manualshive.com logo in svg

HP ProCurve Secure 7102dl, Reference Manual

The HP ProCurve Secure 7102dl offers robust network security features to protect your data. Gain a comprehensive understanding of its basic management and configuration with the free manual available for download at manualshive.com. Enhance your network's security today with this user-friendly manual for seamless implementation and management.

Share
Download
background image

SROS Command Line Interface Reference Guide

Crypto Map Manual Command Set

5991-2114

© Copyright 2007 Hewlett-Packard Development Company, L.P.

1247

Step 5:

Create crypto map and define manual keys. A Crypto Map is used to define a set of encryption schemes to 
be used for a given interface.  A crypto map entry has a unique index within the crypto map set.  The crypto 
map entry will specify whether IKE is used to generate encryption keys or if manually specified keys will be 
used.  The crypto map entry will also specify who will be terminating the VPN tunnel, as well as which 
transform set or sets will be used to encrypt and/or authenticate the traffic on that VPN tunnel.  It also 
specifies the lifetime of all created IPSec security associations. 

The keys for the algorithms defined in the transform set associated with the crypto map will be defined by 
using the 

set session-key

 command.  A separate key is needed for both inbound and outbound traffic.  

The key format consists of a string of hexadecimal values without the leading 

0x

 for each character.  For 

example, a cipher key of 

this is my cipher key

 would be entered as:

74686973206973206D7920636970686572206B6579

A unique Security Parameter Index (SPI) is needed for both inbound and outbound traffic.  The local 
system's inbound SPI and keys will be the peer's outbound SPI and keys.  The local system's outbound 
SPI and keys will be the peer's inbound SPI and keys.  In this example the following keys and SPIs are 
used:

Inbound cipher SPI: 300Inbound cipher key: "2te$#g89jnr(j!@4rvnfhg5e"

Outbound cipher SPI: 400Outbound cipher key: "8564hgjelrign*&(gnb#1$d3"

Inbound authenticator key:"r5%^ughembkdhj34$x.<"

Outbound authenticator key:"io78*7gner#4(mgnsd!3"


ProCurve(config)#

crypto map corporate_vpn 1 ipsec-ike

ProCurve(config-crypto-map)#

match address corporate_traffic

ProCurve(config-crypto-map)#

set peer 172.27.15.129

ProCurve(config-crypto-map)#

set transform-set highly_secure

 

ProCurve(config-crypto-map)#

set session-key inbound esp 300 cipher 

32746524236738396A6E72286A21403472766E6668673565 authenticator 
7235255E756768656D626B64686A333424782E3C

ProCurve(config-crypto-map)#

set session-key outbound esp 400 cipher 

3835363468676A656C7269676E2A2628676E622331246433 authenticator 
696F37382A37676E65722334286D676E73642133

Step 6:

Configure public interface. This process includes configuring the IP address for the interface and applying 
the appropriate crypto map to the interface.  Crypto maps are applied to the interface on which encrypted 
traffic will be transmitted.

ProCurve(config)#

interface ppp 1

ProCurve(config-ppp 1)#

ip address 172.27.45.57 255.255.255.248

ProCurve(config-ppp 1)#

crypto map corporate_vpn

ProCurve(config-ppp 1)#

no shutdown

Summary of Contents for ProCurve Secure 7102dl

Page 1: ...SROS Command Line Interface Reference Guide ProCurve Secure Router 7102dl ProCurve Secure Router 7203dl ...

Page 2: ......

Page 3: ...SROS Command Line Interface Reference Guide Software Version J 08 03 September 2007 61195880L1 35H ...

Page 4: ...EGARD TO THIS MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Hewlett Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing performance or use of this material The only warranties for HP products and services are set forth in the express warranty state...

Page 5: ... Configuration Command Set 699 ATM Interface Config Command Set 714 ATM Sub Interface Config Command Set 717 BVI Interface Config Command Set 786 Demand Interface Configuration Command Set 817 Frame Relay Interface Config Command Set 877 Frame Relay Sub Interface Config Command Set 898 HDLC Command Set 969 Loopback Interface Configuration Command Set 1031 PPP Interface Configuration Command Set 10...

Page 6: ...nfiguration Command Set 1347 Router OSPF Configuration Command Set 1360 Router PIM Sparse Configuration Command Set 1375 Router RIP Configuration Command Set 1379 Quality of Service QoS Map Commands 1391 DHCP Pool Command Set 1406 Radius Group Command Set 1425 TACACS Group Configuration Command Set 1427 Common Commands 1429 Index 1443 ...

Page 7: ...cts using the SROS are initially accessed by connecting a VT100 terminal or terminal emulator to the CONSOLE port located on the front of the unit using a standard DB 9 male to DB 9 female serial cable Configure the VT100 terminal or terminal emulation software to the following settings 9600 baud 8 data bits No parity 1 stop bit No flow control Understanding Command Security Levels The SROS has tw...

Page 8: ...modes Note To prevent unauthorized users from accessing the configuration functions of your product immediately install an Enable level password Refer to the Quick Configuration Guides and Quick Start Guides located on the Secure Router OS Documentation CD provided with your unit for more information on configuring a password Mode Access by Sample Prompt With this mode you can Global entering conf...

Page 9: ...row key To re display a previously entered command use the up arrow key Continuing to press the up arrow key cycles through all commands entered starting with the most recent command Tab key Pressing the Tab key after entering a partial but unique command will complete the command display it on the command prompt line and wait for further input The CLI contains help to guide you through the config...

Page 10: ...inish You need only enter enough letters to identify a command as unique For example entering int t1 1 1 at the Global configuration prompt provides you access to the configuration parameters for the specified T1 interface Entering interface t1 1 1 would work as well but is not necessary Command Description do The do command provides a way to execute commands in other command sets without taking t...

Page 11: ...es can halt other processes It is best to only use the debug command during times when the network resources are in low demand non peak hours weekends etc Message Helpful Hints Ambiguous command Unrecognized Command The command may not be valid in the current command mode or you may not have entered enough correct characters for the command to be recognized Try using the command to determine your ...

Page 12: ...e 591 E1 Interface Configuration Command Set on page 601 Ethernet Interface Configuration Command Set on page 616 G 703 Interface Configuration Command set on page 678 Serial Interface Configuration Command Set on page 685 Modem Interface Configuration Command Set on page 694 T1 Interface Configuration Command Set on page 699 ATM Interface Config Command Set on page 714 ATM Sub Interface Config Co...

Page 13: ...e 1327 Router RIP Configuration Command Set on page 1379 Router OSPF Configuration Command Set on page 1360 Router PIM Sparse Configuration Command Set on page 1375 Quality of Service QoS Map Commands on page 1391 DHCP Pool Command Set on page 1406 Radius Group Command Set on page 1425 TACACS Group Configuration Command Set on page 1427 Common Commands on page 1429 ...

Page 14: ...ession the following prompt displays ProCurve The following command is common to multiple command sets and is covered in a centralized section of this guide For more information refer to the section listed below exit on page 1437 ping address on page 1438 All other commands for this command set are described in this section in alphabetical order enable on page 13 logout on page 14 show clock on pa...

Page 15: ...meters and should be password protected to prevent unauthorized use Use the enable password command found in the Global Configuration mode to specify an Enable Command mode password If the password is set access to the Enable Commands and all other privileged commands is only granted when the correct password is entered Refer to crypto ca authenticate name on page 337 for more information Usage Ex...

Page 16: ...out Use the logout command to terminate the current session and return to the login screen Syntax Description No subcommands Default Values No defaults necessary for this command Usage Examples The following example shows the logout command being executed in the Basic mode ProCurve logout Session now available Press RETURN to get started ...

Page 17: ...to display the system time and date entered using the clock set command Refer to clock set time day month year on page 63 for more information Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example displays the current time and data from the system clock ProCurve show clock 23 35 07 Tue Aug 20 2002 ...

Page 18: ...Description No subcommands Default Values No default value necessary for this command Usage Examples The following is an example output using the show snmp command for a system with SNMP disabled and the default chassis and contact parameters ProCurve show snmp Chassis Chassis ID Contact Name Contact Phone Contact Email Contact Pager Management URL Management URL Label 0 Rx SNMP packets 0 Bad comm...

Page 19: ...r 7203dl SROS Version J03 01 Checksum 4F8DCF96 built on Tue Dec 21 08 32 18 2004 Boot ROM version J03 01 Checksum B133 built on Tue Dec 21 08 32 25 2004 Copyright c 2004 2005 Hewlett Packard Co Platform ProCurve Secure Router 7203dl Serial number US449TS058 Flash 33554432 bytes DRAM 268435455 bytes System uptime is 0 days 0 hours 22 minutes 42 seconds Current system image file CFLASH SROS BIZ Curr...

Page 20: ...t command to open a Telnet session through the SROS to another system on the network Syntax Description address Specifies the IP address of the remote system Default Values No default value necessary for this command Usage Examples The following example opens a Telnet session with a remote system 10 200 4 15 ProCurve telnet 10 200 4 15 User Access Login Password ...

Page 21: ...cified destination Syntax Description address Specifies the IP address of the remote system to trace the routes to Default Values No default value necessary for this command Usage Examples The following example performs a traceroute on the IP address 192 168 0 1 ProCurve traceroute 192 168 0 1 Type CTRL C to abort Tracing route to 192 168 0 1 over a maximum of 30 hops 1 22ms 20ms 20ms 192 168 0 65...

Page 22: ... page 1438 show running config on page 1440 All other commands for this command set are described in this section in alphabetical order autosynch on page 22 clear commands begin on page 24 clock auto correct dst no auto correct dst on page 62 clock set time day month year on page 63 clock timezone text on page 64 configure on page 66 copy commands begin on page 67 debug commands begin on page 80 d...

Page 23: ...Guide Enable Mode Command Set 5991 2114 Copyright 2007 Hewlett Packard Development Company L P 21 traceroute address source address on page 295 undebug all on page 296 wall message on page 297 write erase memory network terminal on page 298 ...

Page 24: ...ck is performed on the system any time there is a change in startup config or SROS BIZ on the compact flash card The AutoSynchTM feature allows for quick installation and updates of routers by inserting a compact flash card containing the desired software must be renamed from the desired operating system software such as J03 01 biz to SROS BIZ and startup configuration file must be named startup c...

Page 25: ... the SROS BIZ and startup config files if AutoSynchTM is enabled ProCurve enable ProCurve show autosynch status AutoSynch Mode Enabled AutoSynch SROS BIZ synched AutoSynch startup config synched Usage Examples The following example forces a synchronization of startup config and SROS BIZ located in system flash and compact flash memory ProCurve enable ProCurve autosynch AutoSynch SROS BIZ synched A...

Page 26: ...ss list command to clear all counters associated with all access lists or a specified access list Syntax Description listname Optional Specifies the name label of an access list Default Values No default value necessary for this command Usage Examples The following example clears all counters for the access list labeled MatchAll ProCurve enable ProCurve clear access list MatchAll ...

Page 27: ... arp cache Use the clear arp cache command to remove all dynamic entries from the Address Resolution Protocol ARP cache table Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example removes all dynamic entries from the ARP cache ProCurve enable ProCurve clear arp cache ...

Page 28: ...lear arp entry command to remove a single entry from the Address Resolution Protocol ARP cache Syntax Description address Specifies the IP address of the entry to remove Default Values No default value necessary for this command Usage Examples The following example removes the entry for 10 200 4 56 from the ARP cache ProCurve enable ProCurve clear arp entry 10 200 4 56 ...

Page 29: ...Use the clear bridge command to clear all counters associated with bridging or for a specified bridge group Syntax Description group Optional Specifies a single bridge group 1 255 Default Values No default value necessary for this command Usage Examples The following example clears all counters for bridge group 17 ProCurve enable ProCurve clear bridge 17 ...

Page 30: ...x used Use the clear buffers max used command to clear the maximum used statistics for buffers displayed in the show memory heap command Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example clears the maximum used buffer statics ProCurve enable ProCurve clear buffers max used ...

Page 31: ...fied interface Syntax Description interface Optional Specifies a single interface Enter clear counters or show interface for a complete list of interfaces interface id Optional Specifies the ID of the specific interface to clear e g 1 for port channel 1 Default Values No default values necessary for this command Usage Examples The following example clears all counters associated with the Ethernet ...

Page 32: ...iations of this command include clear counters probe clear counters probe name Syntax Description name Specifies a probe object to reset counter Default Values No default value necessary for this command Usage Examples The following example resets the counters for all configured probes ProCurve enable ProCurve clear counters probe The following example resets the counters only for the probe named ...

Page 33: ...ically named track clear counters track clear counters track name Syntax Description name Specifies a track object to reset counter Default Values No default value necessary for this command Usage Examples The following example resets the counters for all configured tracks ProCurve enable ProCurve clear counters track The following example resets the counters only for the track named track_1 ProCu...

Page 34: ...the specified IKE remote ID A delete payload is sent to the peers prior to deletion of the SA This command is preferred to the clear crypto ike sa policy policy priority remote id remote id command when multiple unique SAs have been created on the same IKE policy but the user wants to delete only the SA to a unique peer Default Values No default value necessary for this command Usage Examples The ...

Page 35: ... protocol and a security parameter index SPI You can determine the correct SPI value using the show crypto ipsec command esp SPI Clears only a portion of the SAs by specifying the ESP encapsulating security payload protocol and a security parameter index SPI You can determine the correct SPI value using the show crypto ipsec command map map name Clears only the SAs associated with the crypto map n...

Page 36: ... clears diagnostic information appended to the output of the show version command This information results from an unexpected unit reboot Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example clears the entire database of IKE SAs including the active associations ProCurve enable ProCurve clear dump core ...

Page 37: ...nd to clear all messages logged to the local event history Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example clears all local event history messages ProCurve enable ProCurve clear event history Warning Messages cleared from the local event history using the clear event history command are no longer accessible ...

Page 38: ...r host command to clear a hostname and associated address from the DNS host to address table Syntax Description Clears all hosts from the host table hostname Clears a specific host entry from the host to address table Default Values No default value necessary for this command Usage Examples The following example clears all hostnames ProCurve enable ProCurve clear host ...

Page 39: ...ding changes to prefix list filters do not take effect until the clear command is issued A hard reset clears the TCP connection with the specified peers which results in clearing the table This method of clearing is disruptive and causes peer routers to record a route flap for each route The out version of this command provides a soft reset out to occur by causing all routes to be re sent to the s...

Page 40: ...evelopment Company L P 38 clear ip cache Use the clear ip cache command to delete cache table entries Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example removes all entries from the cache table ProCurve enable ProCurve clear ip cache ...

Page 41: ...ress Clears a specific binding entry Enter the source IP address format is A B C D Default Values No default value necessary for this command Functional Notes A DHCP server binding represents an association between a MAC address and an IP address that was offered by the unit to a DHCP client i e most often a PC Clearing a binding allows the unit to offer that IP address again should a request be m...

Page 42: ... example shows output for the show igmp groups command before and after a clear ip igmp group command is issued This example clears the IGMP entry that was registered dynamically by a host Interfaces that are statically joined are not cleared ProCurve enable ProCurve show ip igmp groups ProCurve clear ip igmp group ProCurve show ip igmp groups This version of the command clears all dynamic groups ...

Page 43: ...ribution Use the clear ip ospf command to reset open shortest path first OSPF information Syntax Description process Restarts the OSPF process redistribution Refreshes routes redistributed over OSPF Default Values No default value necessary for this command Usage Examples The following example resets the OSPF process ProCurve enable ProCurve clear ip ospf process ...

Page 44: ...yload protocol ESP gre Specifies general routing encapsulation protocol GRE icmp Specifies Internet control message protocol ICMP protocol tcp Specifies transmission control protocol TCP udp Specifies universal datagram protocol UDP protocol Specifies protocol valid range 0 to 255 source ip Specifies the source IP address format is A B C D source port Specifies the source port in hex format AHP ES...

Page 45: ...t Packard Development Company L P 43 Usage Examples The following example clears the Telnet association TCP port 23 for policy class pclass1 with source IP address 172 22 71 50 and destination 172 22 71 130 ProCurve enable ProCurve clear ip policy sessions pclass1 tcp 172 22 71 50 23 172 22 71 130 23 ...

Page 46: ...he policy class to clear If no policy class is specified statistics are cleared for all policies entry policy class Optional Use this keyword to clear statistics of a specific policy class entry Default Values No default value necessary for this command Usage Examples The following example clears statistical counters for all policy classes ProCurve enable ProCurve clear ip policy stats The followi...

Page 47: ...fix list hit count shown in the show ip prefix list detail command output See show ip prefix list detail summary listname on page 235 Syntax Description listname Specifies hit count statistics of the IP prefix list to clear Default Values No default value necessary for this command Usage Examples The following example clears the hit count statistics for prefix list test ProCurve enable ProCurve cl...

Page 48: ...table Static and connected routes are not cleared by this command Syntax Description Deletes all destination routes ip address Specifies the IP address of the destination routes to be deleted subnet mask Specifies the subnet mask of the destination routes to be deleted Default Values No default value necessary for this command Usage Examples The following example removes all learned routes from th...

Page 49: ...istics Use the clear ip urlfilter statistics command to clear all statistics counters for URL filter requests and responses Syntax Description No subcommands Default Values No default necessary for this command Usage Examples The following example clears all counters for URL filter requests and responses ProCurve enable ProCurve clear ip urlfilter statistics ...

Page 50: ...any L P 48 clear lldp counters Use the clear lldp counters command to reset all LLDP packet counters to 0 on all interfaces Syntax Description No subcommands Default Values There are no default settings for this command Usage Examples The following example resets all LLDP counters ProCurve enable ProCurve clear lldp counters ...

Page 51: ...o reset all LLDP packet counters to 0 for a specified interface Syntax Description interface Clears the information for the specified interface Type clear lldp counters interface for a complete list of applicable interfaces Default Values No default values are necessary for this command Usage Examples The following example resets the counters on a PPP interface ProCurve enable ProCurve clear lldp ...

Page 52: ...n information about neighbors included in those frames Syntax Description No subcommands Default Values There are no default settings for this command Functional Notes This command generates output indicating the names of any neighbors deleted from the database and the name of the interface on which the neighbor was learned Usage Examples The following example clears LLDP neighbor Switch_1 from th...

Page 53: ...e the clear pppoe command to terminate the current PPPoE client session and cause the SROS to attempt to re establish the session Syntax Description ppp interface PPP interface number Default Values No default value necessary for this command Usage Examples The following example ends the current PPPoE client session for ppp 1 ProCurve enable ProCurve clear pppoe 1 ...

Page 54: ...max Use the clear process cpu max command to clear the maximum CPU usage statistic which is displayed in the show process cpu command output Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example resets the CPU maximum usage statistics ProCurve enable ProCurve clear process cpu max ...

Page 55: ...lear processes queue Use the clear processes queue command to clear the contents of the system processing queues Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example clears the contents of the system processing queues ProCurve enable ProCurve clear process queue ...

Page 56: ... interface Specifies an interface for which to clear QoS map statistics for just that interface Type clear cos map for a complete list of applicable interfaces Default Values No default value necessary for this command Usage Examples The following example clears statistics for all defined QoS maps ProCurve clear qos map The following example clears statistics for all entries in the priority QoS ma...

Page 57: ...ar route map counters map Use the clear route map counters command to reset route map hit counters Syntax Description map Specifies specific route map to be cleared Default Values No default value necessary for this command Usage Examples The following example clears all route map counters ProCurve enable ProCurve clear route map counters ...

Page 58: ...clear sip location command to clear session initiation protocol SIP location database statistics Syntax Description Clears all dynamic location entries username Specifies specific username to clear Default Values No default value necessary for this command Usage Examples The following example deletes all dynamic location entries ProCurve enable ProCurve clear sip location ...

Page 59: ...ration Use the clear sip user registration command to clear local session initiation protocol SIP server registration information Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example clears all SIP server registration information ProCurve enable ProCurve clear sip user registration ...

Page 60: ...nts BPDU transmit BPDU receive and number of transitions to forwarding state Syntax Description interface interface id Optional Specifies a single interface Enter clear spanning tree counters for a complete list of applicable interfaces Default Values No default value necessary for this command Usage Examples The following example clears the spanning tree counters for Ethernet 0 1 ProCurve enable ...

Page 61: ... has the ability to operate using the rapid spanning tree protocol or the legacy 802 1D version of spanning tree When a BPDU bridge protocol data unit of the legacy version is detected on an interface the ProCurve Secure Router automatically regresses to using the 802 1D spanning tree protocol for that interface Issue the clear spanning tree detected protocols command to return to rapid spanning t...

Page 62: ...tistics Use the clear tacacs statistics command to delete all terminal access controller access control system TACACS protocol statistics Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example clears all TACACS protocol statistics ProCurve enable ProCurve clear tacacs statistics ...

Page 63: ...a user from a given line Syntax Description console user number Detaches a specific console user Valid range is 0 to 1 ssh user number Detaches a specific secure shell SSH user Valid range is 0 to 4 telnet user number Detaches a specific Telnet user Valid range is 0 to 5 Default Values No default value necessary for this command Usage Examples The following example detaches the console 1 user ProC...

Page 64: ...the unit to automatically correct for DST no auto correct DST Disables DST correction Default Values By default DST correction takes place automatically Functional Notes Depending on the clock timezone chosen see clock timezone text on page 64 for more information one hour DST correction may be enabled automatically You may override this default using this command Usage Examples The following exam...

Page 65: ...s the time in 24 hr format of the system software clock in the format HH MM SS hours minutes seconds day Sets the current day of the month Range 1 to 31 month Sets the current month Range January to December You need only enter enough characters to make the entry unique This entry is not case sensitive year Sets the current year Range 2000 to 2100 Default Values No default value necessary for this...

Page 66: ...osen one hour Daylight Savings Time DST correction may be enabled automatically See clock auto correct dst no auto correct dst on page 62 for more information clock timezone 1 Amsterdam clock timezone 1 Belgrade clock timezone 1 Brussels clock timezone 1 Sarajevo clock timezone 1 West Africa clock timezone 10 Brisbane clock timezone 10 Canberra clock timezone 10 Guam clock timezone 10 Hobart clock...

Page 67: ... Ekaterinburg clock timezone 5 Islamabad clock timezone 3 Greenland clock timezone 3 30 clock timezone 4 Atlantic Time clock timezone 4 Caracus clock timezone 4 Santiago clock timezone 5 clock timezone 5 Bogota clock timezone 5 Eastern Time clock timezone 6 Central America clock timezone 6 Central Time clock timezone 6 Mexico City clock timezone 6 Saskatchewan clock timezone 5 30 clock timezone 5 ...

Page 68: ...Syntax Description terminal Enters the Global Configuration mode memory Configures the active system with the commands located in the default configuration file stored in flash memory network Configures the system from a TFTP network host overwrite network Overwrites flash memory from a TFTP network host Default Values No default value necessary for this command Usage Examples The following exampl...

Page 69: ...s The following example copies the file J03_01 boot biz located on the compact flash card to the Boot ROM ProCurve enable ProCurve copy cflash J03_01 boot biz boot Upgrading boot code is a critical process that cannot be interrupted If something were to happen and the process was not able to be completed it would render your unit inoperable It is for this reason that during a bootcode upgrade all ...

Page 70: ...ination is startup config cflash filename Specifies the destination memory location for the file copy as compact flash memory and specifies the filename flash filename Specifies the destination memory location for the file copy as flash memory and specifies the filename startup config Replaces the primary startup configuration file with a copy of the specified file tftp Specifies sending the file ...

Page 71: ...ve enable ProCurve copy cflash tftp Address of remote host 10 200 2 4 Source filename myfile biz Destination filename myfile biz Initiating TFTP transfer Received 45647 bytes Transfer Complete The following example copies the file myfile biz located on the compact flash card to the connected terminal using XMODEM protocol ProCurve enable ProCurve copy cflash xmodem Source filename myfile biz Begin...

Page 72: ... for this command Functional Notes The copy console command works much like a line editor Prior to pressing Enter changes can be made to the text on the line Changes can be made using Delete and Backspace keys The text can be traversed using the arrow keys Ctrl A to go to the beginning of a line and Ctrl E to go to the end of a line To end copying to the text file type Ctrl D The file will be save...

Page 73: ...ilename Specifies the destination memory location for the file copy as compact flash memory and the filename flash filename Specifies the destination memory location for the file copy as flash memory and the filename interface type slot port Specifies copying a software file to a specified interface This command is only valid for modules that contain module specific software that is independent of...

Page 74: ...Curve enable ProCurve copy flash myfile biz flash newfile biz The following example copies the file new_startup_config located in flash memory to the primary startup configuration ProCurve enable ProCurve copy flash new_startup_config startup config The following example copies the software file J03_01 biz located in flash memory to a TFTP server ProCurve enable ProCurve copy flash tftp Address of...

Page 75: ...sh xmodem Source filename J03_01 biz Begin the Xmodem transfer now Press CTRL X twice to cancel CCCCCC The SROS is now ready to transmit the file on the CONSOLE port using the XMODEM protocol The next step in the process may differ depending on the type of terminal emulation software you are using For HyperTerminal you will now select Transfer Receive File and select the destination Once the trans...

Page 76: ... IP address of the TFTP server Destination filename Specifies the filename to use when storing the copied file on the TFTP server The file will be placed in the default directory established by the TFTP server xmodem Sends the current running configuration file using the XMODEM protocol to the terminal connected to the Console port cflash filename Specifies the destination memory location for the ...

Page 77: ...ote host 10 200 2 4 Destination filename config_01 txt Initiating TFTP transfer Sent 3099 bytes Transfer Complete The following example copies the current running configuration to the connected terminal using XMODEM protocol ProCurve enable ProCurve copy running config xmodem Begin the Xmodem transfer now Press CTRL X twice to cancel CCCCCC The SROS is now ready to transmit the file on the CONSOLE...

Page 78: ...le on the TFTP server The file will be placed in the default directory established by the TFTP server xmodem Sends the current startup configuration file using the XMODEM protocol to the terminal connected to the Console port cflash filename Specifies the destination memory location for the copied file as compact flash and specifies the filename for the copied file flash filename Specifies the des...

Page 79: ...ss of remote host 10 200 2 4 Destination filename startup_01 txt Initiating TFTP transfer Sent 3099 bytes Transfer Complete The following example copies the current startup configuration to the connected terminal using XMODEM protocol ProCurve enable ProCurve copy startup config xmodem Begin the Xmodem transfer now Press CTRL X twice to cancel CCCCCC The SROS is now ready to transmit the file on t...

Page 80: ...ver Source filename Specifies the Name of the file to copy from the TFTP server Destination filename Specifies the filename to use when storing the copied file to flash memory Valid only for the copy tftp cflash and copy tftp flash commands Default Values No default value necessary for this command Usage Examples The following example replaces the current running configuration file with new_config...

Page 81: ...r the following information Destination filename Specifies the filename to use when storing the copied file to flash memory Valid only for the copy cflash and copy flash commands Default Values No default value necessary for this command Usage Examples The following example copies a software file J03_01 biz to flash memory and labels it SROS BIZ ProCurve copy xmodem flash Destination filename SROS...

Page 82: ...lt Values By default all debug messages in the SROS are disabled Functional Notes The debug aaa events include connection notices login attempts and session tracking Usage Examples The following is sample output for this command ProCurve enable ProCurve debug aaa AAA New Session on portal TELNET 0 172 22 12 60 4867 AAA No list mapped to TELNET 0 Using default AAA Attempting authentication username...

Page 83: ... the no form of this command to disable the debug messages Syntax Description listname Specifies a configured access list Default Values By default all debug messages in the SROS are disabled Functional Notes The debug access list command provides debug messages to aid in troubleshooting access list issues Usage Examples The following example activates debug messages for the access list labeled Ma...

Page 84: ...bug messages are displayed real time on the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates debug messages associated with ARP transactions ProCurve enable ProCurve debug arp Note Turning on a large amount of ...

Page 85: ...s Debug messages are displayed real time to the terminal or Telnet screen Use the no form of this command to disable debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates ATM event messages ProCurve enable ProCurve debug atm events Note Turning on a large amount of debug information can ...

Page 86: ...e following debug atm oam vcd debug atm oam vcd loopback end to end segment debug atm oam vcd loopback end to end segment LLID Syntax Description vcd Shows OAM packets for a specific VCD loopback Configures an OAM loopback end to end Configures an end to end OAM loopback segment Configures a segment loopback LLID Specifies 16 byte OAM loopback location ID LLID Default Values By default all debug m...

Page 87: ...g atm packet interface atm port id vcd vcd number debug atm packet vc VPI VCI Syntax Description interface atm port id Shows packets on a specific ATM port and on all virtual circuits vc VPI VCI Shows packets on a specific virtual circuit identified by the virtual path identifier and virtual channel identifier VPI VCI vcd vcd number Shows packets on specific virtual circuit descriptors VCD Default...

Page 88: ...reen Use the no form of this command to disable the debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Functional Notes The debug backup command activates debug messages to aid in the troubleshooting of backup links Usage Examples The following example activates debug messages for backup operation ProCurve enable ProCurve debug ba...

Page 89: ...s Debug messages are displayed real time to the terminal or Telnet screen Use the no form of this command to disable debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates bridge debug messages ProCurve debug bridge Note Turning on a large amount of debug information can adversely affect ...

Page 90: ...ayed real time on the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description chat interface Specifies the chat interface to debug in slot port format Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates debug messages for the chat interface 0 1 ProCurve enable ProCurve debug chat int...

Page 91: ...negotiation Displays only IKE key management debug messages e g handshaking ike client authentication Displays IKE client authentication messages as they occur ike client configuration Displays mode config exchanges as they take place over the IKE SA It is enabled independently from the ike negotiation debug described previously ipsec Displays all IPSec debug messages pki Displays all PKI public k...

Page 92: ...are displayed real time on the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates debug messages associated with data call errors and events ProCurve enable ProCurve debug data call Note Turning on a large amount...

Page 93: ...s Debug messages are displayed real time to the terminal or Telnet screen Use the no form of this command to disable debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates demand routing error and event messages ProCurve enable ProCurve debug demand routing Note Turning on a large amount ...

Page 94: ...ault Values By default all debug messages in the SROS are disabled Functional Notes When enabled these messages provide status information on incoming calls dialing and answering progress etc These messages also give information on why certain calls are dropped or rejected It is beneficial to use this command when troubleshooting backup in addition to the debug backup command Usage Examples The fo...

Page 95: ...re displayed real time to the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description verbose Turns on verbose messaging Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates dynamic DNS debug messages ProCurve enable ProCurve debug dynamic dns verbose Note Turning on a large amount of...

Page 96: ...s command to disable the debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Functional Notes The debug firewall command activates debug messages to provide real time information about the SROS stateful inspection firewall operation Usage Examples The following example activates the debug messages for the SROS stateful inspection f...

Page 97: ...messages are displayed real time on the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description verbose Enables detailed debug messages Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates debug messages associated with SIP information with SROS firewall operation ProCurve enable ProC...

Page 98: ...ay interface state llc2 Activates debug messages for the logical link control layer lmi Activates debug messages for the local management interface such as DLCI status signaling state etc Default Values By default all debug messages in the SROS are disabled Functional Notes The debug frame relay command activates debug messages to aid in the troubleshooting of Frame Relay links Usage Examples The ...

Page 99: ...no form of this command to disable the debug messages Syntax Description interface Optional Activates debug messages for the specified interface Type debug frame relay multilink for a complete list of applicable interfaces Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates debug messages associated with multilink operation for all F...

Page 100: ...ntax Description interface Activates debug messages for the specified interface Type debug interface for a complete list of applicable interfaces Default Values By default all debug messages in the SROS are disabled Functional Notes The debug interface command activates debug messages to aid in the troubleshooting of physical interfaces Usage Examples The following example activates all possible d...

Page 101: ...ug messages are displayed real time to the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates debug messages for ADSL events ProCurve enable ProCurve debug interface adsl events Note Turning on a large amount of ...

Page 102: ...plays BGP keepalive packets updates Displays BGP updates for all neighbors updates quiet Displays summary information about BGP neighbor updates Note updates quiet displays a one line summary of what update displays in 104 lines Default Values By default all debug messages in the SROS are disabled Functional Notes If no arguments are given the debug ip bgp command displays general BGP events such ...

Page 103: ...ages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Functional Notes The debug ip dhcp client command activates debug messages to provide information on DHCP client activity in the SROS The SROS DHCP client capability allows interfaces to dynamically obtain an IP address from a network DHCP server Usage Examples The following example activat...

Page 104: ...isable the debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Functional Notes The debug ip dhcp server command activates debug messages to provide information on DHCP server activity in the SROS The SROS DHCP server capability allows the SROS to dynamically assign IP addresses to hosts on the network Usage Examples The following ...

Page 105: ...mand to disable the debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Functional Notes The debug ip dns client command activates debug messages to provide information on DNS client activity in the SROS The IP DNS capability allows for DNS based host translation name to address Usage Examples The following example activates debug ...

Page 106: ...mand to disable the debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Functional Notes The debug ip dns proxy command activates debug messages to provide information on DNS proxy activity in the SROS The IP DNS capability allows for DNS based host translation name to address Usage Examples The following example activates debug me...

Page 107: ...ommand to disable the debug messages Syntax Description No subcommands Default Values By default all debug messages in SROS are disabled Functional Notes The debug ip dns table command activates debug messages to provide information on DNS table activity in SROS The IP DNS capability allows for DNS based host translation name to address Usage Examples The following example activates debug messages...

Page 108: ...isable the debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Functional Notes The debug ip ftp server command activates debug messages to provide information on FTP server activity in the SROS The FTP server capability allows for fast file management and transport for local or remote devices Usage Examples The following example a...

Page 109: ...net screen Use the no form of this command to disable the debug messages Variations of this command include debug ip http server debug ip http server verbose Syntax Description verbose Optional Activates detailed debug messages for HTTP operation Default Values By default all debug messages in SROS are disabled Usage Examples The following example activates debug messages associated with HTTP serv...

Page 110: ... are displayed real time to the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description verbose Activates detailed debug messages for HTTP operation Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates debug messages associated with HTTP activity ProCurve enable ProCurve debug ip http...

Page 111: ...g messages in the SROS are disabled Usage Examples The following example activates the debug ip icmp send and receive messages for the SROS ProCurve enable ProCurve debug ip icmp ICMP SEND From 0 0 0 0 to 172 22 14 229 Type 8 Code 0 Length 72 Details echo request ICMP RECV From 172 22 14 229 to 10 100 23 19 Type 0 Code 0 Length 72 Details echo reply ICMP SEND From 0 0 0 0 to 172 22 14 229 Type 8 C...

Page 112: ...layed real time on the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description group address Optional IP address of a multicast group Default Values No default value necessary for this command Usage Examples The following example enables IGMP debug messages for the specified multicast group ProCurve enable ProCurve debug ip igmp 10 1 1 1 Note Turn...

Page 113: ...ents Debug messages are displayed real time to the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Usage Examples The following sample activates ip mrouting debug messages ProCurve enable ProCurve debug ip mrouting Note Turning on a large amount of debug i...

Page 114: ...ions tree Displays OSPF database tree Default Values By default all debug messages in the SROS are disabled Usage Examples The following is an example of debug ip ospf command results ProCurve enable ProCurve debug ip ospf flood OSPF Update LSA id c0a8020d rtid 192 168 2 13 area 11 0 0 0 type 1 OSPF Update LSA id 0b003202 rtid 11 0 50 2 area 11 0 0 0 type 1 OSPF Queue delayed ACK lasid 0b003202 ls...

Page 115: ...cket detailed information on the console or Telnet terminal session Note The console stream can be captured to a log file and used as an input file for display with ETHEREAL by using text2pcap exe which is a part of the ETHEREAL distribution Execute as follows text2pcap l 101 input_file output_file Next open the output file with ETHEREAL for display and decode The typical lower layer information i...

Page 116: ...ard IP s 192 168 7 2 eth 0 2 d 192 168 8 101 eth 0 1 g 192 168 8 101 forward IP s 192 168 8 101 eth 0 1 d 192 168 7 2 eth 0 2 g 192 168 7 2 forward IP s 192 168 7 2 eth 0 2 d 192 168 8 101 eth 0 1 g 192 168 8 101 forward Where s 192 168 8 101 eth 0 1 indicates source address and interface of received packet d 192 168 7 2 eth 0 2 indicates destination address and interface from which the packet is ...

Page 117: ...ation Debug messages are displayed real time to the terminal or Telnet screen Use the no form of this command to disable debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates all PIM sparse mode messages ProCurve enable ProCurve debug ip pim sparse Note Turning on a large amount of debug...

Page 118: ...real time to the terminal or Telnet screen Use the no form of this command to disable debug messages Syntax Description event Displays PIM sparse assert events state Displays PIM sparse assert state changes address Specifies group address to filter Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates all PIM sparse assert event messag...

Page 119: ...nsactions Debug messages are displayed real time to the terminal or Telnet screen Use the no form of this command to disable debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates PIM sparse mode hello messages ProCurve enable ProCurve debug ip pim sparse hello Note Turning on a large amo...

Page 120: ...lnet screen Use the no form of this command to disable debug messages Syntax Description event Displays PIM sparse join and prune events state Displays PIM sparse join and prune state changes address Specifies group address to filter Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates PIM sparse mode messages for all join and prune e...

Page 121: ...debug messages Syntax Description in Displays messages for inbound PIM sparse packets out Displays messages for outbound PIM sparse packets interface Specifies specific interface Type debug ip pim sparse packets in out interface for a list of valid interfaces interface id Specifies a valid interface ID Default Values By default all debug messages in the SROS are disabled Usage Examples The followi...

Page 122: ...e terminal or Telnet screen Use the no form of this command to disable debug messages Syntax Description event Displays PIM sparse register events state Displays PIM sparse register state changes address Specifies group address to filter Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates all PIM sparse registration state changes Pro...

Page 123: ...e displayed real time to the terminal or Telnet screen Use the no form of this command to disable debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates policy based routing event messages ProCurve enable ProCurve debug ip policy Note Turning on a large amount of debug information can adv...

Page 124: ...bug messages Syntax Description events Optional Use this optional keyword to display only RIP protocol events Default Values By default all debug messages in the SROS are disabled Functional Notes The debug ip rip command activates debug messages to provide information on RIP activity in the SROS RIP allows hosts and routers on a network to exchange information about routes Usage Examples The foll...

Page 125: ...Debug messages are displayed real time to the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Usage Examples The following sample activates ip routing debug messages ProCurve enable ProCurve debug ip routing Note Turning on a large amount of debug informat...

Page 126: ...pear next to TCB e g TCB5 in the following example represent the TCP session number This allows you to differentiate debug messages for multiple TCP sessions Usage Examples The following is sample output for this command ProCurve enable ProCurve debug ip tcp events 2003 02 17 07 40 56 IP TCP EVENTS TCP Allocating block 5 2003 02 17 07 40 56 IP TCP EVENTS TCB5 state change FREE SYNRCVD 2003 02 17 0...

Page 127: ...s are displayed real time to the terminal or Telnet screen Use the no form of this command to disable debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Functional Notes Debug messages will only be generated for TCP ports that have MD5 authentication enabled Usage Examples The following example activates the display of these debug...

Page 128: ...s UDP port i e the data is discarded Usage Examples The following is sample output for this command ProCurve enable ProCurve debug ip udp 2003 02 17 07 38 48 IP UDP RX src 10 200 3 236 138 dst 10 200 255 255 138 229 bytes no listener 2003 02 17 07 38 48 IP UDP RX src 10 200 2 7 138 dst 10 200 255 255 138 227 bytes no listener 2003 02 17 07 38 48 IP UDP RX src 10 200 201 240 138 dst 10 200 255 255 ...

Page 129: ... no form of this command to disable debug messages Variations of this command include debug ip urlfilter debug ip urlfilter verbose Syntax Description verbose Optional Enables detailed debug messages Default Values By default all debug messages are disabled Usage Examples The following example shows the debug summary for all URL filters being used ProCurve enable ProCurve debug ip urlfilter 2005 1...

Page 130: ...nd to disable the debug messages Syntax Description cc ie Displays call control information elements cc messages Displays call control messages endpoint Displays endpoint events interface Displays ISDN interface events l2 formatted Displays layer 2 formatted messages l2 messages Displays layer 2 messages interface id Specifies the ISDN interface Range is 1 to 255 Default Values By default all debu...

Page 131: ...ug messages are displayed real time to the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example activates debug messages associated with ISDN activity ProCurve enable ProCurve debug isdn events Note Turning on a large amount of debug i...

Page 132: ...s Debug messages are displayed real time to the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates debug messages associated with the ISDN resource manager ProCurve enable ProCurve debug isdn resource manager Not...

Page 133: ... the SROS Debug messages are displayed real time to the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates all debug messages associated with ISDN activity ProCurve enable ProCurve debug isdn verbose Note Turning...

Page 134: ...f the command to disable debug messages Syntax Description rx Shows information about received packets tx Shows information about transmitted packets verbose Shows detailed debugging information Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates all possible debug messages associated with LLDP operation ProCurve debug lldp rx ProCur...

Page 135: ...ays AuthPAE state machine information bkend sm Optional Displays backend state machine information general Optional Displays configuration changes to the port authentication system packet both Optional Displays packet exchange information in both receive and transmit directions packet rx Optional Displays packet exchange information in the receive only direction packet tx Optional Displays packet ...

Page 136: ... PPP authentication CHAP PAP EAP etc errors Activates debug messages that indicate a PPP error was detected mismatch in negotiation authentication etc negotiation Activates debug messages associated with PPP negotiation verbose Activates detailed debug messages for PPP operation Default Values By default all debug messages in the SROS are disabled Functional Notes The debug ppp command activates d...

Page 137: ... in the SROS Debug messages are displayed real time to the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates debug messages associated with PPPoE activity ProCurve enable ProCurve debug pppoe client Note Turning...

Page 138: ...t screen Use the no form of this command to disable the debug messages Variations of this command include debug probe debug probe name Syntax Description name Optional Specifies the probe object Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates debug messages associated with all probe objects ProCurve enable ProCurve debug probe Th...

Page 139: ...ug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Functional Notes The debug radius messages show the communication process with the remote RADIUS servers Usage Examples The following is an example output for the debug radius command ProCurve enable ProCurve debug radius RADIUS AUTHENTICATION Sending packet to 172 22 48 1 1645 RADIU...

Page 140: ... Activates SIP location database event debug messages manager Activates SIP stack manager event debug messages name service Activates SIP name service event debug messages proxy subsource Activates SIP proxy event debug messages Input for specifying a subsource is optional trunk registration Txx identity Activates SIP trunk registration event debug messages Specifying a particular trunk is optiona...

Page 141: ...ack messages summary debug sip stack verbose debug sip stack warnings Syntax Description debug Activates SIP stack debug event debug messages errors Activates SIP stack error event debug messages exceptions Activates SIP stack exception event debug messages info Activates SIP stack info event debug messages messages Activates all SIP debug messages verbose Activates all SIP stack event debug messa...

Page 142: ...formation server Optional Displays SNTP server information Default Values By default all debug messages in the SROS are disabled Functional Notes The debug sntp command activates debug messages to aid in troubleshooting SNTP protocol issues Usage Examples The following is an example output for the debug sntp command ProCurve enable ProCurve debug sntp ProCurve config term ProCurve config sntp serv...

Page 143: ...he display of spanning tree debug messages when configuration changes occur events Enables the display of debug messages when spanning tree protocol events occur general Enables the display of general spanning tree debug messages topology Enables the display of debug messages when spanning tree protocol topology events occur Default Values By default all debug messages in the SROS are disabled Usa...

Page 144: ...e the no form of this command to disable the debug messages Syntax Description receive Displays debug messages for BPDU packets received by the unit transmit Displays debug messages for BPDU packets transmitted by the unit all Displays debug messages for BPDU packets that are transmitted and received by the unit Default Values By default all debug messages in the SROS are disabled Usage Examples T...

Page 145: ...ssages are displayed real time to the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description No subcommands Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates debug messages associated with system information ProCurve enable ProCurve debug system Note Turning on a large amount of d...

Page 146: ... real time to the terminal or Telnet screen Use the no form of this command to disable the debug messages Syntax Description events Activates TACACS event debug messages packets Activates TACACS packet debug messages Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates debug messages associated with the TACACS protocol ProCurve enable...

Page 147: ... screen Use the no form of this command to disable the debug messages Syntax Description client packets Activates TFTP client packet debug messages server events Activates TFTP server event debug messages server packets Activates TFTP server packet debug messages Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates debug messages asso...

Page 148: ...Telnet screen Use the no form of this command to disable the debug messages Variations of this command include debug track debug track name Syntax Description name Specifies the track object Default Values By default all debug messages in the SROS are disabled Usage Examples The following example activates debug messages associated with all track objects ProCurve enable ProCurve debug track The fo...

Page 149: ...tax Description Optional When a wildcard is specified only files located in flash memory matching the listed pattern are displayed When no wildcard is specified the entire contents of flash memory is displayed Default Values No default value necessary for this command Usage Examples The following is sample output from the dir command specifying a list of all biz files ProCurve enable ProCurve dir ...

Page 150: ...a wildcard is specified only files located in the specified location matching the listed pattern are displayed When no wildcard is specified the entire contents of flash memory is displayed Default Values No default value necessary for this command Usage Examples The following is sample output from the dir command specifying a list of all biz files found on the installed compact flash card ProCurv...

Page 151: ...ny L P 149 disable Use the disable command to exit the Enable Command mode and enter the Basic Command mode Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example exits the Enable Command mode and enters the Basic Command mode ProCurve disable ProCurve ...

Page 152: ...ating and configuration parameters and should be password protected to prevent unauthorized use Use the enable password command found in the Global Configuration mode to specify an Enable Command mode password If the password is set access to the Enable Commands and all other privileged commands is only granted when the correct password is entered Refer to enable password md5 password on page 355 ...

Page 153: ...mmand the startup config file is removed from both flash and compact flash cflash Specifies the location of the file to erase as the installed compact flash card flash Specifies the location of the file to erase as the system flash memory filename Specifies the name of the file to erase The asterisk can be used as a wildcard to specify a pattern for erasing multiple files When a wildcard is specif...

Page 154: ...cflash command to erase all files on the installed compact flash card Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example erases all files located on the installed compact flash card ProCurve enable ProCurve erase file system cflash Note Erasing the file system is equivalent to formatting the compact flash card ...

Page 155: ...s Use the events command to enable event reporting to the current CLI session Use the no form of this command to disable all event reporting to the current CLI session Syntax Description No subcommands Default Values By default this command is enabled Usage Examples The following example enables event reporting ProCurve enable ProCurve events ...

Page 156: ...erates an exception report ProCurve enable ProCurve exception report generate Exception report generated ProCurve show file flash exception report 20050726071500 Using 47428 bytes VERSION ProCurve Secure Router 7102dl SROS Version J03 01 00 Checksum 5D5AE64E built on Mon Jun 20 13 31 52 2005 Boot ROM version J03 01 00 Checksum B1BC built on Mon Jul 18 13 11 02 2005 Copyright c 2005 2005 Hewlett Pa...

Page 157: ...OL startup config CORE DUMP BUFFER USERS Number of users 9 Rank User Count 1 fixedsize 128 2 0x00873a50 128 3 0x00162530 84 4 0x00863e5c 64 5 0x0051c1e8 43 6 0x0086cfa8 16 7 0x00226cf0 14 8 0x00144990 1 9 0x0051f408 1 10 0x00000000 0 11 0x00000000 0 12 0x00000000 0 13 0x00000000 0 14 0x00000000 0 15 0x00000000 0 EVENT HISTORY CurrentTime ActiveQueue Event 68169518 FrontPanel 0x002294b4 68169510 Pa...

Page 158: ...se the logout command to terminate the current session and return to the login screen Syntax Description No subcommands Default Values No defaults necessary for this command Usage Examples The following example shows the logout command being executed in Enable mode ProCurve enable ProCurve logout Session now available Press RETURN to get started ...

Page 159: ... a delay period the SROS will wait before reloading delay Specifies the delay period in minutes mmm or hours and minutes hh mm Default Values No default value necessary for this command Usage Examples The following example reloads the SROS software in 3 hours and 27 minutes ProCurve enable ProCurve reload in 03 27 The following example reloads the SROS software in 15 minutes ProCurve enable ProCur...

Page 160: ... this command Functional Notes The show access lists command displays all configured access lists in the system All entries in the access list are displayed and a counter indicating the number of packets matching the entry is listed Usage Examples The following is a sample output from the show access lists command ProCurve enable ProCurve show access lists Standard access list MatchAll permit host...

Page 161: ...isplay full screen output in real time Information is continuously updated on the console until you either freeze the data by pressing the F key or exit reatime mode by pressing Ctrl C If there is not enough room on the screen for all available data the information will truncate at the bottom of the screen In order to maximize the amount of data displayed increase the terminal length using the ter...

Page 162: ...ws ATM PVC information traffic Shows ATM traffic information sub interface number For ATM PVC information enter the sub interface x x number atm port interface For ATM port traffic information enter the port ATM number 1 1023 atm vcl interface For ATM VCL traffic information enter the ATM VCL number 1 1023 1 65536 Default Values No default is necessary for this command Usage Examples The following...

Page 163: ... No subcommands Default Value No default is necessary for this command Usage Examples The following is a sample output from the show autosynch status command with AutoSynchTM disabled ProCurve enable ProCurve show autosynch status AutoSynch Mode Disabled AutoSynch SROS BIZ not synched AutoSynch startup config not synched The following is a sample output from the show autosynch status command with ...

Page 164: ...nters the Enable command mode and uses the show command to display backup interface information ProCurve enable ProCurve show backup interfaces Backup interfaces fr 1 16 backup interface Backup state idle Backup protocol PPP Call mode originate Auto backup enabled Auto restore enabled Priority 50 Backup delay 10 seconds Restore delay 10 seconds Connect timeout 60 seconds Redial retries unlimited R...

Page 165: ...th the specific interface Type the show bridge command to display a list of applicable interfaces bridgegroup Optional Displays information for a specific bridge group Default Values No default value necessary for this command Usage Examples The following is a sample output from the show bridge command ProCurve enable ProCurve show bridge Total of 300 station blocks 295 free Address Action Interfa...

Page 166: ...reen output in real time Information is continuously updated on the console until you either freeze the data by pressing the F key or exit reatime mode by pressing Ctrl C If there is not enough room on the screen for all available data the information will truncate at the bottom of the screen In order to maximize the amount of data displayed increase the terminal length using the terminal length c...

Page 167: ...in real time Information is continuously updated on the console until you either freeze the data by pressing the F key or exit reatime mode by pressing Ctrl C If there is not enough room on the screen for all available data the information will truncate at the bottom of the screen In order to maximize the amount of data displayed increase the terminal length using the terminal length command Usage...

Page 168: ...Syntax Description filename Optional Displays details for the specified file located in compact flash memory Enter a wildcard such as biz to display the details for all files matching the entered pattern Default Values No default value necessary for this command Usage Examples The following is a sample show cflash output ProCurve enable ProCurve show cflash 4043024 J03_01 BIZ 285188 J03_01 boot bi...

Page 169: ...ed using the clock set command See clock set time day month year on page 63 for more information Syntax Description detail Optional Use this optional keyword to display more detailed clock information including the time source Default Values No default value necessary for this command Usage Examples The following example displays the current time and data from the system clock ProCurve show clock ...

Page 170: ...ue necessary for this command Usage Examples The following is a sample output of the show configuration command ProCurve enable ProCurve show configuration no enable password ip subnet zero ip classless ip routing event history on no logging forwarding logging forwarding priority level info no logging email ip policy timeout tcp all ports 600 ip policy timeout udp all ports 60 ip policy timeout ic...

Page 171: ...ht 2007 Hewlett Packard Development Company L P 169 ip access list extended UnTrusted deny icmp 10 5 60 0 0 0 0 255 any source quench deny tcp any any no ip snmp agent line con 0 no login line telnet 0 login line telnet 1 login line telnet 2 login line telnet 3 login line telnet 4 login ...

Page 172: ...nts for all active connections Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following is sample output from the show connections command ProCurve enable ProCurve show connections Displaying all connections Conn ID From To 1 atm 1 adsl 1 1 2 ppp 1 t1 2 1 tdm group 1 3 ppp 1 t1 2 2 tdm group 1 4 ppp 3 e1 3 1 tdm group 1 5 ppp 3 e1 3 ...

Page 173: ...figured CA profiles Default Values No default value necessary for this command Usage Examples The following is a sample from the show crypto ca certificates command ProCurve enable ProCurve show crypto ca certificates CA Certificate Status Available Certificate Serial Number 012d Subject Name C FI O SSH Communications Security OU Web test CN Test CA 1 Issuer C FI O SSH Communications Security OU W...

Page 174: ...ation pools poolname Displays detailed information regarding the specified IKE client configuration pool policy Displays information on all IKE policies Indicates if client configuration is enabled for the IKE policies and displays the pool names policy priority Displays detailed information on the specified IKE policy This number is assigned using the crypto ike policy command Refer to crypto ike...

Page 175: ...ress Peers 63 105 15 129 initiate main respond anymode Attributes 10 Encryption 3DES Hash SHA Authentication Pre share Group 1 Lifetime 900 seconds The following is a sample from the show crypto ike sa brief command ProCurve enable ProCurve show crypto ike sa brief Using 3 SAs out of 2000 IKE Security Associations NOTE The Remote ID may be truncated Peer IP Address Lifetime Status IKE Policy Remot...

Page 176: ...iated with the designated peer IP address sa brief Displays a brief listing of IPSec security associations sa map mapname Displays all IPSec security associations associated with the designated crypto map name transform set Displays all defined transform sets transform set name Displays information for a specific transform set Default Values No default value necessary for this command Usage Exampl...

Page 177: ... Proto ALL IP Dst 10 0 0 0 255 0 0 0 Port ANY Proto ALL IP Hard Lifetime 26640 Soft Lifetime 26580 Crypto Map VPN 10 The following is a sample from the show crypto ipsec sa brief command ProCurve enable ProCurve show crypto ipsec sa brief Using 4 SAs out 4000 IPSec Security Associations NOTE Crypto Map and Remote ID may be truncated Peer IP Address Bytes Crypto Map Remote ID 10 22 19 34 RX 384 VPN...

Page 178: ...ays the crypto map settings for the specified interface Type show interfaces for a complete list of valid interfaces map name Specifies a specific crypto map name map number Specifies a specific crypto map number Default Values No default value necessary for this command Usage Examples The following is a sample from the show crypto map command ProCurve enable ProCurve show crypto map testMap Crypt...

Page 179: ...play a list of all activated debug message categories Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following is a sample output from the show debugging command ProCurve enable ProCurve show debugging debug access list MatchAll debug firewall debug ip rip debug frame relay events debug frame relay llc2 debug frame relay lmi ...

Page 180: ...interface Valid range 1 to 1024 Type show demand interface for a list of valid interfaces resource pool Displays all resource pool information resource pool resource pool name Displays resource pool information for a specific resource pool name sessions Displays active demand sessions Default Values No default value necessary for this command Usage Examples The following is example output from the...

Page 181: ...last called num 5552222 The following is example output from the show demand interface demand command ProCurve enable ProCurve show demand interface demand 1 demand 1 Idle timer 120 secs Fast idle timer 20 secs Dialer state is data link layer up Dial reason answered Interface bound to resource bri 1 3 Time until disconnect 105 secs Current call connected 00 00 27 Connected to 2565552222 Number of ...

Page 182: ...lowing is example output from the show demand sessions command ProCurve enable ProCurve show demand sessions Session 1 Interface demand 1 Local IP address 10 100 0 2 Remote IP address 10 100 0 1 Remote Username Dial reason ip s d Link 1 Dialed number 5552222 Resource interface bri 1 3 Multilink not negotiated Connect time 0 0 13 Idle Timer 119 ...

Page 183: ...nformation regarding remote console dialin Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following is sample output from the show dialin interfaces command ProCurve enable ProCurve show dialin interfaces Dialin interfaces modem 1 3 dialin interface Connection Status Connected Caller id info name John Smith number 5551212 time 14 23 ...

Page 184: ...ynamic dns command to show information related to the dynamic DNS configuration Syntax Description No subcommands Default Values No default is necessary for this command Usage Examples The following is sample output from this command ProCurve show dynamic dns eth 0 1 Hostname host Is Updated no Last Registered IP 10 15 221 33 Last Update Time 00 00 00 Thu Jan 01 1970 ...

Page 185: ...of the system and individual port states Use the event history as a troubleshooting tool when identifying system issues The following is a sample event history log ProCurve enable ProCurve show event history Using 526 bytes 2002 07 12 15 34 01 T1 t1 1 1 Yellow 2002 07 12 15 34 01 INTERFACE_STATUS t1 1 1 changed state to down 2002 07 12 15 34 02 T1 t1 1 1 No Alarms 2002 07 12 15 34 02 INTERFACE_STA...

Page 186: ...h Specifies a file located in flash memory filename Specify the filename of the file located in the specified memory location Wildcard entries such as biz are not valid for the show file command checksum Optional Displays the Message Digest 5 MD5 checksum of the specified file Default Values No default value necessary for this command Usage Examples The following is a sample show file cflash outpu...

Page 187: ...lename Optional Displays details for a specified file located in flash memory Enter a wildcard such as biz to display the details for all files matching the entered pattern Default Values No default value necessary for this command Usage Examples The following is a sample show flash output ProCurve enable ProCurve show flash Files 245669 030100boot biz 1141553 new biz 821 startup config 1638 start...

Page 188: ...faces or a specified interface interface Displays configuration and statistics for a specified Frame Relay interface frame relay Optional Displays Frame Relay PVC statistics for a specific Frame Relay interface interface Specifies the virtual Frame Relay interface for example fr 1 realtime Displays full screen output in realtime See the Functional Notes section below for more information Default V...

Page 189: ...lay pvc Frame Relay Virtual Circuit Statistics for interface FR 1 Active Inactive Deleted Static local 2 0 0 2 DLCI 16 DLCI USAGE LOCAL PVC STATUS ACTIVE INTERFACE FR 1 16 MTU 1500 input pkts 355 output pkts 529 in bytes 23013 out bytes 115399 dropped pkts 13 in FECN pkts 0 in BECN pkts 0 in DE pkts 0 out DE pkts 0 pvc create time 00 00 00 12 last time pvc status changed 00 00 13 18 DLCI 20 DLCI U...

Page 190: ...essary for this command Usage Examples The following are sample outputs from various show frame relay fragment commands ProCurve enable ProCurve show frame relay fragment interface dlci frag_size rx_frag tx_frag dropped_frag fr 1 1 17 100 46 48 0 fr 1 2 18 200 42 21 0 ProCurve enable ProCurve show frame relay fragment frame relay 1 1 DLCI 17 FRAGMENT SIZE 100 rx frag pkts 46 tx frag pkts 48 rx fra...

Page 191: ...escription interface Optional Specifies the display of information for a specific interface Enter the show frame relay multilink command for a complete list of interfaces detailed Optional Use this optional keyword to display more detailed information Default Values No default value necessary for this command Usage Examples The following is a sample output from this command ProCurve enable ProCurv...

Page 192: ... value necessary for this command Functional Notes The list below describes the fields contained in the host table Flags Indicate whether the entry is permanent P or temporary T and if the entry is OK or expired EXP Age Indicates the age of the entry Type Shows the protocol type Address Displays the IP address for the entry Usage Examples The following example is sample output from the show hosts ...

Page 193: ...ervals performance statistics x y Shows the current 15 minute interval the current 24 hour totals and all intervals from x through y This command is basically the same thing as the performance statistics command with the added function of allowing you to specify a particular interval or range of intervals to display rather than displaying all 96 performance statistics total 24 hour Optional Displa...

Page 194: ...er to maximize the amount of data displayed increase the terminal length using the terminal length command refer to terminal length lines on page 294 Usage Examples The following are samples from various show interfaces commands ProCurve enable ProCurve show interfaces t1 1 1 t1 1 1 is UP T1 coding is B8ZS framing is ESF Clock source is line FDL type is ANSI Line build out is 0dB No remote loopbac...

Page 195: ...0 0 MTU is 1500 Fastcaching is Enabled RIP Authentication is Disabled RIP Tx uses global version value RIP Rx uses global version value ProCurve show interfaces fr 1 TDM group 10 line protocol is UP Encapsulation FRAME RELAY fr 1 463 packets input 25488 bytes 0 no buffer 0 runts 0 giants 0 throttles 0 input errors 0 CRC 0 frame 0 abort 0 ignored 0 overruns 864 packets output 239993 bytes 0 underru...

Page 196: ...erface dlci is 100 MTU is 1500 bytes BW is 96000 Kbit limited Average utilization is 53 Note If the user has configured a Bc and Be value on the virtual circuit the bandwidth BW displayed is the sum of those values Bc Be If not the value for BW is the speed of the interface The Average utilization displayed is the average utilization of the displayed bandwidth If the bandwidth number is the Bc Be ...

Page 197: ...mation information bit allocation Optional Shows ADSL DMT bit allocation table performance statistics Optional Displays the current 15 minute interval the current 24 hour totals and all 96 stored intervals performance statistics x y Optional Shows the current 15 minute interval the current 24 hour totals and all intervals from x through y This command is basically the same thing as the performance...

Page 198: ...xample shows sample output for this command ProCurve show interfaces adsl 1 1 information adsl 1 1 line information adsl 1 1 Local Line Information Vendor Id Serial Number Firmware Version ADSL Capabilities G DMT G LITE ADSL2 ADSL2 adsl 1 1 Remote Line Information Vendor Id 00000000 Serial Number 00000000 Firmware Version 0 ADSL Capabilities G DMT G LITE ADSL2 ADSL2 ...

Page 199: ...nctional Notes The show ip access lists command displays all configured IP access lists in the system All entries in the access list are displayed and a counter indicating the number of packets matching the entry is listed Usage Examples The following is a sample output from the show ip access lists command ProCurve enable ProCurve show ip access lists Standard IP access list MatchAll permit host ...

Page 200: ...ull screen output in real time Information is continuously updated on the console until you either freeze the data by pressing the F key or exit reatime mode by pressing Ctrl C If there is not enough room on the screen for all available data the information will truncate at the bottom of the screen In order to maximize the amount of data displayed increase the terminal length using the terminal le...

Page 201: ...t matching the specified AS path listname If not specified all AS path lists are displayed Default Values By default this command displays all AS path lists Usage Examples In the following example all AS path lists defined in the router are displayed ProCurve enable ProCurve show ip as path list ip as path list AsPathList1 permit 100 permit 200 permit 300 deny 6500 ip as path list AsPathList2 perm...

Page 202: ...hat contain this value in their community attribute This represents the well known reserved community number for the INTERNET community local as Optional Displays routes that contain this value in their community attribute This represents the well known reserved community number for NO_EXPORT_SUBCONFED Routes containing this attribute should not be advertised to external BGP peers no export Option...

Page 203: ...6 i 14 0 0 0 30 10 22 131 10 304 302 300 1 3 4 6 i 20 0 0 0 30 10 22 131 10 304 302 300 1 3 4 5 i 21 0 0 0 30 10 22 131 10 304 302 300 1 3 4 5 i Total RIB entries 10 Information displayed includes the ID of this router and its Autonomous System AS number the destination Network address of the route learned the Next Hop address to that network the Metric the Local Preference value set using the set...

Page 204: ...k address of the route learned the Next Hop address to that network the Metric the Local Preference LocPrf value set using the set local preference command and the AS Path to the destination network Usage Examples In the following example all BGP routes are displayed whose community numbers match those defined in the community list named CList1 ProCurve enable ProCurve show ip bgp community list C...

Page 205: ...isplays all routes being advertised to the specified neighbor Command output is the same as for show ip bgp except filtered to only the BGP routes being advertised to the specified neighbor received routes Displays all routes accepted and rejected advertised by the specified neighbor Routes may be rejected by inbound filters such as prefix list filters routes Displays all accepted received routes ...

Page 206: ...reset Interface went down Connection ID 15 BGP version 4 remote router ID 8 1 1 1 BGP state is Established for 01 55 05 Negotiated hold time is 180 keepalive interval is 60 seconds Message statistics InQ depth is 0 OutQ depth is 0 Local host 10 15 43 18 Local port 179 Foreign host 10 15 43 17 foreign port 1048 Flags passive open ProCurve show ip bgp neighbors 10 15 43 34 advertised routes BGP loca...

Page 207: ...local AS is 101 Status codes valid best i internal Origin codes i IGP e EGP incomplete Network NextHop Metric Path 1 0 0 0 8 10 15 43 17 1 100 i 2 0 0 0 9 10 15 43 17 1 100 i ProCurve show ip bgp neighbors 10 15 43 17 routes BGP local router ID is 10 0 0 1 local AS is 101 Status codes valid best i internal Origin codes i IGP e EGP incomplete Network NextHop Metric Path 1 0 0 0 8 10 15 43 17 1 100 ...

Page 208: ...wing sample output of the show ip bgp regexp _303_ command shows all of the entries in the BGP database that contain 303 in the AS path ProCurve show ip bgp regexp _303_ BGP local router ID is 192 168 3 1 local AS is 304 Status codes valid best i internal o local Origin codes i IGP e EGP incomplete Network NextHop Metric LocPrf Path 10 22 130 8 29 10 22 132 9 303 304 302 i i10 22 130 240 28 0 22 1...

Page 209: ... 10 22 132 9 303 304 i 10 22 134 8 29 10 22 132 9 303 304 i 10 22 134 16 29 10 22 132 9 303 304 i 10 22 134 24 29 10 22 132 9 303 304 i 10 22 134 32 29 10 22 132 9 303 304 i 10 22 134 40 29 10 22 132 9 303 304 i 10 22 134 48 29 10 22 132 9 303 304 i 10 22 134 56 29 10 22 132 9 303 304 i 10 22 134 64 29 10 22 132 9 303 304 i 10 22 134 80 29 10 22 132 9 303 304 i 10 22 135 0 29 10 22 132 9 303 304 3...

Page 210: ... path to advertised route are marked with a caret Usage Examples The following sample output of the show ip bgp summary command shows a summarized list of the configured BGP neighbors as well as their status and statistics ProCurve show ip bgp summary BGP router identifier 192 168 3 1 local AS number 304 8 network entries 5 paths and 23 BGP path attribute entries Neighbor V AS MsgRcvd MsgSent InQ ...

Page 211: ...ache table Syntax Description No subcommands Default Values No default necessary for this command Usage Examples The following example shows sample output from the show ip cache command ProCurve enable ProCurve show ip cache DESTINATION INTERFACE NEXT HOP USE COUNT MAC ADDRESS 10 17 6 52 Loopback 172 20 0 1 231 172 22 77 80 eth 0 1 10 17 254 254 0 00 12 79 11 BA 32 10 17 255 255 Loopback 172 20 0 ...

Page 212: ...y list you wish to display If this parameter is omitted all defined community lists will be displayed Default Values No default value necessary for this command Usage Examples The following example shows two community lists one of which permits all routes containing community number 10 67 and another which permits routes containing community number 10 68 and the internet community number but denie...

Page 213: ...ax Description interface Optional Displays the information for the specified interface Type show ip dhcp client lease for a complete list of applicable interfaces Default Values No default value necessary for this command Usage Examples The following is a sample output from the show dhcp client lease command ProCurve enable ProCurve show dhcp client lease Interface ethernet 0 1 Temp IP address 10 ...

Page 214: ...rotocol DHCP server client table with associated information Syntax Description client ip address Optional Specifies a particular client IP address Default Values No default value necessary for this command Usage Examples The following is a sample output from the show ip dhcp server binding command ProCurve enable ProCurve show ip dhcp server binding IP Address Client Id Lease Expiration Client Na...

Page 215: ...ecified all groups are shown with this command Syntax Description group address Optional Displays IP address of a multicast group Default Values No default value necessary for this command Usage Examples The following is sample output from this command ProCurve enable ProCurve show ip igmp groups IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 172 0 1 50 Loopba...

Page 216: ... slot port Enter the show ip igmp interface command for a complete list of interfaces Default Values No default value necessary for this command Usage Examples The following is sample output from this command ProCurve enable ProCurve show ip igmp interface eth 0 1 is UP Ip Address is 10 22 120 47 netmask is 255 255 255 0 IGMP is enabled on interface Current IGMP version is 2 IGMP query interval is...

Page 217: ...d Type show ip interfaces for a complete list of applicable interfaces brief Use this optional keyword to display an abbreviated version of interface statistics for all IP interfaces Default Values No default value necessary for this command Usage Examples The following is a sample output of the show ip interfaces command ProCurve enable ProCurve show ip interfaces eth 0 1 is UP line protocol is U...

Page 218: ...lt Values No default value necessary for this command Usage Examples The following is sample output from this command ProCurve enable ProCurve show ip local policy Local policy routing is enabled using route map equal route map equal permit sequence 10 Match clauses length 150 200 Set clauses ip next hop 10 10 11 254 Policy routing matches 0 packets 0 bytes route map equal permit sequence 20 Match...

Page 219: ...le all Optional Displays all multicast routes including those not used to forward multicast traffic Default Values No default value necessary for this command Usage Examples The following is sample output from this command ProCurve enable ProCurve show ip mroute IP Multicast Routing Table Timers Uptime Expires 10 2 170 3 01 03 19 00 00 00 Incoming interface Null RPF nbr 0 0 0 0 Outgoing interface ...

Page 220: ...w ip mroute all command ProCurve enable ProCurve show ip mroute all IP Multicast Routing Table Flags S Sparse C Connected P Pruned J Join SPT T SPT bit Set F Register R RP bit Set Timers Uptime Expires 10 1 0 1 01 17 34 00 03 25 RP 192 168 0 254 Flags SC Forwarding Entry Yes Incoming interface tunnel 2 RPF nbr 172 16 2 10 Outgoing interface list eth 0 1 Forward 01 17 34 00 03 25 ...

Page 221: ...No subcommands Default Values No default value necessary for this command Usage Examples The following is a sample output from the show ip ospf command ProCurve enable ProCurve show ip ospf Summary of OSPF Process with ID 192 168 72 101 Supports only single Type Of Service routes TOS 0 SPF delay timer 5 seconds Hold time between SPFs 10 seconds LSA interval 240 seconds Number of external LSAs 0 Ch...

Page 222: ...tabase network link state id show ip ospf area id database network link state id adv router ip address show ip ospf area id database router link state id show ip ospf area id database router link state id adv router ip address show ip ospf area id database summary link state id show ip ospf area id database summary link state id adv router ip address Syntax Description area id Optional Displays ar...

Page 223: ... network s IP address This is true for type 3 summary link advertisements and in autonomous system external link advertisements An address obtained from the link state ID If the network link advertisement s link state ID is masked with the network s subnet mask this will yield the network s IP address If describing a router this ID is always the router s OSPF router ID Usage Examples The following...

Page 224: ...rface type slot port slot port sub interface id interface id interface id sub interface id ap ap radio ap radio vap For example for a T1 interface use t1 0 1 for an Ethernet sub interface use eth 0 1 1 for a PPP interface use ppp 1 and for an ATM sub interface use atm 1 1 Type show ip ospf interface for a complete list of applicable interfaces Default Values No default value necessary for this com...

Page 225: ...play OSPF neighbor information for a specific interface Syntax Description interface type Optional Specifies the interface type i e eth ppp etc interface number Optional Specifies the interface number neighbor id Optional Specifies a specific neighbor s router ID detail Optional Enter this keyword to display details on all neighbors Default Values No default value necessary for this command Usage ...

Page 226: ...y L P 224 show ip ospf summary address Use the show ip ospf summary address command to display a list of all summary address redistribution information for the system Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples ProCurve enable ProCurve show ip ospf summary address ...

Page 227: ...lays PIM SM configuration and status information for a specific interface Type show ip pim sparse interface to display a list of applicable interfaces neighbor Displays neighbor adjacency information rp map Displays active group to RP mappings rp set Displays list of statically configured RP candidates The group address is 224 0 0 0 4 when no access group was applied to the rp address command refe...

Page 228: ...500 Override interval ms 2500 tunnel 1 is UP PIM Sparse DR 172 16 1 10 Local Address 172 16 1 9 Hello interval sec 30 Neighbor timeout sec 105 Propagation delay ms 500 Override interval ms 2500 tunnel 2 is UP PIM Sparse DR 172 16 2 10 Local Address 172 16 2 9 Hello interval sec 30 Neighbor timeout sec 105 Propagation delay ms 500 Override interval ms 2500 The following example shows sample output ...

Page 229: ...ap set Group address Static RP address 224 0 0 0 4 192 168 0 254 MCAST_ACL_1 192 168 1 254 MCAST_ACL_2 192 168 2 254 MCAST_ACL_3 192 168 3 254 The following example shows sample output from the show ip pim sparse state command ProCurve enable ProCurve show ip pim sparse state PIM SM State Table Flags S Sparse C Connected P Pruned J Join SPT T SPT bit Set F Register R RP bit Set Timers Uptime Expir...

Page 230: ...Membership Yes Forwarding State Forwarding Inherited output list eth 0 1 The following example shows sample output from the show ip pim sparse traffic command ProCurve enable ProCurve show ip pim sparse traffic Rx Tx Rx Tx Port eth 0 1 Hello 7 8334 J P 0 0 Register 0 0 RegStop 0 0 Assert 0 0 Port tunnel 1 Hello 8327 8333 J P 0 57 Register 0 0 RegStop 0 0 Assert 0 0 Port tunnel 2 Hello 8323 8334 J ...

Page 231: ...command to display which route map is associated with which interface for policy based routing Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following is sample output from this command ProCurve enable ProCurve show ip policy Interface Route map eth 0 2 equal eth 0 3 AAA 02 06 04 14 01 26 619 1 AppSpec Dynamic ...

Page 232: ... ip policy class host sessions show ip policy class policyname host sessions Syntax Description host sessions Optional Displays specific host IP addresses of all current sessions policyname Optional Displays policy class information for a specific policy class Default Values No default value necessary for this command Usage Examples The following is a sample output from the show ip policy class co...

Page 233: ...per source address Src IP Address Sessions 192 168 1 100 1 192 168 1 101 35 192 168 1 121 100 maximum allowed Policy class Public No limit for policy sessions allowed per host The following is a sample output from the show ip policy class policyname host sessions command for the policy class named Private ProCurve enable ProCurve show ip policy class Private host sessions Policy class Private 100 ...

Page 234: ...iations flagged for deletion will usually be freed within a few seconds of timeout or deletion depending on packet congestion servicing of packets is given priority New traffic matching an association will create a new active association provided the traffic still matches a policy class allow or NAT entry Default Values No default value necessary for this command Usage Examples The following is sa...

Page 235: ...licy sessions all Protocol TTL in crypto map out crypto map Destination policy class Src IP Address Src Port Dest IP Address Dst Port NAT IP Address NAT Port Policy class Public tcp 0 inactive 192 168 1 142 1025 192 168 19 2 3135 10 10 10 1 3605 tcp 0 inactive 192 168 1 142 1028 192 168 19 2 3138 10 10 10 1 3606 tcp 0 inactive 192 168 1 142 1029 192 168 19 2 3139 10 10 10 1 3607 tcp 0 inactive 192...

Page 236: ...urrent policy class statistics See ip policy class policyname on page 426 for information on configuring access policies Syntax Description policyname Optional Enter a specific policy class name to display information for a single policy Default Values No default value necessary for this command Usage Examples The following example displays a list of current policy class statistics ProCurve enable...

Page 237: ...ire prefix list listname Specifies to display information for a particular prefix list Default Values No default values are necessary for this command Functional Notes If the show ip prefix list command is issued with no arguments a listing of the prefix list rules but no hit count statistics is displayed Usage Examples The following example displays information about the prefix list test ProCurve...

Page 238: ...rently running system tasks This command should be used when troubleshooting with ProCurve support Syntax Description No subcommands Default Values No default values are necessary for this command Usage Examples The following is a sample output from the show ip processes stack ProCurve show ip processes stack Id Task Usage 0 Idle 0 8192 1 PC Config 2723 6000 2 Timer 00 117 2048 3 Nm01 79 2048 4 Cl...

Page 239: ...No subcommands Default Values No default value necessary for this command Usage Examples The following is a sample output from the show ip protocols command ProCurve enable ProCurve show ip protocols Sending updates every 30 seconds next due in 8 seconds Invalid after 180 seconds hold down time is 120 seconds Redistributing rip Default version control send version 2 receive version 2 Interface Sen...

Page 240: ...ays only the IP routes associated with BGP summary Optional Displays a summary of all IP route information summary realtime Optional Displays full screen output in realtime See the Functional Notes below for more information ip address subnet Displays only the IP routes to destinations within the given address and subnet Default Values No default value necessary for this command Functional Notes U...

Page 241: ...5 227 41 ppp 3 R 10 15 226 48 28 120 1 via 10 15 227 29 ppp 1 R 10 15 226 96 28 120 1 via 10 15 227 29 ppp 1 The following example shows how to display IP routes learned via BGP The values in brackets after a BGP route entry represent the entry s administrative distance and metric ProCurve enable ProCurve show ip route bgp Codes C connected S static R RIP O OSPF B BGP IA OSPF inter area N1 OSPF NS...

Page 242: ... continuously updated on the console until you either freeze the data by pressing the F key or exit reatime mode by pressing Ctrl C If there is not enough room on the screen for all available data the information will truncate at the bottom of the screen In order to maximize the amount of data displayed increase the terminal length using the terminal length command refer to terminal length lines o...

Page 243: ...lish resets 1 establish current 3795 segments received 4459 segments sent 26 segments retransmitted The following is a sample output from the show ip traffic netstat command ProCurve show ip traffic netstat Proto Recv Q Send Q Local Address Foreign Address State tcp 0 0 0 0 0 0 80 0 0 0 0 0 LISTEN tcp 0 0 0 0 0 0 443 0 0 0 0 0 LISTEN tcp 0 0 0 0 0 0 21 0 0 0 0 0 LISTEN tcp 0 0 0 0 0 0 23 0 0 0 0 0...

Page 244: ...efault necessary for this command Usage Examples The following example shows sample output from the show ip urlfilter command ProCurve enable ProCurve show ip urlfilter Configured for Websense URL filtering Filters Name filter1 Ports HTTP 80 Interfaces that filter is applied to eth 0 2 inbound Servers IP address 10 100 23 116 Port 15868 Timeout 5 Excluded domains Permit www procurve com Other Sett...

Page 245: ...e domain to display all configured domains excluded either always allowed or always blocked from URL filtering Syntax Description No subcommands Default Values No default necessary for this command Usage Examples The following example shows sample output from the show ip urlfilter exclusive domain command ProCurve enable ProCurve show ip urlfilter exclusive domain Excluded domains Permit www procu...

Page 246: ... default necessary for this command Usage Examples The following example shows sample output from the show ip urlfilter statistics command ProCurve enable ProCurve show ip urlfilter statistics Current outstanding requests to filter server 0 Current response packets buffered from web server 2 Max outstanding requests to filter server 3 Max response packets buffered from web server 5 Total requests ...

Page 247: ...he show isdn group command to display integrated services digital network ISDN group information Syntax Description group id Displays information for a specific ISDN group Valid range 1 to 255 Default Values No default value necessary for this command Usage Examples The following example displays information for ISDN group 5 ProCurve enable ProCurve show isdn group 5 ...

Page 248: ...e show lldp command to display LLDP timer configuration Syntax Description No subcommands Default Values No default values are necessary for this command Usage Examples The following example shows a sample LLDP timer configuration ProCurve enable ProCurve show lldp Global LLDP information Sending LLDP packets every 30 seconds Sending TTL of 120 seconds ...

Page 249: ... If there is more than one neighbor with the same system name all neighbors with that system name will be displayed Usage Examples The following example shows specific information about a neighbor for the system name Router ProCurve show lldp device Router Chassis ID 00 12 79 02 DD 2A MAC Address System Name Router Device Port eth 0 1 Locally Assigned Holdtime 30 Platform 3305 Software Version 08 ...

Page 250: ...tion interface Displays the information for the specified interface Type show lldp interface for a complete list of applicable interfaces Default Values No default values are necessary for this command Usage Examples The following example shows LLDP configuration and statistics for the Ethernet 0 1 interface ProCurve show lldp interface ethernet 0 1 eth 0 1 TX RX 0 packets input 0 input errors 0 T...

Page 251: ...ault values necessary for this command Functional Notes Use the realtime argument for this command to display full screen output in real time Information is continuously updated on the console until you either freeze the data by pressing the F key or exit reatime mode by pressing Ctrl C If there is not enough room on the screen for all available data the information will truncate at the bottom of ...

Page 252: ...were inserted into or deleted from the table System Last Change Time Shows the time at which the most recent change occurred in the neighbor table Inserts Shows the number of times neighbors have been added to the table Deletes Shows how many times neighbors have been deleted from the table because an interface was shut down Drops Shows how many times the insertion of a new neighbor into the table...

Page 253: ...argument for this command to display full screen output in real time Information is continuously updated on the console until you either freeze the data by pressing the F key or exit reatime mode by pressing Ctrl C If there is not enough room on the screen for all available data the information will truncate at the bottom of the screen In order to maximize the amount of data displayed increase the...

Page 254: ... a list of the modules currently installed in the system Syntax Description No subcommands Default Value No default value necessary for this command Usage Examples The following is a sample output from the show modules command ProCurve enable ProCurve show modules Slot Port Type Part Number Software Version 1 1 2 E1 E1 WAN J8456A 1 2 1 2 E1 E1 WAN J8456A 1 3 1 8 Octal E1 J8463A 1 4 Empty ...

Page 255: ...configuration editing tool Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following is a sample output from the show output startup command ProCurve enable ProCurve show output startup ProCurve ProCurve hostname UNIT_2 UNIT_2 no enable password UNIT_2 UNIT_2 ip subnet zero UNIT_2 ip classless UNIT_2 ip routing UNIT_2 UNIT_2 event his...

Page 256: ...ntax Description interface ethernet slot port Optional Shows port authorization supplicant information related to a specific Ethernet interface summary Optional Shows only basic information about each applicable interface Default Values No default value necessary for this command Usage Examples The following example displays supplicant information for Ethernet interface 0 2 ProCurve enable ProCurv...

Page 257: ... to display pppoe information ProCurve enable ProCurve show pppoe ppp 1 Outgoing Interface eth 0 1 Outgoing Interface MAC Address 00 12 79 00 85 20 Access Concentrator Name Requested FIRST VALID Access Concentrator Name Received 13021109813703 LRVLGSROS20W_IFITL Access Concentrator MAC Address 00 10 67 00 1D B8 Session Id 64508 Service Name Requested ANY Service Name Available PPPoE Client State B...

Page 258: ...nd at the probe configuration prompt will disable a probe causing it to cease traffic generation While a probe is shutdown it will not fail Use the realtime argument for this command to display full screen output in real time Information is continuously updated on the console until you either freeze the data by pressing the F key or exit realtime mode by pressing Ctrl C If there is not enough room...

Page 259: ...d to display full screen output in real time Information is continuously updated on the console until you either freeze the data by pressing the F key or exit reatime mode by pressing Ctrl C If there is not enough room on the screen for all available data the information will truncate at the bottom of the screen In order to maximize the amount of data displayed increase the terminal length using t...

Page 260: ...ce numbers interface interface ID Displays QoS map information for a specific interface e g Frame Relay PPP or ATM Enter the show qos map interface command for a complete list of interfaces Default Values No defaults necessary for this command Usage Example ProCurve show qos map qos map priority map entry 10 match IP packets with a precedence value of 6 priority bandwidth 400 kilobits sec burst de...

Page 261: ...hed by map 0 The following example shows the priority qos map and all entries in that map ProCurve show qos map priority qos map priority map entry 10 match IP packets with a precedence value of 6 priority bandwidth 400 kilobits sec burst default packets matched by map 125520 map entry 20 match ACL icmp packets matched by map 99 map entry 30 match RTP packets on even destination ports between 1600...

Page 262: ...ted with the map defined for an interface ProCurve show qos map interface frame relay 1 fr 1 qos policy out priority map entry 10 match IP packets with a precedence value of 6 budget 145 10000 bytes current max priority bandwidth 400 kilobits sec packets matched on interface 27289 packets dropped 98231 map entry 20 not configured for rate limiting map entry 30 not configured for rate limiting map ...

Page 263: ... default value necessary for this command Usage Examples The following is a sample output from the show queue command ProCurve enable ProCurve show queue fr 1 Queueing method weighted fair Output queue 18 25 200 64 1027 size highest max total threshold drops Conversations 2 4 256 active max active max total depth weight highest discards 12 256 33 0 Conversation 10 linktype ip length 67 source 10 1...

Page 264: ...ted with configured queuing methods Syntax Description fair Optional keyword used to display only information on the weighted fair queuing configuration Default Values No default value necessary for this command Usage Examples The following is a sample output from the show queuing command ProCurve enable ProCurve show queuing Interface Discard threshold Conversation subqueues fr 1 64 256 fr 2 64 2...

Page 265: ...lid responses number of timeouts average packet delay and maximum packet delay Statistics are shown for both authentication and accounting packets Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following is an example output using the show radius statistics command ProCurve enable ProCurve show radius statistics Auth Acct Number of p...

Page 266: ...displays all defined route maps Usage Examples In the example below all route maps in the router are displayed ProCurve enable ProCurve show route map route map RouteMap1 permit sequence 10 Match clauses community community list filter CommList1 Set clauses local preference 250 BGP Filtering matches 75 routes route map RouteMap1 permit sequence 20 Match clauses community community list filter Comm...

Page 267: ...nly the route map with the name RouteMap2 is displayed ProCurve enable ProCurve show route map RouteMap2 route map RouteMap2 permit sequence 10 Match clauses ip address access lists 192 168 1 1 Set clauses metric 100 BGP Filtering matches 10 routes route map RouteMap2 permit sequence 20 Match clauses ip address access lists 192 168 2 1 Set clauses metric 200 BGP Filtering matches 12 routes ...

Page 268: ... ip crypto verbose show running config ip rtp show running config ip rtp verbose show running config ip sdp show running config ip sdp verbose show running config ip sip show running config ip sip verbose show running config policy class show running config policy class verbose show running config probe show running config probe verbose show running config qos map show running config qos map verbo...

Page 269: ...sdp Displays the current running configuration for all Session Description Protocol SDP parameters policy class Displays the current running configuration for all configured policy classes probe Displays the current configuration for all running probes qos map Displays the current running configuration for all configured QoS maps router bgp Optional Displays the current bgp configuration router os...

Page 270: ...de Command Set 5991 2114 Copyright 2007 Hewlett Packard Development Company L P 268 logging forwarding priority level info no logging email ip policy timeout tcp all ports 600 ip policy timeout udp all ports 60 ip policy timeout icmp 60 interface eth 0 1 ...

Page 271: ...om the show schedule command ProCurve enable ProCurve show schedule Schedule entry DELAY AFTER BOOT active Schedule entry DELAY inactive Technology Review The scheduler provides a method for configuring a feature to operate during a specific time schedule and to receive feedback when the feature should disable or enable The goal of the scheduler is to eliminate redundant code while providing an un...

Page 272: ...statistics Displays SIP server statistic information user registration Displays local SIP server registration information Default Values No default necessary for this command Usage Examples The following example shows sample output from the show sip statistics command ProCurve enable ProCurve show sip statistics Invites transmitted 36 Invites received 26 Invite Retransmits transmitted 11 Invite Re...

Page 273: ...eric 10 17 20 24 5060 2593 Total phones registered 5 Technology Review SIP name service maintains a list of service names relevant to SIP transactions while also facilitating access between SIP related queries to the external Domain Name Service DNS and the internal DNS client Service names are automatically entered and deleted from the internal service name table when configured or not configured...

Page 274: ... SIP statistical and registration information Syntax Description dynamic Displays SIP location database dynamic entries static Displays SIP location database static entries Default Values No default necessary for this command Usage Examples The following example shows sample output from the show sip location static command ProCurve enable ProCurve show sip location static User IP Address Port Expi...

Page 275: ... the hex string that defines the current local engine ID settings group Displays the list of all groups entered user Displays the list of all users entered Default Values No default value necessary for this command Usage Examples The following is an example output using the show snmp command for a system with SNMP disabled and the default Chassis and Contact parameters ProCurve show snmp Chassis C...

Page 276: ...is sample output of the show snmp group command for a situation in which a group called securityV3auth was defined via the snmp server group command using version 3 and authentication and no access control list ProCurve enable ProCurve show snmp group Group securityV3auth Security Model v3 Read View default Write View not specified Notify View default ...

Page 277: ... show sntp Use the show sntp command to display the system Simple Network Time Protocol SNTP parameters and current status of SNTP communications Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example displays SNTP parameters and current status ProCurve show sntp ...

Page 278: ... exit reatime mode by pressing Ctrl C If there is not enough room on the screen for all available data the information will truncate at the bottom of the screen In order to maximize the amount of data displayed increase the terminal length using the terminal length command Usage Examples The following is an example output using the show spanning tree command ProCurve enable ProCurve show spanning ...

Page 279: ...efault Values No default value necessary for this command Usage Examples The following is a sample output of the show startup config command ProCurve enable ProCurve show startup config no enable password ip subnet zero ip classless ip routing event history on no logging forwarding logging forwarding priority level info no logging email ip policy timeout tcp all ports 600 ip policy timeout udp all...

Page 280: ... 5991 2114 Copyright 2007 Hewlett Packard Development Company L P 278 ip access list standard MatchAll permit host 10 3 50 6 permit 10 200 5 0 0 0 0 255 ip access list extended UnTrusted deny icmp 10 5 60 0 0 0 0 255 any source quench deny tcp any any no ip snmp agent ...

Page 281: ...ands Default Values No default value necessary for this command Functional Notes This command is used in conjunction with the show running config checksum command to determine whether the configuration has changed since the last time it was saved Usage Examples The following example displays the MD5 checksum of the unit s startup configuration ProCurve show startup config checksum 10404D5DAB3FE35E...

Page 282: ...any L P 280 show system The show system command shows the system version timing source power source and alarm relay status Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following is sample output for the show system command ProCurve enable ProCurve show system ...

Page 283: ...ubcommands Default Values No default value necessary for this command Usage Examples The following is sample output for the show tacacs statistics command ProCurve enable ProCurve show tacacs statistics Authentication Authorization Accounting Packets sent 0 0 0 Invalid responses 0 0 0 Timeouts 0 0 0 Average delay 0ms 0ms 0ms Maximum delay 0ms 0ms 0ms Socket Opens 0 Socket Closes 0 Socket Aborts 0 ...

Page 284: ...es No default value necessary for this command Functional Notes Use the realtime argument for this command to display full screen output in real time Information is continuously updated on the console until you either freeze the data by pressing the F key or exit reatime mode by pressing Ctrl C If there is not enough room on the screen for all available data the information will truncate at the bo...

Page 285: ...screen real time Default Value No default value necessary for this command Functional Notes The show tech command runs a system file that creates a showtech txt file in flash memory that contains terminal displays from the following show commands show version show modules show flash show cflash show running config verbose show interfaces show atm pvc show dial backup interfaces show frame relay lm...

Page 286: ...oCurve ProCurve show version ProCurve Secure Router 7102dl SROS Version J03 01 01 Checksum 5C8D29BE built on Mon Jul 25 16 14 46 2005 Boot ROM version J03 01 01 Checksum 49C7 built on Mon Jul 25 16 15 52 2005 Copyright c 2005 2005 Hewlett Packard Co Platform ProCurve Secure Router 7102dl Serial number US449TR019 Flash 33554432 bytes DRAM 134217727 bytes System uptime is 0 days 0 hours 14 minutes 4...

Page 287: ...lett Packard Development Company L P 285 ProCurve show modules Slot Port Type Part Number Software Version 1 1 2 E1 E1 WAN J8456A 1 2 1 2 E1 E1 WAN J8456A 1 3 1 8 Octal E1 J8463A 1 4 Empty ProCurve ProCurve ProCurve show flash 287413 J01_02B boot biz 3775 startup config 5166 startup config bak etc ...

Page 288: ...currently crossed for all DS1 interfaces Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following is sample output of the show thresholds command ProCurve enable ProCurve show thresholds t1 1 1 SEFS 15 min threshold exceeded UAS 15 min threshold exceeded SEFS 24 hr threshold exceeded UAS 24 hr threshold exceeded t1 1 2 No thresholds ...

Page 289: ...lues No default value necessary for this command Functional Notes Use the realtime argument for this command to display full screen output in real time Information is continuously updated on the console until you either freeze the data by pressing the F key or exit realtime mode by pressing Ctrl C If there is not enough room on the screen for all available data the information will truncate at the...

Page 290: ... to display full screen output in real time Information is continuously updated on the console until you either freeze the data by pressing the F key or exit reatime mode by pressing Ctrl C If there is not enough room on the screen for all available data the information will truncate at the bottom of the screen In order to maximize the amount of data displayed increase the terminal length using th...

Page 291: ...lt Values No default value necessary for this command Functional Notes Use the realtime argument for this command to display full screen output in real time Information is continuously updated on the console until you either freeze the data by pressing the F key or exit reatime mode by pressing Ctrl C If there is not enough room on the screen for all available data the information will truncate at...

Page 292: ...ure Router 7203dl SROS Version J04 01 Checksum 74305239 built on Fri Dec 09 10 00 32 2005 Boot ROM version J04 01 Checksum 4353 built on Fri Dec 09 10 00 35 2005 Copyright c 2005 2005 Hewlett Packard Co Platform ProCurve Secure Router 7203dl Serial number US449TS040 Flash 33554432 bytes DRAM 268435455 bytes System uptime is 0 days 6 hours 55 minutes 24 seconds Current system image file CFLASH SROS...

Page 293: ...ered the system opens the biz file specified and returns the current SROS version information Syntax Description cflash Specifies a biz file located in the compact flash memory flash Specifies a biz file located in flash memory filename Specifies the exact filename of the biz file for the system to determine the version information Default Values No default value necessary for this command Usage E...

Page 294: ...nc sip check sync firmware upgrade Syntax Description firmware upgrade Optional Specifies that the check sync notification will prompt the phones to update their firmware Check sync notifications containing a phone firmware upgrade are more time consuming than a generic check sync and require a coordination effort when updating all phones on the network This command staggers phone notifications on...

Page 295: ...and to open a Telnet session through the SROS to another system on the network Syntax Description address Specifies the IP address of the remote system Default Values No default value necessary for this command Usage Examples The following example opens a Telnet session to a remote system 10 200 4 15 ProCurve enable ProCurve telnet 10 200 4 15 User Access Login Password ...

Page 296: ...urrent terminal session and returns to the default value 24 rows when the session closes Use the no form of this command to return to the default terminal length Syntax Description lines Number of rows lines for the terminal session Range 0 to 480 Default Values The default setting for this command is 24 rows Usage Examples The following example sets the number of rows to 30 ProCurve enable ProCur...

Page 297: ...ddress Optional Specifies the IP address of the remote system to trace the routes to source address Optional Specifies the IP address of the interface to use as the source of the trace Default Values No default value necessary for this command Usage Examples The following is a sample traceroute output ProCurve enable ProCurve traceroute 192 168 0 1 Type CTRL C to abort Tracing route to 192 168 0 1...

Page 298: ...evelopment Company L P 296 undebug all Use the undebug all command to disable all activated debug messages Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example disabled all activated debug messages ProCurve enable ProCurve undebug all ...

Page 299: ...mand to send messages to all users currently logged in to the SROS unit Syntax Description No subcommands Default Values No defaults necessary for this command Usage Examples The following example sends the message Reboot in 5 minutes if no objections to the CLI screen of everyone currently connected ProCurve enable ProCurve wall Reboot in 5 minutes if no objections ...

Page 300: ...ry Once the save is complete the changes are retained even if the unit is shut down or suffers a power outage Syntax Description erase Optional Erase the configuration files saved to the unit s flash memory memory Optional Save the current configuration to flash memory See copy running config on page 74 for more information network Optional Save the current configuration to the network TFTP server...

Page 301: ...ands begin on page 302 aaa authentication commands begin on page 310 aaa authorization commands begin on page 316 aaa group server on page 320 aaa on on page 321 aaa processes threads on page 323 arp ip address mac address arpa on page 324 autosynch mode on page 325 banner exec login motd character message character on page 327 boot config cflash flash filename cflash flash backup filename on page...

Page 302: ...r destination per packet on page 421 ip local policy route map map name on page 422 ip mcast stub helper address ip address on page 423 ip multicast routing on page 424 ip name server server address1 6 on page 425 ip policy class policyname on page 426 ip policy class policyname max sessions number max host sessions number on page 431 ip policy class policyname rpf check on page 432 ip policy time...

Page 303: ...mac address bridge bridge id interface interface on page 481 modem countrycode countrycode on page 482 probe on page 485 qos map mapname sequence number on page 486 radius server on page 487 radius server host on page 489 route map map name permit deny sequence number on page 490 router bgp AS number on page 491 router ospf on page 492 router pim sparse on page 493 router rip on page 494 safe mode...

Page 304: ...evel listname none group tacacs aaa accounting commands level listname none group groupname aaa accounting commands level listname stop only group tacacs aaa accounting commands level listname stop only group groupname Syntax Description level Specifies the commands enable level Only level 1 unprivileged and level 15 privileged commands are supported listname Specifies the name of the list default...

Page 305: ...age Examples The following example creates a list called myList and sets accounting for Level 1 commands at stop only activities ProCurve config aaa accounting commands 1 myList stop only group tacacs Note To complete this command Telnet must be applied to the lines See Line Telnet Interface Config Command Set on page 550 for more detailed instructions ...

Page 306: ...lt none group groupname tacacs aaa accounting connection default start stop group groupname aaa accounting connection default start stop group tacacs aaa accounting connection default stop only group groupname aaa accounting connection default stop only group tacacs Syntax Description default Uses the default accounting list group groupname Specifies to use the named group remote server for accoun...

Page 307: ...nection terminates ProCurve config aaa accounting connection myList stop only group tacacs The following example creates a list called myList and sends the Telnet connection information to the TACACS server when the connection is made and when the connection terminates ProCurve config aaa accounting connection myList start stop group tacacs Note To complete this command Telnet must be applied to t...

Page 308: ...aa accounting exec default start stop group groupname aaa accounting exec default start stop group tacacs aaa accounting exec default stop only group groupname aaa accounting exec default stop only group tacacs Syntax Description default Uses the default accounting list group groupname Specifies to use the named group remote server for accounting Multiple groups can be specified If the unit fails ...

Page 309: ...he following example creates a list called myList and sends the connection login records to the TACACS server when the connection login is terminated ProCurve config aaa accounting exec myList stop only group tacacs Note To complete this command Telnet must be applied to the lines See Line Telnet Interface Config Command Set on page 550 for more detailed instructions ...

Page 310: ...ords for usernames set to null For more detailed information on AAA functionality refer to the Technology Review section of the command aaa on on page 321 Syntax Description No subcommands Default Values By default this command is disabled and the accounting records for null usernames are sent to the server Usage Examples The following command tells the unit not to send accounting records for user...

Page 311: ...gy Review section of the command aaa on on page 321 Variations of this command include aaa accounting update newinfo aaa accounting update periodic value Syntax Description newinfo Sends all new accounting records immediately periodic value Specifies the time interval in minutes between accounting updates sent to the server Select from 1 to 2 147 483 647 Default Values By default accounting record...

Page 312: ... recording the typed text message used for the banner The message must end with the same delimiter to indicate that the message is complete The text delimiters are not displayed to the screen during operation fail message string Sets the message shown if user authentication fails The message can be multiple lines Enter a delimiter such as to begin recording the typed text message displayed after a...

Page 313: ...e ProCurve Secure Router The following example defines an authentication failed message of Authentication Failed Contact IT for further assistance ProCurve config aaa authentication fail message Enter TEXT message End with the character Authentication Failed Contact IT for further assistance The following example defines a password prompt of PW ProCurve config aaa authentication password prompt PW...

Page 314: ...default none enable Syntax Description none Access automatically granted line Uses the line password for authentication enable Uses the enable password for authentication group groupname Uses the specified group of remote servers for authentication group radius Uses all defined RADIUS servers for authentication group tacacs Uses all defined TACACS servers for authentication Default Values If there...

Page 315: ...idual servers to the named group Refer to Radius Group Command Set on page 1425 or TACACS Group Configuration Command Set on page 1427 for more information The default group cannot be changed and includes all RADIUS servers in the order they were specified by the radius server commands The same is true of TACACS servers specified by the tacacs server commands Usage Examples The following example s...

Page 316: ...a authentication login default group radius enable aaa authentication login default group tacacs aaa authentication login default group tacacs enable aaa authentication login default group groupname aaa authentication login default group groupname enable aaa authentication login default line aaa authentication login default line enable aaa authentication login default local aaa authentication logi...

Page 317: ...s when no other list is assigned Functional Notes A user is authenticated by trying the list of methods from first to last until a method succeeds or fails If a method is unable to complete the next method is tried The local user database falls through to the next method if the username does not appear in the database The group falls through if the servers in the remote group could not be found Se...

Page 318: ... default setting Variations of this command include aaa authorization config command aaa authorization console Syntax Description config command Enables authorization for configuration mode commands Only level 1 unprivileged and level 15 privileged commands are supported console Allows authorization to be applied to the console Default Values By default authorization for console is disabled Howeve...

Page 319: ...ticated aaa authorization commands level listname none Syntax Description level Specifies the command s enable level Only level 1 unprivileged and level 15 privileged commands are supported listname Specifies the name of the authorization list default Specifies the default authorization list and applies it implicitly across all lines none Grants access automatically if authenticated Succeeds if us...

Page 320: ...n exec listname if authenticated group tacacs aaa authorization exec default none aaa authorization exec default group groupname aaa authorization exec default group tacacs aaa authorization exec default if authenticated aaa authorization exec default if authenticated group groupname aaa authorization exec default if authenticated group tacacs Syntax Description default Specifies the default autho...

Page 321: ...e following command creates a list called myList to authorize exec shell which succeeds only if the user has been authenticated successfully ProCurve config aaa authorization exec myList if authenticated The following command specifies to use the default list to authorize an exec shell with the TACACS server ProCurve config aaa authorization exec default group tacacs ...

Page 322: ...necessary for this command Functional Notes Use the radius server command to specify RADIUS servers before adding them to a group Likewise use the tacacs server command to specify TACACS servers before adding them to a group These commands enter a mode for adding individual servers to the named group Refer to Radius Group Command Set on page 1425 or TACACS Group Configuration Command Set on page 1...

Page 323: ... PASSWORD Use the line password telnet 0 4 or console 0 1 ENABLE PASSWORD Use the enable password LOCAL USERS Use the local user database GROUP groupname Use a group of remote RADIUS or TACACS servers The AAA system allows the user to create a named list of these methods to try in order in case one fails it falls to the next one This named list is then attached to a portal telnet 0 4 or console 0 ...

Page 324: ...th the order LINE ENABLE LOCAL and GROUP mygroup the following statements are true If there is no LINE password the list falls through to the ENABLE password If there is no ENABLE password the AAA system prompts the user for a username and password for the local user database If the given user is not in the local list the username and password are handed to the remote servers defined in mygroup A ...

Page 325: ...g For more detailed information on AAA functionality refer to the Technology Review section of the command aaa on on page 321 Syntax Description threads Specifies the number of threads available to the AAA subsystem Range 1 to 64 Default Values By default this is set to 1 process Functional Notes Increasing this number may speed up simultaneous authentication at the cost of system resources e g me...

Page 326: ...ress resolution protocol ARP table Syntax Description arpa Sets the standard address resolution protocol for this interface ip address Specifies the IP address mac address Specifies the MAC address Default Values The default for this command is arpa Usage Examples The following example enables standard ARP for the VLAN interface ProCurve config interface vlan 1 ProCurve config interface vlan 1 arp...

Page 327: ...files is more current This allows the customer to maintain the version of the operating system and the configuration for that operating system at the desired level To accomplish this a synchronization check is performed on the system any time there is a change in startup config or SROS BIZ on the compact flash card The autosynch feature allows for quick installation and updates of routers by inser...

Page 328: ...opens the specified biz file and returns the current SROS version information ProCurve enable show version flash SROS BIZ Version J03 01 00 The show autosynch status command displays the current AutoSynchTM configuration and the statistics for the SROS BIZ and startup config files if AutoSynchTM is enabled ProCurve enable show autosynch status AutoSynch Mode Enabled AutoSynch SROS BIZ synched Auto...

Page 329: ...ername and password login prompts motd Creates a message of the day MOTD banner character Banner text delimiter character Press Enter after the delimiter to begin input of banner text message Specifies the text message you wish to display End with the character that you chose as your delimiter Default Values By default no banners are configured Functional Notes Banners appear in the following orde...

Page 330: ...ies primary backup configuration file located in compact flash memory flash Specifies primary backup configuration file located in flash memory filename Specifies the filename of the configuration file filenames are case sensitive backup filename Specifies a name for the backup configuration file Default Values No default is necessary for this command Usage Examples The following example specifies...

Page 331: ...name Specifies the filename of the software filenames are case sensitive software files should have a biz or BIZ extension no backup Specifies that no backup software is to be saved to the system backup filename Specifies a name for the backup software verify Specifies a verification of the software checksum Default Values No default is necessary for this command Functional Notes Detailed instruct...

Page 332: ... Protocol Use the no form of this command with the appropriate arguments to delete this setting Syntax Description group Specifies bridge group number 1 to 255 using the bridge command ieee IEEE 802 1 Ethernet spanning tree protocol Default Values By default all configured bridge interfaces implement ieee spanning tree protocol Usage Examples The following example deletes the bridge protocol setti...

Page 333: ...g and Bridging CRB is that in IRB it is possible to route IP between routed interfaces and BVIs but with CRB the routed interfaces cannot communicate with bridged interfaces IRB s primary goal is to bridge all protocols and route any IP traffic destined for the MAC address of the BVI The IRB handles IP packets in the following manner When an IP packet comes into the router and it is not destined f...

Page 334: ... Line Interface Reference Guide Global Configuration Mode Command Set 5991 2114 Copyright 2007 Hewlett Packard Development Company L P 332 Usage Examples The following example enables IRB ProCurve config bridge irb ...

Page 335: ... DST Configures the unit to automatically correct for DST no auto correct DST Disables DST correction Default Values By default DST correction takes place automatically Functional Notes Depending on the clock timezone chosen see clock timezone text on page 335 for more information one hour DST correction may be enabled automatically You may override this default using this command Usage Examples T...

Page 336: ... Sets the time in 24 hour format of the system software clock in the format HH MM SS hours minutes seconds day Sets the current day of the month valid range 1 to 31 month Sets the current month valid range January to December You need only enter enough characters to make the entry unique This entry is not case sensitive year Sets the current year valid range 2000 to 2100 Default Values No default ...

Page 337: ...zone chosen one hour Daylight Savings Time DST correction may be enabled automatically See clock auto correct dst no auto correct dst on page 333 for more information clock timezone 1 Amsterdam clock timezone 1 Belgrade clock timezone 1 Brussels clock timezone 1 Sarajevo clock timezone 1 West Africa clock timezone 10 Brisbane clock timezone 10 Canberra clock timezone 10 Guam clock timezone 10 Hoba...

Page 338: ...mezone 5 Ekaterinburg clock timezone 5 Islamabad clock timezone 3 Greenland clock timezone 3 30 clock timezone 4 Atlantic Time clock timezone 4 Caracus clock timezone 4 Santiago clock timezone 5 clock timezone 5 Bogota clock timezone 5 Eastern Time clock timezone 6 Central America clock timezone 6 Central Time clock timezone 6 Mexico City clock timezone 6 Saskatchewan clock timezone 5 30 clock tim...

Page 339: ...cutive carriage returns or the word quit on a line by itself BEGIN X509 CERTIFICATE MIIDEDCCAs6gAwIBAgICAXIwCwYHKoZIzjgEAwUAMFoxCzAJBgNVBAYTAkZJMSQw IgYDVQQKExtTU0ggQ29tbXVuaWNhdGlvbnMgU2VjdXJpdHkxETAPBgNVBAsTCFdl YiB0ZXN0MRIwEAYDVQQDEwlUZXN0IENBIDQwHhcNMDMwMTA5MTYyNTE1WhcNMDMx MjMxMjM1OTU5WjBaMQswCQYDVQQGEwJGSTEkMCIGA1UEChMbU1NIIENvbW11bmlj YXRpb25zIFNlY3VyaXR5MREwDwYDVQQLEwhXZWIgdGVzdDESMBAGA1UE...

Page 340: ...mpany L P 338 END X509 CERTIFICATE quit Hash 4e904504dc4e5b95e08129430e2a0b97ceef0ad1394f905b42df2dfb8f751be0244a711bb0 6eddaa2f07dd640c187f14c16fa0bed28e038b28b6741a880539d6ed06a68b7e324bfdde6f3d0b17 83d94e58fd4943f5988a7a0f27f6b6b932dc0410378247160752853858dbe7a1951245cfb14b109e ffc430e177623720de56f4 Do you accept this certificate y y ...

Page 341: ...ificate Configuration Command Set on page 1223 for more information Syntax Description name Specifies CA profile by alphanumeric string of up to 32 characters Default Values No defaults necessary for this command Functional Notes Typically used only in the running config and startup config to restore certificates Usage Examples The following example enters the Certificate Configuration for the CA ...

Page 342: ...ined using the dialog this command assembles them into an enrollment request to be sent to a certificate authority including the generation of public and private keys See crypto ca profile for more information If enrollment is set to terminal you may view the request on the terminal screen If enrollment is set to url the request is sent automatically to the certificate authority using the URL spec...

Page 343: ... BEGIN CERTIFICATE MIIDWTCCAwOgAwIBAgIKFLCsOgAAAAAAtjANBgkqhkiG9w0BAQUFADBjMQswCQYD VQQGEwJVUzEQMA4GA1UECBMHQUxBQkFNQTETMBEGA1UEBxMKSHVudHN2aWxsZTEa MBgGA1UEChMRQWR0cmFuVGVjaFN1cHBvcnQxETAPBgNVBAMTCHRzcm91dGVyMB4X DTAzMDYyNTE0MTM1NVoXDTAzMTIwNjE0NDkxM1owJDEPMA0GA1UEChMGYWR0cmFu MREwDwYDVQQDEwhNeVJvdXRlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQClUKqs fbTalej5m9gk2DMsbC9df3TilBz 7nRx3ZzGw75AQsqEMYeBY5aWi62W...

Page 344: ...ile by alphanumeric string of up to 32 characters Default Values No defaults necessary for this command Functional Notes Puts CLI in a mode where the CRL can be entered manually Enter quit and a carriage return or simply enter two consecutive carriage returns to exit this mode This command only applies if the enrollment command is set to terminal See enrollment terminal on page 1216 Usage Examples...

Page 345: ...Specifies CA profile by alphanumeric string of up to 32 characters Default Values No defaults necessary for this command Functional Notes Use this to specify the type of enrollment as well as enrollment request parameters See the Functional Notes of the command crypto ca enroll name on page 340 for more information Usage Examples The following example creates the CA profile called MyProfile and en...

Page 346: ...paddress or name on page 1267 for more information policy policy priority Creates an IKE policy with the policy priority of your choice and enters the IKE Policy See IKE Policy Command Set on page 1260 for more information Default Values There are no default settings for this command Usage Examples The following example creates an IKE policy with a policy priority setting of 1 and enters the IKE P...

Page 347: ...mber in the system That priority number defines the position of that IKE policy within the system list When IKE negotiation is needed the system searches through the list starting with the policy with priority of 1 looking for a match to the peer IP address An individual IKE policy can override the system local id setting by having the local id command specified in the IKE policy definition This c...

Page 348: ...created This transform set defines ESP with Authentication implemented using 3DES encryption and SHA1 authentication ProCurve config crypto ipsec transform set highly_secure esp 3des esp sha hmac ProCurve cfg crypto trans mode tunnel Step 7 Define an ip access list An Extended Access Control List is used to specify which traffic needs to be sent securely over the VPN tunnel The entries in the list...

Page 349: ...ace This process includes configuring the IP address for the interface and applying the appropriate crypto map to the interface Crypto maps are applied to the interface on which encrypted traffic will be transmitted ProCurve config interface ppp 1 ProCurve config ppp 1 ip address 172 16 45 57 255 255 255 248 ProCurve config ppp 1 crypto map corporate_vpn ProCurve config ppp 1 no shutdown Step 10 C...

Page 350: ...e ID preshared key keyname Associates a pre shared key with this remote ID no mode config Optional keyword used to specify that the peer matching this remote ID should not use mode config no xauth Optional keyword used to specify that the peer matching this remote ID should not use xauth nat t v1 l v2 allow l force I disable Optional keyword that denotes whether peers matching this remote ID shoul...

Page 351: ...ote id asn1 dn CN MyRouter C US S CA L Roseville O HP OU TechSupport matches only remote ID strings with all fields exactly the same Example for typical asn1 dn format with wildcards used to match a string within a field crypto ike remote id asn1 dn CN C S L O OU matches any asn1 dn remote ID string from a peer Example for typical asn1 dn format with wildcards used to match a portion of the remote...

Page 352: ...p null esp md5 hmac esp sha hmac Default Values There are no default settings for this command Functional Notes Crypto map entries do not directly contain the transform configuration for securing data Instead the crypto map is associated with transform sets which contain specific security algorithms If no transform set is configured for a crypto map the entry is incomplete and will have no effect ...

Page 353: ...this command Functional Notes Crypto map entries do not directly contain the transform configuration for securing data Instead the crypto map is associated with transform sets which contain specific security algorithms see crypto ipsec transform set setname parameters on page 350 Crypto map entries do not directly contain the selectors used to determine which data to secure Instead the crypto map ...

Page 354: ...sociated with that interface is processed in order If a crypto map entry matches the non secured traffic the traffic is discarded When a packet is to be transmitted on an interface the crypto map set associated with that interface is processed in order The first crypto map entry that matches the packet will be used to secure the packet If a suitable SA security association exists that is used for ...

Page 355: ...otocol sent for inbound calls chap Configures CHAP authentication pap Configures PAP authentication Default Values By default there is no configuration for authentication Functional Notes There are certain PPP parameters that must be known before PPP can negotiate an inbound call when using demand routing To ensure PPP convergence it is recommended in most cases that demand routing interfaces use ...

Page 356: ...Default Values By default the MTU size is 1500 and multilink is disabled Functional Notes There are certain PPP parameters that must be known before PPP can negotiate an inbound call when using demand routing To ensure PPP convergence it is recommended in most cases that demand routing interfaces use the same settings as those specified in the data call commands The data call mtu number command se...

Page 357: ...e password during show commands password String up to 30 characters in length to use as the Enable Security mode password Default Values By default there is no configured enable password Usage Examples To provide extra security the SROS can encrypt the enable password when displaying the current configuration For example the following is a show configuration printout password portion with an unenc...

Page 358: ... Functional Notes The event history provides useful information regarding the status of the system and individual port states Use the event history as a troubleshooting tool when identifying system issues The following is a sample event history log ProCurve show event history Using 526 bytes 2002 07 12 15 34 01 T1 t1 1 1 Yellow 2002 07 12 15 34 01 INTERFACE_STATUS t1 1 1 changed state to down 2002...

Page 359: ...ts with a fatal priority are logged Info When selected all events are logged Notice When selected events with notice warning error and fatal priorities are logged Warning When selected events with warning error and fatal priorities are logged Default Values By default no event messages are logged to the event history Functional Notes The event history provides useful information regarding the stat...

Page 360: ...figuration Mode Command Set 5991 2114 Copyright 2007 Hewlett Packard Development Company L P 358 Usage Examples The following example logs all events to the event history ProCurve enable ProCurve config terminal ProCurve config event history priority info ...

Page 361: ... an exception report Use the no form of this command to disable rebooting when the minimum memory limitation is violated Syntax Description memory Specifies the minimum amount of memory in bytes that must be free before a reboot occurs Default Values By default exception memory minimum is disabled Usage Examples The following example sets the exception memory minimum to 3 Mb ProCurve config except...

Page 362: ...eption report yyyyMMddHHmmss The yyyMMddHHmmss is automatically populated with the actual year month day hour minutes and seconds when the report was generated Specifying a new filename results in the following format filename yyyyMMddHHmmss Usage Example The following example specifies the output filename for an exception report ProCurve config exception report file name thereport ProCurve config...

Page 363: ... aaa on command Syntax Description listname Specifies the named list created with the aaa authentication login command Enter default to use the AAA default login list Default Values There is no default configuration for the list If AAA is turned on but no ftp authentication list has been assigned FTP denies all login attempts Usage Examples The following example attaches the authentication list My...

Page 364: ...it This string will be displayed in all prompts Syntax Description name Identifies the unit by alphanumeric string of up to 32 characters Default Values By default the hostname is ProCurveSRXXXXdl where XXXX is the model number of the router For example the default for the ProCurve Secure Router 7203dl is ProCurveSR7203dl Usage Examples The following example creates a hostname for the SROS device ...

Page 365: ... location slot and port For example if you have a T1 DSX 1 installed in Slot 1 of an SROS product The WAN T1 port would be specified in the CLI as t1 1 1 The DSX 1 port would be specified as t1 1 2 If for example a backup module is also installed then the backup port would be specified as bri 1 3 If you are specifying a port that is built into the base unit e g the Ethernet port the slot number is...

Page 366: ...int to point Default Values By default there are no configured virtual ATM interfaces or sublinks Functional Notes Creating an endpoint that uses a layer 2 protocol such as ATM contains the following steps Step 1 Create the ATM virtual endpoint using the interface atm command and set the protocol specific configuration parameters and or activate the interface The following example creates a virtua...

Page 367: ...and the physical interface using the bind command For example the following creates a bind labeled 5 to make an association between the ATM virtual interface atm 7 and the adsl 1 1 interface ProCurve config bind 5 adsl 1 1 atm 7 Usage Examples The following example creates an ATM virtual interface labeled 1 and enters the ATM Interface Configuration mode ProCurve config interface atm 1 ProCurve co...

Page 368: ... configured virtual Frame Relay interfaces or sublinks Functional Notes Creating an endpoint that uses a layer 2 protocol such as Frame Relay is generally a four step process Step 1 Create the Frame Relay virtual endpoint using the interface frame relay command and set the signaling method using the frame relay lmi type command Also included in the Frame Relay virtual endpoint are all the applicab...

Page 369: ...ng rate on the interface For example the following creates a tdm group labeled 9 containing 20 DS0s each DS0 having a data rate of 56 kbps ProCurve config interface t1 1 1 ProCurve config t1 1 1 tdm group 9 timeslots 1 20 speed 56 ProCurve config t1 1 1 exit Step 4 Make the association between the layer 2 endpoint and the physical interface using the bind command For example the following creates ...

Page 370: ...configuration commands ProCurve config interface hdlc 7 ProCurve config hdlc 7 Step 2 Configure the interface parameters to apply access policies to the interface create bridging interfaces configure backup and assign an IP address You must activate the interface using the no shutdown command before the interface is able to pass any data For example the following assigns an IP address of 10 44 69 ...

Page 371: ...erface using the bind command For example the following creates a bind labeled 5 to make an association between the HDLC virtual interface hdlc 7 and the tdm group configured on interface t1 1 1 tdm group 9 ProCurve config bind 5 t1 1 1 9 hdlc 7 Usage Examples The following example creates a HDLC virtual interface labeled 1 and enters the HDLC Interface Configuration mode ProCurve config interface...

Page 372: ...s always up unless the router is shut down Use the no form of this command to delete a configured loopback interface Syntax Description label Specifies the numerical virtual loopback interface identifying label valid range 1 to 1024 Default Values By default there are no configured loopback interfaces Usage Examples The following example creates a loopback virtual interface labeled 1 and enters th...

Page 373: ...PP command set ProCurve config interface ppp 7 ProCurve config ppp 7 Step 2 Configure the interface parameters to apply access policies to the interface create bridging interfaces configure backup and assign an IP address You must activate the interface using the no shutdown command before the interface can pass data For example the following assigns an IP address of 172 24 69 1 30 to the interfac...

Page 374: ...interface using the bind command For example the following creates a bind labeled 5 to make an association between the PPP virtual interface ppp 7 and the tdm group configured on interface t1 1 1 tdm group 9 ProCurve config bind 5 t1 1 1 9 ppp 7 Usage Examples The following example creates a PPP virtual interface labeled 1 and enters the PPP Interface Configuration mode ProCurve config interface p...

Page 375: ...nterfaces to be configured followed by a hyphen or a comma slot port Specifies the slot port number of the last interface in the desired range of interfaces to be configured Default Values No default value is necessary for this command Functional Notes All configuration changes made in this mode will apply to all interfaces in the range specified Usage Examples The following example selects seven ...

Page 376: ...ional 5 The tunnel can not be in a recursive routing loop 6 If keepalives are enabled keepalive processing must be successful See keepalive period retries on page 1192 for details Technology Review A tunnel interface enables standard point to point encapsulation between two links Each endpoint must have a unique tunnel configured Tunneling allows an arbitrary payload protocol to be encapsulated wi...

Page 377: ...ist blocks all outbound Web traffic protocol Specifies the data protocol ip icmp tcp udp ahp esp gre or a specific protocol 0 to 255 source Specifies the source used for packet matching Sources can be expressed in one of four ways 1 Using the keyword any to match any IP address 2 Using host A B C D to specify a single host address 3 Using the A B C D wildcard format to match all IP addresses in a ...

Page 378: ... 67 rip Port 520 discard Port 9 snmp Port 161 dnsix Port 195 snmptrap Port 162 domain Port 53 sunrpc Port 111 echo Port 7 syslog Port 514 isakmp Port 500 tacacs Port 49 mobile ip Port 434 talk Port 517 nameserver Port 42 tftp Port 69 netbios dgm Port 138 time Port 37 netbios ns Port 137 who Port 513 netbios ss Port 139 xdmcp Port 177 The following TCP port numbers can be specified using the associ...

Page 379: ... defined and numbered messages carried in IP datagrams used to send error and control information Valid range is 0 to 255 icmp code Optional Filters ICMP packets that are filtered using the ICMP message type using the icmp type keyword can also be filtered using the ICMP message code valid range 0 to 255 An icmp type must be specified when entering an icmp code icmp message Optional Filters packet...

Page 380: ...tion for the list such as This list blocks all outbound web traffic log Using the log keyword logs a message if debug access list is enabled for this access list when the access list finds a packet match Usage Examples The following example creates an access list AllowIKE to allow all IKE UDP Port 500 packets from the 192 168 22 55 0 24 network ProCurve config ip access list extended AllowIKE ProC...

Page 381: ...s can be expressed in one of four ways 1 Using the keyword any to match any IP address 2 Using host A B C D to specify a single host address 3 Using the A B C D wildcard format to match all IP addresses in a range Wildcard masks work in reverse logic from subnet masks Specifying 255 in any octet of the wildcard mask equates to a don t care 4 Using the keyword hostname to match based on a DNS name ...

Page 382: ...tion for the list such as This list blocks all outbound web traffic log use the log keyword to log a message if debug access list is enabled for this access list when the access list finds a packet match Usage Examples The following example creates an access list UnTrusted to deny all packets from the 192 168 22 248 30 network ProCurve config ip access list standard UnTrusted ProCurve config std n...

Page 383: ...ee AS Path List Command Set on page 1271 for more information on the available options Default Values By default no as path lists are defined Functional Notes AS path lists are a type of route filter that permits or denies BGP routes based on the AS_PATH attribute AS path lists define a list of AS specifications to permit or deny traffic which can then be referenced in a route map See the Usage Ex...

Page 384: ...best supernet route available A classless packet is a packet addressed for delivery to a subnet of a network with no default network route Syntax Description No subcommands Default Values By default this command is enabled Functional Notes SROS products only function in classless mode You cannot disable this feature Usage Examples The following example enables the system to forward classless packe...

Page 385: ...the no form of this command to delete a community list Syntax Description listname Specifies the name of the community list to use in the community list attribute for BGP routes See Community List Command Set on page 1327 for more information on the available options Default Values By default this command is disabled Usage Examples The following example creates the community list and enters the co...

Page 386: ...nality using the ip crypto command The SROS allows you to perform all VPN related configuration prior to enabling ip crypto with the exception of assigning a crypto map to an interface The no ip crypto command removes all crypto maps from the interfaces Enabling ip crypto enables the IKE server on UDP port 500 The no form of this command disables the IKE server on UDP port 500 Usage Examples The f...

Page 387: ...ask interface or ip address null 0 administrative distance on page 438 for more information Syntax Description ip address Specifies the default gateway IP address in the form of dotted decimal notation example 192 22 71 50 Default Values By default there is no configured default gateway Functional Notes Only use the ip default gateway when IP routing is disabled on the router For all other cases u...

Page 388: ...base local Use the ip dhcp server database local command to configure a DHCP database agent with local bindings Use the no form of this command to disable this option Syntax Description No subcommands Default Values No default values Usage Examples The following example configures the DHCP database agent with local bindings ProCurve config ip dhcp server database local ...

Page 389: ...notation in the range This field is not required when specifying a single IP address Default Values By default there are no excluded IP addresses Functional Notes The SROS DHCP server by default allows all IP addresses for the DHCP pool to be assigned to requesting clients This command is used to ensure that the specified address is never assigned by the DHCP server When static addressed hosts are...

Page 390: ...ping packets sent on the network before assigning the IP address to a requesting DHCP client Default Values By default the number of DHCP server ping packets is set to 2 packets Functional Notes Before assigning an IP address to a requesting client the SROS DHCP server transmits a ping packet on the network to verify there are no other network hosts already configured with the specified address If...

Page 391: ... default timeout interval Syntax Description milliseconds Specifies the number of milliseconds valid range 1 to 1 000 the DHCP server will wait for a response to a transmitted DHCP ping packet Default Values milliseconds 500 milliseconds Functional Notes Before assigning an IP address to a requesting client the SROS DHCP server transmits a ping packet on the network to verify there are no other ne...

Page 392: ...escription name Identifies the configured DHCP server address pool by alphanumeric string up to 32 characters in length example SALES Default Values By default there are no configured DHCP address pools Functional Notes Use the ip dhcp server pool to create multiple DHCP server address pools for various segments of the network Multiple address pools can be created to service different segments of ...

Page 393: ...ed host translation name to address Use the no form of this command to disable DNS Syntax Description No subcommands Default Values By default this command is enabled Functional Notes Use the ip domain lookup command to enable the DNS client in the router This will allow the user to input web addresses instead of IP addresses for applications such as ping Telnet and traceroute Usage Examples The f...

Page 394: ... names Do not include the initial period that separates the unresolved name from the default domain name Default Values By default this command is disabled Functional Notes Use the ip domain name command to set a default name which will be used to complete any IP host name that is invalid i e any name that is not recognized by the name server When this command is enabled any IP host name that is n...

Page 395: ...roxy for other units on the network Syntax Description No subcommands Default Values By default this command is disabled Functional Notes When this command is enabled incoming DNS requests will be handled by the router It will first search its host table for the query and if it is not found there the request will be forwarded to the servers configured with the ip name server command Usage Examples...

Page 396: ...ng to the translation rules defined in NAT access policies Finally if sessions are inactive for a user specified amount of time the session will be closed by the firewall Application Specific Processing Certain applications need special handling to work correctly in the presence of a firewall SROS uses ALGs application level gateways for these applications The SROS includes several security featur...

Page 397: ...provides two types of ACLs standard and extended Standard ACLs allow source IP address packet patterns only Extended ACLs may specify patterns using most fields in the IP header and the TCP or UDP header Usage Examples The following example enables the SROS security features ProCurve config ip firewall Technology Review Concepts Access control using the SROS firewall has two fundamental parts Acce...

Page 398: ...cy class This traffic is routed normally The ip firewall command has no effect on this traffic Attack Protection When the ip firewall command is enabled firewall attack protection is enabled The SROS blocks traffic matching patterns of known networking exploits from traveling through the device For some of these attacks the user may manually disable checking blocking while other attack checks are ...

Page 399: ... be in response to a valid session All others are discarded Twinge Attacks that send TCP URG packets Yes Any TCP packets that have the URG flag set are discarded by the firewall Winnuke TCP XMAS Scan Falsified IP Header Attacks No The firewall verifies that the packet s actual length matches the length indicated in the IP header If it does not the packet is dropped Jolt Jolt2 Echo No All UDP echo ...

Page 400: ...rate concurrently with NAT firewall functionality The SROS firewall includes ALGs for handling these applications and protocols AOL Instant Messenger AIM VPN ALGS ESP and IKE FTP H 323 H 245 Q 931 ASN1 PER decoding and Encoding ICQ IRC Microsoft Games Net2Phone PPTP Quake Real Time Streaming Protocol SMTP HTTP CUseeme SIP L2TP PcAnywhere SQL Microsoft Gaming Zone To determine if a specific applica...

Page 401: ...no special knowledge to work well with simple protocols Session Initiation Protocol SIP ALG Information By default the SROS SIP ALG is enabled This ALG allows the firewall to examine the ALL SIP packets it identifies and maintain knowledge of SIP transmissions on the network based on the SIP header The SIP ALG requires the use of the SIP stack and the SIP proxy server in order to properly route SI...

Page 402: ...arry IP addresses and ports embedded in the packet and standard NAT implementations only modify the IP and TCP UDP headers A true SIP ALG is required to both modify the packets as needed for NAT but also open holes in the firewall as needed for traffic flow based on the information carried in the SIP header Enabling the SROS SIP ALG using the ip firewall alg sip command configures the firewall to ...

Page 403: ...more details on SIP functionality in the SROS refer to the Functional Notes and Technology Review sections of the command ip firewall alg ftp h323 h323 timeout pptp sip on page 399 Use the no form of this command to return to the default settings Syntax Description udp port Sets the UDP port Valid range 1 to 65 535 Multiple UDP ports can be entered Default Values By default the ALG for SIP is enab...

Page 404: ... command to return to the default threshold Syntax Description value Specifies the number of attack mounting attempts the SROS will identify before generating a log message valid range 0 to 4 294 967 295 Default Values By default the ip firewall attack log threshold is set to 100 Usage Examples The following example specifies a threshold of 25 attacks before generating a log message ProCurve confi...

Page 405: ...until the ip firewall command is issued at the Global Configuration prompt In addition the reflexive traffic check is disabled until the ip firewall check reflexive traffic command is issued Functional Notes This command allows the firewall to process traffic from a primary subnet to a secondary subnet on the same interface through the firewall If enabled this traffic will be processed through the...

Page 406: ...scription No subcommands Default Values All SROS security features are disabled by default until the ip firewall command is issued at the Global Configuration prompt In addition TCP reset sequence number checking is disabled until the ip firewall check rst seq command is issued Usage Examples The following example enables TCP reset sequence number checking ProCurve config ip firewall check rst seq...

Page 407: ...ued Functional Notes SYN Flooding is a well known denial of service attack on TCP based services TCP requires a three way handshake before actual communications begin between two hosts A server must allocate resources to process new connection requests that are received A potential intruder is capable of transmitting large amounts of service requests in a very short period of time causing servers ...

Page 408: ... command enables the WinNuke check Functional Notes WinNuke attack is a well known denial of service attack on hosts running Microsoft Windows operating systems An intruder sends Out of Band OOB data over an established connection to a Windows user Windows cannot properly handle the OOB data and the host reacts unpredictably Normal shut down of the hosts will generally return all functionality Usi...

Page 409: ...tion No subcommands Default Values All SROS security features are disabled by default until the ip firewall command is issued at the Global Configuration prompt In addition the fast NAT fallover is disabled until the ip firewall fast nat fallover command is issued Usage Examples The following example enables fast nat fallover ProCurve config ip firewall fast nat fallover Note The SROS security fea...

Page 410: ...FIN Use the no form of this command to return to the default setting Syntax Description seconds Specifies the time period allowed for TCP FIN Range is 0 to 4 294 967 295 Default Value By default ip firewall fin timeout is set to 4 seconds Usage Examples The following example sets the TCP FIN time period to 120 seconds ProCurve config ip firewall fin timeout 120 Note The SROS security features must...

Page 411: ...and to return to the default threshold Syntax DescriptionSyntax Description value Specifies the number of access policy connections the SROS will identify before generating a log message valid range 0 to 4 294 967 295 Default Values By default the ip firewall policy log threshold is sest to 100 Usage Examples The following example specifies a threshold of 15 connections before generating a log mes...

Page 412: ...t Use the no form of this command to return to the default setting Syntax Description seconds Specifies the time period allowed for TCP reset Range is 0 to 4 294 967 295 Default Value By default ip firewall rst timeout is set to 20 settings Usage Examples The following example sets the TCP reset time period to 120 seconds ProCurve config ip firewall rst timeout 120 Note The SROS security features ...

Page 413: ...e hop to associated devices Syntax Description No subcommands Default Values All SROS security features are disabled by default until the ip firewall command is issued at the Global Configuration prompt In addition the stealth option is disabled until the ip firewall stealth command is issued Usage Examples The following example enables the stealth option ProCurve config ip firewall stealth Note T...

Page 414: ...he SROS to forward UDP broadcast packets Syntax Description port number Specifies the UDP traffic type using source port The following is the list of UDP port numbers that may be identified using the text name biff Port 512 pim auto rp 496 bootps Port 67 rip Port 520 discard Port 9 snmp Port 161 dnsix Port 195 snmptrap Port 162 domain Port 53 sunrpc Port 111 echo Port 7 syslog Port 514 isakmp Port...

Page 415: ...ewlett Packard Development Company L P 413 Usage Examples The following example forwards all Domain Name Server broadcast traffic to the DNS server with IP address 192 33 5 99 ProCurve config ip forward protocol udp domain ProCurve config interface eth 0 1 ProCurve config eth 0 1 ip helper address 192 33 5 99 ...

Page 416: ...ass in command to assign an access policy to all self bound File Transfer Protocol FTP sessions Syntax Description policyname Specifies the configured access policy ACP to apply to inbound FTP traffic Default Values By default all ftp access is allowed Usage Examples The following example applies the configured ACP labeled Inbound_FTP to inbound FTP traffic ProCurve config ip ftp access class Inbo...

Page 417: ...Hewlett Packard Development Company L P 415 ip ftp agent Use the ip ftp agent command to enable the file transfer protocol FTP agent Syntax Description No subcommands Default Values By default the FTP agent is enabled Usage Examples The following example enables the IP FTP agent ProCurve config ip ftp agent ...

Page 418: ... FTP server Variations of this command include ip ftp server ip ftp server default filesystem cflash ip ftp server default filesystem flash Syntax Description default filesystem cflash Optional Specifies that the FTP server use the compact flash as the default file system default filesystem flash Optional Specifies that the FTP server use the flash as the default file system Default Values By defa...

Page 419: ...source interface for a complete list of valid interfaces Default Values No default value is necessary for this command Functional Notes This command allows you to override the sender field in the IP packet If you have multiple interfaces in your unit changing the sender tells the receiver where to send replies This functionality can also be used to allow packets to get through firewalls that would...

Page 420: ...ost cache Use the no form of this command to remove defined maps Syntax Description name Name of the host address IP address associated with this IP host Default Values By default the host table is empty Functional Notes The name may be any combination of numbers and letters as long as it is not a valid IP address or does not exceed 256 characters Usage Examples The following example defines two s...

Page 421: ...me Restricts access to the HTTP server using the specified access control list in Applies to all incoming connections authentication name Assigns the specified AAA list to HTTP authentication secure access class name Restricts access to the HTTPS server using the specified secure access control list secure server name Enables the specified SSL server server name Enables the specified HTTP server c...

Page 422: ...alues No defaults necessary for this command Functional Notes This command aids in debugging allowing the router s IP stack to connect to and respond on a multicast group The local stack operates as an IGMP host on the attached segment In multicast stub applications the global helper address takes care of forwarding IGMP joins responses on the upstream interface The router may respond to ICMP echo...

Page 423: ...t routes and alternate between them Syntax Description per destination Specifies that the route used for forwarding a packet be based on a hash of the source and destination IP address in the packet per packet Specifies that each forwarding route lookup rotates through all the parallel best routes Parallel routes are defined as routes to the same subnet with the same metrics that only differ by th...

Page 424: ...ce Use the no form of this command to return to the default route map Syntax Description map name Specify the name of the route map Default Values By default this command is disabled Functional Notes Before a route map can be specified it must first be defined using the route map command See route map map name permit deny sequence number on page 490 for more information Usage Examples The followin...

Page 425: ...m interfaces The address specified may be the next upstream hop or any upstream address on the distribution tree for the multicast source up to and including the multicast source The router selects from the list of multicast stub upstream interfaces the interface on the shortest path to the specified address The router then proxies on the se lected upstream interface using an IGMP host function an...

Page 426: ...ast router process The command does not affect other multicast related configuration Use the no form of this command to disable Disabling this command prevents multicast forwarding but does not remove other multicast commands and processes Syntax Description No subcommands Default Values By default this command is disabled Usage Examples The following example enables multicast functionality ProCur...

Page 427: ... no form of this command to remove any addresses previously specified Syntax Description server address1 6 Specifies up to six name server addresses Default Values By default no name servers are specified Usage Examples The following example specifies host 172 21 111 as the primary name server and host 172 21 1 2 as the secondary server ProCurve config ip name server 172 21 1 111 172 21 1 2 This c...

Page 428: ...erformed by the access policy are as follows allow list access control list name allow list access control list name stateless allow list access control list name policy access policy name allow list access control list name policy access policy name stateless allow list access control list name self allow list access control list name self stateless policy access policy name When the policy acces...

Page 429: ...ned to All packets denied by the ACL will be processed by the next policy class entry or implicitly discarded if no further policy class entries exist Possible discard list actions performed by the access policy are as follows discard list access control list name discard list access control list name policy access policy name discard list access control list name self policy access policy name Wh...

Page 430: ... table or policy based routing configuration If there is a match the firewall will process the packet If there is no match the firewall will process the packet based on the next policy class entry or implicitly discard it if no further policy class entries exist overload The overload command is not optional and must be used when using the nat source list command nat destination list All packets pe...

Page 431: ...ass allow list self self ProCurve config policy class nat destination list MATCHALL interface ppp 1 overload The following is a sample output of the configuration after issuing these commands ip access list standard wizard ics remark Internet Connection Sharing permit any ip access list extended self remark Traffic to Router permit ip any any log ip policy class Private allow list self self nat so...

Page 432: ...ied to determine whether the data will be processed or discarded Possible actions performed by the access policy are as follows allow list access control list name allow list access control list name stateless allow list access control list name policy access policy name allow list access control list name policy access policy name stateless allow list access control list name self allow list acce...

Page 433: ...limit for the total number of allowed sessions for all policies on the device This number must be within the appropriate range limits The limits are 1 to 30 000 Setting this value to zero turns the feature off max host sessions number Specifies the maximum number of allowed policy sessions which can be created from each unique source address This command is used in conjunction with a named policy ...

Page 434: ...cription policyname Identifies the configured access policy using an alphanumeric descriptor maximum of 255 characters All access policy descriptors are case sensitive rpf check Enables RPF check spoofing Default Values This command is enabled by default Functional Notes The rpf check feature should be disabled if your application allows incoming traffic on policy classes that do not match the rou...

Page 435: ... not allowed for ICMP The following is the list of UDP port numbers that may be identified using the text name in bold all ports ntp Port 123 biff Port 512 pim auto rp 496 bootpc Port 68 rip Port 520 bootps Port 67 snmp Port 161 discard Port 9 snmptrap Port 162 dnsix Port 195 sunrpc Port 111 domain Port 53 syslog Port 514 echo Port 7 tacacs Port 49 isakmp Port 500 talk Port 517 mobile ip Port 434 ...

Page 436: ...icy timeout tcp www 86400 ProCurve config ip policy timeout tcp telnet 1200 ProCurve config ip policy timeout tcp ftp 300 ProCurve config ip policy timeout tcp all_ports 480 The following example creates customized policy timeouts for UDP netbios ports 137 139 of 200 seconds and UDP ports 6000 7000 of 300 seconds ProCurve config ip policy timeout udp range netbios ns netbios ss 200 ProCurve config...

Page 437: ...escription text Assigns text set apart by quotation marks used as a description for the prefix list Maximum length is 80 characters Default Values No default values are necessary for this command Functional Notes This command adds a string of up to 80 characters as a description for a prefix list It also creates the prefix list if a prefix list of that name does not already exist Usage Examples Th...

Page 438: ...ecified an exact match is assumed If only ge is specified the range is assumed to be from ge value to 32 If only le is specified the range is assumed to be from len to le value Functional Notes This command specifies a prefix to be matched Optionally it may specify a range of mask lengths The following rule must be followed len ge value le value A prefix list with no entries allows all routes A ro...

Page 439: ...nterface Specifies the source interface in the format type slot port Type ip radius source interface for a complete list of interfaces Default Values By default no source interface is defined Functional Notes If this value is not defined the address of the source network interface is used Usage Examples The following example configures the Ethernet 0 1 port to be the source interface ProCurve conf...

Page 440: ...ber Syntax Description ip address Specifies the network address to add to the route table IP addresses should be expressed in dotted decimal notation for example 10 10 10 1 subnet mask Specifies the subnet mask that corresponds to a range of IP addresses network or a specific host Subnet masks can be expressed in dotted decimal notation for example 255 255 255 0 or as a prefix length for example 2...

Page 441: ...ly redistributing routes into a routing protocol such as RIP OSPF BGP Range is 1 to 65 535 Default Values By default there are no configured routes in route table and the tag of 0 is applied to the route Usage Examples The following example adds a static route to the 10 220 0 0 16 network through the next hop router 192 168 45 254 and a default route to 172 16 2 10 ProCurve config ip route 10 220 ...

Page 442: ...ompany L P 440 ip routing Use the ip routing command to enable the SROS IP routing functionality Use the no form of this command to disable IP routing Syntax Description No subcommands Default Values By default IP routing is enabled Usage Examples The following example enables the SROS IP routing functionality ProCurve config ip routing ...

Page 443: ...otocol RTP Real time Transport Control Protocol RTCP connection between two or more User Agents UAs The ports used for this will always be selected in a pair with the even port used for RTP and the odd port for RTCP The SIP ALG enabled using the ip firewall alg sip configures the firewall to examine the ALL SIP packets it identifies and maintain knowledge of SIP transmissions on the network Since ...

Page 444: ...the transfer of files using a secure connection A secure connection helps provide protection against outside forces gaining access to configuration files An external secure copy server such as PuTTY is required to facilitate the transfers from the terminal Syntax Description No subcommands Default Value By default the secure copy server function is disabled Usage Examples The following example ena...

Page 445: ...nd the SIP proxy server in order to properly route SIP calls and maintain the SIP information When the SIP ALG is enabled the SIP stack and SIP proxy server are automatically enabled For proper SIP operation the firewall must also be configured to allow for dynamic holes for the RTP RTCP traffic associated with SIP calls between User Agents UAs This functionality must be manually enabled using the...

Page 446: ...abase using memory on the local router This database is maintained across a power loss location Adds a SIP UA to the location database Manually adding a UA to the database is generally not required unless your SIP network is running in non registering mode username Specifies the username for the UA being added to the location database ip address Specifies the IP address for the UA being added to t...

Page 447: ...ault the SROS SIP ALG is enabled This ALG allows the firewall to examine the ALL SIP packets it identifies and maintain knowledge of SIP transmissions on the network based on the SIP header The SIP ALG requires the use of the SIP stack and the SIP proxy server in order to properly route SIP calls and maintain the SIP information When the SIP ALG is enabled the SIP stack and SIP proxy server are au...

Page 448: ...period max expires Specifies the maximum expiration period for the UA listing in the location database All UAs registering with the SIP proxy server request an expiration period for the listing in the database UAs requesting an expiration period between the max expires and min expires values are honored Enter a time in seconds from 0 to 2 592 000 min expires Specifies the minimum expiration period...

Page 449: ...d to enable the Simple Network Management Protocol SNMP agent Syntax Description No subcommands Default Values By default the SNMP agent is disabled Functional Notes Allows a MIB browser to access standard MIBs within the product This also allows the product to send traps to a trap management station Usage Examples The following example enables the IP SNMP agent ProCurve config ip snmp agent ...

Page 450: ...r Use the ip sntp server command to enable the simple network time protocol SNTP server This allows the unit to accept SNTP requests Use the no form of this command to disable the server Syntax Description No subcommands Default Values By default the SNTP server is disabled Usage Examples The following example enables the SNTP server ProCurve config ip sntp server ...

Page 451: ...terface to be used as the source IP address for SNTP traffic Type ip sntp source interface for a complete list of valid interfaces Default Values No default value is necessary for this command Functional Notes This command allows you to override the sender field in the IP packet If you have multiple interfaces in your unit changing the sender tells the receiver where to send replies This functiona...

Page 452: ... listen on an alternate TCP port Default Values By default the SSH server listens on TCP port 22 and Telnet listens on TCP port 23 Functional Notes SSH is a newer version of Telnet which allows you to run command line and graphical applications as well as transfer files over an encrypted connection Usage Examples The following example configures the Telnet server to listen on TCP port 2323 instead...

Page 453: ...P 451 ip subnet zero The ip subnet zero command is the default operation and cannot be disabled This command signifies the router s ability to route to subnet zero subnets Syntax Description No subcommands Default Values By default this command is enabled Usage Examples The following example subnet zero is enabled ProCurve config ip subnet zero ...

Page 454: ...ddress for TACACS traffic Type ip tacacs source interface for a complete list of valid interfaces Default Values No default value is necessary for this command Functional Notes This command allows you to override the sender field in the IP packet If you have multiple interfaces in your unit changing the sender tells the receiver where to send replies This functionality can also be used to allow pa...

Page 455: ... class name in ip tftp server overwrite Syntax Description access class name in Controls access to the internal TFTP server using the specified access control list overwrite Enables the TFTP server to overwrite existing files Default Values By default this command is disabled Usage Examples The following example enables the TFTP server ProCurve config ip tftp server The following example enables t...

Page 456: ...scription interface Specifies the interface to be used as the source IP address for TFTP traffic Default Values No default value is necessary for this command Functional Notes This command allows you to override the sender field in the IP packet If you have multiple interfaces in your unit changing the sender tells the receiver where to send replies This functionality can also be used to allow pac...

Page 457: ...are configured Functional Notes The firewall must be enabled using the ip firewall command in order to use URL filters The URL filter must be applied to the appropriate interface by using the ip urlfilter filtername in out command Refer to this command in the appropriate interface for more information Usage Examples The following example creates the HTTP URL filter called MyFilter that can be appl...

Page 458: ...ll URL requests in cases when all URL filter servers are down Use the no form of this command to block all URL requests when all URL filter servers are down Syntax Description No subcommands Default Values By default all URL requests will be blocked when all URL filter servers are down Usage Example The following example permits all URL requests even when URL filter servers are down ProCurve confi...

Page 459: ...es By default no exclusive domains are configured Functional Notes Domain matching is based on an exact match between the HTTP header and entries in the ip urlfilter exclusive domain command In order to exactly match requests destined for a domain entries should list all possible variations of the domain that would appear in the Host field of an HTTP header Refer to the Usage Examples section of t...

Page 460: ...value back to its default Syntax Description value The maximum number of outstanding URL lookup requests Valid range is 1 to 500 requests Default Values By default the number of outstanding requests is 500 Functional Notes After the maximum number of URL lookup requests is reached the no ip urlfilter allowmode setting will be used to allow or block all following requests until enough URL lookup re...

Page 461: ...d responses is 100 Functional Notes When a URL request comes through the unit and URL filtering is enabled a lookup request is sent to the URL filter server and the HTTP request is forwarded to the HTTP server at the same time If the HTTP server responds before the URL filter server the response must be buffered until the URL filter server responds with allow or block Once the maximum number of bu...

Page 462: ...pressed in dotted decimal notation for example 10 10 10 1 port number Specifies the server TCP port number which will receive requests timeout value Specifies the number of seconds to wait for a response from the URL filtering server before determining that it is out of service Range is 1 to 300 seconds Default Values By default there are no URL filtering servers configured When configuring a URL ...

Page 463: ... subcommands Default Values No default values necessary for this command Functional Notes An ISDN group allows the user to specify the maximum and minimum number of B channels that can be used for a specific type of call It is a logical group of B channels from one or more ISDN interfaces An ISDN interface can be a member of multiple ISDN groups which makes it possible to share its B channels betw...

Page 464: ... area International calls have the international direct dialing prefix removed For example consider an international call of 011 N where the international direct dialing prefix is 011 and the N represents the digits necessary for routing the call at the destination When the Called Party IE is created for this call the prefix is stripped and the N digits are placed in the Number Digits field nation...

Page 465: ...attern Specifies a pattern for this template Valid Characters 0 9 Match exact digit only X Match any single digit 0 9 N Match any single digit 2 9 M Match any single digit 1 8 Match any digit in the list For example 1 4 6 matches 1 4 and 6 only 1 3 5 matches 1 2 3 and 5 Default Values The following default number template entry exists for domestic emergency calls 911 isdn number template 0 prefix ...

Page 466: ...nd Set on page 550 for information on the subcommands found in this ssh Enters the configuration mode for SSH Refer to the section Line SSH Interface Config Command Set on page 561 for information on the subcommands found in that command set line number Specifies the starting session to configure for remote access valid range for console 0 valid range for Telnet and SSH 0 to 4 If configuring a sin...

Page 467: ...wlett Packard Development Company L P 465 The following example begins the configuration for all available Telnet sessions ProCurve config line telnet 0 4 ProCurve config telnet0 4 The following example begins the configuration for all available SSH sessions ProCurve config line ssh 0 4 ProCurve config ssh0 4 ...

Page 468: ...default minimum transmit interval 2 seconds valid range 1 through 8192 reinitialization delay 2 seconds valid range 1 through 10 transmit interval 30 seconds valid range 5 through 32 768 and ttl multiplier 4 valid range 2 through 10 Functional Notes Once a device receives data from a neighboring device in an LLDP frame it will retain that data for a limited amount of time This amount of time is ca...

Page 469: ...ging console Use the logging console command to enable the SROS to log events to all consoles Use the no form of this command to disable console logging Syntax Description No subcommands Default Values By default logging console is disabled Usage Examples The following example enables the SROS to log events to all consoles ProCurve config logging console ...

Page 470: ...ail priority level error fatal info notice warning on page 471 for more information Use the no form of this command to remove a listed address Syntax Description email address Specifies the complete email address to use when sending logged messages This field allows up to 256 characters Enter as many email addresses as desired placing a semi colon between addresses Default Values By default there ...

Page 471: ...tion it will generate a file with detailed information that Technical Support can use to diagnose the problem This command allows the unit to email the exception report to a list of addresses upon rebooting after the exception This command should be used in conjunction with the other logging email commands Refer to logging email address list email address email address on page 468 logging email on...

Page 472: ...logged by the SROS See logging email priority level error fatal info notice warning on page 471 and logging email priority level error fatal info notice warning on page 471 for more information Use the no form of this command to disable the email notification feature Syntax Description No subcommands Default Values By default email event notification is disabled Functional Notes The domain name is...

Page 473: ... this command to return to the default priority Syntax Description Sets the minimum priority threshold for sending messages to email addresses specified using the logging email address list command The following priorities are available ranking from lowest to highest Error When selected events with error and fatal priorities are logged Fatal When selected only events with a fatal priority are logg...

Page 474: ... notice warning on page 471 for related information Use the no form of this command to remove a configured address Syntax Description ip address Specifies the IP address in dotted decimal notation of the mail server to use when sending logged messages auth username username Specifies the user name to use if your email server requires authentication auth password password Specifies the password to ...

Page 475: ...ommand to specify the sender in an outgoing email message This name will appear in the From field of the receiver s inbox Use the no form of this command to disable this feature Syntax Description No subcommands Default Values No default value is necessary for this command Usage Examples The following example sets a sender for outgoing messages ProCurve config logging email sender myUnit myNetwork...

Page 476: ...interface to be used as the source IP address for email messages Type logging email source interface for a list of valid interface types Default Values No default value is necessary for this command Functional Notes This command allows you to override the sender field in the IP packet If you have multiple interfaces in your unit changing the sender tells the receiver where to send replies This fun...

Page 477: ...ctional Notes below Use the no form of this command to return it to its default setting Syntax Description facility type Specifies the syslog facility type see Functional Notes below Default Values The default value is local7 Functional Notes The following is a list of all the valid facility types auth Authorization system cron Cron facility daemon System daemon kern Kernel local0 local7 Reserved ...

Page 478: ...ify the event matching the criteria used by the SROS to determine whether a message should be forwarded to the syslog server See logging forwarding priority level error fatal info notice warning on page 477 for related information Use the no form of this command to disable the syslog event feature Syntax Description No subcommands Default Values By default syslog event notification is disabled Usa...

Page 479: ...Description Sets the minimum priority threshold for sending messages to the syslog server specified using the logging forwarding receiver ip command The following priorities are available ranking from lowest to highest Error When selected events with error and fatal priorities are logged Fatal When selected only events with a fatal priority are logged Info When selected all events are logged Notic...

Page 480: ... forwarding receiver ip commands to develop a list of syslog servers to use See logging forwarding priority level error fatal info notice warning on page 477 for related information Use the no form of this command to remove a configured address Syntax Description ip address Specifies the IP address in dotted decimal notation of the syslog server to use when logging messages Default Values By defau...

Page 481: ...fies the interface to be used as the source IP address for event log traffic Type logging forwarding source interface for a list of valid interface types Default Values No default value is necessary for this command Functional Notes This command allows you to override the sender field in the IP packet If you have multiple interfaces in your unit changing the sender tells the receiver where to send...

Page 482: ... length of time dynamic MAC addresses remain in the switch or bridge forwarding table Use the no form of this command to reset this length to its default Syntax Description aging time Specifies an aging time in seconds from 10 to 1 000 000 Set to 0 to disable the timeout Default Values By default the aging time is 300 seconds Usage Examples The following example sets the aging time to 10 minutes P...

Page 483: ...nd to remove an entry from the table Syntax Description mac address Specifies a valid 48 bit MAC address bridge bridge id Specifies a valid bridge interface ID interface interface Specifies a valid slot port interface ID Type mac address table static bridge interface for a complete list of valid interfaces Default Values By default there are no static entries configured Usage Examples The followin...

Page 484: ...Modem configuration Belgium Belgium Modem configuration Bolivia Bolivia Modem configuration Brazil Brazil Modem configuration Chile Chile Modem configuration China China Modem configuration Colombia Colombia Modem configuration Costa_Rica Costa_Rica Modem configuration Cyprus Cyprus Modem configuration Czechoslovakia Czechoslovakia Modem configuration Denmark Denmark Modem configuration Ecuador Ec...

Page 485: ... Modem configuration Portugal Portugal Modem configuration Puerto_Rico Puerto_Rico Modem configuration Qatar Qatar Modem configuration Russia Russia Modem configuration Saudi_Arabia Saudi_Arabia Modem configuration Singapore Singapore Modem configuration Slovakia Slovakia Modem configuration Slovenia Slovenia Modem configuration South_Africa South_Africa Modem configuration Spain Spain Modem confi...

Page 486: ...de Global Configuration Mode Command Set 5991 2114 Copyright 2007 Hewlett Packard Development Company L P 484 Usage Example The following example specifies to use the USA Canada modem configuration ProCurve config modem countrycode USA Canada ...

Page 487: ...cp connect Specifies the probe type being created as a TCP connect Default Values By default there are no probes configured Usage Examples The following example creates an ICMP echo probe called probe1 ProCurve enable ProCurve configure terminal ProCurve config interface probe probe1 icmp echo ProCurve config probe probe1 Technology Review Probes are stand alone objects which help determine the st...

Page 488: ...equenced entries An entry contains a single match reference and one or more actions priority set or both Multiple map entries for the same QoS map are differentiated by a sequence number The sequence number is used to assign match order Once created a QoS map must be applied to an interface using the qos policy out map name command in order to actively process traffic Any traffic for the interface...

Page 489: ... user challenge entry When echo is turned on users see the text of the challenge as they type responses Enabling this option hides the text as it is being entered deadtime minutes Specifies how long a RADIUS server is considered dead once a timeout occurs The server will not be tried again until after the deadtime expires enable username name Specifies a username to be used for enable authenticati...

Page 490: ...ation and accounting respectively If a server is added to a named group but is not defined by a radius server command the server is simply ignored when accessed Empty server lists are not allowed When the last server is removed from a list the list is automatically deleted Usage Examples The following example shows a typical configuration of these parameters ProCurve config radius server challenge...

Page 491: ...er timeout this number of times uses RADIUS global setting if not given timeout seconds Waits for a response this number of seconds uses RADIUS global setting if not given key key Defines the shared key with the RADIUS server uses RADIUS global setting if not given Note that the key must appear last on the input line since it reads the rest of the line beyond the key keyword key encrypted key Defi...

Page 492: ...ttributes deny Specifies not to redistribute routes matching the route map attributes sequence number Specifies a sequence number of this route entry Range is 1 to 4 294 967 295 Default Values By default no route maps are defined Functional Notes Route maps can be assigned to a neighbor using the route map command in the BGP Neighbor command set See route map map name in out on page 1323 for more ...

Page 493: ...Review The following SROS BGP related guidelines may help guide decisions made during basic BGP implementation Ignore route if next hop is unreachable Prefer route with largest weight only used in the local router set by applying route maps to set this value on desired inbound updates Prefer route with largest local preference Prefer route injected by this router via network command Prefer route w...

Page 494: ...firewall command To do this configure the OSPF networks as usual specifying which networks the system will listen for and broadcast OSPF packets to See ip firewall on page 394 for more information To apply stateful inspection to packets coming into the system create a policy class that describes the type of action desired and then associate that policy class to the particular interface see ip poli...

Page 495: ... Command Set on page 1375 for more information on the subcommands for PIM Sparse Configuration mode Syntax Description No subcommands Default Values No default values necessary for this command Functional Notes Additional commands for PIM are found in the related interface configuration modes See the ip pim sparse commands in the various interface configuration sections for more information Usage ...

Page 496: ...058 Version 1 and updated in RFCs 1721 1722 and 1723 for Version 2 Version 2 includes components that ease compatibility in networks operating with RIP V1 All advertisements occur on regular intervals every 30 seconds Normally a route that is not updated for 180 seconds is considered dead If no other update occurs in the next 60 seconds for a new and better route the route is flushed after 240 sec...

Page 497: ... as failed metric 16 or up normal metric followed by the normal scheduled update The assumption here is that if a gateway missed the triggered update it will eventually learn from another gateway in the standard convergence process This conserves bandwidth RIP Related Definitions Route A description of the path and its cost to a network Gateway A device that implements all or part of RIP a router ...

Page 498: ...tion where the configuration change they perform interrupts network connectivity For example if the user is connected to the router via a Telnet session and configures an access list ACL that blocks all Telnet access and applies it to an interface the user loses connectivity In this example the only way to recover connectivity is to directly connect to the Console port and remove the ACL Once enab...

Page 499: ...sons cannot view them in configuration files since the encrypted form of the password is displayed in the running config While this provides some level of security the encryption method used with password encryption is not a strong form of encryption so you should take additional network security measures Usage Examples The following example enables password encryption for all passwords on the uni...

Page 500: ...expressed in the format time day month year for example 08 15 2 February 2007 time Time is expressed in the 24 hour format hours minutes hh mm for example 08 15 day The day of the month is expressed with a number Range is 1 to 31 month The name of the month can be spelled out or abbreviated year The year is expressed in the format yyyy for example 2007 periodic Specifies the weekly behavior of the...

Page 501: ...Configuration mode ProCurve config schedule Closed ProCurve config schedule Closed The following example sets the start time in the schedule named Closed to 8 15 a m on February 2 2007 and sets the end time to 10 15 a m on April 2 2007 ProCurve config schedule Closed absolute start 08 15 2 february 2007 end 10 15 2 april 2007 The following example sets the recurring start and end day and time in t...

Page 502: ...id command to specify an identifier for the Simple Network Management Protocol SNMP server Use the no form of this command to return to the default value Syntax Description id string Identifies the product by alphanumeric string up to 32 characters in length Default Values id string Chassis ID Usage Examples The following example configures a chassis ID of A432692 ProCurve config snmp server chass...

Page 503: ...mmunity view viewname rw snmp server community community view viewname rw listname Syntax Description community Specifies the community string a password to grant SNMP access view viewname Optional Specifies a previously defined view Views define objects available to the community For information on creating a new view see snmp server view name value on page 516 ro Optional Keyword to grant read o...

Page 504: ...rver contact email address snmp server contact pager number snmp server contact phone number snmp server contact string Syntax Description email Specifies email address for the SNMP server contact pager Specifies pager number for the SNMP server contact phone Specifies phone number for the SNMP server contact number Identifies the contact up to 32 characters in length Default Values No default val...

Page 505: ...P traps Variations of this command include snmp server enable traps snmp server enable traps snmp Syntax Description trap type Optional Specifies the type of notification trap to enable Leaving this option blank enables ALL system traps snmp Optional Enables a subset of traps specified in RFC 1157 The following traps are supported coldStart warmStart linkUp linkDown authenticationFailure Default V...

Page 506: ...er engineID local 8000000b00000000000001 Technology Review The SNMP v3 engine ID is a unique identifier for a system on a management domain The default engine ID contains 11 octets in hexadecimal notation that represents certain information about the system The default engine ID format is as follows The first 4 octets of the default engine ID for ProCurve Secure Routers is 8000000b Octets 1 throug...

Page 507: ... the default engine ID and replaces it with the first 22 characters of the user entered string Because the string is in hexadecimal notation only numbers 0 through 9 and characters a through f are valid If less than 22 characters are entered in the string SROS pads the end of the entered string with zeros least significant bits until the 22 character string is complete For example a user input of ...

Page 508: ...ify name access listname Syntax Description access listname Specifies an access control list entry groupname Specifies the name of the SNMP group 32 characters maximum notify name Specifies a notify view entry 32 characters maximum read name Specifies a read view entry 32 characters maximum write name Specifies a write view entry 32 characters maximum v1 Uses SNMP version 1 security model v2c Uses...

Page 509: ... community snmp snmp server host ip address traps community snmp server host ip address traps version 1 community snmp server host ip address traps version 1 community snmp snmp server host ip address traps version 2c community snmp server host ip address traps version 2c community snmp snmp server host ip address traps version 3 auth community snmp server host ip address traps version 3 auth comm...

Page 510: ...s SNMP version 2c security model version 3 Uses SNMP version 3 user based security model USM snmp Optional Enables a subset of traps specified in RFC1157 Default Values By default there are no hosts or traps enabled Usage Examples The following example sends all SNMP traps to the host at address 190 3 44 69 and community string My Community ProCurve config snmp server host 190 3 44 69 traps My Com...

Page 511: ...this command to return to the default setting Variations of this command include the following snmp server inform retries number snmp server inform timeout value Syntax Description retries number Specifies number of retries for a response The range is from 1 to 100 timeout value Specifies time in seconds to wait for a response The range is from 1 to 1000 seconds Default Values By default the retry...

Page 512: ...Network Management Protocol SNMP system location string Use the no form of this command to return to the default value Syntax Description string Alphanumeric string encased in quotation marks up to 32 characters in length used to populate the system location string Default Values string ProCurve Usage Examples The following example specifies a location of 5th Floor Network Room ProCurve config snm...

Page 513: ...mand to specify the URL for the device s management software Use the no form of this command to remove the management URL Syntax Description URL Specifies the URL for the management software Default Values No default is necessary for this command Usage Examples The following example specifies the URL http www mywatch com as the device s management software ProCurve config snmp server management ur...

Page 514: ...and to specify a label for the URL of the device s management software Use the no form of this command to remove the label Syntax Description label Specifies a label for the URL of the management software maximum length 255 characters Default Values No default is necessary for this command Usage Examples The following example specifies the label watch for the management software ProCurve config sn...

Page 515: ...g traps and get set requests will use the designated interface s IP address Use the no form of this command to remove specified interfaces Syntax Description interface Specifies the physical interface that should originate SNMP traps Enter snmp server source interface for a complete list of valid interfaces Default Values By default there are no trap source interfaces defined Usage Examples The fo...

Page 516: ...v des password access listname snmp server user username groupname v3 auth sha password snmp server user username groupname v3 auth sha password access listname snmp server user username groupname v3 auth sha password priv des password snmp server user username groupname v3 auth sha password priv des password access listname Syntax Description access listname Specifies an access control list entry...

Page 517: ...agent password Indicates a password entry Default Values No default is necessary with this command Usage Examples The following example enters a new user named BobbyW and assigns the user to a group called securityV3auth using version 3 security model with authentication method md5 with a password of passWORD6243 and no access control list to verify ProCurve config snmp server user BobbyW security...

Page 518: ...ies the object identifier oid to include or exclude from the view To identify the subtree specify a string using numbers such as 1 4 2 6 8 Replace a single subidentifier with the asterisk to specify a subtree family excluded Specifies an excluded view included Specifies an included view Default Values No default value necessary for this command Usage Examples The snmp server view command can inclu...

Page 519: ...imeout command to set the amount of time to wait for a response before allowing a new request Syntax Description time Specifies time in seconds to wait for a response before retrying The range is from 3 to 4 294 967 294 Default Values By default the retry timeout is set to 5 seconds Usage Examples The following example sets the SNTP retry timeout to 10 seconds ProCurve config sntp retry time 10 ...

Page 520: ...ork Use the no form of this command to return to the default setting Variations of this command include sntp server version hostname sntp server version ip address sntp server version number Syntax Description address or hostname Specifies the IP address or hostname of the SNTP server version 1 3 Specifies which NTP version is used 1 3 Default Values By default version is set to 1 Usage Examples T...

Page 521: ...e Use the sntp wait time command to set the time between updates from the time server Syntax Description time Specifies time in seconds between updates The range is from 10 to 4 294 967 294 Default Values By default the wait time is set to 86400 seconds 1 day Usage Examples The following example sets the SNTP wait time to two days ProCurve config sntp wait time 172800 ...

Page 522: ...subcommands Default Values Disabled by default Functional Notes The BPDU filter blocks any BPDUs from being transmitted and received on an interface This can be overridden on an individual port Usage Examples The following example enables the bpdufilter on all ports by default ProCurve config spanning tree edgeport bpdufilter default To disable the BPDU filter on a specific interface issue the app...

Page 523: ...scription No subcommands Default Values Disabled by default Functional Notes The bpduguard blocks any BPDUs from being received on an interface This can be overridden on an individual port Usage Examples The following example enables the BPDU guard on all ports by default ProCurve config spanning tree bpduguard default To disable the BPDU guard on a specific interface issue the appropriate command...

Page 524: ...by default Use the no form of this command to disable the setting Syntax Description No subcommands Default Values Disabled by default Usage Examples The following example configures all interfaces running spanning tree to be edgeports by default ProCurve config spanning tree edgeport default An individual interface can be configured to not be considered an edgeport For example ProCurve config int...

Page 525: ...g tree forward time command to specify the delay interval in seconds when forwarding spanning tree packets Use the no form of this command to return to the default interval Syntax Description seconds Forward delay interval in seconds Range 4 to 30 Default Values seconds 15 seconds Usage Examples The following example sets the forwarding time to 15 seconds ProCurve config spanning tree forward time...

Page 526: ...o specify the delay interval in seconds between hello bridge protocol data units BPDUs To return to the default interval use the no form of this command Syntax Description seconds Delay interval in seconds between hello BPDUs Range 0 to 1 000 000 Default Values seconds 2 seconds Usage Examples The following example configures a spanning tree hello time interval of 10000 seconds ProCurve config spa...

Page 527: ... to receive Bridge Protocol Data Units BPDUs from the root bridge before assuming the network has changed thus re evaluating the spanning tree topology Use the no form of this command to return to the default interval Syntax Description seconds Wait interval in seconds between received BPDUs from the root bridge Range 6 to 40 Default Values seconds 20 seconds Usage Examples The following example c...

Page 528: ...de rstp stp Use the spanning tree mode command to choose a spanning tree mode of operation Syntax Description rstp Enables rapid spanning tree protocol stp Enables spanning tree protocol Default Values By default this is set to rstp Usage Examples The following example sets the spanning tree mode to rapid spanning tree protocol ProCurve config spanning tree mode rstp ...

Page 529: ...panning tree pathcost command to select a short or long pathcost method used by the spanning tree protocol Syntax Description short Selects a short pathcost method long Selects a long pathcost method Default Values By default this is set to short Usage Examples The following example designates the spanning tree protocol to use a long pathcost method ProCurve config spanning tree pathcost method lo...

Page 530: ...configured spanning tree interface will be the root for the bridge group To return to the default bridge priority value use the no version of this command Syntax Description value Priority value for the bridge interface Configuring this value to a low number increases the interface s chance of being the root Therefore the maximum priority level would be 0 Range 0 to 65 535 Default Values value 327...

Page 531: ...decrypting the traffic between the Network Access Server NAS and the TACACS daemon Setting a key for a particular server using the tacacs server host name IP key key command supersedes keys set globally using the tacacs server key key command port tcp port Specifies the TCP port number to be used when connecting to the TACACS daemon timeout seconds Specifies a timeout limit in seconds that the uni...

Page 532: ...ly errored seconds threshold UAS Specifies the unavailable seconds threshold 15Min Specifies that the threshold you are setting is for the counter s 15 minute statistics 24Hr Specifies that the threshold you are setting is for the counter s 24 hour statistics threshold Specifies the maximum occurrences allowed for this error type Once a threshold is exceeded an event is sent to the console specify...

Page 533: ... 531 thresholds SES 24Hr 100 thresholds SEFS 15Min 2 thresholds SEFS 24Hr 17 thresholds UAS 15Min 10 thresholds UAS 24Hr 10 Usage Examples The following example sets the threshold for the 15 minute and 24 hour bursty errored seconds counter to 25 and 200 respectively ProCurve config thresholds BES 15Min 25 ProCurve config thresholds BES 24Hr 200 ...

Page 534: ...t to any track registered with the probe In response the track performs the action indicated Associating track objects with probes can be defined through using logical AND OR statements Refer to test if on page 1351 for more information Usage Examples The following example creates an track called track_a ProCurve enable ProCurve configure terminal config tProCurverack track_a ProCurve config track...

Page 535: ...st and HTTP access Syntax Description username Alphanumerical string up to 30 characters in length the username is case sensitive password Alphanumerical string up to 30 characters in length the username is case sensitive Default Values By default there is no established username and password Functional Notes All users defined using the username password command are valid for access to the unit us...

Page 536: ...s and are covered in a centralized section of this guide For more information refer to the sections listed below do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 All other commands for this command set are described in this section in alphabetical order accounting commands level l name l default on page 535 authorization commands on page 538 databits 7 8 on page 540 flo...

Page 537: ... this command to disable this feature Variations of this command include accounting commands level name accounting commands level default Syntax Description level Specifies a command level 1 or 15 name Applies a named accounting method to this line default Applies the default accounting method to a line Default Values The default for this command is off Usage Examples The following example applies...

Page 538: ...aaa on on page 321 Use the no form of this command to disable this feature Variations of this command include the following accounting connection name accounting connection default Syntax Description name Applies a named accounting method to this line default Applies the default accounting method to a line Default Values By default there is no accounting method applied to a line Usage Examples The...

Page 539: ...mmand aaa on on page 321 Use the no form of this command to disable this feature Variations of this command include the following accounting exec name accounting exec default Syntax Description name Applies a named accounting method to this line default Applies the default accounting method to a line Default Values By default there is no accounting method applied to a line Usage Examples The follo...

Page 540: ... disable this feature Variations of this command include authorization commands level name authorization commands level default Syntax Description level Specifies a command level 1 or 15 name Applies a named authorization method to this line default Applies the default authorization method to a line Default Values By default this command is disabled Usage Examples The following example applies the...

Page 541: ...nd aaa on on page 321 Use the no form of this command to disable this feature Variations of this command include the following authorization exec name authorization exec default Syntax Description name Applies a named authorization method to this line default Applies the default authorization method to a line Default Values By default there is no authorization method applied to a line Usage Exampl...

Page 542: ...ion of your VT100 terminal or terminal emulator software The default is 8 databits per character Use the no form of this command to return to the default value Syntax Description 7 Specifies 7 data bits per character 8 Specifies 8 data bits per character Default Values By default console terminal sessions use 8 data bits Usage Examples The following example configures 7 databits per character for ...

Page 543: ...trol for the line console Use the no form of this command to return to the default setting Syntax Description none Specifies no flow control software in Configures the SROS to derive flow control from the attached device Default Values By default flow control is set to none Usage Examples The following example configures no flow control for the line console ProCurve config line console 0 ProCurve ...

Page 544: ...rminates the session Use the no form of this command to return to the default value Syntax Description minutes Specifies the number of minutes a line session may remain inactive before the SROS terminates the session Entering a line timeout value of 0 disables the feature Default Values By default the line timeout is set to 15 minutes Console and Telnet Usage Examples The following example specifi...

Page 545: ... configured using the password command Use the no form of this command to disable the login feature Syntax Description No subcommands Default Values By default there is no login password set for access to the unit Usage Examples The following example enables the security login feature and specifies a password on the available console session ProCurve config line console 0 ProCurve config console 0...

Page 546: ...n aaa login list Specifies the AAA login list to use for authentication Default Values The default value is the default AAA list Functional Notes If the AAA subsystem is activated but no login authentication list is given the default list is used If the default list is used but the default list is not configured the behavior for consoles is to be granted access This prevents a lockout configuratio...

Page 547: ...userlist feature Syntax Description No subcommands Default Values By default there is no login password set for access to the unit Usage Examples The following example displays creating a local userlist and enabling the security login feature on the CONSOLE port ProCurve config username my_user password my_password ProCurve config line console 0 ProCurve config con 0 login local userlist When conn...

Page 548: ...n the data sequence is odd or set to 1 if the number of 1 bits is even mark Always set the parity bit to 1 none No parity bit used odd Set the parity bit to 1 if the number of 1 bits in the data sequence is even or set to 1 if the number is odd space Always set the parity bit to 0 Default Values option none Functional Notes Parity is the process used to detect whether characters have been altered ...

Page 549: ...ands password Alphanumeric character string up to 16 characters used to specify the password for the line session Default Values By default there is no login password set for access to the unit Usage Examples The following example enables the security login feature and specifies a password on the CONSOLE port ProCurve config line console 0 ProCurve config con 0 login ProCurve config con 0 password...

Page 550: ...g must match your VT100 terminal emulator or emulator software Use the no form of this command to restore the default value Syntax Description rate Specifies rate of data transfer on the interface 2400 4800 9600 19 200 38 400 57 600 or 115 200 bps Default Values By default the speed is set to 9600 bps Usage Examples The following example configures the Console port for 19200 bps ProCurve config li...

Page 551: ... the configuration of your VT100 terminal or terminal emulator software The default is 1 stopbit per character Use the no form of this command to return to the default value Syntax Description 1 Specifies 1 stopbit per character 2 Specifies 2 stopbits per character Default Values By default stopbits is set to 1 Usage Examples The following example configures 2 stopbits per character for the consol...

Page 552: ...e ProCurve configure terminal ProCurve config line telnet 2 ProCurve config telnet2 The following commands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below bind from interface slot port tdm group to interface slot port on page 1431 do on page 1435 end on page 1436 exit on page 1437 ping address on pag...

Page 553: ...ed access lists associated with Telnet sessions Functional Notes When using the access class in command to associate an access list with a Telnet session remember to duplicate the access class in command for all configured Telnet sessions 0 through 4 Telnet access to the unit using a particular Telnet session is not possible Users will be assigned the first available Telnet session Usage Examples ...

Page 554: ...nd to disable this feature Variations of this command include accounting commands level name accounting commands level default Syntax Description level Specifies a command level 1 or 15 name Applies a named accounting method to this line default Applies the default accounting method to a line Default Values The default for this command is off Usage Examples The following example applies the defaul...

Page 555: ...aaa on on page 321 Use the no form of this command to disable this feature Variations of this command include the following accounting connection name accounting connection default Syntax Description name Applies a named accounting method to this line default Applies the default accounting method to a line Default Values By default there is no accounting method applied to a line Usage Examples The...

Page 556: ...ommand aaa on on page 321 Use the no form of this command to disable this feature Variations of this command include the following accounting exec name accounting exec default Syntax Description name Applies a named accounting method to this line default Applies the default accounting method to a line Default Values By default there is no accounting method applied to a line Usage Examples The foll...

Page 557: ...and to disable this feature Variations of this command include authorization commands level name authorization commands level default Syntax Description level Specifies a command level 1 or 15 name Applies a named authorization method to this line default Applies the default authorization method to a line Default Values The default for this command is off Usage Examples The following example appli...

Page 558: ...re the SROS terminates the session Use the no form of this command to return to the default value Syntax Description minutes Specifies the number of minutes a line session may remain inactive before the SROS terminates the session Entering a line timeout value of 0 disables the feature Default Values minutes 15 minutes Console and Telnet Usage Examples The following example specifies a timeout of ...

Page 559: ...ed using the password command Use the no form of this command to disable the login feature Syntax Description No subcommands Default Values By default there is no login password set for access to the unit Usage Examples The following example enables the security login feature and specifies a password on all the available Telnet sessions 0 through 4 ProCurve config line telnet 0 4 ProCurve config t...

Page 560: ...ecifies the AAA login list to use for authentication Default Values The default value is the default AAA list Functional Notes If the AAA subsystem is activated but no login authentication list is given the default list is used If the default list is used but the default list is not configured the behavior for telnets is to use the local user database Usage Examples The following example specifies...

Page 561: ...in local userlist feature Syntax Description No subcommands Default Values By default there is no login password set for access to the unit Usage Examples The following example displays creating a local userlist and enabling the security login feature ProCurve config username my_user password my_password ProCurve config line telnet 0 ProCurve config telnet0 login local userlist When connecting to ...

Page 562: ... password Alphanumeric character string up to 16 characters used to specify the password for the line session Default Values By default there is no login password set for access to the unit Usage Examples The following example enables the security login feature and specifies a password for the Telnet session 0 ProCurve config line telnet 0 ProCurve config telnet0 login ProCurve config telnet0 pass...

Page 563: ...r example ProCurve enable ProCurve configure terminal ProCurve config line ssh 2 ProCurve config ssh2 The following commands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below bind from interface slot port tdm group to interface slot port on page 1431 do on page 1435 end on page 1436 exit on page 1437 p...

Page 564: ...or all access list descriptors are case sensitive Default Values By default there are no configured access lists associated with SSH sessions Functional Notes When using the access class in command to associate an access list with an SSH session remember to duplicate the access class in command for all configured SSH sessions 0 through 4 SSH access to the unit using a particular SSH session is not...

Page 565: ...isable this feature Variations of this command include accounting commands level name accounting commands level default Syntax Description level Specifies a command level 1 or 15 name Applies a named accounting method to this line default Applies the default accounting method to a line Default Values By default AAA accounting methods are not applied to SSH lines Usage Examples The following exampl...

Page 566: ...mand aaa on on page 321 Use the no form of this command to disable this feature Variations of this command include the following accounting connection name accounting connection default Syntax Description name Applies a named accounting method to this line default Applies the default accounting method to a line Default Values By default there is no accounting method applied to a line Usage Example...

Page 567: ...the command aaa on on page 321 Use the no form of this command to disable this feature Variations of this command include the following accounting exec name accounting exec default Syntax Description name Applies a named accounting method to this line default Applies the default accounting method to a line Default Values By default there is no accounting method applied to a line Usage Examples The...

Page 568: ... this feature Variations of this command include authorization commands level name authorization commands level default Syntax Description level Specifies a command level 1 or 15 name Applies a named authorization method to this line default Applies the default authorization method to a line Default Values By default AAA authorization methods are not applied to SSH lines Usage Examples The followi...

Page 569: ...ssion Use the no form of this command to return to the default value Syntax Description minutes Specifies the number of minutes a line session may remain inactive before the SROS terminates the session Valid range 0 to 35 791 Entering a line timeout value of 0 disables the feature Default Values By default the line timeout is set to 15 minutes Usage Examples The following example specifies a timeo...

Page 570: ...n list Syntax Description aaa login list Specifies the name of the AAA login list to use for authentication Default Values The default value is the default AAA list Functional Notes If the AAA subsystem is activated but no login authentication list is given the default list is used If the default list is used but the default list is not configured SSH uses the local user database Usage Examples Th...

Page 571: ...to disable the login local userlist feature Syntax Description No subcommands Default Values By default there is no login password set for access to the unit Usage Examples The following example creates a local userlist and enables the security login feature ProCurve config username my_user password my_password ProCurve config line ssh 0 ProCurve config ssh0 login local userlist When connecting to...

Page 572: ...dsl 1 1 The following commands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below alias text on page 1430 bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other ...

Page 573: ...ackard Development Company L P 571 retrain Use the retrain command to force the modem to retrain Syntax Description No subcommands Default Values No default is necessary for this command Usage Examples The following example forces a modem retrain ProCurve config interface adsl1 1 ProCurve config adsl 1 1 retrain ...

Page 574: ...se the snr margin command to set the minimum Signal to Noise Ratio margin in dB Syntax Description margin Sets the minimum SNR margin in dB The range is from 1 to 15 Default Values By default SNR margin is 0 dB Usage Examples The following example sets the SNR margin to a minimum level of 3 dB ProCurve config interface adsl 1 1 ProCurve config adsl 1 1 snr margin 3 ...

Page 575: ...nitoring Syntax Description showtime monitor Enables margin monitoring to retrain the ADSL interface if the specified minimum margin is violated during showtime training monitor Enables margin monitoring to retrain the ADSL interface if the specified minimum margin is violated during training Default Values By default SNR margin monitoring is disabled Usage Examples The following example enables S...

Page 576: ...DSL2 mode ADSL2 ANNEX M Specifies ITU G 992 5 Annex M ADSL2 mode G DMT Specifies ANSI full rate mode G LITE Specifies ANSI splitterless mode Multi Mode Specifies auto detect mode When set to multi mode the ADSL interface attempts to train to the DSLAM using each of the supported training modes until a match is found READLS2 Specifies ITU G 992 3 Annex L mode T1 413 Specifies ANSI T1 413 mode Defau...

Page 577: ...35 end on page 1436 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other commands for this command set are described in this section in alphabetical order bonding commands begin on page 576 caller id override always number if no cid number on page 582 isdn ldn 1 ldn 2 ldn on page 583 isdn spid 1 spid 2 spid string LDN on page 584 isdn switch type basic 5ess basic dms basic n...

Page 578: ...he bonded aggregate before considering the bonding negotiation a failure Default Values By default the bonding txadd timer value is set to 50 seconds Functional Notes Specifies the length of time both endpoints wait for additional calls to be connected at the end of negotiation before deciding that the bonding call has failed The factory default setting is sufficient for most calls to connect alth...

Page 579: ... seconds Specifies the number of seconds the endpoint may negotiate data rates and channel capacities before considering the bonding negotiation a failure Default Values By default the bonding txcid timer value is set to 5 seconds Functional Notes Specifies the length of time both endpoints attempt to negotiate an agreeable value for bearer channels and channel capacities before deciding the bondi...

Page 580: ... no form of this command to return to the default value Syntax Description seconds Specifies the number of seconds the endpoint allots for attempting to equalize the network delay between bearer channels before considering the bonding negotiation a failure Default Values By default the bonding txdeq timer value is set to 50 seconds Usage Examples The following example defines a bonding txdeq timer...

Page 581: ...etect the bonding frame pattern when a call is connected before considering the bonding negotiation a failure Default Values By default the bonding txfa timer value is set to 10 seconds Functional Notes Specifies the length of time the endpoint attempts to detect the bonding frame pattern when a call is connected before deciding the bonding call has failed When operating with other manufacturers b...

Page 582: ...conds the endpoint waits to detect the bonding negotiation frame pattern from the remote endpoint when a call is connected before considering the bonding negotiation a failure Default Values By default the bonding txinit timer value is set to 10 seconds Functional Notes Specifies the length of time the originating endpoint attempts to detect the bonding negotiation pattern from the answering endpo...

Page 583: ...riginating endpoint after answering a call before considering the bonding negotiation a failure Default Values By default the bonding txnull timer value is set to 10 seconds Functional Notes Specifies the length of time the answering endpoint attempts to detect the bonding negotiation pattern from the originating endpoint before deciding the bonding call has failed It may be necessary to shorten t...

Page 584: ... number with the number given if no cid number Replaces the incoming caller ID number with the number given only if there is no caller ID information available for the incoming call Default Values By default this command is disabled Functional Notes Forces a replacement of the incoming caller ID number with the number given The received caller ID if any is discarded and the given override number i...

Page 585: ...rvice provider The LDN is the number used by remote callers to dial into the ISDN circuit Default Values By default there are no configured LDNs Functional Notes Inbound calls are not accepted on interfaces without programmed LDNs LDNs can also be entered using the isdn spid command The isdn spid and isdn ldn commands overwrite the existing programmed LDN therefore the last LDN programming entered...

Page 586: ...iated with SPID 1 An LDN programmed using the isdn spid 2 command is automatically associated with SPID 2 The LDN is the number used by remote callers to dial into the ISDN circuit Inbound calls are not accepted on interfaces without programmed LDNs LDNs can also be entered using the isdn ldn command The isdn spid and isdn ldn commands overwrite the existing programmed LDN therefore the last LDN p...

Page 587: ...ng basic dms Specifies Nortel DMS 100 custom signaling The basic dms signaling type is not compatible with proprietary SL 1 DMS signaling basic net3 Specifies Net3 Euro ISDN signaling basic ni Specifies National ISDN 1 signaling Default Values By default the ISDN signaling type is set to National ISDN 1 Functional Notes The isdn switch type command specifies the type of ISDN signaling implemented ...

Page 588: ... the established D channel between the ISDN module and the Central Office switch drops b1 Loops the data on B1 back towards the router A B1 loopback does not disrupt D channel signaling b2 Loops the data on B2 back towards the router A B2 loopback does not disrupt D channel signaling both Loops the data on B1 and B2 back towards the router but does not disrupt D channel signaling Default Values No...

Page 589: ...n B1 back towards the network A B1 loopback does not disrupt D channel signaling b2 Loops the data on B2 back towards the network A B2 loopback does not disrupt D channel signaling both Loops the data on B1 and B2 back towards the network but does not disrupt D channel signaling Default Values No default necessary for this command Usage Examples The following example enables a b2 loopback of the b...

Page 590: ...Syntax Description reset Forces a complete reset of the interface by initiating the SABME UA process restart d Resets the D channel by sending a Q 931 RESTART message to the Central Office Switch Default Values No default necessary for this command Usage Examples The following example resets the bri 1 2 interface ProCurve config interface bri 1 2 ProCurve config bri 1 2 maintenance reset Caution T...

Page 591: ...s the name of the resource pool to which this interface is assigned priority Optional Specifies the priority of using this interface versus other interfaces contained in the specified resource pool using a number 1 to 255 Lower numbers indicate higher priority Interfaces with the same priority are selected in alphabetical order by interface name Default Values By default BRI interfaces are not ass...

Page 592: ...ce from test mode using the no test call dial command speed 56 64 Specifies a channel rate of 56 or 64 kbps for the test call answer Places the interface in test answer mode and configures it to accept inbound calls Using the test call answer command supersedes any other interface configuration that may exist Test calls answered by the interface while in test mode will perform channel negotiation ...

Page 593: ...a centralized section of this guide For more information refer to the sections listed below alias text on page 1430 bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other commands for this command set are described in this section in alphab...

Page 594: ...yntax Description ami Configures the line coding for alternate mark inversion AMI b8zs Configures the line coding for bipolar eight zero substitution B8ZS Default Values By default all DSX 1 interfaces are configured with B8ZS line coding Functional Notes The line coding configured in the unit must match the line coding of the DSX 1 circuit A mismatch will result in line errors e g BPVs Usage Exam...

Page 595: ...ifies D4 superframe SF format esf Specifies extended superframe ESF format Default Values By default the framing format is set to esf Functional Notes A frame is comprised of a single byte from each of the T1 s timeslots there are 24 timeslots on a single T1 circuit Framing bits are used to separate the frames and indicate the order of information arriving at the receiving equipment D4 and ESF are...

Page 596: ... 655 feet Default Values By default the line build out is set to 0 feet Functional Notes The line length value represents the physical distance between DSX equipment measured in cable length Based on this setting the SROS device increases signal strength to compensate for the distance the signal must travel Valid distance ranges are listed below 0 to 133 feet 134 to 265 feet 266 to 399 feet 400 to...

Page 597: ...ate the loopback Syntax Description line Initiates a metallic loopback of the physical DSX 1 network interface payload Initiates a loopback of the T1 framer CSU portion of the DSX 1 network interface Default Values No default necessary for this command Functional Notes The following diagram depicts the difference between a line and payload loopback Usage Examples The following example initiates a ...

Page 598: ...Description inband Uses the inband channel to initiate a full 1 544 Mbps physical metallic loopback of the signal received by the remote unit from the network Default Values No defaults necessary for this command Functional Notes A remote loopback can only be issued if a bind does not exist on the interface and if the signaling mode is set to none The following diagram depicts the difference betwe...

Page 599: ...figure the interface to respond to loopbacks initiated by a remote unit or the service provider Use the no form of this command to disable this feature Syntax Description No subcommands Default Values By default all interfaces respond to remote loopbacks Usage Examples The following example enables remote loopbacks on the DSX 1 interface ProCurve config interface t1 1 2 ProCurve config t1 1 2 remo...

Page 600: ...ssage oriented Specifies clear channel signaling on Channel 24 only Use this signaling type with QSIG installations none Specifies clear channel signaling on all 24 DS0s Use this signaling type with data only or PRI DSX 1 installations robbed bit Specifies robbed bit signaling on all DS0s Use this signaling type for voice only DSX 1 applications Default Values By default the signaling mode is set ...

Page 601: ...here is an interface status change Use the no form of this command to disable this trap Syntax Description No subcommands Default Values By default the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay interfaces Functional Notes The snmp trap link status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID OID number 1 3 6 1 2 1 31 1 1 1 14 0 Usage E...

Page 602: ...ttern generation can be used to verify a data path when used in conjunction with an active loopback Use the no form of this command to cease pattern generation Syntax Description ones Generates a test pattern of continous ones zeros Generates a test pattern of continous zeros Default Values No defaults necessary for this command Usage Examples The following example activates the pattern generator ...

Page 603: ...xt on page 1430 bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other commands for this command set are described in this section in alphabetical order clock source internal line through on page 602 coding ami hdb3 on page 603 framing crc4...

Page 604: ... the internal oscillator line Configures the unit to recover clocking from the E1 circuit through Configures the unit to recover clocking from the circuit connected to the G 703 interface Default Values By default the unit is configured to recover clocking from the primary circuit Functional Notes When operating on a circuit that is providing timing setting the clock source to line can avoid error...

Page 605: ...vider Syntax Description ami Configures the line coding for alternate mark inversion AMI hdb3 Configures the line coding for high density bipolar 3 HDB3 Default Values By default all E1 interfaces are configured with HDB3 line coding Functional Notes The line coding configured in the unit must match the line coding of the E1 circuit A mismatch will result in line errors e g BPVs Usage Examples The...

Page 606: ... form of this command to return to the default value Syntax Description crc4 Enables CRC 4 bits to be transmitted in the outgoing data stream Also the received signal is checked for CRC 4 errors Default Values By default CRC 4 framing is disabled Functional Notes The framing value must match the configuration of the E1 circuit A mismatch will result in a loss of frame alarm Usage Examples The foll...

Page 607: ...mmand is enabled Functional Notes This command enables the detection of a loopback alarm This alarm works in conjunction with the sa4tx bit command setting The loopback condition is detected by comparing the transmitted sa4tx bit value to the received Sa4 bit value If the bits match a loopback is assumed This detection method only works with a network in which the far end is transmitting the oppos...

Page 608: ... this command to deactivate the loopback Syntax Description line Initiates a metallic loopback of the physical E1 network interface payload Initiates a loopback of the E1 framer CSU portion of the E1 network interface Default Values No default necessary for this command Functional Notes The following diagram depicts a line loopback Usage Examples The following example initiates a line loopback of ...

Page 609: ...h a V 54 loopback pattern Use the no form of this command to deactivate the loopback Syntax Description No subcommands Default Values No default value is necessary for this command Functional Notes This command causes a V 54 inband loop code to be sent in the payload towards the far end Usage Examples The following example sends a V 54 inband loop code to the far end ProCurve config interface e1 1...

Page 610: ...e in interface operational status ais Specifies sending an alarm indication signal AIS as an unframed all ones signal Default Values The default for this command is rai Functional Notes An E1 will respond to a loss of frame on the receive signal by transmitting a remote alarm to the far end to indicate the error condition TS0 of an E1 contains the Frame Alignment Signal FAS in the even numbered fr...

Page 611: ...e the no form of this command to disable this feature Syntax Description No subcommands Default Values By default all interfaces respond to remote loopbacks Functional Notes This controls the acceptance of any remote loopback requests When enabled remote loopbacks are detected and cause a loopback to be applied When disabled remote loopbacks are ignored Usage Examples The following example enables...

Page 612: ... Description No subcommands Default Values The default value for this command is 1 Functional Notes This command assigns a value to the Tx spare bit in position 4 The odd numbered frames of TS0 are not used for frame alignment Bits in position 4 through 8 are called spare bits Values of 0 or 1 are accepted Usage Examples The following example sets the Tx value of Sa4 to 0 ProCurve config interface...

Page 613: ... is an interface status change Use the no form of this command to disable this trap Syntax Description No subcommands Default Values By default the dsx1LineStatusChangeTrapEnable OID is set to enabled for all interfaces except virtual Frame Relay Interfaces Functional Notes The snmp trap line status command is used to control the RFC2495 dsx1LineStatusChangeTrapEnable OID OID number 1 3 6 1 2 1 10...

Page 614: ...here is an interface status change Use the no form of this command to disable this trap Syntax Description No subcommands Default Values By default the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay interfaces Functional Notes The snmp trap link status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID OID number 1 3 6 1 2 1 31 1 1 1 14 0 Usage E...

Page 615: ... This can be entered as a single number representing one of the 31 E1 channel timeslots or as a contiguous group of channels For example 1 10 specifies the first 10 channels of the E1 speed 56 l 64 Optional Specifies the individual channel rate on the E1 interface to be 56 or 64 kbps The default speed is 64 kbps 56 kbps operation is not available on all E1 interfaces Refer to the Quick Start Guide...

Page 616: ...count using the errors keyword errors Displays the test pattern error count insert Inserts an error into the currently active test pattern Display the error count using the errors keyword ones Generates a test pattern of continuous ones p215 Generates a pseudorandom test pattern based on a 15 bit shift register p220 Generates a pseudorandom test pattern based on a 20 bit shift register p511 Genera...

Page 617: ... subcommands Default Values No defaults necessary for this command Functional Notes If timeslot 16 is used on the incoming E1 do not map timeslot 16 using the tdm group command By default all timeslots not physically mapped using the tdm group command are passed through to the G 703 interface Leaving timeslot 16 unmapped makes it available for multiframe signaling by the connected E1 device Usage ...

Page 618: ...t command at the Global Configuration mode prompt For example ProCurve enable ProCurve configure terminal ProCurve config interface ethernet 0 1 ProCurve config eth 0 1 To activate the Ethernet Sub Interface Configuration mode enter the interface ethernet command at the Global Configuration mode prompt For example ProCurve enable ProCurve configure terminal ProCurve config interface ethernet 0 1 1...

Page 619: ...et are described in this section in alphabetical order access policy policyname on page 619 arp arpa on page 620 bandwidth value on page 621 bridge group group on page 622 bridge group group vlan transparent on page 623 crypto map mapname on page 624 dynamic dns on page 626 encapsulation 802 1q on page 628 full duplex on page 629 Note Not all Ethernet commands apply to all Ethernet types Use the c...

Page 620: ...bilities system description system name on page 661 lldp send and receive on page 662 mac address address on page 663 max reserved bandwidth percent on page 664 mtu size on page 665 port auth supplicant username username password password on page 666 qos policy in out mapname on page 667 snmp trap on page 668 snmp trap link status on page 669 spanning tree commands begin on page 670 speed 10 100 a...

Page 621: ... refer to ip policy class policyname on page 426 Usage Examples The following example associates the access policy UnTrusted to allow inbound traffic to the Web server to the Ethernet 0 1 interface Enable the SROS security features ProCurve config ip firewall Create the access list this is the packet selector ProCurve config ip access list extended InWeb ProCurve config ext nacl permit tcp any hos...

Page 622: ...e arp arpa command to enable address resolution protocol ARP on the Ethernet interface Syntax Description arpa Sets standard address resolution protocol for this interface Default Values The default for this command is arpa Usage Examples The following example enables standard ARP for the Ethernet interface ProCurve config interface eth 0 1 ProCurve config eth 0 1 arp arpa ...

Page 623: ...and to restore the default value Syntax Description value Specifies bandwidth in kbps Default Values To view default values use the show interfaces command Functional Notes The bandwidth command is an informational value that is communicated to the higher level protocols to be used in cost calculations This is a routing parameter only and does not affect the physical interface Usage Examples The f...

Page 624: ...Specifies the bridge group number 1 to 255 Default Values By default there are no configured bridge groups Functional Notes A bridged network can provide excellent traffic management to reduce collisions and limit the amount of bandwidth wasted with unnecessary transmissions when routing is not necessary Any two interfaces can be bridged e g Ethernet to T1 bridge Ethernet to Frame Relay sub interf...

Page 625: ...he interface to remove the VLAN tag from the packet Syntax Description group Specifies the bridge group number Valid range is 1 to 255 Default Values By default VLAN tags are removed from the data Usage Examples The following example removes the VLAN tags from the packets on the Ethernet interface 0 1 ProCurve config interface ethernet 0 1 ProCurve config eth 0 1 bridge group 1 vlan transparent No...

Page 626: ...ing the policy class and associated access control lists ACLs that describe the behavior of the firewall do not forget to include the traffic coming into the system over a VPN tunnel terminated by the system The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or received over the VPN tunnel The following diagram represents typical SROS data flow logic ...

Page 627: ...rypted data is processed by the firewall The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an interface When specifying the ACLs for a crypto map the source information is the private local side unencrypted source of the data The destination information will be the far end unencrypted destination of the data However ACLs for a policy class work in re...

Page 628: ...ol over your domain name regardless of where you purchased registered it This allows to manage IP address mappings A records domain aliases CNAME records and mail servers MX records dyndns The Dynamic DNSSM service allows you to alias a dynamic IP address to a static hostname in various domains This allows your unit to be more easily accessed from various locations on the Internet This service is ...

Page 629: ...onger to propagate though the DNS system This service is provided for up to five hostnames If your IP address doesn t change often or at all but you still want an easy name to remember it by without having to purchase your own domain name Static DNS service is ideal for you If you would like to use your own domain name such as yourname com you need Custom DNS service which also provides full dynam...

Page 630: ...t the interface into 802 1q VLAN mode Syntax Description No subcommands Default Values No default value is necessary for this command Usage Examples The following example puts interface eth 0 1 in 802 1q mode and configures a sub interface for vlan usage ProCurve config interface ethernet 0 1 ProCurve config eth 0 1 encapsulation 802 1q ProCurve config eth 0 1 interface ethernet 0 1 1 ProCurve con...

Page 631: ...e ability to send and receive data simultaneously over the link Theoretically this simultaneous action can provide twice the bandwidth of normal half duplex Ethernet To deploy full duplex Ethernet each end of the link must only connect to a single device a workstation or a switched hub port With only two devices on a full duplex link there is no need to use the medium access control mechanism to s...

Page 632: ...oviding mechanisms to avoid collisions A host on a half duplex link must listen on the link and only transmit when there is an idle period Packets transmitted on the link are broadcast so it will be heard by all hosts on the network In the event of a collision two hosts transmitting at once a message is sent to inform all hosts of the collision and a backoff algorithm is implemented The backoff al...

Page 633: ...ied interface out Enables access control on packets transmitted on the specified interface Default Values By default these commands are disabled Functional Notes When this command is enabled the IP destination address of each packet must be validated before being passed through If the packet is not acceptable per these settings it is dropped Usage Examples The following example sets up the router ...

Page 634: ...pecifying an interface defines the client identifier as the hexadecimal MAC address of the specified interface including a hexadecimal number added to the front of the MAC address to identify the media type For example specifying the client id ethernet 0 1 where the Ethernet interface has a MAC address of 0012 7991 1150 defines the client identifier as 01 00 12 79 91 11 50 where 01 defines the med...

Page 635: ...t the hostname is the name configured using the Global Configuration hostname command Functional Notes Dynamic Host Configuration Protocol DHCP allows interfaces to acquire a dynamically assigned IP address from a configured DHCP server on the network Many Internet Service Providers ISPs require the use of DHCP when connecting to their services Using DHCP reduces the number of dedicated IP address...

Page 636: ...s secondary IP addresses for the specified interface Multiple secondary IP addresses may be assigned no limit Default Values By default there are no assigned IP addresses Functional Notes Use secondary IP addresses to allow dual subnets on a single interface when you need more IP addresses than the primary subnet can provide When using secondary IP addresses avoid routing loops by verifying that a...

Page 637: ...ically assigned IP address from a configured DHCP server on the network Many Internet Service Providers ISPs require the use of DHCP when connecting to their services Using DHCP reduces the number of dedicated IP addresses the ISP must obtain Usage Examples The following example releases the IP address assigned by DHCP on the Ethernet interface eth 0 1 ProCurve config int eth 0 1 ProCurve config e...

Page 638: ...essary for this command Functional Notes Dynamic Host Configuration Protocol DHCP allows interfaces to acquire a dynamically assigned IP address from a configured DHCP server on the network Many Internet Service Providers ISPs require the use of DHCP when connecting to their services Using DHCP reduces the number of dedicated IP addresses the ISP must obtain Usage Examples The following example re...

Page 639: ...s When broadcast packets of the specified type forwarded using the ip forward protocol command are received on the interface they will be forwarded to the device that needs the information Only packets meeting the following criteria are considered eligible by the ip helper address feature 1 The packet IP protocol is User Datagram Protocol UDP 2 Any UDP port specified using the ip forward protocol ...

Page 640: ...t group s multicast packets to the interface Range 100 to 65535 ms Default 1000 ms querier timeout seconds Specifies the number of seconds that the router waits after the current querier s last query before it takes over as querier IGMP V2 Range 60 300 seconds Default 2x the query interval value query interval seconds Specifies the interval at which IGMP queries are sent on an interface Host query...

Page 641: ...ub helper address and ip mcast stub upstream commands Downstream interfaces connect to segments with multicast hosts Multiple interfaces may be configured in downstream mode however interfaces connecting to the multicast network upstream should not be configured in downstream mode Interfaces configured as downstream should have the lowest IP address of all IGMP capable routers on the connected seg...

Page 642: ...his command is disabled Functional Notes Multicast routing must be enabled prior to setting ip mcast stub fixed on the selected interface Also use the ip igmp static group A B C D command to receive multicast traffic without host initiated Internet Group Management Protocol IGMP activity on the selected interface Otherwise all host initiated IGMP transactions will enter multicast routes on the rou...

Page 643: ...stub downstream interfaces The address specified may be the next upstream hop or any upstream address on the distribution tree for the multicast source up to and including the multicast source The router selects from the list of multicast stub upstream interfaces the interface on the shortest path to the specified address The router then proxies on the selected upstream interface using an IGMP hos...

Page 644: ...ion with the ip mcast stub helper address and ip mcast stub downstream commands When enabled the interface becomes a candidate to be a helper forwarding interface If chosen as the best path toward the helper address by the router s unicast route table the IGMP host function is dynamically enabled and the interface becomes the active upstream interface enabling the router to perform as an IGMP prox...

Page 645: ...onds Specifies the interval between hello packets sent on the interface Range 0 to 32 767 message digest key keyid md5 key Configures OSPF Message Digest 5 MD5 authentication 16 byte max keys The SROS allows two keys key ID 1 and key ID 2 priority value Set the OSPF priority The value set in this field helps determine the designated router for this network Range 0 to 255 retransmit interval second...

Page 646: ...uthenticate an interface that is performing OSPF authentication Syntax Description message digest Optional Selects message digest authentication type null Optional Specifies that no authentication be used Default Values By default this is set to null meaning no authentication is used Usage Examples The following example specifies that no authentication will be used on the Ethernet interface ProCur...

Page 647: ...of network on this interface Syntax Description broadcast Sets the network type for broadcast point to point Sets the network type for point to point Default Values By default Ethernet defaults to broadcast All other interfaces default to point to point Functional Notes A point to point network will not elect designated routers Usage Examples The following example designates a broadcast network ty...

Page 648: ...ion No subcommands Default Values By default PIM Sparse Mode is disabled for all interfaces Functional Notes PIM Sparse Mode is a multicast routing protocol that makes use of the unicast forwarding table PIM systems builds unidirectional shared trees rooted at a Rendezvous Point RP for a multicast group or a shortest path tree rooted at a specific source for a multicast group Usage Examples The fo...

Page 649: ...hello messages transmitted on the interface Routers use the priority values to determine the appropriate DR The router on the network segment with the highest priority is selected as the DR If a hello message is received on the interface from a router on the network segment and it does not contain a priority the entire network segment defaults to DR selection based on IP addresses instead of prior...

Page 650: ...sent out the interface Valid range is 10 to 3600 seconds Default Values By default hellos are transmitted on PIM interfaces every 60 seconds Functional Notes Hello messages are used to inform neighbors of a router s presence Hello messages normally generate a small amount of traffic on an interface Setting the hello timer to a small interval increases the number of hellos sent thus increasing the ...

Page 651: ...eighbor is not present Use the no form of this command to return to the default value Syntax Description time Specifies the time interval in seconds the PIM interface waits before a neighbor is considered not present Valid range is 30 to 10 800 seconds Default Values By default the nbr timeout is set to 105 seconds Usage Examples The following example specifies a wait interval of 360 seconds on th...

Page 652: ...Use the no form of this command to return to the default value Syntax Description time Specifies the delay interval in milliseconds after a join prune in which another router on the LAN may override the join prune Valid range is 0 to 65 535 milliseconds Default Values By default the override interval is set to 2500 milliseconds Usage Examples The following example sets the delay interval for join ...

Page 653: ...nds to estimate the amount of delay found in the local link Use the no form of this command to return to the default value Syntax Description time Specifies the expected propagation delay in the local link in milliseconds Valid range is 0 to 32 767 milliseconds Default Values By default the propagation delay is set to 500 milliseconds Usage Examples The following example sets the expected propagat...

Page 654: ...s command to remove the assignment Removing a route map from the interface does not remove the route map configuration parameters from the system Syntax Description mapname Specifies the route map to associate with this interface Default Values By default policy based routing is disabled for all interfaces Usage Examples The following example associates the route map named MyMap with the eth 0 1 i...

Page 655: ...address Default Values By default ip proxy arp is enabled Functional Notes In general the principle of proxy ARP allows a router to insert its IP address in the source IP address field of a packet if the packet is from a host on one of its subnetworks This allows hosts to reach devices on other subnetworks without implementing routing or specifying a default gateway If proxy ARP is enabled the SRO...

Page 656: ...1 packets received on the interface 2 Accepts RIP version 2 packets received on the interface Default Values By default all interfaces implement RIP version 1 Functional Notes Use the ip rip receive version command to specify a RIP version that overrides the version in the Router RIP configuration The SROS only accepts one version either 1 or 2 on a given interface Usage Examples The following exa...

Page 657: ...the interface 2 Transmits RIP version 2 packets received on the interface Default Values By default all interfaces transmit RIP version 1 the default value for the version command Functional Notes Use the ip rip send version command to specify a RIP version that overrides the version in the Router RIP configuration The SROS only transmits one version either 1 or 2 on a given interface Usage Exampl...

Page 658: ...fies the IP address of the network to be summarized network mask Specifies the network mask to be applied to the specific network to be summarized Default Values By default no manual summarization is applied by RIP Functional Notes Unlike the automatic summarization on classful network boundaries only specific network advertisements are made by RIP using the ip rip summary address command This com...

Page 659: ... Syntax Description No subcommands Default Values By default route caching is enabled on all interfaces Functional Notes Route caching allows an IP interface to provide optimum performance when processing IP traffic Usage Examples The following example enables route caching on the Ethernet interface ProCurve config interface ethernet 0 1 ProCurve config eth 0 1 ip route cache Note Using Network Ad...

Page 660: ... a PPP interface use ppp 1 for an ATM sub interface use atm 1 1 and for a wireless virtual access point use dot11ap 1 1 1 Type ip unnumbered for a list of valid interfaces Default Values By default all interfaces are configured to use a specified IP address using the ip address command Functional Notes If ip unnumbered is enabled on an interface all IP traffic from the interface will use a source ...

Page 661: ...n Applies the filter to the inbound traffic out Applies the filter to the outbound traffic Default Values By default there are no URL filters applied to any interfaces Functional Notes The firewall must be enabled using the ip firewall command in order to use URL filters The URL filter must be created by using the ip urlfilter filtername http command before applying it to the interface See ip urlf...

Page 662: ...660 lldp receive Use the lldp receive command to allow LLDP packets to be received on this interface Syntax Description No subcommands Default Values By default all interfaces are configured to send and receive LLDP packets Usage Examples The following example configures Ethernet interface 0 1 to receive LLDP packets ProCurve config eth 0 1 lldp receive ...

Page 663: ...s transmission of this device s system capabilities on this interface system description Enables transmission of this device s system description on this interface system name Enables transmission of this device s system name on this interface Default Values Be default all interfaces are configured to transmit and receive LLDP packets of all types Functional Notes Individual LLDP information can b...

Page 664: ...o transmit and receive LLDP packets of all types Functional Notes Individual LLDP information can be enabled or disabled using the various forms of the lldp send command For example use the lldp send and receive command to enable transmit and receive of all LLDP information Then use the no lldp send port description command to prevent LLDP from transmitting port description information Usage Examp...

Page 665: ...twork providers require MAC address registration to connect to their networks Locking access to the public network based on MAC addresses can cause problems for multi computer offices For example many cable internet providers register the MAC address of your computer s Ethernet card limiting the use of the network access to the registered computer Use the mac address command to program the compute...

Page 666: ...on percent Specifies the percentage of interface bandwidth to make available for user defined priority or class based queues Enter an integer 1 to 100 Default Values By default max reserved bandwidth is set to 75 which reserves 25 percent of the interface bandwidth for system critical traffic Usage Examples The following example specifies 85 percent of the bandwidth on the eth 0 1 interface to be ...

Page 667: ...500 Tunnel interfaces 64 to 18 190 Virtual Frame Relay sub interfaces 64 to 1520 Virtual PPP interfaces 64 to 1500 Default Values size The default values for the various interfaces are listed below ATM interfaces 1500 Demand interfaces 1500 Ethernet interfaces 1500 FDL interfaces 256 HDLC interfaces 1500 Loopback interfaces 1500 Tunnel interfaces 1500 Virtual Frame Relay sub interfaces 1500 Virtua...

Page 668: ...he default username is username password password Specifies the password to use during the authentication process The default password is password Default Values By default this command disabled Functional Notes If your network infrastructure is configured to use 802 1x on every port configure the router to function as an 802 1x client The router when configured as a 802 1x client passes username ...

Page 669: ...following changes 1 A priority or class based entry is added to deleted from or changed in a QoS map set 2 The interface bandwidth is changed by the bandwidth command on the interface 3 A QoS policy is applied to an interface 4 A bind is created that includes an interface with a QoS policy 5 The interface queuing method is changed to fair queue to use weighted fair queuing 6 The interface operatio...

Page 670: ...o enable all supported Simple Network Management Protocol SNMP traps on the interface Syntax Description No subcommands Default Values By default all interfaces except virtual Frame Relay interfaces and sub interfaces have SNMP traps enabled Usage Examples The following example enables SNMP capability on the Ethernet interface ProCurve config interface eth 0 1 ProCurve config eth 0 1 snmp trap ...

Page 671: ...hen there is an interface status change Use the no form of this command to disable this trap Syntax Description No subcommands Default Values By default the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay interfaces Functional Notes The snmp trap link status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID OID number 1 3 6 1 2 1 31 1 1 1 14 0 Us...

Page 672: ...ting Syntax Description enable Enables bpdufilter for this interface disable Disables bpdufilter for this interface Default Values By default this setting is disabled Functional Notes The bpdufilter blocks any BPDUs from being transmitted and received on an interface Usage Examples The following example enables the bpdufilter on the interface eth 0 1 ProCurve config interface eth 0 1 ProCurve conf...

Page 673: ...ommand to return to the default setting Syntax Description enable Enables bpduguard for this interface disable Disables bpduguard for this interface Default Values By default this setting is disabled Functional Notes The bpduguard blocks any BPDUs from being received on an interface Usage Examples The following example enables the bpduguard on the interface eth 0 1 ProCurve config interface eth 0 ...

Page 674: ...bcommands Default Values By default this setting is disabled Functional Notes Enabling this command configures the interface to go to a forwarding state when the link goes up Usage Examples The following example configures the interface to be an edgeport ProCurve config interface eth 0 1 ProCurve config eth 0 1 spanning tree edgeport An individual interface can be configured to not be considered a...

Page 675: ...alf duplex is set to shared link type and a port configured for full duplex is set to point to point link type Setting the link type manually overrides the default and forces the port to use the specified link type Use the link type auto command to restore the convention of determining link type based on duplex settings Usage Examples The following example forces the link type to point to point ev...

Page 676: ...escription priority level Specifies a value from 0 to 255 Default Values By default this set to 128 Functional Notes The only time that this priority level is used is when two interfaces with a path to the root have equal cost At that point the level set in this command will determine which port the spanning tree will use Set the priority value lower to increase the chance the interface will be us...

Page 677: ...omatically detects 10 or 100 Mb Ethernet and negotiates the duplex setting in the following order 100 full 100 half 10 full 10 half Default Values By default speed is set to auto Usage Examples The following example configures the Ethernet port for 100 Mb operation ProCurve config interface ethernet 0 1 ProCurve config eth 0 1 speed 100 Note Some Ethernet equipment though rare is unable to negotia...

Page 678: ... by 5 to represent the number of bytes that would flow within 200 ms Default Values By default traffic shaping rate is disabled Functional Notes Traffic shaping can be used to limit an Ethernet segment to a particular rate or to specify use of QoS on Ethernet or VLAN interfaces Usage Examples The following example sets the outbound rate of eth 0 1 to 128 kbps and applies a QoS policy that all RTP ...

Page 679: ...of this command to remove an entry Syntax Description vlan id Specifies a valid VLAN interface ID number 1 to 4095 native Optional Specifies that data for that VLAN ID goes out untagged If native is not specified data for that VLAN ID goes out tagged Default Values By default no VLAN ID is set Usage Examples The following example configures a native VLAN of 5 for the Ethernet interface 0 1 ProCurv...

Page 680: ...llowing commands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below alias text on page 1430 bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 shutdown on page 1442 All oth...

Page 681: ... Syntax Description ami Configures the line coding for alternate mark inversion AMI hdb3 Configures the line coding for high density bipolar 3 HDB3 Default Values By default all E1 interfaces are configured with HDB3 line coding Functional Notes The line coding configured in the unit must match the line coding of the E1 circuit A mismatch will result in line errors e g BPVs Usage Examples The foll...

Page 682: ...no form of this command to return to the default value Syntax Description crc4 Enables CRC 4 bits to be transmitted in the outgoing data stream Also the received signal is checked for CRC 4 errors Default Values By default CRC 4 framing is enabled Functional Notes The framing value must match the configuration of the E1 circuit A mismatch will result in a loss of frame alarm Usage Examples The fol...

Page 683: ... this command to deactivate the loopback Syntax Description line Initiates a metallic loopback of the physical E1 network interface payload Initiates a loopback of the E1 framer CSU portion of the E1 network interface Default Values No default necessary for this command Functional Notes The following diagram depicts a line loopback Usage Examples The following example initiates a line loopback of ...

Page 684: ...here is an interface status change Use the no form of this command to disable this trap Syntax Description No subcommands Default Values By default the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay interfaces Functional Notes The snmp trap link status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID OID number 1 3 6 1 2 1 31 1 1 1 14 0 Usage E...

Page 685: ...ttern generation can be used to verify a data path when used in conjunction with an active loopback Use the no form of this command to cease pattern generation Syntax Description ones Generates a test pattern of continous ones zeros Generates a test pattern of continous zeros Default Values No defaults necessary for this command Usage Examples The following example activates the pattern generator ...

Page 686: ...No subcommands Default Values No defaults necessary for this command Functional Notes If timeslot 16 is used on the incoming E1 do not map timeslot 16 using the tdm group command By default all timeslots not physically mapped using the tdm group command are passed through to the G 703 interface Leaving timeslot 16 unmapped makes it available for multiframe signaling by the connected E1 device Usag...

Page 687: ...iple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below alias text on page 1430 bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other commands for this command set ar...

Page 688: ...lock recovered from the receive signal to generate et clock txclock Specifies using the clock recovered from the transmit signal to generate et clock Default Values By default the clock recovered from the transmit signal is used to generate the et clock Functional Notes The et clock is an interface timing signal provided by the DTE device used to synchronize the transfer of transmit data Usage Exa...

Page 689: ...No subcommands Default Values By default the serial interface does not ignore a change in status of the DCD signal Functional Notes When configured to follow DCD default condition the serial interface will not attempt to establish a connection when DCD is not present When configured to ignore DCD the serial interface will continue to attempt to establish a connection even when DCD is not present U...

Page 690: ...form of this command to return to the default value Syntax Description No subcommands Default Values By default the serial interface does not invert et clock Functional Notes If the serial interface cable is long causing a phase shift in the data the et clock can be inverted using the invert etclock command This switches the phase of the clock which compensates for a long cable Usage Examples The ...

Page 691: ...By default the serial interface does not expect an inverted receive clock rxclock Functional Notes If the serial interface cable is long causing a phase shift in the data the transmit clock can be inverted using the invert txclock command This switches the phase of the clock which compensates for a long cable If the transmit clock of the connected device is inverted use the invert rxclock command ...

Page 692: ...efault Values By default the serial interface does not invert transmit clock txclock Functional Notes If the serial interface cable is long causing a phase shift in the data the transmit clock can be inverted using the invert txclock command This switches the phase of the clock which compensates for a long cable If the transmit clock of the connected device is inverted use the invert rxclock comma...

Page 693: ...r use with the V 35 adapter cable J8757A X21 Configures the interface for use with the X 21 adapter cable J8755A Default Values By default the serial interface is configured for a V 35 adapter cable Functional Notes The pinouts for each of the available interfaces can be found in the Hardware Configuration Guide located on the ProCurve SROS Documentation CD provided in your shipment Usage Examples...

Page 694: ...e Network Management Protocol SNMP traps on the interface Use the no form of this command to disable SNMP on the interface Syntax Description No subcommands Default Values By default all interfaces except virtual Frame Relay interfaces and sub interfaces have SNMP traps enabled Usage Examples The following example enables SNMP on the serial interface ProCurve config interface serial 1 1 ProCurve c...

Page 695: ...en there is an interface status change Use the no form of this command to disable this trap Syntax Description No subcommands Default Values By default the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay interfaces Functional Notes The snmp trap link status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID OID number 1 3 6 1 2 1 31 1 1 1 14 0 Usa...

Page 696: ...of this guide For more information refer to the sections listed below alias text on page 1430 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other commands for this command set are described in this section in alphabetical order caller id override always number if no cid number on page 695 dialin on page 696 init...

Page 697: ...with the number given if no cid number Replaces the incoming caller ID number with the number given only if there is no caller ID information available for the incoming call Default Values By default this command is disabled Functional Notes This command forces a replacement of the incoming caller ID number with the number given The received caller ID if any is discarded and the given override num...

Page 698: ...alin command to enable the modem for remote console dial in disabling the use of the modem for backup Use the no form of this command to disable this feature Syntax Description No subcommands Default Values By default dialin is disabled Usage Examples The following example enables remote console dial in ProCurve config interface modem 1 2 ProCurve config modem 1 2 dialin ...

Page 699: ...string must start with AT and cannot contain spaces Default Values string ate0q0v1x4 n0 at All initialization strings must begin with AT e0 Disables command echo q0 Response messages on v1 Formats result codes in long word form x4 Specifies extended response set dial tone and busy signal detection for result codes following modem operations n0 Selects standard buffered connection only Usage Exampl...

Page 700: ...ecifies the name of the resource pool to which this interface is assigned cost Optional Specifies the cost of using this resource interface within the specified pool In the event of a tie a resource with a lower cost will be selected first Interfaces with the same cost will be selected in alphabetical order by interface name Default Values By default the interface is not assigned to any resource p...

Page 701: ...ias text on page 1430 bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other commands for this command set are described in this section in alphabetical order clock source internal line through on page 700 coding ami b8zs on page 701 fdl an...

Page 702: ...ide clocking using the internal oscillator line Configures the unit to recover clocking from the T1 circuit through Configures the unit to recover clocking from the circuit connected to the DSX 1 interface Default Values By default the clock source is set to line Functional Notes When operating on a circuit that is providing timing setting the clock source to line can avoid errors such as Clock Sl...

Page 703: ... Syntax Description ami Configures the line coding for alternate mark inversion AMI b8zs Configures the line coding for bipolar eight zero substitution B8ZS Default Values By default all T1 interfaces are configured with B8ZS line coding Functional Notes The line coding configured in the unit must match the line coding of the T1 circuit A mismatch will result in line errors e g BPVs Usage Examples...

Page 704: ...03 standard att Configures the FDL for AT T TR 54016 standard none Disables FDL on this circuit Default Values By default the FDL is configured for ansi Functional Notes T1 circuits using ESF framing format specified using the framing command reserve 12 bits as a data link communication channel referred to as the FDL between the equipment on either end of the circuit The FDL allows the transmissio...

Page 705: ...ies D4 superframe SF format esf Specifies extended superframe ESF format Default Values By default the framing format is configured for esf Functional Notes A frame is comprised of a single byte from each of the T1 s timeslots there are 24 timeslots on a single T1 circuit Framing bits are used to separate the frames and indicate the order of information arriving at the receiving equipment D4 and E...

Page 706: ... 655 Configures the LBO in feet for T1 interfaces with cable lengths less than 655 feet Range is 0 to 655 feet Default Values By default the build out is set to 0 dB Functional Notes Line build out LBO is artificial attenuation of a T1 output signal to simulate a degraded signal This is useful to avoid overdriving a receiver s circuits The shorter the distance between T1 equipment measured in cabl...

Page 707: ...tivate the loopback Syntax Description line Initiates a metallic loopback of the physical T1 network interface payload Initiates a loopback of the T1 framer CSU portion of the T1 network interface Default Values No default necessary for this command Functional Notes The following diagram depicts the difference between a line and payload loopback Usage Examples The following example initiates a pay...

Page 708: ...fdl Uses the facility data link FDL to initiate a full 1 544 Mbps physical metallic loopback of the signal received by the remote unit from the network inband Uses the inband channel to initiate a full 1 544 Mbps physical metallic loopback of the signal received by the remote unit from the network Default Values No defaults necessary for this command Functional Notes The following diagram depicts ...

Page 709: ...ed from the network maintaining bit sequence integrity for the information bits by synchronizing regenerating the timing Use the no form of this command to send a loopdown code to the remote unit to deactivate the loopback Syntax Description No subcommands Default Values No defaults necessary for this command Functional Notes The following diagram depicts the difference between a line and payload ...

Page 710: ...eceive signal Use the no form of this command to disable all transmitted alarms Syntax Description rai Specifies sending a remote alarm indication RAI in response to a loss of frame Also prevents a received RAI from causing a change in interface operational status Default Values The default for this command is rai Usage Examples The following example enables transmission of RAI in response to a lo...

Page 711: ...figure the interface to respond to loopbacks initiated by a remote unit or the service provider Use the no form of this command to disable this feature Syntax Description No subcommands Default Values By default all interfaces respond to remote loopbacks Usage Examples The following example enables remote loopbacks on the T1 interface ProCurve config interface t1 1 1 ProCurve config t1 1 1 remote ...

Page 712: ... is an interface status change Use the no form of this command to disable this trap Syntax Description No subcommands Default Values By default the dsx1LineStatusChangeTrapEnable OID is set to enabled for all interfaces except virtual Frame Relay Interfaces Functional Notes The snmp trap line status command is used to control the RFC2495 dsx1LineStatusChangeTrapEnable OID OID number 1 3 6 1 2 1 10...

Page 713: ...here is an interface status change Use the no form of this command to disable this trap Syntax Description No subcommands Default Values By default the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay interfaces Functional Notes The snmp trap link status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID OID number 1 3 6 1 2 1 31 1 1 1 14 0 Usage E...

Page 714: ... group This can be entered as a single number representing one of the 24 T1 channel timeslots or as a contiguous group of DS0s For example 1 10 specifies the first 10 channels of the T1 speed 56 l 64 Optional Specifies the individual DS0 rate on the T1 interface to be 56 or 64 kbps The default speed is 64 kbps 56 kbps operation is not available on all T1 interfaces Refer to the Quick Start Guide p...

Page 715: ...ng the errors keyword errors Displays the test pattern error count insert Inserts an error into the currently active test pattern Display the error count using the errors keyword ones Generates a test pattern of continous ones p215 Generates a pseudorandom test pattern sequence based on a 15 bit shift register p220 Generates a pseudorandom test pattern sequence based on a 20 bit shift register p51...

Page 716: ...ig interface atm 1 ProCurve config atm 1 The following commands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below alias text on page 1430 bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 exit on page 1437 ping address on page 1438...

Page 717: ...nd to enable all supported Simple Network Management Protocol SNMP traps on the interface Syntax Description No subcommands Default Values By default all interfaces except virtual Frame Relay interfaces and sub interfaces have SNMP traps enabled Usage Examples The following example enables SNMP on the ATM interface ProCurve config interface atm 1 ProCurve config atm 1 snmp trap ...

Page 718: ... there is an interface status change Use the no form of this command to disable this trap Syntax Description No subcommands Default Values By default the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay interfaces Functional Notes The snmp trap link status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID OID number 1 3 6 1 2 1 31 1 1 1 14 0 Usage...

Page 719: ...face slot port on page 1431 description text on page 1434 do on page 1435 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other commands for this command set are described in this section in alphabetical order access policy policyname on page 718 atm routed bridged ip on page 719 backup commands begin on page 720 bandwidth value on page 737 bridge group group on page 738 cryp...

Page 720: ... refer to ip policy class policyname on page 426 Usage Examples The following example associates the access policy UnTrusted to allow inbound traffic to the Web server to the ATM sub interface labeled 1 1 Enable the SROS security features ProCurve config ip firewall Create the access list this is the packet selector ProCurve config ip access list extended InWeb ProCurve config ext nacl permit tcp ...

Page 721: ...d bridged ip command to enable routed IP bridge encapsulation RBE on an interface Use the no form of this command to disable RBE operation Syntax Description No subcommands Default Values By default routed bridge encapsulation is disabled Usage Examples The following example enables routed bridge encapsulation ProCurve config interface atm 1 1 ProCurve config atm 1 1 atm routed bridged ip ...

Page 722: ... the sub interface to automatically attempt a backup upon failure Use the no form of this command to disable automatic backup on an interface Syntax Description No subcommands Default Values By default all backup endpoints will automatically attempt backup upon a failure Usage Examples The following enables automatic backup on the endpoint ProCurve config interface atm 1 1 ProCurve config atm 1 1 ...

Page 723: ...network conditions are operational Use the no form of this command to disable the auto restore feature Syntax Description No subcommands Default Values By default all backup endpoints will automatically restore the primary connection when the failure condition clears Usage Examples The following example configures the SROS to restore the primary connection automatically when the failure condition ...

Page 724: ...se the no form of this command to return to the default value Syntax Description seconds Specifies the delay period in seconds a failure must be active before the SROS will enter backup operation on the interface Range 10 to 86 400 seconds Default Values By default the backup delay period is set to 10 seconds Usage Examples The following example configures the SROS to wait 60 seconds on an endpoin...

Page 725: ...e Originates backup call on primary link failure originate answer Originates or answers call on primary link failure originate answer always Originates on failure answers and backs up always Default Values By default backup call mode is set to originate answer Functional Notes The majority of the configuration for the SROS backup implementation is configured via the backup PPP interface configurat...

Page 726: ... ppp 1 backup number 5552222 analog ppp 1 no shutdown interface ppp 1 ip address 172 22 56 1 255 255 255 252 ppp authentication chap username remoterouter password remotepass ppp chap hostname localrouter ppp chap password procurve no shutdown ip route 192 168 2 0 255 255 255 0 172 22 56 2 255 255 255 252 line telnet 0 4 password password Sample config for central router dialing in hostname Centra...

Page 727: ...chap hostname remoterouter ppp chap password remotepass no shutdown ip route 192 168 1 0 255 255 255 0 172 22 56 1 255 255 255 252 line telnet 0 4 password password Usage Examples The following example configures the SROS to generate backup calls for this endpoint using an analog modem interface to phone number 555 1111 but never answer calls and specifies ppp 2 as the backup interface ProCurve co...

Page 728: ...related PPP interface for authentication and IP negotiation 4 If the call fails to connect on the first number dialed the SROS places a call to the second number if a second number is configured The second number to be dialed references a separate PPP interface Dialing In 1 The SROS receives an inbound call on a physical interface 2 Caller ID is used to match the backup number command to the confi...

Page 729: ...call again or dialing a different number It is recommended this number be greater than 60 Syntax Description seconds Selects the amount of time in seconds that the router will wait for a connection before attempting another call valid range 10 to 300 Default Values By default the backup connect timeout period is set to 60 seconds Usage Examples The following configures the SROS to wait 120 seconds...

Page 730: ...up to allow maintenance to be performed on the primary link without disrupting data Use the no form of this command to return to the normal backup operation state Syntax Description backup Forces backup regardless of primary link state primary Forces primary link regardless of its state Default Values By default this feature is disabled Usage Examples The following configures the SROS to force thi...

Page 731: ...nctionality refer to the Functional Notes section of the command backup call mode role on page 723 Syntax Description attempts Selects the number of call retries that will be made after a link failure valid range is 0 to 15 Setting this value to 0 will allow unlimited retries during the time the network is failed Default Values By default backup maximum retry is set to 0 attempts Usage Examples Th...

Page 732: ... analog Indicates number connects to an analog modem digital 56k Indicates number belongs to a digital 56 kbps per DS0 connection digital 64k Indicates number belongs to a digital 64 kbps per DS0 connection isdn min chan Specifies the minimum number of DS0s required for a digital 56 or 64 kbps connection Range 1 to 24 isdn max chan Specifies the maximum number of DS0s desired for a digital 56 or 6...

Page 733: ...y lower priority links Use the no form of this command to return to the default value For more detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 723 Syntax Description value Sets the relative priority of this link valid range 0 to 100 A value of 100 designates the highest priority Default Values By default backup priorit...

Page 734: ...form of this command to return to the default value For more detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 723 Syntax Description No subcommands Default Values By default the SROS does not randomize the backup call timers Usage Examples The following example configures the SROS to randomize the backup timers associat...

Page 735: ...e detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 723 Syntax Description seconds Specifies the delay in seconds between attempting to re dial a failed backup attempt Range 10 to 3600 Default Values By default backup redial delay is set to 10 seconds Usage Examples The following example configures a redial delay of 25 s...

Page 736: ...uncing in and out of alarm For more detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 723 Syntax Description seconds Specifies the number of seconds the SROS will wait after a primary link is restored before disconnecting backup operation Range 10 to 86 400 Default Values By default backup restore delay is set to 10 seco...

Page 737: ...mode role on page 723 Syntax Description day Sets the days to allow backup valid range Monday through Sunday enable time Sets the time of day to enable backup Time is entered in 24 hour format 00 00 disable time Sets the time of day to disable backup Default Values By default backup is enabled for all days and times if the backup auto backup command has been issued and the backup schedule has not ...

Page 738: ...e or respond to backup sequences in the event of a network outage Use the no form of this command to reactivate the backup interface For more detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 723 Syntax Description No subcommands Default Values By default all SROS backup interfaces are disabled Usage Examples The followi...

Page 739: ...and to restore the default values Syntax Description value Enter bandwidth in kbps Default Values To view default values use the show interfaces command Functional Notes The bandwidth command is an informational value that is communicated to the higher level protocols to be used in cost calculations This is a routing parameter only and does not affect the physical interface Usage Examples The foll...

Page 740: ...roup number to the interface range is 1 to 255 Default Values By default there are no configured bridge groups Functional Notes A bridged network can provide excellent traffic management to reduce collisions and limit the amount of bandwidth wasted with unnecessary transmissions when routing is not necessary Any two interfaces can be bridged Ethernet to T1 bridge Ethernet to Frame Relay sub interf...

Page 741: ...the policy class and associated access control lists ACLs that describe the behavior of the firewall do not forget to include the traffic coming into the system over a VPN tunnel terminated by the system The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or received over the VPN tunnel The following diagram represents typical SROS data flow logic Note...

Page 742: ...crypted data is processed by the firewall The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an interface When specifying the ACLs for a crypto map the source information is the private local side unencrypted source of the data The destination information will be the far end unencrypted destination of the data However ACLs for a policy class work in r...

Page 743: ...r your domain name regardless of where you purchased registered it This allows you to manage IP address mappings A records domain aliases CNAME records and mail servers MX records dyndns The Dynamic DNSSM service allows you to alias a dynamic IP address to a static hostname in various domains This allows your unit to be more easily accessed from various locations on the Internet This service is pr...

Page 744: ...ough the DNS system This service is provided for up to five hostnames If your IP address doesn t change often or at all but you still want an easy name to remember it by without having to purchase your own domain name Static DNS service is ideal for you If you would like to use your own domain name such as yourname com you need Custom DNS service which also provides full dynamic and static IP addr...

Page 745: ...P protocol aal5mux ppp Specifies encapsulation type for multiplexed virtual circuits using the Point to Point PPP protocol aal5snap Specifies encapsulation type that supports LLC SNAP protocols Default Values By default the encapsulation type is aal5snap Functional Notes For PPP and PPPoE the encapsulation type can be aal5snap or aal5mux ppp For IP with no bridging the encapsulation type can be aa...

Page 746: ...g for an interface WFQ is enabled by default for WAN interfaces Syntax Description threshold Optional Specifies the maximum number of packets that can be present in each conversation sub queue Packets received for a conversation after this limit is reached are discarded Range 16 to 512 Default Values By default fair queue is enabled with a threshold of 64 packets Usage Examples The following examp...

Page 747: ... no form of this command to return to the default setting Syntax Description queue size Specifies the total number of packets the output queue can contain before packets are dropped Range 16 to 1000 Default Values The default queue size for WFQ is 400 The default queue size for PPP FIFO and Frame Relay round robin is 200 Usage Examples The following example sets the overall output queue size to 70...

Page 748: ...ived on the specified interface out Enables access control on packets transmitted on the specified interface Default Values By default these commands are disabled Functional Notes When this command is enabled the IP destination address of each packet must be validated before being passed through to the router system If the packet is not acceptable per these settings it is dropped Usage Examples Th...

Page 749: ...fying an interface defines the client identifier as the hexadecimal MAC address of the specified interface including a hexadecimal number added to the front of the MAC address to identify the media type For example specifying the client id ethernet 0 1 where the Ethernet interface has a MAC address of 0012 7991 1150 defines the client identifier as 01 00 12 79 91 11 50 where 01 defines the media t...

Page 750: ...ame is the name configured using the Global Configuration hostname command Functional Notes Dynamic Host Configuration Protocol DHCP allows interfaces to acquire a dynamically assigned IP address from a configured DHCP server on the network Many Internet Service Providers ISPs require the use of DHCP when connecting to their services Using DHCP reduces the number of dedicated IP addresses the ISP ...

Page 751: ...l Defines a secondary IP address for the specified interface Default Values By default there are no assigned IP addresses Functional Notes Use secondary IP addresses to allow dual subnets on a single interface when you need more IP addresses than the primary subnet can provide When using secondary IP addresses avoid routing loops by verifying that all devices on the network segment are configured ...

Page 752: ... renew the DHCP IP address This command is only applicable when using DHCP for IP address assignment Syntax Description release Releases DHCP IP address renew Renews DHCP IP address Default Values No default values required for this command Usage Examples The following example releases the IP DHCP address for the ATM sub interface 1 1 ProCurve config interface atm 1 1 ProCurve config atm 1 1 ip dh...

Page 753: ... packets When broadcast packets of the specified type forwarded using the ip forward protocol command are received on the interface they will be forwarded to the device that needs the information Only packets meeting the following criteria are considered eligible by the ip helper address feature 1 The packet IP protocol is UDP 2 Any UDP port specified using the ip forward protocol command 3 The me...

Page 754: ...p and stops sending that group s multicast packets to the interface Range 100 to 65535 ms Default 1000 ms querier timeout seconds Specifies the number of seconds that the router waits after the current querier s last query before it takes over as querier IGMP V2 Range 60 300 seconds Default 2x the query interval value query interval seconds Specifies the interval at which IGMP queries are sent on ...

Page 755: ...lper address and ip mcast stub upstream commands Downstream interfaces connect to segments with multicast hosts Multiple interfaces may be configured in downstream mode however interfaces connecting to the multicast network upstream should not be configured in downstream mode Interfaces configured as downstream should have the lowest IP address of all IGMP capable routers on the connected segment ...

Page 756: ...s command is disabled Functional Notes Multicast routing must be enabled prior to setting ip mcast stub fixed on the selected interface Also use the ip igmp static group A B C D command to receive multicast traffic without host initiated Internet Group Management Protocol IGMP activity on the selected interface Otherwise all host initiated IGMP transactions will enter multicast routes on the route...

Page 757: ...tub applications in conjunction with the ip mcast stub helper address ip mcast stub upstream and ip mcast stub downstream commands When enabled the interface becomes a helper forwarding interface The IGMP host function is dynamically enabled and the interface becomes the active upstream interface enabling the router to perform as an IGMP proxy Refer to ip mcast stub helper address ip address on pa...

Page 758: ...mcast stub downstream commands When enabled the interface becomes a candidate to be a helper forwarding interface If chosen as the best path toward the helper address by the router s unicast route table the IGMP host function is dynamically enabled and the interface becomes the active upstream interface enabling the router to perform as an IGMP proxy Though multiple interfaces may be candidates no...

Page 759: ...l between hello packets sent on the interface Range 0 to 32 767 message digest key keyid md5 key Configures OSPF Message Digest 5 MD5 authentication 16 byte max keys The SROS allows two keys key ID 1 and key ID 2 priority value Set the OSPF priority The value set in this field helps determine the designated router for this network Range 0 to 255 retransmit interval seconds Specifies the time betwe...

Page 760: ... interface that is performing OSPF authentication Syntax Description message digest Specifies message digest authentication type null Specifies that no authentication be used Default Values By default this is set to null meaning no authentication is used Usage Examples The following example specifies that no authentication will be used on the ATM sub interface 1 1 ProCurve config interface atm 1 1...

Page 761: ...terface Syntax Description broadcast Sets the network type for broadcast point to point Sets the network type for point to point Default Values By default Ethernet defaults to broadcast All other interfaces default to point to point Functional Notes A point to point network will not elect designated routers Usage Examples The following example designates a broadcast network type ProCurve config in...

Page 762: ...bcommands Default Values By default PIM Sparse Mode is disabled for all interfaces Functional Notes PIM Sparse Mode is a multicast routing protocol that makes use of the unicast forwarding table PIM systems builds unidirectional shared trees rooted at a Rendezvous Point RP for a multicast group or a shortest path tree rooted at a specific source for a multicast group Usage Examples The following e...

Page 763: ...o messages transmitted on the interface Routers use the priority values to determine the appropriate DR The router on the network segment with the highest priority is selected as the DR If a hello message is received on the interface from a router on the network segment and it does not contain a priority the entire network segment defaults to DR selection based on IP addresses instead of priority ...

Page 764: ...nt out the interface Valid range is 10 to 3600 seconds Default Values By default hellos are transmitted on PIM interfaces every 60 seconds Functional Notes Hello messages are used to inform neighbors of a router s presence Hello messages normally generate a small amount of traffic on an interface Setting the hello timer to a small interval increases the amount of hellos sent thus increasing the am...

Page 765: ...bor is not present Use the no form of this command to return to the default value Syntax Description time Specifies the time interval in seconds the PIM interface waits before a neighbor is considered not present Valid range is 30 to 10 800 seconds Default Values By default the nbr timeout is set to 105 seconds Usage Examples The following example specifies a wait interval of 360 seconds on the AT...

Page 766: ...the no form of this command to return to the default value Syntax Description time Specifies the delay interval in milliseconds after a join prune in which another router on the LAN may override the join prune Valid range is 0 to 65 535 milliseconds Default Values By default the override interval is set to 2500 milliseconds Usage Examples The following example sets the delay interval for join prun...

Page 767: ... to estimate the amount of delay found in the local link Use the no form of this command to return to the default value Syntax Description time Specifies the expected propagation delay in the local link in milliseconds Valid range is 0 to 32 767 milliseconds Default Values By default the propagation delay is set to 500 milliseconds Usage Examples The following example sets the expected propagation...

Page 768: ...command to remove the assignment Removing a route map from the interface does not remove the route map configuration parameters from the system Syntax Description mapname Specifies the route map to associate with this interface Default Values By default policy based routing is disabled for all interfaces Usage Examples The following example associates the route map named MyMap with ATM interface 1...

Page 769: ... Default Values By default proxy ARP is enabled Functional Notes In general the principle of proxy ARP allows a router to insert its IP address in the source IP address field of a packet if the packet is from a host on one of its subnetworks This allows hosts to reach devices on other subnetworks without implementing routing or specifying a default gateway If proxy ARP is enabled the SROS will res...

Page 770: ...rsion 1 packets received on the interface 2 Accepts only RIP version 2 packets received on the interface Default Values By default all interfaces implement RIP version 1 the default value for the version command Functional Notes Use the ip rip receive version to specify a RIP version that will override the version in the Router RIP configuration The SROS only accepts one version either 1 or 2 on a...

Page 771: ...y RIP version 1 packets on the interface 2 Transmits only RIP version 2 packets on the interface Default Values By default all interfaces transmit RIP version 1 the default value for the version command Functional Notes Use the ip rip send version to specify a RIP version that will override the version in the Router RIP configuration The SROS only transmits one version either 1 or 2 on a given int...

Page 772: ...ies the IP address of the network to be summarized network mask Specifies the network mask to be applied to the specific network to be summarized Default Values By default no manual summarization is applied by RIP Functional Notes Unlike the automatic summarization on classful network boundaries only specific network advertisements are made by RIP using the ip rip summary address command This comm...

Page 773: ...ntax Description No subcommands Default Values By default route caching is enabled on all interfaces Functional Notes Route caching allows an IP interface to provide optimum performance when processing IP traffic Usage Examples The following example enables route caching on the ATM sub interface 1 1 ProCurve config interface atm 1 1 ProCurve config atm 1 1 ip route cache Note Using Network Address...

Page 774: ...all interfaces are configured to use a specified IP address using the ip address command Functional Notes If ip unnumbered is enabled on an interface all IP traffic from the interface will use a source IP address taken from the specified interface For example specifying ip unnumbered eth 0 1 while in the ATM Sub Interface Configuration mode configures the ATM sub interface to use the IP address as...

Page 775: ... Applies the filter to the inbound traffic out Applies the filter to the outbound traffic Default Values By default there are no URL filters applied to any interfaces Functional Notes The firewall must be enabled using the ip firewall command in order to use URL filters The URL filter must be created by using the ip urlfilter filtername http command before applying it to the interface See ip urlfi...

Page 776: ...iption percent Specifies the percentage of interface bandwidth to make available for user defined priority or class based queues Enter an integer 1 to 100 Default Values By default max reserved bandwidth is set to 75 which reserves 25 percent of the interface bandwidth for system critical traffic Usage Examples The following example specifies 85 percent of the bandwidth on the atm 1 1 interface to...

Page 777: ...nnel interfaces 64 to 18 190 Virtual Frame Relay sub interfaces 64 to 1520 Virtual PPP interfaces 64 to 1500 Default Values size The default values for the various interfaces are listed below ATM interfaces 1500 Demand interfaces 1500 Ethernet interfaces 1500 FDL interfaces 256 HDLC interfaces 1500 Loopback interfaces 1500 Tunnel interfaces 1500 Virtual Frame Relay sub interfaces 1500 Virtual PPP ...

Page 778: ...ll generation and OAM management for an ATM interface Use the no form of this command to disable generation of OAM loopback cells Syntax Description frequency Specifies the time delay between transmitting OAM loopback cells The range is from 0 to 600 seconds Default Values By default the frequency is 1 second Usage Examples The following example enables OAM loopback cell generation with a frequenc...

Page 779: ...hange a PVC connection state to up The range is from 1 to 255 down count Specifies the number of consecutive end to end F5 OAM loopback cell responses that are not received in order to change a PVC state to down The range is from 1 to 255 retry frequency Specifies the frequency in seconds that end to end F5 OAM loopback cells are transmitted when a change in the up down state of a PVC is being ver...

Page 780: ...is command to remove the link Syntax Description VPI VCI Specifies the ATM network virtual path identifier VPI for this PVC and the ATM network virtual path identifier VPI for this PVC The VPI value range is 0 to 255 and the VCI value range is 32 to 65 535 Default Values No default value is necessary for this command Usage Examples The following example sets the VPI to 8 and the VCI to 35 ProCurve...

Page 781: ...ove the map from the interface The keyword out specifies that this policy will be applied to outgoing packets Syntax Description mapname Specifies the name of a previously created QoS map refer to qos map mapname sequence number on page 486 for more information Default Values No default value is necessary for this command Usage Examples The following example applies the QoS map VOICEMAP to the ATM...

Page 782: ...o form of this command Syntax Description enable Enables the BPDU filter disable Disables the BPDU filter Default Values By default this command is set to disable Functional Notes The purpose of this command is to remove a port from participation in the spanning tree This might be beneficial while debugging a network setup It normally should not be used in a live network Usage Examples The followi...

Page 783: ...mmand to block BPDUs from being received on this interface To return to the default value use the no form of this command Syntax Description enable Enables the BPDU block disable Disables the BPDU block Default Values By default this command is set to disable Usage Examples The following example enables the BPDU guard on the interface ProCurve config interface atm 1 1 ProCurve config atm 1 1 spann...

Page 784: ...no form of this command to return the interface to normal operation non edgeport Syntax Description No subcommands Default Values By default this command is set to disable Usage Examples The following example configures the interface to be an edgeport ProCurve config interface atm 1 1 ProCurve config atm 1 1 spanning tree edgeport An individual interface can be configured to not be considered an e...

Page 785: ...ype and a port configured for full duplex is set to point to point link type Setting the link type manually overrides the default and forces the port to use the specified link type Using the link type auto command restores the convention of determining link type based on duplex settings Usage Examples The following example forces the link type to point to point even if the port is configured to be...

Page 786: ...ue is inversely proportional to the likelihood the bridge interface will be chosen as the root path Set the path cost value lower to increase the chance the interface will be the root To obtain the most accurate spanning tree calculations develop a system for determining path costs for links and apply it to all bridged interfaces Usage Examples The following example assigns a path cost of 100 for ...

Page 787: ...he bridge group the lower the value the higher the priority valid range 0 to 255 Default Values By default the priority value is set to 128 Functional Notes The only time that this priority level is used is when two interfaces with a path to the root have equal cost At that point the level set in this command will determine which port the bridge will use Set the priority value lower to increase th...

Page 788: ...ig bridge irb ProCurve config interface bvi 1 ProCurve config bvi 1 The following commands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping ...

Page 789: ...SROS Command Line Interface Reference Guide BVI Interface Config Command Set 5991 2114 Copyright 2007 Hewlett Packard Development Company L P 787 traffic shape rate value burst on page 816 ...

Page 790: ...terface enter the interface configuration mode for the desired interface and enter access policy policy name For more details on creating and using access policies refer to ip policy class policyname on page 426 Usage Examples The following example associates the access policy Private to allow inbound traffic to the Web server to BVI interface 1 Enable the SROS security features ProCurve config ip...

Page 791: ...the default values Syntax Description value Specifies bandwidth in kbps Range is 1 to 4 294 967 295 kbps Default Values To view default values use the show interfaces command Functional Notes The bandwidth command is an informational value that is communicated to the higher level protocols to be used in cost calculations This is a routing parameter only and does not affect the physical interface U...

Page 792: ...e policy class and associated access control lists ACLs that describe the behavior of the firewall do not forget to include the traffic coming into the system over a VPN tunnel terminated by the system The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or received over the VPN tunnel The following diagram represents typical SROS data flow logic Note W...

Page 793: ...nencrypted data is processed by the firewall The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an interface When specifying the ACLs for a crypto map the source information is the private local side unencrypted source of the data The destination information will be the far end unencrypted destination of the data However ACLs for a policy class work i...

Page 794: ...dless of where you purchased registered it This allows to manage IP address mappings A records domain aliases CNAME records and mail servers MX records dyndns The Dynamic DNSSM offered by Dynamic Network Services Inc DynDNS org allows you to alias a dynamic IP address to a static host name in various domains This allows your unit to be more easily accessed from various locations on the Internet Th...

Page 795: ...ate though the DNS system This service is provided for up to five host names If your IP address does not change often or at all but you still want an easy name to remember it by without having to purchase your own domain name Static DNS service is ideal for you If you would like to use your own domain name such as yourname com you need Custom DNS service which also provides full dynamic and static...

Page 796: ...eived on the specified interface out Enables access control on packets transmitted on the specified interface Default Values By default these commands are disabled Functional Notes When this command is enabled the IP destination address of each packet must be validated before being passed through If the packet is not acceptable per these settings it is dropped Usage Examples The following example ...

Page 797: ...fier as the hexadecimal MAC address of the specified interface including a hexadecimal number added to the front of the MAC address to identify the media type For example specifying the client id ethernet 0 1 where the Ethernet interface has a MAC address of d217 0491 1150 defines the client identifier as 01 d2 17 04 91 11 50 where 01 defines the media type as Ethernet Refer to hardware address ha...

Page 798: ...e configured using the Global Configuration hostname command Functional Notes DHCP allows interfaces to acquire a dynamically assigned IP address from a configured DHCP server on the network Many Internet Service Providers ISPs require the use of DHCP when connecting to their services Using DHCP reduces the number of dedicated IP addresses the ISP must obtain Consult your ISP to determine the prop...

Page 799: ...ion for example 255 255 255 0 or as a prefix length for example 24 secondary Optional Configures a secondary IP address for the specified interface Default Values By default there are no assigned IP addresses Functional Notes Use secondary IP addresses to allow dual subnets on a single interface when you need more IP addresses than the primary subnet can provide When using secondary IP addresses a...

Page 800: ...he destination subnet The packet is then sent as a link layer broadcast The ip directed broadcast command controls the distribution of directed broadcasts when they reach their target subnets Only the final transmission of the directed broadcast on its ultimate destination subnet is affected It does not affect the transit unicast routing of IP directed broadcasts If ip directed broadcast is enable...

Page 801: ...t packets of the specified type forwarded using the ip forward protocol command are received on the interface they will be forwarded to the device that needs the information Only packets meeting the following criteria are considered eligible by the ip helper address feature 1 The packet IP protocol is User Datagram Protocol UDP 2 Any UDP port specified using the ip forward protocol command 3 The m...

Page 802: ...es any computed cost value Range 1 to 65 535 dead interval seconds Sets the maximum interval allowed between hello packets If the maximum is exceeded neighboring devices will determine that the device is down Range 0 to 32767 hello interval seconds Specifies the interval between hello packets sent on the interface Range 0 to 32 767 message digest key keyid md5 key Configures OSPF Message Digest 5 ...

Page 803: ...and Set 5991 2114 Copyright 2007 Hewlett Packard Development Company L P 801 Usage Examples The following example sets the maximum number of seconds allowed between hello packets to 25 000 ProCurve config interface bvi 1 ProCurve config bvi 1 ip ospf dead interval 25000 ...

Page 804: ...te an interface that is performing OSPF authentication Syntax Description message digest Specifies message digest authentication type null Specifies that no authentication be used Default Values By default this is set to null meaning no authentication is used Usage Examples The following example specifies that no authentication will be used on BVI interface 1 ProCurve config interface bvi 1 ProCur...

Page 805: ...terface Syntax Description broadcast Sets the network type for broadcast point to point Sets the network type for point to point Default Values By default Ethernet defaults to broadcast All other interfaces default to point to point Functional Notes A point to point network will not elect designated routers Usage Examples The following example designates a broadcast network type ProCurve config in...

Page 806: ...s command to remove the assignment Removing a route map from the interface does not remove the route map configuration parameters from the system Syntax Description mapname Specifies the route map to associate with this interface Default Values By default policy based routing is disabled for all interfaces Usage Examples The following example assigns the policy route map policy1 to the interface P...

Page 807: ...dress Default Values By default proxy ARP is enabled Functional Notes In general the principle of proxy ARP allows a router to insert its IP address in the source IP address field of a packet if the packet is from a host on one of its subnetworks This allows hosts to reach devices on other subnetworks without implementing routing or specifying a default gateway If proxy ARP is enabled the SROS wil...

Page 808: ...IP version 1 packets received on the interface 2 Accepts only RIP version 2 packets received on the interface Default Values By default all interfaces implement RIP version 1 the default value for the version command Functional Notes Use the ip rip receive version to specify a RIP version that will override the version in the Router RIP configuration The SROS only accepts one version either 1 or 2...

Page 809: ...s only RIP version 1 packets on the interface 2 Transmits only RIP version 2 packets on the interface Default Values By default all interfaces transmit RIP version 1 the default value for the version command Functional Notes Use the ip rip send version to specify a RIP version that will override the version in the Router RIP configuration The SROS only transmits one version either 1 or 2 on a give...

Page 810: ...ies the IP address of the network to be summarized network mask Specifies the network mask to be applied to the specific network to be summarized Default Values By default no manual summarization is applied by RIP Functional Notes Unlike the automatic summarization on classful network boundaries only specific network advertisements are made by RIP using the ip rip summary address command This comm...

Page 811: ...Syntax Description No subcommands Default Values By default route caching is enabled on all interfaces Functional Notes Route caching allows an IP interface to provide optimum performance when processing IP traffic Usage Examples The following example enables fast cache switching on a BVI interface ProCurve config interface bvi 1 ProCurve config bvi 1 ip route cache Note Using Network Address Tran...

Page 812: ...By default all interfaces are configured to use a specified IP address using the ip address command Functional Notes If ip unnumbered is enabled on an interface all IP traffic from the interface will use a source IP address taken from the specified interface For example specifying ip unnumbered eth 0 1 while in the BVI interface Configuration mode configures the BVI interface to use the IP address...

Page 813: ...nd traffic out Applies the filter to the outbound traffic Default Values By default there are no URL filters applied to any interfaces Functional Notes The firewall must be enabled using the ip firewall command in order to use URL filters The URL filter must be created by using the ip urlfilter name http command before applying it to the interface Refer to ip urlfilter name http on page 455 for mo...

Page 814: ...the no form of this command to return to the default MAC address programmed by ProCurve Syntax Description mac address Specifies a valid 48 bit MAC address MAC addresses should be expressed in following format xx xx xx xx xx xx for example 00 A0 C8 00 00 01 Default Values A unique default MAC address is programmed in each unit shipped by ProCurve Usage Examples The following example configures a M...

Page 815: ...on percent Specifies the percentage of interface bandwidth to make available for user defined priority or class based queues Enter an integer 1 to 100 Default Values By default max reserved bandwidth is set to 75 which reserves 25 percent of the interface bandwidth for system critical traffic Usage Examples The following example specifies 85 percent of the bandwidth on BVI interface 1 be available...

Page 816: ...00 Tunnel interfaces 64 to 18 190 Virtual Frame Relay sub interfaces 64 to 1520 Virtual PPP interfaces 64 to 1500 Default Values size The default values for the various interfaces are listed below ATM interfaces 1500 Demand interfaces 1500 Ethernet interfaces 1500 FDL interfaces 256 HDLC interfaces 1500 Loopback interfaces 1500 Tunnel interfaces 1500 Virtual Frame Relay sub interfaces 1500 Virtual...

Page 817: ... based entry is added to deleted from or changed in a QoS map set 2 The interface bandwidth is changed by the bandwidth command on the interface 3 A QoS policy is applied to an interface 4 A bind is created that includes an interface with a QoS policy 5 The interface queuing method is changed to fair queue to use weighted fair queuing 6 The interface operational status changes 7 The interface band...

Page 818: ...urst is specified as the rate divided by 5 and represents the number of bytes that would flow within 200 ms Default Values By default traffic shape rate is disabled Functional Notes Traffic shaping can be used to limit the VLAN interface to a particular rate or to specify use of QoS Usage Examples The following example sets the outbound rate of bvi 1 to 128 kbps and applies a QoS policy that gives...

Page 819: ...ce slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other commands for this command set are described in this section in alphabetical order access policy policyname on page 819 bandwidth value on page 820 called number DNIS number on page 821 caller number CLI...

Page 820: ... 857 lldp receive on page 858 lldp send management address l port description l system capabilities l system description l system name on page 859 match interesting list acl name reverse list acl name in out on page 861 max reserved bandwidth percent on page 862 mtu size on page 863 peer default ip address address on page 864 ppp commands begin on page 865 qos policy in out mapname on page 873 res...

Page 821: ...fer to ip policy class policyname on page 426 Usage Examples The following example associates the access policy UnTrusted to allow inbound traffic to the Web server to the demand interface Enable the SROS security features ProCurve config ip firewall Create the access list this is the packet selector ProCurve config ip access list extended InWeb ProCurve config ext nacl permit tcp any host 10 12 5...

Page 822: ... restore the default values Syntax Description value Specifies the bandwidth value in kbps Default Values To view default values use the show interfaces command Functional Notes The bandwidth command is an informational value that is communicated to the higher level protocols to be used in cost calculations This is a routing parameter only and does not affect the physical interface Usage Examples ...

Page 823: ...mbers Multiple called numbers may be specified for an interface Use the no form of this command to remove a configured called number Syntax Description DNIS number Identifies the called number to be linked to an interface The DNIS number is limited to 20 digits Default Values By default no called numbers are defined Usage Examples The following example links calls with a DNIS number of 9165551212 ...

Page 824: ...fied allowing the interface to accept calls from different remote resources Use the no form of this command to remove a configured caller number Syntax Description CLID number Identifies the caller s number to be linked to an interface The CLID number is limited to 20 digits Default Values By default no caller numbers are defined Usage Examples The following example links calls with a CLID number ...

Page 825: ...s command to restore the default values Syntax Description answer Specifies the interface may be used to answer calls but not originate calls originate Specifies the interface may be used to originate calls but not answer calls either Specifies the interface may be used to answer and originate calls Default Values By default the connect mode is set to both answer and originate calls Usage Examples...

Page 826: ...ifies the connect sequence be processed beginning with the last successful entry or the first entry if there are no previous connections round robin Specifies the connect sequence be processed beginning with the entry that follows the last successful entry or the first entry if there are no previous connections sequential Specifies the connect sequence be processed from the beginning of the list D...

Page 827: ...reshold value connect sequence sequence number dial string string isdn 64k connect sequence sequence number dial string string isdn 64k busyout threshold value Syntax Description sequence number Specifies the number for this connection specification entry Range 1 to 65 535 string Specifies the telephone number to dial when using this connection The dial string is limited to 20 digits forced analog...

Page 828: ...very mode Refer to connect sequence interface recovery retry interval seconds max retries value on page 827 for more information Use the no form of this command to restore the default values Syntax Description value Specifies the number of times the connect sequence will cycle through its entries if it is unable to make a connection Range is 0 to 65 535 Default Values By default the connect sequen...

Page 829: ...s Optional Specifies the number of seconds the interface will wait between connect sequence cycles during recovery attempts max retries value Optional Specifies the maximum number of times the connect sequence will cycle in an attempt to bring the interface back up When in interface recovery mode this value overrides the connect sequence attempts value Default Values By default the connect sequenc...

Page 830: ...class and associated access control lists ACLs that describe the behavior of the firewall do not forget to include the traffic coming into the system over a VPN tunnel terminated by the system The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or received over the VPN tunnel The following diagram represents typical SROS data flow logic Note When you a...

Page 831: ...ncrypted data is processed by the firewall The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an interface When specifying the ACLs for a crypto map the source information is the private local side unencrypted source of the data The destination information will be the far end unencrypted destination of the data However ACLs for a policy class work in ...

Page 832: ...se the no form of this command to restore the default values Syntax Description packets Specifies the number of packets that may be stored in the hold queue Range is 0 to 100 seconds Specifies the number of seconds a packet may remain in the hold queue Range is 0 to 255 seconds Default Values By default the hold queue is disabled Usage Examples The following example configures demand interface 1 t...

Page 833: ...l over your domain name regardless of where you purchased registered it This allows to manage IP address mappings A records domain aliases CNAME records and mail servers MX records dyndns The Dynamic DNSSM service allows you to alias a dynamic IP address to a static hostname in various domains This allows your unit to be more easily accessed from various locations on the Internet This service is p...

Page 834: ...though the DNS system This service is provided for up to five hostnames If your IP address doesn t change often or at all but you still want an easy name to remember it by without having to purchase your own domain name Static DNS service is ideal for you If you would like to use your own domain name such as yourname com you need Custom DNS service which also provides full dynamic and static IP ad...

Page 835: ...terface WFQ is enabled by default for WAN interfaces Syntax Description threshold Optional Specifies the maximum number of packets that can be present in each conversation sub queue Packets received for a conversation after this limit is reached are discarded Range 16 to 512 packets Default Values By default fair queue is enabled with a threshold of 64 packets Usage Examples The following example ...

Page 836: ... traffic when there is contention for the demand resources being used by this interface Use the no form of this command to restore the default values Syntax Description seconds Specifies the number of seconds the interface will remain up in the absence of interesting traffic Range is 1 to 2 147 483 Default Values By default fast idle is set to 120 seconds Usage Examples The following example sets ...

Page 837: ...erface s WAN output queue Syntax Description queue size Specifies the total number of packets the output queue can contain before packets are dropped Range is 16 to 1000 Default Values The default queue size for WFQ is 400 The default queue size for PPP FIFO and Frame Relay round robin is 200 Usage Examples The following example sets the overall output queue size to 700 ProCurve config interface d...

Page 838: ...ch interesting commands Refer to match interesting list acl name reverse list acl name in out on page 861 for more information Use the no form of this command to restore the default values Syntax Description seconds Specifies the number of seconds the interface will remain up in the absence of interesting traffic Range is 1 to 2 147 483 Default Values By default idle timeout is set to 120 seconds ...

Page 839: ... packets received on the specified interface out Enables access control on packets transmitted on the specified interface Default Values By default these commands are disabled Functional Notes When this command is enabled the IP destination address of each packet must be validated before being passed through If the packet is not acceptable per these settings it is dropped Usage Examples The follow...

Page 840: ...efault route Some systems already have a default route configured and need a static route to the PPP interface to function correctly Default Values By default the interface is assigned an address with the ip address address mask command Usage Examples The following example enables the demand interface to negotiate an IP address from the far end connection ProCurve config interface demand 1 ProCurv...

Page 841: ...ies the subnet mask that corresponds to the listed IP address secondary Optional Configures a secondary IP address for the specified interface Default Values By default there are no assigned IP addresses Functional Notes Use secondary IP addresses to allow dual subnets on a single interface when you need more IP addresses than the primary subnet can provide When using secondary IP addresses avoid ...

Page 842: ...s When broadcast packets of the specified type forwarded using the ip forward protocol command are received on the interface they will be forwarded to the device that needs the information Only packets meeting the following criteria are considered eligible by the ip helper address feature 1 The packet IP protocol is User Datagram Protocol UDP 2 Any UDP port specified using the ip forward protocol ...

Page 843: ...stops sending that group s multicast packets to the interface Range 100 to 65535 ms Default 1000 ms querier timeout seconds Specifies the number of seconds that the router waits after the current querier s last query before it takes over as querier IGMP V2 Range 60 300 seconds Default 2x the query interval value query interval seconds Specifies the interval at which IGMP queries are sent on an int...

Page 844: ...helper address and ip mcast stub upstream commands Downstream interfaces connect to segments with multicast hosts Multiple interfaces may be configured in downstream mode however interfaces connecting to the multicast network upstream should not be configured in downstream mode Interfaces configured as downstream should have the lowest IP address of all IGMP capable routers on the connected segmen...

Page 845: ...his command is disabled Functional Notes Multicast routing must be enabled prior to setting ip mcast stub fixed on the selected interface Also use the ip igmp static group A B C D command to receive multicast traffic without host initiated Internet Group Management Protocol IGMP activity on the selected interface Otherwise all host initiated IGMP transactions will enter multicast routes on the rou...

Page 846: ...t stub applications in conjunction with the ip mcast stub helper address ip mcast stub upstream and ip mcast stub downstream commands When enabled the interface becomes a helper forwarding interface The IGMP host function is dynamically enabled and the interface becomes the active upstream interface enabling the unit to perform as an IGMP proxy Refer to ip mcast stub helper address ip address on p...

Page 847: ...p mcast stub downstream commands When enabled the interface becomes a candidate to be a helper forwarding interface If chosen as the best path toward the helper address by the router s unicast route table the IGMP host function is dynamically enabled and the interface becomes the active upstream interface enabling the router to perform as an IGMP proxy Though multiple interfaces may be candidates ...

Page 848: ...ds Specifies the interval between hello packets sent on the interface Range 0 to 32 767 message digest key keyid md5 key Configures OSPF Message Digest 5 MD5 authentication 16 byte max keys The SROS allows two keys key ID 1 and key ID 2 priority value Set the OSPF priority The value set in this field helps determine the designated router for this network Range 0 to 255 retransmit interval seconds ...

Page 849: ...at is performing OSPF authentication Syntax Description message digest Optional Selects message digest authentication type null Optional Specifies that no authentication be used Default Values By default ip ospf authentication is set to null meaning no authentication is used Usage Examples The following example specifies that no authentication will be used on the demand interface ProCurve config i...

Page 850: ...interface Syntax Description broadcast Sets the network type for broadcast point to point Sets the network type for point to point Default Values By default Ethernet defaults to broadcast All other interfaces default to point to point Functional Notes A point to point network will not elect designated routers Usage Examples The following example designates a broadcast network type ProCurve config ...

Page 851: ...s command to remove the assignment Removing a route map from the interface does not remove the route map configuration parameters from the system Syntax Description mapname Specifies the route map to associate with this interface Default Values By default policy based routing is disabled for all interfaces Usage Examples The following example associates the route map named MyMap with demand interf...

Page 852: ...ault Values By default proxy ARP is enabled Functional Notes In general the principle of proxy ARP allows a router to insert its IP address in the source IP address field of a packet if the packet is from a host on one of its subnetworks This allows hosts to reach devices on other subnetworks without implementing routing or specifying a default gateway If proxy ARP is enabled the SROS will respond...

Page 853: ...ived RIP version 1 packets on the interface 2 Accepts only received RIP version 2 packets on the interface Default Values By default all interfaces implement RIP version 1 the default value for the version command Functional Notes Use the ip rip receive version to specify a RIP version that overrides the version in the Router RIP configuration The SROS only accepts one version either 1 or 2 on a g...

Page 854: ...nly RIP version 1 packets on the interface 2 Transmits only RIP version 2 packets on the interface Default Values By default all interfaces transmit RIP version 1 the default value for the version command Functional Notes Use the ip rip send version to specify a RIP version that overrides the version in the Router RIP configuration The SROS only transmits one version either 1 or 2 on a given inter...

Page 855: ...ifies the IP address of the network to be summarized network mask Specifies the network mask to be applied to the specific network to be summarized Default Values By default no manual summarization is applied by RIP Functional Notes Unlike the automatic summarization on classful network boundaries only specific network advertisements are made by RIP using the ip rip summary address command This co...

Page 856: ...yntax Description No subcommands Default Values By default route caching is enabled on all interfaces Functional Notes Fast cache switching allows an IP interface to provide optimum performance when processing IP traffic Usage Examples The following example enables fast cache switching on the virtual demand interface ProCurve config interface demand 1 ProCurve config demand 1 ip route cache Note U...

Page 857: ...nfigured to use a specified IP address using the ip address command Functional Notes If ip unnumbered is enabled on an interface all IP traffic from the interface will use a source IP address taken from the specified interface For example specifying ip unnumbered eth 0 1 while in the Demand Interface Configuration mode configures the demand interface to use the IP address assigned to the Ethernet ...

Page 858: ...in Applies the filter to the inbound traffic out Applies the filter to the outbound traffic Default Values By default there are no URL filters applied to any interfaces Functional Notes The firewall must be enabled using the ip firewall command in order to use URL filters The URL filter must be created by using the ip urlfilter filtername http command before applying it to the interface See ip url...

Page 859: ... Syntax Description seconds Defines the time interval in seconds between transmitted keepalive packets valid range 0 to 32 767 seconds Default Values By default the time interval between transmitted keepalive packets is 10 seconds Functional Notes If three keepalive packets are sent to an interface with no response the interface is considered down To detect interface failures quickly specify a sma...

Page 860: ...se the lldp receive command to allow LLDP packets to be received on this interface Syntax Description No subcommands Default Values By default all interfaces are configured to send and receive LLDP packets Usage Examples The following example configures the demand interface to receive LLDP packets ProCurve config interface demand 1 ProCurve config demand 1 lldp receive ...

Page 861: ... of this device s system capabilities on this interface system description Enables transmission of this device s system description on this interface system name Enables transmission of this device s system name on this interface Default Values Be default all interfaces are configured to transmit and receive LLDP packets of all types Functional Notes Individual LLDP information can be enabled or d...

Page 862: ... LLDP packets of all types Functional Notes Individual LLDP information can be enabled or disabled using the various forms of the lldp send command For example use the lldp send and receive command to enable transmit and receive of all LLDP information Then use the no lldp send port description command to prevent LLDP from transmitting port description information Usage Examples The following exam...

Page 863: ...t values Syntax Description list acl name Specifies using an ACL with normal source destination ACL matching logic reverse list acl name Specifies using an ACL with reverse destination source ACL matching logic in Optional Specifies that only incoming traffic is interesting out Optional Specifies that only outgoing traffic is interesting Default Values By default no interesting traffic is defined ...

Page 864: ...escription percent Specifies the percentage of interface bandwidth to make available for user defined priority or class based queues Enter an integer 1 to 100 Default Values By default max reserved bandwidth is set to 75 which reserves 25 percent of the interface bandwidth for system critical traffic Usage Examples The following example specifies 85 percent of the bandwidth on demand interface 1 t...

Page 865: ...unnel interfaces 64 to 18 190 Virtual Frame Relay sub interfaces 64 to 1520 Virtual PPP interfaces 64 to 1500 Default Values size The default values for the various interfaces are listed below ATM interfaces 1500 Demand interfaces 1500 Ethernet interfaces 1500 FDL interfaces 256 HDLC interfaces 1500 Loopback interfaces 1500 Tunnel interfaces 1500 Virtual Frame Relay sub interfaces 1500 Virtual PPP...

Page 866: ... end of this interface Syntax Description address Specifies the default IP address for the remote end A B C D Default Values By default there is no assigned peer default IP address Functional Notes This command is useful if the peer does not send the IP address option during PPP negotiations Usage Examples The following example sets the default peer IP address to 192 168 71 50 ProCurve config inte...

Page 867: ...the connecting private circuit PAP requires two way message passing First the router that is required to be authenticated say the peer sends an authentication request with its username and password to the router requiring authentication say the local router The local router then looks up the username and password in the username database within the PPP interface and if they match sends an authenti...

Page 868: ...word near Peer config demand 1 ppp pap sent username farend password far Now both routers send the authentication request verify that the username and password sent match what is expected in the database and send an authentication acknowledge Defining CHAP The Challenge Handshake Authentication Protocol CHAP is a three way authentication protocol composed of a challenge response and success or fai...

Page 869: ...its hostname in the response to the local router Configuring CHAP Example 2 Both routers require the peer to authenticate itself On the local router hostname Local Local config demand 1 ppp authentication chap Local config demand 1 username Peer password same On the peer hostname Peer Peer config demand 1 ppp authentication chap Peer config demand 1 username Local password same This is basically i...

Page 870: ...uthentication chap Local config demand 1 username Peer password different On the peer hostname Peer Peer config demand 1 username Local password same Peer config demand 1 ppp chap password different Here the local router challenges with hostname Local The peer verifies the name in the username database but instead of sending the password same in the response it uses the one in the ppp chap passwor...

Page 871: ... remove a configured hostname For more information on PAP and CHAP functionality refer to the Technology Review section for the command ppp authentication chap pap on page 865 Syntax Description hostname Specifies a hostname using an alphanumeric string up to 80 characters in length Default Values By default there are no configured PPP CHAP hostnames Usage Examples The following example specifies ...

Page 872: ...mmand to remove a configured password For more information on PAP and CHAP functionality refer to the Technology Review section for the command ppp authentication chap pap on page 865 Syntax Description password Specifies a password using an alphanumeric string up to 80 characters in length Default Values By default there is no defined PPP CHAP password Usage Examples The following example specifi...

Page 873: ... links Receiving fragments over the physical links and reassembling them into PDUs The fragmentation and interleave options can be used to enhance the multilink operation Fragmentation is used to reduce serialization delays of large packets The fragmentation process evenly divides the data among all links in the bundle with a minimum packet size of 96 bytes The interleave operation is used with st...

Page 874: ...lity refer to the Technology Review section for the command ppp authentication chap pap on page 865 Syntax Description username Specifies a username by alphanumeric string up to 80 characters in length the username is case sensitive password Specifies a password by alphanumeric string up to 80 characters in length the password is case sensitive Default Values By default there is no defined ppp pap...

Page 875: ... the map from the interface Syntax Description mapname Specifies the name of a previously created QoS map refer to qos map mapname sequence number on page 486 for more information in Assigns a QoS map to this interface s input out Assigns a QoS map to this interface s output Default Values No default value is necessary for this command Usage Examples The following example applies the QoS map VOICE...

Page 876: ...face Refer to resource pool member pool name cost on page 1211 for more information Use the no form of this command to restore the default values Syntax Description pool name Specifies the resource pool that this interface will use to originate answer demand connections Default Values By default no resource pool is associated with this interface Usage Examples The following example associates the ...

Page 877: ...re is an interface status change Use the no form of this command to disable this trap Syntax Description No subcommands Default Values By default the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay interfaces Functional Notes The snmp trap link status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID OID number 1 3 6 1 2 1 31 1 1 1 14 0 Usage Exa...

Page 878: ...th the username is case sensitive password Specifies a password by alphanumerical string up to 30 characters in length the password is case sensitive Default Values By default there is no established username and password Functional Notes PAP uses this entry to check received information from the peer CHAP uses this entry to check the received peer hostname and a common password Usage Examples The...

Page 879: ... a centralized section of this guide For more information refer to the sections listed below alias text on page 1430 bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other commands for this command set are described in this section in alpha...

Page 880: ...mand to restore the default values Syntax Description value Specifies bandwidth in kbps Default Values No default value is necessary for this command Functional Notes The bandwidth command is an informational value that is communicated to the higher level protocols to be used in cost calculations This is a routing parameter only and does not affect the physical interface Usage Examples The followi...

Page 881: ...ay interface as IETF RFC 1490 Currently this is the only encapsulation setting Settings for this option must match the far end router s settings in order for the Frame Relay interface to become active Syntax Description No subcommands Default Values By default all Frame Relay interfaces use IETF encapsulation Usage Examples The following example configures the endpoint for IETF encapsulation ProCu...

Page 882: ...ng for an interface WFQ is enabled by default for WAN interfaces Syntax Description threshold Optional Specifies the maximum number of packets that can be present in each conversation sub queue Packets received for a conversation after this limit is reached are discarded Range 16 to 512 Default Values By default fair queue is enabled with a threshold of 64 packets Usage Examples The following exam...

Page 883: ... or network signaling role Use this interface type when you need the unit to emulate the frame switch dte Specifies DTE or user signaling role Use this interface type when connecting to a Frame Relay switch or piece of equipment emulating a frame switch nni Configures the interface to support both network and user signaling DTE or DCE when necessary Default Values By default frame relay intf type ...

Page 884: ...Syntax Description polls Sets the counter value Range 1 to 255 Default Values By default the polling counter for the DCE endpoint is set to six polls Functional Notes The N391 counter determines how many link integrity polls occur in between full status polls The number of link integrity polls between full status polls is n 1 where n represents the full status poll n can be set to any number betwe...

Page 885: ...Syntax Description polls Sets the counter value Range 1 to 255 Default Values By default the polling counter for the DTE endpoint is set to six polls Functional Notes The N391 counter determines how many link integrity polls occur in between full status polls The number of link integrity polls between full status polls is n 1 where n represents the full status poll n can be set to any number betwe...

Page 886: ...y default the error threshold for the DCE endpoint is set to three errors Functional Notes If the error threshold is met the signaling state status is changed to down indicating a service affecting condition This condition is cleared once N393 consecutive error free events are received N392 defines the number of errors required in a given event window while N393 defines the number of polling event...

Page 887: ... default the error threshold for the DTE endpoint is set to three errors Functional Notes If the error threshold is met the signaling state status is changed to down indicating a service affecting condition This condition is cleared once N393 consecutive error free events are received N392 defines the number of errors required in a given event window while N393 defines the number of polling events...

Page 888: ...CE endpoint Typical applications should leave the default value for this counter Use the no form of this command to return to the default value Syntax Description counter Sets the counter value Range 1 to 10 Default Values By default the LMI monitored event counter for the DCE endpoint is set to four events Usage Examples The following example sets the N393 threshold for five events ProCurve confi...

Page 889: ...he DTE endpoint Typical applications should leave the default value for this counter Use the no form of this command to return to the default value Syntax Description counter Sets the counter value Range 1 to 10 Default Values By default the LMI monitored event counter for the DTE endpoint is set to four events Usage Examples The following example sets the N393 threshold for five events ProCurve c...

Page 890: ...the default value for this timer Use the no form of this command to return to the default value Syntax Description seconds Sets the timer value in seconds Range 5 to 30 Default Values By default the signal polling timer for the DTE endpoint is set to 10 seconds Functional Notes The T391 timer sets the time in seconds between polls to the Frame Relay network Usage Examples The following example set...

Page 891: ... form of this command to return to the default value Syntax Description seconds Sets the timer value in seconds Range 5 to 30 Default Values By default the polling verification timer for the DCE endpoint is set to 10 seconds Functional Notes The T392 sets the timeout in seconds between polling intervals This parameter needs to be a few seconds longer than the T391 setting of the attached Frame Rel...

Page 892: ... on ANSI T1 617 standard for Frame Relay auto Automatically determines signaling type by messages received on the frame circuit cisco Specifies Cisco LMI signaling method reserves DLCI 1023 none Turns off signaling on the endpoint This is used for backup connections q933a Specifies Annex A signaling method based on the ITU T Q 933A frame format for Frame Relay Default Values By default the Frame R...

Page 893: ...ss Class C is specified Range 1 to 65 535 links bid string Optional Specifies a bundle ID up to 48 characters for the multilink bundle All hello messages sent on links belonging to the multilink bundle contain the bundle ID By default the SROS creates a generic bundle ID for each configured multilink bundle using the following MFR interface number where the interface number corresponds to the inte...

Page 894: ...between hello messages to 45 seconds ProCurve config interface frame relay 1 ProCurve config fr 1 frame relay multilink hello 45 The following example specifies Class B operation ProCurve config interface frame relay 1 ProCurve config fr 1 frame relay multilink bandwidth class b The following example specifies Class C operation with a threshold of 5 ProCurve config interface frame relay 1 ProCurve...

Page 895: ...e the no form of this command to return to the default settings Syntax Description queue size The total number of packets the output queue can contain before packets are dropped Range 16 to 1000 Default Values The default queue size for WFQ is 400 The default queue size for PPP FIFO and Frame Relay round robin is 200 Usage Examples The following example sets the overall output queue size to 700 Pr...

Page 896: ...tion percent Specifies the percentage of interface bandwidth to make available for user defined priority or class based queues Enter an integer 1 to 100 Default Values By default max reserved bandwidth is set to 75 which reserves 25 percent of the interface bandwidth for system critical traffic Usage Examples The following example specifies 85 percent of the bandwidth on the frame relay 1 interfac...

Page 897: ...emove the map from the interface The out keyword specifies that this policy will be applied to outgoing packets Syntax Description map name Specifies the name of a previously created QoS map see qos map mapname sequence number on page 486 for more information Default Values No default value is necessary for this command Usage Examples The following example applies the QoS map VOICEMAP to the Frame...

Page 898: ...Network Management Protocol SNMP traps on the interface Use the no form of this command to disable SNMP traps Syntax Description No subcommands Default Values By default all interfaces except virtual Frame Relay interfaces and sub interfaces have SNMP traps enabled Usage Examples The following example enables SNMP on the virtual Frame Relay interface ProCurve config interface frame relay 1 ProCurv...

Page 899: ...re is an interface status change Use the no form of this command to disable this trap Syntax Description No subcommands Default Values By default the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay interfaces Functional Notes The snmp trap link status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID OID number 1 3 6 1 2 1 31 1 1 1 14 0 Usage Exa...

Page 900: ...from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other commands for this command set are described in this section in alphabetical order access policy policyname on page 900 backup commands begin on page 901 bandwidth value on page 918 bridge gr...

Page 901: ...and Line Interface Reference Guide Frame Relay Sub Interface Config Command Set 5991 2114 Copyright 2007 Hewlett Packard Development Company L P 899 mtu size on page 960 spanning tree commands begin on page 963 ...

Page 902: ...cy class policyname on page 426 Usage Examples The following example associates the access policy UnTrusted to allow inbound traffic to the Web server to the Frame Relay sub interface labeled 1 16 Enable the SROS security features ProCurve config ip firewall Create the access list this is the packet selector ProCurve config ip access list extended InWeb ProCurve config ext nacl permit tcp any host...

Page 903: ... the sub interface to automatically attempt a backup upon failure Use the no form of this command to disable automatic backup on an interface Syntax Description No subcommands Default Values By default all backup endpoints will automatically attempt backup upon a failure Usage Examples The following enables automatic backup on the endpoint ProCurve config interface frame relay 1 1 ProCurve config ...

Page 904: ...all network conditions are operational Use the no form of this command to disable the auto restore feature Syntax Description No subcommands Default Values By default all backup endpoints will automatically restore the primary connection when the failure condition clears Usage Examples The following configures the SROS to automatically restore the primary connection when the failure condition clea...

Page 905: ... Use the no form of this command to return to the default value Syntax Description seconds Specifies the delay period in seconds a failure must be active before the SROS will enter backup operation on the interface valid range 10 to 86400 seconds Default Values By default the backup backup delay is set to 10 seconds Usage Examples The following configures the SROS to wait 60 seconds on an endpoint...

Page 906: ...ate Originates backup call on primary link failure originate answer Originates or answers call on primary link failure originate answer always Originates on failure answers and backs up always Default Values By default the backup call mode is set to originate answer Functional Notes The majority of the configuration for the SROS backup implementation is configured via the backup PPP interface conf...

Page 907: ...alog ppp 1 backup number 5552222 analog ppp 1 no shutdown interface ppp 1 ip address 172 22 56 1 255 255 255 252 ppp authentication chap username remoterouter password remotepass ppp chap hostname localrouter ppp chap password procurve no shutdown ip route 192 168 2 0 255 255 255 0 172 22 56 2 255 255 255 252 line telnet 0 4 password password Sample config for central router dialing in hostname Ce...

Page 908: ...urve ppp chap hostname remoterouter ppp chap password remotepass no shutdown ip route 192 168 1 0 255 255 255 0 172 22 56 1 255 255 255 252 line telnet 0 4 password password Usage Examples The following configures the SROS to generate backup calls for this endpoint using an analog modem interface to phone number 555 1111 but never answer calls and specifies ppp 2 as the backup interface ProCurve c...

Page 909: ...uration of the related PPP interface for authentication and IP negotiation 4 If the call fails to connect on the first number dialed the SROS places a call to the second number if configured The second number to be dialed references a separate PPP interface Dialing In 1 The SROS receives an inbound call on a physical interface 2 Caller ID is used to match the backup number command to the configure...

Page 910: ...ng to call again or dialing a different number It is recommended this number be greater than 60 Syntax Description seconds Selects the amount of time in seconds that the router will wait for a connection before attempting another call valid range 10 to 300 Default Values By default backup connect timeout is set to 60 seconds Usage Examples The following configures the SROS to wait 120 seconds befo...

Page 911: ...kup to allow maintenance to be performed on the primary link without disrupting data Use the no form of this command to return to the normal backup operation state Syntax Description backup Forces backup regardless of primary link state primary Forces primary link regardless of its state Default Values By default this feature is disabled Usage Examples The following configures the SROS to force th...

Page 912: ... backup functionality refer to the Functional Notes section of the command backup call mode role on page 904 Syntax Description attempts Selects the number of call retries that will be made after a link failure valid range 0 to 15 Setting this value to 0 will allow unlimited retries during the time the network is failed Default Values By default backup maximum retry is set to 0 attempts Usage Exam...

Page 913: ...alog Indicates number connects to an analog modem digital 56k Indicates number belongs to a digital 56 kbps per DS0 connection digital 64k Indicates number belongs to a digital 64 kbps per DS0 connection isdn min chan Specifies the minimum number of DS0s required for a digital 56 or 64 kbps connection Range 1 to 24 isdn mas chan Specifies the maximum number of DS0s desired for a digital 56 or 64 k...

Page 914: ...r priority links Use the no form of this command to return to the default value For more detailed information on Frame Relay backup functionality refer to the Functional Notes section of the command backup call mode role on page 904 Syntax Description value Sets the relative priority of this link valid range 0 to 100 A value of 100 designates the highest priority Default Values By default backup p...

Page 915: ...f this command to return to the default value For more detailed information on Frame Relay backup functionality refer to the Functional Notes section of the command backup call mode role on page 904 Syntax Description No subcommands Default Values By default the SROS does not randomize the backup call timers Usage Examples The following example configures the SROS to randomize the backup timers as...

Page 916: ...ailed information on Frame Relay backup functionality refer to the Functional Notes section of the command backup call mode role on page 904 Syntax Description seconds Specifies the delay in seconds between attempting to re dial a failed backup attempt Range 10 to 3600 Default Values By default backup redial delay is set to 10 seconds Usage Examples The following example configures a redial delay ...

Page 917: ... in and out of alarm For more detailed information on Frame Relay backup functionality refer to the Functional Notes section of the command backup call mode role on page 904 Syntax Description seconds Specifies the number of seconds the SROS will wait after a primary link is restored before disconnecting backup operation Range 10 to 86 400 Default Values By default backup restore delay is set to 1...

Page 918: ...up call mode role on page 904 Syntax Description day Sets the days to allow backup valid range Monday through Sunday enable time Sets the time of day to enable backup Time is entered in 24 hour format 00 00 disable time Sets the time of day to disable backup Default Values By default backup is enabled for all days and times if the backup auto backup command has been issued and the backup schedule ...

Page 919: ...spond to backup sequences in the event of a network outage Use the no form of this command to reactivate the backup interface For more detailed information on Frame Relay backup functionality refer to the Functional Notes section of the command backup call mode role on page 904 Syntax Description No subcommands Default Values By default all SROS backup interfaces are disabled Usage Examples The fo...

Page 920: ...to restore the default values Syntax Description value Specifies bandwidth in kbps Default Values To view default values use the show interfaces command Functional Notes The bandwidth command is an informational value that is communicated to the higher level protocols to be used in cost calculations This is a routing parameter only and does not affect the physical interface Usage Examples The foll...

Page 921: ...rom the bridge group Syntax Description group Specifies the bridge group number 1 to 255 Default Values By default there are no configured bridge groups Functional Notes A bridged network can provide excellent traffic management to reduce collisions and limit the amount of bandwidth wasted with unnecessary transmissions when routing is not necessary Any two interfaces can be bridged Ethernet to T1...

Page 922: ...ing the policy class and associated access control lists ACLs that describe the behavior of the firewall do not forget to include the traffic coming into the system over a VPN tunnel terminated by the system The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or received over the VPN tunnel The following diagram represents typical SROS data flow logic ...

Page 923: ...ted data is processed by the firewall The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an interface When specifying the ACLs for a crypto map the source information is the private local side unencrypted source of the data The destination information will be the far end unencrypted destination of the data However ACLs for a policy class work in rever...

Page 924: ...ol over your domain name regardless of where you purchased registered it This allows to manage IP address mappings A records domain aliases CNAME records and mail servers MX records dyndns The Dynamic DNSSM service allows you to alias a dynamic IP address to a static hostname in various domains This allows your unit to be more easily accessed from various locations on the Internet This service is ...

Page 925: ...ough the DNS system This service is provided for up to five hostnames If your IP address doesn t change often or at all but you still want an easy name to remember it by without having to purchase your own domain name Static DNS service is ideal for you If you would like to use your own domain name such as yourname com you need Custom DNS service which also provides full dynamic and static IP addr...

Page 926: ...fault Values By default the committed burst value is set to 0 no limit Functional Notes The time interval is always one second so this can also be considered bits per second Shaping is performed on a sliding one second window to make maximum use of configured bandwidth Note that when both bc and be are non zero shaping is performed on the virtual circuit The circuit is limited to the sum of bc and...

Page 927: ...fault Values By default the excessive burst value is set to 0 no limit Functional Notes The time interval is always one second so this can also be considered bits per second Shaping is performed on a sliding one second window to make maximum use of configured bandwidth Note that when both bc and be are non zero shaping is performed on the virtual circuit The circuit is limited to the sum of bc and...

Page 928: ...is necessary for this command Functional Notes For Frame Relay fragmentation to take effect rate limiting must be enabled by setting the committed burst rate and excessive burst rate See frame relay bc committed burst value on page 924 and frame relay be excessive burst value on page 925 for more information Usage Examples The following example enables FRF 12 fragmentation on a sublink ProCurve co...

Page 929: ... supplied by your Frame Relay service provider Use the no form of this command to remove the configured DLCI Syntax Description dlci Specifies numeric value supplied by your provider Default Values By default the DLCI is populated with the sub interface identifier For example if configuring the virtual Frame Relay sub interface labeled fr 1 20 the default DLCI is 20 Usage Examples The following ex...

Page 930: ...ess control on packets transmitted on the specified interface Default Values By default these commands are disabled Functional Notes When this command is enabled the IP destination address of each packet must be processed by the assigned access list parameters before being passed through to the router system If the packet is not acceptable per these settings it is dropped Usage Examples The follow...

Page 931: ...pecifying an interface defines the client identifier as the hexadecimal MAC address of the specified interface including a hexadecimal number added to the front of the MAC address to identify the media type For example specifying the client id ethernet 0 1 where the Ethernet interface has a MAC address of 0012 7991 1150 defines the client identifier as 01 00 12 79 91 11 50 where 01 defines the med...

Page 932: ...2 ADDRESS Where the FR_PORT specifies the label assigned to the virtual Frame Relay interface using four hexadecimal bytes For example a virtual Frame Relay interface labeled 1 would have a FR_PORT of 00 00 00 01 The Q 922 ADDRESS field is populated using the following Where the FECN BECN C R DE and high order extended address EA bits are assumed to be 0 and the lower order EA bit is set to 1 The ...

Page 933: ...urve config interface frame relay 1 16 ProCurve config fr 1 16 ip address dhcp The following example enables DHCP operation on the virtual Frame Relay sub interface labeled 1 16 utilizing hostname procurve and does not allow obtaining a default route domain name or nameservers It also sets the administrative distance as 5 ProCurve config interface frame relay 1 16 ProCurve config fr 1 16 ip addres...

Page 934: ...used to configure a secondary IP address for the specified interface Default Values By default there are no assigned IP addresses Functional Notes Use secondary IP addresses to allow dual subnets on a single interface when you need more IP addresses than the primary subnet can provide When using secondary IP addresses avoid routing loops by verifying that all devices on the network segment are con...

Page 935: ...or renew the DHCP IP address This command is only applicable when using DHCP for IP address assignment Syntax Description release Releases DHCP IP address renew Renews DHCP IP address Default Values No default values required for this command Usage Examples The following example releases the IP DHCP address for the virtual interface ProCurve config interface frame relay 1 16 ProCurve config fr 1 1...

Page 936: ... of the specified type forwarded using the ip forward protocol command are received on the interface they will be forwarded to the device that needs the information Only packets meeting the following criteria are considered eligible by the ip helper address feature 1 The packet IP protocol is User Datagram Protocol UDP 2 Any UDP port specified using the ip forward protocol command 3 The media acce...

Page 937: ... and stops sending that group s multicast packets to the interface Range 100 to 65535 ms Default 1000 ms querier timeout seconds Specifies the number of seconds that the router waits after the current querier s last query before it takes over as querier IGMP V2 Range 60 300 seconds Default 2x the query interval value query interval seconds Specifies the interval at which IGMP queries are sent on a...

Page 938: ...er address and ip mcast stub upstream commands Downstream interfaces connect to segments with multicast hosts Multiple interfaces may be configured in downstream mode however interfaces connecting to the multicast network upstream should not be configured in downstream mode Interfaces configured as downstream should have the lowest IP address of all IGMP capable routers on the connected segment in...

Page 939: ...s command is disabled Functional Notes Multicast routing must be enabled prior to setting ip mcast stub fixed on the selected interface Also use the ip igmp static group A B C D command to receive multicast traffic without host initiated Internet Group Management Protocol IGMP activity on the selected interface Otherwise all host initiated IGMP transactions will enter multicast routes on the route...

Page 940: ... in IP multicast stub applications in conjunction with the ip mcast stub helper address ip mcast stub upstream and ip mcast stub downstream commands When enabled the interface becomes a helper forwarding interface The IGMP host function is dynamically enabled and the interface becomes the active upstream interface enabling the unit to perform as an IGMP proxy Refer to ip mcast stub helper address ...

Page 941: ...cast stub downstream commands When enabled the interface becomes a candidate to be a helper forwarding interface If chosen as the best path toward the helper address by the router s unicast route table the IGMP host function is dynamically enabled and the interface becomes the active upstream interface enabling the router to perform as an IGMP proxy Though multiple interfaces may be candidates no ...

Page 942: ...Specifies the interval between hello packets sent on the interface Range 0 to 32 767 message digest key keyid md5 key Configures OSPF Message Digest 5 MD5 authentication 16 byte max keys The SROS allows two keys key ID 1 and key ID 2 priority value Set the OSPF priority The value set in this field helps determine the designated router for this network Range 0 to 255 retransmit interval seconds Spe...

Page 943: ...e that is performing OSPF authentication Syntax Description message digest Optional Selects message digest authentication type null Optional Specifies that no authentication be used Default Values By default this is set to null meaning no authentication is used Usage Examples The following example specifies that no authentication will be used on the Frame Relay interface ProCurve config interface ...

Page 944: ...terface Syntax Description broadcast Sets the network type for broadcast point to point Sets the network type for point to point Default Values By default Ethernet defaults to broadcast All other interfaces default to point to point Functional Notes A point to point network will not elect designated routers Usage Examples The following example designates a broadcast network type ProCurve config in...

Page 945: ...mmands Default Values By default PIM Sparse Mode is disabled for all interfaces Functional Notes PIM Sparse Mode is a multicast routing protocol that makes use of the unicast forwarding table PIM systems builds unidirectional shared trees rooted at a Rendezvous Point RP for a multicast group or a shortest path tree rooted at a specific source for a multicast group Usage Examples The following exam...

Page 946: ...essages transmitted on the interface Routers use the priority values to determine the appropriate DR The router on the network segment with the highest priority is selected as the DR If a hello message is received on the interface from a router on the network segment and it does not contain a priority the entire network segment defaults to DR selection based on IP addresses instead of priority In ...

Page 947: ...out the interface Valid range is 10 to 3600 seconds Default Values By default hellos are transmitted on PIM interfaces every 60 seconds Functional Notes Hello messages are used to inform neighbors of a router s presence Hello messages normally generate a small amount of traffic on an interface Setting the hello timer to a small interval increases the amount of hellos sent thus increasing the amoun...

Page 948: ... is not present Use the no form of this command to return to the default value Syntax Description time Specifies the time interval in seconds the PIM interface waits before a neighbor is considered not present Valid range is 30 to 10 800 seconds Default Values By default the nbr timeout is set to 105 seconds Usage Examples The following example specifies a wait interval of 360 seconds on the Frame...

Page 949: ... no form of this command to return to the default value Syntax Description time Specifies the delay interval in milliseconds after a join prune in which another router on the LAN may override the join prune Valid range is 0 to 65 535 milliseconds Default Values By default the override interval is set to 2500 milliseconds Usage Examples The following example sets the delay interval for join prune o...

Page 950: ...estimate the amount of delay found in the local link Use the no form of this command to return to the default value Syntax Description time Specifies the expected propagation delay in the local link in milliseconds Valid range is 0 to 32 767 milliseconds Default Values By default the propagation delay is set to 500 milliseconds Usage Examples The following example sets the expected propagation del...

Page 951: ...mand to remove the assignment Removing a route map from the interface does not remove the route map configuration parameters from the system Syntax Description mapname Specifies the route map to associate with this interface Default Values By default policy based routing is disabled for all interfaces Usage Examples The following example associates the route map named MyMap with Frame Relay interf...

Page 952: ...fault Values By default proxy ARP is enabled Functional Notes In general the principle of proxy ARP allows a router to insert its IP address in the source IP address field of a packet if the packet is from a host on one of its subnetworks This allows hosts to reach devices on other subnetworks without implementing routing or specifying a default gateway If proxy ARP is enabled the SROS will respon...

Page 953: ... version 1 packets on the interface 2 Accepts only received RIP version 2 packets on the interface Default Values By default all interfaces implement RIP version 1 the default value for the version command Functional Notes Use the ip rip receive version command to specify a RIP version that will override the version in the Router RIP configuration The SROS only accepts one version either 1 or 2 on...

Page 954: ...RIP version 1 packets on the interface 2 Transmits only RIP version 2 packets on the interface Default Values By default all interfaces transmit RIP version 1 the default value for the version command Functional Notes Use the ip rip send version to specify a RIP version that will override the version in the Router RIP configuration The SROS only transmits one version either 1 or 2 on a given inter...

Page 955: ...es the IP address of the network to be summarized network mask Specifies the network mask to be applied to the specific network to be summarized Default Values By default no manual summarization is applied by RIP Functional Notes Unlike the automatic summarization on classful network boundaries only specific network advertisements are made by RIP using the ip rip summary address command This comma...

Page 956: ...tax Description No subcommands Default Values By default route caching is enabled on all interfaces Functional Notes Route caching allows an IP interface to provide optimum performance when processing IP traffic Usage Examples The following example enables route caching on a Frame Relay sub interface ProCurve config interface frame relay 1 16 ProCurve config fr 1 16 ip route cache Note Using Netwo...

Page 957: ...nfigured to use a specified IP address using the ip address command Functional Notes If ip unnumbered is enabled on an interface all IP traffic from the interface will use a source IP address taken from the specified interface For example specifying ip unnumbered eth 0 1 while in the Frame Relay Sub Interface Configuration mode configures the Frame Relay sub interface to use the IP address assigne...

Page 958: ... Applies the filter to the inbound traffic out Applies the filter to the outbound traffic Default Values By default there are no URL filters applied to any interfaces Functional Notes The firewall must be enabled using the ip firewall command in order to use URL filters The URL filter must be created by using the ip urlfilter filtername http command before applying it to the interface See ip urlfi...

Page 959: ...lldp receive command to allow LLDP packets to be received on this interface Syntax Description No subcommands Default Values By default all interfaces are configured to send and receive LLDP packets Usage Examples The following example configures the Frame Relay sub interface to receive LLDP packets ProCurve config interface frame relay 1 16 ProCurve config fr 1 16 lldp receive ...

Page 960: ...s device s system capabilities on this interface system description Enables transmission of this device s system description on this interface system name Enables transmission of this device s system name on this interface Default Values By default all interfaces are configured to transmit and receive LLDP packets of all types Functional Notes Individual LLDP information can be enabled or disabled...

Page 961: ...ackets of all types Functional Notes Individual LLDP information can be enabled or disabled using the various forms of the lldp send command For example use the lldp send and receive command to enable transmit and receive of all LLDP information Then use the no lldp send port description command to prevent LLDP from transmitting port description information Usage Examples The following example con...

Page 962: ...nnel interfaces 64 to 18 190 Virtual Frame Relay sub interfaces 64 to 1520 Virtual PPP interfaces 64 to 1500 Default Values size The default values for the various interfaces are listed below ATM interfaces 1500 Demand interfaces 1500 Ethernet interfaces 1500 FDL interfaces 256 HDLC interfaces 1500 Loopback interfaces 1500 Tunnel interfaces 1500 Virtual Frame Relay sub interfaces 1500 Virtual PPP ...

Page 963: ...dules Schedules are expressed in the format time day month year for example 08 15 2 February 2007 time Time is expressed in the 24 hour format hours minutes hh mm for example 08 15 day The day of the month is expressed with a number Range is 1 to 31 month The name of the month can be spelled out or abbreviated year The year is expressed in the format yyyy for example 2007 periodic Specifies the we...

Page 964: ...d and enters the Schedule Configuration mode config schedule Closed config schedule Closed The following example sets the start time in the schedule named Closed to 8 15 a m on February 2 2007 and sets the end time to 10 15 a m on April 2 2007 config schedule Closed absolute start 08 15 2 february 2007 end 10 15 2 april 2007 The following example sets the recurring start and end day and time in th...

Page 965: ...o form of this command Syntax Description enable Enables the BPDU filter disable Disables the BPDU filter Default Values By default this command is set to disable Functional Notes The purpose of this command is to remove a port from participation in the spanning tree This might be beneficial while debugging a network setup It normally should not be used in a live network Usage Examples The followi...

Page 966: ...mand to block BPDUs from being received on this interface To return to the default value use the no form of this command Syntax Description enable Enables the BPDU block disable Disables the BPDU block Default Values By default this command is set to disable Usage Examples The following example enables the BPDU guard on the interface ProCurve config interface frame relay 1 16 ProCurve config fr 1 ...

Page 967: ...rm of this command to return the interface to normal operation non edgeport Syntax Description No subcommands Default Values By default this command is set to disable Usage Examples The following example configures the interface to be an edgeport ProCurve config interface frame relay 1 16 ProCurve config fr 1 16 spanning tree edgeport An individual interface can be configured to not be considered ...

Page 968: ...k type and a port configured for full duplex is set to point to point link type Setting the link type manually overrides the default and forces the port to use the specified link type Using the link type auto command restores the convention of determining link type based on duplex settings Usage Examples The following example forces the link type to point to point even if the port is configured to...

Page 969: ...ersely proportional to the likelihood the bridge interface will be chosen as the root path Set the path cost value lower to increase the chance the interface will be the root To obtain the most accurate spanning tree calculations develop a system for determining path costs for links and apply it to all bridged interfaces Usage Examples The following example assigns a path cost of 100 for bridge gr...

Page 970: ... lower the value the higher the priority valid range 0 to 255 Default Values By default the bridge group priority value is set at 128 Functional Notes The only time that this priority level is used is when two interfaces with a path to the root have equal cost At that point the level set in this command will determine which port the bridge will use Set the priority value lower to increase the chan...

Page 971: ...terface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other commands for this command set are described in this section in alphabetical order access policy policyname on page 971 alias link text on page 972 backup commands begin on page 973 bandwidth value on page 990 bridge group group on...

Page 972: ...nce Guide HDLC Command Set 5991 2114 Copyright 2007 Hewlett Packard Development Company L P 970 max reserved bandwidth percent on page 1027 mtu size on page 1028 qos policy in out mapname on page 1029 snmp trap link status on page 1030 ...

Page 973: ...er to ip policy class policyname on page 426 Usage Examples The following example associates the access policy UnTrusted to allow inbound traffic to the Web server to the HDLC interface labeled 1 Enable the SROS security features ProCurve config ip firewall Create the access list this is the packet selector ProCurve config ip access list extended InWeb ProCurve config ext nacl permit tcp any host ...

Page 974: ...rovide the management station an identifying description for each link HDLC physical Syntax Description text Describes the interface for SNMP by alphanumeric character string must be encased in quotation marks Default Values By default the HDLC identification string appears as empty quotes Functional Notes The alias link string should be used to uniquely identify an HDLC link Enter a string that c...

Page 975: ... interface to automatically attempt a backup upon failure Use the no form of this command to disable auto backup functionality Syntax Description No subcommands Default Values By default all backup endpoints will automatically attempt backup upon a failure Usage Examples The following enables automatic backup on the endpoint ProCurve config interface hdlc 1 ProCurve config hdlc 1 backup auto backu...

Page 976: ... conditions are operational Use the no form of this command to disable the auto restore feature Syntax Description No subcommands Default Values By default all backup endpoints will automatically restore the primary connection when the failure condition clears Usage Examples The following configures the SROS to automatically restore the primary connection when the failure condition clears ProCurve...

Page 977: ...no form of this command to return to the default value Syntax Description seconds Specifies the delay period in seconds a failure must be active before the SROS will enter backup operation on the interface valid range 10 to 86400 seconds Default Values By default the backup backup delay is set to 10 seconds Usage Examples The following configures the SROS to wait 60 seconds on an endpoint with an ...

Page 978: ... backup call on primary link failure originate answer Originates or answers call on primary link failure originate answer always Originates on failure answers and backs up always Default Values By default the backup call mode is set to originate answer Functional Notes The majority of the configuration for the SROS backup implementation is configured via the backup PPP interface configuration comm...

Page 979: ...kup number 5552222 analog ppp 1 no shutdown interface ppp 1 ip address 172 22 56 1 255 255 255 252 ppp authentication chap username remoterouter password remotepass ppp chap hostname localrouter ppp chap password procurve no shutdown ip route 192 168 2 0 255 255 255 0 172 22 56 2 255 255 255 252 line telnet 0 4 password password Sample config for central router dialing in hostname Central7203dl en...

Page 980: ...255 0 172 22 56 1 255 255 255 252 line telnet 0 4 password password Usage Examples The following configures the SROS to generate backup calls for this endpoint using an analog modem interface to phone number 555 1111 but never answer calls and specifies ppp 2 as the backup interface ProCurve config interface hdlc 1 ProCurve config hdlc 1 backup call mode originate ProCurve config hdlc 1 backup num...

Page 981: ...he first number dialed the SROS places a call to the second number if configured The second number to be dialed references a separate PPP interface Dialing In 1 The SROS receives an inbound call on a physical interface 2 Caller ID is used to match the backup number command to the configured PPP interface 3 If a match is found the call connects and the SROS pulls down the primary connection if it i...

Page 982: ...greater than 60 For more detailed on backup functionality refer to the Functional Notes section of the command backup call mode role on page 976 Syntax Description seconds Selects the amount of time in seconds that the router will wait for a connection before attempting another call valid range 10 to 300 Default Values By default backup connect timeout is set to 60 seconds Usage Examples The follo...

Page 983: ...pting data Use the no form of this command to return to the normal backup operation state For more detailed on backup functionality refer to the Functional Notes section of the command backup call mode role on page 976 Syntax Description backup Forces backup regardless of primary link state primary Forces primary link regardless of its state Default Values By default this feature is disabled Usage...

Page 984: ...y refer to the Functional Notes section of the command backup call mode role on page 976 Syntax Description attempts Selects the number of call retries that will be made after a link failure valid range is 0 to 15 Setting this value to 0 will allow unlimited retries during the time the network is failed Default Values By default backup maximum retry is set to 0 attempts Usage Examples The followin...

Page 985: ...s initiated analog Indicates number connects to an analog modem digital 56k Indicates number belongs to a digital 56 kbps per DS0 connection digital 64k Indicates number belongs to a digital 64 kbps per DS0 connection isdn min chan Specifies the minimum number of DS0s required for the backup link Range 1 to 24 isdn mas chan Specifies the maximum number of DS0s desired for the backup link Range 1 t...

Page 986: ...r priority links Use the no form of this command to return to the default value For more detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 976 Syntax Description value Sets the relative priority of this link valid range 0 to 100 A value of 100 designates the highest priority Default Values By default backup priority is s...

Page 987: ...his command to return to the default value For more detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 976 Syntax Description No subcommands Default Values By default the SROS does not randomize the backup call timers Usage Examples The following example configures the SROS to randomize the backup timers associated with t...

Page 988: ...d information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 976 Syntax Description seconds Specifies the delay in seconds between attempting to re dial a failed backup attempt Range 10 to 3600 Default Values By default backup redial delay is set to 10 seconds Usage Examples The following example configures a redial delay of 25 seconds on...

Page 989: ... and out of alarm For more detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 976 Syntax Description seconds Specifies the number of seconds the SROS will wait after a primary link is restored before disconnecting backup operation Range 10 to 86 400 Default Values By default backup restore delay is set to 10 seconds Usage...

Page 990: ...le on page 976 Syntax Description day Sets the days to allow backup valid range Monday through Sunday enable time Sets the time of day to enable backup Time is entered in 24 hour format 00 00 disable time Sets the time of day to disable backup Default Values By default backup is enabled for all days and times if the backup auto backup command has been issued and the backup schedule has not been en...

Page 991: ...spond to backup sequences in the event of a network outage Use the no form of this command to reactivate the backup interface For more detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 976 Syntax Description No subcommands Default Values By default all SROS interfaces are disabled Usage Examples The following example dea...

Page 992: ...restore the default values Syntax Description value Enter bandwidth in kbps Default Values To view default values use the show interfaces command Functional Notes The bandwidth command is an informational value that is communicated to the higher level protocols to be used in cost calculations This is a routing parameter only and does not affect the physical interface Usage Examples The following e...

Page 993: ... 255 specified using the bridge group command Default Values By default there are no configured bridge groups Functional Notes A bridged network can provide excellent traffic management to reduce collisions and limit the amount of bandwidth wasted with unnecessary transmissions when routing is not necessary Any two interfaces can be bridged Ethernet to T1 bridge Ethernet to Frame Relay sub interfa...

Page 994: ...ass and associated access control lists ACLs that describe the behavior of the firewall do not forget to include the traffic coming into the system over a VPN tunnel terminated by the system The firewall should be set up with respect to the un encrypted traffic that is destined to be sent or received over the VPN tunnel The following diagram represents typical SROS data flow logic Note When you ap...

Page 995: ...ata is processed by the firewall The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an interface When specifying the ACLs for a crypto map the source information is the private local side un encrypted source of the data The destination information will be the far end un encrypted destination of the data However ACLs for a policy class work in reverse ...

Page 996: ...omain name regardless of where you purchased registered it This allows to manage IP address mappings A records domain aliases CNAME records and mail servers MX records dyndns The Dynamic DNSSM service allows you to alias a dynamic IP address to a static hostname in various domains This allows your unit to be more easily accessed from various locations on the Internet This service is provided for u...

Page 997: ...DNS system This service is provided for up to five hostnames If your IP address doesn t change often or at all but you still want an easy name to remember it by without having to purchase your own domain name Static DNS service is ideal for you If you would like to use your own domain name such as yourname com you need Custom DNS service which also provides full dynamic and static IP address suppo...

Page 998: ...WFQ is enabled by default for WAN interfaces Syntax Description threshold Optional Value that specifies the maximum number of packets that can be present in each conversation sub queue Packets received for a conversation after this limit is reached are discarded Valid range is 16 to 512 Default Values By default fair queue is enabled with a threshold of 64 packets Usage Examples The following exam...

Page 999: ...m of this command to return to the default setting Syntax Description queue size The total number of packets the output queue can contain before packets are dropped Valid range is 16 1000 Default Values The default queue size for WFQ is 400 The default queue size for PPP FIFO and Frame Relay round robin is 200 Usage Examples The following example sets the overall output queue size to 700 ProCurve ...

Page 1000: ...es access control on packets transmitted on the specified interface Default Values By default these commands are disabled Functional Notes When this command is enabled the IP destination address of each packet must be validated before being passed through to the router system If the packet is not acceptable per these settings it is dropped Usage Examples The following example sets up the unit to o...

Page 1001: ...d to configure a secondary IP address for the specified interface Default Values By default there are no assigned IP addresses Functional Notes Use secondary IP addresses to allow dual subnets on a single interface when you need more IP addresses than the primary subnet can provide When using secondary IP addresses avoid routing loops by verifying that all devices on the network segment are config...

Page 1002: ...adcast packets of the specified type forwarded using the ip forward protocol command are received on the interface they will be forwarded to the device that needs the information Only packets meeting the following criteria are considered eligible by the ip helper address feature 1 The packet IP protocol is User Datagram Protocol UDP 2 Any UDP port specified using the ip forward protocol command 3 ...

Page 1003: ...that group s multicast packets to the interface Range 100 to 65535 ms Default 1000 ms querier timeout seconds Specifies the number of seconds that the router waits after the current querier s last query before it takes over as querier IGMP V2 Range 60 300 seconds Default 2x the query interval value query interval seconds Specifies the interval at which IGMP queries are sent on an interface Host qu...

Page 1004: ...and ip mcast stub upstream commands Downstream interfaces connect to segments with multicast hosts Multiple interfaces may be configured in downstream mode however interfaces connecting to the multicast network upstream should not be configured in downstream mode Interfaces configured as downstream should have the lowest IP address of all IGMP capable routers on the connected segment in order to b...

Page 1005: ...d is disabled Functional Notes Multicast routing must be enabled prior to setting ip mcast stub fixed on the selected interface Also use the ip igmp static group A B C D command to receive multicast traffic without host initiated Internet Group Management Protocol IGMP activity on the selected interface Otherwise all host initiated IGMP transactions will enter multicast routes on the router s inte...

Page 1006: ...lticast stub applications in conjunction with the ip mcast stub helper address ip mcast stub upstream and ip mcast stub downstream commands When enabled the interface becomes a helper forwarding interface The IGMP host function is dynamically enabled and the interface becomes the active upstream interface enabling the unit to perform as an IGMP proxy Refer to ip mcast stub helper address ip addres...

Page 1007: ...ownstream commands When enabled the interface becomes a candidate to be a helper forwarding interface If chosen as the best path toward the helper address by the router s unicast route table the IGMP host function is dynamically enabled and the interface becomes the active upstream interface enabling the router to perform as an IGMP proxy Though multiple interfaces may be candidates no more than o...

Page 1008: ...s the interval between hello packets sent on the interface Range 0 to 32 767 message digest key keyid md5 key Configures OSPF Message Digest 5 MD5 authentication 16 byte max keys The SROS allows two keys key ID 1 and key ID 2 priority value Set the OSPF priority The value set in this field helps determine the designated router for this network Range 0 to 255 retransmit interval seconds Specifies t...

Page 1009: ...hat is performing OSPF authentication Syntax Description message digest Optional Select message digest authentication type null Optional Select for no authentication to be used Default Values By default this is set to null meaning no authentication is used Usage Examples The following example specifies that no authentication will be used on the HDLC interface ProCurve config interface hdlc 1 ProCu...

Page 1010: ... Syntax Description broadcast Set the network type for broadcast point to point Set the network type for point to point Default Values By default Ethernet defaults to broadcast All other interfaces default to point to point Functional Notes A point to point network will not elect designated routers Usage Examples The following example designates a broadcast network type ProCurve config interface h...

Page 1011: ...s Default Values By default PIM Sparse Mode is disabled for all interfaces Functional Notes PIM Sparse Mode is a multicast routing protocol that makes use of the unicast forwarding table PIM systems builds unidirectional shared trees rooted at a Rendezvous Point RP for a multicast group or a shortest path tree rooted at a specific source for a multicast group Usage Examples The following example e...

Page 1012: ...es transmitted on the interface Routers use the priority values to determine the appropriate DR The router on the network segment with the highest priority is selected as the DR If a hello message is received on the interface from a router on the network segment and it does not contain a priority the entire network segment defaults to DR selection based on IP addresses instead of priority In this ...

Page 1013: ...e interface Valid range is 10 to 3600 seconds Default Values By default hellos are transmitted on PIM interfaces every 60 seconds Functional Notes Hello messages are used to inform neighbors of a router s presence Hello messages normally generate a small amount of traffic on an interface Setting the hello timer to a small interval increases the amount of hellos sent thus increasing the amount of t...

Page 1014: ...ot present Use the no form of this command to return to the default value Syntax Description time Specifies the time interval in seconds the PIM interface waits before a neighbor is considered not present Valid range is 30 to 10 800 seconds Default Values By default the nbr timeout is set to 105 seconds Usage Examples The following example specifies a wait interval of 360 seconds on the HDLC inter...

Page 1015: ...orm of this command to return to the default value Syntax Description time Specifies the delay interval in milliseconds after a join prune in which another router on the LAN may override the join prune Valid range is 0 to 65 535 milliseconds Default Values By default the override interval is set to 2500 milliseconds Usage Examples The following example sets the delay interval for join prune overri...

Page 1016: ...ate the amount of delay found in the local link Use the no form of this command to return to the default value Syntax Description time Specifies the expected propagation delay in the local link in milliseconds Valid range is 0 to 32 767 milliseconds Default Values By default the propagation delay is set to 500 milliseconds Usage Examples The following example sets the expected propagation delay to...

Page 1017: ...to remove the assignment Removing a route map from the interface does not remove the route map configuration parameters from the system Syntax Description mapname Specifies the route map to associate with this interface Default Values By default policy based routing is disabled for all interfaces Usage Examples The following example associates the route map named MyMap with HDLC interface 1 ProCur...

Page 1018: ...efault Values By default proxy arp is enabled Functional Notes In general the principle of proxy ARP allows a router to insert its IP address in the source IP address field of a packet if the packet is from a host on one of its subnetworks This allows hosts to reach devices on other subnetworks without implementing routing or specifying a default gateway If proxy ARP is enabled the SROS will respo...

Page 1019: ...nterface 2 Only accept received RIP version 2 packets on the interface Default Values By default all interfaces implement RIP version 1 the default value for the version command Functional Notes Use the ip rip receive version command to specify a RIP version that overrides the version in the Router RIP configuration See version 1 l 2 on page 1390 for more information The SROS only accepts one vers...

Page 1020: ...terface 2 Only transmits RIP version 2 packets on the interface Default Values By default all interfaces transmit RIP version 1 the default value for the version command Functional Notes Use the ip rip send version command to specify a RIP version that overrides the version in the Router RIP configuration See version 1 l 2 on page 1390 for more information The SROS only transmits one version eithe...

Page 1021: ...P address of the network to be summarized network mask Specifies the network mask to be applied to the specific network to be summarized Default Values By default no manual summarization is applied by RIP Functional Notes Unlike the automatic summarization on classful network boundaries only specific network advertisements are made by RIP using the ip rip summary address command This command is on...

Page 1022: ...Description No subcommands Default Values By default route caching is enabled on all interfaces Functional Notes Route caching allows an IP interface to provide optimum performance when processing IP traffic Usage Examples The following example enables route caching on the HDLC interface ProCurve config interface hdlc 1 ProCurve config hdlc 1 ip route cache Note Using Network Address Translation N...

Page 1023: ...terfaces are configured to use a specified IP address using the ip address command Functional Notes If ip unnumbered is enabled on an interface all IP traffic from the interface will use a source IP address taken from the specified interface For example specifying ip unnumbered eth 0 1 while in the Frame Relay Sub Interface Configuration mode configures the Frame Relay sub interface to use the IP ...

Page 1024: ...s the filter to the inbound traffic out Applies the filter to the outbound traffic Default Values By default there are no URL filters applied to any interfaces Functional Notes The firewall must be enabled using the ip firewall command in order to use URL filters The URL filter must be created by using the ip urlfilter filtername http command before applying it to the interface See ip urlfilter na...

Page 1025: ...e time interval in seconds between transmitted keepalive packets valid range 0 to 32 767 seconds Default Values By default the time interval between transmitted keepalive packets is 10 seconds Functional Notes If three keepalive packets are sent to an interface with no response the interface is considered down To detect interface failures quickly specify a smaller keepalive time Usage Examples The...

Page 1026: ...dp receive command to allow LLDP packets to be received on this interface Syntax Description No subcommands Default Values By default all interfaces are configured to send and receive LLDP packets Usage Examples The following example configures the HDLC interface to receive LLDP packets ProCurve config interface hdlc 1 ProCurve config hdlc 1 lldp receive ...

Page 1027: ...evice s system capabilities on this interface system description Enables transmission of this device s system description on this interface system name Enables transmission of this device s system name on this interface Default Values Be default all interfaces are configured to transmit and receive LLDP packets of all types Functional Notes Individual LLDP information can be enabled or disabled us...

Page 1028: ...ets of all types Functional Notes Individual LLDP information can be enabled or disabled using the various forms of the lldp send command For example use the lldp send and receive command to enable transmit and receive of all LLDP information Then use the no lldp send port description command to prevent LLDP from transmitting port description information Usage Examples The following example config...

Page 1029: ...ercent Specifies the percentage of interface bandwidth to make available for user defined priority or class based queues Enter an integer 1 to 100 Default Values By default max reserved bandwidth is set to 75 which reserves 25 percent of the interface bandwidth for system critical traffic Usage Examples The following example specifies 85 percent of the bandwidth on the hdlc 1 interface to be avail...

Page 1030: ...interfaces 64 to 18 190 Virtual Frame Relay sub interfaces 64 to 1520 Virtual PPP interfaces 64 to 1500 Default Values size The default values for the various interfaces are listed below ATM interfaces 1500 Demand interfaces 1500 Ethernet interfaces 1500 FDL interfaces 256 HDLC interfaces 1500 Loopback interfaces 1500 Tunnel interfaces 1500 Virtual Frame Relay sub interfaces 1500 Virtual PPP inter...

Page 1031: ...ap from the interface Syntax Description mapname Specifies the name of a previously created QoS map see qos map mapname sequence number on page 486 for more information in Assigns a QoS map to this interface s input out Assigns a QoS map to this interface s output Default Values No default value is necessary for this command Usage Examples The following example applies the QoS map VOICEMAP to the ...

Page 1032: ...tatus change Use the no form of this command to disable this trap Syntax Description No subcommands Default Values By default the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay interfaces Functional Notes The snmp trap link status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID OID number 1 3 6 1 2 1 31 1 1 1 14 0 Usage Examples The following ...

Page 1033: ... multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below alias text on page 1430 bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other commands for this command s...

Page 1034: ...licies refer to ip policy class policyname on page 426 Usage Examples The following example associates the access policy UnTrusted to allow inbound traffic to the Web server to the loopback interface Enable the SROS security features ProCurve config ip firewall Create the access list this is the packet selector ProCurve config ip access list extended InWeb ProCurve config ext nacl permit tcp any h...

Page 1035: ...mand to restore the default values Syntax Description value Specifies bandwidth in kbps Default Values To view default values use the show interfaces command Functional Notes The bandwidth command is an informational value that is communicated to the higher level protocols to be used in cost calculations This is a routing parameter only and does not affect the physical interface Usage Examples The...

Page 1036: ...fining the policy class and associated access control lists ACLs that describe the behavior of the firewall do not forget to include the traffic coming into the system over a VPN tunnel terminated by the system The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or received over the VPN tunnel The following diagram represents typical SROS data flow log...

Page 1037: ...nencrypted data is processed by the firewall The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an interface When specifying the ACLs for a crypto map the source information is the private local side unencrypted source of the data The destination information will be the far end unencrypted destination of the data However ACLs for a policy class work i...

Page 1038: ...ol over your domain name regardless of where you purchased registered it This allows to manage IP address mappings A records domain aliases CNAME records and mail servers MX records dyndns The Dynamic DNSSM service allows you to alias a dynamic IP address to a static hostname in various domains This allows your unit to be more easily accessed from various locations on the Internet This service is ...

Page 1039: ...e though the DNS system This service is provided for up to five hostnames If your IP address doesn t change often or at all but you still want an easy name to remember it by without having to purchase your own domain name Static DNS service is ideal for you If you would like to use your own domain name such as yourname com you need Custom DNS service which also provides full dynamic and static IP ...

Page 1040: ... on the specified interface out Enables access control on packets transmitted on the specified interface Default Values By default these commands are disabled Functional Notes When this command is enabled the IP destination address of each packet must be validated before being passed through to the router system If the packet is not acceptable per these settings it is dropped Usage Examples The fo...

Page 1041: ...nal Configures a secondary IP address for the specified interface Default Values By default there are no assigned IP addresses Functional Notes Use secondary IP addresses to allow dual subnets on a single interface when you need more IP addresses than the primary subnet can provide When using secondary IP addresses avoid routing loops by verifying that all devices on the network segment are config...

Page 1042: ...ost that transmits the broadcast packets When broadcast packets of the specified type forwarded using the ip forward protocol command are received on the interface they will be forwarded to the device that needs the information Only packets meeting the following criteria are considered eligible by the ip helper address feature 1 The packet IP protocol is User Datagram Protocol UDP 2 Any UDP port s...

Page 1043: ...d stops sending that group s multicast packets to the interface Range 100 to 65535 ms Default 1000 ms querier timeout seconds Specifies the number of seconds that the router waits after the current querier s last query before it takes over as querier IGMP V2 Range 60 300 seconds Default 2x the query interval value query interval seconds Specifies the interval at which IGMP queries are sent on an i...

Page 1044: ... helper address and ip mcast stub upstream commands Downstream interfaces connect to segments with multicast hosts Multiple interfaces may be configured in downstream mode however interfaces connecting to the multicast network upstream should not be configured in downstream mode Interfaces configured as downstream should have the lowest IP address of all IGMP capable routers on the connected segme...

Page 1045: ... this command is disabled Functional Notes Multicast routing must be enabled prior to setting ip mcast stub fixed on the selected interface Also use the ip igmp static group A B C D command to receive multicast traffic without host initiated Internet Group Management Protocol IGMP activity on the selected interface Otherwise all host initiated IGMP transactions will enter multicast routes on the r...

Page 1046: ...lticast stub applications in conjunction with the ip mcast stub helper address ip mcast stub upstream and ip mcast stub downstream commands When enabled the interface becomes a helper forwarding interface The IGMP host function is dynamically enabled and the interface becomes the active upstream interface enabling the unit to perform as an IGMP proxy Refer to ip mcast stub helper enable on page 10...

Page 1047: ...ip mcast stub downstream commands When enabled the interface becomes a candidate to be a helper forwarding interface If chosen as the best path toward the helper address by the router s unicast route table the IGMP host function is dynamically enabled and the interface becomes the active upstream interface enabling the router to perform as an IGMP proxy Though multiple interfaces may be candidates...

Page 1048: ...econds Specifies the interval between hello packets sent on the interface Range 0 to 32 767 message digest key keyid md5 key Configure OSPF Message Digest 5 MD5 authentication 16 byte max keys The SROS allows two keys key ID 1 and key ID 2 priority value Sets the OSPF priority The value set in this field helps determine the designated router for this network Range 0 to 255 retransmit interval seco...

Page 1049: ...erface that is performing OSPF authentication Syntax Description message digest Optional Specifies message digest authentication type null Optional Specifies that no authentication be used Default Values By default this is set to null meaning no authentication is used Usage Examples The following example specifies that no authentication will be used on the loopback interface ProCurve config interf...

Page 1050: ...s interface Syntax Description broadcast Sets the network type for broadcast point to point Sets the network type for point to point Default Values By default Ethernet defaults to broadcast All other interfaces default to point to point Functional Notes A point to point network will not elect designated routers Usage Examples The following example designates a broadcast network type ProCurve confi...

Page 1051: ...o subcommands Default Values By default PIM Sparse Mode is disabled for all interfaces Functional Notes PIM Sparse Mode is a multicast routing protocol that makes use of the unicast forwarding table PIM systems builds unidirectional shared trees rooted at a Rendezvous Point RP for a multicast group or a shortest path tree rooted at a specific source for a multicast group Usage Examples The followi...

Page 1052: ...hello messages transmitted on the interface Routers use the priority values to determine the appropriate DR The router on the network segment with the highest priority is selected as the DR If a hello message is received on the interface from a router on the network segment and it does not contain a priority the entire network segment defaults to DR selection based on IP addresses instead of prior...

Page 1053: ...ent out the interface Valid range is 10 to 3600 seconds Default Values By default hellos are transmitted on PIM interfaces every 60 seconds Functional Notes Hello messages are used to inform neighbors of a router s presence Hello messages normally generate a small amount of traffic on an interface Setting the hello timer to a small interval increases the amount of hellos sent thus increasing the a...

Page 1054: ...ghbor is not present Use the no form of this command to return to the default value Syntax Description time Specifies the time interval in seconds the PIM interface waits before a neighbor is considered not present Valid range is 30 to 10 800 seconds Default Values By default the nbr timeout is set to 105 seconds Usage Examples The following example specifies a wait interval of 360 seconds on the ...

Page 1055: ...e the no form of this command to return to the default value Syntax Description time Specifies the delay interval in milliseconds after a join prune in which another router on the LAN may override the join prune Valid range is 0 to 65 535 milliseconds Default Values By default the override interval is set to 2500 milliseconds Usage Examples The following example sets the delay interval for join pr...

Page 1056: ...nds to estimate the amount of delay found in the local link Use the no form of this command to return to the default value Syntax Description time Specifies the expected propagation delay in the local link in milliseconds Valid range is 0 to 32 767 milliseconds Default Values By default the propagation delay is set to 500 milliseconds Usage Examples The following example sets the expected propagat...

Page 1057: ...s command to remove the assignment Removing a route map from the interface does not remove the route map configuration parameters from the system Syntax Description mapname Specifies the route map to associate with this interface Default Values By default policy based routing is disabled for all interfaces Usage Examples The following example associates the route map named MyMap with loopback inte...

Page 1058: ...P address Default Values By default proxy ARP is enabled Functional Notes In general the principle of proxy ARP allows a router to insert its IP address in the source IP address field of a packet if the packet is from a host on one of its subnetworks This allows hosts to reach devices on other subnetworks without implementing routing or specifying a default gateway If proxy ARP is enabled the SROS...

Page 1059: ... on the interface 2 Accepts only received RIP version 2 packets on the interface Default Values By default all interfaces implement RIP version 1 the default value for the version command Functional Notes Use the ip rip receive version to specify a RIP version that overrides the version in the Router RIP configuration The SROS only accepts one version either 1 or 2 on a given interface Usage Examp...

Page 1060: ...its only RIP version 1 packets on the interface 2 Transmits only RIP version 2 packets on the interface Default Values By default all interfaces transmit RIP version 1 the default value for the version command Functional Notes Use the ip rip send version to specify a RIP version that overrides the version in the Router RIP configuration The SROS only transmits one version either 1 or 2 on a given ...

Page 1061: ...cifies the IP address of the network to be summarized network mask Specifies the network mask to be applied to the specific network to be summarized Default Values By default no manual summarization is applied by RIP Functional Notes Unlike the automatic summarization on classful network boundaries only specific network advertisements are made by RIP using the ip rip summary address command This c...

Page 1062: ...de Syntax Description No subcommands Default Values By default route caching is enabled on all interfaces Functional Notes Route caching allows an IP interface to provide optimum performance when processing IP traffic Usage Examples The following example enables route caching on the loopback interface ProCurve config interface loopback 1 ProCurve config loop 1 ip route cache Note Using Network Add...

Page 1063: ... By default all interfaces are configured to use a specified IP address using the ip address command Functional Notes If ip unnumbered is enabled on an interface all IP traffic from the interface will use a source IP address taken from the specified interface For example specifying ip unnumbered ppp 1 while in the Loopback Interface Configuration mode configures the Loopback interface to use the I...

Page 1064: ... in Applies the filter to the inbound traffic out Applies the filter to the outbound traffic Default Values By default there are no URL filters applied to any interfaces Functional Notes The firewall must be enabled using the ip firewall command in order to use URL filters The URL filter must be created by using the ip urlfilter filtername http command before applying it to the interface See ip ur...

Page 1065: ... Tunnel interfaces 64 to 18 190 Virtual Frame Relay sub interfaces 64 to 1520 Virtual PPP interfaces 64 to 1500 Default Values size The default values for the various interfaces are listed below ATM interfaces 1500 Demand interfaces 1500 Ethernet interfaces 1500 FDL interfaces 256 HDLC interfaces 1500 Loopback interfaces 1500 Tunnel interfaces 1500 Virtual Frame Relay sub interfaces 1500 Virtual P...

Page 1066: ...o enable all supported Simple Network Management Protocol SNMP traps on the interface Syntax Description No subcommands Default Values By default all interfaces except virtual Frame Relay interfaces and sub interfaces have SNMP traps enabled Usage Examples The following example enables SNMP capability on the Ethernet interface ProCurve config interface loopback 1 ProCurve config loop 1 snmp trap ...

Page 1067: ...n there is an interface status change Use the no form of this command to disable this trap Syntax Description No subcommands Default Values By default the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay interfaces Functional Notes The snmp trap link status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID OID number 1 3 6 1 2 1 31 1 1 1 14 0 Usag...

Page 1068: ...ce slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other commands for this command set are described in this section in alphabetical order access policy policyname on page 1068 alias link text on page 1069 backup commands begin on page 1070 bandwidth value on...

Page 1069: ...ny L P 1067 max reserved bandwidth percent on page 1128 mtu size on page 1129 peer default ip address address on page 1130 ppp commands begin on page 1131 pppoe ac name name on page 1139 pppoe service name name on page 1140 qos policy out mapname on page 1141 snmp trap link status on page 1142 username username password password on page 1143 ...

Page 1070: ...ame on page 426 Usage Examples The following example associates the access policy UnTrusted to allow inbound traffic to the Web server to the virtual PPP interface Enable the SROS security features ProCurve config ip firewall Create the access list this is the packet selector ProCurve config ip access list extended InWeb ProCurve config ext nacl permit tcp any host 10 12 5 253 eq 80 Create the acc...

Page 1071: ...tifying description for each link PPP physical Syntax Description text Describes the interface for SNMP by alphanumeric character string must be encased in quotation marks Default Values By default the PPP identification string appears as empty quotes Functional Notes The alias link string should be used to uniquely identify a PPP link Enter a string that clearly identifies the link Usage Examples...

Page 1072: ... attempt a backup upon failure For more detailed information on PPP backup functionality refer to the Functional Notes section of the command backup call mode role on page 1073 Syntax Description No subcommands Default Values By default all backup endpoints will automatically attempt backup upon a failure Usage Examples The following example enables automatic backup on the endpoint ProCurve config...

Page 1073: ...isable the auto restore feature For more detailed information on PPP backup functionality refer to the Functional Notes section of the command backup call mode role on page 1073 Syntax Description No subcommands Default Values By default all backup endpoints will automatically restore the primary connection when the failure condition clears Usage Examples The following example configures the SROS ...

Page 1074: ...detailed information on PPP backup functionality refer to the Functional Notes section of the command backup call mode role on page 1073 Syntax Description seconds Specifies the delay period in seconds a failure must be active before the SROS will enter backup operation on the interface valid range 10 to 86400 seconds Default Values By default the backup delay period is set to 10 seconds Usage Exa...

Page 1075: ...e Originates backup call on primary link failure originate answer Originates or answers call on primary link failure originate answer always Originates on failure answers and backs up always Default Values By default backup call mode is set to originate answer Functional Notes The majority of the configuration for the SROS backup implementation is configured via the backup PPP interface configurat...

Page 1076: ...og ppp 1 backup number 5552222 analog ppp 1 no shutdown interface ppp 1 ip address 172 22 56 1 255 255 255 252 ppp authentication chap username remoterouter password remotepass ppp chap hostname localrouter ppp chap password procurve no shutdown ip route 192 168 2 0 255 255 255 0 172 22 56 2 255 255 255 252 line telnet 0 4 password password Sample config for central router dialing in hostname Cent...

Page 1077: ...ocurve ppp chap hostname remoterouter ppp chap password remotepass no shutdown ip route 192 168 1 0 255 255 255 0 172 22 56 1 255 255 255 252 line telnet 0 4 password password Usage Examples The following configures the SROS to generate backup calls for this endpoint using an analog modem interface to phone number 555 1111 but never answer calls and specifies ppp 2 as the backup interface ProCurve...

Page 1078: ...ation of the related PPP interface for authentication and IP negotiation 4 If the call fails to connect on the first number dialed the SROS places a call to the second number if configured The second number to be dialed references a separate PPP interface Dialing In 1 The SROS receives an inbound call on a physical interface 2 Caller ID is used to match the backup number command to the configured ...

Page 1079: ...be greater than 60 For more detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 1073 Syntax Description seconds Selects the amount of time in seconds that the router will wait for a connection before attempting another call valid range 10 to 300 Default Values By default the backup connect timeout period is set to 60 secon...

Page 1080: ...rupting data Use the no form of this command to return to the normal backup operation state For more detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 1073 Syntax Description backup Forces backup regardless of primary link state primary Forces primary link regardless of its state Default Values By default this feature is...

Page 1081: ...up functionality refer to the Functional Notes section of the command backup call mode role on page 1073 Syntax Description attempts Selects the number of call retries that will be made after a link failure valid range is 0 to 15 Setting this value to 0 will allow unlimited retries during the time the network is failed Default Values By default backup maximum retry is set to 0 attempts Usage Examp...

Page 1082: ...itiated analog Indicates number connects to an analog modem digital 56k Indicates number belongs to a digital 56 kbps per DS0 connection digital 64k Indicates number belongs to a digital 64 kbps per DS0 connection isdn min chan Specifies the minimum number of DS0s required for a digital 56 or 64 kbps connection Range 1 to 24 isdn mas chan Specifies the maximum number of DS0s desired for a digital ...

Page 1083: ...d by lower priority links Use the no form of this command to return to the default value For more detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 1073 Syntax Description value Sets the relative priority of this link valid range 0 to 100 A value of 100 designates the highest priority Default Values By default backup pri...

Page 1084: ...no form of this command to return to the default value For more detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 1073 Syntax Description No subcommands Default Values By default the SROS does not randomize the backup call timers Usage Examples The following example configures the SROS to randomize the backup timers asso...

Page 1085: ... more detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 1073 Syntax Description seconds Specifies the delay in seconds between attempting to re dial a failed backup attempt Range 10 to 3600 Default Values By default backup redial delay is set to 10 seconds Usage Examples The following example configures a redial delay of...

Page 1086: ... bouncing in and out of alarm For more detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 1073 Syntax Description seconds Specifies the number of seconds the SROS will wait after a primary link is restored before disconnecting backup operation Range 10 to 86 400 Default Values By default backup restore delay is set to 10 ...

Page 1087: ...p call mode role on page 1073 Syntax Description day Sets the days to allow backup valid range Monday through Sunday enable time Sets the time of day to enable backup Time is entered in 24 hour format 00 00 disable time Sets the time of day to disable backup Default Values By default backup is enabled for all days and times if the backup auto backup command has been issued and the backup schedule ...

Page 1088: ...nitiate or respond to backup sequences in the event of a network outage Use the no form of this command to reactivate the backup interface For more detailed information on backup functionality refer to the Functional Notes section of the command backup call mode role on page 1073 Syntax Description No subcommands Default Values By default all SROS interfaces are disabled Usage Examples The followi...

Page 1089: ...nd to restore the default values Syntax Description value Specifies the bandwidth value in kbps Default Values To view default values use the show interfaces command Functional Notes The bandwidth command is an informational value that is communicated to the higher level protocols to be used in cost calculations This is a routing parameter only and does not affect the physical interface Usage Exam...

Page 1090: ...ax Description group Assigns a bridge group number range 1 to 255 Default Values By default there are no configured bridge groups Functional Notes A bridged network can provide excellent traffic management to reduce collisions and limit the amount of bandwidth wasted with unnecessary transmissions when routing is not necessary Any two interfaces can be bridged Ethernet to T1 bridge Ethernet to Fra...

Page 1091: ...the interface to remove the VLAN tag from the packet Syntax Description group Specifies the bridge group number Valid range is 1 to 255 Default Values By default VLAN tags are removed from the data Usage Examples The following example removes the VLAN tags from the packets on the PPP interface labeled 1 ProCurve config interface ppp 1 ProCurve config ppp 1 no bridge group 1 vlan transparent Note T...

Page 1092: ...lass and associated access control lists ACLs that describe the behavior of the firewall do not forget to include the traffic coming into the system over a VPN tunnel terminated by the system The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or received over the VPN tunnel The following diagram represents typical SROS data flow logic Note When you ap...

Page 1093: ...y unencrypted data is processed by the firewall The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an interface When specifying the ACLs for a crypto map the source information is the private local side unencrypted source of the data The destination information will be the far end unencrypted destination of the data However ACLs for a policy class wor...

Page 1094: ... over your domain name regardless of where you purchased registered it This allows to manage IP address mappings A records domain aliases CNAME records and mail servers MX records dyndns The Dynamic DNSSM service allows you to alias a dynamic IP address to a static hostname in various domains This allows your unit to be more easily accessed from various locations on the Internet This service is pr...

Page 1095: ...e though the DNS system This service is provided for up to five hostnames If your IP address doesn t change often or at all but you still want an easy name to remember it by without having to purchase your own domain name Static DNS service is ideal for you If you would like to use your own domain name such as yourname com you need Custom DNS service which also provides full dynamic and static IP ...

Page 1096: ...interface WFQ is enabled by default for WAN interfaces Syntax Description threshold Optional Specifies the maximum number of packets that can be present in each conversation sub queue Packets received for a conversation after this limit is reached are discarded Range 16 to 512 packets Default Values By default fair queue is enabled with a threshold of 64 packets Usage Examples The following exampl...

Page 1097: ... the no form of this command to return to the default setting Syntax Description queue size Specifies the total number of packets the output queue can contain before packets are dropped Range 16 to 1000 Default Values The default queue size for WFQ is 400 The default queue size for PPP FIFO and Frame Relay round robin is 200 Usage Examples The following example sets the overall output queue size t...

Page 1098: ...received on the specified interface out Enables access control on packets transmitted on the specified interface Default Values By default these commands are disabled Functional Notes When this command is enabled the IP destination address of each packet must be validated before being passed through to the router system If the packet is not acceptable per these settings it is dropped Usage Example...

Page 1099: ...55 track name Optional Attaches a network monitoring track to the DHCP client The DHCP gateway route for this client will only reside in the route table while the track is in the pass state For more information on configuring track objects refer to track name on page 532 Default Values By default the administrative distance value is 1 Functional Notes Dynamic Host Configuration Protocol DHCP allow...

Page 1100: ...ance to use when adding the PPP route to the route table It is used to determine the best route when multiple routes to the same destination exist The smaller the administrative distance the more reliable the route Range is 1 to 255 ip address Optional Specifies a valid IP address IP addresses should be expressed in dotted decimal notation for example 10 10 10 1 no default Optional Prevents the in...

Page 1101: ...ample enables the PPP interface to negotiate an IP address from the far end connection ProCurve config interface ppp 1 ProCurve config ppp 1 ip address negotiated The following example enables the PPP interface to negotiate an IP address from the far end connection without inserting a default route ProCurve config interface ppp 1 ProCurve config ppp 1 ip address negotiated no default ...

Page 1102: ...nal Configures a secondary IP address for the specified interface Default Values By default there are no assigned IP addresses Functional Notes Use secondary IP addresses to allow dual subnets on a single interface when you need more IP addresses than the primary subnet can provide When using secondary IP addresses avoid routing loops by verifying that all devices on the network segment are config...

Page 1103: ...ets When broadcast packets of the specified type forwarded using the ip forward protocol command are received on the interface they will be forwarded to the device that needs the information Only packets meeting the following criteria are considered eligible by the ip helper address feature 1 The packet IP protocol is User Datagram Protocol UDP 2 Any UDP port specified using the ip forward protoco...

Page 1104: ...s sending that group s multicast packets to the interface Range 100 to 65535 ms Default 1000 ms querier timeout seconds Specifies the number of seconds that the router waits after the current querier s last query before it takes over as querier IGMP V2 Range 60 300 seconds Default 2x the query interval value query interval seconds Specifies the interval at which IGMP queries are sent on an interfa...

Page 1105: ... helper address and ip mcast stub upstream commands Downstream interfaces connect to segments with multicast hosts Multiple interfaces may be configured in downstream mode however interfaces connecting to the multicast network upstream should not be configured in downstream mode Interfaces configured as downstream should have the lowest IP address of all IGMP capable routers on the connected segme...

Page 1106: ... this command is disabled Functional Notes Multicast routing must be enabled prior to setting ip mcast stub fixed on the selected interface Also use the ip igmp static group A B C D command to receive multicast traffic without host initiated Internet Group Management Protocol IGMP activity on the selected interface Otherwise all host initiated IGMP transactions will enter multicast routes on the r...

Page 1107: ...ult this command is disabled Functional Notes This command is used in IP multicast stub applications in conjunction with the ip mcast stub helper address ip mcast stub upstream and ip mcast stub downstream commands When enabled the interface becomes a helper forwarding interface The IGMP host function is dynamically enabled and the interface becomes the active upstream interface enabling the unit ...

Page 1108: ...ions in conjunction with the ip mcast stub helper address and ip mcast stub downstream commands When enabled the interface becomes a candidate to be a helper forwarding interface If chosen as the best path toward the helper address by the router s unicast route table the IGMP host function is dynamically enabled and the interface becomes the active upstream interface enabling the router to perform...

Page 1109: ...erval between hello packets sent on the interface Range 0 to 32 767 message digest key keyid md5 key Configures OSPF Message Digest 5 MD5 authentication 16 byte max keys The SROS allows two keys key ID 1 and key ID 2 priority value Set the OSPF priority The value set in this field helps determine the designated router for this network Range 0 to 255 retransmit interval seconds Specifies the time b...

Page 1110: ...e that is performing OSPF authentication Syntax Description message digest Optional Selects message digest authentication type null Optional Specifies that no authentication be used Default Values By default ip ospf authentication is set to null meaning no authentication is used Usage Examples The following example specifies that no authentication will be used on the PPP interface ProCurve config ...

Page 1111: ...s interface Syntax Description broadcast Sets the network type for broadcast point to point Sets the network type for point to point Default Values By default Ethernet defaults to broadcast All other interfaces default to point to point Functional Notes A point to point network will not elect designated routers Usage Examples The following example designates a broadcast network type ProCurve confi...

Page 1112: ...No subcommands Default Values By default PIM Sparse Mode is disabled for all interfaces Functional Notes PIM Sparse Mode is a multicast routing protocol that makes use of the unicast forwarding table PIM systems builds unidirectional shared trees rooted at a Rendezvous Point RP for a multicast group or a shortest path tree rooted at a specific source for a multicast group Usage Examples The follow...

Page 1113: ... hello messages transmitted on the interface Routers use the priority values to determine the appropriate DR The router on the network segment with the highest priority is selected as the DR If a hello message is received on the interface from a router on the network segment and it does not contain a priority the entire network segment defaults to DR selection based on IP addresses instead of prio...

Page 1114: ...e sent out the interface Valid range is 10 to 3600 seconds Default Values By default hellos are transmitted on PIM interfaces every 60 seconds Functional Notes Hello messages are used to inform neighbors of a router s presence Hello messages normally generate a small amount of traffic on an interface Setting the hello timer to a small interval increases the amount of hellos sent thus increasing th...

Page 1115: ...neighbor is not present Use the no form of this command to return to the default value Syntax Description time Specifies the time interval in seconds the PIM interface waits before a neighbor is considered not present Valid range is 30 to 10 800 seconds Default Values By default the nbr timeout is set to 105 seconds Usage Examples The following example specifies a wait interval of 360 seconds on t...

Page 1116: ... Use the no form of this command to return to the default value Syntax Description time Specifies the delay interval in milliseconds after a join prune in which another router on the LAN may override the join prune Valid range is 0 to 65 535 milliseconds Default Values By default the override interval is set to 2500 milliseconds Usage Examples The following example sets the delay interval for join...

Page 1117: ...onds to estimate the amount of delay found in the local link Use the no form of this command to return to the default value Syntax Description time Specifies the expected propagation delay in the local link in milliseconds Valid range is 0 to 32 767 milliseconds Default Values By default the propagation delay is set to 500 milliseconds Usage Examples The following example sets the expected propaga...

Page 1118: ...this command to remove the assignment Removing a route map from the interface does not remove the route map configuration parameters from the system Syntax Description mapname Specifies the route map to associate with this interface Default Values By default policy based routing is disabled for all interfaces Usage Examples The following example associates the route map named MyMap with ppp 1 inte...

Page 1119: ...ress Default Values By default proxy ARP is enabled Functional Notes In general the principle of proxy ARP allows a router to insert its IP address in the source IP address field of a packet if the packet is from a host on one of its subnetworks This allows hosts to reach devices on other subnetworks without implementing routing or specifying a default gateway If proxy ARP is enabled the SROS will...

Page 1120: ...received RIP version 1 packets on the interface 2 Accepts only received RIP version 2 packets on the interface Default Values By default all interfaces implement RIP version 1 the default value for the version command Functional Notes Use the ip rip receive version to specify a RIP version that overrides the version in the Router RIP configuration The SROS only accepts one version either 1 or 2 on...

Page 1121: ...ts only RIP version 1 packets on the interface 2 Transmits only RIP version 2 packets on the interface Default Values By default all interfaces transmit RIP version 1 the default value for the version command Functional Notes Use the ip rip send version to specify a RIP version that overrides the version in the Router RIP configuration The SROS only transmits one version either 1 or 2 on a given i...

Page 1122: ...ecifies the IP address of the network to be summarized network mask Specifies the network mask to be applied to the specific network to be summarized Default Values By default no manual summarization is applied by RIP Functional Notes Unlike the automatic summarization on classful network boundaries only specific network advertisements are made by RIP using the ip rip summary address command This ...

Page 1123: ...e Syntax Description No subcommands Default Values By default route caching is enabled on all interfaces Functional Notes Route caching allows an IP interface to provide optimum performance when processing IP traffic Usage Examples The following example enables route caching on the virtual PPP interface ProCurve config interface ppp 1 ProCurve config ppp 1 ip route cache Note Using Network Address...

Page 1124: ...ed IP address using the ip address command Functional Notes If ip unnumbered is enabled on an interface all IP traffic from the interface will use a source IP address taken from the specified interface For example specifying ip unnumbered eth 0 1 while in the PPP Interface Configuration mode configures the PPP interface to use the IP address assigned to the Ethernet interface for all IP processing...

Page 1125: ...ace in Applies the filter to the inbound traffic out Applies the filter to the outbound traffic Default Values By default there are no URL filters applied to any interfaces Functional Notes The firewall must be enabled using the ip firewall command in order to use URL filters The URL filter must be created by using the ip urlfilter filtername http command before applying it to the interface See ip...

Page 1126: ...efines the time interval in seconds between transmitted keepalive packets valid range 0 to 32 767 seconds Default Values By default the time interval between transmitted keepalive packets is 10 seconds Functional Notes If three keepalive packets are sent to an interface with no response the interface is considered down To detect interface failures quickly specify a smaller keepalive time Usage Exa...

Page 1127: ...ve Use the lldp receive command to allow LLDP packets to be received on this interface Syntax Description No subcommands Default Values By default all interfaces are configured to send and receive LLDP packets Usage Examples The following example configures the PPP interface to receive LLDP packets ProCurve config interface ppp 1 ProCurve config ppp 1 lldp receive ...

Page 1128: ...ion of this device s system capabilities on this interface system description Enables transmission of this device s system description on this interface system name Enables transmission of this device s system name on this interface Default Values Be default all interfaces are configured to transmit and receive LLDP packets of all types Functional Notes Individual LLDP information can be enabled o...

Page 1129: ...ive LLDP packets of all types Functional Notes Individual LLDP information can be enabled or disabled using the various forms of the lldp send command For example use the lldp send and receive command to enable transmit and receive of all LLDP information Then use the no lldp send port description command to prevent LLDP from transmitting port description information Usage Examples The following e...

Page 1130: ...Description percent Specifies the percentage of interface bandwidth to make available for user defined priority or class based queues Enter an integer 1 to 100 Default Values By default max reserved bandwidth is set to 75 which reserves 25 percent of the interface bandwidth for system critical traffic Usage Examples The following example specifies 85 percent of the bandwidth on the ppp 1 interface...

Page 1131: ...0 Tunnel interfaces 64 to 18 190 Virtual Frame Relay sub interfaces 64 to 1520 Virtual PPP interfaces 64 to 1500 Default Values size The default values for the various interfaces are listed below ATM interfaces 1500 Demand interfaces 1500 Ethernet interfaces 1500 FDL interfaces 256 HDLC interfaces 1500 Loopback interfaces 1500 Tunnel interfaces 1500 Virtual Frame Relay sub interfaces 1500 Virtual ...

Page 1132: ...te end of this interface Syntax Description address Specifies the default IP address for the remote end A B C D Default Values By default there is no assigned peer default IP address Functional Notes This command is useful if the peer does not send the IP address option during PPP negotiations Usage Examples The following example sets the default peer IP address to 192 168 71 50 ProCurve config in...

Page 1133: ...res two way message passing First the router that is required to be authenticated say the peer sends an authentication request with its username and password to the router requiring authentication say the local router The local router then looks up the username and password in the username database within the PPP interface and if they match sends an authentication acknowledge back to the peer Seve...

Page 1134: ...thentication protocol composed of a challenge response and success or failure The MD5 protocol is used to protect usernames and passwords in the response First the local router requiring its peer to be authenticated sends a challenge containing only its own unencrypted username to the peer The peer then looks up the username in the username database within the PPP interface and if found takes the ...

Page 1135: ...ame Local Local config ppp 1 ppp authentication chap Local config ppp 1 username Peer password same Local config ppp 1 ppp chap hostname nearend On the peer hostname Peer Peer config ppp 1 username nearend password same Notice the peer is expecting username nearend even though the local router s hostname is Local Therefore the local router can use the ppp chap hostname command to send the correct ...

Page 1136: ...ve a configured hostname For more information on PAP and CHAP functionality refer to the Technology Review section for the command ppp authentication chap l pap on page 1131 Syntax Description hostname Specifies a hostname by alphanumeric string up to 80 characters in length Default Values By default there are no configured PPP CHAP hostnames Usage Examples The following example specifies a PPP CH...

Page 1137: ... command to remove a configured password For more information on PAP and CHAP functionality refer to the Technology Review section for the command ppp authentication chap l pap on page 1131 Syntax Description password Specifies a password by alphanumeric string up to 80 characters in length Default Values By default there is no defined PPP CHAP password Usage Examples The following example specifi...

Page 1138: ...commands Default Values By default MPPP is disabled Functional Notes When enabled this interface is capable of the following Combining multiple physical links into one logical link Receiving upper layer protocol data units PDU fragmenting and transmitting over the physical links based upon the physical link MTU Receiving fragments over the physical links and reassembling them into PDUs Usage Examp...

Page 1139: ...l links Receiving fragments over the physical links and reassembling them into PDUs The fragmentation and interleave options can be used to enhance the multilink operation Fragmentation is used to reduce serialization delays of large packets The fragmentation process evenly divides the data among all links in the bundle with a minimum packet size of 96 bytes The interleave operation is used with s...

Page 1140: ...ality refer to the Technology Review section for the command ppp authentication chap l pap on page 1131 Syntax Description username Specifies a username by alphanumeric string up to 80 characters in length the username is case sensitive password Specifies a password by alphanumeric string up to 80 characters in length the password is case sensitive Default Values By default there is no defined ppp...

Page 1141: ...ng Syntax Description name Specifies an AC by text string up to 255 characters corresponding to the AC Name Tag under RFC 2516 If this field is not specified any access concentrator is acceptable The AC value may be a combination of trademark model and serial ID information or simply the MAC address of the unit Default Values By default no AC is specified Usage Examples The following example ident...

Page 1142: ...turn to the default setting Syntax Description name Specifies a service name by text string up to 255 characters corresponding to the Service Name Tags under RFC 2516 This string indicates an ISP name or a class or quality of service If this field is not specified any service is acceptable Default Values By default no names are specified Usage Examples The following example defines a service type ...

Page 1143: ... to remove the map from the interface The keyword out specifies that this policy will be applied to outgoing packets Syntax Description mapname Specifies the name of a previously created QoS map refer to qos map mapname sequence number on page 486 for more information Default Values No default value is necessary for this command Usage Examples The following example applies the QoS map VOICEMAP to ...

Page 1144: ... there is an interface status change Use the no form of this command to disable this trap Syntax Description No subcommands Default Values By default the ifLinkUpDownTrapEnable OID is enabled for all interfaces except virtual Frame Relay interfaces Functional Notes The snmp trap link status command is used to control the RFC2863 ifLinkUpDownTrapEnable OID OID number 1 3 6 1 2 1 31 1 1 1 14 0 Usage...

Page 1145: ...username is case sensitive password Specifies a password by alphanumerical string up to 30 characters in length the password is case sensitive Default Values By default there is no established username and password Functional Notes PAP uses this entry to check received information from the peer CHAP uses this entry to check the received peer hostname and a common password Usage Examples The follow...

Page 1146: ... 1430 bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other commands for this command set are described in this section in alphabetical order access policy policyname on page 1146 backup commands begin on page 1147 bandwidth value on page ...

Page 1147: ...mmand Set 5991 2114 Copyright 2007 Hewlett Packard Development Company L P 1145 tunnel destination ip address on page 1199 tunnel key value on page 1200 tunnel mode gre on page 1201 tunnel sequence datagrams on page 1202 tunnel source ip address interface on page 1203 ...

Page 1148: ...s refer to ip policy class policyname on page 426 Usage Examples The following example associates the access policy UnTrusted to allow inbound traffic to the Web server to the tunnel interface labeled 1 Enable the SROS security features ProCurve config ip firewall Create the access list this is the packet selector ProCurve config ip access list extended InWeb ProCurve config ext nacl permit tcp an...

Page 1149: ...up auto backup command to configure the sub interface to automatically attempt a backup upon failure Syntax Description No subcommands Default Values By default all backup endpoints will automatically attempt backup upon a failure Usage Examples The following enables automatic backup on the endpoint ProCurve config interface tunnel 1 ProCurve config tunnel 1 backup auto backup ...

Page 1150: ... network conditions are operational Use the no form of this command to disable the auto restore feature Syntax Description No subcommands Default Values By default all backup endpoints will automatically restore the primary connection when the failure condition clears Usage Examples The following configures the SROS to automatically restore the primary connection when the failure condition clears ...

Page 1151: ...e the no form of this command to return to the default value Syntax Description seconds Specifies the delay period in seconds a failure must be active before the SROS will enter backup operation on the interface valid range 10 to 86400 seconds Default Values By default the backup backup delay is set to 10 seconds Usage Examples The following configures the SROS to wait 60 seconds on an endpoint wi...

Page 1152: ...riginates backup call on primary link failure originate answer Originates or answers call on primary link failure originate answer always Originates on failure answers and backs up always Default Values By default the backup call mode is set to originate answer Functional Notes The majority of the configuration for the SROS backup implementation is configured via the backup PPP interface configura...

Page 1153: ...ppp 1 backup number 5552222 analog ppp 1 no shutdown interface ppp 1 ip address 172 22 56 1 255 255 255 252 ppp authentication chap username remoterouter password remotepass ppp chap hostname localrouter ppp chap password procurve no shutdown ip route 192 168 2 0 255 255 255 0 172 22 56 2 255 255 255 252 line telnet 0 4 password password Sample config for central router dialing in hostname Central...

Page 1154: ...ace ppp 1 ip address 172 22 56 2 255 255 255 252 ppp authentication chap username localrouter password procurve ppp chap hostname remoterouter ppp chap password remotepass no shutdown ip route 192 168 1 0 255 255 255 0 172 22 56 1 255 255 255 252 line telnet 0 4 password password Usage Examples The following configures the SROS to generate backup calls for this endpoint using an analog modem inter...

Page 1155: ...rying to call again or dialing a different number Recommended value is greater than 60 Syntax Description seconds Selects the amount of time in seconds that the router will wait for a connection before attempting another call valid range 10 to 300 Default Values By default backup connect timeout is set to 60 seconds Usage Examples The following configures the SROS to wait 120 seconds before retryi...

Page 1156: ... to allow maintenance to be performed on the primary link without disrupting data Use the no form of this command to return to the normal backup operation state Syntax Description backup Forces backup regardless of primary link state primary Forces primary link regardless of its state Default Values By default this feature is disabled Usage Examples The following configures the SROS to force this ...

Page 1157: ...p functionality refer to the Functional Notes section of the command backup call mode role on page 1150 Syntax Description attempts Selects the number of call retries that will be made after a link failure valid range 0 to 15 Setting this value to 0 will allow unlimited retries during the time the network is failed Default Values By default backup maximum retry is set to 0 attempts Usage Examples ...

Page 1158: ...analog Indicates number connects to an analog modem digital 56k Indicates number belongs to a digital 56 kbps per DS0 connection digital 64k Indicates number belongs to a digital 64 kbps per DS0 connection isdn min chan Specifies the minimum number of DS0s required for a digital 56 or 64 kbps connection Range 1 to 24 isdn mas chan Specifies the maximum number of DS0s desired for a digital 56 or 64...

Page 1159: ... priority links Use the no form of this command to return to the default value For more detailed information on tunnel backup functionality refer to the Functional Notes section of the command backup call mode role on page 1150 Syntax Description value Sets the relative priority of this link valid range 0 to 100 A value of 100 designates the highest priority Default Values By default backup priori...

Page 1160: ... this command to return to the default value For more detailed information on tunnel backup functionality refer to the Functional Notes section of the command backup call mode role on page 1150 Syntax Description No subcommands Default Values By default the SROS does not randomize the backup call timers Usage Examples The following example configures the SROS to randomize the backup timers associa...

Page 1161: ...iled information on tunnel backup functionality refer to the Functional Notes section of the command backup call mode role on page 1150 Syntax Description seconds Specifies the delay in seconds between attempting to re dial a failed backup attempt Range 10 to 3600 Default Values By default backup redial delay is set to 10 seconds Usage Examples The following example configures a redial delay of 25...

Page 1162: ...in and out of alarm For more detailed information on tunnel backup functionality refer to the Functional Notes section of the command backup call mode role on page 1150 Syntax Description seconds Specifies the number of seconds the SROS will wait after a primary link is restored before disconnecting backup operation Range 10 to 86 400 Default Values By default backup restore delay is set to 10 sec...

Page 1163: ...ode role on page 1150 Syntax Description day Sets the days to allow backup valid range Monday through Sunday enable time Sets the time of day to enable backup Time is entered in 24 hour format 00 00 disable time Sets the time of day to disable backup Default Values By default backup is enabled for all days and times if the backup auto backup command has been issued and the backup schedule has not ...

Page 1164: ... respond to backup sequences in the event of a network outage Use the no form of this command to reactivate the backup interface For more detailed information on tunnel backup functionality refer to the Functional Notes section of the command backup call mode role on page 1150 Syntax Description No subcommands Default Values By default all SROS interfaces are disabled Usage Examples The following ...

Page 1165: ...o restore the default values Syntax Description value Specifies bandwidth in kbps Default Values To view default values use the show interfaces command Functional Notes The bandwidth command is an informational value that is communicated to the higher level protocols to be used in cost calculations This is a routing parameter only and does not affect the physical interface Usage Examples The follo...

Page 1166: ...policy class and associated access control lists ACLs that describe the behavior of the firewall do not forget to include the traffic coming into the system over a VPN tunnel terminated by the system The firewall should be set up with respect to the unencrypted traffic that is destined to be sent or received over the VPN tunnel The following diagram represents typical SROS data flow logic Note Whe...

Page 1167: ...pted data is processed by the firewall The ACLs for a crypto map on an interface work in reverse logic to the ACLs for a policy class on an interface When specifying the ACLs for a crypto map the source information is the private local side un encrypted source of the data The destination information will be the far end un encrypted destination of the data However ACLs for a policy class work in re...

Page 1168: ... your domain name regardless of where you purchased registered it This allows to manage IP address mappings A records domain aliases CNAME records and mail servers MX records dyndns The Dynamic DNSSM service allows you to alias a dynamic IP address to a static hostname in various domains This allows your unit to be more easily accessed from various locations on the Internet This service is provide...

Page 1169: ...s does not change often or at all but you still want an easy name to remember it by without having to purchase your own domain name Static DNS service is ideal for you If you would like to use your own domain name such as yourname com you need Custom DNS service which also provides full dynamic and static IP address support Dynamic DNS service can be extremely helpful for site to site VPN connecti...

Page 1170: ...nables access control on packets transmitted on the specified interface Default Values By default these commands are disabled Functional Notes When this command is enabled the IP destination address of each packet must be validated before being passed through to the router system If the packet is not acceptable per these settings it is dropped Usage Examples The following example sets up the unit ...

Page 1171: ...d decimal notation for example 192 168 73 101 mask Specifies the subnet mask that corresponds to the listed IP address secondary Optional Configures a secondary IP address for the specified interface Default Values By default there are no assigned IP addresses Usage Examples The following example configures an IP address of 192 168 72 101 30 ProCurve config interface tunnel 1 ProCurve config tunne...

Page 1172: ...adcast packets of the specified type forwarded using the ip forward protocol command are received on the interface they will be forwarded to the device that needs the information Only packets meeting the following criteria are considered eligible by the ip helper address feature 1 The packet IP protocol is User Datagram Protocol UDP 2 Any UDP port specified using the ip forward protocol command 3 ...

Page 1173: ...ng that group s multicast packets to the interface Range 100 to 65 535 ms Default 1000 ms querier timeout seconds Specifies the number of seconds that the router waits after the current querier s last query before it takes over as querier IGMP V2 Range 60 to 300 seconds Default 2x the query interval value query interval seconds Specifies the interval at which IGMP queries are sent on an interface ...

Page 1174: ...er address and ip mcast stub upstream commands Downstream interfaces connect to segments with multicast hosts Multiple interfaces may be configured in downstream mode however interfaces connecting to the multicast network upstream should not be configured in downstream mode Interfaces configured as downstream should have the lowest IP address of all IGMP capable routers on the connected segment in...

Page 1175: ...command is disabled Functional Notes Multicast routing must be enabled prior to setting ip mcast stub fixed on the selected interface Also use the ip igmp static group A B C D command to receive multicast traffic without host initiated Internet Group Management Protocol IGMP activity on the selected interface Otherwise all host initiated IGMP transactions will enter multicast routes on the router ...

Page 1176: ... applications in conjunction with the ip mcast stub helper address ip mcast stub upstream and ip mcast stub downstream commands When enabled the interface becomes a helper forwarding interface The IGMP host function is dynamically enabled and the interface becomes the active upstream interface enabling the unit to perform as an IGMP proxy Refer to ip mcast stub helper address ip address on page 42...

Page 1177: ...st stub downstream commands When enabled the interface becomes a candidate to be a helper forwarding interface If chosen as the best path toward the helper address by the router s unicast route table the IGMP host function is dynamically enabled and the interface becomes the active upstream interface enabling the router to perform as an IGMP proxy Though multiple interfaces may be candidates no mo...

Page 1178: ...pecifies the interval between hello packets sent on the interface Range 0 to 32 767 message digest key keyid md5 key Configures OSPF Message Digest 5 MD5 authentication 16 byte max keys The SROS allows two keys key ID 1 and key ID 2 priority value Set the OSPF priority The value set in this field helps determine the designated router for this network Range 0 to 255 retransmit interval seconds Spec...

Page 1179: ...ce that is performing OSPF authentication Syntax Description message digest Optional Selects message digest authentication type null Optional Specifies that no authentication is used Default Values By default this is set to null meaning no authentication is used Usage Examples The following example specifies that no authentication will be used on the tunnel interface ProCurve config interface tunn...

Page 1180: ...rface Syntax Description broadcast Sets the network type for broadcast point to point Sets the network type for point to point Default Values By default Ethernet defaults to broadcast All other interfaces default to point to point Functional Notes A point to point network will not elect designated routers Usage Examples The following example designates a broadcast network type ProCurve config inte...

Page 1181: ...mmands Default Values By default PIM Sparse Mode is disabled for all interfaces Functional Notes PIM Sparse Mode is a multicast routing protocol that makes use of the unicast forwarding table PIM systems builds unidirectional shared trees rooted at a Rendezvous Point RP for a multicast group or a shortest path tree rooted at a specific source for a multicast group Usage Examples The following exam...

Page 1182: ...essages transmitted on the interface Routers use the priority values to determine the appropriate DR The router on the network segment with the highest priority is selected as the DR If a hello message is received on the interface from a router on the network segment and it does not contain a priority the entire network segment defaults to DR selection based on IP addresses instead of priority In ...

Page 1183: ...out the interface Valid range is 10 to 3600 seconds Default Values By default hellos are transmitted on PIM interfaces every 60 seconds Functional Notes Hello messages are used to inform neighbors of a router s presence Hello messages normally generate a small amount of traffic on an interface Setting the hello timer to a small interval increases the amount of hellos sent thus increasing the amoun...

Page 1184: ...r is not present Use the no form of this command to return to the default value Syntax Description time Specifies the time interval in seconds the PIM interface waits before a neighbor is considered not present Valid range is 30 to 10 800 seconds Default Values By default the nbr timeout is set to 105 seconds Usage Examples The following example specifies a wait interval of 360 seconds on the tunn...

Page 1185: ...e no form of this command to return to the default value Syntax Description time Specifies the delay interval in milliseconds after a join prune in which another router on the LAN may override the join prune Valid range is 0 to 65 535 milliseconds Default Values By default the override interval is set to 2500 milliseconds Usage Examples The following example sets the delay interval for join prune ...

Page 1186: ... estimate the amount of delay found in the local link Use the no form of this command to return to the default value Syntax Description time Specifies the expected propagation delay in the local link in milliseconds Valid range is 0 to 32 767 milliseconds Default Values By default the propagation delay is set to 500 milliseconds Usage Examples The following example sets the expected propagation de...

Page 1187: ...mmand to remove the assignment Removing a route map from the interface does not remove the route map configuration parameters from the system Syntax Description mapname Specifies the route map to associate with this interface Default Values By default policy based routing is disabled for all interfaces Usage Examples The following example associates the route map named MyMap with tunnel interface ...

Page 1188: ...ess Default Values By default proxy arp is enabled Functional Notes In general the principle of proxy ARP allows a router to insert its IP address in the source IP address field of a packet if the packet is from a host on one of its subnetworks This allows hosts to reach devices on other subnetworks without implementing routing or specifying a default gateway If proxy ARP is enabled the SROS will ...

Page 1189: ...the interface 2 Only accept received RIP version 2 packets on the interface Default Values By default all interfaces implement RIP version 1 the default value for the version command Functional Notes Use the ip rip receive version command to specify a RIP version that overrides the version in the Router RIP configuration See version 1 l 2 on page 1390 for more information The SROS only accepts one...

Page 1190: ...he interface 2 Only transmits RIP version 2 packets on the interface Default Values By default all interfaces transmit RIP version 1 the default value for the version command Functional Notes Use the ip rip send version command to specify a RIP version that overrides the version in the Router RIP configuration See version 1 l 2 on page 1390 for more information The SROS only transmits one version ...

Page 1191: ... the IP address of the network to be summarized network mask Specifies the network mask to be applied to the specific network to be summarized Default Values By default no manual summarization is applied by RIP Functional Notes Unlike the automatic summarization on classful network boundaries only specific network advertisements are made by RIP using the ip rip summary address command This command...

Page 1192: ...ntax Description No subcommands Default Values By default route caching is enabled on all interfaces Functional Notes Route caching allows an IP interface to provide optimum performance when processing IP traffic Usage Examples The following example enables route caching on the tunnel interface ProCurve config interface tunnel 1 ProCurve config tunnel 1 ip route cache Note Using Network Address Tr...

Page 1193: ...pplies the filter to the inbound traffic out Applies the filter to the outbound traffic Default Values By default there are no URL filters applied to any interfaces Functional Notes The firewall must be enabled using the ip firewall command in order to use URL filters The URL filter must be created by using the ip urlfilter filtername http command before applying it to the interface See ip urlfilt...

Page 1194: ...ge 1 to 32 767 seconds retries Defines the number of times to retry after failed keepalives before determining that the tunnel endpoint is down valid range 1 to 255 times Default Values By default keepalives are disabled When enabled the keepalive period defaults to 10 seconds and the retry count defaults to 3 times Functional Notes Keepalives do not have to be configured on both ends of the tunne...

Page 1195: ...he lldp receive command to allow LLDP packets to be received on this interface Syntax Description No subcommands Default Values By default all interfaces are configured to send and receive LLDP packets Usage Examples The following example configures the tunnel interface to receive LLDP packets ProCurve config interface tunnel 1 ProCurve config tunnel 1 lldp receive ...

Page 1196: ...his device s system capabilities on this interface system description Enables transmission of this device s system description on this interface system name Enables transmission of this device s system name on this interface Default Values Be default all interfaces are configured to transmit and receive LLDP packets of all types Functional Notes Individual LLDP information can be enabled or disabl...

Page 1197: ...packets of all types Functional Notes Individual LLDP information can be enabled or disabled using the various forms of the lldp send command For example use the lldp send and receive command to enable transmit and receive of all LLDP information Then use the no lldp send port description command to prevent LLDP from transmitting port description information Usage Examples The following example co...

Page 1198: ...nnel interfaces 64 to 18 190 Virtual Frame Relay sub interfaces 64 to 1520 Virtual PPP interfaces 64 to 1500 Default Values size The default values for the various interfaces are listed below ATM interfaces 1500 Demand interfaces 1500 Ethernet interfaces 1500 FDL interfaces 256 HDLC interfaces 1500 Loopback interfaces 1500 Tunnel interfaces 1500 Virtual Frame Relay sub interfaces 1500 Virtual PPP ...

Page 1199: ...is inversely proportional to the likelihood the bridge interface will be chosen as the root path Set the path cost value lower to increase the chance the interface will be the root To obtain the most accurate spanning tree calculations develop a system for determining path costs for links and apply it to all bridged interfaces Usage Examples The following example assigns a path cost of 100 for bri...

Page 1200: ...th ends of the tunnel must have tunnel checksum enabled in order for the tunnel checksum feature to function When both endpoints have tunnel checksum enabled a packet with an incorrect checksum will be dropped If the endpoints differ in their checksum configuration all packets will still flow without any checksum verification Usage Examples The following example enables checksum on the tunnel 1 in...

Page 1201: ...ation field of the outer IP header after GRE encapsulation of the original packet A route must be defined for the destination address Make certain there are no recursive routes by ensuring that a tunnel s destination address will be routed out a physical interface There is a possibility of creating a routing loop when tunnel interface traffic gets routed back to the same tunnel interface or to ano...

Page 1202: ...orm of this command to disable the key Syntax Description value Defines the key value for this tunnel valid range 1 to 4 294 967 294 Default Values By default a key is not configured Functional Notes When enabled the key will be stored in the GRE header and the key present bit will be set If tunnel keys are used a matching key value must be defined on both endpoints of the tunnel or packets will b...

Page 1203: ...ic Routing Encapsulation GRE header Use the no form of this command to set the tunnel to its default mode Syntax Description No subcommands Default Values By default the tunnel interface will be configured for GRE mode Functional Notes GRE is currently the only allowed mode for tunnel interface operation Usage Examples The following example configures the tunnel interface for GRE mode ProCurve con...

Page 1204: ... numbering enabled a packet arriving with a sequence number less than the current expected value will be dropped If the endpoints differ in their sequence numbering configuration all packets will still flow without any sequence number verification Be careful enabling sequence number verification on a tunnel The tunnel can easily become out of sequence due to network conditions outside of the tunne...

Page 1205: ...e slot port that contains the IP address to use as the source address for all packets transmitted on this interface Default Values By default a tunnel source is not defined Functional Notes Until a tunnel interface has a source IP address defined and the physical interface used as the source is operational the tunnel is not operational The tunnel source IP address will be the value put into the so...

Page 1206: ...owing commands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below bind from interface slot port tdm group to interface slot port on page 1431 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 All other commands for this command set are described in this section in alphabetical...

Page 1207: ... type data Use the call type data command to specify data operation for the ISDN group Syntax Description data Specifies use as digital line Default Values By default the call type is set to data Usage Examples The following example sets the call type for ISDN group 1 to data ProCurve config isdn group 1 ProCurve config isdn group 1 call type data ...

Page 1208: ...Use the no form of this command to remove the specified interface from the ISDN group Syntax Description bri Connects a BRI interface to the ISDN group Use the show modules command for a list of valid BRI interfaces installed in the system Default Values No default value necessary for this command Usage Examples The following example associates the bri 1 1 interface with ISDN group 1 ProCurve conf...

Page 1209: ...the system Incoming accept numbers are entered as a single number or as a range of numbers using the available wildcard characters The following wildcard inputs can be used to define numbers X Any single digit 0 through 9 N Any single digit 2 through 9 1 2 3 Specifies single digit in this group Any number effectively functions as a don t care The following list provides some examples for proper wi...

Page 1210: ...991 2114 Copyright 2007 Hewlett Packard Development Company L P 1208 Usage Examples The following example configures the group to accept calls for 916 555 1000 through 916 555 2000 ProCurve config isdn group 1 ProCurve config isdn group 1 incoming accept number 916 555 1 2 XXX ...

Page 1211: ...escription 1 255 Specifies the maximum number of channels allocated for the ISDN group Valid range is from 1 to 255 Default Values By default the maximum number of channels is set to 0 When max channels is set to 0 the group does not limit the number of usable channels and can use all available channels Use the no max channels command to return to the default value Usage Examples The following exa...

Page 1212: ...cifies the minimum number of channels allocated for the ISDN group Valid range is from 1 to 255 Default Values By default the minimum number of channels is set to 0 When min channels is set to 0 no channels are reserved for this group This group can use available channels but does not have any channels specifically reserved Use the no min channels command to return to the default value Usage Examp...

Page 1213: ...name Specifies the name of the resource pool to which this group is assigned cost Optional Specifies the cost of using this resource group within the specified pool In the event of a tie a resource with a lower cost will be selected first Interfaces with the same cost will be selected in alphabetical order by group name Default Values By default the group is not assigned to any resource pool Usage...

Page 1214: ...s are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below bind from interface slot port tdm group to interface slot port on page 1431 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 All other commands for this command set are described in this section in alphabetical order crl op...

Page 1215: ...RL verification optional Syntax Description No subcommands Default Values By default CRL optional is enabled Functional Notes If enabled the SROS is able to accept certificates even if no CRL is loaded into the configuration Currently this is the only mode supported by the SROS for CRL negotiations Usage Examples The following example sets CRL verification as optional ProCurve ca profile crl optio...

Page 1216: ...mail address to use when sending certificate requests This field allows up to 51 characters Default Values No defaults necessary for this command Functional Notes Configuring this setting simplifies the crypto ca enroll dialog allowing you to enter the email address only once rather than every time you go through the enrollment process See crypto ca enroll name on page 340 Usage Examples The follo...

Page 1217: ...ate request when it does not receive a response from the previous request Range 1 to 100 period minutes Specifies the time period between certificate request retries The default is 1 minute between retries Range 1 to 60 minutes Default Values By default period is set to 5 minutes and count is set to 12 retries Usage Examples The following example configures the SROS to send certificate requests ev...

Page 1218: ...abled Functional Notes This mode is overridden if the enrollment url command specifies the CA to which automatic certificate requests are to be sent via simple certificate exchange protocol SCEP Issuing an enrollment terminal command after using the enrollment url command deletes the URL and forces the unit to use manual enrollment See enrollment url url on page 1217 for more information Usage Exa...

Page 1219: ...arated with a colon The CA may have other necessary information to include in the CGI path before ending with the actual CGI program An example template to follow is http hostname port path to program exe NOTE To use the default program pkiclient exe without specifying it end the URL with a slash Otherwise you must enter the program name to use For example http 10 10 10 1 400 abcdefg will assume p...

Page 1220: ...ion fqdn Specifies the FQDN e g company com to be included in requests Default Values No defaults necessary for this command Functional Notes Configuring this setting simplifies the crypto ca enroll dialog allowing you to enter the FQDN only once rather than every time you go through the enrollment process See crypto ca enroll name on page 340 Usage Examples The following example specifies company...

Page 1221: ...he IP address in dotted decimal notation e g 192 22 73 101 Default Values No defaults necessary for this command Functional Notes Configuring this setting simplifies the crypto ca enroll dialog allowing you to enter the IP address only once rather than every time you go through the enrollment process Refer to crypto ca enroll name on page 340 Usage Examples The following example specifies 66 203 5...

Page 1222: ...s the SCEP password up to 80 characters Default Values By default no password is required Functional Notes There are two places for configuring a SCEP password At the ca profile prompt If it is not configured at the ca profile prompt you are prompted to enter one when going through the certificate enrollment process The password is sent to the CA from which you are requesting a certificate The CA ...

Page 1223: ...will be included in the certificate request Syntax Description No subcommands Default Values By default this command is disabled Functional Notes By default this command is set to no serial number which means that the serial number is not included in the certificate requests Usage Examples The following example configures Secure Router OS to include a serial number in the certificate request ProCu...

Page 1224: ...bject name string with up to 256 characters entered in X 500 LDAP format Default Values By default there is no subject name configured Functional Notes Configuring this setting simplifies the crypto ca enroll dialog allowing you to enter the subject name only once rather than every time you go through the enrollment process Refer to crypto ca enroll name on page 340 Usage Examples The following ex...

Page 1225: ...ve config crypto ca certificate chain MyProfile ProCurve config cert chain The following commands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below bind from interface slot port tdm group to interface slot port on page 1431 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 Al...

Page 1226: ... serial number up to 51 characters This value can be found for existing certificates by using the show run command Default Values No defaults necessary for this command Functional Notes The user typically does not enter this command It is primarily used to restore certificates from the startup configuration when the product is powered up Usage Examples The following example removes the certificate...

Page 1227: ...number Specifies the certificate s serial number up to 51 characters This value can be found for existing certificates by using the show run command Default Values No defaults necessary for this command Functional Notes The user typically does not enter this command It is primarily used to restore certificates from the startup configuration when the product is powered up Usage Examples The followi...

Page 1228: ...he CRL for the specific CA Syntax Description No subcommands Default Values No defaults necessary for this command Functional Notes The user typically does not enter this command It is primarily used to restore CRLs from the startup configuration when the product is powered up Usage Examples The following example removes the CRL for the current CA ProCurve config crypto ca certificate chain MyProf...

Page 1229: ...are covered in a centralized section of this guide For more information refer to the sections listed below bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 All other commands for this command set are described in this section in alphabetical order antireplay on page...

Page 1230: ...replay sequence number checking for all security associations created on this crypto map Use the no form of this command to disable Syntax Description No subcommands Default Values By default this command is enabled Usage Examples The following example enables antireplay sequence checking on crypto map VPN 100 ProCurve config crypto map VPN 100 ipsec ike ProCurve config crypto map antireplay ...

Page 1231: ...rth message of quick mode before bringing up its IPSec security associations SA s By default this feature is enabled on all SROS routers Some vendors however may have incorrect implementations of the commit bit that do not interoperate well with SROS routers In that case the commit bit should be disabled on all crypto maps that have a peer which does not support the commit bit Usage Example The fo...

Page 1232: ...1230 crypto ipsec transform set esp aes 256 cbc esp sha hmac esp aes 256 cbc esp sha hmac mode tunnel crypto map VPN 10 ipsec ike description VPN to Main Site match address VPN 10 vpn selectors set peer 192 168 1 1 set transform set esp aes 256 cbc esp sha hmac set security association lifetime seconds 3600 no commit bit ike policy 100 ...

Page 1233: ...Syntax Description policy number Specifies the policy number of the policy to assign to this crypto map Default Values No defaults necessary for this command Usage Examples The following example shows a typical crypto map configuration ProCurve config crypto ike policy 100 ProCurve config crypto map VPN 10 ipsec ike ProCurve config crypto map description Remote Office ProCurve config crypto map ma...

Page 1234: ...hich data to secure Instead the crypto map entry refers to an access control list An access control list ACL is assigned to the crypto map using the match address command If no ACL is configured for a crypto map then the entry is incomplete and will have no effect on the system The entries of the ACL used in a crypto map should be created with respect to traffic sent by the product The source info...

Page 1235: ...atches the unsecure traffic the traffic is discarded When a packet is to be transmitted on an interface the crypto map set associated with that interface is processed in order The first crypto map entry that matches the packet will be used to secure the packet If a suitable SA exists that is used for transmission Otherwise IKE is used to establish an SA with the peer If no SA exists and the crypto...

Page 1236: ...ministrative distance for the static route Range is 1 to 255 tag value Optional Specifies that a tag will be added to the static route in the route table Range from 1 to 65 535 Default Values By default reverse routing is disabled Functional Notes Reverse route injection automatically inserts a static route to a peer s remote network into the route table of a VPN gateway The tags used in reverse r...

Page 1237: ...s are configured the entry will only be used to respond to IPSec requests it cannot initiate the requests since it doesn t know which IP address to send the packet to If a single peer IP address is configured the crypto map entry can be used to both initiate and respond to SAs The peer IP address is the public IP address of the device which will terminate the IPSec tunnel If the peer IP address is...

Page 1238: ...ffie Hellman Group 2 1024 bit modulus exchange during IPSec SA key generation group5 Requires IPSec to use Diffie Hellman Group 5 1536 bit modulus exchange during IPSec SA key generation Default Values By default no PFS will be used during IPSec SA key generation Functional Notes If left at the default setting no perfect forward secrecy PFS will be used during IPSec SA key generation If PFS is spe...

Page 1239: ...me limit in kilobytes seconds value Specifies the SA lifetime limit in seconds Default Values By default the security association lifetime is set to 28 800 seconds and there is no default for the kilobytes lifetime Functional Notes Values can be entered for this command in both kilobytes and seconds Whichever limit is reached first will end the security association Usage Examples The following exa...

Page 1240: ...es By default there is no transform set assigned to the crypto map Functional Notes Crypto map entries do not directly contain the transform configuration for securing data Instead the crypto map is associated with transform sets which contain specific security algorithms If no transform set is configured for a crypto map then the entry is incomplete and will have no effect on the system Usage Exa...

Page 1241: ... following commands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 All other commands for this command set are descri...

Page 1242: ...replay sequence number checking for all security associations created on this crypto map Use the no form of this command to disable Syntax Description No subcommands Default Values By default this command is enabled Usage Examples The following example enables antireplay sequence checking on crypto map VPN 100 ProCurve config crypto map VPN 100 ipsec manual ProCurve config crypto map antireplay ...

Page 1243: ...Syntax Description policy number Specifies the policy number of the policy to assign to this crypto map Default Values No defaults necessary for this command Usage Examples The following example shows a typical crypto map configuration ProCurve config crypto ike policy 100 ProCurve config crypto map VPN 10 ipsec manual ProCurve config crypto map description Remote Office ProCurve config crypto map...

Page 1244: ...sed to determine which data to secure Instead the crypto map entry refers to an access control list An access control list ACL is assigned to the crypto map using the match address command see crypto map on page 351 If no ACL is configured for a crypto map then the entry is incomplete and will have no effect on the system The entries of the ACL used in a crypto map should be created with respect t...

Page 1245: ... matches the unsecured traffic the traffic is discarded When a packet is to be transmitted on an interface the crypto map set associated with that interface is processed in order The first crypto map entry that matches the packet will be used to secure the packet If a suitable SA exists that is used for transmission Otherwise IKE is used to establish an SA with the peer If no SA exists and the cry...

Page 1246: ...the peer device Default Values There are no default settings for this command Functional Notes If no peer IP address is configured the manual crypto map is not valid and not complete A peer IP address is required for manual crypto maps To change the peer IP address the no set peer command must be issued first then the new peer IP address can be configured Usage Examples The following example sets ...

Page 1247: ...fines encryption keys for outbound traffic ah SPI Specifies authentication header protocol esp SPI Specifies encapsulating security payload protocol cipher keyvalue Specifies encryption decryption key authenticator keyvalue Specifies authentication key Default Values There are no default settings for this command Functional Notes The inbound local security parameter index SPI must equal the outbou...

Page 1248: ...urve config ip crypto Step 3 Define the transform set A transform set defines the encryption and or authentication algorithms to be used to secure the data transmitted over the VPN tunnel Multiple transform sets may be defined in a system Once a transform set is defined many different crypto maps within the system can reference it In this example a transform set named highly_secure has been create...

Page 1249: ...und traffic The local system s inbound SPI and keys will be the peer s outbound SPI and keys The local system s outbound SPI and keys will be the peer s inbound SPI and keys In this example the following keys and SPIs are used Inbound cipher SPI 300Inbound cipher key 2te g89jnr j 4rvnfhg5e Outbound cipher SPI 400Outbound cipher key 8564hgjelrign gnb 1 d3 Inbound authenticator key r5 ughembkdhj34 x...

Page 1250: ...evelopment Company L P 1248 Step 7 Configure private interface to allow all traffic destined for the VPN tunnel to be routed to the appropriate gateway ProCurve config interface ethernet 0 1 ProCurve config eth 0 1 ip address 10 10 10 254 255 255 255 0 ProCurve config eth 0 1 no shutdown ProCurve config eth 0 1 exit ...

Page 1251: ... map Functional Notes Crypto map entries do not directly contain the transform configuration for securing data Instead the crypto map is associated with transform sets which contain specific security algorithms If no transform set is configured for a crypto map then the entry is incomplete and will have no effect on the system For manual key crypto maps only one transform set can be specified Usag...

Page 1252: ...following commands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 All other commands for this command set are described in this section in alphabetical order dns server address1 address2 on page 1251 ip range start ip end i...

Page 1253: ...o assign to a client Use the no form of this command to remove defined server address es Syntax Description address1 Assigns the first DNS server address address2 Optional Assigns the second DNS server address Default Values By default no DNS server address is defined Usage Examples The following example defines two DNS server addresses for this configuration pool ProCurve config ike client pool d...

Page 1254: ...signing an IP address to a client Use the no form of this command to remove defined IP ranges Syntax Description start ip Specifies the first IP address in the range for this pool end ip Specifies the last IP address in the range for this pool Default Values By default no IP address range is defined Usage Examples The following example defines an IP address range for this configuration pool ProCur...

Page 1255: ...name servers to assign to a client Use the no form of this command to remove assigned name servers Syntax Description address1 Specifies the first WINs server address to assign address2 Specifies the second WINs server address to assign Default Values By default no WINs server address is defined Usage Examples The following example defines two WINs server addresses for this configuration pool ProC...

Page 1256: ...mands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 All other commands for this command set are described in this section in alphabetical order authentication dss sig pre share rsa sig on page 1255 encryption aes xxx cbc d...

Page 1257: ... to use DSS signed certificates during IKE negotiation to validate the peer pre share Specifies the use of pre shared secrets during IKE negotiation to validate the peer rsa sig Specifies to use RSA signed certificates during IKE negotiation to validate the peer Default Values By default this command is enabled Functional Notes Both sides must share the same pre shared secret in order for the nego...

Page 1258: ... IKE generated SA Syntax Description aes 128 cbc Specifies the AES 128 CBC encryption algorithm aes 192 cbc Specifies the AES 192 CBC encryption algorithm aes 256 cbc Specifies the AES 256 CBC encryption algorithm des Specifies the DES encryption algorithm 3des Specifies the 3DES encryption algorithm Default Values By default encryption is set to des Usage Examples The following example selects 3D...

Page 1259: ...rate the keys which are then used to create the IPSec SA Syntax Description 1 Specifies 768 bit mod P 2 Specifies 1024 bit mod P 5 Specifies 1536 bit mod P Default Values By default group is set to 1 Functional Notes The local IKE policy and the peer IKE policy must have matching group settings in order for negotiation to be successful Usage Examples The following example sets this IKE policy to u...

Page 1260: ...a Use the hash command to specify the hash algorithm to be used to authenticate the data transmitted over the IKE SA Syntax Description md5 Choose the MD5 hash algorithm sha Choose the SHA hash algorithm Default Values By default hash is set to sha Usage Examples The following example specifies md5 as the hash algorithm ProCurve config ike attribute hash md5 ...

Page 1261: ...etime seconds Use the lifetime command to specify how long an IKE SA is valid before expiring Syntax Description seconds Specifies how many seconds an IKE SA will last before expiring Default Values By default lifetime is set to 28 800 seconds Usage Examples The following example sets a lifetime of two hours ProCurve config ike attribute lifetime 7200 ...

Page 1262: ...436 exit on page 1437 ping address on page 1438 All other commands for this command set are described in this section in alphabetical order attribute policynumber on page 1261 client authentication host on page 1262 client authentication host xauth type generic otp radius on page 1263 client authentication server list listname on page 1264 client configuration pool poolname on page 1265 initiate a...

Page 1263: ...5 535 to the attribute policy The number is the attribute s priority number and specifies the order in which the resulting VPN proposals get sent to the far end This command takes you to the config ike attribute prompt From here you can configure the settings for the attribute as outlined in the section IKE Policy Attributes Command Set on page 1254 Default Values By default no attribute is define...

Page 1264: ...the password passphrase phrase Optional Enter the value sent via Xauth as the passphrase This is only used with authentication type OTP one time password Default Values By default if this command is not present in the IKE policy the unit does not act as an Xauth host Functional Notes The specified credentials are programmed into the unit and there is no prompt for entering values real time Therefo...

Page 1265: ...eric authentication type otp Specifies OTP authentication type radius Specifies RADIUS authentication type Default Values By default this is set to generic Functional Notes This command is used along with the client authentication host username See client configuration pool poolname on page 1265 for more information When acting as an Xauth host this command allows the user to specify the Xauth aut...

Page 1266: ...authentication is not performed Functional Notes When this IKE policy is negotiated and the peer has indicated Xauth via the IKE authentication method and or the Xauth vendor ID this command allows the unit to perform as an Xauth server edge device The specified AAA login method is used to identify the location of the user authentication database The client authentication host and the client authe...

Page 1267: ...l poolname initiate respond client configuration pool poolname respond client configuration pool poolname respond initiate Syntax Description poolname The pool from which to obtain parameters to assign to the client Default Values By default if this command is not present in the IKE policy the device allocates mode config IP addresses DNS server addresses and NetBIOS name server addresses and mode...

Page 1268: ...c address must be the initiator of the traffic and tunnel The side with the static address must be the responder main Specifies to initiate using main mode Main mode requires that each end of the VPN tunnel has a static WAN IP address Main mode is more secure than aggressive mode because more of the main mode negotiations are encrypted Default Values By default the main initiation is enabled Funct...

Page 1269: ...the global system command ProCurve config crypto ike local id address This command which by default is executed on start up makes the local ID of an IKE policy equal to the IPv4 address of the interface on which an IKE negotiation is occurring This is particularly useful for products that could have multiple public interfaces The second method is to use the IKE policy command ProCurve config ike l...

Page 1270: ...Enter v1 or v2 to select the NAT traversal version allow Sets the IKE policy to allow the specified NAT traversal version disable Sets the IKE policy to disable the specified NAT traversal version force Sets the IKE policy to force the specified NAT traversal version Default Values The defaults for this command are nat traversal v1 allow and nat traversal v2 allow Usage Examples The following exam...

Page 1271: ...ing pre shared secret DES MD5 and Diffie Hellman Group 1 ProCurve config crypto ike policy 100 ProCurve config ike peer 172 17 45 57 ProCurve config ike peer 172 31 15 129 ProCurve config ike peer 192 168 1 3 ProCurve config ike respond anymode ProCurve config ike initiate main The following example sets up a policy allowing any peer to initiate using pre shared secret DES MD5 and Diffie Hellman G...

Page 1272: ...Specifies to respond only to aggressive mode anymode Specifies to respond to any mode main Specifies to respond only to main mode Default Values By default respond to any mode is enabled Functional Notes By using the initiate and respond commands you can configure the IKE policy to initiate and respond initiate only or respond only It is an error if you have both initiate and respond disabled Usag...

Page 1273: ...ure terminal ProCurve config ip as path list listname ProCurve config as path list The following commands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below do on page 1435 end on page 1436 exit on page 1437 All other commands for this command set are described in this section in alphabetical order deny...

Page 1274: ...rameters can be present in the command internet Denies routes that contain the reserved community number for the INTERNET community local as Denies routes that contain the reserved community number for NO_EXPORT_SUBCONFED Routes containing this attribute should not be advertised to external BGP peers no export Denies routes that contain the reserved community number for NO_EXPORT Routes containing...

Page 1275: ...y number Multiple community number parameters can be present in the command internet Permits routes that contain the reserved community number for the INTERNET community local as Permits routes that contain the reserved community number for NO_EXPORT_SUBCONFED Routes containing this attribute should not be advertised to external BGP peers no export Permits routes that contain the reserved communit...

Page 1276: ...etical order match as path name on page 1276 match community name exact match on page 1277 match ip address access list name on page 1278 match ip address prefix list prefix list name on page 1279 match ip dscp value afxx csxx default ef on page 1280 match ip precedence value critical flash flash override immediate internet network priority routine on page 1283 match metric value on page 1286 matc...

Page 1277: ...OS Command Line Interface Reference Guide Route Map Command Set 5991 2114 Copyright 2007 Hewlett Packard Development Company L P 1275 set local preference value on page 1298 set metric value on page 1299 ...

Page 1278: ...orm of this command to discontinue matching Syntax Description name Specifies the name of the AS path list to match AS path lists are created using the ip as path list command in the Global configuration mode Default Values No default value necessary for this command Usage Examples The following example instructs the route map named MyMap to match the AS path list named TestPath ProCurve config ro...

Page 1279: ... no form of this command to discontinue matching Syntax Description name Specifies the name of the community you want to match exact match Optional Specifies that the route map must match the community name exactly Default Values No default value necessary for this command Usage Examples The following example instructs the route map named MyMap to match the community named MyCommunity ProCurve con...

Page 1280: ...ss list command Refer to ip access list extended listname on page 375 for more information Use the no form of this command to discontinue matching Syntax Description access list name Specifies the name of the access list to match Default Values No default value necessary for this command Usage Examples The following example instructs the route map named MyMap to match the IP address access list na...

Page 1281: ... the ip prefix list command Refer to ip prefix list listname description text on page 435 for more information Use the no form of this command to discontinue matching Syntax Description prefix list name Specifies matching the IP address based on the prefix list name Default Values No default value necessary for this command Usage Examples The following example instructs the route map named MyMap t...

Page 1282: ...f Service field by creating a six bit sequence combining the precedence value with the delay throughput and reliability bits This six bit sequence increased the number of available values from 8 to 64 The DiffServ model introduced a new concept to QoS in the IP network environment per hop behaviors PHBs The PHB premise is that pieces equipment using the DiffServ model have an agreed upon set of ru...

Page 1283: ...enting IP precedence The following table is a comparison of IP precedence values to their corresponding DSCP values Assured Forwarding PHB The flexibility of DiffServ allows for more developed subclasses of service within each main class using the last three bits of the DSCP As defined in RFC2597 the Assured Forwarding PHB creates four main classes of service The first three bits of the DSCP speci...

Page 1284: ...service to reduce latency jitter and dropped packets and should be guaranteed bandwidth during the entire end to end transmission journey through the network The DSCP value for the Expedited Forwarding PHB is 46 DSCP bits are 101110 Usage Examples The following example instructs the route map named MyMap to match the IP header with a DSCP Assured Forwarding Class 1 Subclass 2 af12 ProCurve config ...

Page 1285: ...value of 1 immediate Specifies matching the IP precedence immediate Numeric value of 2 flash Specifies matching the IP precedence flash Numeric value of 3 flash override Specifies matching the IP precedence flash override Numeric value of 4 critical Specifies matching the IP precedence critical Numeric value of 5 internet Specifies matching the IP precedence internet Numeric value of 6 This level ...

Page 1286: ...red to recognize and handle IP Precedence values While it is a good idea to set the values for critical traffic it does not guarantee special handling In addition to the IP Precedence values RFC791 specifies bits for delay throughput and reliability to help balance the needs of particular traffic types when traveling on the IP network infrastructure When these bits are set to 0 they are handled wi...

Page 1287: ...nue matching Syntax Description minimum Specifies the minimum packet length you want to match Valid range 1 to 4 294 967 295 maximum Specifies the maximum packet length you want to match Valid range 1 to 4 294 967 295 Default Values No default value necessary for this command Usage Examples The following example instructs the route map named MyMap to match packets with a minimum length of 1 and a ...

Page 1288: ...cified Multi Exit Discriminators MED value Use the no form of this command to discontinue matching Syntax Description value Specifies the MED value you want to match Valid range 1 to 4 294 967 295 Default Values No default value necessary for this command Usage Examples The following example instructs the route map named MyMap to match the MED value of 100 ProCurve config route map MyMap permit 10...

Page 1289: ... match command will pass if any value matches Valid range is 1 to 65 535 Default Values No default value is necessary for this command Functional Notes More than one value may be specified as a tag to be matched The ip route command is related to the match tag command in that it includes an optional parameter to set the route tag value for local static routes VPN RRI Reverse Route Injection routes...

Page 1290: ... form of this command to disable this feature Syntax Description as path prepend number Specifies a number to be prepended to the AS path value as an autonomous number Valid range 1 to 65 535 as path prepend last as number Specifies a number to be prepended to the last AS path number Valid range 1 to 10 Default Values No default value necessary for this command Usage Examples The following example...

Page 1291: ...ify a list of communities to delete Use the no form of this command to disable this feature Syntax Description name Specifies the name of the list of communities to delete Default Values No default value necessary for this command Usage Examples The following example deletes the community list named listname ProCurve config route map MyMap permit 100 ProCurve config route map set comm list listnam...

Page 1292: ...te map local as Sets the community attribute to the NO_EXPORT_SUBCONFED community number for routes serviced by this route map Routes containing this attribute should not be advertised to external BGP peers no export Sets the community attribute to the NO_EXPORT community number for routes serviced by this route map Routes containing this attribute should not be advertised to BGP peers outside a c...

Page 1293: ...ed the router uses the first available interface from the list Use the no form of this command to remove the default interface Syntax Description interface Specifies the default interface Type set default interface for a list of valid interface types null 0 Redirects traffic to the specified interface regardless of available routing information Default Values No default value necessary for this co...

Page 1294: ...cket along the first usable interface Use the no form of this command to cancel output from the specified interface Syntax Description interface Sets output interface type for the packet Type set interface for a list of valid interfaces interface id Specifies the ID of the specified interface type Default Values No default value necessary for this command Usage Examples The following example sets ...

Page 1295: ...formation available Use the no form of this command to remove the configured default next hop Syntax Description interface Specifies the default interface Type set default next hop for a list of valid interface types null 0 Redirects traffic to the specified interface regardless of available routing information Default Values No default value necessary for this command Usage Examples The following...

Page 1296: ...df command to identify the packet as don t fragment DF Use the no form of this command to remove this designation Syntax Description No subcommands Default Values No default value necessary for this command Usage Examples The following example designates the packet as don t fragment ProCurve config route map MyMap permit 100 ProCurve config route map set ip df ...

Page 1297: ...Syntax Description value Specifies the DSCP numeric value Valid range 0 to 63 afxx Specifies the assured forwarding AF class and subclass Select from 11 001010 12 001100 13 001110 21 010010 22 010100 23 010110 31 011010 32 011100 33 011110 41 100010 42 100100 or 43 100110 csxx Specifies the class selector CS value Valid range 1 to 7 default Specifies the default IP DSCP value 000000 ef Specifies m...

Page 1298: ...the no form of this command to remove the configured next hop address Syntax Description address Specifies the IP address in dotted decimal notation a b c d More than one address can be entered and the router uses the first available route from the list Default Values No default value necessary for this command Usage Examples The following example sets the ip next hop interface to 192 168 5 61 Pro...

Page 1299: ... 7 in ascending order of importance routine Specifies the IP precedence routine Numeric value of 0 priority Specifies the IP precedence priority Numeric value of 1 immediate Specifies the IP precedence immediate Numeric value of 2 flash Specifies the IP precedence flash Numeric value of 3 flash override Specifies the IP precedence flash override Numeric value of 4 critical Specifies the IP precede...

Page 1300: ...o a local autonomous system Use the no form of this command to cancel the local preference Syntax Description value Sets the local preference value Valid range 0 to 4 294 967 295 Default Values No default value necessary for this command Usage Examples The following example sets the local preference fro MyMap to a value of 100 ProCurve config route map MyMap permit 100 ProCurve config route map se...

Page 1301: ...y a metric value for the route map Use the no form of this command to cancel the metric value Syntax Description value Sets the metric value Valid range 0 to 4 294 967 295 Default Values No default value necessary for this command Usage Examples The following example sets the metric value for MyMap to 100 ProCurve config route map MyMap permit 100 ProCurve config route map set metric 100 ...

Page 1302: ...ted below bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 All other commands for this command set are described in this section in alphabetical order bgp always compare med on page 1301 bgp compare med ignore med on page 1302 bgp default local preference metric on ...

Page 1303: ...SROS to always compare the Multi Exit Discriminators MEDs for all paths for a route regardless of the autonomous system AS through which the paths pass Use the no form of this command to disable this feature Syntax Description No subcommands Default Values By default this command is disabled Usage Examples The following example enables this option ProCurve config router bgp 65000 ProCurve config b...

Page 1304: ...re the Multi Exit Discriminators MEDs for all routes from the same autonomous system AS Use the bgp ignore med to configure the SROS to disregard all MED attributes for all received routes Syntax Description No subcommands Default Values By default the SROS compares the MED attributes for routes from the same AS Usage Examples The following example enables this option ProCurve config router bgp 65...

Page 1305: ...tive to other routes in the local autonomous system AS BGP4 neighbors can send the local preference value as an attribute of a route in an UPDATE message Local preference only applies to routes within the local AS Use the no form of this command to return to the default setting Syntax Description metric Specifies the new local preference Valid range is 0 to 4 294 967 295 Default Values The default...

Page 1306: ...SROS to compare the Multi Exit Discriminators MEDs for all BGP routes received from different neighbors within the same AS Use the no form of this command to disable this option Syntax Description No subcommands Default Values By default this option is disabled Usage Examples The following example enables the SROS to use the deterministic MED option ProCurve config router bgp 65000 ProCurve config...

Page 1307: ... feature Syntax Description No subcommands Default Values By default this command is enabled Functional Notes When enabled if the link interface over which the router is communicating with a BGP peer goes down the BGP session with that peer is immediately cleared When fallover is disabled and the link goes down the session is maintained until the BGP hold timer expires Usage Examples The following...

Page 1308: ...f this command to return to the default setting Syntax Description No subcommands Default Values By default neighbor changes are not logged Functional Notes This command controls logging of BGP neighbor state changes up down and resets This information is useful for troubleshooting and determining network stability Usage Examples The following example enables logging of BGP neighbor state changes ...

Page 1309: ...ault no router ID is configured The default action is detailed in Functional Notes below Functional Notes This command allows an IP address to be specified for use as the BGP router ID If no IP address is configured at BGP startup it uses the highest IP address configured on a loopback interface If no loopback interfaces are configured it uses the highest IP address configured on any interface tha...

Page 1310: ...ocal Sets the administrative distance for BGP routes learned via the network command and redistribution A value of 255 means the route is not installed in the route table Range 1 to 254 Default Values By default external is set to 20 internal to 200 and local to 200 Normally these default settings should not be changed Functional Notes This command sets the administrative distance for BGP routes T...

Page 1311: ...lues By default the hold time is 90 seconds Functional Notes Using the hold timer command in BGP configuration mode sets the default hold time for all neighbors in that BGP process Using the hold timer command in BGP neighbor configuration mode sets the hold time for only that neighbor The peers will negotiate and use the lowest configured setting The keepalive interval will be set to one third of...

Page 1312: ...bled BGP4 can balance traffic to a specific destination across up to six equal paths Use the no form of this command to return to the default value Syntax Description value Specifies the number of parallel routes eBGP neighbors can inject into the route table Valid range is 1 to 6 Default Values By default a single path can exist in the route table Usage Examples The following example configures t...

Page 1313: ...on Command Set on page 1313 for more information on neighbor specific configuration parameters Use the no form of this command to remove the configured neighbor Syntax Description address Specifies the IP address for the neighbor in dotted decimal notation Default Values By default there are no configured BGP neighbors Usage Examples The following example configures a BGP neighbor with an IP addre...

Page 1314: ...x Description address Specifies the network address for the neighbor the SROS will advertise over BGP Enter the network in dotted decimal notation A B C D mask mask Specifies the subnet mask for the specified neighbor in dotted decimal notation A B C D Default Values By default there are no configured BGP networks Usage Examples The following example adds the 172 20 2 0 network with a subnet mask ...

Page 1315: ...rmation refer to the sections listed below bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 exit on page 1437 ping address on page 1438 shutdown on page 1442 All other commands for this command set are described in this section in alphabetical order advertisement interval seconds on page 1314 as path list listname in out on p...

Page 1316: ...ecifies the advertisement interval in seconds Range 0 to 600 Default Values By default the advertisement interval is 30 seconds for external neighbors and 5 seconds for internal neighbors Functional Notes This command sets the minimum interval between sending updates to the specified neighbor Usage Examples The following example configures the BGP process to wait at least 100 seconds before sendin...

Page 1317: ...signs an AS path list to this BGP neighbor in Specifies the filtering of all inbound BGP route updates out Specifies the filtering of all outbound BGP route updates Default Values By default no AS path lists are specified for filtering Functional Notes Before they can be assigned to a neighbor AS path lists must first be defined using the ip as path list command See ip as path list listname on pag...

Page 1318: ...op is set to 1 Functional Notes This command allows an eBGP neighbor to be on a network that is not directly connected Normally eBGP peers are directly connected In certain applications a non BGP device such as a firewall or router may reside between eBGP peers In this case the eBGP multihop command is required to allow updates to have a TTL greater than 1 and to allow received BGP updates to be a...

Page 1319: ...d time is 90 seconds Functional Notes Using the hold timer command in BGP configuration mode sets the default hold time for all BGP neighbors Using the hold timer command in BGP neighbor configuration mode sets the hold time for the specific neighbor The peers will negotiate and use the lowest configured setting The keepalive interval will be set to one third of the negotiated hold time Usage Exam...

Page 1320: ...mples The following example configures this BGP neighbor s AS number to be 300 ProCurve config router bgp 65000 ProCurve config bgp neighbor 172 24 3 192 ProCurve config bgp neighbor local as 300 Technology Review This router appears to the peer router to be in the AS specified with the local as command In network advertisements from routers using the local as command the first router s true AS nu...

Page 1321: ... a next hop set to the IP address that the receiving peer has configured in its neighbor statement for this router In the eBGP case where the receiving router is in the same subnet as the current next hop the current next hop is not changed For broadcast multiaccess networks Ethernet this provides more efficient routing For non broadcast multiaccess networks NBMA such as Frame Relay with a partial...

Page 1322: ...is case sensitive and must not exceed 80 characters Default Values By default authentication is disabled Functional Notes Authentication must be configured on both peers using the same password Every BGP TCP segment sent is authenticated Configuring authentication causes an existing session to be torn down and re established using the currently specified authentication Usage Examples The following...

Page 1323: ...ifies the filtering of all inbound BGP route updates received from the specified peer out Specifies the filtering of all outbound BGP route updates being sent to the specified peer Default Values By default no prefix lists are specified for filtering Functional Notes Before they can be assigned to a BGP neighbor prefix lists must first be defined using the ip prefix list command See ip prefix list...

Page 1324: ...nd to return to default settings Syntax Description as number Specifies the AS number This number must be different from the AS number of the local router which is defined using the router bgp command Range 1 to 65 535 See router bgp AS number on page 491 for more information Default Values By default no BGP neighbors are defined Usage Examples The following example configures a remote AS number o...

Page 1325: ...to this BGP neighbor in Specifies the filtering modification of all inbound BGP route updates out Specifies the filtering modification of all outbound BGP route updates Default Values By default no route map is assigned Functional Notes Before a route map can be assigned to a BGP neighbor it must first be defined using the route map command See route map map name permit deny sequence number on pag...

Page 1326: ...into all outgoing route updates for this neighbor Use the no form of this command to return to default settings Syntax Description No subcommands Default Values By default this command is disabled Usage Examples The following example inserts a standard BGP community attribute into all outgoing route updates for the specified neighbor ProCurve config router bgp 65000 ProCurve config bgp neighbor 17...

Page 1327: ... subcommands Default Values By default this command is enabled Functional Notes BGP updates are stored prior to filtering thus allowing the clear ip bgp soft command to be used in the absence of route refresh RFC2918 capability This command affects all neighbors See clear ip bgp as number ip address in out soft on page 37 for more information Usage Examples The following example enables the unit t...

Page 1328: ...ax Description interface Specifies the interface ID e g loopback 1 of the virtual interface to be used as the source IP address Default Values By default the outbound interface s IP address is used for BGP updates Functional Notes This is most often configured as a loopback interface that is reachable by the peer router The peer will specify this address in its neighbor commands for this router Us...

Page 1329: ...ProCurve config comm list The following commands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below bind from interface slot port tdm group to interface slot port on page 1431 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 All other commands for this command set are describ...

Page 1330: ...s the well known reserved community number for the INTERNET community local as Denies routes that contain this value in their community attribute This represents the well known reserved community number for NO_EXPORT_SUBCONFED Routes containing this attribute should not be advertised to external BGP peers no export Denies routes containing this value in their community attribute This represents th...

Page 1331: ...nts the well known reserved community number for the INTERNET community local as Permits routes that contain this value in their community attribute This represents the well known reserved community number for NO_EXPORT_SUBCONFED Routes containing this attribute should not be advertised to external BGP peers no export Permits routes containing this value in their community attribute This represent...

Page 1332: ...be These are explained in the Network Monitor Track Configuration Command Set on page 1347 To activate the Network Monitor Probe Configuration mode enter the probe command at the Global Configuration mode prompt followed by the probe name Specify the probe type of icmp echo tcp connect or http request For example ProCurve enable ProCurve configure terminal ProCurve config probe probe1 icmp echo Pr...

Page 1333: ...ddress on page 1341 source port port on page 1342 timeout value on page 1343 tolerance on page 1344 The following commands are applicable to HTTP request probe types and can be executed after this command ProCurve config probe probe name http request absolute path on page 1332 destination on page 1334 expect regex expression on page 1335 expect status minimum maximum on page 1336 period value on p...

Page 1334: ... form of this command to return to the default Syntax Description name Specifies a pathname Default Values By default the path name is the forward slash symbol Functional Notes This command can only be executed while in the probe name http request command set Usage Examples The following example sets the absolute path to home index html ProCurve config probe probe1 http request ProCurve config pro...

Page 1335: ...rn Specifies a hexadecimal data pattern Default Values By default the data pattern is a standard ping packet pattern of data values starting with 0x00 incrementing by one for the length of the packet Refer to ping address on page 1438 for more information on ping packet data patterns Functional Notes This command can only be executed while in the probe name icmp echo command set Usage Examples The...

Page 1336: ...dress port number Syntax Description hostname Specifies the IP host by name ip address Specifies a valid IP address IP addresses should be expressed in dotted decimal notation for example 10 10 10 1 port Optional Specifies port number This feature is not used with icmp echo probes Default Values By default there is no setting for this command Usage Examples The following example specifies www proc...

Page 1337: ...atch anything the probe fails Use the no form of this command to return to the default Syntax Description expression Specifies the expression to display Default Values By default no regular expression is defined Functional Notes This command can only be executed while in the probe name http request command set Usage Examples The following example only allows the probe1 test to pass if the word suc...

Page 1338: ...iption minimum Specifies a minimum number value for the status code Valid range is 0 to 999 maximum Optional Specifies a maximum number to create a range of status codes Valid range is 0 to 999 Default Values By default there is no setting for this command Functional Notes This command can only be executed while in the probe name http request command set Specifying only a minimum value indicates o...

Page 1339: ...pts Use the no form of this command to return to the default Syntax Description value Specifies the time in seconds between probe test attempts Valid range is 1 to 4 294 967 295 seconds Default Values By default the period between probe tests is 60 seconds Usage Examples The following example specifies probe1 to initiate probe tests every 90 seconds ProCurve config probe probe1 icmp echo ProCurve ...

Page 1340: ...on page 1346 for more information The following system variables can be used in the text SYSTEM_NAME The host name of the system SYSTEM_SERIAL_NUMBER The serial number of the system SYSTEM_DESCRIPTION The product name and part number of the system SYSTEM_SOFTWARE_VERSION The firmware version of the system Usage Examples The following example configures a RAW HTTP request that attempts to access up...

Page 1341: ...m of this command to enable a probe to generate traffic Syntax Description No subcommands Default Values By default probes are shut down when created Functional Notes A probe must be created first using the probe command Refer to probe on page 485 for more information Issuing the shutdown command at the probe configuration prompt will disable a probe causing it to cease generating traffic Usage Ex...

Page 1342: ...s command to return to the default Syntax Description data length Specifies size of ICMP datagram Valid range is 0 to 1448 bytes Default Values By default the data length is 64 bytes Functional Notes This command can only be executed while in the probe name icmp echo command set Usage Examples The following example sets the length of the ICMP packet s data section for probe1 to 25 bytes ProCurve c...

Page 1343: ...ve the source IP address Syntax Description ip address Specifies a valid IP address IP addresses should be expressed in dotted decimal notation for example 10 10 10 1 Default Values By default the IP address of the outbound interface is used Functional Notes A valid local IP address must be entered for proper functionality Usage Examples The following example configures the source IP address on pr...

Page 1344: ...is command to return to the default Syntax Description port Specifies the port number Valid range is 1 to 65 535 Default Values By default the probe automatically selects the port number Functional Notes This command can be executed while in the probe name tcp connect or http request command set Usage Examples The following example configures the source port on probe1 as 5000 ProCurve config probe...

Page 1345: ...ecifies the timeout value in milliseconds This value must be less than the probe period value refer to period value on page 1337 Valid range is 250 to 4 294 967 296 milliseconds Default Values By default the timeout is 1500 milliseconds for ICMP echo probes 10 000 milliseconds 10 seconds for TCP connect probes and 10 000 milliseconds 10 seconds HTTP request probes Usage Examples The following exam...

Page 1346: ... that probe state transitions occur after a certain ratio of test results conflict with the current state fail number Specifies the number of failures that must occur before transitioning the probe to the FAIL state Valid ranges are 1 to 255 consecutive failures and 1 to 254 failures per set pass number Specifies the number of passes before transitioning the probe to the PASS state Valid ranges ar...

Page 1347: ...cutive passes to change its status to PASS when in the FAIL state ProCurve config probe probe1 icmp echo ProCurve config probe probe1 tolerance consecutive fail 10 pass 5 In the following example the probe is configured for rate tolerance To move to the FAIL state 5 of the last 10 tests must fail Once in this state 8 of the last 10 tests must pass in order to transition the probe back to PASS ProC...

Page 1348: ... get type head type raw Syntax Description get Specifies the probe use HTTP get request head Specifies the probe use HTTP head request raw Specifies the probe use HTTP raw request Default Values By default the probe s HTTP request is set to get Functional Notes This command can only be executed while in the probe name http request command set Usage Examples The following example configures probe1 ...

Page 1349: ... state an event is sent to the track Additional configuration commands are available for creating probes These are explained in the Network Monitor Probe Command Set on page 1330 To activate the Network Monitor Track Configuration mode enter the track command at the Global Configuration mode prompt followed by the name of the track For example enable configure terminal config track track1 config t...

Page 1350: ...to wait before allowing a new probe status change to trigger a new action Use the no form of this command to return to the default Syntax Description value Specifies the time interval value in seconds Valid range is 1 to 4 294 967 295 Default Values By default the interval is set to 0 seconds Usage Examples The following example sets the dampening interval to 90 seconds ProCurve config track track...

Page 1351: ... displayed real time on the terminal or Telnet screen Use the no form of this command to disable this feature Unlike track debug commands the log changes command appears in the running configuration and can be saved to persist through a unit restart Syntax Description No subcommands Default Values By default this feature is disabled Usage Examples The following example enables the logging of statu...

Page 1352: ...nd to enable a track Syntax Description No subcommands Default Values By default tracks are active when created Functional Notes A track must be created first using the track command in the Global Configuration mode Refer to the command track name on page 532 for more information Issuing the shutdown command at the track configuration prompt will force the track to fail Usage Examples The followin...

Page 1353: ... schedule or probe is in an ACTIVE or PASS state Conversely the track will FAIL if the schedule or probe is in an INACTIVE or FAIL state The test if not command specifies a conditional test where the track state pass or fail is dependant upon the state of the object probe or schedule being tested The not keyword indicates that the track state will negate the result of the object test For example t...

Page 1354: ...me active The following bullets describe the setup via CLI to accomplish the customer s goals A schedule called DELAY AFTER BOOT is created and specified to become active 180 seconds after the SROS unit has booted up A track named DELAY is created Track DELAY is associated with the schedule DELAY AFTER BOOT via the following command config track DELAY test if not schedule DELAY AFTER BOOT The inve...

Page 1355: ...the default route to null interface 0 has a lower administrative distance than the demand interface default route As soon as a default route has been assigned to the primary Ethernet WAN interface the route will appear in the routing table with an administrative distance of 1 which is lower than the administrative distance of 10 for the null interface Due to the lower administrative distance all t...

Page 1356: ...test list to fail or Specifies the relationship between all objects placed in this list The logical OR relationship means that only one of the objects in this list must be in the PASS state for the track test list to pass and all objects in a FAIL state for the track test list to fail if probe schedule Specifies a single conditional test to be added to the test track list if not probe schedule Spe...

Page 1357: ...test exit ProCurve config track track LB no shutdown The show track LB command is executed to see whether track LB is in a PASS state ProCurve show track LB Current State PASS Admin UP Testing probe LB PASS AND probe LB2 PASS Dampening Interval 1 seconds Time in current state 0 days 0 hours 0 minutes 29 seconds Track State Changes 2 Tracking Currently track LB is in a PASS state Due to the AND Boo...

Page 1358: ...ion Command Set 5991 2114 Copyright 2006 Hewlett Packard Development Company L P 1356 Note If the test list in this example had specified the OR Boolean logic using the test list or command then track LB would have passed even though one of the test probes was in the FAIL state ...

Page 1359: ...ption if probe schedule Specifies a single conditional test to be added to the test track list if not probe schedule Specifies a single conditional test to be added to the test track list The not keyword indicates that the individual track state will negate the result of the object test name Specifies the name of the probe or schedule weight value Specifies the weight value to use if this test is ...

Page 1360: ...roCurve config track LB test ProCurve config track LB test test list weighted ProCurve config track LB test test if probe LB weight 10 ProCurve config track LB test test if probe LB2 weight 20 ProCurve config track LB test test if probe LB3 weight 30 ProCurve config track LB test test threshold pass 35 fail 25 ProCurve config track LB test test exit ProCurve config track LB test no shutdown The sh...

Page 1361: ...SS 30 if probe LB3 FAIL Total 20 currently 35 changes state to PASS Dampening Interval 1 seconds Time in current state 0 days 0 hours 0 minutes 33 seconds Track State Changes 1 Tracking Only probe LB2 is in the PASS state Therefore the sum of the assigned weights equals 20 The value of 20 falls below the FAIL threshold of 25 As a result the current state of the track is now FAIL ...

Page 1362: ...page 1437 ping address on page 1438 All other commands for this command set are described in this section in alphabetical order area area id default cost value on page 1361 area area id range ip address network mask advertise not advertise on page 1362 area area id stub no summary on page 1363 auto cost reference bandwidth rate on page 1364 distance intra area inter area external value on page 136...

Page 1363: ...the no form of this command to delete the assigned cost Syntax Description area id Specifies identifier for this area Enter as an integer range 0 to 4 294 967 295 or an IP address A B C D value Specifies default summary route cost Range 0 to 166 777 214 Default Values By default the summary route cost is set to 0 There is no default for the area ID Usage Examples The following example defines a de...

Page 1364: ...er as an integer range 0 to 4 294 967 295 or an IP address A B C D ip address The IP address of the advertised summary route network mask The mask of the advertised summary route advertise The specified address range will be advertised to other networks not advertise The specified address range will not be advertised to other networks Default Values By default OSPF is not enabled Usage Examples Th...

Page 1365: ... keyword to designate the area as a total stub area No summary link advertisements will be sent by the ABR into the stub area Default Values By default OSPF is not enabled Technology Review It is important to coordinate configuration of all routers and access servers in the stub area The area stub command must be configured for each of those pieces of equipment Use the area router configuration co...

Page 1366: ...terface cost to an interface It may be necessary to assign a higher number to high bandwidth links This value is used in OSPF metric calculations Syntax Description rate Sets the default reference bandwidth rate range 1 to 4 294 967 Mbps Default Values By default the rate is set to 100 Usage Examples The following example sets the auto cost reference bandwidth to 1000 Mbps ProCurve config router o...

Page 1367: ...enerates one unless the always keyword is used Syntax Description always Specifies to always advertise default route metric value Configures metric value range is 0 to 16 777 214 metric type type Configures metric type 1 or 2 Default Values metric value 10 metric type type 2 Usage Examples The following example configures a router to always advertise default routes and assigns the default routes a...

Page 1368: ... at 20 Functional Notes The metric value defined using the redistribute command overrides the default metric command s metric setting See redistribute ospf metric value on page 1386 and redistribute static metric value on page 1387 for related information Usage Examples The following example shows a router using both RIP and OSPF routing protocols The example advertises RIP derived routes using th...

Page 1369: ...into the route table Range is 0 to 255 intra area Specifies using a unique administrative distance for route paths between a source and destination in the same routing area inter area Specifies using a unique administrative distance for route paths between a source and destination in different areas external Specifies using a unique administrative distance for route paths between different autonom...

Page 1370: ...um number of multipath routes to advertise to the route table via OSPF Syntax Description number Specifies the number of routes OSPF can insert into the route table Valid range 1 to 6 Default Values By default maximum paths is set to 4 Usage Examples The following example sets the maximum number of multipath routes OSPF can insert in the route table to 5 ProCurve config router ospf ProCurve config...

Page 1371: ...an IP address A B C D Default Values No default values required for this command Technology Review In order for OSPF to operate on an interface the primary address for the interface must be included in the network area command Assigning an interface to an OSPF area is done using the network area command There is no limit to the number of network area commands used on a router If the address ranges...

Page 1372: ...cription metric value Optional Specifies a metric value to be carried from one OSPF process to the next if no other value is specified metric type type Optional Specifies a type 1 or type 2 external route as the external link type If not specified the default is 2 subnets Optional Specifies subnet redistribution when redistributing routes into OSPF Default Values By default this command is disable...

Page 1373: ...ic Specifies advertising static routes using OSPF metric value Optional Specifies a metric value to be carried from one OSPF process to the next if no other value is specified metric type type Optional Specifies a type 1 or type 2 external route as the external link type If not specified the default is 2 subnets Optional Specifies subnet redistribution when redistributing routes into OSPF Default ...

Page 1374: ... routes that match the specified mask prefix mask pair Syntax Description address Specifies IP address or Prefix A B C D mask prefix mask Routes matching this mask prefix mask pair will be suppressed if the not advertise command is enabled not advertise Optional Causes suppression of routes that match the specified mask prefix mask pair Default Values By default this command is disabled Usage Exam...

Page 1375: ... timers lsa group pacing command to change the link state advertisement LSA refresh interval Syntax Description seconds Sets the LSA refresh interval in seconds range 10 to 1 800 Default Values By default this value is set at 240 seconds Usage Examples The following example sets the refresh interval for six minutes ProCurve config router ospf ProCurve config ospf timers lsa group pacing 360 ...

Page 1376: ... and hold intervals Syntax Description delay Specifies time in seconds between OSPF s receipt of topology changes and the beginning of SPF calculations hold Specifies time in seconds between consecutive SPF calculations Range 10 to 1800 seconds Default Values delay 5 seconds hold 10 seconds Usage Examples The following example defines a delay of 10 seconds and a hold time of 30 seconds ProCurve co...

Page 1377: ...er pim sparse ProCurve config pim sparse The following commands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below bind from interface slot port tdm group to interface slot port on page 1431 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438All other commands for this command s...

Page 1378: ...g rate for PIM sparse join prune messages Use the no form of this command to return to the default setting Syntax Description seconds Specifies the PIM sparse join prune message interval Valid range 10 to 65 534 seconds Default Values By default the message interval is set to 60 seconds Usage Examples The following example sets the interval for 50 seconds ProCurve config router pim sparse ProCurve...

Page 1379: ...s then a hash algorithm determines the appropriate hierarchy see below The results of the hash algorithm can be seen with the show ip pim sparse rp map command The hash algorithm is defined in RFC 2117 section 3 7 as follows For each RP address C i in the RP Set whose Group prefix covers G compute a value Value G M C i 1103515245 1103515245 G M 12345 XOR C i 12345 mod 2 31 where M is a hash mask i...

Page 1380: ... of packets the router sends using the rendezvous point RP before switching to the SPT Syntax Description packets Specifies the number of packets the router sends using the RP before switching to the SPT Valid range 1 to 4 294 967 295 infinity Causes all sources to use the shared RP tree Default Values By default the SPT threshold is set to 1 packet Usage Examples The following example sets the SP...

Page 1381: ...d section of this guide For more information refer to the sections listed below do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 All other commands for this command set are described in this section in alphabetical order auto summary on page 1380 default metric value on page 1381 distribute list access list in out interface type slot port on page 1382 network address su...

Page 1382: ...arization Syntax Description No subcommands Default Values By default auto summary is disabled Functional Notes Use this command if you are subdividing a classful network into many subnets and these subnets are to be advertised over a slow link 64K or less to a router that can only reach the classful network via the router you are configuring Usage Examples The following example configures the rou...

Page 1383: ... Default Values By default this value is set at 0 Functional Notes The metric value defined using the redistribute command overrides the default metric command s metric setting See redistribute ospf metric value on page 1386 and redistribute static metric value on page 1387 for related information Usage Examples The following example shows a router using both RIP and OSPF routing protocols The exa...

Page 1384: ...which the contents of the incoming outgoing routing updates are matched in Applies RIP filtering to inbound data out Applies RIP filtering to outbound data interface type slot port Optional Specifies the interface in which to apply the ACL Type distribute list xxxx in for a complete list of applicable interfaces Default Values By default distribute list filtering is disabled Usage Examples The fol...

Page 1385: ...tional Notes The SROS will only allow processing sending and receiving RIP messages on interfaces with IP addresses that are contained in the networks listed using this command All RIP messages received on interfaces not listed using this command will be discarded To allow for receiving and participating in RIP but not for transmitting use the passive interface command refer to passive interface i...

Page 1386: ...that will not transmit routing updates Default Values By default RIP is not enabled Functional Notes All routing updates received on that interface will still be processed and advertised to other interfaces but no updates will be transmitted to the network connected to the specified interface Multiple passive interface commands may be used to create a customized list of interfaces Usage Examples T...

Page 1387: ...le the propagation of the specified route type Syntax Description metric value Optional Specifies the hop count to use when advertising redistributed OSPF routes using the RIP protocol Default Values By default RIP is not enabled Functional Notes Redistributing connected routes imports those routes into RIP without the interfaces in question actually participating in RIP The connected routes impor...

Page 1388: ...to use when advertising redistributed OSPF routes using the RIP protocol Default Values By default this command is disabled Functional Notes Redistributing OSPF routes imports those routes into RIP without the interfaces in question actually participating in RIP The OSPF routes imported this way are not covered by a network command and therefore do not send receive RIP traffic If redistribute ospf...

Page 1389: ...pecified route type Syntax Description metric value Optional Specifies the hop count to use for advertising redistributed OSPF routes in RIP Default Values By default this command is disabled Functional Notes Redistributing static routes allows other network devices to learn about paths not compatible with their system without requiring manual input to each device on the network Usage Examples The...

Page 1390: ...ll be removed from the route table Use the no form of this command to return to the default settings Syntax Description seconds Sets the timeout timer value Valid range 5 to 4294967295 seconds Default Values By default this value is set at 180 seconds Functional Notes Note that the timeout timer value cannot be set to a value less than the update timer value It is recommended that this timer be se...

Page 1391: ...Specifies the number of seconds allowed to elapse between RIP update packet transmissions Valid range 5 to 4 294 967 295 seconds Default Values By default this value is set at 30 seconds Functional Notes Note that the timeout timer value cannot be set to a value less than the update timer value It is recommended that the timeout timer be set to a value that is three times the value of the update t...

Page 1392: ...ion used on all IP interfaces This global configuration is overridden using the configuration commands ip rip send version and ip rip receive version Use the no form of this command to return to the default value Syntax Description 1 RIP version 1 2 RIP version 2 Default Values By default RIP is not enabled Usage Examples The following example specifies RIP version 2 as the global RIP version ProC...

Page 1393: ...rder to actively process traffic Any traffic for the interface that is not sent to the priority queue is sent using the default queuing method for the interface such as weighted fair queuing For example ProCurve enable ProCurve configure terminal ProCurve config qos map VOICEMAP 10 ProCurve config qos map match precedence 5 ProCurve config qos map priority 512 ProCurve config qos map exit ProCurve...

Page 1394: ...h between all priority entries and class based entries bandwidth in a QoS map set should not be configured beyond the specified max reserved bandwidth default 75 percent on the interface that the QoS policy is applied to using the qos policy command or the map will be disabled Even with the configuration limit class based queues can still use more than the max reserved bandwidth limitation up to 1...

Page 1395: ...where Bandwidth minimum amount of bandwidth needed for the traffic in kbps max reserved bandwidth specifies the percentage of the total line rate available for use by QoS Line Rate total data rate configured on the interface for example 8 DS0s 64 kbps per DS0 on a T1 equals a line rate of 512 kbps Priority Traffic amount of bandwidth reserved using the priority command For example to specify 80 kb...

Page 1396: ...o each class ProCurve config qos map MyMap 1 ProCurve config qos map match precedence 5 ProCurve config qos map bandwidth percent 25 ProCurve config qos map MyMap 2 ProCurve config qos map match precedence 3 ProCurve config qos map bandwidth percent 10 ProCurve config qos map MyMap 3 ProCurve config qos map match precedence 2 ProCurve config qos map bandwidth percent 10 ProCurve config qos map MyM...

Page 1397: ...ect from 11 001010 12 001100 13 001110 21 010010 22 010100 23 010110 31 011010 32 011100 33 011110 41 100010 42 100100 or 43 100110 csx Specifies the class selector CS value Valid range is 1 to 7 default Specifies the default IP DSCP value 000000 dscp 0 63 Matches IP packets with the specified Differentiated Service Code Point DSCP value ef Specifies marking for expedited forwarding EF ip rtp star...

Page 1398: ...qos map match list Class_A ProCurve config qos map match list Class_B ProCurve config qos map bandwidth percent 25 Alternately the following configuration is also valid ProCurve config qos map MyMap 1 ProCurve config qos map match list Class_A ProCurve config qos map bandwidth percent 25 ProCurve config qos map MyMap 2 ProCurve config qos map match list Class_B ProCurve config qos map bandwidth pe...

Page 1399: ...fig qos map match list CLASS_1 ProCurve config qos map bandwidth 96 ProCurve config qos map MyMap 3 ProCurve config qos map match list CLASS_2 ProCurve config qos map bandwidth 52 3 Specify the reserved bandwidth and apply the map ProCurve config fr 1 max reserved bandwidth 85 ProCurve config fr 1 qos policy out MyMap Technology Review RFC791 created a single octet labeled Type of Service to help ...

Page 1400: ...y A 1 in the throughput position indicates that the traffic has higher bandwidth requirements that should be met A 1 in the reliability position indicates that the traffic is sensitive to delivery issues and care should be taken to ensure proper delivery with all packets of this type These extra bits are rarely used because they are quite difficult to balance the cost and benefits of each paramete...

Page 1401: ...implementing IP precedence The following table is a comparison of IP precedence values to their corresponding DSCP values Assured Forwarding PHB The flexibility of DiffServ allows for more developed sub classes of service within each main class using the last three bits of the DSCP As defined in RFC2597 the Assured Forwarding PHB creates four main classes of service The first three bits of the DSC...

Page 1402: ...tended to provide the best service possible on an IP network Packets using the Expedited Forwarding PHB markings should be provided service to reduce latency jitter dropped packets and be guaranteed bandwidth during the entire end to end transmission journey through the network The DSCP value for the Expedited Forwarding PHB is 46 DSCP bits are 101110 Bit 3 Bit 4 Drop Precedence 0 1 Low 1 0 Medium...

Page 1403: ...urst size in bytes for traffic in this priority queue This parameter should be left unconfigured for optimal performance Range 3 to 1 000 000 percent value Allocates a minimum bandwidth for a traffic class specifying the minimum as a percentage of the total interface bandwidth This command is especially useful for protecting bandwidth allocation in multilink applications See Functional Notes for m...

Page 1404: ...ng needs Reserve 15 of the line rate for routing traffic and L2 protocol traffic max reserved bandwidth 85 Line Rate 512 kbps Guaranteed 256 kbps for Voice Guaranteed 96 kbps for Class 1 Guaranteed 52 kbps for Class 2 To configure this QoS policy enter the following QoS map and interface commands 1 Allocate LLQ Priority voice traffic ProCurve config qos map MyMap 1 ProCurve config qos map match li...

Page 1405: ...o 7 default Specifies the default IP DSCP value 000000 ef Specifies marking for expedited forwarding EF Default Values No default value is necessary for this command Functional Notes QoS policies are configured in the SROS CLI to dictate the priority for servicing specified traffic types on a particular interface QoS policies contain at least one match reference using the match command and one or ...

Page 1406: ...nd Line Interface Reference Guide Quality of Service QoS Map Commands 5991 2114 Copyright 2007 Hewlett Packard Development Company L P 1404 ProCurve config qos map VOICEMAP 10 ProCurve config qos map set dscp 46 ...

Page 1407: ... a particular interface QoS policies contain at least one match reference using the match command and one or more action items using the priority bandwidth or set commands The set precedence command can be used to change the Differentiated Services DS Field for incoming traffic serviced by the QoS policy Every IPv4 header contains an 8 bit Type of Service ToS field used for marking data types requ...

Page 1408: ...o on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 All other commands for this command set are described in this section in alphabetical order bootfile filename on page 1407 client identifier identifier on page 1408 client name name on page 1410 default router address secondary on page 1411 dns server address secondary on page 1412 domain name domain on page 1413 hardware ...

Page 1409: ...ternal flash drive can receive a bootfile from a TFTP server The ProCurve Secure Router DHCP server can provide these devices with the address of the network TFTP server and the configuration filename For example some IP phones use this functionality to download the feature and key activation file Use the tftp server command in the DHCP Pool command set to specify the IP address of the network TFT...

Page 1410: ...net For example a custom client identifier of 0f ff ff ff ff 51 04 99 a1 may be entered using the identifier option Default Values By default the client identifier is populated using the following formula TYPE INTERFACE SPECIFIC INFO MAC ADDRESS Where TYPE specifies the media type in the form of one hexadecimal byte refer to hardware address hardware address type on page 1414 for a detailed listin...

Page 1411: ... 80 0x1401 Functional Notes DHCP clients use client identifiers in place of hardware addresses To create the client identifier begin with the two digit numerical code representing the media type and append the client s MAC address For example a Microsoft client with an Ethernet 01 MAC address d2 17 04 91 11 50 uses a client identifier of 01 d2 17 04 91 11 50 Usage Examples The following example sp...

Page 1412: ...rm of this command to remove the configured client name Syntax Description name Identifies the DHCP client example is client1 with an alphanumeric string up to 32 characters in length Default Values By default there are no specified client names Usage Examples The following example specifies a client name of myclient ProCurve config ip dhcp server pool MyPool ProCurve config dhcp client name mycli...

Page 1413: ...e 192 168 4 254 secondary Optional Specifies the address in dotted decimal notation of the second preferred router on the client s subnet example 192 168 4 253 Default Values By default there are no specified default routers Functional Notes When specifying a router to use as the primary secondary preferred router verify that the listed router is on the same subnet as the DHCP client The SROS allo...

Page 1414: ...Syntax Description address Specifies the address in dotted decimal notation of the preferred DNS server on the network example 192 168 4 254 secondary Optional Specifies the address in dotted decimal notation of the second preferred DNS server on the network example 192 168 4 253 Default Values By default there are no specified default DNS servers Usage Examples The following example specifies a d...

Page 1415: ...n Protocol DHCP client Use the no form of this command to remove the configured domain name Syntax Description name Identifies the DHCP client e g procurve com with an alphanumeric string up to 32 characters in length Default Values By default there are no specified domain names Usage Examples The following example specifies a domain name of procurve com ProCurve config ip dhcp server pool MyPool ...

Page 1416: ...re protocol of the DHCP client The hardware type field can be entered as follows ethernet Specifies standard Ethernet networks ieee802 Specifies IEEE 802 standard networks 1 21 Enter one of the hardware types listed in RFC1700 The valid hardware types are as follows 1 10 Mb Ethernet 2 Experimental 3 Mb Ethernet 3 Amateur Radio AX 25 4 Proteon ProNET Token Ring 5 Chaos 6 IEEE 802 Networks 7 ARCNET ...

Page 1417: ...4 Copyright 2007 Hewlett Packard Development Company L P 1415 Usage Examples The following example specifies an Ethernet client with a MAC address of ae 11 54 60 99 10 ProCurve config ip dhcp server pool MyPool ProCurve config dhcp hardware address ae 11 54 60 99 10 ethernet ...

Page 1418: ...d the DHCP server examines its address pools to obtain an appropriate mask If no valid mask is found in the address pools the DHCP server uses the Class A B or C natural mask prefix length Optional Alternately the prefix length may be used to specify the number of bits that comprise the network address The prefix length must be preceded by a forward slash For example to specify an IP address with ...

Page 1419: ...urs in a lease You may only enter a value in the hours field if the days field is specified minutes Optional Specifies the number of minutes in a lease You may only enter a value in the minutes field if the days and hours fields are specified Default Values By default an IP address lease is one day Usage Examples The following example specifies a lease of 2 days ProCurve config ip dhcp server pool...

Page 1420: ...ntax Description address Specifies the address in dotted decimal notation of the preferred NetBIOS WINS name server on the network example 192 168 6 99 secondary Optional Specifies the address in dotted decimal notation of the second preferred NetBIOS WINS name server on the network example 192 168 8 15 Default Values By default there are no configured NetBIOS WINS name servers Usage Examples The ...

Page 1421: ... node type used with DHCP clients Valid node types are as follows b node 1 Broadcast node p node 2 Peer to Peer node m node 4 Mixed node h node 8 Hybrid node Recommended Alternately the node type can be specified using the numerical value listed next to the nodes above Default Values type h node 8 Hybrid node Usage Examples The following example specifies a client s NetBIOS node type as h node Pro...

Page 1422: ... the subnet mask is left unspecified the DHCP server uses the Class A B or C natural mask prefix length Optional Alternately the prefix length may be used to specify the number of bits that comprise the network address The prefix length must be preceded by a forward slash For example to specify an IP address with a subnet mask of 255 255 0 0 enter 16 after the address Default Values By default the...

Page 1423: ...mmand to specify the name of the Network Time Protocol NTP server published to the client Syntax Description ip address Specifies the IP address of the NTP server Default Values By default no NTP server is defined Usage Examples The following example specifies the IP address of the NTP server ProCurve config ip dhcp server pool MyPool ProCurve config dhcp ntp server 192 168 1 1 ...

Page 1424: ...DHCP option information in ascii format hex Specifies the DHCP option information in hexidecimal format ip Specifies the DHCP option information in IP format value Specifies the ASCII hexidecimal or IP value The value for ascii is simple text The value for hex is an 8 digit hexidecimal number 32 bit The value for ip is a standard IP address in the format A B C D Default Values No default value nec...

Page 1425: ...x Description server Specifies the DNS name or dotted notation IP address of the server Default Values By default no tftp server is defined Usage Examples The following example specifies the IP address of the TFTP server ProCurve config ip dhcp server pool MyPool ProCurve config dhcp tftp server 192 168 1 1 The following example specifies the DNS name of the TFTP server ProCurve config ip dhcp ser...

Page 1426: ...ecifies the timezone adjustment in hours published to the client Use an integer from 12 to 12 Default Values No default value necessary for this command Usage Examples The following example sets the timezone adjustment for the client to 3 hours For example if the server time is configured for eastern time and the client is configured for Pacific time you can set the client timezone adjustment to 3...

Page 1427: ...nfig aaa group server radius myServer ProCurve config sg radius The following commands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below bind from interface slot port tdm group to interface slot port on page 1431 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 All other com...

Page 1428: ...mber Defines the accounting port value auth port port number Defines the authorization port value Default Values No defaults necessary for this command Usage Examples The following example adds a server to the myServers list ProCurve config aaa group server radius myServers ProCurve config sg radius server 1 2 3 4 acct port 786 auth port 1812 ProCurve config sg radius server 4 3 2 1 ProCurve confi...

Page 1429: ... at the Global Configuration mode prompt For example ProCurve enable ProCurve configure terminal ProCurve config aaa group server tacacs TEST GROUP ProCurve config sg tacacs The following commands are common to multiple command sets and are covered in a centralized section of this guide For more information refer to the sections listed below do on page 1435 end on page 1436 exit on page 1437 ping ...

Page 1430: ...d to specify a particular TACACS server s IP address or host name Syntax Description host Specifies a TACACS server IP address Default Values No default is necessary for this command Usage Examples The following example specifies the IP address of the TACACS server ProCurve config aaa group server tacacs TEST_GROUP ProCurve config sg tacacs server 192 168 1 1 ProCurve config sg tacacs ...

Page 1431: ...escriptions of commands which are common across multiple command sets These commands are listed in alphabetical order alias text on page 1430 bind from interface slot port tdm group to interface slot port on page 1431 description text on page 1434 do on page 1435 end on page 1436 exit on page 1437 ping address on page 1438 show running config on page 1440 shutdown on page 1442 ...

Page 1432: ...must be encased in quotation marks Default Values No defaults required for this command Functional Notes The ifAlias OID is a member of the ifXEntry object type defined in RFC2863 used to provide a non volatile unique name for various interfaces This name is preserved through power cycles Enter a string using the alias command which clearly identifies the interface Usage Examples The following exa...

Page 1433: ...uld be t1 1 1 tdm group Specifies which configured tdm group to use for this bind This subcommand only applies to T1 physical interfaces to interface Specifies the virtual interface on the other end of the bind Use the to display a list of valid interfaces slot port Used when a physical interface is specified in the to interface subcommand For example specifying the primary T1 port of a T1 module ...

Page 1434: ...nd 1 t1 1 1 1 fr 1 Technology Review Creating an endpoint that uses a layer 2 protocol such as Frame Relay is generally a four step process Step 1 Create the Frame Relay virtual endpoint using the interface frame relay command and set the signaling method using the frame relay lmi type command Also included in the Frame Relay virtual endpoint are all the applicable Frame Relay timers logging thres...

Page 1435: ...mmand to specify the per DS0 signaling rate on the interface For example the following creates a tdm group labeled 9 containing 20 DS0s each DS0 having a data rate of 56 kbps ProCurve config interface t1 1 1 ProCurve config t1 1 1 tdm group 9 timeslots 1 20 speed 56 ProCurve config t1 1 1 exit Step 4 Make the association between the layer 2 endpoint and the physical interface using the bind comman...

Page 1436: ...oth physical and virtual for example circuit ID contact information etc Syntax Description text Identifies the specified interface using up to 80 alphanumeric characters Default Values No defaults required for this command Usage Examples The following example enters comment information using the description command ProCurve config interface t1 1 1 ProCurve config t1 1 1 description This is the Dal...

Page 1437: ...red for this command Functional Notes Use the do command to view configurations or interface states after configuration changes are made without exiting to the Enable mode Usage Examples The do command provides a way to execute commands in other configuration modes without taking the time to exit the current configuration mode and enter the desired one The following example shows the do command us...

Page 1438: ...able Security mode Syntax Description No subcommands Default Values No defaults necessary for this command Usage Examples The following example shows the end command being executed in the T1 Configuration mode ProCurve config t1 1 1 end Enable Security mode command prompt Note When exiting the Global Configuration mode remember to perform a copy running config startup config to save all configurat...

Page 1439: ... the Global Configuration mode When using the exit command in the Basic mode the current session will be terminated Syntax Description No subcommands Default Values No defaults necessary for this command Usage Examples The following example shows the exit command being executed in the Global Configuration mode ProCurve config exit Enable Security mode command prompt Note When exiting the Global Co...

Page 1440: ...a specified IP address or provides a set of prompts to configure a more specific PING configuration The following is a list of output messages from the ping command Success Destination Host Unreachable Invalid Host Address X TTL Expired in Transit Unknown Host Request Timed Out The following is a list of available extended PING fields with descriptions Target IP Address Specifies the IP address of...

Page 1441: ...ies the interval used to determine packet size when performing the sweep valid range 1 to 1448 Verbose Output Specifies an extended results output Usage Examples The following is an example of a successful ping command ping Target IP address 192 168 0 30 Repeat count 1 1000000 5 Datagram Size 1 1000000 100 Timeout in seconds 1 5 2 Extended Commands y or n n Type CTRL C to abort Legend Success Unkn...

Page 1442: ...g config interface vlan vlan id show running config interface vlan vlan id verbose show running config policy class show running config policy class verbose show running config qos map show running config qos map verbose show running config verbose Syntax Description access lists Displays the current running configuration for all configured IP access lists interface interface Displays the current ...

Page 1443: ...ample output from the show running config command enable show running config Building configuration no enable password ip subnet zero ip classless ip routing event history on no logging forwarding logging forwarding priority level info no logging email ip policy timeout tcp all ports 600 ip policy timeout udp all ports 60 ip policy timeout icmp 60 interface eth 0 1 ...

Page 1444: ...irtual so that no data will be passed through Use the no form of this command to turn on the interface and allow it to pass data By default all interfaces are disabled Syntax Description No subcommands Default Values By default all interfaces are disabled Usage Examples The following example administratively disables the modem interface ProCurve config interface modem 1 2 ProCurve config modem 1 2...

Page 1445: ...up delay 722 903 975 1072 1149 backup call mode 723 904 976 1073 1150 backup connect timeout 727 908 980 1077 1153 backup force 728 909 981 1078 1154 backup maximum retry 729 910 982 1079 1155 backup number 730 911 983 1080 1156 backup priority 731 912 984 1081 1157 backup randomize timers 732 913 985 1082 1158 backup redial delay 733 914 986 1083 1159 backup restore delay 734 915 987 1084 1160 ba...

Page 1446: ...client authentication server list 1264 client configuration pool 1265 client identifier 1408 client name 1410 clock auto correct dst 62 333 clock set 63 334 clock source 602 700 clock timezone 64 335 coding 592 603 679 701 command descriptions 10 command level path 7 Command Line Interface accessing with PC 5 error messages 9 shortcuts 7 command security levels basic 5 enable 5 commit bit 1229 com...

Page 1447: ... ip tcp events 124 debug ip tcp md5 125 debug ip udp 126 debug ip urlfilter 127 debug isdn 128 debug isdn events 129 debug isdn resource manager 130 debug isdn verbose 131 debug lldp 132 debug port auth 133 debug ppp 134 debug pppoe client 135 debug probe 136 debug radius 137 debug sip 138 debug sip stack 139 debug sntp 140 debug spanning tree 141 debug spanning tree bpdu 142 debug system 143 debu...

Page 1448: ...lobal Configuration Mode command set 299 group 1257 H half duplex 630 hardware address 1414 hash 1258 HDLC Configuration command set 969 hold queue 745 835 893 997 1095 hold timer 1309 1317 host 1416 hostname 362 I ignore dcd 687 IKE Client command set 1250 IKE Policy Attributes command set 1254 IKE Policy command set 1260 ike policy 1231 1241 qos policy 667 873 1029 incoming accept number 1207 in...

Page 1449: ... ospf authentication 644 758 802 847 941 1007 1047 1108 1177 ip ospf network 645 759 803 848 942 1008 1048 1109 1178 ip pim sparse mode 646 760 943 1009 1049 1110 1179 ip pim sparse dr priority 647 761 944 1010 1050 1111 1180 ip pim sparse hello timer 648 762 945 1011 1051 1112 1181 ip pim sparse nbr timeout 649 763 946 1012 1052 1113 1182 ip pim sparse override interval 650 764 947 1013 1053 1114...

Page 1450: ...ce 474 logging facility 475 logging forwarding on 476 logging forwarding priority level 476 477 logging forwarding receiver ip 478 logging forwarding source interface 479 login 543 557 login authentication 544 558 568 login local userlist 545 559 569 logout 14 156 loop alarm detect 605 Loopback Interface Configuration command set 1031 loopback local 586 loopback network 587 595 606 681 705 loopbac...

Page 1451: ...ter OSPF Configuration command set 1360 Router PIM Sparse Configuration command set 1375 Router RIP Configuration command set 1379 router bgp 491 router ospf 492 1360 router pim sparse 493 router rip 494 rp address 1377 S sa4tx bit 610 safe mode 496 schedule 498 961 send community standard 1324 Serial Interface Configuration command set 685 serial mode 691 serial number 1221 server 1426 1428 servi...

Page 1452: ...tatistics 250 show memory 251 show modules 252 show output startup 253 show port auth 254 show pppoe 255 show processes 257 show qos map 258 show queue 261 show queuing 262 show radius statistics 263 show route map 264 show running config 266 1440 show schedule 269 show sip 270 show sip location 272 show snmp 16 273 show sntp 275 show spanning tree status 276 show startup config 277 show startup c...

Page 1453: ...Interface Configuration command set 699 tacacs 452 TACACS Plus Group Configuration command set 1427 tacacs server 529 tdm group 613 712 telnet 18 293 terminal length 294 test if 1351 test list 1354 test list weighted 1357 test call 590 test pattern 600 614 683 713 tftp server 1423 thresholds 530 timeout 1343 timeout timer 1388 timers lsa group pacing 1373 timers spf 1374 timezone offset 1424 toler...

Page 1454: ......

Page 1455: ...bject to change without notice Copyright 2005 2007 Hewlett Packard Development Company L P Reproduction adaptation or translation without prior written permission is prohibited except as allowed under the copyright laws September 2007 Manual Part Number 5991 2114 61195880L1 35H ...

Reviews:

No comments

Related manuals for ProCurve Secure 7102dl

EAW MX8600 Jumpstart Manual preview
MX8600
Brand: EAW Pages: 6
EAW UX8800 Technical Note preview
UX8800
Brand: EAW Pages: 6
PaloAlto Networks PA-7500 Quick Start Manual preview
PA-7500
Brand: PaloAlto Networks Pages: 3
TC Electronic ATAC Service Manual preview
ATAC
Brand: TC Electronic Pages: 55
Falcon 4G COMBO User Manual preview
4G COMBO
Brand: Falcon Pages: 24
NEC P401-TMX4D User Manual preview
P401-TMX4D
Brand: NEC Pages: 2
ZyXEL Communications P-974H - V3.70 Manual preview
P-974H - V3.70
Brand: ZyXEL Communications Pages: 116
Avaya XM24 Expansion Module Installation Instructions preview
XM24 Expansion Module
Brand: Avaya Pages: 5
ZALMAN CNPS12X User Manual preview
CNPS12X
Brand: ZALMAN Pages: 11
WAGO 852-1411 Operating And Assembly Instructions preview
852-1411
Brand: WAGO Pages: 2
ZKTeco HVR0402 User Manual preview
HVR0402
Brand: ZKTeco Pages: 68
XJTAG XJLink2-CFM User Manual preview
XJLink2-CFM
Brand: XJTAG Pages: 9
Xilinx Zynq-7000 Manual preview
Zynq-7000
Brand: Xilinx Pages: 8
Lantech IMR-3003 User Manual preview
IMR-3003
Brand: Lantech Pages: 40
ZyXEL Communications G-170S User Manual preview
G-170S
Brand: ZyXEL Communications Pages: 79
Paradyne JetFusion 2100 Series User Manual preview
JetFusion 2100 Series
Brand: Paradyne Pages: 296
LUX LUMEN 10230 Manual preview
10230
Brand: LUX LUMEN Pages: 41
Planet FGSW-2620 User Manual preview
FGSW-2620
Brand: Planet Pages: 13

Brands by name

Popular brands

Load more brands