3Com MSR 50 Series Configuration Manual Download Page 1845

Page: 1845 / 2443

PKI Configuration Examples

1845

[RouterA]pki domain 1

[RouterA-pki-domain-1] ca identifier CA1

[RouterA-pki-domain-1] certificate request url http://1.1.1.100/cert

srv/mscep/mscep.dll

[RouterA-pki-domain-1] certificate request entity en

[RouterA-pki-domain-1] ldap-server ip 1.1.1.102

# Set the registration authority to RA.

[RouterA-pki-domain-1] certificate request from ra

# Configure the URL for the CRL distribution. This is not necessary if CRL checking
is disabled.

[RouterA-pki-domain-1] crl url ldap://1.1.1.102

[RouterA-pki-domain-1] quit

# Create a local key pair using RSA.

[RouterA] public-key local create rsa

# Request a certificate.

[RouterA] pki retrieval-certificate ca domain 1

[RouterA] pki retrieval-crl domain 1

[RouterA] pki request-certificate domain 1

# Configure IKE proposal 1, using RSA signature for identity authentication.

[RouterA] ike proposal 1

[RouterA-ike-proposal-1] authentication-method rsa-signature

[RouterA-ike-proposal-1] quit

# Specify the PKI domain for the IKE peer.

[RouterA]ike peer peer

[RouterA-ike-peer-peer]certificate domain 1

Configure Router B

# Configure the entity name space.

<RouterB> system-view

[RouterB] pki entity en

[RouterB-pki-entity-en] ip 3.3.3.1

[RouterB-pki-entity-en] common-name routerB

[RouterB-pki-entity-en] quit

# Configure the PKI domain. Note that the URL of the enrollment server varies by
the used CA server.

[RouterB]pki domain 1

[RouterB-pki-domain-1] ca identifier CA2

[RouterB-pki-domain-1] certificate request url http://2.1.1.100/cert

srv/mscep/mscep.dll

[RouterB-pki-domain-1] certificate request entity en

[RouterB-pki-domain-1] ldap-server ip 2.1.1.102

«
...
1843
1844
1845
1846
1847
...
»

Summary of Contents for MSR 50 Series

Page 1: ...H3C MSR 20 30 50 Series Routers Configuration Manual v1 00 MSR 20 Series Routers MSR 30 Series Routers MSR 50 Series Routers www 3Com com Part Number 10016324 Rev AA August 2007...

Page 2: ...as provided in DFAR 252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentat...

Page 3: ...n ATM OC 3c STM 1 Interface 77 ADSL Interface Configuration 77 Overview 77 Configuring an ADSL Interface 79 Upgrading ADSL2 Card Software 79 G SHDSL Interface Configuration 80 Overview 80 Configuring...

Page 4: ...r 3 Ethernet Interfaces 96 Configuration Task List 96 Setting the MTU for an Ethernet Interface 96 Configuring the Suppression Time of Link Layer State Changes on an Ethernet Interface 97 Maintaining...

Page 5: ...playing and Maintaining T1 F Interfaces 119 CE3 Interface 119 Overview 119 Configuring a CE3 Interface in E3 Mode 119 Configuring a CE3 Interface operating in CE3 Mode 120 Configuring Other CE3 Interf...

Page 6: ...lure 149 ATM Interface State Error 150 PVC State is Down while ATM Interface State is Up 150 Ping Failure after PPPoA Configuration 150 Packet Loss and CRC Errors and Changes of Interface State 151 6...

Page 7: ...17 Applying an ACL in DLSw 217 Configuring DLSw in an SDLC Environment 218 Configuring DLSw 218 Configuring an SDLC Interface 219 Enabling DLSw Forwarding on an SDLC Interface 219 Configuring SDLC Rol...

Page 8: ...iguring Frame Relay over IP Network 246 Configuring Annex G 246 Displaying and Maintaining Frame Relay 246 Frame Relay Configuration Example 247 Interconnecting LANs through Frame Relay Network 247 In...

Page 9: ...APB Protocols 283 Configuring LAPB 285 Configuring X 25 286 Configuring X 25 Interface Parameters 286 Configuring X 25 Interface Supplementary Parameters 290 Configuring X 25 Datagram Transmission 292...

Page 10: ...ion Example 340 Troubleshooting LAPB Configuration 340 LAPB or X 25 of Two Sides Always Being Down 340 Failed to Ping the Other Side with X 25 on Both Sides Being Up 341 Troubleshooting X 25 Configura...

Page 11: ...Configuring the Local Device to Authenticate the Peer Using PAP 368 Configuring the Local Device to Authenticate the Peer Using CHAP 368 Configuring the Local Device to Be Authenticated by the Peer Us...

Page 12: ...ent Bridging over PPP 413 Transparent Bridging over MP 414 Transparent Bridging over FR 415 Transparent Bridging X 25 416 Transparent Bridging over HDLC 416 Inter VLAN Transparent Bridging 417 Bridgin...

Page 13: ...vice 462 Configuring the Maximum Hops of an MST Region 463 Configuring the Network Diameter of a Switched Network 464 Configuring Timers of MSTP 464 Configuring the Timeout Factor 465 Configuring the...

Page 14: ...butes 490 Configuring a Port Based VLAN 491 Introduction to Port Based VLAN 491 Configuring the Access Port Based VLAN 492 Configuring the Trunk Port Based VLAN 493 Configuring the Hybrid Port Based V...

Page 15: ...ION Logical Interface Overview 525 Dialer Interface 525 Loopback Interface 525 Introduction to Loopback Interface 525 Configuring a Loopback Interface 526 Null Interface 526 Introduction to Null Inter...

Page 16: ...ntry Check 553 Enabling the Support for ARP Requests from a Natural Network 553 ARP Configuration Example 553 Configuring Gratuitous ARP 554 Introduction to Gratuitous ARP 554 Configuring Gratuitous A...

Page 17: ...etBIOS Node Type for the Client 579 Configuring the BIMS server Information for the Client 579 Configuring Gateways for the Client 580 Configuring Option 184 Parameters for the Client with Voice Servi...

Page 18: ...Configuring DHCP Snooping Basic Functions 602 Displaying and Maintaining DHCP Snooping 602 DHCP Snooping Configuration Example 602 37 BOOTP CLIENT CONFIGURATION Introduction to BOOTP Client 605 BOOTP...

Page 19: ...P Addressing 630 41 IP PERFORMANCE CONFIGURATION IP Performance Overview 631 Enabling the Device to Forward Directed Broadcasts 631 Enabling the Device to Forward Directed Broadcasts 631 Configuration...

Page 20: ...nction 665 Configuring an IPv6 Unicast Address 665 Configuring IPv6 NDP 666 Configuring a Static Neighbor Entry 666 Configuring the Maximum Number of Neighbors Dynamically Learned 667 Configuring Para...

Page 21: ...figuring Static IPv4 to IPv6 and IPv6 to IPv4 Mappings 688 Troubleshooting NAT PT 690 48 DUAL STACK CONFIGURATION Dual Stack Overview 691 Configuring Dual Stack 691 49 TUNNELING CONFIGURATION Introduc...

Page 22: ...xamples 734 Configuring Policy Routing Based on Source Address 734 Configuring Policy Routing Based on Packet Size 736 51 TERMINAL ACCESS CONFIGURATION Introduction to Terminal Access 739 Typical Appl...

Page 23: ...rivers 791 Configuration Prerequisites 791 Modifying System Configuration File inittab 792 Editing the ttyd Configuration File 792 Modifying Route Configuration File 792 Running and Terminating ttyd o...

Page 24: ...BGP Messages 826 BGP Path Attributes 829 BGP Route Selection 832 IBGP and IGP Information Synchronization 834 Settlements for Problems Caused by Large Scale BGP Networks 835 BGP GR 838 MP BGP 839 Prot...

Page 25: ...tionship Established 874 57 IS IS CONFIGURATION IS IS Overview 877 Basic Concepts 877 IS IS Area 879 IS IS Network Type 882 IS IS PDU Format 883 IS IS Features Supported 889 Protocols and Standards 89...

Page 26: ...lated RFCs 937 OSPF Configuration Task List 937 Configuring OSPF Basic Functions 939 Prerequisites 939 Configuration Procedure 939 Configuring OSPF Area Parameters 940 Prerequisites 940 Configuration...

Page 27: ...guration 954 OSPF Configuration Examples 955 Configuring OSPF Basic Functions 955 Configuring an OSPF Stub Area 958 Configuring an OSPF NSSA Area 960 Configuring OSPF DR Election 962 Configuring OSPF...

Page 28: ...ters 992 Routing Policy Application 993 Routing Policy Configuration Task List 993 Defining Filtering Lists 993 Prerequisites 993 Defining an IP prefix List 993 Defining an AS Path ACL 995 Defining a...

Page 29: ...es 1020 Configuring IPv6 BGP Route Redistribution 1020 Advertising a Default Route to a Peer Peer Group 1020 Configuring Route Distribution Policy 1021 Configuring Route Reception Policy 1021 Configur...

Page 30: ...49 OSPFv3 Packets 1049 OSPFv3 LSA Types 1050 Timers of OSPFv3 1050 OSPFv3 Features Supported 1051 Related RFCs 1051 IPv6 OSPFv3 Configuration Task List 1051 Configuring OSPFv3 Basic Functions 1052 Pre...

Page 31: ...n 1073 Advertising a Default Route 1073 Configuring a RIPng Route Filtering Policy 1073 Configuring the RIPng Priority 1074 Configuring RIPng Route Redistribution 1074 Optimizing the RIPng Network 107...

Page 32: ...onfiguring a Multicast Routing Policy 1104 Configuring Multicast Forwarding Range 1104 Configuring Multicast Forwarding Table Size 1105 Tracing a Multicast Path 1106 Displaying and Maintaining Multica...

Page 33: ...eer 1139 Configuring an MSDP Peer Connection 1140 Configuration Prerequisites 1140 Configuring MSDP Peer Description 1140 Configuring an MSDP Mesh Group 1140 Configuring MSDP Peer Connection Control 1...

Page 34: ...mon Information 1187 PIM Common Information Configuration Task List 1187 Configuration Prerequisites 1187 Configuring a PIM Filter 1188 Configuring PIM Hello Options 1188 Configuring PIM Common Timers...

Page 35: ...1225 Configuring an IPv6 Multicast Group Filter 1225 Adjusting MLD Performance 1226 Configuration Prerequisites 1226 Configuring MLD Message Options 1226 Configuring MLD Query and Response Parameters...

Page 36: ...PIM Configuration Examples 1263 IPv6 PIM DM Configuration Example 1263 IPv6 PIM SM Configuration Example 1267 IPv6 PIM SSM Configuration Example 1272 Troubleshooting IPv6 PIM Configuration 1275 Failu...

Page 37: ...ty 1325 Configuration Prerequisites 1326 Configuration Procedure 1326 Configuring PHP 1326 Configuration Prerequisites 1326 Configuration Procedure 1326 Configuring a Static LSP 1327 Configuration Pre...

Page 38: ...URATION MPLS TE Overview 1345 Traffic Engineering and MPLS TE 1345 Basic Concepts of MPLS TE 1347 MPLS TE Implementation 1347 CR LSP 1348 CR LDP 1349 RSVP TE 1349 Traffic Forwarding 1354 Automatic Ban...

Page 39: ...Example 1386 MPLS TE Tunnel Using RSVP TE Configuration Example 1390 RSVP TE GR Configuration Example 1396 MPLS TE Using CR LDP Configuration Example 1398 CR LSP Backup Configuration Example 1405 FRR...

Page 40: ...VPN Packet Forwarding 1463 MPLS L3VPN Networking Schemes 1464 MPLS L3VPN Routing Information Advertisement 1467 Carrier s Carrier 1468 Multi AS VPN 1470 Multi Role Host 1473 HoVPN 1473 OSPF VPN Extens...

Page 41: ...501 Example for Configuring MPLS L3VPNs Using a GRE Tunnel 1508 Example for Configuring Inter Provider VPN Option A 1513 Example for Configuring Inter Provider VPN Option B 1519 Example for Configurin...

Page 42: ...Configuring a DVPN Route 1571 Displaying and Maintaining DVPN 1571 DVPN Configuration Example 1571 DVPN Configuration Example for Full Mesh Networks 1571 DVPN Configuration Example for Spoke Hub Netwo...

Page 43: ...4 Causes 1624 Impact 1625 Countermeasure 1625 Traffic Management Technologies 1625 84 TRAFFIC CLASSIFICATION POLICING AND SHAPING Traffic Classification Overview 1627 Traffic classification 1627 Prior...

Page 44: ...1663 Defining Policy 1668 Applying Policy 1669 CBQ Configuration Example 1670 Displaying and Maintaining CBQ 1672 Configuring RTP Priority Queuing 1672 Configuring RTP Priority Queuing 1672 RTP PQ Con...

Page 45: ...MPLS QoS Configuration Example 1692 Configuring QoS for Traffics in the Same VPN 1692 90 DAR CONFIGURATION DAR Overview 1697 IP Packet 1697 TCP Packet 1699 UDP Packet 1700 HTTP Packet 1700 RTP Packet...

Page 46: ...tion of 802 1x in the Devices 1738 Features Working Together with 802 1x 1738 Guest VLAN 1739 Configuring 802 1x 1740 Configuration Prerequisites 1740 Configuring 802 1x Globally 1740 Configuring 802...

Page 47: ...or HWTACACS Packets 1779 Configuring Attributes Related to the Data Sent to the TACACS Server 1779 Setting Timers Regarding HWTACACS Servers 1780 Displaying and Maintaining AAA RADIUS HWTACACS 1780 Di...

Page 48: ...ion Examples 1806 Local MAC Authentication Example 1806 RADIUS Based MAC Authentication Example 1807 96 NAT CONFIGURATION NAT Overview 1811 Introduction to NAT 1811 NAT Functionalities 1813 NAT Config...

Page 49: ...IKE Negotiation 1844 Configuring a Certificate Attribute Based Access Control Policy 1846 Troubleshooting PKI 1848 Failed to Retrieve a CA Certificate 1848 Failed to Request a Local Certificate 1849 F...

Page 50: ...1882 Configuring a Manual IPSec Policy 1883 Configuring an IKE Dependent IPSec Policy 1884 Applying an IPSec Policy Group to an Interface 1887 Binding an IPSec Policy Group to an Encryption Card 1887...

Page 51: ...a Client Public Key 1925 Configuring an SSH User 1926 Setting the SSH Management Parameters 1927 Configuring the Device as an SSH Client 1928 SSH Client Configuration Tasks 1928 Specifying a Source IP...

Page 52: ...e 1958 Graceful Restart Mechanism for Several Commonly Used Protocols 1960 106 BACKUP CENTER CONFIGURATION Introduction to the Backup Center 1961 Basic Concepts of the Backup Center 1961 How the Backu...

Page 53: ...terface Tracking Configuration Example 1990 Multiple VRRP Standby Groups Configuration Example 1993 IPv6 Based VRRP Configuration Example 1995 Single VRRP Standby Group Configuration Example 1995 VRRP...

Page 54: ...on Example 2033 SNMP Test Configuration Example 2035 TCP Test Configuration Example 2036 UDP echo Test Configuration Example 2037 DLSw Test Configuration Example 2038 110 NETSTREAM CONFIGURATION NetSt...

Page 55: ...cedure 2060 Configuring NTP Authentication 2060 Configuration Prerequisites 2060 Configuration Procedure 2061 Displaying and Maintaining NTP 2062 NTP Configuration Examples 2062 Configuring NTP Server...

Page 56: ...ying a Configuration File for Next Startup 2102 Backing up Restoring the Configuration File for Next Startup 2103 Displaying and Maintaining Device Configuration 2104 115 FTP CONFIGURATION FTP Overvie...

Page 57: ...e Error Information 2135 Edit Features 2136 119 INFORMATION CENTER CONFIGURATION Information Center Overview 2137 Introduction to Information Center 2137 System Information Format 2141 Configuring Inf...

Page 58: ...C Address Table 2165 Configuring MAC Address Table Management 2166 Configuring MAC Address Entries 2166 Disabling Global MAC Address Learning 2166 Disabling MAC Address Learning on an Ethernet Port or...

Page 59: ...Network Diagram 2196 Configuration Procedure 2196 126 ACSEI CONFIGURATION Introduction to ACSEI 2199 Basic Concepts in ACSEI 2199 ACSEI Timers 2200 ACSEI Startup and Running 2200 ACSEI Server Configur...

Page 60: ...2220 Configuring IPX Route Number Limitation 2220 Enabling IPX RIP to Redistribute Static Routes 2220 Configuring IPX RIP Parameters 2221 Configuring IPX SAP 2221 Configuration Prerequisite 2221 Enabl...

Page 61: ...equisites 2251 Configuration Procedure 2251 Configuring FXS Voice Subscriber Line 2251 Configuration Prerequisites 2251 Configuring CID 2251 Configuring Packet Loss Compensation Mode 2252 Configuring...

Page 62: ...ty 2271 Configuration Task List 2271 Configuration Prerequisites 2271 Creating VoIP Entity 2271 Configuring Basic Functions 2271 Configuring DTMF Transmission 2272 Configuring Fast Connection and Tunn...

Page 63: ...on for A Voice Entity 2299 Configuring Number Substitution for A Voice Subscriber Line 2300 Configuring Number Sending Mode 2300 Configuration Prerequisites 2300 Configuration Procedure 2300 Configuri...

Page 64: ...a Range of Timeslots 2334 Configuring Digital LGS Signaling 2334 Configuring the Time Adjustment Function 2334 Querying the Trunk Circuits of a Timeslot or a Range of Timeslots 2334 Displaying and Mai...

Page 65: ...2369 SIP Messages 2370 SIP Fundamentals 2370 SIP Configuration Task List 2373 SIP UA Configuration 2373 Configuring SIP Authentication Information 2374 Configuring Registrar Information on SIP UA 237...

Page 66: ...rotocol 2394 Configuring Trunk Timer Length in FRF 11 Trunk Mode 2395 Configuring VoFR Packets to Carry Sequence Number 2395 Displaying and Maintaining VoFR 2395 VoFR Configuration Example 2395 Huawei...

Page 67: ...ystem 2426 Call Services Configuration Task List 2427 Configuring Call Waiting 2427 Configuration Prerequisites 2427 Enabling Disabling Call Waiting Using Keys 2427 Configuring Call Waiting Using Comm...

Page 68: ...ing Using Keys 2436 Configuring Outgoing Call Barring Using Command Lines 2436 Configuration Example 2436 Configuring FEATURE Service 2436 Configuration Prerequisites 2437 Enabling Disabling FEATURE S...

Page 69: ...are used throughout this guide Table 1 Notice Icons Icon Notice Type Description n Information note Information that describes important features or instructions c Caution Information that alerts you...

Page 70: ...of all interface cards and modules available with the router LMR Series Routers Cable Manual Describes the pinouts of the cables available for LMR series routers Release Notes Contains the latest inf...

Page 71: ...implementing broadband communications Digital subscriber line DSL is a technology providing high speed data transmission over the copper wire It includes asymmetric digital subscriber line ADSL high b...

Page 72: ..._VBR Constant bit rate CBR Unspecified bit rate UBR Permanent virtual circuit PVC Per VC traffic shaping User to network Interface UNI RFC1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5 R...

Page 73: ...the IMA T1 interface module The line coding formats for IMA E1 interfaces and IMA T1 interfaces are fixed to high density bipolar of order 3 HDB3 and bipolar with 8 zero substitution B8ZS They are not...

Page 74: ...address to the IMA group interface ip address ip address address mask Required Not assigned by default Set the number of cells in an IMA frame frame length 32 64 128 256 Optional The default is 128 S...

Page 75: ...the IMA groups Sysname interface ima group 5 1 Sysname Ima group5 1 ip address 10 110 110 1 255 255 255 0 Sysname Ima group5 1 pvc aaa 1 42 Sysname atm pvc Ima group5 1 1 42 aaa map ip 10 10 10 10 bro...

Page 76: ...e module ATM OC 3c STM 1 Interface Configuration This section covers these topics Overview on page 72 Configuring an ATM OC 3c STM 1 Interface on page 77 To do Use the command Remarks Enter system vie...

Page 77: ...mission rates by improving modulation rate coding gain initialization state machine by reducing frame head overhead and by using enhanced signal processing methods For example given the same bands ADS...

Page 78: ...nel mode uplink and downlink speeds and noise tolerance and attempts to reach an agreement If the activation succeeds a communication connection is set up between the two parties When negotiating conn...

Page 79: ...the ADSL interface clock master slave Optional The interface is active by default Configure the ADSL interface standard adsl standard auto g9923 g9925 gdmt glite t1413 Optional The default is auto sen...

Page 80: ...transmission distance means the contrary When setting up a link G SHDSL can automatically make tuning for a reasonable speed taking into consideration the actual line conditions such as distance and...

Page 81: ...alue Optional By default current margin value is set to 2 and snext margin value is set to 0 Set the PSD mode shdsl psd asymmetry symmetry Optional The default is symmetry To do Use the command Remark...

Page 82: ...however beyond the scope of this manual On the CPE you may do the following when problem occurs 1 Read the LEDs for the DSL interface card When the DSL line is training the LINK LED blinks After the a...

Page 83: ...This reduces signal attenuation and device investment POS Packet over SONET SDH POS is a technology popular in WAN and MAN It can support packet data such as IP packets POS maps length variable packet...

Page 84: ...H Configure scrambling scramble Optional Enabled by default Set the link type link protocol ppp fr nonstandard ietf mfr interface number hdlc Optional The default is PPP Set the interface MTU mtu mtu...

Page 85: ...e Router A Configure interface POS 1 0 setting its physical parameters to defaults RouterA system view RouterA interface pos 1 0 RouterA Pos1 0 ip address 10 110 1 10 255 255 255 0 RouterA Pos1 0 link...

Page 86: ...pos 1 0 RouterA Pos1 0 clock slave Configure Frame Relay encapsulation on the interface RouterA Pos1 0 link protocol fr RouterA Pos1 0 fr interface type dte RouterA Pos1 0 quit Create sub interface 1...

Page 87: ...nd receiving fibers optic are correctly connected to the POS interface If you connect the two ends of a fiber optic to the transmitting end and the receiving end of the same POS interface you can see...

Page 88: ...88 CHAPTER 2 POS INTERFACE CONFIGURATION The correct clock mode is configured on the POS interface If not enormous amount of CRC errors can be generated Check that the MTU configuration is appropriate...

Page 89: ...arding interface Combo port and its corresponding electrical port work in a TX SFP mode Users can choose one to use depending on the actual network requirements but not two simultaneously When one por...

Page 90: ...ets when it receives the Pause frame In this way flow controls helps to avoid the dropping of packets Note that only after both the ingress and the egress interfaces have turned on their flow control...

Page 91: ...uring a loopback test With the loopback test enabled the Ethernet interface works in the full duplex mode With the loopback testing enabled the original configurations will be restored Configuring Loo...

Page 92: ...hernet Interface Statistics on page 94 Enabling Loopback Detection on an Ethernet Interface on page 94 Configuring the Cable Type for an Ethernet Interface on page 95 Testing the Cable on an Ethernet...

Page 93: ...w these steps to configure a manual port group n Refer to Aggregation Port Group on page 349 for the information about aggregation port group Configuring the Storm Suppression Ratio for an Ethernet In...

Page 94: ...interface view or port group view Enter Ethernet interface view interface interface type interface number Use either command Configured in interface view the setting is effective only on the current i...

Page 95: ...section the link goes down and up automatically Two types of Ethernet cables can be used to connect Ethernet devices crossover cable and straight through cable To accommodate these two types of cables...

Page 96: ...n TX any short circuit or open circuit and the length of the faulty cable Configuring Layer 3 Ethernet Interfaces Configuration Task List Ethernet interface configuration in bridge mode involves the f...

Page 97: ...gure the suppression time of link layer state changes on Ethernet Interface n You can increase the polling interval to reduce the negative effective caused to network traffic due to time delay or heav...

Page 98: ...about a manual port group or all the manual port groups display port group manual all name port group name Available in any view Display the information about the loopback detection function display l...

Page 99: ...nterface on page 115 T1 F Interface on page 117 CE3 Interface on page 119 CT3 Interface on page 122 n Refer to ATM and DSL Interface Configuration on page 71 for information about ATM interface Asynch...

Page 100: ...number Required Set the interface operating mode to asynchronous mode physical mode async Required The default is synchronous mode This command is not available on AM interfaces Skip this step if the...

Page 101: ...can be PPP and the network layer protocol can be IP or IPX Configuring a USB Interface Follow these steps to configure a USB interface To do Use the command Remarks Enter system view system view Enter...

Page 102: ...k layer protocols such as PPP FR link access procedure balanced LAPB and X 25 Support network layer protocols IP and IPX Provide information about the connected cable type operating mode DTE or DCE an...

Page 103: ...ing an AM interface you can treat it as a special asynchronous serial interface AM interfaces provide dial in and dial out services for analog dial up users Set the DTE side operating clock clock dtec...

Page 104: ...all and backup center For their configuration refer Configuring PPP on page 367 DCC Configuration on page 153 IP Addressing Configuration on page 623 Firewall Configuration on page 1789 and Backup Cen...

Page 105: ...the functionality of the first layer in the OSI reference model such as subscriber line transmission loop test D channel competition Network terminal 2 NT2 also known as intelligent network terminal...

Page 106: ...hance the network security Configuring ISDN BRI Interface Follow these steps to configure an ISDN BRI interface ISDN BRI interfaces are used for dialup purpose For details on ISBN BRI interface config...

Page 107: ...and IPX and can be configured with parameters such as DCC Configuring CE1 PRI Interface in E1 Mode Follow these steps to configure a CE1 PRI interface in E1 mode After you set the CE1 PRI interface t...

Page 108: ...E1 PRI Interface in PRI Mode Follow these steps to configure a CE1 PRI interface in PRI mode A CE1 PRI interface in CE1 PRI mode can be used as a PRI interface where only one PRI set can be created Fo...

Page 109: ...m indication signal test detect ais Optional By default AIS test is performed Set the cable type cable long short Optional The default cable setting is long mode Set the clock mode clock master slave...

Page 110: ...to 24 can be randomly divided into groups Each of these groups can form one channel set for which the system automatically creates an interface logically equivalent to a synchronous serial interface...

Page 111: ...LAPB Configuration on page 283 IP Addressing Configuration on page 623 Backup Center Configuration on page 1961 if the interface is used as a primary or secondary interface for backup NAT PT Configura...

Page 112: ...the command Remarks Enter system view system view Enter CT1 PRI interface view controller t1 number Required Set the line code format code ami b8zs Optional The default is B8ZS1 Set the cable length...

Page 113: ...ecovery defaults to 22 That is if the number of the pulses detected during the total length of 176 pulse detection intervals is smaller than 22 the pulse recovery threshold a LOS alarm occurs 1 Both A...

Page 114: ...To do Use the command Remarks Enter system view system view Enter CT1 PRI interface view controller t1 number Required Start a BERT test bert pattern 2 20 2 15 time minutes unframed Required To do Us...

Page 115: ...Except timeslot 0 used for transmitting synchronization information all other timeslots can randomly form one channel set The rate of the interface is thus n 64 kbps and its logical features are the...

Page 116: ...cable long short Optional The long keyword applies by default Configure the CRC mode fe1 crc 16 32 none Optional 16 bit CRC by default Configure to perform AIS test fe1 detect ais Optional By default...

Page 117: ...on it can randomly form a channel set The rate of the interface is thus n 64 kbps or n 56 kbps and its logical features are the same as those of a synchronous serial interface where you can configure...

Page 118: ...hreshold los pulse detection value ft1 alarm threshold los pulse recovery value ft1 alarm threshold ais level 1 level 2 ft1 alarm threshold lfa level 1 level 2 level 3 level 4 Optional For LOS alarm T...

Page 119: ...for it This interface operates at 2048 kbps and is logically equivalent to a synchronous serial interface where you can make other configurations When the E1 line is working in framed CE1 mode you ca...

Page 120: ...nd set the DSU mode or the subrate fe3 dsu mode 0 1 subrate number Optional By default DSU mode 1 the Kentrox mode is adopted and the subrate is 34010 kbps Set other interface parameters See Configuri...

Page 121: ...lt is slave that is line clock For an E1 line e1 line number set clock master slave Optional The default is slave that is line clock Set the national bit national bit 0 1 Optional The default is 1 Set...

Page 122: ...d 1 through 24 Different from E1 each line on a T1 interface can operate at either 64 kbps or 56 kbps Therefore the number of logical lines that can be created on a CT3 interface in CT3 mode is either...

Page 123: ...3 mode and set the DSU mode or the subrate ft3 dsu mode 0 1 2 3 4 subrate number Optional By default DSU mode 0 the digital link mode is adopted and the subrate is 44210 kbps Set other interface param...

Page 124: ...mat On the CT3 interface frame format c bit m23 Optional The default is C bit On a T1 line t1 line number set frame format esf sf Optional The default is esf Configure alarm signal detection sen ding...

Page 125: ...face serial number line number set num ber Required Set the CRC mode crc 16 32 none Optional By default 16 bit CRC is adopted Note FEAC Far end and control signal MDL Maintenance data link PPR Periodi...

Page 126: ...l interfaces created on T1 lines by means of timeslot bundling Shutting down bringing up a T1 line also shuts down brings up the serial interface formed by it and the serial interface created on it by...

Page 127: ...h VC is identified by a pair of virtual path identifier VPI and virtual channel identifier VCI One VPI VCI pair has local significance only on a segment of the link between ATM nodes It is translated...

Page 128: ...te cells which are also transferred to the physical layer for transmission The ATM layer is responsible for generating a 5 bytes cell header which will be inserted in front of a payload Other function...

Page 129: ...th the same VE interface are interconnected at layer 2 PPPoA PPP over AAL5 PPPoA means that AAL5 bears the PPP protocol packets Its essence is that ATM cells are used to encapsulate PPP packets while...

Page 130: ...ace on page 130 Required Configuring an ATM Sub Interface on page 130 Configuring an ATM Sub Interface on page 130 Required Checking Existence of PVCs When Determining the Protocol State of an ATM P2P...

Page 131: ...by default To do Use the command Remarks To do Use the command Remarks Enter system view system view Create an ATM sub interface and enter its view interface atm interface number subnumb er p2p Requi...

Page 132: ...down down count Optional By default AIS RDI alarm cell detection is enabled which means the PVC goes down when the number of AIS RDI alarm cells received reaches down count and goes up if no AIS RDI a...

Page 133: ...d Remarks Enter system view system view Enter ATM interface view interface atm interface number interface number subnumber Create PVC and enter its view pvc pvc name vpi vci vpi vci Assign a transmiss...

Page 134: ...own count is 5 and retry frequency is 1 second Set the PVC s service type and rate rela ted paramet ers Set the PVC s service type to constant bit rate CBR service cbr output pcr Optional By default t...

Page 135: ...n InARP for the PVC map ip inarp minutes broadcast Required By default mapping is not configured When a mapping is configured pseudo broadcastis not supported by default Before configuring InARP make...

Page 136: ...VP policing are satisfied will the packets be transmitted or received In calculating the traffic the LLC SNAP MUX and NLPID headers are included but the ATM cell head is not included Follow these ste...

Page 137: ...re a PPP mapping for the PVC Note that a PVC cannot carry multiple protocols when the ATM AAL5 is encapsulated with aal5mux Once PPPoA is configured on the PVC other protocols such as IPoA IPoEoA and...

Page 138: ...PPPoA are not supported Follow these steps to configure PPPoEoA Set the PPP authentication mode and IP address with the PPPoE server an address pool should be configured to allocate IP address for th...

Page 139: ...uration on page 363 Required Quit to system view quit Enter ATM interface view interface atm interface number interface number subnumber Create PVC and enter PVC view pvc pvc name vpi vci vpi vci Requ...

Page 140: ...As shown in Figure 7 router A B and C are connected to ATM network for intercommunication The requirements are The IP addresses of their ATM interfaces of the three routers are 202 38 160 1 24 202 38...

Page 141: ...onfigure Router B Enter the ATM interface and configure an IP address for it RouterB system view RouterB interface atm 1 0 RouterB Atm1 0 ip address 202 38 160 2 255 255 255 0 Establish a PVC running...

Page 142: ...e IP address of the VE interface of router C is 202 38 160 1 The VPI VCI value of two PVCs connecting route C and DSLAM are 0 60 and 0 61 pointing to Router A and Router B respectively Both the WAN po...

Page 143: ...e DSL interfaces of the two ADSL Router adopt PPPoA The authentication mode of ADSL Router is PAP The IP addresses of the two ADSL Routers are assigned by Router C Network diagram Figure 9 Network dia...

Page 144: ...d configure PAP authentication and IP address negotiation RouterA system view RouterA interface Virtual Template 0 RouterA Virtual Template0 ppp pap local user user1 password simple pwd1 RouterA Virtu...

Page 145: ...type ppp RouterC luser user2 password simple pwd2 RouterC luser user2 quit RouterC domain system RouterC isp system authentication ppp local RouterC isp system ip pool 1 202 38 162 1 202 38 162 100 Ro...

Page 146: ...a RADIUS scheme refer to AAA RADIUS HWTACACS Configuration on page 1751 PPPoEoA Client Configuration Example Network requirements As shown in Figure 11 the Ethernet interface IP address of Router A s...

Page 147: ...re VE port RouterA interface virtual ethernet 2 RouterA Virtual Ethernet2 pppoe client dial bundle number 12 Configure the default route RouterA ip route static 0 0 0 0 0 0 0 0 Dialer 0 2 If the PPPoE...

Page 148: ...le Network requirements As shown in Figure 12 you need to create PVC 1 and PVC 2 on the same ATM 155 Mbps interface each assigned 100 Mbps of bandwidth and associated with the UBR service Set the tran...

Page 149: ...ink state is down Solution Make sure that the optical fiber is plugged in correctly Make sure that the local IP address has been configured Make sure that the PVC is successful created and communicati...

Page 150: ...back to back check if neither of the two ATM interfaces enables internal transmission clock By default routers use line clock If two routers are connected back to back one of them should be configure...

Page 151: ...nterface state alternates between UP and DOWN Solution Check the ATM interfaces of the two nodes to see if their types are the same namely both are multimode fiber interface or both are single mode fi...

Page 152: ...152 CHAPTER 5 ATM CONFIGURATION...

Page 153: ...efore that When the link becomes idle DCC automatically disconnects it Under certain circumstances connections between routers are instantly established whenever there is data to be transferred so dat...

Page 154: ...configure DCC parameters on the physical interface All the physical interfaces in a dialer circular group inherit the attributes of the same dialer interface You may associate a dialer interface with...

Page 155: ...ween dialer interfaces and call destination address are one to one You may configure them with the dialer number command Each dialer interface can contain multiple physical interfaces and each physica...

Page 156: ...rovide flexible dial interface backup Allow you to manage different modems at the user interface Callback through DCC In callback the called party originates a return call to the calling party The cal...

Page 157: ...nfigure DCC parameters depending on the DCC approach you selected for basic DCC dial functions Based on that you may configure advanced functions such as MP PPP callback ISDN caller identification cal...

Page 158: ...In RS DCC approach make the configuration on dialer interfaces and preferably the same configuration on physical dial interfaces on the calling side to guarantee the reliability of PPP link parameter...

Page 159: ...tion to one to many and one to one calls A dialer circular group associates a dialer interface with a group of physical interfaces All physical interfaces in the group inherit the DCC configurations o...

Page 160: ...ing end you are recommended to make the configuration on both physical and dialer interfaces This is because after a physical interface receives a call it negotiates PPP and authenticates the dialer p...

Page 161: ...hese steps to configure an interface to receive calls from a single remote end To do Use the command Remarks Enter system view system view Enter dial interface physical or dialer view interface interf...

Page 162: ...terface to place calls to multiple remote ends Configure the interface to receive calls from a remote end dialer route protocol next hop address mask network mask length user hostname broadcast Option...

Page 163: ...ple interfaces to place calls to one or multiple remote ends As shown in the following figure multiple interfaces at the local end place calls to one or multiple remote ends the components in inverse...

Page 164: ...ons follow these steps to configure multiple interfaces to place calls to one or multiple remote ends To do Use the command Remarks Enter system view system view Create and enter dialer interface view...

Page 165: ...tiple remote ends Assign a priority to the physical interface in the dialer circular group dialer priority priority Optional The default priority is 1 To do Use the command Remarks Enter system view s...

Page 166: ...set Due to the separation between physical configuration and logical configuration RS DCC can accommodate more network topologies and DCC dial demands For example it allows multiple interface groups t...

Page 167: ...tion of the dialer interface to start IP control protocol IPCP negotiation Complete these tasks to configure RS DCC for on demand calling Enabling RS DCC Follow these steps to enable RS DCC Configurin...

Page 168: ...ler interface is used for receiving a call it compares the remote username gained through PPP negotiation against those assigned to dialer interfaces for a match Configuring MP for DCC This section co...

Page 169: ...rfaces The following is how MP operates after you configure the ppp mp and dialer threshold commands on a dialer interface 1 When the ratio of traffic to bandwidth on a physical interface or a B chann...

Page 170: ...iggered Similar to the dialer threshold 0 command the ppp mp min bind command voids the dialer timer idle command When it is configured DCC does not look at traffic size to bring up links for MP bundl...

Page 171: ...e calls to the remote end which can be a router or Windows NT server with the PPP callback server function and receive return calls from the remote end Follow these steps to configure PPP callback cli...

Page 172: ...e set to 5 seconds the default and that on the client be set to 15 seconds To do Use the command Remarks Enter system view system view Enter dialer interface view interface dialer number Enable PPP ca...

Page 173: ...r callback must be configured with the service type ppp command Follow these steps to configure PPP callback server in the RS implementation To do Use the command Remarks Enter system view system view...

Page 174: ...the call in number matches a dialer call in command without the callback keyword or if no dialer call in command exists Call back if the call in number matches a dialer call in command with the callba...

Page 175: ...e the command Remarks Enter system view system view Enter dial interface physical or dialer view interface interface type interface number Configure a destination address and dial string dialer route...

Page 176: ...figuring advanced DCC functions involves Configuring ISDN leased line on page 176 Configuring auto dial on page 177 Configuring circular dial string backup on page 177 Configuring ISDN leased line ISD...

Page 177: ...other If DCC fails to call the remote end with a dial string it will select the dialer route command with the next dial string for another try Follow these steps to configure dial string circular back...

Page 178: ...n address is placed at the same time contention occurs In this case DCC starts a compete idle timer to replace the idle timeout timer for the link When the idle time of the link reaches the setting of...

Page 179: ...umber Set the link idle timeout timer dialer timer idle seconds Optional The default is 120 seconds Set the holddown timer dialer timer enable seconds Optional The default is 5 seconds Set the compete...

Page 180: ...tion procedure 1 Configure Router A Configure a dial access control rule for dialer access group 1 RouterA system view RouterA dialer rule 1 ip permit Assign an IP address to interface Dialer0 associa...

Page 181: ...ule for dialer access group 1 RouterB system view RouterB dialer rule 1 ip permit Set interface Serial 2 0 to work in asynchronous protocol mode RouterB interface serial 2 0 RouterB Serial2 0 physical...

Page 182: ...interface tty1 RouterC ui tty1 modem both RS DCC Application Network requirements As shown in the following diagram On Router A interface Dialer0 is assigned an IP address 100 1 1 1 24 and Dialer1 an...

Page 183: ...hentication and the dial strings on interface Dialer0 Assume that PAP is adopted at the local end RouterA Dialer0 dialer group 1 RouterA Dialer0 ppp authentication mode pap RouterA Dialer0 ppp pap loc...

Page 184: ...d simple usera RouterA Serial2 1 quit Configure user interfaces to be used and enable modem dialup on them RouterA user interface tty1 RouterA ui tty1 modem both RouterAe ui tty1 quit RouterA user int...

Page 185: ...ule 1 ip permit RouterC local user usera RouterC luser usera password simple usera RouterC luser usera service type ppp RouterC luser usera quit Assign an IP address to interface Dialer0 enable RS DCC...

Page 186: ...esents a scenario for RS DCC implementation where On Router A interface Dialer0 is assigned an IP address 100 1 1 1 24 and Dialer1 an IP address 122 1 1 1 24 On Router B interface Dialer0 is assigned...

Page 187: ...dialer group 1 RouterA Bri1 0 dialer route ip 100 1 1 2 8810052 RouterA Bri1 0 dialer route ip 100 1 1 3 8810063 2 Configure Router B Configure a dial access control rule for dialer access group 2 Ro...

Page 188: ...rd simple userb RouterA luser userb service type ppp RouterA luser userb quit RouterA local user userc RouterA luser userc password simple userc RouterA luser userc service type ppp RouterA luser user...

Page 189: ...ation for it RouterB system view RouterB dialer rule 2 ip permit RouterB local user usera RouterB luser usera password simple usera RouterB luser usera service type ppp RouterB luser usera quit Assign...

Page 190: ...outerC Dialer0 ppp authentication mode pap RouterC Dialer0 ppp pap local user userc password simple userc RouterC Dialer0 quit Configure information for PPP authentication on interface BRI 1 0 and ass...

Page 191: ...d configure MP RouterA interface dialer 0 RouterA Dialer0 ip address 100 1 1 1 255 255 255 0 RouterA Dialer0 dialer bundle 1 RouterA Dialer0 ppp mp RouterA Dialer0 dialer threshold 50 Configure inform...

Page 192: ...B luser usera quit RouterB dialer flow interval 3 Assign an IP address to interface Dialer0 enable C DCC and configure the dial strings MP and information for PPP authentication RouterB interface dial...

Page 193: ...ork diagram for using DCC with dialup ISDN BRI and leased line Configuration procedure 1 Configure Router A RouterA system view RouterA dialer rule 1 ip permit RouterA interface bri 1 0 RouterA Bri1 0...

Page 194: ...igured in the dialer route commands 1 Configure Router A Configure a dial access control rule for dialer access group 1 RouterA system view RouterA dialer rule 1 ip permit Assign an IP address to inte...

Page 195: ...e pap Specify the local end as the callback server and set the callback reference to user In this case DCC identifies the dial string for callback according to the username configured in the dialer ro...

Page 196: ...cal user usera RouterB luser usera password simple usera RouterB luser usera service type ppp RouterB luser usera service type ppp callback number 8810048 RouterB luser usera quit Assign an IP address...

Page 197: ...Configuration procedure 1 Configure Router A Configure a dial access control rule for dialer access group 1 RouterA system view RouterA dialer rule 1 ip permit Assign an IP address to interface BRI 1...

Page 198: ...ate a dialup connection with callback capability enabled Place the modem connected to PC in auto answer mode Select Start Programs Accessories Communications Network and Dial up Connections In the Net...

Page 199: ...is option prevents the callback server from disconnecting the current connection and calling back Instead the server will maintain the current connection and allow the client to access the LAN or the...

Page 200: ...Router Serial2 0 quit Configure the user interface to be used and enable modem dialup on it Router user interface tty1 Router ui tty1 modem both NT Server to Router Callback with DCC Network requireme...

Page 201: ...lback client Router Serial2 0 dialer timer enable 15 Enable C DCC and configure C DCC parameters on the interface Router Serial2 0 dialer enable circular Router Serial2 0 dialer group 1 Router Serial2...

Page 202: ...disconnect and then call back the client at the number configured in the ppp callback ntstring dial number command This option is almost the same as the last option except that the charges are paid b...

Page 203: ...figuration procedure Solution 1 Configure circular dial string backup on Router A on dialup side On Router B configure C DCC allowing the router to set up connections on eight asynchronous serial inte...

Page 204: ...ialer enable circular RouterA Serial2 0 dialer group 1 RouterA Serial2 0 dialer route ip 100 1 1 254 8810048 RouterA Serial2 0 dialer route ip 100 1 1 254 8810049 RouterA Serial2 0 dialer route ip 100...

Page 205: ...ap local user userb password simple userb RouterB Async1 0 quit Repeat this step to configure physical and link layer parameters for interfaces Async 1 1 through Async 1 7 Configure user interfaces TT...

Page 206: ...ies option In the properties setting dialog select the Networking tab In the Type of dial up server I am calling drop down list select PPP Windows 95 98 NT4 2000 Internet Click Settings to do the foll...

Page 207: ...2 create local user accounts user1 through user16 and configure PPP CHAP authentication for the accounts RouterD system view RouterD dialer rule 2 ip permit RouterD local user user1 RouterD luser use...

Page 208: ...p because the modem does not dial when the router forwards data Solution Check that The modem and phone cable connections are correct and the modem initialization process is correct The dial interface...

Page 209: ...Troubleshooting 209 Use the debugging dialer event and debugging dialer packet commands to locate the problem...

Page 210: ...210 CHAPTER 6 DCC CONFIGURATION...

Page 211: ...result the remote SNA device appears to be on the same network with the local SNA device DLSw is different from transparent bridging in that it does not forward LLC2 frames transparently to the peer...

Page 212: ...ed TCP connections if the reachability table of DLSw contains a small number of entries or no entries Low maintainability When a circuit is disconnected DLSw v1 0 uses two types of messages to notify...

Page 213: ...1 0 router and follows RFC1795 when setting up a TCP connection with its peer Enhanced maintainability To enable a DLSw router to notify its peer about the reason for dropping a connection DLSw v2 0 d...

Page 214: ...o create DLSw peers Set DLSw timers Refer to Setting DLSw Timers on page 215 Optional Configure LLC2 parameters Refer to Configuring LLC2 Parameters on page 216 Optional Enable the multicast function...

Page 215: ...face to a remote end system over a TCP connection n For details about bridge set configuration refer to Bridging Configuration on page 405 Setting DLSw Timers You can configure the timers used in crea...

Page 216: ...ack length Required 3 by default Configure the maximum number of consecutive information frames the router can send before receiving an acknowledgement from the peer llc2 receive window length Optiona...

Page 217: ...ast can be enabled you need to carry out the related multicast command first Configuring the Maximum Number of DLSw v2 0 Explorer Retries Each time the origin DLSw v2 0 router sends an explorer frame...

Page 218: ...ptional Enabled by default Create a DLSw peer Refer to Creating DLSw Peers on page 214 Required Configure an SDLC interface Refer to Configuring an SDLC Interface on page 219 Required Enable DLSw forw...

Page 219: ...connection are not equal in the positions one is primary and the other is secondary The primary station whose role is primary plays a Configure optional SDLC Parameters Refer to Configuring Optional S...

Page 220: ...rimary station can be connected with multiple secondary devices through a multi user system or an SDLC switch while the secondary devices cannot be connected with one another Therefore the communicati...

Page 221: ...48 to 0007 3fc0 a512 by using the dlsw reverse command Configuring an SDLC XID An XID is used to identify a device in an SNA system When configuring an SDLC connection pay attention to the types of th...

Page 222: ...heme of the synchronous serial interface There are two encoding schemes NRZI and NRZ for synchronous serial interface The NRZ encoding scheme is generally used for synchronous serial interfaces of rou...

Page 223: ...d Remarks Enter system view system view Enter interface view interface interface type interface number Configure the length of SDLC output queue sdlc max send queue length Optional 50 by default Confi...

Page 224: ...e by default Generally this configuration is not required Configure the SDLC polling interval sdlc timer poll mseconds Optional 1 000 ms by default Configure the amount of time the primary SDLC statio...

Page 225: ...y dlsw circuits circuit Id verbose Available in any view Display the information of a remote peer or all remote peers display dlsw remote ip address Available in any view Display the reachability info...

Page 226: ...gure interface parameters on Router B to ensure that the local DLSw peer 2 2 2 2 and remote peer 1 1 1 1 are pingable to each other specific configuration steps omitted Configure DLSw on Router B Rout...

Page 227: ...emote 0000 2222 00c1 c1 RouterA Serial2 0 sdlc mac map local 0000 1111 0000 RouterA Serial2 0 baudrate 9600 RouterA Serial2 0 code nrzi 2 Configure Router B Configure interface parameters on Router B...

Page 228: ...re Router A Configure interface parameters on Router A to ensure that the local DLSw peer 1 1 1 1 and remote peer 2 2 2 2 are pingable to each other specific configuration steps omitted Configure DLSw...

Page 229: ...to save the polling process RouterB dlsw reachable mac exclusivity RouterB dlsw reachable cache 0014 cc00 54af remote 1 1 1 1 Note that in the configuration on router B the MAC address in the sdlc mac...

Page 230: ...nable RouterA bridge 1 enable RouterA dlsw local 1 1 1 1 RouterA dlsw remote 2 2 2 2 RouterA dlsw bridge set 1 RouterA interface ethernet 1 1 1 RouterA Ethernet1 1 1 vlan type dot1q vid 1 RouterA Ethe...

Page 231: ...ments As shown in Figure 40 Router A is DLSw v2 0 capable connected with an IBM host Router B and Router C are DLSw v1 0 or DLSw v2 0 capable respectively connected with PC1 and PC2 and CISCO is a DLS...

Page 232: ...are DLSw v2 0 capable the configuration is similar as on Router A if they are DLSw v1 0 capable remove the multicast and explorer frame retransmission part from the configuration For the configuratio...

Page 233: ...arameters of the router or adjust the configuration parameters of the SDLC device 2 If frames can be received and forwarded correctly examine whether the configuration of the PU type is correct Use th...

Page 234: ...234 CHAPTER 7 DLSW CONFIGURATION...

Page 235: ...ificance It is valid to two directly connected interfaces only That is you can use the same DLCI on different physical interfaces to identify different VCs A frame relay network can be a public networ...

Page 236: ...he equipment administrator sets the virtual circuit status of DCE Frame Relay Protocol Parameters Table 1 lists the parameters of frame relay These parameters are stipulated by Q 933 Appendix A and th...

Page 237: ...iry message from DTE within a period determined by T392 an error recorder is created T392 Time variable which defines the maximum time that DCE waits for a status enquiry message The time value shall...

Page 238: ...n page 244 Optional Configuring DCE Side Frame Relay on page 245 Configuring Basic DCE Side Frame Relay on page 245 Required Configuring Frame Relay Address Mapping on page 246 Required Configuring Fr...

Page 239: ...pics Overview on page 235 Configure frame relay LMI protocol type fr lmi type ansi nonstandard q933a bi direction Optional The default frame relay LMI protocol type is q933a The support of the bi dire...

Page 240: ...n page 239 Overview A device with frame relay switching function enabled can act as a frame relay switch In this scenario the frame relay interface should be NNI or DCE and it is required to perform c...

Page 241: ...s connected remote network address to distinguish different connections Address maps can be set up by manual configuration or dynamically set up by InARP Set the type of interface for frame relay swit...

Page 242: ...me relay subinterface Configuring Frame Relay over IP Network This section covers these topics Overview on page 235 Configuration procedure on page 239 Overview With the increasingly wide application...

Page 243: ...relay routes have been configured two route entries will be added into the To do Use the command Remarks Enter system view system view Create tunnel interface in system view and perform corresponding...

Page 244: ...lso be used to connect X 25 networks through FR networks It is a technology that can help you to migrate from X 25 network to FR network and thus protects the investment on X 25 effectively Configurat...

Page 245: ...late x25 template name Required This command also leads you to X 25 template view Configure X 25 parameters Refer to X 25 and LAPB Configuration on page 283 Optional Configure LAPB parameters Refer to...

Page 246: ...tandard q933a Optional The default frame relay LMI protocol type is q933a Configure network side N392 fr lmi n392dce n392 value Optional The default value is 3 Configure network side N393 fr lmi n393d...

Page 247: ...d interfaces can be shown Only main interface can be specified Display frame relay permanent virtual circuit table display fr pvc info interface interface type interface number interface number subnum...

Page 248: ...igure dynamic address mapping RouterA Serial2 0 fr inarp Otherwise configure static address mapping RouterA Serial2 0 fr map ip 202 38 163 252 50 RouterA Serial2 0 fr map ip 202 38 163 253 60 2 Config...

Page 249: ...terconnecting LANs through Dedicated Line Network requirements Two routers are directly connected through a serial interface Router A works in the frame relay DCE mode and Router B works in the frame...

Page 250: ...igure IP address of the subinterface and local virtual circuit RouterA interface serial 2 0 1 p2p RouterA Serial2 0 1 ip address 202 38 163 251 255 255 255 0 RouterA Serial2 0 1 fr dlci 100 4 Configur...

Page 251: ...uterA interface serial 2 0 RouterA Serial2 0 ip address 202 38 163 251 255 255 255 0 Encapsulate the interface with FR RouterA Serial2 0 link protocol fr RouterA Serial2 0 fr interface type dce Create...

Page 252: ...RouterB Serial2 0 fr interface type dte Create an FR DLCI interface RouterB Serial2 0 fr dlci 100 Configure the DLCI interface as an Annex G DLCI interface RouterB fr dlci Serial2 0 100 annexg dte App...

Page 253: ...peer if the devices are not in the same subnet segment Frame Relay Compression This section covers these topics Overview on page 235 Configuring FRF 9 Compression on page 254 Configuring FRF 20 IP He...

Page 254: ...ypes For a P2P subinterface use the fr compression frf9 command to enable FRF 9 compression in subinterface view For a P2MP frame relay interface or subinterface the frame relay compression is configu...

Page 255: ...ader compression select either method FRF 20 IP header compression on interface and provide FRF 20 IP header compression option fr compression iphc Optional FRF 20 IP header compression is disabled on...

Page 256: ...RouterB system view RouterB interface serial 2 0 RouterB Serial2 0 link protocol fr RouterB Serial2 0 ip address 10 110 40 2 255 255 255 0 RouterB Serial2 0 fr interface type dte RouterB Serial2 0 fr...

Page 257: ...nks bound together so as to provide high speed and broadband links on frame relay networks To maximize the bandwidth of bundled interface it is recommended to bundle physical interfaces of the same ra...

Page 258: ...face and enter the MFR interface view interface mfr interface number interface number subnu mber Required MFR interface or subinterface is not created by default Configure MFR bundle identifier mfr bu...

Page 259: ...nt size bytes Optional The maximum fragment size is of 300 bytes The priority of fragment size configured in frame relay interface view is higher than that in MFR interface view Configure the maximum...

Page 260: ...protocol fr mfr 4 2 Configure Router B Create and configure MFR interface 4 MFR4 RouterB system view RouterB interface mfr 4 RouterB MFR4 ip address 10 140 10 2 255 255 255 0 RouterB MFR4 fr interface...

Page 261: ...uterA Serial2 1 quit 2 Configure Router B Enable frame relay switching RouterB system view RouterB fr switching Configure interface MFR1 RouterB interface mfr 1 RouterB MFR1 fr interface type dce Rout...

Page 262: ...2 RouterB Serial2 3 quit Configure static route for frame relay switching RouterB fr switch pvc1 interface mfr 1 dlci 100 interface mfr 2 dl ci 200 3 Configure Router C Configure interface MFR2 Route...

Page 263: ...cal interface bound to the virtual template interface is valid Displaying and Maintaining PPPoFR To do Use the command Remarks Enter system view system view Create a virtual template interface and the...

Page 264: ...2 0 RouterA Serial2 0 link protocol fr Create PPP map on Serial 2 0 RouterA Serial2 0 fr map ppp 16 interface virtual template 1 2 Configure Router B Create and configure virtual template interface Vi...

Page 265: ...es and then perform the following configurations on these virtual templates to bind them to another virtual template with PPP MP Configuring MPoFR Follow these steps to configure MPoFR To do Use the c...

Page 266: ...work diagram the bandwidth of Router A Serial2 0 is 64 kbps PC1 sends data service stream 1 to PC3 PC2 sends data service stream 2 to PC4 and there is also a voice service stream The bandwidth of Rout...

Page 267: ...outerA acl adv 3001 rule 0 permit ip source 1 1 1 0 0 0 0 255 RouterA acl adv 3001 rule 1 permit ip source 10 1 1 0 0 0 0 255 RouterA acl number 3002 RouterA acl adv 3002 rule 0 permit tcp destination...

Page 268: ...al Template1 quit Create and configure virtual template interface Virtual Template 2 RouterA interface virtual template 2 RouterA Virtual Template2 ppp mp virtual template 3 RouterA Virtual Template2...

Page 269: ...h acl 3001 RouterB classifier liuliang quit Configure class 1 corresponding behavior RouterB traffic behavior liuliang RouterB behavior liuliang queue af bandwidth 20 RouterB behavior liuliang quit Co...

Page 270: ...st forwarding is enabled RouterB Virtual Template3 undo ip fast forwarding RouterB Virtual Template3 quit Map specified DLCI to PPP virtual template on the interface RouterB interface serial 2 0 Route...

Page 271: ...egistration protocol GARP provides a mechanism that allows participants in a GARP application to distribute propagate and register with other participants in a bridged LAN the attributes specific to t...

Page 272: ...articipants throughout a bridged LAN 2 GARP timers The interval of sending of GARP messages is controlled by the following four timers Hold timer A GARP participant usually does not forwards a receive...

Page 273: ...eclarations or withdrawals handles attributes of other participants When a port receives an attribute declaration it registers the attribute when a port receives an attribute withdrawal it deregisters...

Page 274: ...Ns to pass through even though it is configured to carry all VLANs Forbidden Disables the port to dynamically register and deregister VLANs and to propagate VLAN information except information about V...

Page 275: ...nter port group view port group aggregation agg id manual port group name Enable GVRP gvrp Required Disabled by default Set the GVRP registration mode gvrp registration fixed forbidden normal Optional...

Page 276: ...ip between GARP timers Timer Lower limit Upper limit Hold 10 centiseconds Not greater than half of the join timer setting Join Not less than two times the hold timer setting Less than half of the leav...

Page 277: ...face ethernet 1 1 DeviceB Ethernet1 1 port link type trunk DeviceB Ethernet1 1 port trunk permit vlan all Enable GVRP on Ethernet 1 1 the trunk port DeviceB Ethernet1 1 gvrp DeviceB Ethernet1 1 quit C...

Page 278: ...thernet1 0 gvrp Set the GVRP registration type to fixed on the port DeviceA Ethernet1 0 gvrp registration fixed DeviceA Ethernet1 0 quit Create VLAN 2 a static VLAN DeviceA vlan 2 2 Configure Device B...

Page 279: ...twork diagram Figure 55 Network diagram for GVRP configuration Configuration procedure 1 Configure Device A Enable GVRP globally DeviceA system view DeviceA gvrp Configure port Ethernet 1 0 as a trunk...

Page 280: ...type trunk DeviceB Ethernet1 1 port trunk permit vlan all Enable GVRP on Ethernet 1 1 DeviceB Ethernet1 1 gvrp DeviceB Ethernet1 1 quit Create VLAN 3 a static VLAN DeviceB vlan 3 3 Verify the configur...

Page 281: ...at and Frame Type There are three types of HDLC frames information frame I frame supervision frame S frame and unnumbered frame U frame Information frame is responsible for transmitting useful data or...

Page 282: ...ps to configure HDLC protocol To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Enable HDLC on the interface link protocol hdlc...

Page 283: ...e based on the experiences and recommendations of Telnet and Tymnet of USA and Datapac packet switched networks of Canada It was revised in 1976 1978 1980 and 1984 added many optional service function...

Page 284: ...cuit switching in nature VCs involve Permanent Virtual Circuit PVC and Switched Virtual Circuit SVC PVC is used for transmitting traffic that is generated in a frequent but stable way and SVC for tran...

Page 285: ...state As specified in international standards the link layer protocol LAPB of X 25 adopts the frame structure of High level Data Link Control HDLC and is a subset of HDLC It requires for setting up a...

Page 286: ...re respectively working as the DTE and DCE X 25 virtual circuit range The X 25 protocol can create multiple logical virtual connections over a physical link between DTE and DCE These virtual connectio...

Page 287: ...nent virtual circuits must be set in the A range According to ITU T Recommendation X 25 the idle channel allocation rules in initiating calls are as follows Only the DCE can initiate a call using a ch...

Page 288: ...using the commands shutdown and undo shutdown X 25 packet numbering modulo The implementation of X 25 supports both modulo 8 and modulo 128 in packet numbering with Modulo 8 being the default The X 2...

Page 289: ...s and determine whether a piece of complete upper layer packet is received based on the M bit flag Therefore too small value of the maximum packet size will consume too much router resources on messag...

Page 290: ...ss is a string of 0 to 15 digits Some attributes related to X 121 address are as follows 1 Alias of interface When an X 25 call is forwarded across multiple networks different networks will likely mak...

Page 291: ...ll with an unrecognizable CUD it will treat it as the customized default upper layer protocol Table 6 Alias match modes and meanings Matching mode Description Example free Free matching the alias stri...

Page 292: ...s 180 seconds Set the reset request timer for DTE or the reset indication timer for DCE x25 timer tx2 seconds Optional By default the value for DTE is 180 seconds and the value for DCE is 60 seconds S...

Page 293: ...n the router A direct call destination has its own protocol address and X 121 address In this case a destination protocol address to X 121 address mapping must be created on the source Through the map...

Page 294: ...sub sections Specify the maximum idle time of SVC For the sake of cost saving you can specify an SVC idle time upon the expiration of which the SVC will be disconnected Enabling this feature will not...

Page 295: ...rom 0 to input window size If it is set to 1 every packet will be acknowledged If it is set to input window size the acknowledgment will be sent only after the receiving window is full In applications...

Page 296: ...available in this case To do Use the command Remarks Enter system view system view Define ROA Recognized operating Agency list x25 roa list roa name roa id 1 10 Optional Not defined by default Enter...

Page 297: ...d by default Perform max packet negotiation while initiating a call x25 map protocol type protocol address x121 address x 121 address packet size input packet output packet Optional Not configured by...

Page 298: ...dress mappings are used for calling out only while others are used for calling in only To restrict the use of address mapping use the following commands To do Use the command Remarks Enter system view...

Page 299: ...s of many interconnecting nodes based on a specific topology A packet is sent from source to destination via a large number of nodes of which each node needs to have packet switching capability Simply...

Page 300: ...between different links in the same DTE to ensure that link overload will not occur when a large number of users access the same address X 25 load sharing is provided by DCE To implement load sharing...

Page 301: ...urce address and the destination address You can use the destination address substitution function to hide the DTE address inside hunt group and the DTE outside hunt group only knows the hunt group ad...

Page 302: ...n policy X 25 network load sharing is configured on DCE device In most cases your device is used as DTE device in X 25 network The network providers provide the load sharing function on packet switch...

Page 303: ...n When used as data communication equipment DCE CUG function is shown in the following figure Figure 64 CUG function implementation n Call 1 DTE originates a call but outgoing capability is barred so...

Page 304: ...calls n You can only configure the CUG function on an X 25 interface working as DCE that is you must specify the serial interface as DCE when specifying the X 25 protocol on it CUG mapping and suppres...

Page 305: ...25 terminals to an X 25 network As shown in the figure below a PAD facility is placed between non X 25 terminals and an X 25 network allowing them to communicate with other terminals across the X 25...

Page 306: ...et command By nesting commands you can do the following on your router Place an X 25 PAD call to log onto another router and from that router place another X 25 PAD call to log onto a third router and...

Page 307: ...nd Check that X 25 switching is disabled or a route is available to the server end when X 25 switching is enabled In the former case the default route is used to route the call In the second case at l...

Page 308: ...t be dynamically deleted when no data is transmitted Supporting Keepalive attribute of TCP If Keepalive is not configured TCP connection will still not be cleared or cleared after a long time even if...

Page 309: ...p address unnumbered interface interface type interface number Required Make sure the IP network operates normally Quit to system view quit Configure an XOT route to route packet from X 25 via IP netw...

Page 310: ...rface type interface number x25 xot pvc pvc number1 ip address interface interface type interface number pvc pvc number2 xot option packet size input packet output packet window size input window size...

Page 311: ...TE by default Configure an FR DLCI and enter its view fr dlci dlci number Required Configure the FR DLCI as Annex G DLCI annexg dce dte Required Configure the SVC route x25 switch svc number x 121 add...

Page 312: ...nterface interface type interface number Configure the link layer protocol as FR link protocol fr nonstandard ietf Required PPP by default Configure the FR interface type fr interface type dce dte nni...

Page 313: ...h entries configured using the translate ip and translate x25 commands When specifying a port number using the translate ip command for an IP address using one port specify port 102 for an IP address...

Page 314: ...ocal cug local cug number network cug network cug number Display X 25 PAD Packet Assembler Disassembler connection information display x25 pad pad id Display X 25 switching table display x25 switch ta...

Page 315: ...e view RouterB system view RouterB interface serial 2 0 Assign an IP address for the interface RouterB Serial2 0 ip address 10 1 1 1 255 0 0 0 Configure the link layer protocol of the interface as LAP...

Page 316: ...e interface RouterA Serial2 0 ip address 202 38 60 1 255 255 255 0 Configure the link layer protocol of the interface as X 25 and configure the interface to operate in DTE mode RouterA Serial2 0 link...

Page 317: ...g is available IP addresses of both ends can be on different network segments and no static route is needed Direct Connection of Two routers through Serial Interfaces Two Mappings Network requirements...

Page 318: ...dress 202 38 160 2 255 255 255 0 Configure the link layer protocol of the interface as X 25 and specify the interface to operate in DCE mode RouterB Serial2 0 link protocol x25 dce Assign an X 121 add...

Page 319: ...oing only channel range are disabled and two way channel range is 1 32 Network diagram Figure 73 Connecting the router to X 25 public packet network Configuration procedure 1 Configure Router A Assign...

Page 320: ...nk protocol x25 dte RouterC Serial2 0 x25 x121 address 30561003 RouterC Serial2 0 x25 window size 5 5 RouterC Serial2 0 x25 packet size 512 512 RouterC Serial2 0 x25 vc range bi channel 1 32 RouterC S...

Page 321: ...Serial 2 0 RouterA interface serial 2 0 RouterA Serial2 0 ip address 192 149 13 1 255 255 255 0 RouterA Serial2 0 link protocol x25 RouterA Serial2 0 x25 x121 address 1004358901 RouterA Serial2 0 x25...

Page 322: ...u should distinguish between VC and logic channel Virtual circuit refers to the end to end logic link between the calling DTE and the called DTE while logic channel refers to the logic link between tw...

Page 323: ...1 x25 map ip 10 1 1 1 x121 address 200 Configure subinterface serial 2 0 2 and X 25 mapping to Router C RouterA Serial2 0 1 interface serial 2 0 2 RouterA Serial2 0 2 ip address 20 1 1 2 255 255 0 0 R...

Page 324: ...C Application of XOT Network requirements Router B and Router C are connected through Ethernet interfaces Set up a TCP connection between them to deliver data between Serial 2 0 of Router A and Serial...

Page 325: ...terB x25 switch svc 2 xot 10 1 1 2 Configure Serial 2 0 RouterB interface serial 2 0 RouterB Serial2 0 link protocol x25 dce ietf RouterB Serial2 0 quit Configure interface Ethernet 1 0 RouterB interf...

Page 326: ...1 address 1111 RouterA Serial2 0 x25 vc range in channel 10 20 bi channel 30 1024 RouterA Serial2 0 x25 pvc 1 ip 1 1 1 2 x121 address 2222 RouterA Serial2 0 ip address 1 1 1 1 255 0 0 0 2 Configure Ro...

Page 327: ...t pvc 2 10 1 1 1 interface serial 2 0 pvc 1 Configure Ethernet 1 0 RouterC interface ethernet 1 0 RouterC Ethernet1 0 ip address 10 1 1 2 255 0 0 0 SVC Application of X 25 over FR Network requirements...

Page 328: ...rB system view RouterB x25 switching Configure Serial 2 0 as X 25 interface RouterB interface serial 2 0 RouterB Serial2 0 link protocol x25 dce Configure Serial 2 1 as FR interface RouterB interface...

Page 329: ...ugh FR Configure FR Annex G DLCI 100 on the two routers to interconnect the two X 25 networks enabling Host A and Host B to communicate with each other Network diagram Figure 80 Network diagram for X...

Page 330: ...template RouterB x25 template switch RouterB x25 switch x25 vc range bi channel 10 20 Configure the PVC switching route for the template RouterB x25 switch x25 switch pvc 1 interface serial 2 0 pvc 1...

Page 331: ...Annex G DLCI RouterC fr dlci Serial2 1 100 x25 template switch X 25 Load Sharing Application Network requirements You need to configure hunt group on Router A used as X 25 switch and enable destinatio...

Page 332: ...e them to operate in DCE mode Configure Serial 2 1 as an FR DCE RouterA interface serial 2 1 RouterA Serial2 1 link protocol fr RouterA Serial2 1 fr interface type dce Configure an FR Annex G DLCI Rou...

Page 333: ...rce 3333 hunt group hg1 Configure X 25 switching route forwarded to X 25 terminal RouterA x25 switch svc 1111 interface serial 2 3 RouterA x25 switch svc 1112 interface serial 2 4 RouterA x25 switch s...

Page 334: ...dce RouterD Serial2 0 quit Assign an IP address for the interface Ethernet 1 0 RouterD interface ethernet 1 0 RouterD Ethernet1 0 ip address 10 1 1 2 255 255 255 0 RouterD Ethernet1 0 quit Configure a...

Page 335: ...uterA Ethernet1 0 quit Configure interface Serial 2 0 RouterA interface serial 2 0 RouterA Serial2 0 link protocol x25 dte RouterA Serial2 0 x25 x121 address 1111 RouterA Serial2 0 ip address 1 1 1 1...

Page 336: ...1 x121 address 1111 RouterC Serial2 0 x25 map ip 2 1 1 1 x121 address 1111 RouterC Serial2 0 x25 map ip 1 1 1 2 x121 address 2222 RouterC Serial2 0 x25 map ip 2 1 1 2 x121 address 2222 Configure inte...

Page 337: ...s 16 16 16 1 255 255 0 0 Enable TCP IP header compression RouterA serial1 0 x25 map compressedtcp 16 16 16 2 x121 address 10 02 2 Configure Router B Configure the link layer protocol of Serial 2 0 as...

Page 338: ...outerA user interface vty 0 4 RouterA ui vty0 4 authentication mode scheme RouterA ui vty0 4 protocol inbound pad RouterA ui vty0 4 quit Configure domain user X 25 to use the local authentication sche...

Page 339: ...bles the communication between X 25 terminal and IP host Network diagram Figure 85 Network diagram for X2T SVC Configuration procedure Enable X 25 switching Router system view Router x25 switching Con...

Page 340: ...view Router x25 switching Configure interface Serial 2 0 Router interface serial 2 0 Router Serial2 0 link protocol x25 dce Router Serial2 0 x25 vc range in channel 10 20 bi channel 30 1024 Router Ser...

Page 341: ...LAPB of X 25 is up X 25 of Two Sides Always Being Down with LAPB of two sides Being Up Symptom X 25 of two sides is always down although LAPB of two sides is up Analysis A possible reason is that the...

Page 342: ...ssigned PVC number is in the disabled PVC channel range X 25 will surely reject the PVC setup request In this case enable the permanent virtual circuit channel range Failed to Ping through the XOT SVC...

Page 343: ...irst check whether the physical connection status and protocol status of the interface are UP If the interface status is DOWN check whether the physical connections and lower layer configurations are...

Page 344: ...344 CHAPTER 14 X 25 AND LAPB CONFIGURATION...

Page 345: ...y Considerations for Ports in an Aggregation on page 346 LACP The link aggregation control protocol LACP as defined in IEEE 802 3ad is used for link aggregation control LACP interacts with its peer by...

Page 346: ...iority Maximum transmission rate Loop protection Root protection Port type whether the port is an edge port QoS Traffic policing Traffic shaping Congestion avoidance Physical interface rate limiting S...

Page 347: ...nselected state for example as the result of the cross board aggregation restriction Manual aggregation limits the number of selected ports in an aggregation group When the limit is exceeded the syste...

Page 348: ...of their ports as follows 1 Compare the actor and partner system IDs that each comprises a system LACP priority plus a system MAC address as follow First compare the system LACP priorities The system...

Page 349: ...pending on the model of your device After hardware resources become depleted link aggregation groups work in non load sharing mode n After you remove all ports but one selected port from a load sharin...

Page 350: ...350 CHAPTER 15 LINK AGGREGATION OVERVIEW...

Page 351: ...ng static aggregation group If the specified group contains ports its group type changes to manual with LACP disabled on its member ports if not its group type directly changes to manual An aggregatio...

Page 352: ...ware that after a load balancing aggregation group changes to a non load balancing group due to resources exhaustion either of the following may happen Forwarding anomaly resulted from inconsistency o...

Page 353: ...iew system view Assign a name for an aggregation group link aggregation group agg id description agg name Required None is configured by default To do Use the command Remarks Enter system view system...

Page 354: ...oup 1 DeviceA Ethernet1 1 interface ethernet 1 2 DeviceA Ethernet1 2 port link aggregation group 1 DeviceA Ethernet1 2 interface ethernet 1 3 DeviceA Ethernet1 3 port link aggregation group 1 2 In sta...

Page 355: ...cate with the equipment of other vendors The asynchronous serial interfaces of the participating parties are working in flow mode interconnected via modems 2 Provide comprehensive debugging informatio...

Page 356: ...erface Serial 2 0 on your device connects to a remote Cisco router through DCC dialup When data needs transmission from IP address 1 1 1 1 16 to IP address Quit to system view quit Configure modem thr...

Page 357: ...uter Serial2 0 dialer enable circular Router Serial2 0 dialer group 1 Router Serial2 0 dialer timer enable 5 Router Serial2 0 dialer number 666666 Router Serial2 0 quit Router user interface tty 1 Rou...

Page 358: ...358 CHAPTER 17 MODEM CONFIGURATION...

Page 359: ...cified ports to the destination mirroring port As destination mirroring ports usually have data monitoring devices connected to them you can analyze the packets duplicated to the destination mirroring...

Page 360: ...ent VLANs So make sure all the ports in a port mirroring group belong to the same VLAN before you create the port mirroring group For an existing port mirroring group removing a member port from the V...

Page 361: ...C through Device B The Server is connected to port Ethernet 1 3 of Device C It is desired to monitor the packets sent and received by Department 1 and Department 2 on the Server This can be achieved b...

Page 362: ...ation port DeviceC mirroring group 1 mirroring port ethernet 1 1 ethernet 1 2 both DeviceC mirroring group 1 monitor port ethernet 1 3 Display the configuration of all the port mirroring groups Device...

Page 363: ...user authentication support synchronous asynchronous communication and can be extended easily PPP defines a whole set of protocols including link control protocol LCP network control protocol NCP and...

Page 364: ...cket Challenge carrying its own username to the authenticatee 2 When the authenticatee receives the authentication request it looks up its local user database for a password matching to the username i...

Page 365: ...LCP will go down If the authentication succeeds it will proceed to start the network negotiation NCP In this case the LCP state is still Opened while the state of IP control protocol IPCP is changed...

Page 366: ...pology In this sense virtual template interfaces are more flexible than MP group interfaces Bundling mode can be used to distinguish multiple bundles created on a VT interface You can use the ppp mp b...

Page 367: ...vice to authenticate the peer using PAP Refer to Configuring the Local Device to Authenticate the Peer Using PAP on page 368 Optional PPP authentication is disabled by default Configure the local devi...

Page 368: ...nticate the peer using PAP ppp authentication mode pap call in domain isp name Required If this command is used without specifying the domain keyword the system default domain named system will be use...

Page 369: ...domain Configure local username ppp chap user username Required Exit to system view quit Create local user and enter local user view local user username Required Configure a password for the local use...

Page 370: ...l used for the interface in interface view In PPP address negotiation a device can also be configured to negotiate DNS address through which the device can either allocate DNS address to the peer or r...

Page 371: ...negotiation Refer to Configuring IP address negotiation on page 371 Optional Configure DNS address negotiation Refer to Configuring DNS address negotiation on page 372 Optional To do Use the command R...

Page 372: ...eer interface interface type interface number remote address ip address Required To do Use the command Remarks Enter system view system view Enter the specified domain view domain domain name Required...

Page 373: ...o up Configuration procedure Follow these steps to configure PPP link quality control Enabling the PPP Accounting Statistics Function Introduction to PPP accounting statistics PPP can generate traffic...

Page 374: ...ce the system does not look for a VT interface by username Instead it looks for the template configured by the command You must configure the interfaces to be bundled in the same way In practice you m...

Page 375: ...mp user username bind virtual template number Required Associate VT interface with MP users interface interface type interface number ppp mp Required Configure the interface encapsulated with PPP to...

Page 376: ...PP Link Efficiency Mechanism Four mechanisms are available for improving transmission efficiency on PPP links They are IP header compression IPHC Stac Lempel Ziv standard STAC LZS compression on PPP p...

Page 377: ...at can accommodate to the change of data While allowing for more flexibility this requires more CPU resources VJ TCP header compression VJ TCP header compression was defined in RFC 1144 for use on low...

Page 378: ...s at an interface at the same time the large packets are fragmented into small fragments If the interface is configured with WFQ the voice packets and these small fragments are interleaved together an...

Page 379: ...fragments ppp mp lfi delay per frag time Required 10 ms by default To do Use the command Remarks To do Use the command Display the information about an existing MP group interface display interface m...

Page 380: ...A Serial2 0 ip address 200 1 1 1 16 RouterA Serial2 0 quit RouterA domain system RouterA isp system authentication ppp local 2 Configure Router B RouterB system view RouterB interface serial 2 0 Route...

Page 381: ...system RouterA Serial2 0 ip address 200 1 1 1 16 RouterA Serial2 0 quit RouterA domain system RouterA isp system authentication ppp local 2 Configure Router B RouterB system view RouterB interface ser...

Page 382: ...ates RouterA interface virtual template 1 RouterA Virtual Template1 ip address 202 38 166 1 255 255 255 0 RouterA Virtual Template1 quit RouterA interface virtual template 2 RouterA Virtual Template2...

Page 383: ...pp mp RouterB Serial2 0 1 ppp authentication mode pap domain system RouterB Serial2 0 1 ppp pap local user router b password simple router b 3 Configure Router C Add a user for Router A RouterC system...

Page 384: ...sword of Router B RouterA system view RouterA local user rtb RouterA luser rtb password simple rtb RouterA luser rtb service type ppp RouterA luser rtb quit Create a virtual template interface and ass...

Page 385: ...rface serial 2 1 RouterB Serial2 1 link protocol ppp RouterB Serial2 1 ppp authentication mode pap domain system RouterB Serial2 1 ppp pap local user rtb password simple rtb RouterB Serial2 1 ppp mp v...

Page 386: ...IP address 8 1 1 1 RouterB ping 8 1 1 1 PING 8 1 1 1 56 data bytes press CTRL_C to break Reply from 8 1 1 1 bytes 56 Sequence 1 ttl 255 time 29 ms Reply from 8 1 1 1 bytes 56 Sequence 2 ttl 255 time 3...

Page 387: ...er rta password simple rta RouterA Serial2 1 ppp mp RouterA Serial2 1 shutdown RouterA Serial2 1 undo shutdown RouterA Serial2 1 quit Configure Serial 2 0 RouterA interface serial 2 0 RouterA Serial2...

Page 388: ...0 ppp authentication mode pap domain system RouterB Serial2 0 ppp pap local user rtb password simple rtb RouterB Serial2 0 ppp mp RouterB Serial2 0 shutdown RouterB Serial2 0 undo shutdown RouterB Ser...

Page 389: ...255 time 31 ms Reply from 8 1 1 1 bytes 56 Sequence 3 ttl 255 time 30 ms Reply from 8 1 1 1 bytes 56 Sequence 4 ttl 255 time 31 ms Reply from 8 1 1 1 bytes 56 Sequence 5 ttl 255 time 30 ms 8 1 1 1 pi...

Page 390: ...0 shutdown RouterA Serial2 0 undo shutdown RouterA Serial2 0 quit Configure the users in the domain to use the local authentication scheme RouterA domain system RouterA isp system authentication ppp l...

Page 391: ...ace Mp group 1 Mp group1 current state UP Line protocol current state UP Description Mp group1 Interface The Maximum Transmit Unit is 1500 Hold timer is 10 sec Internet Address is 111 1 1 1 24 Link la...

Page 392: ...iled in going up Solution Execute the display interface serial type number command to view the current interface statuses including serial number is administratively down line protocol is down which i...

Page 393: ...ts in Ethernet frames PPPoE is divided into two distinct phases discovery and PPP session Discovery phase When a host wants to start a PPPoE process it must first identify the MAC address of the Ether...

Page 394: ...software on the hosts Moreover all the hosts on the same LAN can share the same ADSL account Figure 99 Network diagram for PPPoE client As shown in the above figure PCs on the Ethernet are connected...

Page 395: ...en the Internet via an Ethernet interface it is necessary to configure the PPPoE session on the Ethernet interface To do Use the command Remarks Enter system view system view Create VT and enter its v...

Page 396: ...up the device will not immediately initiate PPPoE call Only when there is data transmission requirement will the router initiate PPPoE call to create a PPPoE session If the free time of a PPPoE link...

Page 397: ...ate a PPPoE session at the client end and recreate the session later reset pppoe client all dial bundle number number In user view Terminate a PPPoE session at the server end reset pppoe server all in...

Page 398: ...stem Sysname isp system authentication ppp local Add a local IP address pool containing nine IP addresses Sysname isp system ip pool 1 1 1 1 2 1 1 1 10 After these configurations you should then insta...

Page 399: ...e 1 b Configure Router B as PPPoE client RouterB system view RouterB dialer rule 1 ip permit RouterB interface dialer 1 RouterB Dialer1 dialer user user2 RouterB Dialer1 dialer group 1 RouterB Dialer1...

Page 400: ...RouterB Dialer1 quit RouterB local user user1 RouterB luser user1 password simple hello RouterB luser user1 quit Configure a PPPoE session RouterB interface ethernet 1 0 RouterB Ethernet1 0 pppoe clie...

Page 401: ...interface ethernet 2 0 RouterA Ethernet2 0 pppoe client dial bundle number 1 RouterA Ethernet2 0 quit Configure the LAN interface and the default route RouterA interface ethernet 1 0 RouterA Ethernet...

Page 402: ...1 RouterB Virtual Template1 ppp authentication mode pap domain system RouterB Virtual Template1 remote address pool 1 RouterB Virtual Template1 ip address 1 1 1 1 255 0 0 0 RouterB Virtual Template1 q...

Page 403: ...ter dialer rule 1 ip permit Router interface dialer 1 Router Dialer1 dialer user user1 Router Dialer1 dialer group 1 Router Dialer1 dialer bundle 1 Router Dialer1 ip address ppp negotiate Configure a...

Page 404: ...interface Router Dialer1 interface virtual ethernet 1 Router Virtual Ethernet1 mac 0001 0002 0003 Router Virtual Ethernet1 quit Router interface atm 1 0 1 Router atm1 0 1 pvc to_adsl_a 0 60 Router at...

Page 405: ...form special configurations on the devices In applications there are four major kinds of bridging technologies transparent bridging source route bridging SRB translational bridging and source route tr...

Page 406: ...ernet frame on bridge interface 1 it determines that Host A is attached to bridge interface 1 and creates a mapping between the MAC address of Host A and bridge interface 1 in its bridge table as show...

Page 407: ...e as shown in Figure 108 Figure 108 The final bridge table Host A Host B Host C Host D LAN segment 2 LAN segment 1 Bridge Bridge interface 1 Bridge interface 2 00e0 fcbb bbbb 00e0 fcaa aaaa Source add...

Page 408: ...st B Host C Host D LAN segment 2 LAN segment 1 Bridge Bridge interface 1 Source address Destination address 00e0 fcbb bbbb 1 00e0 fccc cccc 2 00e0 fcaa aaaa 1 00e0 fcdd dddd 2 MAC address Interface Br...

Page 409: ...C When configuring transparent bridging over PPP you need to configure PPP on the corresponding interface as the link layer protocol for interface encapsulation When configuring transparent bridging o...

Page 410: ...blishing inter VLAN transparent bridging you need to add the configured Ethernet sub interfaces into a bridge set Follow these steps to configure basic bridging functionalities For more information ab...

Page 411: ...etwork layer properties can be configured By configuring a bridge template interface you can connect the corresponding bridge set to a routed network A bridge set can have only one bridge template int...

Page 412: ...e specified network layer protocol s on bridge set bridge bridge set routing ip ipx Optional By default routing if network layer protocols is disabled bridge bridge set bridging ip ipx others To do Us...

Page 413: ...Ethernet1 0 bridge set 1 RouterB Ethernet1 0 interface atm 5 0 RouterB Atm5 0 pvc 32 50 RouterB atm pvc Atm5 0 32 50 map bridge group broadcast RouterB atm pvc Atm5 0 32 50 quit RouterB Atm5 0 bridge...

Page 414: ...multilink PPP Configure the two routers to enable transparent bridging between the two LAN segments Network diagram Figure 114 Network diagram for transparent bridging over MP configuration Configurat...

Page 415: ...R Configure the two routers to enable transparent bridging between the two LAN segments Network diagram Figure 115 Network diagram for transparent bridging over FR configuration Configuration procedur...

Page 416: ...quit RouterA interface serial 2 0 RouterA Serial2 0 link protocol x25 dce RouterA Serial2 0 x25 x121 address 100 RouterA Serial2 0 x25 map bridge x121 address 200 broadcast RouterA Serial2 0 bridge se...

Page 417: ...terB bridge 1 enable RouterB interface ethernet 1 0 RouterB Ethernet1 0 bridge set 1 RouterB Ethernet1 0 quit RouterB interface Serial 2 0 RouterB Serial2 0 link protocol hdlc RouterB Serial2 0 bridge...

Page 418: ...nable RouterB bridge 2 enable RouterB interface ethernet 1 0 RouterB Ethernet1 0 bridge set 1 RouterB Ethernet1 0 quit RouterB interface ethernet 1 1 RouterB Ethernet1 1 bridge set 2 RouterB Ethernet1...

Page 419: ...quit RouterA interface serial 2 0 1 RouterA Serial2 0 1 fr map bridge 50 broadcast RouterA Serial2 0 1 bridge set 1 RouterA Serial2 0 1 quit RouterA interface serial 2 0 2 RouterA Serial2 0 2 fr map b...

Page 420: ...ging over FR Bridge Routing Network requirements As shown in Figure 120 three host PCs are attached to Ethernet1 0 Ethernet1 1 and Ethernet1 2 of a router respectively Configure a bridge set and enabl...

Page 421: ...on rate of 64 kbit s D channel is a control channel which transmits the public channel signaling These signals are used to control the calls on the B channel of the same interface The rate of D channe...

Page 422: ...hen he can start normal calling and disconnect process otherwise the calling will fail By far there are three ways to obtain the SPID on one BRI interface over the ISDN in North America Manually input...

Page 423: ...B channel Refer to ISDN Configuration on page 421 Optional Configure ISDN B channel selection mode Refer to ISDN Configuration on page 421 Optional Configure statistics about ISDN message receiving se...

Page 424: ...tional Configure statistics about ISDN message receiving sending Refer to ISDN Configuration on page 421 Optional Configure the allowed incoming calling number Refer to ISDN Configuration on page 421...

Page 425: ...an ISDN switch the default is as follows For an incoming call the router checks the received Setup messages for the Sending Complete Information Element to determine whether or not the number is rece...

Page 426: ...al In full sending mode all the digits of each called number will be collected and sent at a time by default Table 9 Types and code schemes of ISDN numbers Protocol Field Bit value Definition Type Cod...

Page 427: ...d number 1 1 1 Reserved for extension 0 0 0 0 Unknown 0 0 0 1 ISDN telephony numbering plan Recommendation E 164 0 0 1 1 Data numbering plan Recommendation X 121 0 1 0 0 Telex numbering plan Recommend...

Page 428: ...T Rec E 164 E 163 0 0 1 0 0 0 1 International number in ISDN Telephony numbering plan ITU T Rec E 164 E 163 0 1 0 0 0 0 1 National number in ISDN Telephony numbering plan ITU T Rec E 164 E 163 0 1 1...

Page 429: ...SPID negotiation on the BRI interface adopting NI protocol isdn spid auto_trigger Optional A BRI interface does not originate a SPID negotiation request unless triggered by a call by default On the B...

Page 430: ...to set the local management ISDN B channel Configuring ISDN B Channel Selection Mode Follow these steps to configure ISDN B channel selection mode To do Use the command Remarks Enter system view syst...

Page 431: ...m view Enter specified interface view interface interface type interface number Configure the sliding window size on the PRI interface or restore the default isdn pri slipwnd size window size default...

Page 432: ...ou may need to configure permanent Q 921 link mode where the ISDN NI protocol is adopted to ensure the success of every call attempt Follow these steps to configure Q 921 permanent link mode for an IS...

Page 433: ...applicable to BRI interfaces operating in the network side mode Currently only BSV board can operate on network side This function is different from the permanent link function The former maintains t...

Page 434: ...n on an ISDN interface Display isdn active channel interface interface type interface number Available in any view Display the current status of an ISDN interface display isdn call info interface inte...

Page 435: ...rA Serial1 0 15 isdn protocol type dss1 RouterA Serial1 0 15 dialer enable circular RouterA Serial1 0 15 dialer route ip 202 38 154 2 8810154 RouterA Serial1 0 15 dialer group 1 RouterA Serial1 0 15 q...

Page 436: ...ISDN NI protocol parameter to make the B channel of BRI interface support static SPID value and set the negotiation message to be resent twice when there is no reply RouterA interface bri 2 0 RouterA...

Page 437: ...otocol ppp RouterB Bri2 0 ppp mp virtual template 5 RouterB Bri2 0 dialer enable circular RouterB Bri2 0 dialer isdn leased 0 RouterB Bri2 0 dialer isdn leased 1 RouterB Bri2 0 quit RouterB interface...

Page 438: ...able circular RouterB Bri2 0 dialer group 1 RouterB Bri2 0 dialer isdn leased 128k n You do not need to configure a dial number because setup of leased line connection does not involve dial process Af...

Page 439: ...ets 220973 bytes 0 broadcasts 0 multicasts 2 errors 0 runts 0 giants 2 CRC 0 align errors 0 overruns 0 dribbles 0 aborts 0 no buffers 0 frame errors Output 17085 packets 208615 bytes 0 errors 0 underr...

Page 440: ...n interface Bri 2 0 to obtain an address from the carrier for accessing the Internet Network diagram Figure 126 Interoperate with the DMS 100 Configuration procedure Enable IP packet triggered dial Ro...

Page 441: ...configured on interface dialer 1 allows the system to bring up another B channel automatically after bringing up a BRI link This can be done without presence of a flow control mechanism and the links...

Page 442: ...CONFIGURATION Check whether the dial up configuration is correct If dial up is correctly configured and the maintaining information Q921 send data fail L1 return failure is not output ISDN line may be...

Page 443: ...feration and infinite recycling of packets that would occur in a loop network and prevents deterioration of the packet processing capability of network devices caused by duplicate packets received In...

Page 444: ...fer to Table 10 for the description of designated bridge and designated port Figure 127 shows designated bridges and designated ports In the figure AP1 and AP2 BP1 and BP2 and CP1 and CP2 are ports on...

Page 445: ...D consisting of root bridge priority and MAC address Root path cost the cost of the shortest path to the root bridge Designated bridge ID designated bridge priority plus MAC address Designated port ID...

Page 446: ...aller the ID the higher message priority Selection of the root bridge At network initialization each STP compliant device on the network assumes itself to be the root bridge with the root bridge ID be...

Page 447: ...ice calculates a designated port configuration BPDU for each of the rest ports The root bridge ID is replaced with that of the configuration BPDU of the root port The root path cost is replaced with t...

Page 448: ...the configuration BPDU of Device B 1 0 1 BP1 Device A finds that the configuration BPDU of the local port 0 0 0 AP1 is superior to the configuration received message and discards the received configu...

Page 449: ...rmines that the configuration BPDU of BP1 is the optimum configuration BPDU Then it uses BP1 as the root port the configuration BPDUs of which will not be changed Based on the configuration BPDU of BP...

Page 450: ...uted configuration BPDU Root port CP1 0 0 0 AP2 Designated port CP2 0 10 2 CP2 Next port CP2 receives the updated configuration BPDU of Device B 0 5 1 BP2 Because the received configuration BPDU is su...

Page 451: ...better configuration BPDU in response If a path becomes faulty the root port on this path will no longer receive new configuration BPDUs and the old configuration BPDUs will be discarded due to timeo...

Page 452: ...ted root port or designated port to enter the forwarding state much quicker under certain conditions than in STP As a result it takes a shorter time for the network to reach the final topology stabili...

Page 453: ...t some basic concepts of MSTP Figure 130 Basic concepts in MSTP 1 MST region A multiple spanning tree region MST region is composed of multiple devices in a switched network and network segments among...

Page 454: ...on spanning tree CST jointly constitute the common and internal spanning tree CIST of the entire network An IST is a section of the CIST in the given MST region In Figure 130 for example the CIST has...

Page 455: ...f that device in region D0 is the boundary port of region D0 n Currently the device is not capable of recognizing boundary ports When the device interworks with a third party s device that supports bo...

Page 456: ...rwards user traffic Discarding the port neither learns MAC addresses nor forwards user traffic n When in different MST instances a port can be in different states A port state is not exclusively assoc...

Page 457: ...e CIST of the entire network 2 MSTI computing Within an MST region MSTP generates different MSTIs for different VLANs based on the VLAN to instance mappings MSTP performs a separate computing process...

Page 458: ...g the Priority of the Current Device on page 462 Optional Configuring the Maximum Hops of an MST Region on page 463 Optional Configuring the Network Diameter of a Switched Network on page 464 Optional...

Page 459: ...ptional Configuring the Timeout Factor on page 470 Optional Configuring the Maximum Transmission Rate of Ports on page 470 Optional Configuring Ports as Edge Ports on page 470 Optional Configuring Pat...

Page 460: ...instance 1 and VLAN 20 through VLAN 30 to instance 2 Sysname system view Sysname stp region configuration Sysname mst region region name info Sysname mst region instance 1 vlan 2 to 10 Sysname mst re...

Page 461: ...one root bridge in effect in a spanning tree instance If two or more devices have been designated to be root bridges of the same spanning tree instance MSTP will select the device with the lowest MAC...

Page 462: ...a legacy STP device the port connecting with the legacy STP device will automatically migrate to STP compatible mode In MSTP mode all ports of the device send out MSTP BPDUs If the device detects tha...

Page 463: ...vices beyond the maximum hops are unable to take part in spanning tree computing and thereby the size of the MST region is restricted When a device becomes the root bridge of the CIST or MSTI of an MS...

Page 464: ...diameter 6 Configuring Timers of MSTP MSTP involves three timers forward delay hello time and max age You can configure these three parameters for MSTP to calculate spanning trees Configuration proced...

Page 465: ...tting The setting of hello time forward delay and max age must meet the following formulae otherwise network instability will frequently occur 2 forward delay 1 second max age Ma x age 2 hello time 1...

Page 466: ...time thus using excessive network resources We recommend that you use the default setting Refer to Aggregation Port Group on page 349 for information about port groups Configuration example Set the ma...

Page 467: ...net1 0 to be an edge port Sysname system view Sysname interface ethernet 1 0 Sysname Ethernet1 0 stp edged port enable Configuring Whether Ports Connect to Point to Point Links A point to point link i...

Page 468: ...the port automatically distinguishes the two MSTP packet formats and determines the format of packets it will send based on the recognized format You can configure the MSTP packet format to be used by...

Page 469: ...he port state transition information of all STP instances or the specified STP instance so as to monitor the port states in real time Follow these steps to enable output of port state transition infor...

Page 470: ...ing Timers of MSTP on page 464 Configuring the Maximum Transmission Rate of Ports Refer to Configuring the Maximum Transmission Rate of Ports on page 466 Configuring Ports as Edge Ports Refer to Confi...

Page 471: ...EE 802 1t legacy The device calculates the default path cost for ports based on a private standard Follow these steps to specify a standard for the device to use when calculating the default path cost...

Page 472: ...0 as instance id you are setting the path cost of the CIST 1000 Mbps Single Port Aggregated Link 2 Ports Aggregated Link 3 Ports Aggregated Link 4 Ports 4 4 4 4 20 000 10 000 6 666 5 000 20 18 16 14 1...

Page 473: ...device the specific priority of a port depends on the index number of that port Changing the priority of an Ethernet port triggers a new spanning tree computing process Configuration example Set the...

Page 474: ...on to force the port to migrate to the MSTP or RSTP mode You can perform mCheck on a port through two approaches which lead to the same result Configuration Prerequisites MSTP has been correctly confi...

Page 475: ...in the same MST region Configuration Prerequisites Associated devices of different vendors are interconnected and run MSTP Configuration Procedure Follow these steps to configure Digest Snooping c CAU...

Page 476: ...Snooping first and then MSTP Do not enable Digest Snooping when the network works well to avoid traffic interruption Configuration Example Network requirements Device A and Device B connect to a thir...

Page 477: ...e rapid state transition mechanism on MSTP and RSTP designated ports Figure 133 Rapid state transition mechanism on the MSTP designated port Figure 134 Rapid state transition mechanism on the RSTP des...

Page 478: ...ke effect on the root port or Alternate port after enabled Configuration Example Network requirements Device A connects to a third party s device that has a different MSTP implementation Both devices...

Page 479: ...transition of these ports When these ports receive configuration BPDUs the system will automatically set these ports as non edge ports and starts a new spanning tree computing process This will cause...

Page 480: ...its original state Follow these steps to enable root guard Enabling Loop Guard n We recommend that you enable loop guard on your device By keeping receiving BPDUs from the upstream device a device ca...

Page 481: ...d that you keep this function enabled Displaying and Maintaining MSTP To do Use the command Remarks Enter system view system view Enter Ethernet interface view or port group view Enter Ethernet interf...

Page 482: ...gram for MSTP configuration View the information of port role calculation history for the specified MSTP instance or all MSTP instances display stp instance instance id history Available in any view V...

Page 483: ...region quit Define Device A as the root bridge of MST instance 1 DeviceA stp instance 1 root primary View the MST region configuration information that has taken effect DeviceA display stp region con...

Page 484: ...example DeviceC mst region instance 1 vlan 10 DeviceC mst region instance 3 vlan 30 DeviceC mst region instance 4 vlan 40 DeviceC mst region revision level 0 Configure the region name VLAN to instance...

Page 485: ...mst region revision level 0 Configure the region name VLAN to instance mappings and revision level of the MST region DeviceD mst region active region configuration DeviceD mst region quit View the MST...

Page 486: ...486 CHAPTER 23 MSTP CONFIGURATION...

Page 487: ...network performance degrades with the increasing of the number of the hosts in the network If the number of the hosts in the network reaches a certain level problems caused by collisions broadcasts an...

Page 488: ...rate on the data link layer of the OSI model they only process Layer 2 encapsulation information and the field thus needs to be inserted to the Layer 2 encapsulation information of packets The format...

Page 489: ...ormation refer to Introduction to Port Based VLAN on page 491 n The frame format mentioned here is that of Ethernet II Besides Ethernet II encapsulation other types of encapsulation including 802 2 LL...

Page 490: ...its view By default only one default VLAN that is VLAN 1 exists in the system Specify a descriptive string for the VLAN description text Optional VLAN ID used by default for example VLAN 0001 To do U...

Page 491: ...send packets for multiple VLANs used to connect either user or network devices The differences between Hybrid and Trunk port A Hybrid port allows packets of multiple VLANs to be sent without the Tag...

Page 492: ...t is in the list of VLANs allowed to pass through the port if yes tag the packet with the default VLAN ID if no discard the packet Receive the packet if the VLAN ID is in the list of VLANs allowed to...

Page 493: ...ting is effective on the current port only configured in port group view the setting is effective on all ports in the port group Enter port group view port group aggregation agg id Configure the port...

Page 494: ...n on page 89 To do Use the command Remarks Enter system view system view Enter Ethernet port view or port group view Enter Ethernet port view interface interface type interface number User either comm...

Page 495: ...Ethernet 1 0 Configure Ethernet 1 0 as a Trunk port and configure its default VLAN ID as 100 DeviceA Ethernet1 0 port link type trunk DeviceA Ethernet1 0 port trunk pvid vlan 100 Configure Ethernet 1...

Page 496: ...k port encapsulation IEEE 802 1q Port priority 0 Last 300 seconds input 0 packets sec 0 bytes sec Last 300 seconds output 0 packets sec 0 bytes sec Input total 0 packets 0 bytes 0 broadcasts 0 multica...

Page 497: ...ect voice devices to voice VLANs you can configure quality of service QOS for short attributes for the voice traffic increasing transmission priority and ensuring voice quality A device determines whe...

Page 498: ...system In manual mode the IP phone access port needs to be added to the voice VLAN manually It then identifies the source MAC address contained in the packet matches it against the OUI addresses If a...

Page 499: ...inbound port with the voice VLAN feature enabled other non voice packets will be discarded including authentication packets such as 802 1 authentication packet Normal mode both voice packets and non...

Page 500: ...nfigure the voice VLAN under manual mode To do Use the command Remarks Enter system view system view Configure the aging time of the voice VLAN voice vlan aging minutes Optional Only applicable to por...

Page 501: ...ype interface number Configure the working mode as manual undo voice vlan mode auto Required Disabled by default Add the ports in manual mode to the voice VLAN Access port Refer to Configuring the Acc...

Page 502: ...AN Network diagram Figure 141 Voice VLAN under automatic mode Configuration procedure Create VLAN 2 and VLAN 6 DeviceA system view DeviceA vlan 2 DeviceA vlan2 quit DeviceA vlan 6 DeviceA vlan6 quit C...

Page 503: ...iceA display voice vlan oui Oui Address Mask Description 0001 e300 0000 ffff ff00 0000 Siemens phone 0003 6b00 0000 ffff ff00 0000 Cisco phone 0004 0d00 0000 ffff ff00 0000 Avaya phone 0011 2200 0000...

Page 504: ...0011 2200 0000 mask ffff ff00 0000 description test Create VLAN 2 Enable voice VLAN feature for it DeviceA vlan 2 DeviceA vlan2 quit DeviceA voice vlan 2 enable Configure Ethernet 1 1 to work in manua...

Page 505: ...isco phone 0004 0d00 0000 ffff ff00 0000 Avaya phone 0011 2200 0000 ffff ff00 0000 test 00d0 1e00 0000 ffff ff00 0000 Pingtel phone 0060 b900 0000 ffff ff00 0000 Philips NEC phone 00e0 7500 0000 ffff...

Page 506: ...506 CHAPTER 25 VOICE VLAN CONFIGURATION...

Page 507: ...is created automatically by the system as Isolation Group 1 The user can neither delete this isolation group nor create any other isolation group There is no restriction on the number of ports to be a...

Page 508: ...solation configuration Configuration procedure Add ports Ethernet 1 1 Ethernet 1 2 and Ethernet 1 3 to the isolation group Enter Ethernet interface view or port group view Enter Ethernet interface vie...

Page 509: ...it Device interface ethernet 1 2 Device Ethernet1 2 port isolate enable Device Ethernet1 2 quit Device interface ethernet 1 3 Device Ethernet1 3 port isolate enable Display the information about the i...

Page 510: ...510 CHAPTER 26 PORT ISOLATION CONFIGURATION...

Page 511: ...ckup function enabled the backup link will be started automatically when the primary link disconnects causing no dialup delay excluding the time for route convergence The dynamic route backup function...

Page 512: ...mic route backup groups in one of the following two ways 1 Create multiple dynamic route backup groups which each monitors different network segment The logical relationship among these network segmen...

Page 513: ...nterfaces Router A and Router C can dial each other The telephone number of Router C is 8810052 The serial interfaces are in the network segment 10 0 0 0 8 and the BRI interfaces are in the network se...

Page 514: ...it RouterA interface serial 2 0 RouterA Serial2 0 link protocol x25 dte ietf RouterA Serial2 0 x25 x121 address 10 RouterA Serial2 0 x25 map ip 10 0 0 2 x121 address 15 broadcast RouterA Serial2 0 ip...

Page 515: ...e serial 2 0 RouterB x25 switch svc 15 interface serial 2 1 3 Configure Router C Configure a dialer rule RouterC system view RouterC dialer rule 1 ip permit Configure dialup parameters for BRI 3 0 Rou...

Page 516: ...nterfaces are in the network segment 20 0 0 0 8 As the master device of the dynamic route backup function Router A monitors the network segment 40 0 0 0 8 which is connected to Loopback1 interface of...

Page 517: ...er than that of serial interfaces RouterA interface bri3 0 RouterA Bri3 0 ospf cost 2000 RouterA Bri3 0 ospf network type broadcast Enable the dynamic route backup function RouterA Bri3 0 standby rout...

Page 518: ...etwork segment 30 0 0 0 8 on Router B Normally the X 25 link functions as the primary link between Router A and Router B When the route to the network segment where Router B resides disconnects for ex...

Page 519: ...interface serial 2 0 RouterA Serial2 0 link protocol x25 dte ietf RouterA Serial2 0 x25 x121 address 10 RouterA Serial2 0 x25 map ip 10 0 0 2 x121 address 20 broadcast RouterA Serial2 0 ip address 10...

Page 520: ...figure the interface loopback 1 RouterB interface loopback 1 RouterB Loopback1 ip address 30 0 0 1 32 RouterB Loopback1 quit Configure the dynamic routing protocol RIP RouterB rip RouterB rip 1 networ...

Page 521: ...tandby routing rule 1 ip 12 0 0 0 255 0 0 0 Bind the CE1 interface into a pri set RouterA controller E1 2 1 RouterA E1 2 1 pri set RouterA E1 2 1 quit Configure Serial 2 0 as a FR interface RouterA in...

Page 522: ...roller E1 2 1 RouterB E1 2 1 pri set RouterB E1 2 1 quit Configure Serial 2 0 as a FR interface RouterB interface serial 2 0 RouterB Serial2 0 ip address 1 0 0 2 255 0 0 0 RouterB Serial2 0 link proto...

Page 523: ...ip address 12 0 0 1 255 0 0 0 RouterB Ethernet1 2 quit Configure the dynamic routing protocol RIP RouterB rip RouterB rip 1 network 1 0 0 0 RouterB rip 1 network 2 0 0 0 RouterB rip 1 network 10 0 0...

Page 524: ...524 CHAPTER 27 DYNAMIC ROUTE BACKUP CONFIGURATION...

Page 525: ...routing technology used for interconnecting routers through public switched network PSTN or ISDN and DCC provides dial on demand service In some occasions channels are established and communication i...

Page 526: ...k interfaces Refer to IP Addressing Configuration on page 623 for detailed configurations Null Interface Introduction to Null Interface Null interfaces are completely software like logical interfaces...

Page 527: ...nterface supports IPX with a VLAN ID configured for an Ethernet sub interface the sub interface supports both IPX and IP at the same time WAN interfaces with their data link layer protocols being fram...

Page 528: ...reset command in user view to clear the statistics on the VLAN associated with the specified sub interface n For more information about the display vlan interface command and the reset command refer...

Page 529: ...view interface serial interface number Required Set the link layer protocol of the interface to frame relay link protocol fr nonstandard ietf mfr interface number Required By default the link layer p...

Page 530: ...quirements As shown in Figure 148 the encapsulation type for the VLAN ports of Switch 1 and Switch 2 is dot1q workstation A and C belong to VLAN 10 and workstation B and D belong to VLAN 20 It is requ...

Page 531: ...LAN ID for each sub interface Note that the encapsulation type of an Ethernet sub interface must be consistent with that of switch ports Router system view Router interface ethernet 3 0 10 Router Ethe...

Page 532: ...0 interface view Sysname system view Sysname interface serial 1 0 Set the link layer protocol to frame relay Sysname Serial1 0 link protocol fr Specify the frame relay terminal type as DTE Sysname Se...

Page 533: ...p interfaces are dedicated interfaces for MP and do not support other implementations Refer to PPP and MP Configuration on page 363 for more information about MP group Configuring MFR Interface An MFR...

Page 534: ...matic and transparent to users You just need to configure VPN or MP on the corresponding physical interface create and configure a VT and then associate this VT with the corresponding physical interfa...

Page 535: ...eling protocol L2TP with a VT Refer to the L2TP Configuration on page 1601 for details In MP implementations you need to associate MP users with a VT Refer to PPP and MP Configuration on page 363 for...

Page 536: ...rotocol over Ethernet over ATM PPPoEoA PPPoEoA is a structure of 3 layers the top layer is PPP the middle layer is PPP over Ethernet PPPoE and the bottom layer is PPPoEoA Note that the parameters for...

Page 537: ...intenance of a VE interface is similar to that of an Ethernet interface Refer to Maintaining and Displaying an Ethernet Interface on page 97 for the configuration procedure Refer to PPPoE Configuratio...

Page 538: ...538 CHAPTER 28 LOGICAL INTERFACE CONFIGURATION...

Page 539: ...transmission system defined by ANSI is an international standard transmission protocol It adopts optical transmission In SDH defined by CCIT today s ITU T adoption of synchronous multiplexing and fle...

Page 540: ...of payload in an STM N frame so that the receiving end can correctly extract payload Terms Multiplex Unit A basic SDH multiplex unit includes multiple containers C n virtual containers VC n tributary...

Page 541: ...x mode command is provided on CPOS interfaces This allows you to select the AU 3 or AU 4 multiplexing structure Calculating E1 T1 Channel Sequence Numbers Since CPOS interfaces adopt the byte interlea...

Page 542: ...ces result from different channel referencing approaches Overhead Byte SDH provides layered monitoring and management of precise division It provides monitoring at section and channel levels where sec...

Page 543: ...signal label byte C2 is also included in the higher order path overhead to indicate the multiplexing structure of VC frames and the property of payload for instance whether the path is carrying servi...

Page 544: ...t is SDH Set the clock mode clock master slave Optional The default is slave Set the loopback mode loopback local remote Optional Disabled by default Configure the AUG multiplexing mode multiplex mode...

Page 545: ...k mode for E1 e1 e1 number set loopback local payload remote Optional Disabled by default Configure the E1 operating mode in either approach Configure E1 to operate in unframed mode e1 e1 number unfra...

Page 546: ...isabled by default To do Use the command Remarks To do Use the command Remarks Display information about channels on a specified or all CPOS interfaces display controller cpos cpos number Available in...

Page 547: ...s of transmission and as such PPP negotiation failures and LCP anomalies Besides if an idle timeslot on a loopback serial interface on the transmission device is used in transmission the information t...

Page 548: ...548 CHAPTER 29 CPOS INTERFACE CONFIGURATION...

Page 549: ...MAC address of the destination host To this end the IP address must be resolved into the corresponding data link layer address n Unless otherwise stated the data link layer addresses that appear in t...

Page 550: ...56 The resolution process is as follows 1 Host A looks in its ARP mapping table to see whether there is an ARP entry for Host B If Host A finds it Host A uses the MAC address in the entry to encapsula...

Page 551: ...be removed 2 A static ARP entry is manually configured and maintained It cannot get aged or be overwritten by a dynamic ARP entry It can be permanent or non permanent A permanent static ARP entry can...

Page 552: ...mber of ARP entries dynamically learned on an interface Setting Aging Time for Dynamic ARP Entries After dynamic ARP entries expire the system will delete them from the ARP mapping table You can adjus...

Page 553: ...8 Because these two IP addresses are not on the same subnet VLAN interface 10 cannot process the packet With this feature enabled the device will make judgment on natural network basis Because the IP...

Page 554: ...source IP address and destination IP address are both the IP address of the sender the source MAC address is the MAC address of the sender and the destination MAC address is a broadcast address A devi...

Page 555: ...ack Configuring ARP Source Suppression Configuring Authorized ARP n This feature is only supported on Layer 3 Ethernet interfaces Introduction to Authorized ARP Authorized ARP entries are generated ba...

Page 556: ...1 1 2 24 from the DHCP server Network diagram Figure 157 Network diagram for authorized ARP configuration Configuration procedure 1 Configure Router A Configure the IP address of Ethernet 1 0 RouterA...

Page 557: ...erA Ethernet1 0 quit 2 Configure Router B RouterB system view RouterB interface ethernet 1 0 RouterB Ethernet1 0 ip address dhcp alloc RouterB Ethernet1 0 quit 3 After Router B obtains the IP address...

Page 558: ...10 1 1 RouterA dhcp pool 1 quit RouterA ip route static 10 10 1 0 24 10 1 1 2 2 Configure Router B Enable DHCP RouterB system view RouterB dhcp enable Configure the IP addresses of Ethernet 1 0 and Et...

Page 559: ...ed ARP information on Router B RouterB display arp all Type S Static D Dynamic A Authorized IP Address MAC Address VLAN ID Interface Aging Type 10 10 1 2 0012 3f86 e94c N A Eth1 1 1 A Displaying and M...

Page 560: ...60 CHAPTER 30 ARP CONFIGURATION Clear ARP entries from the ARP mapping table reset arp all dynamic static interface interface type interface number Available in user view To do Use the command Remarks...

Page 561: ...you need to enable the local proxy ARP Devices connected to different isolated layer 2 ports in the same VLAN need to implement layer 3 communication With the super VLAN function enabled devices in d...

Page 562: ...9 24 for Ethernet 1 1 2 Configure ARP on the device to enable the communication between Host A and Host D Router system view Router interface ethernet 1 0 Router Ethernet1 0 ip address 192 168 10 99 2...

Page 563: ...raffic in this configuration example so you need to configure local proxy ARP on VLAN interface 2 of the router to enable the communication between Host A and Host B If the two ports Ethernet 1 0 and...

Page 564: ...rnet 1 0 to VLAN 2 Router system view Router vlan 2 Router vlan2 port ethernet 1 0 Router vlan2 interface vlan interface 2 Router Vlan interface2 ip address 192 168 10 100 255 255 0 0 Ping Host B on H...

Page 565: ...addresses be changed accordingly Therefore related configurations on hosts become more complex Dynamic host configuration protocol DHCP was introduced to solve these problems DHCP is built on a clien...

Page 566: ...2 A DHCP server offers configuration parameters such as an IP address to the client in a DHCP OFFER message The sending mode of the DHCP OFFER is determined by the flag field in the DHCP DISCOVER mes...

Page 567: ...NAK message it will broadcast another DHCP REQUEST message for lease extension after 7 8 lease duration elapses The DHCP server will handle the request as above mentioned DHCP Message Format Figure 16...

Page 568: ...sage type lease DNS IP address WINS IP address and so forth DHCP Options DHCP Options Overview The DHCP message adopts the same format as the Bootstrap Protocol BOOTP message for compatibility but dif...

Page 569: ...on 43 in Option 55 the DHCP server returns a response message containing Option 43 to assign vendor specific information to the DHCP client The DHCP client can obtain the preboot executive environment...

Page 570: ...s in the normal padding format are sub option 1 Padded with the VLAN ID and interface number of the interface that received the client s request The following figure gives its format The value of the...

Page 571: ...calling processor which is a server serving as the network calling control source and providing program downloads Sub option 2 IP address of the backup network calling processor that DHCP clients will...

Page 572: ...572 CHAPTER 32 DHCP OVERVIEW...

Page 573: ...al interfaces and loopback interfaces The secondary IP address pool configuration is not supported on serial or loopback interfaces DHCP Snooping must be disabled on the DHCP server Introduction to DH...

Page 574: ...regardless of the mask If no IP address is available in the smallest address pool the DHCP server will fail to assign addresses to clients because it will not assign those in the father address pool...

Page 575: ...sign an IP address from the address pool of the subnet which the secondary IP address of the server s interface connected to the client belongs to or assign from the first secondary IP address if seve...

Page 576: ...address pool Task Remarks Creating a DHCP Address Pool on page 576 Required Configuring an Address Allocation Mechanism on page 576 Configuring manual address allocation on page 576 Required to confi...

Page 577: ...client cannot obtain an IP address correctly The ID of the static binding must be identical to the ID displayed by using the display dhcp client verbose command on the client Otherwise the client cann...

Page 578: ...ngs to get the host IP address You can specify up to eight DNS servers in the DHCP address pool To configure DNS servers in the DHCP address pool use the following commands To do Use the command Remar...

Page 579: ...on IP address h hybrid node A combination of peer to peer first and broadcast second The h node client unicasts the destination name to the WINS server if no response then broadcasts it to get the des...

Page 580: ...rameters specified in option 184 to the client The client then can initiate a call using parameters in Option 184 To configure option 184 parameters in the DHCP address pool use the following commands...

Page 581: ...d to specify the IP address and name of a TFTP server and the bootfile name in the DHCP address pool on the DHCP server but you do not need to perform any configuration on the DHCP client When option...

Page 582: ...ion convert the lease duration into seconds in hexadecimal notation Configuring the DHCP Server Security Functions This configuration is necessary to secure DHCP services on the DHCP server To do Use...

Page 583: ...CP server checks whether the address to be assigned is in use via sending ping packets The DHCP server pings the IP address to be assigned using ICMP If the server gets a response within the specified...

Page 584: ...ARP entries will be deleted However these ARP entries may conflict with the new static entries generated on the DHCP relay agent therefore you are recommended to delete the existing IP address leases...

Page 585: ...ystem view Enable the server to handle Option 82 dhcp server relay information enable Optional Enabled by default To do Use the command Remarks Display information about IP address conflicts display d...

Page 586: ...ss lease duration is five days domain name suffix aabbcc com DNS server address 10 1 1 2 and gateway address 10 1 1 254 and there is no WINS server address The domain name and DNS server address on th...

Page 587: ...dhcp 1 gateway list 10 1 1 126 RouterA dhcp 1 expired day 10 hour 12 RouterA dhcp pool 1 nbns list 10 1 1 4 RouterA dhcp 1 quit Configure DHCP address pool 2 address range gateway and lease duration R...

Page 588: ...ame IP address Solution 1 Disconnect the client s network cable and ping the client s IP address on another host with a long timeout time to check whether there is a host using the same IP address 2 I...

Page 589: ...or subinterfaces virtual Ethernet interfaces VLAN interfaces and serial interfaces DHCP Snooping must be disabled on the DHCP relay agent Introduction to DHCP Relay Agent Application Environment Sinc...

Page 590: ...n the giaddr field the DHCP server returns an IP address and other configuration parameters to the relay agent which conveys it to the client via broadcast DHCP Relay Agent Support for Option 82 Optio...

Page 591: ...he message Keep Random Forward the message without changing Option 82 Replace normal Forward the message after replacing the original Option 82 with the Option 82 padded in normal format verbose Forwa...

Page 592: ...The IP addresses of DHCP servers and those of relay agent s interfaces cannot be on the same subnet Otherwise the client cannot obtain an IP address A DHCP server group can correlate with one or multi...

Page 593: ...a binding on it both dynamic and static bindings If not the client cannot access outside networks via the DHCP relay agent To create a static binding and enable invalid IP address check use the follow...

Page 594: ...gure dynamic binding update interval use the following commands Configuring the DHCP relay agent to support authorized ARP A DHCP relay agent can work in cooperation with authorized ARP to block illeg...

Page 595: ...erface receiving the DHCP message The administrator can use this information to check out any DHCP unauthorized servers To enable unauthorized DHCP server detection use the following commands n With t...

Page 596: ...bled by default Configure the handling strategy for requesting messages containing Option 82 dhcp relay information strategy drop keep replace Optional replace by default Configure the padding format...

Page 597: ...roup 1 with Ethernet1 1 RouterA Ethernet1 1 quit RouterA dhcp relay server group 1 ip 10 1 1 1 RouterA interface ethernet 1 1 RouterA Ethernet1 1 dhcp relay server select 1 n Performing configuration...

Page 598: ...interface state information for locating the problem Solution Check that The DHCP is enabled on the DHCP server and relay agent The address pool on the same subnet where DHCP clients reside is availab...

Page 599: ...DHCP Client With the DHCP client enabled on an interface the interface will use DHCP to obtain configuration parameters such as an IP address from the DHCP server Enabling the DHCP Client on an Inter...

Page 600: ...cts the DHCP server via Ethernet1 1 to obtain an IP address Network diagram See Figure 170 Configuration procedure The following is the configuration on Router B shown in Figure 170 Enable the DHCP cl...

Page 601: ...HCP Snooping enabled device cannot be a DHCP server or DHCP relay agent You are not recommended to enable the DHCP client BOOTP client and DHCP Snooping on the same device Otherwise DHCP Snooping entr...

Page 602: ...ensure that DHCP clients can obtain valid IP addresses The trusted port and the port connected to the DHCP client must be in the same VLAN Displaying and Maintaining DHCP Snooping DHCP Snooping Confi...

Page 603: ...ping configuration Configuration procedure Enable DHCP snooping SwitchB system view SwitchB dhcp snooping Specify Ethernet1 1 as trusted SwitchB interface ethernet 1 1 SwitchB Ethernet1 1 dhcp snoopin...

Page 604: ...604 CHAPTER 36 DHCP SNOOPING CONFIGURATION...

Page 605: ...ient may fail to obtain an IP address Introduction to BOOTP Client BOOTP Application After you specify an interface of a device as a BOOTP client the interface can use BOOTP to get information such as...

Page 606: ...ns and Extensions for the Bootstrap Protocol Configuring an Interface to Dynamically Obtain an IP Address through BOOTP Follow these steps to configure an interface to dynamically obtain an IP address...

Page 607: ...BOOTP RouterB system view RouterB interface ethernet 1 1 RouterB Ethernet1 1 ip address bootp alloc n To make the BOOTP client to obtain an IP address from the DHCP server you need to perform additio...

Page 608: ...608 CHAPTER 37 BOOTP CLIENT CONFIGURATION...

Page 609: ...it checks its static DNS database before looking up the dynamic DNS database Reduction of the searching time in the dynamic DNS database would increase efficiency Some frequently used addresses can be...

Page 610: ...ist of suffixes which can be defined by users It is used when the name to be resolved is incomplete The resolver can supply the missing part For example a user can configure com as the suffix for aabb...

Page 611: ...y 1 A DNS client considers the DNS proxy as the DNS server and sends a DNS request to the DNS proxy that is the destination address of the request is the IP address of the DNS proxy 2 The DNS proxy se...

Page 612: ...Use the command Remarks Enter system view system view Enable dynamic domain name resolution dns resolve Required Disabled by default Configure an IP address for the DNS server dns server ip address Re...

Page 613: ...ng host com PING host com 10 1 1 2 56 data bytes press CTRL_C to break Reply from 10 1 1 2 bytes 56 Sequence 1 ttl 255 time 1 ms Reply from 10 1 1 2 bytes 56 Sequence 2 ttl 255 time 4 ms Reply from 10...

Page 614: ...e IP addresses of the interfaces see Figure 179 This configuration may vary with different DNS servers The following configuration is performed on a Windows 2000 server 1 Configure the DNS server Ente...

Page 615: ...0 Create a zone Create a mapping between host name and IP address Figure 181 Add a host In Figure 181 right click zone com and then select New Host to bring up a dialog box as shown in Figure 182 Ente...

Page 616: ...between the device and the host is normal and that the corresponding destination IP address is 3 1 1 1 Sysname ping host Trying DNS resolve press CTRL_C to break Trying DNS server 2 1 1 2 PING host c...

Page 617: ...g configuration assume that Device A the DNS server and the host are reachable to each other and the IP addresses of the interfaces are configured as shown in Figure 183 1 Configure the DNS server Thi...

Page 618: ...s Reply from 3 1 1 1 bytes 56 Sequence 4 ttl 255 time 1 ms Reply from 3 1 1 1 bytes 56 Sequence 5 ttl 255 time 1 ms host com ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss...

Page 619: ...IP accounting rule consists of an IP address and its mask namely a subnet address which is the result of ANDing the IP address with its mask IP packets are sorted as follows If a firewall is configure...

Page 620: ...al 512 by default Set the maximum number of entries in the exterior table ip count exterior threshold number Optional 0 by default Configure IP accounting rules ip count rule mask mask length Required...

Page 621: ...to 20 Router ip count exterior threshold 20 Assign Ethernet1 0 an IP address and count both incoming and outgoing IP packets on it Router interface ethernet 1 0 Router Ethernet1 0 ip address 1 1 1 2 2...

Page 622: ...le incompliant packets from a subnet comply with the new rule Information about these packets is then saved in the interior table The exterior table however may still contain information about these p...

Page 623: ...r octets in length for example 10 1 1 1 for the address just mentioned Each IP address breaks down into two parts Net id First several bits of the IP address defining a network also known as class bit...

Page 624: ...boundary between the host id and the host id Each subnet mask comprises 32 bits related to the corresponding bits in an IP address In a subnet mask the part containing consecutive ones identifies the...

Page 625: ...ing subnetted use these default masks also called natural masks 255 0 0 0 255 255 0 0 and 255 255 255 0 respectively IP Unnumbered Logically to enable IP on an interface you must assign this interface...

Page 626: ...in Figure 187 Ethernet1 0 on a router is connected to a LAN comprising two segments 172 16 1 0 24 and 172 16 2 0 24 To enable the hosts on the two network segments to access the external network throu...

Page 627: ...istics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 25 26 27 ms The information shown above indicates the router can communicate with the host on the subnet 172 1...

Page 628: ...borrowing interface always keeps consistent and varies with that of the borrowed interface That is if an IP address is configured for the borrowed interface the IP address of the borrowing interface i...

Page 629: ...r B specifying interface Serial2 1 as the outgoing interface RouterA ip route static 172 16 20 0 255 255 255 0 serial 2 1 2 Configure Router B Assign a primary IP address to Ethernet1 1 RouterB system...

Page 630: ...Sequence 4 ttl 255 time 26 ms Reply from 172 16 20 2 bytes 56 Sequence 5 ttl 255 time 26 ms 172 16 20 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg m...

Page 631: ...ackets sending Enabling the Device to Forward Directed Broadcasts Directed broadcasts refer to broadcast packets sent to a specific network In the destination IP address of a directed broadcast the ne...

Page 632: ...e the reachability between the host and Router B Network diagram Figure 189 Network diagram for forwarding directed broadcasts Configuration procedure Configure Router A Enable the interface Ethernet...

Page 633: ...llow these steps to configure TCP MSS of the interface n So far the interfaces that support this configuration include Layer 3 Ethernet interface serial port ATM interface POS interface dial port Tunn...

Page 634: ...SYN Flood attacks Attackers can perform Naptha attacks by using the six TCP connection states CLOSING ESTABLISHED FIN_WAIT_1 FIN_WAIT_2 LAST_ACK and SYN_RECEIVED and SYN Flood attacks by using only t...

Page 635: ...AIT If non FIN packets are received the system restarts the timer from receiving the last non FIN packet The connection is broken after the timer expires Size of TCP receive send buffer Follow these s...

Page 636: ...ost administration and enables a host to gradually establish a sound routing table to find out the best route 2 Sending ICMP timeout packets If the device received an IP packet with a timeout error it...

Page 637: ...kets that cause it to send ICMP error packets the device s performance will be reduced As the redirection function increases the routing table size of a host the host s performance will be reduced if...

Page 638: ...s Display socket information display ip socket socktype sock type task id socket id Display FIB forward information display fib begin include exclude string acl acl number ip prefix ip prefix name Dis...

Page 639: ...ing and interface policy routing System policy routing applies to locally generated packets instead of forwarded packets Interface policy routing applies to forwarded packets arriving on an interface...

Page 640: ...ip address default next hop clause This means that only the apply default output interface clause is executed when both are configured Either of these two clauses is executed only when no outgoing in...

Page 641: ...ptional Set the packet precedence apply ip precedence type value Optional Set outgoing interfaces apply output interface interface type interface number track track entry number interface type interfa...

Page 642: ...y ip local policy based route policy name Required Disabled by default To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Enable...

Page 643: ...dicates packets matching ACL 3102 do not go through policy routing Network diagram Figure 190 Network diagram for policy routing based on source address Configuration procedure If the device supports...

Page 644: ...et Size Network requirements Policy routing is enabled and the policy lab1 is referenced on the interface Ethernet 1 0 of Router A Packets with a size of 64 to 100 bytes are forwarded to 150 1 1 2 24...

Page 645: ...RouterA Serial2 1 quit RouterA policy based route lab1 permit node 10 RouterA policy based route if match packet length 64 100 RouterA policy based route apply ip address next hop 150 1 1 2 RouterA po...

Page 646: ...646 CHAPTER 42 IP UNICAST POLICY ROUTING CONFIGURATION...

Page 647: ...ets In other words UDP Helper functions as a relay agent that converts UDP broadcast packets into unicast packets and forwards them to a specified destination server With UDP Helper enabled the device...

Page 648: ...e default ports will not be displayed UDP Helper configuration of these ports will be displayed only after UDP Helper is disabled The configuration of all UDP ports including the default ports is remo...

Page 649: ...te from Router A to the network segment 10 2 0 0 16 is available Enable UDP Helper RouterA system view RouterA udp helper enable Enable the forwarding of broadcast packets with the UDP destination por...

Page 650: ...650 CHAPTER 43 UDP HELPER CONFIGURATION...

Page 651: ...A originates a request to the server Router B by sending a packet with a forged source IP address 2 2 2 1 8 and Router B sends a packet to the real IP address 2 2 2 1 8 in response to the request This...

Page 652: ...which check approach is taken If both a default route and the allow default route argument are configured URPF s decision depends on check approach In strict approach URPF lets the packet pass and be...

Page 653: ...lly based on data flow which is a specific application between two hosts for example the operation of using FTP to transfer a file A data flow is usually described by five tuples source IP address sou...

Page 654: ...st forwarding Displaying and Maintaining Fast Forwarding To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Enable fast forwardi...

Page 655: ...6 also called IP next generation IPng was designed by the Internet Engineering Task Force IETF as the successor to Internet protocol version 4 IPv4 The significant difference between IPv6 and IPv4 is...

Page 656: ...ion means that a host acquires an IPv6 address and related information from a server for example DHCP server Stateless address configuration means that a host automatically configures an IPv6 address...

Page 657: ...of each group are represented by four hexadecimal numbers which are separated by colons for example 2001 0000 130F 0000 0000 09C0 876A 130B To simplify the representation of IPv6 addresses zeros in I...

Page 658: ...oviders This type of address allows efficient route prefix aggregation to restrict the number of global routing entries The link local address is used for communication between link local nodes in nei...

Page 659: ...at interface Interface identifiers in IPv6 addresses are 64 bits long while MAC addresses are 48 bits long Therefore the hexadecimal number FFFE needs to be inserted in the middle of MAC addresses beh...

Page 660: ...address of a neighbor Used to verify whether the neighbor is reachable Used to perform a duplicate address detection Neighbor advertisement NA message 136 Used to respond to an NS message When the lin...

Page 661: ...hat node A and node B can communicate Neighbor reachability detection After node A acquires the link layer address of its neighbor node B node A can verify whether node B is reachable according to NS...

Page 662: ...nformation obtained through router prefix discovery The router prefix discovery is implemented through RS and RA messages The router prefix discovery procedure is as follows 1 After started a node sen...

Page 663: ...e of the forwarding device and utilize network resources rationally The path MTU PMTU discovery mechanism is to find the minimum MTU of all links in the path from the source to the destination Figure...

Page 664: ...nicast Address Allocation RFC 1981 Path MTU Discovery for IP version 6 RFC 2375 IPv6 Multicast Address Assignments RFC 2460 Internet Protocol Version 6 IPv6 Specification RFC 2461 Neighbor Discovery f...

Page 665: ...are configured manually IPv6 link local addresses can be configured in either of the following ways Automatic generation The device automatically generates a link local address for an interface accord...

Page 666: ...s because the system automatically generates one for the interface If no IPv6 site local address or aggregatable global unicast address is configured the interface has no link local address The manual...

Page 667: ...d may lead to the forwarding performance degradation of the device Therefore you can restrict the size of the neighbor table by setting the maximum number of neighbors that an interface can dynamicall...

Page 668: ...prefix information issued by the router O flag This field determines whether hosts use the stateful autoconfiguration to acquire information other than IPv6 addresses If the O flag is set to 1 hosts u...

Page 669: ...figure the prefix information options in RA messages ipv6 nd ra prefix ipv6 prefix prefix length ipv6 prefix prefix length valid lifetime preferred lifetime no autoconfig off link Optional By default...

Page 670: ...can configure a static PMTU for a specified destination IPv6 address When a source host sends packets through an interface it compares the interface MTU with the static PMTU of the specified destinati...

Page 671: ...ved the TCP connection status becomes TIME_WAIT If other packets are received the finwait timer is reset from the last received packet and the connection is terminated after the finwait timer expires...

Page 672: ...updating the number of tokens in the token bucket to the configured capacity One token allows one ICMPv6 error packet to be sent Each time an ICMPv6 error packet is sent the number of tokens in a toke...

Page 673: ...resolution function In addition you should configure a DNS server so that a query request message can be sent to the correct server for resolution The system can support at most six DNS servers You c...

Page 674: ...splay dns ipv6 dynamic host Display IPv6 DNS server information display dns ipv6 server dynamic Display the IPv6 FIB entries display ipv6 fib ipv6 address Display the total number of routes in the IPv...

Page 675: ...Configure interface Ethernet 1 0 to automatically generate a link local address RouterA interface ethernet 1 0 RouterA Ethernet1 0 ipv6 address auto link local Configure an EUI 64 address for interfa...

Page 676: ...ggregatable global unicast address for interface Ethernet 1 0 RouterB Ethernet1 0 ipv6 address 3001 2 64 Enable the stateless address autoconfiguration function on Ethernet 1 0 RouterB Ethernet1 0 ipv...

Page 677: ...can be pinged c CAUTION When you ping a link local address you should use the i parameter to specify an interface for the link local address RouterA Ethernet1 0 ping ipv6 FE80 20F E2FF FE00 2 i ethern...

Page 678: ...tes 56 Sequence 1 hop limit 64 time 4 ms Reply from 4001 20F E2FF FE00 2 bytes 56 Sequence 2 hop limit 64 time 2 ms Reply from 4001 20F E2FF FE00 2 bytes 56 Sequence 3 hop limit 64 time 2 ms Reply fro...

Page 679: ...the border between IPv4 and IPv6 networks The NAT PT process is implemented on the device which is transparent to both IPv4 and IPv6 networks Users between IPv6 networks and IPv4 networks can communi...

Page 680: ...namic IP address translation With NAPT PT different IPv6 addresses can correspond to one IPv4 address Different IPv6 hosts are distinguished by different port numbers so that these IPv6 hosts can shar...

Page 681: ...e packet are translated into IPv6 addresses the NAT PT device forwards the packet to the IPv6 host Meanwhile the IPv4 to IPv6 address mapping is stored in the NAT PT device 4 After packets originated...

Page 682: ...as been referenced by another command you need to cancel the reference configuration first Configuring Mappings for IPv4 Hosts Accessing IPv6 Hosts Mappings for IPv4 hosts accessing IPv6 hosts refer t...

Page 683: ...address pool or an IPv4 address of the specified interface The device provides four types of dynamic mappings Combination 1 Combination of an IPv6 ACL with an address pool If the source IPv6 address...

Page 684: ...v6 packet is sent from an IPv6 network to an IPv4 network if the dynamic NAT PT of combination 1 or 3 is set the NAT PT device will select an IPv4 address from the NAT PT address pool as the source IP...

Page 685: ...v6bound dynamic acl6 number acl number address group address group no pat Configure any of the four types of dynamic mappings Define a dynamic IPv6 to IPv4 mapping rule as follows If the source IPv6 a...

Page 686: ...a FINRST packet 5 seconds for a FRAG packet 20 seconds for a ICMP packet 240 seconds for a SYN packet 40 seconds for a UDP packet and 86400 seconds for a TCP packet To do Use the command Remarks To do...

Page 687: ...terface serial 2 0 RouterC Serial2 0 ipv6 address 2001 2 64 RouterC Serial2 0 quit Configure a default route to Router B RouterC ipv6 route static 3001 16 2001 1 Configure Router B Display the NAT PT...

Page 688: ...the ping ipv6 3001 0800 0002 command on Router C after completing the configurations above you should receive a response packet At this time you can see on Router B the established NAT PT session Rout...

Page 689: ...B Serial2 0 quit RouterB interface serial 2 1 RouterB Serial2 1 ipv6 address 2001 1 64 RouterB Serial2 1 natpt enable RouterB Serial2 1 quit Configure a NAT PT prefix RouterB natpt prefix 3001 Configu...

Page 690: ...005 0 8 0 0 2 0 Troubleshooting NAT PT Symptom NAT PT is abnormal Solution Enable debugging for NAT PT Locate the fault according to the debugging information of the device and then make further judgm...

Page 691: ...oth IPv4 and IPv6 either TCP or UDP can be selected at the transport layer while IPv6 stack is preferred at the network layer Figure 204 illustrates the IPv4 IPv6 dual stack in relation to the IPv4 st...

Page 692: ...pecify an IPv6 address ipv6 address ipv6 address prefix length ipv6 address prefix lengt h Use either command By default no local address or global unicast address is configured on an interface Config...

Page 693: ...d in address resolution and processing but also lead to high level application failures Furthermore they will still face the problem that IPv4 addresses will eventually be used up Internet protocol ve...

Page 694: ...tocol stack refer to Dual Stack Configuration on page 691 For related configuration about NAT PT refer to Configuring NAT PT on page 681 In addition the device supports IPv6 on the provider edge route...

Page 695: ...ket and forward it to the eventual destination after the IPv6 packet reaches the tunnel destination In this case the IPv4 address of the tunnel destination cannot be acquired from the destination addr...

Page 696: ...cimal notation For example 1 1 1 1 can be represented by 0101 0101 The tunnel destination is automatically determined by the embedded IPv4 address which makes it easy to create a 6to4 tunnel Since the...

Page 697: ...connections between IPv6 routers or between a host and an IPv6 router in the IPv4 network Figure 207 Principle of ISATAP tunnel 5 GRE tunnel IPv6 packets can be carried over GRE tunnels to pass throug...

Page 698: ...rotocol stack for processing The IP protocol stack determines the outgoing interface of the tunnel according to the IP header Decapsulation Contrary to the encapsulation process the decapsulation proc...

Page 699: ...the IPv6 module for processing 2 If the passenger protocol is IPv4 or IPv6 the packet is sent to the tunnel processing module for decapsulation 3 The decapsulated packet is sent to the corresponding...

Page 700: ...tasks to configure the tunneling feature Configuring an IPv6 Manually Configured Tunnel Configuration Prerequisites IP addresses are configured for interfaces such as VLAN interface Ethernet interface...

Page 701: ...ngth Required Use any command By default no IPv6 global unicast address or site local address is configured for the tunnel interface ipv6 address ipv6 address prefix length eui 64 Configure a link loc...

Page 702: ...nterfaces at both ends For related configurations refer to Static Routing and Dynamic Routing on page 817 The destination address of the route configured on the tunnel interface and the address of the...

Page 703: ...Ethernet 1 0 RouterB Tunnel0 destination 192 168 100 1 RouterB Tunnel0 tunnel protocol ipv6 ipv4 Configuration verification After the above configurations display the status of the tunnel interfaces...

Page 704: ...statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 1 15 31 ms Configuring Automatic IPv4 Compatible IPv6 Tunnel Configuration Prerequisites IP addresses are...

Page 705: ...number or network address at the local end of the tunnel Such a route must be configured at both ends of the tunnel Configure an IPv6 address for the tunnel interface Configure an IPv6 global unicast...

Page 706: ...the IPv4 compatible IPv6 address Configuration on Router A Enable the IPv6 forwarding function RouterA system view RouterA ipv6 Configure a serial address RouterA interface serial 2 0 RouterA Serial2...

Page 707: ...s RouterB display ipv6 interface tunnel 0 Tunnel0 current state UP Line protocol current state UP IPv6 is enabled link local address is FE80 201 102 Global unicast address es 2 1 1 2 subnet is 96 Join...

Page 708: ...re an IPv6 global unicast address or site local address ipv6 address ipv6 address prefix length ipv6 address prefix length Required Use either command By default no IPv6 global unicast address or site...

Page 709: ...ting When you configure a static route you need to configure a route to the destination address the destination IP address of the packet instead of the IPv4 address of the tunnel destination and set t...

Page 710: ...rnet1 1 quit Configure a 6to4 tunnel RouterA interface tunnel0 RouterA Tunnel0 ipv6 address 2002 201 101 1 64 RouterA Tunnel0 source ethernet 1 0 RouterA Tunnel0 tunnel protocol ipv6 ipv4 6to4 RouterA...

Page 711: ...Host B from Host A or ping Host A from Host B D ping6 s 2002 201 101 1 2 2002 501 101 1 2 Pinging 2002 501 101 1 2 from 2002 201 101 1 2 with 32 bytes of data Reply from 2002 501 101 1 2 bytes 32 time...

Page 712: ...ing function RouterA system view RouterA ipv6 Configure an IPv4 address for Ethernet1 0 RouterA interface ethernet 1 0 RouterA Ethernet1 0 ip address 2 1 1 1 255 255 255 0 RouterA Ethernet1 0 quit Con...

Page 713: ...t 1 0 RouterB Ethernet1 0 ip address 6 1 1 1 255 255 255 0 RouterB Ethernet1 0 quit Configure a route from Ethernet1 0 of Router A to Ethernet1 0 of Router B Here the next hop address of the static ro...

Page 714: ...tination address is reachable Configuration Procedure Follow these steps to configure an ISATAP tunnel To do Use the command Remarks Enter system view system view Enable the IPv6 packet forwarding fun...

Page 715: ...umber or network address at the local end of the tunnel Such a route must be configured at both ends of the tunnel Configuration Example Network requirements The destination address of a tunnel is an...

Page 716: ...acquire information such as the address prefix from the RA message released by the ISATAP router Router Tunnel0 undo ipv6 nd ra halt Configuration on the ISATAP host The specific configuration on the...

Page 717: ...uires the address prefix 2001 64 and automatically generates the address 2001 5efe 2 1 1 2 Meanwhile uses Router Discovery is displayed indicating that the router discovery function is enabled on the...

Page 718: ...ntents in Static Routing and Dynamic Routing on page 817 Configuration Example Network requirements The two subnets Group 1 and Group 2 running IPv4 are interconnected via an IPv4 over IPv4 tunnel bet...

Page 719: ...tunnel 1 Configure an IPv4 address for the interface tunnel 1 RouterA Tunnel1 ip address 10 1 2 1 255 255 255 0 Configure the tunnel encapsulation mode RouterA Tunnel1 tunnel protocol ipv4 ipv4 Confi...

Page 720: ...el 2 IP address of Serial 2 1 RouterB Tunnel2 source 3 1 1 1 Configure a destination address for the interface tunnel 2 IP address of Serial2 0 of Router A RouterB Tunnel2 destination 2 1 1 1 RouterB...

Page 721: ...s 56 Sequence 1 ttl 255 time 15 ms Reply from 10 1 3 1 bytes 56 Sequence 2 ttl 255 time 15 ms Reply from 10 1 3 1 bytes 56 Sequence 3 ttl 255 time 16 ms Reply from 10 1 3 1 bytes 56 Sequence 4 ttl 255...

Page 722: ...page 817 Configuration Example Network requirements The two subnets Group 1 and Group 2 of the private network running IPv4 are interconnected over the IPv6 network by using an IPv4 over IPv6 tunnel b...

Page 723: ...ess 2002 1 1 64 RouterA Serial2 0 quit Create the interface tunnel 1 RouterA interface tunnel 1 Configure an IPv4 address for the interface tunnel 1 RouterA Tunnel1 ip address 30 1 2 1 255 255 255 0 C...

Page 724: ...nterface tunnel 2 Configure an IPv4 address for the interface tunnel 2 RouterB Tunnel2 ip address 30 1 2 2 255 255 255 0 Configure the tunnel encapsulation mode RouterB Tunnel2 tunnel protocol ipv4 ip...

Page 725: ...st 300 seconds input 0 bytes sec 0 packets sec Last 300 seconds output 0 bytes sec 0 packets sec 0 packets input 0 bytes 0 input error 0 packets output 0 bytes 0 output error Ping the IPv4 address of...

Page 726: ...fix lengt h eui 64 Configure an IPv6 link local address ipv6 address auto link local ipv6 address ipv6 address link local Set the tunnel to an IPv6 over IPv6 tunnel tunnel protocol ipv6 ipv6 Optional...

Page 727: ...ute must be configured at both ends of the tunnel For related configurations refer to Static Routing and Dynamic Routing on page 817 Only the IPv6 over IPv6 tunnel has a maximum number of nested encap...

Page 728: ...1 of Router B RouterA Tunnel1 destination 2002 22 1 RouterA Tunnel1 quit Configure a static route from Router A through the interface tunnel 1 to Group 2 RouterA ipv6 route static 2002 3 64 tunnel 1...

Page 729: ...ace Tunnel1 Tunnel1 current state UP Line protocol current state UP IPv6 is enabled link local address is FE80 100 1320 Global unicast address es 2002 2 1 subnet is 2002 2 64 Joined group address es F...

Page 730: ...tination address and tunnel type the tunnel interface is still not up Solution Follow the steps below 1 The common cause is that the physical interface of the tunnel source is not up Use the display i...

Page 731: ...nly instead of forwarded packets In most cases interface policy routing applies Interface policy routing applies to incoming packets on an interface instead of locally generated packets for example pi...

Page 732: ...on based forwarding Enables IPv6 destination based forwarding If this clause is configured denied packets can still be forwarded through matching a route in the routing table If not denied packets are...

Page 733: ...tch mode of a policy node is deny no apply clauses will be executed Packets that passed the match criteria are routed through the routing table so neither debug information nor statistics for the deni...

Page 734: ...e interface Serial 2 0 To do Use the command Remarks Enter system view system view Enable IPv6 system policy routing and reference a policy ipv6 local policy based route policy name Required Not enabl...

Page 735: ...it ipv6 Router acl6 adv 3002 quit Define Node 5 of policy aaa so that TCP packets are forwarded to the interface Serial 2 0 Router ipv6 policy based route aaa permit node 5 Router pbr6 aaa 5 if match...

Page 736: ...terA ripng 1 quit RouterA interface serial 2 0 RouterA Serial2 0 ipv6 address 150 1 64 RouterA Serial2 0 ripng 1 enable RouterA Serial2 0 quit RouterA interface serial 2 1 RouterA Serial2 1 ipv6 addre...

Page 737: ...ength 101 1000 RouterA pbr6 lab1 20 apply ipv6 address next hop 151 2 2 Configure Router B Configure RIPng RouterB system view RouterB ipv6 RouterB ripng 1 RouterB ripng 1 quit RouterB interface seria...

Page 738: ...738 CHAPTER 50 IPV6 UNICAST POLICY ROUTING CONFIGURATION...

Page 739: ...ion and so on An FEP can be a Unix server or a Linux server Once a TCP connection is established the router functioning as either the terminal access initiator or receiver can transparently transmit t...

Page 740: ...creen saving Introduction to RTC Terminal Access The initiator and receiver of RTC terminal access are routers RTC terminal access is another typical application of terminal access It interconnects a...

Page 741: ...he outlet and the branch The orange dotted line represents RTC terminal access Router B acts as an RTC client and Router A the RTC server Router B initiates monitoring requests and Router A upon recei...

Page 742: ...n page 746 TTY Telnet For Telnet terminal access only the connectivity test between the terminal and the router is supported Data send delay on page 746 All TCP buffer parameter configuration on page...

Page 743: ...r is changed and the authentication fails if source IP address binding is not implemented To avoid such failures configure source IP address binding on the router to use a fixed IP address to establis...

Page 744: ...ed If the original operating interface is lost due to a fault the operator can use the terminal redrawing function to recover it VTY redrawing You can set the VTY redrawing hotkey on the router When a...

Page 745: ...to the receiver after the specified period If the automatic link establishment function is disabled on the terminal a link needs to be established manually In this mode the initiator establishes a TCP...

Page 746: ...ving data from the terminal until all the data is sent successfully Generally you need to enable this function only when the transmission rate between the router and the FEP is less than that between...

Page 747: ...rform password authentication for RTC clients to enhance security Authentication succeeds only when the passwords configured on the RTC server and the RTC client are the same Terminal access multi ins...

Page 748: ...is number is subject to the number of router interfaces available for terminal access For TTY terminal access this number is also subject to the number of FEPs that can be configured 2 Maximum number...

Page 749: ...e templates at the same time and apply the templates on different interfaces Note that only one template can be applied on one interface Complete the following tasks to configure terminal access TTY T...

Page 750: ...ynchronous serial interface operates in the protocol mode and an AUX interface the flow mode Apply the template to the interface rta terminal template name terminal number Required Exit interface view...

Page 751: ...ze driverbuf size size Optional 8 KB by default Configure the TCP connection idle timeout time idle timeout seconds Optional 0 seconds by default that is the connection never times out Configure the m...

Page 752: ...TTY terminal access is an FEP The main program of terminal access at an FEP is the program ttyd ttyd executable which implements the data Configure the VTY redrawing hotkey redrawkey ascii code 1 3 O...

Page 753: ...ress to be bound is 2 2 2 1 32 Network diagram Figure 224 Network diagram for TTY terminal access configuration Configuration procedure Perform the following configuration in one to one mode Configure...

Page 754: ...e Configure the receiver Unix server Perform the following configuration by referring to FEP Installation and Configuration on page 771 The following uses SCO OpenServer Unix as an example 1 Edit the...

Page 755: ...Required Disabled by default Create a terminal template and enter terminal template view rta template template name Required Configure a Telnet VTY vty vty number telnet remote ip address port number...

Page 756: ...lock Optional Disabled by default Configure the terminal data send delay data send delay milliseconds Optional 0 milliseconds by default that is there is no send delay Configure the router not to clea...

Page 757: ...ation command before using this command Configure the language of the print information print language chinese english Optional Chinese by default Set the terminal reset hotkey resetkey ascii code 1 3...

Page 758: ...ple for Telnet Terminal Access Network requirements Consider two Unix FEPs whose IP addresses are 10 110 96 53 and 10 110 96 54 respectively and whose port numbers are 23 A Star terminal is used at th...

Page 759: ...late to the asynchronous serial interface Sysname interface async 1 0 Sysname Async1 0 async mode flow Sysname Async1 0 rta terminal temp2 3 Sysname Async1 0 quit Configure software flow control Sysna...

Page 760: ...55 Follow these steps to perform advanced RTC initiator RTC Client configuration To do Use the command Remarks Enter system view system view Enable terminal access on the router rta server enable Requ...

Page 761: ...rminal buffer after a TCP connection is established driverbuf save Optional By default the router clears the terminal receive buffer after a TCP connection is established Configure the terminal receiv...

Page 762: ...plate is applied you need to remove the application of the terminal template and apply the terminal template again for the receive buffer size to take effect The ASCII value of the hotkey must be diff...

Page 763: ...ta server enable Required Configure the listening port rta rtc server listen port port number Required Not configured by default Create a terminal template and enter terminal template view rta templat...

Page 764: ...driverbuf size number Optional 8 KB by default Configure the TCP connection idle timeout time idle timeout seconds Optional 0 seconds by default that is the connection never times out Configure to pr...

Page 765: ...f you configure the receive buffer size after a terminal template is applied you need to remove the application of the terminal template and apply the terminal template again for the receive buffer si...

Page 766: ...e and enter its view Sysname rta template rtcserver Configure the VTY Sysname rta template rtcserver vty 0 rtc server remote 10 111 0 12 1 Sysname rta template rtcserver vty 0 password simple 123 Appl...

Page 767: ...tively connected to the interface Async1 0 on PE A and PE B It is required to monitor CE B in real time through CE A The terminal numbers of PE A and PE B are 2 The listening port of the RTC server is...

Page 768: ...the RTC client Configure MPLS L3VPN For details see MPLS L3VPN Configuration on page 1459 Bind Loopback1 to VPNA PEA interface loopback 1 PEA LoopBack1 ip address 169 254 2 1 32 PEA LoopBack1 ip bind...

Page 769: ...al Access Configuration To do Use the command Remarks Display specified terminal access information display rta all statistics terminal number brief detail statistics vty number Available in any view...

Page 770: ...770 CHAPTER 51 TERMINAL ACCESS CONFIGURATION...

Page 771: ...program A Unix FEP supports up to 250 terminals A Linux FEP supports up to 150 terminals Installing and Configuring SCO OpenServer Server Installing Device Drivers Using a floppy disk The following de...

Page 772: ...ng FTP You can also use FTP to install the ttyd programs The following describes the installation procedure using FTP on a Windows system 1 Place the ttyd programs in a directory You must place the tt...

Page 773: ...ocal installation 3 Select Media Images for Media Device 4 In Image Directory enter the directory holding the installation file this example assumes VOL 000 000 is placed in the directory build Press...

Page 774: ...ing a new kernel Modifying the maximum number of files a process can open By default each SCO OpenServer Unix process can open up to 110 files If a Unix server is to be connected with more than 50 ter...

Page 775: ...After adding the line execute the init q command to bring the configuration into effect init q In addition you can use the enable command to configure a pseudo terminal as an active terminal or use t...

Page 776: ...ether the ttyd program automatically calls the getty program It can be 0 meaning that it is configured in the inittab system configuration file that the system is responsible for calling the getty pro...

Page 777: ...them in the same line and make sure the access period is configured before the authentication See the following example ttyp30 10 110 96 44 1 accesstime 1 8 00 18 00 mac 02 f3 22 3e 2e 01 ttyp30 10 11...

Page 778: ...rror does not affect too many applications Modifying Route Configuration File In terminal access the router is usually connected to the Unix server through WANs and therefore located on an IP subnet d...

Page 779: ...tyd process launched for its parent process is 1 Processes 8312 and 8313 correspond to asynchronous interfaces with the terminal numbers of 6 and 7 on router 10 110 96 44 respectively and their parent...

Page 780: ...ntering complex commands manually You can also add your own shell commands into the ttyadm program as desired c CAUTION The programs ttyadm ttyd and ttyadmcmd must be placed under the same directory A...

Page 781: ...e name at the prompt 2 Display ttyd processes From the process management submenu select option 2 to display the ttyd processes running in the system The screen displays the following information Main...

Page 782: ...process The output directory of the ttyd debugging file s is var ttydlist by default The debugging file of the main ttyd process is named in the format of ttydxxxx log where xxxx is the number for the...

Page 783: ...ess management submenu select option 7 to display the following information Enter the port No in the configuration file Here when you enter the corresponding listening port number the configuration of...

Page 784: ...3 2v5 0 5 i80386 07 15 2002 14 33 16 usr sys wio idle u 14 33 17 0 0 0 100 14 33 18 0 0 0 100 14 33 19 0 0 0 100 14 33 20 0 0 0 100 14 33 21 0 0 0 100 Average 0 0 0 100 Press Enter to return 2 Displa...

Page 785: ...ry 8000 00KB streams memory in use 1103 09KB maximum streams memory used 1569 64KB 4 Return to the main menu From the system resource submenu selection option 0 to return to the main menu Displaying r...

Page 786: ...STATE APP_TYPE APP_NAME 1 10 110 96 53 9998 Kept Special sco1 2 10 110 96 53 9997 Kept Normal sco2 3 10 110 96 53 9900 Kept Special sco3 6 10 110 96 53 9998 Linked Special sco4 4 Display detailed tty...

Page 787: ...kets written to pty 2 Total number of bytes written to pty 2 Number of bytes last written to pty 1 Time when pty was last written to 2002 07 15 13 59 43 Press Enter to return Editing ttyd configuratio...

Page 788: ...rocess can open up to 64 files If a Unix server is to be connected with a large number of terminals usually more than 50 you are recommended to change the value to 400 To do so use the following comma...

Page 789: ...ting ttyd on page 779 Enabling ttyd autorun at system startup Refer to Enabling ttyd autorun at system startup on page 779 Installing and Using ttyd Administration Program ttyadm Refer to Installing a...

Page 790: ...d check whether this file contains the following line T1 234 respawn etc getty ttyp50 If the line is absent add it In the sample line T1 is the identifier of the line Each line in the file inittab mus...

Page 791: ...h smit smit 2 Select Devices 3 Select PTY 4 Select Maximum number of BSD Pseudo Terminals and set it to 256 Now the number of supported pseudo terminals is 256 n Adding pseudo terminals on the IBM AIX...

Page 792: ...ting the ttyd Configuration File Refer to Editing the ttyd Configuration File on page 775 Modifying Route Configuration File The terminal access router is usually connected to the Unix server through...

Page 793: ...ice Now the number of pseudo terminals is 256 in the directories dev pty and dev ptym Link the added devices to dev as follows ln dev pty ttyy0 dev ttyy0 ln dev ptym ptyy0 dev ptyy0 Modifying the maxi...

Page 794: ...ddition init q Editing ttyd Configuration File Refer to Editing the ttyd Configuration File on page 775 Modifying Route Configuration File The terminal access router is usually connected to the Unix s...

Page 795: ...nux Server Installing Device Drivers Using the floppy disk Refer to Using a floppy disk on page 771 Using FTP Refer to Using FTP on page 772 Configuration Prerequisites Setting the maximum number of o...

Page 796: ...e than four characters In system configuration file inittab the third column of a line is respawn for an active terminal and off for a dumb terminal The available pseudo terminals include ttyxy where...

Page 797: ...ore located on an IP segment different from that of the Unix server in which case you must configure a route on the Unix server The following example shows how to do so route add net 10 110 96 0 netma...

Page 798: ...798 CHAPTER 52 FEP INSTALLATION AND CONFIGURATION...

Page 799: ...urred Press a key on the terminal to initiate a new connection 6 TTY tty number vty number success to connect with server name A TCP connection is established between the router and the Unix server 7...

Page 800: ...whether the router and Unix server can ping each other on page 802 If the TCP connection between the terminal and the Unix server is correct the terminal screen displays Terminal to Unix test OK This...

Page 801: ...able and the other end is a DB 25 receptacle for connecting to a terminal The following table describes the pins of the terminal access converter The common terminal access connection in banking syste...

Page 802: ...e flow control signal lines are absent you must use the flow control none or flow control software inbound command on the asynchronous interface to not detect hardware flow control signals by adopting...

Page 803: ...ent on page 803 or Prompts on Terminals on page 799 The main ttyd process and its child processes exist The ttyd program has been started and a TCP connection has been established between the router a...

Page 804: ...dev ttypxx This command sends the string 123456789 to the terminal ttypxx xx indicates the terminal index If the string appears on the terminal a TCP connection has been established between the applic...

Page 805: ...in the configuration file ttyd conf The debugging file of the main ttyd process is named in the format of ttydxxxx log where xxxx is the number of the listening port of the main process The debugging...

Page 806: ...write data to the socket 12 Fail child process exit for out of time range Cause The user was accessing the Unix server out of the defined periods 13 Fail Failed in opening pty5 out of devices Cause Fa...

Page 807: ...its configuration in the configuration file of the banking service 2 Modify configuration file ttyd conf on the Unix server to change the original pseudo terminal to a new pseudo terminal If the new p...

Page 808: ...808 CHAPTER 53 TERMINAL ACCESS TROUBLESHOOTING...

Page 809: ...es 32 0 32 2734 29 0 class 6 2048 bytes 274 182 92 6460 273 0 class 7 4096 bytes 171 170 1 185 171 0 class 8 8192 bytes 5 0 5 70 5 0 class 9 16384 bytes 2 0 2 3 2 0 class 10 32768 bytes 0 0 0 0 0 0 cl...

Page 810: ...s the steps 1 Kill all the current main and child ttyd processes 2 Modify pseudo terminal names in configuration file ttyd conf for example Original ttyp30 10 110 96 11 0 Modified ttya0 10 110 96 11 0...

Page 811: ...rvice process is abnormal and if necessary kill the process If the rate is not high open the ttyd configuration file to examine whether the sendsize and readsize options are properly configured For lo...

Page 812: ...e address binding configured the router IP address configured on the Unix server must be the bound IP address Verify that correct routes are configured on both the router and Unix server Illegible cha...

Page 813: ...ver uses the many to one mode and the router uses one to one mode The terminal connected to a credit card IC card swipe reader does not work Check the hardware versions of the interface modules using...

Page 814: ...814 CHAPTER 54 TERMINAL ACCESS FAQ...

Page 815: ...connected destination Routes in a routing table can be divided into three categories by origin Direct routes Routes discovered by data link protocols also known as interface routes Static routes Route...

Page 816: ...The destination is a subnet Host routes The destination is a host Based on whether the destination is directly connected to a given router routes can be divided into Direct routes The destination is d...

Page 817: ...large networks Its disadvantages are that it is complicated to configure and that it not only imposes higher requirements on the system but also eats away a certain amount of network resources Classi...

Page 818: ...ting protocols Includes PIM SM and PIM DM This chapter focuses on unicast routing protocols For information on multicast routing protocols refer to Multicast Overview on page 1085 Version of IP protoc...

Page 819: ...oute backup can help improve network reliability With route backup you can configure multiple routes to the same destination expecting the one with the highest priority to be the main route and all th...

Page 820: ...orwards Configuring Bandwidth based Non Balanced Load Sharing Follow these steps to enable bandwidth based non balanced load sharing n Bandwidth based non balanced load sharing does not support the lo...

Page 821: ...out bandwidth based load sharing display loadsharing ip address ip address mask Available in any view Clear statistics for the routing table or a VPN routing table reset ip routing table statistics pr...

Page 822: ...width KB Flow s Interface 10 1 1 2 763851 100000 0 Ethernet0 0 10 1 2 2 1193501 155000 0 Atm1 0 10 1 3 2 15914 2048 0 Serial2 0 The display shows that packets are load shared according to their defaul...

Page 823: ...1 0 24 There are is totally 3 route entry s to the same destination network Nexthop Packet s Bandwidth KB Flow s Interface 10 1 2 2 142824 100 0 Atm1 0 10 1 1 2 285648 200 0 Ethernet0 0 10 1 3 2 4284...

Page 824: ...824 CHAPTER 55 IP ROUTING OVERVIEW...

Page 825: ...2 RFC1163 and BGP 3 RFC1267 The current version in use is BGP 4 RFC1771 BGP 4 is rapidly becoming the defacto Internet exterior routing protocol standard and is commonly used between ISPs The charact...

Page 826: ...when it runs between ASs Formats of BGP Messages Header BGP message involves five types Open message Update message Notification message Keep alive message Route refresh message They have the same hea...

Page 827: ...dentifying the BGP router Opt Parm Len Optional Parameters Length Length of optional parameters set to 0 if no optional parameter is available Update Update message is used to exchange routing informa...

Page 828: ...ormation is encoded as one or more 2 tuples of the form length prefix Notification A Notification message is sent when an error is detected The BGP connection is closed immediately after sending it No...

Page 829: ...hree types IGP Has the highest priority Routes added to the BGP routing table using the network command have the IGP attribute EGP Has the second highest priority Routes obtained via EGP have the EGP...

Page 830: ...0 0 In some applications you can apply a routing policy to control BGP route selection by modifying the AS path length By configuring an AS path filtering list you can filter routes based on AS numbe...

Page 831: ...the smallest MED value the best route if other conditions are the same As shown below traffic from AS 10 to AS 20 travels through Router B that is selected according to MED Figure 238 MED attribute In...

Page 832: ...the Internet community Routes with this attribute can be advertised to all BGP peers No_Export After received routes with this attribute cannot be advertised out the local AS or out the local confeder...

Page 833: ...ble route to reach a next hop is route recursion Currently the system supports BGP load balancing based on route recursion namely if reliable routes are load balanced suppose three next hop addresses...

Page 834: ...BGP peers including both EBGP and IBGP peers A BGP speaker does not advertise routes learned from IBGPs to IBGP peers A BGP speaker advertises routes learned from IBGPs to EBGP peers Note that if info...

Page 835: ...table size By summarizing multiple routes with one route a BGP router advertises only the summary route rather than all routes Currently the system supports both manual and automatic summarization The...

Page 836: ...collection of peers with the same attributes When a peer joins the peer group the peer obtains the same configuration as the peer group If configuration of the peer group is changed configuration of g...

Page 837: ...clients BGP connections between clients need not be established The router neither a route reflector nor a client is a non client which has to establish connections to the route reflector and all non...

Page 838: ...ub ASs in the confederation The ID of the confederation is the number of the AS in the above figure AS 200 is the confederation ID The deficiency of confederation is when changing an AS into a confede...

Page 839: ...In BGP 4 the three types of attributes for IPv4 namely NLRI NEXT_HOP and AGGREGATOR contains the IP address of the speaker generating the summary route are all carried in updates To support multiple n...

Page 840: ...ge 843 Configuring BGP Route Redistribution on page 843 Optional Configuring BGP Route Summarization on page 843 Optional Advertising a Default Route to a Peer or Peer Group on page 844 Optional Confi...

Page 841: ...es are configured for loopback interface and other interfaces the task becomes required Specify the AS number for a peer or a peer group peer group name ip address as number as number Required Not spe...

Page 842: ...a TCP connection over multiple hops between two peers You need not use this command for directly connected EBGP peers which employ loopback interfaces for peer relationship establishment If you both r...

Page 843: ...you need to configure route summarization on peers BGP supports two summarization types automatic and manual Automatic summarization Summarizes redistributed IGP subnets With the feature configured B...

Page 844: ...oute summarization summary automatic Required No route summarization is configured by default Choose either as needed if both are configured the manual route summarization takes effect Configure manua...

Page 845: ...to filer routing information to a peer peer group peer group name ip address ip prefix ip prefix name export To do Use the command Remarks To do Use the command Remarks Enter system view system view E...

Page 846: ...local routing table nor advertise them to BGP peers To configure BGP route dampening use the following commands n Using this command dampens only routes from EBGP peers rather than IBGP peers Configu...

Page 847: ...lt med med value Optional The value defaults to 0 Enable to compare MED values of routes from different ASs compare different as med Optional Not enabled by default Enable to compare MED values of rou...

Page 848: ...can specify a fake AS number to hide the real one as needed The fake AS number applies to EBGP peers only that is EBGP peers in other ASs can only find the fake AS number Configure the AS_PATH attribu...

Page 849: ...router the router advertises a route refresh message to its peers which then resend their routing information to the router Therefore the local router can perform dynamic route update and apply the n...

Page 850: ...abled by default Enable BGP route refresh for a peer peer group peer group name ip address capability advertise route refresh Optional Enabled by default Keep all original routes imported from a peer...

Page 851: ...gement easier and improves route distribution efficiency Peer group includes IBGP peer group where peers belong to the same AS and EBGP peer group where peers belong to different ASs If peers in an EB...

Page 852: ...s their AS in BGP view Specify the AS number for the group peer group name as number as number Add a peer into the group peer ip address group group name as number as number Configure a mixed EBGP pee...

Page 853: ...se the confederation nonstandard command to make the local router compatible with these routers Configuring BGP Graceful Restart Follow these steps to configure GR on the GR Restarter and the GR Helpe...

Page 854: ...n sent To do Use the command Remarks Enter system view system view Enable BGP and enter its view bgp as number Required Disabled by default Enable Graceful Restart Capability for BGP graceful restart...

Page 855: ...unity aa nn 1 13 no advertise no export no export subconfed whole match Display routing information matching a BGP community list display bgp routing table community list basic community list number w...

Page 856: ...to an AS reset bgp as number Reset the BGP connection to a peer reset bgp ip address flap info Reset all EBGP connections reset bgp external Reset the BGP connections to a peer group reset bgp group g...

Page 857: ...mber 65009 RouterD bgp quit 3 Configure the EBGP connection Configure Router A RouterA system view RouterA bgp 65008 RouterA bgp router id 1 1 1 1 RouterA bgp peer 200 1 1 1 as number 65009 Advertise...

Page 858: ...MED LocPrf PrefVal Path Ogn 8 0 0 0 200 1 1 2 0 0 65008i Display routing table information on Router C RouterC display bgp routing table Total Number of Routes 1 BGP Local router ID is 3 3 3 3 Status...

Page 859: ...200 1 1 0 9 1 3 1 0 100 0 You can find the route 8 0 0 0 becomes valid with the next hop as Router A Ping 8 1 1 1 on Router C RouterC ping 8 1 1 1 PING 8 1 1 1 56 data bytes press CTRL_C to break Repl...

Page 860: ...p quit Configure Router B RouterB system view RouterB bgp 65009 RouterB bgp router id 2 2 2 2 RouterB bgp peer 3 1 1 2 as number 65008 RouterB bgp quit 4 Configure BGP and IGP interaction Configure BG...

Page 861: ...1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 5 Configure route automatic summarization Configure route automatic summarization on Router B RouterB bgp 65009 RouterB bgp summary automatic Displa...

Page 862: ...e 248 Network diagram for BGP path selection Configuration procedure 1 Configure IP addresses for interfaces omitted 2 Configure BGP connections Configure Router A RouterA system view RouterA bgp 6500...

Page 863: ...put you can find two routes to the destination 9 1 1 0 24 are available and the route with the next hop 200 1 1 1 is the best route because Router B has a smaller router ID than Router C 3 Configure l...

Page 864: ...the other route with the next hop 200 1 1 1 Router B BGP Community Configuration Network requirements Router B establishes EBGP connections with Router A and Router C Configure No_Export community at...

Page 865: ...1 1 1 1 Original nexthop 200 1 2 1 AS path 10 Origin igp Attribute value MED 0 pref val 0 pre 255 State valid external best Advertised to such 1 peers 200 1 3 2 Router B advertised received routes to...

Page 866: ...n the above output At this time the route to the destination 9 1 1 0 24 is not available in the routing table of Router C BGP Route Reflector Configuration Network requirements In the following figure...

Page 867: ...er 193 1 1 2 as number 200 RouterC bgp peer 194 1 1 2 as number 200 RouterC bgp quit Configure Router D RouterD system view RouterD bgp 200 RouterD bgp peer 194 1 1 1 as number 200 RouterD bgp quit 3...

Page 868: ...S 65001 are fully meshed Network diagram Figure 251 Network diagram for BGP confederation configuration Configuration procedure 1 Configure IP addresses for interfaces omitted 2 Configure BGP confeder...

Page 869: ...r C RouterC system view RouterC bgp 65003 RouterC bgp router id 3 3 3 3 RouterC bgp confederation id 200 RouterC bgp confederation peer as 65001 65002 RouterC bgp peer 10 1 2 1 as number 65001 RouterC...

Page 870: ...uter ID is 2 2 2 2 Status codes valid best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn i 9 1 1 0 24 10 1 1 1 0 100 0 65...

Page 871: ...are EBGP connections Between Router B and Router D Router D and Router C are IBGP connections OSPF is the IGP protocol in AS 200 Configure routing policies to make Router D give priority to the route...

Page 872: ...rD ospf area 0 RouterD ospf 1 area 0 0 0 0 network 194 1 1 0 0 0 0 255 RouterD ospf 1 area 0 0 0 0 network 195 1 1 0 0 0 0 255 RouterD ospf 1 area 0 0 0 0 quit RouterD ospf 1 quit 3 Configure BGP conn...

Page 873: ...oute policy quit RouterA route policy apply_med_100 permit node 10 RouterA route policy if match acl 2000 RouterA route policy apply cost 100 RouterA route policy quit Apply routing policy apply_med_5...

Page 874: ...lid best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn i 1 0 0 0 193 1 1 1 0 200 0 100i i 192 1 1 1 0 100 0 100i The rout...

Page 875: ...Check whether a route to the peer is available in the routing table 6 Use the ping command to check connectivity 7 Use the display tcp status command to check the TCP connection 8 Check whether an AC...

Page 876: ...876 CHAPTER 56 BGP CONFIGURATION...

Page 877: ...eference models and the new one is called Integrated IS IS or Dual IS IS IS IS is an interior gateway protocol IGP used within an Autonomous System It adopts the Shortest Path First SPF algorithm for...

Page 878: ...ifier AFI and the Initial Domain Identifier IDI The DSP includes the High Order DSP HODSP the System ID and SEL where the HODSP identifies the area the System ID identifies the host and the SEL indica...

Page 879: ...ET The Network Entity Title NET is an NSAP with SEL of 0 It indicates the network layer information of the IS itself where SEL 0 means no transport layer information Therefore the length of NET is equ...

Page 880: ...vel 2 and Level 1 2 routers in different areas A Level 1 router must be connected to other areas via a Level 1 2 router The Level 1 2 router maintains two LSDBs where the Level 1 LSDB is for routing w...

Page 881: ...stablish Level 2 adjacency By having this function you can prevent the Level 1 hello packets from propagating to the Level 2 backbone through the Lever 1 2 router This can result in bandwidth saving R...

Page 882: ...outer becomes the DIS If there are multiple routers with the same highest DIS priority the one with the highest SNPA Subnetwork Point of Attachment address which is the MAC address on a broadcast netw...

Page 883: ...sent in bytes Version Protocol ID Extension Set to 1 0x01 ID Length The length of the NSAP address and NET ID R Reserved Set to 0 PDU Type For detail information refer to Table 41 Version Set to 1 0x0...

Page 884: ...indicates L2 and 11 indicates L1 2 Source ID The system ID of the router advertising the hello packet Holding Time If no hello packets are received from a neighbor within the holding time the neighbo...

Page 885: ...nt by the Level 2 router and the Level 1 LSP is sent by the Level 1 router The level 1 2 router can sent both types of the LSPs Two types of LSPs have the same format as shown in Figure 261 Intradomai...

Page 886: ...e the router is running out of system resources In this condition other routers will not send packets to the overloaded router except packets destined to the networks directly connected to the router...

Page 887: ...s by default On point to point networks CSNP is only sent during the first adjacency establishment The CSNP packet format is shown in Figure 263 Figure 263 L1 L2 CSNP format PSNP only contains the seq...

Page 888: ...IS L2 LSP 6 IS Neighbors MAC Address LAN IIH 7 IS Neighbors SNPA Address LAN IIH 8 Padding IIH 9 LSP Entries SNP 10 Authentication Information IIH LSP SNP 128 IP Internal Reachability Information LSP...

Page 889: ...After receiving the responses from neighbors the GR Restarter can restore the neighbor table After reestablishing neighborships the GR Restarter will synchronize the LSDB and exchange routing informa...

Page 890: ...s System ID The system ID of the Originating System Additional System ID It is the additional virtual system ID configured for the IS IS router after LSP fragment extension is enabled Each additional...

Page 891: ...se not supporting this feature to interoperate with each other but it restricts the link state information in the extended fragments Mode 2 does not restrict the link state information in the extended...

Page 892: ...following table describes the IS IS configuration tasks Configuration Task Remarks Configuring IS IS Basic Functions on page 893 Required Configuring IS IS Routing Information Control on page 894 Spe...

Page 893: ...on page 901 Optional Configuring Dynamic Host Name Mapping on page 902 Optional Configuring IS IS Authentication on page 902 Optional Configuring LSDB Overload Tag on page 903 Optional Logging the Adj...

Page 894: ...rity for specific routes For information about routing policy refer to Routing Policy Configuration on page 991 Follow these steps to configure the IS IS protocol priority Enable an IS IS process on t...

Page 895: ...Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Specify a cost style cost style narrow wide wide compatible compatible narrow compatible relax spf limit O...

Page 896: ...uring the Maximum Number of Load Balanced Routes If there are more than one equal cost routes to the same destination the traffic can be load balanced to enhance path efficiency Follow these steps to...

Page 897: ...instance vpn instance name Configure IS IS route summarization summary ip address mask mask length avoid feedback generate_null0_route tag tag level 1 level 1 2 level 2 Required Not configured by defa...

Page 898: ...ecific level Level 1 or Level 2 You can specify a DIS priority at a level for an interface The bigger the interface s priority value the more likelihood it becomes the DIS Redistribute routes from ano...

Page 899: ...r LSDB synchronization If no level is included the specified CSNP interval applies to both Level 1 and Level 2 of the current IS IS process If a level is specified it applies to the level To do Use th...

Page 900: ...can configure the router to ignore the incorrect checksum which means an LSP will be processed even with an incorrect LSP checksum On the NBMA network the router will flood a new LSP received from an...

Page 901: ...meters Enable the LSP flash flooding function flash flood flood count flooding count max timer interval flooding interval level 1 level 2 Optional Not enabled by default Specify the maximum size of th...

Page 902: ...interval incremental interval Optional The default SPF calculation interval is 10 seconds Specify the SPF calculation duration spf slice size duration time Optional 10 milliseconds by default To do Us...

Page 903: ...he LSDB overload tag To do Use the command Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Specify the area authentication mode area authenticatio...

Page 904: ...eful Restart capable device will resend connection requests to its neighbors instead of terminating their adjacencies Graceful Restart minimizes network disruption caused by LSDB synchronization befor...

Page 905: ...ceful restart Required Disabled by default Set the Graceful Restart interval graceful restart interval timer Required 300 seconds by default Configure to set the SA bit during restart graceful restart...

Page 906: ...w Display SPF calculation log information display isis spf log process id vpn instance vpn instance name Available in any view Display statistic about an IS IS process display isis statistics level 1...

Page 907: ...uterB Serial2 0 quit Configure Router C RouterC system view RouterC isis 1 RouterC isis 1 network entity 10 0000 0000 0003 00 RouterC isis 1 quit RouterC interface serial 2 0 RouterC Serial2 0 isis en...

Page 908: ...0002 00 00 0x0000000d 0xcd66 1167 68 0 0 0 0000 0000 0003 00 00 0x00000014 0x2d39 1136 111 1 0 0 Self LSP Self LSP Extended ATT Attached P Partition OL Overload RouterC display isis lsdb Database info...

Page 909: ...R 0 0 0 0 0 10 NULL S2 0 10 1 1 1 R Flags D Direct R Added to RM L Advertised in LSPs U Up Down Bit Set RouterC display isis route Route information for ISIS 1 ISIS 1 IPv4 Level 1 Forwarding Table IP...

Page 910: ...router Change the DIS priority of Router A to make it selected as the Level 1 2 DIS router Network diagram Figure 267 Network diagram for DIS selection configuration Configuration procedure 1 Configur...

Page 911: ...ernet1 0 quit Display information about IS IS neighbors of Router A Peer information for ISIS 1 System Id 0000 0000 0002 Interface Ethernet1 0 Circuit Id 0000 0000 0003 01 State Up HoldTime 21s Type L...

Page 912: ...IS priority of Router A RouterA interface ethernet 1 0 RouterA Ethernet1 0 isis dis priority 100 Display information about IS IS neighbors of Router A RouterA display isis peer Peer information for IS...

Page 913: ...isis interface Interface information for ISIS 1 Interface Ethernet1 0 Id IPV4 State IPV6 State MTU Type DIS 001 Up Down 1497 L1 L2 No No Display information about IS IS neighbors and interfaces of Rou...

Page 914: ...A isis 1 RouterA isis 1 graceful restart RouterA isis 1 graceful restart interval 150 RouterA isis 1 return The configurations for Router B and Router C are similar and therefore are omitted here 3 Ve...

Page 915: ...art Status RESTARTING Number of LSPs Awaited 3 T3 Timer Status Remaining Time 239 T2 Timer Status Remaining Time 59 IS IS 1 Level 2 Restart Status Restart Interval 150 SA Bit Supported Total Number of...

Page 916: ...916 CHAPTER 57 IS IS CONFIGURATION...

Page 917: ...n Unless otherwise noted OSPF refers to OSPFv2 throughout this document OSPF has the following features Scope Supports networks of various sizes and can support several hundred routers Fast convergenc...

Page 918: ...ed integer the unique identifier of the router in the AS You may assign a Router ID to an OSPF router manually If no Router ID is specified the system automatically selects one for the router as follo...

Page 919: ...of which consists of a standard LSA header and application specific information Opaque LSAs are used by the OSPF protocol or by some application to distribute information into the OSPF routing domain...

Page 920: ...ion area border routers perform route summarization to reduce the number of LSAs advertised to other areas and minimize the effect of topology changes Classification of Routers The OSPF router falls i...

Page 921: ...All non backbone areas must maintain connectivity to the backbone area The backbone area itself must maintain connectivity In practice due to physical limitations the requirements may not be satisfie...

Page 922: ...PF routers in between simply convey these OSPF packets as normal IP packets Totally Stub area The ABR in a stub area does not distribute Type5 LSAs into the area so the routing table scale and amount...

Page 923: ...left of the figure RIP routes are translated into type5 LSAs by the ASBR of Area 2 and distributed into the OSPF AS However Area 1 is an NSSA area so these type5 LSAs cannot travel to Area 1 Similar...

Page 924: ...to destinations outside the AS OSPF classifies external routes into two types type1 and type2 A type1 external route is an IGP route such as a RIP or static route which has high credibility and whose...

Page 925: ...ly one neighbor Differences between NBMA and P2MP networks NBMA networks are fully meshed non broadcast and multi access P2MP networks are not required to be fully meshed It is required to elect the D...

Page 926: ...e election candidates The election votes are hello packets Each router sends the DR elected by itself in a hello packet to all the other routers If two routers on the network declare themselves as the...

Page 927: ...plaintext authentication and MD5 authentication respectively Authentication Information determined by authentication type which is not defined for authentication type 0 password information for authen...

Page 928: ...hey cannot become neighbors Designated Router IP address of the DR interface Backup Designated Router IP address of the BDR interface Neighbor Router ID of the neighbor router DD packet Two routers ex...

Page 929: ...ss Otherwise the router is the slave DD Sequence Number Used to sequence the collection of Database Description Packets for ensuring reliability and intactness of DD packets between the master and sla...

Page 930: ...SU packet format is shown below Figure 281 LSU packet format LSAck packet LSAack Link State Acknowledgment packets are used to acknowledge received LSU packets contents including LSA headers to descri...

Page 931: ...sion LS type The type of the LSA Link State ID The contents of this field depend on the LSA s type LS sequence number Used by other routers to judge new and old LSAs LS checksum Checksum of the LSA ex...

Page 932: ...Type Link type A value of 1 indicates a point to point link to a remote router a value of 2 indicates a link to a transit network a value of 3 indicates a link to a stub network a value of 4 indicates...

Page 933: ...field the format of type 3 and 4 summary LSAs is identical Figure 286 Summary LSA format Major fields Link State ID For a type3 LSA it is an IP address outside the area for a type 4 LSA it is the rout...

Page 934: ...ic value which is set to 1 for type 2 external routes and set to 0 for type 1 external routes Refer to Route types on page 924 for description about external route types metric The metric to the desti...

Page 935: ...identical Authentication types include non authentication plaintext authentication and MD5 ciphertext authentication The authentication password for interfaces attached to a network segment must be id...

Page 936: ...a link TE is implemented on the classified type thin granularity summarization type rather than the summarized type thick granularity summarization type to improve performance and bandwidth utilizati...

Page 937: ...on in this case since an OSPF intra area route has a higher priority than a backbone route VPN traffic will always travel on the backdoor route rather than the backbone route To avoid this an unnumber...

Page 938: ...ng OSPF Packet Timers on page 946 Optional Configuring LSA Transmission Delay Time on page 947 Optional Configuring SPF Calculation Interval on page 948 Optional Configuring LSA Minimum Repeat Arrival...

Page 939: ...stance to configure an association between the two The configurations for routers in an area are performed on the area basis Wrong configurations may cause communication failures even routing informat...

Page 940: ...in a NSSA area When arriving at the ABR in the NSSA area these LSAs will be translated into type 5 LSAs for advertisement to other areas Non backbone areas exchange routing information via the backbo...

Page 941: ...iability should become the DR BDR Prerequisites Before configuring OSPF network types you have configured IP addresses for interfaces making neighboring nodes accessible with each other at network lay...

Page 942: ...local router will consider the neighbor has no election right thus no hello packet is sent to this neighbor reducing the number of hello packets for DR BDR election on networks However if the local r...

Page 943: ...g ABR Type3 LSA Filtering Follow these steps to configure type 3 LSA filtering on an ABR To do Use the command Remarks Enter system view system view Enter OSPF view ospf process id router id router id...

Page 944: ...iew System view Enter OSPF view ospf process id router id router id vpn instance instance name Enter area view area area id Configure ABR type3 LSA filtering filter acl number ip prefix ip prefix name...

Page 945: ...view system view Enter OSPF view ospf process id router id router id vpn instance instance name Configure OSPF route priority preference ase route policy route policy name value Optional The priority...

Page 946: ...for SPF calculation to reduce resource consumption caused by frequent network changes Configure OSPF authentication to meet high security requirements of some mission critical networks Configure OSPF...

Page 947: ...ssary especially for low speed links Follow these steps to configure the LSA transmission delay time on an interface To do Use the command Remarks Enter system view system view Enter interface view in...

Page 948: ...the LSA Follow these steps to configure the LSA minimum repeat arrival interval n The interval set by the lsa arrival interval command should be smaller or equal to the interval set by the lsa generat...

Page 949: ...affic control It informs other OSPF routers not to use it to forward data but they can have a route to the stub router The router LSAs from the stub router may contain different link type values A val...

Page 950: ...e name Configure the router as a stub router stub router Required Not configured by default To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter OSPF view os...

Page 951: ...terface fills in a value of 0 To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter OSPF view ospf process id router id router id vpn instance instance name S...

Page 952: ...atechange iftxretransmit lsdbapproachoverflow lsdboverflow maxagelsa nbrstatechange originatelsa vifcfgerror virifauthfail virifrxbadpkt virifstatechange viriftxretransmit virnbrstatechange Optional E...

Page 953: ...ult To do Use the command Remarks Enter system view system view Enable OSPF and enter its view ospf process id router id router id vpn instance instance name Required Disabled by default Enable the us...

Page 954: ...n display ospf process id nexthop Display routing table information display ospf process id routing interface interface type interface number nexthop nexthop address Display virtual link information d...

Page 955: ...interfaces omitted 2 Configure OSPF basic functions Configure RouterA RouterA system view RouterA ospf RouterA ospf 1 area 0 RouterA ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 RouterA ospf 1 area...

Page 956: ...ace 10 1 1 1 Ethernet1 0 s neighbors Router ID 10 3 1 1 Address 10 1 1 2 GR State Normal State Full Mode Nbr is Master Priority 1 DR 10 1 1 1 BDR 10 1 1 2 MTU 0 Dead timer due in 37 sec Neighbor is up...

Page 957: ...8000000F 4 Sum Net 10 1 1 0 10 2 1 1 1069 28 8000000F 2 Sum Asbr 10 3 1 1 10 2 1 1 1069 28 8000000F 2 Display routing table information on Router D RouterD display ospf routing OSPF Process 1 with Ro...

Page 958: ...net 1 2 9 1 1 1 RouterD ospf RouterD ospf 1 import route static RouterD ospf 1 quit Display ABR ASBR information on RouterC RouterC display ospf abr asbr OSPF Process 1 with Router ID 10 4 1 1 Routing...

Page 959: ...1 area 0 0 0 1 stub RouterC ospf 1 area 0 0 0 1 quit RouterC ospf 1 quit Display routing table information on RouterC RouterC display ospf routing OSPF Process 1 with Router ID 10 4 1 1 Routing Table...

Page 960: ...s where all routers run OSPF RouterA and RouterB act as ABRs to forward routing information between areas It is required to configure Area1 as an NSSA area RouterC as an ASBR to redistribute static ro...

Page 961: ...1 10 4 1 1 0 0 0 1 Total Nets 3 Intra Area 2 Inter Area 1 ASE 0 NSSA 0 4 Configure RouterC to redistribute static routes RouterC ip route static 3 1 3 1 24 Ethernet 1 2 11 1 1 1 RouterC ospf RouterC o...

Page 962: ...1 area 0 RouterA ospf 1 area 0 0 0 0 network 192 168 1 0 0 0 0 255 RouterA ospf 1 area 0 0 0 0 quit RouterA ospf 1 quit Configure RouterB RouterB system view RouterB router id 2 2 2 2 RouterB ospf Ro...

Page 963: ...dress 192 168 1 3 GR State Normal State Full Mode Nbr is Master Priority 1 DR 192 168 1 4 BDR 192 168 1 3 MTU 0 Dead timer due in 31 sec Neighbor is up for 00 01 28 Authentication Sequence 0 Router ID...

Page 964: ...r due in 33 sec Neighbor is up for 00 11 15 Authentication Sequence 0 The DR and BDR have no change n In the above output you can find the priority configuration does not take effect immediately 4 Res...

Page 965: ...nterfaces Area 0 0 0 0 IP Address type State Cost Pri DR BDR 192 168 1 2 Broadcast DROther 1 0 192 168 1 1 192 168 1 3 n The interface state DROther means the interface is not the DR BDR Configuring O...

Page 966: ...terA RouterA display ospf routing OSPF Process 1 with Router ID 1 1 1 1 Routing Tables Routing for Network Destination Cost type NextHop AdvRouter Area 10 0 0 0 8 1 Stub 10 1 1 1 1 1 1 1 0 0 0 0 192 1...

Page 967: ...anism Network diagram Figure 294 Network diagram for OSPF based GR configuration on routers Configuration Procedure 1 Configure Router A RouterA system view RouterA interface ethernet 1 0 RouterA Ethe...

Page 968: ...4 Verify the configuration Perform OSPF Graceful Restart on Router A if all routers function properly after the above configurations RouterA reset ospf 100 process graceful restart Troubleshooting OS...

Page 969: ...ve external routes and all interfaces connected to the Stub area must be associated with the Stub area Solution 1 Use the display ospf peer command to display neighbors 2 Use the display ospf interfac...

Page 970: ...970 CHAPTER 58 OSPF CONFIGURATION...

Page 971: ...ackets for exchanging information through port 520 RIP uses a hop count to measure the distance to a destination The hop count is known as metric The hop count from a router to its directly connected...

Page 972: ...ires the route will be deleted from the routing table Routing loops prevention RIP is a distance vector D V based routing protocol Since a RIP router advertises its own routing table to neighbors rout...

Page 973: ...tication to enhance security n RIP 2 has two types of message transmission broadcast and multicast Multicast is the default type using 224 0 0 9 as the multicast address The interface working in the R...

Page 974: ...RIP For RIP 2 the value is 0x02 Route Tag Route Tag IP Address Destination IP address It could be a natural network address subnet address or host address Subnet Mask Mask of the destination address N...

Page 975: ...the routing table changes or the next hop is unreachable a routing update message is sent Since the periodic update delivery is canceled an acknowledgement and retransmission mechanism is required to...

Page 976: ...pport Demand Circuits Configuring RIP Basic Functions Configuration Prerequisites Before configuring RIP features finish the following tasks Configure the link layer protocol Configure IP address on e...

Page 977: ...broadcasts and multicasts With RIP 2 configured a broadcast interface sends RIP 2 broadcasts and can receive RIP 1 unicasts and broadcasts RIP 2 broadcasts multicasts and unicasts Follow these steps t...

Page 978: ...ed to the metric of a RIP route namely the inbound and outbound additional metric The outbound additional metric is added to the metric of a sent route the route s metric in the routing table is not c...

Page 979: ...mmary route on an interface Enter interface view interface interface type interface number Define an inbound additional routing metric rip metricin value Optional 0 by default Define an outbound addit...

Page 980: ...ou can filter routes by configuring the inbound and outbound route filtering policies via referencing an ACL and IP prefix list You can also specify to receive only routes from a specified neighbor Fo...

Page 981: ...m Number of Load Balanced Routes on page 983 Enabling CheckZero Field Check on RIPv1 Messages on page 983 Enabling Source IP Address Check on Incoming RIP Updates on page 984 Define a filtering policy...

Page 982: ...function disables an interface from sending routes received by the interface itself so as to prevent routing loops between adjacent routers Follow these steps to configure the split horizon function n...

Page 983: ...processing time In addition you can enable the source IP address validation on received messages For the message received on an Ethernet interface RIP compares the source IP address of the message wit...

Page 984: ...ssage which cannot meet high security needs Follow these steps to configure RIP 2 message authentication Configuring a RIP Neighbor Usually RIP sends messages to broadcast or multicast addresses On no...

Page 985: ...d Response retransmissions as needed For two routers on an analog dial up link the difference between retransmission intervals on the two ends must be bigger than 50 seconds otherwise they can not bec...

Page 986: ...e the command Remarks Enter system view system view Bind RIP to MIB rip mib binding process id Optional By default MIB is bound to the RIP process with the smallest process ID To do Use the command Re...

Page 987: ...tination Mask Nexthop Cost Tag Flags Sec 10 0 0 0 8 1 1 1 2 1 0 RA 9 From the routing table you can see RIP 1 uses natural mask to advertise routing information 3 Configure RIP version Configure RIP 2...

Page 988: ...ution configuration Configuration procedure 1 Configure an IP address for each interface omitted 2 Configure RIP basic functions Enable RIP 100 and configure a RIP version of 2 on Router A RouterA sys...

Page 989: ...100 RouterB rip 100 default cost 3 RouterB rip 100 import route rip 200 RouterB rip 100 quit RouterB rip 200 RouterB rip 200 import route rip 100 RouterB rip 200 quit Display the routing table of Rou...

Page 990: ...nable corresponding interfaces Make sure no interfaces are disabled from handling RIP messages If the peer is configured to send multicast messages the same should be configured on the local end Solut...

Page 991: ...outing A routing policy is used on the router for route inspection filtering attributes modifying when routes are received advertised or redistributed Policy routing is a routing mechanism based on th...

Page 992: ...dicates the matching sequence of items in the IP prefix list The filtering relation among items is logical OR During matching the router compares the packet with the items in the ascending order If on...

Page 993: ...es the routing policy to filter routing information Routing Policy Configuration Task List To configure a routing policy perform the tasks described in the following sections Defining Filtering Lists...

Page 994: ...d the route passes the IP prefix list without needing to match the next item To define an IPv6 prefix list use the following commands n If all items are set to the deny mode no routes can pass the IPv...

Page 995: ...he relation between items is logic OR that is if routing information matches one of these items it passes the extended community list To define an extended community list use the following commands To...

Page 996: ...ing information meeting the node s conditions will be handled using the apply clauses of this node without needing to match against the next node If routing information does not meet the node s condit...

Page 997: ...fix list ipv6 prefix name Optional Not configured by default Match routes having AS path attributes specified in the AS path ACL s if match as path as path acl number 1 16 Optional Not configured by d...

Page 998: ...ternal external type1 external type2 external type1or2 is is level 1 is is level 2 nssa external type 1 nssa external type 2 nssa external type 1or2 Optional Not configured by default Match RIP OSPF o...

Page 999: ...distribution for IPv6 routes apply ipv6 next hop ipv6 address Optional Not set by default The next hop set using the apply ip address next hop command does not take effect for route redistribution Red...

Page 1000: ...and Remarks Display BGP AS path ACL information display ip as path as path number Available in any view Display BGP community list information display ip community list basic community list number adv...

Page 1001: ...outerC Ethernet1 2 quit Configure Router B RouterB isis RouterB isis 1 is level level 2 RouterB isis 1 network entity 10 0000 0000 0002 00 RouterB isis 1 quit RouterB interface serial 2 1 RouterB Seri...

Page 1002: ...ix a index 10 permit 172 17 1 0 24 5 Configure a routing policy on Router B RouterB route policy isis2ospf permit node 10 RouterB route policy if match ip prefix prefix a RouterB route policy apply co...

Page 1003: ...0 32 and 40 32 pass routes in 30 32 filtered Display RIPng routing table information on Router B to verify the configuration Network diagram Figure 301 Network diagram for routing policy application t...

Page 1004: ...er A RouterA ripng RouterA ripng 1 import route static route policy static2ripng 2 Configure Router B Configure the IPv6 address for Serial 2 0 and enable PPP RouterB system view RouterB ipv6 RouterB...

Page 1005: ...e display ip ip prefix command to display IP prefix list information 2 Use the display route policy command to display routing policy information IPv6 Routing Information Filtering Failure Symptom Fil...

Page 1006: ...1006 CHAPTER 60 ROUTING POLICY CONFIGURATION...

Page 1007: ...ic routes is that they cannot adapt to network topology changes If a fault or a topological change occurs to the network the routes will be unavailable and the network breaks In this case the network...

Page 1008: ...erface is a point to point interface there is no need to configure the next hop address You need not change the configuration even if the peer s address changes For example a PPP interface obtains the...

Page 1009: ...lowing method is used to detect reachability of the static route s next hop Detecting Nexthop Reachability Through Track If you specify the nexthop but not outgoing interface when configuring a static...

Page 1010: ...Maintaining Static Routes Configuration Example Network requirements The routers interfaces and the hosts IP addresses and masks are shown in the following figure Static routes are required for inter...

Page 1011: ...ute on Router C RouterC system view RouterC ip route static 0 0 0 0 0 0 0 0 1 1 5 5 3 Configure the hosts The default gateways for the three hosts Host A Host B and Host C are 1 1 2 3 1 1 6 1 and 1 1...

Page 1012: ...1 1 4 1 Eth1 0 1 1 3 0 24 Static 60 0 1 1 5 6 Eth1 1 1 1 4 0 30 Direct 0 0 1 1 4 2 Eth1 0 1 1 4 2 32 Direct 0 0 127 0 0 1 InLoop0 1 1 5 4 30 Direct 0 0 1 1 5 5 Eth1 1 1 1 5 5 32 Direct 0 0 127 0 0 1 I...

Page 1013: ...Configuration Example 1013 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...

Page 1014: ...1014 CHAPTER 61 STATIC ROUTING CONFIGURATION...

Page 1015: ...v6 BGP Configuration on page 1041 IPv6 BGP Overview BGP 4 manages only IPv4 routing information thus other network layer protocols such as IPv6 are not supported To support multiple network layer prot...

Page 1016: ...shing No Session to a Peer Peer Group on page 1019 Optional Logging Session State and Event Information of a Peer Peer Group on page 1019 Optional IPv6 BGP Configuration on page 1015 Configuring IPv6...

Page 1017: ...er of Load Balanced Routes on page 1026 Optional IPv6 BGP Configuration on page 1015 Configuring IPv6 BGP Peer Group on page 1027 Optional Configuring IPv6 BGP Community on page 1028 Optional Configur...

Page 1018: ...loopback interface By doing so a connection failure upon redundancy availability will not affect IPv6 BGP connection To establish multiple BGP connections to an IPv6 BGP router you need to specify on...

Page 1019: ...p Logging Session State and Event Information of a Peer Peer Group Follow these steps to log on the session and event information of a peer peer group To do Use the command Remarks Enter system view s...

Page 1020: ...t redistribute any IGP default route Advertising a Default Route to a Peer Peer Group Follow these steps to advertise default route to a peer peer group Enable global logging log peer change Optional...

Page 1021: ...the command Remarks To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Required Enter IPv6 address family view ipv6 family Configure outbound route filtering filt...

Page 1022: ...y route policy name import Required Not applied by default Specify an ACL to filter routes imported from a peer peer group peer ipv6 group name ipv6 address filter policy acl6 number import Required N...

Page 1023: ...ext hop network that is the two EBGP peers reside in a common broadcast subnet the router does not specify itself as the next hop Configure IPv6 BGP route dampening parameters dampening half life reac...

Page 1024: ...l Not configured by default Prioritize MED values of routes from confederation peers bestroute med confederation Optional Not configured by default To do Use the command Remarks Enter system view syst...

Page 1025: ...re the local router can perform dynamic routing information update and apply the new policy without tearing down connections If a router not supporting route refresh exists in the network you need to...

Page 1026: ...command Remarks Enter system view system view Enter BGP view bgp as number Required Enter IPv6 address family view ipv6 family Enable route refresh peer ipv6 group name ipv6 address capability advert...

Page 1027: ...ctical when there are too many IBGP peers Using route reflectors or confederation can solve it In a large scale AS both of them can be used Confederation configuration of IPv6 BGP is identical to that...

Page 1028: ...nal Required Configure the AS number for the peer group peer ipv6 group name as number as number Required Not configured by default Add an IPv6 peer into the peer group peer ipv6 address group ipv6 gr...

Page 1029: ...sition technology with which Internet service providers ISPs can use existing IPv4 backbone networks to provide access Advertise extended community attribute to a peer peer group peer ipv6 group name...

Page 1030: ...MPLS capability When an ISP wants to utilize the existing IPv4 MPLS network to provide IPv6 traffic switching capability through MPLS only the PE routers need to be upgraded Therefore it is undoubted...

Page 1031: ...vertise community Optional Not advertised by default Advertise extended community attribute to the 6PE peer or peer group peer group name ipv4 address advertise ext community Optional Not advertised b...

Page 1032: ...Apply a routing policy to routes outgoing or incoming from the 6PE peer or peer group peer group name ipv4 address route policy route policy name import export Not applied by default Display informat...

Page 1033: ...tion matched by an IPv6 BGP community list display bgp ipv6 routing table community list basic community list number whole match adv community list number 1 16 Display BGP dampened routing information...

Page 1034: ...connections Configure Router B To do Use the command Remarks Perform soft reset on IPv6 BGP connections refresh bgp ipv6 ipv4 address ipv6 address all external group ipv6 group name internal export i...

Page 1035: ...quit RouterC bgp quit Configure Router D RouterD system view RouterD ipv6 RouterD bgp 65009 RouterD bgp router id 4 4 4 4 RouterD bgp ipv6 family RouterD bgp af ipv6 peer 9 1 1 as number 65009 RouterD...

Page 1036: ...2 4 65009 4 5 0 0 00 01 52 Established Router A and B established an EBGP connection Router B C and D established IBGP connections with each other IPv6 BGP Route Reflector Configuration Network requir...

Page 1037: ...200 Configure Router D RouterD system view RouterD ipv6 RouterD bgp 200 RouterD bgp router id 4 4 4 4 RouterD bgp ipv6 family RouterD bgp af ipv6 peer 102 1 as number 200 3 Configure route reflector C...

Page 1038: ...CE1 Serial2 0 quit CE1 interface loopback0 CE1 LoopBack0 ipv6 address 1 1 128 CE1 LoopBack0 quit Configure an IPv6 static route to PE 1 CE1 ipv6 route static 0 serial2 0 2 Configure PE 1 Enable IPv6 p...

Page 1039: ...IPv6 direct and static routes PE1 bgp 65100 PE1 bgp peer 3 3 3 3 as number 65100 PE1 bgp peer 3 3 3 3 connect interface loopback 0 PE1 bgp ipv6 family PE1 bgp af ipv6 import route direct PE1 bgp af ip...

Page 1040: ...oute direct PE2 bgp af ipv6 import route static PE2 bgp af ipv6 peer 2 2 2 2 enable PE2 bgp af ipv6 peer 2 2 2 2 label route capability PE2 bgp af ipv6 quit PE2 bgp quit Configure the static route to...

Page 1041: ...Local router ID is 2 2 2 2 Status codes valid best d damped h history i internal s suppressed Network 1 1 PrefixLen 128 NextHop FE80 E142 0 4607 1 LocPrf Path MED 0 PrefVal 0 Network 2 2 PrefixLen 12...

Page 1042: ...v6 peer command to verify the peer s IPv6 address 3 If the loopback interface is used check whether the peer connect interface command is configured 4 If the peer is not directly connected check wheth...

Page 1043: ...pport for IS IS TLV is a variable field in the Link State PDU or Link State Packet LSP The two TLVs are IPv6 Reachability Defines the prefix metric of routing information to indicate the network reach...

Page 1044: ...interface isis ipv6 enable process id Required Disabled by default To do Use command to Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Define the...

Page 1045: ...oad balancing number Optional To do Use command to Remarks To do Use the command Remarks Display brief IPv6 IS IS information display isis brief Available in any view Display the status of the debug s...

Page 1046: ...iew RouterA isis 1 RouterA isis 1 is level level 1 RouterA isis 1 network entity 10 0000 0000 0001 00 RouterA isis 1 ipv6 enable RouterA isis 1 quit RouterA interface serial 2 0 RouterA Serial2 0 isis...

Page 1047: ...quit RouterC interface serial 2 0 RouterC Serial2 0 isis ipv6 enable 1 RouterC Serial2 0 quit RouterC interface serial 2 1 RouterC Serial2 1 isis ipv6 enable 1 RouterC Serial2 1 quit RouterC interface...

Page 1048: ...1048 CHAPTER 63 IPV6 IS IS CONFIGURATION...

Page 1049: ...ng IPv6 and compliant with RFC2740 OSPF for IPv6 Identical parts between OSPFv3 and OSPFv2 32 bits router ID and area ID Packets Hello DD Data Description LSR Link State Request LSU Link State Update...

Page 1050: ...rea Each Inter Area Prefix LSA describes a route with IPv6 address prefix to a destination outside the area yet still inside the AS an inter area route Inter Area Router LSAs Similar to Type 4 LSA of...

Page 1051: ...an age in the local LSDB incremented by 1 per second but an LSA is not aged on transmission You need to add an LSA delay time into the age time before transmission which is important for low speed net...

Page 1052: ...PFv3 Load balanced Routes on page 1055 Optional Configuring a Priority for OSPFv3 on page 1055 Optional Configuring OSPFv3 Route Redistribution on page 1056 Optional Tuning and Optimizing an OSPFv3 Ne...

Page 1053: ...vity In practice necessary physical links may not be available for connectivity You can configure virtual links to address it Prerequisites Enable IPv6 packet forwarding Configure OSPFv3 basic functio...

Page 1054: ...To configure route summarization between areas use the following command on an ABR n The abr summary command is available on ABRs only If contiguous network segments are available in an area you can u...

Page 1055: ...te the route found by the protocol with the highest priority is selected To configure a priority for OSPFv3 use the following commands To do Use the command Remarks Enter system view system view Enter...

Page 1056: ...ied especially for low speed links SPF timer Specified to protect networks from being over consumed due to frequent network changes For a broadcast network you can configure DR priorities for interfac...

Page 1057: ...mber Configure hello interval ospfv3 timer hello seconds instance instance id Optional Defaults to 10 seconds on P2P broadcast interfaces Configure dead interval ospfv3 timer dead seconds instance ins...

Page 1058: ...re no neighboring relationship can be established on the interface This feature can enhance the adaptability of OSPFv3 networking Enabling the Logging on Neighbor State Changes To enable the logging o...

Page 1059: ...r intra prefix link network router link state id originate router router id total Display LSA statistics in OSPFv3 LSDB display ospfv3 lsdb statistic Display OSPFv3 neighbor information display ospfv3...

Page 1060: ...l2 1 ospfv3 1 area 1 RouterA Serial2 1 quit Configure Router B RouterB system view RouterB ipv6 RouterB ospfv3 1 RouterB ospf 1 router id 2 2 2 2 RouterB ospf 1 quit RouterB interface serial 2 0 Route...

Page 1061: ...Fv3 Area ID 0 0 0 1 Process 1 Neighbor ID Pri State Dead Time Interface Instance ID 1 1 1 1 1 Full DR 00 00 35 S2 1 0 Display OSPFv3 neighbor information on Router C RouterC display ospfv3 peer OSPFv3...

Page 1062: ...cost RouterD display ospfv3 routing E1 Type 1 external route IA Inter area route I Intra area route E2 Type 2 external route Selected route OSPFv3 Router with ID 4 4 4 4 Process 1 Destination 0 Type...

Page 1063: ...priority on the network so it will be the DR The priority of RouterC is 2 the second highest priority on the network so it will be the BDR The priority of RouterB is 0 so it cannot become the DR Rout...

Page 1064: ...D Ethernet1 0 ospfv3 1 area 0 RouterD Ethernet1 0 quit Display neighbor information on Router A You can find routers have the same default DR priority 1 In this case the router with the highest Router...

Page 1065: ...32 Eth1 0 0 4 4 4 4 1 Full DR 00 00 36 Eth1 0 0 Display neighbor information on Router D You can find Router D is still the DR RouterD display ospfv3 peer OSPFv3 Area ID 0 0 0 0 Process 1 Neighbor ID...

Page 1066: ...s The dead interval on an interface must be at least four times the hello interval 5 On a broadcast network at least one interface must have a DR priority higher than 0 Incorrect Routing Information S...

Page 1067: ...oubleshooting OSPFv3 Configuration 1067 5 In a Stub area all routers are configured with the stub command 6 If a virtual link is configured use the display ospf vlink command to check the neighbor sta...

Page 1068: ...1068 CHAPTER 64 IPV6 OSPFV3 CONFIGURATION...

Page 1069: ...bit Source address RIPng uses FE80 10 as the link local source address RIPng Working Mechanism RIPng is a routing protocol based on the distance vector D V algorithm RIPng uses UDP packets to exchang...

Page 1070: ...tion on page 991 RIPng Packet Format Basic format A RIPng packet consists of a header and multiple Route Table Entries RTEs The maximum number of RTEs in a packet depends on the MTU of the sending int...

Page 1071: ...onse messages If there are multiple RTEs in the request message the RIPng router will examine each RTE update its metric and send the requested routing information to the requesting router in the resp...

Page 1072: ...onfiguring a RIPng Priority Configuring RIPng Route Redistribution Before the configuration accomplish the following tasks first Configure an IPv6 address on each interface and make sure all nodes are...

Page 1073: ...ived advertised routing information as needed For filtering outbound routes you can also specify a routing protocol from which to filter routing information redistributed Follow these steps to configu...

Page 1074: ...onfigure a filter policy to filter incoming routes filter policy acl6 number ipv6 prefix ipv6 prefix name import Required By default RIPng does not filter incoming routing information Configure a filt...

Page 1075: ...ese steps to configure the split horizon n Generally you are recommended to enable the split horizon to prevent routing loops In Frame Relay X 25 and other non broadcast multi access NBMA networks spl...

Page 1076: ...eps to configure RIPng zero field check Configuring the Maximum Number of Load Balanced Routes Follow these steps to configure the maximum number of RIPng load balanced routes with equal cost Displayi...

Page 1077: ...t 1 0 RouterA Ethernet1 0 ripng 1 enable RouterA Ethernet1 0 quit RouterA interface ethernet 1 1 RouterA Ethernet1 1 ripng 1 enable RouterA Ethernet1 1 quit Configure Router B RouterB system view Rout...

Page 1078: ...E00 100 on Ethernet1 1 Dest 3 64 via FE80 20F E2FF FE00 100 cost 1 tag 0 A 11 Sec Dest 4 64 via FE80 20F E2FF FE00 100 cost 1 tag 0 A 11 Sec Dest 5 64 via FE80 20F E2FF FE00 100 cost 1 tag 0 A 11 Sec...

Page 1079: ...isplay ripng 1 route Route Flags A Aging S Suppressed G Garbage collect Peer FE80 20F E2FF FE00 1235 on GigabitEthernet0 1 Dest 1 64 via FE80 20F E2FF FE00 1235 cost 1 tag 0 A 2 Sec Dest 4 64 via FE80...

Page 1080: ...1080 CHAPTER 65 IPV6 RIPNG CONFIGURATION...

Page 1081: ...tures of IPv6 Static Routes Similar to IPv4 static routes IPv6 static routes work well in simple IPv6 network environments Their major difference lies in the destination and next hop addresses IPv6 st...

Page 1082: ...default route IPv6 Static Routing Configuration Example Network requirements With IPv6 static routes configured all hosts and routers can interact with each other The serial ports of the routers use...

Page 1083: ...v6 route on Router C RouterC system view RouterC ipv6 route static 0 serial 2 0 3 Configure the IPv6 addresses of hosts and gateways Configure the IPv6 addresses of all the hosts based upon the networ...

Page 1084: ...ost 0 Check connectivity with the ping command RouterA ping ipv6 3 1 PING 3 1 56 data bytes press CTRL_C to break Reply from 3 1 bytes 56 Sequence 1 hop limit 254 time 63 ms Reply from 3 1 bytes 56 Se...

Page 1085: ...technology a network operator can easily provide new value added services such as live Webcasting Web TV distance learning telemedicine Web radio real time videoconferencing and other bandwidth and ti...

Page 1086: ...source broadcasts the information Hosts A and C also receive it In addition to information security issues this also causes traffic flooding on the same network Therefore broadcast is disadvantageous...

Page 1087: ...t multicast uses the network bandwidth reasonably and brings no waste of network resources and enhances network security Roles in Multicast The following roles are involved in multicast transmission A...

Page 1088: ...applications stock quotes Any other point to multiple point data distribution application Multicast Models Based on how the receivers treat the multicast sources there are two multicast models ASM mo...

Page 1089: ...to end service The multicast architecture involves the following four parts 1 Addressing mechanism Information is sent from a multicast source to a group of receivers through a multicast address 2 Hos...

Page 1090: ...0 0 8 SSM group addresses and 233 0 0 0 8 Glop group addresses for details see RFC 2770 239 0 0 0 to 239 255 255 255 Administratively scoped multicast addresses for ASM SFM These addresses are consid...

Page 1091: ...its identifying the multicast group For details about this field refer to RFC 3306 Ethernet multicast MAC addresses When a unicast IP packet is transmitted over Ethernet the destination MAC address is...

Page 1092: ...ress FF1E F30E 0101 to a MAC address Figure 321 An example of IPv6 to MAC address mapping Multicast Protocols n Generally we refer to IP multicast working at the network layer as Layer 3 multicast and...

Page 1093: ...Layer 3 multicast devices directly connected with the hosts These protocols define the mechanism of establishing and maintaining group memberships between hosts and Layer 3 multicast devices 2 Multic...

Page 1094: ...evices Internet Group Management Protocol Snooping IGMP Snooping and Multicast Listener Discovery Snooping MLD Snooping are multicast constraining mechanisms that manage and control multicast groups b...

Page 1095: ...arding To process the same multicast information from different peers received on different interfaces of the same device every multicast packet is subject to a reverse path forwarding RPF check on th...

Page 1096: ...tains a set of independent multicast forwarding mechanism for each instance including various multicast protocols a list of PIM neighbors and a multicast routing table per instance Each instance searc...

Page 1097: ...ting table The multicast forwarding table is directly used to control the forwarding of multicast packets A multicast forwarding table consists of a set of S G entries each indicating the routing info...

Page 1098: ...multicast forwarding table If the interface on which the packet actually arrived is the RPF interface the RPF check is successful and the router forwards the packet to all the outgoing interfaces If t...

Page 1099: ...source based tree from the multicast source to the rendezvous point RP packet source means the multicast source For a packet traveling along the rendezvous point tree RPT from the RP to the receivers...

Page 1100: ...of guiding multicast forwarding so it is also called an RPF static route A multicast static route is effective on the multicast router on which it is configured and will not be broadcast throughout t...

Page 1101: ...The querier sends a query to the last hop router 2 Upon receiving the query the last hop router turns the query packet into a request packet by adding a response data block containing its interface ad...

Page 1102: ...his tunnel Configuration Task List Complete these tasks to configure multicast routing and forwarding Configuring Multicast Routing and Forwarding Configuration Prerequisites Before configuring multic...

Page 1103: ...ication environment a multicast static route has the following two functions Changing an RPF route If the multicast topology structure is the same as the unicast topology in a network the delivery pat...

Page 1104: ...g Range Multicast packets do not travel without a boundary in a network The multicast data corresponding to each multicast group must be transmitted within a definite scope Presently you can define a...

Page 1105: ...al to the minimum TTL value configured on the interface the packet will be discarded Follow these steps to configure a multicast forwarding range Configuring Multicast Forwarding Table Size Too many m...

Page 1106: ...rks Enter system view system view Configure the maximum number of downstream nodes for a single route in the multicast forwarding table multicast forwarding table downstream limit limit Optional The d...

Page 1107: ...terface type interface number register outgoing interface exclude include match interface type interface number register Available in any view View the information of the multicast static routing tabl...

Page 1108: ...onfiguration Configuration procedure 1 Configure interface IP addresses and enable unicast routing on each router Configure the IP address and subnet mask for each interface as per Figure 328 The deta...

Page 1109: ...pim dm RouterA Ethernet1 1 quit RouterA interface ethernet 1 2 RouterA Ethernet1 2 pim dm RouterA Ethernet1 2 quit The configuration on Router C is similar to the configuration on Router A The specif...

Page 1110: ...routes to Router A Typically Receiver can receive the multicast data from Source 1 in the OSPF domain Perform the following configuration so that Receiver can receive multicast data from Source 2 whic...

Page 1111: ...ethernet 1 1 RouterA Ethernet1 1 pim dm RouterA Ethernet1 1 quit The configuration on Router B is similar to that on Router A The specific configuration steps are omitted here Use the display multicas...

Page 1112: ...atch the current network conditions the route entry and the configuration information of multicast static routes do not exist in the multicast routing table If the optimal route is found the multicast...

Page 1113: ...ulticast forwarding boundary has been configured through the multicast boundary command any multicast packet will be kept from crossing the boundary Solution 1 Use the display pim routing table comman...

Page 1114: ...1114 CHAPTER 68 MULTICAST ROUTING AND FORWARDING CONFIGURATION...

Page 1115: ...1 documented in RFC 1112 IGMPv2 documented in RFC 2236 IGMPv3 documented in RFC 3376 All IGMP versions support the Any Source Multicast ASM model In addition IGMPv3 can be directly used to implement t...

Page 1116: ...B for joining G1 Upon hearing the report Host C will suppress itself from sending a report message for the same multicast group because the IGMP routers Router A and Router B already know that at lea...

Page 1117: ...nd all other IGMPv2 routers become non queriers 3 All the non queriers start a timer known as other querier present timer If a router receives an IGMP query from the querier before the timer expires i...

Page 1118: ...Source 2 S2 both of which can send multicast data to multicast group G Host B is interested only in the multicast data that Source 1 sends to G but not in the data from Source 2 Figure 331 Flow paths...

Page 1119: ...system wishes to hear from for packets sent to the specified multicast address If the change was to an Include source list these are the addresses that were added to the list if the change was to an...

Page 1120: ...M SM Before configuring the basic functions of IGMP prepare the following data IGMP version Multicast group and multicast source addresses for static group member configuration ACL rule for multicast...

Page 1121: ...erface interface type interface number Enable IGMP igmp enable Required Disabled by default To do Use the command Description Enter system view system view Create a VPN instance and enter VPN instance...

Page 1122: ...when it joins or leaves a multicast group In other words the interface will not become a real member of the multicast group Configuring a Multicast Group Filter To restrict the hosts on the network at...

Page 1123: ...source specific queries and multicast groups change dynamically a device cannot join all multicast groups Therefore when receiving a multicast packet but unable to locate the outgoing interface for th...

Page 1124: ...group it has joined This timer is initialized to a random value in the range of 0 to the maximum response time which is derived from the Max Response Time field in the IGMP query When the timer value...

Page 1125: ...e parameters globally Configuring IGMP query and response parameters on an interface Follow these steps to configure IGMP query and response parameters on an interface To do Use the command Descriptio...

Page 1126: ...s such as ADSL dial up networking only one multicast receiver host is attached to a port of the IGMP querier To allow fast response to the leave messages of the host when it switches frequently from o...

Page 1127: ...evices in the PIM network through POS5 0 Configure IGMP fast leave processing fast leave group policy acl number Required Disabled by default To do Use the command Description Enter system view system...

Page 1128: ...l for interoperation among the routers Ensure the network layer interoperation among Router A Router B and Router C on the PIM network and dynamic update of routing information among the routers throu...

Page 1129: ...r example View IGMP information on Ethernet 1 0 of Router B RouterB display igmp interface ethernet 1 0 Ethernet1 0 10 110 2 1 IGMP is enabled Current IGMP version is 2 Value of query interval for IGM...

Page 1130: ...nd to check whether the igmp group policy command has been executed If the host is restricted from joining the multicast group G the ACL rule must be modified to allow receiving the reports for the mu...

Page 1131: ...r multicast source information in other PIM SM domains In the basic PIM SM mode a multicast source registers only with the RP in the local PIM SM domain and the multicast source information of a domai...

Page 1132: ...Receiver side MSDP peer the MSDP peer nearest to the receivers typically the receiver side RP like RP 3 Upon receiving an SA message the receiver side MSDP peer resolves the multicast source informati...

Page 1133: ...t group G DR 1 encapsulates the multicast data within a register message and sends the register message to RP 1 Then RP 1 gets aware of the information related to the multicast source 2 As the source...

Page 1134: ...elationships among one another and share the same group name is used on all the members of an MSDP mesh group When using MSDP for inter domain multicasting once an RP receives information form a multi...

Page 1135: ...d RP 5 3 When RP 4 and RP 5 receive the SA message from RP 3 Because the SA message is from an MSDP peer RP 3 in the same mesh group RP 4 and RP 5 both accept the SA message but they do not forward th...

Page 1136: ...o multicast group G and Receiver is a member of the multicast group To implement Anycast RP configure the same IP address known as anycast RP address typically a private address on Router A and Router...

Page 1137: ...255 255 for the Anycast RP address namely configure the Anycast RP address into a host address An MSDP peer address must be different from the Anycast RP address Multi Instance MSDP MSDP peering relat...

Page 1138: ...steps to enable MSDP globally in the public instance Enabling MSDP in a VPN instance Configuring an MSDP Peer Connection on page 1140 Configuring MSDP Peer Description on page 1140 Optional Configuri...

Page 1139: ...N instance view ip vpn instance vpn instance name Configure a route distinguisher RD for the VPN instance route distinguisher route distinguisher Required No RD is configured by default Enable IP mult...

Page 1140: ...flooding among these MSDP peers and optimize the multicast traffic On one hand an MSDP peer in an MSDP mesh group forwards SA messages from outside the mesh group that have passed the RPF check to th...

Page 1141: ...on is required You can flexibly adjust the interval between MSDP peering connection retries Follow these steps to configure MSDP peer connection control Configuring SA Messages Configuration Prerequis...

Page 1142: ...s to one another Upon receiving an SA message a router performs RPF check on the message If the router finds that the remote RP address is the same as the local RP address it will discard the SA messa...

Page 1143: ...e reception or forwarding An SA message with encapsulated multicast data can be forwarded to a designated MSDP peer only if the TTL value in its IP header exceeds the threshold Therefore you can contr...

Page 1144: ...to be encapsulated in SA messages peer peer address minimum ttl ttl value Optional 0 by default To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter public i...

Page 1145: ...C Router D and Router F be configured as the C BSR and C RP of the respective PIM SM domains It is required that an MSDP peering relationship be established between Router C and Router D through EBGP...

Page 1146: ...in PIM SM 3 and ensure the dynamic update of routing information between the routers in each PIM SM domain through a unicast routing protocol Detailed configuration steps are omitted 2 Enable IP mult...

Page 1147: ...the position of Loopback0 C BSR and C RP on Router C RouterC interface loopback 0 RouterC LoopBack0 ip address 1 1 1 1 255 255 255 255 RouterC LoopBack0 pim sm RouterC LoopBack0 quit RouterC pim Rout...

Page 1148: ...sgRcvd MsgSent OutQ PrefRcv Up Down State 192 168 1 2 4 200 24 21 0 6 00 13 09 Established View the information about BGP peering relationship on Router D RouterD display bgp peer BGP local router ID...

Page 1149: ...2 168 3 2 connect interface serial 2 0 RouterD msdp quit Configure MSDP peers on Router F RouterF msdp RouterF msdp peer 192 168 3 1 connect interface serial 2 0 RouterF msdp quit When the multicast s...

Page 1150: ...rt policy none Information about SA Requests Policy to accept SA Request messages none Sending SA Requests status disable Minimum TTL to forward SA with encapsulated data 0 SAs learned from this peer...

Page 1151: ...net 1 0 RouterB system view RouterB multicast routing enable RouterB interface ethernet 1 0 RouterB Ethernet1 0 igmp enable Device Interface IP address Device Interface IP address Source 1 10 110 5 10...

Page 1152: ...e loopback 20 RouterB LoopBack20 ip address 10 1 1 1 32 RouterB LoopBack20 pim sm RouterB LoopBack20 quit RouterB pim RouterB pim c bsr loopback 10 RouterB pim c rp loopback 20 RouterB pim quit The co...

Page 1153: ...play pim routing table command When Source 1 10 110 5 100 24 sends multicast data to multicast group G 225 1 1 1 24 Receiver 1 joins multicast group G By comparing the PIM routing information displaye...

Page 1154: ...w the PIM routing information on Router D RouterD display pim routing table Vpn instance public net Total 1 G entry 1 S G entry 225 1 1 1 RP 10 1 1 1 local Protocol pim sm Flag WC UpTime 00 12 07 Upst...

Page 1155: ...RPF peer of Router D and Router F so that any router can receive SA messages only from its static RPF peer s and permitted by the corresponding filtering policy Network diagram Figure 339 Network diag...

Page 1156: ...rC multicast routing enable RouterC interface pos 5 0 RouterC Pos5 0 pim sm RouterC Pos5 0 quit RouterC interface serial 2 0 RouterC Serial2 0 pim sm The configuration on Router A Router B Router D Ro...

Page 1157: ...er 192 168 3 1 connect interface serial 2 0 RouterF msdp static rpf peer 192 168 3 1 rp policy list c RouterF msdp quit 5 Verify the configuration Carry out the display bgp peer command to view the BG...

Page 1158: ...ion 1 Check that a route is available between the routers Carry out the display ip routing table command to check whether the unicast route between the routers is correct 2 Check that a unicast route...

Page 1159: ...P address and the C BSR and C RP must be configured on different devices or interfaces If the originating rp command is executed MSDP will replace the RP address in the SA messages with the address of...

Page 1160: ...1160 CHAPTER 70 MSDP CONFIGURATION...

Page 1161: ...s the corresponding multicast routing entries are created through unicast routes PIM uses the reverse path forwarding RPF mechanism to implement multicast forwarding When a multicast packet arrives on...

Page 1162: ...ith other routers and builds and maintains SPTs by periodically multicasting hello messages to all other PIM routers 224 0 0 13 n Every activated interface on a router sends hello messages periodicall...

Page 1163: ...a graft mechanism to resume data forwarding to that branch The process is as follows 1 The node that needs to receive multicast data sends a graft message hop by hop toward the source as a request to...

Page 1164: ...o the source the router with a smaller metric to the source wins 3 If there is a tie in route metric to the source the router with a higher IP address of the local interface wins Introduction to PIM S...

Page 1165: ...discovery DR election RP discovery RPT building Multicast source registration Switchover from RPT to SPT Assert Neighbor discovery PIM SM uses exactly the same neighbor discovery mechanism as PIM DM...

Page 1166: ...raffic needs to be forwarded through the RP To lessen the RP burden and optimize the topological structure of the RPT each multicast group should have its own RP Therefore a bootstrap mechanism is nee...

Page 1167: ...uses an IGMP message to inform the directly connected DR 2 Upon getting the receiver information the DR sends a join message which is hop by hop forwarded to the RP corresponding to the multicast gro...

Page 1168: ...ds the first multicast packet to a multicast group G the DR directly connected with the multicast source upon receiving the multicast packet encapsulates the packet in a PIM register message and sends...

Page 1169: ...more economically than PIM DM does through the flood and prune mechanism Assert PIM SM uses exactly the same assert mechanism as PIM DM does Refer to Assert on page 1163 Introduction to BSR Admin sco...

Page 1170: ...ther Figure 347 Relationship between BSR admin scope regions and the global scope zone in group address ranges In Figure 347 the group address ranges of admin scope scope regions BSR1 and BSR2 have no...

Page 1171: ...ASM model are two opposite models Presently the ASM model includes the PIM DM and PIM SM modes The SSM model can be implemented by leveraging part of the PIM SM technique The SSM model provides a sol...

Page 1172: ...y hop toward the multicast source S An Include S G or Exclude S G entry is created on all routers on the path from the DR to the source Thus an SPT is built in the network with the source S as its roo...

Page 1173: ...r PIM Sparse Mode draft ietf ssm arch 02 Source Specific Multicast for IP draft ietf ssm overview 04 An Overview of Source Specific Multicast SSM Configuring PIM DM PIM DM Configuration Task List Comp...

Page 1174: ...these steps to enable the state refresh capability To do Use the command Remarks Enter system view system view Enable IP multicast routing multicast routing enable Required Disable by default Enter i...

Page 1175: ...To effectively control the propagation scope of state refresh messages you need to configure an appropriate TTL value based on the network size Follow these steps to configure state refresh parameter...

Page 1176: ...retry period pim timer graft retry interval Optional 3 seconds by default To do Use the command Remarks Task Remarks Configuring PIM SM on page 1176 Required Configuring a BSR on page 1178 Performing...

Page 1177: ...PIM SM domain you are recommended to enable PIM SM on all interfaces of non border routers border routers are PIM enabled routers located on the boundary of BSR admin scope regions Enabling PIM SM glo...

Page 1178: ...IM SM C BSRs should be configured on routers in the backbone network When configuring a router as a C BSR be sure that this router is PIM SM enabled The BSR election process is as follows Initially ev...

Page 1179: ...ange and thus this kind of attacks can be prevented The above mentioned preventive measures can partially protect the security of BSRs in a network However if a legal BSR is controlled by an attacker...

Page 1180: ...to specific multicast groups Follow these steps to configure an admin scope C BSR Configuring a BSR admin scope region boundary A BSR has its specific service scope A number of BSR boundary interfaces...

Page 1181: ...e bootstrap interval By default the bootstrap interval is determined by this formula Bootstrap interval Bootstrap timeout 10 2 The default bootstrap timeout is 130 seconds so the default bootstrap int...

Page 1182: ...hroughout the entire network Then the other routers in the network calculate the mappings between specific group ranges and the corresponding RPs based on the RP set We recommend that you configure C...

Page 1183: ...floods the bootstrap messages to all PIM routers 224 0 0 13 in the network Each C RP encapsulates a timeout value in its C RP Adv message Upon receiving this message the BSR obtains this timeout valu...

Page 1184: ...ages encapsulated with multicast data and starts a register stop timer When the register stop timer expires the DR sends a null register message a register message without encapsulated multicast data...

Page 1185: ...win the DR election and on the C RPs that may win RP elections If the multicast source is learned through MSDP the device will switch to the SPT immediately after it receives the first multicast pack...

Page 1186: ...n a VPN instance c CAUTION All the interfaces in the same VPN instance on the same device must work in the same PIM mode Configuring the SSM Group Range As for whether the information from a multicast...

Page 1187: ...nterfaces while configurations performed in interface view are effective to the current interface only If the same function or parameter is configured in both PIM view and interface view the configura...

Page 1188: ...filters These filters can help implement traffic control on one hand and control the information available to receivers downstream to enhance data security on the other hand Follow these steps to conf...

Page 1189: ...override message When a router receives a prune message from a downstream router it does not perform the prune action immediately instead it maintains the current forwarding state for a period of tim...

Page 1190: ...figure PIM neighbor timeout time hello option holdtime interval Optional 105 seconds by default Configure the prune delay time LAN delay hello option lan delay interval Optional 500 milliseconds by de...

Page 1191: ...m vpn instance vpn instance name Configure the hello interval timer hello interval Optional 30 seconds by default Configure assert timeout time holdtime assert interval Optional 180 seconds by default...

Page 1192: ...isplay pim vpn instance vpn instance name all instance bsr info Available in any view View the information of unicast routes used by PIM display pim vpn instance vpn instance name all instance claimed...

Page 1193: ...rough their respective POS 5 0 IGMPv2 is required on Router A Router B Router C and hosts in N1 and N2 Router B is the IGMP querier on the multi access subnet View the content of the PIM routing table...

Page 1194: ...ol Detailed configuration steps are omitted here 2 Enable IP multicast routing and enable PIM DM on each interface Enable IP multicast routing on Router A enable PIM DM on each interface and enable IG...

Page 1195: ...os 5 1 RouterD Pos5 1 pim dm RouterD Pos5 1 quit 3 Verify the configuration Carry out the display pim interface command to view the PIM configuration and running status on each interface For example V...

Page 1196: ...Downstream interface s information Total number of downstreams 1 1 Ethernet1 0 Protocol igmp UpTime 00 04 25 Expires never 10 110 5 100 225 1 1 1 Protocol pim dm Flag ACT UpTime 00 06 14 Upstream inte...

Page 1197: ...N2 Router D connects to the network that comprises the multicast source Source through Ethernet 1 0 Router A connects to stub network N1 through Ethernet 1 0 and to Router D and Router E through Seria...

Page 1198: ...mitted here 2 Enable IP multicast routing and enable PIM SM on each interface Enable IP multicast routing on Router A enable PIM SM on each interface and enable IGMPv2 on Ethernet 1 0 which connects R...

Page 1199: ...m view RouterE acl number 2005 RouterE acl basic 2005 rule permit source 225 1 1 0 0 0 0 255 RouterE acl basic 2005 quit RouterE pim RouterE pim c bsr pos 5 2 RouterE pim c rp pos 5 2 group policy 200...

Page 1200: ...ample View the RP information on Router A RouterA display pim rp info Vpn instance public net PIM SM BSR RP information Group MaskLen 225 1 1 0 24 RP 192 168 9 2 Priority 0 HoldTime 150 Uptime 00 51 4...

Page 1201: ...m sm UpTime 00 00 42 Expires 00 03 06 The information on Router B and Router C is similar to that on Router A View the PIM routing table information on Router D RouterD display pim routing table Vpn i...

Page 1202: ...es in the SSM mode Host A and Host C are multicast receivers in two stub networks Router D connects to the network that comprises the multicast source Source through Ethernet 1 0 Router A connects to...

Page 1203: ...ed here 2 Enable IP multicast routing and enable PIM SM on each interface Enable IP multicast routing on Router A enable PIM SM on each interface and enable IGMPv3 on Ethernet 1 0 which connects Route...

Page 1204: ...basic 2000 quit RouterA pim RouterA pim ssm policy 2000 RouterA pim quit The configuration on Router B Router C Router D and Router E is similar to the configuration on Router A 4 Verify the configur...

Page 1205: ...00 12 05 Expires 00 03 25 Troubleshooting PIM Configuration Failure of Building a Multicast Distribution Tree Correctly Symptom None of the routers in the network including routers directly connected...

Page 1206: ...ill surely fail causing abnormal multicast forwarding Solution 1 Check unicast routes Use the display ip routing table command to check whether a unicast route exists from the receiver host to the mul...

Page 1207: ...warding boundary configuration Use the display current configuration command to check the multicast forwarding boundary settings Use the multicast boundary command to change the multicast forwarding b...

Page 1208: ...messages of the BSR will not contain the information of that C RP The RP is the core of a PIM SM domain Make sure that the RP information on all routers is exactly the same a specific group G is mappe...

Page 1209: ...IPv6 multicast forwarding table is directly used to control the forwarding of IPv6 multicast packets This is the table that guides IPv6 multicast forwarding An IPv6 multicast forwarding table consist...

Page 1210: ...terface as the incoming interface and installs the entry into the IPv6 multicast forwarding table If the interface on which the packet actually arrived is the RPF interface the RPF check is successful...

Page 1211: ...acket fails the RPF check and is discarded An IPv6 multicast packet from Source arrives on POS 5 1 of Router C and the IPv6 multicast forwarding table does not contain the corresponding forwarding ent...

Page 1212: ...must enable IPv6 multicast routing Follow these steps to enable IPv6 multicast routing Configuring an IPv6 Multicast Routing Policy If more than one unicast route with the same cost exists when a mul...

Page 1213: ...ery IPv6 multicast packet including every IPv6 multicast packet sent from the local device is subject to a hop limit check If the hop limit value of the packet already decremented by 1 on this router...

Page 1214: ...he maximum number of downstream nodes for a single route in the IPv6 multicast forwarding table multicast ipv6 forwarding table downstream limit limit Optional The default is the maximum number allowe...

Page 1215: ...re forwarding an IPv6 multicast packet the router decrements the hop limit value in the IPv6 packet header by 1 and recalculates the checksum Subsequently the router forwards the IPv6 multicast packet...

Page 1216: ...nimum hop limit required for an IPv6 multicast packet to be forwarded Use the undo multicast ipv6 minimum hoplimit command on the concerned interfaces to restore the default hop limit setting or confi...

Page 1217: ...cted subnets put corresponding records in the database and maintain timers related to IPv6 multicast addresses Routers running MLD use an IPv6 unicast link local address as the source address to send...

Page 1218: ...n queriers start a timer known as other querier present timer If a router receives an MLD query from the querier before the timer expires it resets this timer otherwise it assumes the querier to have...

Page 1219: ...e MLD done message the querier sends a configurable number of multicast address specific queries to the group being left The destination address field and group address field of the message are both f...

Page 1220: ...6 multicast data Source 2 sends to G denoted as S2 G Thus only IPv6 multicast data from Source 1 will be delivered to Host B MLD state A multicast router running MLDv2 maintains the multicast address...

Page 1221: ...For a query message this field is set to 130 Code Initialized to zero Checksum Standard IPv6 checksum Maximum Response Delay Maximum response delay allowed before a host sends a report message Reserve...

Page 1222: ...ss specific query message This field represents the number of source addresses in a multicast address and source specific query message Source Address i IPv6 multicast source address in a multicast ad...

Page 1223: ...ess records are present in this report message Multicast Address Record i This field represents information of each IPv6 multicast address the host listens to on the interface from which the report me...

Page 1224: ...ow these steps to enable MLD Configuring the MLD Version Because MLD message types and formats vary with MLD versions the same MLD version should be configured for all routers on the same subnet befor...

Page 1225: ...n other words the interface will not become a real member of the IPv6 multicast group Configuring an IPv6 Multicast Group Filter To restrict the hosts on the network attached to an interface from join...

Page 1226: ...and multicast address and source specific queries and IPv6 multicast groups change dynamically a device cannot join all IPv6 multicast groups Therefore a router may receive IPv6 multicast packets addr...

Page 1227: ...bust but results in a longer IPv6 multicast group timeout time Upon receiving an MLD query general query or multicast address specific query message a host starts a timer for each IPv6 multicast group...

Page 1228: ...e that the querier has failed and will initiate a new querier election process Otherwise the non querier will reset its timeout time Configuring MLD query and response parameters globally Follow these...

Page 1229: ...es of the host when it switches frequently from one IPv6 multicast group to another you can enable MLD fast leave processing on the MLD querier With fast leave processing enabled after receiving an ML...

Page 1230: ...v6 PIM network through their respective POS5 0 Configure the MLD fast leave processing fast leave group policy acl6 number Required Disabled by default To do Use the command Remarks Enter system view...

Page 1231: ...n between Router A Router B and Router C on the IPv6 PIM network and dynamic update of routing information between the routers through a unicast routing protocol The detailed configuration steps are o...

Page 1232: ...ration and running information on each router interface Example View MLD information on Ethernet 1 0 of Router B RouterB display mld interface ethernet 1 0 Ethernet1 0 FE80 200 5EFF FE66 5100 MLD is e...

Page 1233: ...nt configuration interface command to check whether the mld group policy command has been executed If an IPv6 ACL is configured to restrict the host from joining IPv6 multicast group G the ACL must be...

Page 1234: ...1234 CHAPTER 73 MLD CONFIGURATION...

Page 1235: ...s the corresponding IPv6 multicast routing entries are created through IPv6 unicast routes IPv6 PIM uses the reverse path forwarding RPF mechanism to implement IPv6 multicast forwarding When an IPv6 m...

Page 1236: ...r discovery In a IPv6 PIM domain a PIM router discovers IPv6 PIM neighbors maintains IPv6 PIM neighboring relationships with other routers and builds and maintains SPTs by periodically multicasting IP...

Page 1237: ...n is pruned again when it no longer has any multicast receiver n Pruning has a similar implementation in IPv6 PIM SM Graft When a host attached to a pruned node joins an IPv6 multicast group to reduce...

Page 1238: ...Pv6 unicast route to the source By comparing these parameters either Router A or Router B becomes the unique forwarder of the subsequent S G IPv6 multicast packets on the multi access subnet The compa...

Page 1239: ...arrival of this message at the RP triggers the establishment of an SPT Then the multicast source sends subsequent IPv6 multicast packets along the SPT to the RP Upon reaching the RP the IPv6 multicast...

Page 1240: ...ssage triggers a new DR election process among the other routers RP discovery The RP is the core of an IPv6 PIM SM domain For a small sized simple network one RP is enough for forwarding IPv6 multicas...

Page 1241: ...allows a router to resolve the RP address from an IPv6 multicast address so that the IPv6 multicast group is mapped to an RP which can take the place of the statically configured RP or the RP dynamic...

Page 1242: ...e IPv6 multicast data addressed to the IPv6 multicast group G flows through the RP reaches the corresponding DR along the established RPT and finally is delivered to the receiver When a receiver is no...

Page 1243: ...st source travels along the established SPT to the RP and then the RP forwards the data along the RPT to the receivers When the IPv6 multicast traffic arrives at the RP along the SPT the RP sends a re...

Page 1244: ...6 PIM DM mod is not suitable for large and medium sized networks In actual application part of the IPv6 PIM SM technique is adopted to implement the SSM model In the SSM model receivers know exactly w...

Page 1245: ...xclude S G entry is created on all routers on the path from the DR to the source Thus an SPT is built in the network with the source S as its root and receivers as its leaves This SPT is the transmiss...

Page 1246: ...en state refresh messages Minimum time to wait before receiving a new refresh message Hop limit value of state refresh messages Graft retry period Enabling IPv6 PIM DM With IPv6 PIM DM enabled a route...

Page 1247: ...re receiving the next state refresh message If a new state refresh message is received within the waiting time the router will discard it if this timer times out the router will accept a new state ref...

Page 1248: ...uration Task List Complete these tasks to configure IPv6 PIM SM Configure the interval between state refresh messages state refresh interval interval Optional 60 seconds by default Configure the time...

Page 1249: ...rule and sequencing rule for RPT to SPT switchover The interval of checking the IPv6 multicast traffic rate threshold before RPT to SPT switchover Enabling IPv6 PIM SM With IPv6 PIM SM enabled a rout...

Page 1250: ...priority carried in the message The C BSR with a higher priority wins If there is a tie in the priority the C BSR with a higher IPv6 address wins The loser uses the winner s BSR address to replace it...

Page 1251: ...en a BSR and the other devices in the IPv6 PIM SM domain a relatively large bandwidth should be provided between the C BSR and the other devices in the IPv6 PIM SM domain Configuring a BSR admin scope...

Page 1252: ...guration make sure that the bootstrap interval is smaller than the bootstrap timeout time Configuring an RP An RP can be manually configured or dynamically elected through the BSR mechanism For a larg...

Page 1253: ...ps to configure a C RP n When configuring a C RP ensure a relatively large bandwidth between this C RP and the other devices in the IPv6 PIM SM domain An RP can serve multiple IPv6 multicast groups or...

Page 1254: ...quent C RP Adv message from the C RP when the timer times out the BSR assumes the C RP to have expired or become unreachable Follow these steps to configure C RP timers n The commands introduced in th...

Page 1255: ...ves a register stop message during the register probe time it will refresh its register stop timer otherwise the DR will start sending register messages with encapsulated data again The Register Stop...

Page 1256: ...PIM SSM n The IPv6 PIM SSM mode needs the support of MLDv2 Therefore be sure to enable MLDv2 on IPv6 PIM routers with receivers attached to them IPv6 PIM SSM Configuration Task List Complete these tas...

Page 1257: ...in the S G channel subscribed by the receivers falls in the IPv6 PIM SSM group range All IPv6 PIM SM enabled interfaces assume that IPv6 multicast groups within this address range are using the IPv6 S...

Page 1258: ...Pv6 unicast routing protocol so that all devices in the domain are interoperable at the network layer Configure IPv6 PIM DM or IPv6 PIM SM or IPv6 PIM SSM Before configuring IPv6 PIM common informatio...

Page 1259: ...command in the Command Manual Holdtime the timeout time of IPv6 PIM neighbor reachability state When this timer times out if the router has received no hello message from an IPv6 PIM neighbor it assu...

Page 1260: ...am router has changed it assumes that the status of the upstream neighbor is lost or the upstream neighbor has changed In this case it triggers a join message for state update If you disable join supp...

Page 1261: ...ulticast source S the router will not immediately delete the corresponding S G entries instead it maintains S G entries for a period of time namely the IPv6 multicast source lifetime before deleting t...

Page 1262: ...efault Configure the IPv6 multicast source lifetime source lifetime interval Optional 210 seconds by default To do Use the command Remarks Enter system view system view Enter interface view interface...

Page 1263: ...mation about unacknowledged graft messages display pim ipv6 grafts Available in any view View the IPv6 PIM information on an interface or all interfaces display pim ipv6 interface interface type inter...

Page 1264: ...diagram for IPv6 PIM DM configuration on routers Configuration procedure 1 Configure the interface IPv6 addresses and IPv6 unicast routing protocol for each router Configure the IP address and prefix...

Page 1265: ...A interface serial 2 0 RouterA Serial2 0 pim ipv6 dm RouterA Serial2 0 quit The configuration on Router B and Router C is similar to the configuration on Router A Enable IPv6 multicast routing on Rout...

Page 1266: ...uter A and a G entry is generated on Router A To view the IPv6 PIM routing information on a router use the display pim ipv6 routing table command For example View the IPv6 PIM multicast routing table...

Page 1267: ...or more receiver hosts exist in each stub network The entire IPv6 PIM domain operates in the sparse mode Host A and Host C are IPv6 multicast receivers in two stub networks N1 and N2 Router D connect...

Page 1268: ...c update of routing information among the routers through an IPv6 unicast routing protocol Detailed configuration steps are omitted here 2 Enable IPv6 multicast routing and enable IPv6 PIM SM on each...

Page 1269: ...figure the RP service range and the C BSR and C RP locations on Router E RouterE system view RouterE acl ipv6 number 2005 RouterE acl6 basic 2005 rule permit source ff0e 101 64 RouterE acl6 basic 2005...

Page 1270: ...splay pim ipv6 rp info PIM SM BSR RP information prefix prefix length FF0E 101 64 RP 1003 2 Priority 0 HoldTime 130 Uptime 00 05 19 Expires 00 02 11 Assume that Host A needs to receive information add...

Page 1271: ...that on Router A View the IPv6 PIM multicast routing table information on Router D RouterD display pim ipv6 routing table Total 0 G entry 1 S G entry 4001 100 FF0E 101 RP 1003 2 Protocol pim sm Flag S...

Page 1272: ...s in two stub networks N1 and N2 Router D connects to the network that comprises the IPv6 multicast source Source through Ethernet 1 0 Router A connects to N1 through Ethernet 1 0 and to Router D and...

Page 1273: ...c update of routing information among the routers through a unicast routing protocol Detailed configuration steps are omitted here 2 Enable IPv6 multicast routing and enable IPv6 PIM SM on each interf...

Page 1274: ...SSM group range to be FF3E 64 on Router A RouterA acl ipv6 number 2000 RouterA acl6 basic 2000 rule permit source ff3e 64 RouterA acl6 basic 2000 quit RouterA pim ipv6 RouterA pim6 ssm policy 2000 Rou...

Page 1275: ...stream interface Ethernet1 0 Upstream neighbor NULL RPF prime neighbor NULL Downstream interface s information Total number of downstreams 1 1 Serial2 0 Protocol pim ssm UpTime 00 08 02 Expires 00 03...

Page 1276: ...twork Use the display current configuration command to check the IPv6 PIM mode information on each interface Make sure that the same IPv6 PIM mode is enabled on all the routers IPv6 PIM SM on all rout...

Page 1277: ...ic group is mapped to the same RP and a unicast route is available to the RP Solution 1 Check whether routes to C RPs the RP and the BSR are available Carry out the display ipv6 routing table command...

Page 1278: ...1278 CHAPTER 74 IPV6 PIM CONFIGURATION...

Page 1279: ...ng MD VPN Configuration on page 1308 Multicast VPN Overview Introduction to MPLS L3VPN n For details about MPLS L3VPN refer to MPLS L3VPN Configuration on page 1459 An MPLS L3VPN is a virtual private...

Page 1280: ...nts route distribution on the customer network In an MPLS L3VPN environment between any two sites that belong to the same VPN packets are transmitted labeled across the public network The PE device at...

Page 1281: ...ers on the network for that group only those belong to VPN A namely in Site 1 Site 2 or Site 3 can receive the multicast stream The stream is multicast in these sites and in the public network The pre...

Page 1282: ...MD Different MVRFs join the same MD and are interconnected by means of the multicast tunnel MT automatically established in the MD to enable multicast service between different sites and form a multi...

Page 1283: ...as a private data transmission pool and an Switch group When the multicast traffic of a VPN reaches or exceeds a threshold the ingress PE device assigns it an independent multicast address called swit...

Page 1284: ...icast data forwarding All the private network multicast packets transmitted in this VPN are forwarded along this share MDT no matter at which PE device they entered the public network 3 A share group...

Page 1285: ...cross the link PE PE neighboring relationship PIM neighboring relationship established after a VPN instance on a PE device receives a PIM hello from a VPN instance on a remote PE device through an MTI...

Page 1286: ...in the join message and a 239 1 1 1 state entry is created on each device along the path in the public network The join process initiated by PE 2 and PE 3 is similar Finally an RPT is established in t...

Page 1287: ...ve a share MDT is characterized as follows no matter what PIM mode is running in the public network All PE devices that support this VPN instance PE 1 PE 2 and PE 3 in this example join the share MDT...

Page 1288: ...e public network and the VPNs network Receiver in Site 2 is attached to CE 2 while CE 1 of Site 1 acts as the RP for VPN multicast group G 225 1 1 1 Figure 374 Transmission of multicast protocol packe...

Page 1289: ...By now the construction of a multicast distribution tree across the public network is completed n For details about GRE refer to GRE Configuration on page 1589 Share MDT Based Delivery of Multicast D...

Page 1290: ...is forwarded to the public instance on all the PE devices along the share MDT Upon receiving this packet every PE device decapsulates it to turn it back into a private network multicast data packet an...

Page 1291: ...this message checks whether it interfaces with a private network that has receivers of that VPN multicast stream If so it joins the switch MDT rooted at PE 1 otherwise it caches the message and will j...

Page 1292: ...domain interoperability at the network layer Configure MPLS L3VPN Enable PIM PIM DM or PIM SM Before configuring MD VPN prepare the following data VPN instance names and route distinguishers RDs Shar...

Page 1293: ...to the public instance The data is then forwarded down the switch MDT MDT switching delay refers to the length of time during which the traffic rate stays higher than the MDT switching threshold befo...

Page 1294: ...DT switching delay multicast domain holddown time interval Optional 60 seconds by default To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter VPN instance v...

Page 1295: ...icast routing protocols and MPLS Configure OSPF in the public network and configure RIP between the PE devices and the CE devices Establish BGP peer connections between PE 1 PE 2 and PE 3 via their re...

Page 1296: ...h0 2 10 110 4 2 24 Loop1 2 2 2 2 32 Eth0 3 10 110 12 1 24 PE 1 Eth0 1 192 168 6 1 24 Loop1 22 22 22 22 32 Eth0 2 10 110 1 1 24 CE a3 Eth0 1 10 110 10 1 24 Eth0 3 10 110 2 1 24 Eth0 2 10 110 5 2 24 Loo...

Page 1297: ...ress associate an MTI with the VPN instance and define the address range of the switch group pool PE1 vpn instance a multicast routing enable PE1 vpn instance a multicast domain share group 239 1 1 1...

Page 1298: ...g connect interface loopback 1 PE1 bgp peer 1 1 1 2 group vpn g PE1 bgp peer 1 1 1 3 group vpn g PE1 bgp ipv4 family vpn instance a PE1 bgp a import route rip 2 PE1 bgp a import route direct PE1 bgp...

Page 1299: ...VPN instance a configure an RD for it and create an ingress route and an egress route for it PE2 ip vpn instance a PE2 vpn instance a route distinguisher 100 1 PE2 vpn instance a vpn target 100 1 expo...

Page 1300: ...s the same as the PIM mode running on all the interfaces in VPN instance a The interface MTI 1 will automatically obtain an IP address after BGP peer configuration on PE 2 This address is the loopback...

Page 1301: ...an RD for it and create an ingress route and an egress route for it PE3 ip vpn instance a PE3 vpn instance a route distinguisher 100 1 PE3 vpn instance a vpn target 100 1 export extcommunity PE3 vpn...

Page 1302: ...24 PE3 Ethernet0 2 pim sm PE3 Ethernet0 2 quit Bind Ethernet 0 3 to VPN instance b configure an IP address and enable PIM SM on the interface PE3 interface ethernet 0 3 PE3 Ethernet0 3 ip binding vpn...

Page 1303: ...PE3 bgp a quit PE3 bgp ipv4 family vpn instance b PE3 bgp b import route rip 3 PE3 bgp b import route direct PE3 bgp b quit PE3 bgp ipv4 family vpnv4 PE3 bgp af vpnv4 peer vpn g enable PE3 bgp af vpn...

Page 1304: ...ability on the public network interface Ethernet 0 2 P interface ethernet 0 2 P Ethernet0 2 ip address 192 168 7 2 24 P Ethernet0 2 pim sm P Ethernet0 2 mpls P Ethernet0 2 mpls ldp P Ethernet0 2 quit...

Page 1305: ...0 2 CEa1 interface ethernet 0 2 CEa1 Ethernet0 2 ip address 10 110 2 2 24 CEa1 Ethernet0 2 pim sm CEa1 Ethernet0 2 quit Configure RIP CEa1 rip 2 CEa1 rip 2 network 10 0 0 0 6 Configure CE b1 Enable I...

Page 1306: ...0 3 CEa2 interface ethernet 0 3 CEa2 Ethernet0 3 ip address 10 110 12 1 24 CEa2 Ethernet0 3 pim sm CEa2 Ethernet0 3 quit Configure an IP address for Loopback 1 and enable PIM SM on the interface CEa2...

Page 1307: ...b2 Enable IP multicast routing CEb2 system view CEb2 multicast routing enable Configure an IP address and enable IGMP and PIM SM on Ethernet 0 1 CEb2 interface ethernet 0 1 CEb2 Ethernet0 1 ip addres...

Page 1308: ...information of VPN instance b on PE 3 PE3 display multicast domain vpn instance b share group MD local share group information for VPN Instance b Share group 239 2 2 2 MTunnel address 1 1 1 3 Troubles...

Page 1309: ...t the BGP peer connections have been correctly configured Unable to Build an MVRF Symptom A VPN instance cannot create an MVRF correctly Analysis If PIM SM is running in the VPN instance the BSR infor...

Page 1310: ...1310 CHAPTER 75 MULTICAST VPN CONFIGURATION...

Page 1311: ...336 Displaying and Maintaining MPLS on page 1336 MPLS Configuration Example on page 1338 Troubleshooting MPLS on page 1343 n For detailed information about VPN refer to MPLS L2VPN Configuration on pag...

Page 1312: ...ket It does not contain any topology information and is local significant A label is four octets or 32 bits in length Figure 377 illustrates its format Figure 377 Format of a label A label consists of...

Page 1313: ...ional path from the ingress of the MPLS network to the egress It functions like a virtual circuit in ATM or frame relay Each node of an LSP is an LSR LDP Label distribution protocol LDP means the prot...

Page 1314: ...l Multi level label stack MPLS allows a packet to carry a number of labels organized as a last in first out LIFO stack which is called a label stack A packet with a label stack can travel along more t...

Page 1315: ...P 3 After receiving a packet each transit LSR looks up its label forwarding table for the next hop according to the label of the packet and forwards the packet to the next hop None of the transit LSRs...

Page 1316: ...ion indirectly it has no direct association with routing protocols On the other hand existing protocols such as BGP and RSVP can be extended to support label distribution In MPLS applications it may b...

Page 1317: ...re customer edge device CE and service provider edge router PE A CE can be a router switch or host All PEs are on the backbone network PE is responsible for managing VPN users establishing LSP connect...

Page 1318: ...inding only when it receives a label request from its upstream LSR Downstream unsolicited DU In this mode a downstream LSR does not wait for any label request from an upstream LSR before binding a lab...

Page 1319: ...h transit LSR on an MPLS network forwards an incoming packet based on the label of the packet while the egress LER removes the label from the packet and forwards the packet based on the network layer...

Page 1320: ...ng delay n For description and configuration of P routers refer to MPLS L3VPN Configuration on page 1459 and MPLS L2VPN Configuration on page 1425 For an MPLS packet with only one level of label the I...

Page 1321: ...exchange messages for label binding and releasing LDP sessions come in two categories Local LDP session Established between two directly connected LSRs Remote LDP session Established between two indi...

Page 1322: ...FEC to its downstream LSR which assigns a label to the FEC encapsulates the binding information in a label mapping message and sends the message back to it When the downstream LSR responds with label...

Page 1323: ...s subnet An LDP link Hello message carries information about the LDP identifier of a given interface and some other information Receipt of an LDP link Hello message on an interface indicates that a po...

Page 1324: ...he corresponding label request message that is locally maintained If it has information about the request message the LSR assigns a label to the FEC and adds an entry in its LFIB for the binding and s...

Page 1325: ...DP session is GR capable 1 Whenever the GR restarter restarts the GR helper will detect that the related LDP session is down and will keep its neighborship with the GR restarter and retain information...

Page 1326: ...age 1311 Configuration Procedure Follow these steps to configure MPLS basic capability n An LSR ID uses the format of an IP address and is unique within an MPLS domain You are recommended to use the I...

Page 1327: ...atic LSP Configuring MPLS basic capability on all the LSRs Configuration Procedure Follow these steps to configure a static LSP To do Use the command Remarks Enter system view system view Enter MPLS v...

Page 1328: ...tasks to configure LDP Configuring MPLS LDP Capability Follow these steps to enable MPLS LDP capability Configure a static LSP taking the current LSR as the egress static lsp egress lsp name incoming...

Page 1329: ...configure the local session transport address to be the IP address of the interface or that of a specified interface Follow these steps to configure local LDP session parameters Configuring Remote LDP...

Page 1330: ...vive the IGP route filtering based on an IP address prefix list An IP address prefix list affects only static routes and IGP routes Follow these steps to configure the policy for triggering LSP establ...

Page 1331: ...tem view quit Enable LDP capability and enter MPLS LDP view mpls ldp Required Specify the label distribution control mode label distribution independent ordered Optional ordered by default Note that y...

Page 1332: ...N instance view Configuration Prerequisites Before configuring LDP instances be sure to complete these tasks Configuring VPN instances Configuring MPLS basic capability Configuring MPLS LDP capability...

Page 1333: ...he following configurations on a GR restarter A GR helper requires no additional configuration n A single device can act as both GR restarter and GR helper at the same time Follow these steps to confi...

Page 1334: ...IP TTL and MPLS TTL as the TTL of the IP packet and decrements the value by 1 If you want to enable MPLS IP TTL propagation for VPN packets on one LSR you are recommended to do so on related PEs guar...

Page 1335: ...l MPLS forwarding process during which period the fast forwarding feature records in the fast forwarding cache a fast forwarding entry including the link layer header for the packet All subsequent pac...

Page 1336: ...Table 50 Follow these steps to configure MPLS fast forwarding To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter MPLS view mpls Set the interval for repor...

Page 1337: ...splay LSP statistics display mpls lsp statistics Available in any view Display information about the NHLFE table display mpls nhlfe token include text Available in any view Display information about s...

Page 1338: ...instance name verbose peer id all verbose begin exclude include regular expression Available in any view Display information about LSPs established by LDP display mpls ldp lsp all vpn instance vpn in...

Page 1339: ...nfigure OSPF to advertise host routes of LSR ID Configure Router A RouterA ospf RouterA ospf 1 area 0 RouterA ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 RouterA ospf 1 area 0 0 0 0 network 10 1 1 0 0...

Page 1340: ...ct 0 0 127 0 0 1 InLoop0 Now OSPF adjacency should have been established between Router A and Router B and between Router B and Router C respectively If you execute the display ospf peer command you w...

Page 1341: ...mmand to check whether the local sessions have been established or the display mpls ldp peer command to check the peers The following takes Router A as an example RouterA display mpls ldp session LDP...

Page 1342: ...3 3 9 Remote Peer peerc Configuring LDP to Establish LSPs Network requirements On the network in Figure 384 an LSP is required to be established between Router A and Router C Network diagram See Figur...

Page 1343: ...LDP enabled cannot establish an LDP session with its peer Analysis An LDP session is established in two steps establishing the TCP connection initializing the session and negotiating the session param...

Page 1344: ...1344 CHAPTER 76 MPLS BASICS CONFIGURATION...

Page 1345: ...page 1355 CR LSP Backup on page 1356 Fast Reroute on page 1356 DiffServ Aware TE on page 1357 Protocols and Standards on page 1358 Traffic Engineering and MPLS TE Traffic Engineering Network congesti...

Page 1346: ...uacy in extensibility In this sense MPLS TE is a better traffic engineering solution for its extensibility and ease of implementation MPLS TE MPLS is better than IGPs in implementing traffic engineeri...

Page 1347: ...xtending link state based IGPs such as OSPF and IS IS OSPF and IS IS extensions add to link states such TE attributes as link bandwidth color among which maximum reservable link bandwidth and non rese...

Page 1348: ...trative group and affinity attribute on page 1349 Reoptimization on page 1349 Strict and loose explicit routes An LSP is called a strict explicit route if all LSRs along the LSP are specified An LSP i...

Page 1349: ...rties of the links that the tunnel can use Together with the link administrative group it decides which links the MPLS TE tunnel can use Reoptimization Traffic engineering is a process of allocating r...

Page 1350: ...as a signaling protocol for LSP tunnel setup in MPLS TE Basic concepts of RSVP TE 1 Soft state Soft state is a mechanism used in RSVP TE to periodically refresh the resource reservation state on a no...

Page 1351: ...torn down RSVP TE messages RSVP TE use RSVP messages with extensions The following are RSVP messages Path messages transmitted along the path of data transmission downstream by each RSVP sender to sa...

Page 1352: ...or setting up an LSP tunnel with RSVP 1 The ingress LSR sends a Path message towards the egress LSR 2 After receiving the Path message the egress LSR sends back a Resv message towards the ingress LSR...

Page 1353: ...E_ID included Path and Resv messages can be refreshed using summary refreshes PSB RSB and BSB timeouts To create an LSP tunnel the sender sends a LABEL_REQUEST object with a Path message After receivi...

Page 1354: ...ic to travel along an LSP tunnel you need to make configuration after creating the MPLS TE tunnel Otherwise traffic will be IP routed Even when an MPLS TE tunnel is available traffic is IP routed if y...

Page 1355: ...outer A cannot use this tunnel to reach Router C With forwarding adjacency enabled Router A can known the presence of the TE tunnel and thus forward traffic to Router C to Router D though this tunnel...

Page 1356: ...secondary CR LSP is created to take over after the primary CR LSP fails Fast Reroute This section covers these topics Overview on page 1356 Basic concepts on page 1356 Protection on page 1356 Deployi...

Page 1357: ...evice Figure 389 FRR node protection Deploying FRR When configuring the bypass LSP make sure the protected link or node is not on the bypass LSP As bypass LSPs are pre established FRR requires extra b...

Page 1358: ...TE Extensions to RSVP for LSP Tunnels RFC 2961 RSVP Refresh Overhead Reduction Extensions RFC 3564 Requirements for Support of Differentiated Service aware MPLS Traffic Engineering MPLS TE Configurati...

Page 1359: ...ations For information about tunnel interfaces refer to Tunneling Configuration on page 693 Configuring Automatic Bandwidth Adjustment on page 1379 Optional Configuring CR LSP Backup on page 1380 Opti...

Page 1360: ...CR LSPs are special static LSPs They share the same constraints and use the same label space spanning 16 to 1023 Configuration Prerequisites Before making the configuration do the following Configure...

Page 1361: ...create an MPLS TE tunnel with a dynamic signaling protocol Configure MPLS TE properties for links and advertise them through IGP TE extension to form a TEDB Configure tunnel constraints Use the CSPF a...

Page 1362: ...and a dynamic signaling protocol is used for MPLS TE tunnel setup Configuration task Remarks Configuring MPLS TE properties for a link on page 1362 Optional Configuring CSPF on page 1363 Optional Conf...

Page 1363: ...fore configuring IS IS TE you need to configure the IS IS wide metric style which can be wide compatible or wide compatible Follow these steps to configure IS IS TE To do Use command to Remarks Enter...

Page 1364: ...ability TLV type 22 may reach the maximum of 255 octets in some cases For an IS IS LSP to carry this type of TLV and to be flooded normally on all interfaces with IS IS enabled the MTU of any IS IS en...

Page 1365: ...dress of current node on the explicit path modify hop ip address1 ip address2 include loose strict exclude Optional By default the include keyword and the strict keyword apply In other words the expli...

Page 1366: ...ies Establish an MPLS TE tunnel with RSVP TE Configuration Procedure Configuring RSVP TE advanced features involves these tasks Configuring RSVP reservation style on page 1367 Configuring RSVP state t...

Page 1367: ...RSVP reservation style n In current MPLS TE applications the SE style is mainly used for make before break while the FF style is rarely used Configuring RSVP state timers Follow these steps to config...

Page 1368: ...ter system view system view Enter interface view of MPLS TE link interface interface type interface number Enable the reliability mechanism of RSVP TE mpls rsvp te reliability Optional Enable retransm...

Page 1369: ...work resources It requires that the interfaces at the two ends of a link must share the same authentication key to exchange RSVP messages Follow these steps to configure RSVP authentication n FFR and...

Page 1370: ...iple paths are present with the same metric only one of them is selected Tie breakers include largest currently available bandwidth least currently available bandwidth or random selection Follow these...

Page 1371: ...d affinity bit and its corresponding administrative group bit must be set to 1 Suppose the affinity of an MPLS TE tunnel is 0xFFFFFFFF and the mask is 0x0000FFFF For a link to be used by the tunnel th...

Page 1372: ...1373 To do Use command to Remarks Enter system view system view Enter interface view of MPLS TE link interface interface type interface number Assign the link to a link administrative group mpls te l...

Page 1373: ...unnel tunnel number Enable the system to perform loop detection when setting up a tunnel mpls te loop detection Required Disabled by default Submit current tunnel configuration mpls te commit Required...

Page 1374: ...Configuration Procedures Configuring traffic forwarding involves these tasks Forwarding traffic along MPLS TE tunnels using static routes on page 1374 Forwarding traffic along MPLS TE tunnels using p...

Page 1375: ...ag value description description text Required To do Use command to Remarks To do Use command to Remarks Enter system view system view Create and enter the view of an advanced IPv4 ACL acl number acl...

Page 1376: ...d for path calculation If it is relative the cost of the corresponding IGP path must be added to the metric before it can be used for path calculation 1 Configure IGP shortcut Follow these steps to co...

Page 1377: ...moves or modifies the link before the timer expires CSPF will update information about the link in TEDB and stops the timer If IGP does not remove or modify the link before the timer expires the state...

Page 1378: ...low these steps to configure the link metric used for routing a tunnel Configure the CSPF failed link timer mpls te cspf timer failed link timer interval Optional The default is 10 seconds To do Use c...

Page 1379: ...MPLS TE link interface interface type interface number Assign a TE metric to the link mpls te metric value Optional If no TE metric is assigned to the link IGP metric is used as the TE metric by defau...

Page 1380: ...onfiguration Prerequisites Before configuring CR LSP backup do the following Configure MPLS basic capabilities Configure MPLS TE basic capabilities Configure MPLS TE tunnels Configuration Procedure Fo...

Page 1381: ...dth assigned to the bypass LSP is not less than the total bandwidth needed by all protected LSPs Normally bypass tunnels only forward data traffic when protected primary tunnels fail To allow a bypass...

Page 1382: ...be used in case failure occurs Your device has restriction on links that use the same bypass tunnel so that their total bandwidth does not exceeds a specified value Follow these steps to configure a b...

Page 1383: ...new LSP After this switchover the PLR polls available bypass tunnels for the best one at the regular interval specified by the FRF polling timer Follow these steps to configure the FRF polling timer...

Page 1384: ...vp te psb content ingress lsr id lspid tunnel id egress lsr id begin include exclude regular expression Available in any view Display information about RSVP TE RSB display mpls rsvp te rsb content ing...

Page 1385: ...ng advertisements level 1 level 1 2 level 2 lsp id lsp id local process id vpn instance vpn instance name Available in any view Display information about TE links for IS IS display isis traffic eng li...

Page 1386: ...advertise host routes with LSR IDs as destinations Configure Router A RouterA system view RouterA isis 1 RouterA isis 1 network entity 00 0005 0000 0000 0001 00 RouterA isis 1 quit RouterA interface...

Page 1387: ...hat all nodes learnt the host routes of other nodes with LSR IDs as destinations Take Router A for example RouterA display ip routing table Routing Tables Public Destinations 8 Routes 8 Destination Ma...

Page 1388: ...terA Tunnel0 destination 3 3 3 3 RouterA Tunnel0 mpls te tunnel id 10 RouterA Tunnel0 mpls te signal protocol static RouterA Tunnel0 mpls te commit RouterA Tunnel0 quit 5 Create a static CR LSP Config...

Page 1389: ...ation In Out If Name Eth1 0 Eth1 1 Tunnel0 RouterC display mpls te tunnel LSP Id Destination In Out If Name Eth1 1 Tunnel0 Perform the display mpls lsp command or the display mpls static cr lsp comman...

Page 1390: ...rs Use RSVP TE to create a TE tunnel with 2000 kbps of bandwidth from Router A to Router D ensuring that the maximum bandwidth of each link that the tunnel traverses is 10000 kbps and the maximum rese...

Page 1391: ...cuit level level 2 RouterB POS5 0 quit RouterB interface loopback 0 RouterB LoopBack0 isis enable 1 RouterB LoopBack0 isis circuit level level 2 RouterB LoopBack0 quit Configure Router C RouterC syste...

Page 1392: ...rect 0 0 127 0 0 1 InLoop0 20 1 1 0 24 ISIS 15 20 10 1 1 2 Eth1 0 30 1 1 0 24 ISIS 15 30 10 1 1 2 Eth1 0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 3 Configure...

Page 1393: ...S5 0 quit Configure Router D RouterD mpls lsr id 4 4 4 9 RouterD mpls RouterD mpls mpls te RouterD mpls mpls rsvp te RouterD mpls mpls te cspf RouterD mpls quit RouterD interface ethernet 1 0 RouterD...

Page 1394: ...RouterB POS5 0 mpls te max reservable bandwidth 5000 RouterB POS5 0 quit Configure maximum link bandwidth and maximum reservable bandwidth on Router C RouterC interface ethernet 1 0 RouterC Ethernet1...

Page 1395: ...ut 0 bytes 0 output error Perform the display mpls te tunnel interface command on Router A to verify information about the MPLS TE tunnel RouterA display mpls te tunnel interface Tunnel Name Tunnel1 T...

Page 1396: ...iguration Example Network requirements Router A Router B and Router C are running IS IS All of them are Level 2 devices and support RSVP hello extension Use RSVP TE to create a TE tunnel from Router A...

Page 1397: ...terB Ethernet1 0 mpls rsvp te RouterB Ethernet1 0 mpls rsvp te hello RouterB Ethernet1 0 quit RouterB interface ethernet 1 1 RouterB Ethernet1 1 mpls RouterB Ethernet1 1 mpls te RouterB Ethernet1 1 mp...

Page 1398: ...s GR status is Ready RouterA display mpls rsvp te peer Interface Ethernet1 0 Neighbor Addr 10 1 1 2 SrcInstance 880 NbrSrcInstance 5017 PSB Count 0 RSB Count 1 Hello Type Sent REQ Neighbor Hello Exten...

Page 1399: ...outerA mpls lsr id 1 1 1 9 RouterA mpls RouterA mpls mpls te RouterA mpls mpls rsvp te RouterA mpls mpls te cspf RouterA mpls quit RouterA interface ethernet 1 0 RouterA Ethernet1 0 mpls RouterA Ether...

Page 1400: ...rnet 1 0 RouterC Ethernet1 0 mpls RouterC Ethernet1 0 mpls te RouterC Ethernet1 0 mpls rsvp te RouterC Ethernet1 0 quit RouterC interface ethernet 1 1 RouterC Ethernet1 1 mpls RouterC Ethernet1 1 mpls...

Page 1401: ...outer A RouterA interface ethernet 1 0 RouterA Ethernet1 0 mpls te max link bandwidth 10000 RouterA Ethernet1 0 mpls te max reservable bandwidth 5000 RouterA Ethernet1 0 quit Configure maximum link ba...

Page 1402: ...ode Number 4 Current Total Link Number 6 Id MPLS LSR Id IGP Process Id Area Link Count 1 2 2 2 9 OSPF 1 0 2 2 3 3 3 9 OSPF 1 0 2 3 4 4 4 9 OSPF 1 0 1 4 1 1 1 9 OSPF 1 0 1 6 Configure LDP Configure Rou...

Page 1403: ...rA Tunnel2 mpls te tunnel id 10 RouterA Tunnel2 mpls te signal protocol crldp RouterA Tunnel2 mpls te bandwidth 2000 RouterA Tunnel2 mpls te commit RouterA Tunnel2 quit Perform the display interface t...

Page 1404: ...Retry Interval 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq Min BW Max BW Current Collected BW Interfaces Protected VPN Bind Type NONE VPN Bind Value...

Page 1405: ...ytes sec Unreserved BW 14 0 bytes sec Unreserved BW 15 0 bytes sec Bandwidth Constraints BC 0 625000 bytes sec BC 1 0 bytes sec Local OverBooking Multipliers LOM 0 1 LOM 1 1 LSA 2 LSA Type Opq Area Op...

Page 1406: ...system view RouterA mpls lsr id 1 1 1 9 RouterA mpls RouterA mpls mpls te RouterA mpls mpls rsvp te RouterA mpls mpls te cspf RouterA mpls quit RouterA interface ethernet 1 0 RouterA Ethernet1 0 mpls...

Page 1407: ...UP Line protocol current state UP Description Tunnel3 Interface The Maximum Transmit Unit is 64000 Internet Address is 9 1 1 1 24 Primary Encapsulation is TUNNEL aggregation ID not set Tunnel source...

Page 1408: ...tracert command on Router A to draw the path to the tunnel destination You can see that the LSP is re routed to traverse Router D RouterA tracert a 1 1 1 9 3 3 3 9 traceroute to 3 3 3 9 3 3 3 9 30 hop...

Page 1409: ...ection using the FRR approach Configuration procedure 1 Assign IP addresses and masks to interfaces see Figure 395 Omitted 2 Configure the IGP protocol Enable IS IS to advertise host routes with LSR I...

Page 1410: ...2 Eth1 0 5 5 5 5 32 ISIS 15 20 2 1 1 2 Eth1 0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 3 Configure MPLS TE basic capabilities and enable CSPF Configure Route...

Page 1411: ...uit Perform the display interface tunnel command on Router A You can find that Tunnel4 is up RouterA display interface tunnel Tunnel4 current state UP Line protocol current state UP Description Tunnel...

Page 1412: ...it path by path next hop 3 3 3 3 RouterB explicit path by path quit Create the bypass tunnel RouterB interface tunnel 5 RouterB Tunnel5 ip address 11 1 1 1 255 255 255 0 RouterB Tunnel5 tunnel protoco...

Page 1413: ...each router You can find that two MPLS TE tunnels are traversing Router B and Router C RouterA display mpls te tunnel LSP Id Destination In Out If Name 1 1 1 1 1 4 4 4 4 Eth1 0 Tunnel4 RouterB displa...

Page 1414: ...s In Use Not Exists BypassTunnel Tunnel Index Mpls Mtu 1500 6 Verify the FRR function Shut down the protected outgoing interface on PLR RouterB interface ethernet 1 1 RouterB Ethernet1 1 shutdown Sep...

Page 1415: ...ngress LSR ID 1 1 1 1 Egress LSR ID 4 4 4 4 Signaling Prot RSVP Resv Style SE Class Type CLASS 0 Tunnel BW 0 kbps Reserved BW 0 kbps Setup Priority 7 Hold Priority 7 Affinity Prop Mask 0 0 Explicit Pa...

Page 1416: ...LspIndex 4098 Token 22002 LsrType Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index Mpls Mtu 1500 Set the FRR polling timer to five seconds on PLR RouterB mpls RouterB mpls mpls te timer fast...

Page 1417: ...E tunnel configure a tunneling policy to use a CR LSP as the VPN tunnel when creating the VPN Network diagram Figure 396 MPLS TE application in VPN Configuration procedure 1 Configure OSPF ensuring th...

Page 1418: ...splay ospf peer OSPF Process 1 with Router ID 2 2 2 2 Neighbors Area 0 0 0 0 interface 10 0 0 1 POS5 1 s neighbors Router ID 3 3 3 3 Address 10 0 0 2 GR State Normal State Full Mode Nbr is Master Prio...

Page 1419: ...FT MD5 KA Sent Rcv 3 3 3 3 0 Operational DU Passive Off Off 2 2 LAM Label Advertisement Mode FT Fault Tolerance 3 Enable MPLS TE CSPF and OSPF TE Configure PE 1 PE1 mpls PE1 mpls mpls te PE1 mpls mpl...

Page 1420: ...use CR LSP for VPN setup Bind the VPN instance with the interface connected to CE 1 PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 100 1 bot...

Page 1421: ...192 168 1 2 bytes 56 Sequence 2 ttl 255 time 26 ms Reply from 192 168 1 2 bytes 56 Sequence 3 ttl 255 time 26 ms Reply from 192 168 1 2 bytes 56 Sequence 4 ttl 255 time 26 ms Reply from 192 168 1 2 b...

Page 1422: ...display bgp vpn instance vpn1 peer BGP local router ID 2 2 2 2 Local AS number 100 Total number of peers 1 Peers in established state 1 Peer V AS MsgRcvd MsgSent OutQ Up Down State PrefRcv 192 168 1...

Page 1423: ...lsp verbose LSP Information CRLDP LSP No 1 IngressLsrID 2 2 2 2 LocalLspID 1 Tunnel Interface Tunnel1 Fec 3 3 3 3 32 Nexthop 10 0 0 2 In Label NULL Out Label 1024 In Interface Out Interface POS5 1 Lsp...

Page 1424: ...1 Perform the display ip routing table command on PE 1 You can identify a static route with Tunnel1 as the outgoing interface Troubleshooting MPLS TE Symptom OSPF TE is configured but no TE LSAs can b...

Page 1425: ...on page 1428 SVC MPLS L2VPN on page 1428 Martini MPLS L2VPN on page 1428 Kompella MPLS L2VPN on page 1429 Introduction to MPLS L2VPN Traditional VPN Traditional VPNs based on asynchronous transfer mo...

Page 1426: ...ges High scalability MPLS L2VPN establishes only Layer 2 connections It does not involve the routing information of users This greatly reduces the load of the PEs and even the load of the whole servic...

Page 1427: ...termines to which CE the packets are to be forwarded according to the VC labels Figure 398 illustrates how the label stack changes in the MPLS L2VPN forwarding process Figure 398 MPLS L2VPN label stac...

Page 1428: ...connection A local connection is established between two local CEs that are connected to the same PE The PE functions like a Layer 2 switch and can directly switch packets between the CEs without any...

Page 1429: ...emote CEs respectively Specifying the circuit ID that the local CE assigns to the connection such as the VPI VCI with ATM Kompella MPLS L2VPN uses extended BGP as the signaling protocol to distribute...

Page 1430: ...chronous asynchronous serial interfaces and POS interfaces can use the link layer protocols of PPP HDLC and FR For configuration information about serial and POS interfaces refer to WAN Interface Conf...

Page 1431: ...AN An Ethernet subinterface can use the encapsulation type of VLAN For Ethernet subinterface configuration information refer to Logical Interface Configuration on page 525 A VLAN interface using the l...

Page 1432: ...ion on page 235 To configure CCC MPLS L2VPN you need the following data Name for the CCC connection Connection type local or remote For a local CCC connection the types and numbers of the incoming and...

Page 1433: ...L2VPN information Instead it uses tunnels to transport data between PEs SVC supports these tunnel types LDP LSP CR LSP and GRE By default LDP LSP tunnels are used Create a local CCC connection betwee...

Page 1434: ...es extended LDP to transfer Layer 2 information and VC labels Configuration Prerequisites Before configuring Martini MPLS L2VPN complete these tasks Configuring IGP on the PEs and P devices to guarant...

Page 1435: ...guring Kompella MPLS L2VPN complete these tasks Configuring IGP on the PEs and P devices to guarantee the IP connectivity of the MPLS backbone Configuring MPLS basic capability and MPLS LDP for the MP...

Page 1436: ...em view system view Enter BGP view bgp as number Establish the peer relationship with the peer PE peer group name ip address as number as number Required Specify the interface for the TCP connection p...

Page 1437: ...ded to adopt the sequence of the CE IDs in which case you can omit the ce offset portion from most of the required commands This simplifies the configuration Note that you can only increase the CE ran...

Page 1438: ...isplay mpls l2vc interface interface type interface number remote info Available in any view Display information about Kompella L2VPN connections display mpls l2vpn connection vpn name vpn name remote...

Page 1439: ...0 link protocol ppp CE1 Serial1 0 ip address 100 1 1 1 24 2 Configure the PE Configure the LSR ID and enable MPLS globally Sysname system view Sysname sysname PE PE interface loopback 0 PE LoopBack0 i...

Page 1440: ...Intf2 Serial1 1 up CE1 ping 100 1 1 2 PING 100 1 1 2 56 data bytes press CTRL_C to break Reply from 100 1 1 2 bytes 56 Sequence 1 ttl 255 time 180 ms Reply from 100 1 1 2 bytes 56 Sequence 2 ttl 255...

Page 1441: ...view Sysname sysname PE1 PE1 interface loopback 0 PE1 LoopBack0 ip address 10 0 0 1 32 PE1 LoopBack0 quit PE1 mpls lsr id 10 0 0 1 PE1 mpls PE1 mpls quit Enable MPLS L2VPN globally PE1 mpls l2vpn Conf...

Page 1442: ...P interface loopback 0 P LoopBack0 ip address 10 0 0 2 32 P LoopBack0 quit P mpls lsr id 10 0 0 2 P mpls P mpls quit Configure interface POS 1 1 and enable MPLS P interface pos 1 1 P POS1 1 link proto...

Page 1443: ...ing interface and that connecting the P device as the outgoing interface setting the incoming label to 201 and the outgoing label to 101 PE2 ccc CE2 CE1 interface pos 1 1 in label 201 out label 101 ou...

Page 1444: ...PPP An SVC MPLS L2VPN is established between CE 1 and CE 2 Network diagram Figure 401 Network diagram for configuring SVC MPLS L2VPN Configuration procedure The main steps are the following two Confi...

Page 1445: ...and LDP globally PE1 mpls l2vpn PE1 mpls ldp PE1 mpls ldp quit Configure the interface for connecting to the P device namely POS 1 1 and enable LDP on the interface PE1 interface pos 1 1 PE1 POS1 1 li...

Page 1446: ...PE 1 namely POS 1 1 and enable LDP on the interface P interface pos 1 1 P POS1 1 link protocol ppp P POS1 1 ip address 10 1 1 2 24 P POS1 1 mpls P POS1 1 mpls ldp P POS1 1 quit Configure the interface...

Page 1447: ...nk protocol ppp PE2 POS1 0 ip address 10 2 2 1 24 PE2 POS1 0 mpls PE2 POS1 0 mpls ldp PE2 POS1 0 quit Configure OSPF on PE 2 for establishing LSPs PE2 ospf PE2 ospf 1 area 0 PE2 ospf 1 area 0 0 0 0 ne...

Page 1448: ...ce 2 ttl 255 time 130 ms Reply from 100 1 1 2 bytes 56 Sequence 3 ttl 255 time 130 ms Reply from 100 1 1 2 bytes 56 Sequence 4 ttl 255 time 140 ms Reply from 100 1 1 2 bytes 56 Sequence 5 ttl 255 time...

Page 1449: ...N and LDP globally PE1 mpls l2vpn PE1 mpls ldp PE1 mpls ldp quit Configure the peer relationship with PE 2 so that the LDP remote session can be established between them PE1 mpls ldp remote peer 1 PE1...

Page 1450: ...uit Enable LDP globally P mpls ldp P mpls ldp quit Configure the interface connected with PE 1 namely Serial 2 0 and enable LDP on the interface P interface serial 2 0 P Serial2 0 link protocol ppp P...

Page 1451: ...ssion can be established between them PE2 mpls ldp remote peer 2 PE2 mpls ldp remote 2 remote ip 192 2 2 2 PE2 mpls ldp remote 2 quit Configure the interface connected with the P device namely Serial...

Page 1452: ...l2vc total ldp vc 1 1 up 0 down Transport Client VC Local Remote Tunnel VC ID Intf State VC Label VC Label Policy 101 Serial2 0 up 1025 1024 default CE1 ping 100 1 1 2 PING 100 1 1 2 56 data bytes pr...

Page 1453: ...configuration you can issue the display mpls ldp session and display mpls ldp peer commands to view the LDP sessions and peer relationship established or the display mpls lsp command to view the LSPs...

Page 1454: ...e L2VPN and the CE connection Configure PE 1 PE1 mpls l2vpn vpn1 encapsulation ppp PE1 mpls l2vpn vpn1 route distinguisher 100 1 PE1 mpls l2vpn vpn1 vpn target 1 1 PE1 mpls l2vpn vpn1 ce ce1 id 1 rang...

Page 1455: ...00 packet loss round trip min avg max 34 68 94 ms Example for Configuring a Kompella Local Connection Network requirements A Kompella local connection is required between CE 1 and CE 2 Network diagram...

Page 1456: ...name vpn1 local ce ce name ce id range conn num LB ce1 1 10 1 8192 0 10 ce2 2 10 1 8202 0 10 CE1 ping 30 1 1 2 PING 30 1 1 2 56 data bytes press CTRL_C to break Reply from 30 1 1 2 bytes 56 Sequence 1...

Page 1457: ...an LDP connection respectively with the same VC ID of 1 If you change the encapsulation type of Serial 1 1 to HDLC the expected LDP connection cannot be established Analysis When you change the encap...

Page 1458: ...1458 CHAPTER 78 MPLS L2VPN CONFIGURATION...

Page 1459: ...Packet Forwarding on page 1463 MPLS L3VPN Networking Schemes on page 1464 MPLS L3VPN Routing Information Advertisement on page 1467 Carrier s Carrier on page 1468 Multi AS VPN on page 1470 Multi Role...

Page 1460: ...connected PE it advertises its VPN routes to the PE and learns remote VPN routes from the PE A CE and a PE use BGP IGP to exchange routing information You can also configure static routes between the...

Page 1461: ...eates and maintains a separate VPN instance for each VPN at a directly connected site Each VPN instance contains the VPN membership and routing rules of the corresponding site If a user at a site belo...

Page 1462: ...stinguished by the Type field When the value of the Type field is 0 the Administrator subfield occupies two bytes the Assigned number subfield occupies four bytes and the RD format is 16 bit AS number...

Page 1463: ...PN instance by using the VPN target attribute of import target attribute It can reject the routes selected by the communities in the import target attribute An export routing policy can reject the rou...

Page 1464: ...ination address of the packet to determine the outbound interface and then forwards the packet out the interface to CE 2 4 CE 2 transmits the packet to the destination by IP forwarding MPLS L3VPN Netw...

Page 1465: ...his networking scheme requires two VPN targets one for the hub and the other for the spoke The VPN target setting rules for VPN instances of all sites on PEs are as follows On spoke PEs that is the PE...

Page 1466: ...s distinct from the export VPN targets of the other spoke PEs Therefore any two spoke PEs can neither directly advertise VPN IPv4 routes to each other nor directly access each other Extranet networkin...

Page 1467: ...on Advertisement In basic MPLS L3VPN networking the advertisement of VPN routing information involves CEs and PEs A P router maintains only the routes of the backbone and does not need to know any VPN...

Page 1468: ...P routes The exchange of routing information between the egress PE and the remote CE is the same as that between the local CE and the ingress PE Carrier s Carrier Introduction to carrier s carrier It...

Page 1469: ...411 PE 3 and PE 4 exchange VPN routes of the Level 2 carrier through IBGP sessions Figure 411 Scenario where the Level 2 carrier is an ISP When the Level 2 carrier is an MPLS L3VPN service provider i...

Page 1470: ...ter provider VPN option A In this kind of solution PEs of two ASs are directly connected and each PE is also the ASBR of its AS The PEs acting as ASBRs are connected through multiple subinterfaces Eac...

Page 1471: ...IPv4 routes which is also called ASBR extension method Figure 414 Network diagram for inter provider VPN option B In terms of scalability inter provider VPN option B is better than option A When adop...

Page 1472: ...e ASBR of another AS also advertises labeled IPv4 routes Thus an LSP is established between the ingress PE and egress PE Between PEs of different ASs Multi hop EBGP connections are established to exch...

Page 1473: ...ation from other VPNs to reach the CE from the PE you must configure static routes on other VPNs that take the interface connected to the CE as the next hop n All IP addresses associated with the PE m...

Page 1474: ...pplicable to the large scale VPN deployment 2 HoVPN To solve the scalability problem of the plane model MPLS L3VPN must transition to the hierarchical model In MPLS L3VPN hierarchy of VPN HoVPN was pr...

Page 1475: ...ements SPE An SPE is required to have large capacity routing table high forwarding performance and fewer interface resources UPE A UPE is required to have small capacity routing table low forwarding p...

Page 1476: ...extension For more information about OSPF refer to the OSPF Configuration on page 917 OSPF multi instance on PE OSPF is a prevalent IGP protocol In many cases VPN clients are connected through BGP pee...

Page 1477: ...ces and therefore can address the above problems Properly configured OSPF sites are considered directly connected and PEs can exchange OSPF routing information as they are using dedicated lines This i...

Page 1478: ...gh LSAs the LSAs may be received by another PE resulting in a routing loop To avoid routing loops when creating Type 3 LSAs the PE always sets the flag bit DN for BGP VPN routes learnt from MPLS BGP r...

Page 1479: ...nto BGP as a VPN IPv4 route A sham link can be configured in any area You need to configure it manually In addition the local VPN instance must have a route to the destination of the sham link Multi V...

Page 1480: ...AS number of 800 AS number substitution is enabled on PE 2 for CE 2 Before advertising updates received from CE 1 to CE 2 PE 2 finds that an AS number in the AS_PATH is the same as that of CE 2 and h...

Page 1481: ...the VPN instance with a VPN Follow these steps to create and configure a VPN instance Associating a VPN Instance with an Interface After creating and configuring a VPN instance you associate the VPN i...

Page 1482: ...an configure up to 16 VPN targets for a VPN instance To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Associate the current in...

Page 1483: ...oser to the select seq keyword has a higher priority For example with the tunnel select seq lsp gre load balance number 1 command configured VPN uses a GRE tunnel if no LSP exists Once an LSP is creat...

Page 1484: ...ctivity Configure MPLS basic capability for the MPLS backbone PEs and Ps Configure MPLS LDP for the MPLS backbone PEs and Ps so that LDP LSPs can be established On CEs configure the IP addresses of th...

Page 1485: ...ing a process or to configure the IP address for at least one interface of the VPN instance An OSPF process belongs to only one VPN instance If you run an OSPF process without binding it to a VPN inst...

Page 1486: ...the OSPF domain ID is included in the BGP VPN route and delivered as a BGP extended community attribute n After configuring an OSPF instance you must start OSPF by using the same method for starting...

Page 1487: ...Required Configure the CE as the VPN peer peer group name ip address as number as number Required Inject the routes of the local CEs import route protocol process id med med value route policy route p...

Page 1488: ...table has the same function on BGP routes for each type of the address families Follow these steps to configure common routing features for all types of subaddress families Configure the route adverti...

Page 1489: ...family peer group name ip address enable Required By default only IPv4 routing information is exchanged between BGP peers Add a peer into an existing peer group peer ip address group group name Option...

Page 1490: ...ived from or to be advertised to a peer or peer group based on an AS_PATH list peer group name ip address as path acl aspath filter number import export Optional By default no AS filtering list is app...

Page 1491: ...applies to scenarios where the number of VPNs and that of VPN routes on the PEs are relatively small It is simple to implement To configure inter provider VPN option A you only need to Configure basic...

Page 1492: ...BGP do not have their next hops changed by default If the next hops need to be changed to the local addresses you can configure the peer ip address group name next hop local command For information ab...

Page 1493: ...ew system view Enter BGP view bgp as number Configure the ASBR PE in the same AS as the IBGP peer peer group name ip address as number as number Required Enable the PE to exchange labeled IPv4 routes...

Page 1494: ...ure the ASBR_PE to change the next hop to itself when advertising routes to PEs in the same AS peer group name ip address next hop local Required By default a BGP speaker does not use its address as t...

Page 1495: ...onfigure a private network static route on a PE specifying the egress of another private network or public network as the egress of the static route Thus packets from the multi role host for accessing...

Page 1496: ...sed through BGP Configuration Prerequisites Before configuring OSPF sham link be sure to complete these tasks Configuring basic MPLS L3VPN OSPF is used between PE and CE Configuring OSPF in the LAN wh...

Page 1497: ...stance Configuring Multi VPN instance CE Multi VPN instance CE is used in LANs By configuring multiple OSPF instances on CEs you can implement service isolation One OSPF process can belong to only one...

Page 1498: ...ore configuring BGP AS number substitution complete these tasks Configuring basic MPLS L3VPN Configuring CEs at different sites to have the same AS number Configuration Procedure When CEs at different...

Page 1499: ...in user view Reset BGP connections of a VPN instance reset bgp vpn instance vpn instance name as number ip address all external group group name Available in user view Reset BGP VPNv4 connections res...

Page 1500: ...ixes as path acl as path acl number cidr community aa nn 1 13 no export subconfed no advertise no export whole match community list basic community list number whole match adv community list number 1...

Page 1501: ...sic community list number whole match adv community list number 1 16 dampened dampening parameter different origin as flap info as path acl as path acl number network address mask longer match mask le...

Page 1502: ...0 network 1 1 1 9 0 0 0 0 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Configure the P device Device Interface IP address Device Interface IP address CE 1 Eth 1 0 10 1 1 1 24 P Loop0 2 2 2 9 32 PE 1...

Page 1503: ...configurations OSPF adjacency should be established between PE 1 P and PE 2 Issuing the display ospf peer command you can see that the adjacency status is Full Issuing the display ip routing table co...

Page 1504: ...erface pos 5 0 P POS5 0 mpls P POS5 0 mpls ldp P POS5 0 quit P interface pos 5 1 P POS5 1 mpls P POS5 1 mpls ldp P POS5 1 quit Configure PE 2 PE2 mpls lsr id 3 3 3 9 PE2 mpls PE2 mpls lsp trigger all...

Page 1505: ...p vpn instance vpn2 PE1 vpn instance vpn2 route distinguisher 100 2 PE1 vpn instance vpn2 vpn target 222 2 PE1 vpn instance vpn2 quit PE1 interface ethernet 1 0 PE1 Ethernet1 0 ip binding vpn instance...

Page 1506: ...255 time 4 ms Reply from 10 1 1 1 bytes 56 Sequence 4 ttl 255 time 52 ms Reply from 10 1 1 1 bytes 56 Sequence 5 ttl 255 time 3 ms 10 1 1 1 ping statistics 5 packet s transmitted 5 packet s received...

Page 1507: ...gp peer 1 1 1 9 connect interface loopback 0 PE2 bgp ipv4 family vpnv4 PE2 bgp af vpnv4 peer 1 1 1 9 enable PE2 bgp af vpnv4 quit PE2 bgp quit After completing the above configuration if you issue the...

Page 1508: ...1 bytes 56 Sequence 4 ttl 253 time 50 ms Reply from 10 3 1 1 bytes 56 Sequence 5 ttl 253 time 34 ms 10 3 1 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min...

Page 1509: ...outing table command you can see that the PEs have learned the loopback route of each other 2 Enable MPLS basic capability on the PEs Configure PE 1 PE1 system view PE1 mpls lsr id 1 1 1 9 PE1 mpls PE...

Page 1510: ...2 PE2 tunnel policy gre1 PE2 tunnel policy gre1 tunnel select seq gre load balance number 1 PE2 tunnel policy gre1 quit PE2 ip vpn instance vpn1 PE2 vpn instance vpn1 route distinguisher 100 2 PE2 vp...

Page 1511: ...number 100 CE1 bgp import route direct CE1 bgp quit Configure PE 1 PE1 bgp 100 PE1 bgp ipv4 family vpn instance vpn1 PE1 bgp vpn1 peer 10 1 1 1 as number 65410 PE1 bgp vpn1 peer 10 1 1 1 next hop loca...

Page 1512: ...MsgRcvd MsgSent OutQ PrefRcv Up Down State 2 2 2 9 4 100 3 3 0 1 00 00 34 Established 6 Configure a GRE tunnel Configure PE 1 PE1 interface tunnel 0 PE1 Tunnel0 tunnel protocol gre PE1 Tunnel0 source...

Page 1513: ...ask Proto Pre Cost NextHop Interface 10 1 1 0 24 Direct 0 0 10 1 1 2 Eth1 0 10 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 10 2 1 0 24 BGP 255 0 2 2 2 9 NULL0 The CEs should be able to ping each other CE1 p...

Page 1514: ...of each other Each ASBR PE and the PE in the same AS should be able to ping each other 2 Configure MPLS basic capability and MPLS LDP on the MPLS backbone to establish LDP LSPs Configure MPLS basic c...

Page 1515: ...0 ASBR PE1 POS5 0 mpls ASBR PE1 POS5 0 mpls ldp ASBR PE1 POS5 0 quit Configure MPLS basic capability on ASBR PE 2 and enable MPLS LDP on the interface connected to PE 2 ASBR PE2 system view ASBR PE2 m...

Page 1516: ...n instance vpn1 vpn target 100 1 both PE1 vpn instance vpn1 quit PE1 interface ethernet 1 1 PE1 Ethernet1 1 ip binding vpn instance vpn1 PE1 Ethernet1 1 ip address 10 1 1 2 24 PE1 Ethernet1 1 quit Con...

Page 1517: ...gurations by issuing the display ip vpn instance command The PEs should be able to ping their respective CEs and the ASBR PEs should be able to ping each other 4 Establish EBGP peer relationship betwe...

Page 1518: ...9 enable ASBR PE1 bgp af vpnv4 peer 1 1 1 9 next hop local ASBR PE1 bgp af vpnv4 quit ASBR PE1 bgp quit Configure ASBR PE 2 ASBR PE2 bgp 200 ASBR PE2 bgp ipv4 family vpn instance vpn1 ASBR PE2 bgp vp...

Page 1519: ...IBGP ASBR PE 1 and ASBR PE 2 exchange labeled IPv4 routes by MP EBGP ASBRs do not perform VPN target filtering of received VPN IPv4 routes Network diagram Figure 425 Configure inter provider VPN optio...

Page 1520: ...ck0 ip address 2 2 2 9 32 PE1 LoopBack0 isis enable 1 PE1 LoopBack0 quit Create VPN instance vpn1 and configure the RD and VPN target attributes PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route di...

Page 1521: ...and enable MPLS and LDP on the interface ASBR PE1 interface serial 2 0 ASBR PE1 Serial2 0 ip address 1 1 1 1 255 0 0 0 ASBR PE1 Serial2 0 isis enable 1 ASBR PE1 Serial2 0 mpls ASBR PE1 Serial2 0 mpls...

Page 1522: ...mpls lsp trigger all ASBR PE2 mpls label advertise non null ASBR PE2 mpls quit ASBR PE2 mpls ldp ASBR PE2 mpls ldp quit Configure interface Serial 2 0 start IS IS and enable MPLS and LDP on the inter...

Page 1523: ...entity 10 111 111 111 111 00 PE2 isis 1 quit Configure LSR ID enable MPLS and LDP PE2 mpls lsr id 5 5 5 9 PE2 mpls PE2 mpls lsp trigger all PE2 mpls label advertise non null PE2 mpls quit PE2 mpls ldp...

Page 1524: ...e of vpn1 PE2 bgp ipv4 family vpn instance vpn1 PE2 bgp vpn1 import route direct PE2 bgp vpn1 quit PE2 bgp quit 5 Verify your configurations After you complete the above configurations PE 1 and PE 2 s...

Page 1525: ...art IS IS and enable MPLS and LDP on the interface PE1 interface serial 1 0 PE1 Serial1 0 ip address 1 1 1 2 255 0 0 0 PE1 Serial1 0 isis enable 1 PE1 Serial1 0 mpls PE1 Serial1 0 mpls ldp PE1 Serial1...

Page 1526: ...0 0 1 32 PE1 LoopBack1 quit Start BGP on PE 1 PE1 bgp 100 Configure the capability to advertise labeled routes to IBGP peer 3 3 3 9 and to receive labeled routes from the peer PE1 bgp peer 3 3 3 9 as...

Page 1527: ...e serial 1 1 ASBR PE1 Serial1 1 ip address 11 0 0 2 255 0 0 0 ASBR PE1 Serial1 1 mpls ASBR PE1 Serial1 1 quit Configure interface Loopback 0 and start IS IS on it ASBR PE1 interface loopback 0 ASBR PE...

Page 1528: ...the peer ASBR PE1 bgp peer 11 0 0 1 label route capability ASBR PE1 bgp quit 3 Configure ASBR PE 2 Start IS IS on ASBR PE 2 ASBR PE2 system view ASBR PE2 isis 1 ASBR PE2 isis 1 network entity 10 222...

Page 1529: ...eer ASBR PE2 bgp peer 5 5 5 9 as number 600 ASBR PE2 bgp peer 5 5 5 9 connect interface loopback 0 ASBR PE2 bgp peer 5 5 5 9 label route capability Specify to use routing policy policy2 to filter rout...

Page 1530: ...e vpn1 PE2 vpn instance vpn1 route distinguisher 11 11 PE2 vpn instance vpn1 vpn target 1 1 2 2 3 3 import extcommunity PE2 vpn instance vpn1 vpn target 3 3 export extcommunity PE2 vpn instance vpn1 q...

Page 1531: ...27 PE 1 and PE 2 are PEs of the Level 1 carrier backbone CE 1 and CE 2 are devices of the Level 2 carrier and work as CE to access the Level 1 carrier backbone PE 3 and PE 4 are devices of the Level 2...

Page 1532: ...00 PE1 isis 1 quit Device Interface IP address Device Interface IP address CE 3 Eth 1 0 100 1 1 1 24 CE 4 Eth 1 0 120 1 1 1 24 PE 3 Loop0 1 1 1 9 32 PE 4 Loop0 6 6 6 9 32 Eth 1 0 100 1 1 2 24 Eth 1 0...

Page 1533: ...established and has reached the state of Established Issuing the display isis peer command you should see that the IS IS neighbor relationship has been set up Take PE 1 as an example PE1 display mpls...

Page 1534: ...network entity 10 0000 0000 0000 0002 00 CE1 isis 2 quit CE1 interface loopback 0 CE1 LoopBack0 isis enable 2 CE1 LoopBack0 quit CE1 interface pos 5 0 CE1 POS5 0 ip address 10 1 1 2 24 CE1 POS5 0 isi...

Page 1535: ...CE1 POS5 1 mpls ldp transport address interface CE1 POS5 1 quit After you complete the above configurations PE 1 and CE 1 should be able to establish the LDP session and IS IS neighbor relationship be...

Page 1536: ...ip routing table command on PE 1 and PE 2 You should see that only routes of the Level 1 carrier network are present in the public network routing table of PE 1 and PE 2 Takes PE 1 as an example PE1...

Page 1537: ...1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 11 1 1 0 24 Direct 0 0 11 1 1 1 POS5 1 11 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 11 1 1 2 32 Direct 0 0 11 1 1 2 POS5 1 20 1 1 0 24 ISIS 15 74 11 1 1 2 POS5 1 21...

Page 1538: ...s 56 Sequence 4 ttl 252 time 70 ms Reply from 20 1 1 2 bytes 56 Sequence 5 ttl 252 time 60 ms 20 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg ma...

Page 1539: ...d configure different RDs and VPN targets attributes for the VPN instances PE1 system view PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 100...

Page 1540: ...mber 3001 PE1 acl adv 3001 rule 0 permit ip vpn instance vpn1 source 100 1 1 2 0 PE1 acl adv 3001 quit PE1 policy based route policy1 permit node 10 PE1 policy based route if match acl 3001 PE1 policy...

Page 1541: ...uit Configure the IGP protocol OSPF for example Device Interface IP address Device Interface IP address CE 1 Eth 1 0 10 2 1 1 24 CE 3 Eth 1 0 10 1 1 1 24 CE 2 Eth 1 0 10 4 1 1 24 CE 4 Eth 1 0 10 3 1 1...

Page 1542: ...0 quit UPE1 interface ethernet 1 1 UPE1 Ethernet1 1 ip binding vpn instance vpn2 UPE1 Ethernet1 1 ip address 10 4 1 2 24 UPE1 Ethernet1 1 quit Configure UPE 1 to establish MP IBGP peer relationship wi...

Page 1543: ...it Configure the IGP protocol OSPF for example UPE2 ospf UPE2 ospf 1 area 0 UPE2 ospf 1 area 0 0 0 0 network 172 2 1 0 0 0 0 255 UPE2 ospf 1 area 0 0 0 0 network 4 4 4 9 0 0 0 0 UPE2 ospf 1 area 0 0 0...

Page 1544: ...face ethernet 1 0 CE3 Ethernet1 0 ip address 10 1 1 1 255 255 255 0 CE3 Ethernet1 0 quit CE3 bgp 65430 CE3 bgp peer 10 1 1 2 as number 100 CE3 bgp import route direct CE3 quit 6 Configure CE 4 CE4 sys...

Page 1545: ...to establish MP IBGP peer relationship with UPE 1 and to inject VPN routes and specify UPE 1 SPE1 bgp 100 SPE1 bgp peer 1 1 1 9 as number 100 SPE1 bgp peer 1 1 1 9 connect interface loopback 0 SPE1 b...

Page 1546: ...vpn1 vpn target 100 1 both SPE2 vpn instance vpn1 quit SPE2 ip vpn instance vpn2 SPE2 vpn instance vpn2 route distinguisher 800 1 SPE2 vpn instance vpn2 vpn target 100 2 both SPE2 vpn instance vpn2 qu...

Page 1547: ...ng the configurations CE 1 and CE 2 should be able to learn the OSPF route to the Ethernet interface of each other The following takes CE 1 as an example CE1 display ip routing table Routing Tables Pu...

Page 1548: ...ldp quit PE1 interface serial 2 1 PE1 Serial2 1 ip address 10 1 1 1 24 PE1 Serial2 1 mpls PE1 Serial2 1 mpls ldp PE1 Serial2 1 quit Configure PE 1 to take PE 2 as the MP IBGP peer PE1 bgp 100 PE1 bgp...

Page 1549: ...figure PE 1 to allow CE 1 to access the network PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 1 1 PE1 vpn instance vpn1 quit PE1 interface e...

Page 1550: ...n Mask Proto Pre Cost NextHop Interface 20 1 1 0 24 OSPF 10 1563 100 1 1 1 Eth1 0 30 1 1 0 24 OSPF 10 3125 100 1 1 1 Eth1 0 100 1 1 0 24 Direct 0 0 100 1 1 2 Eth1 0 100 1 1 2 32 Direct 0 0 127 0 0 1 I...

Page 1551: ...ample CE1 display ip routing table Routing Tables Public Destinations 9 Routes 9 Destination Mask Proto Pre Cost NextHop Interface 20 1 1 0 24 Direct 0 0 20 1 1 1 S2 1 20 1 1 1 32 Direct 0 0 127 0 0 1...

Page 1552: ...n PE 2 to allow CE 2 to access the network Configure the VPN instance of VPN 1 on PE 1 to allow CE 1 to access the network Configure BGP between PE 1 and CE 1 and between PE 2 and CE 2 to inject route...

Page 1553: ...1 1 1 32 BGP 255 0 1 1 1 9 NULL0 10 2 1 0 24 Direct 0 0 10 2 1 2 Eth1 0 10 2 1 1 32 Direct 0 0 10 2 1 1 Eth1 0 10 2 1 2 32 Direct 0 0 127 0 0 1 InLoop0 100 1 1 1 32 BGP 255 0 1 1 1 9 NULL0 200 1 1 1 3...

Page 1554: ...0 100 10 2 1 0 24 10 2 1 2 0 0 100 10 2 1 1 32 10 2 1 2 0 0 100 100 1 1 1 32 10 2 1 2 0 100 100 CE2 display ip routing table Routing Tables Public Destinations 9 Routes 9 Destination Mask Proto Pre Co...

Page 1555: ...MPLS L3VPN Configuration Example 1555 5 packet s received 0 00 packet loss round trip min avg max 66 79 109 ms...

Page 1556: ...1556 CHAPTER 79 MPLS L3VPN CONFIGURATION...

Page 1557: ...Branch devices dynamically access the public network VPN address management VAM is a major protocol used in the DVPN solution It collects maintains and distributes dynamic information to help set up...

Page 1558: ...pplication layer of the TCP IP protocol stack DVPN uses UDP as its transport layer protocol A DVPN consists of one server and multiple clients The public address of the server in a DVPN must be static...

Page 1559: ...rties negotiate to determine whether VAM protocol packets should be secured If so they negotiate about the encryption and integrity validation algorithms generate the keys and acknowledge the negotiat...

Page 1560: ...process 1 The initiator originates a tunnel establishment request Spoke Hub tunnel After a Spoke registers itself successfully it needs to establish a permanent tunnel with each Hub in the VPN Upon r...

Page 1561: ...ynamic IP address AAA identity authentication of VAM clients on the VAM server After the initialization process completes a VAM client must register with the VAM server during which the client must pa...

Page 1562: ...figure the VAM server perform the tasks described in the following sections Creating a VPN Domain Follow these steps to create a VPN domain Task Remarks Configure the DVPN server Configuring AAA on pa...

Page 1563: ...est priority against the algorithm list of the client If a match is found the algorithm is used Otherwise the server compares its algorithm ranking next by priority against the algorithm list of the c...

Page 1564: ...b to the other clients If you configure both the public and private addresses of the Hub on the server the server considers a Hub valid only when both the public and private addresses that the Hub reg...

Page 1565: ...ers n All clients in a VPN have the same keepalive settings but if you change the keepalive settings of the server the new settings are sent to only clients that register later all clients registering...

Page 1566: ...1566 Required Specifying an Interval for Resending a VAM Packet on page 1566 Optional Specifying the Primary VAM Server on page 1566 Required Specifying the Secondary VAM Server on page 1567 Optional...

Page 1567: ...hared key is used to generate the public keys for security of the channels between the server and a client Follow these steps to specify the pre shared key of the VAM client To do Use the command Rema...

Page 1568: ...rofile Follow the following steps to configure an IPSec profile Enter VAM client view vam client name client name Specify the pre shared key of the VAM client pre shared key cipher simple key string R...

Page 1569: ...e Prerequisites You need to specify on the device an IP address for the VLAN interface Ethernet interface or Loopback interface which will act as the source interface of the tunnel virtual interface t...

Page 1570: ...VAM client otherwise the tunnel interface cannot become up The client to be bound must exist and is not bound to any other tunnel interface No VAM client is bound to the DVPN tunnel interface by defa...

Page 1571: ...Networks Network requirements In the full mesh networks the primary VAM server main and the secondary VAM server backup manage and maintain information about the nodes The AAA server takes charge of...

Page 1572: ...at with domain MainServer radius radsun quit Apply the RADIUS scheme in domain 1 Device Interface IP address Device Interface IP address Hub 1 Eth1 0 192 168 1 1 24 Spoke 1 Eth1 0 192 168 1 3 24 Tunne...

Page 1573: ...n 1 quit Create VPN domain 2 MainServer vam server vpn 2 Set the pre shared key to 456 MainServer vam server vpn 2 pre shared key simple 456 Enable PAP authentication for VAM clients MainServer vam se...

Page 1574: ...password to dvpn2hub2 Hub1 vam client name dvpn2hub1 user dvpn2hub1 password simple dvpn2hub1 Hub1 vam client name dvpn2hub1 client enable Hub1 vam client name dvpn2hub1 quit Configure the IPSec profi...

Page 1575: ...rea 0 0 0 0 network 10 0 2 1 0 0 0 255 Hub1 ospf 300 area 0 0 0 0 quit 4 Configure Hub 2 Configure IP addresses for the interfaces omitted Configure the VAM clients Hub2 system view Create a VAM clien...

Page 1576: ...vam Hub2 ike peer vam pre shared key abcde Hub2 ike peer vam quit Configure the IPSec profile Hub2 ipsec profile vamp Hub2 ipsec profile vamp proposal vam Hub2 ipsec profile vamp ike peer vam Hub2 ip...

Page 1577: ...Spoke1 vam client name dvpn1spoke1 server secondary ip address 192 168 1 33 Spoke1 vam client name dvpn1spoke1 pre shared key simple 123 Create a local user setting the user name to dvpn1spoke1 and th...

Page 1578: ...vpn 1 Specify the IP addresses of the VAM servers and set the pre shared key Spoke2 vam client name dvpn1spoke2 server primary ip address 192 168 1 22 Spoke2 vam client name dvpn1spoke2 server seconda...

Page 1579: ...1 for VPN 1 Spoke2 interface tunnel 1 Spoke2 Tunnel1 tunnel protocol dvpn udp Spoke2 Tunnel1 vam client dvpn1spoke2 Spoke2 Tunnel1 ip address 10 0 1 4 255 255 255 0 Spoke2 Tunnel1 source ethernet 1 0...

Page 1580: ...e dvpn2spoke3 Spoke3 vam client name dvpn2spoke3 client enable Spoke3 vam client name dvpn2spoke3 quit Configure the IPSec profile Configure the IPSec proposal Spoke3 ipsec proposal vam Spoke3 ipsec p...

Page 1581: ...0 0 0 network 10 0 2 3 0 0 0 255 Spoke3 ospf 200 area 0 0 0 0 quit DVPN Configuration Example for Spoke Hub Networks Network requirements In the Spoke Hub networks data is forwarded along spoke hub t...

Page 1582: ...radius radsun user name format with domain MainServer radius radsun quit Configure the AAA scheme of the ISP domain MainServer domain domain1 MainServer isp domain1 authentication default radius schem...

Page 1583: ...primary VAM server on page 1582 3 Configure Hub 1 Configure the IP addresses of the interfaces Omitted Configure the VAM clients Hub1 system view Create a VAM client named dvpn1hub1 for VPN 1 Hub1 va...

Page 1584: ...2 168 1 1 0 0 0 255 Hub1 ospf 100 area 0 0 0 0 quit Configure OSPF for the private network Hub1 ospf 200 Hub1 ospf 200 area 0 Hub1 ospf 200 area 0 0 0 0 network 10 0 1 1 0 0 0 255 Hub1 ospf 200 area 0...

Page 1585: ...0 1 2 255 255 255 0 Hub2 Tunnel1 source ethernet 1 0 Hub2 Tunnel1 ospf network type p2mp Hub2 Tunnel1 ipsec profile vamp Hub2 Tunnel1 quit Configure OSPF Configure OSPF for the public network Hub2 os...

Page 1586: ...m Spoke1 ipsec profile vamp ike peer vam Spoke1 ipsec profile vamp sa duration time based 600 Spoke1 ipsec profile vamp pfs dh group2 Configure the DVPN tunnel Configure tunnel interface Tunnel 1 for...

Page 1587: ...hentication algorithm sha1 Spoke2 ipsec proposal vam quit Configure the IKE peer Spoke2 ike peer vam Spoke2 ike peer vam pre shared key abcde Spoke2 ike peer vam quit Configure the IPSec profile Spoke...

Page 1588: ...1588 CHAPTER 80 DVPN CONFIGURATION...

Page 1589: ...otocol of virtual private network VPN A tunnel is a virtual point to point connection for transferring encapsulated packets Packets are encapsulated at one end of the tunnel and decapsulated at the ot...

Page 1590: ...nd routed Passenger protocol Protocol that the payload packet uses IPX in the example Encapsulation or carrier protocol Protocol used to encapsulate the payload packet that is GRE Delivery or transpor...

Page 1591: ...ope enlargement of the network running a hop limited protocol on page 1592 VPN creation by connecting discontinuous subnets on page 1592 GRE IPSec tunnel application on page 1592 Multi protocol commun...

Page 1592: ...Figure 442 Group 1 and Group 2 running Novell IPX are deployed in different cities They can constitute a trans WAN virtual private network VPN through the tunnel GRE IPSec tunnel application Figure 4...

Page 1593: ...figured with the same tunnel mode Otherwise packet delivery will fail Configure the source address or interface for the tunnel interface source ip address interface type interface number Required By d...

Page 1594: ...t does not check the checksum of a received packet Contrarily if the checksum function is enabled at the remote end but not at the local end the local end checks the checksum of a received packet but...

Page 1595: ...e to GRE over IPv6 tunnel protocol gre ipv6 Required GRE over IPv4 by default Note that both ends of a tunnel must be configured with the same tunnel mode Otherwise packet delivery will fail Configure...

Page 1596: ...remote end Or you can enable the dynamic routing protocol on both the tunnel interface and the router interface connecting the private network so that the dynamic routing protocol can establish a rou...

Page 1597: ...al 2 0 RouterA Tunnel0 source 1 1 1 1 Configure the destination address of interface Tunnel0 to be the IP address of Serial 2 1 on Router B RouterA Tunnel0 destination 2 2 2 2 RouterA Tunnel0 quit Con...

Page 1598: ...6 Tunnel Configuration Example Network requirements Two IPv4 subnets Group 1 and Group 2 are interconnected through a GRE tunnel over the IPv6 network between Router A and Router B Network diagram Fig...

Page 1599: ...face Tunnel0 to be the IP address of interface Serial 2 1 on Router B RouterA Tunnel0 destination 2002 2 1 RouterA Tunnel0 quit Configure a static route from Router A through interface Tunnel0 to Grou...

Page 1600: ...nsistent Most faults can be pinpointed by using the debugging gre or debugging tunnel command This section analyzes only one type of fault as shown in Figure 446 Figure 446 Troubleshoot GRE Symptom Th...

Page 1601: ...ted virtual tunnel over public networks while other users on the public networks cannot A VPDN tunnel can be set up in two ways The network access server NAS directly connects users to an enterprise g...

Page 1602: ...combining the best features of L2F and PPTP L2TP becomes the Layer 2 tunneling industry standard defined by the Internet Engineering Task Force IETF Typical application Figure 447 shows a typical VPD...

Page 1603: ...le port which is unnecessarily 1701 too to return a packet to the specified port of the initiator From then on the two parties use the negotiated ports to communicate until the tunnel is disconnected...

Page 1604: ...er not the sender Two typical L2TP tunnel modes Figure 450 shows two typical tunnel modes Tunnel between a remote system and the LNS Tunnel between an LAC client and the LNS Figure 450 Two typical L2T...

Page 1605: ...S server for authentication 5 The LAC RADIUS server authenticates the user 6 If the user passes authentication the LAC initiates a tunneling request to the LNS IP network IP network WAN PSTN ISDN Host...

Page 1606: ...does not provide security for connections However it has all the security features of PPP for it allows for PPP authentication CHAP or PAP L2TP can also cooperate with IPSec to guarantee data securit...

Page 1607: ...cation on page 1611 Optional Specifying to perform LCP Negotiation with Users on page 1612 Optional Configuring the Local Address and the Address Pool for Allocation on page 1613 Optional Configuring...

Page 1608: ...only if tunnel authentication is enabled on the other side and the two sides are configured with the same password that is not null You are recommended to enable tunnel authentication for tunnel secu...

Page 1609: ...mation about AAA configuration commands refer to Configuring AAA on page 1761 Follow these steps to configure the local AAA scheme and the users and passwords c CAUTION For successful authentication o...

Page 1610: ...om an LAC an LNS checks whether the LAC name is the valid remote tunnel name and then determines whether to allow for setting up a tunnel If the L2TP group number is 1 allow l2tp virtual template virt...

Page 1611: ...ntication for tunnel security You can change the password for tunnel authentication but your change takes effect for only tunnels established later To check the connectivity of a tunnel the LAC and th...

Page 1612: ...thentication If the LNS uses proxy authentication and the authentication method configured on the virtual interface template is CHAP but the authentication method on the LAC is PAP the authentication...

Page 1613: ...ool To do Use the command Remarks Enter system view system view Enable L2TP l2tp enable Required Disabled by default Create an L2TP group and enter its view l2tp group group number Required By default...

Page 1614: ...trol Messages According to RFC2661 the ACCM AVP is for the LNS to notify the LAC of the ACCM negotiated with the PPP peer In practice different LAC manufacturers implement different support for ACCM T...

Page 1615: ...r as the username Hello as the password and 170 as the access number After dialing the access number and bringing up the dial up terminal window enter username as the username and userpass as the pass...

Page 1616: ...assword must match those configured on the client LNS system view LNS local user vpdnuser LNS luser vpdnuser password simple Hello LNS luser vpdnuser service type ppp LNS luser vpdnuser quit Configure...

Page 1617: ...en perform the following configurations the configuration procedure depends on the client software Specify the VPN username as vpdnuser and the password as Hello Set the Internet interface address of...

Page 1618: ...emplate for receiving calls LNS l2tp group 1 LNS l2tp1 allow l2tp virtual template 1 Enable tunnel authentication and specify the tunnel authentication password LNS l2tp1 tunnel authentication LNS l2t...

Page 1619: ...o the tunnel is 1 1 2 2 Create two local users set the passwords and enable PPP service LAC system view LAC local user vpdn1 LAC luser vpdn1 password simple 11111 LAC luser vpdn1 service type ppp LAC...

Page 1620: ...tp2 tunnel password simple 12345 LAC l2tp2 quit LAC l2tp group 1 LAC l2tp1 tunnel authentication LAC l2tp1 tunnel password simple 12345 3 Configure the LNS LNS system view LNS l2tp enable Create two l...

Page 1621: ...nel password simple 12345 If the RADIUS authentication is required on the LNS modifying the AAA configurations as needed For AAA configuration details refer to Configuring AAA on page 1761 Complicated...

Page 1622: ...nfigured The authentication type is inconsistent For example if the default authentication type for a VPN connection created on Windows 2000 is Microsoft Challenge Handshake Authentication Protocol MS...

Page 1623: ...ork core requirements during packet forwarding process such as delay jitter and packet loss ratio Traditional Packets Forwarding Application On traditional IP networks the devices treat all packets id...

Page 1624: ...g packets forwarding are required other than simply delivering the packets to their destination such as providing user specific bandwidth reducing packet loss ratio avoiding congestion regulating netw...

Page 1625: ...by congestion A more effective method to solve the problem of QoS is to enhance the functions of traffic control and resource allocation in the network and to provide differentiated services for appli...

Page 1626: ...se actively take the policy of dropping packets through adjusting traffic to resolve the overloading of the network Among those traffic management technologies traffic classification is the basis It i...

Page 1627: ...network segment In general while packets being classified on the network border the precedence bits in the ToS byte of IP header are set so that IP precedence can be used as a direct packet classifica...

Page 1628: ...ssigned resources in certain time interval so as to prevent the network congestion caused by excess burst Traffic policing and traffic shaping is a traffic monitoring policy to restrict the traffic an...

Page 1629: ...mum traffic size of every burst Generally it is set as CBS Committed Burst Size and the bursting size must be greater than the maximum packets size A new evaluation will be made when a new packet arri...

Page 1630: ...service for the policed traffics and depending upon the different evaluation results it will implement the pre configured policing actions which are described as the following Forwarding the packet w...

Page 1631: ...ffer or queues and send them Thus all the packets sent to Router B accord with the traffic regulation of Router B Line Rate on Physical Port On a physical interface you can enforce line rates below th...

Page 1632: ...ffic policing and traffic shaping Configuring Traffic Policing The traffic policing configuration is divided into two tasks one is to define the characters of the packets that need traffic policing th...

Page 1633: ...outbound carl carl index cir committed information rate cbs committed burst size ebs excess burst size green action red action Required cbs is the traffic passed at CIR in 500 milliseconds by default...

Page 1634: ...se the command Remarks Enter system view system view Enter interface view or port group view Enter interface view interface interface type interface number Use either command Configured in interface v...

Page 1635: ...r egress interface Configuration example for traffic policing Configure TP on the interface Ethernet1 0 to perform traffic control on the traffic transmitted on the interface Ethernet1 0 The traffic s...

Page 1636: ...ken as the default value ebs is 0 by default queue length is 50 by default Display the GTS information on each interface display qos gts interface interface type interface number Optional The display...

Page 1637: ...type interface number Optional The display command can be executed in any view To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter interface view or port gr...

Page 1638: ...s is not supported on the module and cbs defaults to 4096 bytes Enter port group view port group aggregation agg id Configure port group LR qos lr inbound outbound cir committed information rate cbs c...

Page 1639: ...riction the preference of the ultra long packet will be set to 0 before transmission The restriction on the traffic from Host A is 8000 bps Traffic within this restriction is transmitted normally When...

Page 1640: ...source 1 1 1 2 0 RouterA acl basic 2002 quit Configure TP on the interface Ethernet1 1 to perform the corresponding traffic control on the different traffics received by the interface Ethernet1 1 Rou...

Page 1641: ...f the rules in the class Traffic behaviors A traffic behavior is used to define QoS features for them Traffic behaviors include name of traffic behaviors and actions defined in a traffic behavior User...

Page 1642: ...h match criteria command to define a class as needed gts Traffic filtering Users use the if match match criteria command to define a class as needed filter Traffic redirection Users use the if match m...

Page 1643: ...c classifier test_class Configure classification rule Sysname classifier test_class if match ip precedence 6 Defining Traffic Behavior To define a traffic behavior you should first create a traffic be...

Page 1644: ...y permit Configure traffic shaping action gts cir committed information rate cbs committed burst size ebs excess burst size queue length queue length Configure traffic redirection action redirect cpu...

Page 1645: ...rks Enter system view system view Define the policy and enter the policy view qos policy policy name Required Specify the traffic behavior for the class in the policy classifier tcl name behavior beha...

Page 1646: ...hernet1 0 2 Configuration procedure Enter system view Sysname system view Define a policy and enter policy view Sysname qos policy test_policy Specify the traffic behavior for the class Sysname qospol...

Page 1647: ...configuration information of specified class of specified policy and behavior associated with these classes display qos policy system defined user defined policy name classifier tcl name Display polic...

Page 1648: ...1648 CHAPTER 85 QOS POLICY CONFIGURATION...

Page 1649: ...lgorithm and then it will send out them with a certain preference algorithm Each queuing algorithm is used to handle a particular network traffic problem and has great impacts on bandwidth resource as...

Page 1650: ...ddle normal and bottom in descending order By default the data flow enters the normal queue During queues dispatching PQ strictly comply with the priority sequence from high to low and it will send pa...

Page 1651: ...from No 1 16 user queues under the bandwidth occupying proportion set in advance are sent out In this way packets of different application can be assigned with different bandwidth Therefore it will n...

Page 1652: ...ery traffic will be reduced on the whole Compared with FQ WFQ considers priority in addition when calculating the dispatching sequence of packets Statistically with WFQ high priority traffic takes pri...

Page 1653: ...atency Queuing LLQ which strictly provides preferential services for voice packets and other delay sensitive data streams LLQ combines SP mechanism with CBQ The user can set a class to use SP service...

Page 1654: ...vailable on the device Breaking through the single congestion management policy of FIFO for traditional IP equipment they provide strong QoS ability which meets the demands of different service qualit...

Page 1655: ...rding to packets with different applications If packets of certain classes do not exist it can increase the bandwidth for existing packets Need to be configured low processing speed WFQ Configurable E...

Page 1656: ...r the AF service and ensuring that the queue dispatching is performed according to a certain weight proportion among various AF services Capable of providing absolutely preferential queue dispatching...

Page 1657: ...steps to configure PQ n Except for interfaces encapsulated with X 25 all physical interfaces can use PQ To do Use the command Remarks Enter system view system view Configure priority list qos pql pql...

Page 1658: ...respectively RouterA acl number 2001 RouterA acl basic 2001 rule permit source 1 1 1 1 0 0 0 0 RouterA acl number 2002 RouterA acl basic 2002 rule permit source 1 1 1 2 0 0 0 0 Configure the priority...

Page 1659: ...eue key key value queue queue number or qos cql cql index inbound interface interface type interface number queue queue number Optional Select custom queuing list configuration commands upon your requ...

Page 1660: ...ply WFQ at the interface Serial1 0 set the queue length to 100 and set the total queue number to 512 Configuration procedure Enter system view Sysname system view Enter interface view Sysname interfac...

Page 1661: ...ased pre defined class ef af1 af2 af3 af4 matching IP DSCP values of ef af1 af2 af3 af4 respectively 3 IP priority based pre defined class ip prec0 ip prec1 ip prec7 matching IP priorities of 0 1 and...

Page 1662: ...n It is recommended that the maximum available bandwidth be smaller than the actual available bandwidth of physical interface or logical link Modification of the maximum available bandwidth may trigge...

Page 1663: ...e classifier test if match ip precedence 6 Sysname classifier test Defining Traffic Behavior To define a traffic behavior you should first create a traffic behavior name and then configure attributes...

Page 1664: ...the command Remarks Enter system view system view Define a traffic behavior and enter traffic behavior view traffic behavior behavior name Required behavior name Name of the traffic behavior It is not...

Page 1665: ...avior view traffic behavior behavior name Required behavior name Name of the traffic behavior It is not allowed to pre define traffic behavior for the system Configure WFQ queue wfq queue number total...

Page 1666: ...c behavior behavior name Required behavior name Name of the traffic behavior It is not allowed to pre define traffic behavior for the system Configure the drop type to be random drop wred dscp ip prec...

Page 1667: ...bility of WRED IP precedence To do Use the command Remarks Enter system view system view Define a traffic behavior and enter traffic behavior view traffic behavior behavior name Required behavior name...

Page 1668: ...name traffic behavior test Configure classification rule Sysname behavior test queue af bandwidth 200 Sysname behavior test Defining Policy The corresponding relationship between the classes and traff...

Page 1669: ...behavior associated with these classes display qos policy system defined user defined policy name classifier tcl name Optional The display command can be executed in any view To do Use the command Re...

Page 1670: ...rface meet the requirement of the policy configured with queue features Configuration example 1 Network requirement Configure a policy test and in the policy specify the traffic behavior for the data...

Page 1671: ...ackets with their DSCP domain respectively being AF11 AF21 and EF RouterA traffic classifier af11_class RouterA classifier af11_class if match dscp af11 RouterA classifier af11_class quit RouterA traf...

Page 1672: ...s in any view to display the running of the CBQ configuration and to verify the effect of the configuration Follow these steps to display and maintain CBQ Configuring RTP Priority Queuing Configuring...

Page 1673: ...7 The RTP packets use 64 kbps bandwidth If network convergence happens the packets will enter RTP priority queue Sysname serial2 0 qos rtpq start port 16384 end port 32767 bandwidth 64 Token Function...

Page 1674: ...QoS Token n After you configure this command on an interface you must perform shutdown and undo shutdown on the interface to have the function take effect So far this command is supported only by ser...

Page 1675: ...t mode can be configured as required The packet priority mapping process on the router is shown in Figure 471 Figure 471 Priority mapping process when the port priority trust mode is supported The rou...

Page 1676: ...ity Mapping Table The priority mapping table in the router can be modified as required Follow these steps to configure priority mapping table 1 Enter priority mapping table view 2 Configure mapping ta...

Page 1677: ...cified dot1p lp mapping relationship Configuration procedure Enter system view Router system view Enter dot1p lp priority mapping table view Router qos map table dot1p lp Modify do1p lp mapping table...

Page 1678: ...ocess on the device supporting configuration of port priority trust mode The port priority trust mode can be configured only on the Layer 2 port Users can select to trust the 802 1p priority to map pr...

Page 1679: ...Follow these steps to display and maintain priority mapping To do Use the command Remarks Enter system view system view Enter interface view or port group view Enter Layer 2 port view interface interf...

Page 1680: ...of packet Use the user defied mapping relationship as the mapping relationship as shown in the following table Network diagram Figure 472 Network diagram of priority trust mode Display port priority t...

Page 1681: ...er Ethernet1 1 quit Configure Ethernet 1 2 to trust 802 1p priority Router interface ethernet 1 2 Router Ethernet1 2 qos trust dot1p Router Ethernet1 2 quit Configure Ethernet 1 3 to trust 802 1p prio...

Page 1682: ...1 1 Router Ethernet1 1 qos priority 1 Router Ethernet1 1 quit Configure port priority for Ethernet 1 2 Router interface ethernet 1 2 Router Ethernet1 2 qos priority 3 Router Ethernet1 2 quit Configur...

Page 1683: ...Traditional policy of dropping packets adopts the Tail Drop method When the amount of packets in a queue reaches a certain maximum value all newly arrived packets will be dropped This kind of droppin...

Page 1684: ...es the average queue and maximum minimum limitations comparison to determine the dropping probability The average queue length is the result of low pass filtering of queue length The average queue len...

Page 1685: ...he interface This configuration applies only to layer 2 interface cards having 16 or 24 interfaces WRED Parameters Pre define the parameters below before configuring WRED Maximum limitation and minimu...

Page 1686: ...limit to 40 and drop precedence to 15 Set exponent for calculating average queue length to 6 Configuration procedure Enter system view Sysname system view To do Use the command Remarks Enter system v...

Page 1687: ...s the packets belong to when congestion occurs The queue based WRED table can be applied only on Layer 2 port on which the queue based WRED table can be applied only One table can be applied on multip...

Page 1688: ...rnet 1 0 Apply WRED table on the interface Sysname Ethernet1 0 qos wred apply queue table1 Enter interface view or port group view Enter interface view interface interface type interface number Use ei...

Page 1689: ...s The TOS field in an IP packet is directly changed into the EXP field in an MPLS label when an MPLS label is encapsulated into an IP packet Any forwarding device can re assign a value to the EXP fiel...

Page 1690: ...to be 5 Apply priority list 10 on the interface Ethernet1 0 Follow the steps below to perform configuration Sysname system view Sysname qos pql 10 protocol mpls exp 5 queue top Sysname interface Gigab...

Page 1691: ...nfiguration procedure Follow these steps to configure MPLS QoS policy Configure CQL according to MPLS EXP value qos cql cql index protocol mpls exp exp value queue queue Required Enter interface view...

Page 1692: ...outer P identify traffics according to their EXP domain value and configure traffic specific CBQs EXP1 traffics with 10 bandwidth EXP2 traffics with 20 bandwidth EXP3 traffics with 30 bandwidth and EX...

Page 1693: ...classifier af31 PE1 classifier af31 if match dscp af31 PE1 classifier af31 traffic classifier efclass PE1 classifier efclass if match dscp ef PE1 classifier efclass quit Define four traffic behaviors...

Page 1694: ...h the MPLS packets with EXP values being 1 2 3 and 4 P system view P traffic classifier EXP1 P classifier EXP1 if match mpls exp 1 P classifier EXP1 traffic classifier EXP2 P classifier EXP2 if match...

Page 1695: ...P qospolicy QUEUE classifier EXP4 behavior EF P qospolicy QUEUE quit Apply the QoS policy on the outbound direction of the interface Serial 2 2 P interface serial 2 2 P Serial2 2 qos apply policy QUEU...

Page 1696: ...1696 CHAPTER 89 MPLS QOS CONFIGURATION...

Page 1697: ...based protocols This complements the disadvantage that the packets can only be classified in a simple way previously DAR recognizes different protocols in the following ways Protocols such as HTTP FT...

Page 1698: ...m Corresponding protocols of protocol domain values in the IP datagram IP fragmentation format See Figure 477 for the 3 bit Flag structure of IP datagram Figure 477 3 bit Flag In which the later 2 bit...

Page 1699: ...re 478 for the TCP packet format Figure 478 TCP packet format See the following table for the description of the 6 flag bits in the TCP header Description on the 6 flag bits in the TCP header TCP stat...

Page 1700: ...or dynamic The interaction between static protocols uses fixed port number while the interaction between dynamic protocols uses the port number negotiated during the interaction process HTTP Packet Th...

Page 1701: ...ies only one RTP packet See Figure 482 for RTP packet format Figure 482 RTP packet format The fields are described as follows V 2 bits version number P 1 bit padding flag X 1 bit packet header extensi...

Page 1702: ...V 2 bits version number P 1 bit padding flag RC 5 bits the number of receiving report blocks in the RTCP packet PT 8 bits RTCP packet type flag it is 200 for the SR type RTCP packet length 16 bits len...

Page 1703: ...2727 Napster TCP 6699 8875 8888 7777 6700 6666 6677 6688 4444 5555 NetBIOS TCP 137 138 139 NetBIOS UDP 137 138 139 Netshow TCP 1755 NFS TCP UDP 2049 NNTP TCP UDP 119 Notes TCP UDP 1352 Novadign TCP UD...

Page 1704: ...Sunrpc TCP UDP 111 Syslog UDP 514 Telnet TCP 23 Tftp UDP 69 Vdolive TCP 7000 Winmx TCP 6699 X Windows TCP 6000 6003 Protocol name Protocol type Port number To do Use the command Remarks Enter system v...

Page 1705: ...kes effect Configuring Port Number of DAR Application Protocol The system pre defines large number of protocols and port numbers for their use The protocols include some known protocols and 10 user de...

Page 1706: ...le by DAR Displaying and Maintaining DAR After the about mentioned configuration you can use the display command in any view to view the DAR running information so as to verify configuration result Ex...

Page 1707: ...r classsample quit Apply the BT matching rules to a policy Router qos policy policysample Router qospolicy policysample classifier classsample behavior 1 Router qospolicy policysample quit Apply the p...

Page 1708: ...1708 CHAPTER 90 DAR CONFIGURATION...

Page 1709: ...ore the Frame Relay QoS can provide more flexible quality services for users Figure 486 Frame Relay QoS application n For detailed information on Frame Relay refer to Frame Relay Configuration on page...

Page 1710: ...o the Frame Relay network and thereby resulting in the congestion that prevents the data from normal transmitting If the Frame Relay traffic shaping is applied on the egress interface Serial 2 0 on Ro...

Page 1711: ...e of some type of packets Tokens are in the unit of bit Following are the meanings of the FR protocol provisioned parameters when they are applied in the FRTS implementation The sum of CBS and EBS equ...

Page 1712: ...given Tc 20 ms and CIR 64000 bps only 1280 bits 0 02 64000 bits of tokens can be put into the token bucket within each Tc Therefore to send an 800 byte packet the device needs to add tokens for five t...

Page 1713: ...e on a device It can monitor the traffic transmitted from the DTE side When the traffic size is smaller than CBS the packets can be normally transmitted and the device will not process the packets Whe...

Page 1714: ...the Frame Relay interface queue Frame Relay PVC queues may be defined without Frame Relay traffic shaping is enabled but it will only be functional after the traffic shaping is enabled Their relations...

Page 1715: ...marked with the DE flag bit 1 will be discarded As for the forward packets to be forwarded the device will set the FECN flag bit in the Frame Relay packet headers to 1 As for the backward packets on t...

Page 1716: ...rch for the corresponding Frame Relay class in the following sequence 1 Use the Frame Relay class associated with the Frame Relay PVC 2 Use the Frame Relay class of the Frame Relay main interface to w...

Page 1717: ...class name Associate a Frame Relay class with a Frame Relay PVC Enter Frame Relay interface view interface interface type interface number Enter FR PVC view fr dlci dlci Associate a Frame Relay class...

Page 1718: ...CE side on a Frame Relay network The commands cbs ebs and cir allow can be used to set the inbound and outbound parameters on a PVC However only the inbound parameters are valid for the Frame Relay tr...

Page 1719: ...ed on a Frame Relay interface the queuing type on the interface can only be either FIFO or PVC PQ Configuring the congestion management policy on Frame Relay PVC Follow these steps to configure the co...

Page 1720: ...eated Configure a IP protocol based DE rule list fr del list number protocol ip acl acl number fragments greater than bytes less than bytes tcp ports udp ports Enter synchronous interface view interfa...

Page 1721: ...PQ Follow these steps to configure PVC PQ Configuring Frame Relay Fragmentation The system supports end to end fragmentation of FRF 12 developed by Frame Relay Forum On low speed frame relay lines big...

Page 1722: ...verify the effect of the configuration Follow these steps to display and maintain Frame Relay QoS To do Use the command Remarks Enter system view system view Enter Frame Relay class view fr class clas...

Page 1723: ...ority Router system view Router acl number 2001 Router acl basic 2001 rule permit source 10 0 0 0 0 0 255 255 255 Router acl basic 2001 quit Router qos pql 1 protocol ip acl 2001 queue top Create the...

Page 1724: ...test1 cir allow 64000 RouterA fr class test1 cbs 64000 RouterA fr class test1 cir 64000 RouterA fr class test1 fragment 80 RouterA fr class test1 quit Configure the interface Serial 2 0 RouterA inter...

Page 1725: ...packet DSCP For other packets on Router B use WFQ algorithm and apply corresponding WRED policy Network diagram Figure 497 Network diagram for Frame Relay WRED configuration Configuration procedure 1...

Page 1726: ...tor or RouterB classifier af11_31 if match dscp af11 RouterB classifier af11_31 if match dscp af31 RouterB classifier af11_31 quit Define a traffic behavior for AF queue RouterB traffic behavior afwre...

Page 1727: ...lass frclass quit Perform FR related configuration on Serial 2 2 interface RouterB interface serial 2 2 RouterB Serial2 2 link protocol fr RouterB Serial2 2 ip address 192 168 1 2 255 255 255 0 Router...

Page 1728: ...1728 CHAPTER 91 FRAME RELAY QOS CONFIGURATION...

Page 1729: ...es and controls accessing devices at the level of port A device connected to an 802 1x enabled port of an access control device can access the resources on the LAN only after passing authentication To...

Page 1730: ...tity PAE refers to the entity that performs the 802 1x algorithm and protocol operations The authenticator PAE uses the authentication server to authenticate a supplicant trying to access the LAN and...

Page 1731: ...ticator PAE EAP protocol packets are encapsulated by using EAP Encapsulation over LANs and transferred over the LAN Between the authenticator PAE and authentication server EAP protocol packets can be...

Page 1732: ...tion EAP Packet a value of 0x00 Frame for carrying authentication information present between an authenticator system and the authentication server A frame of this type is repackaged and transferred b...

Page 1733: ...of the EAP packet including the Code Identifier Length and Data fields in bytes Data Content of the EAP packet This field is zero or more bytes and its format is determined by the Code field EAP Enca...

Page 1734: ...such as RADIUS so that they can go through complex networks and reach the authentication server Generally EAP relay requires that the RADIUS server support the EAP attributes of EAP Message and Messa...

Page 1735: ...Request packet the RADIUS server compares the identify information against its user information table to obtain the corresponding password information Then it encrypts the password information using...

Page 1736: ...ds handshake requests to the supplicant to check whether the supplicant is still online By default if two consecutive handshake attempts end up with failure the authenticator concludes that the suppli...

Page 1737: ...mer tx period This timer is used in two cases one is when an authenticator retransmits an EAP Request Identity frame and the other is when an authenticator multicasts an EAP Request Identity frame Onc...

Page 1738: ...the same physical port Supporting two authentication methods portbased and macbased With the portbased method after the first user of a port passes authentication all other users of the port can acces...

Page 1739: ...tion the port leaves the guest VLAN and the supplicant can access other network resources A user of the guest VLAN can perform operations such as downloading and upgrading the authentication client so...

Page 1740: ...n page 1769 Configuring 802 1x Globally Follow these steps to configure 802 1x globally To do Use the command Remarks Enter system view system view Enable 802 1x globally dot1x Required Disabled by de...

Page 1741: ...enable 802 1x for a port Configuring 802 1x parameters for a port Follow these steps to configure 802 1x parameters for a port Set timers dot1x timer handshake period handshake period value quiet peri...

Page 1742: ...e 802 1x user information in the EAP attributes of RADIUS packets and sends the packets to the RADIUS server for authentication In this case you can configure the user name format command but it does...

Page 1743: ...st VLAN But different ports can have different guest VLANs The guest VLAN takes effect only when the port access control method is set to portbased If the port access control method is macbased the gu...

Page 1744: ...e router to try up to five times at an interval of 5 seconds in transmitting a packet to the RADIUS server until it receives a response from the server and to send real time accounting packets to the...

Page 1745: ...e radius radius1 secondary accounting 10 1 1 1 Specify the shared key for the router to exchange packets with the authentication server Sysname radius radius1 key authentication name Specify the share...

Page 1746: ...the default domain Sysname domain default enable aabbcc net Enable 802 1x globally Sysname system view Sysname dot1x Enable 802 1x for port Ethernet 1 1 Sysname interface ethernet 1 1 Sysname Ethernet...

Page 1747: ...work diagram for guest VLAN configuration Figure 509 Network diagram with VLAN10 as the guest VLAN Internet Update server Authenticator server Supplicant VLAN 10 Eth1 0 VLAN 1 Eth1 1 VLAN 5 Eth1 2 VLA...

Page 1748: ...use RADIUS scheme 2000 for users of the domain Sysname domaim system Sysname isp system authentication default radius scheme 2000 Sysname isp system authorization default radius scheme 2000 Sysname i...

Page 1749: ...x guest vlan 10 interface ethernet 1 1 You can use the display current configuration or display interface ethernet 1 1 command to view your configuration You can also use the display vlan 10 command i...

Page 1750: ...1750 CHAPTER 92 802 1X CONFIGURATION...

Page 1751: ...on to RADIUS on page 1753 Introduction to HWTACACS on page 1757 Introduction to AAA Authentication authorization and accounting AAA provides a uniform framework for configuring these three security fu...

Page 1752: ...ing the number of local user connections and collecting statistics on number of users it does not provide statistics on the charges of users Note that the controlling of the local user connections doe...

Page 1753: ...d throughout the network In the client server model of RADIUS the client a device passes user information to the designated RADIUS server and acts on the response of the server such as connecting disc...

Page 1754: ...d authentication result If it accepts the user it sends an accounting start request Accounting Request to the RADIUS server with the value of Status Type being start 5 The RADIUS server returns a star...

Page 1755: ...Main values of the Code field Code Packet type Description 1 Access Request From the client to the server A packet of this type carries user information for the server to authenticate the user It must...

Page 1756: ...ide Figure 514 illustrates a segment of a RADIUS packet containing an extended attribute The four byte field Vendor ID indicates the ID of the vendor Its highest byte is 0 and the other three bytes co...

Page 1757: ...ice for operations Working as the HWTACACS client the device sends the username and password to the HWTACACS server for authentication After passing authentication and being authorized the user can lo...

Page 1758: ...lication Basic message exchange process of HWTACACS The following takes Telnet user as an example to describe how HWTACACS performs user authentication authorization and accounting Figure 516 illustra...

Page 1759: ...or the login password 5 After receiving the login password the HWTACACS client sends to the HWTACACS server an authentication continuance packet carrying the login password U ser H W TAC AC S cl i ent...

Page 1760: ...AAA RADIUS HWTAC ACS Configuration Task List AAA configuration task list RADIUS configuration task list Task Remarks Creating an ISP Domain on page 1761 Required Configuring ISP Domain Attributes on...

Page 1761: ...For HWTACACS scheme configuration refer to Configuring HWTACACS on page 1777 Creating an ISP Domain For the NAS each accessing user belongs to an ISP domain Up to 16 ISP domains can be configured on...

Page 1762: ...To do Use the command Remarks Enter system view system view Create an ISP domain and enter ISP domain view domain isp name Required Return to system view quit Specify the default ISP domain domain def...

Page 1763: ...ate an ISP domain and enter ISP domain view domain isp name Required Specify the default authentication scheme for all types of users authentication default hwtacacs scheme hwtacacs scheme name local...

Page 1764: ...iguration is optional in AAA configuration If you do not perform any authorization configuration the system default domain uses the local authorization scheme With the authorization scheme of none the...

Page 1765: ...or all types of users authorization default hwtacacs scheme hwtacacs scheme name local local none radius scheme radius scheme name local Optional local by default Specify the authorization scheme for...

Page 1766: ...and service type limiting the accounting protocols that can be used for access 3 Determine whether to configure an accounting scheme for all access modes or service types Follow these steps to config...

Page 1767: ...hentication you must create a local user and configure the attributes A local user represents a set of users configured on a device which are uniquely identified by the username For a user requesting...

Page 1768: ...r to use the FTP service service type ftp Optional By default no service is authorized to a user and anonymous access to FTP service is not allowed If you authorize a user to use the FTP service the u...

Page 1769: ...red scheme by scheme After creating a RADIUS scheme you need to configure the IP addresses and UDP ports of the RADIUS servers for the scheme The servers include authentication authorization servers a...

Page 1770: ...dius scheme name Optional By default no RADIUS scheme is created To do Use the command Remarks To do Use the command Remarks Enter system view system view Create a RADIUS scheme and enter RADIUS schem...

Page 1771: ...s on FTP users Setting the Shared Key for RADIUS Packets The RADIUS client and RADIUS server use the MD5 algorithm to encrypt packets exchanged between them and a shared key to verify the packets Only...

Page 1772: ...Type Follow these steps to set the supported RADIUS server type n If you change the type of RADIUS server the data stream destined to the original RADIUS server will be restored to the default unit W...

Page 1773: ...te so that the secondary server can perform authentication If the secondary server is still in the blocked state the primary secondary switchover cannot take place If one server is in the active state...

Page 1774: ...unity to obtain the RADIUS service The NAS uses the RADIUS server response timeout timer to control the transmission interval Primary server quiet timer timer quiet If the primary server is not reacha...

Page 1775: ...ximum number of retransmission attempts of RADIUS packets refer to the command retry in the command manual Configuring RADIUS Accounting on With the accounting on function enabled a device sends whene...

Page 1776: ...curity policy server The specified security policy server must be a security policy server or RADIUS server that is correctly configured and working normally Otherwise the device will regard it as an...

Page 1777: ...the command Remarks Enter system view system view Enable the listening port of the RADIUS client radius client enable Optional Enabled by default To do Use the command Remarks Enter system view syste...

Page 1778: ...d The defaults are as follows 0 0 0 0 for the IP address and 49 for the TCP port Configure the IP address and port of the secondary HWTACACS authorization server secondary authorization ip address por...

Page 1779: ...and To do Use the command Remarks Enter system view system view Create a HWTACACS scheme and enter HWTACACS scheme view hwtacacs scheme hwtacacs scheme name Required By default no HWTACACS scheme is c...

Page 1780: ...cheme hwtacacs scheme name Required By default no HWTACACS scheme is created Set the TACACS server response timeout timer timer response timeout seconds Optional 5 seconds by default Set the quiet tim...

Page 1781: ...nses display stop accounting buffer radius scheme radius server name session id session id time range start time stop time user name user name Available in any view Clear RADIUS statistics reset radiu...

Page 1782: ...ormat Network diagram Figure 517 Configure AAA for Telnet users by a RADIUS server Configuration procedure Configure the IP addresses of various interfaces omitted Enable the Telnet server on the rout...

Page 1783: ...ain 1 Router isp 1 authentication default radius scheme rad Router isp 1 authorization default radius scheme rad Router isp 1 accounting default radius scheme rad AAA for FTP Telnet Users by the Devic...

Page 1784: ...cation default local Router isp system authorization default local Router isp system accounting default local A user telnetting into the router can use the user name of userid system for local authent...

Page 1785: ...scheme hwtac Router isp 1 authorization ppp hwtacacs scheme hwtac Router isp 1 accounting ppp hwtacacs scheme hwtac Router isp 1 ip pool 1 200 1 1 1 200 1 1 99 Router isp 1 quit Configure the default...

Page 1786: ...serid isp name format and a default ISP domain is specified on the NAS 3 The user is configured on the RADIUS server 4 The password entered by the user is correct 5 The same shared key is configured o...

Page 1787: ...correct on the NAS For example one server is configured on the NAS to provide all the services of authentication authorization and accounting but in fact the services are provided by different server...

Page 1788: ...1788 CHAPTER 93 AAA RADIUS HWTACACS CONFIGURATION...

Page 1789: ...ed by the firewall even if such an access is initiated by a user within the internal network Presently firewalls on the device mainly perform packet filtering based on the following Access control lis...

Page 1790: ...protocols such as FTP and H 323 some security policy configurations are unpredictable A packet filter firewall alone cannot detect some attracts from the transport layer and application layer such as...

Page 1791: ...ides some mechanisms for you to maintain and use the configuration information of the user defined ports PAM supports two types of port mapping mechanisms general port mapping and basic ACL based host...

Page 1792: ...a user initiates a connection as a result the connection setup would fail After application protocol detection is enabled on the device the ASPF can detect each application layer session and create a...

Page 1793: ...CL for the corresponding protocol 5 The status table and TACL are deleted when the FTP connection is removed The detection process for a single channel protocol such as SMTP and HTTP is relatively sim...

Page 1794: ...esource consumption If exact match is not required you can disable fragments inspection to improve system performance and reduce system overhead 1 Enable the IPv4 fragment inspection function Task Rem...

Page 1795: ...range based filtering will also work at the same time In addition you can specify separate access rules for inbound and outbound packets The effective range for basic ACL numbers is 2000 to 2999 A bas...

Page 1796: ...ng on an interface firewall packet filter acl number name acl name inbound outbound match fragments normally exactly Required IPv4 packets are not filtered by default To do Use the command Remarks Ent...

Page 1797: ...d only specific host on the internal network are permitted to access external networks Assume that the IP address of a specific external user is 20 3 3 3 Network diagram Figure 522 Network diagram for...

Page 1798: ...acl adv 3002 rule permit tcp destination 20 1 1 1 0 destina tion port gt 1024 Router acl adv 3002 rule deny ip Apply ACL 3001 to packets that come in through Ethernet 1 0 Router acl adv 3002 quit Rou...

Page 1799: ...ork from the Internet will be denied Yet the response packet can pass ASPF when internal network users access the Internet To monitor the traffic through an interface you must apply the configured ASP...

Page 1800: ...at all TCP packets using port 8080 sent to the network segment 10 110 0 0 are regarded as HTTP packets The address range of hosts can be specified by means of a basic ACL Follow these steps to configu...

Page 1801: ...irewall function on Router A RouterA system view RouterA firewall enable Configure ACL 3111 to prohibit all IP packets from entering into the internal network The ASPF will create a TACL for packets p...

Page 1802: ...TP and HTTP and set the idle timeout value for the two protocols to 3 000 seconds RouterA aspf policy 1 RouterA aspf policy 1 detect ftp aging time 3000 RouterA aspf policy 1 detect http java blocking...

Page 1803: ...ername or password to be provided during authentication Currently the device supports two MAC authentication modes Remote Authentication Dial In User Service RADIUS based MAC authentication and local...

Page 1804: ...gone offline Once detecting that a user becomes offline the device sends to the RADIUS server a stop accounting notice Quiet timer Whenever a user fails MAC authentication the device does not initiate...

Page 1805: ...hentication globally mac authentication Required Disabled by default Enable MAC authentication for specified ports mac authentication interface interface list Required Disabled by default interface in...

Page 1806: ...access to the Internet All users belong to domain aabbcc net A local user uses aaa as the username and 123456 as the password for authentication Set the offline detect timer to 180 seconds and the qui...

Page 1807: ...n command to verify your configuration Display global MAC authentication information Device display mac authentication MAC address authentication is Enabled User name format is fixed account Fixed use...

Page 1808: ...ice radius 2000 key accounting abc Device radius 2000 user name format without domain Device radius 2000 quit Configure an AAA scheme for ISP domain 2000 Device domain 2000 Device isp 2000 authenticat...

Page 1809: ...tication is Enabled User name format is fixed account Fixed username aaa Fixed password 123456 Offline detect period is 180s Quiet period is 60s Server response timeout value is 100s The max allowed u...

Page 1810: ...1810 CHAPTER 95 MAC AUTHENTICATION CONFIGURATION...

Page 1811: ...private network users to access public networks This way of using a smaller number of public IP addresses to represent a larger number of private IP addresses can effectively alleviate the depletion o...

Page 1812: ...nd is unaware of the private address 192 168 1 3 As such NAT hides the private network from the external networks Despite the advantage of allowing internal hosts to access external resources and prov...

Page 1813: ...ined based on the statistics on the number of the hosts that might access external networks during peak time In practice an enterprise may need to allow some internal hosts to access external networks...

Page 1814: ...an external user accesses an internal server NAT translates the destination address in the request packet to the private IP address of the internal server When the internal server returns a packet NAT...

Page 1815: ...can also apply to internal servers so that external users can access an internal host of an MPLS VPN For example in MPLS VPN1 the host that provides WWW service has an internal address 10 110 1 1 The...

Page 1816: ...ackets can be translated directly according to this mapping entry For details about ACL refer to Configuring ACLs on page 1881 The configuration for different forms of address translation varies somew...

Page 1817: ...interface interface type interface number Enable Easy IP by associating the ACL with the interface IP address nat outbound acl number Required To do Use the command Remarks Enter system view system vi...

Page 1818: ...ay during the IP address translation NAT log contains such information as the packet s source IP address source port address destination IP address destination port address translated source IP addres...

Page 1819: ...28 The UDP packets may come in several versions each with different packet formats Only version 1 is used presently A UDP packet is composed of a header and several NAT logs Figure 528 Export NAT logs...

Page 1820: ...with different packet formats However the device supports only version 1 currently Follow these steps to configure a NAT log server n The IP address of the NAT log server must be a valid unicast addre...

Page 1821: ...g connection limit policy Follow these steps to configure a connection limit policy To do Use the command Remarks Enter system view system view Enable connection limit function connection limit enable...

Page 1822: ...p Available in any view Display the aging time for address translation display nat aging time Available in any view Display configurations about all forms of NAT display nat all Available in any view...

Page 1823: ...ess the Internet while users in other network segments cannot External PCs can access an internal server The company has 6 legal IP addresses ranging from 202 38 160 100 24 to 202 38 160 105 24 Addres...

Page 1824: ...0 Router Serial1 0 nat outbound 2001 address group 1 Configure the internal FTP server Router Serial1 0 nat server protocol tcp global 202 38 160 100 ins ide 10 110 10 1 ftp Configure the internal WW...

Page 1825: ...NAT logs Configurations regarding the IP addresses of the devices and NAT function are omitted here Specify to export the NAT logs of Device A to the information center DeviceA system view DeviceA us...

Page 1826: ...Source IP address and port number before translation 1 1 1 1 12288 Source IP address and port number after translation 2 2 2 2 768 Destination IP address and port number 2005 07 07 04 20 03 2005 07 0...

Page 1827: ...te the problem based on the debugging display Use other commands if necessary to further identify the problem Pay special attention to the source address after the address translation and ensure that...

Page 1828: ...28 CHAPTER 96 NAT CONFIGURATION denied external access to the internal network You can use the display acl command to verify this For details about firewall refer to Firewall Configuration on page 178...

Page 1829: ...d by a certificate authority CA that contains a public key and the related user identity information A simplest digital certificate contains a public key an entity name and a digital signature from th...

Page 1830: ...PKI architecture Entity An entity is an end user of PKI products or services like a person an organization a device for instance a router or a switch or a progress running on a computer CA A CA is a...

Page 1831: ...ws for transfer of encrypted mails and mails with signature Web security For Web security two peers can establish a secure sockets layer SSL connection first for transparent and secure communications...

Page 1832: ...om a domain name IP address of the entity Locality where the entity resides Organization to which the entity belongs Unit of the entity in the organization State where the entity resides n The configu...

Page 1833: ...an entity to provide its identity information to a CA Create an entity and enter its view pki entity entity name Required No entity exists by default Configure the common name for the entity common n...

Page 1834: ...riodically to get the certificate as soon as possible after the certificate is signed You can configure the polling interval and count to query the request status IP address of the LDAP server An LDAP...

Page 1835: ...Follow these steps to configure an entity to submit a certificate request in auto mode Specify the authority for certificate request certificate request from ca ra Required No authority is specified...

Page 1836: ...whether you want to overwrite the existing one If a PKI domain has already a local certificate you cannot request another certificate for it This is to avoid inconsistency between the certificate and...

Page 1837: ...e and enrollment information due to related configuration changes To retrieve a new CA certificate use the pki delete certificate command to delete the existing CA certificate and local certificate fi...

Page 1838: ...pki domain domain name Specify the URL of the CRL distribution point crl url url string Optional No CRL distribution point URL is specified by default Set the CRL update period crl update period hours...

Page 1839: ...quired To do Use the command Remarks Enter system view system view Delete certificates pki delete certificate ca local domain domain name Required To do Use the command Remarks Enter system view syste...

Page 1840: ...n this configuration example Network requirements The device submits a local certificate request to the CA server The device acquires CRLs for certificate validation Network diagram Figure 533 Diagram...

Page 1841: ...mpleting the above configuration you need to perform CRL related configurations In this example select the local CRL publishing mode of HTTP and set the HTTP URL to http 4 4 4 133 447 myca crl After t...

Page 1842: ...modulus default 1024 Generating keys 4 Apply for a certificate Retrieve the CA certificate and save it locally Router pki retrieval certificate ca domain torsa Retrieving CA RA certificates Please wai...

Page 1843: ...A5155649 E583AC61 D3A5C849 CBDE350D 2A1926B7 0AE5EF5E D1D8B08A DBF16205 7C2A4011 05F11094 73EB0549 A65D9E74 0F2953F2 D4F0042F 19103439 3D4F9359 88FB59F3 8D4B2F6C 2B Exponent 65537 0x10001 X509v3 exte...

Page 1844: ...me CA as required Network diagram Figure 534 Diagram for applying RSA digital signature in IKE negotiation Configuration procedure 1 Configure Router A Configure the entity name space RouterA system v...

Page 1845: ...al crl domain 1 RouterA pki request certificate domain 1 Configure IKE proposal 1 using RSA signature for identity authentication RouterA ike proposal 1 RouterA ike proposal 1 authentication method rs...

Page 1846: ...RouterB ike proposal 1 authentication method rsa signature RouterB ike proposal 1 quit Specify the PKI domain for the IKE peer RouterB ike peer peer RouterB ike peer peer certificate domain 1 n The ab...

Page 1847: ...Create certificate attribute group mygroup1 and add two attribute rules The first rule defines that the DN of the subject name includes the string aabbcc and the second rule defines that the IP addres...

Page 1848: ...based access control policy of myacp to HTTPS service Router ip https certificate access control policy myacp Enable HTTPS service Router ip https enable Troubleshooting PKI Failed to Retrieve a CA C...

Page 1849: ...e a CA certificate Regenerate a key pair Specify a trusted CA Use the ping command to check that the RA server is reachable Configure the RA for certificate request Configure the required entity name...

Page 1850: ...1850 CHAPTER 97 PKI CONFIGURATION...

Page 1851: ...access the Internet the user must pass portal authentication on the portal website A user can access a known portal website enter username and password for authentication This authentication mode is c...

Page 1852: ...unning the hypertext transfer protocol HTTP or the secure HTTP HTTPS protocol or running portal client software For portal authentication an authentication client refers to a host running portal clien...

Page 1853: ...nauthenticated user enters a website address in the address bar of the IE to access the Internet there are two cases For portal authentication an HTTP request is created and sent to the access device...

Page 1854: ...ough DHCP and can only access the portal server and predefined free websites After passing authentication the user is assigned a public IP address so that he or she can access the Internet No public I...

Page 1855: ...is as follows 1 A portal user initiates an authentication request through HTTP When HTTP packets arrive at the access device the access device allows those destined for the portal server or predefined...

Page 1856: ...ce to control user access Re DHCP authentication process Figure 538 Re DHCP authentication process For portal authentication the re DHCP authentication process is as follows Step 1 through step 6 are...

Page 1857: ...feature provides a solution for user authentication and security authentication However the portal feature cannot implement this solution by itself Currently RADIUS authentication is required to coope...

Page 1858: ...exist Only Layer 3 authentication mode is applicable for the applications which support portal authentication in the presence of Layer 3 forwarding devices However Layer 3 authentication does not requ...

Page 1859: ...et in the re DHCP authentication mode is the private subnet determined by the private IP address of the interface Forcing a User to Log Out By forcing a user with the specified IP address to log out y...

Page 1860: ...able in any view Display the portal connection statistics on the specified interface or all interfaces display portal connection statistics all interface interface type interface number Available in a...

Page 1861: ...s before the portal feature is enabled Configure the access device 1 Configure a RADIUS scheme Create a RADIUS scheme named rs1 and enter its view Router system view Router radius scheme rs1 Set the s...

Page 1862: ...isp dm1 accounting portal radius scheme rs1 Router isp dm1 quit Configure dm1 as the default ISP domain where all access users share the default authentication and accounting modes Router domain defau...

Page 1863: ...o DHCP Overview on page 565 In the re DHCP authentication the access device must be configured as a DHCP relay agent instead of a DHCP server and the portal enabled interface must be configured with a...

Page 1864: ...p service type normal Router Ethernet1 0 quit Configure the IP address of the interface which communicates with the portal server Router interface ethernet 1 1 Router Ethernet1 1 ip address 192 168 0...

Page 1865: ...Router Ethernet1 0 ip address 20 20 20 1 255 255 255 0 Router Ethernet1 0 portal server newpt method layer3 service type normal Router Ethernet1 0 quit Configure the IP address of the interface which...

Page 1866: ...he primary accounting server and the keys for both servers to communicate Router radius rs1 primary authentication 192 168 0 112 Router radius rs1 primary accounting 192 168 0 112 Router radius rs1 ke...

Page 1867: ...0 111 key portal port 50100 url http 192 168 0 111 portal Enable portal authentication on the interface connected to the host Router interface ethernet 1 0 Router Ethernet1 0 ip address 2 2 2 1 255 2...

Page 1868: ...rivate IP address IP addresses are configured for devices as required and routes are available between devices before the portal feature is enabled The following only describes the configurations rela...

Page 1869: ...hernet 1 1 Router Ethernet1 1 ip address 192 168 0 100 255 255 255 0 Router Ethernet1 1 quit Layer 3 Portal Layer 3 Authentication Configuration Examples Network requirements Router A enables the port...

Page 1870: ...ip address 20 20 20 1 255 255 255 0 RouterA Ethernet1 0 portal server newpt method layer3 service type plus RouterA Ethernet1 0 quit Configure the IP address of the interface which communicates with...

Page 1871: ...50100 However if the listening port configured on the access device is not 50100 the destination port of the REQ_LOGOUT message is not the actual listening port on the server Thus the portal server ca...

Page 1872: ...1872 CHAPTER 98 PORTAL CONFIGURATION...

Page 1873: ...ication RSH daemon supports authentication of an RSH client by the username You can enable or disable RSH daemon using the service component on Windows NT 2000 XP 2003 Configuring RSH Configuration Pr...

Page 1874: ...ined and installed separately on the remote host Network diagram Figure 546 Network diagram for RSH configuration Configuration Procedure On the remote host check that the RSH daemon has been installe...

Page 1875: ...Look at the Status column to check whether the Remote Shell Daemon service is started In this example the service is not started yet 5 Double click on the service row and in the popup Remote Shell Dae...

Page 1876: ...the route to the remote host The configuration procedure is omitted Set the time of the host remotely Router rsh 192 168 1 10 command time Trying 192 168 1 10 Press CTRL K to abort The current time i...

Page 1877: ...packets before transmitting them over the Internet Data integrity The receiver verifies the packets received from the sender to ensure they are not tampered during transmission Data origin authentica...

Page 1878: ...is a combination of such communication aspects as the protocol s AH ESP or both encapsulation mode transport mode or tunnel mode encryption algorithm DES 3DES or AES shared key used for protection of...

Page 1879: ...nted through hash functions A hash function takes a message of arbitrary length and generates a message digest of fixed length IPSec peers calculate the message digests respectively If the resulting d...

Page 1880: ...ists of one or more sets of SAs Encryption Card IPSec can either be implemented through software or an encryption card When implemented through software encryption decryption and authentication algori...

Page 1881: ...to Configuring ACLs on page 1881 IPSec protects only data flows permitted by the ACLs So it is recommended to configure the ACLs accurately that is permit only data flows requiring IPSec protection an...

Page 1882: ...flows An IPSec policy is uniquely identified by its name and sequence number IPSec policies fall into two categories manual IPSec policy and IKE dependent negotiated IPSec policy The former requires t...

Page 1883: ...must match those of the inbound SA at the remote end Both ends of an IPSec tunnel must be configured with the same key in the same format Following these steps to configure an IPSec policy manually To...

Page 1884: ...pecified in the IPSec policy template must match those of the remote end while the parameters not defined in the template are determined by the initiator Configuration prerequisites Configure the IKE...

Page 1885: ...roposal Specify the IKE peers for the IPSec policy to reference ike peer peer name Required Enable and configure the perfect forward secrecy feature for the IPSec policy pfs dh group1 dh group2 dh gro...

Page 1886: ...is not configured with a lifetime in IPSec policy view When negotiating to set up SAs IKE uses the smaller one between the lifetime set locally and the lifetime proposed by the peer Specify the IPSec...

Page 1887: ...policy can be applied to more than one interface while a manual IPSec policy can be applied to only one interface Binding an IPSec Policy Group to an Encryption Card To provide data authentication en...

Page 1888: ...the case for the IPSec module backup function In this case the matched packets are discarded unless you manually remove the binding for the encryption card If no encryption card is bound there are als...

Page 1889: ...group or policy at the interface and then the matched tunnel The session processing mechanism of IPSec saves intermediate matching procedures and there improves IPSec forwarding efficiency Follow the...

Page 1890: ...ilable in any view Display IPSec policy template information display ipsec policy template brief name template name seq number Available in any view Display IPSec proposal information display ipsec pr...

Page 1891: ...tatic 10 1 2 0 255 255 255 0 serial 2 1 Create an IPSec proposal named tran1 RouterA ipsec proposal tran1 Specify the encapsulation mode as tunnel RouterA ipsec proposal tran1 encapsulation mode tunne...

Page 1892: ...inbound esp gfedcba RouterA ipsec policy manual map1 10 quit Configure the IP address of the serial interface RouterA interface serial 2 1 RouterA Serial2 1 ip address 2 2 2 1 255 255 255 0 Apply the...

Page 1893: ...s RouterB ipsec policy manual use1 10 sa spi outbound esp 54321 RouterB ipsec policy manual use1 10 sa spi inbound esp 12345 Configure the keys RouterB ipsec policy manual use1 10 sa string key outbou...

Page 1894: ...atic route to Host B RouterA ip route static 10 1 2 0 255 255 255 0 serial 2 1 Create an IPSec proposal named tran1 RouterA ipsec proposal tran1 Specify the encapsulation mode as tunnel RouterA ipsec...

Page 1895: ...source 10 1 2 0 0 0 0 255 dest ination 10 1 1 0 0 0 0 255 RouterB acl adv 3101 rule deny ip source any destination any RouterB acl adv 3101 quit Configure a static route to Host A RouterB ip route st...

Page 1896: ...terface RouterB Serial2 2 ipsec policy use1 After above configuration IKE negotiation will be triggered to set up SAs when there is any traffic between subnet 10 1 1 0 24 and subnet 10 1 2 0 24 If IKE...

Page 1897: ...st B RouterA ip route static 10 1 2 0 255 255 255 0 serial 2 1 Create an IPSec proposal named tran1 RouterA ipsec proposal tran1 Specify the encapsulation mode as tunnel RouterA ipsec proposal tran1 e...

Page 1898: ...he IPSec policy group to the interface RouterA Serial2 1 ipsec policy map1 RouterA Serial2 1 quit Enter encryption card interface view RouterA interface encrypt 5 1 Bind the IPSec policy to the card a...

Page 1899: ...g to use the IKE negotiation mode RouterB ipsec policy use1 10 isakmp Apply the ACL RouterB ipsec policy isakmp use1 10 security acl 3101 Apply the proposal RouterB ipsec policy isakmp use1 10 proposa...

Page 1900: ...n IKE negotiation will be triggered to set up SAs when there is any traffic between subnet 10 1 1 0 24 and subnet 10 1 2 0 24 If IKE negotiation succeeds and SAs are set up the traffic between the two...

Page 1901: ...a series of data This disables a third party from decrypting the keys even if the third party captured all exchanged data that is used to calculate the keys The section covers these topics Security M...

Page 1902: ...Phase 2 Using the ISAKMP SA established in phase 1 the two peers negotiate to establish IPSec SAs Figure 553 IKE exchange process As shown in Figure 553 the main mode of IKE negotiation in phase 1 in...

Page 1903: ...ationship between IKE and IPSec Relationship between IKE and IPSec IKE is an application layer protocol using UDP and functions as the signaling protocol of IPSec IKE negotiates SAs SA for IPSec and d...

Page 1904: ...IKE negotiation Two matching IKE proposals have the same encryption algorithm authentication method authentication algorithm and DH group The initiator determines the SA lifetime The matching IKE pro...

Page 1905: ...er view ike peer peer name Required Specify the IKE negotiation mode in phase 1 exchange mode aggressive main Optional main by default Configure the pre shared key for pre shared key authentication pr...

Page 1906: ...IKE tunnel may have a public address while the other end may have a private address and therefore NAT traversal must be configured at the private network side to set up the tunnel If the IKE negotiati...

Page 1907: ...to be three times of the keepalive interval Setting the NAT Keepalive Timer NAT mapping on a NAT gateway may get aged If no packet traverses an IPSec tunnel in a certain period of time the NAT mappin...

Page 1908: ...ng IKE To do Use the command Remarks Enter system view system view Create a DPD and enter its view ike dpd dpd name Required Set the DPD query triggering interval interval time interval time Optional...

Page 1909: ...am Figure 555 Network diagram for IKE configuration Configuration procedure 1 Configure Router A Configure an IKE peer RouterA system view RouterA ike peer peer RouterA ike peer peer pre shared key ab...

Page 1910: ...the Intranet in the headquarters through a leased line The Serial 2 0 interface of Router A has a fixed public IP address and Router B obtains an IP address dynamically As the IP address obtained by t...

Page 1911: ...ec proposal prop esp authentication algorithm sha1 RouterA ipsec proposal prop quit Create an IPSec policy named policy specifying to set up SAs through IKE negotiation RouterA ipsec policy policy 10...

Page 1912: ...p encryption algorithm des RouterB ipsec proposal prop esp authentication algorithm sha1 RouterB ipsec proposal prop quit Create an IPSec policy specifying to set up SAs through IKE negotiation Router...

Page 1913: ...twork diagram Figure 557 Network diagram for IPSec IKE with ADSL Configuration procedure 1 Configure Router A Specify a name for the local security gateway RouterA system view RouterA ike local name r...

Page 1914: ...IPSec policy to reference ACL 3101 RouterA ipsec policy isakmp policy 10 security acl 3101 Configure the IPSec policy to reference IPSec proposal prop RouterA ipsec policy isakmp policy 10 proposal p...

Page 1915: ...al named prop RouterB ipsec proposal prop RouterB ipsec proposal prop encapsulation mode tunnel RouterB ipsec proposal prop transform esp RouterB ipsec proposal prop esp encryption algorithm 3des Rout...

Page 1916: ...terface atm 1 0 RouterB Atm1 0 pvc 0 100 RouterB atm pvc Atm1 0 0 100 map bridge virtual ethernet 0 RouterB atm pvc Atm1 0 0 100 quit Configure the VE interface RouterB interface virtual ethernet 0 Ro...

Page 1917: ...nd whether the referred IPSec proposals have a match in protocol encryption and authentication algorithms Failure to Establish an IPSec Tunnel Symptom Failure to establish an IPSec tunnel Analysis Som...

Page 1918: ...of IPSec tunnels are determined by the order they are established a device cannot interoperate with other peers in fine granularity when its outbound packets are first matched with an IPSec tunnel in...

Page 1919: ...rs to establish SSH connections with a remote device acting as the SSH server c CAUTION Currently when acting as an SSH server the device supports two SSH versions SSH2 and SSH1 When acting as an SSH...

Page 1920: ...connection is established the server sends the first packet to the client which includes a version identification string in the format of SSH primary protocol version number secondary protocol versio...

Page 1921: ...ich includes the username authentication method and information related to the authentication method the password in the case of password authentication The server authenticates the client If the auth...

Page 1922: ...the server sends back to the client an SSH_SMSG_FAILURE packet indicating that the processing fails or it cannot resolve the request Interactive session In this stage the server and the client exchan...

Page 1923: ...g RSA and DSA Keys on page 1924 Creating RSA or DSA key pairs on page 1924 Required Exporting RSA or DSA key pairs on page 1924 Optional Destroying RSA or DSA key pairs on page 1924 Optional Configuri...

Page 1924: ...s in the range 512 to 2048 bits With SSH2 nevertheless some clients require that the keys generated by the server must not be less than 768 bits Exporting RSA or DSA key pairs You can display or expor...

Page 1925: ...RT 4 07 to upload the client public key to the server You can configure at most 20 client pubic keys on an SSH server Configuring a client public key manually Follow these steps to configure the clien...

Page 1926: ...or information about sftp refer to SFTP Overview on page 1945 For successful login through SFTP you must set the user service type to sftp or all You can set the service type of an SSH user to stelnet...

Page 1927: ...RADIUS authentication server After login the commands available to a user are determined by AAA authorization Setting the SSH Management Parameters SSH management includes Enabling the SSH server to...

Page 1928: ...sequent authentications Without first time authentication a client not configured with the server host public key will be denied of access to the server To access the server a user must configure in a...

Page 1929: ...ystem view system view Enable the device to support first time authentication ssh client first time Optional By default first time authentication is supported on a client To do Use the command Remarks...

Page 1930: ...nection between the SSH client and the IPv6 server and specify the preferred key exchange algorithm encryption algorithms and HMAC algorithms for them ssh2 ipv6 server port number identity key dsa rsa...

Page 1931: ...y local create dsa Router ssh server enable Configure an IP address for interface Ethernet 1 1 which the SSH client will use as the destination for SSH connection Router interface ethernet 1 1 Router...

Page 1932: ...er client001 service type ssh level 3 Router luser client001 quit Specify the service type of user client001 as Stelnet and the authentication method as password Router ssh user client001 service type...

Page 1933: ...SSH client configuration interface From the window shown in Figure 561 click Open The following SSH client interface appears If the connection is normal you will be prompted to enter the username clie...

Page 1934: ...is used the algorithm is RSA Network diagram Figure 562 Network diagram for SSH server configuration using publickey authentication Configuration procedure Configure the SSH server Generate RSA and D...

Page 1935: ...wing tasks you must generate an RSA public key pair using the client software on the client save the key pair in a file named key pub and then upload the file to the SSH server through FTP or TFTP For...

Page 1936: ...Generate a client key pair 1 While generating the key pair you must move the mouse continuously and keep the mouse off the green process bar shown in Figure 564 Otherwise the process bar stops moving...

Page 1937: ...ion Example 1937 Figure 564 Generate a client key pair 2 After the key pair is generated click Save public key to save the key in a file by entering a file name key pub in this case Figure 565 Generat...

Page 1938: ...client key 4 n After generating a key pair on a client you need to transmit the saved public key file to the server through FTP or TFTP and have the configuration on the server done before continuing...

Page 1939: ...on window navigate to the private key file and click OK Figure 568 SSH client configuration interface 2 From the window shown in Figure 569 click Open The following SSH client interface appears If the...

Page 1940: ...hentication is required Network diagram Figure 570 Network diagram for SSH client configuration using password authentication Configuration procedure 1 Configure the SSH server Create RSA and DSA key...

Page 1941: ...first time authentication RouterA undo ssh client first time Configure the host public key of the SSH server by entering public key code view and copying the DSA public key of the SSH server RouterA p...

Page 1942: ...165 87 136 Enter password All rights reserved 2004 2006 Without the owner s prior written consent no decompiling or reverse switch fabricering shall be allowed RouterB When Using Publickey Authentica...

Page 1943: ...remote public key pair from the file key pub RouterB public key peer Router001 import sshkey key pub Specify the authentication type for user client002 as publickey and assign the public key Router00...

Page 1944: ...65 87 136 Press CTRL K to abort Connected to 10 165 87 136 The Server is not authenticated Continue Y N y Do you want to save the server public key Y N n All rights reserved 2004 2006 Without the owne...

Page 1945: ...isites You have configured the SSH server For the detailed configuration procedure refer to Configuring the Device as an SSH Server on page 1922 You have used the ssh user service type command to set...

Page 1946: ...configuration task is to enable the SFTP client to establish a connection with the remote SFTP server and enter SFTP client view Follow these steps to enable the SFTP client To do Use the command Rem...

Page 1947: ...8 des prefer stoc hmac md5 md5 96 sha1 sha1 96 Use one command in user view as required The support for the keyword 3des in the two commands varies by device Establish a connection to the remote IPv6...

Page 1948: ...y on the remote SFTP server mkdir remote path Optional Delete a directory from the SFTP server rmdir remote path 1 10 Optional To do Use the command Remarks To do Use the command Remarks Establish a c...

Page 1949: ...ional The delete command functions as the remove command remove remote file 1 10 To do Use the command Remarks To do Use the command Remarks Establish a connection to the remote SFTP server and enter...

Page 1950: ...0 4 RouterB ui vty0 4 authentication mode scheme Set the user privilege level to 3 RouterB ui vty0 4 user privilege level 3 Enable the user interfaces to support SSH RouterB ui vty0 4 protocol inbound...

Page 1951: ...ir rwxrwxrwx 1 noone nogroup 1759 Aug 23 06 52 config cfg rwxrwxrwx 1 noone nogroup 225 Aug 24 08 01 pubkey2 rwxrwxrwx 1 noone nogroup 283 Aug 24 07 39 pubkey1 drwxrwxrwx 1 noone nogroup 0 Sep 01 06 2...

Page 1952: ...one nogroup 0 Sep 02 06 33 new2 Download the pubkey2 file from the server and save it as local file public sftp client get pubkey2 public Remote file pubkey2 Local file public Downloading file success...

Page 1953: ...during handshake phase Authentication SSL supports authenticating both the server and the client through certificates with the authentication of the client being optional Reliability SSL uses key base...

Page 1954: ...application layer protocol HTTP protocol for example Configuration Prerequisites Before configuring an SSL server policy you must configure PKI public key infrastructure domain For details about PKI...

Page 1955: ...ional The defaults are as follows 500 for the maximum number of cached sessions 3600 seconds for the caching timeout time Enable certificate based SSL client authentication client verify enable Option...

Page 1956: ...on to locate the problem If the SSL server has no certificate request one for it If the server certificate cannot be trusted install on the SSL client the root certificate of the CA that issues the lo...

Page 1957: ...start the packet forwarding path remains the same and the whole system can forward IP packets continuously Hence it is called Graceful Restart Basic Concepts in Graceful Restart A router with the Grac...

Page 1958: ...replace with each other If a router is to act as a Graceful Restarter it must have the ability to preserve the routing information in the routing table forwarding table Routers that fail to meet this...

Page 1959: ...3 GR Restarter signaling to GR Helper Figure 576 The GR Restarter signals to the GR Helper s after restart As illustrated in Figure 576 after the GR Restarter has recovered it will signal to all its...

Page 1960: ...Boarder Gateway Protocol BGP Open Shortest Path First OSPF Intermediate System to Intermediate System IS IS Label Distribution Protocol LDP and MPLS with Resource Reservation Protocol Traffic Engineer...

Page 1961: ...a backup interface when the primary one fails As shown in Figure 578 interfaces Serial 2 0 Serial 2 1 and Serial 2 2 on Router A back up one and another Serial 2 0 takes on data transmission and Seria...

Page 1962: ...re 579 interface Serial 2 0 on Router A acts as the main interface and interfaces Serial 2 1 and Serial 2 2 act as the backup interfaces Figure 579 Diagram for main backup mode In interface backup mod...

Page 1963: ...opting interface backup or load sharing mode depending on whether you have configured an upper or lower threshold for the main interface traffic As long as this threshold is configured the load sharin...

Page 1964: ...ck object is positive it indicates that the link connecting the tracked interface is normal and the interface performing the track works as the backup interface If the state of the Track object is neg...

Page 1965: ...andwidth it would prompt you to reconfigure If the available bandwidth configured for setting the thresholds exceeds the physical bandwidth on the interface the load balancing does not take effect Dis...

Page 1966: ...face The configuration is omitted 2 Configure a static route On Router A configure a static route to the segment 192 168 2 0 24 where Router B resides RouterA system view RouterA ip route static 192 1...

Page 1967: ...erface Interfacestate Standbystate Standbyflag Pri Loadstate serial2 0 UP MUP MU serial2 1 STANDBY STANDBY BU 30 serial2 2 STANDBY STANDBY BU 20 Backup flag meaning M MAIN B BACKUP V MOVED U USED D LO...

Page 1968: ...erB ip route static 192 168 1 0 24 serial 2 0 RouterB ip route static 192 168 1 0 24 serial 2 1 RouterB ip route static 192 168 1 0 24 serial 2 2 3 Configure the backup interface and load sharing on R...

Page 1969: ...ndbyflag Pri Loadstate serial2 0 UP MUP MUD TO HYPNOTIZE serial2 1 STANDBY STANDBY BU 30 serial2 2 STANDBY STANDBY BU 20 Backup flag meaning M MAIN B BACKUP V MOVED U USED D LOAD P PULLED When the dat...

Page 1970: ...1970 CHAPTER 106 BACKUP CENTER CONFIGURATION...

Page 1971: ...on page 1974 Format of VRRP Packets on page 1975 Principles of VRRP on page 1976 VRRP Tracking on page 1977 VRRP Application Taking IPv4 Based VRRP for Example on page 1977 VRRP Overview Normally as s...

Page 1972: ...tion due to a single link failure There are two VRRP versions VRRPv2 and VRRPv3 VRRPv2 is based on IPv4 while VRRPv3 is based on IPv6 The two versions implement the same functions but provide differen...

Page 1973: ...determines the role master or backup of each router in the standby group by priority A router with a higher priority has more opportunity to become the master VRRP priority is in the range of 0 to 255...

Page 1974: ...ecrypt the packet and checks whether the packet is valid On a secure network you need not set the authentication mode VRRP Timers VRRP timers include VRRP advertisement interval timer and VRRP preempt...

Page 1975: ...ity of the router in the standby group in the range 0 to 255 A greater value represents a higher priority Count IP Addrs Number of virtual IP addresses for the standby group A standby group can have m...

Page 1976: ...IPv6 addresses Auth Type Authentication type 0 means no authentication 1 means simple authentication VRRPv3 does not support MD5 authentication Adver Int Interval for sending advertisement packets in...

Page 1977: ...only when the interface to which a standby group is assigned fails but also when other interfaces on the router become unavailable This is achieved by tracking interfaces When a monitored interface go...

Page 1978: ...AN Load balancing You can create more than one standby group on an interface of a router allowing the router to be the master of one standby group but a backup of another at the same time In load bala...

Page 1979: ...tandby group 1 2 and 3 as the default gateways respectively When configuring VRRP priorities ensure that each router holds such a priority in each standby group that it will take the expected role in...

Page 1980: ...r MAC address By default a MAC address is created for a standby group after the standby group is created and the virtual IP address is associated with the virtual MAC address With such association ado...

Page 1981: ...ddresses in it In addition configurations on that standby group no longer take effect The virtual IP address of the virtual router can be either an unused IP address on the segment where the standby g...

Page 1982: ...ace At present the Layer 2 protocol used by the tracked synchronous asynchronous serial interfaces should only be PPP protocol the dialer interface should function as the PPPoE client and operate in t...

Page 1983: ...ackets and configure a preemption delay Displaying and Maintaining VRRP for IPv4 To do Use the command Remarks Enter system view system view Enter the specified interface view interface interface type...

Page 1984: ...he packets to be forwarded to the other network segments to the master router properly There are two types of association between virtual IPv6 address and MAC address Virtual IPv6 address is associate...

Page 1985: ...by group Configuration prerequisites Before creating standby group and configuring virtual IPv6 address you should first configure the IPv6 address of the interface and ensure that the virtual IPv6 ad...

Page 1986: ...of a device is reset if the state of the interface under tracking changes from down to up Configuring VRRP Packet Attributes Configuration prerequisites Before configuring the relevant attributes of...

Page 1987: ...ndby group 1 with the virtual IP address of 202 38 160 111 If Router A operates normally packets sent from Host A to Host B are forwarded by Router A if Router A fails packets sent from Host A to Host...

Page 1988: ...emption mode and configure the preemption delay to five seconds RouterA Ethernet1 0 vrrp vrid 1 preempt mode timer delay 5 2 Configure Router B RouterB system view RouterB interface Ethernet 1 0 Route...

Page 1989: ...ster IP 202 38 160 1 The above information indicates that in standby group 1 Router A is the master Router B is the backup and packets sent from host A to host B are forwarded by Router A If Router A...

Page 1990: ...king in VRRP Configuration procedure 1 Configure Router A Create a standby group RouterA system view RouterA interface ethernet 1 0 RouterA Ethernet1 0 ip address 202 38 160 1 255 255 255 0 Create sta...

Page 1991: ...simple hello Configure the master to send VRRP packets every five seconds and work in preemption mode The preemption delay is five seconds RouterB Ethernet1 0 vrrp vrid 1 timer advertise 5 RouterB Eth...

Page 1992: ...of standby group 1 on Router A is displayed RouterA Ethernet1 0 display vrrp verbose IPv4 Standby Information Run Method VIRTUAL MAC Virtual IP Ping Enable Interface Ethernet1 0 VRID 1 Adver Timer 5 A...

Page 1993: ...re Router A Create standby group 1 RouterA system view RouterA interface Ethernet1 0 RouterA Ethernet1 0 ip address 202 38 160 1 255 255 255 0 Create standby group 1 and configure its virtual IP addre...

Page 1994: ...of the standby group on Router A RouterA Ethernet1 0 display vrrp verbose IPv4 Standby Information Run Method VIRTUAL MAC Virtual IP Ping Enable Interface Ethernet1 0 VRID 1 Adver Timer 1 Admin Status...

Page 1995: ...nd the host with the default gateway of 202 38 160 112 24 accesses the Internet through Router B IPv6 Based VRRP Configuration Example This section provides these configuration examples Single VRRP St...

Page 1996: ...andby group 1 to 110 RouterA Ethernet1 0 vrrp ipv6 vrid 1 priority 110 Set Router A to work in preemption mode RouterA Ethernet1 0 vrrp ipv6 vrid 1 preempt mode Enable Router A to send RA messages Rou...

Page 1997: ...y vrrp ipv6 verbose IPv6 Standby Information Run Method VIRTUAL MAC Virtual IP Ping Enable Interface Ethernet1 0 VRID 1 Adver Timer 100 Admin Status UP State Backup Config Pri 100 Run Pri 100 Preempt...

Page 1998: ...Host B are forwarded by Router A if Router A is in work but when its interface Ethernet1 1 which connects to the internet is not available packets sent from Host A to Host B are forwarded by Router B...

Page 1999: ...64 Create a standby group 1 and set its virtual IP address to fe80 10 RouterB Ethernet1 0 vrrp ipv6 vrid 1 virtual ip fe80 10 link local Set the authentication mode of standby group 1 to SIMPLE and au...

Page 2000: ...net 1 1 is not available you can still ping through Host B on Host A You can use the display vrrp ipv6 command to view the detailed information of the standby group If Router A is in work but its inte...

Page 2001: ...e FE80 20 as their default gateway Load sharing and mutual backup between default gateways can be implemented by using VRRP standby groups Network diagram Figure 594 Network diagram for multiple VRRP...

Page 2002: ...B in standby group 2 to 110 RouterB Ethernet1 0 vrrp ipv6 vrid 2 priority 110 3 Verify the configuration You can use the display vrrp ipv6 command to verify the configuration Display detailed informat...

Page 2003: ...A is the backup Router B is the master and the host with the default gateway of FE80 20 accesses the Internet through Router B n Multiple standby groups are commonly used in actual networking In IPv6...

Page 2004: ...If the ping fails check network connectivity If the ping succeeds check that their configurations are consistent in terms of number of virtual IP addresses virtual IP addresses advertisement interval...

Page 2005: ...05 Configuring Device Management on page 2006 Displaying and Maintaining Device Management Configuration on page 2010 Device Management Configuration Example on page 2010 Device Management Overview Th...

Page 2006: ...an use the display license command or log onto the network management interface to view the soft registration information of the device Follow these steps to register the software n Only users with th...

Page 2007: ...ice boot must be saved under the root directory of the device for a device supporting storage device partition the file must be saved on the first partition You can copy or move a file to change the p...

Page 2008: ...case when the temperature of a card is higher than the upper threshold or lower than the lower threshold the system will notify you through the information center for you to timely deal with the probl...

Page 2009: ...the interface index in the same device For the purpose of the stability of an interface index the system will save the 16 bit interface index when a card or logical interface is removed If you repeate...

Page 2010: ...d Remarks Display the Boot ROM file used for the next boot display boot loader slot slot number Available in any view Display the statistics of the CPU usage display cpu usage task number offset verbo...

Page 2011: ...the FTP username to aaa and password to hello FTP Server local user aaa FTP Server luser aaa password cipher hello Configure the user to have access to the aaa directory FTP Server luser aaa service t...

Page 2012: ...gged in successfully ftp Download the aaa bin program on FTP Server to the Flash of the device ftp get aaa bin Clear the FTP connection and return to user view ftp quit Sysname Reboot the device The a...

Page 2013: ...t packets and provides you with network performance and service quality parameters such as jitter TCP connection delay FTP connection delay and file transfer rate With the NQA test results you can 1 K...

Page 2014: ...ce for application modules The application modules then deal with the changes accordingly based on the status of the Track object and thus collaboration is implemented Take static routing as an exampl...

Page 2015: ...responding function For an ICMP echo or UDP echo test one packet is sent in one probe For an SNMP test three packets are sent in one probe NQA client and server NQA client is the device initiating an...

Page 2016: ...tests you need to configure the NQA server on the peer device The NQA server makes a response to the requests Task Remarks Configuring the NQA Server on page 2016 Required for TCP UDP echo and UDP ji...

Page 2017: ...st Group Configuring the ICMP echo Test The ICMP test is used to test reachability of the destination host according to the ICMP echo reply or timeout information Follow these steps to configure the I...

Page 2018: ...Specify the IP address of an interface as the source IP address of an ICMP echo probe request source interface interface type interface number Optional By default no interface address is specified as...

Page 2019: ...P server and the time necessary for the FTP client to transfer a file to the FTP server Configuration prerequisites Before the FTP test you need to perform some configurations on the FTP server For ex...

Page 2020: ...configured for a test operation The destination IP address for a test operation is the IP address of the FTP server Configure the source IP address of a probe request source ip ip address Required By...

Page 2021: ...type view type http Required Configure the destination address for a test operation destination ip ip address Required By default no destination IP address is configured for a test operation The dest...

Page 2022: ...ion address for a test operation destination ip ip address Required By default no destination IP address is configured for a test operation The destination IP address must be consistent with that of t...

Page 2023: ...UDP jitter test probe packet timeout packet timeout Optional 3000 milliseconds by default Configure the source IP address of a probe request in a test operation source ip ip address Optional By defau...

Page 2024: ...ress of a probe request in a test operation source ip ip address Optional By default no source IP address is specified The source IP address must be that of an interface on the device and the interfac...

Page 2025: ...n port destination port port number Required By default no destination port number is configured for a test operation The destination port number must be consistent with port number of the listening s...

Page 2026: ...port number of the listening service configured on the NQA server Configure the size of probe packets sent data size size Optional 100 bytes by default Configure the string of fill characters of a pr...

Page 2027: ...gured for a test operation Configure the source IP address of a probe request in a test operation source ip ip address Optional By default no source IP address is specified The source IP address must...

Page 2028: ...view system view Enter NQA test group view nqa entry admin name operation tag Enter test type view of the test group type dhcp dlsw ftp http icmp echo snmp tcp udp echo udp jitter Configure to send tr...

Page 2029: ...a UDP jitter test Configure the maximum number of history records that can be saved in a test group history records number Optional 50 by default Configure the maximum number of hops a probe packet t...

Page 2030: ...a admin test icmp echo destination ip 10 2 2 2 Configure optional parameters DeviceA nqa admin test icmp echo probe count 10 DeviceA nqa admin test icmp echo probe timeout 500 DeviceA nqa admin test i...

Page 2031: ...admin test dhcp quit Enable the DHCP test RouterA nqa schedule admin test start time now lifetime forever Display results of one DHCP test RouterA display nqa result admin test NQA entry admin admin...

Page 2032: ...he FTP test DeviceA nqa schedule admin test start time now lifetime forever Display results of an FTP test DeviceA display nqa result admin test NQA entry admin admin tag test test results Destination...

Page 2033: ...est results Destination IP address 10 2 2 2 Send operation times 1 Receive response times 1 Min Max Average round trip time 64 64 64 Square Sum of round trip time 4096 Last succeeded probe time 2007 0...

Page 2034: ...Send operation times 10 Receive response times 10 Min Max Average round trip time 31 47 32 Square Sum of round trip time 10984 Last succeeded probe time 2007 04 29 20 05 49 1 Extend results Packet lo...

Page 2035: ...ed test parameters DeviceA system view DeviceA nqa entry admin test DeviceA nqa admin test type snmp DeviceA nqa admin test snmp destination ip 10 2 2 2 DeviceA nqa admin test snmp quit Enable the SNM...

Page 2036: ...ry admin test DeviceA nqa admin test type tcp DeviceA nqa admin test tcp destination ip 10 2 2 2 DeviceA nqa admin test tcp destination port 9000 DeviceA nqa admin test tcp quit Enable the TCP test De...

Page 2037: ...st DeviceA nqa admin test type udp echo DeviceA nqa admin test udp echo destination ip 10 2 2 2 DeviceA nqa admin test udp echo destination port 8000 DeviceA nqa admin test udp echo quit Enable the UD...

Page 2038: ...LSw test DeviceA nqa schedule admin test start time now lifetime forever Display results of one DLSw test DeviceA display nqa result admin test NQA entry admin admin tag test test results Destination...

Page 2039: ...etStream on page 2040 Introduction to NetStream NetStream provides the packet statistics function By differentiating streams by destination address source IP address destination port number source por...

Page 2040: ...statistics are delivered in version 5 UDP packets When you configure the attributes of version 5 UDP packets If no NetStream aggregation is configured the device sends the aged statistics in version...

Page 2041: ...Required Configuring NetStream Statistics Aging on page 2043 Optional To do Use the command Remarks Enter system view system view Configure NetStream cache size ip netstream max entry max entries Opti...

Page 2042: ...sion 5 packets and if no attributes of NetStream statistics packets are configured in NetStream aggregation view also affects version 8 packets The ip netstream export version command can be executed...

Page 2043: ...rt all NetStream cache entries before they automatically get aged and clear the status information of the NetStream cache and the exported packets information The information about the exported packet...

Page 2044: ...ernet1 0 ip address 11 110 2 1 255 255 0 0 RouterA Ethernet1 0 ip netstream inbound RouterA Ethernet1 0 quit Configure interface Ethernet 1 1 and enable NetStream statistics in its outbound direction...

Page 2045: ...net 1 0 and enable NetStream statistics in both inbound and outbound directions RouterA system view RouterA interface ethernet 1 0 RouterA Ethernet1 0 ip address 11 110 2 1 255 255 0 0 RouterA Etherne...

Page 2046: ...dress destination port and source port of the exported UDP packets in this mode RouterA ip netstream aggregation source prefix RouterA aggregation srcpre enable RouterA aggregation srcpre ip netstream...

Page 2047: ...1 1 as number 100 RouterB bgp peer 2 1 1 2 as number 200 3 Configure Router C Configure interface Ethernet 1 0 RouterC interface ethernet 1 0 RouterC Ethernet1 0 ip address 2 1 1 2 255 255 0 0 Router...

Page 2048: ...2048 CHAPTER 110 NETSTREAM CONFIGURATION...

Page 2049: ...NTP its time can be synchronized by other reference sources and can be used as a reference source to synchronize other clocks Applications of NTP An administrator can by no means keep synchronized ti...

Page 2050: ...asy understanding we assume that Prior to system clock synchronization between Device A and Device B the clock of Device A is set to 10 00 00 am while that of Device B is set to 11 00 00 am Device B i...

Page 2051: ...A and Device B Offset T2 T1 T3 T4 2 1 hour Based on these parameters Device A can synchronize its own clock to the clock of Device B This is only a rough description of the work mechanism of NTP For...

Page 2052: ...1 clock has the highest precision and a stratum 16 clock is not synchronized and cannot be used as a reference clock Poll 8 bit signed integer indicating the poll interval namely the maximum interval...

Page 2053: ...ltering and selection and synchronizes its local clock to that of the optimal reference source In this mode a client can be synchronized to a server but not vice versa Symmetric peers mode Figure 613...

Page 2054: ...en the client enters the broadcast client mode and continues listening to broadcast messages and synchronizes its local clock based on the received broadcast messages Multicast mode Figure 615 Multica...

Page 2055: ...e NTP client on a PE can be synchronized to the NTP server on another PE through a designated VPN instance The NTP server on a PE can synchronize the NTP clients on multiple CEs in different VPNs n A...

Page 2056: ...ynchronized If the clock of a server has a stratum level higher than or equal to that of a client s clock the client will not synchronize its clock to the server s You can configure multiple servers b...

Page 2057: ...or devices working in the broadcast mode you need to configure both the server and clients Because an interface need to be specified on the broadcast server for sending NTP broadcast messages and an i...

Page 2058: ...e of the following two ways Synchronized to the local clock which as the reference source Synchronized to another device on the network in any of the four NTP operation modes previously described If y...

Page 2059: ...low these steps to configure the allowable maximum number of dynamic sessions Configuring Access Control Rights With the following command you can configure the NTP service access control right to the...

Page 2060: ...t Configuration Prerequisites Prior to configuring the NTP service access control right to the local device you need to create and configure an ACL associated with the access control right For the con...

Page 2061: ...n is enabled on a client the client can be synchronized only to a server that can provide a trusted authentication key Configuration Procedure Configuring NTP authentication for a client Follow these...

Page 2062: ...entication mode md5 value Required No NTP authentication key by default Configure the key as a trusted key ntp service reliable authentication keyid keyid Required No authentication key is configured...

Page 2063: ...Nominal frequency 64 0000 Hz Actual frequency 64 0000 Hz Clock precision 2 7 Clock offset 0 0000 ms Root delay 0 00 ms Root dispersion 0 00 ms Peer dispersion 0 00 ms Reference time 00 00 00 000 UTC J...

Page 2064: ...the stratum level of 2 Device B works in the client mode and Device A is to be used as the NTP server of Device B with Device B as the client Device C works in the symmetric active mode and Device B...

Page 2065: ...ms Root dispersion 775 15 ms Peer dispersion 34 29 ms Reference time 15 22 47 083 UTC Sep 19 2005 C6D95647 153F7CED As shown above Device B has been synchronized to Device C and the clock stratum leve...

Page 2066: ...mode and receive broadcast messages on Ethernet 1 0 RouterD system view RouterD interface ethernet 1 0 RouterD Ethernet1 0 ntp service broadcast client 3 Configuration on Router A Configure Router A t...

Page 2067: ...RouterD display ntp service sessions source reference stra reach poll now offset delay disper 1234 3 0 1 31 127 127 1 0 2 254 64 62 16 0 32 0 16 6 note 1 source master 2 source peer 3 selected 4 cand...

Page 2068: ...MP enabled and can be synchronized to Router C View the NTP status of Router D after clock synchronization RouterD display ntp service status Clock status synchronized Clock stratum 3 Reference clock...

Page 2069: ...e multicast messages on Ethernet 1 0 RouterA Ethernet1 0 ntp service multicast client View the NTP status of Router A after clock synchronization RouterA Ethernet1 0 display ntp service status Clock s...

Page 2070: ...iguration on Device A Specify the local clock as the reference source with the stratum level of 2 DeviceA system view DeviceA ntp service refclcok master 2 2 Configuration on Device B DeviceB system v...

Page 2071: ...B has been synchronized to Device A and the clock stratum level of Device B is 3 while that of Device A is 2 View the NTP session information of Device B which shows that an association has been set...

Page 2072: ...service broadcast server authentication keyid 88 2 Configuration on Router D Configure NTP authentication RouterD system view RouterD ntp service authentication enable RouterD ntp service authenticat...

Page 2073: ...er D and Router C RouterD display ntp service sessions source reference stra reach poll now offset delay disper 1234 3 0 1 31 127 127 1 0 3 254 64 62 16 0 32 0 16 6 note 1 source master 2 source peer...

Page 2074: ...ter 1 2 Configuration on CE 3 Specify CE 1 in VPN 1 as the NTP server of CE 3 CE3 system view CE3 ntp service unicast server 10 1 1 1 View the NTP session information and status information on CE 3 a...

Page 2075: ...n Symmetric Peers Mode Network requirements PE1 s local clock is to be used as a reference source with the stratum level of 1 PE 2 is synchronized to PE 1 in the symmetric peers mode Network diagram S...

Page 2076: ...reach poll now offset delay disper 12345 10 1 1 2 LOCL 1 1 64 29 12 0 32 0 15 6 note 1 source master 2 source peer 3 selected 4 candidate 5 configured Total associations 1 PE2 display ntp service trac...

Page 2077: ...tween network management station NMS and agent facilitating large network management RMON comprises two parts NMSs and agents running on network devices Each RMON NMS administers the agents within its...

Page 2078: ...per threshold an upper event is triggered if the sampled value of the monitored variable is lower than or equal to the lower threshold a lower event is triggered The event is then handled as defined i...

Page 2079: ...a specified interface the Ethernet statistics group counts the number of packets received on the current interface The result of the statistics is a cumulative sum Configuring RMON Configuration Prere...

Page 2080: ...ced in the event table with the rmon event command If an alarm variable is the statistics parameter of an interface configure the corresponding statistics group to make the alarm entry take effect Cre...

Page 2081: ...Query statistics on the NMS and execute the display rmon statistics command on Agent for the same purpose Pri alarm Alarm variable formula alarm variable sampling interval sampling interval sampling t...

Page 2082: ...statistics on interface Ethernet 1 0 Sysname Ethernet1 1 quit Sysname interface ethernet 1 0 Sysname Ethernet1 0 rmon statistics 1 owner user1 rmon Sysname Ethernet1 0 quit Create an RMON alarm entry...

Page 2083: ...StatsJabbers 0 etherStatsCRCAlignErrors 0 etherStatsCollisions 0 etherStatsDropEvents insufficient resources 0 Packets received according to length 64 7 65 127 413 128 255 35 256 511 0 512 1023 0 1024...

Page 2084: ...2084 CHAPTER 112 RMON CONFIGURATION...

Page 2085: ...acturers Offering only the basic set of functions SNMP makes the management tasks independent of both the physical features of the managed devices and the underlying networking technology Thus SNMP ac...

Page 2086: ...SNMPv3 offers an authentication that is implemented with a User Based Security Model USM for short which could be authentication with privacy authentication without privacy or no authentication no pr...

Page 2087: ...r Required Add a new user to an SNMP agent group snmp agent usm user v3 user name group name authentication mode md5 sha auth password privacy mode aes128 des56 priv password acl acl number Required C...

Page 2088: ...SNMP NMS access right Configure directly Configure a community name snmp agent community read write community name acl acl number mib view view name Use any command All of these three commands can be...

Page 2089: ...All types of Trap packets are allowed by default Enter interface view interface interface type interface number Set to enable the device to send Trap packets of interface state change enable snmp tra...

Page 2090: ...ion including the contact location and version of the SNMP display snmp agent sys info contact location version Available in any view Display SNMP agent statistics display snmp agent statistics Displa...

Page 2091: ...t trap enable Sysname snmp agent target host trap address udp domain 1 1 1 2 udp port 5000 params securityname public 2 Configure NMS With SNMPv1 the user needs to specify the read only community the...

Page 2092: ...performs the SET operation to Agent Jan 1 02 59 42 576 2006 Sysname SNMP 6 SET seqNO 11 srcIP 1 1 1 2 op set errorIndex 0 errorStat us noError node sysName 1 3 6 1 2 1 1 5 0 value Sysname n The syste...

Page 2093: ...Configuration Example for SNMP Logging 2093 SNMP log to be output to other directions refer to Information Center Configuration on page 2137...

Page 2094: ...2094 CHAPTER 113 SNMP CONFIGURATION...

Page 2095: ...Configuration on page 2104 File System Management This section covers these topics File System Overview on page 2095 Directory Operations on page 2095 File Operations on page 2096 Storage Device Opera...

Page 2096: ...e in user view Display the current path pwd Optional Available in user view Display files or directories dir all file url Optional Available in user view Change the current path cd directory Optional...

Page 2097: ...n the following table You may use the two commands when some space of a storage device becomes inaccessible due to abnormal operations for example c CAUTION When you format a storage device all the fi...

Page 2098: ...not do that in any cases To prevent undesirable consequence resulted from misoperations the alert mode is preferred File System Operations Example Display the files and the subdirectory under the cur...

Page 2099: ...ation File Overview The operating interface provided by the configuration file management function is user friendly With it you can easily manage your configuration files Types of configuration The co...

Page 2100: ...tion file namely only one configuration is allowed the following steps are taken during startup 1 If you specify a configuration file and this file exists the device will initialize its configuration...

Page 2101: ...e in the device Backup attribute When you use the save safely backup command to save the current configuration the configuration file you get has backup attribute If this configuration file already ex...

Page 2102: ...When main backup attributes are supported the following two situations exist While the reset saved configuration main command erases the configuration file with main attribute it only deletes the main...

Page 2103: ...from the TFTP server for next startup n For a device that supports main backup attribute the effect of the backup restore operation applies to the main startup configuration file For a device that do...

Page 2104: ...ning Device Configuration n For detailed description of the commands display this and display current configuration refer to Basic Configurations on page 2125 To do Use the command Remarks Display the...

Page 2105: ...erver client model Your device can function either as client or as server as shown in Figure 627 They work in the following way When the device serves as the FTP client a PC user first telnets or conn...

Page 2106: ...face is the source address of the transmitted packets The source address of the transmitted packets is selected following these rules If no source address of the FTP client is specified a device uses...

Page 2107: ...ble in user view Log onto the remote FTP server indirectly in FTP client view ftp open server address service port To do Use the command Remarks To do Use the command Remarks Log onto the remote FTP s...

Page 2108: ...ional Check files directories on the FTP server ls remotefile localfile Optional Download a file from the FTP server get remotefile localfile Optional Upload a file to the FTP server put localfile rem...

Page 2109: ...Connected to 10 1 1 1 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User 10 1 1 1 none abc 331 Give me your password please Password 230 Logged in successfully ftp binary 200 Ty...

Page 2110: ...thentication and Authorization for Accessing FTP Server To allow an FTP user to access certain directories on the FTP server you need to create an account for the user authorizing access to the direct...

Page 2111: ...figuration procedure 1 Configure Device FTP Server Create an FTP user account abc setting its password to pwd Sysname system view Sysname local user abc Sysname luser abc password simple pwd Specify a...

Page 2112: ...in ftp put aaa app bbb app n When upgrading the configuration file with FTP put the new file under the root directory After you finish upgrading the BootROM program through FTP you must execute the b...

Page 2113: ...Displaying and maintaining FTP 2113 Display detailed information about logged in FTP users display ftp user Available in any view To do Use the command Remarks...

Page 2114: ...2114 CHAPTER 115 FTP CONFIGURATION...

Page 2115: ...etween client and server TFTP uses the UDP port 69 service for data transmission For TFTP basic operation refer to RFC 1986 In TFTP file transfer is initiated by the client In a normal file downloadin...

Page 2116: ...configuration file Multiple routes may exist for a TFTP client to successfully access the TFTP server You can specify one by configuring the source address of the packets from the TFTP client to meet...

Page 2117: ...and a configuration file config cfg to PC for backup Network diagram Figure 631 Smooth upgrading using the TFTP client function Configure the source address of the TFTP client tftp client source inter...

Page 2118: ...nterface 1 Sysname Vlan interface1 ip address 1 1 1 1 255 255 0 0 Sysname Vlan interface1 return Download an application file aaa app from the TFTP server Before that make sure that adequate memory is...

Page 2119: ...responds by sending an ICMP echo reply to the source device after receiving the ICMP echo request 3 If there is network failure the source device displays timeout or destination unreachable 4 The sour...

Page 2120: ...ssage which gives the source device the address of the second router 5 The above process continues until the ultimate destination device is reached In this way the source device can trace the addresse...

Page 2121: ...information OFF ON OFF ON Debugging information Protocol debugging switch Screed output switch 1 3 1 2 3 OFF ON ON 1 3 1 2 3 1 3 Screed output switch Protocol debugging switch Debugging information To...

Page 2122: ...the destination device Network diagram omitted here Configuration procedure Sysname tracert 10 1 1 4 traceroute to 10 1 1 4 30 hops max 40 bytes packet 1 128 3 112 1 19 ms 19 ms 0 ms 2 128 32 216 1 3...

Page 2123: ...System Maintaining Example 2123 The above output shows that nine routers are involved from the source to the destination device...

Page 2124: ...2124 CHAPTER 117 SYSTEM MAINTAINING AND DEBUGGING...

Page 2125: ...ncurrent Users on page 2132 Displaying and Maintaining Basic Configurations on page 2132 Entering Exiting System View n With the quit command you can return to the previous view You can execute the re...

Page 2126: ...s an optional configuration The default system clock is 2005 1 1 1 00 00 in the example Set the time zone clock timezone zone name add minus zone offset Optional Available in user view Set a daylight...

Page 2127: ...nd clock summer time ss one off 1 00 2007 1 1 1 00 2007 8 8 2 Display 10 00 00 ss Mon 01 01 2007 1 3 and 1 If date time is not in the summer time range date time is displayed Configure clock summer ti...

Page 2128: ...summer time ss one off 1 00 2007 1 1 1 00 2007 8 8 2 Display 04 00 00 ss Mon 01 01 2007 If the value of date time zone offset is in the summer time range date time zone offset summer offset is displa...

Page 2129: ...are case insensitive Configuring a banner When you configure a banner the system supports two input modes One is to input all the banner information right after the command keywords The start and end...

Page 2130: ...d with command lines by default Display hotkeys display hotkey Available in any view Refer to Table 62 for hotkeys reserved by system Table 62 Hotkeys reserved by the system Hotkey Function Ctrl A Mov...

Page 2131: ...er of the continuous string to the left Esc D Deletes all the characters of the continuous string at the current cursor position and to the right of the cursor Esc F Moves the cursor to the front of t...

Page 2132: ...rtain attribute only the last configuration applies When the number of users has reached the limit other users cannot enter system view Displaying and Maintaining Basic Configurations To do Use the co...

Page 2133: ...following topics Online Help with Command Lines on page 2133 Display Features on page 2135 History Command on page 2135 Command Line Error Information on page 2135 Edit Features on page 2136 Introduc...

Page 2134: ...minal logging Send log information to terminal monitor Send information output to current terminal trapping Send trap information to terminal 3 Enter a command and a separated by a space If is at the...

Page 2135: ...ey have no syntax error Otherwise error information is reported Table 66 lists some common errors Table 64 Display functions Action Function Press Space when information display pauses Continues to di...

Page 2136: ...and move the cursor to the right Backspace key Deletes the character to the left of the cursor and move the cursor back one character Left arrow key or Ctrl B The cursor moves one character space to t...

Page 2137: ...blems n By default the information center is enabled An enabled information center affects the system performance in some degree due to information classification and output Such impact becomes more o...

Page 2138: ...ect only after the information center is enabled warnings 4 Warnings notifications 5 Normal errors with important information informational 6 Informational information to be recorded debugging 7 Infor...

Page 2139: ...DHCP Dynamic Host Configuration Protocol module DIAGCLI Diagnosis module DNS Domain Name System module DRVMPLS Multiprotocol label switching driver module DRVL2 Layer 2 driver module DRVL3 Layer 3 dr...

Page 2140: ...ey Infrastructure module OSPF Open Shortest Path First module PHY Physical Sublayer Physical Layer module POE Power over Ethernet module POS_SNMP POS Simple Network Management Protocol module PPP Poin...

Page 2141: ...a facility 8 severity in which facility is local7 by default and the range of severity is 0 to 7 Table 68 details the value and meaning associated with each severity Note that there is no space betwee...

Page 2142: ...to the Console on page 2142 Optional Setting to Output System Information to a Monitor Terminal on page 2144 Optional Setting to Output System Information to a Log Host on page 2145 Optional Setting t...

Page 2143: ...rity Enabled disabled Severity Console default all modules Enabled warnings Enabled debuggin g Enabled debuggin g Monitorin g terminal default all modules Enabled warnings Enabled debuggin g Enabled d...

Page 2144: ...through which system information can be output to a monitor terminal info center monitor channel channel number channel name Optional System information is output to the monitor terminal by default w...

Page 2145: ...number channel name debug level severity state state log level severity state state trap level severity state state Optional Refer to Table 71 for the output rules of the system information Configure...

Page 2146: ...with channel 4 known as logbuffer as the default channel and a default buffer size of 512 Configure the output rules of the system information info center source module name default channel channel n...

Page 2147: ...ate trap level severity state state Optional Refer to Table 71 for the output rules of the system information Configure the format of the timestamp info center timestamp debugging log trap boot date n...

Page 2148: ...tion input If the input is interrupted by system output no system prompt will be made rather only your input will be displayed in a new line Displaying and Maintaining Information Center To do Use the...

Page 2149: ...rap and debug information of all modules to the log host Sysname info center source default channel loghost debug state off log state off trap state off c CAUTION As the default system configurations...

Page 2150: ...nd the accepted severity of log information specified by the etc syslog conf file must be identical to those configured on the device using the info center loghost or info center source command otherw...

Page 2151: ...2 0 1 16 to be the log host set the severity to informational and the source modules to be all modules Sysname info center loghost 1 2 0 1 facility local7 Sysname info center source default channel lo...

Page 2152: ...ding log information to the console Configuration procedure Enable information center Sysname system view Sysname info center enable Specify the channel to output log information to the console option...

Page 2153: ...log information on a monitor terminal Sysname terminal monitor Current terminal monitor is on Sysname terminal logging Current terminal logging is on After the above configuration takes effect if the...

Page 2154: ...2154 CHAPTER 119 INFORMATION CENTER CONFIGURATION...

Page 2155: ...Shortcut Keys for Starting Terminal Sessions Aborting Tasks on page 2164 Sending Messages to the Specified User Interface s on page 2164 Releasing the Connection Established on the User Interface s o...

Page 2156: ...is then followed by n 2 to represent the AUX port and then n 3 to represent VTY 1 and so on n The numbering approach numbers the four types of user interfaces in the sequence of Console port TTY AUX p...

Page 2157: ...Optional Releasing the Connection Established on the User Interface s on page 2164 Optional Task Remarks To do Use the command Remarks Enter system view system view Enter user interface view user inte...

Page 2158: ...imeout minutes seconds Optional 10 minutes by default Set the number of lines displayed on the next screen screen length screen length Optional 24 lines of data is displayed on the next screen by defa...

Page 2159: ...in case a problem occurs Configuring User Privilege Level You can restrict a user to use only a subset of all the system commands through settings on two aspects user interface level and user level I...

Page 2160: ...ser interface view user interface first num1 last num1 aux console tty vty first num2 last num2 Configure user s privilege level under the current user interface user privilege level level Optional By...

Page 2161: ...se steps to configure redirection on asynchronous serial interfaces To do Use the command Remarks Enter system view system view Enter VTY user interface view user interface first num1 last num1 vty fi...

Page 2162: ...the login fails when users relog in through other user interfaces such as the Console user interface they can log in without entering the password If you specify the authentication mode as scheme then...

Page 2163: ...ntication password is set by default To do Use the command Remarks Enter system view system view Enter user interface view user interface first num1 last num1 aux console tty vty first num2 last num2...

Page 2164: ...hortcut key for aborting tasks escape key default character Optional The default shortcut key combination for aborting tasks is Ctrl C To do Use the command Remarks Send messages to the specified user...

Page 2165: ...face this device is connected and to which VLAN the interface belongs A MAC address table is consists of two types of entries static and dynamic Static entries are manually configured and never age ou...

Page 2166: ...dresses an Ethernet Port or Aggregation Port Group Can Learn on page 2168 Configuring MAC Address Entries Follow these steps to add modify or remove entries in the MAC address table Disabling Global M...

Page 2167: ...to retain outdated entries and fail to accommodate latest network changes a short interval may result in removal of valid entries and hence unnecessary broadcasts which may affect device performance F...

Page 2168: ...ct on the current port only If you enter aggregation port group view the following configuration takes effect on all ports in the aggregation group Enter aggregation port group view port group aggrega...

Page 2169: ...fc35 dc71 for port Ethernet 1 0 in VLAN 1 Configuration procedure Add a static MAC address entry Sysname system view Sysname mac address static 00e0 fc35 dc71 interface ethernet 1 0 vlan 1 Set the agi...

Page 2170: ...2170 CHAPTER 121 MAC ADDRESS TABLE MANAGEMENT CONFIGURATION...

Page 2171: ...automatically obtain and execute the configuration files In this way automatic configuration can be implemented greatly reducing the workload of administrators How Automatic Configuration Works The f...

Page 2172: ...tion through DHCP When a device starts up without loading the configuration files the system automatically configures the interface which is UP for example a virtual interface corresponding with the d...

Page 2173: ...ponse the device should obtain its host name first and then requests for the configuration file corresponding with the host name The device can obtain its host name in two ways obtaining the intermedi...

Page 2174: ...ration files If the device successfully obtains the configuration files it removes the temporary configurations and executes the obtained configuration files otherwise it removes the temporary configu...

Page 2175: ...this document varies with devices PoE Overview Introduction to PoE Power over Ethernet PoE means that power sourcing equipment PSE supplies power to powered devices PD such as IP telephone wireless LA...

Page 2176: ...re standard PDs and nonstandard PDs A standard PD refers to the one that complies with IEEE 802 3af The PD that is being powered by the PSE can be connected to other power supply unit for redundancy b...

Page 2177: ...er under the same PoE interface The PSE applies power to a PoE interface in the following two modes For a device with only signal cables power is supplied over signal cables For a device with spare ca...

Page 2178: ...interface is 15 400 milliwatts Configure the PoE mode for the PoE interface poe mode signal spare Optional By default the PoE mode is signal power over signal cables Configure a description for the P...

Page 2179: ...priority policy the PSE with a lower priority is first disconnected to guarantee the power supply to the new PSE with a higher priority when the PoE power is overloaded The power priority levels of P...

Page 2180: ...l to set the priority of the PoE interface to critical Otherwise you can succeed in setting the priority to critical this PoE interface will preempt the power of other PoE interfaces with a lower prio...

Page 2181: ...he PSE processing software and reloads it When the PSE processing software is damaged in this case you can execute none of PoE commands successfully you can upgrade the PSE processing software in full...

Page 2182: ...the PSE to Detect Nonstandard PDs There are standard PDs and nonstandard PDs Usually the PSE can detect only standard PDs and supply power to them The PSE can detect nonstandard PDs and supply power...

Page 2183: ...ay the mapping between ID module and slot of all PSEs display poe device Available in any view Display the power state and information of the specified PoE interface display poe interface interface ty...

Page 2184: ...tEthernet3 1 poe enable Sysname GigabitEthernet3 1 quit Sysname interface gigabitethernet 3 2 Sysname GigabitEthernet3 2 poe enable Sysname GigabitEthernet3 2 quit Sysname interface gigabitethernet 5...

Page 2185: ...ation file to a PoE interface fails Analysis Some configurations in the PoE configuration file are already configured Some configurations in the PoE configuration file do not meet the configuration re...

Page 2186: ...2186 CHAPTER 123 POE CONFIGURATION...

Page 2187: ...ata status information and control information OAP module configuration on the router includes the following Switch of the Interface on an OAP Module on page 2187 Resetting an OAP Module on page 2188...

Page 2188: ...g the OAP module by pressing the reset button on the OAP module n Only users at management level can execute this command c CAUTION Reset of the OAP module may cause data loss and service interruption...

Page 2189: ...et of software hardware interfaces to allow the boards cards or devices of other manufacturers to be plugged or connected to these legacy networking devices for cooperating to handle these services Th...

Page 2190: ...ting switching component shown in Figure 639 by implementing the following functions Mirroring and redirecting the traffic on the ACFP server to the ACFP client Permitting denying the traffic from the...

Page 2191: ...cooperation policy after reboot Currently supported context ID type The location of the context ID in the packet may vary with ACFP servers An ACFP server may support multiple types of context IDs The...

Page 2192: ...or redirected to an ACFP client It can be 0 meaning context exchange is not supported After the interface connected to the ACFP client is specified in the policy sent the ACFP server assigns it a glob...

Page 2193: ...e starting source port number and less than the ending source port number Starting source port number Ending source port number Destination IP address Inverse mask of destination IP address Destinatio...

Page 2194: ...cluding queuing LR and WRED weighted random early detection CBQ does not belong to Layer 2 QoS processing but not any other service processing such as non Layer 2 QoS processing and non QoS service pr...

Page 2195: ...ent info client id Available in any view Display the configuration information of an ACFP policy display acfp policy info client client id policy index dest interface interface type interface number i...

Page 2196: ...ser to send information to Device where the client index and policy index is 1 the policy inbound interface is Ethernet 1 2 by setting the node h3cacfpPolicyInIfIndex the policy destination interface...

Page 2197: ...cMAC the source IP mask is 255 255 255 0 by setting the node h3cAcfpRuleSrcIPMask and the other parameters adopt the default values Apply Configure the ACFP rule through MIB browser to send informatio...

Page 2198: ...2198 CHAPTER 125 ACFP CONFIGURATION...

Page 2199: ...Architecture OAA The collaborating IDS Intrusion Detection System cards or IDS devices serves as the ACFP clients which run applications of other vendors and support the IPS Intrusion Prevention Syste...

Page 2200: ...ient to multicast the registration requests with the multicast MAC address being 010F E200 0021 You cannot set this timer The monitoring timer is used to periodically trigger the ACSEI client to send...

Page 2201: ...emarks Enter system view system view Enable the ACSEI server function acsei server enable Required Enter ACSEI view acsei server Required Configure the monitoring timer acsei timer monitor seconds Opt...

Page 2202: ...s enabled once it is installed and by default ACSEI client starts up with the startup of the module system You can modify the default settings through the following commands Modifying the default star...

Page 2203: ...ears To do Use the command Remarks Configure not to start up ACSEI client automatically when the system is started up chkconfig acseid off Required By default ACSEI client installed on the OAP module...

Page 2204: ...mmand Remarks Switch to the Linux system of the OAP module from the command line interface of the device oap connect slot slot number Required Available in user view Start up ACSEI client service acse...

Page 2205: ...are the changes of the ACSEI client Displaying and Maintaining ACSEI Client Stop ACSEI client service acseid stop Optional This operation is available in the Linux system of the OAP module To do Use t...

Page 2206: ...2206 CHAPTER 126 ACSEI CONFIGURATION...

Page 2207: ...configuration A detection module probes a Reaction entry and informs the Track module of the probe result The Track module then changes the status of the Track object accordingly If the probe of the...

Page 2208: ...k object changes to negative and the priority of the router thus decreases by a specified value allowing a higher priority router to become the master to maintain proper communication between the host...

Page 2209: ...c route the static route and the specified Track object are associated directly for a nonexistent static route the system creates the static route and then associates it with the specified Track objec...

Page 2210: ...licy Routing you need to create a policy or a policy node and configure the match rules as well Configuration procedure Follow these steps to configure the Track Policy Routing collaboration To do Use...

Page 2211: ...invalid state it indicates that the Track object association does not take effect yet each interface keeps its original forwarding state After the configuration if the status of the Track object turns...

Page 2212: ...645 Network diagram for VRRP Track NQA collaboration configuration Configuration procedure 1 Configure the IP address of each interface as shown in Figure 645 2 Configure an NQA test group on Router A...

Page 2213: ...p RouterA interface ethernet 1 0 RouterA Ethernet1 0 vrrp vrid 1 virtual ip 10 1 1 10 Set the priority of Router A in standby group 1 to 110 RouterA Ethernet1 0 vrrp vrid 1 priority 110 Set the authen...

Page 2214: ...rnet1 0 display vrrp verbose IPv4 Standby Information Run Method VIRTUAL MAC Virtual IP Ping Enable Interface Ethernet1 0 VRID 1 Adver Timer 5 Admin Status UP State Master Config Pri 110 Run Pri 110 P...

Page 2215: ...Track Object 1 Pri Reduced 30 Virtual IP 10 1 1 10 Master IP 10 1 1 2 Display detailed information about standby group 1 on Router B when there is a fault on the link between Router A and Router C Ro...

Page 2216: ...2216 CHAPTER 127 TRACK CONFIGURATION...

Page 2217: ...ng success and connection control are provided by the protocol at the layer above IPX Any IPX packet is considered an independent entity that is not related to any other IPX packets logically or seque...

Page 2218: ...t needs to locate a server To do so the client broadcasts a Get Nearest Server GNS request At least one router or server can give a A SAP response which contains information such as packet type servic...

Page 2219: ...address as the node address Therefore you need not specify a node address when enabling IPX An interface can only have one network number If the IPX network number of an interface is deleted its IPX...

Page 2220: ...currently active routes the system will turn the excessive active routes into inactive routes if the number of newly configured equivalent routes is bigger than the number of currently active routes a...

Page 2221: ...lated parameters or service information based on actual network requirements Configuring IPX SAP updating feature Configuring GNS response of IPX SAP Configuring IPX service information Configuration...

Page 2222: ...NetWare server is available on the client s network the connected router will respond You can configure a router to respond to a SAP GNS request with Nearest server namely the nearest server which has...

Page 2223: ...items does not limit the amount of static service information but the amount of dynamic service information If the newly configured queue length is less than the original length the table items in the...

Page 2224: ...cket is used in NetBIOS You can either prohibit or permit the forwarding of type 20 broadcast packets based on the actual requirements Follow these steps to configure IPX triggered updating feature To...

Page 2225: ...an access these services through the IPX network To do Use the command Remark Ping an IPX network to check connectivity ping ipx network node c count t timeout s size Required Available in any view Op...

Page 2226: ...ernet_II RouterA Ethernet1 1 ipx encapsulation ethernet 2 Sysname Ethernet1 1 quit Enable IPX on the interface Ethernet 1 0 with the network ID being 1000 RouterA interface ethernet 1 0 RouterA Ethern...

Page 2227: ...on IPX forwarding failure Symptom 1 IPX can not go up on a PPP link Solution Confirm whether network IDs of both ends of the link are the same Reconfigure them if they are different Confirm whether no...

Page 2228: ...lays that the type 20 packet is discarded and the prompt is Transport Control field of IPX type 20 packet 8 it indicates the IPX type 20 packet can only be forwarded 8 times If the upper limit is reac...

Page 2229: ...tination server Use the display ipx interface command to ensure that the interface is UP and SAP is enabled Use the display ipx routing table to ensure that the active route to the server has a hop nu...

Page 2230: ...o the interface will not periodically broadcast update packets If no SAP packets are sent out the interface check whether all service information is learnt from the interface If so split horizon may b...

Page 2231: ...the static route takes effect and to check whether the next hop address is not specified or not correct on the non PPP interface Symptom 2 The router received a route from a neighbor router but the ro...

Page 2232: ...2232 CHAPTER 128 IPX CONFIGURATION...

Page 2233: ...Figure 647 VoIP system In Figure 647 the VoIP gateway provides interfaces for communication between the IP network and PSTN integrated services digital network ISDN users connect to the originating Vo...

Page 2234: ...onnection the calling party and called party negotiate the encoding decoding method for the call and voice data is transferred through real time protocol RTP The RTP voice channel is used to transfer...

Page 2235: ...s hard to recognize a busy tone feature according to a fixed threshold With the smart busy tone identification technology the VoIP gateway can sample calculate and analyze the busy tone played by the...

Page 2236: ...n for the dial plan If no proceed with the steps below Dial Plan in Voice Volume 4 Configure POTS entity and VoIP entity VoIP in Voice Volume 5 Configure related voice subscriber lines for voice entit...

Page 2237: ...r receive transmit E M analog voice subscriber line namely E M interface E M interfaces support analog E M signaling and divide each voice connection into trunk circuit side and signaling unit side si...

Page 2238: ...MCU and terminals According to the ITU T specifications the gatekeeper GK should provide H 323 terminals gateway or MCU in LANs or WANs with the following functions Address translation Access permiss...

Page 2239: ...communication process signal format control signaling and error correction of Group 3 facsimile terminals on the general switched telephone network T 4 is a standard protocol used for document transmi...

Page 2240: ...view and sub function view s under function views Figure 650 shows the command view structure of the voice router Figure 650 Hierarchical command view structure of the voice router Table 74 Basic func...

Page 2241: ...y in subscriber line 3 0 in voice view quit Return to voice view Voice entity view Configure voice entity system voice di al entity1 Key in entity 1 pots or entity 1 voip in voice dial program view qu...

Page 2242: ...2242 CHAPTER 129 VOICE OVERVIEW...

Page 2243: ...r an IP data network In a narrow sense VoIP refers to a way to carry the voice service over an IP data network The well known IP phone is a typical VoIP application Table 75 makes a comparison between...

Page 2244: ...2244 CHAPTER 130 VOIP OVERVIEW...

Page 2245: ...61 Configuring Adjustment Functions on page 2261 n This chapter covers the configuration of analog FXS FXO and E M voice subscriber lines Unless otherwise specified the voice subscriber line hereinaft...

Page 2246: ...is enabled on the device P if CID is disabled on the device O if the terminating PBX fails to obtain the calling number e g the originating PBX end does not send it The FXS voice subscriber line send...

Page 2247: ...ow levels composing a busy tone signal i e the common called make break ratio Different countries or regions have different specifications about the duty ratio of a busy tone The national standard of...

Page 2248: ...be used Besides there are 2 or 4 signaling wires Therefore 4 wire analog E M actually has 6 wires The 2 wire mode provides full duplex voice transmission and voice is transmitted in two directions on...

Page 2249: ...communication Figure 654 Wink start mode Configuration Task List The voice subscriber line configuration involves the following tasks Calling side E M Called side M E Pick up the phone requesting for...

Page 2250: ...ne ringback tone special dial tone waiting tone amplitude value Optional By default the amplitude of busy tone and congestion tone is 1000 that of dial tone and special dial tone is 400 and that of ri...

Page 2251: ...Configuring FXS Voice Subscriber Line Configuration Prerequisites The router is equipped with an FXS interface card The basic functions of the FXS voice subscriber lines are configured Configuring CI...

Page 2252: ...c functions of FXO voice subscriber lines are configured Enabling Calling Number Receiving and Sending Follow these steps to enable calling number receiving and sending Configure the message format ci...

Page 2253: ...correctly resulting in on hook failures or wrong on hooks By adjusting the time threshold of busy tone detection you can make the busy tone detection more precise Follow these steps to configure the b...

Page 2254: ...sed owing to busy tone detection failure when the busy tone parameters provided by the connected PBX are special When the signal amplitude between two successive sampling points is less than the silen...

Page 2255: ...Off Hook Mode There are two off hook modes after the FXO voice subscriber line receives ringing Immediate mode In this mode when a call arrives the FXO interface goes off hook immediately and then the...

Page 2256: ...The on hook off hook state between the bound FXS and FXO voice subscriber lines is consistent If an FXS voice subscriber line goes off hook the calling party will hear busy tones when the correspondi...

Page 2257: ...able the private line auto ring down PLAR function for the bound FXS voice subscriber line private line string Required Disabled by default Configure an interval between on hook and off hook timer hoo...

Page 2258: ...ice subscriber line em signal immediate Required Immediate start mode by default Configure a delay before the originating side sends DTMF signals in the immediate start mode delay send dtmf millisecon...

Page 2259: ...gure the delay time from when the terminating side receives a seizure signal to when it sends a wink signal in the wink start mode delay send wink milliseconds Optional 200 milliseconds by default Con...

Page 2260: ...s to configure DTMF properties n The dtmf time and dtmf amplitude commands in voice view have global significance Once you carry out either of the two commands the configuration will take effect on th...

Page 2261: ...TMF detection sensitivity dtmf threshold analog index value Optional By default indexes 0 to 12 correspond to 1400 458 9 9 9 9 3 12 12 30 300 3200 and 375 respectively For meanings of these parameters...

Page 2262: ...nction on page 2264 Optional Table 77 Adjust echo duration Symptom Reason Adjustment method A user hears some echoes in conversation The echo duration is so long that the convergence time of echo canc...

Page 2263: ...vergence rate of comfort noise amplitude is 0 the maximum amplitude of comfort noise is 256 the comfort noise mixture proportion control factor is 100 and the threshold of two way talk is 1 Enter voic...

Page 2264: ...voice subscriber line view Configure the maximum interval for dialing the next digit timer dial interval seconds Optional 10 seconds by default Configure the maximum duration of playing ringback tones...

Page 2265: ...on on page 2278 VoIP Configuration Example on page 2279 Troubleshooting VoIP Configuration on page 2285 Introduction to Voice Entities The voice entity configuration involves POTS entity configuration...

Page 2266: ...enter user view Creating POTS Entity Follow these steps to create a POTS entity Task Remarks Creating POTS Entity on page 2266 Required Configuring VoIP Entity on page 2271 Required Configuring Voice...

Page 2267: ...mber template for the terminating side when the POTS entity serves as a trunk Required By default no number template is configured for the terminating side when the POTS entity serves as a trunk Bind...

Page 2268: ...t codecs payload size g711 g723 g726r16 g726r24 g726r32 g726r40 g729 time length Optional 20 milliseconds for a G 711 codec and 30 milliseconds for G 723 G 726 and G 729 codecs by default Configure vo...

Page 2269: ...g and terminating sides H3C routers support different payload type values for communication Since the implementations of different manufacturers may differ different payload type values may result in...

Page 2270: ...at G 711 codec does not support VAD To do Use the command Remarks Enter system view system view Enter voice view voice setup Enter voice dial program view dial program Create a POTS entity and enter P...

Page 2271: ...2274 Optional Configuring VAD on page 2274 Optional Configuring Options Related to Dial Plan on page 2261 Optional To do Use the command Remarks Enter system view system view Enter voice view voice s...

Page 2272: ...s codec for communication Enter voice dial program view dial program Create a VoIP entity and enter VoIP entity view entity entity number voip Configure the codec on basis of the priority levels compr...

Page 2273: ...ip called start and voip called tunnel enable commands Follow these steps to enable fast connection and tunneling on the terminating GW To do Use the command Remarks Enter system view system view Ente...

Page 2274: ...nsmission with tunneling enabled in the fast connection mode Configuring VAD Follow these steps to configure VAD Enable tunneling on the terminating GW voip called tunnel enable Optional Enabled by de...

Page 2275: ...that G 711 codec does not support VAD To do Use the command Remarks Enter system view system view Enter voice view voice setup Enter voice dial program view dial program Create a VoIP entity and enter...

Page 2276: ...different from the default values to specify suitable voice parameters for these voice entities one by one will waste much time In this case you can use the default command to generate new default va...

Page 2277: ...by the command command as the default value of default and configure voice entity 1 with parameter B voice entity 2 with the default A and voice entity 3 with parameter C Figure 657 Take the system f...

Page 2278: ...Optional Not enabled by default Configure the default global codec default entity compression 1st level 2nd level 3rd level 4th level g711alaw g711ulaw g723r53 g723r63 g726r16 g726r24 g726r32 g726r40...

Page 2279: ...n information of different types of voice entities display voice entity all mark entity tag pots voip Available in any view Display voice subscriber line information display voice subscriber line line...

Page 2280: ...late 0101002 RouterA voice dial entity1002 line 1 1 2 Configure Router B Configure the VoIP entity to Router A RouterB system view RouterB voice setup RouterB voice dial program RouterB voice dial ent...

Page 2281: ...uterA voice dial entity1001 match template 0101001 RouterA voice dial entity1001 line 1 0 2 Configure Router B RouterB system view RouterB voice setup RouterB voice dial program RouterB voice dial ent...

Page 2282: ...ably used to make calls over the IP network When the IP network is unavailable the POTS entity is used to make calls via the bound FXO voice subscriber line Configuration procedure n Router A and Rout...

Page 2283: ...sysname voice dial select rule type first 2 1 3 2 Configure Router B Sysname system view Sysname voice setup Sysname voice dial program Configure a VoIP entity for IP calls and set the match template...

Page 2284: ...rogram sysname voice dial select rule type first 1 2 3 Configure Router B with the POTS preferred and the other configurations remaining unchanged Sysname system view Sysname voice setup Sysname voice...

Page 2285: ...erA voice dial entity1001 outband h225 2 Configure Router B Configure the VoIP entity RouterB system view RouterB voice setup RouterB voice dial program RouterB voice dial entity 010 voip RouterB voic...

Page 2286: ...fault through busy tone check Solution If the PBX works in North American Standard while the router works in Europe Standard by default change into North American Standard for the router by using the...

Page 2287: ...tion 2287 Detect busy tone following the steps for the automatic busy tone detection If failed it may be that the operation of checking busy tone parameter failed Repeat above operations until the bus...

Page 2288: ...2288 CHAPTER 132 VOICE ENTITY CONFIGURATION...

Page 2289: ...s increasingly important A dial plan can help voice gateways to manage numbers in a unified way and create a management policy for all numbers making number management more convenient and reasonable T...

Page 2290: ...entity based on the voice entity selection priority rules and substitutes the calling called number 4 The gateway initiates a call to the called side and sends the calling called number On the called...

Page 2291: ...They are not restricted to a language or system and have been widely accepted When using a regular expression you need to construct a matching pattern according to certain rules and then compare the...

Page 2292: ...configure a number substitution rule list and then define specific number substitution rules dot match rules and preferred number substitution rules for the list Finally you can apply these substituti...

Page 2293: ...Follow these steps to configure a calling number permitted to call in n The calling string argument is in the format of string For specific meanings of these symbols in the format refer to Dial Plan...

Page 2294: ...ithout processing the last four digits 0011 If the router is configured to use the longest match mode it will match match template 01066880011 Namely the router will establish a call connection to 010...

Page 2295: ...for different types of voice entities VoIP POTS and VoFR The voice gateway matches a voice entity according to the priorities of different types of voice entities Voice entity selection priority rules...

Page 2296: ...iority priority order Optional 0 by default Exit voice entity view quit Configure voice entity type selection priority rules select rule type first 1st type 2nd type 3rd type Optional By default voice...

Page 2297: ...onnection set The parameters include a set label and the maximum number of call connections 2 Bind the maximum call connection set to voice entities By comparing the maximum number of call connections...

Page 2298: ...ities The voice gateway substitutes the calling called number based on the number substitution rule lists bound to the voice entity Number substitution on a specific subscriber line The voice gateway...

Page 2299: ...ay no number substitution is performed To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter voice view voice setup Enter voice dial program view dial program...

Page 2300: ...ities Configuration Procedure Follow these steps to configure a number sending mode To do Use the command Remarks Enter system view system view Enter voice view voice setup Enter voice dial program vi...

Page 2301: ...ty number pots Required Configure a number sending mode send number digit number all truncate Required By default the truncate mode is used Bind a number template to the local voice entity match templ...

Page 2302: ...igure 667 Network diagram for a voice dial plan Configuration idea The PBX calling side at place B changes the called number to an intermediate number The PBX called side at place A changes the receiv...

Page 2303: ...ace to 1 1 1 1 RouterA system view RouterA interface ethernet 0 0 RouterA Ethernet0 0 ip address 1 1 1 1 255 255 255 0 RouterA Ethernet0 0 quit Configure a number substitution rule list for called num...

Page 2304: ...ule rule order 1 4 command can implement load sharing Since the first rule exact match cannot distinguish the priority between Router B and Router C Router A will use the fourth rule longest idle time...

Page 2305: ...0 RouterB Ethernet ip address 1 1 1 2 24 RouterB Ethernet quit Configure POTS entities RouterB voice setup RouterB voice dial program RouterB voice dial entity 1000 pots RouterB voice dial entity 100...

Page 2306: ...scriber voice gateways Router A and Router B in a city To prevent the trunk lines from being totally occupied by either subscriber voice gateway you must restrict the number of calls respectively orig...

Page 2307: ...terface ethernet 2 0 RouterB Ethernet ip address 1 1 1 2 24 RouterB Ethernet quit Configure a VoIP entity RouterB voice setup RouterB voice dial program RouterB voice dial entity 1000 voip RouterB voi...

Page 2308: ...ber all RouterC voice dial entity 1000 quit RouterC voice dial entity 1001 pots RouterC voice dial entity 1001 match template 010 RouterC voice dial entity 1001 line 1 1 RouterC voice dial entity 1001...

Page 2309: ...fer in these aspects E1 adopts A law coding decoding of 13 segment but T1 adopts m law coding decoding of 15 segment Each PCM primary frame of E1 contains 32 timeslots but T1 s contains 24 timeslots E...

Page 2310: ...g or digital LGS signaling When R2 signaling is adopted every 32 timeslots form a primary frame PCM30 for example where TS0 is used for frame synchronization TS16 for digital line signaling and other...

Page 2311: ...l E M interface with digital LGS signaling a digital FXO or FXS interface n Like VE1 voice interface cards VT1 voice interface cards also have the properties of voice subscriber lines When working in...

Page 2312: ...nex A 5 3K and 6 3K in ITU standards E1 and T1 Configuration Task List Complete these tasks to configure E1 and T1 n The router supports the VE1 VT1 voice interface card and a VE1 VT1 voice interface...

Page 2313: ...lly you cannot set the clock source for all interfaces in a system to internal This is to prevent frame slips and bit errors You can do this however if the remote E1 T1 interfaces adopt the line clock...

Page 2314: ...ptional By default the internal clock is used as the TDM clock source To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter E1 interface view controller e1 sl...

Page 2315: ...ource for the T1 interface tdm clock internal line primary Optional By default the internal clock is used as the TDM clock source To do Use the command Remarks Enter system view system view Enter T1 i...

Page 2316: ...VoIP Overview on page 2243 Configuration Prerequisites Complete basic parameters configuration for the VE1 VT1 interface you are working with Configuring Basic Functions for the Voice Subscriber Line...

Page 2317: ...fxo ground fxo loop fxs ground fxs loop r2 Required Exit E1 T1 interface view quit Enter voice view voice setup Enter voice subscriber line view subscriber line slot number ts set number Configure a D...

Page 2318: ...cellation nlp on Optional Enabled by default To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter E1 T1 interface view controller e1 t1 slot number Create a...

Page 2319: ...originating PBX are called forward signals and those sent by the terminating PBX are called backward signals as shown in Figure 671 Enable the private line auto ring function private line string Optio...

Page 2320: ...ling interaction procedures Call establishment When the trunk circuit is idle the originating point sends a forward seizure signal to the terminating point The terminating point then Telephone PSTN Te...

Page 2321: ...nt releases the call The terminating point sends a clear back signal 11 After the originating point receives the clear back signal it sends a clear forward signal 10 After the terminating point recogn...

Page 2322: ...point sends the forward signal 10 and the terminating point responds with the signal 10 At this time the trunk circuit regains normal state Troubleshooting during conversation After the terminating p...

Page 2323: ...ation Basic Meaning A 1 Send next digit A 2 Send last but one digit A 3 Address complete changeover to reception of Group B signals A 4 Congestion in the national network terminate interregister signa...

Page 2324: ...transmission for international use II 9 Subscriber with priority for international use II 10 Operator with forward transfer facility for international aid use II 11 through II 15 Spare for national u...

Page 2325: ...ormation A 5 Send calling number digit1 I 1 Request calling party information A 5 Send calling number digit2 I 2 Request calling party information A 5 Send calling number digit3 I 3 Send number termin...

Page 2326: ...controller e1 t1 slot number Create a TS set and enable R2 signaling for it timeslot set ts set number timeslot list timeslots list signal r2 Required Enter R2 CAS view cas ts set number Enable the t...

Page 2327: ...ircuits of a timeslot or a range of timeslots Configure the delay before sending DTMF signals timer dtmf time Optional The default is 50 milliseconds You must configure the dtmf enable command before...

Page 2328: ...metering enable Optional Disabled by default Enable the terminating point to send seizure acknowledgement signal seizure ack enable Optional Enabled by default Configure the ABCD bit pattern for each...

Page 2329: ...r2 Required Enter R2 CAS view cas ts set number Enable the terminating point to request calling party information ani all ka Optional Disabled by default Configure the number of digits that should be...

Page 2330: ...it end nullnum req billingcategory req callednum and switchg roupa req callingcategory req currentcallednum in group c req currentdigit req firstcallednum in groupc req firstcallingnum req firstdigit...

Page 2331: ...mmediate start mode Follow these steps to configure the immediate start mode n For the timer dial interval timer wait digit timer ring back delay and delay send dtmf commands refer to VoIP Overview on...

Page 2332: ...e sending a delay signal after it detects a seizure signal delay rising millseconds Optional 300 milliseconds by default To do Use the command Remarks Enter system view system view Enter E1 T1 interfa...

Page 2333: ...ue received idle ABCD Optional 1101 by default Configure the ABCD bit pattern of receive seized signal signal value received seize ABCD Optional 0101 by default Configure the ABCD bit pattern of trans...

Page 2334: ...e m wink Required Enter digital E M signaling view cas ts set number Query the trunk circuits of a timeslot or a range of timeslots ts query timeslots timeslots list Optional To do Use the command Rem...

Page 2335: ...cted to a PBX with an E1 subscriber line on which digital E M signaling in the delay start mode travels The one stage dialing mode is configured on the two routers Network diagram Figure 676 Network d...

Page 2336: ...h template for the POTS voice entity RouterA voice dial entity1003 match template 0101003 Associate the POTS voice entity with FXS subscriber line 3 0 RouterA voice dial entity1003 line 3 0 RouterA vo...

Page 2337: ...0 quit Create a TS set on interface E1 1 1 RouterB system view RouterB controller e1 1 1 RouterB E1 1 1 timeslot set 1 timeslot list 1 31 signal e m delay RouterB E1 1 1 quit Create a POTS voice entit...

Page 2338: ...Router A and Router B across an IP network as shown in the network diagram In City A Router is connected to a PBX with an E1 subscriber line and to the telephone at 0101003 with an FXS voice subscribe...

Page 2339: ...te a POTS voice entity for the ISDN PRI interface RouterA voice dial entity 1001 pots Configure a target match template pointing to telephone number 010 1001 for the POTS voice entity RouterA voice di...

Page 2340: ...he ISDN PRI interface RouterB voice setup RouterB voice dial program RouterB voice dial entity 2001 pots Configure a target match template pointing to telephone number 0755 2001 for the POTS voice ent...

Page 2341: ...STN Symptom With R2 signaling adopted the router cannot establish connection with the subscriber at the switch side Solution Do the following Use display current configuration command to check that th...

Page 2342: ...2342 CHAPTER 134 E1 AND T1 CONFIGURATION...

Page 2343: ...dopts the signal digitizing technology Image signals are digitized and compressed internally then converted into analog signals via a Modem and finally transmitted into the PSTN switch via common subs...

Page 2344: ...the router demodulates analog signals from PSTN into digital signals or modulates digital signals from the IP network into analog signals but does not need to compress fax signals A real time fax pro...

Page 2345: ...utomatic repeat request ARQ function and transmit fax packets in the format of HDLC frames On the contrary the fax machines using non ECM cannot correct errors and they transmit fax packets in the for...

Page 2346: ...uration procedure Follow these steps to configure fax capability transmission mode Configuring Maximum Fax Rate You can configure the maximum fax rate according to the fax protocols If the baud rate i...

Page 2347: ...mission rate by comparing the received training result with its own training result The point to point protocol PPP training means that the gateways do not participate in the rate training between two...

Page 2348: ...e local training mode is adopted use the fax local train threshold command to configure the threshold When the PPP training mode is adopted the gateway does not participate in rate training and the fa...

Page 2349: ...uring the passthrough mode The fax passthrough technology was primarily developed for the purpose of compressing and transmitting T 30 fax packets that cannot be demodulated through packet switching n...

Page 2350: ...11 law In addition the voice activity detection VAD function must be disabled to avoid a fax failure when the fax passthrough function is enabled You can implement the fax passthrough function on the...

Page 2351: ...Remarks To do Use the command Remarks Enter system view system view Enter voice view voice setup Enter voice dial program view dial program Configure the transmit energy level of the gateway carrier...

Page 2352: ...m At the headquarters in City B the number 07552001 is attached to the FXS voice subscriber line connected to the fax machine and 07552002 to the subscriber line connected to the Modem The IP addresse...

Page 2353: ...A voice dial entity1002 match template 0101002 RouterA voice dial entity1002 line 1 0 2 Configure Router B RouterB system view RouterB voice setup RouterB voice dial program RouterB voice dial entity...

Page 2354: ...2354 CHAPTER 135 FAX OVER IP CONFIGURATION...

Page 2355: ...specifies the components protocols and procedures that provide multimedia communication services over packet networks that does not provide guaranteed quality of service QoS such as IP It has long be...

Page 2356: ...the following table Table 89 Major RAS messages Category Message Registration RRQ Registration_Request RCF Registration_Confirm RRJ Registration_Reject Unregistration URQ Unregister_Request UCF Unregi...

Page 2357: ...ction on the router at command line interface CLI They interact with gatekeepers by sending H 225 0 RAS messages In the current implementation gatekeepers are usually deployed on SUN stations or serve...

Page 2358: ...ration either the endpoint or the gatekeeper sends an Unregister_Request URQ message However it is up to the gatekeeper to determine whether to cancel registration while the endpoint can only replies...

Page 2359: ...the calling endpoint indicating its status for example ringing The endpoint may not send this message Connection If the called endpoint accepts the call it must send a connect message Capability Nego...

Page 2360: ...irm the request Figure 684 shows the call setup flow and disconnection flow in which gatekeepers are involved Figure 684 Call setup flow and disconnection flow in which gatekeepers are involved H 323...

Page 2361: ...ed during the whole register process To do Use the command Remarks Enter system view system view Enter voice view voice setup Configure an H 323 descriptor voip h323 descriptor descriptor Optional The...

Page 2362: ...an it return the call accept message to the called gateway Configuration prerequisites Complete the required basic H 323 gateway configurations except for the ras on command The ras on command is used...

Page 2363: ...and the area ID is 1 On City B router A loopback interface is used as an H 323 gateway interface and assigned the IP address of 2 2 2 2 The gateway alias is cityb gw Other configurations are the same...

Page 2364: ...voice gk gk id gk center gk addr 3 3 3 3 1719 Configure the area ID RouterA voice gk area id 1 Originate registration to the GK RouterA voice gk ras on 2 Configure Router B Create a VoIP entity Route...

Page 2365: ...e GK RouterB voice gk ras on Troubleshooting Symptom The gateway failed in registering with the gatekeeper Solution Check that 1 The gateway and the gatekeeper can communicate with each other on the n...

Page 2366: ...2366 CHAPTER 136 H 323 CONFIGURATION...

Page 2367: ...on value added service platform to deliver better value added services to telecom carriers banks and financial organizations SIP is used for initiating sessions It sets up and terminates a multimedia...

Page 2368: ...rver is a device that forwards session requests to a called UA on behalf of a calling UA a SIP endpoint and responds to the calling UA on behalf of the called UA When the proxy server receives a reque...

Page 2369: ...media parameters to be used by a called endpoint In a message exchange process each SIP endpoint carries such information in transmitted messages so that all other participants can learn about its ca...

Page 2370: ...e class of a response and the last two digits describe the response message in more detail Table 90 lists the status codes of response messages SIP Fundamentals Registration In a complete SIP system a...

Page 2371: ...elephone A dials the number of Telephone B 2 Upon receipt of the call Router A sends a session request INVITE to the proxy server 3 The proxy server consults its database for information corresponding...

Page 2372: ...rvers and registrars Call redirection When a SIP redirect server receives a session request it sends back a response indicating the address of the called SIP endpoint instead of forwarding the request...

Page 2373: ...302 Moved Temporarily ACK Invite 100 Trying 200OK Task Remarks Configuring SIP Authentication Information on page 2374 Optional Configuring Registrar Information on SIP UA on page 2375 Required Config...

Page 2374: ...SIP client view is used c CAUTION If realm is configured on the SIP UA ensure that the value is the same as that configured on the server Otherwise the SIP UA will fail the authentication due to misma...

Page 2375: ...rogram Enter voice entity view entity entity number pots Configure SIP authentication information in POTS entity view user username password cipher simple password cnonce cnonce realm realm Required B...

Page 2376: ...A you need to configure SIP routing for VoIP entities On a network where no SIP proxy servers are present configure destination static IP addresses in VoIP entities for sending SIP messages If a SIP s...

Page 2377: ...ackets sent by the SIP UA This source IP address is usually the address of a logical interface such as a loopback interface because this type of interface is always up Configuration prerequisites The...

Page 2378: ...rsion of the user agent and server might allow the user agent and server to become more vulnerable to attacks against software that is known to contain security holes Therefore it is stipulated in RFC...

Page 2379: ...t interface To do Use the command Remarks Enter system view system view Enter voice view voice setup Enter SIP client view sip Configure the User Agent header field in a SIP request sip comp agent pro...

Page 2380: ...the Ethernet interface RouterB system view RouterB interface ethernet 1 0 RouterB Ethernet1 0 ip address 192 168 2 2 255 255 255 0 Configure voice entities RouterB Ethernet1 0 quit RouterB voice setu...

Page 2381: ...RouterA voice sip register enable on RouterA voice sip quit Configure voice entities Router1 RouterA voice dial program Router1 RouterA voice dial entity 1111 pots RouterA voice dial entity1111 line...

Page 2382: ...to SIP Routing Symptom The UA could not set up calls when the proxy server approach was adopted to SIP routing Solution Do the following Perform the display current configuration command to check for...

Page 2383: ...ort number of the remote voice gateway are correctly configured Failed to Send REGISTER Requests Symptom The UA does not send REGISTER messages Solution Do the following Perform the debugging voice si...

Page 2384: ...2384 CHAPTER 137 SIP OVERVIEW...

Page 2385: ...utilization and lowers the communication cost Fundamental VoFR Architecture Figure 692 Fundamental VoRF architecture In Figure 692 the FR supported voice gateway provides an interface between the fram...

Page 2386: ...process also involves voice codec negotiation and bandwidth request The FR supported voice gateway on the originating side requests the frame relay to establish a voice channel according to the outbo...

Page 2387: ...ression and decompression 6 After receiving the voice packets the terminating voice gateway finds the corresponding VoFR entity according to the voice channel in the FRF 11 trunk and uses the PSTN dia...

Page 2388: ...w Enter voice view voice setup Enter voice dial program view dial program Create a VoFR entity and enter VoFR entity view entity entity number vofr Configure a match template for the VoFR entity match...

Page 2389: ...raded because of the consumption of the whole bandwidth by burst data Once a call is set up successfully the bandwidth will be exclusively occupied by voice until the call is completed Voice takes pre...

Page 2390: ...ssociate the frame relay class with a frame relay interface Enter frame relay interface view interface serial interface number Use either approach By default no frame relay class is associated with a...

Page 2391: ...Use the command Remarks Enter system view system view Enter voice view voice setup Enter voice dial program view dial program Enter VoFR entity view entity entity number vofr Configure a call mode ca...

Page 2392: ...I view fr dlci dlci number Configure the VoFR CID selection mode cid select mode max poll min poll Optional By default CIDs are cyclically selected in descending order To do Use the command Remarks En...

Page 2393: ...ese steps to configure a call mode Specify the link layer protocol for interface encapsulation as frame relay link protocol fr ietf nonstandard Required By default the link layer protocol for interfac...

Page 2394: ...peer voice gateway address vofr static serial interface number dlci number cid number Required By default no channel to the peer voice gateway is configured To do Use the command Remarks Enter system...

Page 2395: ...n so that on hook could never succeed You can configure the voice gateway to discard the received voice packets the trunk wait timer length after on hook so that the party concerned can hang up succes...

Page 2396: ...Enter DLCI 100 view and set the frame relay class to VoFR for DLCI RouterA Serial2 0 fr dlci 100 RouterA fr dlci Serial2 0 100 fr class vofr Specify the call control protocol to be used on DLCI 100 a...

Page 2397: ...ei compatible dte RouterB fr dlci Serial1 0 100 quit RouterB Serial1 0 quit Configure the VoFR entity 0101001 RouterB voice setup RouterB voice dial program RouterB voice dial entity 010 vofr RouterB...

Page 2398: ...Serial 2 0 view and configure the encapsulation format RouterA interface serial 2 0 RouterA Serial2 0 link protocol fr ietf Enter DLCI 100 view and set the frame relay class to VoFR for DLCI RouterA...

Page 2399: ...B through an FRF 11 trunk by dialing 9 The PBX in City B is connected to Router B through the FXO subscriber line Telephone B 0755 2001 in City B can communicate with Telephone A in City A through an...

Page 2400: ...ce dial entity 1001 pots RouterA voice dial entity1001 match template 0101001 RouterA voice dial entity1001 line 3 0 2 Configure Router B Create a new frame relay class VoFR and set the maximum amount...

Page 2401: ...ectly communicates with Telephone B 0755 2001 attached to voice Router B in City B over a frame relay network The PC in City A and the server in City B transmit data through these two routers The IP a...

Page 2402: ...y the call control protocol to be used by DLCI 100 as Huawei compatible DTE RouterA fr dlci Serial1 0 100 vofr huawei compatible dte RouterA fr dlci Serial1 0 100 quit RouterA Serial1 0 quit Configure...

Page 2403: ...to DCE RouterB Serial1 0 fr interface type dce Configure a frame relay DLCI and set the frame relay class to VoFR RouterB Serial 0 fr dlci 100 RouterB fr dlci Serial1 0 100 fr class vofr Specify the...

Page 2404: ...5 and LAPB or use the display x25 vc command to check X 25 VC is congested Check that a voice bandwidth has been reserved for the corresponding DLCI Check that a frame relay class is configured for th...

Page 2405: ...nteracts with the user according to the configured parameters encapsulates the obtained user information and statistics into RADIUS AAA messages and sends the messages to the RADIUS server The voice g...

Page 2406: ...acknowledgment call segment 3 from the RADIUS server the terminating gateway originates a call to the called party over PSTN After receiving an Alert from PSTN the terminating gateway sends a Notific...

Page 2407: ...erver before connecting or releasing a call and directly connects or releases the call without waiting for an acknowledgment from the RADIUS server stop only The voice gateway sends an Accounting_Stop...

Page 2408: ...rding to the specific requirements For example you can set these access numbers as private line auto ring down PLAR numbers on voice subscriber lines to implement the auto dialing of access numbers n...

Page 2409: ...tion including IP address of the voice gateway voice port number calling number and card number password is configured on the RADIUS server Read through the following sections and acquaint yourself wi...

Page 2410: ...pts for card number password process and caller number process with IVR Enable the language function for the caller number process with IVR Complete the following tasks to configure voice RADIUS Task...

Page 2411: ...dual user according to the identification Therefore the accounting function can only be enabled for all one stage dialing users Before enabling the accounting function you must ensure that the RADIUS...

Page 2412: ...as authentication policies has been configured on the RADIUS server Configuration prerequisites A voice interface card for example an FXS interface card is inserted in the router Configuration proced...

Page 2413: ...a call is terminated a CDR will be generated in the following two cases no matter whether the call is connected Any of the authentication authorization and accounting functions is enabled for calls or...

Page 2414: ...es of two stage dialing process caller number process calling number authentication caller number process with IVR calling number authentication and card number password process card number password a...

Page 2415: ...Enabling Authentication Function for Two Stage Dialing Users After configuring access numbers you can enable the RADIUS authentication function for two stage dialing users Before enabling the authent...

Page 2416: ...re enabling the authorization function you must ensure that the RADIUS server and the RADIUS client can communicate with each other at the network layer and that a list of corresponding two stage dial...

Page 2417: ...rror and the user can continue to dial a number This rule applies to both card numbers and passwords Configuring Number of Digits in Card Number Password For the card number password process it is nec...

Page 2418: ...can retry in each step of this process To prevent any dial mistake from causing a failure of the entire dialing process you need to specify the maximum number of dial attempts to provide fault tolera...

Page 2419: ...Configuration prerequisites You have configured an access number and entered access number view Configuration procedure Follow these steps to configure the language options Enter dial program view dia...

Page 2420: ...an IP call users first dial the access number 12345 then select a language option and enter a card number and password as prompted and finally dial the called number if the card number password authen...

Page 2421: ...orization server and the primary accounting server RouterA radius sch1 primary authentication 1 1 1 3 1812 RouterA radius sch1 primary accounting 1 1 1 3 1813 Configure RADIUS packets to carry unquali...

Page 2422: ...o 3 RouterA voice dial anum12345 redialtimes 3 2 Configure the voice gateway Router B The configurations on Router A are basically similar to those on Router B Create a RADIUS scheme RouterB system vi...

Page 2423: ...outerB voice dial anum12345 authentication Enable the authorization function RouterB voice dial anum12345 authorization Enable the accounting function RouterB voice dial anum12345 accounting Set the n...

Page 2424: ...correctly 5 If the card number password authentication fails check that the card number and password are consistent with the ones generated on the CAMS 6 If the authorization fails check that call or...

Page 2425: ...n this case User A is immediately alerted and can pick up the phone to answer the call originated by User C the waiting call Call Hold If User A in a conversation with User B presses the flash hook th...

Page 2426: ...call to the terminating system the originating system is unable to receive a response In this case if there is another link PSTN link or VoIP link to the terminating system the originating system re...

Page 2427: ...sages of the gateway on the held party side Functions processing forwarding messages of the gateway that receives forwarding request messages namely the originating gateway Configuring Call Waiting Th...

Page 2428: ...make sure that different features have different priority levels Configuration Example The call waiting feature is enabled for the voice subscriber line of Telephone A Telephone C calls Telephone A wh...

Page 2429: ...er line of Telephone A Telephone A and Telephone B are in a conversation Telephone A can interrupt the conversation with Telephone B by performing a hookflash and place a call to Telephone C after hea...

Page 2430: ...er you enable call forwarding on a telephone you can view the corresponding operation result by using the display this command in voice subscriber line view Configuring Call Forwarding Using Command L...

Page 2431: ...no reply enable forward number number Required Disabled by default To do Use the command Remarks Enter system view system view Enter voice view voice setup Enter voice subscriber line view subscriber...

Page 2432: ...g unconditional for the voice subscriber line of Telephone B and forward the call from Telephone A to Telephone C 3000 Sysname system view Sysname voice setup Sysname voice subscriber line 2 0 Sysname...

Page 2433: ...phone C and then hangs up Now the conversation between Telephone B and Telephone C is established and the call transfer by Telephone A is completed Enable call transfer for the voice subscriber line o...

Page 2434: ...configured in POTS voice view using the priority command Telephone A calls Telephone B and Telephone B is busy In this case the hunt group service enables Telephone C to have a conversation with Tele...

Page 2435: ...t to receive any incoming call When Telephone B calls Telephone A the line between Telephone A and Telephone B is directly cleared and Telephone B hears busy tones Enter voice subscriber line view Sys...

Page 2436: ...voice setup Sysname voice subscriber line 1 0 Enable outgoing call barring and set the password to 1234 Sysname voice line1 0 dialout restriction enable password cipher 1234 Configuring FEATURE Servic...

Page 2437: ...on hook Transfer To Voicemail 441 destination None Applied only once Park 444 park_num None Applied only once Do Not Disturb Toggle 446 446 Directed Pickup 455 pwd pickup_num None Applied only once C...

Page 2438: ...d then a service feature code For example if a service feature code is 40 1234 and the match template 40 is configured for a voice entity 40 1234 dialed by a user will first match the number template...

Page 2439: ...mplate 2000 RouterA voice dial entity3000 quit RouterA voice dial entity 1000 pots RouterA voice dial entity1000 line 1 0 RouterA voice dial entity1000 match template 1000 2 Configure Router B Configu...

Page 2440: ...on 2 Telephone A performs a hookflash to put the call with Telephone B on hold 3 Telephone A calls Telephone C 3000 after hearing dial tones 4 Telephone A hangs up 5 Telephone B and Telephone C are in...

Page 2441: ...l hold RouterB system view RouterB voice setup RouterB voice subscriber line 1 0 RouterB voice line1 0 call hold enable 3 Configure Router C RouterC system view RouterC voice setup RouterC voice dial...

Page 2442: ...voice dial entity1001 line 1 1 RouterA voice dial entity1001 match template 1000 RouterA voice dial entity1001 priority 4 Enable hunt group for the voice subscriber lines RouterA voice dial entity1001...

Page 2443: ...voice dial entity2000 line 1 0 RouterB voice dial entity2000 match template 2000 3 Configure Router C Configure voice entities RouterC system view RouterC voice setup RouterC voice dial program Route...

Search results

Summary of Contents for MSR 50 Series

Reviews:

Related manuals for MSR 50 Series

Brands by name

Popular brands

3Com MSR 50 Series, Configuration Manual

Search results

Summary of Contents for MSR 50 Series

Reviews:

Related manuals for MSR 50 Series

Brands by name

Popular brands