manualshive.com logo in svg

Alcatel-Lucent 7450 ESS Series, Configuration Manual

The Alcatel-Lucent 7450 ESS Series is a powerful networking product designed for high-speed, large-scale environments. For detailed setup and configuration instructions, you can access the free Configuration Manual on our website. Simply download the manual from manualshive.com to optimize your network performance and ensure seamless operations.

Share
Download
background image

Page 432

7450 ESS OS Router Configuration Guide

tcp-ack

Syntax

tcp-ack 

{

true 

|

 false

}

no tcp-ack

Context

config>filter>ip-filter>entry

>

match

Description

This command configures matching on the ACK bit being set or reset in the control bits of the TCP 
header of an IP packet as an IP filter match criterion. Note that an entry containing L4 match criteria 
will not match non-initial (2nd, 3rd, etc) fragments of a fragmented packet since only the first 
fragment contains the L4 information.

The 

no

 form of the command removes the criterion from the match entry.

Default

no tcp-ack

Parameters

true — 

Specifies matching on IP packets that have the ACK bit set in the control bits of the TCP 

header of an IP packet.

false — 

Specifies matching on IP packets that do not have the ACK bit set in the control bits of the 

TCP header of the IP packet.

tcp-syn

Syntax

tcp-syn 

{

true 

|

 false

}

no tcp-syn

Context

config>filter>ip-filter>entry

>

match

Description

This command configures matching on the SYN bit being set or reset in the control bits of the TCP 
header of an IP packet as an IP filter match criterion. Note that an entry containing L4 match criteria 
will not match non-initial (2nd, 3rd, etc) fragments of a fragmented packet since only the first 
fragment contains the L4 information.

The SYN bit is normally set when the source of the packet wants to initiate a TCP session with the 
specified destination IP address.

The 

no

 form of the command removes the criterion from the match entry.

Default

no tcp-syn

Parameters

true — 

Specifies matching on IP packets that have the SYN bit set in the control bits of the TCP 

header. 

false — 

Specifies matching on IP packets that do not have the SYN bit set in the control bits of the 

TCP header.

Summary of Contents for 7450 ESS Series

Page 1: ...7450 ESS OS Router Configuration Guide Software Version 7450 ESS OS 10 0 R4 July 2012 Document Part Number 93 0103 09 02 93 0103 09 02...

Page 2: ...itten permission from Alcatel Lucent Alcatel Lucent Alcatel Lucent and the Alcatel Lucent logo are trademarks of Alcatel Lucent All other trademarks are the property of their respective owners The inf...

Page 3: ...38 Proxy ARP 40 DHCP Relay 41 Internet Protocol Versions 42 Bi directional Forwarding Detection 43 BFD Control Packet 43 Control Packet Format 44 BFD for RSVP TE 46 Echo Support 47 BFD Support for BGP...

Page 4: ...s 239 Virtual Router 239 IP Address Owner 239 Primary and Secondary IP Addresses 240 Virtual Router Master 240 Virtual Router Backup 241 Owner and Non Owner VRRP 241 Configurable Parameters 242 Virtua...

Page 5: ...ts 268 Configuring Service VRRP Parameters 269 Non Owner VRRP Example 269 Owner Service VRRP 270 Configuring Router Interface VRRP Parameters 271 Router Interface VRRP Non Owner 271 Router Interface V...

Page 6: ...figuration Tasks 363 Creating an IP Filter Policy 363 IP Filter Policy 363 IP Filter Entry 364 IP Entry Matching Criteria 367 Creating a MAC Filter Policy 368 MAC Filter Policy 368 Creating an ISID Fi...

Page 7: ...Cflowd Overview 470 Operation 471 Version 9 474 Version 10 474 Cflowd Filter Matching 475 Cflowd Configuration Process Overview 476 Configuration Notes 477 Configuring Cflowd with CLI 479 Cflowd Confi...

Page 8: ...tion Guide Table of Contents Modifying Cflowd Collector Parameters 500 Cflowd Configuration Commands 501 Global Commands 501 Cflowd Command Reference 509 Show Commands 511 Clear Commands 517 Standards...

Page 9: ...VRRP Statistics Output 326 Filter Policies Table 7 Applying Filter Policies 335 Table 8 Applying Filter Policies 336 Table 9 DSCP Name to DSCP Value Table 350 Table 10 IP Option Values 352 Table 11 M...

Page 10: ...Page 10 7450 ESS OS Router Configuration Guide List of Tables...

Page 11: ...Policies Figure 8 Web Redirect Traffic Flow 340 Figure 9 VID Filtering Examples 342 Figure 10 Port Groups 344 Figure 11 Filter Creation and Implementation Flow 345 Figure 12 Creating and Applying Fil...

Page 12: ...Page 12 7450 ESS OS Router Configuration Guide List of Figures...

Page 13: ...and provides concepts and descriptions of the implementation flow as well as Command Line Interface CLI syntax and command usage Audience This manual is intended for network administrators who are res...

Page 14: ...s configuration examples for RIP OSPF IS IS BGP and route policies 7450 ESS OS MPLS Guide This guide describes how to configure Multiprotocol Label Switching MPLS and Label Distribution Protocol LDP 7...

Page 15: ...ement for your router and related products from a distributor or authorized reseller contact the technical support staff for that distributor or reseller for assistance If you purchased an Alcatel Luc...

Page 16: ...Preface Page 16 7450 ESS OS Router Configuration Guide...

Page 17: ...an overall logical configuration flow Each section describes a software area and provides CLI syntax and command usage to configure parameters for a functional area Table 1 Configuration Process Area...

Page 18: ...Getting Started Page 18 7450 ESS OS Router Configuration Guide...

Page 19: ...on about commands required to configure basic router parameters Topics in this chapter include Configuring IP Router Parameters on page 20 Interfaces on page 20 Autonomous Systems AS on page 37 Confed...

Page 20: ...features can be configured Interfaces on page 20 Creating an IP Address Range on page 24 Autonomous Systems AS on page 37 Confederations on page 38 Proxy ARP on page 40 Refer to 7450 ESS OS Triple Pla...

Page 21: ...nterfaces in this context Network domains are not applicable to loopback and system interfaces The network domain information will only be used for ingress VPLS sap queue allocation It will not be tak...

Page 22: ...S attacks including smurf and tribe flood network TFN can take advantage of forged or rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter the attacks For Inte...

Page 23: ...f the routes that can be originated from this specific interface The source IP address of the packet doesn t match any specific routes in the forwarding table uRPF check fails if the following is true...

Page 24: ...ng a range that is a superset of a previously defined service prefix the subset will be replaced with the superset definition For example if a service prefix exists for 10 10 10 0 24 and a new service...

Page 25: ...application of QPPB a BGP route is advertised with a BGP community attribute that conveys a particular QoS Routers that receive the advertisement accept the route into their routing table and set the...

Page 26: ...se traffic flows can be identified with known routes For example the operator of an ISP network may want to give priority to traffic originating in a particular ASN the ASN of a content provider offer...

Page 27: ...tent Provider AS 300 Route Policy Accept all routes with AS_PATH ending with ASN 300 and set fcto high 1 QoSPolicy Lookup the destination IP address of all packets arriving on this interface to determ...

Page 28: ...se of this command is illustrated by the following example config router policy options begin community gold members 300 100 policy statement qppb_policy entry 10 from protocol bgp community gold exit...

Page 29: ...instance QPPB is supported for BGP routes belonging to any of the address families listed below IPv4 AFI 1 SAFI 1 IPv6 AFI 2 SAFI 1 VPN IPv4 AFI 1 SAFI 128 VPN IPv6 AFI 2 SAFI 128 Note that a VPN IP...

Page 30: ...tic route This feature uses a qos keyword to the show router route table command When this option is specified the output includes an additional line per route entry that displays the forwarding class...

Page 31: ...oup interfaces config service ies sub if grp if When the qos route lookup command with the destination parameter is applied to an IP interface and the destination address of an incoming IP packet matc...

Page 32: ...packet matching an ECMP route is based on the particular next hop used to forward the packet When Edge PIC 1 is enabled some BGP routes may have a backup next hop in the forwarding table in addition...

Page 33: ...fc2 is explicitly configured in or out and fc2 is not mapped to a priority mode queue then the packet is assigned this profile state In both cases there is no consideration of whether or not fc1 was...

Page 34: ...t1p exp DSCP mapping or policy default From new base FC From original FC and sub class Policer Policer From new base FC unless overridden by DE 1 If DE 1 override then low otherwise from QPPB If no DE...

Page 35: ...w base FC From original FC and sub class Profile mode queue Policer From new base FC unless overridden by DE 1 If DE 1 override then low otherwise from QPPB If no DEI or QPPB overrides then follows or...

Page 36: ...instance There are several ways to obtain the router ID On each router the router ID can be derived in the following ways Define the value in the config router router id context The value becomes the...

Page 37: ...area no routing information obtained from outside the area can be used This protects intra area routing from the injection of bad routing information Routers that belong to more than one area are cal...

Page 38: ...metric and local preference settings are preserved The confederation appears and behaves like a single AS Confederations have the following characteristics A large AS can be sub divided into sub confe...

Page 39: ...confederations must be explicitly created Figure 2 depicts a confederation configuration example Figure 2 Confederation Configuration SRSG005 Confederation Member 1 Confederation Member 2 ALA D ALA B...

Page 40: ...and other edge like environments proxy ARP supports policies that allow the provider to configure prefix lists that determine for which target networks proxy ARP will be attempted and prefix lists th...

Page 41: ...Configuration 7450 ESS OS Router Configuration Guide Page 41 DHCP Relay Refer to 7450 ESSOS Triple Play Guide for information about DHCP and support provided by the 7450 ESS as well as configuration...

Page 42: ...is used to send a packet to any one of a group of nodes Header format simplification Some IPv4 header fields have been dropped or made optional to reduce the common case processing cost of packet han...

Page 43: ...length is carried in a jumbo payload hop by hop option Next Header 8 bit selector Identifies the type of header immediately following the IPv6 header This field uses the same values as the IPv4 protoc...

Page 44: ...nge peering Figure 4 shows an IPv6 Internet exchange where multiple ISPs peer over native IPv6 Figure 4 IPv6 Internet Exchange IPv6 transit services Figure 5 shows IPv6 transit provided by an ISP Figu...

Page 45: ...outer supports dynamic IPv6 over IPv4 tunneling The ipv4 source and destination address are taken from configuration the source address is the ipv4 system address and the ipv4 destination is the next...

Page 46: ...nt is extended to use IPv6 as transport and to handle the IPv6 address in the DNS AAAA resource record from an IPv4 or IPv6 DNS server An assigned name can be used instead of an IPv6 address since IPv...

Page 47: ...es no backbone infrastructure upgrades and no re configuration of core routers because forwarding is purely based on MPLS labels 6PE is a cost effective solution for IPv6 deployment Figure 8 Example o...

Page 48: ...hat it advertises and can accept an arbitrary label from its peers LDP is used to create the MPLS full mesh between the 6PE routers and the IPv4 addresses that are embedded in the next hop field are r...

Page 49: ...g Detection that allows either of the two systems to send a sequence of BFD echo packets to the other system which loops them back within that system s forwarding plane If a number of these echo packe...

Page 50: ...The initial protocol version is 0 Diag A diagnostic code specifying the local system s reason for the last transition of the session from Up to some other state Possible values are 0 No diagnostic 1 C...

Page 51: ...hat value is unknown Desired Min TX Interval This is the minimum interval in microseconds that the local system would like to use when transmitting BFD control packets Required Min RX Inter val This i...

Page 52: ...cess This greatly accelerates the overall RSVP TE response to network failures All encapsulation types supporting IPv4 and IPv6 is supported as all BFD packets are carried in IPv4 and IPv6 packets thi...

Page 53: ...n the packet The echo function is useful when the local router does not have sufficient CPU power to handle a periodic polling rate at a high frequency As a result it relies on the echo sender to send...

Page 54: ...ed to 25 sessions and minimum BFD timer supported is 300 msec IES Over Spoke SDP One application for a central BFD implementation is so BFD can be supported over spoke SDPs used to inter connection IE...

Page 55: ...ES VPRN over Spoke SDP Fig_31 Metro POP 1 Metro POP 2 Metro POP 4 Metro POP 3 Primary Path BFD Secondary Path Note In this case BFD is run between the IES VPRN interfaces independent of the SPD LSP pa...

Page 56: ...ailure detection In this application the BFD session can run between the IP interfaces associated with the LAG or VSM interface but there is only one session between the two nodes There is no requirem...

Page 57: ...ust be assigned to each IP interface System interface This creates an association between the logical IP interface and the system loopback address The system interface address is the circuitless addre...

Page 58: ...bes router configuration caveats A system interface and associated IP address should be specified Boot options file BOF parameters must be configured prior to configuring router parameters Confederati...

Page 59: ...ring a System Name on page 62 Configuring Interfaces on page 63 Configuring a System Interface on page 63 Configuring a Network Interface on page 63 Configuring Proxy ARP on page 67 Creating an IP Add...

Page 60: ...onfigure appropriate routing protocols A system interface and network interface should be configured System Interface The system interface is associated with the network entity such as a specific Alca...

Page 61: ...SPF and BGP The most basic router configuration must have the following System name System address The following example displays a router configuration A ALA A config info Router Configuration router...

Page 62: ...for the device The name is used in the prompt string Only one system name can be configured If multiple system names are configured the last one configured will overwrite the previous entry If special...

Page 63: ...ystem interface cannot be deleted Configuring a System Interface To configure a system interface CLI Syntax config router interface interface name address ip address mask ip address netmask broadcast...

Page 64: ...interface system address 10 10 0 4 32 exit interface to ALA 2 address 10 10 24 4 24 port 1 1 1 egress filter ip 10 exit exit A ALA A config router To enable CPU protection CLI Syntax config router int...

Page 65: ...nfo detail port 1 2 37 ipv6 packet too big 100 10 param problem 100 10 redirects 100 10 time exceeded 100 10 unreachables 100 10 exit A ALA 49 config router if ipv6 exit all Use the following CLI synt...

Page 66: ...tisement interval seconds min advertisement interval seconds mtu mtu bytes other stateful configuration autonomous on link preferred lifetime seconds infinite valid lifetime seconds infinite reachable...

Page 67: ...or which ARP requests can or cannot be forwarded to non local networks depending on the specified action In the policy statement entry from context specify network prefixes that ARP requests will or w...

Page 68: ...max The following displays prefix list and policy statement configuration examples A ALA 49 config router policy options info prefix list prefixlist1 prefix 10 20 30 0 24 through 32 exit prefix list...

Page 69: ...Router Configuration Guide Page 69 The following displays a proxy ARP configuration example A ALA 49 config router if info address 128 251 10 59 24 local proxy arp proxy arp policy statement ProxyARPp...

Page 70: ...all prefixes for which it activated an LDP FEC For a given prefix two route entries are populated in RTM One corresponds to the LDP shortcut next hop and has an owner of LDP The other one is the regul...

Page 71: ...P Shortcut Forwarding Plane Once LDP activated a FEC for a given prefix and programmed RTM it also programs the ingress Tunnel Table in IOM with the LDP tunnel information When an IPv4 packet is recei...

Page 72: ...message appears as a user packet to the ingress LER node A locally generated response to a received ICMP ping or trace route message All other control plane packets that require an RTM lookup and kno...

Page 73: ...sume it is an egress LER for the FEC until the route disappears from the routing table or the next hop advertised a binding for the FEC prefix In the latter case the 7x50 becomes a transit LSR for the...

Page 74: ...tocols are not automatically restarted with the new router ID The next time a protocol is initialized the new router ID is used An interim period of time can occur when different protocols use differe...

Page 75: ...the following CLI syntax to configure a confederation CLI Syntax config router confederation confed as num members member as num The following example displays the commands to configure the confedera...

Page 76: ...gure an autonomous system CLI Syntax config router autonomous system as number The following displays an autonomous system configuration example A ALA A config router info IP Configuration interface s...

Page 77: ...SFMs are being actively used when there is an SFM failure multicast traffic needs to be rerouted around the node Some scenarios include There is only one SFM installed in the system One SFM active or...

Page 78: ...igured the last one configured will overwrite the previous entry Use the following CLI syntax to change the system name CLI Syntax config system name system name The following example displays the com...

Page 79: ...ALA A config router if address 10 0 0 25 24 A ALA A config router if no shutdown To modify a port perform the following steps Example A ALA A config router interface to sr1 A ALA A config router if sh...

Page 80: ...ce can be deleted 1 Before an IP interface can be deleted it must first be administratively disabled with the shutdown command 2 After the interface has been shut down it can then be deleted with the...

Page 81: ...Command Hierarchies Configuration Commands Router Commands on page 82 Router L2TP Commands on page 83 Router Interface Commands on page 85 Router Interface IPv6 Commands on page 87 Router Advertisemen...

Page 82: ...refix netmask sgt qos application dscp app name dscp dscp value dscp name application dot1p app name dot1p dot1p priority no application dscp app name dot1p app name dscp dscp name fc fc name no dscp...

Page 83: ...roup id no lns group load balance method per session per tunnel no load balance method local address ip address no local address local name host name no local name max retries estab max retries no max...

Page 84: ...idle timeout infinite no idle timeout load balance method per session per tunnel no load balance method local address ip address no local address local name host name no local name max retries estab...

Page 85: ...nable description description string no description egress filter ip ip filter id no filter ip ip filter id icmp no mask reply redirects number seconds no redirects ttl expired number seconds no ttl e...

Page 86: ...sted untrusted no tos marking state unnumbered ip addr ip int name no unnumbered no urpf check mode strict loose no mode no mh primary interface address ip address mask ip address netmask no address d...

Page 87: ...o interval type cpm np no bfd icmp6 packet too big number seconds no packet too big param problem number seconds no param problem redirects number seconds no redirects time exceeded number seconds no...

Page 88: ...advertisement interval min advertisement interval seconds no min advertisement interval mtu mtu bytes no mtu no other stateful configuration prefix no autonomous no on link preferred lifetime seconds...

Page 89: ...n id detail group detail session id session id v2 state session state peer ip address group group name assignment id assignment id local namelocal host name remote name remote host name tunnel id tunn...

Page 90: ...tocol route table ip prefix prefix length next hop type tunneled rtr advertisement interface interface name prefix prefix length conflicts service prefix sgt qos application app name dscp dot1p dscp m...

Page 91: ...address dhcp6 statistics ip int name ip address forwarding table slot number icmp redirect route all ip address icmp6 all icmp6 global icmp6 interface interface name interface ip int name ip addr icmp...

Page 92: ...ass task task name function function name router router instance ip no arp icmp no icmp icmp6 ip int name no icmp6 no interface ip int name ip address no neighbor packet ip int name ip address headers...

Page 93: ...onfiguration file shutdown and no shutdown are always indicated in system generated configuration files The no form of the command puts an entity into the administratively enabled state Default no shu...

Page 94: ...g tables of downstream routers Both the original components and the aggregated route source protocol aggregate are offered to the Routing Table Manager RTM Subsequent policies can be configured to ass...

Page 95: ...he IP address of the BGP system that created the aggregate route black hole This optional parameter installs the aggregate route when activated in the FIB with a black hole next hop where packets matc...

Page 96: ...m can be configured Values 1 65535 ecmp Syntax ecmp max ecmp routes no ecmp Context config router Description This command enables ECMP and configures the number of routes for path sharing for example...

Page 97: ...IS prefixes forwarded in the base router instance to a network IP interface or to an IES SAP interface or spoke interface It is also supported for VPRN VPN IPv4 OSPF prefixes and VPN IPv6 OSPF prefix...

Page 98: ...when the VPRN instance is shutdown Default no mc maximum routes Parameters number Specifies the maximum number of routes to be held in a VRF context Values 1 2147483647 log only Specifies that if the...

Page 99: ...ters network domain name Network domain name character string router id Syntax router id ip address no router id Context config router Description This command configures the router ID for the router...

Page 100: ...a service prefix exists for 10 10 10 0 24 and a service prefix is configured as 10 10 0 0 16 then 10 10 10 0 24 is replaced by the new 10 10 0 0 16 configuration When a range that is a subset of a pre...

Page 101: ...dp mld msdp ndis ntp ospf pim ptp radius rip rsvp snmp snmp notification srrp ssh syslog tacplus telnet tftp traceroute vrrp dscp value Specifies the DSCP value Values 0 63 dscp name Specifies the DSC...

Page 102: ...ed that would affect every BGP peer on a router the consequences could be dramatic It would be more effective to control changes on a peer by peer basis If the triggered policy command is enabled and...

Page 103: ...tered If a CPE connectivity check target address is already being used as the target address in a different static route then cpe check parameters must match If they do not the new configuration comma...

Page 104: ...not change unless specified This value is also used to determine which static route to install in the forwarding table If there are multiple static routes with the same preference but different metri...

Page 105: ...discarded The black hole keyword and the next hop or indirect keywords are mutually exclusive If an identical command is entered with the exception of either the next hop or indirect parameters then...

Page 106: ...6 multicast RTM Values mcast ipv4 mcast ipv6 rsvp te This parameter allows the static route to be resolved via an RSVP TE based LSP The static route nexthop will be resolved via the best RSVP TE based...

Page 107: ...1 1 0 24 Remote Static 00h01m29s 0 172 31 117 1 1 138 203 0 0 16 Remote Static 05h01m11s 0 172 31 117 1 1 172 31 117 0 24 Local Local 05h04m10s 0 management 0 No of Routes 3 B Dut C config router B Du...

Page 108: ...Met Pref Type Act Next Hop Interface 1 1 1 0 24 0 1 5 NH Y 172 31 117 1 n a No of Static Routes 1 B Dut C config router B Dut C config router show router management static route ipv6 Static Route Tabl...

Page 109: ...t Context config router l2tp Description This command specifies the L2TP calling number AVP Parameters ascii spec Specified as either char specification or ascii spec char specification Ascii char cha...

Page 110: ...address and does not change the destination address insubsequent L2TP messages reject Specifies that this system rejects any source IP address change of received L2TP control messages and drops those...

Page 111: ...e tunnel between the LAC and LNS There is a one to one relationship between established L2TP sessions and their associated calls Parameters session limit Specifies the number of sessions allowed Defau...

Page 112: ...e command removes the value from the configuration Default no destruct timeout Parameters destruct timeout Specifies the automatic removal of dynamic L2TP sessions in seconds that are no longer active...

Page 113: ...lns group lns group id no lns group Context config router l2tp group Description This command configures the ISA LNS group Parameters lns group id Specifies the LNS group ID Values 1 4 load balance me...

Page 114: ...authentication phase of tunnel establishment It can be used to distinguish tunnels The no form of the command removes thename from the configuration Default local name Parameters host name Specifies t...

Page 115: ...7 password Syntax password password hash hash2 no password Context config router l2tp group config router l2tp group tunnel Description This command configures the password between L2TP LAC and LNS T...

Page 116: ...n policy Context config router l2tp group ppp Description This command configures the authentication policy Parameters auth policy name Specifies the authentication policy name Values 32 chars max def...

Page 117: ...yntax mtu mtu bytes no mtu Context config router l2tp group ppp Description This command configures the maximum PPP MTU size Parameters mtu bytes Specifies in bytes the maximum PPP MTU size Values 512...

Page 118: ...the available tunnels If necessary new tunnels are set up until the maximum number is reached The distribution aims at an equal ratio of the actual number of sessions to the maximum number of session...

Page 119: ...tunnel Description This command specifies if this tunnel is to be automatically set up by the system no auto establish avp hiding Syntax avp hiding never sensitive always no avp hiding Context config...

Page 120: ...llo interval hello interval hello interval infinite no hello interval Context config router l2tp group tunnel Description This command configures the number of seconds between sending Hellos for a L2T...

Page 121: ...l2tp group tunnel Description This command configures a preference number that indicates the relative preference assigned to a tunnel when using a weighted session assignment The no form of the comman...

Page 122: ...configuration Although not a keyword the ip int name system is associated with the network entity such as a specific 7450 ESS not a specific interface The system interface is also referred to as the l...

Page 123: ...this command can only be performed when the IP interface is administratively shut down Shutting down the IP interface will operationally stop any protocol interfaces or MPLS LSPs that explicitly refe...

Page 124: ...wing the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address This is an IP address that corresponds to the local...

Page 125: ...seen from an IP host Otherwise the ARP entry is aged from the ARP table If the arp timeout value is set to 0 seconds ARP aging is disabled The no form of the command reverts to the default value Defa...

Page 126: ...network planning and traffic engineering capacity planning security application and user profiling performance monitoring usage based billing and SLA measurement When cflowd is enabled at the interfa...

Page 127: ...al by the specified number of seconds The value is used whenever the system attempts to bring the interface operationally up Parameters seconds Specifies a delay in seconds to make the interface opera...

Page 128: ...chable over RSVP LSPs in the case of LDP over RSVP but not both When the preferred RTM entry corresponds to a regular IP route spraying will be performed across regular IP next hops for the prefix The...

Page 129: ...e bindings and services should remain UP as long as there is one interface that is UP However the user configured LDP synchronization timer still applies on the failed then restored interface In this...

Page 130: ...irst nibble following the bottom of the label stack is 4 This feature is supported for IPv4 support only and on IOM 3 and IMMs only IPv6 packets are hashed on label stack only The hash on label and IP...

Page 131: ...e anycase based label assignments are flushed from the forwarding plane Values 0 65535 Default 90 network domain Syntax network domain network domain name no network domain Context config router inter...

Page 132: ...ort id must include the channel id The POS interface must be configured as a network port The no form of the command deletes the association with the port The no form of this command can only be perfo...

Page 133: ...nd priority associated with that route overriding the fc and priority profile determined from the sap ingress or network qos policy associated with the IP interface If the destination address of the i...

Page 134: ...pplied to the IP interface with a valid egress port queue group name The queue group name must exist on the egress port associated with the IP interface and the group must contain a queue ID matching...

Page 135: ...ow the prefix mask length The subnet mask length when the IP prefix is specified in CIDR notation When the IP prefix is specified in CIDR notation a forward slash separates the ip address from the mas...

Page 136: ...ed by the IP interface igp inhibit The secondary IP address should not be recognized as a local interface by the running IGP static arp Syntax static arp ip addr ieee mac addr unnumbered no static arp...

Page 137: ...ured as single fiber for the command to be valid Default no strip label tos marking state Syntax tos marking state trusted untrusted no tos marking state Context config router interface Description Th...

Page 138: ...nterface according to the egress marking definitions on each network interface unnumbered Syntax unnumbered ip address ip int name no unnumbered Context config router interface Description This comman...

Page 139: ...y associated with that route overriding the fc and priority profile determined from the sap ingress or network qos policy associated with the IP interface If the source address of the incoming packet...

Page 140: ...whether incoming packet has source address with a corresponding prefix in the routing table However the loose mode does not check whether the interface expects to receive a packet with a specific sou...

Page 141: ...citly reference that IP address When a new IP address is defined the IP interface can be administratively enabled no shutdown which reinitializes the protocol interfaces and MPLS LSPs associated with...

Page 142: ...no shutdown Context config router mh primary interface config router mh secondary interface Description The shutdown command administratively disables an entity The operational state of the entity is...

Page 143: ...s how long label information leraned about the secondary anycast address should be kept after that peer is declared down This timer should be set to a value large enough for the remainder of the netwo...

Page 144: ...Context config router interface ingress Description This command enables flowspec filtering on an IP interface of the base router Filtering is based on all of the flowspec routes that have been receiv...

Page 145: ...en pre configured before this filter command is executed If the filter ID does not exist an error occurs Only one filter ID can be specified The no form of the command removes the filter policy associ...

Page 146: ...erface Default mask reply Replies to ICMP mask requests redirects Syntax redirects number seconds no redirects Context config router if icmp Description This command enables and configures the rate fo...

Page 147: ...the command disables the generation of TTL expired messages Default ttl expired 100 10 Maximum of 100 TTL expired message in 10 seconds Parameters number The maximum number of ICMP TTL expired message...

Page 148: ...MP destination unreachables on the router interface Default unreachables 100 10 Maximum of 100 unreachable messages in 10 seconds Parameters number The maximum number of ICMP unreachable messages to s...

Page 149: ...one Parameters ipv6 address prefix length Specify the IPv6 address on the interface Values ipv6 address prefix ipv6 address x x x x x x x x eight 16 bit pieces x x x x x x d d d d x 0 FFFF H d 0 255 D...

Page 150: ...ption This command configures the rate for ICMPv6 param problem messages Parameters number Limits the number of param problem messages issued per the time frame specifed in the seconds parameter Value...

Page 151: ...the time frame in seconds that is used to limit the number of time exceeded messages issued per time frame Values 1 60 unreachables Syntax unreachables number seconds no unreachables Context config r...

Page 152: ...licy for the interface Parameters policy name The neighbor discovery policy name Allowed values are any string up to 32 characters long composed of printable 7 bit ASCII characters If the string conta...

Page 153: ...ameters ipv6 address The IPv6 address assigned to a router interface Values ipv6 address x x x x x x x x eight 16 bit pieces x x x x x x d d d d x 0 FFFF H d 0 255 D mac address Specifies the MAC addr...

Page 154: ...router advertisement properties on a specific interface The interface must already exist in the config router interface context Default No interfaces are configured by default Parameters ip int name...

Page 155: ...gures the maximum interval between sending router advertisement messages Default 600 Parameters seconds Specifies the maximum interval in seconds between sending router advertisement messages Values 4...

Page 156: ...xt config router router advert if Description This command configures an IPv6 prefix in the router advertisement messages To support multiple IPv6 prefixes use multiple prefix statements No prefix is...

Page 157: ...rocessed as expected Default 604800 Parameters seconds Specifies the remaining length of time in seconds that this prefix will continue to be preferred infinite Specifies that the prefix will always b...

Page 158: ...imer milli seconds no retransmit timer Context config router router advert if Description This command configures the retransmission frequency of neighbor solicitation messages Default no retransmit t...

Page 159: ...if Description This command enables sending router advertisement messages using the VRRP virtual MAC address provided that the virtual router is currently the master If the virtual router is not the...

Page 160: ...Page 160 7450 ESS OS Router Configuration Guide...

Page 161: ...Parameters ip address mask Only displays ARP entries associated with the specified IP address and mask ip int name Only displays ARP entries associated with the specified IP interface name mac ieee ma...

Page 162: ...A show router ARP 10 10 0 3 ARP Table IP Address MAC Address Expiry Type Interface 10 10 0 3 04 5d ff 00 00 00 00 00 00 Oth system A ALA A A ALA A show router ARP to ser1 ARP Table IP Address MAC Addr...

Page 163: ...terface ip int name ip address Specifies an existing interface name or IP address Values ip int name 32 chars max ip address a b c d policy name Specifies an existing policy name Output Authentication...

Page 164: ...464 iom No of BFD sessions 2 A Dut D A Dut C show router bfd session src 11 120 1 4 dest 11 120 1 3 BFD Session Remote Address 11 120 1 3 Admin State Up Oper State Up 3 Protocols static Rx Interval 10...

Page 165: ...3 port 1 2 500 500 3 port 1 2 10 10 3 port 1 3 500 500 3 port 1 3 10 10 3 port 1 4 500 500 3 port 1 4 10 10 3 port 1 5 500 500 3 A Dut B session Syntax session src ip address dst ip address detail ses...

Page 166: ...port 1 1 Up 3 10 10 3 FE80 A0A A03 pim isis ospf3 N A N A cpm np port 1 2 Up 3 500 500 3 10 2 1 3 pim isis 50968 50718 iom port 1 2 Up 3 10 10 3 3FFE A02 103 static bgp N A N A cpm np port 1 2 Up 3 1...

Page 167: ...1 10 dest FE80 A0A A03 port 1 10 BFD Session Remote Address FE80 A0A A03 Admin State Up Oper State Up 3 Protocols pim isis ospf3 Rx Interval 10 Tx Interval 10 Multiplier 3 Echo Interval 0 Up Time 0d 0...

Page 168: ...Pkts Type port 1 1 Up 3 10 10 3 3FFE A01 103 static bgp N A N A cpm np port 1 1 Up 3 10 10 3 FE80 A0A A03 pim isis ospf3 N A N A cpm np port 1 2 Up 3 10 10 3 3FFE A02 103 static bgp N A N A cpm np po...

Page 169: ...y and DHCP snooping If no IP address or interface name is specified then all configured interfaces are displayed If an IP address or interface name is specified then only data regarding the specified...

Page 170: ...0 6 Unable to determine destinatinon client Itf 0 7 Out of Memory 0 8 No global Pfx on Client Itf 0 Received Untrusted Packets The number of untrusted packets received from the DHCP clients Client Pa...

Page 171: ...ress 0 24 The Client was assigned an illegal address 0 25 Illegal msg encoding 0 A ALA 1 summary Syntax summary Context show router dhcp Description Display the status of the DHCP Relay and DHCP Snoop...

Page 172: ...ays the ECMP settings for the router Output ECMP Settings Output The following table describes the output fields for the router ECMP settings Sample Output A ALA A show router ecmp Router ECMP Instanc...

Page 173: ...enabled ip prefix prefix length Displays FIB entries only matching the specified ip prefix and length Values ipv4 prefix a b c d host bits must be 0 ipv4 prefix length 0 32 longer Displays FIB entries...

Page 174: ...AL 1 2 3 0 to_Dut B 1 2 9 0 24 ISIS 1 2 3 2 to_Dut B 10 12 0 0 24 LOCAL 10 12 0 0 itfToArborCP_02 10 20 1 1 32 ISIS 1 1 3 1 to_Dut A 10 20 1 2 32 ISIS 1 2 3 2 to_Dut B 10 20 1 3 32 LOCAL 10 20 1 3 sys...

Page 175: ...ceeded 0 Pkt Too Big 0 Echo Request 0 Echo Reply 0 Router Solicits 0 Router Advertisements 4 Neighbor Solicits 0 Neighbor Advertisements 0 Label Description Total The total number of all messages Dest...

Page 176: ...ow router icmp6 interface output fields Label Description Total The total number of all messages Destination Unreachable The number of message that did not reach the destination Time Exceeded The numb...

Page 177: ...estination Unreachable 0 Redirects 0 Time Exceeded 0 Pkt Too Big 0 Echo Request 0 Echo Reply 0 Router Solicits 0 Router Advertisements 0 Neighbor Solicits 20 Neighbor Advertisements 21 Sent Total 47 E...

Page 178: ...summary IP interface information for the router exclude services Displays IP interface information excluding IP interfaces configured for customer services Only core network IP interfaces are display...

Page 179: ...a 3FFE B04 7104 120 PREFERRED FE80 200 FF FE00 4 64 PREFERRED ip 11 4 114 4 Up Up Up Up Network 6 1 2 11 4 114 4 24 n a 3FFE B04 7204 120 PREFERRED FE80 200 FF FE00 4 64 PREFERRED ip 12 2 4 4 Up Up Do...

Page 180: ...FE 1802 404 120 PREFERRED FE80 200 FF FE00 4 64 PREFERRED system Up Up Up Up Network system 200 200 200 4 32 n a 3FFE C8C8 C804 128 PREFERRED Interfaces 15 A ALA A A ALA A show router interface 10 10...

Page 181: ...State Down The IP interface is administratively disabled Up The IP interface is administratively enabled Oper State Down The IP interface is operationally disabled Up The IP interface is operationall...

Page 182: ...ID associated with the IP interface MAC Address The MAC address of the interface Arp Timeout The ARP timeout for the interface in seconds which is the time an ARP entry is maintained in the ARP cache...

Page 183: ...Time seconds 10 TTL Expired Number 100 Time seconds 10 IPCP Address Extension Details Peer IP Addr Not configured Peer Pri DNS Not configured A Dut A A Dut C show router 1 interface mda 3 1 detail Int...

Page 184: ...kflow TMS 5 6 build BHDF Mitigations 1 Status message Unavailable with Rx Pkts Rx Bytes Offramped traffic counters Tx Pkts Tx Bytes Onramped traffic counters Tx Discard Pkts Discarded packets by TMS I...

Page 185: ...n State Up Oper v4 v6 Up Down Protocols None IP Addr mask 20 12 0 46 32 Address Type Primary IGP Inhibit Disabled Broadcast Address Host ones HoldUp Time 0 Track Srrp Inst 0 Details Description tms 3...

Page 186: ...Flags Metric Lvl Typ Ver SysID Hostname NextHop MT AdminTag 1 1 1 0 24 L 7540 1 Int 6109 SRL 60 60 1 1 0 0 No of Routes 1 Flags L LFA nexthop available A SRR A SRR show router isis routes 1 1 1 0 24 a...

Page 187: ...32 20 2 Int 3 Dut C 10 20 3 3 0 0 10 20 1 6 32 20 2 Int 3 Dut D 10 20 4 4 0 0 10 20 3 0 24 10 1 Int 3 Dut B 0 0 0 0 0 0 10 20 4 0 24 10 1 Int 3 Dut B 0 0 0 0 0 0 10 20 5 0 24 20 2 Int 2 Dut C 10 20 3...

Page 188: ...nd displays LDP bindings information Sample Output A Dut A show router ldp bindings active Legend S Static M Multi homed Secondary Support B BGP Next Hop BU Alternate Next hop for Fast Re Route LDP Pr...

Page 189: ...tus Signaled Down E Epipe Service V VPLS Service M Mirror Service A Apipe Service F Fpipe Service I IES Service R VPRN service P Ipipe Service WP Label Withdraw Pending C Cpipe Service BU Alternate Ne...

Page 190: ...ys Multicast VPN related information The router instance must be specified Sample Output A Dut C show router 1 mvpn MVPN 1 configuration data signaling Bgp auto discovery Enabled UMH Selection Highest...

Page 191: ...Sample Output B CORE2 show router neighbor Neighbor Table Router Base IPv6 Address Interface MAC Address State Expiry Type RTR FE80 203 FAFF FE78 5C88 net1_1_2 00 16 4d 50 17 a3 STALE 03h52m08s Dynam...

Page 192: ...rk domains Network Domain Table Network Domain Description net1 Network domain 1 default Default Network Domain Network Domains 2 A Dut T config router A Dut T config router show router network domain...

Page 193: ...cy related information Parameters name Specify an existing policy statement name damping Specify damping to display route damping profiles prefix list name Specify a prefix list name to display the ro...

Page 194: ...t show router Description This command displays the active routes in the routing table If no command line arguments are specified all routes are displayed sorted by prefix Parameters family Specify th...

Page 195: ...t Hop Interface Name Metric 10 10 1 0 24 Local Local 00h01m25s 0 ip 10 10 1 2 0 10 10 2 0 24 L Remote ISIS 00h00m58s 15 10 10 12 3 13 10 10 3 0 24 Local Local 00h01m25s 0 ip 10 10 3 2 0 10 10 4 0 24 L...

Page 196: ...e Table Router Base Dest Prefix Flags Type Proto Age Pref Next Hop Interface Name Metric Alt NextHop Alt Metric 10 10 1 0 24 Local Local 00h02m28s 0 ip 10 10 1 2 0 10 10 2 0 24 Remote ISIS 00h02m01s 1...

Page 197: ...GP backup routeLFA Loop Free Alternate nexthop A Dut C show router route table 1 1 1 1 32 Route Table Router Base Dest Prefix Type Proto Age Pref Next Hop Interface Name Metric 1 1 1 1 32 Remote BGP 0...

Page 198: ...ress Next Hop Type Protocol Age Metric Pref 10 10 0 4 32 10 10 34 4 Remote OSPF 3523 1001 10 A ALA A A ALA A show router route table 10 10 0 4 32 longer Route Table Dest Address Next Hop Type Protocol...

Page 199: ...0 138 203 71 202 32 Remote Static 00h44m29s 5 10 12 0 2 1 No of Routes 17 Flags L LFA nexthop available B BGP backup route available n Number of times nexthop is repeated A ALA A show router route ta...

Page 200: ...1 6 32 Remote OSPF 00h02m20s 10 10 20 1 5 tunneled RSVP 1 1100 No of Routes 4 A Dut B show router route table 10 20 1 5 32 next hop type tunneled Route Table Router Base Dest Prefix Type Proto Age Pre...

Page 201: ...wards the total Summary Route Table Output Summary output for the route table displays the number of active routes and the number of routes learned by the router by protocol Total active and available...

Page 202: ...arameters interface name Maximum 32 characters Output Router Advertisement Table Output The following table describes the output fields for router advertisement Label Description Rtr Advertisement Tx...

Page 203: ...Pv6 has been configured False Indicates that DHCPv6 is not available for address config uration Reachable Time The time in milliseconds that a node assumes a neighbor is reachable after receiving a re...

Page 204: ...0 Nbr Advertisement Rx 166 Nbr Solicitation Rx 143 Max Advert Interval 601 Min Advert Interval 201 Managed Config TRUE Other Config TRUE Reachable Time 00h00m00s400ms Router Lifetime 00h30m01s Retran...

Page 205: ...ent from FE80 200 FF FE00 2 Managed Config FALSE TRUE Other Config FALSE TRUE Reachable Time 00h00m00s0ms 00h00m00s400ms Router Lifetime 00h30m00s 00h30m01s Retransmit Time 00h00m00s0ms 00h00m00s400ms...

Page 206: ...e 00h30m00s 00h30m01s Retransmit Time 00h00m00s0ms 00h00m00s400ms Hop Limit 64 63 Link MTU 0 1500 Prefix not present in own router advertisement Prefix 2 120 Autonomous Flag TRUE On link flag TRUE Pre...

Page 207: ...llowing table describes the output fields for the ARP table Sample Output A ALA A show router static arp ARP Table IP Address MAC Address Age Type Interface 10 200 0 253 00 00 5a 40 00 01 00 00 00 Sta...

Page 208: ...atic entries in the routing table If no options are present all static routes are displayed sorted by prefix Parameters family Specify the type of routing information to be distributed by this peer gr...

Page 209: ...Pref The route preference value for the static route Metric The route metric value for the static route Type BH The static route is a black hole route The Nexthop for this type of route is black hole...

Page 210: ...face Active 192 168 253 0 24 5 1 NH 10 10 0 254 n a N A ALA A service prefix Syntax service prefix Description This command displays the address ranges reserved by this node for services sorted by pre...

Page 211: ...Parameters app name The specific application Values arp bgp cflowd dhcp dns ftp icmp igmp isis ldp mld msdp ndis ntp ospf pimradius rip rsvpsnmp snmp notification srrp ssh syslog tacplus telnet tftp...

Page 212: ...e OSPF protocol RIP The administrative and operational states for the RIP protocol ISIS The administrative and operational states for the IS IS protocol MPLS The administrative and operational states...

Page 213: ...utdown A Performance show router status Router Status Router Base Admin State Oper State Router Up Up OSPFv2 0 Up Up OSPFv2 1 Down Down OSPFv2 2 Down Down OSPFv2 3 Down Down OSPFv2 4 Down Down OSPFv2...

Page 214: ...19 03 39 680 Single SFM Interval 0d 00 16 06 Triggered Policies No A Performance tms Syntax tms routes Context show router router instance Description This command displays Threat Management Services...

Page 215: ...for IP reachability For a VPRN service this object specifies the lookup to be used by the routing instance if no SDP to the destination exists Parameters ip address mask Displays the specified tunnel...

Page 216: ...ap Tunnel Id Pref Nexthop Metric 10 0 0 1 32 sdp GRE 10 5 10 0 0 1 0 10 0 0 1 32 sdp GRE 21 5 10 0 0 1 0 10 0 0 1 32 sdp GRE 31 5 10 0 0 1 0 10 0 0 1 32 sdp GRE 41 5 10 0 0 1 0 A ALA A config service...

Page 217: ...tion Parameters tunnel group name Displays information for the specified tunnel group statistics Displays statistics for the specified tunnel group Sample Output A Dut C show router l2tp group L2TP Gr...

Page 218: ...e Total Tunnels 3 0 0 2 3 Sessions 8 0 N A 5 8 Pkt Ctl Pkt Err Octets Rx 51 0 1224 Tx 51 0 2796 A Dut C peer Syntax peer ip address peer ip address statistics peer draining unreachable Context show ro...

Page 219: ...Role Tun Total Ses Total 10 10 20 101 0 0 unreach LAC 1 1 No of peers 1 A Dut C A Dut C show router l2tp peer 10 10 20 101 Peer IP 10 10 20 101 Role LAC Draining false Tunnels 1 Tunnels Active 0 Sess...

Page 220: ...t 1 IncomingCallConnected 1 ZeroLengthBody 1 originalTransmittedMsgType StartControlConnectionReply 1 IncomingCallReply 1 ZeroLengthBody 3 last cleared time N A session Syntax session connection id co...

Page 221: ...al host name Specifies the host name used by this system during the authentication phase of tunnel establishment remote name remote host name Specifies a string that is compared to the host name used...

Page 222: ...ID isp1 tunnel 3 Error Message Terminated by PPPoE RX PADT Control Conn ID 143523840 Remote Conn ID 1148557524 Tunnel ID 2190 Remote Tunnel ID 17525 Session ID 7822 Remote Session ID 39124 Time Starte...

Page 223: ...of sessions 1 A Dut C show router l2tp session connection id 143524786 detail L2TP Session Status Connection ID 143524786 State established Tunnel Group isp1 group 2 Assignment ID isp1 tunnel 3 Error...

Page 224: ...009 18 44 37 Time Closed 04 17 2009 18 44 50 CDN Result generalError General Error noError No of sessions 1 A Dut C A Dut C show router l2tp session assignment id isp1 tunnel 2 L2TP Session Summary ID...

Page 225: ...658187773 658178048 10043 9725 established 658198275 658178048 10043 20227 established 658210606 658178048 10043 32558 established No of sessions 5 A Dut C A Dut C show router l2tp session peer 10 10...

Page 226: ...shed 143531662 143523840 2190 7822 closed 236926987 236912640 3615 14347 closed 236927915 236912640 3615 15275 closed 379407426 379387904 5789 19522 established 658187773 658178048 10043 9725 establis...

Page 227: ...010 09 08 54 Time Closed N A CDN Result noError General Error noError PPP information Service Id 100 Interface gi_base_lns_base_lac LCP State opened IPCP State opened PPP MTU 1492 PPP Auth Protocol ch...

Page 228: ...cs Context show router l2tp Description This command displays L2TP statistics Sample Output A Dut C show router l2tp statistics L2TP Statistics Tunnels Sessions Active 3 Active 6 Setup history since 0...

Page 229: ...el state Displays the operational state of the tunnel remote connection id remote connection id v3 Displays information for the specified remote connection ID group group name Displays L2TP tunnel inf...

Page 230: ...nel 2 379387904 5789 4233 established 1 isp1 group 1 1 isp1 tunnel 1 658178048 10043 33762 draining 3 isp1 group 2 3 isp1 tunnel 2 No of tunnels 4 A Dut C A Dut C show router l2tp tunnel state closed...

Page 231: ...ve Group Ses Total Assignment 143523840 2190 17525 established 2 isp1 group 2 3 isp1 tunnel 3 379387904 5789 4233 established 1 isp1 group 1 1 isp1 tunnel 1 No of tunnels 2 A Dut C A Dut C show router...

Page 232: ...unnel ID 17525 UDP Port 1701 Remote UDP Port 1701 Preference 100 Hello Interval s 300 Idle TO s 0 Destruct TO s 7200 Max Retr Estab 5 Max Retr Not Estab 5 Session Limit 1000 AVP Hiding never Transport...

Page 233: ...7200 Max Retr Estab 5 Max Retr Not Estab 5 Session Limit 1000 AVP Hiding never Transport Type udpIp Challenge never Time Started 04 17 2009 18 41 03 Time Idle 04 17 2009 18 43 20 Time Established 04...

Page 234: ...wholesaler com remote name lns2 retailer1 net state draining Conn ID Loc Tu ID Rem Tu ID State Ses Active Group Ses Total Assignment 658178048 10043 33762 draining 3 isp1 group 2 3 isp1 tunnel 2 No of...

Page 235: ...Max Ack Cur Q Length 1 0 1 0 Window Size Cur 4 acceptedMsgType StartControlConnectionRequest 1 StartControlConnectionConnected 1 IncomingCallRequest 1 IncomingCallConnected 1 ZeroLengthBody 3 origina...

Page 236: ...iption This command clears all or specific ARP entries The scope of ARP cache entries cleared depends on the command line option s specified Parameters all Clears all ARP cache entries ip addr Clears...

Page 237: ...ax statistics src ip ip address dst ip ip address statistics all Context clear router bfd Description This command clears BFD statistics Parameters src ip ip address Specifies the address of the local...

Page 238: ...1 10 icmp redirect route Syntax icmp redirect route all ip address Context clear router Description This command deletes routes created as a result of ICMP redirects received on the management interfa...

Page 239: ...icmp Specifies to reset the ICMP statistics for the IP interface s used for ICMP rate limiting urpf stats Resets the statistics associated with uRPF failures statistics Resets the IP interface traffi...

Page 240: ...s or interface name is specified then statistics are cleared for all configured interfaces If an IP address or interface name is specified then only data regarding the specified interface is cleared P...

Page 241: ...ce Description This command enables the trace The no form of the command disables the trace trace point Syntax no trace point module module name type event type class event class task task name functi...

Page 242: ...and configures route table debugging icmp Syntax no icmp Context debug router ip Description This command enables ICMP debugging icmp6 Syntax icmp6 ip int name no icmp6 Context debug router ip Descrip...

Page 243: ...terface information associated with the specified IP address headers Only displays information associated with the packet header protocol id Specifies the decimal value representing the IP protocol to...

Page 244: ...0 ESS OS Router Configuration Guide tunnel table Syntax tunnel table ip address ldp rsvp tunnel id tunnel id sdp sdp id sdp id Context debug router ip Description This command enables debugging for tu...

Page 245: ...P on page 249 Configurable Parameters on page 250 VRRP Priority Control Policies on page 258 VRRP Virtual Router Policy Constraints on page 258 VRRP Virtual Router Instance Base Priority on page 258 V...

Page 246: ...s LAN the routers sharing the IP interface prevent a single point of failure by limiting access to this gateway address VRRP can be implemented on IES service interfaces and on core network IP interfa...

Page 247: ...single Alcatel Lucent IP interface The virtual routers must be in the same subnet Each virtual router has its own VRID state machine and messaging instance IP Address Owner VRRP can be configured in e...

Page 248: ...f the forwarding responsibility if the master becomes unavailable This allows any of the virtual router IP addresses on the LAN to be used as the default first hop router by end hosts This enables a h...

Page 249: ...his message domain must have the same VRID configured The most important parameter to be defined on a non owner virtual router instance is the priority The priority defines a virtual router s selectio...

Page 250: ...heritance on page 252 Master Down Interval on page 253 Preempt Mode on page 253 VRRP Message Authentication on page 254 Authentication Data on page 256 Virtual MAC Address on page 256 Inherit Master V...

Page 251: ...uters may be configured with a priority of 254 through 1 The default value is 100 Multiple non owners can share the same priority value When multiple non owner backup virtual routers are tied transmit...

Page 252: ...vertisement message is received with an advertisement interval set to a value different than the local value and the inherit parameter is disabled the message is discarded without processing The maste...

Page 253: ...ower priority master The IP address owner will always become master when available Preempt mode cannot be set to false on the owner virtual router The default value for preempt mode is true When preem...

Page 254: ...on methods which provide varying degrees of security The supported authentication types are 0 No Authentication 1 Simple Text Password 2 IP Authentication Header Authentication Type 0 No Authenticatio...

Page 255: ...the criteria are silently dropped Authentication Type 1 Simple Text Password The use of type 1 indicates that VRRP advertisement messages are authenticated with a clear simple text password All virtu...

Page 256: ...AC address configuration must be the same for all virtual routers participating as a virtual router or indeterminate connectivity by the attached IP hosts will result All VRRP advertisement messages a...

Page 257: ...owner nodal context It is used to allow the current virtual router instance master to dictate the master down timer for all backup virtual routers Policies Policies can be configured to control VRRP...

Page 258: ...RRP virtual router instances may be associated with the same IP interface allowing multiple priority control policies to be associated with the IP interface An applied VRRP priority control policy onl...

Page 259: ...apply simultaneously creating a dynamic priority value The base priority for the instance less the sum of the delta values derives the actual priority value in use An explicit priority event is a con...

Page 260: ...a in use priority limit is used as the in use priority for the virtual router instance Otherwise the in use priority is set to the base priority less the sum of the delta events Each event generates a...

Page 261: ...be defined each with its own priority value If the LAG transitions from one threshold to the next the previous threshold priority value is subtracted from the total delta sum while the new threshold p...

Page 262: ...hold 4 ports down Hold Set Timer Expired Set to hold set parameter 102 Three ports down Event State Set 5 ports down Event Threshold 4 ports down Hold Set Timer 3 seconds 103 All ports up Event State...

Page 263: ...reshold 4 ports down Hold Set Timer Expired Set to hold set parameter 102 Three ports down Event State Set 5 ports down Event Threshold 4 ports down Hold Set Timer 3 seconds 103 All ports up Event Sta...

Page 264: ...e Unknown Priority Event The route unknown priority event defines a task that monitors the existence of a given route prefix in the system s routing table The route monitoring task can be constrained...

Page 265: ...in the active route table that matches the defined match criteria the route unknown priority event is considered false or cleared When a route prefix does not exist within the active route table match...

Page 266: ...echo request messages destined to the non owner virtual router instance IP addresses are silently discarded in both the master and backup modes Non Owner Access Telnet When non owner access Telnet is...

Page 267: ...he IP interface when destined to a virtual router IP address operating in backup mode Enabling non owner access SSH does not guarantee SSH access proper management and security features must be enable...

Page 268: ...mentation Flow ENABLE START CONFIGURE VRRP PRIORITY CONTROL POLICIES optional CONFIGURE IES SERVICE CONFIGURE ROUTER INTERFACE CONFIGURE INTERFACE CONFIGURE INTERFACE SPECIFY ADDRESS SECONDARY ADDRESS...

Page 269: ...kup command The backup IP address es must be on the same subnet The backup addresses explicitly define which IP addresses are in the VRRP advertisement message IP address list In the owner mode the ba...

Page 270: ...Page 270 7450 ESS OS Router Configuration Guide...

Page 271: ...asic VRRP Configurations on page 273 Common Configuration Tasks on page 276 Configuring VRRP Policy Components on page 278 VRRP Configuration Management Tasks on page 283 Modifying a VRRP Policy on pa...

Page 272: ...n domain VRRP provides dynamic fail over of the forwarding responsibility if the master becomes unavailable The VRRP implementation allows one master per IP subnet All other VRRP instances in the same...

Page 273: ...efined A VRRP configuration must include the following Policy ID Define at least one of the following priority events Port down LAG port down Host unreachable Route unknown The following example displ...

Page 274: ...on an IES service interface Each virtual router instance can manage up to 16 backup IP addresses VRRP parameters configured within an IES service must include the following VRID Backup IP address es T...

Page 275: ...IDs vrid can be configured on a router interface Each virtual router instance can manage up to 16 backup IP addresses VRRP parameters configured on a router interface must include the following VRID B...

Page 276: ...on owner configurations must include the following parameters All participating routers in a VRRP instance must be configured with the same vrid All participating non owner routers can specify up to 1...

Page 277: ...on each subnet The following displays an IP interface configuration example A SR1 config router info echo IP Configuration interface system address 10 10 0 1 32 exit interface testA address 123 123 1...

Page 278: ...icy Components The following displays a VRRP policy configuration example A SR1 config vrrp info policy 1 delta in use limit 50 priority event port down 1 1 2 hold set 43200 priority 100 delta exit ro...

Page 279: ...ter in case of failure VRRP can be configured the following ways Non Owner VRRP Example on page 279 Owner Service VRRP on page 280 Non Owner VRRP Example The following displays a basic non owner VRRP...

Page 280: ...P The following displays the owner VRRP configuration example A SR4 config router info echo IP Configuration interface test2 address 10 10 10 23 24 vrrp 1 owner backup 10 10 10 23 authentication type...

Page 281: ...can be configured the following ways Router Interface VRRP Non Owner on page 281 Router Interface VRRP Non Owner The following displays a non owner interface VRRP configuration example A SR2 config in...

Page 282: ...RP Owner The following displays router interface owner VRRP configuration example A SR2 config router info interface vrrpowner address 10 10 10 23 24 vrrp 1 owner backup 10 10 10 23 authentication typ...

Page 283: ...ner Parameters on page 285 Deleting VRRP on an Interface or Service on page 285 Modifying a VRRP Policy To access a specific VRRP policy you must specify the policy ID To display a list of VRRP polici...

Page 284: ...ace or to an IES service Each instance in which the policy is applied must be deleted The Applied column in the following example displays whether or not the VRRP policies are applied to an entity A S...

Page 285: ...p Entering the owner keyword is optional when entering the vrid for modification purposes Deleting VRRP on an Interface or Service The vrid does not need to be shutdown to remove the virtual router in...

Page 286: ...Page 286 7450 ESS OS Router Configuration Guide...

Page 287: ...n Guide Page 287 VRRP Command Reference Command Hierarchies Configuration Commands VRRP Network Interface Commands on page 289 VRRP Priority Control Event Policy Commands on page 290 Show Commands on...

Page 288: ...Page 288 7450 ESS OS Router Configuration Guide...

Page 289: ...no unnumbered vrrp virtual router id owner no vrrp virtual router id authentication key authentication key hash key hash hash2 no authentication key no backup ip address no bfd enable service id inte...

Page 290: ...iority timeout seconds no timeout no lag port down lag id hold clear seconds no hold clear hold set seconds no hold set no number down number of lag ports down priority priority level delta explicit n...

Page 291: ...interval seconds repeat repeat absolute rate Clear Commands clear vrrp statistics router vrrp interface ip int name vrid virtual router id statistics interface interface name vrid virtual router id s...

Page 292: ...Page 292 7450 ESS OS Router Configuration Guide...

Page 293: ...sage authentication data fields The first field contains the first four characters with the first octet starting with IETF RFC bit position 0 containing the first character The second field similarly...

Page 294: ...P addresses that are advertised within VRRP advertisement messages This communicates the IP addresses that the master is representing to backup virtual routers receiving the messages Advertising a cor...

Page 295: ...e of the parent IP interface defined IP addresses primary and secondary For non owner virtual router instances the virtual router IP addresses each must be within one of the parental IP interface IP a...

Page 296: ...IP interface is not configured the virtual router IP address assignment fails Parent Primary IP Address Changed When a virtual router IP address is set and the associated parent IP interface IP addres...

Page 297: ...nstance but there can be multiple SRRP VRRP sessions using the same BFD session BFD control the state of the associated interface By enabling BFD on a given protocol interface the state of the protoco...

Page 298: ...both non owner and owner vrrp nodal contexts The mac command can be executed at any time and takes effect ediately When the virtual router MAC on a master virtual router instance changes a gratuitous...

Page 299: ...virtual router instances usage of the message interval setting is dependent on the state of the virtual router master or backup and the state of the master int inherit parameter When a non owner is o...

Page 300: ...conditions within the chassis The policy can be associated with more than one virtual router instance The priority events within the policy either override or diminish the base priority set with the p...

Page 301: ...le in the non owner vrrp nodal context The owner may not be preempted because the priority of non owners can never be higher than the owner The owner always preempts all other virtual routers when it...

Page 302: ...o ping reply Context config router if vrrp Description This command enables the non owner master to reply to ICMP echo requests directed at the vritual router instances IP addresses Non owner virtual...

Page 303: ...lse backup master state changes If the shutdown command is executed no VRRP advertisement messages are generated and all received VRRP advertisement messages are silently discarded with no processing...

Page 304: ...specifies whether this VRRP instance allows forwarding packets to a standby router When disabled a standby router should not forward traffic sent to virtual router s MAC address However the standby ro...

Page 305: ...is valid only if the VRRP virtual router instance associated with this entry is a non owner When this command is enabled a non owner master can reply to traceroute requests directed to the virtual ro...

Page 306: ...h reply The owner virtual router instance always allows Ping Telnet and SSH if the management and security parameters are configured to accept them on the parent IP interface vrrp shutdown The owner v...

Page 307: ...ority control event overrides the delta priority control events the delta in use limit has no effect Setting the limit to a higher value than the default of 1 limits the effect of the delta priority c...

Page 308: ...ts It is a parental node for the various VRRP priority control policy commands that define the policy parameters and priority event conditions The virtual router instance priority command defines the...

Page 309: ...oes not apply to a service but applies to the base router instance Values 1 2147483647 priority event Syntax no priority event Context config vrrp policy vrrp priority id Description This command crea...

Page 310: ...conds no hold set Context config vrrp policy priority event host unreachable config vrrp policy priority event lag port down config vrrp policy priority event port down config vrrp policy priority eve...

Page 311: ...t id channel id config vrrp policy priority event route unknown prefix mask length Description This command controls the effect the set event has on the virtual router instance in use priority When th...

Page 312: ...priority event priority level values on all set delta priority events are subtracted from the virtual router base priority to derive the virtual router instance in use priority value If the delta prio...

Page 313: ...et When an event transitions from clear to set the set is processed ediately and must be reflected in the associated virtual router instances in use priority value As the event transitions from cleare...

Page 314: ...he VRRP priority control event The port id channel id can only be monitored by a single event in this policy The channel can be monitored by multiple VRRP priority control policies A port and a specif...

Page 315: ...an arbitrary LAG The lag id does have to already exist within the system The operational state of the lag port down event will indicate Set non existent Set one port down Set two ports down Set three...

Page 316: ...se priority of all associated virtual router instances must be reevaluated The events hold set timer has no effect on the removal procedure Default no lag port down No LAG priority control events are...

Page 317: ...thresholds must be re evaluated after removal Default no number down No threshold for the LAG priority event is created Parameters number of lag ports down The number of LAG ports down to create a se...

Page 318: ...op counter The event is not cleared until the consecutive drop counter is less than the drop count value and the hold set timer has a value of zero expired The no form of the command reverts to the de...

Page 319: ...s in use priority value As the event transitions from clear to set a hold set timer is loaded with the value configured by the events hold set command This timer prevents the event from clearing until...

Page 320: ...ach session originates a unique identifier value for the ICMP echo request messages it generates This allows received ICMP echo reply messages to be directed to the appropriate sending application Val...

Page 321: ...eout after the message timeout timer expires In this case the message request is unsuccessful If an ICMP echo reply message is not received prior to the timeout period for a given ICMP echo request th...

Page 322: ...llow default optional parameter extends the less specific match to include the default route 0 0 0 0 The no form of the command prevents RTM lookup results that are less specific than the route prefix...

Page 323: ...nknown event transitions to the set state The protocol command is optional If the protocol command is not executed the comparison between the RTM prefix return and the route unknown IP route prefix wi...

Page 324: ...refix within the routing table The route unknown command configures a priority control event that defines a link between the VRRP priority control policy and the Route Table Manager RTM The RTM regist...

Page 325: ...apping If the event clears and becomes set again before the hold set timer expires the timer is reset to the hold set value extending the time before another clear can take effect The no form of the c...

Page 326: ...trol policies The IP address can be used in one or multiple ping requests Each VRRP priority control host unreachable and ping destined to the same ip addr is uniquely identified on a per message basi...

Page 327: ...or the specified VRRP instance on the IP interface Default All VRIDs for the IP interface Values 1 255 Output VRRP Instance Output The following table describes the instance command output fields for...

Page 328: ...own timer is indirectly derived from the value in the advertisement interval field of the VRRP message received from the current master No When the VRRP instance is operating as a backup and the maste...

Page 329: ...IP address of the VRRP master Primary IP The IP address of the VRRP owner Up Time The date and time when the operational state of the event last changed Virt MAC Addr The virtual MAC address used in...

Page 330: ...n Use Mesg Intvl 1 Master Inherit Intvl No Base Priority 100 In Use Priority 100 Policy ID n a Preempt Mode Yes Ping Reply No Telnet Reply No SSH Reply No Traceroute Reply No Init Delay 0 Init Timer E...

Page 331: ...nd qualifiers Values port down port id lag port down lag id host unreachable host ip addr route unknown route prefix mask specific qualifier Display information about the specified qualifier Values po...

Page 332: ...ess this value is 0 Description A text string which describes the VRRP policy Event Type ID A delta priority event is a conditional event defined in a priority con trol policy that subtracts a given a...

Page 333: ...nless this value is 0 Description A text string which describes the VRRP policy Event Type ID A delta priority event is a conditional event defined in a priority con trol policy that subtracts a given...

Page 334: ...pe ID Event Oper State Hold Set Priority In Remaining Effect Use Host Unreach 10 10 200 252 n a Expired 20 Del No Host Unreach 10 10 200 253 n a Expired 10 Del No Route Unknown 10 10 100 0 24 n a Expi...

Page 335: ...ith the priority control policy happen simultane ously This sum is subtracted from the base priority of the virtual router to give the in use priority Delta Limit The delta in use limit for a VRRP pol...

Page 336: ...P pri ority control event can transition to the cleared state to dampen flap ping events Priority The base priority used by the virtual router instance Priority Effect Delta The priority level value i...

Page 337: ...7 04 54 35 A ALA A A ALA A show vrrp policy 1 event host unreachable VRRP Policy 1 Event Host Unreachable 10 10 200 252 Description 10 10 200 253 reachability Current Priority None Applied No Current...

Page 338: ...0 100 0 24 Priority 1 Priority Effect Explicit Less Specific No Default Allowed No Next Hop s None Protocol s None Hold Set Config 0 sec Hold Set Remaining Expired Value In Use No Current State n a tr...

Page 339: ...VRRP 7450 ESS OS Router Configuration Guide Page 339 Sample Output A ALA 48 show router vrrp statistics VRRP Global Statistics VR Id Errors 0 Version Errors 0 Checksum Errors 0 A ALA 48...

Page 340: ...ted Default 10 Values 1 999 absolute When the absolute keyword is specified the raw statistics are displayed without pro cessing No calculations are performed on the delta or rate statistics rate When...

Page 341: ...ntext clear router vrrp Description This command enables the context to clear and reset VRRP entities Parameters policy policy id Clears statistics for the specified policy Values 1 9999 statistics Sy...

Page 342: ...Page 342 7450 ESS OS Router Configuration Guide policy vrrp policy id Clears VRRP statistics for all or the specified VRRP priority control pol icy Default All VRRP policies Values 1 9999...

Page 343: ...disables debugging Parameters ip int name Displays the specified interface name vrid virtual router id Displays the specified VRID packets Syntax packets interface ip int name vrid virtual router id p...

Page 344: ...Page 344 7450 ESS OS Router Configuration Guide...

Page 345: ...ed in the SROS Triple Play Guide and CPM security and Management Interface described in SROS Router Configuration Guide Topics in this chapter include Filter Policy Configuration Overview on page 346...

Page 346: ...ith a unique filter id but each filter has also a unique filter name argument that can be defined once the filter policy has been created Either filter id or filter name can then be used throughout th...

Page 347: ...ned a unique filter ID Each filter policy is defined with Scope Default action Description Filter Name that can be optionally used in CLI to reference this filter policy instead of Filter ID some exce...

Page 348: ...ke SDP Fpipe SAP spoke SDP Fpipe SAP spoke SDP Ipipe SAP spoke SDP Ipipe SAP spoke SDP Pseudowire template Pseudowire template Table 9 Applying Filter Policies IP Filter MAC Filter Security CPM N A CR...

Page 349: ...nation with the highest priority value is selected There are no default redirect policies Each redirect policy must be explicitly configured and specified in an IPv4 filter entry To facilitate redirec...

Page 350: ...rection 1 The customer gets an IP address using DHCP if the customer is trying to set a static IP he will be blocked by the anti spoofing filter 2 The customer tries to connect to a website 3 The rout...

Page 351: ...riber identification string Note that the subscriber identification string is available only when used with subscriber management Refer to the subscriber management section of the SROS Triple Play Gui...

Page 352: ...be flooded in the BVPLS context as unknown unicast in the BVPLS context for both IVPLS and PBB Epipe To restrict distribution of this traffic for local PBB services ISID filters can be deployed The ma...

Page 353: ...1 x 0 The matching is based on the port configuration and the SAP configuration In the industry the QinQ tags are often referred to as the C VID Customer VID and S VID service VID The terms outer tag...

Page 354: ...the Service Tags Too Deep to be Service Delimiting or to be Used for VID Filtering Tag Available for Matching and Indication of Which Match Criteria to Use 20 10 Payload MAC 10 20 30 Payload MAC 10 2...

Page 355: ...ional check for the 0 VID tag may be required when using certain wild card operations For example frames with no tags on null encapsulated ports will match a value of 0 in outer tag and inner tag beca...

Page 356: ...ve a filter as shown below while port A sap 1 1 1 2 would not mac filter 4 create default action forward type vid entry 1 create match frame type ethernet_II outer tag 30 4095 exit action drop exit ex...

Page 357: ...ion and Implementation Flow Figure 18 displays the process to create a filter policy and apply that policy to a service or network port CREATE A REDIRECT POLICY CREATE IP FILTER SPECIFY DESTINATION PR...

Page 358: ...er Policies CREATE AN IP OR MAC FILTER FILTER ID CREATE FILTER ENTRIES ENTRY ID SPECIFY SCOPE DEFAULT ACTION DESCRIPTION SPECIFY ACTION PACKET MATCHING CRITERIA SAVE CONFIGURATION CREATE SERVICE ASSOC...

Page 359: ...ader of the packet src port dst port When protocol IPv4 specifies TCP UDP or both for this entry it matches against the Source Port Number Destination Port Number of the outer IPv4 header of the packe...

Page 360: ...fying an Ethernet 802 2 LLC DSAP value allows the filter to match a destination access point on the network node designated in the destination field of a packet snap pid Specifying an Ethernet IEEE 80...

Page 361: ...Value Table DSCP Name Decimal DSCP Value Hexadecimal DSCP Value Binary DSCP Value default 0 cp1 1 cp2 2 cp3 3 cp4 4 cp5 5 cp6 6 cp7 7 cs1 8 cp9 9 af10 10 af11 11 af12 12 cp13 13 cp14 14 cp15 15 cs2 16...

Page 362: ...f43 38 cp39 39 cs5 40 cp41 41 cp42 42 cp43 43 cp44 44 cp45 45 ef 46 cp47 47 nc1 48 cs6 cp49 49 cp50 50 cp51 51 cp52 52 cp53 53 cp54 54 cp55 55 cp56 56 cp57 57 nc2 58 cs7 cp60 60 cp61 61 cp62 62 Table...

Page 363: ...e 1 0 2 130 SEC Security 1 0 3 131 LSR Loose source router 1 0 5 133 E SEC Extended security 1 0 6 134 CIPSO Commercial security 1 0 8 136 SID Stream id 1 0 9 137 SSR Strict source route 1 0 14 142 VI...

Page 364: ...num filter policy command When a filter consists of a single entry the filter executes actions as follows If a packet matches all the entry criteria the entry s specified action is performed drop or f...

Page 365: ...d Source Address 10 10 10 103 Destination Address 10 10 10 105 FILTER ENTRY ID 20 Action Forward REMAINING PACKETS ARE DROPPED PER THE DEFAULT ACTION DROP FORWARD PACKETS WITH MATCHING SA AND DA FORWA...

Page 366: ...t for CPM and IOM filter policies are introduced to eliminate above operational complexity by simplifying the IOM and CPM filter policy management on a list of a match criterion Instead of defining mu...

Page 367: ...unless resources exist in hardware to implement the required filter policy ies that reference that list If that is not the case addition of a new element to the list or use of the list by another pol...

Page 368: ...ters are applied to a SAP packets received at the egress SAP are checked against the matching criteria in the filter entries If the packet completely matches all criteria in an entry the checking stop...

Page 369: ...is configured it may take a few seconds to load and initiate the filter policy configuration The action keyword must be entered for the entry to be active Any filter entry without the action keyword...

Page 370: ...Page 370 7450 ESS OS Router Configuration Guide a When snap header is present this is always set to AA AA...

Page 371: ...e filters The implementation of the feature applies to filter logs with destination syslog In case of VPLS scenario both Layer 2 Layer 3 are applicable Layer 2 Source MAC or optionally destination MAC...

Page 372: ...Page 372 7450 ESS OS Router Configuration Guide...

Page 373: ...Filter Policy on page 375 Creating Filter Log Policies on page 384 Applying Filter Policies on page 385 Apply IPv4 Filter Policies to a Network Port on page 387 Creating a Redirect Policy on page 388...

Page 374: ...nfiguration of an IP filter policy The configuration blocks all incoming TCP session except Telnet and allows all outgoing TCP sessions from IP net 10 67 132 0 24 Figure 22 depicts the interface to ap...

Page 375: ...etwork Port on page 387 Creating an IP Filter Policy Configuring and applying filter policies is optional Each filter policy must have the following The filter type specified IP A filter policy ID A d...

Page 376: ...are handled either dropped or forwarded Enter a filter entry ID The system does not dynamically assign a value Assign an action either drop or forward Specify matching criteria The following displays...

Page 377: ...n http redirect configuration example A ALA 48 config filter ip filter info description filter main scope exclusive entry 10 create description no 91 match dst ip 10 10 10 91 24 src ip 10 10 0 100 24...

Page 378: ...scription no 91 filter sample interface disable sample match exit action forward redirect policy redirect1 exit A ALA 7 config filter ip filter Within a filter entry you can also specify that traffic...

Page 379: ...specified MAC normal MAC isid MAC vid A filter policy ID A default action either drop or forward Filter policy scope either exclusive or template At least one filter entry Matching criteria specified...

Page 380: ...filter configuration example A ALA 7 config filter info mac filter 90 create description filter wan man scope template type isid entry 1 create description drop local isids match isid 100 to 1000 exi...

Page 381: ...ID filter configuration example A TOP_NODE config filter mac filter info default action forward type vic entry 1 create match frame type ethernet_II ouiter tag 85 4095 exit action drop exit entry 2 cr...

Page 382: ...n the entry determine how the packets are handled either dropped or forwarded Enter a filter entry ID The system does not dynamically assign a value Assign an action either drop or forward Specify mat...

Page 383: ...pecify at least one list argument a valid IPv4 address prefix for example Optionally a description can also be defined The following displays an IPv4 address prefix list configuration example and usag...

Page 384: ...Guide Creating Filter Log Policies The following displays a filter matching configuration example A ALA 48 config filter log info detail description Test filter log destination memory 1000 wrap aroun...

Page 385: ...es can be associated with the following entities Table 13 Applying Filter Policies IP Filter MAC Filter Epipe SAP spoke SDP Epipe SAP spoke SDP Fpipe SAP spoke SDP N A IES interface SAP N A Ipipe SAP...

Page 386: ...an existing filter policy or if defined a Filter Name for that Filter ID policy can be used in the CLI The following output displays IP and MAC filters assigned to an ingress and egress SAP and spoke...

Page 387: ...licies are applied to network interfaces by associating a policy with ingress and or egress direction as desired Filter ID is used to associate an existing filter policy or if defined a Filter Name fo...

Page 388: ...redirection policy configuration A ALA 7 config filter info redirect policy redirect1 create destination 10 10 10 104 create description SNMP_to_104 priority 105 snmp test SNMP 1 interval 30 drop cou...

Page 389: ...I performs packet inspection modification and either drops the traffic or forwards the traffic back into the box through SAP 1 1 21 1 Traffic will then be sent to spoke sdp 3 5 SAP 1 1 23 5 is configu...

Page 390: ...zon group split create disable learning static mac 00 00 00 31 11 01 create exit sap 1 1 22 1 split horizon group dpi create disable learning static mac 00 00 00 31 12 01 create exit sap 1 1 23 5 crea...

Page 391: ...p split create exit stp shutdown exit sap 1 1 5 5 split horizon group split create ingress filter mac 100 exit static mac 00 00 00 31 15 05 create exit sap 1 1 21 1 split horizon group split create di...

Page 392: ...s The system exits the matching process when the first match is found and then executes the actions in accordance with the specified action Because the ordering of entries is important the numbering s...

Page 393: ...ion forward exit entry 40 create match dst ip 10 10 10 91 24 src ip 10 10 10 106 24 exit action drop exit exit A ALA 7 config filter A ALA 7 config filter info ip filter 11 create description filter m...

Page 394: ...command to remove the command parameters or return the parameter to the default setting Example config filter ip filter description New IP filter info config filter ip filter entry 2 create config fi...

Page 395: ...on Guide Page 395 entry 15 create description no 91 match dst ip 10 10 10 91 24 src ip 10 10 10 103 24 exit action forward exit entry 30 create match dst ip 10 10 10 91 24 src ip 10 10 0 200 24 exit a...

Page 396: ...in all context where the filter is used The following illustrates an example of removing a filter filter ID 11 from an ingress ePipe SAP Example config service epipe 5 config service epipe sap 1 1 2 3...

Page 397: ...l test url http www alcatel com config filter redirect policy dest url test interval 10 config filter redirect policy dest url test timeout 10 config filter redirect policy dest url test return code 1...

Page 398: ...cy from the filter configuration Example config filter ip filter 11 config filter ip filter entry 1 config filter ip filter entry action forward redirect policy redirect2 config filter ip filter entry...

Page 399: ...ilter policies can also be created by copying an existing policy and renaming the new filter The following displays the command usage to copy an existing IP filter 11 to create a new filter policy 12...

Page 400: ...Page 400 7450 ESS OS Router Configuration Guide...

Page 401: ...nds on page 406 Configuration Commands Log Commands config filter log log id create no log log id description description string no description destination memory num entries syslog syslog id destinat...

Page 402: ...rect ip address interface ip int name action forward redirect policy policy name action forward sap sap id sdp sdp id action http redirect url action nat no action description description string no de...

Page 403: ...id count count no sub insert radius sub insert wmark low low watermark high high watermark no sub insert wmark description description string no description entry entry id time range time range name n...

Page 404: ...Page 404 7450 ESS OS Router Configuration Guide no ssap src mac ieee address ieee address mask no src mac renum old entry id new entry id scope exclusive template no scope type filter type...

Page 405: ...seconds no timeout snmp test test name create no snmp test test name drop count consecutive failures hold down seconds no drop count interval seconds no interval oid oid string community community st...

Page 406: ...counters log bindings log log id match string mac mac filter id entry entry id association counters redirect policy redirect policy name dest ip address association Clear Commands clear filter ip filt...

Page 407: ...ist ip prefix list Description This command creates a text description stored in the configuration file for a configuration context The description command associates a text string with a configuratio...

Page 408: ...to multiple services or multiple network ports as long as the scope of the policy is template Any changes made to the existing policy using any of the sub commands will be applied immediately to all s...

Page 409: ...letes the mac filter policy A filter policy cannot be deleted until it is removed from all SAP where it is applied Parameters filter id The MAC filter policy ID number Values 1 65535 create Keyword re...

Page 410: ...xact invert match option dhcp option number match string ascii string exact invert match no option Context config filter dhcp filter entry Description This command configures the action to take on DHC...

Page 411: ...ed as a decimal integer Values 10 50000 syslog syslog id Specifies the destination of the filter log ID is a Syslog server The syslog id parameter is the number of the Syslog server definition Values...

Page 412: ...are always indicated in system generated configuration files The no form of the command puts an entity into the administratively enabled state Default no shutdown summary Syntax summary Context config...

Page 413: ...onfig filter log Description This command configures a memory filter log to log until full or to store the most recent log entries circular buffer Specifying wrap around configures the memory filter l...

Page 414: ...l packets will be forwarded unless there is a specific filter entry which causes the packet to be dropped filter name Syntax filter name filter name Context config filter ip filter config filter mac f...

Page 415: ...t control Syntax sub insert credit control start entry entry id count count no sub insert credit control Context config filter ip filter Description This command inserts point information for credit c...

Page 416: ...table full alarm will be cleared by the agent Values 0 100 high high watermark Specifies the utilization of the filter ranges for filter entry insertion at which a table full alarm will be raised by t...

Page 417: ...ices or network ports where that filter is applied Default none Parameters entry id An entry id uniquely identifies a match criteria and the corresponding action It is recommended that multiple entrie...

Page 418: ...50 ESS OS Router Configuration Guide The no form of the command disables logging for the filter entry Default no log Parameters log id The filter log ID destination expressed as a decimal integer Valu...

Page 419: ...ward Specifies packets matching the entry criteria will be forwarded next hop ip address The IP address of the direct next hop to which to forward matching packets in dotted decimal notation indirect...

Page 420: ...mer s subscriber identification string Values 255 characters maximum filter sample Syntax no filter sample Context config filter ip filter entry Description Specifies that traffic matching the associa...

Page 421: ...otocol to be used as an IP filter match criterion The protocol type such as TCP or UDP is identified by its respective protocol number protocol id Configures the decimal value representing the IP prot...

Page 422: ...ncapsulation Header pnni 102 PNNI over IP pim 103 Protocol Independent Multicast vrrp 112 Virtual Router Redundancy Protocol l2tp 115 Layer Two Tunneling Protocol stp 118 Spanning Tree Protocol ptp 12...

Page 423: ...tatement The filter entry is considered incomplete and hence rendered inactive without the action keyword Default none Parameters drop Specifies packets matching the entry criteria will be dropped for...

Page 424: ...statement are configured then all criteria must be satisfied AND function before the action associated with the match will be executed A match context may consist of multiple match criteria but multip...

Page 425: ...Filter Policies 7450 ESS OS Router Configuration Guide Page 425 ethernet_II Specifies the frame type is Ethernet Type II...

Page 426: ...efix list name no dst ip Context config filter ip filter entry match Description This command configures a destination IP address range to be used as an IP filter match criterion To match on the desti...

Page 427: ...match gt specifies all port numbers greater than dst port number match eq specifies that dst port number must be an exact match eq Specifies the operator to use relative to dst port number for specify...

Page 428: ...nted packet since only the first fragment contains the L4 information This option is only meaningful if the protocol match criteria specifies ICMP 1 The no form of the command removes the criterion fr...

Page 429: ...integer The mask is applied as an AND to the option byte the result is compared with the option value The decimal value entered for the match should be a combined value of the eight bit option type f...

Page 430: ...in the IP header as a match criterion Parameters true Specifies matching on all IP packets that contain the option field in the header A match will occur for all packets that have the option field pre...

Page 431: ...filter match criterion Note that an entry containing L4 match criteria will not match non initial 2nd 3rd etc fragments of a fragmented packet since only the first fragment contains the L4 informatio...

Page 432: ...ave the ACK bit set in the control bits of the TCP header of the IP packet tcp syn Syntax tcp syn true false no tcp syn Context config filter ip filter entry match Description This command configures...

Page 433: ...lease see general description related to match list usage in filter policies Default none Parameters ip prefix list name A string of up to 32 characters of printable ASCII characters If special charac...

Page 434: ...OS Router Configuration Guide Parameters ip prefix A valid IPv4 address prefix in dotted decimal notation Values 0 0 0 0 to 255 255 255 255 host bit must be 0 prefix length Length of the entered IP p...

Page 435: ...xample if a packet ingresses on a null encapsulated SAP and the customer packet is IEEE 802 1Q or 802 1p tagged the 802 1p bits will be present for a match evaluation On the other hand if a customer t...

Page 436: ...of the command to remove the dsap value as the match criterion Default no dsap Parameters dsap value The 8 bit dsap match criteria value in hexadecimal Values 0x00 0xFF hex mask This is optional and m...

Page 437: ...field is a two byte field used to identify the protocol carried by the Ethernet frame For example 0800 is used to identify the IPv4 packets The Ethernet type field is used by the Ethernet version II...

Page 438: ...ilter mac filter entry match Description This command configures the matching of the second tag that is carried transparently through the service The inner tag on ingress is the second tag on the fram...

Page 439: ...will contain the next tag which is still the first tag carried transparently through the service On SAPs with two service delimiting tags two tags stripped outer tag will contain 0 even if there are...

Page 440: ...but the same PID field will both match the same filter entry based on a snap pid match criteria The no form of the command removes the snap pid value as the match criteria Default no snap pid Paramet...

Page 441: ...2 3 Ethernet Frame The snap pid field etype field ssap and dsap fields are mutually exclusive and may not be part of the same match criteria MAC Match Criteria Exclusivity Rules on page 369 describes...

Page 442: ...id identifies the source filter policy from which the copy command will attempt to copy The filter policy must exist within the context of the preceding keyword ip filter or mac filter dest filter id...

Page 443: ...o properly sequence filter entries This may be required in some cases since the OS exits when the first match is found and executes the actions according to the accompanying action command This requir...

Page 444: ...ig filter destination ping test config filter destination snmp test Description This command configures parameters to perform connectivity ping tests to validate the ability for the destination to rec...

Page 445: ...t Default 1 Parameters seconds Specifies the amount of time in seconds between consecutive requests sent to the far end host Values 1 60 timeout Syntax timeout seconds no timeout Context config filter...

Page 446: ...characters long composed of printable 7 bit ASCII characters If the string contains special characters spaces etc the entire string must be enclosed within double quotes oid Syntax oid oid string comm...

Page 447: ...olicy destination Description The context to enable URL test parameters IP filters can be used to selectively cache some web sites Default none Parameters test name The name of the URL test Allowed va...

Page 448: ...cified range lower priority priority Specifies the amount to lower the priority of the destination when the return code falls within the specified range raise priority priority Specifies the amount to...

Page 449: ...48 ip Syntax ip ip filter id entry entry id association counters type entry type Context show filter Description This command shows IP filter information Parameters ip filter id Displays detailed info...

Page 450: ...specified Sample Output A ALA 49 show filter ip IP Filters Filter Id Scope Applied Description 1 Template Yes 3 Template Yes 6 Template Yes 10 Template No 11 Template No Num IP filters 5 A ALA 49 A D...

Page 451: ...tch Criteria IP Indicates the filter is an IP filter policy Entry The filter ID filter entry ID If the filter entry ID indicates the entry is Inactive then the filter entry is incomplete as no action...

Page 452: ...mber or port rangee Dscp The DiffServ Code Point DSCP name ICMP Code The ICMP code field in the ICMP header of an IP packet Option present Off Specifies not to search for packets that contain the opti...

Page 453: ...er Id fSpec 1 Applied Yes Scope Template Def Action Forward Radius Ins Pt n a CrCtl Ins Pt n a Entries 2 insert By Bgp Description BGP FlowSpec filter for the Base router Filter Association IP Service...

Page 454: ...n Off TCP ack Off Match action Drop Ing Matches 0 pkts Egr Matches 0 pkts Entry fSpec 1 49151 inserted by BGP FLowSpec Description Not Specified Log Id n a Src IP 0 0 0 0 0 Src Port None Dest IP 0 0 0...

Page 455: ...tion Off TCP syn Off TCP ack Off Match action Forward Next Hop 138 203 228 28 Ing Matches 0 Egr Matches 0 Entry 1020 time range night Cur Status Active Log Id n a Src IP 0 0 0 0 0 Src Port None Dest I...

Page 456: ...e Service Access Point on which the filter policy ID is applied Ingress The filter policy ID is applied as an ingress filter policy on the inter face Egress The filter policy ID is applied as an egres...

Page 457: ...ing the filter entry Forward The explicit action to perform is forwarding of the packet If the action is Forward then if configured the nexthop infor mation should be displayed including Nexthop IP ad...

Page 458: ...mpling On IP Option 0 0 Multiple Option Off TCP syn Off TCP ack Off Match action Drop Ing Matches 0 Egr Matches 0 A ALA 49 Output Show Filter Associations with TOD suite specified If a filter is refer...

Page 459: ...er policy ID has not been applied Yes The filter policy ID is applied Def Action Forward The default action for the filter ID for packets that do not match the filter entries is to forward Drop The de...

Page 460: ...s entries is produced The following table describes the command output for the command Label Description Filter Id The IP filter ID Scope Template The filter policy is of type Template Exclusiv The fi...

Page 461: ...lue for the match criteria Undefined indicates no value is specified Ethertype The Ethertype value match criterion DSAP The DSAP value match criterion Undefined indicates no value specified SSAP SSAP...

Page 462: ...hes 0 Egr Matches 0 Filter Associations The associations for a filter ID will be displayed if the associations keyword is specified The assocation information is appended to the filter information The...

Page 463: ...ed Def Action Forward The default action for the filter ID for packets that do not match the filter entries is to forward Drop The default action for the filter ID for packets that do not match the fi...

Page 464: ...nd displays Lawful Intercept MAC filter information Parameters li mac filter id Displays detailed information for the specified Lawful Intercept filter ID and its filter entries Values 1 65535 associa...

Page 465: ...ot been applied Yes The filter policy ID is applied Def Action Forward The default action for the filter ID for packets that do not match the filter entries is to forward Drop The default action for t...

Page 466: ...tes no value specified SSAP SSAP value match criterion Undefined indicates no value specified Snap pid The Ethernet SNAP PID value match criterion Undefined indicates no value specified Esnap oui zero...

Page 467: ...n The following table describes the fields in the appended associations output Sample Output show li filter li mac testLiMacFilter association LI Mac Filter Filter Id testLiMacFilter Associated Yes En...

Page 468: ...lied Def Action Forward The default action for the filter ID for packets that do not match the filter entries is to forward Drop The default action for the filter ID for packets that do not match the...

Page 469: ...r Description This command shows redirect filter information Parameters redirect policy name Displays information for the specified redirect policy dest ip address Directs the router to use a specifie...

Page 470: ...destination Ping Test Specifies the name of the ping test Timeout Specifies the amount of time in seconds that is allowed for receiving a response from the far end host If a reply is not received wit...

Page 471: ...Admin Priority 95 Oper Priority 105 Admin State Up Oper State Down Ping Test Interval 1 Timeout 30 Drop Count 5 Hold Down 0 Hold Remain 0 Last Action at 03 19 2007 00 46 55 Action Taken Disable Destin...

Page 472: ...ription Not Specified Admin Priority 90 Oper Priority 90 Admin State Up Oper State Down URL Test URL_to_Proxy Interval 10 Timeout 10 Drop Count 3 Hold Down 0 Hold Remain 0 Last Action at 03 19 2007 05...

Page 473: ...s ip filter id The IP filter policy ID Values 1 65535 entry id Specifies that only the counters associated with the specified filter policy entry will be cleared Values 1 65535 ingress Specifies to on...

Page 474: ...ng the command line parameters Default Clears all counters associated with the MAC filter policy entries Parameters mac filter id The MAC filter policy ID Values 1 65535 entry id Specifies that only t...

Page 475: ...60 repeat repeat Configures how many times the command is repeated Default 10 Values 1 999 absolute When the absolute keyword is specified the raw statistics are displayed without pro cessing No calcu...

Page 476: ...t repeat Configures how many times the command is repeated Default 10 Values 1 999 absolute When the absolute keyword is specified the raw statistics are displayed without pro cessing No calculations...

Page 477: ...s Chapter This chapter provides information to configure Cflowd Topics in this chapter include Cflowd Overview on page 478 Operation on page 479 Cflowd Filter Matching on page 483 Cflowd Configuration...

Page 478: ...low structures The amount of data stored depends on the cflowd configurations Cflowd maintains a list of data flows through a router A flow is a uni directional traffic stream defined by several chara...

Page 479: ...maximum number of entries are already in the flow cache the earliest expiry entry is removed The earliest expiry entry flow is the next flow that will expire due to the active or inactive timer expir...

Page 480: ...l flow captured Version 10 IPFIX Generates a variable export record depending on user configuration and sampled traffic type IPv4 IPv6 or MPLS for each individual flow captured There are several diffe...

Page 481: ...onfigurable values The cache size default is 64K flow entries A flow terminates when one of the following conditions is met When the inactive timeout period expires default 15 seconds A flow is consid...

Page 482: ...le with RFC 3954 Cisco Systems NetFlow Services Export Version 9 Version 10 Version 10 is a new format and protocol that inter operates with the specifications from the IETF as the IP Flow Information...

Page 483: ...t criteria to determine acceptability With cflowd only the first packet of a flow is checked If the first packet is forwarded an entry is added to the cflowd cache Subsequent packets in the same flow...

Page 484: ...rs which specify an action of interface disable sample in which traffic that matches these filter entries will not be subject to cflowd sampling Cflowd ACL where IP filters must be created with entrie...

Page 485: ...erational Cflowd is enabled globally At least one collector must be configured and enabled A cflowd option must be specified and enabled on a router interface Sampling must be enabled on either An IP...

Page 486: ...Page 486 7450 ESS OS Router Configuration Guide...

Page 487: ...owd Configuration on page 491 Common Configuration Tasks on page 492 Enabling Cflowd on page 494 Configuring Global Cflowd Parameters on page 495 Configuring Cflowd Collectors on page 496 Dependencies...

Page 488: ...ve sampling over an extended period of time for example more than every 1000th packet can burden router processing resources The following data is maintained for each individual flow in the raw flow c...

Page 489: ...greater flexibility in the types of flows that are captured Collectors A collector defines the data flow for exporting sampled data from the cache A maximum of 5 collectors can be configured Each coll...

Page 490: ...prefix and mask source AS and ingress interface Destination prefix Flows are aggregated based on destination prefix and mask destination AS and egress interface Source destination prefix Flows are agg...

Page 491: ...e collector must be configured and enabled Sampling must be enabled on either An IP filter entry and applied to a service or an port An interface applied to a port The following example displays a cfl...

Page 492: ...to configure cflowd and provides the CLI commands In order to begin traffic flow sampling cflowd must be enabled and at least one collector must be configured Global Cflowd Components The components c...

Page 493: ...ng Cflowd on Interfaces and Filters on page 501 CLI Syntax config cflowd active timeout minutes cache size num entries inactive timeout seconds template retransmit seconds overflow percent rate sample...

Page 494: ...collector to be active Use the following CLI syntax to enable cflowd CLI Syntax config cflowd no shutdown The following example displays the default values when cflowd is initially enabled No collect...

Page 495: ...lowing CLI commands to configure cflowd parameters CLI Syntax config cflowd active timeout minutes cache size num entries inactive timeout seconds overflow percent rate sample rate template retransmit...

Page 496: ...shutdown template set basic mpls ip The following example displays a basic cflowd configuration A ALA 1 config cflowd info active timeout 20 inactive timeout 10 overflow 10 rate 100 collector 10 10 10...

Page 497: ...ponding template used to export the flow data Basic IPv4 Template 0 IPv4 Src Addr 8 0 IPv4 Dest Addr 12 0 IPv4 Nexthop 15 0 BGP Nexthop 18 0 Iingress Interface 10 0 Egress Interface 14 0 Packet Count...

Page 498: ...est IPv4 Prefix Length 13 0 MPLS Label 1 70 0 MPLS Label 2 71 0 MPLS Label 3 72 0 MPLS Label 4 73 0 MPLS Label 5 74 0 MPLS Label 6 75 Basic IPv6 Template 0 IPv6 Src Addr 27 0 IPv6 Dest Addr 28 0 IPv6...

Page 499: ...0 TCP control Bits Flags 6 0 Protocol 4 0 IPv6 Option Hdr 64 0 IPv6 Next Header 193 0 IPv6 Flow Label 31 0 TOS 5 0 IP version 60 0 IPv6 ICMP Type Code 139 0 BGP Source ASN 16 0 BGP Dest ASN 17 0 IPv6...

Page 500: ...Interface 10 0 Egress Interface 14 0 Packet Count 2 0 Byte Count 1 0 Start Time 22 0 End Time 21 0 Flow Start Milliseconds 152 0 Flow End Milliseconds 153 0 Src Port 7 0 Dest Port 11 0 TCP control Bit...

Page 501: ...n discusses the following cflowd configuration management tasks Dependencies on page 505 Specifying Cflowd Options on an IP Interface on page 502 Interface Configurations on page 502 Service Interface...

Page 502: ...n of the 4 To omit certain types of traffic from being sampled when the interface sampling is enabled the config filter ip filter entry interface disable sample option may be enabled via an ip filter...

Page 503: ...abled on a service interface cflowd collects routed traffic flow samples through a router for analysis Cflowd is supported on IES and VPRN services interfaces only Layer 2 traffic is excluded All pack...

Page 504: ...option must be selected See Interfcace Configuration For configuration information refer to the IP Router Confguration Overview section of the 4 On the IP filter being used the entry filter sample op...

Page 505: ...for traffic sampling to occur on an enabled entity If a specific collector UDP port is not identified then by default flows are sent to port 2055 Cflowd can also be dependent on the following entity c...

Page 506: ...filter sampled No traffic is sampled on this interface IP filter mode or cflowd not enabled on interface ACL interface disable sample Command is ignored No sampling occurs Interface mode interface int...

Page 507: ...modify global cflowd parameters CLI Syntax config cflowd active timeout minutes no active timeout cache size num entries no cache size inactive timeout seconds no inactive timeout overflow percent no...

Page 508: ...stination prefix no source prefix no autonomous system type origin peer no description description string no shutdown template set basic mpls ip If a specific collector UDP port is not identified then...

Page 509: ...iption This command configures the maximum amount of time before an active flow is aged out of the active cache If an individual flow is active for this amount of time the flow is aged out and a new f...

Page 510: ...collector for cflowd data The IP address of the flow collector must be specified The UDP port number is an optional parameter If it is not set the default of 2055 is used for all collector versions To...

Page 511: ...aggregation Description This command specifies that the aggregation data should be based on autonomous system AS information An AS matrix contains packet and byte counters for traffic from either sour...

Page 512: ...efault none source destination prefix Syntax no source destination prefix Context config cflowd collector aggregation Description This command configures cflowd aggregation based on source and destina...

Page 513: ...cflowd collector Description This command creates a text description stored in the configuration file for a configuration context The no form of this command removes the description string from the c...

Page 514: ...active timeout Syntax inactive timeout seconds no inactive timeout Context config cflowd Description This command specifies the amount of time in seconds that must elapse without a packet matching a f...

Page 515: ...Syntax rate sample rate no rate Context config cflowd Description This command specifies the rate N at which traffic is sampled and sent for flow analysis A packet is sampled every N packets for exam...

Page 516: ...Page 516 7450 ESS OS Router Configuration Guide...

Page 517: ...destination prefix no protocol port no raw no source destination prefix no source prefix autonomous system type origin peer no autonomous system type description description string no description no s...

Page 518: ...Page 518 7450 ESS OS Router Configuration Guide cflowd top protocols clear top flows ipv4 ipv6 mpls clear packet size ipv4 ipv6 clear Clear Commands clear cflowd...

Page 519: ...ble 16 Show Cflowd Collector Output Fields Label Description Host Address The IP address of a remote Cflowd collector host to receive the exported Cflowd data Port The UDP port number on the remote Cf...

Page 520: ...collector Cflowd Collectors Host Address Port Version AS Type Admin Oper Sent 138 120 135 103 2055 v5 peer up up 1380 records 138 120 135 103 9555 v8 origin up up 90 records 138 120 135 103 9996 v9 up...

Page 521: ...host Oper State The current operational status of this Cflowd remote collector host Records Sent The number of Cflowd records that have been transmitted to this remote collector host Last Changed The...

Page 522: ...Oper State up Packets Sent 51 Last Changed 09 03 2009 17 24 04 Last Pkt Sent 09 03 2009 18 07 10 Template Set Basic Traffic Type Template Sent Sent Open Errors IPv4 09 03 2009 18 07 29 51 1 0 MPLS No...

Page 523: ...sr 002 show cflowd interface 11 10 1 2 Label Description Interface Displays the physical port identifier IPv4 Address Displays the primary IPv4 address for the associated IP interface IPv6 Address Dis...

Page 524: ...0 1 2 24 Interface Up Down Main 120 1 1 1 24 Filter Down Down New 120 2 1 1 24 Filter Up Up Interfaces 8 B sr12 002 status Syntax status Context show cflowd Description This command displays basic inf...

Page 525: ...ds before template definitions are sent Cache Size The maximum number of active flows to be maintained in the flow cache table Overflow The percentage number of flows to be flushed when the flow cache...

Page 526: ...Status Cflowd Admin Status Enabled Cflowd Oper Status Enabled Active Timeout 1 minutes Inactive Timeout 30 seconds Template Retransmit 60 seconds Cache Size 65536 entries Overflow 1 Sample Rate 1 Acti...

Page 527: ...he decimal protocol number Total Flows Displays the total number of flows recorded since the last clearing of cflowd statistics with this protocol type Flows Sec Displays the average number of flows d...

Page 528: ...ted since the cflowd top flow table was last cleared or initialized Output Tools Dump Cflowd Top Flows Output The following table describes the tools dump cflowd top flows output fields Table 20 Tools...

Page 529: ...0 17 0x23 2001 0db8 85a3 0000 0000 8a2e 1234 5678 1234567890 1500 13600 S Port Src Port Displays the source protocol port number Msk Displays the route prefix length for route to source IP address AS...

Page 530: ...pv6 clear Context tools dump cflowd Description This command displays packet size distribution for sampled IP traffic Values are displays in decimal format 1 0 100 500 50 Separate statistics are maint...

Page 531: ...iption Clears the raw and aggregation flow caches which are sending flow data to the configured collectors This action will trigger all the flows to be discarded The cache restarts flow data collectio...

Page 532: ...Page 532 7450 ESS OS Router Configuration Guide...

Page 533: ...2385 Protection of BGP Sessions via MD5 RFC 2439 BGP Route Flap Dampening RFC 2547bis BGP MPLS VPNs RFC 2918 Route Refresh Capability for BGP 4 RFC 3107 Carrying Label Information in BGP 4 RFC 3392 Ca...

Page 534: ...entication Confidentiality for OSPFv3 RFC 4659 BGP MPLS IP Virtual Private Network VPN Extension for IPv6 VPN RFC 5072 IP Version 6 over PPP RFC 5095 Deprecation of Type 0 Routing Headers in IPv6 draf...

Page 535: ...PLS Extensions to LSP Ping RIP RFC 1058 RIP Version 1 RFC 2082 RIP 2 MD5 Authentication RFC 2453 RIP Version 2 TCP IP RFC 768 UDP RFC 1350 The TFTP Protocol Rev RFC 791 IP RFC 792 ICMP RFC 793 TCP RFC...

Page 536: ...4619 Encapsulation Methods for Transport of Frame Relay over MPLS Networks draft ietf pwe3 frame relay 07 txt RFC 4446 IANA Allocations for PWE3 RFC 4447 Pseudowire Setup and Maintenance Using LDP dr...

Page 537: ...logy OSI Structure of Management Information ITU T X 734 Information technology OSI Systems Management Event Report Management Function M 3100 3120 Equipment and Connection Models TMF 509 613 Network...

Page 538: ...G MIB mib TIMETRA MIRROR MIB mib TIMETRA MPLS MIB mib TIMETRA NG BGP MIB mib TIMETRA OAM TEST MIB mib TIMETRA OSPF NG MIB mib TIMETRA OSPF V3 MIB mib TIMETRA PIM NG MIB mib TIMETRA PORT MIB mib TIMETR...

Page 539: ...matching criteria DSCP values 350 IP 347 IP option values 352 MAC 348 packets 347 policies 335 policy entries 335 port based filtering 334 redirect policies 338 scope 358 services 336 configuring bas...

Page 540: ...wner 241 virtual router 239 virtual router backup 241 virtual router master 240 VRID 242 configuring basic 263 command reference 278 IES parameters 269 non owner 269 owner 270 management tasks 273 ove...

Reviews:

No comments

Related manuals for 7450 ESS Series

H3C H3C S7500E-X Command Reference Manual preview
H3C S7500E-X
Brand: H3C Pages: 16
H3C SR6600 SPE-FWM Configuration Manual preview
SR6600 SPE-FWM
Brand: H3C Pages: 24
NetComm 3GM1WN Quick Start Manual preview
3GM1WN
Brand: NetComm Pages: 3
Rosewill RC-402 User Manual preview
RC-402
Brand: Rosewill Pages: 3
Patton electronics Model 2711 User Manual preview
Model 2711
Brand: Patton electronics Pages: 13
Angel Cool Aironet 1200 Quick Start Manual preview
Aironet 1200
Brand: Angel Cool Pages: 2
Cypress PSoC 4 S Series Quick Start Manual preview
PSoC 4 S Series
Brand: Cypress Pages: 4
TP-Link Archer MR600 User Manual preview
Archer MR600
Brand: TP-Link Pages: 113
VIA Technologies Mobile360 M810 Quick Start Manual preview
Mobile360 M810
Brand: VIA Technologies Pages: 25
MCT MPU100ZW User Manual preview
MPU100ZW
Brand: MCT Pages: 12
Avaya VSP 8284XSQ-AC Quick Install Manual preview
VSP 8284XSQ-AC
Brand: Avaya Pages: 2
Vivotek ND9312 User Manual preview
ND9312
Brand: Vivotek Pages: 185
Meridian Meridian 1 Option 11C Mini Technical Reference Manual preview
Meridian 1 Option 11C Mini
Brand: Meridian Pages: 546
Enterasys Matrix 6H303-48 Hardware Installation Manual preview
Matrix 6H303-48
Brand: Enterasys Pages: 90
YTTEK Y.FORCE YTPC400 Quick Start Manual preview
Y.FORCE YTPC400
Brand: YTTEK Pages: 26
3Com X5 Quick Start preview
X5
Brand: 3Com Pages: 2
3Com 3CRWE825075A Quick Start Manual preview
3CRWE825075A
Brand: 3Com Pages: 8
3Com AirProtect Enterprise Engine 6100 Quick Setup Manual preview
AirProtect Enterprise Engine 6100
Brand: 3Com Pages: 12

Brands by name

Popular brands

Load more brands