manualshive.com logo in svg

Enterasys X-Pedition XSR, Cli Reference Manual

Share
Download
Enterasys X-Pedition XSR Cli Reference Manual Download Page 564

Crypto Map Mode Commands

14-110 Configuring the VPN

Sample Output

The

 

following

 

output

 

displays

 

when

 

a

 

master

 

key

 

is

 

generated:

XSR(config)#crypto key master generate
New key is 8573 4583 3994 2ff5

183b 4bdf fe92 dbc1
1132 ffe0 f8d9 3759

A

 

script

 

displays

 

when

 

a

 

master

 

key

 

is

 

specified,

 

prompting

 

you

 

for

 

the

 

following

 

information:

XSR(config)#crypto key master specify
Specify first encryption key in hex digits:   []: 8573 4583 3994 2ff5
Specify second encryption key in hex digits:  []: 183b 4bdf fe92 dbc1
Specify third encryption key in hex digits:   []: 1132 ffe0 f9d9 3759
Are you sure?  [y]:

Crypto Map Mode Commands

crypto map (Global IPSec)

This

 

command

 

creates

 

or

 

modifies

 

a

 

crypto

 

map

 

entry.

 

It

 

also

 

acquires

 

Crypto

 

Map

 

mode.

 

Along

 

with

 

the

 

setting

 

of

 

a

 

transform

set,

 

this

 

constitutes

 

IPSec

 

Phase

 

2

 

configuration.

In

 

Crypto

 

Map

 

mode,

 

the

 

following

 

sub

commands

 

are

 

available:

match address 

‐ 

Correlates

 

ACLs

 

to

 

map.

 

Refer

 

to

 

page

 

14

111

 

for

 

the

 

command

 

definition.

mode 

‐ 

Selects

 

encapsulation

 

type

 ‐ 

tunnel

 

or

 

transport

‐ 

for

 

a

 

transform

set.

 

Refer

 

to

 

page

 

14

112

 

for

 

the

 

command

 

definition.

set peer 

‐ 

Specifies

 

peer’s

 

IP

 

address.

 

Refer

 

to

 

page

 

14

113

 

for

 

the

 

command

 

definition.

set security-association level per-host 

‐ 

Specifies

 

separate

 

SAs

 

be

 

requested

 

for

 

each

 

source/destination

 

host

 

pair.

 

Refer

 

to

 

page

 

14

114

 

for

 

the

 

command

 

definition.

set transform-set 

‐ 

Correlates

 

transform

sets

 

with

 

map.

 

Refer

 

to

 

page

 

14

114

 

for

 

the

 

command

 

definition.

Crypto Map

Crypto

 

maps

 

provide

 

two

 

functions:

 

filter

 

and

 

classify

 

traffic

 

to

 

be

 

protected

 

as

 

well

 

as

 

define

 

the

 

policy

 

to

 

be

 

applied

 

to

 

that

 

traffic.

 

The

 

first

 

use

 

affects

 

the

 

flow

 

of

 

traffic

 

on

 

an

 

interface;

 

the

 

second

 

affects

 

the

 

negotiation

 

performed

 

(via

 

IKE)

 

on

 

behalf

 

of

 

that

 

traffic.

IPSec

 

crypto

 

maps

 

link

 

definitions

 

of

 

the

 

following:

Which

 

traffic

 

should

 

be

 

protected.

Which

 

IPSec

 

peers

 

the

 

protected

 

traffic

 

can

 

be

 

forwarded

 

to

 ‐ 

these

 

are

 

the

 

peers

 

with

 

which

 

a

 

Security

 

Association

 

(SA)

 

can

 

be

 

built.

Which

 

transform

sets

 

are

 

acceptable

 

for

 

use

 

with

 

the

 

protected

 

traffic.

How

 

keys

 

and

 

SAs

 

should

 

be

 

used

 

or

 

managed.

Note: 

A crypto map has no effect until it is attached to an interface.

Summary of Contents for X-Pedition XSR

Page 1: ...X Pedition Security Router XSR CLI Reference Guide Version 7 6 P N 9033842 07...

Page 2: ......

Page 3: ...DOCUMENT WEB SITE OR THE INFORMATION CONTAINED IN THEM EVEN IF ENTERASYS NETWORKS HAS BEEN ADVISED OF KNEW OF OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES Enterasys Networks Inc 50 Minutem...

Page 4: ...ENTERASYS OR YOUR DEALER IF ANY WITHIN TEN 10 DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT CONTACT ENTERASYS NETWORKS LEGAL DEPARTMENT AT 978 68...

Page 5: ...7 7202 3 and its successors and use duplication or disclosure by the Government is subject to restrictions set forth herein 6 DISCLAIMER OF WARRANTY EXCEPT FOR THOSE WARRANTIES EXPRESSLY PROVIDED TO Y...

Page 6: ...e benefit of the parties their legal representatives permitted transferees successors and assigns as permitted by this Agreement Any attempted assignment transfer or sublicense in violation of the ter...

Page 7: ...x and Conventions 3 83 Platform Commands 3 83 Clock Commands 3 84 Crypto Key Commands 3 85 Other Platform Commands 3 86 SNTP Commands 3 91 Platform Clear and Show Commands 3 94 File System Commands 3...

Page 8: ...onventions 8 83 PPP Commands 8 83 PPP Debug Clear and Show Commands 8 97 Multilink PPP Commands 8 108 Multilink Show Commands 8 122 Chapter 9 Configuring Frame Relay Observing Syntax and Conventions 9...

Page 9: ...rypto Map Mode Commands 14 110 Crypto Transform Mode Commands 14 115 Crypto Show Commands 14 118 Interface CLI Commands 14 121 Interface VPN Commands 14 122 Tunnel Commands 14 127 Tunnel Clear and Sho...

Page 10: ...viii...

Page 11: ...l details BGP commands Chapter 7 Configuring IP Multicast defines XSR commands for Protocol Independent Multicast Sparse Mode PIM SM and the Internet Group Management Protocol IGMP Chapter 8 Configuri...

Page 12: ...r variable un importante nuevo t rmino o el t tulo de un manual SMALL CAPS Small caps specify the keys to press on the keyboard a plus sign between keys indicates that you must press the keys simultan...

Page 13: ...network environment layout cable type etc Network load and frame size at the time of the problem The XSR s history i e have you returned the device before is this a recurring problem etc Any previous...

Page 14: ...xii...

Page 15: ...on xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vertical bar...

Page 16: ...form of this command to remove all banners XSR config no banner login Mode Global configuration XSR config Example The following example configures a login banner XSR config banner login Welcome Larr...

Page 17: ...ional host key behavior is described as follows If you have not generated a master encryption key before using SSH the XSR will prompt you with the crypto key master generate command One to three minu...

Page 18: ...Syntax enable Mode EXEC XSR Example XSR enable end This command terminates configuration mode Syntax end Mode Any configuration Example XSR config end exit This command quits the current mode to a hi...

Page 19: ...rt number 80 Example XSR config ip http port 1234 ip http server This command enables disables HTTP Web service to the router If the optional parameter is not supplied the HTTP server will be enabled...

Page 20: ...Secure Shell SSH service to the client Because the SSH server is enabled at boot up you can either manually disable the SSH server using CLI or disable the SSH server in the startup config file If the...

Page 21: ...the optional parameter is not supplied the Telnet server is enabled Since the Telnet server is enabled at boot up you must either manually disable it using the CLI or disable it in startup config Syn...

Page 22: ...ping dest_addr source_addr size pkt_size Mode Privileged EXEC XSR Default Packet size 72 bytes Sample Output This example shows a timed out ping with an unreachable destination XSR ping 134 141 235 1...

Page 23: ...cular CLI configuration mode You can also associate a privilege level with another command or group of commands The modes which can be set include the following class map configure global controller e...

Page 24: ...write Only an admin can issue these commands Any user privilege level automatically inherits all privileges granted to lower privilege levels Admin privilege level 15 cannot be changed Privilege for s...

Page 25: ...Defaults Timeout 1 800 seconds If neither Console SSH nor Telnet is specified the timeout value will be set for the current session Example This example sets the current Console timeout session to 15...

Page 26: ...ute dest addr source addr Mode EXEC XSR Defaults Maximum interval to wait for a response 3 seconds Maximum interval to live 30 seconds Packet size 40 bytes Sample Output XSR traceroute 140 252 13 65 1...

Page 27: ...ensure that the administrator can always login The show running config command displays user information By contrast consult the aaa client command which configures a user with AAA security by the XSR...

Page 28: ...ame 2ndUser password cleartext Celtic The example below sets the privilege for larryc to 15 with an already coded password XSR config username larryc privilege 15 password secret 5 J I8 The following...

Page 29: ...h8EryaMWAm7c zjWtSlLNYhz q5J2uoPKjct4gqxRv4RLo5yKxsSIcgD6WauvANO7yzQ1CRFBAXL9iZZMEa AhJQbAE1WVXjD61kBmKvrcR2ZDEnpRaueAaojF4Rslo66Y6pn77gAAAIAKjfSPLGIXe0gF JqsEIPkrY 0sMwltOV zd8NPp NqkIOxg9kZVASQCn hu...

Page 30: ...iption ctron chassis mib XSR components and modules MIB Enterasys Download ctron download mib txt supported via online download only This is the only MIB with v1 v2c write access PPP LCP RFC 1471 pppL...

Page 31: ...etsysSnmp PersistenceSave to save 2 running config is saved to startup config The only etsysSnmpPersistenceMode supported is pushButtonSave 2 Enterasys Firewall This MIB implements SNMP based Firewal...

Page 32: ...te access and applies ACL 57 XSR snmp server community MyCommunity rw 57 snmp server contact This command specifies contact information regarding the SNMP server Syntax snmp server contact contact nam...

Page 33: ...command will turn it back on Syntax snmp server enable disable Mode Global configuration XSR config Default Disable snmp server enable traps This command enables traps and informs to be sent SNMPv1 tr...

Page 34: ...tities which this command allows you to configure The command also lets you configure the XSR local engineID All engineID settings must be set before adding users to the User Security Model USM table...

Page 35: ...tion XSR config Example This example specifies the v3auth SNMP group with auth security the v3 view for read and write access and is matched with an ACL written earlier XSR config snmp server group v3...

Page 36: ...onfig Defaults Trap type SNMP entity frame relay UDP port 162 ip addr IP address of the target recipient traps Sends SNMP traps to this host informs Sends Inform notifications version The security mod...

Page 37: ...estuser security model v3 noauth snmp server informs This command specifies inform request options Syntax snmp server informs retries retries timeout seconds pending pending Syntax of the no Form The...

Page 38: ...configuration XSR config Default Null string Example The following example describes the SNMP server location Note the quotation marks XSR config snmp server location Beacon Street Branch snmp server...

Page 39: ...acing spacing Syntax of the no Form The no formsets the minimum interval between successive traps to the default value no snmp server min trap spacing Mode Global configuration XSR config Default 200...

Page 40: ...the retransmission queue length Traps which have no route to the host are put into the retransmission queue for resending later Syntax snmp server queue length length Syntax of the no Form The no com...

Page 41: ...alAlias host aliasSalesServer snmp server system shutdown This command allows the SNMP server to reboot the XSR usually after a software download Syntax snmp server system shutdown Syntax of the no Fo...

Page 42: ...terface serving as the source for all traps and informs Use the address of the interface from which the trap inform goes out as the source address for the trap inform Syntax snmp server trap source in...

Page 43: ...emote ip address udp port port v1 v2c v3 encrypted auth md5 sha auth password priv des56 priv password access access list timeout Retry interval ranging from 1 to 9 999 seconds Note Be aware that the...

Page 44: ...ax of the no Form Use the no form of this command to remove a view entry no snmp server view view name sha HMAC SHA algorithm used for authentication auth password The user s authentication password A...

Page 45: ...ded The following example removes a view of MIN II subtree 1 3 6 1 XSR config no snmp server view 1 3 6 1 The following example creates a view of all objects in private Enterasys and Cabletron MIBs ex...

Page 46: ...IB 1 3 6 1 2 1 10 131 snmp 1 3 6 1 2 1 11 ospf 1 3 6 1 2 1 14 bgp 1 3 6 1 2 1 15 rip2 1 3 6 1 2 1 23 ifMIB 1 3 6 1 2 1 31 entityMIB 1 3 6 1 2 1 47 cabletron 1 3 6 1 4 1 52 chassis 1 3 6 1 4 1 52 4 1 1...

Page 47: ...lowing example sets the moving window interval to ten minutes XSR config snmp server window time 600 snmpMPDMIB 1 3 6 1 6 3 11 snmpUsmMIB 1 3 6 1 6 3 15 snmpVacmMIB 1 3 6 1 6 3 16 snmpEngine 1 3 6 1 6...

Page 48: ...s in 0 Bad SNMP version errors 0 Unknown community names 0 Illegal operations for name supplied 0 Encoding errors 0 Packets too big 0 No such names 0 Bad values 0 Read onlys 0 General Errors 0 Request...

Page 49: ...SNMP engineID 800015F8030001F423E691 IP addr Port Rewrite Engine ID 10 10 1 48 162 800009041234 show snmp group This command displays the names of groups on the XSR with their security model and view...

Page 50: ...host This command displays information from the SNMP Host table Syntax show snmp host Sample Output The following is sample output from the command Notification host 192 168 2 10 udp port 162 type in...

Page 51: ...tput The following is sample output from the command XSR show snmp view viewname v3view included internet excluded viewname v1default included internet excluded snmpUsmMIB snmpVacmMIB viewname MIBIIvi...

Page 52: ...regate period 60 buckets of history kept This command specifies how many history entries will be maintained by the Response Time Reporter RTR Syntax buckets of history kept size Syntax of the no Form...

Page 53: ...ency frequency interval Syntax of the no Form The no form of this command returns to the default value no frequency Mode RTR Echo configuration XSR config rtr echo xx Default Frequency 60 seconds Exam...

Page 54: ...ner Mode RTR Echo configuration XSR config rtr echo xx Example The following example specifies the RTR owner XSR config rtr echo 57 owner operator1 request data size This command specifies the Respons...

Page 55: ...The no form of this command removes any configured tag no tag Mode RTR Echo configuration XSR config rtr echo xx Example The following example specifies the RTR name XSR config rtr echo 57 tag one wa...

Page 56: ...nd specifies the type of Response Time Reporter RTR measurement to be performed ICMP Echo as well as the destination and source host IP addresses Syntax type echo protocol ipIcmpEcho dst source ipaddr...

Page 57: ...d configures RTR entry 1 and acquires RTR mode XSR config rtr 1 XSR config rtr 1 rtr owner This command registers the Response Time Reporter RTR administrator owner Syntax rtr owner owner name ipAddre...

Page 58: ...ing now after hh mm ss Mode Global configuration XSR config Default pending Example The following example schedules the RTR measurement immediately XSR config rtr schedule 1 now operation id Measureme...

Page 59: ...curred FALSE Operational State of Entry INACTIVE show rtr configuration This command displays your configuration of the Response Time Reporter RTR Syntax show rtr configuration operation id Mode EXEC...

Page 60: ...operation id Mode EXEC configuration XSR Sample Output The following is sample output from the command XSR show rtr history 57 Owner operator toronto Target Address 1 1 1 1 NET HISTORY TABLE Bucket S...

Page 61: ...talic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vertical bar indicate a choice of a required value x y z Combination of square brackets with braces and vert...

Page 62: ...SR config controller T3 1 2 0 framing m13 XSR config controller T3 1 2 0 cablelength 225 cablelength long For T1 controllers only This command decreases the pulse from the transmitter for long haul ap...

Page 63: ...e haul length ranges are defined each with different pulse shaping settings 0 133 ft 0 40m 133 266 ft 40 81m 266 399 ft 81 122m 399 533 ft 122 162m and 533 655 ft 162 200m Note Long haul line build ou...

Page 64: ...a single channelized T1 or E1 controller port The logical interfaces created can have different encapsulation types PPP Frame Relay etc For each channel group a fraction of a T1 E1 ISDN PRI line the...

Page 65: ...b8zs XSR config controller T1 1 0 channel group 0 timeslot 1 10 XSR config controller T1 1 0 channel group 1 timeslot 11 20 clock source This command defines the clock source for a T1 E1 or T3 E3 line...

Page 66: ...t and acquires Controller mode in which additional commands defining clock source framing line encoding and others must be executed to configure the controller For T1 E1 controllers only if you prefer...

Page 67: ...SR config interface serial 1 0 0 XSR config if S1 0 0 ip address 10 1 11 2 255 255 255 0 XSR config if S1 0 0 encapsulation ppp XSR config if S1 0 0 no shutdown This example sets the E1 NIM on board 1...

Page 68: ...can be a string value of arbitrary length max 80 characters In all statistics reporting this value identifies the T1 E1 or T3 E3 line in a more descriptive way This command is functional for all seria...

Page 69: ...This command enables interoperability with providers using various T3 or E3 DSUs to provision the T3 E3 line Syntax dsu mode digitallink kentrox larscom adtran verilink Syntax of the no Form The no fo...

Page 70: ...s support bandwidths only in certain values So the XSR sets the user configured bandwidth to the closest vendor supported bandwidth refer to Table 2 1 and a message displayed showing the new bandwidth...

Page 71: ...SR config controller T3 1 2 0 no channelized XSR config controller T3 1 2 0 clock source line XSR config controller T3 1 2 0 framing m13 XSR config controller T3 1 2 0 cablelength 250 XSR config contr...

Page 72: ...the circuit provider and the T1 E1 or T3 E3 interface with the circuit provider determining which framing type is required Framing type defines the type and format of the transmission frame for T1 or...

Page 73: ...annelized mode XSR config controller T3 1 2 0 channelized XSR config controller T3 1 2 0 clock source line XSR config controller T3 1 2 0 framing m13 Note The C bit T3 parity framing format is an enha...

Page 74: ...ial interface 2 0 XSR config interface serial 2 0 XSR config if S2 0 international bit For E3 controllers only This command sets bits 6 and 8 respectively of set II in the E3 frame Syntax internationa...

Page 75: ...stream can be inverted to satisfy requirements of the line Syntax invert data Syntax of the no Form Disable inverting the data stream by using the command s no form no invert data Default Data is not...

Page 76: ...ter ID If there is no loopback address defined the Router ID is the highest non zero IP address of existing configured and active interfaces When a T1 E1 ISDN PRI line malfunctions one troubleshooting...

Page 77: ...interface loopback 0 XSR config if L0 ip address 193 23 24 1 255 255 255 255 XSR config if L0 no shutdown national bit For E3 controllers only This command sets the national bit in the E3 frame bit 1...

Page 78: ...able bit patterns in other words long strings of all 1s or 0s Several physical layer protocols rely on transitions between 1s and 0s to maintain clocking Scrambling can prevent some bit patterns from...

Page 79: ...nd does not require any specific booting procedure and can be performed dynamically during system run time When the interface is created it is disabled by default Disabling a T3 E 3 controller causes...

Page 80: ...set or bring down the controller Syntax clear controller t1 e1 t3 e3 slot card port clear controller t1 e1 t3 e3 card port Mode Privileged EXEC XSR Examples The following example clears the T1 control...

Page 81: ...oopback is set as none Cablelength long is 0db and Cablelength short is 133ft Framing is esf Line Encoding is b8zs Clock Source is line Description None Alarms Detected None Rx signal level 0 0DB Accu...

Page 82: ...24 hours 0 Line Code Violations 0 Path Code Violations 0 Slip Seconds 0 Frame Loss Seconds 0 Line Error Seconds 0 Degraded Minutes 0 Errored Seconds 0 Bursty Error Seconds 0 Severely Error Seconds 0 U...

Page 83: ...S CSES T3 C_bit T3 M13 E3 G751 SES E3 Bypass Parameter Descriptions Rx signal level 0 0DB Accuracy 3DB string String values can be NULL string port locked on the signal range 0 to 43 4 not valid port...

Page 84: ...troller s state can be up down or administratively down Loopback conditions are shown as Locally looped or Remotely Looped Applique type Channelized or Non Channelized Alarms detected Any alarms detec...

Page 85: ...Line Code is Line coding format on the controller B3ZS Clock Source is Clock source on the controller Internal or Line Line Code Violations Valid for C bit M13 g751 bypass A count of both Bipolar Vio...

Page 86: ...roup P bit Severely Err Secs Valid for C bit M13 PSES is a second with 44 or more PCVs one or more Out of Frame defects or a detected incoming AIS This gauge is not incremented when unavailable second...

Page 87: ...fig if S0 1 0 no shutdown XSR config controller 0 1 1 XSR config controller T1 0 1 0 drop and insert group XSR config controller T1 0 1 0 no channel group 0 XSR config controller T1 0 1 0 clock source...

Page 88: ...6 7 8 9 0 1 2 3 4 Rx ABCD F F 0 F F F F F F F F F F F F F F Channel 0 Timeslots 10 64kbps Base rate Data in current interval 300 seconds elapsed 0 Line Code Violations 0 Path Code Violations 8 Slip S...

Page 89: ...mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vertical bar indicate a choice...

Page 90: ...the time zone to reflect the local time and can be offset by up to 12 hours behind or 13 hours ahead of the Universal Time Clock UTC time as set for Greenwich Mean Time GMT Syntax clock timezone hh m...

Page 91: ...e set and enter a new key Syntax crypto key master generate Mode Global configuration XSR config Example XSR config crypto key master generate crypto key master remove This command removes the master...

Page 92: ...jected if it is identified as a weak semi weak or possibly weak key If you specify a valid new key the current secure data files are converted to the new key Syntax crypto key master specify Mode Glob...

Page 93: ...now fixed to Processor 0 This example forces CPU 1 to accept protocol forwarding jobs on interface F2 XSR debug processor 1 Protocol FE2 FIXED Protocol Job for Interface FastEthernet 2 is now fixed to...

Page 94: ...gen once per second If power to the XSR is lost the alarm history is preserved in loggen When the XSR comes up again it copies the history from loggen back into the RAM buffer The entire logging histo...

Page 95: ...medium Sets system log to Medium level low Sets system log to Low level debug Sets system log to Debug level timestamp Sets time and date local Sets timestamp to local time utc Sets timestamp to the...

Page 96: ...s a sample LogGen message 186 Jan 27 09 13 05 10 8 40 2 LOGGEN Message Flood Display disabled messages logged to History Buffer The following is sample output for a message flood by the show log histo...

Page 97: ...e request to the SNTP server every poll interval to update local time Syntax sntp client server A B C D A B C D Syntax of the no Form The no form of this command disables the SNTP client no sntp clien...

Page 98: ...up a resynchronization interval is used to send time requests to the server at fixed intervals of 60 seconds A maximum of 10 such requests are sent in case no answer was received before the SNTP clie...

Page 99: ...ized stratum 10 reference is RTC or last synchronized reference SNTP server 30 10 1 22 The IP address of the designated SNTP server Stratum Level of the network where the clock is located The primary...

Page 100: ...ispersion is 1 12 msec Platform Clear and Show Commands clear counter processor This command clears processor performance information CPU utilization is averaged over an 8 second interval Syntax clear...

Page 101: ...Syntax show buffers Mode Privileged EXEC configuration XSR Sample Output XSR show buffers Common Buffer Pool Usage Pre Allocated 1000 for FE 1000 for FE Frag 512 for Eth1 512 for Eth2 1536 for 4 port...

Page 102: ...olumn 1 Number in Use Sum of blocks currently in use in this pool Every time you enter the show buffers command this column s data will be marked with a plus or negative sign The indicates the number...

Page 103: ...796 including overhead 19181280 bytes Used FE Frag 0 of 1500 in use 0 allocations denied Fwd Eng 0 of 3200 in use 0 allocations denied Eth2 128 of 512 in use 0 allocations denied T1E1 0 2 256 of 768 i...

Page 104: ...for serial card 1536 x 1696 byte buffers were pre allocated for use by the Serial NIM card Total 10680 1696 byte buffers Total number of 1696 byte buffers that were pre allocated There are 100 bytes...

Page 105: ...5 40048 14 0 69632 7 7 60418 65604 7 0 135168 3 2 118344 131072 556 0 291104 3 3 220710 270336 3 0 480000 1 1 354400 354400 1 0 700000 1 1 628488 628488 1 0 1560000 1 1 1033920 1033920 1 0 TotalBytes...

Page 106: ...mmand draws on processor capacity at the expense of operational needs Syntax show cpu utilization Mode EXEC or Privileged EXEC XSR or XSR Default CPU usage tracking is on by default Sample Output XSR...

Page 107: ...ntains the following data relevant to the failure Cause of processor exception Time stamp Contents of processor registers Operating system status Status of tasks current task e g crashed task Contents...

Page 108: ...45678 iccr 12345678 sgr 12345678 sler 12345678 suor 12345678 bear 12345678 besr 12345678 ccr0 12345678 evpr 12345678 esr 12345678 dear 12345678 srr0 12345678 srr1 12345678 srr2 12345678 srr3 12345678...

Page 109: ...Syntax show logging Mode EXEC or Privileged EXEC XSR or XSR Example XSR show logging Sample Output The following example displays logging information on the XSR including three Syslog servers XSR sho...

Page 110: ...ing command displays logging history and severity levels Log history buffer logging severity MEDIUM HIGH messages logged 8 186 Feb 4 09 12 28 192 168 27 38 CLI User admin logged in from console 186 Fe...

Page 111: ...SR 1805 XSR show version Enterasys Networks Operating Software Copyright 2002 by Enterasys Networks Inc Hardware Motherboard Information XSR 1800 ID 9002854 02 REV0A Serial Number 0000019876543210 Pro...

Page 112: ...PowerSupply1 PowerSupply2 Fans 1 2 3 4 5 6 7 8 CPU Temperature Max 80C Current 38C Router Temperature Max 60C Current 24C RAM 512MB without interleave Memory Bus at 120MHz CASL at 2 0 Bootrom Flash 4M...

Page 113: ...le xsr1800 fls or xsr3000 fls is not found the router goes to Step 3 3 An FTP TFTP server as defined in network parameters of Bootrom mode is queried If the image is not found in this remote location...

Page 114: ...directory to flash or cflash on the XSR file system Syntax cd flash cflash Mode Privileged EXEC XSR Example XSR cd cflash copy file This command copies a file to a new file which may reside in a local...

Page 115: ...S into Flash y n y Download from server done File size 1856714 bytes The image is copied to flash and its checksum verified Should the transfer fail then the router is temporarily without valid softwa...

Page 116: ...non volatile memory It initiates a script requiring confirmation of your intention Syntax copy running config startup config Mode Privileged EXEC XSR Example XSR copy running config startup config Sam...

Page 117: ...from the XSR file system It initiates a script requiring confirmation of your intention Syntax delete flash cflash filename Mode Privileged EXEC XSR Sample Output XSR delete startup config Delete fil...

Page 118: ...p config 308 SEP 17 2002 15 26 14 user dat 572 SEP 23 2002 14 50 32 cert dat 0 SEP 23 2002 14 24 56 leases cfg 64 SEP 23 2002 14 50 30 dhcpd cfg 0 SEP 23 2002 14 24 56 leases cfg bak 2 328 576 bytes f...

Page 119: ...ew image the primary Enterasys Operating System EOS file or falling back to the secondary existing file stored in Flash or Cflash if an error is detected EOS Fallback tests the primary EOS and if it i...

Page 120: ...Reloads after a specified interval expressed in minutes or hours minutes at Reloads at a particular time expressed in hours and minutes cancel Cancels a pending reload primary file The filename inclu...

Page 121: ...fls 6 snmp 1 1 1 2 The following example upgrades the new image in 12 hours 12 minutes with a fallback to the secondary OS if syntax errors are detected or if no SNMP messages are received from SNMP s...

Page 122: ...g System EOS Syntax show reload Mode Privileged EXEC XSR Sample Output The following is sample output from the command when a reload is scheduled XSR show reload Reload scheduled in 9 56 minutes eos f...

Page 123: ...ds under the appropriate modules XSRtop config show running config PLATFORM CLI version 1 5 XSR 1800 Software Version 5 5 1 2 Built Jul 17 2003 13 50 37 hostname XSRtop NETWORK MANAGEMENT username adm...

Page 124: ...crypto ipsec transform set jj no set security association lifetime kilobytes no set security association lifetime seconds INTERFACE AND SUB INTERFACE interface FastEthernet 1 ip address 20 1 1 1 255 2...

Page 125: ...client firewall auth port 851 acct port 850 attempts 5 retransmit 5 timeout 25 qtimeout 800 FIREWALL ip firewall network private 1 0 0 0 150 255 255 255 internal ip firewall network any_ext 150 0 0 0...

Page 126: ...77 entry 0x10000 Diagnostics size 815012 sum 0x2a32 compressed_size 266244 entry 0x10000 xsr1800 fls is a valid S W image file or an error message Invalid chksum 0xf2d9 Expected chksum0x4800 write Thi...

Page 127: ...menu provides the following functions Reboot warm or cold Update Bootrom File system related commands for the Flash ROM file system Modify network parameters Various status show commands Version numb...

Page 128: ...s y Do not interrupt or power down until complete Erasing 8 sectors at address 0xfff00000 Programming 130816 0x1ff00 bytes at address 0xfff00100 Programming 131072 0x20000 bytes at address 0xfff20000...

Page 129: ...MAY 08 2002 03 05 14 xsr1800 fls 1569 MAY 14 2002 02 25 00 startup config 214 JAN 01 2000 22 05 22 user dat 794828 JAN 01 2000 00 01 52 bootrom1_11 fls 0 DEC 27 2019 11 07 14 cert dat 1352 JAN 18 202...

Page 130: ...ng This command retrieves a file over the network using a remote IP address and remote file path np This command modifies network parameters You are prompted to enter data by the following script Whi...

Page 131: ...sample output for the XSR 1800 Series On XSR 3000 Series routers you can enter sf 0 or sf 1 to display output from either CPU XSR 1800 sf No fault report at 0x1feef00 This command displays the follow...

Page 132: ...is sample output XSR 1800 si IBM PowerPC 405GP Rev D Processor speed 200 MHz PLB speed 100 MHz OPB speed 33 MHz Ext Bus speed 25 MHz PCI Bus speed 33 MHz Sync Internal PCI arbiter enabled RAM installe...

Page 133: ...l IP address 10 120 112 33 Gateway IP address 10 120 112 1 Remote IP address 10 120 112 88 Remote file path c tftpDir Transfer Protocol TFTP Local target name XSR1 Autoboot enabled Quick boot no IP ad...

Page 134: ...Bootrom Monitor Mode Commands 3 128 Configuring the XSR Platform...

Page 135: ...nous mode the clock rate is received externally Convention Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vert...

Page 136: ...ommand is valid and takes effect only when the interface is running in Async mode In Sync mode the clock rate is received externally Syntax databits bits Mode Interface configuration XSR config if Sx...

Page 137: ...egotiate the other For example you cannot set the speed to 10 Mb s and set the duplex to auto negotiate When issuing this command be aware of the following additional conditions Duplex mode cannot be...

Page 138: ...d forces the port into internal loopback mode That is the sender is internally connected to the receiver This command is normallyused for diagnostic purposes only Syntax loopback Syntax of the no Form...

Page 139: ...e to NRZI It is valid and takes effect only when the interface is running in Synchronous mode Some computers require the encoding type to be set to NRZI Syntax nrzi encoding Syntax of the no Form The...

Page 140: ...er This command specifies the mode of a serial interface as either synchronous or asynchronous If set to synchronous the port is configured as a DTE requiring an external transmit and receive clock to...

Page 141: ...conjunction with the duplex command forces the FastEthernet interface to operate at a specific speed and or duplex mode Setting the speed or duplex to auto negotiate implies that both the speed and t...

Page 142: ...plex and speed must be set to auto on both ends of the line otherwise the connection is unpredictable Syntax speed 10 100 auto Syntax of the no Form no speed Mode Interface configuration XSR config if...

Page 143: ...llowing example configures a FastEthernet sub interface with VLAN ID 10 XSR config interface fastethernet 2 1 XSR config if F2 1 vlan 10 XSR config if F2 1 ip address 1 2 3 4 255 255 255 0 XSR config...

Page 144: ...stethernet interface sub interface Mode Privileged EXEC XSR Example The following example clears the MIB II counters on FastEthernet port 1 sub interface 20 XSR clear counters fastethernet 1 20 clear...

Page 145: ...nd resets the hardware on the GigabitEthernet interface This command is available on the XSR 3000 Series routers only Syntax clear interface gigabitethernet number Mode Privileged EXEC XSR Note Issuin...

Page 146: ...ts ifInDiscards ifInErrors ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifInUnknownProtos Syntax clear counters serial card port Mode Privileged EXEC XSR Example XSR clear coun...

Page 147: ...example displays output from FastEthernet port 1 XSR config show controllers fastethernet 1 Packet Processor Tx Scheduler Stats 157 Packet driver Tx OK 0 Packet driver not Tx MUX END_ERR_BLOCK 0 Packe...

Page 148: ...buffer 0x01cc8720 show controllers gigabitethernet This command displays detailed FastEthernet controller data for an interface This command is available on the XSR 3000 Series routers only Syntax sh...

Page 149: ...8fe86ce0 datalen 0x00000000 status 0x00000000 buffer 0x8fe873a0 datalen 0x00000000 status 0x00000000 buffer 0x8fe87a60 The secondary MAC addresses are in hex 0 not used 1 not used 2 not used 3 not use...

Page 150: ...0000 buffer 0x00000000 0 next 0xe04d8f21 flag1 0x00000000 flag2 0x00000000 buffer 0x00000000 1 next 0x004e8f21 flag1 0x00000000 flag2 0x00000000 buffer 0x00000000 2 next 0x204e8f21 flag1 0x00000000 fl...

Page 151: ...0 The card is 1 The port is 0 The channel is 0 The current MTU is 1500 The device is in polling mode and is active The channel is logically INACTIVE The operational state is OPER_DOWN The protocol use...

Page 152: ...ap Class Free pool ISDN channels 0 Free pool serial ports 0 show interface fastethernet This command displays information about a FastEthernet interface This interface is available on the XSR 1800 Ser...

Page 153: ...nterface Statistics ifindex 0 ifType 6 ifAdminStatus 1 ifOperStatus 1 ifLastChange 00 32 39 ifInOctets 529727 ifInUcastPkts 0 ifInNUcastPkts 7328 ifInDiscards 0 ifInErrors 0 ifInUnknownProtos 0 ifOutO...

Page 154: ...ple Output The following example is sample output from GigabitEthernet interface 1 XSR show interface gigabitethernet 1 GigabitEthernet 1 is Admin Up Internet address is 150 50 1 14 subnet mask is 255...

Page 155: ...or Global configuration XSR or XSR config Sample Output The following is sample output from Loopback interface 5 XSR show interface loopback5 Loopback5 is Admin Up Description My loopback interface In...

Page 156: ...command displays attributes of the null interface Null 0 an IP interface which uniquely does not require an IP address to appear It is installed automatically by the XSR so that discard routes can be...

Page 157: ...ace serial card port Mode Privileged EXEC or Global configuration XSR or XSR config Sample Output The following example displays output from Serial interface 1 0 XSR show interface serial 1 0 Serial I...

Page 158: ...attributes of the configured VPN interface Syntax show interface vpn 0 255 Mode Privileged EXEC or Global configuration XSR or XSR config Sample Output The following is sample output displaying VPN i...

Page 159: ...on Commands on page 5 182 Virtual Router Redundancy Protocol Commands on page 5 191 Convention Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter it...

Page 160: ...defined for it XSR config interface serial 1 1 XSR config if S1 1 ip address 172 16 77 1 255 255 255 0 XSR config if S1 1 ip ospf message digest key 20 md5 pass1 XSR config router ospf 1 XSR config ro...

Page 161: ...is command configures an area as a Not So Stubby Area NSSA which allows some external routes represented by external Link State Advertisements LSAs to be imported into it This is in contrast to a stub...

Page 162: ...a A discard route is installed for an active summary range Conversely when it becomes inactive the discard route is removed The cost of the summary range is the highest cost among all leaked intra are...

Page 163: ...lable for creation of inter area routes XSR config router ospf 1 XSR config router area 1 range 64 0 0 0 255 0 0 0 area stub This command defines an area as a stub area Syntax area area id stub no sum...

Page 164: ...on type message digest MD5 authentication is used null No authentication is used hello interval seconds Interval between hello packets on a port It must be the same for all nodes attached to a network...

Page 165: ...rea 3 to area 2 A virtual link is created between the two ABRs by means of area 2 which becomes the transit area The RouterID for ABR1 is 192 168 33 1 The RouterID for ABR2 is 192 168 33 2 On ABR1 ent...

Page 166: ...to maintain the database in its entirety Typically database overflow occurs when a router imports a large number of external Type 5 LSA routes into OSPF This command lets you control other LSA types a...

Page 167: ...route preference for the OSPF domain OSPF distances are ranked higher than connected or static networks but lower than RIP networks If several routes to the same destination are offered to the Routing...

Page 168: ...tion of intra area distance is less than inter area distance is less than external distance is always preserved If you attempt to configure otherwise the configuration will fail and you will receive a...

Page 169: ...ts the administrative distance for OSPF external routes to 65 Note that you can do so only if both intra and inter OSPF distances are less than 65 otherwise you will not be permitted to change the val...

Page 170: ...R config if F1 ip ospf cost 20 ip ospf dead interval This command sets the interval a router must wait to receive a hello packet from its neighbor before determining that the neighbor is out of servic...

Page 171: ...t to neighbor routers on the interface Syntax ip ospf hello interval seconds Syntax of the no Form The no form of this command sets the value to the default no ip ospf hello interval Mode Interface co...

Page 172: ...the password as pass1 XSR config interface serial 1 0 XSR config if S1 0 ip address 172 16 77 1 255 255 255 0 XSR config if S1 0 ip ospf message digest key 20 md5 pass1 XSR config router ospf 1 XSR c...

Page 173: ...his command removes the poll interval no ip ospf poll interval Mode Interface configuration XSR config if xx Example This example configures the poll interval to 12 times the default hello interval 10...

Page 174: ...ons of link state advertisements for adjacencies that belong to this interface Syntax ip ospf retransmit interval seconds Syntax of the no Form The no form of this command sets the value to the defaul...

Page 175: ...ospf transmit delay 20 network This command identifies and defines area IDs for interfaces OSPF runs on Syntax network address wildcard mask area area id Syntax of the no Form The no form of this com...

Page 176: ...XSR config interface serial 1 0 XSR config if S1 0 ip address 131 108 2 3 255 255 255 0 XSR config router ospf 1 XSR config router network 131 108 1 0 0 0 0 255 area 1 XSR config router network 131 1...

Page 177: ...ribute ospf match internal match external The following example imports all OSPF routes into RIP with the default RIP metric of 1 It is equivalent to the command entered earlier XSR config router redi...

Page 178: ...luded locally sourced routes The forwarding address is 0 Summary ranges may overlap So for a locally sourced route the most specific range becomes active Appendix E processing provides a unique link s...

Page 179: ...rm of this command restores the default timer values no timers spf Mode Router configuration XSR config router Defaults spf delay 5 spf holdtime 10 Example XSR config router ospf 1 XSR config router n...

Page 180: ...r 53 53 53 21 bdr 53 53 53 6 GigabitEthernet 2 Parameter Descriptions debug ip ospf packet This command debugs received and transmitted OSPF packets As with all XSR debug commands it is set to privile...

Page 181: ...ed database description packet OSPF Tx PKT Database v 2 t 2 l 172 rid 1 1 1 4 aid 0 0 0 5 chk 7204 aut 0000 from GigabitEthernet 2 to 53 53 53 21 The following example displays a transmitted link stat...

Page 182: ...ng example displays a queue delayed acknowledgement 191 May 21 07 52 39 1 1 1 4 OSPF Queue Delayed Ack router nbr 10 0 0 1 age 002f opt 22 id 10 0 0 1 rid 10 0 0 1 seq 800001aa chk f671 l 36 The follo...

Page 183: ...OSPF neighbor events As with all XSR debug commands it is set to privilege level 15 by default Add LSA OSPF Lsa Added to database summary OSPF Summary LSA aid 0 0 0 4 OSPF LSA Area id age 0000 OSPF L...

Page 184: ...hanging state where the neighbor router ID is 10 0 0 1 the neighbor IP address is 2 2 3 21 and the previous state is EXCHANGE OSPF NBR change state nbr 10 0 0 1 ipa 1 2 3 21 state EXCHANGE The followi...

Page 185: ...1 4 Supports only single TOS TOS0 route It is an area border and autonomous system boundary router Summary Link update interval is 0 seconds External Link update interval is 0 seconds Debugging enabl...

Page 186: ...192 168 44 2 64 via 192 168 11 1 Serial1 ABR Area 0 SPF 10 Parameter Descriptions It is OSPF router designation Valid values area border autonomous system boundary and internal Summary Link update in...

Page 187: ...he SPF calculation that resulted in this coute s installation This number usually corresponds to the number of SPF calculations on this router for an area through which the route was learned link stat...

Page 188: ...ip ospf database router OSPF Router with ID 192 168 44 1 Router Link States Area 0 0 0 0 Routing Bit Set on the LSA LS age 1292 Options No TOS capability No DC LS Type Router L inks Link State ID 192...

Page 189: ...work mask 24 Attached Router 192 168 44 1 Attached Router 192 168 44 2 Summary Parameter Response XSR show ip ospf database summary OSPF Router with ID 192 168 44 2 Summary Net Link States Area 0 0 0...

Page 190: ...Network Number Advertising Router 192 168 33 2 LS Seq number 80000003 Checksum 0x76E0 Length 36 Network Mask 16 Metric Type 2 Larger than any link state path TOS 0 Metric 20 Forward Address 0 0 0 0 Ex...

Page 191: ...twork prefix ADV Router Router ID of the router originating the LS record Age Age of the LS record in seconds Seq Sequence number assigned by OSPF to each LS record at its time of origination Checksum...

Page 192: ...router interface address to the network Stub network Network mask Virtual link Originating router MIB II ifIndex value for the unnumbered interface Virtual links are treated as unnumbered point to po...

Page 193: ...ber assigned by OSPF to this LS record at the time of its origination Checksum Field in a LS record used to verify the integrity of the contents upon the receipt by another router Length Length of the...

Page 194: ...f the external network Advertising Router Originating router ID ASBR between the OSPF and non OSPF domain LS Seq Number Sequence number assigned by OSPF to this LS record at the time of its originatio...

Page 195: ...ed router on this network Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 No Hellos Passive Interface Neighbor Count is 0 Adjacent neighbor count is 0 Parameter Descriptions AS extern...

Page 196: ...ress of the designated router s interface to this subnet if a DR exists Timer intervals configured Refers to the ip ospf hello interval and ip ospf dead interval commands for hello and dead interval v...

Page 197: ...ec s Parameter Description show ip ospf virtual links This command displays data about virtual links configured on a router Syntax show ip ospf virtual links Mode EXEC or Global configuration XSR or X...

Page 198: ...th the DoNotAge bit set in the age field are not permitted in the link state database Number of Dcbitless LSA Sum of LSAs without the Demand Circuit DC bit set in the options fields in the link state...

Page 199: ...efault distances Refer to distance ospf command on page 147 and ip route on page 209 for comparison with OSPF and static routes Syntax distance weight Syntax of the no Form The no command resets the a...

Page 200: ...config router Default No filter applied Example The following example suppresses network 192 5 34 0 from being advertised in updates on FastEthernet interface 1 XSR config access list 1 deny 192 5 34...

Page 201: ...ation key phone XSR config if F1 ip rip authentication mode text RIP Example The following example as shown in Figure 5 2 enables RIP on both FastEthernet interfaces of Router 1 also enabling routing...

Page 202: ...thernet 2 XSR config if F2 ip rip disable triggered updates XSR config interface serial 1 0 XSR config if S1 0 ip rip receive version 1 2 XSR config if S1 0 ip rip send version 2 XSR config if S1 0 ip...

Page 203: ...d is split horizon with poison reverse Authentication mode text is used and the text is Tex XSR config router rip XSR config router network 192 168 1 0 XSR config router network 192 169 1 0 XSR config...

Page 204: ...The no form of this command removes an offset no ip rip offset Mode Interface configuration XSR config if xx Default No offset applied Example The following example sets an offset of 1 for Serial por...

Page 205: ...te packets that are accepted on the interface no ip rip receive version Mode Interface configuration XSR config if xx Default Accept both RIP version 1 and 2 Example This example sets both RIP version...

Page 206: ...ts RIP version 2 for packets sent on FastEthernet interface 1 XSR config interface fastethernet 1 XSR config if F1 ip rip send version 2 ip split horizon This command sets split horizon mode for the p...

Page 207: ...AN segment cannot accept RIP broadcast packets only configured neighbors will get RIP updates Multiple neighbor commands can be used to specify additional neighbors or peers Syntax neighbor neighborAd...

Page 208: ...ter network 192 168 1 0 passive interface This command prevents RIP from transmitting update packets on an interface although it can still monitor updates on the interface Syntax passive interface typ...

Page 209: ...interface Example The following example denies the reception of RIP updates on F2 XSR config router no receive interface fastethernet 2 redistribute OSPF Static This command redistributes static or OS...

Page 210: ...r redistribute ospf match internal match external The following example imports all OSPF routes into RIP with the default RIP metric of 1 It is equivalent to the command entered earlier XSR config rou...

Page 211: ...date 30 seconds Invalid 180 seconds Flush 300 seconds Example The following example sets values for the RIP timers XSR config router timers basic 10 30 60 update Interval the RIP timer is revised rang...

Page 212: ...conds Update interval 30 Invalid interval 180 Flush interval 300 Routing for Networks 172 16 101 1 172 16 101 5 172 16 150 0 Route Exchanging Neighbors 172 23 11 21 172 23 11 25 Passive Interfaces Fas...

Page 213: ...on is 2 Rip authentication mode is text key is Rip offset metric is 1 Parameter Descriptions RTP Header Compression Commands The following commands configures the Real Time Protocol RTP header compres...

Page 214: ...l 2 0 1 ip rtp compression connections By default the software supports a total of 16 RTP header compression connections on the PPP interface This command will allow the user to change the number of R...

Page 215: ...ssed If you use the command without the passive keyword the software compresses all RTP traffic Note With this release XSR now supports both the VJ Header Compression for TCP and UDP header and the ne...

Page 216: ...o screen for RTP compression Syntax ip rtp range starting port Num end Port Num Syntax of the no Form The no command removes the RTP packet ranges no ip rtp range Default Disabled Mode Interface confi...

Page 217: ...ode Privileged EXEC XSR Example The following example displays the RTP Statistics for serial interface 2 0 1 Router show ip rtp header compression interface serial 2 0 1 RTP UDP IP Header compression...

Page 218: ...ion Bytes Saved Number of bytes saved due to RTP compression Efficiency Improve Efficiency Improvement ratio Equals Bytes of actual packet bytes received Bytes Received Sent Compr RTP Number of compre...

Page 219: ...number of retransmissions to 50 XSR config interface serial 1 0 XSR config if S1 0 ip address 1 0 0 0 255 0 0 0 XSR config if S1 0 no shutdown XSR config if S1 0 ip rip triggered on demand XSR config...

Page 220: ...n the database changes or when a next hop s reachability is detected on the WAN side of the connection This functionality reduces the on demand WAN circuit s routing traffic and allows the link to be...

Page 221: ...fig interface serial 1 0 XSR config if S1 0 ip address 1 0 0 0 255 0 0 0 XSR config if S1 0 no shutdown XSR config if S1 0 ip rip triggered on demand XSR config router network 1 0 0 0 Policy Based Rou...

Page 222: ...inition set ip next hop Adds or deletes PBR set clauses for the next hop router See page 5 147 for command defintion set interface Adds or deletes PBR set clauses on an interface See page 5 148 for co...

Page 223: ...e ACL 101 is used to match the traffic XSR config pbr map match ip address 101 set ip next hop This command specifies a next hop IP address as the forwarding router for Policy Based Routing Syntax set...

Page 224: ...onfig pbr map Example The following example sets F1 as the forwarding interface XSR config pbr map set interface FastEthernet 1 PBR Clear and Show Commands clear ip pbr cache This command deletes entr...

Page 225: ...le Output The following is sample output when the command is issued XSR show route map pbr route map pbr sequence 10 Match clauses ip address 102 ip address 101 Set clauses next hop 192 168 27 33 inte...

Page 226: ...ts the duration of a dynamic ARP entry in the ARP table before expiring Syntax arp timeout seconds Syntax of the no Form The no form of his command restores the default value no arp timeout Mode Globa...

Page 227: ...outing CIDR Syntax ip address address mask address mask negotiated secondary Syntax of the no Form The no form of this command removes specified IP addresses no ip address address mask address mask ne...

Page 228: ...1 from the interface by entering no ip address 4 4 4 1 255 255 255 0 secondary and updates the primary IP address to 9 9 9 1 by entering ip address 9 9 9 1 255 255 255 0 XSR config interface FastEthe...

Page 229: ...t route and Serial 1 0 is the gateway of last resort for Router 1 A default route 0 0 next hop Serial 1 0 is configured on Router 1 Figure 5 5 IP Default Route Example ip directed broadcast This comma...

Page 230: ...ip directed broadcast ip dhcp relay source gateway This command allows users to select the source address to use when relaying packets to the DHCP servers The DHCP servers are configured using ip help...

Page 231: ...ip domain name domain name Syntax of the no Form The no form of this command resets the IP domain name to no value no ip domain name domain name Mode Global configuration XSR config Example In the fo...

Page 232: ...arding Also refer to the ip helper address command which specifies the new destination If a certain service exists inside the node and there is no need to forward the request to remote networks the no...

Page 233: ...if F1 ip helper address 196 1 1 255 This example removes DNS from the list of ports for which UDP broadcast forwarding is done XSR config no ip forward protocol udp 53 Figure 5 6 IP Forward Protocol E...

Page 234: ...Example ip helper address This command enables forwarding of local broadcasts specifying the new destination address It is one of two commands used for UDP broadcast forwarding Also refer to the ip f...

Page 235: ...ACME XSR config ip host ACME 192 168 57 28 ip irdp This command enables disables the ICMP Router Discovery Protocol IRDP which dynamically discovers routes to other networks as defined by RFC 1256 IR...

Page 236: ...1 ip irdp holdtime 10 XSR config if F1 ip irdp preference 10 XSR config if F1 ip irdp multicast ip mtu This command sets the Maximum Transmit Unit MTU size on a port Syntax ip mtu size Syntax of the n...

Page 237: ...y Syntax ip proxy arp Syntax of the no Form The no form of this command disables Proxy ARP no ip proxy arp Mode Interface configuration XSR config if xx Default Enabled Example The following example d...

Page 238: ...Syntax of the no Form The no form of this command removes the configured name server no ip proxy dns name server server address1 server address2 server address6 Mode Global configuration XSR config Ex...

Page 239: ...ote The XSR supports a maximum of 50 static routes with 64 MBytes of memory installed A B C D The IP route prefix for the static route destination mask The prefix mask for the static route destination...

Page 240: ...255 255 0 192 31 7 65 Figure 5 8 Static Route Example ip route maximum_multiple This command specifies the maximum number of multiple static routes which are static routes having the same destination...

Page 241: ...on ppp mux pppoe ip mtu 1492 ip tcp adjust mtu 1400 Setting the MSS will cause all TCP SYN packets with the MSS option being modified if the option value exceeds the configured MSS Syntax ip tcp adjus...

Page 242: ...ss to the interface it associates a numbered interface whose address will be used with packets originating on this interface The following conventions are observed If the numbered interface is deleted...

Page 243: ...astethernet 2 ip router id This command configures a router identifier an IPv4 address specified in dotted decimal notation It is used in routing protocols such as OSPF to uniquely identify a routing...

Page 244: ...e ARP cache Syntax clear arp cache Mode Privileged EXEC XSR clear ip interface counters This command clears all IP interface counters If you do not enter the optional type or number value all interfac...

Page 245: ...n the ARP cache Syntax show ip arp ip address H H H type number Mode EXEC or Global configuration XSR or XSR config Sample Output The following are sample responses XSR show ip arp Protocol Address Ag...

Page 246: ...3 4712 7a99 ARPA FastEthernet1 Internet 134 141 235 165 0002 1664 a5b3 ARPA FastEthernet1 Internet 134 141 235 150 2 00b0 d02c 06d2 ARPA FastEthernet1 Internet 134 141 235 155 5 00b0 d02c 077e ARPA Fa...

Page 247: ...2 errors MTU is 1500 bytes Proxy ARP is enabled Helper address is not set Directed broadcast forwarding is enabled Outgoing access list is not set Inbound access list is not set Router Discovery is e...

Page 248: ...Router discovery is disabled IP Policy Based Routing is not enabled Parameter Description FastEthernet 1 is Admin Up This refers to Layer 3 state for this interface Valid states are Up and Down Last c...

Page 249: ...s router server discovery disabled FastEthernet2 has router server discovery disabled Parameter Description show ip proxy dns cache This command displays the proxy DNS cache Syntax show ip proxy dns c...

Page 250: ...address mask longer prefixes bgp ospf rip static Mode EXEC or Global configuration XSR or XSR config Defaults LAN FastEthernet 1 2 interface cost 10 Serial interface cost 64 Name Designation of the DN...

Page 251: ...1 directly connected FastEthernet2 R 55 0 0 0 8 120 0002 via 51 51 51 9 FastEthernet2 C 54 54 54 0 24 0 0001 directly connected FastEthernet2 C 53 53 53 0 24 0 0001 directly connected FastEthernet2 C...

Page 252: ...Description E2 OSPF external type 2 route Candidate default route D Default route originated from default network U User configured static route x y Distance metric information 0060 Route cost distan...

Page 253: ...ds 0 drop no route 0 discards ICMP statistics Rcvd 44 total 0 format errors 0 checksum errors 0 redirects 0 unreachable 2 echo 2 echo reply 0 mask requests 0 mask replies 0 quench 0 parameter 0 timest...

Page 254: ...Use Resource InUse Denied Number of Dynamic ARPs 1 96 96 0 Number of Static ARPs 0 192 0 0 Total Sum of datagrams received Local destination Sum of local datagrams successfully delivered to upper laye...

Page 255: ...P users 0 9952 0 0 SNMP groups 2 4672 9344 0 SNMP views 3 3744 11232 0 Number of IP Interfaces 17 7936 134912 0 Number of RIP Net 0 96 0 0 AAA Sessions 0 320 0 0 Authenticated Tunnels 0 640 0 0 IKE IP...

Page 256: ...ral Information Display XSR show tcp general TCP Statistics TCP General Infomation Maximum number of TCP connections is dynamic 2 connections in state ESTABLISHED or CLOSE WAIT Retransmission timeouts...

Page 257: ...ote TCP host or an ack of the connection termination request previously sent FINWAIT2 Waiting for a connection termination request from the remote TCP host CLOSEWAIT Waiting for a connection terminati...

Page 258: ...anslations on GigabitEthernet interface 2 XSR clear ip nat translations g 2 2 NAPT entries or NAT mapping removed interface Port number Dialer 0 255 FastEthernet 1 2 Loopback 0 65535 Serial card port...

Page 259: ...local pool of IP addresses for distribution to remote peers seeking connection to an interface The command acquires IP Local Pool mode and makes available this sub command exclude Bars a range of IP...

Page 260: ...pool Examples The following example excludes the ten IP addresses between 192 168 57 100 and 192 168 57 110 from local pool HQ XSR config ip local pool HQ 192 168 57 0 255 255 255 0 XSR ip local pool...

Page 261: ...nt NAT to pass only FTP control sessions that are using that port In this case all client requests using the default port 21 will be dropped by NAT Syntax ip nat service list access list number ftp tc...

Page 262: ...he no Form The no command removes NAT rules from the interface no ip nat source list access list number assigned overload address ip address overload pool pool_name overload Mode Interface configurati...

Page 263: ...s a single static translation entry in the Network Address Translation NAT table Interface static NAT is similar to global NAT it takes precedence over global static NAT with the implication that if a...

Page 264: ...ut icmp timeout seconds never Syntax of the no Form The no command configures default timeout values no ip nat translation timeout udp timeout tcp timeout icmp timeout seconds never Mode Global config...

Page 265: ...ng example displays four static NAT entries Note that external hosts are not tracked for static NAT nor are idle times XSR show ip nat translations Interface GigabitEthernet 2 Num Interface Static NAT...

Page 266: ...lowing example displays NAT pool entries with overload statistics Note that a unique NAT IP address is assigned to each internal host and that if there are more internal hosts than the number of addre...

Page 267: ...llowing example sets advertising interval 2 for VR group 2 on FastEthernet interface 1 XSR config interface fastethernet 1 XSR config if F1 vrrp 2 adver int 2 The following example sets the default ad...

Page 268: ...if F1 no vrrp 1 authentication or no vrrp authentication vrrp group ip This command adds up to 11 virtual IP addresses per group and enables a corresponding Virtual Router VR on an interface Be aware...

Page 269: ...IP address 10 0 1 20 is the address of the virtual router XSR config if F1 no vrrp 1 ip 10 0 1 20 or vrrp ip 10 0 1 20 vrrp group master respond ping This command allows the Virtual Router VR master t...

Page 270: ...master Virtual Router VR for a virtual group if it has higher priority than the current master VR This feature is enabled by default You can also configure a delay which will cause the virtual router...

Page 271: ...tual group Use it to control which router becomes the master VR Syntax vrrp group priority level Syntax of the no Form The no form of this command restores the default value no vrrp group priority Def...

Page 272: ...0 and when at least one of the routes come up the VR will return to its original priority When specifying a watch group be aware that you can use the associated dialer watch list command Syntax of the...

Page 273: ...the VRRP group whose group ID matches the specified ID on this router will be cleared If you do specify the interface only statistics for all VRs in the VRRP group configured on this interface on thi...

Page 274: ...Master Router IP 3 3 3 3 Virtual MAC 0x00005e005101 BecomeMaster 2 AdvertiseRcvd 96 ChecksumErrors 0 VersionErrrors 0 PriorityZeroPktsRcvd 0 PriorityZeroPktsSend 0 InvalidTypePktsRcvd 0 UnknownAuthTyp...

Page 275: ...vrrp interface fastethernet 2 Eathernet Interface 2 Group ID 2 State master Preempt Preempt Enable Priority 15 Adver int 1 Advertise Interval Timer 1 Authentication Code mypass Virtual IP 3 3 3 3 Pri...

Page 276: ...Delay Timer if in master state displays the seconds remaining to trigger the next advertisement Authentication Code Password Virtual IP Virtual IP address Primary IP Interface IP address Master Route...

Page 277: ...Clear and Show Commands XSR CLI Reference Guide 5 201 Maximum number of virtual addresses per VR 11 Number of virtual IP address in use Fast Ethernet 1 Fast Ethernet 2 Fast Ethernet 3 VR1 1 1 1 VR3 1...

Page 278: ...VRRP Clear and Show Commands 5 202 Configuring the Internet Protocol...

Page 279: ...GP neighbors Convention Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of value...

Page 280: ...ple the BGP process was already activated with AS 100 when an attempt was made to activate it again with the AS 11 XSR config router bgp 11 BGP Already running in AS 100 aggregate address This command...

Page 281: ...and restores the default behavior of BGP by summarizing redistributed IGP subnets on classful network boundaries Automatic summarization of IGP subnets reduces the number of routes in the BGP routing...

Page 282: ...ters considered by the XSR when selecting the best path The path with the lowest MED value is chosen when all higher ranking BGP route selection criteria are the same for all competing paths to the sa...

Page 283: ...ing MED attribute is considered to have a value of zero Example This example configures the bgp bestpath med missing as worst value within BGP process 100 XSR config router bgp 100 XSR config router b...

Page 284: ...ute reflector in the cluster Example The following example configures the bgp cluster id value within the BGP process 600 The BGP process corresponds to the AS in which the router resides The cluster...

Page 285: ...yntax bgp confederation peers autonomous system autonomous system Syntax of the no Form The no form of this command deletes the confederation Ss no bgp confederation peers autonomous system autonomous...

Page 286: ...Half life 15 minutes Reuse 750 Suppress 2000 Suppress max 60 minutes Disabled Example The following example enables route flap dampening XSR config router bgp 100 XSR config bgp dampening half life In...

Page 287: ...onfigures the BGP default local preference of 300 for BGP process 100 This setting indicates that all routes this router advertises to its internal BGP neighbors will have a local preference of 300 XS...

Page 288: ...nd a neighbor or peer group must be identified by means of the neighbor remote as or neighbor peer group command Configuring a minimum interval of zero means that there is no delay in sending BGP rout...

Page 289: ...0 0 0 to the BGP neighbor of the router that this command is entered on so that it can be used as the default route Before entering this command a neighbor or peer group must be identified by means o...

Page 290: ...n XSR config router Default No access list applied Example This example applies access list 1 to incoming advertisements from neighbor 192 168 1 1 Only routes which match 10 0 0 0 8 11 0 0 0 8 or 12 0...

Page 291: ...The following example allows connections to or from neighbor 192 168 1 1 which resides on a network that is not directly connected XSR config router bgp 100 XSR config router neighbor 192 168 1 1 remo...

Page 292: ...the connection is cleared To reactivate the session enter clear ip bgp IP address If the number of prefixes is set to zero no prefixes will be accepted from the neighbor Syntax neighbor ip address pee...

Page 293: ...R config router neighbor 192 168 1 1 remote as 101 XSR config router neighbor 192 168 1 1 maximum prefix 10000 neighbor next hop self This command disables automatic next hop selection Updates meant f...

Page 294: ...onfigured for a neighbor the existing session is replaced by a new session Syntax neighbor ip address peer group name password password value Syntax of the no Form This command s no form removes the p...

Page 295: ...ds an entry to the BGP neighbor table BGP requires manual neighbor configuration The configuration of neighbors on both of the neighboring BGP routers allows a BGP session to be set up between the rou...

Page 296: ...up The route map must be configured first Syntax neighbor ip address peer group name route map route map in out Syntax of the no Form The no form of this command deletes the specified neighbor s route...

Page 297: ...peer group name route reflector client Mode Router configuration XSR config router Example The following example sets a neighbor s reoute reflector XSR config router bgp 100 XSR config router neighbo...

Page 298: ...config router Default No change is made to status of BGP neighbor or peer group Example This example disables any active session for neighbor 192 168 1 1 XSR config router bgp 100 XSR config router ne...

Page 299: ...gotiated hold time and the configured keep alive interval By default the keep alive timer is set to 30 seconds and the hold time timer set to 90 seconds This 1 to 3 ratio is strictly maintained betwee...

Page 300: ...te source interface Syntax of the no Form The no form of this command removes a neighbor s update source no neighbor ip address peer group name update source interface Mode Router configuration XSR co...

Page 301: ...ied to filter inbound and outbound BGP updates The as path variable in the BGP routing update message is examined against a required parameter of this command which represents AS numbers identified by...

Page 302: ...oute map match as path 33 XSR config route map set local preference 300 ip community list This command defines a community list that filters on the BGP COMMUNITY attribute The community list you defin...

Page 303: ...be notified about the networks it will route which con occurs via manual injection of routes into the BGP process with the network command Routes originated by BGP via the network command have their...

Page 304: ...col into the BGP Redistributed routes can be learned from dynamic routing OSPF RIP static routes and connected routes Redistributed routes can have their path attributes set in BGP by the route map co...

Page 305: ...rm The no form of this command disables synchronization no synchronization Mode Router configuration XSR config router Default Enabled Example The following example disables synchronization XSR config...

Page 306: ...h criteria are processed via set commands and those that do not match all of the defined match criteria in the route map are ignored match as path This command matches the values of the as_path variab...

Page 307: ...a match will occur if the as_path variable in a BGP update message contains AS number 550 If a match occurs then the set local preference command sets the local preference attribute for the matching...

Page 308: ...ers within the same AS The community is identified by name 300 22 The numeric format aa nn where aa and nn represent two byte numbers is one of the allowable formats for community names BGP updates ma...

Page 309: ...this command removes the match IP address value no match ip address access list number Mode Route map configuration XSR config route map Default No matching based on IP prefix Example The following ex...

Page 310: ...ored set as path This command increases the length of the AS path attribute for the BGP routing update messages that meet the match conditions specified within a route map The length of the AS path at...

Page 311: ...nfig route map match as path 37 XSR config route map set as path prepend 100 XSR config route map set as path prepend 100 100 set community This command specifies the community attribute in a BGP rout...

Page 312: ...P updates against the criteria specified in ACL 37 10 0 0 0 8 If there is not a match the second instance of route map 1 is invoked which matches on all remaining routes and removes any community attr...

Page 313: ...orm of this command removes route dampening no set dampening Mode Route map configuration XSR config route map Defaults Half life 15 minutes Reuse 750 seconds Suppress 2000 Suppress max 60 minutes fou...

Page 314: ...e no set ip next hop value Mode Route map configuration XSR config route map Example The following example sets the IP next hop attribute in the BGP update which matches 10 0 0 0 255 0 0 0 to 1 2 3 4...

Page 315: ...tes with the highest local preference will be chosen as the best routes to the identified destinations This however applies only in multi homed ASs as the local preference attribute impacts only which...

Page 316: ...ge the value of the MED which impacts the flow of inbound traffic into a multi homed AS All of the outbound updates leaving this router and matching ACL 66 will have MED value of 20 assigned to them A...

Page 317: ...t a match clause has been specified Weight is used for best path selection and is assigned locally to the router It is not propagated or carried through any route updates Routes with a higher weight a...

Page 318: ...1 perform a match on IP as path access lists 67 and 57 in that order with a weight of 6000 for updates matching ACL 67 and 5000 for updates matching ACL 57 If the same destinations are advertised by a...

Page 319: ...p bgp dampening ip address mask Mode Privileged EXEC XSR Examples The following example clears route dampening information about the route to all routers and unsuppresses suppressed routes XSR clear i...

Page 320: ...00 300 192 1 1 0 24 192 168 72 100 0 300 100 300 55 5 5 0 24 52 52 52 3 200 100 200 55 5 5 0 24 192 168 72 100 0 300 100 300 6 6 6 2 32 192 168 72 100 0 300 100 300 Local Router ID IP Address of the r...

Page 321: ...ax show ip bgp community community number internet local AS no export no advertise Mode EXEC configuration XSR Example The following is sample output from the command Network IP address of destination...

Page 322: ...community list Syntax show ip bgp community list community list number exact match Mode EXEC configuration XSR Example The following is sample output from the command XSR show ip bgp community communi...

Page 323: ...plays routes conforming to a specified filter list Syntax show ip bgp filter list access list number Mode EXEC configuration XSR Example The following example is sample output from the command XSR sho...

Page 324: ...92 168 72 100 0 100 100 300 55 5 5 0 24 192 168 72 100 0 100 100 300 6 6 6 2 32 192 168 72 100 0 100 100 300 show ip bgp neighbors This command displays information about TCP and BGP connections to ne...

Page 325: ...peer BGP version BGP version used to communicate with the peer remote router ID IP address of the neighbor BGP state Internal state of the BGP connection Hold Time Maximum interval in seconds that can...

Page 326: ...n advertisement runs is 0 seconds peer group is external members 18 1 1 3 192 168 72 19 XSR show ip bgp peer group external summary Neighbor V AS MsgRcvd MsgSent InQ OutQ State 192 168 72 19 4 400 157...

Page 327: ...ctions Syntax show ip bgp summary Mode EXEC configuration XSR Example The following is sample output from the command XSR show ip bgp summary Neighbor V AS MsgRcvd MsgSent InQ OutQ State 192 168 72 19...

Page 328: ...clauses community list 1 Set clauses local preference 300 route map 1 permit sequence 2 Match clauses community list 2 Set clauses local preference 200 route map 2 permit Match clauses ip address 1 S...

Page 329: ...BLISHED BGP Event RX_UPDATE Nbr 192 168 2 1 AS 300 Skt 2 State ESTABLISHED BGP Event KEEP_EXP Nbr 192 168 2 1 AS 300 Skt 2 State ESTABLISHED BGP Debug event generated from the BGP process Event BGP ev...

Page 330: ...ute refresh Sent 186 total 4 opens 0 notifications 6 updates 176 keepalives 0 route refresh BGP Debug event generated by the BGP process Rx Update Update message has been received Tx Update Update mes...

Page 331: ...ers bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vertical bar indicate a choice of a required valu...

Page 332: ...ip multicast routing ip igmp version This command manually sets the IGMP version on a local interface Syntax ip igmp version version_number Syntax of the no Form The no form of this command sets the d...

Page 333: ...if F1 ip igmp join group 225 2 2 1 ip igmp last member query count This command configures the retransmit count at which the XSR sends IGMP group specific host query messages Syntax ip igmp last memb...

Page 334: ...le changes the IGMP group specific host query message interval to 2 seconds XSR config if F1 ip igmp last member query interval 2000 ip igmp query interval This command configures the frequency at whi...

Page 335: ...uration XSR config if xx Default 10 seconds Example The following example sets a maximum response time of 8 seconds XSR config if F1 ip igmp query max response time 8 ip igmp querier timeout This comm...

Page 336: ...TL threshold of packets being forwarded out an interface Syntax ip multicast ttl threshold ttl value Syntax of the no Form The no form of this command sets this threshold to the default value no ip mu...

Page 337: ...Mode Interface configuration XSR config if xx Default PIM SM is disabled on an interface Example The following example enables PIM sparse mode on F1 XSR config if F1 ip pim sparse mode ip pim bsr bor...

Page 338: ...y 0 Example The following example configures the IP address of the router on F1 to be a candidate XSR config ip pim bsr candidate FastEthernet 1 type number Interface from which the BSR address is der...

Page 339: ...the DR priority value of F1 to 20 XSR config if F1 ip pim dr priority 20 ip pim message interval This command configures the frequency at which a Protocol Independent Multicast Sparse Mode PIM SM rout...

Page 340: ...configuration XSR config if xx Default 30 seconds Example This example resets the PIM router query message interval to 60 seconds XSR config if F1 ip pim query interval 60 ip pim rp address This comm...

Page 341: ...mber group list access list priority priority value Syntax of the no Form The no form of this command removes this XSR as an RP candidate no ip pim rp candidate Mode Global configuration XSR config De...

Page 342: ...he register packet to the industry standard XSR config ip pim RegCksum wholepacket ip pim spt threshold This command configures the threshold over which a PIM leaf router should join the shortest path...

Page 343: ...splays the multicast groups with receivers that are directly connected to the XSR and were learned through the Internet Group Management Protocol IGMP Syntax show ip igmp groups group address type num...

Page 344: ...g example displays sample responses XSRinterface Interface name FastEthernet2 Interface state Up IGMP version 2 Protocol owner PIM SM Group IP Multicast group address Interface name The interface thro...

Page 345: ...in the Response Interface name Interface type number Interface state Interface status IGMP version IGMP version on this interface Protocol owner Multicast routing protocol configured on this interfac...

Page 346: ...e Expires Interface state Interface Next Hop State Mode 224 0 255 3 5 29 15 00 01 14 RP is 192 168 26 2 flags Incoming interface FastEthernet1 RPF neighbor 10 3 35 1 Outgoing interface list FastEthern...

Page 347: ...utes and seconds the entry has been in the IP multicast routing table RP Address of the rendezvous point RP router For routers and access servers operating in sparse mode this address is always 0 0 0...

Page 348: ...interface type number Mode EXEC configuration XSR Example The following example display sample responses XSR show ip pim interface PIM Interface Table Address Interface Nbr Count Hello Intvl DR 30 0...

Page 349: ...Address IP address of the next hop router Interface Interface type and number that is configured to run PIM Nbr Count Number of PIM neighbors discovered through this interface Hello Intvl The interva...

Page 350: ...224 0 0 0 Mask 240 0 0 0 RP Address 30 0 0 20 Holdtime 150 Priority 192 RP Address 50 0 0 40 Holdtime 150 Priority 192 Parameter Descriptions show ip pim rp hash This command displays the rendezvous...

Page 351: ...mmands XSR CLI Reference Guide 7 103 Example The following example displays sample responses XSR show ip pim rp hash 239 1 1 1 RP 192 168 27 12 Parameter Descriptions RP Address of the RP for the grou...

Page 352: ...IGMP Clear and Show Commands 7 104 Configuring IP Multicast...

Page 353: ...Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vert...

Page 354: ...up the Console port on the XSR 1800 series as a WAN interface for dial backup purposes refer to the Caution below Do so by entering 0 only Note If encapsulation is changed from one type to another all...

Page 355: ...1 to 2 FastEthernet 1 to 3 GigabitEthernet and 0 Console If a Serial port resides on a T1 E1 port then channel group data must be added at the end of the string to mark which channel group of the T1 E...

Page 356: ...al challenge and verify that encrypted values match MS CHAP is closely derived from the PPP CHAP with the exception that it uses MD4 as the hashing algorithm You may enable PAP or CHAP MS CHAP or all...

Page 357: ...e following sample configuration illustrates the preceding example On Site A enter the following commands XSR config interface serial 1 0 XSR config if S1 0 encapsulation ppp XSR config if S1 0 no shu...

Page 358: ...on requests from peers or uses a default password during CHAP authentication when no other password is available It can enable multiple routers to appear to have the same hostname when using CHAP auth...

Page 359: ...ppp XSR config if D1 ppp chap refuse ppp keepalive This command sets the keepalive timer on a Point to Point port PPP keepalives are sent out as echo requests over the PPP port at specified intervals...

Page 360: ...e Nak or Configure Reject Syntax ppp lcp max configure number Syntax of the no Form The no command resets the counter to the default value no ppp lcp max configure Default 10 Mode Serial Dialer or Fas...

Page 361: ...stethernet 2 1 XSR config if F2 1 1 ppp lcp max failure 200 ppp lcp max terminate This command configures the restart timer counter for the number of Terminate Requests sent out on a Point to Point in...

Page 362: ...tion is enabled Syntax ppp max bad auth number Syntax of the no Form Use the no form of this command to reset to the default immediate reset no ppp max bad auth Default 0 Mode Interface configuration...

Page 363: ...sends a 0 0 0 0 IP address in the CONFIG REQUEST and asks the local system to assign an IP address The address will not be used if the peer already has been assigned an IP address with its own local...

Page 364: ...SR config if D1 encapsulation ppp XSR config if D1 dialer map ip 20 20 20 1 9051234567 ppp quality This command sets the minimum Link Quality Monitoring LQM value on a serial interface before the link...

Page 365: ...ure Requests and Terminate Requests on a Point to Point interface The timer is the peak interval to wait for a response during PPP negotiation This command applies to any serial port on which PPP enca...

Page 366: ...AP responses it also searches through its list of usernames to match passwords Syntax username name password cleartext secret type password Syntax of the no Form The no form of this command deletes th...

Page 367: ...t interface type number limit x type1 type2 Syntax of the no Form The following no form of the command returns the default value no debug ppp packet interface type number Mode EXEC configuration XSR E...

Page 368: ...are decoded and displayed protocol see list below code type of packet packet identifier packet length and the type length and content of the option You can select these packet types to be debugged PAP...

Page 369: ...packet limit 50 ipcp lqm Sample Output The following debugging output is displayed on Multilink interface 57 XSR show interface multilink 57 Multilink Interface Stats Multilink 57 is Admin Up Internet...

Page 370: ...Data Pck 0 Total Tx Pck Discarded 0 Rx Control Pck Discarded 0 Rx Control Pck Error 0 Rx Control Pck Unknown protocol 0 Rx Control Pck Too Long 0 LocalToRemoteProtocolCompression Disabled RemoteToLoc...

Page 371: ...pened Multilink State opened Dialer4 MLPPP State LCP State opened Multilink State opened Dialer5 MLPPP State LCP State opened Multilink State opened Dialer33 MLPPP State LCP State opened Multilink Sta...

Page 372: ...and displays link status statistics and configuration for the interface type number The show ppp interface dialer number multi class serial command displays Dialer statistics with Serial and Multiclas...

Page 373: ...OPENED Bundle Size 31 Max Load Threshold 120 Bundle Tx Load Avg 240 Bundle Rx Load Avg 240 Last Tx Seq Num 14787652 Last Fwd Seq Num 12933548 Last Rcv M 12933518 No Of Frag Rcvd 12920875 No Of Frag D...

Page 374: ...Interface Serial 0 4 1 LCP Current State OPENED IPCP Current State OPENED Multilink Current State OPENED LCP STATS Total Rcv Pck 1618575 Total Rcv Control Pck 420 Total Rcv Data Pck 1618155 Total Rcv...

Page 375: ...Control Pck Too Long LocalToRemoteProtocolCompression Range 32 bit counter Description Sum of received packets discarded because length is too short less than 4 Range 32 bit counter Description Sum o...

Page 376: ...of the MRU for the remote PPP Entity This value is the MRU that the local entity uses when sending packets to the remote PPP entity The value is meaningful only when the link has reached the open sta...

Page 377: ...ed Changing this object will take effect when the link is next restarted Default 1500 Range Integer False or True Description If true 2 the local node will try to perform Magic Number negotiation with...

Page 378: ...owing example enables multilink on group 2 with serial interface 1 1 configured as the physical interface XSR config interface multilink 2 XSR config if M2 ppp multilink endpoint ip 192 168 10 214 XSR...

Page 379: ...mand triggers the dialer to maintain the minimum number of links in a bundled multilink over a switched line and should be configured on the called side of a connection It is the first means by which...

Page 380: ...means by which the XSR controls traffic via BoD It is also provided by setting the multilink min links command Syntax ppp bap call accept request Syntax of the no Form The no form of this command dis...

Page 381: ...o ppp bap callback accept request Example The following example configures BAP to accept and request callbacks XSR config interface dialer 1 XSR config if D1 encapsulation ppp XSR config if D1 no shut...

Page 382: ...s to set up Bandwidth on Demand BoD The multilink load threshold command is a second means by which the XSR controls traffic via BoD It is also provided by setting the multilink min links command Synt...

Page 383: ...link group Refer to page 8 118 for command details load threshold set the value which triggers the dialer to add or delete a link from the multilink bundle See page 8 119 for details multi class sets...

Page 384: ...rame Relay service XSR config interface bri 2 1 XSR config if BRI 2 1 leased line 56 XSR config interface bri 2 1 1 XSR config if BRI 2 1 1 encapsulation ppp XSR config if BRI 2 1 1 ppp multilink XSR...

Page 385: ...bundle The maximum fragment size is calculated as Fragment size in bytes fragment delay ms x link speed kbps 8 Table 8 1 below shows the relationship between maximum fragment delay and maximum fragme...

Page 386: ...sets the fragment delay to 30 milliseconds on the Dialer 2 interface XSR config if D2 ppp multilink fragment delay 30 Table 8 1 Maximum Fragment Size bytes Fragment Delay ms Link Speed Fragment Delay...

Page 387: ...R config if M1 ppp multilink fragment disable Display Examples The following examples display fragmentation settings by the show interface multilink command XSR show interface multilink 1 Multilink In...

Page 388: ...displays fragmentation settings XSR show ppp interface multilink 1 multiclass MLPPP Bundle MultiClass Stats Multilink 1 MLPPP is Admin Up Oper Up Group Num 1 LCP State OPENED IPCP State OPENED Multili...

Page 389: ...s sampled every second and averaged over an 8 second period Triggering is delayed for 10 seconds when the load surpasses or falls below the threshold Triggering is generated when Either the inbound or...

Page 390: ...etween peers It supports five streams of sequence numbers the long sequence format by default and the short sequence number by negotiation Any class lower than the default requested by the peer will b...

Page 391: ...Multilink PPP Commands XSR CLI Reference Guide 8 121 Example The following example enables the multi class MLPPP option XSR config if D57 ppp multilink multi class...

Page 392: ...ENED Multilink State OPENED Multi Class State OPENED Multilink header format is LONG SEQ NUM Class suspendable level is 5 tx classes and 5 rcv classes Max Fragment delay is 10 ms MLPPP Bundle Info Con...

Page 393: ...e OPENED CLOSED Description MLPPP state OPENED if negotiation with peer successful CLOSED otherwise Range OPENED CLOSED Description Multi Class state OPENED if negotiation is successful with the peer...

Page 394: ...s wrong for MLPPP Padding Error Sum of packets discarded because padding size is wrong Invalid Cls Sum of packets discarded because class number greater than class level negotiated Error to CP Sum of...

Page 395: ...lass State CLOSED Bundle Size 1 Class Level Tx 1 Rx 1 Max Load Threshold 0 Bundle Tx Load Avg 0 Bundle Rx Load Avg 0 No Of Pck in Rx Buf Q 0 Lowest link Speed 1984000 Max Fragment Size 256 High Pri Me...

Page 396: ...igured MLPPP Bundle Stats Multilink 8 MLPPP is Admin Up Oper Up Group Num 8 LCP State OPENED IPCP State OPENED Multilink State OPENED Multi Class State OPENED Multilink header format is LONG SEQ NUM C...

Page 397: ...ler multi class This command displays Multi Class MLPPP status and statistics Syntax show ppp interface type type number multi class Mode EXEC XSR Sample Output The following example displays output o...

Page 398: ...0 0 0 Rx Load Average 0 0 0 0 0 Max 0 0 0 0 0 Min 0 0 0 0 0 Tx Load Average 0 0 0 0 0 Max 0 0 0 0 0 Min 0 0 0 0 0 Rx Stats Total 0 0 0 0 0 Discard SeqError 0 0 0 0 0 FListFull 0 0 0 0 0 Seq Exp 0 0 0...

Page 399: ...ber of the fragment of this class to the upper layer Range 1 16777215 Description Last M the smallest received sequence number of all the member links in this class to the upper layer Range Not define...

Page 400: ...d fragments discarded for this class because fragment list is full Seq Exp Sum of received fragment discarded for this class because sequence number is less than expected NoBgnFlg Sum of received frag...

Page 401: ...ilink 1 32767 memberlink multi class type number show ppp interface dialer 1 256 memberlink multi class type number Parameters Mode EXEC XSR Sample Output The following example displays output of this...

Page 402: ...d FListFull 0 0 0 0 0 Seq Err 0 0 0 0 0 Seq Expt 0 0 0 0 0 NoBegin 0 0 0 0 0 AddFrgFail 0 0 0 0 0 CleanQ 0 0 0 0 0 Tx Stats Total 0 0 0 0 0 Discard CleanQ 0 0 0 0 0 QFull 0 0 0 0 0 PPP Multilink Membe...

Page 403: ...for this class over this member link because fragment list is full Seq Exp Sum of received fragments discarded for this class over this member link because sequence number is less than expected NoBgnF...

Page 404: ...0 Bundle Tx Load Avg 0 Bundle Rx Load Avg 0 No Of Pck in Rx Buf Q 0 Lowest link Speed 64000 Max Fragment Size 64 High Pri Member link is Serial 3 2 0 10 Rx Stats Total 20137 Data 19103 Control 2 Null...

Page 405: ...lBack Req 0 Tx CallBack ReqAck 0 Tx LinkDrop Req 0 Tx LinkDrop ReqAck 0 Discriminators Local Remote Serial 3 2 0 26 0 1 Serial 3 2 0 30 1 3 Serial 3 2 0 29 2 5 Serial 3 2 0 28 3 7 Serial 3 2 0 27 4 9...

Page 406: ...Multilink Show Commands 8 136 Configuring the Point to Point Protocol...

Page 407: ...tory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vertical bar indicate a choice of a r...

Page 408: ...rface inherits all relevant parameters defined in the named map class For each virtual circuit the precedence rules are as follows Use the map class associated with the virtual circuit if it is config...

Page 409: ...if S1 0 frame relay class normlink The following commands configure sub interface serial 1 0 2 to use a different map class fastlink than that specified for serial 1 0 XSR config interface serial 1 0...

Page 410: ...ng from 16 to 1007 For the Point to Point P2P sub interface type only one DLCI is allowed For Point to Multi Point P2MP you can configure multiple DLCIs gratuitous inverse arp Sends inverse ARP reques...

Page 411: ...8 ip 133 133 1 3 bootp XSR config fr dlci no shutdown XSR config fr dlci interface serial 1 0 2 point to point XSR config subif ip helper 10 10 1 2 XSR config subif ip address 133 134 1 1 255 255 255...

Page 412: ...intf type dce XSR config if S1 0 frame relay lmi type ansi frame relay lmi t391dte This command sets the interval between LMI Link Integrity Verification LIV message transmissions on the Data Terminal...

Page 413: ...request a full status response from the Frame Relay switch The other nine status inquiries will request keep alive exchanges only XSR config interface serial 1 0 XSR config if S1 0 encapsulation fram...

Page 414: ...his command sets the error threshold on a Data Terminal Equipment DTE interface Syntax frame relay lmi n392dte threshold Syntax of the no Form Use the no command to remove the current setting no frame...

Page 415: ...ample sets the DCE to wait 20 seconds for a status enquiry from the DTE before declaring an error event XSR config interface serial 1 0 XSR config if S1 0 encapsulation frame relay XSR config if S1 0...

Page 416: ...ce This command sets the monitored event count on a Data Communications Equipment DCE interface Syntax frame relay lmi n393dce events Syntax of the no Form The no form of this command removes the curr...

Page 417: ...R config if S1 0 encapsulation frame relay XSR config if S1 0 frame relay lmi type ansi XSR config if S1 0 no shutdown frame relay traffic shaping This command enables map class parameters for all Per...

Page 418: ..._num Caution Be aware that when you enable the Console port as a WAN port you can no longer directly connect to it because it is in data communication mode Your only access to the CLI will be to Telne...

Page 419: ...lay Map Class Commands class This command assigns a map class to a specific Data Link Connection Identifier DLCI This can be used to override the default values for the DLCIs or to override a class as...

Page 420: ...dback indicating upstream congestion conditions Frame Relay switches use BECN Back End Congestion Notification to indicate congestion and throttle the DTE traffic rate Syntax frame relay adaptive shap...

Page 421: ...frame relay slowlink XSR config map class slowlink frame relay bc out 6000 frame relay be This command specifies the outgoing excess Burst size Be for a Frame Relay map class Syntax frame relay be ou...

Page 422: ...In this sense Committed Burst Bc is not really a burst but a smoothing function for the number of bits that the XSR is allowed to transmit during the Tc period in order to achieve the specified CIR Si...

Page 423: ...lowlink frame relay fragment 53 XSR config map class slowlink service policy frf12 map class frame relay The command selects a supported Frame Relay map class and gives it a mnemonic name that can be...

Page 424: ...the service policy profile for the class map The service policy is a flexible method to configure QoS for an interface sub interface and DLCI You can use it to create priority queues custom queues WF...

Page 425: ...the interface after it is shut down no shutdown Mode Interface configuration XSR config if xx sub interface This command starts configuration for a sub interface on a serial interface You can configu...

Page 426: ...a specified Frame Relay sub interface or a Frame Relay port or all Frame Relay ports on the XSR Syntax clear frame relay counter interface interface num dlci dlci num Mode EXEC XSR clear frame relay i...

Page 427: ...of fragments transmitted received and dropped When a specific interface and DLCI are specified additional details are displayed Syntax show frame relay fragment interface interface dlci Mode Privileg...

Page 428: ...12 header In assembled pkts Sum of fully reassembled frames received by this DLCI including frames without a Frame Relay fragmentationheader in un fragmented packets This counter corresponds to frames...

Page 429: ...h a T1 E1 Serial controller NIM installed LMI Statistics for Serial 0 2 0 1 Frame Relay DTE LMI NONE Interface down Status Enq Sent 0 Status Msg Rcvd 0 Status Timeout 0 Updated Status Rcvd 0 configure...

Page 430: ...the port has successfully negotiated detected the LMI supported by the switch otherwise it displays AUTO Status Enq Sent Sum of LMI status enquiry messages sent Status Msgs Rcvd Sum of LMI status mess...

Page 431: ...nterface that is associated with a DLCI dlci 981 0x3D5 0xF450 DLCI number displayed three ways its decimal value its hexadecimal value 0x3D5 and its value as it appears on the wire 0xF450 Remote Addr...

Page 432: ...ming data rate for this PVC in packets per second measured for 8 seconds Input pkts Sum of packets received on this PVC Input bytes The packet rate in pps on this PVC in the last sampling period last...

Page 433: ...whether they are being referenced by any Frame Relay interfaces Syntax show frame relay map class Mode Privileged EXEC XSR Example XSR show frame relay map class Total 7 frame relay map classes confi...

Page 434: ...1 Total LMI Tx 0 LMI Rx 0 TX Packets 18155 Bytes 20214344 PPS 0 RX Packets 18154 Bytes 20214072 PPS 0 Approximate Speed 128 Kbps Discarded Packets TX RX 0 0 Sub Interface 1 State UP Num Stations 1 Co...

Page 435: ...ernal The device uses CRC 16 for Tx The device uses CRC 16 for Rx The type of encoding is NRZ The media type is RS 232 V 28 DTE The loopback mode is off Other Interface Statistics ifindex 0 ifType 23...

Page 436: ...Frame Relay Clear and Show Commands 9 112 Configuring Frame Relay...

Page 437: ...IA signaling will be used on the serial line interface This signal is known as the DTR signal The dialer string command has no effect on DTR dialers Be aware of the following mandatory conditions Conv...

Page 438: ...e and a preset dialing out telephone number Syntax dialer dtr Syntax of the no Form no dialer dtr Default DTR dialing is disabled Mode Interface configuration XSR config if xx Example XSR config if S1...

Page 439: ...led no default dialing pool number is assigned Priority 0 Minimum 0 Maximum 255 Mode Interface configuration XSR config if xx Example The following example shows a serial interface belonging to two di...

Page 440: ...if interface dialer 0 XSR config if D0 dialer string 9055559988 class XXX dialer wait for carrier time interface configuration This command configures the time a dialer interface waits for a carrier s...

Page 441: ...of the dialer map class TEST on Dialer port 57 XSR config if D57 interface dialer 57 XSR config if D57 ip address 196 16 25 1 255 255 255 0 XSR config if D57 encapsulation ppp XSR config if D57 dialer...

Page 442: ...ings XSR config interface dialer 200 XSR config if D200 ip address 200 17 10 5 255 255 255 0 XSR config if D200 encapsulation ppp XSR config if D200 authentication chap XSR config if D200 no shutdown...

Page 443: ...name Default None no class name Mode Global configuration XSR config Next Mode Map Class Dialer configuration XSR config map class xx Example The example below specifies a 90 second wait time for the...

Page 444: ...ATX3 Dialer Interface Clear and Show Commands clear dialer This command clears dialer statistics for physical interfaces connected to the dialer interfaces If the interface is not specified all inter...

Page 445: ...r maps Mode EXEC XSR Sample Output The following is sample output from the show dialer maps command Dialer maps configured on Interface Dialer1 Next hop IP address 10 10 10 2 Remote host robo2 Map cla...

Page 446: ...01 3100 Serial 2 0 30 0003 Dialer1 Incoming CONNECTED 001 Serial 2 0 12 0004 Dialer0 On Demand WAITING 000 2600 D Serial 1 0 0 Parameter Descriptions ID Dial session ID number node wide and unique Ran...

Page 447: ...following example provides a 10 second delay in activating the secondary line and a 20 second delay in deactivating the secondary line when the primary serial line goes up and down XSR config interfa...

Page 448: ...wn XSR config interface dialer 57 XSR config if D57 dialer pool 1 XSR config if D57 dialer redial attempts 3 forever XSR config if D57 dialer string 67921 XSR config if D57 encapsulation ppp XSR confi...

Page 449: ...interface and once its time range is specified the backup dialer port can be enabled and disabled Syntax backup time range start time end time Syntax of the no Form The no form of this command disable...

Page 450: ...DN channels 25 Free pool serial ports 0 Neighbor Dial String Success Failures Map Class 3100 1 0 Active links MLPPP group 1 to 10 10 10 2 5 DOD BOD Commands The XSR supports the following Dial on Dema...

Page 451: ...List ACL Because IP is the sole protocol supported at this time an ACL must be specified using the dial list command Syntax dialer list dialer group protocol protocol name list access list number Synt...

Page 452: ...ler 1 XSR config if D1 dialer called 12345 6789 dialer caller This command configures caller ID screening with an option providing ISDN callback The XSR will accept calls from a specified phone number...

Page 453: ...er is based on outbound traffic only Syntax dialer idle timeout seconds Syntax of the no Form Use the no form of this command to reset the idle timeout to the default no dialer idle timeout Mode Diale...

Page 454: ...l next hop address name hostname class map class spc speed 56 64 broadcast dial string isdn subaddress Mode Dialer Interface configuration XSR config if Dx Default Speed 64 kbps protocol Protocol keyw...

Page 455: ...nfiguration XSR config if Dx Default 1 second Example The following example configures Dialer interface 57 to be persistent for two minutes XSR config interface dialer 57 XSR config if D57 dialer pers...

Page 456: ...emote name username Mode Dialer Interface configuration XSR config if Dx Example The following example sets the authentication name for the remote router on Dialer interface 7 XSR config interface dia...

Page 457: ...nitored Use this command with the dialer watch group interface configuration command The number of the group list must match the group number Syntax dialer watch list group number delay route check in...

Page 458: ...us is SPOOFING Dial stats wait for carrier 60s redial attempts 3 redial interval 10s address mask IP address mask to be applied to the list initial delay The delay interval between the time when a new...

Page 459: ...ailable B channels 30 serial ports 0 Watch group stats watch group 1 rt cnt 1 trigg cnt 1 state is UP delays init 10 connect 3 disconnect 3 time range 10 15 11 15 timer expires in 18h 32m 28s watch gr...

Page 460: ...Dialer Watch Commands 10 106 Configuring the Dialer Interface...

Page 461: ...tion Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with...

Page 462: ...sing and or accepting the call The verification proceeds from right to left for the called party number it also proceeds from right to left for the sub address number You can configure the called part...

Page 463: ...ures an ISDN PRI interface to choose an outgoing call in either ascending or descending order The XSR selects the lowest or highest available B channel starting at either channel B1 ascending or chann...

Page 464: ...nected after 30 seconds Syntax isdn call c p board slot port dialing string 56 64 Mode Privileged EXEC XSR Example The following example initiates an ISDN call on BRI port 2 1 at 56 kbps XSR isdn call...

Page 465: ...mber 5088781234 isdn disconnect This command is used for debugging purposes to test ISDN connectivity It sets up an ISDN data call to test call setup procedures with a Central Office ISDN switch or te...

Page 466: ...SPID and LDN for the B1 channel XSR config if BRI 2 1 isdn spid1 508876123401 5088761234 isdn switch type BRI PRI This command sets the central office switch type for the ISDN port and triggers the cr...

Page 467: ...J1 primary ntt Mode BRI PRI Interface configuration XSR config if BRI PRI xx Note This command is valid only after the pri group command was issued basic dms100 North America legacy ISDN switch basic...

Page 468: ...d once for speeds equal to and higher then 112 as both B channels are bound to the created serial interface For 56 and 64 bps speeds the command can be issued twice to create individual serial interfa...

Page 469: ...1 1 at 112 kbps with Frame Relay encapsulation XSR config interface bri 1 1 XSR config if BRI 1 1 leased line 112 XSR config interface bri 0 1 2 1 XSR config if BRI 1 2 1 ip address 1 1 1 3 255 255 25...

Page 470: ...debug isdn command or terminating the Telnet or Console session Optionally you can set a limit of up to 9999 messages which will display at the CLI after which the debug session will end If the limit...

Page 471: ...Tracing show controllers bri This command displays physical line data concerning Basic Rate Interface BRI sub interfaces Syntax show controllers bri board slot port channel number Mode Privileged EXEC...

Page 472: ...fd200 RxDRIdx 0 RxBuffSize 1728 RxBuffOffset 160 2 CmdStsLen 0x80000000 pBuf 0x21e146e0 1 CmdStsLen 0xa0000000 pBuf 0x21e14da0 0 CmdStsLen 0x80000000 pBuf 0x21e11e60 1 CmdStsLen 0x80000000 pBuf 0x21e1...

Page 473: ...r 1 DOWN Layer 2 DOWN State OFFLINE Admin Up Oper Down Term 1 Spid 2200555 State OFFLINE Cause 000 Term 2 Spid 2201555 State OFFLINE Cause 000 Total Length 257 The name of this device is bri1 1 0 The...

Page 474: ...0 The card is 2 The port is 1 The channel is 0 The current MTU is 1506 The device is in polling mode and is INACTIVE The channel is logically INACTIVE The operational state is OPER_DOWN The protocol...

Page 475: ...06 21 07 906 016 2100 BRI 1 0 1 OUTGOING 06 21 03 719 06 21 07 906 016 2100 The following output displays incoming call data for PRI interface 2 0 and sub interfaces 23 30 XSR show isdn history 2 0 I...

Page 476: ...lot and port numbers Call Type Type of call INCOMING for incoming OUTGOING for outgoing or when call direction cannot be determined Calling or Called Phone Number for outgoing call displays 10 leastsi...

Page 477: ...dn service 1 0 BRI ISDN Service ISDN BRI 1 0 Layer 1 UP Layer 2 UP State ONLINE Admin Up Oper Up Ch No State Ch No State Ch No State Ch No State Ch No State 1 IDLE 2 IDLE The following example shows o...

Page 478: ...DN Debug and Show Commands 11 100 ISDN BRI and PRI Commands 20 CONNECTED 21 CONNECTED 22 CONNECTED 23 CONNECTED 24 CONNECTED 25 CONNECTED 26 CONNECTED 27 CONNECTED 28 CONNECTED 29 CONNECTED 30 CONNECT...

Page 479: ...ameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vertical bar indicate a choice of a required value x y z Combination of square brackets with braces...

Page 480: ...and are bandwidth Specifies the bandwidth allocated for a class belonging to a policy map Go to page 12 86 for the command definition class Specifies the criteria for classifying traffic Go to page 12...

Page 481: ...h criteria are defined in a class map Invoking the policy map command enables QoS Policy Map configuration mode in which you can configure or modify the class policies for that policy map You can conf...

Page 482: ...pecified for that class over the available link bandwidth The available link bandwidth is equal to the interface bandwidth minus the sum of all bandwidth reserved for low latency queues When configure...

Page 483: ...nge This also allows you to enter QoS policy map configuration mode After you specify a policy map you can configure policy for new classes or modify policy for any existing classes in that policy map...

Page 484: ...th for this class in the event of congestion RED drops up to one out of three packets when the average queue size becomes bigger than 34 and drops each packet if it becomes bigger than 57 RED packet d...

Page 485: ...han 1000 bytes burst normal will be set to 1000 bytes burst max Excess burst size ranging from 1 000 to 51 2000 000 bytes Value must be greater than or equal to normal burst size It will automatically...

Page 486: ...d Fair Queueing CBWFQ Strict PQ allows delay sensitive data such as voice to be de queued and sent before packets in other queues are dequeued The burst argument specifies the burst size and as such c...

Page 487: ...CBWFQ creates a queue for every class for which a class map is defined Packets satisfying the match criteria for a class accumulate in the queue reserved for the class until they are sent which occurs...

Page 488: ...res mark prob Syntax of the no Form The no form of this command disable RED on an interface no random detect Mode Policy Map Class configuration XSR config pmap c xx Defaults Disabled Mark prob 10 Exa...

Page 489: ...fig policy map DSCP XSR config pmap DSCP class A XSR config pmap c a random detect dscp based random detect dscp This command changes the Weighted Random Early Detect WRED minimum and maximum threshol...

Page 490: ...gth ranging from 1 to 4096 beyond which the XSR randomly drops packets max thres Maximum limit of average packet queue length ranging from 1 to 4096 beyond which all packets are dropped mark prob Mark...

Page 491: ...ponential weighting constant This command configures the Weighted Random Early Detect WRED exponential weight factor for the average queue size calculation The weight constant is expressed as a power...

Page 492: ...a MinTh 1 2 precvalue 16 x MaxTh To change the default setting use the random detect precedence default command By doing so all IP precedence will share the same values except those which were explici...

Page 493: ...nfig pmap c a random detect prec based XSR config pmap c a random detect precedence default 10 20 set cos This command marks the IEEE 802 1 priority in the header of output VLAN packets with a Class o...

Page 494: ...speed up handling for high precedence traffic at congestion points Syntax set ip dscp ip dscp value Note You cannot mark a packet by the IP precedence with the set ip precedence command and mark the...

Page 495: ...n of CBWFQ or RED at points downstream in the network Typically you set IP Precedence at the edge of the network or administrative domain data then is queued based on the precedence CBWFQ can speed up...

Page 496: ...e and is calculated from the rate and the default measurement interval of 10 milliseconds Burst equals rate multiplied by 10 milliseconds divided by 1000 In order to sustain the average rate the norma...

Page 497: ...Point DSCP value as a match criterion Go to page 12 103 for the command definition match ip precedence identifies IP precedence values as match criteria Go to page 12 104 for the command definition Sy...

Page 498: ...ch criteria against which packets are checked to determine if they belong to the class set by the class map To use the match access group command you must first enter the class map command to specify...

Page 499: ...ng example example configures classmap matchCos5To7 that matches input priority values from 5 to 7 XSR config class map matchCos5To7 XSR config cmap matchCos5To7 match cos 5 6 7 match ip dscp This com...

Page 500: ...R config interface fastethernet 1 XSR config if F1 service policy output priority55 match ip precedence This command identifies IP precedence values as match criteria Up to 4 precedence values can be...

Page 501: ...pprec5 XSR config cmap ipprec5 match ip precedence 5 XSR config policy map priority50 XSR config pmap priority50 class ipprec5 XSR config pmap c ipprec5 priority high 50 XSR config interface fastether...

Page 502: ...Privileged EXEC or Global configuration XSR XSR or XSR config Sample Output This example displays the contents of the service policy map called po1 XSR show policy map po1 Policy Map po1 CLass c1 Weig...

Page 503: ...ion XSR or XSR config Sample Output The following example shows policy map mypolicy attached to DLCI 100 on Serial interface 1 0 Policy is applied simultaneously to input and output traffic Input poli...

Page 504: ...dwidth 300 kbps Actual bandwidth 0 kbps Max Qsize 64 Qsize 32 Tail drops 223 Tx NoBuff Error 3321 22 0 Class class default Weighted Fair Queuing Bandwidth 436 kbps Actual bandwidth 0 kbps Max Qsize 64...

Page 505: ...2 XSR show random detect interface serial 1 0 0 Serial 1 0 0 output Shape output Shape Class d32 Weighted Random detect Avg Qsize 5 Total Random Drops 2223 Tail drops Sum of packets dropped by Tail Dr...

Page 506: ...2 5 20 0 0 15 2 5 20 0 0 16 2 5 20 0 0 17 2 5 20 0 0 18 2 5 20 0 0 19 2 5 20 0 0 20 2 5 20 0 0 21 2 5 20 0 0 22 2 5 20 0 0 23 2 5 20 0 0 24 2 5 20 0 0 25 2 5 20 0 0 26 2 5 20 0 0 27 2 5 20 0 0 28 2 5...

Page 507: ...vileged EXEC or Global configuration XSR or XSR config Average Queue size Average output queue size for this interface Total Random Drops Sum of packets dropped for all DSCP codepoint Min th Minimum t...

Page 508: ...wing is sample output displays shape information for classes d32 and d33 XSR show shape interface serial 1 0 0 Serial 0 1 0 0 output Shape Serial 0 1 1 1 output Shape Class d32 Traffic shaping Average...

Page 509: ...rsonnel only This command requires that the ADSL NIM be installed and the DSP firmware file be present in the Flash directory Convention Description xyz Key word or mandatory parameters bold x Square...

Page 510: ...command requires that the ADSL NIM be installed and the DSP firmware file be present in the Flash directory Syntax cmv clear Mode ATM Interface configuration XSR config if ATMxx Example The following...

Page 511: ...ATMxx Example The following example writes UOPT 2 with a hex value to the DSP XSR config if ATM0 1 1 cmv cw UOPT 2 0x0c0e1014 cmv delete This command deletes the specified Command Management Variable...

Page 512: ...d the DSP firmware file be present in the Flash directory Syntax cmv print Mode ATM Interface configuration XSR config if ATMxx Example The following example prints the CMV training list to the consol...

Page 513: ...stalled and the DSP firmware file be present in the Flash directory Syntax description description_text Syntax of the no Form The no form of this command sets the description text to an empty string n...

Page 514: ...n ATM interface on slot 0 card 1 port 1 XSR config interface atm 0 1 1 XSR config if ATM0 1 1 interface atm sub interface This command creates an ATM sub interface object and associates it with its AT...

Page 515: ...94 for the command description oam pvc enables end to end F5 circuit OAM cell procedures for ATM Permanent Virtual Circuit PVC management Refer to page 13 95 for the command description oam retry conf...

Page 516: ...ires a properly configured ATM sub interface and Dialer group Syntax backup delay down wait up wait never interface dialer id time range begin hh mm end hh mm Syntax of the no Form The no form of this...

Page 517: ...erly configured ATM sub interface Syntax crypto ezipsec ipsec df bit clear copy set map map name Syntax of the no Form This command s no disables the specified DF bit setting no crypto ezipsec ipsec d...

Page 518: ...1 32 encapsulation This command selects the data encapsulation method for this ATM sub interface Be aware that an encapsulation method must be selected before the sub interface can pass data Syntax en...

Page 519: ...lexing and PPPoA encapsulated traffic XSR config if ATM0 1 0 1 encapsulation snap pppoa exit This command quits the ATM Sub Interface mode and returns to Global mode Syntax exit Mode ATM Sub Interface...

Page 520: ...sets the ATM sub interface to the administrative Up state no shutdown and enables the virtual circuit The associated ATM interface must be in the administrative Up state no shutdown before a no shutd...

Page 521: ...a problem in the local node XSR as well as in response to any AIS cells received The loopback cells monitor and declare the circuit up or down as follows The circuit is UP immediately after line trai...

Page 522: ...ettings apply only when OAM management has been enabled with the oam pvc command Example This example sets the up count to 5 the down count to 8 and the retry frequency to 2 seconds XSR config if ATM0...

Page 523: ...type to PVC and sets the ATM VPI VCI values to 2 48 XSR config if ATM0 1 0 1 pvc 2 48 shutdown This command sets the ATM sub interface to the administrative Down state halting all data traffic on thi...

Page 524: ...down operation Depending on the size of the DSP firmware and characteristics of the download process this operation may take a noticeable length of time Syntax no shutdown Mode ATM Interface configura...

Page 525: ...pwd refuse Syntax of the no Form The no form of this command returns this parameter to its default setting no ppp chap Mode ATM Sub Interface configuration XSR config if ATMx x x x Default Disabled E...

Page 526: ...LCP parameters for PPP It requires a properly configured ATM sub interface specifying encapsulation type PPPoA or PPPoE Syntax ppp lcp max configure count1 max failure count2 max terminate count3 Syn...

Page 527: ...rameter to its default setting no ppp max bad auth Mode ATM Sub Interface configuration XSR config if ATMx x x x Default Default number of attempts 0 Example The following example resets the command p...

Page 528: ...ty for PPP which is a measure of the amount of data successfully passed over the link The minimum quality value is specified as a percentage of the total data sent This command requires a properly con...

Page 529: ...TM Sub Interface configuration XSR config if ATMx x x x Default 3 seconds Example This example resets the maximum wait time for a response during PPP negotiation to 12 seconds XSR config if ATM0 1 0 1...

Page 530: ...d XSR show controllers atm 1 0 ATM Controller Stats ATM 1 0 DSP Image File CFlash adsl fls DSP File Rev 1 0 0 1 DSP Image Rev 43e2ea93 Attenuation 43 0 db SNR Margin 6 db CRC Errors 0 DMT state 42 OAM...

Page 531: ...nt 987 Rx PacketDiscardCount 18 Rx MuxHeaderError 0 Rx SnapHeaderError 0 Rx PPPoEethTypeError 0 Rx PPPoEethTypeARP 6 Rx PPPoEethTypeIP 12 Rx PPPoEethTypeRARP 0 Tx PacketTotalCount 952 Tx PacketDiscard...

Page 532: ...nsmit attempts due to the driver returning an unknown error status Rx PacketTotalCount Sum of packets received Rx PacketDiscardCount Sum of packets received that were discarded because of an error Rx...

Page 533: ...d Operational state Up Down Loopback on DSP firmware Backup interface Description string When you issue the command to display sub interface statistics the output returned includes VPI VCI IP address...

Page 534: ...tus 1 ifLastChange 00 02 34 ifInOctets 2950 ifInUcastPkts 47 ifInNUcastPkts 0 ifInDiscards 0 ifInErrors 0 ifInUnknownProtos 0 ifOutOctets 5088 ifOutUcastPkts 48 ifOutNUcastPkts 0 ifOutDiscards 0 ifOut...

Page 535: ...tPkts 0 ifInDiscards 0 ifInErrors 0 ifInUnknownProtos 0 ifOutOctets 37728 ifOutUcastPkts 388 ifOutNUcastPkts 0 ifOutDiscards 0 ifOutErrors 0 ifOutQLen 100 Parameters in the Interface Response ATM 1 0...

Page 536: ...alarm state of the circuit AIS or RDI ATM 1 0 1 is Admin Up Oper Up Administrative state Admin Up or Admin Down Operational state Oper Up or Oper Down Internet address is 30 0 0 11 subnet mask is 255...

Page 537: ...ands on page 14 108 Convention Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice o...

Page 538: ...require a particular CA name such as its domain name Performing this command acquires CA Identity mode where you can specify CA characteristics with the following sub commands crl frequency Specifies...

Page 539: ...tes when CRLs are not obtainable XSR config crypto ca identity ACMEca XSR ca identity enrollment url http AAA_ca coldstorage scripts exe XSR ca identity query url ldap serverx XSR ca identity enrollme...

Page 540: ...rity Identity configuration XSR ca identity Example The following example sets the HTTP proxy server IP address and port XSR config crypto ca identity ACMEca XSR ca identity enrollment http proxy 192...

Page 541: ...first 10 minutes x 60 tries 600 minutes 10 hours XSR config crypto ca identity ACMEca XSR ca identity enrollment url http ca_server XSR ca identity enrollment retry period 10 XSR ca identity enrollmen...

Page 542: ...XSR config crypto ca identity CAserver XSR ca identity enrollment url http ParentCA domain com certsrv mscep mscep dll crypto ca enroll This command enrolls a certificate for the XSR with the specifie...

Page 543: ...ved in the configuration Please make a note of it Password Re enter password Include the router serial number in the subject name y n y The serial number in the certificate will be 3526015000250142 Re...

Page 544: ...ity childca1 Enrollment Information Retry Period 5 minutes Retry Count 3 Crl Frequency 60 minutes CA Identity ldapca Enrollment Information URL http 1 1 1 10 certsrv mscep mscep dll Retry Period 5 min...

Page 545: ...upply the challenge password you created when you first got the certificates with crypto ca enroll Remove the XSR s certificates from the configuration using the certificate command Syntax crypto ca c...

Page 546: ...command displays data about Certificate Revocation Lists CRL issued by a Certificate Authority CA Syntax show crypto ca crls Mode EXEC or Global configuration XSR or XSR config Sample Output The foll...

Page 547: ...authenticate command Syntax show crypto ca certificates Mode EXEC or Global configuration XSR or XSR config Example The following sample output shows two XSRs certificates and the CA s certificate In...

Page 548: ...ge Encryption IKE Security Protocol Commands The following commands configure the Internet Key Exchange IKE Security Protocol on the XSR clear crypto isakmp This command clears one or all active Inter...

Page 549: ...thm used by an IKE proposal Refer to page 14 98 for the command definition lifetime SA interval used by an IKE proposal Refer to page 14 99 for the command definition Many IKE proposals policies can b...

Page 550: ...tion Encrypt Integrity Group Lifetime 57 RSASignature DES HMAC MD5 Modp1024 5000 99 PreSharedKeys DES HMAC SHA Modp768 10000 DEFAULT RSASignature DES HMAC SHA Modp768 86400 authentication This command...

Page 551: ...es 3DES as the encryption method for the IKE proposal ACMEproposal XSR config crypto isakmp proposal ACMEproposal XSR config isakmp encryption 3des group This command sets the Diffie Hellman group in...

Page 552: ...proposal XSR config isakmp Group5 hash This command sets the hash algorithm used in an IKE proposal policy Syntax hash sha md5 Syntax of the no Form The no form this command resets to the default sha...

Page 553: ...gures the remote peer s IP address and or subnet and acquires ISAKMP configuration mode The following sub commands can be entered at ISAKMP Peer mode config mode sets the local IKE Mode configuration...

Page 554: ...lemented by many vendors allows a gateway to download an IP address and other network level configuration to the client as part of IKE negotiation Using this exchange the gateway gives IP addresses to...

Page 555: ...fig isakmp peer Example The following example configures the IKE mode to main XSR config crypto isakmp peer 192 168 57 9 255 255 255 255 Notes It is useful to specify a user ID instead of an IP addres...

Page 556: ...ckets on or off respectively Syntax nat traversal automatic enabled disabled Syntax of the no Form The no form of this command resets the default value no nat traversal Default Disabled Mode Remote Pe...

Page 557: ...whose IP address is dynamic If you specify no ID the IP address will be used by default But in that case you will have to re configure with a new entry in the aaa user database both ends of the tunnel...

Page 558: ...put from the command XSR show crypto isakmp peer Applicable Subnet Exch Mode Config Mode NAT User ID Proposals 192 168 57 4 2 Main Client Off p1 NONE 192 168 57 9 32 Main Disabled Off NONE The followi...

Page 559: ...Modp1024 28800 ez ike 3des md5 psk PreSharedKeys 3DES HMAC MD5 Modp1024 28800 ez ike 3des sha rsa RSASignature 3DES HMAC SHA Modp1024 28800 ez ike 3des md5 rsa RSASignature 3DES HMAC MD5 Modp1024 288...

Page 560: ...ws when processing IKE negotiation from the IPSec peer negotiation is done only for ipsec isakmp crypto map entries In order to be accepted if the peer initiates IPSec negotiation it must specify a da...

Page 561: ...m being protected by IPSec in the contextof a particular crypto map entry it does not allow the policy as set in crypto map statements to be applied to this traffic permit Causes all IP traffic that m...

Page 562: ...eer name clear crypto sa map map name clear crypto sa counters Default If peer map or counters keywords are not used all IPSec SAs are deleted Mode Privileged EXEC XSR Example The following example cl...

Page 563: ...ey master generate remove specify Mode Global configuration XSR config number Access list number defined using the access list command log update threshold Packet ceiling when met will trigger violati...

Page 564: ...lects encapsulation type tunnel or transport for a transform set Refer to page 14 112 for the command definition set peer Specifies peer s IP address Refer to page 14 113 for the command definition se...

Page 565: ...map map name seq num ipsec isakmp Syntax of the no Form To delete a crypto map entry use the no form of this command no crypto map map name seq num Mode Global configuration XSR config Next Mode Crypt...

Page 566: ...mode This command selects one of two IPSec defined encapsulation modes tunnel or transport for a transform set Tunnel mode the default typically is used with VPNs because the entire private network pa...

Page 567: ...matches a crypto map entry a tunnel is opened to the peer specified by this command Syntax set peer ip address Syntax of the no Form To remove an IPSec peer from a crypto map entry use the no form of...

Page 568: ...a single crypto map ACL permit entry will share the same SA Mode Crypto Map configuration XSR config crypto m Example The following example sets the SA request on a per host basis XSR config crypto m...

Page 569: ...available in this mode set pfs Specifies that IPSec should ask for PFS when seeking new SAs for this crypto map entry or that IPSec requires PFS when getting requests for new SAs Refer to page 14 116...

Page 570: ...security condition under which there is confidence that the compromise of a session s key will not lead to easier compromise of the key used in the next session after the key is refreshed When PFS is...

Page 571: ...ew keys are generated and traffic continues to be passed using new keys Syntax set security association lifetime seconds seconds kilobytes kilobytes Syntax of the no Form The no form of this command d...

Page 572: ...is sample output when NAT is present between the crypto endpoints Note that UDP Encaps displays indicating that encapsulation is enabled with a NAT present 10 2 1 10 32 UDP 1701 10 2 1 34 32 UDP 1701...

Page 573: ...ESP AH AH IPCOMP ez esp 3des sha pfs Modp768 3DES HMAC SHA None None ez esp 3des sha no pfs Disabled 3DES HMAC SHA None None ez esp 3des md5 pfs Modp768 3DES HMAC MD5 None None ez esp 3des md5 no pfs...

Page 574: ...4 196 87 ez esp 3des sha pfs ez esp 3des md5 pfs ez esp aes sha pfs ez esp aes md5 pfs ez esp 3des sha no pfs ez esp 3des md5 no pfs ez esp aes sha no pfs ez esp aes md5 no pfs n03 n03 Process Tunnel...

Page 575: ...rypto map map name Syntax of the no Form Delete a crypto map from the interface with the no form of this command no crypto map map name Mode Interface configuration XSR config if xx Next Mode Crypto M...

Page 576: ...to maps may be attached to other network interfaces EZ IPSec parameters cannot be changed but can be supplemented with custom values Syntax crypto ezipsec Syntax of the no Form no crypto ezipsec Defau...

Page 577: ...e associated with a specific network interface or require creation of virtual network interfaces that represent tunnels This section defines the VPN related subcommands provided by the interface vpn c...

Page 578: ...OS bits during the encapsulation decapsulation process It can be applied to a VPN interface or inserted in the crypto isamp peer command When applied the command copies the TOS byte from the inner to...

Page 579: ...fig tms tunnel set protocol gre XSR config tms tunnel set peer 10 10 10 2 XSR config tms tunnel set active XSR config tms tunnel no shutdown description This commands describes a VPN interface and any...

Page 580: ...nd of an unnumbered tunnel The command is useful because native IPSec tunnels attached to VPN interfaces will not easily forward multicast traffic without substantial crypto map configuration Multicas...

Page 581: ...xample The following example attaches service policy VPNpolicy to VPN output interface 1 XSR config interface vpn 1 XSR config int vpn service policy output VPNpolicy Tunnel Commands tunnel This sub c...

Page 582: ...he no Form The no form of this command deletes the tunnel no tunnel tunnel name Mode Interface Internet Protocol configuration XSR config int vpn Next Mode Tunnel configuration XSR config tms tunnel E...

Page 583: ...rval retries A B C D Syntax of the no Form The no form of this command disables the heartbeat no set heartbeat Defaults Interval 6 seconds Retries 3 Mode Tunnel configuration XSR config tms tunnel Exa...

Page 584: ...that create a Client or Network Extension mode site to site tunnel Client mode creates NAT on the VPN interface to hide the addresses of the trusted network attached to F1 IPSec security policy encry...

Page 585: ...user s identity when connecting to a peer It invokes EZ IPSec by applying the credentials password and or certificate used during tunnel creation obtained from the AAA subsystem An EZ IPSec tunnel use...

Page 586: ...D Mode Privileged EXEC XSR Example The following example terminates tunnel 40000001 XSR clear tunnel 40000001 show tunnels This command lists all tunnels currently connected to the XSR Syntax show tun...

Page 587: ...HAPv2 Packets In Out 0000000088 0000000027 Errors In Out 0000000000 0000000000 Discards In Out 0000000000 0000000000 Parameter Description VPN Interface VPN port number to which the client is connecte...

Page 588: ...l name Mode Global configuration XSR config Next Mode IP Local Pool configuration XSR ip local pool Example The following example creates a local IP address pool named marketing which contains all IP...

Page 589: ...sses between 192 168 57 100 and 192 168 57 110 from local pool HQ XSR config ip local pool HQ 192 168 57 0 255 255 255 0 XSR ip local pool exclude 192 168 57 100 10 The following example negates the e...

Page 590: ...0 255 0 0 1 ddd 1 2 3 4 255 255 255 255 1 0 0 0 test 192 168 57 1 255 255 255 255 1 0 0 0 test1 192 168 57 252 255 255 255 255 1 0 0 0 test3 192 168 58 0 255 255 255 0 246 0 10 0 The following output...

Page 591: ...when you can transmit packets larger than the available MTU size or you do not know the available MTU size Syntax crypto ipsec df bit clear set copy Pool Name of the IP pool Subnet Mask of the IP poo...

Page 592: ...e or you do not know the available MTU size Syntax crypto ipsec df bit clear set copy Defaults Disabled Copy setting Mode Interface configuration XSR config if xx Example The following example sets th...

Page 593: ...Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vert...

Page 594: ...ass to different DHCP pools in not permitted For example you cannot add client class marketing to both pool1 and pool2 Syntax client class name Syntax of the no Form Use the no form of this command to...

Page 595: ...0100 01f4 0127 10 cannot be added to both pool1 and pool2 Syntax client identifier identifier client class name Syntax of the no Form Use the no form of this command to delete the client identifier n...

Page 596: ...ool client class eng XSR config dhcp class client identifier 0100 01f4 0127 10 client name This command specifies the name of a DHCP client The client name should not include the domain name The comma...

Page 597: ...mmand should be used from the proper mode If it is specified from multiple modes an override mechanism chooses the innermost config value with host as innermost then client class and pool as the most...

Page 598: ...config dhcp pool client class eng XSR config dhcp class default router 14 12 1 99 dns server This command specifies the DNS IP servers available to a DHCP client It is available from DHCP pool host o...

Page 599: ...nfiguration inheritance the command should be used from the proper mode If it is specified from multiple modes an override mechanism chooses the innermost config value with host as innermost then clie...

Page 600: ...guration XSR config dhcp pool DHCP host configuration XSR config dhcp host DHCP client class configuration XSR config dhcp class Next Mode When this command is entered from DHCP pool configuration sub...

Page 601: ...ss and network mask for a manual binding to a DHCP client By default the DHCP server will examine its defined IP address pools if the mask and prefix length are unspecified If no mask is specified in...

Page 602: ...g dhcp class host 15 12 1 99 255 255 248 0 ip address dhcp This command configures an interface as a DHCP Client An Ethernet interface can be configured to use DHCP Client to acquire an IP address as...

Page 603: ...is not in use and assigns the address to the requesting client Setting the number argument to a value of 0 turns off the DHCP server ping operation completely Syntax ip dhcp ping packets number Syntax...

Page 604: ...gures a DHCP server IP address pool The XSR supports adding 1000 network addresses per pool and one DHCP pool per network Class B or higher subnet masks are supported Syntax ip dhcp pool name Syntax o...

Page 605: ...Server can be enabled on a FastEthernet GigabitEthernet primary interface and VLAN sub interface Secondary interface assignment is not supported Syntax ip dhcp server Syntax of the no Form Use the no...

Page 606: ...no Form Use the no form of this command to delete an IP address from the pool no ip local pool pool name Default No address pools are configured Mode Global configuration XSR config Next Mode IP Local...

Page 607: ...92 168 57 100 and 192 168 57 110 from local pool HQ XSR config ip local pool HQ 192 168 57 0 255 255 255 0 XSR ip local pool exclude 192 168 57 100 10 The following example negates the exclusion of IP...

Page 608: ...override mechanism chooses the innermost config value with client class as innermost then pool as most general Syntax lease days hours minutes infinite Syntax of the no Form Use the no form of this co...

Page 609: ...ass Example The following example specifies the IP address of a NetBIOS name server available to a Microsoft DHCP client in the subnet XSR config dhcp pool netbios name server 13 12 1 90 The following...

Page 610: ...CP host configuration XSR config dhcp host DHCP client class configuration XSR config dhcp class Example This example sets NetBIOS name server type as hybrid for a Microsoft DHCP client in the subnet...

Page 611: ...data to hosts on a TCP IP network Configuration values and other control data are carried in tagged data items stored in the options field of the DHCP message The data items are also called options o...

Page 612: ...Table 15 1 XSR Supported DHCP Options Protocol Name Category Type Default Description 0 Pad Causes subsequent fields to align on word boundaries Length 1 octet 1 Subnet Mask Basic Address Mask See des...

Page 613: ...der of preference Length 4 octet minimum multiples of 4 12 Host Name Basic ASCII string Name of the client which will or will not be qualified with the local domain name See RFC 1035 for character set...

Page 614: ...use when performing Path MTU Discovery RFC 1191 It is ordered from smallest to largest Length 2 octet minimum multiples of 2 Value 68 minimum 26 Interface MTU Interface 16 bit hex integer s 576 Maximu...

Page 615: ...terface 8 bit integer 0 60 Default TTL a client will use when sending TCP segments Length 1 octet expressed in hex Value minimum 1 38 TCP Keepalive Interval Interface 32 bit hex integer 0 keep alives...

Page 616: ...ow System Display Manager and are available to a client List addresses in order of preference Length 4 octet minimum multiples of 4 50 Requested IP Address IP address Used in a client request DHCPDISC...

Page 617: ...equested order but must try to insert the requested options in the order requested by the client Length 1 octet minimum 56 Message String Used by a DHCP server to print an error message to a DHCP clie...

Page 618: ...NNTP servers available to a client List in order of preference Length 4 octet minimum multiples of 4 72 Default WWW Server Servers IP address list WWW servers available to a client List in order of p...

Page 619: ...HCP option 72 which specifies World Wide Web WWW servers for DHCP clients Two WWW server addresses are configured in the following example XSR config dhcp pool option 72 ip 168 24 3 252 168 24 3 253 T...

Page 620: ...ion 35 hex 93A8 The following example sets DHCP option 14 specifying the pathname where a DHCP client s core image will be placed if the client crashes XSR config dhcp pool option 14 ascii c dump path...

Page 621: ...ation XSR config Example The example below enables DHCP services on interface FastEthernet 1 XSR config service dhcp fastethernet 1 DHCP Clear and Show Commands clear ip dhcp binding This command dele...

Page 622: ...eged EXEC XSR Example The following example resets all DHCP counters to zero XSR clear ip DHCP server statistics show dhcp lease This command displays DHCP Client information Syntax show dhcp lease Mo...

Page 623: ...sr show interface FastEthernet 1 is Admin Up Internet address is 172 16 1 1 subnet mask is 255 255 255 0 Temp IP addr IP address assigned via DHCP to the client from the server Temp sub net mask Subne...

Page 624: ...XSR show ip dhcp binding 168 16 22 254 IP address Hardware address Lease expiration Type ACT 168 16 3 254 02c7 f800 0423 Infinite Manual N The following example displays the lease expiration in local...

Page 625: ...erver statistics Mode Privileged EXEC or Global configuration XSR or XSR config Example The following example displays DHCP server statistics XSR show ip DHCP server statistics Database agents 1 Memor...

Page 626: ...ts Sum of database agents entered in the DHCP database Automatic bindings Sum of IP addresses automatically mapped to the Ethernet MAC addresses of hosts found in the DHCP database Manual bindings Sum...

Page 627: ...e Commands on page 16 129 Firewall Show Commands on page 16 133 Convention Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square br...

Page 628: ...ions defined by an ACL with ip access group command Syntax access list list insert replace entry deny permit protocol log srcIpAddr srcWildCardBits qualifier source port host srcIpAddr any range min s...

Page 629: ...range min sport Lowest port number from 0 to 65535 Combine with max sport max sport Highest port number from 0 to 65535 Normally greater than min sport but if less than min values are swapped dstIPAd...

Page 630: ...2 The following example moves entries 16 18 within an ACL to the beginning of the list XSR config access list 101 move 1 16 18 The example below moves entries 16 18 from ACL 144 to its beginning XSR c...

Page 631: ...L to add delete ranging from 1 to 999 destination Position before which entries are to be moved Range 1 999 source1 Sequential number of first ACL entry to move Range 1 999 source2 Sequential number o...

Page 632: ...d publishes an ACL violations log when a specified number of packets the XSR processes is met ACL violations logging is updated every five minutes so regardless of how you specify this command the fiv...

Page 633: ...ce IP address validation Syntax hostdos land fragmicmp largeicmp size checkspoof Syntax of the no Form The no form disables the specified security feature no hostdos land fragmicmp largeicmp size chec...

Page 634: ...e specified access group no ip access group access list number in out Mode Interface configuration XSR config if xx Example The following example as illustrated in Figure 16 1 applies ACL 101 to all i...

Page 635: ...lists number Mode Privileged EXEC or Global configuration XSR or XSR config Sample Output The following output displays when the command is issued at the Privileged EXEC mode XSR show access lists 101...

Page 636: ...matches the threshold then the alarm is logged and the count reset Other packets received after the threshold is met will increment the count until the next threshold is met or five minutes have elap...

Page 637: ...and Accounting AAA commands and command subsets validate and display information about AAA usergroups users and methods on the XSR aaa client AAA Usergroup User Method amd AAA show commands aaa clien...

Page 638: ...of DNS servers Refer to page 16 95 for the command definition ip pool Links a globally defined pool of IP addresses to the user group Refer to page 16 95 for the command definition pptp encrypt mppe...

Page 639: ...s XSR config aaa group headquarters XSR aaa group dns server primary 192 168 57 9 ip pool This command links a globally defined pool of IP addresses to the group of users IP pool is defined globally b...

Page 640: ...added to the interface that will carry PPTP MPPE traffic All Windows clients using MPPE require MS CHAP Syntax pptp encrypt mppe auto 40 128 Syntax of the no Form The no form of this command disables...

Page 641: ...f you do not later associate this new user with a group it will be added to the DEFAULT AAA group The following sub commands can be configured in AAA User mode group Specifies the group the user belon...

Page 642: ...XSR aaa user group This command specifies the group the user belongs to Syntax group group name Syntax of the no Form The no form of this command resets a user to the DEFAULT group no group Default Us...

Page 643: ...IP address from a user profile no ip address Default IP address is not assigned to the user Mode Username configuration XSR aaa user Example This example sets an IP address that will be assignd to re...

Page 644: ...ssh ppp Syntax of the No Form The no form of this command disables the earlier configured policy no policy vpn telnet console firewall ssh ppp Mode AAA User Group configuration XSR aaa user or XSR aa...

Page 645: ...command is executed at the Global Mode This command configures the AAA method plug in to be used The following sub commands are available in AAA Method mode acct port Sets the UDP port for accounting...

Page 646: ...a server Refer to page 16 109 for the command definition timeout Sets the interval the XSR waits for the AAA RADIUS server to reply before retransmitting Refer to page 16 110 for the command definitio...

Page 647: ...dius sbr default XSR aaa method radius auth port 6000 address This command specifies the address of the RADIUS server with either a host name or IP address It is used for the RADIUS method only Syntax...

Page 648: ...t fails because the server did not respond it is a failed attempt Syntax attempts number of attempts Syntax of the no Form The no form of this command resets to the default attempts number no attempts...

Page 649: ...an have a backup method 2 but its backup method 3 cannot back up method 1 Be aware that when the primary RADIUS server fails and AAA switches to the backup use of the primary server will not automatic...

Page 650: ...the associated client service no client vpn telnet firewall console ssh ppp Mode AAA Method configuration XSR aaa method xx Default VPN access is enabled all other access types are disabled Example Th...

Page 651: ...nd is available for all AAA methods local RADIUS and PKI The group will be used when a group name is not returned in the RADIUS response Syntax group group name Syntax of the no Form The no form of th...

Page 652: ...thod radius hash enable key This command specifies the authentication and encryption key used between the XSR and the server daemon running on this RADIUS server The sub command may be a plugin type d...

Page 653: ...ets to the default value no qtimeout Default 30 seconds Mode AAA Method configuration XSR aaa method xx Example The following example sets the qtimeout to 3 600 seconds XSR aaa method local qtimeout 3...

Page 654: ...he interval in seconds that the XSR waits for the AAA RADIUS server to reply before retransmitting It is used for the RADIUS method only Syntax timeout seconds Syntax of the no Form The no form of thi...

Page 655: ...service type s default method assigned via the client sub command in AAA method configuration mode and the AAA service s default method Syntax aaa method method name Syntax of the no Form The no form...

Page 656: ...tion categories The command s output will be sent to the terminal that most recently requested debug information Also if multiple AAA debug messages are activated all debug data will be sent to the te...

Page 657: ...aaa group group name Default If a group name is not specified all groups are displayed including the DEFAULT group Mode Privileged EXEC or Global configuration XSR or XSR config Sample Output The foll...

Page 658: ...es including the group to whom the user belongs and its IP address Syntax show aaa user user name Mode EXEC or Global configuration XSR or XSR config Sample Output The following output is displayed by...

Page 659: ...Method Name def This method is currently enabled Backup Radius server name is RADbackup Default group name is DEFAULT IP Address is 0 0 0 0 Hash is currently enabled Authentication and encryption key...

Page 660: ...modes as follows The system level firewall is disabled by default The interface level firewall is enabled by default unless explicitly disabled If the firewall is enabled packet inspection will occur...

Page 661: ...e alpha numeric characters only A Z upper or lower case 0 9 dash or _ underscore Also all firewall object names including pre defined objects such as ANY_EXTERNAL and user defined object names are cas...

Page 662: ...ion Syntax ip firewall icmp timeout seconds Syntax of the no Form The no form of this command sets the timeout to the default value no ip firewall icmp timeout Default Timeout 60 seconds Mode Global c...

Page 663: ...e re established Because the no version of this command is not available in order to undo a recent firewall configuration you must execute no versions of commands which invoke the configuration Option...

Page 664: ...wall The Firewall has just executed a delayed load command successfully ip firewall logging This command defines logging object parameters that apply to the firewall log operation Logging is cumulativ...

Page 665: ...ting any internal external network Network objects are referenced by the name within the policy and network group objects Define network objects for internal hosts and networks A name for any firewall...

Page 666: ...c values ANY_INTERNAL all internal network objects defined and ANY_EXTERNAL all external network objects defined are a convenient option to define a set of network objects Membership in these sets is...

Page 667: ...packets will not pass through the firewall This eliminates the need to define catch all reject policies in each direction Policies apply to traffic directed at the router as well So policy objects mu...

Page 668: ...inst the group_name length not to exceed 16 characters This value must match network group name exactly reject Drop all packets matching the policy log Drop all matching packets and log the activity u...

Page 669: ...rm The no form of this command removes a previously configured redirectURL no ip firewall redirectURL Mode Global configuration XSR config Example The following example redirects a user to the specife...

Page 670: ...d destination port range and protocol For flexibility port ranges can be specified using qualifiers such as eq lt and gt which are also available for configuring access lists A name for any firewall o...

Page 671: ...ded in a service group A name for any firewall object must use these alpha numeric characters only A Z upper or lower case 0 9 dash or _ underscore Also all firewall object names are case sensitive Sy...

Page 672: ...ffic to time out if idle for 10 minutes XSR config ip firewall udp timeout 6000 ip firewall url load black white list This command clears the specified Black URL or the White URL database then re load...

Page 673: ...ewall enabled at the interface level A particular interface may be enabled but subsequently disabling the firewall globally overrides all enabled interfaces If you enable the firewall globally all int...

Page 674: ...cast packets are not allowed inbound and outbound Mode Interface configuration XSR config if xx Example The example below allows broadcast filtering on outgoing packets only XSR config if F2 ip firewa...

Page 675: ...rk hops between successive addresses on the list strict source route Specifies an exact route through the Internet This routing path includes a sequence of IP addresses a datagram must follow hop by h...

Page 676: ...he no form of this command disables the function no ip firewall sync attack protect block host check host sync queue threshold Mode Interface configuration XSR config if xx block host Block host when...

Page 677: ...e running configuration will be displayed If this command is issued after the firewall commands were entered but before a firewall load was performed the following text appears Uncommitted Firewall Co...

Page 678: ...28 Internal ip firewall Network Private 220 150 2 32 28 Internal ip firewall system event threshold 3 ip firewall policy private dmz http allow ip firewall policy dmz private http allow ip firewall p...

Page 679: ...de XSR or XSR Sample Output This output displays a network object for the Engineering firewall in the 192 168 100 0 24 range Name Start Address End Address Internal External Engineering 192 168 100 1...

Page 680: ...plays all services pre defined and user defined Show ip firewall user defined Displays user defined services only Show ip firewall service name Displays a specific service object identified by name Sy...

Page 681: ...XSR or XSR Sample Output The following sample output displays configured firewall policies Name Source Network Destination Network Service Action outftp admin ANY_EXTERNAL ftp allow outhttp priv netw...

Page 682: ...3 01 2002 192 168 100 100 0 192 168 1 20 0 ICMP 20 28 42 03 01 2002 show ip firewall auth This dynamic counter displays the IP addresses that have been authenticated along with the group name Syntax s...

Page 683: ...12 FEB 03 2005 0 Total 0 0 3 Blocked DOS Attacks Land 0 Christmas Tree 0 Ping of Death 0 Anti Spoofing 0 ICMP Flood 0 Smurf 0 SYN Flood 370393 Tear Drop 0 TCP Backlog Queue Length 23 TCP Backlog Queue...

Page 684: ...Privileged EXEC Mode XSR or XSR Example The following is sample output from the command show ip firewall urLlist Black URLs from File blacklist txt 1 www cisco com 2 www playboy com 3 readme eml 4 amb...

Reviews:

No comments

Brands by name

Popular brands

Load more brands