................................................................................................................
An Ethernet Interface Refusing To Take A Qos-policy422................................................................................................................................................................
Configuring A Low-latency Queue425................................................................................................................................................................
Marking Packets426................................................................................................................................................................
Configuring Qos On An Ethernet Interface428................................................................................................................................................................
Network Monitor Probes431................................................................................................................................................................
Probe Characteristics432................................................................................................................................................................
Probe States433................................................................................................................................................................
Network Monitor Tracks433................................................................................................................................................................
Track Characteristics433................................................................................................................................................................
Track States433................................................................................................................................................................
Track Actions433................................................................................................................................................................
Purposes Of Network Monitoring434................................................................................................................................................................
Testing Static Routes434................................................................................................................................................................
Monitoring Network Performance437................................................................................................................................................................
Routing Probe Traffic Using Policy-based Routing (pbr)437................................................................................................................................................................
Configuring Network Monitoring438................................................................................................................................................................
Configuring Probes439................................................................................................................................................................
Creating A Probe And Selecting Its Type439................................................................................................................................................................
Specifying The Probe's Destination440................................................................................................................................................................
Specifying The Test's Timeout442................................................................................................................................................................
Specifying The Probe's Tolerance442................................................................................................................................................................
Specifying The Probe's Period444................................................................................................................................................................
Setting The Source Address For Probe Packets445................................................................................................................................................................
Setting The Source Port For Probe Packets445................................................................................................................................................................
Special Considerations For Configuring Probes446................................................................................................................................................................
Special Considerations For Icmp Echo Probes446................................................................................................................................................................
Special Considerations For Tcp Connect Probes448................................................................................................................................................................
Special Considerations For Http Request Probes448................................................................................................................................................................
Activating And Shutting Down The Probe453................................................................................................................................................................
Configuring Tracks454................................................................................................................................................................
Creating A Track454................................................................................................................................................................
Specifying The Track's Probes455................................................................................................................................................................
Configuring A Dampening Interval456................................................................................................................................................................
Enabling A Track To Log Changes457................................................................................................................................................................
Activating And Shutting Down A Track458................................................................................................................................................................
Associating A Track With A Static Route459................................................................................................................................................................
Associating A Track With A Dhcp Default Route460................................................................................................................................................................
A Negotiated Address461................................................................................................................................................................
Implementing Pbr To Route Probe Traffic462................................................................................................................................................................
Using Nat With Network Monitoring465................................................................................................................................................................
Configuration Steps466................................................................................................................................................................
Example467................................................................................................................................................................
Disabling The Rpf Check468................................................................................................................................................................
Examples Of Network Monitoring470................................................................................................................................................................
Monitor Connectivity To The Internet470................................................................................................................................................................
Monitor Static Routes To Remote Networks473................................................................................................................................................................
Monitor Connectivity To A Mission-critical Tcp Server475................................................................................................................................................................
Monitor Network Congestion And The Performance Of Servers478................................................................................................................................................................
Submit Information To A Remote Web Server479................................................................................................................................................................
Viewing Network Monitor Tracks And Probes483................................................................................................................................................................
Viewing Network Monitor Tracks483................................................................................................................................................................
Debugging Network Monitor Tracks484................................................................................................................................................................
Viewing Network Monitor Probes484................................................................................................................................................................
Debugging Network Monitor Probes485................................................................................................................................................................
Clearing Statistics485................................................................................................................................................................
Troubleshooting Network Monitoring486................................................................................................................................................................
Track Fails To Take Action486................................................................................................................................................................
Track Takes An Inappropriate Action487................................................................................................................................................................
Backup Route Fails To Be Added488................................................................................................................................................................
Failed Primary Route Periodically Reappears In The Routing Table489................................................................................................................................................................
Vpn Tunnels498................................................................................................................................................................
Ip Security (ipsec)498................................................................................................................................................................
Ipsec Headers499................................................................................................................................................................
Hash And Encryption Algorithms500................................................................................................................................................................
Ipsec Vpn Tunnels501................................................................................................................................................................
Security Associations (sas)501................................................................................................................................................................
Vpn Overlay507................................................................................................................................................................
Physical Setup508................................................................................................................................................................
Configuring A Vpn Using Ipsec509................................................................................................................................................................
Configuring Ipsec With Ike509................................................................................................................................................................
Configuring Ipsec With Manual Keying513................................................................................................................................................................
Policies And Crypto Maps514................................................................................................................................................................
Configuration Tasks517................................................................................................................................................................
Enabling Crypto Commands517................................................................................................................................................................
Configuring Ike Policies517................................................................................................................................................................
Peer Id518................................................................................................................................................................
Initiate And Response Mode520................................................................................................................................................................
Attribute Policy522................................................................................................................................................................
Enabling Nat-traversal (nat-t) For A Client-to-site Vpn525................................................................................................................................................................
Configuring A Peer's Remote Id And Preshared Key526................................................................................................................................................................
Site-to-site Configuration527................................................................................................................................................................
Client-to-site Configuration528................................................................................................................................................................
Digital Certificates528................................................................................................................................................................
Map Entry529................................................................................................................................................................
Defining Traffic Allowed Over The Vpn Tunnel529................................................................................................................................................................
Restricting Specified Hosts530................................................................................................................................................................
Permitting Local And Remote Networks531................................................................................................................................................................
Applying The Acl To A Crypto Map532................................................................................................................................................................
Example Configuration533................................................................................................................................................................
Enabling Router Traffic To Servers At A Remote Vpn Site533................................................................................................................................................................
Configuring Ipsec Sa Parameters534................................................................................................................................................................
Transform Sets534................................................................................................................................................................
Crypto Maps536................................................................................................................................................................
Applying A Crypto Map To An Interface540................................................................................................................................................................
Granting Remote Users A Private Network Address With Ike Mode Config (required For Client-to-site Vpns)541................................................................................................................................................................
Ike Mode Config541................................................................................................................................................................
Configuring An Ike Client Configuration Pool542................................................................................................................................................................
Applying The Pool To An Ike Policy543................................................................................................................................................................
Using Extended Authentication (xauth) (optional)543................................................................................................................................................................
Configuring An Xauth Server544................................................................................................................................................................
Configuring An Xauth Host547................................................................................................................................................................
Using Digital Certificates (optional)548................................................................................................................................................................
Obtaining Digital Certificates551................................................................................................................................................................
Managing Certificates555................................................................................................................................................................
Configuring A Vpn Using Ipsec With Manual Keying558................................................................................................................................................................
Configuring The Transform Set559................................................................................................................................................................
Configuring Crypto Maps For Manual Ipsec561................................................................................................................................................................
Monitoring A Vpn564................................................................................................................................................................
Troubleshooting A Vpn That Uses Ipsec567................................................................................................................................................................
Tools And Procedures567................................................................................................................................................................
Checking Wan Connections569................................................................................................................................................................
All Traffic In A Vpn569................................................................................................................................................................
Monitoring The Ike Process Using Debug Commands570................................................................................................................................................................
Comparing Vpn Policies574................................................................................................................................................................
Returning Vpn Policies To Their Defaults580................................................................................................................................................................
Configuring A Site-to-site Vpn584................................................................................................................................................................
Configuring A Client-to-site Vpn588................................................................................................................................................................
Gre Tunnels598................................................................................................................................................................
Advantages And Disadvantages Of Gre599................................................................................................................................................................
Configuring Gre600................................................................................................................................................................
Creating The Tunnel Interface600................................................................................................................................................................
Ip Address600................................................................................................................................................................
Configuring The Tunnel Source601................................................................................................................................................................
Configuring The Tunnel Destination602................................................................................................................................................................
Configuring The Tunnel's Ip Address603................................................................................................................................................................
Configuring The Tunnel Key603................................................................................................................................................................
Specifying Tunnel Traffic603................................................................................................................................................................
Sending Routing Updates Over The Tunnel604................................................................................................................................................................
Sending Multicasts Over The Tunnel605................................................................................................................................................................
Sending All Traffic To A Network Over The Tunnel606................................................................................................................................................................
Filtering Traffic That Arrives On The Tunnel607................................................................................................................................................................
Enabling Checksum Verification608................................................................................................................................................................
Troubleshooting Gre Configuration609................................................................................................................................................................
The Tunnel Goes Down609................................................................................................................................................................
The Router Does Not Receive Traffic Through The Tunnel610................................................................................................................................................................
The Router Does Not Receive Routing Updates610................................................................................................................................................................
Multicast Applications615................................................................................................................................................................
Ip Multicasting616................................................................................................................................................................
Multicast Addresses617................................................................................................................................................................
Host Groups617................................................................................................................................................................
Igmp618................................................................................................................................................................
Igmp Queries619................................................................................................................................................................
Igmp Reports619................................................................................................................................................................
Multicast Routing Protocols620................................................................................................................................................................
Igmp Proxy621................................................................................................................................................................
Configuring Igmp Proxy For Multicast Stub Routing Support623................................................................................................................................................................
Enabling Ip Multicast Routing624................................................................................................................................................................
Setting The Multicast Helper Address624................................................................................................................................................................
Which Upstream625................................................................................................................................................................
Configuring A Downstream Interface626................................................................................................................................................................
Configuring An Igmp Multicast Agent626................................................................................................................................................................
Enabling Igmp Proxy627................................................................................................................................................................
Enabling Multicast Forwarding627................................................................................................................................................................
Configuring An Upstream Interface628................................................................................................................................................................
Configuring Multicast Routing Through A Fixed Interface628................................................................................................................................................................
Tunneling Multicast Traffic Through The Internet629................................................................................................................................................................
Adding The Router Stack To A Multicast Group630................................................................................................................................................................
Altering Igmp Query Intervals631................................................................................................................................................................
Troubleshooting Multicast Stub Routing And Igmp633................................................................................................................................................................
Strategies And Tools633................................................................................................................................................................
Procedure For Troubleshooting Multicast Stub Routing635................................................................................................................................................................
Multicast Trees644................................................................................................................................................................
Sp Tree645................................................................................................................................................................
Multicast Routing Table646................................................................................................................................................................
Joining A Shared Or Rp Tree648................................................................................................................................................................
Switching From An Rp To An Sp Tree649................................................................................................................................................................
Edge Routers652................................................................................................................................................................
A Source's Dr654................................................................................................................................................................
Multicasting First655................................................................................................................................................................
Its Group655................................................................................................................................................................
Rp Selection657................................................................................................................................................................
Pim-sm Packets658................................................................................................................................................................
Join/prune Packets658................................................................................................................................................................
Register Packets665................................................................................................................................................................
Register-stop Packets666................................................................................................................................................................
Bootstrap Packets666................................................................................................................................................................
Hellos666................................................................................................................................................................
Asserts666................................................................................................................................................................
Configuring Pim-sm668................................................................................................................................................................
Enabling Pim-sm669................................................................................................................................................................
Configuring A Static Rp Set670................................................................................................................................................................
Specifying Static Rps That Support All Groups671................................................................................................................................................................
Specifying A Static Rp For A Specific Group672................................................................................................................................................................
Specifying When The Router Switches To The Sp Tree675................................................................................................................................................................
Forcing The Router To Use The Rp Tree Permanently676................................................................................................................................................................
Changing An Interface's Dr Priority676................................................................................................................................................................
Changing Pim-sm Timers677................................................................................................................................................................
Join/prune Period678................................................................................................................................................................
Hello Timer679................................................................................................................................................................
Override And Propagation Delay Timers679................................................................................................................................................................
Configuration Examples680................................................................................................................................................................
A Headquarters And Two Small Remote Sites680................................................................................................................................................................
Groups685................................................................................................................................................................
Troubleshooting Pim-sm688................................................................................................................................................................
Monitoring The Multicast Routing Table688................................................................................................................................................................
Flags689................................................................................................................................................................
First Line Of A Multicast Routing Table Entry690................................................................................................................................................................
Incoming Interface692................................................................................................................................................................
Outgoing Interface List693................................................................................................................................................................
Viewing Pim-sm Information694................................................................................................................................................................
Pim-sm Troubleshooting Process696................................................................................................................................................................
Troubleshooting An Edge Router696................................................................................................................................................................
Pim Neighbors701................................................................................................................................................................
Lldp712................................................................................................................................................................
Lldp Messages713................................................................................................................................................................
Viewing Lldp Information715................................................................................................................................................................
Viewing Lldp Neighbor Information715................................................................................................................................................................
Viewing Local Lldp Activity718................................................................................................................................................................
Viewing Real-time Lldp Messages: Debug Lldp Commands719................................................................................................................................................................
Viewing Lldp Timers721................................................................................................................................................................
Configuring Lldp722................................................................................................................................................................
Preventing An Interface From Sending Certain Lldp Messages722................................................................................................................................................................
Preventing An Interface From Receiving Lldp Messages724................................................................................................................................................................
Altering Lldp Timers724................................................................................................................................................................
Routing Protocols732................................................................................................................................................................
Secure Router733................................................................................................................................................................
How Routing Protocols Work733................................................................................................................................................................
Advantages And Disadvantages Of Routing Protocols736................................................................................................................................................................
Load Sharing737................................................................................................................................................................
Rip Process738................................................................................................................................................................
Configuring Rip738................................................................................................................................................................
Rip Updates, V1 And V2739................................................................................................................................................................
And Triggered Updates741................................................................................................................................................................
Rip Timing Intervals743................................................................................................................................................................
Rip Configuration Considerations744................................................................................................................................................................
Selecting A Rip Version745................................................................................................................................................................
Setting A Global Rip Version746................................................................................................................................................................
Setting Rip Versions For Particular Interfaces746................................................................................................................................................................
Specifying Networks That Will Participate In Rip747................................................................................................................................................................
Redistributing Routes748................................................................................................................................................................
Redistributing Connected Routes749................................................................................................................................................................
Redistributing Ospf Routes750................................................................................................................................................................
Rip Route Filtering750................................................................................................................................................................
Creating An Acl To Act As A Rip Filter751................................................................................................................................................................
Applying A Rip Filter751................................................................................................................................................................
Example Rip Filter753................................................................................................................................................................
Subnets753................................................................................................................................................................
From Sending Updates756................................................................................................................................................................
Altering Rip Intervals757................................................................................................................................................................
Configuring Ospf758................................................................................................................................................................
Lsas759................................................................................................................................................................
Point-to-point Versus Multi-access Networks760................................................................................................................................................................
Areas760................................................................................................................................................................
Lsa Types763................................................................................................................................................................
Route Computation764................................................................................................................................................................
Ospf Configuration Concerns765................................................................................................................................................................
Setting The Router Id770................................................................................................................................................................
Advertising Networks And Establishing Ospf Areas771................................................................................................................................................................
Defining An Ospf Network Within An Area771................................................................................................................................................................
Configuring Stub Areas772................................................................................................................................................................
One Area To Routers In Another Area773................................................................................................................................................................
Example Configuration Of Ospf Areas778................................................................................................................................................................
Prohibiting The Advertisement Of Networks780................................................................................................................................................................
Generating A Default External Route (asbr)780................................................................................................................................................................
Configuring Route Summaries For Asbrs781................................................................................................................................................................
Configuring Cost Calculation For A Link782................................................................................................................................................................
Redistributing Rip Routes784................................................................................................................................................................
Redistributing Connected And Static Routes785................................................................................................................................................................
Configuring The Default Metric For Redistributed Routes786................................................................................................................................................................
Changing A Router's Dr Priority786................................................................................................................................................................
Altering Ospf Intervals786................................................................................................................................................................
Configuring Ospf Authentication788................................................................................................................................................................
Example Ospf Configuration790................................................................................................................................................................
Configuring Bgp793................................................................................................................................................................
Bgp Advantages794................................................................................................................................................................
Vrf And Mpls795................................................................................................................................................................
Multihoming796................................................................................................................................................................
Bgp Neighbors796................................................................................................................................................................
Bgp Messages797................................................................................................................................................................
Bgp Configuration Concerns797................................................................................................................................................................
Enabling Bgp799................................................................................................................................................................
Advertising Local Networks799................................................................................................................................................................
Configuring A Bgp Neighbor801................................................................................................................................................................
Setting The Bgp Neighbor Id801................................................................................................................................................................
Specifying The Local And Remote As801................................................................................................................................................................
Load Balancing802................................................................................................................................................................
Neighbor: Specifying The Source For Updates803................................................................................................................................................................
Balancing Loads Over Connections To Different Neighbors804................................................................................................................................................................
Creating Prefix Lists: Configuring Filters For Route Exchange807................................................................................................................................................................
Naming The List808................................................................................................................................................................
Assigning The Entry An Order808................................................................................................................................................................
Discarding Or Allowing Routes808................................................................................................................................................................
Specifying The Network Address808................................................................................................................................................................
Specifying The Range Of Prefix Lengths809................................................................................................................................................................
Applying Filters809................................................................................................................................................................
Example Bgp Policies810................................................................................................................................................................
Example Prefix List Configuration814................................................................................................................................................................
Route Exchange814................................................................................................................................................................
Configuring Route Maps: Creating More Complex Policies814................................................................................................................................................................
For Route Exchange814................................................................................................................................................................
Creating A Route Map Entry816................................................................................................................................................................
Configuring A Community List816................................................................................................................................................................
Configuring An As Path List817................................................................................................................................................................
Defining The Routes That A Router Can Advertise818................................................................................................................................................................
To Advertise A Route To Certain Peers Only823................................................................................................................................................................
Prepending Private As Numbers For Load Balancing825................................................................................................................................................................
Balancing826................................................................................................................................................................
Filtering Inbound Routes829................................................................................................................................................................
Applying Policies To Inbound Routes830................................................................................................................................................................
Deleting Communities From A Route831................................................................................................................................................................
Applying A Route Map Entry To A Bgp Neighbor832................................................................................................................................................................
Enabling Soft Reconfiguration833................................................................................................................................................................
Prohibiting The Advertisement Of Default Routes833................................................................................................................................................................
Disabling Igp Synchronization833................................................................................................................................................................
Configuring Route Summarizations834................................................................................................................................................................
Setting Administrative Distance For Bgp Routes834................................................................................................................................................................
Altering Bgp Intervals834................................................................................................................................................................
Example 1: Baseline Bgp Configuration835................................................................................................................................................................
That Runs An Igp837................................................................................................................................................................
Example 3: Configuring A Standard Bgp Policy On A Router That Receives Routes To Remote Private Sites839................................................................................................................................................................
That Multihomes841................................................................................................................................................................
Example 4: Configuring Bgp Policies For A Router That841................................................................................................................................................................
Configuring Load Sharing848................................................................................................................................................................
Configuring Policy-based Routing851................................................................................................................................................................
Configuring A Route Map For Pbr853................................................................................................................................................................
Selecting Traffic For A Route Map Entry854................................................................................................................................................................
Implementing Pbr According To Source855................................................................................................................................................................
Implementing Pbr According To Application858................................................................................................................................................................
Implementing Pbr According To Traffic Priority860................................................................................................................................................................
Implementing Pbr According To Payload Size863................................................................................................................................................................
Setting The Routing Policy In A Route Map Entry864................................................................................................................................................................
Configuring Default Routes In A Route Map Entry866................................................................................................................................................................
Using A Route Map To Mark Packets With A Qos Value867................................................................................................................................................................
Setting The Don't Fragment Bit869................................................................................................................................................................
Assigning A Route Map To An Interface870................................................................................................................................................................
Applying A Route Map To Router Traffic870................................................................................................................................................................
Pbr Configuration Examples870................................................................................................................................................................
Routing Traffic To A Security Appliance870................................................................................................................................................................
Routing Traffic To A Caching Server872................................................................................................................................................................
Reserving A Connection For Voip And Video Traffic873................................................................................................................................................................
Troubleshooting Routing874................................................................................................................................................................
Monitoring The Routing Table874................................................................................................................................................................
Monitoring Routes877................................................................................................................................................................
Clearing Routes877................................................................................................................................................................
Troubleshooting Rip879................................................................................................................................................................
Router Not Receiving Routes879................................................................................................................................................................
Router's Subnets880................................................................................................................................................................
Troubleshooting Ospf881................................................................................................................................................................
Troubleshooting An Internal Router884................................................................................................................................................................
Troubleshooting An Abr888................................................................................................................................................................
Troubleshooting Bgp890................................................................................................................................................................
Troubleshooting A Prefix List898................................................................................................................................................................
Troubleshooting A Route Map899................................................................................................................................................................
Other Common Bgp Problems900................................................................................................................................................................
Monitoring And Troubleshooting Pbr901................................................................................................................................................................
Rip Routing905................................................................................................................................................................
Ospf Routing905................................................................................................................................................................
Configuring An Internal Router906................................................................................................................................................................
Configuring An Abr907................................................................................................................................................................
Configuring An Asbr908................................................................................................................................................................
Configuring Pbr910................................................................................................................................................................
Configuring Access To The Web Browser Interface918................................................................................................................................................................
Enabling Access To The Web Browser Interface918................................................................................................................................................................
The Web Browser Interface Navigation Panel919................................................................................................................................................................
Managing Autosynch™, Files, Firmware, Logging, And Boot Software920................................................................................................................................................................
Autosynch™921................................................................................................................................................................
Configuration922................................................................................................................................................................
Firmware925................................................................................................................................................................
Debug928................................................................................................................................................................
Reboot Unit932................................................................................................................................................................
Telnet To Unit933................................................................................................................................................................
Enabling Ip Services On The Router934................................................................................................................................................................
Web Access Configuration936................................................................................................................................................................
Increasing Bandwidth938................................................................................................................................................................
Backup Modules941................................................................................................................................................................
Configuring The Procurve Secure Router Os Firewall941................................................................................................................................................................
Enabling Attack Checking943................................................................................................................................................................
Enabling Event Logging944................................................................................................................................................................
Enabling Email Forwarding946................................................................................................................................................................
Enabling Syslog Forwarding947................................................................................................................................................................
Display The Event History948................................................................................................................................................................
Enabling Algs948................................................................................................................................................................
Configuring Session Timeouts949................................................................................................................................................................
Using The Firewall Wizard951................................................................................................................................................................
Configuring Access Control From The Web Browser Interface955................................................................................................................................................................
Configuring Access Control Lists (acls)955................................................................................................................................................................
Configuring Access Control Policies (acps)958................................................................................................................................................................
Filtering, Or Blocking, Traffic960................................................................................................................................................................
Allowing Traffic962................................................................................................................................................................
Configuring Many-to-one Nat964................................................................................................................................................................
Configuring One-to-one Nat965................................................................................................................................................................
Customizing Your Policies967................................................................................................................................................................
Changing The Order Of Policies971................................................................................................................................................................
Assigning The Security Zone (the Acp) To An Interface971................................................................................................................................................................
Configuring Quality Of Service972................................................................................................................................................................
Configuring Qos For Voip With The Qos Wizard976................................................................................................................................................................
Configuring Packet Marking985................................................................................................................................................................
Configuring Frame Relay Fragmentation And Rate Limiting987................................................................................................................................................................
Setting Up Network Monitoring989................................................................................................................................................................
Network Monitor Wizard989................................................................................................................................................................
Creating A Network Monitor Probe998................................................................................................................................................................
Creating A Network Monitor Track1000................................................................................................................................................................
Setting Up Virtual Private Networks1003................................................................................................................................................................
Vpn Wizard1003................................................................................................................................................................
Vpn Peer Name1004................................................................................................................................................................
Public Interface1004................................................................................................................................................................
Peer Type1004................................................................................................................................................................
Mobile Vpn Peer Settings (client-to-site Vpn Only)1006................................................................................................................................................................
Extended Authentication (client-to-site Vpn Only)1007................................................................................................................................................................
Remote Network1008................................................................................................................................................................
Local Network1008................................................................................................................................................................
Authentication Type1009................................................................................................................................................................
Remote Id1009................................................................................................................................................................
Local Id1010................................................................................................................................................................
Ike Settings (custom Setup Only)1010................................................................................................................................................................
Ipsec Settings (custom Setup Only)1013................................................................................................................................................................
Confirm Settings1014................................................................................................................................................................
Vpn Peers1016................................................................................................................................................................
Adding A Second Remote Site To The Vpn1016................................................................................................................................................................
Configuring Advanced Vpn Parameters1027................................................................................................................................................................
Configuring Ike Sa Parameters1027................................................................................................................................................................
Enabling Xauth1033................................................................................................................................................................
Adding Remote Ids1034................................................................................................................................................................
Obtaining Certificates1037................................................................................................................................................................
Obtaining Certificates Manually1039................................................................................................................................................................
Obtaining Certificates Automatically1045................................................................................................................................................................
Setting Up Generic Routing Encapsulation (gre) Tunnels1050................................................................................................................................................................
Multicast1054................................................................................................................................................................
Setting Lldp Timers1055................................................................................................................................................................
Enabling And Disabling Lldp On An Interface1056................................................................................................................................................................
Viewing Lldp Neighbors1057................................................................................................................................................................
Routing1059................................................................................................................................................................
Specifying Ospf Networks1064................................................................................................................................................................
Redistributing Routes Into Ospf1065................................................................................................................................................................
Generating A Default Route (asbr)1066................................................................................................................................................................
Advertising Summary Routes (asbr)1067................................................................................................................................................................
Configuring Global Ospf Parameters1068................................................................................................................................................................
Configuring Ospf Parameters For Individual Interfaces1070................................................................................................................................................................
Viewing Ospf Information1073................................................................................................................................................................
HP ProCurve Secure 7102dl Advanced Management And Configuration Manual

HP ProCurve Secure 7102dl Advanced Management And Configuration Manual (1005 pages)

Secure Router  
Brand: HP | Category: Network Hardware | Size: 9.33 MB
Table of contents
Procurve Secure Router1................................................................................................................................................................
Table Of Contents3................................................................................................................................................................
Configuring Backup Wan Connections5................................................................................................................................................................
Applying Access Control To Router Interfaces9................................................................................................................................................................
Inbound Interface Does Not Have An Acp; Outbound10................................................................................................................................................................
Configuring Network Address Translation11................................................................................................................................................................
Setting Up Quality Of Service12................................................................................................................................................................
Virtual Private Networks14................................................................................................................................................................
How The Procurve Secure Router Processes Ike Policies15................................................................................................................................................................
Link Layer Discovery Protocol20................................................................................................................................................................
Ip Routing—configuring Rip, Ospf, Bgp, And Pbr21................................................................................................................................................................
Other Routers Not Receiving Routes To The Local24................................................................................................................................................................
Using This Guide31................................................................................................................................................................
Understanding Command Syntax Statements32................................................................................................................................................................
Observing The Ip Address Convention33................................................................................................................................................................
Quick Start Sections34................................................................................................................................................................
Downloading Software Updates35................................................................................................................................................................
Interface Management Options37................................................................................................................................................................
Accessing The Web Browser Interface38................................................................................................................................................................
Using The Procurve Web Browser Interface39................................................................................................................................................................
Cli Tools40................................................................................................................................................................
Editing Commands41................................................................................................................................................................
Basic Commands42................................................................................................................................................................
Exit43................................................................................................................................................................
Erase46................................................................................................................................................................
Autosynch47................................................................................................................................................................
Show48................................................................................................................................................................
Safe-mode49................................................................................................................................................................
Managing Configuration Files Using A Text Editor52................................................................................................................................................................
Quick Start55................................................................................................................................................................
Configuring The Enable Mode Password56................................................................................................................................................................
Configuring Telnet Access57................................................................................................................................................................
Configuring Http Access58................................................................................................................................................................
Contents59................................................................................................................................................................
Overview60................................................................................................................................................................
Configuring Mlppp61................................................................................................................................................................
Mlppp63................................................................................................................................................................
Lcp Options63................................................................................................................................................................
Mlppp Header63................................................................................................................................................................
Mlppp Configuration Concerns64................................................................................................................................................................
Enabling Mlppp64................................................................................................................................................................
Binding Multiple Carrier Lines To A Ppp Interface64................................................................................................................................................................
Configuring Mlfr66................................................................................................................................................................
Enabling Mlfr67................................................................................................................................................................
Binding Multiple Carrier Lines To A Frame Relay Interface68................................................................................................................................................................
Configuring The Bundle Id69................................................................................................................................................................
Troubleshooting Multilinks70................................................................................................................................................................
Standard Procedure70................................................................................................................................................................
Physical Layer70................................................................................................................................................................
Troubleshooting Mlppp73................................................................................................................................................................
Troubleshooting Mlfr74................................................................................................................................................................
Mlppp Configuration78................................................................................................................................................................
Mlfr Configuration79................................................................................................................................................................
Backing Up Primary Wan Connections85................................................................................................................................................................
Analog Backup Connections85................................................................................................................................................................
Isdn-backup Connections86................................................................................................................................................................
Bri Isdn87................................................................................................................................................................
Electrical Specifications For Bri Isdn89................................................................................................................................................................
Backup Modules For The Procurve Secure Router89................................................................................................................................................................
Standards90................................................................................................................................................................
Data Link Layer Protocols91................................................................................................................................................................
Determining A Backup Method91................................................................................................................................................................
Using Demand Routing For Backup Connections92................................................................................................................................................................
Using Persistent Backup Connections94................................................................................................................................................................
Comparing Demand Routing And Persistent Backup94................................................................................................................................................................
Configuring Demand Routing For Backup Connections97................................................................................................................................................................
Define The Traffic That Triggers The Connection98................................................................................................................................................................
Specifying A Protocol98................................................................................................................................................................
Defining The Source And Destination Addresses99................................................................................................................................................................
Configuring The Demand Interface100................................................................................................................................................................
Creating The Demand Interface101................................................................................................................................................................
Configuring An Ip Address102................................................................................................................................................................
Matching The Interesting Traffic103................................................................................................................................................................
Specifying The Connect-mode Option106................................................................................................................................................................
Associating A Resource Pool With The Demand Interface107................................................................................................................................................................
Defining A Connect Sequence107................................................................................................................................................................
Specify The Order In Which Connect Sequences Are Used109................................................................................................................................................................
Configure The Number Of Connect Sequence Attempts110................................................................................................................................................................
Understanding How The Connect-sequence Commands Work112................................................................................................................................................................
Configuring The Idle-timeout Option114................................................................................................................................................................
Configuring The Fast-idle Option115................................................................................................................................................................
Defining The Caller-number116................................................................................................................................................................
Defining The Called-number116................................................................................................................................................................
Configuring The Hold Queue116................................................................................................................................................................
Configuring The Bri Or Modem Interface117................................................................................................................................................................
Accessing The Bri Or Modem Interface118................................................................................................................................................................
Configuring The Isdn Signaling (switch) Type118................................................................................................................................................................
Configuring An Ldn For Isdn Bri S/t Modules119................................................................................................................................................................
Configuring A Spid And Ldn For Isdn Bri U Modules120................................................................................................................................................................
Setting The Country For The Modem Interface120................................................................................................................................................................
Assigning Bri Or Modem Interface To The Resource Pool121................................................................................................................................................................
Caller Id Options For Isdn Bri Backup Modules (optional)122................................................................................................................................................................
Configuring Ppp Authentication For An Isdn Connection123................................................................................................................................................................
Enabling Ppp Authentication For All Demand Interfaces123................................................................................................................................................................
Configuring Pap Authentication For A Demand Interface124................................................................................................................................................................
Configuring Chap Authentication For A Demand Interface124................................................................................................................................................................
Backup Connection125................................................................................................................................................................
Configuring Peer Ip Address126................................................................................................................................................................
Setting The Mtu For Demand Interfaces126................................................................................................................................................................
Configuring A Persistent Backup Connection127................................................................................................................................................................
Configuring The Physical Interface For A Persistent Backup127................................................................................................................................................................
Configuring A Bri Interface (isdn Only)127................................................................................................................................................................
Configuring A Modem Interface (analog Only)131................................................................................................................................................................
Using The Modem For Console Dial-in133................................................................................................................................................................
Connection134................................................................................................................................................................
Configuring A Logical Interface For A Persistent Backup134................................................................................................................................................................
Creating A Backup Ppp Interface135................................................................................................................................................................
Setting An Ip Address136................................................................................................................................................................
Enabling Ppp Authentication136................................................................................................................................................................
Configuring Persistent Backup Settings For A Primary138................................................................................................................................................................
Setting The Backup Call Mode139................................................................................................................................................................
Adding A Number To A Backup Dial List143................................................................................................................................................................
Controlling When A Backup Connection Can Be Established144................................................................................................................................................................
Setting Backup Timers146................................................................................................................................................................
Configuring A Floating Static Route For A Persistent Backup147................................................................................................................................................................
Configuring Persistent Backup For Multiple Connections149................................................................................................................................................................
Connections150................................................................................................................................................................
Viewing The Status And Configuration Of Backup Interfaces151................................................................................................................................................................
Problems155................................................................................................................................................................
Viewing The Status Of The Demand Interface155................................................................................................................................................................
Ip Address156................................................................................................................................................................
Interface157................................................................................................................................................................
Viewing Demand Sessions158................................................................................................................................................................
Viewing The Resource Pool158................................................................................................................................................................
Show The Running-config For The Demand Interface159................................................................................................................................................................
Troubleshooting Demand Routing159................................................................................................................................................................
Checking The Demand Interface159................................................................................................................................................................
Checking The Acl That Defines The Interesting Traffic160................................................................................................................................................................
Troubleshooting The Backup Connection161................................................................................................................................................................
Test Calls For Isdn Lines163................................................................................................................................................................
Viewing Backup Settings165................................................................................................................................................................
Viewing The Backup Ppp Interface167................................................................................................................................................................
Troubleshooting Persistent Backup Connections169................................................................................................................................................................
Backing Up A Connection With An Isdn Bri S/t Backup Module185................................................................................................................................................................
Backing Up A Connection With An Analog Module187................................................................................................................................................................
Advantages Of An Integrated Firewall191................................................................................................................................................................
Stateful-inspection Firewalls192................................................................................................................................................................
Packet-filtering Firewall192................................................................................................................................................................
Circuit-level Gateway193................................................................................................................................................................
Application-level Gateway195................................................................................................................................................................
Attack Checking197................................................................................................................................................................
Syn-flood Attacks198................................................................................................................................................................
Winnuke Attacks199................................................................................................................................................................
Reflexive Traffic200................................................................................................................................................................
Event Logging200................................................................................................................................................................
Configuring Attack Checking202................................................................................................................................................................
Enabling The Secure Router Os Firewall202................................................................................................................................................................
Enabling And Disabling Optional Attack Checks203................................................................................................................................................................
Checking Reflexive Traffic204................................................................................................................................................................
Configuring Stealth Mode205................................................................................................................................................................
Configuring Algs206................................................................................................................................................................
Enabling The Ftp Alg207................................................................................................................................................................
Enabling The H.323 Alg For Voice And Videoconferencing207................................................................................................................................................................
Enabling The Sip Alg For Voice Over Ip207................................................................................................................................................................
Enabling The Pptp Alg For Vpns208................................................................................................................................................................
Enabling Firewall Traversal208................................................................................................................................................................
Configuring Timeouts For Sessions209................................................................................................................................................................
Setting The Timeout For A Protocol209................................................................................................................................................................
Setting Timeouts For Specific Tcp And Udp Applications210................................................................................................................................................................
Configuring Logging211................................................................................................................................................................
Specifying The Priority Level For Logged Events212................................................................................................................................................................
Specifying How Many Attacks Generate A Log214................................................................................................................................................................
Specifying How Many Policy Matches Generate A Log214................................................................................................................................................................
Forwarding Logs To A Syslog Server215................................................................................................................................................................
Forwarding Logs To An Email Address217................................................................................................................................................................
Access Control For Interfaces On The Procurve Secure Router223................................................................................................................................................................
Access Control Mechanisms224................................................................................................................................................................
Using Acls Alone To Configure Access Control225................................................................................................................................................................
Configure Acls226................................................................................................................................................................
Acl Entries226................................................................................................................................................................
Creating An Acl228................................................................................................................................................................
Creating An Extended Acl231................................................................................................................................................................
Entry Order235................................................................................................................................................................
Adding A Descriptive Tag To An Acl237................................................................................................................................................................
Editing An Existing Acl237................................................................................................................................................................
Deleting An Existing Acl238................................................................................................................................................................
Applying The Acl To An Interface238................................................................................................................................................................
Selecting The Packet And Controlling The Action239................................................................................................................................................................
Controlling Ftp, Http, And Telnet Access To The Router241................................................................................................................................................................
Restricting Ftp Access241................................................................................................................................................................
Restricting Http Access241................................................................................................................................................................
Restricting Telnet Access242................................................................................................................................................................
Examples Of Applying Acls243................................................................................................................................................................
Using Acps To Control Access To Router Interfaces245................................................................................................................................................................
Enable The Firewall245................................................................................................................................................................
Configure Acps254................................................................................................................................................................
Selector255................................................................................................................................................................
Creating An Acp255................................................................................................................................................................
Creating Entries In The Acp256................................................................................................................................................................
Editing Acps256................................................................................................................................................................
Deleting An Acp256................................................................................................................................................................
Assigning The Acp To An Interface257................................................................................................................................................................
Using The Reload Command257................................................................................................................................................................
Processing Acps258................................................................................................................................................................
Acp Action Summary261................................................................................................................................................................
Traffic Flow Through Interfaces With Acps263................................................................................................................................................................
A Different Acp264................................................................................................................................................................
Interface Has An Acp265................................................................................................................................................................
Traffic In And Out Through A Single Interface266................................................................................................................................................................
Examples Of Acps266................................................................................................................................................................
Viewing Acls And Acps269................................................................................................................................................................
Displaying Acls270................................................................................................................................................................
Displaying Acps271................................................................................................................................................................
Viewing Access Policy Sessions272................................................................................................................................................................
Viewing Access Policy Statistics273................................................................................................................................................................
Troubleshooting274................................................................................................................................................................
Show Commands274................................................................................................................................................................
Clear Acl Counters276................................................................................................................................................................
Debug Acls276................................................................................................................................................................
Enabling The Built-in Firewall278................................................................................................................................................................
Configuring An Acl And Applying It Directly To An Interface278................................................................................................................................................................
Configuring Acps280................................................................................................................................................................
Nat Services On The Procurve Secure Router286................................................................................................................................................................
Many-to-one Nat For Outbound Traffic286................................................................................................................................................................
Using Nat With Pat287................................................................................................................................................................
One-to-one Nat For Inbound Traffic289................................................................................................................................................................
One-to-one Nat With Port Translation290................................................................................................................................................................
Configuring Nat291................................................................................................................................................................
Enabling The Firewall292................................................................................................................................................................
Configuring An Acl292................................................................................................................................................................
Types Of Acls293................................................................................................................................................................
Configuring An Acp297................................................................................................................................................................
Configuring Many-to-one Nat For Outbound Traffic297................................................................................................................................................................
Configuring One-to-one Nat For Inbound Traffic298................................................................................................................................................................
Configuring One-to-one Nat With Port Translation298................................................................................................................................................................
Clearing Existing Policy Sessions305................................................................................................................................................................
Clearing Acl Counters306................................................................................................................................................................
Debugging Acls307................................................................................................................................................................
Using The Cli To Configure Many-to-one Nat308................................................................................................................................................................
Using The Cli To Configure One-to-one Nat310................................................................................................................................................................
Evaluating Traffic On Your Network316................................................................................................................................................................
Qos Mechanisms On The Procurve Secure Router317................................................................................................................................................................
Tos Field318................................................................................................................................................................
First In, First Out322................................................................................................................................................................
Cbwfq323................................................................................................................................................................
Frf.12324................................................................................................................................................................
Qos Maps324................................................................................................................................................................
Configuring Wfq326................................................................................................................................................................
Weight327................................................................................................................................................................
Packet Marking328................................................................................................................................................................
Enabling Wfq329................................................................................................................................................................
Setting The Queue Size330................................................................................................................................................................
Configuring Classes For Cbwfq331................................................................................................................................................................
Creating A Qos Map Entry332................................................................................................................................................................
Defining A Class332................................................................................................................................................................
Allocating Bandwidth To A Class338................................................................................................................................................................
Assigning The Qos Map To An Interface340................................................................................................................................................................
Special Considerations For Cbwfq With Multilinks340................................................................................................................................................................
Cbwfq Example Configuration341................................................................................................................................................................
Configuring Llq343................................................................................................................................................................
Determining Bandwidth For The Queue343................................................................................................................................................................
Determining Bandwidth For Voip344................................................................................................................................................................
Determining Bandwidth For Video Streaming347................................................................................................................................................................
Placing Traffic In A Low-latency Queue348................................................................................................................................................................
Setting The Bandwidth Guaranteed The Queue353................................................................................................................................................................
Marking Low Latency Packets With A Tos Value354................................................................................................................................................................
Marking Packets With A Tos Value355................................................................................................................................................................
Selecting The Traffic To Be Marked356................................................................................................................................................................
Setting The Tos Value360................................................................................................................................................................
Example Packet Marking Configuration361................................................................................................................................................................
Configuring Rate Limiting For Frame Relay362................................................................................................................................................................
Configuring Rate Limiting364................................................................................................................................................................
Setting The Committed Burst Rate364................................................................................................................................................................
Setting The Excessive Burst Rate365................................................................................................................................................................
Configuring Frame Relay Fragmentation366................................................................................................................................................................
Example Frame Relay Qos Configuration366................................................................................................................................................................
Configuring Qos For Ethernet367................................................................................................................................................................
Configuring Rate Limiting On An Ethernet Interface368................................................................................................................................................................
Configuring Qos Policies On An Ethernet Interface368................................................................................................................................................................
Example: Configuring Qos For Voip369................................................................................................................................................................
Special Needs370................................................................................................................................................................
Enabling Sip Services371................................................................................................................................................................
Defining Voip Traffic372................................................................................................................................................................
Determining The Required Bandwidth373................................................................................................................................................................
Marking Signaling Traffic For Special Treatment374................................................................................................................................................................
Configuring Frame Relay Rate Limiting375................................................................................................................................................................
Monitoring Qos376................................................................................................................................................................
Viewing Qos Maps377................................................................................................................................................................
Managing Queues378................................................................................................................................................................
Troubleshooting Common Configuration Problems379................................................................................................................................................................
A Map Becoming Inactive379................................................................................................................................................................
An Ethernet Interface Refusing To Take A Qos-policy380................................................................................................................................................................
Configuring Cbwfq381................................................................................................................................................................
Configuring A Low-latency Queue383................................................................................................................................................................
Marking Packets384................................................................................................................................................................
Configuring Qos On An Ethernet Interface385................................................................................................................................................................
Vpn Tunnels390................................................................................................................................................................
Ip Security (ipsec)390................................................................................................................................................................
Ipsec Headers391................................................................................................................................................................
Hash And Encryption Algorithms392................................................................................................................................................................
Ipsec Vpn Tunnels393................................................................................................................................................................
Security Associations (sas)393................................................................................................................................................................
Vpn Overlay399................................................................................................................................................................
Physical Setup400................................................................................................................................................................
Configuring A Vpn Using Ipsec401................................................................................................................................................................
Configuring Ipsec With Ike401................................................................................................................................................................
Configuring Ipsec With Manual Keying405................................................................................................................................................................
And Crypto Maps406................................................................................................................................................................
Configuration Tasks409................................................................................................................................................................
Enabling Crypto Commands409................................................................................................................................................................
Configuring Ike Policies409................................................................................................................................................................
Peer Id410................................................................................................................................................................
Initiate And Response Mode412................................................................................................................................................................
Attribute Policy414................................................................................................................................................................
Enabling Nat-traversal (nat-t) For A Client-to-site Vpn417................................................................................................................................................................
Configuring A Peer's Remote Id And Preshared Key418................................................................................................................................................................
Site-to-site Configuration419................................................................................................................................................................
Client-to-site Configuration420................................................................................................................................................................
Configuring A Remote Id List For A Vpn That Uses Digital420................................................................................................................................................................
Map Entry421................................................................................................................................................................
Defining Traffic Allowed Over The Vpn Tunnel421................................................................................................................................................................
Restricting Specified Hosts422................................................................................................................................................................
Permitting Local And Remote Networks423................................................................................................................................................................
Applying The Acl To A Crypto Map424................................................................................................................................................................
Example Configuration425................................................................................................................................................................
Configuring Ipsec Sa Parameters426................................................................................................................................................................
Transform Sets426................................................................................................................................................................
Crypto Maps428................................................................................................................................................................
Applying A Crypto Map To An Interface432................................................................................................................................................................
Mode Config (required For Client-to-site Vpns)433................................................................................................................................................................
Ike Mode Config433................................................................................................................................................................
Configuring An Ike Client Configuration Pool434................................................................................................................................................................
Applying The Pool To An Ike Policy435................................................................................................................................................................
Using Extended Authentication (xauth) (optional)435................................................................................................................................................................
Configuring An Xauth Server436................................................................................................................................................................
Configuring An Xauth Host439................................................................................................................................................................
Using Digital Certificates (optional)440................................................................................................................................................................
Obtaining Digital Certificates443................................................................................................................................................................
Managing Certificates447................................................................................................................................................................
Configuring A Vpn Using Ipsec With Manual Keying450................................................................................................................................................................
Configuring The Transform Set451................................................................................................................................................................
Configuring Crypto Maps For Manual Ipsec453................................................................................................................................................................
Monitoring A Vpn456................................................................................................................................................................
Troubleshooting A Vpn That Uses Ipsec459................................................................................................................................................................
Tools And Procedures459................................................................................................................................................................
Troubleshooting Commands460................................................................................................................................................................
Checking Wan Connections461................................................................................................................................................................
Monitoring The Ike Process Using Debug Commands462................................................................................................................................................................
Comparing Vpn Policies466................................................................................................................................................................
Returning Vpn Policies To Their Defaults472................................................................................................................................................................
Configuring A Site-to-site Vpn476................................................................................................................................................................
Configuring A Client-to-site Vpn480................................................................................................................................................................
Gre Tunnels488................................................................................................................................................................
Advantages And Disadvantages Of Gre489................................................................................................................................................................
Configuring Gre490................................................................................................................................................................
Creating The Tunnel Interface490................................................................................................................................................................
Configuring The Tunnel Source491................................................................................................................................................................
Configuring The Tunnel Destination492................................................................................................................................................................
Configuring The Tunnel's Ip Address493................................................................................................................................................................
Configuring The Tunnel Key493................................................................................................................................................................
Specifying Tunnel Traffic493................................................................................................................................................................
Sending Routing Updates Over The Tunnel494................................................................................................................................................................
Sending Multicasts Over The Tunnel495................................................................................................................................................................
Sending All Traffic To A Network Over The Tunnel496................................................................................................................................................................
Filtering Traffic That Arrives On The Tunnel497................................................................................................................................................................
Enabling Checksum Verification498................................................................................................................................................................
Troubleshooting Gre Configuration499................................................................................................................................................................
The Tunnel Goes Down499................................................................................................................................................................
The Router Does Not Receive Traffic Through The Tunnel500................................................................................................................................................................
The Router Does Not Receive Routing Updates500................................................................................................................................................................
Multicast Applications504................................................................................................................................................................
Ip Multicasting505................................................................................................................................................................
Multicast Addresses506................................................................................................................................................................
Host Groups506................................................................................................................................................................
Igmp507................................................................................................................................................................
Igmp Queries508................................................................................................................................................................
Igmp Reports508................................................................................................................................................................
Multicast Routing Protocols509................................................................................................................................................................
Igmp Proxy510................................................................................................................................................................
Configuring Igmp Proxy For Multicast Stub Routing Support512................................................................................................................................................................
Enabling Ip Multicast Routing513................................................................................................................................................................
Setting The Multicast Helper Address513................................................................................................................................................................
Which Upstream514................................................................................................................................................................
Configuring A Downstream Interface515................................................................................................................................................................
Configuring An Igmp Multicast Agent515................................................................................................................................................................
Enabling Igmp Proxy516................................................................................................................................................................
Enabling Multicast Forwarding516................................................................................................................................................................
Configuring An Upstream Interface517................................................................................................................................................................
Tunneling Multicast Traffic Through The Internet517................................................................................................................................................................
Adding The Router Stack To A Multicast Group518................................................................................................................................................................
Altering Igmp Query Intervals518................................................................................................................................................................
Troubleshooting Multicast Stub Routing And Igmp521................................................................................................................................................................
Strategies And Tools521................................................................................................................................................................
Procedure For Troubleshooting Multicast Stub Routing522................................................................................................................................................................
Multicast Trees532................................................................................................................................................................
Sp Tree533................................................................................................................................................................
Multicast Routing Table534................................................................................................................................................................
Joining A Shared Or Rp Tree536................................................................................................................................................................
Switching From An Rp To An Sp Tree537................................................................................................................................................................
Edge Routers540................................................................................................................................................................
A Source's Dr542................................................................................................................................................................
Multicasting First543................................................................................................................................................................
Switched To An Sp Tree544................................................................................................................................................................
Rp Selection545................................................................................................................................................................
Pim-sm Packets546................................................................................................................................................................
Join/prune Packets546................................................................................................................................................................
Register Packets553................................................................................................................................................................
Register-stop Packets554................................................................................................................................................................
Bootstrap Packets554................................................................................................................................................................
Configuring Pim-sm556................................................................................................................................................................
Enabling Pim-sm557................................................................................................................................................................
Configuring A Static Rp Set558................................................................................................................................................................
Specifying Static Rps That Support All Groups559................................................................................................................................................................
Specifying A Static Rp For A Specific Group559................................................................................................................................................................
Specifying When The Router Switches To The Sp Tree563................................................................................................................................................................
Forcing The Router To Use The Rp Tree Permanently564................................................................................................................................................................
Changing An Interface's Dr Priority564................................................................................................................................................................
Changing Pim-sm Timers565................................................................................................................................................................
Join/prune Period566................................................................................................................................................................
Hello Timer567................................................................................................................................................................
Override And Propagation Delay Timers567................................................................................................................................................................
Configuration Examples568................................................................................................................................................................
Specific Groups573................................................................................................................................................................
Troubleshooting Pim-sm576................................................................................................................................................................
Monitoring The Multicast Routing Table576................................................................................................................................................................
Flags577................................................................................................................................................................
First Line Of A Multicast Routing Table Entry578................................................................................................................................................................
Incoming Interface580................................................................................................................................................................
Outgoing Interface List581................................................................................................................................................................
Viewing Pim-sm Information582................................................................................................................................................................
Pim-sm Troubleshooting Process584................................................................................................................................................................
Troubleshooting An Edge Router584................................................................................................................................................................
Neighbors589................................................................................................................................................................
Lldp Messages601................................................................................................................................................................
Viewing Lldp Information602................................................................................................................................................................
Viewing Lldp Neighbor Information603................................................................................................................................................................
Viewing Local Lldp Activity606................................................................................................................................................................
Viewing Real-time Lldp Messages: Debug Lldp Commands607................................................................................................................................................................
Viewing Lldp Timers609................................................................................................................................................................
Configuring Lldp610................................................................................................................................................................
Preventing An Interface From Sending Certain Lldp Messages610................................................................................................................................................................
Preventing An Interface From Receiving Lldp Messages612................................................................................................................................................................
Altering Lldp Timers612................................................................................................................................................................
Routing Protocols620................................................................................................................................................................
Router621................................................................................................................................................................
Advantages And Disadvantages Of Routing Protocols624................................................................................................................................................................
Load Sharing625................................................................................................................................................................
Configuring Rip626................................................................................................................................................................
Rip Updates, V1 And V2627................................................................................................................................................................
And Triggered Updates629................................................................................................................................................................
Rip Timing Intervals631................................................................................................................................................................
Rip Configuration Considerations632................................................................................................................................................................
Selecting A Rip Version633................................................................................................................................................................
Setting A Global Rip Version634................................................................................................................................................................
Setting Rip Versions For Particular Interfaces634................................................................................................................................................................
Specifying Networks That Will Participate In Rip635................................................................................................................................................................
Redistributing Routes636................................................................................................................................................................
Redistributing Connected Routes637................................................................................................................................................................
Redistributing Ospf Routes638................................................................................................................................................................
Sending Updates640................................................................................................................................................................
Altering Rip Intervals642................................................................................................................................................................
Configuring Ospf643................................................................................................................................................................
Lsas644................................................................................................................................................................
Point-to-point Versus Multi-access Networks644................................................................................................................................................................
Areas645................................................................................................................................................................
Lsa Types647................................................................................................................................................................
Route Computation649................................................................................................................................................................
Ospf Configuration Concerns650................................................................................................................................................................
Setting The Router Id655................................................................................................................................................................
Advertising Networks And Establishing Ospf Areas656................................................................................................................................................................
Configuring Stub Areas657................................................................................................................................................................
One Area To Routers In Another Area658................................................................................................................................................................
Example Configuration Of Ospf Areas663................................................................................................................................................................
Prohibiting The Advertisement Of Networks665................................................................................................................................................................
Generating A Default External Route (asbr)665................................................................................................................................................................
Configuring Route Summaries For Asbrs666................................................................................................................................................................
Configuring Cost Calculation For A Link668................................................................................................................................................................
Redistributing Routes Discovered By Other Protocols (asbrs)669................................................................................................................................................................
Redistributing Rip Routes670................................................................................................................................................................
Redistributing Connected And Static Routes670................................................................................................................................................................
Configuring The Default Metric For Redistributed Routes671................................................................................................................................................................
Changing A Router's Dr Priority671................................................................................................................................................................
Altering Ospf Intervals672................................................................................................................................................................
Configuring Ospf Authentication674................................................................................................................................................................
Example Ospf Configuration675................................................................................................................................................................
Configuring Bgp679................................................................................................................................................................
Bgp Advantages679................................................................................................................................................................
Vrf And Mpls680................................................................................................................................................................
Multihoming681................................................................................................................................................................
Bgp Neighbors682................................................................................................................................................................
Bgp Messages682................................................................................................................................................................
Bgp Configuration Concerns682................................................................................................................................................................
Enabling Bgp684................................................................................................................................................................
Advertising Local Networks685................................................................................................................................................................
Configuring A Bgp Neighbor686................................................................................................................................................................
Setting The Bgp Neighbor Id686................................................................................................................................................................
Specifying The Local And Remote As687................................................................................................................................................................
Load Balancing688................................................................................................................................................................
Balancing Loads Over Connections To Different Neighbors690................................................................................................................................................................
Creating Prefix Lists: Configuring Filters For Route Exchange692................................................................................................................................................................
Naming The List694................................................................................................................................................................
Discarding Or Allowing Routes694................................................................................................................................................................
Applying Filters695................................................................................................................................................................
Example Bgp Policies695................................................................................................................................................................
Example Prefix List Configuration699................................................................................................................................................................
For Route Exchange700................................................................................................................................................................
Creating A Route Map Entry701................................................................................................................................................................
Configuring A Community List702................................................................................................................................................................
Configuring An As Path List703................................................................................................................................................................
Defining The Routes That A Router Can Advertise703................................................................................................................................................................
To Advertise A Route To Certain Peers Only708................................................................................................................................................................
Prepending Private As Numbers For Load Balancing710................................................................................................................................................................
Filtering Inbound Routes714................................................................................................................................................................
Applying Policies To Inbound Routes716................................................................................................................................................................
Deleting Communities From A Route717................................................................................................................................................................
Applying A Route Map Entry To A Bgp Neighbor718................................................................................................................................................................
Enabling Soft Reconfiguration718................................................................................................................................................................
Prohibiting The Advertisement Of Default Routes718................................................................................................................................................................
Disabling Igp Synchronization719................................................................................................................................................................
Configuring Route Summarizations719................................................................................................................................................................
Setting Administrative Distance For Bgp Routes719................................................................................................................................................................
Altering Bgp Intervals720................................................................................................................................................................
Example 1: Baseline Bgp Configuration721................................................................................................................................................................
Example 3: Configuring A Standard Bgp Policy On A Router That Receives Routes To Remote Private Sites725................................................................................................................................................................
Multihomes727................................................................................................................................................................
Configuring Load Sharing734................................................................................................................................................................
Configuring Policy-based Routing737................................................................................................................................................................
Configuring A Route Map For Pbr739................................................................................................................................................................
Selecting Traffic For A Route Map Entry740................................................................................................................................................................
Implementing Pbr According To Source741................................................................................................................................................................
Implementing Pbr According To Application744................................................................................................................................................................
Implementing Pbr According To Traffic Priority746................................................................................................................................................................
Implementing Pbr According To Payload Size749................................................................................................................................................................
Setting The Routing Policy In A Route Map Entry750................................................................................................................................................................
Configuring Default Routes In A Route Map Entry752................................................................................................................................................................
Using A Route Map To Mark Packets With A Qos Value753................................................................................................................................................................
Setting The Don't Fragment Bit755................................................................................................................................................................
Assigning A Route Map To An Interface756................................................................................................................................................................
Applying A Route Map To Router Traffic756................................................................................................................................................................
Pbr Configuration Examples756................................................................................................................................................................
Routing Traffic To A Caching Server758................................................................................................................................................................
Reserving A Connection For Voip And Video Traffic759................................................................................................................................................................
Troubleshooting Routing760................................................................................................................................................................
Monitoring The Routing Table760................................................................................................................................................................
Monitoring Routes763................................................................................................................................................................
Clearing Routes763................................................................................................................................................................
Troubleshooting Rip765................................................................................................................................................................
Router Not Receiving Routes765................................................................................................................................................................
Router's Subnets766................................................................................................................................................................
Troubleshooting Ospf767................................................................................................................................................................
Troubleshooting An Internal Router770................................................................................................................................................................
Troubleshooting An Abr774................................................................................................................................................................
Troubleshooting Bgp776................................................................................................................................................................
Troubleshooting A Prefix List784................................................................................................................................................................
Troubleshooting A Route Map785................................................................................................................................................................
Other Common Bgp Problems786................................................................................................................................................................
Monitoring And Troubleshooting Pbr787................................................................................................................................................................
Rip Routing791................................................................................................................................................................
Ospf Routing791................................................................................................................................................................
Configuring An Internal Router792................................................................................................................................................................
Configuring An Abr793................................................................................................................................................................
Configuring An Asbr794................................................................................................................................................................
Configuring Pbr796................................................................................................................................................................
Configuring Access To The Web Browser Interface804................................................................................................................................................................
Enabling Access To The Web Browser Interface804................................................................................................................................................................
Managing Autosynchtm, Files, Firmware, And Boot Software805................................................................................................................................................................
Configuration807................................................................................................................................................................
Firmware810................................................................................................................................................................
Reboot Unit813................................................................................................................................................................
Telnet To Unit814................................................................................................................................................................
Enabling Ip Services On The Router815................................................................................................................................................................
Web Access Configuration817................................................................................................................................................................
Increasing Bandwidth818................................................................................................................................................................
Backup Modules821................................................................................................................................................................
Configuring The Procurve Secure Router Os Firewall821................................................................................................................................................................
Enabling Attack Checking823................................................................................................................................................................
Enabling Algs824................................................................................................................................................................
Configuring Session Timeouts825................................................................................................................................................................
Using The Firewall Wizard826................................................................................................................................................................
Configuring Access Control From The Web Browser Interface830................................................................................................................................................................
Filtering, Or Blocking, Traffic833................................................................................................................................................................
Allowing Traffic834................................................................................................................................................................
Configuring Many-to-one Nat836................................................................................................................................................................
Configuring One-to-one Nat837................................................................................................................................................................
Customizing Your Policies840................................................................................................................................................................
Changing The Order Of Policies843................................................................................................................................................................
Assigning The Security Zone (the Acp) To An Interface843................................................................................................................................................................
Configuring Quality Of Service844................................................................................................................................................................
Configuring Qos For Voip With The Qos Wizard847................................................................................................................................................................
Configuring Packet Marking856................................................................................................................................................................
Configuring Frame Relay Fragmentation And Rate Limiting858................................................................................................................................................................
Setting Up Virtual Private Networks859................................................................................................................................................................
Vpn Wizard860................................................................................................................................................................
Vpn Peer Name860................................................................................................................................................................
Public Interface861................................................................................................................................................................
Peer Type861................................................................................................................................................................
Mobile Vpn Peer Settings (client-to-site Vpn Only)862................................................................................................................................................................
Extended Authentication (client-to-site Vpn Only)863................................................................................................................................................................
Remote Network864................................................................................................................................................................
Local Network864................................................................................................................................................................
Authentication Type865................................................................................................................................................................
Remote Id866................................................................................................................................................................
Local Id866................................................................................................................................................................
Ike Settings (custom Setup Only)867................................................................................................................................................................
Ipsec Settings (custom Setup Only)869................................................................................................................................................................
Confirm Settings870................................................................................................................................................................
Vpn Peers872................................................................................................................................................................
Adding A Second Remote Site To The Vpn872................................................................................................................................................................
Configuring Advanced Vpn Parameters883................................................................................................................................................................
Configuring Ike Sa Parameters883................................................................................................................................................................
Enabling Xauth889................................................................................................................................................................
Adding Remote Ids890................................................................................................................................................................
Obtaining Certificates893................................................................................................................................................................
Obtaining Certificates Manually895................................................................................................................................................................
Obtaining Certificates Automatically900................................................................................................................................................................
Setting Up Generic Routing Encapsulation (gre) Tunnels904................................................................................................................................................................
Multicast908................................................................................................................................................................
Setting Lldp Timers909................................................................................................................................................................
Enabling And Disabling Lldp On An Interface910................................................................................................................................................................
Viewing Lldp Neighbors911................................................................................................................................................................
Routing913................................................................................................................................................................
Specifying Ospf Networks917................................................................................................................................................................
Redistributing Routes Into Ospf919................................................................................................................................................................
Generating A Default Route (asbr)920................................................................................................................................................................
Advertising Summary Routes (asbr)921................................................................................................................................................................
Configuring Global Ospf Parameters922................................................................................................................................................................
Configuring Ospf Parameters For Individual Interfaces924................................................................................................................................................................
Viewing Ospf Information926................................................................................................................................................................
Configuring The Physical And Data Link Layers934................................................................................................................................................................
Mannheim938................................................................................................................................................................
Dublin943................................................................................................................................................................
Prague945................................................................................................................................................................
Configuring Ip Routing948................................................................................................................................................................
Berlin949................................................................................................................................................................
Configuring A Client-to-site Virtual Private Network (vpn)955................................................................................................................................................................
Configuring Multicast Support958................................................................................................................................................................
Dublin And Prague960................................................................................................................................................................
Running Configurations961................................................................................................................................................................

Advertisement

Share and save

Advertisement