3Com MSR 50 Series Скачать руководство пользователя страница 1921 | Manualshive

Страница: 1921 / 2443

background image

SSH2.0 Overview

1921

■

If the negotiation is successful, the server and the client go on to key and
algorithm negotiation; otherwise, the server breaks the TCP connection.

n

All the packets involved in the above steps are transferred in plain text.

Key and algorithm negotiation

■

The server and the client send key algorithm negotiation packets to each other,
which include the supported public key algorithm list, encryption algorithm list,
MAC algorithm list, and compression algorithm list.

■

Based on the received algorithm negotiation packets, the server and the client
figure out the algorithms to be used.

■

The server and the client use the DH key exchange algorithm and parameters
such as the host key pair to generate the session key and session ID.

Through the above steps, the server and the client get the same session key, which
is to be used to encrypt and decrypt data exchanged between the server and the
client later. The server and the client use session ID in the authentication stage.

c

CAUTION:

Before the negotiation, the server must have already generated the

RSA and DSA key pairs, which are mainly used for generating the session key.

Authentication

■

The client sends to the server an authentication request, which includes the
username, authentication method, and information related to the
authentication method (the password in the case of password authentication).

■

The server authenticates the client. If the authentication fails, the server
informs the client by sending a message, which includes a list of available
methods for re-authentication.

■

The client selects a method from the list to initiate another authentication.

■

The above process repeats until the authentication succeeds or the
authentication times timeout and the session is torn down.

SSH provides two authentication methods: password authentication and publickey
authentication.

In password authentication:

■

The client encrypts the username and password, encapsulates them into a
password authentication request, and sends the request to the server.

■

Upon receiving the request, the server decrypts the username and password,
compares them against those it maintains, and then informs the client of the
authentication result.

In publickey authentication:

■

The server authenticates clients using digital signatures. Currently, the device
supports two publickey algorithms to implement digital signatures: RSA and
DSA. The client sends to the server a public authentication request containing
its user name, public key and algorithm.

■

The server validates the public key. If the public key is invalid, the
authentication fails; otherwise, the server generates a digital signature to

«
...
1919
1920
1921
1922
1923
...
»

Содержание MSR 50 Series

Страница 1: ...H3C MSR 20 30 50 Series Routers Configuration Manual v1 00 MSR 20 Series Routers MSR 30 Series Routers MSR 50 Series Routers www 3Com com Part Number 10016324 Rev AA August 2007...

Страница 2: ...as provided in DFAR 252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentat...

Страница 3: ...n ATM OC 3c STM 1 Interface 77 ADSL Interface Configuration 77 Overview 77 Configuring an ADSL Interface 79 Upgrading ADSL2 Card Software 79 G SHDSL Interface Configuration 80 Overview 80 Configuring...

Страница 4: ...r 3 Ethernet Interfaces 96 Configuration Task List 96 Setting the MTU for an Ethernet Interface 96 Configuring the Suppression Time of Link Layer State Changes on an Ethernet Interface 97 Maintaining...

Страница 5: ...playing and Maintaining T1 F Interfaces 119 CE3 Interface 119 Overview 119 Configuring a CE3 Interface in E3 Mode 119 Configuring a CE3 Interface operating in CE3 Mode 120 Configuring Other CE3 Interf...

Страница 6: ...lure 149 ATM Interface State Error 150 PVC State is Down while ATM Interface State is Up 150 Ping Failure after PPPoA Configuration 150 Packet Loss and CRC Errors and Changes of Interface State 151 6...

Страница 7: ...17 Applying an ACL in DLSw 217 Configuring DLSw in an SDLC Environment 218 Configuring DLSw 218 Configuring an SDLC Interface 219 Enabling DLSw Forwarding on an SDLC Interface 219 Configuring SDLC Rol...

Страница 8: ...iguring Frame Relay over IP Network 246 Configuring Annex G 246 Displaying and Maintaining Frame Relay 246 Frame Relay Configuration Example 247 Interconnecting LANs through Frame Relay Network 247 In...

Страница 9: ...APB Protocols 283 Configuring LAPB 285 Configuring X 25 286 Configuring X 25 Interface Parameters 286 Configuring X 25 Interface Supplementary Parameters 290 Configuring X 25 Datagram Transmission 292...

Страница 10: ...ion Example 340 Troubleshooting LAPB Configuration 340 LAPB or X 25 of Two Sides Always Being Down 340 Failed to Ping the Other Side with X 25 on Both Sides Being Up 341 Troubleshooting X 25 Configura...

Страница 11: ...Configuring the Local Device to Authenticate the Peer Using PAP 368 Configuring the Local Device to Authenticate the Peer Using CHAP 368 Configuring the Local Device to Be Authenticated by the Peer Us...

Страница 12: ...ent Bridging over PPP 413 Transparent Bridging over MP 414 Transparent Bridging over FR 415 Transparent Bridging X 25 416 Transparent Bridging over HDLC 416 Inter VLAN Transparent Bridging 417 Bridgin...

Страница 13: ...vice 462 Configuring the Maximum Hops of an MST Region 463 Configuring the Network Diameter of a Switched Network 464 Configuring Timers of MSTP 464 Configuring the Timeout Factor 465 Configuring the...

Страница 14: ...butes 490 Configuring a Port Based VLAN 491 Introduction to Port Based VLAN 491 Configuring the Access Port Based VLAN 492 Configuring the Trunk Port Based VLAN 493 Configuring the Hybrid Port Based V...

Страница 15: ...ION Logical Interface Overview 525 Dialer Interface 525 Loopback Interface 525 Introduction to Loopback Interface 525 Configuring a Loopback Interface 526 Null Interface 526 Introduction to Null Inter...

Страница 16: ...ntry Check 553 Enabling the Support for ARP Requests from a Natural Network 553 ARP Configuration Example 553 Configuring Gratuitous ARP 554 Introduction to Gratuitous ARP 554 Configuring Gratuitous A...

Страница 17: ...etBIOS Node Type for the Client 579 Configuring the BIMS server Information for the Client 579 Configuring Gateways for the Client 580 Configuring Option 184 Parameters for the Client with Voice Servi...

Страница 18: ...Configuring DHCP Snooping Basic Functions 602 Displaying and Maintaining DHCP Snooping 602 DHCP Snooping Configuration Example 602 37 BOOTP CLIENT CONFIGURATION Introduction to BOOTP Client 605 BOOTP...

Страница 19: ...P Addressing 630 41 IP PERFORMANCE CONFIGURATION IP Performance Overview 631 Enabling the Device to Forward Directed Broadcasts 631 Enabling the Device to Forward Directed Broadcasts 631 Configuration...

Страница 20: ...nction 665 Configuring an IPv6 Unicast Address 665 Configuring IPv6 NDP 666 Configuring a Static Neighbor Entry 666 Configuring the Maximum Number of Neighbors Dynamically Learned 667 Configuring Para...

Страница 21: ...figuring Static IPv4 to IPv6 and IPv6 to IPv4 Mappings 688 Troubleshooting NAT PT 690 48 DUAL STACK CONFIGURATION Dual Stack Overview 691 Configuring Dual Stack 691 49 TUNNELING CONFIGURATION Introduc...

Страница 22: ...xamples 734 Configuring Policy Routing Based on Source Address 734 Configuring Policy Routing Based on Packet Size 736 51 TERMINAL ACCESS CONFIGURATION Introduction to Terminal Access 739 Typical Appl...

Страница 23: ...rivers 791 Configuration Prerequisites 791 Modifying System Configuration File inittab 792 Editing the ttyd Configuration File 792 Modifying Route Configuration File 792 Running and Terminating ttyd o...

Страница 24: ...BGP Messages 826 BGP Path Attributes 829 BGP Route Selection 832 IBGP and IGP Information Synchronization 834 Settlements for Problems Caused by Large Scale BGP Networks 835 BGP GR 838 MP BGP 839 Prot...

Страница 25: ...tionship Established 874 57 IS IS CONFIGURATION IS IS Overview 877 Basic Concepts 877 IS IS Area 879 IS IS Network Type 882 IS IS PDU Format 883 IS IS Features Supported 889 Protocols and Standards 89...

Страница 26: ...lated RFCs 937 OSPF Configuration Task List 937 Configuring OSPF Basic Functions 939 Prerequisites 939 Configuration Procedure 939 Configuring OSPF Area Parameters 940 Prerequisites 940 Configuration...

Страница 27: ...guration 954 OSPF Configuration Examples 955 Configuring OSPF Basic Functions 955 Configuring an OSPF Stub Area 958 Configuring an OSPF NSSA Area 960 Configuring OSPF DR Election 962 Configuring OSPF...

Страница 28: ...ters 992 Routing Policy Application 993 Routing Policy Configuration Task List 993 Defining Filtering Lists 993 Prerequisites 993 Defining an IP prefix List 993 Defining an AS Path ACL 995 Defining a...

Страница 29: ...es 1020 Configuring IPv6 BGP Route Redistribution 1020 Advertising a Default Route to a Peer Peer Group 1020 Configuring Route Distribution Policy 1021 Configuring Route Reception Policy 1021 Configur...

Страница 30: ...49 OSPFv3 Packets 1049 OSPFv3 LSA Types 1050 Timers of OSPFv3 1050 OSPFv3 Features Supported 1051 Related RFCs 1051 IPv6 OSPFv3 Configuration Task List 1051 Configuring OSPFv3 Basic Functions 1052 Pre...

Страница 31: ...n 1073 Advertising a Default Route 1073 Configuring a RIPng Route Filtering Policy 1073 Configuring the RIPng Priority 1074 Configuring RIPng Route Redistribution 1074 Optimizing the RIPng Network 107...

Страница 32: ...onfiguring a Multicast Routing Policy 1104 Configuring Multicast Forwarding Range 1104 Configuring Multicast Forwarding Table Size 1105 Tracing a Multicast Path 1106 Displaying and Maintaining Multica...

Страница 33: ...eer 1139 Configuring an MSDP Peer Connection 1140 Configuration Prerequisites 1140 Configuring MSDP Peer Description 1140 Configuring an MSDP Mesh Group 1140 Configuring MSDP Peer Connection Control 1...

Страница 34: ...mon Information 1187 PIM Common Information Configuration Task List 1187 Configuration Prerequisites 1187 Configuring a PIM Filter 1188 Configuring PIM Hello Options 1188 Configuring PIM Common Timers...

Страница 35: ...1225 Configuring an IPv6 Multicast Group Filter 1225 Adjusting MLD Performance 1226 Configuration Prerequisites 1226 Configuring MLD Message Options 1226 Configuring MLD Query and Response Parameters...

Страница 36: ...PIM Configuration Examples 1263 IPv6 PIM DM Configuration Example 1263 IPv6 PIM SM Configuration Example 1267 IPv6 PIM SSM Configuration Example 1272 Troubleshooting IPv6 PIM Configuration 1275 Failu...

Страница 37: ...ty 1325 Configuration Prerequisites 1326 Configuration Procedure 1326 Configuring PHP 1326 Configuration Prerequisites 1326 Configuration Procedure 1326 Configuring a Static LSP 1327 Configuration Pre...

Страница 38: ...URATION MPLS TE Overview 1345 Traffic Engineering and MPLS TE 1345 Basic Concepts of MPLS TE 1347 MPLS TE Implementation 1347 CR LSP 1348 CR LDP 1349 RSVP TE 1349 Traffic Forwarding 1354 Automatic Ban...

Страница 39: ...Example 1386 MPLS TE Tunnel Using RSVP TE Configuration Example 1390 RSVP TE GR Configuration Example 1396 MPLS TE Using CR LDP Configuration Example 1398 CR LSP Backup Configuration Example 1405 FRR...

Страница 40: ...VPN Packet Forwarding 1463 MPLS L3VPN Networking Schemes 1464 MPLS L3VPN Routing Information Advertisement 1467 Carrier s Carrier 1468 Multi AS VPN 1470 Multi Role Host 1473 HoVPN 1473 OSPF VPN Extens...

Страница 41: ...501 Example for Configuring MPLS L3VPNs Using a GRE Tunnel 1508 Example for Configuring Inter Provider VPN Option A 1513 Example for Configuring Inter Provider VPN Option B 1519 Example for Configurin...

Страница 42: ...Configuring a DVPN Route 1571 Displaying and Maintaining DVPN 1571 DVPN Configuration Example 1571 DVPN Configuration Example for Full Mesh Networks 1571 DVPN Configuration Example for Spoke Hub Netwo...

Страница 43: ...4 Causes 1624 Impact 1625 Countermeasure 1625 Traffic Management Technologies 1625 84 TRAFFIC CLASSIFICATION POLICING AND SHAPING Traffic Classification Overview 1627 Traffic classification 1627 Prior...

Страница 44: ...1663 Defining Policy 1668 Applying Policy 1669 CBQ Configuration Example 1670 Displaying and Maintaining CBQ 1672 Configuring RTP Priority Queuing 1672 Configuring RTP Priority Queuing 1672 RTP PQ Con...

Страница 45: ...MPLS QoS Configuration Example 1692 Configuring QoS for Traffics in the Same VPN 1692 90 DAR CONFIGURATION DAR Overview 1697 IP Packet 1697 TCP Packet 1699 UDP Packet 1700 HTTP Packet 1700 RTP Packet...

Страница 46: ...tion of 802 1x in the Devices 1738 Features Working Together with 802 1x 1738 Guest VLAN 1739 Configuring 802 1x 1740 Configuration Prerequisites 1740 Configuring 802 1x Globally 1740 Configuring 802...

Страница 47: ...or HWTACACS Packets 1779 Configuring Attributes Related to the Data Sent to the TACACS Server 1779 Setting Timers Regarding HWTACACS Servers 1780 Displaying and Maintaining AAA RADIUS HWTACACS 1780 Di...

Страница 48: ...ion Examples 1806 Local MAC Authentication Example 1806 RADIUS Based MAC Authentication Example 1807 96 NAT CONFIGURATION NAT Overview 1811 Introduction to NAT 1811 NAT Functionalities 1813 NAT Config...

Страница 49: ...IKE Negotiation 1844 Configuring a Certificate Attribute Based Access Control Policy 1846 Troubleshooting PKI 1848 Failed to Retrieve a CA Certificate 1848 Failed to Request a Local Certificate 1849 F...

Страница 50: ...1882 Configuring a Manual IPSec Policy 1883 Configuring an IKE Dependent IPSec Policy 1884 Applying an IPSec Policy Group to an Interface 1887 Binding an IPSec Policy Group to an Encryption Card 1887...

Страница 51: ...a Client Public Key 1925 Configuring an SSH User 1926 Setting the SSH Management Parameters 1927 Configuring the Device as an SSH Client 1928 SSH Client Configuration Tasks 1928 Specifying a Source IP...

Страница 52: ...e 1958 Graceful Restart Mechanism for Several Commonly Used Protocols 1960 106 BACKUP CENTER CONFIGURATION Introduction to the Backup Center 1961 Basic Concepts of the Backup Center 1961 How the Backu...

Страница 53: ...terface Tracking Configuration Example 1990 Multiple VRRP Standby Groups Configuration Example 1993 IPv6 Based VRRP Configuration Example 1995 Single VRRP Standby Group Configuration Example 1995 VRRP...

Страница 54: ...on Example 2033 SNMP Test Configuration Example 2035 TCP Test Configuration Example 2036 UDP echo Test Configuration Example 2037 DLSw Test Configuration Example 2038 110 NETSTREAM CONFIGURATION NetSt...

Страница 55: ...cedure 2060 Configuring NTP Authentication 2060 Configuration Prerequisites 2060 Configuration Procedure 2061 Displaying and Maintaining NTP 2062 NTP Configuration Examples 2062 Configuring NTP Server...

Страница 56: ...ying a Configuration File for Next Startup 2102 Backing up Restoring the Configuration File for Next Startup 2103 Displaying and Maintaining Device Configuration 2104 115 FTP CONFIGURATION FTP Overvie...

Страница 57: ...e Error Information 2135 Edit Features 2136 119 INFORMATION CENTER CONFIGURATION Information Center Overview 2137 Introduction to Information Center 2137 System Information Format 2141 Configuring Inf...

Страница 58: ...C Address Table 2165 Configuring MAC Address Table Management 2166 Configuring MAC Address Entries 2166 Disabling Global MAC Address Learning 2166 Disabling MAC Address Learning on an Ethernet Port or...

Страница 59: ...Network Diagram 2196 Configuration Procedure 2196 126 ACSEI CONFIGURATION Introduction to ACSEI 2199 Basic Concepts in ACSEI 2199 ACSEI Timers 2200 ACSEI Startup and Running 2200 ACSEI Server Configur...

Страница 60: ...2220 Configuring IPX Route Number Limitation 2220 Enabling IPX RIP to Redistribute Static Routes 2220 Configuring IPX RIP Parameters 2221 Configuring IPX SAP 2221 Configuration Prerequisite 2221 Enabl...

Страница 61: ...equisites 2251 Configuration Procedure 2251 Configuring FXS Voice Subscriber Line 2251 Configuration Prerequisites 2251 Configuring CID 2251 Configuring Packet Loss Compensation Mode 2252 Configuring...

Страница 62: ...ty 2271 Configuration Task List 2271 Configuration Prerequisites 2271 Creating VoIP Entity 2271 Configuring Basic Functions 2271 Configuring DTMF Transmission 2272 Configuring Fast Connection and Tunn...

Страница 63: ...on for A Voice Entity 2299 Configuring Number Substitution for A Voice Subscriber Line 2300 Configuring Number Sending Mode 2300 Configuration Prerequisites 2300 Configuration Procedure 2300 Configuri...

Страница 64: ...a Range of Timeslots 2334 Configuring Digital LGS Signaling 2334 Configuring the Time Adjustment Function 2334 Querying the Trunk Circuits of a Timeslot or a Range of Timeslots 2334 Displaying and Mai...

Страница 65: ...2369 SIP Messages 2370 SIP Fundamentals 2370 SIP Configuration Task List 2373 SIP UA Configuration 2373 Configuring SIP Authentication Information 2374 Configuring Registrar Information on SIP UA 237...

Страница 66: ...rotocol 2394 Configuring Trunk Timer Length in FRF 11 Trunk Mode 2395 Configuring VoFR Packets to Carry Sequence Number 2395 Displaying and Maintaining VoFR 2395 VoFR Configuration Example 2395 Huawei...

Страница 67: ...ystem 2426 Call Services Configuration Task List 2427 Configuring Call Waiting 2427 Configuration Prerequisites 2427 Enabling Disabling Call Waiting Using Keys 2427 Configuring Call Waiting Using Comm...

Страница 68: ...ing Using Keys 2436 Configuring Outgoing Call Barring Using Command Lines 2436 Configuration Example 2436 Configuring FEATURE Service 2436 Configuration Prerequisites 2437 Enabling Disabling FEATURE S...

Страница 69: ...are used throughout this guide Table 1 Notice Icons Icon Notice Type Description n Information note Information that describes important features or instructions c Caution Information that alerts you...

Страница 70: ...of all interface cards and modules available with the router LMR Series Routers Cable Manual Describes the pinouts of the cables available for LMR series routers Release Notes Contains the latest inf...

Страница 71: ...implementing broadband communications Digital subscriber line DSL is a technology providing high speed data transmission over the copper wire It includes asymmetric digital subscriber line ADSL high b...

Страница 72: ..._VBR Constant bit rate CBR Unspecified bit rate UBR Permanent virtual circuit PVC Per VC traffic shaping User to network Interface UNI RFC1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5 R...

Страница 73: ...the IMA T1 interface module The line coding formats for IMA E1 interfaces and IMA T1 interfaces are fixed to high density bipolar of order 3 HDB3 and bipolar with 8 zero substitution B8ZS They are not...

Страница 74: ...address to the IMA group interface ip address ip address address mask Required Not assigned by default Set the number of cells in an IMA frame frame length 32 64 128 256 Optional The default is 128 S...

Страница 75: ...the IMA groups Sysname interface ima group 5 1 Sysname Ima group5 1 ip address 10 110 110 1 255 255 255 0 Sysname Ima group5 1 pvc aaa 1 42 Sysname atm pvc Ima group5 1 1 42 aaa map ip 10 10 10 10 bro...

Страница 76: ...e module ATM OC 3c STM 1 Interface Configuration This section covers these topics Overview on page 72 Configuring an ATM OC 3c STM 1 Interface on page 77 To do Use the command Remarks Enter system vie...

Страница 77: ...mission rates by improving modulation rate coding gain initialization state machine by reducing frame head overhead and by using enhanced signal processing methods For example given the same bands ADS...

Страница 78: ...nel mode uplink and downlink speeds and noise tolerance and attempts to reach an agreement If the activation succeeds a communication connection is set up between the two parties When negotiating conn...

Страница 79: ...the ADSL interface clock master slave Optional The interface is active by default Configure the ADSL interface standard adsl standard auto g9923 g9925 gdmt glite t1413 Optional The default is auto sen...

Страница 80: ...transmission distance means the contrary When setting up a link G SHDSL can automatically make tuning for a reasonable speed taking into consideration the actual line conditions such as distance and...

Страница 81: ...alue Optional By default current margin value is set to 2 and snext margin value is set to 0 Set the PSD mode shdsl psd asymmetry symmetry Optional The default is symmetry To do Use the command Remark...

Страница 82: ...however beyond the scope of this manual On the CPE you may do the following when problem occurs 1 Read the LEDs for the DSL interface card When the DSL line is training the LINK LED blinks After the a...

Страница 83: ...This reduces signal attenuation and device investment POS Packet over SONET SDH POS is a technology popular in WAN and MAN It can support packet data such as IP packets POS maps length variable packet...

Страница 84: ...H Configure scrambling scramble Optional Enabled by default Set the link type link protocol ppp fr nonstandard ietf mfr interface number hdlc Optional The default is PPP Set the interface MTU mtu mtu...

Страница 85: ...e Router A Configure interface POS 1 0 setting its physical parameters to defaults RouterA system view RouterA interface pos 1 0 RouterA Pos1 0 ip address 10 110 1 10 255 255 255 0 RouterA Pos1 0 link...

Страница 86: ...pos 1 0 RouterA Pos1 0 clock slave Configure Frame Relay encapsulation on the interface RouterA Pos1 0 link protocol fr RouterA Pos1 0 fr interface type dte RouterA Pos1 0 quit Create sub interface 1...

Страница 87: ...nd receiving fibers optic are correctly connected to the POS interface If you connect the two ends of a fiber optic to the transmitting end and the receiving end of the same POS interface you can see...

Страница 88: ...88 CHAPTER 2 POS INTERFACE CONFIGURATION The correct clock mode is configured on the POS interface If not enormous amount of CRC errors can be generated Check that the MTU configuration is appropriate...

Страница 89: ...arding interface Combo port and its corresponding electrical port work in a TX SFP mode Users can choose one to use depending on the actual network requirements but not two simultaneously When one por...

Страница 90: ...ets when it receives the Pause frame In this way flow controls helps to avoid the dropping of packets Note that only after both the ingress and the egress interfaces have turned on their flow control...

Страница 91: ...uring a loopback test With the loopback test enabled the Ethernet interface works in the full duplex mode With the loopback testing enabled the original configurations will be restored Configuring Loo...

Страница 92: ...hernet Interface Statistics on page 94 Enabling Loopback Detection on an Ethernet Interface on page 94 Configuring the Cable Type for an Ethernet Interface on page 95 Testing the Cable on an Ethernet...

Страница 93: ...w these steps to configure a manual port group n Refer to Aggregation Port Group on page 349 for the information about aggregation port group Configuring the Storm Suppression Ratio for an Ethernet In...

Страница 94: ...interface view or port group view Enter Ethernet interface view interface interface type interface number Use either command Configured in interface view the setting is effective only on the current i...

Страница 95: ...section the link goes down and up automatically Two types of Ethernet cables can be used to connect Ethernet devices crossover cable and straight through cable To accommodate these two types of cables...

Страница 96: ...n TX any short circuit or open circuit and the length of the faulty cable Configuring Layer 3 Ethernet Interfaces Configuration Task List Ethernet interface configuration in bridge mode involves the f...

Страница 97: ...gure the suppression time of link layer state changes on Ethernet Interface n You can increase the polling interval to reduce the negative effective caused to network traffic due to time delay or heav...

Страница 98: ...about a manual port group or all the manual port groups display port group manual all name port group name Available in any view Display the information about the loopback detection function display l...

Страница 99: ...nterface on page 115 T1 F Interface on page 117 CE3 Interface on page 119 CT3 Interface on page 122 n Refer to ATM and DSL Interface Configuration on page 71 for information about ATM interface Asynch...

Страница 100: ...number Required Set the interface operating mode to asynchronous mode physical mode async Required The default is synchronous mode This command is not available on AM interfaces Skip this step if the...

Страница 101: ...can be PPP and the network layer protocol can be IP or IPX Configuring a USB Interface Follow these steps to configure a USB interface To do Use the command Remarks Enter system view system view Enter...

Страница 102: ...k layer protocols such as PPP FR link access procedure balanced LAPB and X 25 Support network layer protocols IP and IPX Provide information about the connected cable type operating mode DTE or DCE an...

Страница 103: ...ing an AM interface you can treat it as a special asynchronous serial interface AM interfaces provide dial in and dial out services for analog dial up users Set the DTE side operating clock clock dtec...

Страница 104: ...all and backup center For their configuration refer Configuring PPP on page 367 DCC Configuration on page 153 IP Addressing Configuration on page 623 Firewall Configuration on page 1789 and Backup Cen...

Страница 105: ...the functionality of the first layer in the OSI reference model such as subscriber line transmission loop test D channel competition Network terminal 2 NT2 also known as intelligent network terminal...

Страница 106: ...hance the network security Configuring ISDN BRI Interface Follow these steps to configure an ISDN BRI interface ISDN BRI interfaces are used for dialup purpose For details on ISBN BRI interface config...

Страница 107: ...and IPX and can be configured with parameters such as DCC Configuring CE1 PRI Interface in E1 Mode Follow these steps to configure a CE1 PRI interface in E1 mode After you set the CE1 PRI interface t...

Страница 108: ...E1 PRI Interface in PRI Mode Follow these steps to configure a CE1 PRI interface in PRI mode A CE1 PRI interface in CE1 PRI mode can be used as a PRI interface where only one PRI set can be created Fo...

Страница 109: ...m indication signal test detect ais Optional By default AIS test is performed Set the cable type cable long short Optional The default cable setting is long mode Set the clock mode clock master slave...

Страница 110: ...to 24 can be randomly divided into groups Each of these groups can form one channel set for which the system automatically creates an interface logically equivalent to a synchronous serial interface...

Страница 111: ...LAPB Configuration on page 283 IP Addressing Configuration on page 623 Backup Center Configuration on page 1961 if the interface is used as a primary or secondary interface for backup NAT PT Configura...

Страница 112: ...the command Remarks Enter system view system view Enter CT1 PRI interface view controller t1 number Required Set the line code format code ami b8zs Optional The default is B8ZS1 Set the cable length...

Страница 113: ...ecovery defaults to 22 That is if the number of the pulses detected during the total length of 176 pulse detection intervals is smaller than 22 the pulse recovery threshold a LOS alarm occurs 1 Both A...

Страница 114: ...To do Use the command Remarks Enter system view system view Enter CT1 PRI interface view controller t1 number Required Start a BERT test bert pattern 2 20 2 15 time minutes unframed Required To do Us...

Страница 115: ...Except timeslot 0 used for transmitting synchronization information all other timeslots can randomly form one channel set The rate of the interface is thus n 64 kbps and its logical features are the...

Страница 116: ...cable long short Optional The long keyword applies by default Configure the CRC mode fe1 crc 16 32 none Optional 16 bit CRC by default Configure to perform AIS test fe1 detect ais Optional By default...

Страница 117: ...on it can randomly form a channel set The rate of the interface is thus n 64 kbps or n 56 kbps and its logical features are the same as those of a synchronous serial interface where you can configure...

Страница 118: ...hreshold los pulse detection value ft1 alarm threshold los pulse recovery value ft1 alarm threshold ais level 1 level 2 ft1 alarm threshold lfa level 1 level 2 level 3 level 4 Optional For LOS alarm T...

Страница 119: ...for it This interface operates at 2048 kbps and is logically equivalent to a synchronous serial interface where you can make other configurations When the E1 line is working in framed CE1 mode you ca...

Страница 120: ...nd set the DSU mode or the subrate fe3 dsu mode 0 1 subrate number Optional By default DSU mode 1 the Kentrox mode is adopted and the subrate is 34010 kbps Set other interface parameters See Configuri...

Страница 121: ...lt is slave that is line clock For an E1 line e1 line number set clock master slave Optional The default is slave that is line clock Set the national bit national bit 0 1 Optional The default is 1 Set...

Страница 122: ...d 1 through 24 Different from E1 each line on a T1 interface can operate at either 64 kbps or 56 kbps Therefore the number of logical lines that can be created on a CT3 interface in CT3 mode is either...

Страница 123: ...3 mode and set the DSU mode or the subrate ft3 dsu mode 0 1 2 3 4 subrate number Optional By default DSU mode 0 the digital link mode is adopted and the subrate is 44210 kbps Set other interface param...

Страница 124: ...mat On the CT3 interface frame format c bit m23 Optional The default is C bit On a T1 line t1 line number set frame format esf sf Optional The default is esf Configure alarm signal detection sen ding...

Страница 125: ...face serial number line number set num ber Required Set the CRC mode crc 16 32 none Optional By default 16 bit CRC is adopted Note FEAC Far end and control signal MDL Maintenance data link PPR Periodi...

Страница 126: ...l interfaces created on T1 lines by means of timeslot bundling Shutting down bringing up a T1 line also shuts down brings up the serial interface formed by it and the serial interface created on it by...

Страница 127: ...h VC is identified by a pair of virtual path identifier VPI and virtual channel identifier VCI One VPI VCI pair has local significance only on a segment of the link between ATM nodes It is translated...

Страница 128: ...te cells which are also transferred to the physical layer for transmission The ATM layer is responsible for generating a 5 bytes cell header which will be inserted in front of a payload Other function...

Страница 129: ...th the same VE interface are interconnected at layer 2 PPPoA PPP over AAL5 PPPoA means that AAL5 bears the PPP protocol packets Its essence is that ATM cells are used to encapsulate PPP packets while...

Страница 130: ...ace on page 130 Required Configuring an ATM Sub Interface on page 130 Configuring an ATM Sub Interface on page 130 Required Checking Existence of PVCs When Determining the Protocol State of an ATM P2P...

Страница 131: ...by default To do Use the command Remarks To do Use the command Remarks Enter system view system view Create an ATM sub interface and enter its view interface atm interface number subnumb er p2p Requi...

Страница 132: ...down down count Optional By default AIS RDI alarm cell detection is enabled which means the PVC goes down when the number of AIS RDI alarm cells received reaches down count and goes up if no AIS RDI a...

Страница 133: ...d Remarks Enter system view system view Enter ATM interface view interface atm interface number interface number subnumber Create PVC and enter its view pvc pvc name vpi vci vpi vci Assign a transmiss...

Страница 134: ...own count is 5 and retry frequency is 1 second Set the PVC s service type and rate rela ted paramet ers Set the PVC s service type to constant bit rate CBR service cbr output pcr Optional By default t...

Страница 135: ...n InARP for the PVC map ip inarp minutes broadcast Required By default mapping is not configured When a mapping is configured pseudo broadcastis not supported by default Before configuring InARP make...

Страница 136: ...VP policing are satisfied will the packets be transmitted or received In calculating the traffic the LLC SNAP MUX and NLPID headers are included but the ATM cell head is not included Follow these ste...

Страница 137: ...re a PPP mapping for the PVC Note that a PVC cannot carry multiple protocols when the ATM AAL5 is encapsulated with aal5mux Once PPPoA is configured on the PVC other protocols such as IPoA IPoEoA and...

Страница 138: ...PPPoA are not supported Follow these steps to configure PPPoEoA Set the PPP authentication mode and IP address with the PPPoE server an address pool should be configured to allocate IP address for th...

Страница 139: ...uration on page 363 Required Quit to system view quit Enter ATM interface view interface atm interface number interface number subnumber Create PVC and enter PVC view pvc pvc name vpi vci vpi vci Requ...

Страница 140: ...As shown in Figure 7 router A B and C are connected to ATM network for intercommunication The requirements are The IP addresses of their ATM interfaces of the three routers are 202 38 160 1 24 202 38...

Страница 141: ...onfigure Router B Enter the ATM interface and configure an IP address for it RouterB system view RouterB interface atm 1 0 RouterB Atm1 0 ip address 202 38 160 2 255 255 255 0 Establish a PVC running...

Страница 142: ...e IP address of the VE interface of router C is 202 38 160 1 The VPI VCI value of two PVCs connecting route C and DSLAM are 0 60 and 0 61 pointing to Router A and Router B respectively Both the WAN po...

Страница 143: ...e DSL interfaces of the two ADSL Router adopt PPPoA The authentication mode of ADSL Router is PAP The IP addresses of the two ADSL Routers are assigned by Router C Network diagram Figure 9 Network dia...

Страница 144: ...d configure PAP authentication and IP address negotiation RouterA system view RouterA interface Virtual Template 0 RouterA Virtual Template0 ppp pap local user user1 password simple pwd1 RouterA Virtu...

Страница 145: ...type ppp RouterC luser user2 password simple pwd2 RouterC luser user2 quit RouterC domain system RouterC isp system authentication ppp local RouterC isp system ip pool 1 202 38 162 1 202 38 162 100 Ro...

Страница 146: ...a RADIUS scheme refer to AAA RADIUS HWTACACS Configuration on page 1751 PPPoEoA Client Configuration Example Network requirements As shown in Figure 11 the Ethernet interface IP address of Router A s...

Страница 147: ...re VE port RouterA interface virtual ethernet 2 RouterA Virtual Ethernet2 pppoe client dial bundle number 12 Configure the default route RouterA ip route static 0 0 0 0 0 0 0 0 Dialer 0 2 If the PPPoE...

Страница 148: ...le Network requirements As shown in Figure 12 you need to create PVC 1 and PVC 2 on the same ATM 155 Mbps interface each assigned 100 Mbps of bandwidth and associated with the UBR service Set the tran...

Страница 149: ...ink state is down Solution Make sure that the optical fiber is plugged in correctly Make sure that the local IP address has been configured Make sure that the PVC is successful created and communicati...

Страница 150: ...back to back check if neither of the two ATM interfaces enables internal transmission clock By default routers use line clock If two routers are connected back to back one of them should be configure...

Страница 151: ...nterface state alternates between UP and DOWN Solution Check the ATM interfaces of the two nodes to see if their types are the same namely both are multimode fiber interface or both are single mode fi...

Страница 152: ...152 CHAPTER 5 ATM CONFIGURATION...

Страница 153: ...efore that When the link becomes idle DCC automatically disconnects it Under certain circumstances connections between routers are instantly established whenever there is data to be transferred so dat...

Страница 154: ...configure DCC parameters on the physical interface All the physical interfaces in a dialer circular group inherit the attributes of the same dialer interface You may associate a dialer interface with...

Страница 155: ...ween dialer interfaces and call destination address are one to one You may configure them with the dialer number command Each dialer interface can contain multiple physical interfaces and each physica...

Страница 156: ...rovide flexible dial interface backup Allow you to manage different modems at the user interface Callback through DCC In callback the called party originates a return call to the calling party The cal...

Страница 157: ...nfigure DCC parameters depending on the DCC approach you selected for basic DCC dial functions Based on that you may configure advanced functions such as MP PPP callback ISDN caller identification cal...

Страница 158: ...In RS DCC approach make the configuration on dialer interfaces and preferably the same configuration on physical dial interfaces on the calling side to guarantee the reliability of PPP link parameter...

Страница 159: ...tion to one to many and one to one calls A dialer circular group associates a dialer interface with a group of physical interfaces All physical interfaces in the group inherit the DCC configurations o...

Страница 160: ...ing end you are recommended to make the configuration on both physical and dialer interfaces This is because after a physical interface receives a call it negotiates PPP and authenticates the dialer p...

Страница 161: ...hese steps to configure an interface to receive calls from a single remote end To do Use the command Remarks Enter system view system view Enter dial interface physical or dialer view interface interf...

Страница 162: ...terface to place calls to multiple remote ends Configure the interface to receive calls from a remote end dialer route protocol next hop address mask network mask length user hostname broadcast Option...

Страница 163: ...ple interfaces to place calls to one or multiple remote ends As shown in the following figure multiple interfaces at the local end place calls to one or multiple remote ends the components in inverse...

Страница 164: ...ons follow these steps to configure multiple interfaces to place calls to one or multiple remote ends To do Use the command Remarks Enter system view system view Create and enter dialer interface view...

Страница 165: ...tiple remote ends Assign a priority to the physical interface in the dialer circular group dialer priority priority Optional The default priority is 1 To do Use the command Remarks Enter system view s...

Страница 166: ...set Due to the separation between physical configuration and logical configuration RS DCC can accommodate more network topologies and DCC dial demands For example it allows multiple interface groups t...

Страница 167: ...tion of the dialer interface to start IP control protocol IPCP negotiation Complete these tasks to configure RS DCC for on demand calling Enabling RS DCC Follow these steps to enable RS DCC Configurin...

Страница 168: ...ler interface is used for receiving a call it compares the remote username gained through PPP negotiation against those assigned to dialer interfaces for a match Configuring MP for DCC This section co...

Страница 169: ...rfaces The following is how MP operates after you configure the ppp mp and dialer threshold commands on a dialer interface 1 When the ratio of traffic to bandwidth on a physical interface or a B chann...

Страница 170: ...iggered Similar to the dialer threshold 0 command the ppp mp min bind command voids the dialer timer idle command When it is configured DCC does not look at traffic size to bring up links for MP bundl...

Страница 171: ...e calls to the remote end which can be a router or Windows NT server with the PPP callback server function and receive return calls from the remote end Follow these steps to configure PPP callback cli...

Страница 172: ...e set to 5 seconds the default and that on the client be set to 15 seconds To do Use the command Remarks Enter system view system view Enter dialer interface view interface dialer number Enable PPP ca...

Страница 173: ...r callback must be configured with the service type ppp command Follow these steps to configure PPP callback server in the RS implementation To do Use the command Remarks Enter system view system view...

Страница 174: ...the call in number matches a dialer call in command without the callback keyword or if no dialer call in command exists Call back if the call in number matches a dialer call in command with the callba...

Страница 175: ...e the command Remarks Enter system view system view Enter dial interface physical or dialer view interface interface type interface number Configure a destination address and dial string dialer route...

Страница 176: ...figuring advanced DCC functions involves Configuring ISDN leased line on page 176 Configuring auto dial on page 177 Configuring circular dial string backup on page 177 Configuring ISDN leased line ISD...

Страница 177: ...other If DCC fails to call the remote end with a dial string it will select the dialer route command with the next dial string for another try Follow these steps to configure dial string circular back...

Страница 178: ...n address is placed at the same time contention occurs In this case DCC starts a compete idle timer to replace the idle timeout timer for the link When the idle time of the link reaches the setting of...

Страница 179: ...umber Set the link idle timeout timer dialer timer idle seconds Optional The default is 120 seconds Set the holddown timer dialer timer enable seconds Optional The default is 5 seconds Set the compete...

Страница 180: ...tion procedure 1 Configure Router A Configure a dial access control rule for dialer access group 1 RouterA system view RouterA dialer rule 1 ip permit Assign an IP address to interface Dialer0 associa...

Страница 181: ...ule for dialer access group 1 RouterB system view RouterB dialer rule 1 ip permit Set interface Serial 2 0 to work in asynchronous protocol mode RouterB interface serial 2 0 RouterB Serial2 0 physical...

Страница 182: ...interface tty1 RouterC ui tty1 modem both RS DCC Application Network requirements As shown in the following diagram On Router A interface Dialer0 is assigned an IP address 100 1 1 1 24 and Dialer1 an...

Страница 183: ...hentication and the dial strings on interface Dialer0 Assume that PAP is adopted at the local end RouterA Dialer0 dialer group 1 RouterA Dialer0 ppp authentication mode pap RouterA Dialer0 ppp pap loc...

Страница 184: ...d simple usera RouterA Serial2 1 quit Configure user interfaces to be used and enable modem dialup on them RouterA user interface tty1 RouterA ui tty1 modem both RouterAe ui tty1 quit RouterA user int...

Страница 185: ...ule 1 ip permit RouterC local user usera RouterC luser usera password simple usera RouterC luser usera service type ppp RouterC luser usera quit Assign an IP address to interface Dialer0 enable RS DCC...

Страница 186: ...esents a scenario for RS DCC implementation where On Router A interface Dialer0 is assigned an IP address 100 1 1 1 24 and Dialer1 an IP address 122 1 1 1 24 On Router B interface Dialer0 is assigned...

Страница 187: ...dialer group 1 RouterA Bri1 0 dialer route ip 100 1 1 2 8810052 RouterA Bri1 0 dialer route ip 100 1 1 3 8810063 2 Configure Router B Configure a dial access control rule for dialer access group 2 Ro...

Страница 188: ...rd simple userb RouterA luser userb service type ppp RouterA luser userb quit RouterA local user userc RouterA luser userc password simple userc RouterA luser userc service type ppp RouterA luser user...

Страница 189: ...ation for it RouterB system view RouterB dialer rule 2 ip permit RouterB local user usera RouterB luser usera password simple usera RouterB luser usera service type ppp RouterB luser usera quit Assign...

Страница 190: ...outerC Dialer0 ppp authentication mode pap RouterC Dialer0 ppp pap local user userc password simple userc RouterC Dialer0 quit Configure information for PPP authentication on interface BRI 1 0 and ass...

Страница 191: ...d configure MP RouterA interface dialer 0 RouterA Dialer0 ip address 100 1 1 1 255 255 255 0 RouterA Dialer0 dialer bundle 1 RouterA Dialer0 ppp mp RouterA Dialer0 dialer threshold 50 Configure inform...

Страница 192: ...B luser usera quit RouterB dialer flow interval 3 Assign an IP address to interface Dialer0 enable C DCC and configure the dial strings MP and information for PPP authentication RouterB interface dial...

Страница 193: ...ork diagram for using DCC with dialup ISDN BRI and leased line Configuration procedure 1 Configure Router A RouterA system view RouterA dialer rule 1 ip permit RouterA interface bri 1 0 RouterA Bri1 0...

Страница 194: ...igured in the dialer route commands 1 Configure Router A Configure a dial access control rule for dialer access group 1 RouterA system view RouterA dialer rule 1 ip permit Assign an IP address to inte...

Страница 195: ...e pap Specify the local end as the callback server and set the callback reference to user In this case DCC identifies the dial string for callback according to the username configured in the dialer ro...

Страница 196: ...cal user usera RouterB luser usera password simple usera RouterB luser usera service type ppp RouterB luser usera service type ppp callback number 8810048 RouterB luser usera quit Assign an IP address...

Страница 197: ...Configuration procedure 1 Configure Router A Configure a dial access control rule for dialer access group 1 RouterA system view RouterA dialer rule 1 ip permit Assign an IP address to interface BRI 1...

Страница 198: ...ate a dialup connection with callback capability enabled Place the modem connected to PC in auto answer mode Select Start Programs Accessories Communications Network and Dial up Connections In the Net...

Страница 199: ...is option prevents the callback server from disconnecting the current connection and calling back Instead the server will maintain the current connection and allow the client to access the LAN or the...

Страница 200: ...Router Serial2 0 quit Configure the user interface to be used and enable modem dialup on it Router user interface tty1 Router ui tty1 modem both NT Server to Router Callback with DCC Network requireme...

Страница 201: ...lback client Router Serial2 0 dialer timer enable 15 Enable C DCC and configure C DCC parameters on the interface Router Serial2 0 dialer enable circular Router Serial2 0 dialer group 1 Router Serial2...

Страница 202: ...disconnect and then call back the client at the number configured in the ppp callback ntstring dial number command This option is almost the same as the last option except that the charges are paid b...

Страница 203: ...figuration procedure Solution 1 Configure circular dial string backup on Router A on dialup side On Router B configure C DCC allowing the router to set up connections on eight asynchronous serial inte...

Страница 204: ...ialer enable circular RouterA Serial2 0 dialer group 1 RouterA Serial2 0 dialer route ip 100 1 1 254 8810048 RouterA Serial2 0 dialer route ip 100 1 1 254 8810049 RouterA Serial2 0 dialer route ip 100...

Страница 205: ...ap local user userb password simple userb RouterB Async1 0 quit Repeat this step to configure physical and link layer parameters for interfaces Async 1 1 through Async 1 7 Configure user interfaces TT...

Страница 206: ...ies option In the properties setting dialog select the Networking tab In the Type of dial up server I am calling drop down list select PPP Windows 95 98 NT4 2000 Internet Click Settings to do the foll...

Страница 207: ...2 create local user accounts user1 through user16 and configure PPP CHAP authentication for the accounts RouterD system view RouterD dialer rule 2 ip permit RouterD local user user1 RouterD luser use...

Страница 208: ...p because the modem does not dial when the router forwards data Solution Check that The modem and phone cable connections are correct and the modem initialization process is correct The dial interface...

Страница 209: ...Troubleshooting 209 Use the debugging dialer event and debugging dialer packet commands to locate the problem...

Страница 210: ...210 CHAPTER 6 DCC CONFIGURATION...

Страница 211: ...result the remote SNA device appears to be on the same network with the local SNA device DLSw is different from transparent bridging in that it does not forward LLC2 frames transparently to the peer...

Страница 212: ...ed TCP connections if the reachability table of DLSw contains a small number of entries or no entries Low maintainability When a circuit is disconnected DLSw v1 0 uses two types of messages to notify...

Страница 213: ...1 0 router and follows RFC1795 when setting up a TCP connection with its peer Enhanced maintainability To enable a DLSw router to notify its peer about the reason for dropping a connection DLSw v2 0 d...

Страница 214: ...o create DLSw peers Set DLSw timers Refer to Setting DLSw Timers on page 215 Optional Configure LLC2 parameters Refer to Configuring LLC2 Parameters on page 216 Optional Enable the multicast function...

Страница 215: ...face to a remote end system over a TCP connection n For details about bridge set configuration refer to Bridging Configuration on page 405 Setting DLSw Timers You can configure the timers used in crea...

Страница 216: ...ack length Required 3 by default Configure the maximum number of consecutive information frames the router can send before receiving an acknowledgement from the peer llc2 receive window length Optiona...

Страница 217: ...ast can be enabled you need to carry out the related multicast command first Configuring the Maximum Number of DLSw v2 0 Explorer Retries Each time the origin DLSw v2 0 router sends an explorer frame...

Страница 218: ...ptional Enabled by default Create a DLSw peer Refer to Creating DLSw Peers on page 214 Required Configure an SDLC interface Refer to Configuring an SDLC Interface on page 219 Required Enable DLSw forw...

Страница 219: ...connection are not equal in the positions one is primary and the other is secondary The primary station whose role is primary plays a Configure optional SDLC Parameters Refer to Configuring Optional S...

Страница 220: ...rimary station can be connected with multiple secondary devices through a multi user system or an SDLC switch while the secondary devices cannot be connected with one another Therefore the communicati...

Страница 221: ...48 to 0007 3fc0 a512 by using the dlsw reverse command Configuring an SDLC XID An XID is used to identify a device in an SNA system When configuring an SDLC connection pay attention to the types of th...

Страница 222: ...heme of the synchronous serial interface There are two encoding schemes NRZI and NRZ for synchronous serial interface The NRZ encoding scheme is generally used for synchronous serial interfaces of rou...

Страница 223: ...d Remarks Enter system view system view Enter interface view interface interface type interface number Configure the length of SDLC output queue sdlc max send queue length Optional 50 by default Confi...

Страница 224: ...e by default Generally this configuration is not required Configure the SDLC polling interval sdlc timer poll mseconds Optional 1 000 ms by default Configure the amount of time the primary SDLC statio...

Страница 225: ...y dlsw circuits circuit Id verbose Available in any view Display the information of a remote peer or all remote peers display dlsw remote ip address Available in any view Display the reachability info...

Страница 226: ...gure interface parameters on Router B to ensure that the local DLSw peer 2 2 2 2 and remote peer 1 1 1 1 are pingable to each other specific configuration steps omitted Configure DLSw on Router B Rout...

Страница 227: ...emote 0000 2222 00c1 c1 RouterA Serial2 0 sdlc mac map local 0000 1111 0000 RouterA Serial2 0 baudrate 9600 RouterA Serial2 0 code nrzi 2 Configure Router B Configure interface parameters on Router B...

Страница 228: ...re Router A Configure interface parameters on Router A to ensure that the local DLSw peer 1 1 1 1 and remote peer 2 2 2 2 are pingable to each other specific configuration steps omitted Configure DLSw...

Страница 229: ...to save the polling process RouterB dlsw reachable mac exclusivity RouterB dlsw reachable cache 0014 cc00 54af remote 1 1 1 1 Note that in the configuration on router B the MAC address in the sdlc mac...

Страница 230: ...nable RouterA bridge 1 enable RouterA dlsw local 1 1 1 1 RouterA dlsw remote 2 2 2 2 RouterA dlsw bridge set 1 RouterA interface ethernet 1 1 1 RouterA Ethernet1 1 1 vlan type dot1q vid 1 RouterA Ethe...

Страница 231: ...ments As shown in Figure 40 Router A is DLSw v2 0 capable connected with an IBM host Router B and Router C are DLSw v1 0 or DLSw v2 0 capable respectively connected with PC1 and PC2 and CISCO is a DLS...

Страница 232: ...are DLSw v2 0 capable the configuration is similar as on Router A if they are DLSw v1 0 capable remove the multicast and explorer frame retransmission part from the configuration For the configuratio...

Страница 233: ...arameters of the router or adjust the configuration parameters of the SDLC device 2 If frames can be received and forwarded correctly examine whether the configuration of the PU type is correct Use th...

Страница 234: ...234 CHAPTER 7 DLSW CONFIGURATION...

Страница 235: ...ificance It is valid to two directly connected interfaces only That is you can use the same DLCI on different physical interfaces to identify different VCs A frame relay network can be a public networ...

Страница 236: ...he equipment administrator sets the virtual circuit status of DCE Frame Relay Protocol Parameters Table 1 lists the parameters of frame relay These parameters are stipulated by Q 933 Appendix A and th...

Страница 237: ...iry message from DTE within a period determined by T392 an error recorder is created T392 Time variable which defines the maximum time that DCE waits for a status enquiry message The time value shall...

Страница 238: ...n page 244 Optional Configuring DCE Side Frame Relay on page 245 Configuring Basic DCE Side Frame Relay on page 245 Required Configuring Frame Relay Address Mapping on page 246 Required Configuring Fr...

Страница 239: ...pics Overview on page 235 Configure frame relay LMI protocol type fr lmi type ansi nonstandard q933a bi direction Optional The default frame relay LMI protocol type is q933a The support of the bi dire...

Страница 240: ...n page 239 Overview A device with frame relay switching function enabled can act as a frame relay switch In this scenario the frame relay interface should be NNI or DCE and it is required to perform c...

Страница 241: ...s connected remote network address to distinguish different connections Address maps can be set up by manual configuration or dynamically set up by InARP Set the type of interface for frame relay swit...

Страница 242: ...me relay subinterface Configuring Frame Relay over IP Network This section covers these topics Overview on page 235 Configuration procedure on page 239 Overview With the increasingly wide application...

Страница 243: ...relay routes have been configured two route entries will be added into the To do Use the command Remarks Enter system view system view Create tunnel interface in system view and perform corresponding...

Страница 244: ...lso be used to connect X 25 networks through FR networks It is a technology that can help you to migrate from X 25 network to FR network and thus protects the investment on X 25 effectively Configurat...

Страница 245: ...late x25 template name Required This command also leads you to X 25 template view Configure X 25 parameters Refer to X 25 and LAPB Configuration on page 283 Optional Configure LAPB parameters Refer to...

Страница 246: ...tandard q933a Optional The default frame relay LMI protocol type is q933a Configure network side N392 fr lmi n392dce n392 value Optional The default value is 3 Configure network side N393 fr lmi n393d...

Страница 247: ...d interfaces can be shown Only main interface can be specified Display frame relay permanent virtual circuit table display fr pvc info interface interface type interface number interface number subnum...

Страница 248: ...igure dynamic address mapping RouterA Serial2 0 fr inarp Otherwise configure static address mapping RouterA Serial2 0 fr map ip 202 38 163 252 50 RouterA Serial2 0 fr map ip 202 38 163 253 60 2 Config...

Страница 249: ...terconnecting LANs through Dedicated Line Network requirements Two routers are directly connected through a serial interface Router A works in the frame relay DCE mode and Router B works in the frame...

Страница 250: ...igure IP address of the subinterface and local virtual circuit RouterA interface serial 2 0 1 p2p RouterA Serial2 0 1 ip address 202 38 163 251 255 255 255 0 RouterA Serial2 0 1 fr dlci 100 4 Configur...

Страница 251: ...uterA interface serial 2 0 RouterA Serial2 0 ip address 202 38 163 251 255 255 255 0 Encapsulate the interface with FR RouterA Serial2 0 link protocol fr RouterA Serial2 0 fr interface type dce Create...

Страница 252: ...RouterB Serial2 0 fr interface type dte Create an FR DLCI interface RouterB Serial2 0 fr dlci 100 Configure the DLCI interface as an Annex G DLCI interface RouterB fr dlci Serial2 0 100 annexg dte App...

Страница 253: ...peer if the devices are not in the same subnet segment Frame Relay Compression This section covers these topics Overview on page 235 Configuring FRF 9 Compression on page 254 Configuring FRF 20 IP He...

Страница 254: ...ypes For a P2P subinterface use the fr compression frf9 command to enable FRF 9 compression in subinterface view For a P2MP frame relay interface or subinterface the frame relay compression is configu...

Страница 255: ...ader compression select either method FRF 20 IP header compression on interface and provide FRF 20 IP header compression option fr compression iphc Optional FRF 20 IP header compression is disabled on...

Страница 256: ...RouterB system view RouterB interface serial 2 0 RouterB Serial2 0 link protocol fr RouterB Serial2 0 ip address 10 110 40 2 255 255 255 0 RouterB Serial2 0 fr interface type dte RouterB Serial2 0 fr...

Страница 257: ...nks bound together so as to provide high speed and broadband links on frame relay networks To maximize the bandwidth of bundled interface it is recommended to bundle physical interfaces of the same ra...

Страница 258: ...face and enter the MFR interface view interface mfr interface number interface number subnu mber Required MFR interface or subinterface is not created by default Configure MFR bundle identifier mfr bu...

Страница 259: ...nt size bytes Optional The maximum fragment size is of 300 bytes The priority of fragment size configured in frame relay interface view is higher than that in MFR interface view Configure the maximum...

Страница 260: ...protocol fr mfr 4 2 Configure Router B Create and configure MFR interface 4 MFR4 RouterB system view RouterB interface mfr 4 RouterB MFR4 ip address 10 140 10 2 255 255 255 0 RouterB MFR4 fr interface...

Страница 261: ...uterA Serial2 1 quit 2 Configure Router B Enable frame relay switching RouterB system view RouterB fr switching Configure interface MFR1 RouterB interface mfr 1 RouterB MFR1 fr interface type dce Rout...

Страница 262: ...2 RouterB Serial2 3 quit Configure static route for frame relay switching RouterB fr switch pvc1 interface mfr 1 dlci 100 interface mfr 2 dl ci 200 3 Configure Router C Configure interface MFR2 Route...

Страница 263: ...cal interface bound to the virtual template interface is valid Displaying and Maintaining PPPoFR To do Use the command Remarks Enter system view system view Create a virtual template interface and the...

Страница 264: ...2 0 RouterA Serial2 0 link protocol fr Create PPP map on Serial 2 0 RouterA Serial2 0 fr map ppp 16 interface virtual template 1 2 Configure Router B Create and configure virtual template interface Vi...

Страница 265: ...es and then perform the following configurations on these virtual templates to bind them to another virtual template with PPP MP Configuring MPoFR Follow these steps to configure MPoFR To do Use the c...

Страница 266: ...work diagram the bandwidth of Router A Serial2 0 is 64 kbps PC1 sends data service stream 1 to PC3 PC2 sends data service stream 2 to PC4 and there is also a voice service stream The bandwidth of Rout...

Страница 267: ...outerA acl adv 3001 rule 0 permit ip source 1 1 1 0 0 0 0 255 RouterA acl adv 3001 rule 1 permit ip source 10 1 1 0 0 0 0 255 RouterA acl number 3002 RouterA acl adv 3002 rule 0 permit tcp destination...

Страница 268: ...al Template1 quit Create and configure virtual template interface Virtual Template 2 RouterA interface virtual template 2 RouterA Virtual Template2 ppp mp virtual template 3 RouterA Virtual Template2...

Страница 269: ...h acl 3001 RouterB classifier liuliang quit Configure class 1 corresponding behavior RouterB traffic behavior liuliang RouterB behavior liuliang queue af bandwidth 20 RouterB behavior liuliang quit Co...

Страница 270: ...st forwarding is enabled RouterB Virtual Template3 undo ip fast forwarding RouterB Virtual Template3 quit Map specified DLCI to PPP virtual template on the interface RouterB interface serial 2 0 Route...

Страница 271: ...egistration protocol GARP provides a mechanism that allows participants in a GARP application to distribute propagate and register with other participants in a bridged LAN the attributes specific to t...

Страница 272: ...articipants throughout a bridged LAN 2 GARP timers The interval of sending of GARP messages is controlled by the following four timers Hold timer A GARP participant usually does not forwards a receive...

Страница 273: ...eclarations or withdrawals handles attributes of other participants When a port receives an attribute declaration it registers the attribute when a port receives an attribute withdrawal it deregisters...

Страница 274: ...Ns to pass through even though it is configured to carry all VLANs Forbidden Disables the port to dynamically register and deregister VLANs and to propagate VLAN information except information about V...

Страница 275: ...nter port group view port group aggregation agg id manual port group name Enable GVRP gvrp Required Disabled by default Set the GVRP registration mode gvrp registration fixed forbidden normal Optional...

Страница 276: ...ip between GARP timers Timer Lower limit Upper limit Hold 10 centiseconds Not greater than half of the join timer setting Join Not less than two times the hold timer setting Less than half of the leav...

Страница 277: ...face ethernet 1 1 DeviceB Ethernet1 1 port link type trunk DeviceB Ethernet1 1 port trunk permit vlan all Enable GVRP on Ethernet 1 1 the trunk port DeviceB Ethernet1 1 gvrp DeviceB Ethernet1 1 quit C...

Страница 278: ...thernet1 0 gvrp Set the GVRP registration type to fixed on the port DeviceA Ethernet1 0 gvrp registration fixed DeviceA Ethernet1 0 quit Create VLAN 2 a static VLAN DeviceA vlan 2 2 Configure Device B...

Страница 279: ...twork diagram Figure 55 Network diagram for GVRP configuration Configuration procedure 1 Configure Device A Enable GVRP globally DeviceA system view DeviceA gvrp Configure port Ethernet 1 0 as a trunk...

Страница 280: ...type trunk DeviceB Ethernet1 1 port trunk permit vlan all Enable GVRP on Ethernet 1 1 DeviceB Ethernet1 1 gvrp DeviceB Ethernet1 1 quit Create VLAN 3 a static VLAN DeviceB vlan 3 3 Verify the configur...

Страница 281: ...at and Frame Type There are three types of HDLC frames information frame I frame supervision frame S frame and unnumbered frame U frame Information frame is responsible for transmitting useful data or...

Страница 282: ...ps to configure HDLC protocol To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Enable HDLC on the interface link protocol hdlc...

Страница 283: ...e based on the experiences and recommendations of Telnet and Tymnet of USA and Datapac packet switched networks of Canada It was revised in 1976 1978 1980 and 1984 added many optional service function...

Страница 284: ...cuit switching in nature VCs involve Permanent Virtual Circuit PVC and Switched Virtual Circuit SVC PVC is used for transmitting traffic that is generated in a frequent but stable way and SVC for tran...

Страница 285: ...state As specified in international standards the link layer protocol LAPB of X 25 adopts the frame structure of High level Data Link Control HDLC and is a subset of HDLC It requires for setting up a...

Страница 286: ...re respectively working as the DTE and DCE X 25 virtual circuit range The X 25 protocol can create multiple logical virtual connections over a physical link between DTE and DCE These virtual connectio...

Страница 287: ...nent virtual circuits must be set in the A range According to ITU T Recommendation X 25 the idle channel allocation rules in initiating calls are as follows Only the DCE can initiate a call using a ch...

Страница 288: ...using the commands shutdown and undo shutdown X 25 packet numbering modulo The implementation of X 25 supports both modulo 8 and modulo 128 in packet numbering with Modulo 8 being the default The X 2...

Страница 289: ...s and determine whether a piece of complete upper layer packet is received based on the M bit flag Therefore too small value of the maximum packet size will consume too much router resources on messag...

Страница 290: ...ss is a string of 0 to 15 digits Some attributes related to X 121 address are as follows 1 Alias of interface When an X 25 call is forwarded across multiple networks different networks will likely mak...

Страница 291: ...ll with an unrecognizable CUD it will treat it as the customized default upper layer protocol Table 6 Alias match modes and meanings Matching mode Description Example free Free matching the alias stri...

Страница 292: ...s 180 seconds Set the reset request timer for DTE or the reset indication timer for DCE x25 timer tx2 seconds Optional By default the value for DTE is 180 seconds and the value for DCE is 60 seconds S...

Страница 293: ...n the router A direct call destination has its own protocol address and X 121 address In this case a destination protocol address to X 121 address mapping must be created on the source Through the map...

Страница 294: ...sub sections Specify the maximum idle time of SVC For the sake of cost saving you can specify an SVC idle time upon the expiration of which the SVC will be disconnected Enabling this feature will not...

Страница 295: ...rom 0 to input window size If it is set to 1 every packet will be acknowledged If it is set to input window size the acknowledgment will be sent only after the receiving window is full In applications...

Страница 296: ...available in this case To do Use the command Remarks Enter system view system view Define ROA Recognized operating Agency list x25 roa list roa name roa id 1 10 Optional Not defined by default Enter...

Страница 297: ...d by default Perform max packet negotiation while initiating a call x25 map protocol type protocol address x121 address x 121 address packet size input packet output packet Optional Not configured by...

Страница 298: ...dress mappings are used for calling out only while others are used for calling in only To restrict the use of address mapping use the following commands To do Use the command Remarks Enter system view...

Страница 299: ...s of many interconnecting nodes based on a specific topology A packet is sent from source to destination via a large number of nodes of which each node needs to have packet switching capability Simply...

Страница 300: ...between different links in the same DTE to ensure that link overload will not occur when a large number of users access the same address X 25 load sharing is provided by DCE To implement load sharing...

Страница 301: ...urce address and the destination address You can use the destination address substitution function to hide the DTE address inside hunt group and the DTE outside hunt group only knows the hunt group ad...

Страница 302: ...n policy X 25 network load sharing is configured on DCE device In most cases your device is used as DTE device in X 25 network The network providers provide the load sharing function on packet switch...

Страница 303: ...n When used as data communication equipment DCE CUG function is shown in the following figure Figure 64 CUG function implementation n Call 1 DTE originates a call but outgoing capability is barred so...

Страница 304: ...calls n You can only configure the CUG function on an X 25 interface working as DCE that is you must specify the serial interface as DCE when specifying the X 25 protocol on it CUG mapping and suppres...

Страница 305: ...25 terminals to an X 25 network As shown in the figure below a PAD facility is placed between non X 25 terminals and an X 25 network allowing them to communicate with other terminals across the X 25...

Страница 306: ...et command By nesting commands you can do the following on your router Place an X 25 PAD call to log onto another router and from that router place another X 25 PAD call to log onto a third router and...

Страница 307: ...nd Check that X 25 switching is disabled or a route is available to the server end when X 25 switching is enabled In the former case the default route is used to route the call In the second case at l...

Страница 308: ...t be dynamically deleted when no data is transmitted Supporting Keepalive attribute of TCP If Keepalive is not configured TCP connection will still not be cleared or cleared after a long time even if...

Страница 309: ...p address unnumbered interface interface type interface number Required Make sure the IP network operates normally Quit to system view quit Configure an XOT route to route packet from X 25 via IP netw...

Страница 310: ...rface type interface number x25 xot pvc pvc number1 ip address interface interface type interface number pvc pvc number2 xot option packet size input packet output packet window size input window size...

Страница 311: ...TE by default Configure an FR DLCI and enter its view fr dlci dlci number Required Configure the FR DLCI as Annex G DLCI annexg dce dte Required Configure the SVC route x25 switch svc number x 121 add...

Страница 312: ...nterface interface type interface number Configure the link layer protocol as FR link protocol fr nonstandard ietf Required PPP by default Configure the FR interface type fr interface type dce dte nni...

Страница 313: ...h entries configured using the translate ip and translate x25 commands When specifying a port number using the translate ip command for an IP address using one port specify port 102 for an IP address...

Страница 314: ...ocal cug local cug number network cug network cug number Display X 25 PAD Packet Assembler Disassembler connection information display x25 pad pad id Display X 25 switching table display x25 switch ta...

Страница 315: ...e view RouterB system view RouterB interface serial 2 0 Assign an IP address for the interface RouterB Serial2 0 ip address 10 1 1 1 255 0 0 0 Configure the link layer protocol of the interface as LAP...

Страница 316: ...e interface RouterA Serial2 0 ip address 202 38 60 1 255 255 255 0 Configure the link layer protocol of the interface as X 25 and configure the interface to operate in DTE mode RouterA Serial2 0 link...

Страница 317: ...g is available IP addresses of both ends can be on different network segments and no static route is needed Direct Connection of Two routers through Serial Interfaces Two Mappings Network requirements...

Страница 318: ...dress 202 38 160 2 255 255 255 0 Configure the link layer protocol of the interface as X 25 and specify the interface to operate in DCE mode RouterB Serial2 0 link protocol x25 dce Assign an X 121 add...

Страница 319: ...oing only channel range are disabled and two way channel range is 1 32 Network diagram Figure 73 Connecting the router to X 25 public packet network Configuration procedure 1 Configure Router A Assign...

Страница 320: ...nk protocol x25 dte RouterC Serial2 0 x25 x121 address 30561003 RouterC Serial2 0 x25 window size 5 5 RouterC Serial2 0 x25 packet size 512 512 RouterC Serial2 0 x25 vc range bi channel 1 32 RouterC S...

Страница 321: ...Serial 2 0 RouterA interface serial 2 0 RouterA Serial2 0 ip address 192 149 13 1 255 255 255 0 RouterA Serial2 0 link protocol x25 RouterA Serial2 0 x25 x121 address 1004358901 RouterA Serial2 0 x25...

Страница 322: ...u should distinguish between VC and logic channel Virtual circuit refers to the end to end logic link between the calling DTE and the called DTE while logic channel refers to the logic link between tw...

Страница 323: ...1 x25 map ip 10 1 1 1 x121 address 200 Configure subinterface serial 2 0 2 and X 25 mapping to Router C RouterA Serial2 0 1 interface serial 2 0 2 RouterA Serial2 0 2 ip address 20 1 1 2 255 255 0 0 R...

Страница 324: ...C Application of XOT Network requirements Router B and Router C are connected through Ethernet interfaces Set up a TCP connection between them to deliver data between Serial 2 0 of Router A and Serial...

Страница 325: ...terB x25 switch svc 2 xot 10 1 1 2 Configure Serial 2 0 RouterB interface serial 2 0 RouterB Serial2 0 link protocol x25 dce ietf RouterB Serial2 0 quit Configure interface Ethernet 1 0 RouterB interf...

Страница 326: ...1 address 1111 RouterA Serial2 0 x25 vc range in channel 10 20 bi channel 30 1024 RouterA Serial2 0 x25 pvc 1 ip 1 1 1 2 x121 address 2222 RouterA Serial2 0 ip address 1 1 1 1 255 0 0 0 2 Configure Ro...

Страница 327: ...t pvc 2 10 1 1 1 interface serial 2 0 pvc 1 Configure Ethernet 1 0 RouterC interface ethernet 1 0 RouterC Ethernet1 0 ip address 10 1 1 2 255 0 0 0 SVC Application of X 25 over FR Network requirements...

Страница 328: ...rB system view RouterB x25 switching Configure Serial 2 0 as X 25 interface RouterB interface serial 2 0 RouterB Serial2 0 link protocol x25 dce Configure Serial 2 1 as FR interface RouterB interface...

Страница 329: ...ugh FR Configure FR Annex G DLCI 100 on the two routers to interconnect the two X 25 networks enabling Host A and Host B to communicate with each other Network diagram Figure 80 Network diagram for X...

Страница 330: ...template RouterB x25 template switch RouterB x25 switch x25 vc range bi channel 10 20 Configure the PVC switching route for the template RouterB x25 switch x25 switch pvc 1 interface serial 2 0 pvc 1...

Страница 331: ...Annex G DLCI RouterC fr dlci Serial2 1 100 x25 template switch X 25 Load Sharing Application Network requirements You need to configure hunt group on Router A used as X 25 switch and enable destinatio...

Страница 332: ...e them to operate in DCE mode Configure Serial 2 1 as an FR DCE RouterA interface serial 2 1 RouterA Serial2 1 link protocol fr RouterA Serial2 1 fr interface type dce Configure an FR Annex G DLCI Rou...

Страница 333: ...rce 3333 hunt group hg1 Configure X 25 switching route forwarded to X 25 terminal RouterA x25 switch svc 1111 interface serial 2 3 RouterA x25 switch svc 1112 interface serial 2 4 RouterA x25 switch s...

Страница 334: ...dce RouterD Serial2 0 quit Assign an IP address for the interface Ethernet 1 0 RouterD interface ethernet 1 0 RouterD Ethernet1 0 ip address 10 1 1 2 255 255 255 0 RouterD Ethernet1 0 quit Configure a...

Страница 335: ...uterA Ethernet1 0 quit Configure interface Serial 2 0 RouterA interface serial 2 0 RouterA Serial2 0 link protocol x25 dte RouterA Serial2 0 x25 x121 address 1111 RouterA Serial2 0 ip address 1 1 1 1...

Страница 336: ...1 x121 address 1111 RouterC Serial2 0 x25 map ip 2 1 1 1 x121 address 1111 RouterC Serial2 0 x25 map ip 1 1 1 2 x121 address 2222 RouterC Serial2 0 x25 map ip 2 1 1 2 x121 address 2222 Configure inte...

Страница 337: ...s 16 16 16 1 255 255 0 0 Enable TCP IP header compression RouterA serial1 0 x25 map compressedtcp 16 16 16 2 x121 address 10 02 2 Configure Router B Configure the link layer protocol of Serial 2 0 as...

Страница 338: ...outerA user interface vty 0 4 RouterA ui vty0 4 authentication mode scheme RouterA ui vty0 4 protocol inbound pad RouterA ui vty0 4 quit Configure domain user X 25 to use the local authentication sche...

Страница 339: ...bles the communication between X 25 terminal and IP host Network diagram Figure 85 Network diagram for X2T SVC Configuration procedure Enable X 25 switching Router system view Router x25 switching Con...

Страница 340: ...view Router x25 switching Configure interface Serial 2 0 Router interface serial 2 0 Router Serial2 0 link protocol x25 dce Router Serial2 0 x25 vc range in channel 10 20 bi channel 30 1024 Router Ser...

Страница 341: ...LAPB of X 25 is up X 25 of Two Sides Always Being Down with LAPB of two sides Being Up Symptom X 25 of two sides is always down although LAPB of two sides is up Analysis A possible reason is that the...

Страница 342: ...ssigned PVC number is in the disabled PVC channel range X 25 will surely reject the PVC setup request In this case enable the permanent virtual circuit channel range Failed to Ping through the XOT SVC...

Страница 343: ...irst check whether the physical connection status and protocol status of the interface are UP If the interface status is DOWN check whether the physical connections and lower layer configurations are...

Страница 344: ...344 CHAPTER 14 X 25 AND LAPB CONFIGURATION...

Страница 345: ...y Considerations for Ports in an Aggregation on page 346 LACP The link aggregation control protocol LACP as defined in IEEE 802 3ad is used for link aggregation control LACP interacts with its peer by...

Страница 346: ...iority Maximum transmission rate Loop protection Root protection Port type whether the port is an edge port QoS Traffic policing Traffic shaping Congestion avoidance Physical interface rate limiting S...

Страница 347: ...nselected state for example as the result of the cross board aggregation restriction Manual aggregation limits the number of selected ports in an aggregation group When the limit is exceeded the syste...

Страница 348: ...of their ports as follows 1 Compare the actor and partner system IDs that each comprises a system LACP priority plus a system MAC address as follow First compare the system LACP priorities The system...

Страница 349: ...pending on the model of your device After hardware resources become depleted link aggregation groups work in non load sharing mode n After you remove all ports but one selected port from a load sharin...

Страница 350: ...350 CHAPTER 15 LINK AGGREGATION OVERVIEW...

Страница 351: ...ng static aggregation group If the specified group contains ports its group type changes to manual with LACP disabled on its member ports if not its group type directly changes to manual An aggregatio...

Страница 352: ...ware that after a load balancing aggregation group changes to a non load balancing group due to resources exhaustion either of the following may happen Forwarding anomaly resulted from inconsistency o...

Страница 353: ...iew system view Assign a name for an aggregation group link aggregation group agg id description agg name Required None is configured by default To do Use the command Remarks Enter system view system...

Страница 354: ...oup 1 DeviceA Ethernet1 1 interface ethernet 1 2 DeviceA Ethernet1 2 port link aggregation group 1 DeviceA Ethernet1 2 interface ethernet 1 3 DeviceA Ethernet1 3 port link aggregation group 1 2 In sta...

Страница 355: ...cate with the equipment of other vendors The asynchronous serial interfaces of the participating parties are working in flow mode interconnected via modems 2 Provide comprehensive debugging informatio...

Страница 356: ...erface Serial 2 0 on your device connects to a remote Cisco router through DCC dialup When data needs transmission from IP address 1 1 1 1 16 to IP address Quit to system view quit Configure modem thr...

Страница 357: ...uter Serial2 0 dialer enable circular Router Serial2 0 dialer group 1 Router Serial2 0 dialer timer enable 5 Router Serial2 0 dialer number 666666 Router Serial2 0 quit Router user interface tty 1 Rou...

Страница 358: ...358 CHAPTER 17 MODEM CONFIGURATION...

Страница 359: ...cified ports to the destination mirroring port As destination mirroring ports usually have data monitoring devices connected to them you can analyze the packets duplicated to the destination mirroring...

Страница 360: ...ent VLANs So make sure all the ports in a port mirroring group belong to the same VLAN before you create the port mirroring group For an existing port mirroring group removing a member port from the V...

Страница 361: ...C through Device B The Server is connected to port Ethernet 1 3 of Device C It is desired to monitor the packets sent and received by Department 1 and Department 2 on the Server This can be achieved b...

Страница 362: ...ation port DeviceC mirroring group 1 mirroring port ethernet 1 1 ethernet 1 2 both DeviceC mirroring group 1 monitor port ethernet 1 3 Display the configuration of all the port mirroring groups Device...

Страница 363: ...user authentication support synchronous asynchronous communication and can be extended easily PPP defines a whole set of protocols including link control protocol LCP network control protocol NCP and...

Страница 364: ...cket Challenge carrying its own username to the authenticatee 2 When the authenticatee receives the authentication request it looks up its local user database for a password matching to the username i...

Страница 365: ...LCP will go down If the authentication succeeds it will proceed to start the network negotiation NCP In this case the LCP state is still Opened while the state of IP control protocol IPCP is changed...

Страница 366: ...pology In this sense virtual template interfaces are more flexible than MP group interfaces Bundling mode can be used to distinguish multiple bundles created on a VT interface You can use the ppp mp b...

Страница 367: ...vice to authenticate the peer using PAP Refer to Configuring the Local Device to Authenticate the Peer Using PAP on page 368 Optional PPP authentication is disabled by default Configure the local devi...

Страница 368: ...nticate the peer using PAP ppp authentication mode pap call in domain isp name Required If this command is used without specifying the domain keyword the system default domain named system will be use...

Страница 369: ...domain Configure local username ppp chap user username Required Exit to system view quit Create local user and enter local user view local user username Required Configure a password for the local use...

Страница 370: ...l used for the interface in interface view In PPP address negotiation a device can also be configured to negotiate DNS address through which the device can either allocate DNS address to the peer or r...

Страница 371: ...negotiation Refer to Configuring IP address negotiation on page 371 Optional Configure DNS address negotiation Refer to Configuring DNS address negotiation on page 372 Optional To do Use the command R...

Страница 372: ...eer interface interface type interface number remote address ip address Required To do Use the command Remarks Enter system view system view Enter the specified domain view domain domain name Required...

Страница 373: ...o up Configuration procedure Follow these steps to configure PPP link quality control Enabling the PPP Accounting Statistics Function Introduction to PPP accounting statistics PPP can generate traffic...

Страница 374: ...ce the system does not look for a VT interface by username Instead it looks for the template configured by the command You must configure the interfaces to be bundled in the same way In practice you m...

Страница 375: ...mp user username bind virtual template number Required Associate VT interface with MP users interface interface type interface number ppp mp Required Configure the interface encapsulated with PPP to...

Страница 376: ...PP Link Efficiency Mechanism Four mechanisms are available for improving transmission efficiency on PPP links They are IP header compression IPHC Stac Lempel Ziv standard STAC LZS compression on PPP p...

Страница 377: ...at can accommodate to the change of data While allowing for more flexibility this requires more CPU resources VJ TCP header compression VJ TCP header compression was defined in RFC 1144 for use on low...

Страница 378: ...s at an interface at the same time the large packets are fragmented into small fragments If the interface is configured with WFQ the voice packets and these small fragments are interleaved together an...

Страница 379: ...fragments ppp mp lfi delay per frag time Required 10 ms by default To do Use the command Remarks To do Use the command Display the information about an existing MP group interface display interface m...

Страница 380: ...A Serial2 0 ip address 200 1 1 1 16 RouterA Serial2 0 quit RouterA domain system RouterA isp system authentication ppp local 2 Configure Router B RouterB system view RouterB interface serial 2 0 Route...

Страница 381: ...system RouterA Serial2 0 ip address 200 1 1 1 16 RouterA Serial2 0 quit RouterA domain system RouterA isp system authentication ppp local 2 Configure Router B RouterB system view RouterB interface ser...

Страница 382: ...ates RouterA interface virtual template 1 RouterA Virtual Template1 ip address 202 38 166 1 255 255 255 0 RouterA Virtual Template1 quit RouterA interface virtual template 2 RouterA Virtual Template2...

Страница 383: ...pp mp RouterB Serial2 0 1 ppp authentication mode pap domain system RouterB Serial2 0 1 ppp pap local user router b password simple router b 3 Configure Router C Add a user for Router A RouterC system...

Страница 384: ...sword of Router B RouterA system view RouterA local user rtb RouterA luser rtb password simple rtb RouterA luser rtb service type ppp RouterA luser rtb quit Create a virtual template interface and ass...

Страница 385: ...rface serial 2 1 RouterB Serial2 1 link protocol ppp RouterB Serial2 1 ppp authentication mode pap domain system RouterB Serial2 1 ppp pap local user rtb password simple rtb RouterB Serial2 1 ppp mp v...

Страница 386: ...IP address 8 1 1 1 RouterB ping 8 1 1 1 PING 8 1 1 1 56 data bytes press CTRL_C to break Reply from 8 1 1 1 bytes 56 Sequence 1 ttl 255 time 29 ms Reply from 8 1 1 1 bytes 56 Sequence 2 ttl 255 time 3...

Страница 387: ...er rta password simple rta RouterA Serial2 1 ppp mp RouterA Serial2 1 shutdown RouterA Serial2 1 undo shutdown RouterA Serial2 1 quit Configure Serial 2 0 RouterA interface serial 2 0 RouterA Serial2...

Страница 388: ...0 ppp authentication mode pap domain system RouterB Serial2 0 ppp pap local user rtb password simple rtb RouterB Serial2 0 ppp mp RouterB Serial2 0 shutdown RouterB Serial2 0 undo shutdown RouterB Ser...

Страница 389: ...255 time 31 ms Reply from 8 1 1 1 bytes 56 Sequence 3 ttl 255 time 30 ms Reply from 8 1 1 1 bytes 56 Sequence 4 ttl 255 time 31 ms Reply from 8 1 1 1 bytes 56 Sequence 5 ttl 255 time 30 ms 8 1 1 1 pi...

Страница 390: ...0 shutdown RouterA Serial2 0 undo shutdown RouterA Serial2 0 quit Configure the users in the domain to use the local authentication scheme RouterA domain system RouterA isp system authentication ppp l...

Страница 391: ...ace Mp group 1 Mp group1 current state UP Line protocol current state UP Description Mp group1 Interface The Maximum Transmit Unit is 1500 Hold timer is 10 sec Internet Address is 111 1 1 1 24 Link la...

Страница 392: ...iled in going up Solution Execute the display interface serial type number command to view the current interface statuses including serial number is administratively down line protocol is down which i...

Страница 393: ...ts in Ethernet frames PPPoE is divided into two distinct phases discovery and PPP session Discovery phase When a host wants to start a PPPoE process it must first identify the MAC address of the Ether...

Страница 394: ...software on the hosts Moreover all the hosts on the same LAN can share the same ADSL account Figure 99 Network diagram for PPPoE client As shown in the above figure PCs on the Ethernet are connected...

Страница 395: ...en the Internet via an Ethernet interface it is necessary to configure the PPPoE session on the Ethernet interface To do Use the command Remarks Enter system view system view Create VT and enter its v...

Страница 396: ...up the device will not immediately initiate PPPoE call Only when there is data transmission requirement will the router initiate PPPoE call to create a PPPoE session If the free time of a PPPoE link...

Страница 397: ...ate a PPPoE session at the client end and recreate the session later reset pppoe client all dial bundle number number In user view Terminate a PPPoE session at the server end reset pppoe server all in...

Страница 398: ...stem Sysname isp system authentication ppp local Add a local IP address pool containing nine IP addresses Sysname isp system ip pool 1 1 1 1 2 1 1 1 10 After these configurations you should then insta...

Страница 399: ...e 1 b Configure Router B as PPPoE client RouterB system view RouterB dialer rule 1 ip permit RouterB interface dialer 1 RouterB Dialer1 dialer user user2 RouterB Dialer1 dialer group 1 RouterB Dialer1...

Страница 400: ...RouterB Dialer1 quit RouterB local user user1 RouterB luser user1 password simple hello RouterB luser user1 quit Configure a PPPoE session RouterB interface ethernet 1 0 RouterB Ethernet1 0 pppoe clie...

Страница 401: ...interface ethernet 2 0 RouterA Ethernet2 0 pppoe client dial bundle number 1 RouterA Ethernet2 0 quit Configure the LAN interface and the default route RouterA interface ethernet 1 0 RouterA Ethernet...

Страница 402: ...1 RouterB Virtual Template1 ppp authentication mode pap domain system RouterB Virtual Template1 remote address pool 1 RouterB Virtual Template1 ip address 1 1 1 1 255 0 0 0 RouterB Virtual Template1 q...

Страница 403: ...ter dialer rule 1 ip permit Router interface dialer 1 Router Dialer1 dialer user user1 Router Dialer1 dialer group 1 Router Dialer1 dialer bundle 1 Router Dialer1 ip address ppp negotiate Configure a...

Страница 404: ...interface Router Dialer1 interface virtual ethernet 1 Router Virtual Ethernet1 mac 0001 0002 0003 Router Virtual Ethernet1 quit Router interface atm 1 0 1 Router atm1 0 1 pvc to_adsl_a 0 60 Router at...

Страница 405: ...form special configurations on the devices In applications there are four major kinds of bridging technologies transparent bridging source route bridging SRB translational bridging and source route tr...

Страница 406: ...ernet frame on bridge interface 1 it determines that Host A is attached to bridge interface 1 and creates a mapping between the MAC address of Host A and bridge interface 1 in its bridge table as show...

Страница 407: ...e as shown in Figure 108 Figure 108 The final bridge table Host A Host B Host C Host D LAN segment 2 LAN segment 1 Bridge Bridge interface 1 Bridge interface 2 00e0 fcbb bbbb 00e0 fcaa aaaa Source add...

Страница 408: ...st B Host C Host D LAN segment 2 LAN segment 1 Bridge Bridge interface 1 Source address Destination address 00e0 fcbb bbbb 1 00e0 fccc cccc 2 00e0 fcaa aaaa 1 00e0 fcdd dddd 2 MAC address Interface Br...

Страница 409: ...C When configuring transparent bridging over PPP you need to configure PPP on the corresponding interface as the link layer protocol for interface encapsulation When configuring transparent bridging o...

Страница 410: ...blishing inter VLAN transparent bridging you need to add the configured Ethernet sub interfaces into a bridge set Follow these steps to configure basic bridging functionalities For more information ab...

Страница 411: ...etwork layer properties can be configured By configuring a bridge template interface you can connect the corresponding bridge set to a routed network A bridge set can have only one bridge template int...

Страница 412: ...e specified network layer protocol s on bridge set bridge bridge set routing ip ipx Optional By default routing if network layer protocols is disabled bridge bridge set bridging ip ipx others To do Us...

Страница 413: ...Ethernet1 0 bridge set 1 RouterB Ethernet1 0 interface atm 5 0 RouterB Atm5 0 pvc 32 50 RouterB atm pvc Atm5 0 32 50 map bridge group broadcast RouterB atm pvc Atm5 0 32 50 quit RouterB Atm5 0 bridge...

Страница 414: ...multilink PPP Configure the two routers to enable transparent bridging between the two LAN segments Network diagram Figure 114 Network diagram for transparent bridging over MP configuration Configurat...

Страница 415: ...R Configure the two routers to enable transparent bridging between the two LAN segments Network diagram Figure 115 Network diagram for transparent bridging over FR configuration Configuration procedur...

Страница 416: ...quit RouterA interface serial 2 0 RouterA Serial2 0 link protocol x25 dce RouterA Serial2 0 x25 x121 address 100 RouterA Serial2 0 x25 map bridge x121 address 200 broadcast RouterA Serial2 0 bridge se...

Страница 417: ...terB bridge 1 enable RouterB interface ethernet 1 0 RouterB Ethernet1 0 bridge set 1 RouterB Ethernet1 0 quit RouterB interface Serial 2 0 RouterB Serial2 0 link protocol hdlc RouterB Serial2 0 bridge...

Страница 418: ...nable RouterB bridge 2 enable RouterB interface ethernet 1 0 RouterB Ethernet1 0 bridge set 1 RouterB Ethernet1 0 quit RouterB interface ethernet 1 1 RouterB Ethernet1 1 bridge set 2 RouterB Ethernet1...

Страница 419: ...quit RouterA interface serial 2 0 1 RouterA Serial2 0 1 fr map bridge 50 broadcast RouterA Serial2 0 1 bridge set 1 RouterA Serial2 0 1 quit RouterA interface serial 2 0 2 RouterA Serial2 0 2 fr map b...

Страница 420: ...ging over FR Bridge Routing Network requirements As shown in Figure 120 three host PCs are attached to Ethernet1 0 Ethernet1 1 and Ethernet1 2 of a router respectively Configure a bridge set and enabl...

Страница 421: ...on rate of 64 kbit s D channel is a control channel which transmits the public channel signaling These signals are used to control the calls on the B channel of the same interface The rate of D channe...

Страница 422: ...hen he can start normal calling and disconnect process otherwise the calling will fail By far there are three ways to obtain the SPID on one BRI interface over the ISDN in North America Manually input...

Страница 423: ...B channel Refer to ISDN Configuration on page 421 Optional Configure ISDN B channel selection mode Refer to ISDN Configuration on page 421 Optional Configure statistics about ISDN message receiving se...

Страница 424: ...tional Configure statistics about ISDN message receiving sending Refer to ISDN Configuration on page 421 Optional Configure the allowed incoming calling number Refer to ISDN Configuration on page 421...

Страница 425: ...an ISDN switch the default is as follows For an incoming call the router checks the received Setup messages for the Sending Complete Information Element to determine whether or not the number is rece...

Страница 426: ...al In full sending mode all the digits of each called number will be collected and sent at a time by default Table 9 Types and code schemes of ISDN numbers Protocol Field Bit value Definition Type Cod...

Страница 427: ...d number 1 1 1 Reserved for extension 0 0 0 0 Unknown 0 0 0 1 ISDN telephony numbering plan Recommendation E 164 0 0 1 1 Data numbering plan Recommendation X 121 0 1 0 0 Telex numbering plan Recommend...

Страница 428: ...T Rec E 164 E 163 0 0 1 0 0 0 1 International number in ISDN Telephony numbering plan ITU T Rec E 164 E 163 0 1 0 0 0 0 1 National number in ISDN Telephony numbering plan ITU T Rec E 164 E 163 0 1 1...

Страница 429: ...SPID negotiation on the BRI interface adopting NI protocol isdn spid auto_trigger Optional A BRI interface does not originate a SPID negotiation request unless triggered by a call by default On the B...

Страница 430: ...to set the local management ISDN B channel Configuring ISDN B Channel Selection Mode Follow these steps to configure ISDN B channel selection mode To do Use the command Remarks Enter system view syst...

Страница 431: ...m view Enter specified interface view interface interface type interface number Configure the sliding window size on the PRI interface or restore the default isdn pri slipwnd size window size default...

Страница 432: ...ou may need to configure permanent Q 921 link mode where the ISDN NI protocol is adopted to ensure the success of every call attempt Follow these steps to configure Q 921 permanent link mode for an IS...

Страница 433: ...applicable to BRI interfaces operating in the network side mode Currently only BSV board can operate on network side This function is different from the permanent link function The former maintains t...

Страница 434: ...n on an ISDN interface Display isdn active channel interface interface type interface number Available in any view Display the current status of an ISDN interface display isdn call info interface inte...

Страница 435: ...rA Serial1 0 15 isdn protocol type dss1 RouterA Serial1 0 15 dialer enable circular RouterA Serial1 0 15 dialer route ip 202 38 154 2 8810154 RouterA Serial1 0 15 dialer group 1 RouterA Serial1 0 15 q...

Страница 436: ...ISDN NI protocol parameter to make the B channel of BRI interface support static SPID value and set the negotiation message to be resent twice when there is no reply RouterA interface bri 2 0 RouterA...

Страница 437: ...otocol ppp RouterB Bri2 0 ppp mp virtual template 5 RouterB Bri2 0 dialer enable circular RouterB Bri2 0 dialer isdn leased 0 RouterB Bri2 0 dialer isdn leased 1 RouterB Bri2 0 quit RouterB interface...

Страница 438: ...able circular RouterB Bri2 0 dialer group 1 RouterB Bri2 0 dialer isdn leased 128k n You do not need to configure a dial number because setup of leased line connection does not involve dial process Af...

Страница 439: ...ets 220973 bytes 0 broadcasts 0 multicasts 2 errors 0 runts 0 giants 2 CRC 0 align errors 0 overruns 0 dribbles 0 aborts 0 no buffers 0 frame errors Output 17085 packets 208615 bytes 0 errors 0 underr...

Страница 440: ...n interface Bri 2 0 to obtain an address from the carrier for accessing the Internet Network diagram Figure 126 Interoperate with the DMS 100 Configuration procedure Enable IP packet triggered dial Ro...

Страница 441: ...configured on interface dialer 1 allows the system to bring up another B channel automatically after bringing up a BRI link This can be done without presence of a flow control mechanism and the links...

Страница 442: ...CONFIGURATION Check whether the dial up configuration is correct If dial up is correctly configured and the maintaining information Q921 send data fail L1 return failure is not output ISDN line may be...

Страница 443: ...feration and infinite recycling of packets that would occur in a loop network and prevents deterioration of the packet processing capability of network devices caused by duplicate packets received In...

Страница 444: ...fer to Table 10 for the description of designated bridge and designated port Figure 127 shows designated bridges and designated ports In the figure AP1 and AP2 BP1 and BP2 and CP1 and CP2 are ports on...

Страница 445: ...D consisting of root bridge priority and MAC address Root path cost the cost of the shortest path to the root bridge Designated bridge ID designated bridge priority plus MAC address Designated port ID...

Страница 446: ...aller the ID the higher message priority Selection of the root bridge At network initialization each STP compliant device on the network assumes itself to be the root bridge with the root bridge ID be...

Страница 447: ...ice calculates a designated port configuration BPDU for each of the rest ports The root bridge ID is replaced with that of the configuration BPDU of the root port The root path cost is replaced with t...

Страница 448: ...the configuration BPDU of Device B 1 0 1 BP1 Device A finds that the configuration BPDU of the local port 0 0 0 AP1 is superior to the configuration received message and discards the received configu...

Страница 449: ...rmines that the configuration BPDU of BP1 is the optimum configuration BPDU Then it uses BP1 as the root port the configuration BPDUs of which will not be changed Based on the configuration BPDU of BP...

Страница 450: ...uted configuration BPDU Root port CP1 0 0 0 AP2 Designated port CP2 0 10 2 CP2 Next port CP2 receives the updated configuration BPDU of Device B 0 5 1 BP2 Because the received configuration BPDU is su...

Страница 451: ...better configuration BPDU in response If a path becomes faulty the root port on this path will no longer receive new configuration BPDUs and the old configuration BPDUs will be discarded due to timeo...

Страница 452: ...ted root port or designated port to enter the forwarding state much quicker under certain conditions than in STP As a result it takes a shorter time for the network to reach the final topology stabili...

Страница 453: ...t some basic concepts of MSTP Figure 130 Basic concepts in MSTP 1 MST region A multiple spanning tree region MST region is composed of multiple devices in a switched network and network segments among...

Страница 454: ...on spanning tree CST jointly constitute the common and internal spanning tree CIST of the entire network An IST is a section of the CIST in the given MST region In Figure 130 for example the CIST has...

Страница 455: ...f that device in region D0 is the boundary port of region D0 n Currently the device is not capable of recognizing boundary ports When the device interworks with a third party s device that supports bo...

Страница 456: ...rwards user traffic Discarding the port neither learns MAC addresses nor forwards user traffic n When in different MST instances a port can be in different states A port state is not exclusively assoc...

Страница 457: ...e CIST of the entire network 2 MSTI computing Within an MST region MSTP generates different MSTIs for different VLANs based on the VLAN to instance mappings MSTP performs a separate computing process...

Страница 458: ...g the Priority of the Current Device on page 462 Optional Configuring the Maximum Hops of an MST Region on page 463 Optional Configuring the Network Diameter of a Switched Network on page 464 Optional...

Страница 459: ...ptional Configuring the Timeout Factor on page 470 Optional Configuring the Maximum Transmission Rate of Ports on page 470 Optional Configuring Ports as Edge Ports on page 470 Optional Configuring Pat...

Страница 460: ...instance 1 and VLAN 20 through VLAN 30 to instance 2 Sysname system view Sysname stp region configuration Sysname mst region region name info Sysname mst region instance 1 vlan 2 to 10 Sysname mst re...

Страница 461: ...one root bridge in effect in a spanning tree instance If two or more devices have been designated to be root bridges of the same spanning tree instance MSTP will select the device with the lowest MAC...

Страница 462: ...a legacy STP device the port connecting with the legacy STP device will automatically migrate to STP compatible mode In MSTP mode all ports of the device send out MSTP BPDUs If the device detects tha...

Страница 463: ...vices beyond the maximum hops are unable to take part in spanning tree computing and thereby the size of the MST region is restricted When a device becomes the root bridge of the CIST or MSTI of an MS...

Страница 464: ...diameter 6 Configuring Timers of MSTP MSTP involves three timers forward delay hello time and max age You can configure these three parameters for MSTP to calculate spanning trees Configuration proced...

Страница 465: ...tting The setting of hello time forward delay and max age must meet the following formulae otherwise network instability will frequently occur 2 forward delay 1 second max age Ma x age 2 hello time 1...

Страница 466: ...time thus using excessive network resources We recommend that you use the default setting Refer to Aggregation Port Group on page 349 for information about port groups Configuration example Set the ma...

Страница 467: ...net1 0 to be an edge port Sysname system view Sysname interface ethernet 1 0 Sysname Ethernet1 0 stp edged port enable Configuring Whether Ports Connect to Point to Point Links A point to point link i...

Страница 468: ...the port automatically distinguishes the two MSTP packet formats and determines the format of packets it will send based on the recognized format You can configure the MSTP packet format to be used by...

Страница 469: ...he port state transition information of all STP instances or the specified STP instance so as to monitor the port states in real time Follow these steps to enable output of port state transition infor...

Страница 470: ...ing Timers of MSTP on page 464 Configuring the Maximum Transmission Rate of Ports Refer to Configuring the Maximum Transmission Rate of Ports on page 466 Configuring Ports as Edge Ports Refer to Confi...

Страница 471: ...EE 802 1t legacy The device calculates the default path cost for ports based on a private standard Follow these steps to specify a standard for the device to use when calculating the default path cost...

Страница 472: ...0 as instance id you are setting the path cost of the CIST 1000 Mbps Single Port Aggregated Link 2 Ports Aggregated Link 3 Ports Aggregated Link 4 Ports 4 4 4 4 20 000 10 000 6 666 5 000 20 18 16 14 1...

Страница 473: ...device the specific priority of a port depends on the index number of that port Changing the priority of an Ethernet port triggers a new spanning tree computing process Configuration example Set the...

Страница 474: ...on to force the port to migrate to the MSTP or RSTP mode You can perform mCheck on a port through two approaches which lead to the same result Configuration Prerequisites MSTP has been correctly confi...

Страница 475: ...in the same MST region Configuration Prerequisites Associated devices of different vendors are interconnected and run MSTP Configuration Procedure Follow these steps to configure Digest Snooping c CAU...

Страница 476: ...Snooping first and then MSTP Do not enable Digest Snooping when the network works well to avoid traffic interruption Configuration Example Network requirements Device A and Device B connect to a thir...

Страница 477: ...e rapid state transition mechanism on MSTP and RSTP designated ports Figure 133 Rapid state transition mechanism on the MSTP designated port Figure 134 Rapid state transition mechanism on the RSTP des...

Страница 478: ...ke effect on the root port or Alternate port after enabled Configuration Example Network requirements Device A connects to a third party s device that has a different MSTP implementation Both devices...

Страница 479: ...transition of these ports When these ports receive configuration BPDUs the system will automatically set these ports as non edge ports and starts a new spanning tree computing process This will cause...

Страница 480: ...its original state Follow these steps to enable root guard Enabling Loop Guard n We recommend that you enable loop guard on your device By keeping receiving BPDUs from the upstream device a device ca...

Страница 481: ...d that you keep this function enabled Displaying and Maintaining MSTP To do Use the command Remarks Enter system view system view Enter Ethernet interface view or port group view Enter Ethernet interf...

Страница 482: ...gram for MSTP configuration View the information of port role calculation history for the specified MSTP instance or all MSTP instances display stp instance instance id history Available in any view V...

Страница 483: ...region quit Define Device A as the root bridge of MST instance 1 DeviceA stp instance 1 root primary View the MST region configuration information that has taken effect DeviceA display stp region con...

Страница 484: ...example DeviceC mst region instance 1 vlan 10 DeviceC mst region instance 3 vlan 30 DeviceC mst region instance 4 vlan 40 DeviceC mst region revision level 0 Configure the region name VLAN to instance...

Страница 485: ...mst region revision level 0 Configure the region name VLAN to instance mappings and revision level of the MST region DeviceD mst region active region configuration DeviceD mst region quit View the MST...

Страница 486: ...486 CHAPTER 23 MSTP CONFIGURATION...

Страница 487: ...network performance degrades with the increasing of the number of the hosts in the network If the number of the hosts in the network reaches a certain level problems caused by collisions broadcasts an...

Страница 488: ...rate on the data link layer of the OSI model they only process Layer 2 encapsulation information and the field thus needs to be inserted to the Layer 2 encapsulation information of packets The format...

Страница 489: ...ormation refer to Introduction to Port Based VLAN on page 491 n The frame format mentioned here is that of Ethernet II Besides Ethernet II encapsulation other types of encapsulation including 802 2 LL...

Страница 490: ...its view By default only one default VLAN that is VLAN 1 exists in the system Specify a descriptive string for the VLAN description text Optional VLAN ID used by default for example VLAN 0001 To do U...

Страница 491: ...send packets for multiple VLANs used to connect either user or network devices The differences between Hybrid and Trunk port A Hybrid port allows packets of multiple VLANs to be sent without the Tag...

Страница 492: ...t is in the list of VLANs allowed to pass through the port if yes tag the packet with the default VLAN ID if no discard the packet Receive the packet if the VLAN ID is in the list of VLANs allowed to...

Страница 493: ...ting is effective on the current port only configured in port group view the setting is effective on all ports in the port group Enter port group view port group aggregation agg id Configure the port...

Страница 494: ...n on page 89 To do Use the command Remarks Enter system view system view Enter Ethernet port view or port group view Enter Ethernet port view interface interface type interface number User either comm...

Страница 495: ...Ethernet 1 0 Configure Ethernet 1 0 as a Trunk port and configure its default VLAN ID as 100 DeviceA Ethernet1 0 port link type trunk DeviceA Ethernet1 0 port trunk pvid vlan 100 Configure Ethernet 1...

Страница 496: ...k port encapsulation IEEE 802 1q Port priority 0 Last 300 seconds input 0 packets sec 0 bytes sec Last 300 seconds output 0 packets sec 0 bytes sec Input total 0 packets 0 bytes 0 broadcasts 0 multica...

Страница 497: ...ect voice devices to voice VLANs you can configure quality of service QOS for short attributes for the voice traffic increasing transmission priority and ensuring voice quality A device determines whe...

Страница 498: ...system In manual mode the IP phone access port needs to be added to the voice VLAN manually It then identifies the source MAC address contained in the packet matches it against the OUI addresses If a...

Страница 499: ...inbound port with the voice VLAN feature enabled other non voice packets will be discarded including authentication packets such as 802 1 authentication packet Normal mode both voice packets and non...

Страница 500: ...nfigure the voice VLAN under manual mode To do Use the command Remarks Enter system view system view Configure the aging time of the voice VLAN voice vlan aging minutes Optional Only applicable to por...

Страница 501: ...ype interface number Configure the working mode as manual undo voice vlan mode auto Required Disabled by default Add the ports in manual mode to the voice VLAN Access port Refer to Configuring the Acc...

Страница 502: ...AN Network diagram Figure 141 Voice VLAN under automatic mode Configuration procedure Create VLAN 2 and VLAN 6 DeviceA system view DeviceA vlan 2 DeviceA vlan2 quit DeviceA vlan 6 DeviceA vlan6 quit C...

Страница 503: ...iceA display voice vlan oui Oui Address Mask Description 0001 e300 0000 ffff ff00 0000 Siemens phone 0003 6b00 0000 ffff ff00 0000 Cisco phone 0004 0d00 0000 ffff ff00 0000 Avaya phone 0011 2200 0000...

Страница 504: ...0011 2200 0000 mask ffff ff00 0000 description test Create VLAN 2 Enable voice VLAN feature for it DeviceA vlan 2 DeviceA vlan2 quit DeviceA voice vlan 2 enable Configure Ethernet 1 1 to work in manua...

Страница 505: ...isco phone 0004 0d00 0000 ffff ff00 0000 Avaya phone 0011 2200 0000 ffff ff00 0000 test 00d0 1e00 0000 ffff ff00 0000 Pingtel phone 0060 b900 0000 ffff ff00 0000 Philips NEC phone 00e0 7500 0000 ffff...

Страница 506: ...506 CHAPTER 25 VOICE VLAN CONFIGURATION...

Страница 507: ...is created automatically by the system as Isolation Group 1 The user can neither delete this isolation group nor create any other isolation group There is no restriction on the number of ports to be a...

Страница 508: ...solation configuration Configuration procedure Add ports Ethernet 1 1 Ethernet 1 2 and Ethernet 1 3 to the isolation group Enter Ethernet interface view or port group view Enter Ethernet interface vie...

Страница 509: ...it Device interface ethernet 1 2 Device Ethernet1 2 port isolate enable Device Ethernet1 2 quit Device interface ethernet 1 3 Device Ethernet1 3 port isolate enable Display the information about the i...

Страница 510: ...510 CHAPTER 26 PORT ISOLATION CONFIGURATION...

Страница 511: ...ckup function enabled the backup link will be started automatically when the primary link disconnects causing no dialup delay excluding the time for route convergence The dynamic route backup function...

Страница 512: ...mic route backup groups in one of the following two ways 1 Create multiple dynamic route backup groups which each monitors different network segment The logical relationship among these network segmen...

Страница 513: ...nterfaces Router A and Router C can dial each other The telephone number of Router C is 8810052 The serial interfaces are in the network segment 10 0 0 0 8 and the BRI interfaces are in the network se...

Страница 514: ...it RouterA interface serial 2 0 RouterA Serial2 0 link protocol x25 dte ietf RouterA Serial2 0 x25 x121 address 10 RouterA Serial2 0 x25 map ip 10 0 0 2 x121 address 15 broadcast RouterA Serial2 0 ip...

Страница 515: ...e serial 2 0 RouterB x25 switch svc 15 interface serial 2 1 3 Configure Router C Configure a dialer rule RouterC system view RouterC dialer rule 1 ip permit Configure dialup parameters for BRI 3 0 Rou...

Страница 516: ...nterfaces are in the network segment 20 0 0 0 8 As the master device of the dynamic route backup function Router A monitors the network segment 40 0 0 0 8 which is connected to Loopback1 interface of...

Страница 517: ...er than that of serial interfaces RouterA interface bri3 0 RouterA Bri3 0 ospf cost 2000 RouterA Bri3 0 ospf network type broadcast Enable the dynamic route backup function RouterA Bri3 0 standby rout...

Страница 518: ...etwork segment 30 0 0 0 8 on Router B Normally the X 25 link functions as the primary link between Router A and Router B When the route to the network segment where Router B resides disconnects for ex...

Страница 519: ...interface serial 2 0 RouterA Serial2 0 link protocol x25 dte ietf RouterA Serial2 0 x25 x121 address 10 RouterA Serial2 0 x25 map ip 10 0 0 2 x121 address 20 broadcast RouterA Serial2 0 ip address 10...

Страница 520: ...figure the interface loopback 1 RouterB interface loopback 1 RouterB Loopback1 ip address 30 0 0 1 32 RouterB Loopback1 quit Configure the dynamic routing protocol RIP RouterB rip RouterB rip 1 networ...

Страница 521: ...tandby routing rule 1 ip 12 0 0 0 255 0 0 0 Bind the CE1 interface into a pri set RouterA controller E1 2 1 RouterA E1 2 1 pri set RouterA E1 2 1 quit Configure Serial 2 0 as a FR interface RouterA in...

Страница 522: ...roller E1 2 1 RouterB E1 2 1 pri set RouterB E1 2 1 quit Configure Serial 2 0 as a FR interface RouterB interface serial 2 0 RouterB Serial2 0 ip address 1 0 0 2 255 0 0 0 RouterB Serial2 0 link proto...

Страница 523: ...ip address 12 0 0 1 255 0 0 0 RouterB Ethernet1 2 quit Configure the dynamic routing protocol RIP RouterB rip RouterB rip 1 network 1 0 0 0 RouterB rip 1 network 2 0 0 0 RouterB rip 1 network 10 0 0...

Страница 524: ...524 CHAPTER 27 DYNAMIC ROUTE BACKUP CONFIGURATION...

Страница 525: ...routing technology used for interconnecting routers through public switched network PSTN or ISDN and DCC provides dial on demand service In some occasions channels are established and communication i...

Страница 526: ...k interfaces Refer to IP Addressing Configuration on page 623 for detailed configurations Null Interface Introduction to Null Interface Null interfaces are completely software like logical interfaces...

Страница 527: ...nterface supports IPX with a VLAN ID configured for an Ethernet sub interface the sub interface supports both IPX and IP at the same time WAN interfaces with their data link layer protocols being fram...

Страница 528: ...reset command in user view to clear the statistics on the VLAN associated with the specified sub interface n For more information about the display vlan interface command and the reset command refer...

Страница 529: ...view interface serial interface number Required Set the link layer protocol of the interface to frame relay link protocol fr nonstandard ietf mfr interface number Required By default the link layer p...

Страница 530: ...quirements As shown in Figure 148 the encapsulation type for the VLAN ports of Switch 1 and Switch 2 is dot1q workstation A and C belong to VLAN 10 and workstation B and D belong to VLAN 20 It is requ...

Страница 531: ...LAN ID for each sub interface Note that the encapsulation type of an Ethernet sub interface must be consistent with that of switch ports Router system view Router interface ethernet 3 0 10 Router Ethe...

Страница 532: ...0 interface view Sysname system view Sysname interface serial 1 0 Set the link layer protocol to frame relay Sysname Serial1 0 link protocol fr Specify the frame relay terminal type as DTE Sysname Se...

Страница 533: ...p interfaces are dedicated interfaces for MP and do not support other implementations Refer to PPP and MP Configuration on page 363 for more information about MP group Configuring MFR Interface An MFR...

Страница 534: ...matic and transparent to users You just need to configure VPN or MP on the corresponding physical interface create and configure a VT and then associate this VT with the corresponding physical interfa...

Страница 535: ...eling protocol L2TP with a VT Refer to the L2TP Configuration on page 1601 for details In MP implementations you need to associate MP users with a VT Refer to PPP and MP Configuration on page 363 for...

Страница 536: ...rotocol over Ethernet over ATM PPPoEoA PPPoEoA is a structure of 3 layers the top layer is PPP the middle layer is PPP over Ethernet PPPoE and the bottom layer is PPPoEoA Note that the parameters for...

Страница 537: ...intenance of a VE interface is similar to that of an Ethernet interface Refer to Maintaining and Displaying an Ethernet Interface on page 97 for the configuration procedure Refer to PPPoE Configuratio...

Страница 538: ...538 CHAPTER 28 LOGICAL INTERFACE CONFIGURATION...

Страница 539: ...transmission system defined by ANSI is an international standard transmission protocol It adopts optical transmission In SDH defined by CCIT today s ITU T adoption of synchronous multiplexing and fle...

Страница 540: ...of payload in an STM N frame so that the receiving end can correctly extract payload Terms Multiplex Unit A basic SDH multiplex unit includes multiple containers C n virtual containers VC n tributary...

Страница 541: ...x mode command is provided on CPOS interfaces This allows you to select the AU 3 or AU 4 multiplexing structure Calculating E1 T1 Channel Sequence Numbers Since CPOS interfaces adopt the byte interlea...

Страница 542: ...ces result from different channel referencing approaches Overhead Byte SDH provides layered monitoring and management of precise division It provides monitoring at section and channel levels where sec...

Страница 543: ...signal label byte C2 is also included in the higher order path overhead to indicate the multiplexing structure of VC frames and the property of payload for instance whether the path is carrying servi...

Страница 544: ...t is SDH Set the clock mode clock master slave Optional The default is slave Set the loopback mode loopback local remote Optional Disabled by default Configure the AUG multiplexing mode multiplex mode...

Страница 545: ...k mode for E1 e1 e1 number set loopback local payload remote Optional Disabled by default Configure the E1 operating mode in either approach Configure E1 to operate in unframed mode e1 e1 number unfra...

Страница 546: ...isabled by default To do Use the command Remarks To do Use the command Remarks Display information about channels on a specified or all CPOS interfaces display controller cpos cpos number Available in...

Страница 547: ...s of transmission and as such PPP negotiation failures and LCP anomalies Besides if an idle timeslot on a loopback serial interface on the transmission device is used in transmission the information t...

Страница 548: ...548 CHAPTER 29 CPOS INTERFACE CONFIGURATION...

Страница 549: ...MAC address of the destination host To this end the IP address must be resolved into the corresponding data link layer address n Unless otherwise stated the data link layer addresses that appear in t...

Страница 550: ...56 The resolution process is as follows 1 Host A looks in its ARP mapping table to see whether there is an ARP entry for Host B If Host A finds it Host A uses the MAC address in the entry to encapsula...

Страница 551: ...be removed 2 A static ARP entry is manually configured and maintained It cannot get aged or be overwritten by a dynamic ARP entry It can be permanent or non permanent A permanent static ARP entry can...

Страница 552: ...mber of ARP entries dynamically learned on an interface Setting Aging Time for Dynamic ARP Entries After dynamic ARP entries expire the system will delete them from the ARP mapping table You can adjus...

Страница 553: ...8 Because these two IP addresses are not on the same subnet VLAN interface 10 cannot process the packet With this feature enabled the device will make judgment on natural network basis Because the IP...

Страница 554: ...source IP address and destination IP address are both the IP address of the sender the source MAC address is the MAC address of the sender and the destination MAC address is a broadcast address A devi...

Страница 555: ...ack Configuring ARP Source Suppression Configuring Authorized ARP n This feature is only supported on Layer 3 Ethernet interfaces Introduction to Authorized ARP Authorized ARP entries are generated ba...

Страница 556: ...1 1 2 24 from the DHCP server Network diagram Figure 157 Network diagram for authorized ARP configuration Configuration procedure 1 Configure Router A Configure the IP address of Ethernet 1 0 RouterA...

Страница 557: ...erA Ethernet1 0 quit 2 Configure Router B RouterB system view RouterB interface ethernet 1 0 RouterB Ethernet1 0 ip address dhcp alloc RouterB Ethernet1 0 quit 3 After Router B obtains the IP address...

Страница 558: ...10 1 1 RouterA dhcp pool 1 quit RouterA ip route static 10 10 1 0 24 10 1 1 2 2 Configure Router B Enable DHCP RouterB system view RouterB dhcp enable Configure the IP addresses of Ethernet 1 0 and Et...

Страница 559: ...ed ARP information on Router B RouterB display arp all Type S Static D Dynamic A Authorized IP Address MAC Address VLAN ID Interface Aging Type 10 10 1 2 0012 3f86 e94c N A Eth1 1 1 A Displaying and M...

Страница 560: ...60 CHAPTER 30 ARP CONFIGURATION Clear ARP entries from the ARP mapping table reset arp all dynamic static interface interface type interface number Available in user view To do Use the command Remarks...

Страница 561: ...you need to enable the local proxy ARP Devices connected to different isolated layer 2 ports in the same VLAN need to implement layer 3 communication With the super VLAN function enabled devices in d...

Страница 562: ...9 24 for Ethernet 1 1 2 Configure ARP on the device to enable the communication between Host A and Host D Router system view Router interface ethernet 1 0 Router Ethernet1 0 ip address 192 168 10 99 2...

Страница 563: ...raffic in this configuration example so you need to configure local proxy ARP on VLAN interface 2 of the router to enable the communication between Host A and Host B If the two ports Ethernet 1 0 and...

Страница 564: ...rnet 1 0 to VLAN 2 Router system view Router vlan 2 Router vlan2 port ethernet 1 0 Router vlan2 interface vlan interface 2 Router Vlan interface2 ip address 192 168 10 100 255 255 0 0 Ping Host B on H...

Страница 565: ...addresses be changed accordingly Therefore related configurations on hosts become more complex Dynamic host configuration protocol DHCP was introduced to solve these problems DHCP is built on a clien...

Страница 566: ...2 A DHCP server offers configuration parameters such as an IP address to the client in a DHCP OFFER message The sending mode of the DHCP OFFER is determined by the flag field in the DHCP DISCOVER mes...

Страница 567: ...NAK message it will broadcast another DHCP REQUEST message for lease extension after 7 8 lease duration elapses The DHCP server will handle the request as above mentioned DHCP Message Format Figure 16...

Страница 568: ...sage type lease DNS IP address WINS IP address and so forth DHCP Options DHCP Options Overview The DHCP message adopts the same format as the Bootstrap Protocol BOOTP message for compatibility but dif...

Страница 569: ...on 43 in Option 55 the DHCP server returns a response message containing Option 43 to assign vendor specific information to the DHCP client The DHCP client can obtain the preboot executive environment...

Страница 570: ...s in the normal padding format are sub option 1 Padded with the VLAN ID and interface number of the interface that received the client s request The following figure gives its format The value of the...

Страница 571: ...calling processor which is a server serving as the network calling control source and providing program downloads Sub option 2 IP address of the backup network calling processor that DHCP clients will...

Страница 572: ...572 CHAPTER 32 DHCP OVERVIEW...

Страница 573: ...al interfaces and loopback interfaces The secondary IP address pool configuration is not supported on serial or loopback interfaces DHCP Snooping must be disabled on the DHCP server Introduction to DH...

Страница 574: ...regardless of the mask If no IP address is available in the smallest address pool the DHCP server will fail to assign addresses to clients because it will not assign those in the father address pool...

Страница 575: ...sign an IP address from the address pool of the subnet which the secondary IP address of the server s interface connected to the client belongs to or assign from the first secondary IP address if seve...

Страница 576: ...address pool Task Remarks Creating a DHCP Address Pool on page 576 Required Configuring an Address Allocation Mechanism on page 576 Configuring manual address allocation on page 576 Required to confi...

Страница 577: ...client cannot obtain an IP address correctly The ID of the static binding must be identical to the ID displayed by using the display dhcp client verbose command on the client Otherwise the client cann...

Страница 578: ...ngs to get the host IP address You can specify up to eight DNS servers in the DHCP address pool To configure DNS servers in the DHCP address pool use the following commands To do Use the command Remar...

Страница 579: ...on IP address h hybrid node A combination of peer to peer first and broadcast second The h node client unicasts the destination name to the WINS server if no response then broadcasts it to get the des...

Страница 580: ...rameters specified in option 184 to the client The client then can initiate a call using parameters in Option 184 To configure option 184 parameters in the DHCP address pool use the following commands...

Страница 581: ...d to specify the IP address and name of a TFTP server and the bootfile name in the DHCP address pool on the DHCP server but you do not need to perform any configuration on the DHCP client When option...

Страница 582: ...ion convert the lease duration into seconds in hexadecimal notation Configuring the DHCP Server Security Functions This configuration is necessary to secure DHCP services on the DHCP server To do Use...

Страница 583: ...CP server checks whether the address to be assigned is in use via sending ping packets The DHCP server pings the IP address to be assigned using ICMP If the server gets a response within the specified...

Страница 584: ...ARP entries will be deleted However these ARP entries may conflict with the new static entries generated on the DHCP relay agent therefore you are recommended to delete the existing IP address leases...

Страница 585: ...ystem view Enable the server to handle Option 82 dhcp server relay information enable Optional Enabled by default To do Use the command Remarks Display information about IP address conflicts display d...

Страница 586: ...ss lease duration is five days domain name suffix aabbcc com DNS server address 10 1 1 2 and gateway address 10 1 1 254 and there is no WINS server address The domain name and DNS server address on th...

Страница 587: ...dhcp 1 gateway list 10 1 1 126 RouterA dhcp 1 expired day 10 hour 12 RouterA dhcp pool 1 nbns list 10 1 1 4 RouterA dhcp 1 quit Configure DHCP address pool 2 address range gateway and lease duration R...

Страница 588: ...ame IP address Solution 1 Disconnect the client s network cable and ping the client s IP address on another host with a long timeout time to check whether there is a host using the same IP address 2 I...

Страница 589: ...or subinterfaces virtual Ethernet interfaces VLAN interfaces and serial interfaces DHCP Snooping must be disabled on the DHCP relay agent Introduction to DHCP Relay Agent Application Environment Sinc...

Страница 590: ...n the giaddr field the DHCP server returns an IP address and other configuration parameters to the relay agent which conveys it to the client via broadcast DHCP Relay Agent Support for Option 82 Optio...

Страница 591: ...he message Keep Random Forward the message without changing Option 82 Replace normal Forward the message after replacing the original Option 82 with the Option 82 padded in normal format verbose Forwa...

Страница 592: ...The IP addresses of DHCP servers and those of relay agent s interfaces cannot be on the same subnet Otherwise the client cannot obtain an IP address A DHCP server group can correlate with one or multi...

Страница 593: ...a binding on it both dynamic and static bindings If not the client cannot access outside networks via the DHCP relay agent To create a static binding and enable invalid IP address check use the follow...

Страница 594: ...gure dynamic binding update interval use the following commands Configuring the DHCP relay agent to support authorized ARP A DHCP relay agent can work in cooperation with authorized ARP to block illeg...

Страница 595: ...erface receiving the DHCP message The administrator can use this information to check out any DHCP unauthorized servers To enable unauthorized DHCP server detection use the following commands n With t...

Страница 596: ...bled by default Configure the handling strategy for requesting messages containing Option 82 dhcp relay information strategy drop keep replace Optional replace by default Configure the padding format...

Страница 597: ...roup 1 with Ethernet1 1 RouterA Ethernet1 1 quit RouterA dhcp relay server group 1 ip 10 1 1 1 RouterA interface ethernet 1 1 RouterA Ethernet1 1 dhcp relay server select 1 n Performing configuration...

Страница 598: ...interface state information for locating the problem Solution Check that The DHCP is enabled on the DHCP server and relay agent The address pool on the same subnet where DHCP clients reside is availab...

Страница 599: ...DHCP Client With the DHCP client enabled on an interface the interface will use DHCP to obtain configuration parameters such as an IP address from the DHCP server Enabling the DHCP Client on an Inter...

Страница 600: ...cts the DHCP server via Ethernet1 1 to obtain an IP address Network diagram See Figure 170 Configuration procedure The following is the configuration on Router B shown in Figure 170 Enable the DHCP cl...

Страница 601: ...HCP Snooping enabled device cannot be a DHCP server or DHCP relay agent You are not recommended to enable the DHCP client BOOTP client and DHCP Snooping on the same device Otherwise DHCP Snooping entr...

Страница 602: ...ensure that DHCP clients can obtain valid IP addresses The trusted port and the port connected to the DHCP client must be in the same VLAN Displaying and Maintaining DHCP Snooping DHCP Snooping Confi...

Страница 603: ...ping configuration Configuration procedure Enable DHCP snooping SwitchB system view SwitchB dhcp snooping Specify Ethernet1 1 as trusted SwitchB interface ethernet 1 1 SwitchB Ethernet1 1 dhcp snoopin...

Страница 604: ...604 CHAPTER 36 DHCP SNOOPING CONFIGURATION...

Страница 605: ...ient may fail to obtain an IP address Introduction to BOOTP Client BOOTP Application After you specify an interface of a device as a BOOTP client the interface can use BOOTP to get information such as...

Страница 606: ...ns and Extensions for the Bootstrap Protocol Configuring an Interface to Dynamically Obtain an IP Address through BOOTP Follow these steps to configure an interface to dynamically obtain an IP address...

Страница 607: ...BOOTP RouterB system view RouterB interface ethernet 1 1 RouterB Ethernet1 1 ip address bootp alloc n To make the BOOTP client to obtain an IP address from the DHCP server you need to perform additio...

Страница 608: ...608 CHAPTER 37 BOOTP CLIENT CONFIGURATION...

Страница 609: ...it checks its static DNS database before looking up the dynamic DNS database Reduction of the searching time in the dynamic DNS database would increase efficiency Some frequently used addresses can be...

Страница 610: ...ist of suffixes which can be defined by users It is used when the name to be resolved is incomplete The resolver can supply the missing part For example a user can configure com as the suffix for aabb...

Страница 611: ...y 1 A DNS client considers the DNS proxy as the DNS server and sends a DNS request to the DNS proxy that is the destination address of the request is the IP address of the DNS proxy 2 The DNS proxy se...

Страница 612: ...Use the command Remarks Enter system view system view Enable dynamic domain name resolution dns resolve Required Disabled by default Configure an IP address for the DNS server dns server ip address Re...

Страница 613: ...ng host com PING host com 10 1 1 2 56 data bytes press CTRL_C to break Reply from 10 1 1 2 bytes 56 Sequence 1 ttl 255 time 1 ms Reply from 10 1 1 2 bytes 56 Sequence 2 ttl 255 time 4 ms Reply from 10...

Страница 614: ...e IP addresses of the interfaces see Figure 179 This configuration may vary with different DNS servers The following configuration is performed on a Windows 2000 server 1 Configure the DNS server Ente...

Страница 615: ...0 Create a zone Create a mapping between host name and IP address Figure 181 Add a host In Figure 181 right click zone com and then select New Host to bring up a dialog box as shown in Figure 182 Ente...

Страница 616: ...between the device and the host is normal and that the corresponding destination IP address is 3 1 1 1 Sysname ping host Trying DNS resolve press CTRL_C to break Trying DNS server 2 1 1 2 PING host c...

Страница 617: ...g configuration assume that Device A the DNS server and the host are reachable to each other and the IP addresses of the interfaces are configured as shown in Figure 183 1 Configure the DNS server Thi...

Страница 618: ...s Reply from 3 1 1 1 bytes 56 Sequence 4 ttl 255 time 1 ms Reply from 3 1 1 1 bytes 56 Sequence 5 ttl 255 time 1 ms host com ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss...

Страница 619: ...IP accounting rule consists of an IP address and its mask namely a subnet address which is the result of ANDing the IP address with its mask IP packets are sorted as follows If a firewall is configure...

Страница 620: ...al 512 by default Set the maximum number of entries in the exterior table ip count exterior threshold number Optional 0 by default Configure IP accounting rules ip count rule mask mask length Required...

Страница 621: ...to 20 Router ip count exterior threshold 20 Assign Ethernet1 0 an IP address and count both incoming and outgoing IP packets on it Router interface ethernet 1 0 Router Ethernet1 0 ip address 1 1 1 2 2...

Страница 622: ...le incompliant packets from a subnet comply with the new rule Information about these packets is then saved in the interior table The exterior table however may still contain information about these p...

Страница 623: ...r octets in length for example 10 1 1 1 for the address just mentioned Each IP address breaks down into two parts Net id First several bits of the IP address defining a network also known as class bit...

Страница 624: ...boundary between the host id and the host id Each subnet mask comprises 32 bits related to the corresponding bits in an IP address In a subnet mask the part containing consecutive ones identifies the...

Страница 625: ...ing subnetted use these default masks also called natural masks 255 0 0 0 255 255 0 0 and 255 255 255 0 respectively IP Unnumbered Logically to enable IP on an interface you must assign this interface...

Страница 626: ...in Figure 187 Ethernet1 0 on a router is connected to a LAN comprising two segments 172 16 1 0 24 and 172 16 2 0 24 To enable the hosts on the two network segments to access the external network throu...

Страница 627: ...istics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 25 26 27 ms The information shown above indicates the router can communicate with the host on the subnet 172 1...

Страница 628: ...borrowing interface always keeps consistent and varies with that of the borrowed interface That is if an IP address is configured for the borrowed interface the IP address of the borrowing interface i...

Страница 629: ...r B specifying interface Serial2 1 as the outgoing interface RouterA ip route static 172 16 20 0 255 255 255 0 serial 2 1 2 Configure Router B Assign a primary IP address to Ethernet1 1 RouterB system...

Страница 630: ...Sequence 4 ttl 255 time 26 ms Reply from 172 16 20 2 bytes 56 Sequence 5 ttl 255 time 26 ms 172 16 20 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg m...

Страница 631: ...ackets sending Enabling the Device to Forward Directed Broadcasts Directed broadcasts refer to broadcast packets sent to a specific network In the destination IP address of a directed broadcast the ne...

Страница 632: ...e the reachability between the host and Router B Network diagram Figure 189 Network diagram for forwarding directed broadcasts Configuration procedure Configure Router A Enable the interface Ethernet...

Страница 633: ...llow these steps to configure TCP MSS of the interface n So far the interfaces that support this configuration include Layer 3 Ethernet interface serial port ATM interface POS interface dial port Tunn...

Страница 634: ...SYN Flood attacks Attackers can perform Naptha attacks by using the six TCP connection states CLOSING ESTABLISHED FIN_WAIT_1 FIN_WAIT_2 LAST_ACK and SYN_RECEIVED and SYN Flood attacks by using only t...

Страница 635: ...AIT If non FIN packets are received the system restarts the timer from receiving the last non FIN packet The connection is broken after the timer expires Size of TCP receive send buffer Follow these s...

Страница 636: ...ost administration and enables a host to gradually establish a sound routing table to find out the best route 2 Sending ICMP timeout packets If the device received an IP packet with a timeout error it...

Страница 637: ...kets that cause it to send ICMP error packets the device s performance will be reduced As the redirection function increases the routing table size of a host the host s performance will be reduced if...

Страница 638: ...s Display socket information display ip socket socktype sock type task id socket id Display FIB forward information display fib begin include exclude string acl acl number ip prefix ip prefix name Dis...

Страница 639: ...ing and interface policy routing System policy routing applies to locally generated packets instead of forwarded packets Interface policy routing applies to forwarded packets arriving on an interface...

Страница 640: ...ip address default next hop clause This means that only the apply default output interface clause is executed when both are configured Either of these two clauses is executed only when no outgoing in...

Страница 641: ...ptional Set the packet precedence apply ip precedence type value Optional Set outgoing interfaces apply output interface interface type interface number track track entry number interface type interfa...

Страница 642: ...y ip local policy based route policy name Required Disabled by default To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Enable...

Страница 643: ...dicates packets matching ACL 3102 do not go through policy routing Network diagram Figure 190 Network diagram for policy routing based on source address Configuration procedure If the device supports...

Страница 644: ...et Size Network requirements Policy routing is enabled and the policy lab1 is referenced on the interface Ethernet 1 0 of Router A Packets with a size of 64 to 100 bytes are forwarded to 150 1 1 2 24...

Страница 645: ...RouterA Serial2 1 quit RouterA policy based route lab1 permit node 10 RouterA policy based route if match packet length 64 100 RouterA policy based route apply ip address next hop 150 1 1 2 RouterA po...

Страница 646: ...646 CHAPTER 42 IP UNICAST POLICY ROUTING CONFIGURATION...

Страница 647: ...ets In other words UDP Helper functions as a relay agent that converts UDP broadcast packets into unicast packets and forwards them to a specified destination server With UDP Helper enabled the device...

Страница 648: ...e default ports will not be displayed UDP Helper configuration of these ports will be displayed only after UDP Helper is disabled The configuration of all UDP ports including the default ports is remo...

Страница 649: ...te from Router A to the network segment 10 2 0 0 16 is available Enable UDP Helper RouterA system view RouterA udp helper enable Enable the forwarding of broadcast packets with the UDP destination por...

Страница 650: ...650 CHAPTER 43 UDP HELPER CONFIGURATION...

Страница 651: ...A originates a request to the server Router B by sending a packet with a forged source IP address 2 2 2 1 8 and Router B sends a packet to the real IP address 2 2 2 1 8 in response to the request This...

Страница 652: ...which check approach is taken If both a default route and the allow default route argument are configured URPF s decision depends on check approach In strict approach URPF lets the packet pass and be...

Страница 653: ...lly based on data flow which is a specific application between two hosts for example the operation of using FTP to transfer a file A data flow is usually described by five tuples source IP address sou...

Страница 654: ...st forwarding Displaying and Maintaining Fast Forwarding To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Enable fast forwardi...

Страница 655: ...6 also called IP next generation IPng was designed by the Internet Engineering Task Force IETF as the successor to Internet protocol version 4 IPv4 The significant difference between IPv6 and IPv4 is...

Страница 656: ...ion means that a host acquires an IPv6 address and related information from a server for example DHCP server Stateless address configuration means that a host automatically configures an IPv6 address...

Страница 657: ...of each group are represented by four hexadecimal numbers which are separated by colons for example 2001 0000 130F 0000 0000 09C0 876A 130B To simplify the representation of IPv6 addresses zeros in I...

Страница 658: ...oviders This type of address allows efficient route prefix aggregation to restrict the number of global routing entries The link local address is used for communication between link local nodes in nei...

Страница 659: ...at interface Interface identifiers in IPv6 addresses are 64 bits long while MAC addresses are 48 bits long Therefore the hexadecimal number FFFE needs to be inserted in the middle of MAC addresses beh...

Страница 660: ...address of a neighbor Used to verify whether the neighbor is reachable Used to perform a duplicate address detection Neighbor advertisement NA message 136 Used to respond to an NS message When the lin...

Страница 661: ...hat node A and node B can communicate Neighbor reachability detection After node A acquires the link layer address of its neighbor node B node A can verify whether node B is reachable according to NS...

Страница 662: ...nformation obtained through router prefix discovery The router prefix discovery is implemented through RS and RA messages The router prefix discovery procedure is as follows 1 After started a node sen...

Страница 663: ...e of the forwarding device and utilize network resources rationally The path MTU PMTU discovery mechanism is to find the minimum MTU of all links in the path from the source to the destination Figure...

Страница 664: ...nicast Address Allocation RFC 1981 Path MTU Discovery for IP version 6 RFC 2375 IPv6 Multicast Address Assignments RFC 2460 Internet Protocol Version 6 IPv6 Specification RFC 2461 Neighbor Discovery f...

Страница 665: ...are configured manually IPv6 link local addresses can be configured in either of the following ways Automatic generation The device automatically generates a link local address for an interface accord...

Страница 666: ...s because the system automatically generates one for the interface If no IPv6 site local address or aggregatable global unicast address is configured the interface has no link local address The manual...

Страница 667: ...d may lead to the forwarding performance degradation of the device Therefore you can restrict the size of the neighbor table by setting the maximum number of neighbors that an interface can dynamicall...

Страница 668: ...prefix information issued by the router O flag This field determines whether hosts use the stateful autoconfiguration to acquire information other than IPv6 addresses If the O flag is set to 1 hosts u...

Страница 669: ...figure the prefix information options in RA messages ipv6 nd ra prefix ipv6 prefix prefix length ipv6 prefix prefix length valid lifetime preferred lifetime no autoconfig off link Optional By default...

Страница 670: ...can configure a static PMTU for a specified destination IPv6 address When a source host sends packets through an interface it compares the interface MTU with the static PMTU of the specified destinati...

Страница 671: ...ved the TCP connection status becomes TIME_WAIT If other packets are received the finwait timer is reset from the last received packet and the connection is terminated after the finwait timer expires...

Страница 672: ...updating the number of tokens in the token bucket to the configured capacity One token allows one ICMPv6 error packet to be sent Each time an ICMPv6 error packet is sent the number of tokens in a toke...

Страница 673: ...resolution function In addition you should configure a DNS server so that a query request message can be sent to the correct server for resolution The system can support at most six DNS servers You c...

Страница 674: ...splay dns ipv6 dynamic host Display IPv6 DNS server information display dns ipv6 server dynamic Display the IPv6 FIB entries display ipv6 fib ipv6 address Display the total number of routes in the IPv...

Страница 675: ...Configure interface Ethernet 1 0 to automatically generate a link local address RouterA interface ethernet 1 0 RouterA Ethernet1 0 ipv6 address auto link local Configure an EUI 64 address for interfa...

Страница 676: ...ggregatable global unicast address for interface Ethernet 1 0 RouterB Ethernet1 0 ipv6 address 3001 2 64 Enable the stateless address autoconfiguration function on Ethernet 1 0 RouterB Ethernet1 0 ipv...

Страница 677: ...can be pinged c CAUTION When you ping a link local address you should use the i parameter to specify an interface for the link local address RouterA Ethernet1 0 ping ipv6 FE80 20F E2FF FE00 2 i ethern...

Страница 678: ...tes 56 Sequence 1 hop limit 64 time 4 ms Reply from 4001 20F E2FF FE00 2 bytes 56 Sequence 2 hop limit 64 time 2 ms Reply from 4001 20F E2FF FE00 2 bytes 56 Sequence 3 hop limit 64 time 2 ms Reply fro...

Страница 679: ...the border between IPv4 and IPv6 networks The NAT PT process is implemented on the device which is transparent to both IPv4 and IPv6 networks Users between IPv6 networks and IPv4 networks can communi...

Страница 680: ...namic IP address translation With NAPT PT different IPv6 addresses can correspond to one IPv4 address Different IPv6 hosts are distinguished by different port numbers so that these IPv6 hosts can shar...

Страница 681: ...e packet are translated into IPv6 addresses the NAT PT device forwards the packet to the IPv6 host Meanwhile the IPv4 to IPv6 address mapping is stored in the NAT PT device 4 After packets originated...

Страница 682: ...as been referenced by another command you need to cancel the reference configuration first Configuring Mappings for IPv4 Hosts Accessing IPv6 Hosts Mappings for IPv4 hosts accessing IPv6 hosts refer t...

Страница 683: ...address pool or an IPv4 address of the specified interface The device provides four types of dynamic mappings Combination 1 Combination of an IPv6 ACL with an address pool If the source IPv6 address...

Страница 684: ...v6 packet is sent from an IPv6 network to an IPv4 network if the dynamic NAT PT of combination 1 or 3 is set the NAT PT device will select an IPv4 address from the NAT PT address pool as the source IP...

Страница 685: ...v6bound dynamic acl6 number acl number address group address group no pat Configure any of the four types of dynamic mappings Define a dynamic IPv6 to IPv4 mapping rule as follows If the source IPv6 a...

Страница 686: ...a FINRST packet 5 seconds for a FRAG packet 20 seconds for a ICMP packet 240 seconds for a SYN packet 40 seconds for a UDP packet and 86400 seconds for a TCP packet To do Use the command Remarks To do...

Страница 687: ...terface serial 2 0 RouterC Serial2 0 ipv6 address 2001 2 64 RouterC Serial2 0 quit Configure a default route to Router B RouterC ipv6 route static 3001 16 2001 1 Configure Router B Display the NAT PT...

Страница 688: ...the ping ipv6 3001 0800 0002 command on Router C after completing the configurations above you should receive a response packet At this time you can see on Router B the established NAT PT session Rout...

Страница 689: ...B Serial2 0 quit RouterB interface serial 2 1 RouterB Serial2 1 ipv6 address 2001 1 64 RouterB Serial2 1 natpt enable RouterB Serial2 1 quit Configure a NAT PT prefix RouterB natpt prefix 3001 Configu...

Страница 690: ...005 0 8 0 0 2 0 Troubleshooting NAT PT Symptom NAT PT is abnormal Solution Enable debugging for NAT PT Locate the fault according to the debugging information of the device and then make further judgm...

Страница 691: ...oth IPv4 and IPv6 either TCP or UDP can be selected at the transport layer while IPv6 stack is preferred at the network layer Figure 204 illustrates the IPv4 IPv6 dual stack in relation to the IPv4 st...

Страница 692: ...pecify an IPv6 address ipv6 address ipv6 address prefix length ipv6 address prefix lengt h Use either command By default no local address or global unicast address is configured on an interface Config...

Страница 693: ...d in address resolution and processing but also lead to high level application failures Furthermore they will still face the problem that IPv4 addresses will eventually be used up Internet protocol ve...

Страница 694: ...tocol stack refer to Dual Stack Configuration on page 691 For related configuration about NAT PT refer to Configuring NAT PT on page 681 In addition the device supports IPv6 on the provider edge route...

Страница 695: ...ket and forward it to the eventual destination after the IPv6 packet reaches the tunnel destination In this case the IPv4 address of the tunnel destination cannot be acquired from the destination addr...

Страница 696: ...cimal notation For example 1 1 1 1 can be represented by 0101 0101 The tunnel destination is automatically determined by the embedded IPv4 address which makes it easy to create a 6to4 tunnel Since the...

Страница 697: ...connections between IPv6 routers or between a host and an IPv6 router in the IPv4 network Figure 207 Principle of ISATAP tunnel 5 GRE tunnel IPv6 packets can be carried over GRE tunnels to pass throug...

Страница 698: ...rotocol stack for processing The IP protocol stack determines the outgoing interface of the tunnel according to the IP header Decapsulation Contrary to the encapsulation process the decapsulation proc...

Страница 699: ...the IPv6 module for processing 2 If the passenger protocol is IPv4 or IPv6 the packet is sent to the tunnel processing module for decapsulation 3 The decapsulated packet is sent to the corresponding...

Страница 700: ...tasks to configure the tunneling feature Configuring an IPv6 Manually Configured Tunnel Configuration Prerequisites IP addresses are configured for interfaces such as VLAN interface Ethernet interface...

Страница 701: ...ngth Required Use any command By default no IPv6 global unicast address or site local address is configured for the tunnel interface ipv6 address ipv6 address prefix length eui 64 Configure a link loc...

Страница 702: ...nterfaces at both ends For related configurations refer to Static Routing and Dynamic Routing on page 817 The destination address of the route configured on the tunnel interface and the address of the...

Страница 703: ...Ethernet 1 0 RouterB Tunnel0 destination 192 168 100 1 RouterB Tunnel0 tunnel protocol ipv6 ipv4 Configuration verification After the above configurations display the status of the tunnel interfaces...

Страница 704: ...statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 1 15 31 ms Configuring Automatic IPv4 Compatible IPv6 Tunnel Configuration Prerequisites IP addresses are...

Страница 705: ...number or network address at the local end of the tunnel Such a route must be configured at both ends of the tunnel Configure an IPv6 address for the tunnel interface Configure an IPv6 global unicast...

Страница 706: ...the IPv4 compatible IPv6 address Configuration on Router A Enable the IPv6 forwarding function RouterA system view RouterA ipv6 Configure a serial address RouterA interface serial 2 0 RouterA Serial2...

Страница 707: ...s RouterB display ipv6 interface tunnel 0 Tunnel0 current state UP Line protocol current state UP IPv6 is enabled link local address is FE80 201 102 Global unicast address es 2 1 1 2 subnet is 96 Join...

Страница 708: ...re an IPv6 global unicast address or site local address ipv6 address ipv6 address prefix length ipv6 address prefix length Required Use either command By default no IPv6 global unicast address or site...

Страница 709: ...ting When you configure a static route you need to configure a route to the destination address the destination IP address of the packet instead of the IPv4 address of the tunnel destination and set t...

Страница 710: ...rnet1 1 quit Configure a 6to4 tunnel RouterA interface tunnel0 RouterA Tunnel0 ipv6 address 2002 201 101 1 64 RouterA Tunnel0 source ethernet 1 0 RouterA Tunnel0 tunnel protocol ipv6 ipv4 6to4 RouterA...

Страница 711: ...Host B from Host A or ping Host A from Host B D ping6 s 2002 201 101 1 2 2002 501 101 1 2 Pinging 2002 501 101 1 2 from 2002 201 101 1 2 with 32 bytes of data Reply from 2002 501 101 1 2 bytes 32 time...

Страница 712: ...ing function RouterA system view RouterA ipv6 Configure an IPv4 address for Ethernet1 0 RouterA interface ethernet 1 0 RouterA Ethernet1 0 ip address 2 1 1 1 255 255 255 0 RouterA Ethernet1 0 quit Con...

Страница 713: ...t 1 0 RouterB Ethernet1 0 ip address 6 1 1 1 255 255 255 0 RouterB Ethernet1 0 quit Configure a route from Ethernet1 0 of Router A to Ethernet1 0 of Router B Here the next hop address of the static ro...

Страница 714: ...tination address is reachable Configuration Procedure Follow these steps to configure an ISATAP tunnel To do Use the command Remarks Enter system view system view Enable the IPv6 packet forwarding fun...

Страница 715: ...umber or network address at the local end of the tunnel Such a route must be configured at both ends of the tunnel Configuration Example Network requirements The destination address of a tunnel is an...

Страница 716: ...acquire information such as the address prefix from the RA message released by the ISATAP router Router Tunnel0 undo ipv6 nd ra halt Configuration on the ISATAP host The specific configuration on the...

Страница 717: ...uires the address prefix 2001 64 and automatically generates the address 2001 5efe 2 1 1 2 Meanwhile uses Router Discovery is displayed indicating that the router discovery function is enabled on the...

Страница 718: ...ntents in Static Routing and Dynamic Routing on page 817 Configuration Example Network requirements The two subnets Group 1 and Group 2 running IPv4 are interconnected via an IPv4 over IPv4 tunnel bet...

Страница 719: ...tunnel 1 Configure an IPv4 address for the interface tunnel 1 RouterA Tunnel1 ip address 10 1 2 1 255 255 255 0 Configure the tunnel encapsulation mode RouterA Tunnel1 tunnel protocol ipv4 ipv4 Confi...

Страница 720: ...el 2 IP address of Serial 2 1 RouterB Tunnel2 source 3 1 1 1 Configure a destination address for the interface tunnel 2 IP address of Serial2 0 of Router A RouterB Tunnel2 destination 2 1 1 1 RouterB...

Страница 721: ...s 56 Sequence 1 ttl 255 time 15 ms Reply from 10 1 3 1 bytes 56 Sequence 2 ttl 255 time 15 ms Reply from 10 1 3 1 bytes 56 Sequence 3 ttl 255 time 16 ms Reply from 10 1 3 1 bytes 56 Sequence 4 ttl 255...

Страница 722: ...page 817 Configuration Example Network requirements The two subnets Group 1 and Group 2 of the private network running IPv4 are interconnected over the IPv6 network by using an IPv4 over IPv6 tunnel b...

Страница 723: ...ess 2002 1 1 64 RouterA Serial2 0 quit Create the interface tunnel 1 RouterA interface tunnel 1 Configure an IPv4 address for the interface tunnel 1 RouterA Tunnel1 ip address 30 1 2 1 255 255 255 0 C...

Страница 724: ...nterface tunnel 2 Configure an IPv4 address for the interface tunnel 2 RouterB Tunnel2 ip address 30 1 2 2 255 255 255 0 Configure the tunnel encapsulation mode RouterB Tunnel2 tunnel protocol ipv4 ip...

Страница 725: ...st 300 seconds input 0 bytes sec 0 packets sec Last 300 seconds output 0 bytes sec 0 packets sec 0 packets input 0 bytes 0 input error 0 packets output 0 bytes 0 output error Ping the IPv4 address of...

Страница 726: ...fix lengt h eui 64 Configure an IPv6 link local address ipv6 address auto link local ipv6 address ipv6 address link local Set the tunnel to an IPv6 over IPv6 tunnel tunnel protocol ipv6 ipv6 Optional...

Страница 727: ...ute must be configured at both ends of the tunnel For related configurations refer to Static Routing and Dynamic Routing on page 817 Only the IPv6 over IPv6 tunnel has a maximum number of nested encap...

Страница 728: ...1 of Router B RouterA Tunnel1 destination 2002 22 1 RouterA Tunnel1 quit Configure a static route from Router A through the interface tunnel 1 to Group 2 RouterA ipv6 route static 2002 3 64 tunnel 1...

Страница 729: ...ace Tunnel1 Tunnel1 current state UP Line protocol current state UP IPv6 is enabled link local address is FE80 100 1320 Global unicast address es 2002 2 1 subnet is 2002 2 64 Joined group address es F...

Страница 730: ...tination address and tunnel type the tunnel interface is still not up Solution Follow the steps below 1 The common cause is that the physical interface of the tunnel source is not up Use the display i...

Страница 731: ...nly instead of forwarded packets In most cases interface policy routing applies Interface policy routing applies to incoming packets on an interface instead of locally generated packets for example pi...

Страница 732: ...on based forwarding Enables IPv6 destination based forwarding If this clause is configured denied packets can still be forwarded through matching a route in the routing table If not denied packets are...

Страница 733: ...tch mode of a policy node is deny no apply clauses will be executed Packets that passed the match criteria are routed through the routing table so neither debug information nor statistics for the deni...

Страница 734: ...e interface Serial 2 0 To do Use the command Remarks Enter system view system view Enable IPv6 system policy routing and reference a policy ipv6 local policy based route policy name Required Not enabl...

Страница 735: ...it ipv6 Router acl6 adv 3002 quit Define Node 5 of policy aaa so that TCP packets are forwarded to the interface Serial 2 0 Router ipv6 policy based route aaa permit node 5 Router pbr6 aaa 5 if match...

Страница 736: ...terA ripng 1 quit RouterA interface serial 2 0 RouterA Serial2 0 ipv6 address 150 1 64 RouterA Serial2 0 ripng 1 enable RouterA Serial2 0 quit RouterA interface serial 2 1 RouterA Serial2 1 ipv6 addre...

Страница 737: ...ength 101 1000 RouterA pbr6 lab1 20 apply ipv6 address next hop 151 2 2 Configure Router B Configure RIPng RouterB system view RouterB ipv6 RouterB ripng 1 RouterB ripng 1 quit RouterB interface seria...

Страница 738: ...738 CHAPTER 50 IPV6 UNICAST POLICY ROUTING CONFIGURATION...

Страница 739: ...ion and so on An FEP can be a Unix server or a Linux server Once a TCP connection is established the router functioning as either the terminal access initiator or receiver can transparently transmit t...

Страница 740: ...creen saving Introduction to RTC Terminal Access The initiator and receiver of RTC terminal access are routers RTC terminal access is another typical application of terminal access It interconnects a...

Страница 741: ...he outlet and the branch The orange dotted line represents RTC terminal access Router B acts as an RTC client and Router A the RTC server Router B initiates monitoring requests and Router A upon recei...

Страница 742: ...n page 746 TTY Telnet For Telnet terminal access only the connectivity test between the terminal and the router is supported Data send delay on page 746 All TCP buffer parameter configuration on page...

Страница 743: ...r is changed and the authentication fails if source IP address binding is not implemented To avoid such failures configure source IP address binding on the router to use a fixed IP address to establis...

Страница 744: ...ed If the original operating interface is lost due to a fault the operator can use the terminal redrawing function to recover it VTY redrawing You can set the VTY redrawing hotkey on the router When a...

Страница 745: ...to the receiver after the specified period If the automatic link establishment function is disabled on the terminal a link needs to be established manually In this mode the initiator establishes a TCP...

Страница 746: ...ving data from the terminal until all the data is sent successfully Generally you need to enable this function only when the transmission rate between the router and the FEP is less than that between...

Страница 747: ...rform password authentication for RTC clients to enhance security Authentication succeeds only when the passwords configured on the RTC server and the RTC client are the same Terminal access multi ins...

Страница 748: ...is number is subject to the number of router interfaces available for terminal access For TTY terminal access this number is also subject to the number of FEPs that can be configured 2 Maximum number...

Страница 749: ...e templates at the same time and apply the templates on different interfaces Note that only one template can be applied on one interface Complete the following tasks to configure terminal access TTY T...

Страница 750: ...ynchronous serial interface operates in the protocol mode and an AUX interface the flow mode Apply the template to the interface rta terminal template name terminal number Required Exit interface view...

Страница 751: ...ze driverbuf size size Optional 8 KB by default Configure the TCP connection idle timeout time idle timeout seconds Optional 0 seconds by default that is the connection never times out Configure the m...

Страница 752: ...TTY terminal access is an FEP The main program of terminal access at an FEP is the program ttyd ttyd executable which implements the data Configure the VTY redrawing hotkey redrawkey ascii code 1 3 O...

Страница 753: ...ress to be bound is 2 2 2 1 32 Network diagram Figure 224 Network diagram for TTY terminal access configuration Configuration procedure Perform the following configuration in one to one mode Configure...

Страница 754: ...e Configure the receiver Unix server Perform the following configuration by referring to FEP Installation and Configuration on page 771 The following uses SCO OpenServer Unix as an example 1 Edit the...

Страница 755: ...Required Disabled by default Create a terminal template and enter terminal template view rta template template name Required Configure a Telnet VTY vty vty number telnet remote ip address port number...

Страница 756: ...lock Optional Disabled by default Configure the terminal data send delay data send delay milliseconds Optional 0 milliseconds by default that is there is no send delay Configure the router not to clea...

Страница 757: ...ation command before using this command Configure the language of the print information print language chinese english Optional Chinese by default Set the terminal reset hotkey resetkey ascii code 1 3...

Страница 758: ...ple for Telnet Terminal Access Network requirements Consider two Unix FEPs whose IP addresses are 10 110 96 53 and 10 110 96 54 respectively and whose port numbers are 23 A Star terminal is used at th...

Страница 759: ...late to the asynchronous serial interface Sysname interface async 1 0 Sysname Async1 0 async mode flow Sysname Async1 0 rta terminal temp2 3 Sysname Async1 0 quit Configure software flow control Sysna...

Страница 760: ...55 Follow these steps to perform advanced RTC initiator RTC Client configuration To do Use the command Remarks Enter system view system view Enable terminal access on the router rta server enable Requ...

Страница 761: ...rminal buffer after a TCP connection is established driverbuf save Optional By default the router clears the terminal receive buffer after a TCP connection is established Configure the terminal receiv...

Страница 762: ...plate is applied you need to remove the application of the terminal template and apply the terminal template again for the receive buffer size to take effect The ASCII value of the hotkey must be diff...

Страница 763: ...ta server enable Required Configure the listening port rta rtc server listen port port number Required Not configured by default Create a terminal template and enter terminal template view rta templat...

Страница 764: ...driverbuf size number Optional 8 KB by default Configure the TCP connection idle timeout time idle timeout seconds Optional 0 seconds by default that is the connection never times out Configure to pr...

Страница 765: ...f you configure the receive buffer size after a terminal template is applied you need to remove the application of the terminal template and apply the terminal template again for the receive buffer si...

Страница 766: ...e and enter its view Sysname rta template rtcserver Configure the VTY Sysname rta template rtcserver vty 0 rtc server remote 10 111 0 12 1 Sysname rta template rtcserver vty 0 password simple 123 Appl...

Страница 767: ...tively connected to the interface Async1 0 on PE A and PE B It is required to monitor CE B in real time through CE A The terminal numbers of PE A and PE B are 2 The listening port of the RTC server is...

Страница 768: ...the RTC client Configure MPLS L3VPN For details see MPLS L3VPN Configuration on page 1459 Bind Loopback1 to VPNA PEA interface loopback 1 PEA LoopBack1 ip address 169 254 2 1 32 PEA LoopBack1 ip bind...

Страница 769: ...al Access Configuration To do Use the command Remarks Display specified terminal access information display rta all statistics terminal number brief detail statistics vty number Available in any view...

Страница 770: ...770 CHAPTER 51 TERMINAL ACCESS CONFIGURATION...

Страница 771: ...program A Unix FEP supports up to 250 terminals A Linux FEP supports up to 150 terminals Installing and Configuring SCO OpenServer Server Installing Device Drivers Using a floppy disk The following de...

Страница 772: ...ng FTP You can also use FTP to install the ttyd programs The following describes the installation procedure using FTP on a Windows system 1 Place the ttyd programs in a directory You must place the tt...

Страница 773: ...ocal installation 3 Select Media Images for Media Device 4 In Image Directory enter the directory holding the installation file this example assumes VOL 000 000 is placed in the directory build Press...

Страница 774: ...ing a new kernel Modifying the maximum number of files a process can open By default each SCO OpenServer Unix process can open up to 110 files If a Unix server is to be connected with more than 50 ter...

Страница 775: ...After adding the line execute the init q command to bring the configuration into effect init q In addition you can use the enable command to configure a pseudo terminal as an active terminal or use t...

Страница 776: ...ether the ttyd program automatically calls the getty program It can be 0 meaning that it is configured in the inittab system configuration file that the system is responsible for calling the getty pro...

Страница 777: ...them in the same line and make sure the access period is configured before the authentication See the following example ttyp30 10 110 96 44 1 accesstime 1 8 00 18 00 mac 02 f3 22 3e 2e 01 ttyp30 10 11...

Страница 778: ...rror does not affect too many applications Modifying Route Configuration File In terminal access the router is usually connected to the Unix server through WANs and therefore located on an IP subnet d...

Страница 779: ...tyd process launched for its parent process is 1 Processes 8312 and 8313 correspond to asynchronous interfaces with the terminal numbers of 6 and 7 on router 10 110 96 44 respectively and their parent...

Страница 780: ...ntering complex commands manually You can also add your own shell commands into the ttyadm program as desired c CAUTION The programs ttyadm ttyd and ttyadmcmd must be placed under the same directory A...

Страница 781: ...e name at the prompt 2 Display ttyd processes From the process management submenu select option 2 to display the ttyd processes running in the system The screen displays the following information Main...

Страница 782: ...process The output directory of the ttyd debugging file s is var ttydlist by default The debugging file of the main ttyd process is named in the format of ttydxxxx log where xxxx is the number for the...

Страница 783: ...ess management submenu select option 7 to display the following information Enter the port No in the configuration file Here when you enter the corresponding listening port number the configuration of...

Страница 784: ...3 2v5 0 5 i80386 07 15 2002 14 33 16 usr sys wio idle u 14 33 17 0 0 0 100 14 33 18 0 0 0 100 14 33 19 0 0 0 100 14 33 20 0 0 0 100 14 33 21 0 0 0 100 Average 0 0 0 100 Press Enter to return 2 Displa...

Страница 785: ...ry 8000 00KB streams memory in use 1103 09KB maximum streams memory used 1569 64KB 4 Return to the main menu From the system resource submenu selection option 0 to return to the main menu Displaying r...

Страница 786: ...STATE APP_TYPE APP_NAME 1 10 110 96 53 9998 Kept Special sco1 2 10 110 96 53 9997 Kept Normal sco2 3 10 110 96 53 9900 Kept Special sco3 6 10 110 96 53 9998 Linked Special sco4 4 Display detailed tty...

Страница 787: ...kets written to pty 2 Total number of bytes written to pty 2 Number of bytes last written to pty 1 Time when pty was last written to 2002 07 15 13 59 43 Press Enter to return Editing ttyd configuratio...

Страница 788: ...rocess can open up to 64 files If a Unix server is to be connected with a large number of terminals usually more than 50 you are recommended to change the value to 400 To do so use the following comma...

Страница 789: ...ting ttyd on page 779 Enabling ttyd autorun at system startup Refer to Enabling ttyd autorun at system startup on page 779 Installing and Using ttyd Administration Program ttyadm Refer to Installing a...

Страница 790: ...d check whether this file contains the following line T1 234 respawn etc getty ttyp50 If the line is absent add it In the sample line T1 is the identifier of the line Each line in the file inittab mus...

Страница 791: ...h smit smit 2 Select Devices 3 Select PTY 4 Select Maximum number of BSD Pseudo Terminals and set it to 256 Now the number of supported pseudo terminals is 256 n Adding pseudo terminals on the IBM AIX...

Страница 792: ...ting the ttyd Configuration File Refer to Editing the ttyd Configuration File on page 775 Modifying Route Configuration File The terminal access router is usually connected to the Unix server through...

Страница 793: ...ice Now the number of pseudo terminals is 256 in the directories dev pty and dev ptym Link the added devices to dev as follows ln dev pty ttyy0 dev ttyy0 ln dev ptym ptyy0 dev ptyy0 Modifying the maxi...

Страница 794: ...ddition init q Editing ttyd Configuration File Refer to Editing the ttyd Configuration File on page 775 Modifying Route Configuration File The terminal access router is usually connected to the Unix s...

Страница 795: ...nux Server Installing Device Drivers Using the floppy disk Refer to Using a floppy disk on page 771 Using FTP Refer to Using FTP on page 772 Configuration Prerequisites Setting the maximum number of o...

Страница 796: ...e than four characters In system configuration file inittab the third column of a line is respawn for an active terminal and off for a dumb terminal The available pseudo terminals include ttyxy where...

Страница 797: ...ore located on an IP segment different from that of the Unix server in which case you must configure a route on the Unix server The following example shows how to do so route add net 10 110 96 0 netma...

Страница 798: ...798 CHAPTER 52 FEP INSTALLATION AND CONFIGURATION...

Страница 799: ...urred Press a key on the terminal to initiate a new connection 6 TTY tty number vty number success to connect with server name A TCP connection is established between the router and the Unix server 7...

Страница 800: ...whether the router and Unix server can ping each other on page 802 If the TCP connection between the terminal and the Unix server is correct the terminal screen displays Terminal to Unix test OK This...

Страница 801: ...able and the other end is a DB 25 receptacle for connecting to a terminal The following table describes the pins of the terminal access converter The common terminal access connection in banking syste...

Страница 802: ...e flow control signal lines are absent you must use the flow control none or flow control software inbound command on the asynchronous interface to not detect hardware flow control signals by adopting...

Страница 803: ...ent on page 803 or Prompts on Terminals on page 799 The main ttyd process and its child processes exist The ttyd program has been started and a TCP connection has been established between the router a...

Страница 804: ...dev ttypxx This command sends the string 123456789 to the terminal ttypxx xx indicates the terminal index If the string appears on the terminal a TCP connection has been established between the applic...

Страница 805: ...in the configuration file ttyd conf The debugging file of the main ttyd process is named in the format of ttydxxxx log where xxxx is the number of the listening port of the main process The debugging...

Страница 806: ...write data to the socket 12 Fail child process exit for out of time range Cause The user was accessing the Unix server out of the defined periods 13 Fail Failed in opening pty5 out of devices Cause Fa...

Страница 807: ...its configuration in the configuration file of the banking service 2 Modify configuration file ttyd conf on the Unix server to change the original pseudo terminal to a new pseudo terminal If the new p...

Страница 808: ...808 CHAPTER 53 TERMINAL ACCESS TROUBLESHOOTING...

Страница 809: ...es 32 0 32 2734 29 0 class 6 2048 bytes 274 182 92 6460 273 0 class 7 4096 bytes 171 170 1 185 171 0 class 8 8192 bytes 5 0 5 70 5 0 class 9 16384 bytes 2 0 2 3 2 0 class 10 32768 bytes 0 0 0 0 0 0 cl...

Страница 810: ...s the steps 1 Kill all the current main and child ttyd processes 2 Modify pseudo terminal names in configuration file ttyd conf for example Original ttyp30 10 110 96 11 0 Modified ttya0 10 110 96 11 0...

Страница 811: ...rvice process is abnormal and if necessary kill the process If the rate is not high open the ttyd configuration file to examine whether the sendsize and readsize options are properly configured For lo...

Страница 812: ...e address binding configured the router IP address configured on the Unix server must be the bound IP address Verify that correct routes are configured on both the router and Unix server Illegible cha...

Страница 813: ...ver uses the many to one mode and the router uses one to one mode The terminal connected to a credit card IC card swipe reader does not work Check the hardware versions of the interface modules using...

Страница 814: ...814 CHAPTER 54 TERMINAL ACCESS FAQ...

Страница 815: ...connected destination Routes in a routing table can be divided into three categories by origin Direct routes Routes discovered by data link protocols also known as interface routes Static routes Route...

Страница 816: ...The destination is a subnet Host routes The destination is a host Based on whether the destination is directly connected to a given router routes can be divided into Direct routes The destination is d...

Страница 817: ...large networks Its disadvantages are that it is complicated to configure and that it not only imposes higher requirements on the system but also eats away a certain amount of network resources Classi...

Страница 818: ...ting protocols Includes PIM SM and PIM DM This chapter focuses on unicast routing protocols For information on multicast routing protocols refer to Multicast Overview on page 1085 Version of IP protoc...

Страница 819: ...oute backup can help improve network reliability With route backup you can configure multiple routes to the same destination expecting the one with the highest priority to be the main route and all th...

Страница 820: ...orwards Configuring Bandwidth based Non Balanced Load Sharing Follow these steps to enable bandwidth based non balanced load sharing n Bandwidth based non balanced load sharing does not support the lo...

Страница 821: ...out bandwidth based load sharing display loadsharing ip address ip address mask Available in any view Clear statistics for the routing table or a VPN routing table reset ip routing table statistics pr...

Страница 822: ...width KB Flow s Interface 10 1 1 2 763851 100000 0 Ethernet0 0 10 1 2 2 1193501 155000 0 Atm1 0 10 1 3 2 15914 2048 0 Serial2 0 The display shows that packets are load shared according to their defaul...

Страница 823: ...1 0 24 There are is totally 3 route entry s to the same destination network Nexthop Packet s Bandwidth KB Flow s Interface 10 1 2 2 142824 100 0 Atm1 0 10 1 1 2 285648 200 0 Ethernet0 0 10 1 3 2 4284...

Страница 824: ...824 CHAPTER 55 IP ROUTING OVERVIEW...

Страница 825: ...2 RFC1163 and BGP 3 RFC1267 The current version in use is BGP 4 RFC1771 BGP 4 is rapidly becoming the defacto Internet exterior routing protocol standard and is commonly used between ISPs The charact...

Страница 826: ...when it runs between ASs Formats of BGP Messages Header BGP message involves five types Open message Update message Notification message Keep alive message Route refresh message They have the same hea...

Страница 827: ...dentifying the BGP router Opt Parm Len Optional Parameters Length Length of optional parameters set to 0 if no optional parameter is available Update Update message is used to exchange routing informa...

Страница 828: ...ormation is encoded as one or more 2 tuples of the form length prefix Notification A Notification message is sent when an error is detected The BGP connection is closed immediately after sending it No...

Страница 829: ...hree types IGP Has the highest priority Routes added to the BGP routing table using the network command have the IGP attribute EGP Has the second highest priority Routes obtained via EGP have the EGP...

Страница 830: ...0 0 In some applications you can apply a routing policy to control BGP route selection by modifying the AS path length By configuring an AS path filtering list you can filter routes based on AS numbe...

Страница 831: ...the smallest MED value the best route if other conditions are the same As shown below traffic from AS 10 to AS 20 travels through Router B that is selected according to MED Figure 238 MED attribute In...

Страница 832: ...the Internet community Routes with this attribute can be advertised to all BGP peers No_Export After received routes with this attribute cannot be advertised out the local AS or out the local confeder...

Страница 833: ...ble route to reach a next hop is route recursion Currently the system supports BGP load balancing based on route recursion namely if reliable routes are load balanced suppose three next hop addresses...

Страница 834: ...BGP peers including both EBGP and IBGP peers A BGP speaker does not advertise routes learned from IBGPs to IBGP peers A BGP speaker advertises routes learned from IBGPs to EBGP peers Note that if info...

Страница 835: ...table size By summarizing multiple routes with one route a BGP router advertises only the summary route rather than all routes Currently the system supports both manual and automatic summarization The...

Страница 836: ...collection of peers with the same attributes When a peer joins the peer group the peer obtains the same configuration as the peer group If configuration of the peer group is changed configuration of g...

Страница 837: ...clients BGP connections between clients need not be established The router neither a route reflector nor a client is a non client which has to establish connections to the route reflector and all non...

Страница 838: ...ub ASs in the confederation The ID of the confederation is the number of the AS in the above figure AS 200 is the confederation ID The deficiency of confederation is when changing an AS into a confede...

Страница 839: ...In BGP 4 the three types of attributes for IPv4 namely NLRI NEXT_HOP and AGGREGATOR contains the IP address of the speaker generating the summary route are all carried in updates To support multiple n...

Страница 840: ...ge 843 Configuring BGP Route Redistribution on page 843 Optional Configuring BGP Route Summarization on page 843 Optional Advertising a Default Route to a Peer or Peer Group on page 844 Optional Confi...

Страница 841: ...es are configured for loopback interface and other interfaces the task becomes required Specify the AS number for a peer or a peer group peer group name ip address as number as number Required Not spe...

Страница 842: ...a TCP connection over multiple hops between two peers You need not use this command for directly connected EBGP peers which employ loopback interfaces for peer relationship establishment If you both r...

Страница 843: ...you need to configure route summarization on peers BGP supports two summarization types automatic and manual Automatic summarization Summarizes redistributed IGP subnets With the feature configured B...

Страница 844: ...oute summarization summary automatic Required No route summarization is configured by default Choose either as needed if both are configured the manual route summarization takes effect Configure manua...

Страница 845: ...to filer routing information to a peer peer group peer group name ip address ip prefix ip prefix name export To do Use the command Remarks To do Use the command Remarks Enter system view system view E...

Страница 846: ...local routing table nor advertise them to BGP peers To configure BGP route dampening use the following commands n Using this command dampens only routes from EBGP peers rather than IBGP peers Configu...

Страница 847: ...lt med med value Optional The value defaults to 0 Enable to compare MED values of routes from different ASs compare different as med Optional Not enabled by default Enable to compare MED values of rou...

Страница 848: ...can specify a fake AS number to hide the real one as needed The fake AS number applies to EBGP peers only that is EBGP peers in other ASs can only find the fake AS number Configure the AS_PATH attribu...

Страница 849: ...router the router advertises a route refresh message to its peers which then resend their routing information to the router Therefore the local router can perform dynamic route update and apply the n...

Страница 850: ...abled by default Enable BGP route refresh for a peer peer group peer group name ip address capability advertise route refresh Optional Enabled by default Keep all original routes imported from a peer...

Страница 851: ...gement easier and improves route distribution efficiency Peer group includes IBGP peer group where peers belong to the same AS and EBGP peer group where peers belong to different ASs If peers in an EB...

Страница 852: ...s their AS in BGP view Specify the AS number for the group peer group name as number as number Add a peer into the group peer ip address group group name as number as number Configure a mixed EBGP pee...

Страница 853: ...se the confederation nonstandard command to make the local router compatible with these routers Configuring BGP Graceful Restart Follow these steps to configure GR on the GR Restarter and the GR Helpe...

Страница 854: ...n sent To do Use the command Remarks Enter system view system view Enable BGP and enter its view bgp as number Required Disabled by default Enable Graceful Restart Capability for BGP graceful restart...

Страница 855: ...unity aa nn 1 13 no advertise no export no export subconfed whole match Display routing information matching a BGP community list display bgp routing table community list basic community list number w...

Страница 856: ...to an AS reset bgp as number Reset the BGP connection to a peer reset bgp ip address flap info Reset all EBGP connections reset bgp external Reset the BGP connections to a peer group reset bgp group g...

Страница 857: ...mber 65009 RouterD bgp quit 3 Configure the EBGP connection Configure Router A RouterA system view RouterA bgp 65008 RouterA bgp router id 1 1 1 1 RouterA bgp peer 200 1 1 1 as number 65009 Advertise...

Страница 858: ...MED LocPrf PrefVal Path Ogn 8 0 0 0 200 1 1 2 0 0 65008i Display routing table information on Router C RouterC display bgp routing table Total Number of Routes 1 BGP Local router ID is 3 3 3 3 Status...

Страница 859: ...200 1 1 0 9 1 3 1 0 100 0 You can find the route 8 0 0 0 becomes valid with the next hop as Router A Ping 8 1 1 1 on Router C RouterC ping 8 1 1 1 PING 8 1 1 1 56 data bytes press CTRL_C to break Repl...

Страница 860: ...p quit Configure Router B RouterB system view RouterB bgp 65009 RouterB bgp router id 2 2 2 2 RouterB bgp peer 3 1 1 2 as number 65008 RouterB bgp quit 4 Configure BGP and IGP interaction Configure BG...

Страница 861: ...1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 5 Configure route automatic summarization Configure route automatic summarization on Router B RouterB bgp 65009 RouterB bgp summary automatic Displa...

Страница 862: ...e 248 Network diagram for BGP path selection Configuration procedure 1 Configure IP addresses for interfaces omitted 2 Configure BGP connections Configure Router A RouterA system view RouterA bgp 6500...

Страница 863: ...put you can find two routes to the destination 9 1 1 0 24 are available and the route with the next hop 200 1 1 1 is the best route because Router B has a smaller router ID than Router C 3 Configure l...

Страница 864: ...the other route with the next hop 200 1 1 1 Router B BGP Community Configuration Network requirements Router B establishes EBGP connections with Router A and Router C Configure No_Export community at...

Страница 865: ...1 1 1 1 Original nexthop 200 1 2 1 AS path 10 Origin igp Attribute value MED 0 pref val 0 pre 255 State valid external best Advertised to such 1 peers 200 1 3 2 Router B advertised received routes to...

Страница 866: ...n the above output At this time the route to the destination 9 1 1 0 24 is not available in the routing table of Router C BGP Route Reflector Configuration Network requirements In the following figure...

Страница 867: ...er 193 1 1 2 as number 200 RouterC bgp peer 194 1 1 2 as number 200 RouterC bgp quit Configure Router D RouterD system view RouterD bgp 200 RouterD bgp peer 194 1 1 1 as number 200 RouterD bgp quit 3...

Страница 868: ...S 65001 are fully meshed Network diagram Figure 251 Network diagram for BGP confederation configuration Configuration procedure 1 Configure IP addresses for interfaces omitted 2 Configure BGP confeder...

Страница 869: ...r C RouterC system view RouterC bgp 65003 RouterC bgp router id 3 3 3 3 RouterC bgp confederation id 200 RouterC bgp confederation peer as 65001 65002 RouterC bgp peer 10 1 2 1 as number 65001 RouterC...

Страница 870: ...uter ID is 2 2 2 2 Status codes valid best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn i 9 1 1 0 24 10 1 1 1 0 100 0 65...

Страница 871: ...are EBGP connections Between Router B and Router D Router D and Router C are IBGP connections OSPF is the IGP protocol in AS 200 Configure routing policies to make Router D give priority to the route...

Страница 872: ...rD ospf area 0 RouterD ospf 1 area 0 0 0 0 network 194 1 1 0 0 0 0 255 RouterD ospf 1 area 0 0 0 0 network 195 1 1 0 0 0 0 255 RouterD ospf 1 area 0 0 0 0 quit RouterD ospf 1 quit 3 Configure BGP conn...

Страница 873: ...oute policy quit RouterA route policy apply_med_100 permit node 10 RouterA route policy if match acl 2000 RouterA route policy apply cost 100 RouterA route policy quit Apply routing policy apply_med_5...

Страница 874: ...lid best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn i 1 0 0 0 193 1 1 1 0 200 0 100i i 192 1 1 1 0 100 0 100i The rout...

Страница 875: ...Check whether a route to the peer is available in the routing table 6 Use the ping command to check connectivity 7 Use the display tcp status command to check the TCP connection 8 Check whether an AC...

Страница 876: ...876 CHAPTER 56 BGP CONFIGURATION...

Страница 877: ...eference models and the new one is called Integrated IS IS or Dual IS IS IS IS is an interior gateway protocol IGP used within an Autonomous System It adopts the Shortest Path First SPF algorithm for...

Страница 878: ...ifier AFI and the Initial Domain Identifier IDI The DSP includes the High Order DSP HODSP the System ID and SEL where the HODSP identifies the area the System ID identifies the host and the SEL indica...

Страница 879: ...ET The Network Entity Title NET is an NSAP with SEL of 0 It indicates the network layer information of the IS itself where SEL 0 means no transport layer information Therefore the length of NET is equ...

Страница 880: ...vel 2 and Level 1 2 routers in different areas A Level 1 router must be connected to other areas via a Level 1 2 router The Level 1 2 router maintains two LSDBs where the Level 1 LSDB is for routing w...

Страница 881: ...stablish Level 2 adjacency By having this function you can prevent the Level 1 hello packets from propagating to the Level 2 backbone through the Lever 1 2 router This can result in bandwidth saving R...

Страница 882: ...outer becomes the DIS If there are multiple routers with the same highest DIS priority the one with the highest SNPA Subnetwork Point of Attachment address which is the MAC address on a broadcast netw...

Страница 883: ...sent in bytes Version Protocol ID Extension Set to 1 0x01 ID Length The length of the NSAP address and NET ID R Reserved Set to 0 PDU Type For detail information refer to Table 41 Version Set to 1 0x0...

Страница 884: ...indicates L2 and 11 indicates L1 2 Source ID The system ID of the router advertising the hello packet Holding Time If no hello packets are received from a neighbor within the holding time the neighbo...

Страница 885: ...nt by the Level 2 router and the Level 1 LSP is sent by the Level 1 router The level 1 2 router can sent both types of the LSPs Two types of LSPs have the same format as shown in Figure 261 Intradomai...

Страница 886: ...e the router is running out of system resources In this condition other routers will not send packets to the overloaded router except packets destined to the networks directly connected to the router...

Страница 887: ...s by default On point to point networks CSNP is only sent during the first adjacency establishment The CSNP packet format is shown in Figure 263 Figure 263 L1 L2 CSNP format PSNP only contains the seq...

Страница 888: ...IS L2 LSP 6 IS Neighbors MAC Address LAN IIH 7 IS Neighbors SNPA Address LAN IIH 8 Padding IIH 9 LSP Entries SNP 10 Authentication Information IIH LSP SNP 128 IP Internal Reachability Information LSP...

Страница 889: ...After receiving the responses from neighbors the GR Restarter can restore the neighbor table After reestablishing neighborships the GR Restarter will synchronize the LSDB and exchange routing informa...

Страница 890: ...s System ID The system ID of the Originating System Additional System ID It is the additional virtual system ID configured for the IS IS router after LSP fragment extension is enabled Each additional...

Страница 891: ...se not supporting this feature to interoperate with each other but it restricts the link state information in the extended fragments Mode 2 does not restrict the link state information in the extended...

Страница 892: ...following table describes the IS IS configuration tasks Configuration Task Remarks Configuring IS IS Basic Functions on page 893 Required Configuring IS IS Routing Information Control on page 894 Spe...

Страница 893: ...on page 901 Optional Configuring Dynamic Host Name Mapping on page 902 Optional Configuring IS IS Authentication on page 902 Optional Configuring LSDB Overload Tag on page 903 Optional Logging the Adj...

Страница 894: ...rity for specific routes For information about routing policy refer to Routing Policy Configuration on page 991 Follow these steps to configure the IS IS protocol priority Enable an IS IS process on t...

Страница 895: ...Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Specify a cost style cost style narrow wide wide compatible compatible narrow compatible relax spf limit O...

Страница 896: ...uring the Maximum Number of Load Balanced Routes If there are more than one equal cost routes to the same destination the traffic can be load balanced to enhance path efficiency Follow these steps to...

Страница 897: ...instance vpn instance name Configure IS IS route summarization summary ip address mask mask length avoid feedback generate_null0_route tag tag level 1 level 1 2 level 2 Required Not configured by defa...

Страница 898: ...ecific level Level 1 or Level 2 You can specify a DIS priority at a level for an interface The bigger the interface s priority value the more likelihood it becomes the DIS Redistribute routes from ano...

Страница 899: ...r LSDB synchronization If no level is included the specified CSNP interval applies to both Level 1 and Level 2 of the current IS IS process If a level is specified it applies to the level To do Use th...

Страница 900: ...can configure the router to ignore the incorrect checksum which means an LSP will be processed even with an incorrect LSP checksum On the NBMA network the router will flood a new LSP received from an...

Страница 901: ...meters Enable the LSP flash flooding function flash flood flood count flooding count max timer interval flooding interval level 1 level 2 Optional Not enabled by default Specify the maximum size of th...

Страница 902: ...interval incremental interval Optional The default SPF calculation interval is 10 seconds Specify the SPF calculation duration spf slice size duration time Optional 10 milliseconds by default To do Us...

Страница 903: ...he LSDB overload tag To do Use the command Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Specify the area authentication mode area authenticatio...

Страница 904: ...eful Restart capable device will resend connection requests to its neighbors instead of terminating their adjacencies Graceful Restart minimizes network disruption caused by LSDB synchronization befor...

Страница 905: ...ceful restart Required Disabled by default Set the Graceful Restart interval graceful restart interval timer Required 300 seconds by default Configure to set the SA bit during restart graceful restart...

Страница 906: ...w Display SPF calculation log information display isis spf log process id vpn instance vpn instance name Available in any view Display statistic about an IS IS process display isis statistics level 1...

Страница 907: ...uterB Serial2 0 quit Configure Router C RouterC system view RouterC isis 1 RouterC isis 1 network entity 10 0000 0000 0003 00 RouterC isis 1 quit RouterC interface serial 2 0 RouterC Serial2 0 isis en...

Страница 908: ...0002 00 00 0x0000000d 0xcd66 1167 68 0 0 0 0000 0000 0003 00 00 0x00000014 0x2d39 1136 111 1 0 0 Self LSP Self LSP Extended ATT Attached P Partition OL Overload RouterC display isis lsdb Database info...

Страница 909: ...R 0 0 0 0 0 10 NULL S2 0 10 1 1 1 R Flags D Direct R Added to RM L Advertised in LSPs U Up Down Bit Set RouterC display isis route Route information for ISIS 1 ISIS 1 IPv4 Level 1 Forwarding Table IP...

Страница 910: ...router Change the DIS priority of Router A to make it selected as the Level 1 2 DIS router Network diagram Figure 267 Network diagram for DIS selection configuration Configuration procedure 1 Configur...

Страница 911: ...ernet1 0 quit Display information about IS IS neighbors of Router A Peer information for ISIS 1 System Id 0000 0000 0002 Interface Ethernet1 0 Circuit Id 0000 0000 0003 01 State Up HoldTime 21s Type L...

Страница 912: ...IS priority of Router A RouterA interface ethernet 1 0 RouterA Ethernet1 0 isis dis priority 100 Display information about IS IS neighbors of Router A RouterA display isis peer Peer information for IS...

Страница 913: ...isis interface Interface information for ISIS 1 Interface Ethernet1 0 Id IPV4 State IPV6 State MTU Type DIS 001 Up Down 1497 L1 L2 No No Display information about IS IS neighbors and interfaces of Rou...

Страница 914: ...A isis 1 RouterA isis 1 graceful restart RouterA isis 1 graceful restart interval 150 RouterA isis 1 return The configurations for Router B and Router C are similar and therefore are omitted here 3 Ve...

Страница 915: ...art Status RESTARTING Number of LSPs Awaited 3 T3 Timer Status Remaining Time 239 T2 Timer Status Remaining Time 59 IS IS 1 Level 2 Restart Status Restart Interval 150 SA Bit Supported Total Number of...

Страница 916: ...916 CHAPTER 57 IS IS CONFIGURATION...

Страница 917: ...n Unless otherwise noted OSPF refers to OSPFv2 throughout this document OSPF has the following features Scope Supports networks of various sizes and can support several hundred routers Fast convergenc...

Страница 918: ...ed integer the unique identifier of the router in the AS You may assign a Router ID to an OSPF router manually If no Router ID is specified the system automatically selects one for the router as follo...

Страница 919: ...of which consists of a standard LSA header and application specific information Opaque LSAs are used by the OSPF protocol or by some application to distribute information into the OSPF routing domain...

Страница 920: ...ion area border routers perform route summarization to reduce the number of LSAs advertised to other areas and minimize the effect of topology changes Classification of Routers The OSPF router falls i...

Страница 921: ...All non backbone areas must maintain connectivity to the backbone area The backbone area itself must maintain connectivity In practice due to physical limitations the requirements may not be satisfie...

Страница 922: ...PF routers in between simply convey these OSPF packets as normal IP packets Totally Stub area The ABR in a stub area does not distribute Type5 LSAs into the area so the routing table scale and amount...

Страница 923: ...left of the figure RIP routes are translated into type5 LSAs by the ASBR of Area 2 and distributed into the OSPF AS However Area 1 is an NSSA area so these type5 LSAs cannot travel to Area 1 Similar...

Страница 924: ...to destinations outside the AS OSPF classifies external routes into two types type1 and type2 A type1 external route is an IGP route such as a RIP or static route which has high credibility and whose...

Страница 925: ...ly one neighbor Differences between NBMA and P2MP networks NBMA networks are fully meshed non broadcast and multi access P2MP networks are not required to be fully meshed It is required to elect the D...

Страница 926: ...e election candidates The election votes are hello packets Each router sends the DR elected by itself in a hello packet to all the other routers If two routers on the network declare themselves as the...

Страница 927: ...plaintext authentication and MD5 authentication respectively Authentication Information determined by authentication type which is not defined for authentication type 0 password information for authen...

Страница 928: ...hey cannot become neighbors Designated Router IP address of the DR interface Backup Designated Router IP address of the BDR interface Neighbor Router ID of the neighbor router DD packet Two routers ex...

Страница 929: ...ss Otherwise the router is the slave DD Sequence Number Used to sequence the collection of Database Description Packets for ensuring reliability and intactness of DD packets between the master and sla...

Страница 930: ...SU packet format is shown below Figure 281 LSU packet format LSAck packet LSAack Link State Acknowledgment packets are used to acknowledge received LSU packets contents including LSA headers to descri...

Страница 931: ...sion LS type The type of the LSA Link State ID The contents of this field depend on the LSA s type LS sequence number Used by other routers to judge new and old LSAs LS checksum Checksum of the LSA ex...

Страница 932: ...Type Link type A value of 1 indicates a point to point link to a remote router a value of 2 indicates a link to a transit network a value of 3 indicates a link to a stub network a value of 4 indicates...

Страница 933: ...field the format of type 3 and 4 summary LSAs is identical Figure 286 Summary LSA format Major fields Link State ID For a type3 LSA it is an IP address outside the area for a type 4 LSA it is the rout...

Страница 934: ...ic value which is set to 1 for type 2 external routes and set to 0 for type 1 external routes Refer to Route types on page 924 for description about external route types metric The metric to the desti...

Страница 935: ...identical Authentication types include non authentication plaintext authentication and MD5 ciphertext authentication The authentication password for interfaces attached to a network segment must be id...

Страница 936: ...a link TE is implemented on the classified type thin granularity summarization type rather than the summarized type thick granularity summarization type to improve performance and bandwidth utilizati...

Страница 937: ...on in this case since an OSPF intra area route has a higher priority than a backbone route VPN traffic will always travel on the backdoor route rather than the backbone route To avoid this an unnumber...

Страница 938: ...ng OSPF Packet Timers on page 946 Optional Configuring LSA Transmission Delay Time on page 947 Optional Configuring SPF Calculation Interval on page 948 Optional Configuring LSA Minimum Repeat Arrival...

Страница 939: ...stance to configure an association between the two The configurations for routers in an area are performed on the area basis Wrong configurations may cause communication failures even routing informat...

Страница 940: ...in a NSSA area When arriving at the ABR in the NSSA area these LSAs will be translated into type 5 LSAs for advertisement to other areas Non backbone areas exchange routing information via the backbo...

Страница 941: ...iability should become the DR BDR Prerequisites Before configuring OSPF network types you have configured IP addresses for interfaces making neighboring nodes accessible with each other at network lay...

Страница 942: ...local router will consider the neighbor has no election right thus no hello packet is sent to this neighbor reducing the number of hello packets for DR BDR election on networks However if the local r...

Страница 943: ...g ABR Type3 LSA Filtering Follow these steps to configure type 3 LSA filtering on an ABR To do Use the command Remarks Enter system view system view Enter OSPF view ospf process id router id router id...

Страница 944: ...iew System view Enter OSPF view ospf process id router id router id vpn instance instance name Enter area view area area id Configure ABR type3 LSA filtering filter acl number ip prefix ip prefix name...

Страница 945: ...view system view Enter OSPF view ospf process id router id router id vpn instance instance name Configure OSPF route priority preference ase route policy route policy name value Optional The priority...

Страница 946: ...for SPF calculation to reduce resource consumption caused by frequent network changes Configure OSPF authentication to meet high security requirements of some mission critical networks Configure OSPF...

Страница 947: ...ssary especially for low speed links Follow these steps to configure the LSA transmission delay time on an interface To do Use the command Remarks Enter system view system view Enter interface view in...

Страница 948: ...the LSA Follow these steps to configure the LSA minimum repeat arrival interval n The interval set by the lsa arrival interval command should be smaller or equal to the interval set by the lsa generat...

Страница 949: ...affic control It informs other OSPF routers not to use it to forward data but they can have a route to the stub router The router LSAs from the stub router may contain different link type values A val...

Страница 950: ...e name Configure the router as a stub router stub router Required Not configured by default To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter OSPF view os...

Страница 951: ...terface fills in a value of 0 To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter OSPF view ospf process id router id router id vpn instance instance name S...

Страница 952: ...atechange iftxretransmit lsdbapproachoverflow lsdboverflow maxagelsa nbrstatechange originatelsa vifcfgerror virifauthfail virifrxbadpkt virifstatechange viriftxretransmit virnbrstatechange Optional E...

Страница 953: ...ult To do Use the command Remarks Enter system view system view Enable OSPF and enter its view ospf process id router id router id vpn instance instance name Required Disabled by default Enable the us...

Страница 954: ...n display ospf process id nexthop Display routing table information display ospf process id routing interface interface type interface number nexthop nexthop address Display virtual link information d...

Страница 955: ...interfaces omitted 2 Configure OSPF basic functions Configure RouterA RouterA system view RouterA ospf RouterA ospf 1 area 0 RouterA ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 RouterA ospf 1 area...

Страница 956: ...ace 10 1 1 1 Ethernet1 0 s neighbors Router ID 10 3 1 1 Address 10 1 1 2 GR State Normal State Full Mode Nbr is Master Priority 1 DR 10 1 1 1 BDR 10 1 1 2 MTU 0 Dead timer due in 37 sec Neighbor is up...

Страница 957: ...8000000F 4 Sum Net 10 1 1 0 10 2 1 1 1069 28 8000000F 2 Sum Asbr 10 3 1 1 10 2 1 1 1069 28 8000000F 2 Display routing table information on Router D RouterD display ospf routing OSPF Process 1 with Ro...

Страница 958: ...net 1 2 9 1 1 1 RouterD ospf RouterD ospf 1 import route static RouterD ospf 1 quit Display ABR ASBR information on RouterC RouterC display ospf abr asbr OSPF Process 1 with Router ID 10 4 1 1 Routing...

Страница 959: ...1 area 0 0 0 1 stub RouterC ospf 1 area 0 0 0 1 quit RouterC ospf 1 quit Display routing table information on RouterC RouterC display ospf routing OSPF Process 1 with Router ID 10 4 1 1 Routing Table...

Страница 960: ...s where all routers run OSPF RouterA and RouterB act as ABRs to forward routing information between areas It is required to configure Area1 as an NSSA area RouterC as an ASBR to redistribute static ro...

Страница 961: ...1 10 4 1 1 0 0 0 1 Total Nets 3 Intra Area 2 Inter Area 1 ASE 0 NSSA 0 4 Configure RouterC to redistribute static routes RouterC ip route static 3 1 3 1 24 Ethernet 1 2 11 1 1 1 RouterC ospf RouterC o...

Страница 962: ...1 area 0 RouterA ospf 1 area 0 0 0 0 network 192 168 1 0 0 0 0 255 RouterA ospf 1 area 0 0 0 0 quit RouterA ospf 1 quit Configure RouterB RouterB system view RouterB router id 2 2 2 2 RouterB ospf Ro...

Страница 963: ...dress 192 168 1 3 GR State Normal State Full Mode Nbr is Master Priority 1 DR 192 168 1 4 BDR 192 168 1 3 MTU 0 Dead timer due in 31 sec Neighbor is up for 00 01 28 Authentication Sequence 0 Router ID...

Страница 964: ...r due in 33 sec Neighbor is up for 00 11 15 Authentication Sequence 0 The DR and BDR have no change n In the above output you can find the priority configuration does not take effect immediately 4 Res...

Страница 965: ...nterfaces Area 0 0 0 0 IP Address type State Cost Pri DR BDR 192 168 1 2 Broadcast DROther 1 0 192 168 1 1 192 168 1 3 n The interface state DROther means the interface is not the DR BDR Configuring O...

Страница 966: ...terA RouterA display ospf routing OSPF Process 1 with Router ID 1 1 1 1 Routing Tables Routing for Network Destination Cost type NextHop AdvRouter Area 10 0 0 0 8 1 Stub 10 1 1 1 1 1 1 1 0 0 0 0 192 1...

Страница 967: ...anism Network diagram Figure 294 Network diagram for OSPF based GR configuration on routers Configuration Procedure 1 Configure Router A RouterA system view RouterA interface ethernet 1 0 RouterA Ethe...

Страница 968: ...4 Verify the configuration Perform OSPF Graceful Restart on Router A if all routers function properly after the above configurations RouterA reset ospf 100 process graceful restart Troubleshooting OS...

Страница 969: ...ve external routes and all interfaces connected to the Stub area must be associated with the Stub area Solution 1 Use the display ospf peer command to display neighbors 2 Use the display ospf interfac...

Страница 970: ...970 CHAPTER 58 OSPF CONFIGURATION...

Страница 971: ...ackets for exchanging information through port 520 RIP uses a hop count to measure the distance to a destination The hop count is known as metric The hop count from a router to its directly connected...

Страница 972: ...ires the route will be deleted from the routing table Routing loops prevention RIP is a distance vector D V based routing protocol Since a RIP router advertises its own routing table to neighbors rout...

Страница 973: ...tication to enhance security n RIP 2 has two types of message transmission broadcast and multicast Multicast is the default type using 224 0 0 9 as the multicast address The interface working in the R...

Страница 974: ...RIP For RIP 2 the value is 0x02 Route Tag Route Tag IP Address Destination IP address It could be a natural network address subnet address or host address Subnet Mask Mask of the destination address N...

Страница 975: ...the routing table changes or the next hop is unreachable a routing update message is sent Since the periodic update delivery is canceled an acknowledgement and retransmission mechanism is required to...

Страница 976: ...pport Demand Circuits Configuring RIP Basic Functions Configuration Prerequisites Before configuring RIP features finish the following tasks Configure the link layer protocol Configure IP address on e...

Страница 977: ...broadcasts and multicasts With RIP 2 configured a broadcast interface sends RIP 2 broadcasts and can receive RIP 1 unicasts and broadcasts RIP 2 broadcasts multicasts and unicasts Follow these steps t...

Страница 978: ...ed to the metric of a RIP route namely the inbound and outbound additional metric The outbound additional metric is added to the metric of a sent route the route s metric in the routing table is not c...

Страница 979: ...mmary route on an interface Enter interface view interface interface type interface number Define an inbound additional routing metric rip metricin value Optional 0 by default Define an outbound addit...

Страница 980: ...ou can filter routes by configuring the inbound and outbound route filtering policies via referencing an ACL and IP prefix list You can also specify to receive only routes from a specified neighbor Fo...

Страница 981: ...m Number of Load Balanced Routes on page 983 Enabling CheckZero Field Check on RIPv1 Messages on page 983 Enabling Source IP Address Check on Incoming RIP Updates on page 984 Define a filtering policy...

Страница 982: ...function disables an interface from sending routes received by the interface itself so as to prevent routing loops between adjacent routers Follow these steps to configure the split horizon function n...

Страница 983: ...processing time In addition you can enable the source IP address validation on received messages For the message received on an Ethernet interface RIP compares the source IP address of the message wit...

Страница 984: ...ssage which cannot meet high security needs Follow these steps to configure RIP 2 message authentication Configuring a RIP Neighbor Usually RIP sends messages to broadcast or multicast addresses On no...

Страница 985: ...d Response retransmissions as needed For two routers on an analog dial up link the difference between retransmission intervals on the two ends must be bigger than 50 seconds otherwise they can not bec...

Страница 986: ...e the command Remarks Enter system view system view Bind RIP to MIB rip mib binding process id Optional By default MIB is bound to the RIP process with the smallest process ID To do Use the command Re...

Страница 987: ...tination Mask Nexthop Cost Tag Flags Sec 10 0 0 0 8 1 1 1 2 1 0 RA 9 From the routing table you can see RIP 1 uses natural mask to advertise routing information 3 Configure RIP version Configure RIP 2...

Страница 988: ...ution configuration Configuration procedure 1 Configure an IP address for each interface omitted 2 Configure RIP basic functions Enable RIP 100 and configure a RIP version of 2 on Router A RouterA sys...

Страница 989: ...100 RouterB rip 100 default cost 3 RouterB rip 100 import route rip 200 RouterB rip 100 quit RouterB rip 200 RouterB rip 200 import route rip 100 RouterB rip 200 quit Display the routing table of Rou...

Страница 990: ...nable corresponding interfaces Make sure no interfaces are disabled from handling RIP messages If the peer is configured to send multicast messages the same should be configured on the local end Solut...

Страница 991: ...outing A routing policy is used on the router for route inspection filtering attributes modifying when routes are received advertised or redistributed Policy routing is a routing mechanism based on th...

Страница 992: ...dicates the matching sequence of items in the IP prefix list The filtering relation among items is logical OR During matching the router compares the packet with the items in the ascending order If on...

Страница 993: ...es the routing policy to filter routing information Routing Policy Configuration Task List To configure a routing policy perform the tasks described in the following sections Defining Filtering Lists...

Страница 994: ...d the route passes the IP prefix list without needing to match the next item To define an IPv6 prefix list use the following commands n If all items are set to the deny mode no routes can pass the IPv...

Страница 995: ...he relation between items is logic OR that is if routing information matches one of these items it passes the extended community list To define an extended community list use the following commands To...

Страница 996: ...ing information meeting the node s conditions will be handled using the apply clauses of this node without needing to match against the next node If routing information does not meet the node s condit...

Страница 997: ...fix list ipv6 prefix name Optional Not configured by default Match routes having AS path attributes specified in the AS path ACL s if match as path as path acl number 1 16 Optional Not configured by d...

Страница 998: ...ternal external type1 external type2 external type1or2 is is level 1 is is level 2 nssa external type 1 nssa external type 2 nssa external type 1or2 Optional Not configured by default Match RIP OSPF o...

Страница 999: ...distribution for IPv6 routes apply ipv6 next hop ipv6 address Optional Not set by default The next hop set using the apply ip address next hop command does not take effect for route redistribution Red...

Страница 1000: ...and Remarks Display BGP AS path ACL information display ip as path as path number Available in any view Display BGP community list information display ip community list basic community list number adv...

Страница 1001: ...outerC Ethernet1 2 quit Configure Router B RouterB isis RouterB isis 1 is level level 2 RouterB isis 1 network entity 10 0000 0000 0002 00 RouterB isis 1 quit RouterB interface serial 2 1 RouterB Seri...

Страница 1002: ...ix a index 10 permit 172 17 1 0 24 5 Configure a routing policy on Router B RouterB route policy isis2ospf permit node 10 RouterB route policy if match ip prefix prefix a RouterB route policy apply co...

Страница 1003: ...0 32 and 40 32 pass routes in 30 32 filtered Display RIPng routing table information on Router B to verify the configuration Network diagram Figure 301 Network diagram for routing policy application t...

Страница 1004: ...er A RouterA ripng RouterA ripng 1 import route static route policy static2ripng 2 Configure Router B Configure the IPv6 address for Serial 2 0 and enable PPP RouterB system view RouterB ipv6 RouterB...

Страница 1005: ...e display ip ip prefix command to display IP prefix list information 2 Use the display route policy command to display routing policy information IPv6 Routing Information Filtering Failure Symptom Fil...

Страница 1006: ...1006 CHAPTER 60 ROUTING POLICY CONFIGURATION...

Страница 1007: ...ic routes is that they cannot adapt to network topology changes If a fault or a topological change occurs to the network the routes will be unavailable and the network breaks In this case the network...

Страница 1008: ...erface is a point to point interface there is no need to configure the next hop address You need not change the configuration even if the peer s address changes For example a PPP interface obtains the...

Страница 1009: ...lowing method is used to detect reachability of the static route s next hop Detecting Nexthop Reachability Through Track If you specify the nexthop but not outgoing interface when configuring a static...

Страница 1010: ...Maintaining Static Routes Configuration Example Network requirements The routers interfaces and the hosts IP addresses and masks are shown in the following figure Static routes are required for inter...

Страница 1011: ...ute on Router C RouterC system view RouterC ip route static 0 0 0 0 0 0 0 0 1 1 5 5 3 Configure the hosts The default gateways for the three hosts Host A Host B and Host C are 1 1 2 3 1 1 6 1 and 1 1...

Страница 1012: ...1 1 4 1 Eth1 0 1 1 3 0 24 Static 60 0 1 1 5 6 Eth1 1 1 1 4 0 30 Direct 0 0 1 1 4 2 Eth1 0 1 1 4 2 32 Direct 0 0 127 0 0 1 InLoop0 1 1 5 4 30 Direct 0 0 1 1 5 5 Eth1 1 1 1 5 5 32 Direct 0 0 127 0 0 1 I...

Страница 1013: ...Configuration Example 1013 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...

Страница 1014: ...1014 CHAPTER 61 STATIC ROUTING CONFIGURATION...

Страница 1015: ...v6 BGP Configuration on page 1041 IPv6 BGP Overview BGP 4 manages only IPv4 routing information thus other network layer protocols such as IPv6 are not supported To support multiple network layer prot...

Страница 1016: ...shing No Session to a Peer Peer Group on page 1019 Optional Logging Session State and Event Information of a Peer Peer Group on page 1019 Optional IPv6 BGP Configuration on page 1015 Configuring IPv6...

Страница 1017: ...er of Load Balanced Routes on page 1026 Optional IPv6 BGP Configuration on page 1015 Configuring IPv6 BGP Peer Group on page 1027 Optional Configuring IPv6 BGP Community on page 1028 Optional Configur...

Страница 1018: ...loopback interface By doing so a connection failure upon redundancy availability will not affect IPv6 BGP connection To establish multiple BGP connections to an IPv6 BGP router you need to specify on...

Страница 1019: ...p Logging Session State and Event Information of a Peer Peer Group Follow these steps to log on the session and event information of a peer peer group To do Use the command Remarks Enter system view s...

Страница 1020: ...t redistribute any IGP default route Advertising a Default Route to a Peer Peer Group Follow these steps to advertise default route to a peer peer group Enable global logging log peer change Optional...

Страница 1021: ...the command Remarks To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Required Enter IPv6 address family view ipv6 family Configure outbound route filtering filt...

Страница 1022: ...y route policy name import Required Not applied by default Specify an ACL to filter routes imported from a peer peer group peer ipv6 group name ipv6 address filter policy acl6 number import Required N...

Страница 1023: ...ext hop network that is the two EBGP peers reside in a common broadcast subnet the router does not specify itself as the next hop Configure IPv6 BGP route dampening parameters dampening half life reac...

Страница 1024: ...l Not configured by default Prioritize MED values of routes from confederation peers bestroute med confederation Optional Not configured by default To do Use the command Remarks Enter system view syst...

Страница 1025: ...re the local router can perform dynamic routing information update and apply the new policy without tearing down connections If a router not supporting route refresh exists in the network you need to...

Страница 1026: ...command Remarks Enter system view system view Enter BGP view bgp as number Required Enter IPv6 address family view ipv6 family Enable route refresh peer ipv6 group name ipv6 address capability advert...

Страница 1027: ...ctical when there are too many IBGP peers Using route reflectors or confederation can solve it In a large scale AS both of them can be used Confederation configuration of IPv6 BGP is identical to that...

Страница 1028: ...nal Required Configure the AS number for the peer group peer ipv6 group name as number as number Required Not configured by default Add an IPv6 peer into the peer group peer ipv6 address group ipv6 gr...

Страница 1029: ...sition technology with which Internet service providers ISPs can use existing IPv4 backbone networks to provide access Advertise extended community attribute to a peer peer group peer ipv6 group name...

Страница 1030: ...MPLS capability When an ISP wants to utilize the existing IPv4 MPLS network to provide IPv6 traffic switching capability through MPLS only the PE routers need to be upgraded Therefore it is undoubted...

Страница 1031: ...vertise community Optional Not advertised by default Advertise extended community attribute to the 6PE peer or peer group peer group name ipv4 address advertise ext community Optional Not advertised b...

Страница 1032: ...Apply a routing policy to routes outgoing or incoming from the 6PE peer or peer group peer group name ipv4 address route policy route policy name import export Not applied by default Display informat...

Страница 1033: ...tion matched by an IPv6 BGP community list display bgp ipv6 routing table community list basic community list number whole match adv community list number 1 16 Display BGP dampened routing information...

Страница 1034: ...connections Configure Router B To do Use the command Remarks Perform soft reset on IPv6 BGP connections refresh bgp ipv6 ipv4 address ipv6 address all external group ipv6 group name internal export i...

Страница 1035: ...quit RouterC bgp quit Configure Router D RouterD system view RouterD ipv6 RouterD bgp 65009 RouterD bgp router id 4 4 4 4 RouterD bgp ipv6 family RouterD bgp af ipv6 peer 9 1 1 as number 65009 RouterD...

Страница 1036: ...2 4 65009 4 5 0 0 00 01 52 Established Router A and B established an EBGP connection Router B C and D established IBGP connections with each other IPv6 BGP Route Reflector Configuration Network requir...

Страница 1037: ...200 Configure Router D RouterD system view RouterD ipv6 RouterD bgp 200 RouterD bgp router id 4 4 4 4 RouterD bgp ipv6 family RouterD bgp af ipv6 peer 102 1 as number 200 3 Configure route reflector C...

Страница 1038: ...CE1 Serial2 0 quit CE1 interface loopback0 CE1 LoopBack0 ipv6 address 1 1 128 CE1 LoopBack0 quit Configure an IPv6 static route to PE 1 CE1 ipv6 route static 0 serial2 0 2 Configure PE 1 Enable IPv6 p...

Страница 1039: ...IPv6 direct and static routes PE1 bgp 65100 PE1 bgp peer 3 3 3 3 as number 65100 PE1 bgp peer 3 3 3 3 connect interface loopback 0 PE1 bgp ipv6 family PE1 bgp af ipv6 import route direct PE1 bgp af ip...

Страница 1040: ...oute direct PE2 bgp af ipv6 import route static PE2 bgp af ipv6 peer 2 2 2 2 enable PE2 bgp af ipv6 peer 2 2 2 2 label route capability PE2 bgp af ipv6 quit PE2 bgp quit Configure the static route to...

Страница 1041: ...Local router ID is 2 2 2 2 Status codes valid best d damped h history i internal s suppressed Network 1 1 PrefixLen 128 NextHop FE80 E142 0 4607 1 LocPrf Path MED 0 PrefVal 0 Network 2 2 PrefixLen 12...

Страница 1042: ...v6 peer command to verify the peer s IPv6 address 3 If the loopback interface is used check whether the peer connect interface command is configured 4 If the peer is not directly connected check wheth...

Страница 1043: ...pport for IS IS TLV is a variable field in the Link State PDU or Link State Packet LSP The two TLVs are IPv6 Reachability Defines the prefix metric of routing information to indicate the network reach...

Страница 1044: ...interface isis ipv6 enable process id Required Disabled by default To do Use command to Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Define the...

Страница 1045: ...oad balancing number Optional To do Use command to Remarks To do Use the command Remarks Display brief IPv6 IS IS information display isis brief Available in any view Display the status of the debug s...

Страница 1046: ...iew RouterA isis 1 RouterA isis 1 is level level 1 RouterA isis 1 network entity 10 0000 0000 0001 00 RouterA isis 1 ipv6 enable RouterA isis 1 quit RouterA interface serial 2 0 RouterA Serial2 0 isis...

Страница 1047: ...quit RouterC interface serial 2 0 RouterC Serial2 0 isis ipv6 enable 1 RouterC Serial2 0 quit RouterC interface serial 2 1 RouterC Serial2 1 isis ipv6 enable 1 RouterC Serial2 1 quit RouterC interface...

Страница 1048: ...1048 CHAPTER 63 IPV6 IS IS CONFIGURATION...

Страница 1049: ...ng IPv6 and compliant with RFC2740 OSPF for IPv6 Identical parts between OSPFv3 and OSPFv2 32 bits router ID and area ID Packets Hello DD Data Description LSR Link State Request LSU Link State Update...

Страница 1050: ...rea Each Inter Area Prefix LSA describes a route with IPv6 address prefix to a destination outside the area yet still inside the AS an inter area route Inter Area Router LSAs Similar to Type 4 LSA of...

Страница 1051: ...an age in the local LSDB incremented by 1 per second but an LSA is not aged on transmission You need to add an LSA delay time into the age time before transmission which is important for low speed net...

Страница 1052: ...PFv3 Load balanced Routes on page 1055 Optional Configuring a Priority for OSPFv3 on page 1055 Optional Configuring OSPFv3 Route Redistribution on page 1056 Optional Tuning and Optimizing an OSPFv3 Ne...

Страница 1053: ...vity In practice necessary physical links may not be available for connectivity You can configure virtual links to address it Prerequisites Enable IPv6 packet forwarding Configure OSPFv3 basic functio...

Страница 1054: ...To configure route summarization between areas use the following command on an ABR n The abr summary command is available on ABRs only If contiguous network segments are available in an area you can u...

Страница 1055: ...te the route found by the protocol with the highest priority is selected To configure a priority for OSPFv3 use the following commands To do Use the command Remarks Enter system view system view Enter...

Страница 1056: ...ied especially for low speed links SPF timer Specified to protect networks from being over consumed due to frequent network changes For a broadcast network you can configure DR priorities for interfac...

Страница 1057: ...mber Configure hello interval ospfv3 timer hello seconds instance instance id Optional Defaults to 10 seconds on P2P broadcast interfaces Configure dead interval ospfv3 timer dead seconds instance ins...

Страница 1058: ...re no neighboring relationship can be established on the interface This feature can enhance the adaptability of OSPFv3 networking Enabling the Logging on Neighbor State Changes To enable the logging o...

Страница 1059: ...r intra prefix link network router link state id originate router router id total Display LSA statistics in OSPFv3 LSDB display ospfv3 lsdb statistic Display OSPFv3 neighbor information display ospfv3...

Страница 1060: ...l2 1 ospfv3 1 area 1 RouterA Serial2 1 quit Configure Router B RouterB system view RouterB ipv6 RouterB ospfv3 1 RouterB ospf 1 router id 2 2 2 2 RouterB ospf 1 quit RouterB interface serial 2 0 Route...

Страница 1061: ...Fv3 Area ID 0 0 0 1 Process 1 Neighbor ID Pri State Dead Time Interface Instance ID 1 1 1 1 1 Full DR 00 00 35 S2 1 0 Display OSPFv3 neighbor information on Router C RouterC display ospfv3 peer OSPFv3...

Страница 1062: ...cost RouterD display ospfv3 routing E1 Type 1 external route IA Inter area route I Intra area route E2 Type 2 external route Selected route OSPFv3 Router with ID 4 4 4 4 Process 1 Destination 0 Type...

Страница 1063: ...priority on the network so it will be the DR The priority of RouterC is 2 the second highest priority on the network so it will be the BDR The priority of RouterB is 0 so it cannot become the DR Rout...

Страница 1064: ...D Ethernet1 0 ospfv3 1 area 0 RouterD Ethernet1 0 quit Display neighbor information on Router A You can find routers have the same default DR priority 1 In this case the router with the highest Router...

Страница 1065: ...32 Eth1 0 0 4 4 4 4 1 Full DR 00 00 36 Eth1 0 0 Display neighbor information on Router D You can find Router D is still the DR RouterD display ospfv3 peer OSPFv3 Area ID 0 0 0 0 Process 1 Neighbor ID...

Страница 1066: ...s The dead interval on an interface must be at least four times the hello interval 5 On a broadcast network at least one interface must have a DR priority higher than 0 Incorrect Routing Information S...

Страница 1067: ...oubleshooting OSPFv3 Configuration 1067 5 In a Stub area all routers are configured with the stub command 6 If a virtual link is configured use the display ospf vlink command to check the neighbor sta...

Страница 1068: ...1068 CHAPTER 64 IPV6 OSPFV3 CONFIGURATION...

Страница 1069: ...bit Source address RIPng uses FE80 10 as the link local source address RIPng Working Mechanism RIPng is a routing protocol based on the distance vector D V algorithm RIPng uses UDP packets to exchang...

Страница 1070: ...tion on page 991 RIPng Packet Format Basic format A RIPng packet consists of a header and multiple Route Table Entries RTEs The maximum number of RTEs in a packet depends on the MTU of the sending int...

Страница 1071: ...onse messages If there are multiple RTEs in the request message the RIPng router will examine each RTE update its metric and send the requested routing information to the requesting router in the resp...

Страница 1072: ...onfiguring a RIPng Priority Configuring RIPng Route Redistribution Before the configuration accomplish the following tasks first Configure an IPv6 address on each interface and make sure all nodes are...

Страница 1073: ...ived advertised routing information as needed For filtering outbound routes you can also specify a routing protocol from which to filter routing information redistributed Follow these steps to configu...

Страница 1074: ...onfigure a filter policy to filter incoming routes filter policy acl6 number ipv6 prefix ipv6 prefix name import Required By default RIPng does not filter incoming routing information Configure a filt...

Страница 1075: ...ese steps to configure the split horizon n Generally you are recommended to enable the split horizon to prevent routing loops In Frame Relay X 25 and other non broadcast multi access NBMA networks spl...

Страница 1076: ...eps to configure RIPng zero field check Configuring the Maximum Number of Load Balanced Routes Follow these steps to configure the maximum number of RIPng load balanced routes with equal cost Displayi...

Страница 1077: ...t 1 0 RouterA Ethernet1 0 ripng 1 enable RouterA Ethernet1 0 quit RouterA interface ethernet 1 1 RouterA Ethernet1 1 ripng 1 enable RouterA Ethernet1 1 quit Configure Router B RouterB system view Rout...

Страница 1078: ...E00 100 on Ethernet1 1 Dest 3 64 via FE80 20F E2FF FE00 100 cost 1 tag 0 A 11 Sec Dest 4 64 via FE80 20F E2FF FE00 100 cost 1 tag 0 A 11 Sec Dest 5 64 via FE80 20F E2FF FE00 100 cost 1 tag 0 A 11 Sec...

Страница 1079: ...isplay ripng 1 route Route Flags A Aging S Suppressed G Garbage collect Peer FE80 20F E2FF FE00 1235 on GigabitEthernet0 1 Dest 1 64 via FE80 20F E2FF FE00 1235 cost 1 tag 0 A 2 Sec Dest 4 64 via FE80...

Страница 1080: ...1080 CHAPTER 65 IPV6 RIPNG CONFIGURATION...

Страница 1081: ...tures of IPv6 Static Routes Similar to IPv4 static routes IPv6 static routes work well in simple IPv6 network environments Their major difference lies in the destination and next hop addresses IPv6 st...

Страница 1082: ...default route IPv6 Static Routing Configuration Example Network requirements With IPv6 static routes configured all hosts and routers can interact with each other The serial ports of the routers use...

Страница 1083: ...v6 route on Router C RouterC system view RouterC ipv6 route static 0 serial 2 0 3 Configure the IPv6 addresses of hosts and gateways Configure the IPv6 addresses of all the hosts based upon the networ...

Страница 1084: ...ost 0 Check connectivity with the ping command RouterA ping ipv6 3 1 PING 3 1 56 data bytes press CTRL_C to break Reply from 3 1 bytes 56 Sequence 1 hop limit 254 time 63 ms Reply from 3 1 bytes 56 Se...

Страница 1085: ...technology a network operator can easily provide new value added services such as live Webcasting Web TV distance learning telemedicine Web radio real time videoconferencing and other bandwidth and ti...

Страница 1086: ...source broadcasts the information Hosts A and C also receive it In addition to information security issues this also causes traffic flooding on the same network Therefore broadcast is disadvantageous...

Страница 1087: ...t multicast uses the network bandwidth reasonably and brings no waste of network resources and enhances network security Roles in Multicast The following roles are involved in multicast transmission A...

Страница 1088: ...applications stock quotes Any other point to multiple point data distribution application Multicast Models Based on how the receivers treat the multicast sources there are two multicast models ASM mo...

Страница 1089: ...to end service The multicast architecture involves the following four parts 1 Addressing mechanism Information is sent from a multicast source to a group of receivers through a multicast address 2 Hos...

Страница 1090: ...0 0 8 SSM group addresses and 233 0 0 0 8 Glop group addresses for details see RFC 2770 239 0 0 0 to 239 255 255 255 Administratively scoped multicast addresses for ASM SFM These addresses are consid...

Страница 1091: ...its identifying the multicast group For details about this field refer to RFC 3306 Ethernet multicast MAC addresses When a unicast IP packet is transmitted over Ethernet the destination MAC address is...

Страница 1092: ...ress FF1E F30E 0101 to a MAC address Figure 321 An example of IPv6 to MAC address mapping Multicast Protocols n Generally we refer to IP multicast working at the network layer as Layer 3 multicast and...

Страница 1093: ...Layer 3 multicast devices directly connected with the hosts These protocols define the mechanism of establishing and maintaining group memberships between hosts and Layer 3 multicast devices 2 Multic...

Страница 1094: ...evices Internet Group Management Protocol Snooping IGMP Snooping and Multicast Listener Discovery Snooping MLD Snooping are multicast constraining mechanisms that manage and control multicast groups b...

Страница 1095: ...arding To process the same multicast information from different peers received on different interfaces of the same device every multicast packet is subject to a reverse path forwarding RPF check on th...

Страница 1096: ...tains a set of independent multicast forwarding mechanism for each instance including various multicast protocols a list of PIM neighbors and a multicast routing table per instance Each instance searc...

Страница 1097: ...ting table The multicast forwarding table is directly used to control the forwarding of multicast packets A multicast forwarding table consists of a set of S G entries each indicating the routing info...

Страница 1098: ...multicast forwarding table If the interface on which the packet actually arrived is the RPF interface the RPF check is successful and the router forwards the packet to all the outgoing interfaces If t...

Страница 1099: ...source based tree from the multicast source to the rendezvous point RP packet source means the multicast source For a packet traveling along the rendezvous point tree RPT from the RP to the receivers...

Страница 1100: ...of guiding multicast forwarding so it is also called an RPF static route A multicast static route is effective on the multicast router on which it is configured and will not be broadcast throughout t...

Страница 1101: ...The querier sends a query to the last hop router 2 Upon receiving the query the last hop router turns the query packet into a request packet by adding a response data block containing its interface ad...

Страница 1102: ...his tunnel Configuration Task List Complete these tasks to configure multicast routing and forwarding Configuring Multicast Routing and Forwarding Configuration Prerequisites Before configuring multic...

Страница 1103: ...ication environment a multicast static route has the following two functions Changing an RPF route If the multicast topology structure is the same as the unicast topology in a network the delivery pat...

Страница 1104: ...g Range Multicast packets do not travel without a boundary in a network The multicast data corresponding to each multicast group must be transmitted within a definite scope Presently you can define a...

Страница 1105: ...al to the minimum TTL value configured on the interface the packet will be discarded Follow these steps to configure a multicast forwarding range Configuring Multicast Forwarding Table Size Too many m...

Страница 1106: ...rks Enter system view system view Configure the maximum number of downstream nodes for a single route in the multicast forwarding table multicast forwarding table downstream limit limit Optional The d...

Страница 1107: ...terface type interface number register outgoing interface exclude include match interface type interface number register Available in any view View the information of the multicast static routing tabl...

Страница 1108: ...onfiguration Configuration procedure 1 Configure interface IP addresses and enable unicast routing on each router Configure the IP address and subnet mask for each interface as per Figure 328 The deta...

Страница 1109: ...pim dm RouterA Ethernet1 1 quit RouterA interface ethernet 1 2 RouterA Ethernet1 2 pim dm RouterA Ethernet1 2 quit The configuration on Router C is similar to the configuration on Router A The specif...

Страница 1110: ...routes to Router A Typically Receiver can receive the multicast data from Source 1 in the OSPF domain Perform the following configuration so that Receiver can receive multicast data from Source 2 whic...

Страница 1111: ...ethernet 1 1 RouterA Ethernet1 1 pim dm RouterA Ethernet1 1 quit The configuration on Router B is similar to that on Router A The specific configuration steps are omitted here Use the display multicas...

Страница 1112: ...atch the current network conditions the route entry and the configuration information of multicast static routes do not exist in the multicast routing table If the optimal route is found the multicast...

Страница 1113: ...ulticast forwarding boundary has been configured through the multicast boundary command any multicast packet will be kept from crossing the boundary Solution 1 Use the display pim routing table comman...

Страница 1114: ...1114 CHAPTER 68 MULTICAST ROUTING AND FORWARDING CONFIGURATION...

Страница 1115: ...1 documented in RFC 1112 IGMPv2 documented in RFC 2236 IGMPv3 documented in RFC 3376 All IGMP versions support the Any Source Multicast ASM model In addition IGMPv3 can be directly used to implement t...

Страница 1116: ...B for joining G1 Upon hearing the report Host C will suppress itself from sending a report message for the same multicast group because the IGMP routers Router A and Router B already know that at lea...

Страница 1117: ...nd all other IGMPv2 routers become non queriers 3 All the non queriers start a timer known as other querier present timer If a router receives an IGMP query from the querier before the timer expires i...

Страница 1118: ...Source 2 S2 both of which can send multicast data to multicast group G Host B is interested only in the multicast data that Source 1 sends to G but not in the data from Source 2 Figure 331 Flow paths...

Страница 1119: ...system wishes to hear from for packets sent to the specified multicast address If the change was to an Include source list these are the addresses that were added to the list if the change was to an...

Страница 1120: ...M SM Before configuring the basic functions of IGMP prepare the following data IGMP version Multicast group and multicast source addresses for static group member configuration ACL rule for multicast...

Страница 1121: ...erface interface type interface number Enable IGMP igmp enable Required Disabled by default To do Use the command Description Enter system view system view Create a VPN instance and enter VPN instance...

Страница 1122: ...when it joins or leaves a multicast group In other words the interface will not become a real member of the multicast group Configuring a Multicast Group Filter To restrict the hosts on the network at...

Страница 1123: ...source specific queries and multicast groups change dynamically a device cannot join all multicast groups Therefore when receiving a multicast packet but unable to locate the outgoing interface for th...

Страница 1124: ...group it has joined This timer is initialized to a random value in the range of 0 to the maximum response time which is derived from the Max Response Time field in the IGMP query When the timer value...

Страница 1125: ...e parameters globally Configuring IGMP query and response parameters on an interface Follow these steps to configure IGMP query and response parameters on an interface To do Use the command Descriptio...

Страница 1126: ...s such as ADSL dial up networking only one multicast receiver host is attached to a port of the IGMP querier To allow fast response to the leave messages of the host when it switches frequently from o...

Страница 1127: ...evices in the PIM network through POS5 0 Configure IGMP fast leave processing fast leave group policy acl number Required Disabled by default To do Use the command Description Enter system view system...

Страница 1128: ...l for interoperation among the routers Ensure the network layer interoperation among Router A Router B and Router C on the PIM network and dynamic update of routing information among the routers throu...

Страница 1129: ...r example View IGMP information on Ethernet 1 0 of Router B RouterB display igmp interface ethernet 1 0 Ethernet1 0 10 110 2 1 IGMP is enabled Current IGMP version is 2 Value of query interval for IGM...

Страница 1130: ...nd to check whether the igmp group policy command has been executed If the host is restricted from joining the multicast group G the ACL rule must be modified to allow receiving the reports for the mu...

Страница 1131: ...r multicast source information in other PIM SM domains In the basic PIM SM mode a multicast source registers only with the RP in the local PIM SM domain and the multicast source information of a domai...

Страница 1132: ...Receiver side MSDP peer the MSDP peer nearest to the receivers typically the receiver side RP like RP 3 Upon receiving an SA message the receiver side MSDP peer resolves the multicast source informati...

Страница 1133: ...t group G DR 1 encapsulates the multicast data within a register message and sends the register message to RP 1 Then RP 1 gets aware of the information related to the multicast source 2 As the source...

Страница 1134: ...elationships among one another and share the same group name is used on all the members of an MSDP mesh group When using MSDP for inter domain multicasting once an RP receives information form a multi...

Страница 1135: ...d RP 5 3 When RP 4 and RP 5 receive the SA message from RP 3 Because the SA message is from an MSDP peer RP 3 in the same mesh group RP 4 and RP 5 both accept the SA message but they do not forward th...

Страница 1136: ...o multicast group G and Receiver is a member of the multicast group To implement Anycast RP configure the same IP address known as anycast RP address typically a private address on Router A and Router...

Страница 1137: ...255 255 for the Anycast RP address namely configure the Anycast RP address into a host address An MSDP peer address must be different from the Anycast RP address Multi Instance MSDP MSDP peering relat...

Страница 1138: ...steps to enable MSDP globally in the public instance Enabling MSDP in a VPN instance Configuring an MSDP Peer Connection on page 1140 Configuring MSDP Peer Description on page 1140 Optional Configuri...

Страница 1139: ...N instance view ip vpn instance vpn instance name Configure a route distinguisher RD for the VPN instance route distinguisher route distinguisher Required No RD is configured by default Enable IP mult...

Страница 1140: ...flooding among these MSDP peers and optimize the multicast traffic On one hand an MSDP peer in an MSDP mesh group forwards SA messages from outside the mesh group that have passed the RPF check to th...

Страница 1141: ...on is required You can flexibly adjust the interval between MSDP peering connection retries Follow these steps to configure MSDP peer connection control Configuring SA Messages Configuration Prerequis...

Страница 1142: ...s to one another Upon receiving an SA message a router performs RPF check on the message If the router finds that the remote RP address is the same as the local RP address it will discard the SA messa...

Страница 1143: ...e reception or forwarding An SA message with encapsulated multicast data can be forwarded to a designated MSDP peer only if the TTL value in its IP header exceeds the threshold Therefore you can contr...

Страница 1144: ...to be encapsulated in SA messages peer peer address minimum ttl ttl value Optional 0 by default To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter public i...

Страница 1145: ...C Router D and Router F be configured as the C BSR and C RP of the respective PIM SM domains It is required that an MSDP peering relationship be established between Router C and Router D through EBGP...

Страница 1146: ...in PIM SM 3 and ensure the dynamic update of routing information between the routers in each PIM SM domain through a unicast routing protocol Detailed configuration steps are omitted 2 Enable IP mult...

Страница 1147: ...the position of Loopback0 C BSR and C RP on Router C RouterC interface loopback 0 RouterC LoopBack0 ip address 1 1 1 1 255 255 255 255 RouterC LoopBack0 pim sm RouterC LoopBack0 quit RouterC pim Rout...

Страница 1148: ...sgRcvd MsgSent OutQ PrefRcv Up Down State 192 168 1 2 4 200 24 21 0 6 00 13 09 Established View the information about BGP peering relationship on Router D RouterD display bgp peer BGP local router ID...

Страница 1149: ...2 168 3 2 connect interface serial 2 0 RouterD msdp quit Configure MSDP peers on Router F RouterF msdp RouterF msdp peer 192 168 3 1 connect interface serial 2 0 RouterF msdp quit When the multicast s...

Страница 1150: ...rt policy none Information about SA Requests Policy to accept SA Request messages none Sending SA Requests status disable Minimum TTL to forward SA with encapsulated data 0 SAs learned from this peer...

Страница 1151: ...net 1 0 RouterB system view RouterB multicast routing enable RouterB interface ethernet 1 0 RouterB Ethernet1 0 igmp enable Device Interface IP address Device Interface IP address Source 1 10 110 5 10...

Страница 1152: ...e loopback 20 RouterB LoopBack20 ip address 10 1 1 1 32 RouterB LoopBack20 pim sm RouterB LoopBack20 quit RouterB pim RouterB pim c bsr loopback 10 RouterB pim c rp loopback 20 RouterB pim quit The co...

Страница 1153: ...play pim routing table command When Source 1 10 110 5 100 24 sends multicast data to multicast group G 225 1 1 1 24 Receiver 1 joins multicast group G By comparing the PIM routing information displaye...

Страница 1154: ...w the PIM routing information on Router D RouterD display pim routing table Vpn instance public net Total 1 G entry 1 S G entry 225 1 1 1 RP 10 1 1 1 local Protocol pim sm Flag WC UpTime 00 12 07 Upst...

Страница 1155: ...RPF peer of Router D and Router F so that any router can receive SA messages only from its static RPF peer s and permitted by the corresponding filtering policy Network diagram Figure 339 Network diag...

Страница 1156: ...rC multicast routing enable RouterC interface pos 5 0 RouterC Pos5 0 pim sm RouterC Pos5 0 quit RouterC interface serial 2 0 RouterC Serial2 0 pim sm The configuration on Router A Router B Router D Ro...

Страница 1157: ...er 192 168 3 1 connect interface serial 2 0 RouterF msdp static rpf peer 192 168 3 1 rp policy list c RouterF msdp quit 5 Verify the configuration Carry out the display bgp peer command to view the BG...

Страница 1158: ...ion 1 Check that a route is available between the routers Carry out the display ip routing table command to check whether the unicast route between the routers is correct 2 Check that a unicast route...

Страница 1159: ...P address and the C BSR and C RP must be configured on different devices or interfaces If the originating rp command is executed MSDP will replace the RP address in the SA messages with the address of...

Страница 1160: ...1160 CHAPTER 70 MSDP CONFIGURATION...

Страница 1161: ...s the corresponding multicast routing entries are created through unicast routes PIM uses the reverse path forwarding RPF mechanism to implement multicast forwarding When a multicast packet arrives on...

Страница 1162: ...ith other routers and builds and maintains SPTs by periodically multicasting hello messages to all other PIM routers 224 0 0 13 n Every activated interface on a router sends hello messages periodicall...

Страница 1163: ...a graft mechanism to resume data forwarding to that branch The process is as follows 1 The node that needs to receive multicast data sends a graft message hop by hop toward the source as a request to...

Страница 1164: ...o the source the router with a smaller metric to the source wins 3 If there is a tie in route metric to the source the router with a higher IP address of the local interface wins Introduction to PIM S...

Страница 1165: ...discovery DR election RP discovery RPT building Multicast source registration Switchover from RPT to SPT Assert Neighbor discovery PIM SM uses exactly the same neighbor discovery mechanism as PIM DM...

Страница 1166: ...raffic needs to be forwarded through the RP To lessen the RP burden and optimize the topological structure of the RPT each multicast group should have its own RP Therefore a bootstrap mechanism is nee...

Страница 1167: ...uses an IGMP message to inform the directly connected DR 2 Upon getting the receiver information the DR sends a join message which is hop by hop forwarded to the RP corresponding to the multicast gro...

Страница 1168: ...ds the first multicast packet to a multicast group G the DR directly connected with the multicast source upon receiving the multicast packet encapsulates the packet in a PIM register message and sends...

Страница 1169: ...more economically than PIM DM does through the flood and prune mechanism Assert PIM SM uses exactly the same assert mechanism as PIM DM does Refer to Assert on page 1163 Introduction to BSR Admin sco...

Страница 1170: ...ther Figure 347 Relationship between BSR admin scope regions and the global scope zone in group address ranges In Figure 347 the group address ranges of admin scope scope regions BSR1 and BSR2 have no...

Страница 1171: ...ASM model are two opposite models Presently the ASM model includes the PIM DM and PIM SM modes The SSM model can be implemented by leveraging part of the PIM SM technique The SSM model provides a sol...

Страница 1172: ...y hop toward the multicast source S An Include S G or Exclude S G entry is created on all routers on the path from the DR to the source Thus an SPT is built in the network with the source S as its roo...

Страница 1173: ...r PIM Sparse Mode draft ietf ssm arch 02 Source Specific Multicast for IP draft ietf ssm overview 04 An Overview of Source Specific Multicast SSM Configuring PIM DM PIM DM Configuration Task List Comp...

Страница 1174: ...these steps to enable the state refresh capability To do Use the command Remarks Enter system view system view Enable IP multicast routing multicast routing enable Required Disable by default Enter i...

Страница 1175: ...To effectively control the propagation scope of state refresh messages you need to configure an appropriate TTL value based on the network size Follow these steps to configure state refresh parameter...

Страница 1176: ...retry period pim timer graft retry interval Optional 3 seconds by default To do Use the command Remarks Task Remarks Configuring PIM SM on page 1176 Required Configuring a BSR on page 1178 Performing...

Страница 1177: ...PIM SM domain you are recommended to enable PIM SM on all interfaces of non border routers border routers are PIM enabled routers located on the boundary of BSR admin scope regions Enabling PIM SM glo...

Страница 1178: ...IM SM C BSRs should be configured on routers in the backbone network When configuring a router as a C BSR be sure that this router is PIM SM enabled The BSR election process is as follows Initially ev...

Страница 1179: ...ange and thus this kind of attacks can be prevented The above mentioned preventive measures can partially protect the security of BSRs in a network However if a legal BSR is controlled by an attacker...

Страница 1180: ...to specific multicast groups Follow these steps to configure an admin scope C BSR Configuring a BSR admin scope region boundary A BSR has its specific service scope A number of BSR boundary interfaces...

Страница 1181: ...e bootstrap interval By default the bootstrap interval is determined by this formula Bootstrap interval Bootstrap timeout 10 2 The default bootstrap timeout is 130 seconds so the default bootstrap int...

Страница 1182: ...hroughout the entire network Then the other routers in the network calculate the mappings between specific group ranges and the corresponding RPs based on the RP set We recommend that you configure C...

Страница 1183: ...floods the bootstrap messages to all PIM routers 224 0 0 13 in the network Each C RP encapsulates a timeout value in its C RP Adv message Upon receiving this message the BSR obtains this timeout valu...

Страница 1184: ...ages encapsulated with multicast data and starts a register stop timer When the register stop timer expires the DR sends a null register message a register message without encapsulated multicast data...

Страница 1185: ...win the DR election and on the C RPs that may win RP elections If the multicast source is learned through MSDP the device will switch to the SPT immediately after it receives the first multicast pack...

Страница 1186: ...n a VPN instance c CAUTION All the interfaces in the same VPN instance on the same device must work in the same PIM mode Configuring the SSM Group Range As for whether the information from a multicast...

Страница 1187: ...nterfaces while configurations performed in interface view are effective to the current interface only If the same function or parameter is configured in both PIM view and interface view the configura...

Страница 1188: ...filters These filters can help implement traffic control on one hand and control the information available to receivers downstream to enhance data security on the other hand Follow these steps to conf...

Страница 1189: ...override message When a router receives a prune message from a downstream router it does not perform the prune action immediately instead it maintains the current forwarding state for a period of tim...

Страница 1190: ...figure PIM neighbor timeout time hello option holdtime interval Optional 105 seconds by default Configure the prune delay time LAN delay hello option lan delay interval Optional 500 milliseconds by de...

Страница 1191: ...m vpn instance vpn instance name Configure the hello interval timer hello interval Optional 30 seconds by default Configure assert timeout time holdtime assert interval Optional 180 seconds by default...

Страница 1192: ...isplay pim vpn instance vpn instance name all instance bsr info Available in any view View the information of unicast routes used by PIM display pim vpn instance vpn instance name all instance claimed...

Страница 1193: ...rough their respective POS 5 0 IGMPv2 is required on Router A Router B Router C and hosts in N1 and N2 Router B is the IGMP querier on the multi access subnet View the content of the PIM routing table...

Страница 1194: ...ol Detailed configuration steps are omitted here 2 Enable IP multicast routing and enable PIM DM on each interface Enable IP multicast routing on Router A enable PIM DM on each interface and enable IG...

Страница 1195: ...os 5 1 RouterD Pos5 1 pim dm RouterD Pos5 1 quit 3 Verify the configuration Carry out the display pim interface command to view the PIM configuration and running status on each interface For example V...

Страница 1196: ...Downstream interface s information Total number of downstreams 1 1 Ethernet1 0 Protocol igmp UpTime 00 04 25 Expires never 10 110 5 100 225 1 1 1 Protocol pim dm Flag ACT UpTime 00 06 14 Upstream inte...

Страница 1197: ...N2 Router D connects to the network that comprises the multicast source Source through Ethernet 1 0 Router A connects to stub network N1 through Ethernet 1 0 and to Router D and Router E through Seria...

Страница 1198: ...mitted here 2 Enable IP multicast routing and enable PIM SM on each interface Enable IP multicast routing on Router A enable PIM SM on each interface and enable IGMPv2 on Ethernet 1 0 which connects R...

Страница 1199: ...m view RouterE acl number 2005 RouterE acl basic 2005 rule permit source 225 1 1 0 0 0 0 255 RouterE acl basic 2005 quit RouterE pim RouterE pim c bsr pos 5 2 RouterE pim c rp pos 5 2 group policy 200...

Страница 1200: ...ample View the RP information on Router A RouterA display pim rp info Vpn instance public net PIM SM BSR RP information Group MaskLen 225 1 1 0 24 RP 192 168 9 2 Priority 0 HoldTime 150 Uptime 00 51 4...

Страница 1201: ...m sm UpTime 00 00 42 Expires 00 03 06 The information on Router B and Router C is similar to that on Router A View the PIM routing table information on Router D RouterD display pim routing table Vpn i...

Страница 1202: ...es in the SSM mode Host A and Host C are multicast receivers in two stub networks Router D connects to the network that comprises the multicast source Source through Ethernet 1 0 Router A connects to...

Страница 1203: ...ed here 2 Enable IP multicast routing and enable PIM SM on each interface Enable IP multicast routing on Router A enable PIM SM on each interface and enable IGMPv3 on Ethernet 1 0 which connects Route...

Страница 1204: ...basic 2000 quit RouterA pim RouterA pim ssm policy 2000 RouterA pim quit The configuration on Router B Router C Router D and Router E is similar to the configuration on Router A 4 Verify the configur...

Страница 1205: ...00 12 05 Expires 00 03 25 Troubleshooting PIM Configuration Failure of Building a Multicast Distribution Tree Correctly Symptom None of the routers in the network including routers directly connected...

Страница 1206: ...ill surely fail causing abnormal multicast forwarding Solution 1 Check unicast routes Use the display ip routing table command to check whether a unicast route exists from the receiver host to the mul...

Страница 1207: ...warding boundary configuration Use the display current configuration command to check the multicast forwarding boundary settings Use the multicast boundary command to change the multicast forwarding b...

Страница 1208: ...messages of the BSR will not contain the information of that C RP The RP is the core of a PIM SM domain Make sure that the RP information on all routers is exactly the same a specific group G is mappe...

Страница 1209: ...IPv6 multicast forwarding table is directly used to control the forwarding of IPv6 multicast packets This is the table that guides IPv6 multicast forwarding An IPv6 multicast forwarding table consist...

Страница 1210: ...terface as the incoming interface and installs the entry into the IPv6 multicast forwarding table If the interface on which the packet actually arrived is the RPF interface the RPF check is successful...

Страница 1211: ...acket fails the RPF check and is discarded An IPv6 multicast packet from Source arrives on POS 5 1 of Router C and the IPv6 multicast forwarding table does not contain the corresponding forwarding ent...

Страница 1212: ...must enable IPv6 multicast routing Follow these steps to enable IPv6 multicast routing Configuring an IPv6 Multicast Routing Policy If more than one unicast route with the same cost exists when a mul...

Страница 1213: ...ery IPv6 multicast packet including every IPv6 multicast packet sent from the local device is subject to a hop limit check If the hop limit value of the packet already decremented by 1 on this router...

Страница 1214: ...he maximum number of downstream nodes for a single route in the IPv6 multicast forwarding table multicast ipv6 forwarding table downstream limit limit Optional The default is the maximum number allowe...

Страница 1215: ...re forwarding an IPv6 multicast packet the router decrements the hop limit value in the IPv6 packet header by 1 and recalculates the checksum Subsequently the router forwards the IPv6 multicast packet...

Страница 1216: ...nimum hop limit required for an IPv6 multicast packet to be forwarded Use the undo multicast ipv6 minimum hoplimit command on the concerned interfaces to restore the default hop limit setting or confi...

Страница 1217: ...cted subnets put corresponding records in the database and maintain timers related to IPv6 multicast addresses Routers running MLD use an IPv6 unicast link local address as the source address to send...

Страница 1218: ...n queriers start a timer known as other querier present timer If a router receives an MLD query from the querier before the timer expires it resets this timer otherwise it assumes the querier to have...

Страница 1219: ...e MLD done message the querier sends a configurable number of multicast address specific queries to the group being left The destination address field and group address field of the message are both f...

Страница 1220: ...6 multicast data Source 2 sends to G denoted as S2 G Thus only IPv6 multicast data from Source 1 will be delivered to Host B MLD state A multicast router running MLDv2 maintains the multicast address...

Страница 1221: ...For a query message this field is set to 130 Code Initialized to zero Checksum Standard IPv6 checksum Maximum Response Delay Maximum response delay allowed before a host sends a report message Reserve...

Страница 1222: ...ss specific query message This field represents the number of source addresses in a multicast address and source specific query message Source Address i IPv6 multicast source address in a multicast ad...

Страница 1223: ...ess records are present in this report message Multicast Address Record i This field represents information of each IPv6 multicast address the host listens to on the interface from which the report me...

Страница 1224: ...ow these steps to enable MLD Configuring the MLD Version Because MLD message types and formats vary with MLD versions the same MLD version should be configured for all routers on the same subnet befor...

Страница 1225: ...n other words the interface will not become a real member of the IPv6 multicast group Configuring an IPv6 Multicast Group Filter To restrict the hosts on the network attached to an interface from join...

Страница 1226: ...and multicast address and source specific queries and IPv6 multicast groups change dynamically a device cannot join all IPv6 multicast groups Therefore a router may receive IPv6 multicast packets addr...

Страница 1227: ...bust but results in a longer IPv6 multicast group timeout time Upon receiving an MLD query general query or multicast address specific query message a host starts a timer for each IPv6 multicast group...

Страница 1228: ...e that the querier has failed and will initiate a new querier election process Otherwise the non querier will reset its timeout time Configuring MLD query and response parameters globally Follow these...

Страница 1229: ...es of the host when it switches frequently from one IPv6 multicast group to another you can enable MLD fast leave processing on the MLD querier With fast leave processing enabled after receiving an ML...

Страница 1230: ...v6 PIM network through their respective POS5 0 Configure the MLD fast leave processing fast leave group policy acl6 number Required Disabled by default To do Use the command Remarks Enter system view...

Страница 1231: ...n between Router A Router B and Router C on the IPv6 PIM network and dynamic update of routing information between the routers through a unicast routing protocol The detailed configuration steps are o...

Страница 1232: ...ration and running information on each router interface Example View MLD information on Ethernet 1 0 of Router B RouterB display mld interface ethernet 1 0 Ethernet1 0 FE80 200 5EFF FE66 5100 MLD is e...

Страница 1233: ...nt configuration interface command to check whether the mld group policy command has been executed If an IPv6 ACL is configured to restrict the host from joining IPv6 multicast group G the ACL must be...

Страница 1234: ...1234 CHAPTER 73 MLD CONFIGURATION...

Страница 1235: ...s the corresponding IPv6 multicast routing entries are created through IPv6 unicast routes IPv6 PIM uses the reverse path forwarding RPF mechanism to implement IPv6 multicast forwarding When an IPv6 m...

Страница 1236: ...r discovery In a IPv6 PIM domain a PIM router discovers IPv6 PIM neighbors maintains IPv6 PIM neighboring relationships with other routers and builds and maintains SPTs by periodically multicasting IP...

Страница 1237: ...n is pruned again when it no longer has any multicast receiver n Pruning has a similar implementation in IPv6 PIM SM Graft When a host attached to a pruned node joins an IPv6 multicast group to reduce...

Страница 1238: ...Pv6 unicast route to the source By comparing these parameters either Router A or Router B becomes the unique forwarder of the subsequent S G IPv6 multicast packets on the multi access subnet The compa...

Страница 1239: ...arrival of this message at the RP triggers the establishment of an SPT Then the multicast source sends subsequent IPv6 multicast packets along the SPT to the RP Upon reaching the RP the IPv6 multicast...

Страница 1240: ...ssage triggers a new DR election process among the other routers RP discovery The RP is the core of an IPv6 PIM SM domain For a small sized simple network one RP is enough for forwarding IPv6 multicas...

Страница 1241: ...allows a router to resolve the RP address from an IPv6 multicast address so that the IPv6 multicast group is mapped to an RP which can take the place of the statically configured RP or the RP dynamic...

Страница 1242: ...e IPv6 multicast data addressed to the IPv6 multicast group G flows through the RP reaches the corresponding DR along the established RPT and finally is delivered to the receiver When a receiver is no...

Страница 1243: ...st source travels along the established SPT to the RP and then the RP forwards the data along the RPT to the receivers When the IPv6 multicast traffic arrives at the RP along the SPT the RP sends a re...

Страница 1244: ...6 PIM DM mod is not suitable for large and medium sized networks In actual application part of the IPv6 PIM SM technique is adopted to implement the SSM model In the SSM model receivers know exactly w...

Страница 1245: ...xclude S G entry is created on all routers on the path from the DR to the source Thus an SPT is built in the network with the source S as its root and receivers as its leaves This SPT is the transmiss...

Страница 1246: ...en state refresh messages Minimum time to wait before receiving a new refresh message Hop limit value of state refresh messages Graft retry period Enabling IPv6 PIM DM With IPv6 PIM DM enabled a route...

Страница 1247: ...re receiving the next state refresh message If a new state refresh message is received within the waiting time the router will discard it if this timer times out the router will accept a new state ref...

Страница 1248: ...uration Task List Complete these tasks to configure IPv6 PIM SM Configure the interval between state refresh messages state refresh interval interval Optional 60 seconds by default Configure the time...

Страница 1249: ...rule and sequencing rule for RPT to SPT switchover The interval of checking the IPv6 multicast traffic rate threshold before RPT to SPT switchover Enabling IPv6 PIM SM With IPv6 PIM SM enabled a rout...

Страница 1250: ...priority carried in the message The C BSR with a higher priority wins If there is a tie in the priority the C BSR with a higher IPv6 address wins The loser uses the winner s BSR address to replace it...

Страница 1251: ...en a BSR and the other devices in the IPv6 PIM SM domain a relatively large bandwidth should be provided between the C BSR and the other devices in the IPv6 PIM SM domain Configuring a BSR admin scope...

Страница 1252: ...guration make sure that the bootstrap interval is smaller than the bootstrap timeout time Configuring an RP An RP can be manually configured or dynamically elected through the BSR mechanism For a larg...

Страница 1253: ...ps to configure a C RP n When configuring a C RP ensure a relatively large bandwidth between this C RP and the other devices in the IPv6 PIM SM domain An RP can serve multiple IPv6 multicast groups or...

Страница 1254: ...quent C RP Adv message from the C RP when the timer times out the BSR assumes the C RP to have expired or become unreachable Follow these steps to configure C RP timers n The commands introduced in th...

Страница 1255: ...ves a register stop message during the register probe time it will refresh its register stop timer otherwise the DR will start sending register messages with encapsulated data again The Register Stop...

Страница 1256: ...PIM SSM n The IPv6 PIM SSM mode needs the support of MLDv2 Therefore be sure to enable MLDv2 on IPv6 PIM routers with receivers attached to them IPv6 PIM SSM Configuration Task List Complete these tas...

Страница 1257: ...in the S G channel subscribed by the receivers falls in the IPv6 PIM SSM group range All IPv6 PIM SM enabled interfaces assume that IPv6 multicast groups within this address range are using the IPv6 S...

Страница 1258: ...Pv6 unicast routing protocol so that all devices in the domain are interoperable at the network layer Configure IPv6 PIM DM or IPv6 PIM SM or IPv6 PIM SSM Before configuring IPv6 PIM common informatio...

Страница 1259: ...command in the Command Manual Holdtime the timeout time of IPv6 PIM neighbor reachability state When this timer times out if the router has received no hello message from an IPv6 PIM neighbor it assu...

Страница 1260: ...am router has changed it assumes that the status of the upstream neighbor is lost or the upstream neighbor has changed In this case it triggers a join message for state update If you disable join supp...

Страница 1261: ...ulticast source S the router will not immediately delete the corresponding S G entries instead it maintains S G entries for a period of time namely the IPv6 multicast source lifetime before deleting t...

Страница 1262: ...efault Configure the IPv6 multicast source lifetime source lifetime interval Optional 210 seconds by default To do Use the command Remarks Enter system view system view Enter interface view interface...

Страница 1263: ...mation about unacknowledged graft messages display pim ipv6 grafts Available in any view View the IPv6 PIM information on an interface or all interfaces display pim ipv6 interface interface type inter...

Страница 1264: ...diagram for IPv6 PIM DM configuration on routers Configuration procedure 1 Configure the interface IPv6 addresses and IPv6 unicast routing protocol for each router Configure the IP address and prefix...

Страница 1265: ...A interface serial 2 0 RouterA Serial2 0 pim ipv6 dm RouterA Serial2 0 quit The configuration on Router B and Router C is similar to the configuration on Router A Enable IPv6 multicast routing on Rout...

Страница 1266: ...uter A and a G entry is generated on Router A To view the IPv6 PIM routing information on a router use the display pim ipv6 routing table command For example View the IPv6 PIM multicast routing table...

Страница 1267: ...or more receiver hosts exist in each stub network The entire IPv6 PIM domain operates in the sparse mode Host A and Host C are IPv6 multicast receivers in two stub networks N1 and N2 Router D connect...

Страница 1268: ...c update of routing information among the routers through an IPv6 unicast routing protocol Detailed configuration steps are omitted here 2 Enable IPv6 multicast routing and enable IPv6 PIM SM on each...

Страница 1269: ...figure the RP service range and the C BSR and C RP locations on Router E RouterE system view RouterE acl ipv6 number 2005 RouterE acl6 basic 2005 rule permit source ff0e 101 64 RouterE acl6 basic 2005...

Страница 1270: ...splay pim ipv6 rp info PIM SM BSR RP information prefix prefix length FF0E 101 64 RP 1003 2 Priority 0 HoldTime 130 Uptime 00 05 19 Expires 00 02 11 Assume that Host A needs to receive information add...

Страница 1271: ...that on Router A View the IPv6 PIM multicast routing table information on Router D RouterD display pim ipv6 routing table Total 0 G entry 1 S G entry 4001 100 FF0E 101 RP 1003 2 Protocol pim sm Flag S...

Страница 1272: ...s in two stub networks N1 and N2 Router D connects to the network that comprises the IPv6 multicast source Source through Ethernet 1 0 Router A connects to N1 through Ethernet 1 0 and to Router D and...

Страница 1273: ...c update of routing information among the routers through a unicast routing protocol Detailed configuration steps are omitted here 2 Enable IPv6 multicast routing and enable IPv6 PIM SM on each interf...

Страница 1274: ...SSM group range to be FF3E 64 on Router A RouterA acl ipv6 number 2000 RouterA acl6 basic 2000 rule permit source ff3e 64 RouterA acl6 basic 2000 quit RouterA pim ipv6 RouterA pim6 ssm policy 2000 Rou...

Страница 1275: ...stream interface Ethernet1 0 Upstream neighbor NULL RPF prime neighbor NULL Downstream interface s information Total number of downstreams 1 1 Serial2 0 Protocol pim ssm UpTime 00 08 02 Expires 00 03...

Страница 1276: ...twork Use the display current configuration command to check the IPv6 PIM mode information on each interface Make sure that the same IPv6 PIM mode is enabled on all the routers IPv6 PIM SM on all rout...

Страница 1277: ...ic group is mapped to the same RP and a unicast route is available to the RP Solution 1 Check whether routes to C RPs the RP and the BSR are available Carry out the display ipv6 routing table command...

Страница 1278: ...1278 CHAPTER 74 IPV6 PIM CONFIGURATION...

Страница 1279: ...ng MD VPN Configuration on page 1308 Multicast VPN Overview Introduction to MPLS L3VPN n For details about MPLS L3VPN refer to MPLS L3VPN Configuration on page 1459 An MPLS L3VPN is a virtual private...

Страница 1280: ...nts route distribution on the customer network In an MPLS L3VPN environment between any two sites that belong to the same VPN packets are transmitted labeled across the public network The PE device at...

Страница 1281: ...ers on the network for that group only those belong to VPN A namely in Site 1 Site 2 or Site 3 can receive the multicast stream The stream is multicast in these sites and in the public network The pre...

Страница 1282: ...MD Different MVRFs join the same MD and are interconnected by means of the multicast tunnel MT automatically established in the MD to enable multicast service between different sites and form a multi...

Страница 1283: ...as a private data transmission pool and an Switch group When the multicast traffic of a VPN reaches or exceeds a threshold the ingress PE device assigns it an independent multicast address called swit...

Страница 1284: ...icast data forwarding All the private network multicast packets transmitted in this VPN are forwarded along this share MDT no matter at which PE device they entered the public network 3 A share group...

Страница 1285: ...cross the link PE PE neighboring relationship PIM neighboring relationship established after a VPN instance on a PE device receives a PIM hello from a VPN instance on a remote PE device through an MTI...

Страница 1286: ...in the join message and a 239 1 1 1 state entry is created on each device along the path in the public network The join process initiated by PE 2 and PE 3 is similar Finally an RPT is established in t...

Страница 1287: ...ve a share MDT is characterized as follows no matter what PIM mode is running in the public network All PE devices that support this VPN instance PE 1 PE 2 and PE 3 in this example join the share MDT...

Страница 1288: ...e public network and the VPNs network Receiver in Site 2 is attached to CE 2 while CE 1 of Site 1 acts as the RP for VPN multicast group G 225 1 1 1 Figure 374 Transmission of multicast protocol packe...

Страница 1289: ...By now the construction of a multicast distribution tree across the public network is completed n For details about GRE refer to GRE Configuration on page 1589 Share MDT Based Delivery of Multicast D...

Страница 1290: ...is forwarded to the public instance on all the PE devices along the share MDT Upon receiving this packet every PE device decapsulates it to turn it back into a private network multicast data packet an...

Страница 1291: ...this message checks whether it interfaces with a private network that has receivers of that VPN multicast stream If so it joins the switch MDT rooted at PE 1 otherwise it caches the message and will j...

Страница 1292: ...domain interoperability at the network layer Configure MPLS L3VPN Enable PIM PIM DM or PIM SM Before configuring MD VPN prepare the following data VPN instance names and route distinguishers RDs Shar...

Страница 1293: ...to the public instance The data is then forwarded down the switch MDT MDT switching delay refers to the length of time during which the traffic rate stays higher than the MDT switching threshold befo...

Страница 1294: ...DT switching delay multicast domain holddown time interval Optional 60 seconds by default To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter VPN instance v...

Страница 1295: ...icast routing protocols and MPLS Configure OSPF in the public network and configure RIP between the PE devices and the CE devices Establish BGP peer connections between PE 1 PE 2 and PE 3 via their re...

Страница 1296: ...h0 2 10 110 4 2 24 Loop1 2 2 2 2 32 Eth0 3 10 110 12 1 24 PE 1 Eth0 1 192 168 6 1 24 Loop1 22 22 22 22 32 Eth0 2 10 110 1 1 24 CE a3 Eth0 1 10 110 10 1 24 Eth0 3 10 110 2 1 24 Eth0 2 10 110 5 2 24 Loo...

Страница 1297: ...ress associate an MTI with the VPN instance and define the address range of the switch group pool PE1 vpn instance a multicast routing enable PE1 vpn instance a multicast domain share group 239 1 1 1...

Страница 1298: ...g connect interface loopback 1 PE1 bgp peer 1 1 1 2 group vpn g PE1 bgp peer 1 1 1 3 group vpn g PE1 bgp ipv4 family vpn instance a PE1 bgp a import route rip 2 PE1 bgp a import route direct PE1 bgp...

Страница 1299: ...VPN instance a configure an RD for it and create an ingress route and an egress route for it PE2 ip vpn instance a PE2 vpn instance a route distinguisher 100 1 PE2 vpn instance a vpn target 100 1 expo...

Страница 1300: ...s the same as the PIM mode running on all the interfaces in VPN instance a The interface MTI 1 will automatically obtain an IP address after BGP peer configuration on PE 2 This address is the loopback...

Страница 1301: ...an RD for it and create an ingress route and an egress route for it PE3 ip vpn instance a PE3 vpn instance a route distinguisher 100 1 PE3 vpn instance a vpn target 100 1 export extcommunity PE3 vpn...

Страница 1302: ...24 PE3 Ethernet0 2 pim sm PE3 Ethernet0 2 quit Bind Ethernet 0 3 to VPN instance b configure an IP address and enable PIM SM on the interface PE3 interface ethernet 0 3 PE3 Ethernet0 3 ip binding vpn...

Страница 1303: ...PE3 bgp a quit PE3 bgp ipv4 family vpn instance b PE3 bgp b import route rip 3 PE3 bgp b import route direct PE3 bgp b quit PE3 bgp ipv4 family vpnv4 PE3 bgp af vpnv4 peer vpn g enable PE3 bgp af vpn...

Страница 1304: ...ability on the public network interface Ethernet 0 2 P interface ethernet 0 2 P Ethernet0 2 ip address 192 168 7 2 24 P Ethernet0 2 pim sm P Ethernet0 2 mpls P Ethernet0 2 mpls ldp P Ethernet0 2 quit...

Страница 1305: ...0 2 CEa1 interface ethernet 0 2 CEa1 Ethernet0 2 ip address 10 110 2 2 24 CEa1 Ethernet0 2 pim sm CEa1 Ethernet0 2 quit Configure RIP CEa1 rip 2 CEa1 rip 2 network 10 0 0 0 6 Configure CE b1 Enable I...

Страница 1306: ...0 3 CEa2 interface ethernet 0 3 CEa2 Ethernet0 3 ip address 10 110 12 1 24 CEa2 Ethernet0 3 pim sm CEa2 Ethernet0 3 quit Configure an IP address for Loopback 1 and enable PIM SM on the interface CEa2...

Страница 1307: ...b2 Enable IP multicast routing CEb2 system view CEb2 multicast routing enable Configure an IP address and enable IGMP and PIM SM on Ethernet 0 1 CEb2 interface ethernet 0 1 CEb2 Ethernet0 1 ip addres...

Страница 1308: ...information of VPN instance b on PE 3 PE3 display multicast domain vpn instance b share group MD local share group information for VPN Instance b Share group 239 2 2 2 MTunnel address 1 1 1 3 Troubles...

Страница 1309: ...t the BGP peer connections have been correctly configured Unable to Build an MVRF Symptom A VPN instance cannot create an MVRF correctly Analysis If PIM SM is running in the VPN instance the BSR infor...

Страница 1310: ...1310 CHAPTER 75 MULTICAST VPN CONFIGURATION...

Страница 1311: ...336 Displaying and Maintaining MPLS on page 1336 MPLS Configuration Example on page 1338 Troubleshooting MPLS on page 1343 n For detailed information about VPN refer to MPLS L2VPN Configuration on pag...

Страница 1312: ...ket It does not contain any topology information and is local significant A label is four octets or 32 bits in length Figure 377 illustrates its format Figure 377 Format of a label A label consists of...

Страница 1313: ...ional path from the ingress of the MPLS network to the egress It functions like a virtual circuit in ATM or frame relay Each node of an LSP is an LSR LDP Label distribution protocol LDP means the prot...

Страница 1314: ...l Multi level label stack MPLS allows a packet to carry a number of labels organized as a last in first out LIFO stack which is called a label stack A packet with a label stack can travel along more t...

Страница 1315: ...P 3 After receiving a packet each transit LSR looks up its label forwarding table for the next hop according to the label of the packet and forwards the packet to the next hop None of the transit LSRs...

Страница 1316: ...ion indirectly it has no direct association with routing protocols On the other hand existing protocols such as BGP and RSVP can be extended to support label distribution In MPLS applications it may b...

Страница 1317: ...re customer edge device CE and service provider edge router PE A CE can be a router switch or host All PEs are on the backbone network PE is responsible for managing VPN users establishing LSP connect...

Страница 1318: ...inding only when it receives a label request from its upstream LSR Downstream unsolicited DU In this mode a downstream LSR does not wait for any label request from an upstream LSR before binding a lab...

Страница 1319: ...h transit LSR on an MPLS network forwards an incoming packet based on the label of the packet while the egress LER removes the label from the packet and forwards the packet based on the network layer...

Страница 1320: ...ng delay n For description and configuration of P routers refer to MPLS L3VPN Configuration on page 1459 and MPLS L2VPN Configuration on page 1425 For an MPLS packet with only one level of label the I...

Страница 1321: ...exchange messages for label binding and releasing LDP sessions come in two categories Local LDP session Established between two directly connected LSRs Remote LDP session Established between two indi...

Страница 1322: ...FEC to its downstream LSR which assigns a label to the FEC encapsulates the binding information in a label mapping message and sends the message back to it When the downstream LSR responds with label...

Страница 1323: ...s subnet An LDP link Hello message carries information about the LDP identifier of a given interface and some other information Receipt of an LDP link Hello message on an interface indicates that a po...

Страница 1324: ...he corresponding label request message that is locally maintained If it has information about the request message the LSR assigns a label to the FEC and adds an entry in its LFIB for the binding and s...

Страница 1325: ...DP session is GR capable 1 Whenever the GR restarter restarts the GR helper will detect that the related LDP session is down and will keep its neighborship with the GR restarter and retain information...

Страница 1326: ...age 1311 Configuration Procedure Follow these steps to configure MPLS basic capability n An LSR ID uses the format of an IP address and is unique within an MPLS domain You are recommended to use the I...

Страница 1327: ...atic LSP Configuring MPLS basic capability on all the LSRs Configuration Procedure Follow these steps to configure a static LSP To do Use the command Remarks Enter system view system view Enter MPLS v...

Страница 1328: ...tasks to configure LDP Configuring MPLS LDP Capability Follow these steps to enable MPLS LDP capability Configure a static LSP taking the current LSR as the egress static lsp egress lsp name incoming...

Страница 1329: ...configure the local session transport address to be the IP address of the interface or that of a specified interface Follow these steps to configure local LDP session parameters Configuring Remote LDP...

Страница 1330: ...vive the IGP route filtering based on an IP address prefix list An IP address prefix list affects only static routes and IGP routes Follow these steps to configure the policy for triggering LSP establ...

Страница 1331: ...tem view quit Enable LDP capability and enter MPLS LDP view mpls ldp Required Specify the label distribution control mode label distribution independent ordered Optional ordered by default Note that y...

Страница 1332: ...N instance view Configuration Prerequisites Before configuring LDP instances be sure to complete these tasks Configuring VPN instances Configuring MPLS basic capability Configuring MPLS LDP capability...

Страница 1333: ...he following configurations on a GR restarter A GR helper requires no additional configuration n A single device can act as both GR restarter and GR helper at the same time Follow these steps to confi...

Страница 1334: ...IP TTL and MPLS TTL as the TTL of the IP packet and decrements the value by 1 If you want to enable MPLS IP TTL propagation for VPN packets on one LSR you are recommended to do so on related PEs guar...

Страница 1335: ...l MPLS forwarding process during which period the fast forwarding feature records in the fast forwarding cache a fast forwarding entry including the link layer header for the packet All subsequent pac...

Страница 1336: ...Table 50 Follow these steps to configure MPLS fast forwarding To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter MPLS view mpls Set the interval for repor...

Страница 1337: ...splay LSP statistics display mpls lsp statistics Available in any view Display information about the NHLFE table display mpls nhlfe token include text Available in any view Display information about s...

Страница 1338: ...instance name verbose peer id all verbose begin exclude include regular expression Available in any view Display information about LSPs established by LDP display mpls ldp lsp all vpn instance vpn in...

Страница 1339: ...nfigure OSPF to advertise host routes of LSR ID Configure Router A RouterA ospf RouterA ospf 1 area 0 RouterA ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 RouterA ospf 1 area 0 0 0 0 network 10 1 1 0 0...

Страница 1340: ...ct 0 0 127 0 0 1 InLoop0 Now OSPF adjacency should have been established between Router A and Router B and between Router B and Router C respectively If you execute the display ospf peer command you w...

Страница 1341: ...mmand to check whether the local sessions have been established or the display mpls ldp peer command to check the peers The following takes Router A as an example RouterA display mpls ldp session LDP...

Страница 1342: ...3 3 9 Remote Peer peerc Configuring LDP to Establish LSPs Network requirements On the network in Figure 384 an LSP is required to be established between Router A and Router C Network diagram See Figur...

Страница 1343: ...LDP enabled cannot establish an LDP session with its peer Analysis An LDP session is established in two steps establishing the TCP connection initializing the session and negotiating the session param...

Страница 1344: ...1344 CHAPTER 76 MPLS BASICS CONFIGURATION...

Страница 1345: ...page 1355 CR LSP Backup on page 1356 Fast Reroute on page 1356 DiffServ Aware TE on page 1357 Protocols and Standards on page 1358 Traffic Engineering and MPLS TE Traffic Engineering Network congesti...

Страница 1346: ...uacy in extensibility In this sense MPLS TE is a better traffic engineering solution for its extensibility and ease of implementation MPLS TE MPLS is better than IGPs in implementing traffic engineeri...

Страница 1347: ...xtending link state based IGPs such as OSPF and IS IS OSPF and IS IS extensions add to link states such TE attributes as link bandwidth color among which maximum reservable link bandwidth and non rese...

Страница 1348: ...trative group and affinity attribute on page 1349 Reoptimization on page 1349 Strict and loose explicit routes An LSP is called a strict explicit route if all LSRs along the LSP are specified An LSP i...

Страница 1349: ...rties of the links that the tunnel can use Together with the link administrative group it decides which links the MPLS TE tunnel can use Reoptimization Traffic engineering is a process of allocating r...

Страница 1350: ...as a signaling protocol for LSP tunnel setup in MPLS TE Basic concepts of RSVP TE 1 Soft state Soft state is a mechanism used in RSVP TE to periodically refresh the resource reservation state on a no...

Страница 1351: ...torn down RSVP TE messages RSVP TE use RSVP messages with extensions The following are RSVP messages Path messages transmitted along the path of data transmission downstream by each RSVP sender to sa...

Страница 1352: ...or setting up an LSP tunnel with RSVP 1 The ingress LSR sends a Path message towards the egress LSR 2 After receiving the Path message the egress LSR sends back a Resv message towards the ingress LSR...

Страница 1353: ...E_ID included Path and Resv messages can be refreshed using summary refreshes PSB RSB and BSB timeouts To create an LSP tunnel the sender sends a LABEL_REQUEST object with a Path message After receivi...

Страница 1354: ...ic to travel along an LSP tunnel you need to make configuration after creating the MPLS TE tunnel Otherwise traffic will be IP routed Even when an MPLS TE tunnel is available traffic is IP routed if y...

Страница 1355: ...outer A cannot use this tunnel to reach Router C With forwarding adjacency enabled Router A can known the presence of the TE tunnel and thus forward traffic to Router C to Router D though this tunnel...

Страница 1356: ...secondary CR LSP is created to take over after the primary CR LSP fails Fast Reroute This section covers these topics Overview on page 1356 Basic concepts on page 1356 Protection on page 1356 Deployi...

Страница 1357: ...evice Figure 389 FRR node protection Deploying FRR When configuring the bypass LSP make sure the protected link or node is not on the bypass LSP As bypass LSPs are pre established FRR requires extra b...

Страница 1358: ...TE Extensions to RSVP for LSP Tunnels RFC 2961 RSVP Refresh Overhead Reduction Extensions RFC 3564 Requirements for Support of Differentiated Service aware MPLS Traffic Engineering MPLS TE Configurati...

Страница 1359: ...ations For information about tunnel interfaces refer to Tunneling Configuration on page 693 Configuring Automatic Bandwidth Adjustment on page 1379 Optional Configuring CR LSP Backup on page 1380 Opti...

Страница 1360: ...CR LSPs are special static LSPs They share the same constraints and use the same label space spanning 16 to 1023 Configuration Prerequisites Before making the configuration do the following Configure...

Страница 1361: ...create an MPLS TE tunnel with a dynamic signaling protocol Configure MPLS TE properties for links and advertise them through IGP TE extension to form a TEDB Configure tunnel constraints Use the CSPF a...

Страница 1362: ...and a dynamic signaling protocol is used for MPLS TE tunnel setup Configuration task Remarks Configuring MPLS TE properties for a link on page 1362 Optional Configuring CSPF on page 1363 Optional Conf...

Страница 1363: ...fore configuring IS IS TE you need to configure the IS IS wide metric style which can be wide compatible or wide compatible Follow these steps to configure IS IS TE To do Use command to Remarks Enter...

Страница 1364: ...ability TLV type 22 may reach the maximum of 255 octets in some cases For an IS IS LSP to carry this type of TLV and to be flooded normally on all interfaces with IS IS enabled the MTU of any IS IS en...

Страница 1365: ...dress of current node on the explicit path modify hop ip address1 ip address2 include loose strict exclude Optional By default the include keyword and the strict keyword apply In other words the expli...

Страница 1366: ...ies Establish an MPLS TE tunnel with RSVP TE Configuration Procedure Configuring RSVP TE advanced features involves these tasks Configuring RSVP reservation style on page 1367 Configuring RSVP state t...

Страница 1367: ...RSVP reservation style n In current MPLS TE applications the SE style is mainly used for make before break while the FF style is rarely used Configuring RSVP state timers Follow these steps to config...

Страница 1368: ...ter system view system view Enter interface view of MPLS TE link interface interface type interface number Enable the reliability mechanism of RSVP TE mpls rsvp te reliability Optional Enable retransm...

Страница 1369: ...work resources It requires that the interfaces at the two ends of a link must share the same authentication key to exchange RSVP messages Follow these steps to configure RSVP authentication n FFR and...

Страница 1370: ...iple paths are present with the same metric only one of them is selected Tie breakers include largest currently available bandwidth least currently available bandwidth or random selection Follow these...

Страница 1371: ...d affinity bit and its corresponding administrative group bit must be set to 1 Suppose the affinity of an MPLS TE tunnel is 0xFFFFFFFF and the mask is 0x0000FFFF For a link to be used by the tunnel th...

Страница 1372: ...1373 To do Use command to Remarks Enter system view system view Enter interface view of MPLS TE link interface interface type interface number Assign the link to a link administrative group mpls te l...

Страница 1373: ...unnel tunnel number Enable the system to perform loop detection when setting up a tunnel mpls te loop detection Required Disabled by default Submit current tunnel configuration mpls te commit Required...

Страница 1374: ...Configuration Procedures Configuring traffic forwarding involves these tasks Forwarding traffic along MPLS TE tunnels using static routes on page 1374 Forwarding traffic along MPLS TE tunnels using p...

Страница 1375: ...ag value description description text Required To do Use command to Remarks To do Use command to Remarks Enter system view system view Create and enter the view of an advanced IPv4 ACL acl number acl...

Страница 1376: ...d for path calculation If it is relative the cost of the corresponding IGP path must be added to the metric before it can be used for path calculation 1 Configure IGP shortcut Follow these steps to co...

Страница 1377: ...moves or modifies the link before the timer expires CSPF will update information about the link in TEDB and stops the timer If IGP does not remove or modify the link before the timer expires the state...

Страница 1378: ...low these steps to configure the link metric used for routing a tunnel Configure the CSPF failed link timer mpls te cspf timer failed link timer interval Optional The default is 10 seconds To do Use c...

Страница 1379: ...MPLS TE link interface interface type interface number Assign a TE metric to the link mpls te metric value Optional If no TE metric is assigned to the link IGP metric is used as the TE metric by defau...

Страница 1380: ...onfiguration Prerequisites Before configuring CR LSP backup do the following Configure MPLS basic capabilities Configure MPLS TE basic capabilities Configure MPLS TE tunnels Configuration Procedure Fo...

Страница 1381: ...dth assigned to the bypass LSP is not less than the total bandwidth needed by all protected LSPs Normally bypass tunnels only forward data traffic when protected primary tunnels fail To allow a bypass...

Страница 1382: ...be used in case failure occurs Your device has restriction on links that use the same bypass tunnel so that their total bandwidth does not exceeds a specified value Follow these steps to configure a b...

Страница 1383: ...new LSP After this switchover the PLR polls available bypass tunnels for the best one at the regular interval specified by the FRF polling timer Follow these steps to configure the FRF polling timer...

Страница 1384: ...vp te psb content ingress lsr id lspid tunnel id egress lsr id begin include exclude regular expression Available in any view Display information about RSVP TE RSB display mpls rsvp te rsb content ing...

Страница 1385: ...ng advertisements level 1 level 1 2 level 2 lsp id lsp id local process id vpn instance vpn instance name Available in any view Display information about TE links for IS IS display isis traffic eng li...

Страница 1386: ...advertise host routes with LSR IDs as destinations Configure Router A RouterA system view RouterA isis 1 RouterA isis 1 network entity 00 0005 0000 0000 0001 00 RouterA isis 1 quit RouterA interface...

Страница 1387: ...hat all nodes learnt the host routes of other nodes with LSR IDs as destinations Take Router A for example RouterA display ip routing table Routing Tables Public Destinations 8 Routes 8 Destination Ma...

Страница 1388: ...terA Tunnel0 destination 3 3 3 3 RouterA Tunnel0 mpls te tunnel id 10 RouterA Tunnel0 mpls te signal protocol static RouterA Tunnel0 mpls te commit RouterA Tunnel0 quit 5 Create a static CR LSP Config...

Страница 1389: ...ation In Out If Name Eth1 0 Eth1 1 Tunnel0 RouterC display mpls te tunnel LSP Id Destination In Out If Name Eth1 1 Tunnel0 Perform the display mpls lsp command or the display mpls static cr lsp comman...

Страница 1390: ...rs Use RSVP TE to create a TE tunnel with 2000 kbps of bandwidth from Router A to Router D ensuring that the maximum bandwidth of each link that the tunnel traverses is 10000 kbps and the maximum rese...

Страница 1391: ...cuit level level 2 RouterB POS5 0 quit RouterB interface loopback 0 RouterB LoopBack0 isis enable 1 RouterB LoopBack0 isis circuit level level 2 RouterB LoopBack0 quit Configure Router C RouterC syste...

Страница 1392: ...rect 0 0 127 0 0 1 InLoop0 20 1 1 0 24 ISIS 15 20 10 1 1 2 Eth1 0 30 1 1 0 24 ISIS 15 30 10 1 1 2 Eth1 0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 3 Configure...

Страница 1393: ...S5 0 quit Configure Router D RouterD mpls lsr id 4 4 4 9 RouterD mpls RouterD mpls mpls te RouterD mpls mpls rsvp te RouterD mpls mpls te cspf RouterD mpls quit RouterD interface ethernet 1 0 RouterD...

Страница 1394: ...RouterB POS5 0 mpls te max reservable bandwidth 5000 RouterB POS5 0 quit Configure maximum link bandwidth and maximum reservable bandwidth on Router C RouterC interface ethernet 1 0 RouterC Ethernet1...

Страница 1395: ...ut 0 bytes 0 output error Perform the display mpls te tunnel interface command on Router A to verify information about the MPLS TE tunnel RouterA display mpls te tunnel interface Tunnel Name Tunnel1 T...

Страница 1396: ...iguration Example Network requirements Router A Router B and Router C are running IS IS All of them are Level 2 devices and support RSVP hello extension Use RSVP TE to create a TE tunnel from Router A...

Страница 1397: ...terB Ethernet1 0 mpls rsvp te RouterB Ethernet1 0 mpls rsvp te hello RouterB Ethernet1 0 quit RouterB interface ethernet 1 1 RouterB Ethernet1 1 mpls RouterB Ethernet1 1 mpls te RouterB Ethernet1 1 mp...

Страница 1398: ...s GR status is Ready RouterA display mpls rsvp te peer Interface Ethernet1 0 Neighbor Addr 10 1 1 2 SrcInstance 880 NbrSrcInstance 5017 PSB Count 0 RSB Count 1 Hello Type Sent REQ Neighbor Hello Exten...

Страница 1399: ...outerA mpls lsr id 1 1 1 9 RouterA mpls RouterA mpls mpls te RouterA mpls mpls rsvp te RouterA mpls mpls te cspf RouterA mpls quit RouterA interface ethernet 1 0 RouterA Ethernet1 0 mpls RouterA Ether...

Страница 1400: ...rnet 1 0 RouterC Ethernet1 0 mpls RouterC Ethernet1 0 mpls te RouterC Ethernet1 0 mpls rsvp te RouterC Ethernet1 0 quit RouterC interface ethernet 1 1 RouterC Ethernet1 1 mpls RouterC Ethernet1 1 mpls...

Страница 1401: ...outer A RouterA interface ethernet 1 0 RouterA Ethernet1 0 mpls te max link bandwidth 10000 RouterA Ethernet1 0 mpls te max reservable bandwidth 5000 RouterA Ethernet1 0 quit Configure maximum link ba...

Страница 1402: ...ode Number 4 Current Total Link Number 6 Id MPLS LSR Id IGP Process Id Area Link Count 1 2 2 2 9 OSPF 1 0 2 2 3 3 3 9 OSPF 1 0 2 3 4 4 4 9 OSPF 1 0 1 4 1 1 1 9 OSPF 1 0 1 6 Configure LDP Configure Rou...

Страница 1403: ...rA Tunnel2 mpls te tunnel id 10 RouterA Tunnel2 mpls te signal protocol crldp RouterA Tunnel2 mpls te bandwidth 2000 RouterA Tunnel2 mpls te commit RouterA Tunnel2 quit Perform the display interface t...

Страница 1404: ...Retry Interval 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq Min BW Max BW Current Collected BW Interfaces Protected VPN Bind Type NONE VPN Bind Value...

Страница 1405: ...ytes sec Unreserved BW 14 0 bytes sec Unreserved BW 15 0 bytes sec Bandwidth Constraints BC 0 625000 bytes sec BC 1 0 bytes sec Local OverBooking Multipliers LOM 0 1 LOM 1 1 LSA 2 LSA Type Opq Area Op...

Страница 1406: ...system view RouterA mpls lsr id 1 1 1 9 RouterA mpls RouterA mpls mpls te RouterA mpls mpls rsvp te RouterA mpls mpls te cspf RouterA mpls quit RouterA interface ethernet 1 0 RouterA Ethernet1 0 mpls...

Страница 1407: ...UP Line protocol current state UP Description Tunnel3 Interface The Maximum Transmit Unit is 64000 Internet Address is 9 1 1 1 24 Primary Encapsulation is TUNNEL aggregation ID not set Tunnel source...

Страница 1408: ...tracert command on Router A to draw the path to the tunnel destination You can see that the LSP is re routed to traverse Router D RouterA tracert a 1 1 1 9 3 3 3 9 traceroute to 3 3 3 9 3 3 3 9 30 hop...

Страница 1409: ...ection using the FRR approach Configuration procedure 1 Assign IP addresses and masks to interfaces see Figure 395 Omitted 2 Configure the IGP protocol Enable IS IS to advertise host routes with LSR I...

Страница 1410: ...2 Eth1 0 5 5 5 5 32 ISIS 15 20 2 1 1 2 Eth1 0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 3 Configure MPLS TE basic capabilities and enable CSPF Configure Route...

Страница 1411: ...uit Perform the display interface tunnel command on Router A You can find that Tunnel4 is up RouterA display interface tunnel Tunnel4 current state UP Line protocol current state UP Description Tunnel...

Страница 1412: ...it path by path next hop 3 3 3 3 RouterB explicit path by path quit Create the bypass tunnel RouterB interface tunnel 5 RouterB Tunnel5 ip address 11 1 1 1 255 255 255 0 RouterB Tunnel5 tunnel protoco...

Страница 1413: ...each router You can find that two MPLS TE tunnels are traversing Router B and Router C RouterA display mpls te tunnel LSP Id Destination In Out If Name 1 1 1 1 1 4 4 4 4 Eth1 0 Tunnel4 RouterB displa...

Страница 1414: ...s In Use Not Exists BypassTunnel Tunnel Index Mpls Mtu 1500 6 Verify the FRR function Shut down the protected outgoing interface on PLR RouterB interface ethernet 1 1 RouterB Ethernet1 1 shutdown Sep...

Страница 1415: ...ngress LSR ID 1 1 1 1 Egress LSR ID 4 4 4 4 Signaling Prot RSVP Resv Style SE Class Type CLASS 0 Tunnel BW 0 kbps Reserved BW 0 kbps Setup Priority 7 Hold Priority 7 Affinity Prop Mask 0 0 Explicit Pa...

Страница 1416: ...LspIndex 4098 Token 22002 LsrType Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index Mpls Mtu 1500 Set the FRR polling timer to five seconds on PLR RouterB mpls RouterB mpls mpls te timer fast...

Страница 1417: ...E tunnel configure a tunneling policy to use a CR LSP as the VPN tunnel when creating the VPN Network diagram Figure 396 MPLS TE application in VPN Configuration procedure 1 Configure OSPF ensuring th...

Страница 1418: ...splay ospf peer OSPF Process 1 with Router ID 2 2 2 2 Neighbors Area 0 0 0 0 interface 10 0 0 1 POS5 1 s neighbors Router ID 3 3 3 3 Address 10 0 0 2 GR State Normal State Full Mode Nbr is Master Prio...

Страница 1419: ...FT MD5 KA Sent Rcv 3 3 3 3 0 Operational DU Passive Off Off 2 2 LAM Label Advertisement Mode FT Fault Tolerance 3 Enable MPLS TE CSPF and OSPF TE Configure PE 1 PE1 mpls PE1 mpls mpls te PE1 mpls mpl...

Страница 1420: ...use CR LSP for VPN setup Bind the VPN instance with the interface connected to CE 1 PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 100 1 bot...

Страница 1421: ...192 168 1 2 bytes 56 Sequence 2 ttl 255 time 26 ms Reply from 192 168 1 2 bytes 56 Sequence 3 ttl 255 time 26 ms Reply from 192 168 1 2 bytes 56 Sequence 4 ttl 255 time 26 ms Reply from 192 168 1 2 b...

Страница 1422: ...display bgp vpn instance vpn1 peer BGP local router ID 2 2 2 2 Local AS number 100 Total number of peers 1 Peers in established state 1 Peer V AS MsgRcvd MsgSent OutQ Up Down State PrefRcv 192 168 1...

Страница 1423: ...lsp verbose LSP Information CRLDP LSP No 1 IngressLsrID 2 2 2 2 LocalLspID 1 Tunnel Interface Tunnel1 Fec 3 3 3 3 32 Nexthop 10 0 0 2 In Label NULL Out Label 1024 In Interface Out Interface POS5 1 Lsp...

Страница 1424: ...1 Perform the display ip routing table command on PE 1 You can identify a static route with Tunnel1 as the outgoing interface Troubleshooting MPLS TE Symptom OSPF TE is configured but no TE LSAs can b...

Страница 1425: ...on page 1428 SVC MPLS L2VPN on page 1428 Martini MPLS L2VPN on page 1428 Kompella MPLS L2VPN on page 1429 Introduction to MPLS L2VPN Traditional VPN Traditional VPNs based on asynchronous transfer mo...

Страница 1426: ...ges High scalability MPLS L2VPN establishes only Layer 2 connections It does not involve the routing information of users This greatly reduces the load of the PEs and even the load of the whole servic...

Страница 1427: ...termines to which CE the packets are to be forwarded according to the VC labels Figure 398 illustrates how the label stack changes in the MPLS L2VPN forwarding process Figure 398 MPLS L2VPN label stac...

Страница 1428: ...connection A local connection is established between two local CEs that are connected to the same PE The PE functions like a Layer 2 switch and can directly switch packets between the CEs without any...

Страница 1429: ...emote CEs respectively Specifying the circuit ID that the local CE assigns to the connection such as the VPI VCI with ATM Kompella MPLS L2VPN uses extended BGP as the signaling protocol to distribute...

Страница 1430: ...chronous asynchronous serial interfaces and POS interfaces can use the link layer protocols of PPP HDLC and FR For configuration information about serial and POS interfaces refer to WAN Interface Conf...

Страница 1431: ...AN An Ethernet subinterface can use the encapsulation type of VLAN For Ethernet subinterface configuration information refer to Logical Interface Configuration on page 525 A VLAN interface using the l...

Страница 1432: ...ion on page 235 To configure CCC MPLS L2VPN you need the following data Name for the CCC connection Connection type local or remote For a local CCC connection the types and numbers of the incoming and...

Страница 1433: ...L2VPN information Instead it uses tunnels to transport data between PEs SVC supports these tunnel types LDP LSP CR LSP and GRE By default LDP LSP tunnels are used Create a local CCC connection betwee...

Страница 1434: ...es extended LDP to transfer Layer 2 information and VC labels Configuration Prerequisites Before configuring Martini MPLS L2VPN complete these tasks Configuring IGP on the PEs and P devices to guarant...

Страница 1435: ...guring Kompella MPLS L2VPN complete these tasks Configuring IGP on the PEs and P devices to guarantee the IP connectivity of the MPLS backbone Configuring MPLS basic capability and MPLS LDP for the MP...

Страница 1436: ...em view system view Enter BGP view bgp as number Establish the peer relationship with the peer PE peer group name ip address as number as number Required Specify the interface for the TCP connection p...

Страница 1437: ...ded to adopt the sequence of the CE IDs in which case you can omit the ce offset portion from most of the required commands This simplifies the configuration Note that you can only increase the CE ran...

Страница 1438: ...isplay mpls l2vc interface interface type interface number remote info Available in any view Display information about Kompella L2VPN connections display mpls l2vpn connection vpn name vpn name remote...

Страница 1439: ...0 link protocol ppp CE1 Serial1 0 ip address 100 1 1 1 24 2 Configure the PE Configure the LSR ID and enable MPLS globally Sysname system view Sysname sysname PE PE interface loopback 0 PE LoopBack0 i...

Страница 1440: ...Intf2 Serial1 1 up CE1 ping 100 1 1 2 PING 100 1 1 2 56 data bytes press CTRL_C to break Reply from 100 1 1 2 bytes 56 Sequence 1 ttl 255 time 180 ms Reply from 100 1 1 2 bytes 56 Sequence 2 ttl 255...

Страница 1441: ...view Sysname sysname PE1 PE1 interface loopback 0 PE1 LoopBack0 ip address 10 0 0 1 32 PE1 LoopBack0 quit PE1 mpls lsr id 10 0 0 1 PE1 mpls PE1 mpls quit Enable MPLS L2VPN globally PE1 mpls l2vpn Conf...

Страница 1442: ...P interface loopback 0 P LoopBack0 ip address 10 0 0 2 32 P LoopBack0 quit P mpls lsr id 10 0 0 2 P mpls P mpls quit Configure interface POS 1 1 and enable MPLS P interface pos 1 1 P POS1 1 link proto...

Страница 1443: ...ing interface and that connecting the P device as the outgoing interface setting the incoming label to 201 and the outgoing label to 101 PE2 ccc CE2 CE1 interface pos 1 1 in label 201 out label 101 ou...

Страница 1444: ...PPP An SVC MPLS L2VPN is established between CE 1 and CE 2 Network diagram Figure 401 Network diagram for configuring SVC MPLS L2VPN Configuration procedure The main steps are the following two Confi...

Страница 1445: ...and LDP globally PE1 mpls l2vpn PE1 mpls ldp PE1 mpls ldp quit Configure the interface for connecting to the P device namely POS 1 1 and enable LDP on the interface PE1 interface pos 1 1 PE1 POS1 1 li...

Страница 1446: ...PE 1 namely POS 1 1 and enable LDP on the interface P interface pos 1 1 P POS1 1 link protocol ppp P POS1 1 ip address 10 1 1 2 24 P POS1 1 mpls P POS1 1 mpls ldp P POS1 1 quit Configure the interface...

Страница 1447: ...nk protocol ppp PE2 POS1 0 ip address 10 2 2 1 24 PE2 POS1 0 mpls PE2 POS1 0 mpls ldp PE2 POS1 0 quit Configure OSPF on PE 2 for establishing LSPs PE2 ospf PE2 ospf 1 area 0 PE2 ospf 1 area 0 0 0 0 ne...

Страница 1448: ...ce 2 ttl 255 time 130 ms Reply from 100 1 1 2 bytes 56 Sequence 3 ttl 255 time 130 ms Reply from 100 1 1 2 bytes 56 Sequence 4 ttl 255 time 140 ms Reply from 100 1 1 2 bytes 56 Sequence 5 ttl 255 time...

Страница 1449: ...N and LDP globally PE1 mpls l2vpn PE1 mpls ldp PE1 mpls ldp quit Configure the peer relationship with PE 2 so that the LDP remote session can be established between them PE1 mpls ldp remote peer 1 PE1...

Страница 1450: ...uit Enable LDP globally P mpls ldp P mpls ldp quit Configure the interface connected with PE 1 namely Serial 2 0 and enable LDP on the interface P interface serial 2 0 P Serial2 0 link protocol ppp P...

Страница 1451: ...ssion can be established between them PE2 mpls ldp remote peer 2 PE2 mpls ldp remote 2 remote ip 192 2 2 2 PE2 mpls ldp remote 2 quit Configure the interface connected with the P device namely Serial...

Страница 1452: ...l2vc total ldp vc 1 1 up 0 down Transport Client VC Local Remote Tunnel VC ID Intf State VC Label VC Label Policy 101 Serial2 0 up 1025 1024 default CE1 ping 100 1 1 2 PING 100 1 1 2 56 data bytes pr...

Страница 1453: ...configuration you can issue the display mpls ldp session and display mpls ldp peer commands to view the LDP sessions and peer relationship established or the display mpls lsp command to view the LSPs...

Страница 1454: ...e L2VPN and the CE connection Configure PE 1 PE1 mpls l2vpn vpn1 encapsulation ppp PE1 mpls l2vpn vpn1 route distinguisher 100 1 PE1 mpls l2vpn vpn1 vpn target 1 1 PE1 mpls l2vpn vpn1 ce ce1 id 1 rang...

Страница 1455: ...00 packet loss round trip min avg max 34 68 94 ms Example for Configuring a Kompella Local Connection Network requirements A Kompella local connection is required between CE 1 and CE 2 Network diagram...

Страница 1456: ...name vpn1 local ce ce name ce id range conn num LB ce1 1 10 1 8192 0 10 ce2 2 10 1 8202 0 10 CE1 ping 30 1 1 2 PING 30 1 1 2 56 data bytes press CTRL_C to break Reply from 30 1 1 2 bytes 56 Sequence 1...

Страница 1457: ...an LDP connection respectively with the same VC ID of 1 If you change the encapsulation type of Serial 1 1 to HDLC the expected LDP connection cannot be established Analysis When you change the encap...

Страница 1458: ...1458 CHAPTER 78 MPLS L2VPN CONFIGURATION...

Страница 1459: ...Packet Forwarding on page 1463 MPLS L3VPN Networking Schemes on page 1464 MPLS L3VPN Routing Information Advertisement on page 1467 Carrier s Carrier on page 1468 Multi AS VPN on page 1470 Multi Role...

Страница 1460: ...connected PE it advertises its VPN routes to the PE and learns remote VPN routes from the PE A CE and a PE use BGP IGP to exchange routing information You can also configure static routes between the...

Страница 1461: ...eates and maintains a separate VPN instance for each VPN at a directly connected site Each VPN instance contains the VPN membership and routing rules of the corresponding site If a user at a site belo...

Страница 1462: ...stinguished by the Type field When the value of the Type field is 0 the Administrator subfield occupies two bytes the Assigned number subfield occupies four bytes and the RD format is 16 bit AS number...

Страница 1463: ...PN instance by using the VPN target attribute of import target attribute It can reject the routes selected by the communities in the import target attribute An export routing policy can reject the rou...

Страница 1464: ...ination address of the packet to determine the outbound interface and then forwards the packet out the interface to CE 2 4 CE 2 transmits the packet to the destination by IP forwarding MPLS L3VPN Netw...

Страница 1465: ...his networking scheme requires two VPN targets one for the hub and the other for the spoke The VPN target setting rules for VPN instances of all sites on PEs are as follows On spoke PEs that is the PE...

Страница 1466: ...s distinct from the export VPN targets of the other spoke PEs Therefore any two spoke PEs can neither directly advertise VPN IPv4 routes to each other nor directly access each other Extranet networkin...

Страница 1467: ...on Advertisement In basic MPLS L3VPN networking the advertisement of VPN routing information involves CEs and PEs A P router maintains only the routes of the backbone and does not need to know any VPN...

Страница 1468: ...P routes The exchange of routing information between the egress PE and the remote CE is the same as that between the local CE and the ingress PE Carrier s Carrier Introduction to carrier s carrier It...

Страница 1469: ...411 PE 3 and PE 4 exchange VPN routes of the Level 2 carrier through IBGP sessions Figure 411 Scenario where the Level 2 carrier is an ISP When the Level 2 carrier is an MPLS L3VPN service provider i...

Страница 1470: ...ter provider VPN option A In this kind of solution PEs of two ASs are directly connected and each PE is also the ASBR of its AS The PEs acting as ASBRs are connected through multiple subinterfaces Eac...

Страница 1471: ...IPv4 routes which is also called ASBR extension method Figure 414 Network diagram for inter provider VPN option B In terms of scalability inter provider VPN option B is better than option A When adop...

Страница 1472: ...e ASBR of another AS also advertises labeled IPv4 routes Thus an LSP is established between the ingress PE and egress PE Between PEs of different ASs Multi hop EBGP connections are established to exch...

Страница 1473: ...ation from other VPNs to reach the CE from the PE you must configure static routes on other VPNs that take the interface connected to the CE as the next hop n All IP addresses associated with the PE m...

Страница 1474: ...pplicable to the large scale VPN deployment 2 HoVPN To solve the scalability problem of the plane model MPLS L3VPN must transition to the hierarchical model In MPLS L3VPN hierarchy of VPN HoVPN was pr...

Страница 1475: ...ements SPE An SPE is required to have large capacity routing table high forwarding performance and fewer interface resources UPE A UPE is required to have small capacity routing table low forwarding p...

Страница 1476: ...extension For more information about OSPF refer to the OSPF Configuration on page 917 OSPF multi instance on PE OSPF is a prevalent IGP protocol In many cases VPN clients are connected through BGP pee...

Страница 1477: ...ces and therefore can address the above problems Properly configured OSPF sites are considered directly connected and PEs can exchange OSPF routing information as they are using dedicated lines This i...

Страница 1478: ...gh LSAs the LSAs may be received by another PE resulting in a routing loop To avoid routing loops when creating Type 3 LSAs the PE always sets the flag bit DN for BGP VPN routes learnt from MPLS BGP r...

Страница 1479: ...nto BGP as a VPN IPv4 route A sham link can be configured in any area You need to configure it manually In addition the local VPN instance must have a route to the destination of the sham link Multi V...

Страница 1480: ...AS number of 800 AS number substitution is enabled on PE 2 for CE 2 Before advertising updates received from CE 1 to CE 2 PE 2 finds that an AS number in the AS_PATH is the same as that of CE 2 and h...

Страница 1481: ...the VPN instance with a VPN Follow these steps to create and configure a VPN instance Associating a VPN Instance with an Interface After creating and configuring a VPN instance you associate the VPN i...

Страница 1482: ...an configure up to 16 VPN targets for a VPN instance To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Associate the current in...

Страница 1483: ...oser to the select seq keyword has a higher priority For example with the tunnel select seq lsp gre load balance number 1 command configured VPN uses a GRE tunnel if no LSP exists Once an LSP is creat...

Страница 1484: ...ctivity Configure MPLS basic capability for the MPLS backbone PEs and Ps Configure MPLS LDP for the MPLS backbone PEs and Ps so that LDP LSPs can be established On CEs configure the IP addresses of th...

Страница 1485: ...ing a process or to configure the IP address for at least one interface of the VPN instance An OSPF process belongs to only one VPN instance If you run an OSPF process without binding it to a VPN inst...

Страница 1486: ...the OSPF domain ID is included in the BGP VPN route and delivered as a BGP extended community attribute n After configuring an OSPF instance you must start OSPF by using the same method for starting...

Страница 1487: ...Required Configure the CE as the VPN peer peer group name ip address as number as number Required Inject the routes of the local CEs import route protocol process id med med value route policy route p...

Страница 1488: ...table has the same function on BGP routes for each type of the address families Follow these steps to configure common routing features for all types of subaddress families Configure the route adverti...

Страница 1489: ...family peer group name ip address enable Required By default only IPv4 routing information is exchanged between BGP peers Add a peer into an existing peer group peer ip address group group name Option...

Страница 1490: ...ived from or to be advertised to a peer or peer group based on an AS_PATH list peer group name ip address as path acl aspath filter number import export Optional By default no AS filtering list is app...

Страница 1491: ...applies to scenarios where the number of VPNs and that of VPN routes on the PEs are relatively small It is simple to implement To configure inter provider VPN option A you only need to Configure basic...

Страница 1492: ...BGP do not have their next hops changed by default If the next hops need to be changed to the local addresses you can configure the peer ip address group name next hop local command For information ab...

Страница 1493: ...ew system view Enter BGP view bgp as number Configure the ASBR PE in the same AS as the IBGP peer peer group name ip address as number as number Required Enable the PE to exchange labeled IPv4 routes...

Страница 1494: ...ure the ASBR_PE to change the next hop to itself when advertising routes to PEs in the same AS peer group name ip address next hop local Required By default a BGP speaker does not use its address as t...

Страница 1495: ...onfigure a private network static route on a PE specifying the egress of another private network or public network as the egress of the static route Thus packets from the multi role host for accessing...

Страница 1496: ...sed through BGP Configuration Prerequisites Before configuring OSPF sham link be sure to complete these tasks Configuring basic MPLS L3VPN OSPF is used between PE and CE Configuring OSPF in the LAN wh...

Страница 1497: ...stance Configuring Multi VPN instance CE Multi VPN instance CE is used in LANs By configuring multiple OSPF instances on CEs you can implement service isolation One OSPF process can belong to only one...

Страница 1498: ...ore configuring BGP AS number substitution complete these tasks Configuring basic MPLS L3VPN Configuring CEs at different sites to have the same AS number Configuration Procedure When CEs at different...

Страница 1499: ...in user view Reset BGP connections of a VPN instance reset bgp vpn instance vpn instance name as number ip address all external group group name Available in user view Reset BGP VPNv4 connections res...

Страница 1500: ...ixes as path acl as path acl number cidr community aa nn 1 13 no export subconfed no advertise no export whole match community list basic community list number whole match adv community list number 1...

Страница 1501: ...sic community list number whole match adv community list number 1 16 dampened dampening parameter different origin as flap info as path acl as path acl number network address mask longer match mask le...

Страница 1502: ...0 network 1 1 1 9 0 0 0 0 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Configure the P device Device Interface IP address Device Interface IP address CE 1 Eth 1 0 10 1 1 1 24 P Loop0 2 2 2 9 32 PE 1...

Страница 1503: ...configurations OSPF adjacency should be established between PE 1 P and PE 2 Issuing the display ospf peer command you can see that the adjacency status is Full Issuing the display ip routing table co...

Страница 1504: ...erface pos 5 0 P POS5 0 mpls P POS5 0 mpls ldp P POS5 0 quit P interface pos 5 1 P POS5 1 mpls P POS5 1 mpls ldp P POS5 1 quit Configure PE 2 PE2 mpls lsr id 3 3 3 9 PE2 mpls PE2 mpls lsp trigger all...

Страница 1505: ...p vpn instance vpn2 PE1 vpn instance vpn2 route distinguisher 100 2 PE1 vpn instance vpn2 vpn target 222 2 PE1 vpn instance vpn2 quit PE1 interface ethernet 1 0 PE1 Ethernet1 0 ip binding vpn instance...

Страница 1506: ...255 time 4 ms Reply from 10 1 1 1 bytes 56 Sequence 4 ttl 255 time 52 ms Reply from 10 1 1 1 bytes 56 Sequence 5 ttl 255 time 3 ms 10 1 1 1 ping statistics 5 packet s transmitted 5 packet s received...

Страница 1507: ...gp peer 1 1 1 9 connect interface loopback 0 PE2 bgp ipv4 family vpnv4 PE2 bgp af vpnv4 peer 1 1 1 9 enable PE2 bgp af vpnv4 quit PE2 bgp quit After completing the above configuration if you issue the...

Страница 1508: ...1 bytes 56 Sequence 4 ttl 253 time 50 ms Reply from 10 3 1 1 bytes 56 Sequence 5 ttl 253 time 34 ms 10 3 1 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min...

Страница 1509: ...outing table command you can see that the PEs have learned the loopback route of each other 2 Enable MPLS basic capability on the PEs Configure PE 1 PE1 system view PE1 mpls lsr id 1 1 1 9 PE1 mpls PE...

Страница 1510: ...2 PE2 tunnel policy gre1 PE2 tunnel policy gre1 tunnel select seq gre load balance number 1 PE2 tunnel policy gre1 quit PE2 ip vpn instance vpn1 PE2 vpn instance vpn1 route distinguisher 100 2 PE2 vp...

Страница 1511: ...number 100 CE1 bgp import route direct CE1 bgp quit Configure PE 1 PE1 bgp 100 PE1 bgp ipv4 family vpn instance vpn1 PE1 bgp vpn1 peer 10 1 1 1 as number 65410 PE1 bgp vpn1 peer 10 1 1 1 next hop loca...

Страница 1512: ...MsgRcvd MsgSent OutQ PrefRcv Up Down State 2 2 2 9 4 100 3 3 0 1 00 00 34 Established 6 Configure a GRE tunnel Configure PE 1 PE1 interface tunnel 0 PE1 Tunnel0 tunnel protocol gre PE1 Tunnel0 source...

Страница 1513: ...ask Proto Pre Cost NextHop Interface 10 1 1 0 24 Direct 0 0 10 1 1 2 Eth1 0 10 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 10 2 1 0 24 BGP 255 0 2 2 2 9 NULL0 The CEs should be able to ping each other CE1 p...

Страница 1514: ...of each other Each ASBR PE and the PE in the same AS should be able to ping each other 2 Configure MPLS basic capability and MPLS LDP on the MPLS backbone to establish LDP LSPs Configure MPLS basic c...

Страница 1515: ...0 ASBR PE1 POS5 0 mpls ASBR PE1 POS5 0 mpls ldp ASBR PE1 POS5 0 quit Configure MPLS basic capability on ASBR PE 2 and enable MPLS LDP on the interface connected to PE 2 ASBR PE2 system view ASBR PE2 m...

Страница 1516: ...n instance vpn1 vpn target 100 1 both PE1 vpn instance vpn1 quit PE1 interface ethernet 1 1 PE1 Ethernet1 1 ip binding vpn instance vpn1 PE1 Ethernet1 1 ip address 10 1 1 2 24 PE1 Ethernet1 1 quit Con...

Страница 1517: ...gurations by issuing the display ip vpn instance command The PEs should be able to ping their respective CEs and the ASBR PEs should be able to ping each other 4 Establish EBGP peer relationship betwe...

Страница 1518: ...9 enable ASBR PE1 bgp af vpnv4 peer 1 1 1 9 next hop local ASBR PE1 bgp af vpnv4 quit ASBR PE1 bgp quit Configure ASBR PE 2 ASBR PE2 bgp 200 ASBR PE2 bgp ipv4 family vpn instance vpn1 ASBR PE2 bgp vp...

Страница 1519: ...IBGP ASBR PE 1 and ASBR PE 2 exchange labeled IPv4 routes by MP EBGP ASBRs do not perform VPN target filtering of received VPN IPv4 routes Network diagram Figure 425 Configure inter provider VPN optio...

Страница 1520: ...ck0 ip address 2 2 2 9 32 PE1 LoopBack0 isis enable 1 PE1 LoopBack0 quit Create VPN instance vpn1 and configure the RD and VPN target attributes PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route di...

Страница 1521: ...and enable MPLS and LDP on the interface ASBR PE1 interface serial 2 0 ASBR PE1 Serial2 0 ip address 1 1 1 1 255 0 0 0 ASBR PE1 Serial2 0 isis enable 1 ASBR PE1 Serial2 0 mpls ASBR PE1 Serial2 0 mpls...

Страница 1522: ...mpls lsp trigger all ASBR PE2 mpls label advertise non null ASBR PE2 mpls quit ASBR PE2 mpls ldp ASBR PE2 mpls ldp quit Configure interface Serial 2 0 start IS IS and enable MPLS and LDP on the inter...

Страница 1523: ...entity 10 111 111 111 111 00 PE2 isis 1 quit Configure LSR ID enable MPLS and LDP PE2 mpls lsr id 5 5 5 9 PE2 mpls PE2 mpls lsp trigger all PE2 mpls label advertise non null PE2 mpls quit PE2 mpls ldp...

Страница 1524: ...e of vpn1 PE2 bgp ipv4 family vpn instance vpn1 PE2 bgp vpn1 import route direct PE2 bgp vpn1 quit PE2 bgp quit 5 Verify your configurations After you complete the above configurations PE 1 and PE 2 s...

Страница 1525: ...art IS IS and enable MPLS and LDP on the interface PE1 interface serial 1 0 PE1 Serial1 0 ip address 1 1 1 2 255 0 0 0 PE1 Serial1 0 isis enable 1 PE1 Serial1 0 mpls PE1 Serial1 0 mpls ldp PE1 Serial1...

Страница 1526: ...0 0 1 32 PE1 LoopBack1 quit Start BGP on PE 1 PE1 bgp 100 Configure the capability to advertise labeled routes to IBGP peer 3 3 3 9 and to receive labeled routes from the peer PE1 bgp peer 3 3 3 9 as...

Страница 1527: ...e serial 1 1 ASBR PE1 Serial1 1 ip address 11 0 0 2 255 0 0 0 ASBR PE1 Serial1 1 mpls ASBR PE1 Serial1 1 quit Configure interface Loopback 0 and start IS IS on it ASBR PE1 interface loopback 0 ASBR PE...

Страница 1528: ...the peer ASBR PE1 bgp peer 11 0 0 1 label route capability ASBR PE1 bgp quit 3 Configure ASBR PE 2 Start IS IS on ASBR PE 2 ASBR PE2 system view ASBR PE2 isis 1 ASBR PE2 isis 1 network entity 10 222...

Страница 1529: ...eer ASBR PE2 bgp peer 5 5 5 9 as number 600 ASBR PE2 bgp peer 5 5 5 9 connect interface loopback 0 ASBR PE2 bgp peer 5 5 5 9 label route capability Specify to use routing policy policy2 to filter rout...

Страница 1530: ...e vpn1 PE2 vpn instance vpn1 route distinguisher 11 11 PE2 vpn instance vpn1 vpn target 1 1 2 2 3 3 import extcommunity PE2 vpn instance vpn1 vpn target 3 3 export extcommunity PE2 vpn instance vpn1 q...

Страница 1531: ...27 PE 1 and PE 2 are PEs of the Level 1 carrier backbone CE 1 and CE 2 are devices of the Level 2 carrier and work as CE to access the Level 1 carrier backbone PE 3 and PE 4 are devices of the Level 2...

Страница 1532: ...00 PE1 isis 1 quit Device Interface IP address Device Interface IP address CE 3 Eth 1 0 100 1 1 1 24 CE 4 Eth 1 0 120 1 1 1 24 PE 3 Loop0 1 1 1 9 32 PE 4 Loop0 6 6 6 9 32 Eth 1 0 100 1 1 2 24 Eth 1 0...

Страница 1533: ...established and has reached the state of Established Issuing the display isis peer command you should see that the IS IS neighbor relationship has been set up Take PE 1 as an example PE1 display mpls...

Страница 1534: ...network entity 10 0000 0000 0000 0002 00 CE1 isis 2 quit CE1 interface loopback 0 CE1 LoopBack0 isis enable 2 CE1 LoopBack0 quit CE1 interface pos 5 0 CE1 POS5 0 ip address 10 1 1 2 24 CE1 POS5 0 isi...

Страница 1535: ...CE1 POS5 1 mpls ldp transport address interface CE1 POS5 1 quit After you complete the above configurations PE 1 and CE 1 should be able to establish the LDP session and IS IS neighbor relationship be...

Страница 1536: ...ip routing table command on PE 1 and PE 2 You should see that only routes of the Level 1 carrier network are present in the public network routing table of PE 1 and PE 2 Takes PE 1 as an example PE1...

Страница 1537: ...1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 11 1 1 0 24 Direct 0 0 11 1 1 1 POS5 1 11 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 11 1 1 2 32 Direct 0 0 11 1 1 2 POS5 1 20 1 1 0 24 ISIS 15 74 11 1 1 2 POS5 1 21...

Страница 1538: ...s 56 Sequence 4 ttl 252 time 70 ms Reply from 20 1 1 2 bytes 56 Sequence 5 ttl 252 time 60 ms 20 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg ma...

Страница 1539: ...d configure different RDs and VPN targets attributes for the VPN instances PE1 system view PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 100...

Страница 1540: ...mber 3001 PE1 acl adv 3001 rule 0 permit ip vpn instance vpn1 source 100 1 1 2 0 PE1 acl adv 3001 quit PE1 policy based route policy1 permit node 10 PE1 policy based route if match acl 3001 PE1 policy...

Страница 1541: ...uit Configure the IGP protocol OSPF for example Device Interface IP address Device Interface IP address CE 1 Eth 1 0 10 2 1 1 24 CE 3 Eth 1 0 10 1 1 1 24 CE 2 Eth 1 0 10 4 1 1 24 CE 4 Eth 1 0 10 3 1 1...

Страница 1542: ...0 quit UPE1 interface ethernet 1 1 UPE1 Ethernet1 1 ip binding vpn instance vpn2 UPE1 Ethernet1 1 ip address 10 4 1 2 24 UPE1 Ethernet1 1 quit Configure UPE 1 to establish MP IBGP peer relationship wi...

Страница 1543: ...it Configure the IGP protocol OSPF for example UPE2 ospf UPE2 ospf 1 area 0 UPE2 ospf 1 area 0 0 0 0 network 172 2 1 0 0 0 0 255 UPE2 ospf 1 area 0 0 0 0 network 4 4 4 9 0 0 0 0 UPE2 ospf 1 area 0 0 0...

Страница 1544: ...face ethernet 1 0 CE3 Ethernet1 0 ip address 10 1 1 1 255 255 255 0 CE3 Ethernet1 0 quit CE3 bgp 65430 CE3 bgp peer 10 1 1 2 as number 100 CE3 bgp import route direct CE3 quit 6 Configure CE 4 CE4 sys...

Страница 1545: ...to establish MP IBGP peer relationship with UPE 1 and to inject VPN routes and specify UPE 1 SPE1 bgp 100 SPE1 bgp peer 1 1 1 9 as number 100 SPE1 bgp peer 1 1 1 9 connect interface loopback 0 SPE1 b...

Страница 1546: ...vpn1 vpn target 100 1 both SPE2 vpn instance vpn1 quit SPE2 ip vpn instance vpn2 SPE2 vpn instance vpn2 route distinguisher 800 1 SPE2 vpn instance vpn2 vpn target 100 2 both SPE2 vpn instance vpn2 qu...

Страница 1547: ...ng the configurations CE 1 and CE 2 should be able to learn the OSPF route to the Ethernet interface of each other The following takes CE 1 as an example CE1 display ip routing table Routing Tables Pu...

Страница 1548: ...ldp quit PE1 interface serial 2 1 PE1 Serial2 1 ip address 10 1 1 1 24 PE1 Serial2 1 mpls PE1 Serial2 1 mpls ldp PE1 Serial2 1 quit Configure PE 1 to take PE 2 as the MP IBGP peer PE1 bgp 100 PE1 bgp...

Страница 1549: ...figure PE 1 to allow CE 1 to access the network PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 1 1 PE1 vpn instance vpn1 quit PE1 interface e...

Страница 1550: ...n Mask Proto Pre Cost NextHop Interface 20 1 1 0 24 OSPF 10 1563 100 1 1 1 Eth1 0 30 1 1 0 24 OSPF 10 3125 100 1 1 1 Eth1 0 100 1 1 0 24 Direct 0 0 100 1 1 2 Eth1 0 100 1 1 2 32 Direct 0 0 127 0 0 1 I...

Страница 1551: ...ample CE1 display ip routing table Routing Tables Public Destinations 9 Routes 9 Destination Mask Proto Pre Cost NextHop Interface 20 1 1 0 24 Direct 0 0 20 1 1 1 S2 1 20 1 1 1 32 Direct 0 0 127 0 0 1...

Страница 1552: ...n PE 2 to allow CE 2 to access the network Configure the VPN instance of VPN 1 on PE 1 to allow CE 1 to access the network Configure BGP between PE 1 and CE 1 and between PE 2 and CE 2 to inject route...

Страница 1553: ...1 1 1 32 BGP 255 0 1 1 1 9 NULL0 10 2 1 0 24 Direct 0 0 10 2 1 2 Eth1 0 10 2 1 1 32 Direct 0 0 10 2 1 1 Eth1 0 10 2 1 2 32 Direct 0 0 127 0 0 1 InLoop0 100 1 1 1 32 BGP 255 0 1 1 1 9 NULL0 200 1 1 1 3...

Страница 1554: ...0 100 10 2 1 0 24 10 2 1 2 0 0 100 10 2 1 1 32 10 2 1 2 0 0 100 100 1 1 1 32 10 2 1 2 0 100 100 CE2 display ip routing table Routing Tables Public Destinations 9 Routes 9 Destination Mask Proto Pre Co...

Страница 1555: ...MPLS L3VPN Configuration Example 1555 5 packet s received 0 00 packet loss round trip min avg max 66 79 109 ms...

Страница 1556: ...1556 CHAPTER 79 MPLS L3VPN CONFIGURATION...

Страница 1557: ...Branch devices dynamically access the public network VPN address management VAM is a major protocol used in the DVPN solution It collects maintains and distributes dynamic information to help set up...

Страница 1558: ...pplication layer of the TCP IP protocol stack DVPN uses UDP as its transport layer protocol A DVPN consists of one server and multiple clients The public address of the server in a DVPN must be static...

Страница 1559: ...rties negotiate to determine whether VAM protocol packets should be secured If so they negotiate about the encryption and integrity validation algorithms generate the keys and acknowledge the negotiat...

Страница 1560: ...process 1 The initiator originates a tunnel establishment request Spoke Hub tunnel After a Spoke registers itself successfully it needs to establish a permanent tunnel with each Hub in the VPN Upon r...

Страница 1561: ...ynamic IP address AAA identity authentication of VAM clients on the VAM server After the initialization process completes a VAM client must register with the VAM server during which the client must pa...

Страница 1562: ...figure the VAM server perform the tasks described in the following sections Creating a VPN Domain Follow these steps to create a VPN domain Task Remarks Configure the DVPN server Configuring AAA on pa...

Страница 1563: ...est priority against the algorithm list of the client If a match is found the algorithm is used Otherwise the server compares its algorithm ranking next by priority against the algorithm list of the c...

Страница 1564: ...b to the other clients If you configure both the public and private addresses of the Hub on the server the server considers a Hub valid only when both the public and private addresses that the Hub reg...

Страница 1565: ...ers n All clients in a VPN have the same keepalive settings but if you change the keepalive settings of the server the new settings are sent to only clients that register later all clients registering...

Страница 1566: ...1566 Required Specifying an Interval for Resending a VAM Packet on page 1566 Optional Specifying the Primary VAM Server on page 1566 Required Specifying the Secondary VAM Server on page 1567 Optional...

Страница 1567: ...hared key is used to generate the public keys for security of the channels between the server and a client Follow these steps to specify the pre shared key of the VAM client To do Use the command Rema...

Страница 1568: ...rofile Follow the following steps to configure an IPSec profile Enter VAM client view vam client name client name Specify the pre shared key of the VAM client pre shared key cipher simple key string R...

Страница 1569: ...e Prerequisites You need to specify on the device an IP address for the VLAN interface Ethernet interface or Loopback interface which will act as the source interface of the tunnel virtual interface t...

Страница 1570: ...VAM client otherwise the tunnel interface cannot become up The client to be bound must exist and is not bound to any other tunnel interface No VAM client is bound to the DVPN tunnel interface by defa...

Страница 1571: ...Networks Network requirements In the full mesh networks the primary VAM server main and the secondary VAM server backup manage and maintain information about the nodes The AAA server takes charge of...

Страница 1572: ...at with domain MainServer radius radsun quit Apply the RADIUS scheme in domain 1 Device Interface IP address Device Interface IP address Hub 1 Eth1 0 192 168 1 1 24 Spoke 1 Eth1 0 192 168 1 3 24 Tunne...

Страница 1573: ...n 1 quit Create VPN domain 2 MainServer vam server vpn 2 Set the pre shared key to 456 MainServer vam server vpn 2 pre shared key simple 456 Enable PAP authentication for VAM clients MainServer vam se...

Страница 1574: ...password to dvpn2hub2 Hub1 vam client name dvpn2hub1 user dvpn2hub1 password simple dvpn2hub1 Hub1 vam client name dvpn2hub1 client enable Hub1 vam client name dvpn2hub1 quit Configure the IPSec profi...

Страница 1575: ...rea 0 0 0 0 network 10 0 2 1 0 0 0 255 Hub1 ospf 300 area 0 0 0 0 quit 4 Configure Hub 2 Configure IP addresses for the interfaces omitted Configure the VAM clients Hub2 system view Create a VAM clien...

Страница 1576: ...vam Hub2 ike peer vam pre shared key abcde Hub2 ike peer vam quit Configure the IPSec profile Hub2 ipsec profile vamp Hub2 ipsec profile vamp proposal vam Hub2 ipsec profile vamp ike peer vam Hub2 ip...

Страница 1577: ...Spoke1 vam client name dvpn1spoke1 server secondary ip address 192 168 1 33 Spoke1 vam client name dvpn1spoke1 pre shared key simple 123 Create a local user setting the user name to dvpn1spoke1 and th...

Страница 1578: ...vpn 1 Specify the IP addresses of the VAM servers and set the pre shared key Spoke2 vam client name dvpn1spoke2 server primary ip address 192 168 1 22 Spoke2 vam client name dvpn1spoke2 server seconda...

Страница 1579: ...1 for VPN 1 Spoke2 interface tunnel 1 Spoke2 Tunnel1 tunnel protocol dvpn udp Spoke2 Tunnel1 vam client dvpn1spoke2 Spoke2 Tunnel1 ip address 10 0 1 4 255 255 255 0 Spoke2 Tunnel1 source ethernet 1 0...

Страница 1580: ...e dvpn2spoke3 Spoke3 vam client name dvpn2spoke3 client enable Spoke3 vam client name dvpn2spoke3 quit Configure the IPSec profile Configure the IPSec proposal Spoke3 ipsec proposal vam Spoke3 ipsec p...

Страница 1581: ...0 0 0 network 10 0 2 3 0 0 0 255 Spoke3 ospf 200 area 0 0 0 0 quit DVPN Configuration Example for Spoke Hub Networks Network requirements In the Spoke Hub networks data is forwarded along spoke hub t...

Страница 1582: ...radius radsun user name format with domain MainServer radius radsun quit Configure the AAA scheme of the ISP domain MainServer domain domain1 MainServer isp domain1 authentication default radius schem...

Страница 1583: ...primary VAM server on page 1582 3 Configure Hub 1 Configure the IP addresses of the interfaces Omitted Configure the VAM clients Hub1 system view Create a VAM client named dvpn1hub1 for VPN 1 Hub1 va...

Страница 1584: ...2 168 1 1 0 0 0 255 Hub1 ospf 100 area 0 0 0 0 quit Configure OSPF for the private network Hub1 ospf 200 Hub1 ospf 200 area 0 Hub1 ospf 200 area 0 0 0 0 network 10 0 1 1 0 0 0 255 Hub1 ospf 200 area 0...

Страница 1585: ...0 1 2 255 255 255 0 Hub2 Tunnel1 source ethernet 1 0 Hub2 Tunnel1 ospf network type p2mp Hub2 Tunnel1 ipsec profile vamp Hub2 Tunnel1 quit Configure OSPF Configure OSPF for the public network Hub2 os...

Страница 1586: ...m Spoke1 ipsec profile vamp ike peer vam Spoke1 ipsec profile vamp sa duration time based 600 Spoke1 ipsec profile vamp pfs dh group2 Configure the DVPN tunnel Configure tunnel interface Tunnel 1 for...

Страница 1587: ...hentication algorithm sha1 Spoke2 ipsec proposal vam quit Configure the IKE peer Spoke2 ike peer vam Spoke2 ike peer vam pre shared key abcde Spoke2 ike peer vam quit Configure the IPSec profile Spoke...

Страница 1588: ...1588 CHAPTER 80 DVPN CONFIGURATION...

Страница 1589: ...otocol of virtual private network VPN A tunnel is a virtual point to point connection for transferring encapsulated packets Packets are encapsulated at one end of the tunnel and decapsulated at the ot...

Страница 1590: ...nd routed Passenger protocol Protocol that the payload packet uses IPX in the example Encapsulation or carrier protocol Protocol used to encapsulate the payload packet that is GRE Delivery or transpor...

Страница 1591: ...ope enlargement of the network running a hop limited protocol on page 1592 VPN creation by connecting discontinuous subnets on page 1592 GRE IPSec tunnel application on page 1592 Multi protocol commun...

Страница 1592: ...Figure 442 Group 1 and Group 2 running Novell IPX are deployed in different cities They can constitute a trans WAN virtual private network VPN through the tunnel GRE IPSec tunnel application Figure 4...

Страница 1593: ...figured with the same tunnel mode Otherwise packet delivery will fail Configure the source address or interface for the tunnel interface source ip address interface type interface number Required By d...

Страница 1594: ...t does not check the checksum of a received packet Contrarily if the checksum function is enabled at the remote end but not at the local end the local end checks the checksum of a received packet but...

Страница 1595: ...e to GRE over IPv6 tunnel protocol gre ipv6 Required GRE over IPv4 by default Note that both ends of a tunnel must be configured with the same tunnel mode Otherwise packet delivery will fail Configure...

Страница 1596: ...remote end Or you can enable the dynamic routing protocol on both the tunnel interface and the router interface connecting the private network so that the dynamic routing protocol can establish a rou...

Страница 1597: ...al 2 0 RouterA Tunnel0 source 1 1 1 1 Configure the destination address of interface Tunnel0 to be the IP address of Serial 2 1 on Router B RouterA Tunnel0 destination 2 2 2 2 RouterA Tunnel0 quit Con...

Страница 1598: ...6 Tunnel Configuration Example Network requirements Two IPv4 subnets Group 1 and Group 2 are interconnected through a GRE tunnel over the IPv6 network between Router A and Router B Network diagram Fig...

Страница 1599: ...face Tunnel0 to be the IP address of interface Serial 2 1 on Router B RouterA Tunnel0 destination 2002 2 1 RouterA Tunnel0 quit Configure a static route from Router A through interface Tunnel0 to Grou...

Страница 1600: ...nsistent Most faults can be pinpointed by using the debugging gre or debugging tunnel command This section analyzes only one type of fault as shown in Figure 446 Figure 446 Troubleshoot GRE Symptom Th...

Страница 1601: ...ted virtual tunnel over public networks while other users on the public networks cannot A VPDN tunnel can be set up in two ways The network access server NAS directly connects users to an enterprise g...

Страница 1602: ...combining the best features of L2F and PPTP L2TP becomes the Layer 2 tunneling industry standard defined by the Internet Engineering Task Force IETF Typical application Figure 447 shows a typical VPD...

Страница 1603: ...le port which is unnecessarily 1701 too to return a packet to the specified port of the initiator From then on the two parties use the negotiated ports to communicate until the tunnel is disconnected...

Страница 1604: ...er not the sender Two typical L2TP tunnel modes Figure 450 shows two typical tunnel modes Tunnel between a remote system and the LNS Tunnel between an LAC client and the LNS Figure 450 Two typical L2T...

Страница 1605: ...S server for authentication 5 The LAC RADIUS server authenticates the user 6 If the user passes authentication the LAC initiates a tunneling request to the LNS IP network IP network WAN PSTN ISDN Host...

Страница 1606: ...does not provide security for connections However it has all the security features of PPP for it allows for PPP authentication CHAP or PAP L2TP can also cooperate with IPSec to guarantee data securit...

Страница 1607: ...cation on page 1611 Optional Specifying to perform LCP Negotiation with Users on page 1612 Optional Configuring the Local Address and the Address Pool for Allocation on page 1613 Optional Configuring...

Страница 1608: ...only if tunnel authentication is enabled on the other side and the two sides are configured with the same password that is not null You are recommended to enable tunnel authentication for tunnel secu...

Страница 1609: ...mation about AAA configuration commands refer to Configuring AAA on page 1761 Follow these steps to configure the local AAA scheme and the users and passwords c CAUTION For successful authentication o...

Страница 1610: ...om an LAC an LNS checks whether the LAC name is the valid remote tunnel name and then determines whether to allow for setting up a tunnel If the L2TP group number is 1 allow l2tp virtual template virt...

Страница 1611: ...ntication for tunnel security You can change the password for tunnel authentication but your change takes effect for only tunnels established later To check the connectivity of a tunnel the LAC and th...

Страница 1612: ...thentication If the LNS uses proxy authentication and the authentication method configured on the virtual interface template is CHAP but the authentication method on the LAC is PAP the authentication...

Страница 1613: ...ool To do Use the command Remarks Enter system view system view Enable L2TP l2tp enable Required Disabled by default Create an L2TP group and enter its view l2tp group group number Required By default...

Страница 1614: ...trol Messages According to RFC2661 the ACCM AVP is for the LNS to notify the LAC of the ACCM negotiated with the PPP peer In practice different LAC manufacturers implement different support for ACCM T...

Страница 1615: ...r as the username Hello as the password and 170 as the access number After dialing the access number and bringing up the dial up terminal window enter username as the username and userpass as the pass...

Страница 1616: ...assword must match those configured on the client LNS system view LNS local user vpdnuser LNS luser vpdnuser password simple Hello LNS luser vpdnuser service type ppp LNS luser vpdnuser quit Configure...

Страница 1617: ...en perform the following configurations the configuration procedure depends on the client software Specify the VPN username as vpdnuser and the password as Hello Set the Internet interface address of...

Страница 1618: ...emplate for receiving calls LNS l2tp group 1 LNS l2tp1 allow l2tp virtual template 1 Enable tunnel authentication and specify the tunnel authentication password LNS l2tp1 tunnel authentication LNS l2t...

Страница 1619: ...o the tunnel is 1 1 2 2 Create two local users set the passwords and enable PPP service LAC system view LAC local user vpdn1 LAC luser vpdn1 password simple 11111 LAC luser vpdn1 service type ppp LAC...

Страница 1620: ...tp2 tunnel password simple 12345 LAC l2tp2 quit LAC l2tp group 1 LAC l2tp1 tunnel authentication LAC l2tp1 tunnel password simple 12345 3 Configure the LNS LNS system view LNS l2tp enable Create two l...

Страница 1621: ...nel password simple 12345 If the RADIUS authentication is required on the LNS modifying the AAA configurations as needed For AAA configuration details refer to Configuring AAA on page 1761 Complicated...

Страница 1622: ...nfigured The authentication type is inconsistent For example if the default authentication type for a VPN connection created on Windows 2000 is Microsoft Challenge Handshake Authentication Protocol MS...

Страница 1623: ...ork core requirements during packet forwarding process such as delay jitter and packet loss ratio Traditional Packets Forwarding Application On traditional IP networks the devices treat all packets id...

Страница 1624: ...g packets forwarding are required other than simply delivering the packets to their destination such as providing user specific bandwidth reducing packet loss ratio avoiding congestion regulating netw...

Страница 1625: ...by congestion A more effective method to solve the problem of QoS is to enhance the functions of traffic control and resource allocation in the network and to provide differentiated services for appli...

Страница 1626: ...se actively take the policy of dropping packets through adjusting traffic to resolve the overloading of the network Among those traffic management technologies traffic classification is the basis It i...

Страница 1627: ...network segment In general while packets being classified on the network border the precedence bits in the ToS byte of IP header are set so that IP precedence can be used as a direct packet classifica...

Страница 1628: ...ssigned resources in certain time interval so as to prevent the network congestion caused by excess burst Traffic policing and traffic shaping is a traffic monitoring policy to restrict the traffic an...

Страница 1629: ...mum traffic size of every burst Generally it is set as CBS Committed Burst Size and the bursting size must be greater than the maximum packets size A new evaluation will be made when a new packet arri...

Страница 1630: ...service for the policed traffics and depending upon the different evaluation results it will implement the pre configured policing actions which are described as the following Forwarding the packet w...

Страница 1631: ...ffer or queues and send them Thus all the packets sent to Router B accord with the traffic regulation of Router B Line Rate on Physical Port On a physical interface you can enforce line rates below th...

Страница 1632: ...ffic policing and traffic shaping Configuring Traffic Policing The traffic policing configuration is divided into two tasks one is to define the characters of the packets that need traffic policing th...

Страница 1633: ...outbound carl carl index cir committed information rate cbs committed burst size ebs excess burst size green action red action Required cbs is the traffic passed at CIR in 500 milliseconds by default...

Страница 1634: ...se the command Remarks Enter system view system view Enter interface view or port group view Enter interface view interface interface type interface number Use either command Configured in interface v...

Страница 1635: ...r egress interface Configuration example for traffic policing Configure TP on the interface Ethernet1 0 to perform traffic control on the traffic transmitted on the interface Ethernet1 0 The traffic s...

Страница 1636: ...ken as the default value ebs is 0 by default queue length is 50 by default Display the GTS information on each interface display qos gts interface interface type interface number Optional The display...

Страница 1637: ...type interface number Optional The display command can be executed in any view To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter interface view or port gr...

Страница 1638: ...s is not supported on the module and cbs defaults to 4096 bytes Enter port group view port group aggregation agg id Configure port group LR qos lr inbound outbound cir committed information rate cbs c...

Страница 1639: ...riction the preference of the ultra long packet will be set to 0 before transmission The restriction on the traffic from Host A is 8000 bps Traffic within this restriction is transmitted normally When...

Страница 1640: ...source 1 1 1 2 0 RouterA acl basic 2002 quit Configure TP on the interface Ethernet1 1 to perform the corresponding traffic control on the different traffics received by the interface Ethernet1 1 Rou...

Страница 1641: ...f the rules in the class Traffic behaviors A traffic behavior is used to define QoS features for them Traffic behaviors include name of traffic behaviors and actions defined in a traffic behavior User...

Страница 1642: ...h match criteria command to define a class as needed gts Traffic filtering Users use the if match match criteria command to define a class as needed filter Traffic redirection Users use the if match m...

Страница 1643: ...c classifier test_class Configure classification rule Sysname classifier test_class if match ip precedence 6 Defining Traffic Behavior To define a traffic behavior you should first create a traffic be...

Страница 1644: ...y permit Configure traffic shaping action gts cir committed information rate cbs committed burst size ebs excess burst size queue length queue length Configure traffic redirection action redirect cpu...

Страница 1645: ...rks Enter system view system view Define the policy and enter the policy view qos policy policy name Required Specify the traffic behavior for the class in the policy classifier tcl name behavior beha...

Страница 1646: ...hernet1 0 2 Configuration procedure Enter system view Sysname system view Define a policy and enter policy view Sysname qos policy test_policy Specify the traffic behavior for the class Sysname qospol...

Страница 1647: ...configuration information of specified class of specified policy and behavior associated with these classes display qos policy system defined user defined policy name classifier tcl name Display polic...

Страница 1648: ...1648 CHAPTER 85 QOS POLICY CONFIGURATION...

Страница 1649: ...lgorithm and then it will send out them with a certain preference algorithm Each queuing algorithm is used to handle a particular network traffic problem and has great impacts on bandwidth resource as...

Страница 1650: ...ddle normal and bottom in descending order By default the data flow enters the normal queue During queues dispatching PQ strictly comply with the priority sequence from high to low and it will send pa...

Страница 1651: ...from No 1 16 user queues under the bandwidth occupying proportion set in advance are sent out In this way packets of different application can be assigned with different bandwidth Therefore it will n...

Страница 1652: ...ery traffic will be reduced on the whole Compared with FQ WFQ considers priority in addition when calculating the dispatching sequence of packets Statistically with WFQ high priority traffic takes pri...

Страница 1653: ...atency Queuing LLQ which strictly provides preferential services for voice packets and other delay sensitive data streams LLQ combines SP mechanism with CBQ The user can set a class to use SP service...

Страница 1654: ...vailable on the device Breaking through the single congestion management policy of FIFO for traditional IP equipment they provide strong QoS ability which meets the demands of different service qualit...

Страница 1655: ...rding to packets with different applications If packets of certain classes do not exist it can increase the bandwidth for existing packets Need to be configured low processing speed WFQ Configurable E...

Страница 1656: ...r the AF service and ensuring that the queue dispatching is performed according to a certain weight proportion among various AF services Capable of providing absolutely preferential queue dispatching...

Страница 1657: ...steps to configure PQ n Except for interfaces encapsulated with X 25 all physical interfaces can use PQ To do Use the command Remarks Enter system view system view Configure priority list qos pql pql...

Страница 1658: ...respectively RouterA acl number 2001 RouterA acl basic 2001 rule permit source 1 1 1 1 0 0 0 0 RouterA acl number 2002 RouterA acl basic 2002 rule permit source 1 1 1 2 0 0 0 0 Configure the priority...

Страница 1659: ...eue key key value queue queue number or qos cql cql index inbound interface interface type interface number queue queue number Optional Select custom queuing list configuration commands upon your requ...

Страница 1660: ...ply WFQ at the interface Serial1 0 set the queue length to 100 and set the total queue number to 512 Configuration procedure Enter system view Sysname system view Enter interface view Sysname interfac...

Страница 1661: ...ased pre defined class ef af1 af2 af3 af4 matching IP DSCP values of ef af1 af2 af3 af4 respectively 3 IP priority based pre defined class ip prec0 ip prec1 ip prec7 matching IP priorities of 0 1 and...

Страница 1662: ...n It is recommended that the maximum available bandwidth be smaller than the actual available bandwidth of physical interface or logical link Modification of the maximum available bandwidth may trigge...

Страница 1663: ...e classifier test if match ip precedence 6 Sysname classifier test Defining Traffic Behavior To define a traffic behavior you should first create a traffic behavior name and then configure attributes...

Страница 1664: ...the command Remarks Enter system view system view Define a traffic behavior and enter traffic behavior view traffic behavior behavior name Required behavior name Name of the traffic behavior It is not...

Страница 1665: ...avior view traffic behavior behavior name Required behavior name Name of the traffic behavior It is not allowed to pre define traffic behavior for the system Configure WFQ queue wfq queue number total...

Страница 1666: ...c behavior behavior name Required behavior name Name of the traffic behavior It is not allowed to pre define traffic behavior for the system Configure the drop type to be random drop wred dscp ip prec...

Страница 1667: ...bility of WRED IP precedence To do Use the command Remarks Enter system view system view Define a traffic behavior and enter traffic behavior view traffic behavior behavior name Required behavior name...

Страница 1668: ...name traffic behavior test Configure classification rule Sysname behavior test queue af bandwidth 200 Sysname behavior test Defining Policy The corresponding relationship between the classes and traff...

Страница 1669: ...behavior associated with these classes display qos policy system defined user defined policy name classifier tcl name Optional The display command can be executed in any view To do Use the command Re...

Страница 1670: ...rface meet the requirement of the policy configured with queue features Configuration example 1 Network requirement Configure a policy test and in the policy specify the traffic behavior for the data...

Страница 1671: ...ackets with their DSCP domain respectively being AF11 AF21 and EF RouterA traffic classifier af11_class RouterA classifier af11_class if match dscp af11 RouterA classifier af11_class quit RouterA traf...

Страница 1672: ...s in any view to display the running of the CBQ configuration and to verify the effect of the configuration Follow these steps to display and maintain CBQ Configuring RTP Priority Queuing Configuring...

Страница 1673: ...7 The RTP packets use 64 kbps bandwidth If network convergence happens the packets will enter RTP priority queue Sysname serial2 0 qos rtpq start port 16384 end port 32767 bandwidth 64 Token Function...

Страница 1674: ...QoS Token n After you configure this command on an interface you must perform shutdown and undo shutdown on the interface to have the function take effect So far this command is supported only by ser...

Страница 1675: ...t mode can be configured as required The packet priority mapping process on the router is shown in Figure 471 Figure 471 Priority mapping process when the port priority trust mode is supported The rou...

Страница 1676: ...ity Mapping Table The priority mapping table in the router can be modified as required Follow these steps to configure priority mapping table 1 Enter priority mapping table view 2 Configure mapping ta...

Страница 1677: ...cified dot1p lp mapping relationship Configuration procedure Enter system view Router system view Enter dot1p lp priority mapping table view Router qos map table dot1p lp Modify do1p lp mapping table...

Страница 1678: ...ocess on the device supporting configuration of port priority trust mode The port priority trust mode can be configured only on the Layer 2 port Users can select to trust the 802 1p priority to map pr...

Страница 1679: ...Follow these steps to display and maintain priority mapping To do Use the command Remarks Enter system view system view Enter interface view or port group view Enter Layer 2 port view interface interf...

Страница 1680: ...of packet Use the user defied mapping relationship as the mapping relationship as shown in the following table Network diagram Figure 472 Network diagram of priority trust mode Display port priority t...

Страница 1681: ...er Ethernet1 1 quit Configure Ethernet 1 2 to trust 802 1p priority Router interface ethernet 1 2 Router Ethernet1 2 qos trust dot1p Router Ethernet1 2 quit Configure Ethernet 1 3 to trust 802 1p prio...

Страница 1682: ...1 1 Router Ethernet1 1 qos priority 1 Router Ethernet1 1 quit Configure port priority for Ethernet 1 2 Router interface ethernet 1 2 Router Ethernet1 2 qos priority 3 Router Ethernet1 2 quit Configur...

Страница 1683: ...Traditional policy of dropping packets adopts the Tail Drop method When the amount of packets in a queue reaches a certain maximum value all newly arrived packets will be dropped This kind of droppin...

Страница 1684: ...es the average queue and maximum minimum limitations comparison to determine the dropping probability The average queue length is the result of low pass filtering of queue length The average queue len...

Страница 1685: ...he interface This configuration applies only to layer 2 interface cards having 16 or 24 interfaces WRED Parameters Pre define the parameters below before configuring WRED Maximum limitation and minimu...

Страница 1686: ...limit to 40 and drop precedence to 15 Set exponent for calculating average queue length to 6 Configuration procedure Enter system view Sysname system view To do Use the command Remarks Enter system v...

Страница 1687: ...s the packets belong to when congestion occurs The queue based WRED table can be applied only on Layer 2 port on which the queue based WRED table can be applied only One table can be applied on multip...

Страница 1688: ...rnet 1 0 Apply WRED table on the interface Sysname Ethernet1 0 qos wred apply queue table1 Enter interface view or port group view Enter interface view interface interface type interface number Use ei...

Страница 1689: ...s The TOS field in an IP packet is directly changed into the EXP field in an MPLS label when an MPLS label is encapsulated into an IP packet Any forwarding device can re assign a value to the EXP fiel...

Страница 1690: ...to be 5 Apply priority list 10 on the interface Ethernet1 0 Follow the steps below to perform configuration Sysname system view Sysname qos pql 10 protocol mpls exp 5 queue top Sysname interface Gigab...

Страница 1691: ...nfiguration procedure Follow these steps to configure MPLS QoS policy Configure CQL according to MPLS EXP value qos cql cql index protocol mpls exp exp value queue queue Required Enter interface view...

Страница 1692: ...outer P identify traffics according to their EXP domain value and configure traffic specific CBQs EXP1 traffics with 10 bandwidth EXP2 traffics with 20 bandwidth EXP3 traffics with 30 bandwidth and EX...

Страница 1693: ...classifier af31 PE1 classifier af31 if match dscp af31 PE1 classifier af31 traffic classifier efclass PE1 classifier efclass if match dscp ef PE1 classifier efclass quit Define four traffic behaviors...

Страница 1694: ...h the MPLS packets with EXP values being 1 2 3 and 4 P system view P traffic classifier EXP1 P classifier EXP1 if match mpls exp 1 P classifier EXP1 traffic classifier EXP2 P classifier EXP2 if match...

Страница 1695: ...P qospolicy QUEUE classifier EXP4 behavior EF P qospolicy QUEUE quit Apply the QoS policy on the outbound direction of the interface Serial 2 2 P interface serial 2 2 P Serial2 2 qos apply policy QUEU...

Страница 1696: ...1696 CHAPTER 89 MPLS QOS CONFIGURATION...

Страница 1697: ...based protocols This complements the disadvantage that the packets can only be classified in a simple way previously DAR recognizes different protocols in the following ways Protocols such as HTTP FT...

Страница 1698: ...m Corresponding protocols of protocol domain values in the IP datagram IP fragmentation format See Figure 477 for the 3 bit Flag structure of IP datagram Figure 477 3 bit Flag In which the later 2 bit...

Страница 1699: ...re 478 for the TCP packet format Figure 478 TCP packet format See the following table for the description of the 6 flag bits in the TCP header Description on the 6 flag bits in the TCP header TCP stat...

Страница 1700: ...or dynamic The interaction between static protocols uses fixed port number while the interaction between dynamic protocols uses the port number negotiated during the interaction process HTTP Packet Th...

Страница 1701: ...ies only one RTP packet See Figure 482 for RTP packet format Figure 482 RTP packet format The fields are described as follows V 2 bits version number P 1 bit padding flag X 1 bit packet header extensi...

Страница 1702: ...V 2 bits version number P 1 bit padding flag RC 5 bits the number of receiving report blocks in the RTCP packet PT 8 bits RTCP packet type flag it is 200 for the SR type RTCP packet length 16 bits len...

Страница 1703: ...2727 Napster TCP 6699 8875 8888 7777 6700 6666 6677 6688 4444 5555 NetBIOS TCP 137 138 139 NetBIOS UDP 137 138 139 Netshow TCP 1755 NFS TCP UDP 2049 NNTP TCP UDP 119 Notes TCP UDP 1352 Novadign TCP UD...

Страница 1704: ...Sunrpc TCP UDP 111 Syslog UDP 514 Telnet TCP 23 Tftp UDP 69 Vdolive TCP 7000 Winmx TCP 6699 X Windows TCP 6000 6003 Protocol name Protocol type Port number To do Use the command Remarks Enter system v...

Страница 1705: ...kes effect Configuring Port Number of DAR Application Protocol The system pre defines large number of protocols and port numbers for their use The protocols include some known protocols and 10 user de...

Страница 1706: ...le by DAR Displaying and Maintaining DAR After the about mentioned configuration you can use the display command in any view to view the DAR running information so as to verify configuration result Ex...

Страница 1707: ...r classsample quit Apply the BT matching rules to a policy Router qos policy policysample Router qospolicy policysample classifier classsample behavior 1 Router qospolicy policysample quit Apply the p...

Страница 1708: ...1708 CHAPTER 90 DAR CONFIGURATION...

Страница 1709: ...ore the Frame Relay QoS can provide more flexible quality services for users Figure 486 Frame Relay QoS application n For detailed information on Frame Relay refer to Frame Relay Configuration on page...

Страница 1710: ...o the Frame Relay network and thereby resulting in the congestion that prevents the data from normal transmitting If the Frame Relay traffic shaping is applied on the egress interface Serial 2 0 on Ro...

Страница 1711: ...e of some type of packets Tokens are in the unit of bit Following are the meanings of the FR protocol provisioned parameters when they are applied in the FRTS implementation The sum of CBS and EBS equ...

Страница 1712: ...given Tc 20 ms and CIR 64000 bps only 1280 bits 0 02 64000 bits of tokens can be put into the token bucket within each Tc Therefore to send an 800 byte packet the device needs to add tokens for five t...

Страница 1713: ...e on a device It can monitor the traffic transmitted from the DTE side When the traffic size is smaller than CBS the packets can be normally transmitted and the device will not process the packets Whe...

Страница 1714: ...the Frame Relay interface queue Frame Relay PVC queues may be defined without Frame Relay traffic shaping is enabled but it will only be functional after the traffic shaping is enabled Their relations...

Страница 1715: ...marked with the DE flag bit 1 will be discarded As for the forward packets to be forwarded the device will set the FECN flag bit in the Frame Relay packet headers to 1 As for the backward packets on t...

Страница 1716: ...rch for the corresponding Frame Relay class in the following sequence 1 Use the Frame Relay class associated with the Frame Relay PVC 2 Use the Frame Relay class of the Frame Relay main interface to w...

Страница 1717: ...class name Associate a Frame Relay class with a Frame Relay PVC Enter Frame Relay interface view interface interface type interface number Enter FR PVC view fr dlci dlci Associate a Frame Relay class...

Страница 1718: ...CE side on a Frame Relay network The commands cbs ebs and cir allow can be used to set the inbound and outbound parameters on a PVC However only the inbound parameters are valid for the Frame Relay tr...

Страница 1719: ...ed on a Frame Relay interface the queuing type on the interface can only be either FIFO or PVC PQ Configuring the congestion management policy on Frame Relay PVC Follow these steps to configure the co...

Страница 1720: ...eated Configure a IP protocol based DE rule list fr del list number protocol ip acl acl number fragments greater than bytes less than bytes tcp ports udp ports Enter synchronous interface view interfa...

Страница 1721: ...PQ Follow these steps to configure PVC PQ Configuring Frame Relay Fragmentation The system supports end to end fragmentation of FRF 12 developed by Frame Relay Forum On low speed frame relay lines big...

Страница 1722: ...verify the effect of the configuration Follow these steps to display and maintain Frame Relay QoS To do Use the command Remarks Enter system view system view Enter Frame Relay class view fr class clas...

Страница 1723: ...ority Router system view Router acl number 2001 Router acl basic 2001 rule permit source 10 0 0 0 0 0 255 255 255 Router acl basic 2001 quit Router qos pql 1 protocol ip acl 2001 queue top Create the...

Страница 1724: ...test1 cir allow 64000 RouterA fr class test1 cbs 64000 RouterA fr class test1 cir 64000 RouterA fr class test1 fragment 80 RouterA fr class test1 quit Configure the interface Serial 2 0 RouterA inter...

Страница 1725: ...packet DSCP For other packets on Router B use WFQ algorithm and apply corresponding WRED policy Network diagram Figure 497 Network diagram for Frame Relay WRED configuration Configuration procedure 1...

Страница 1726: ...tor or RouterB classifier af11_31 if match dscp af11 RouterB classifier af11_31 if match dscp af31 RouterB classifier af11_31 quit Define a traffic behavior for AF queue RouterB traffic behavior afwre...

Страница 1727: ...lass frclass quit Perform FR related configuration on Serial 2 2 interface RouterB interface serial 2 2 RouterB Serial2 2 link protocol fr RouterB Serial2 2 ip address 192 168 1 2 255 255 255 0 Router...

Страница 1728: ...1728 CHAPTER 91 FRAME RELAY QOS CONFIGURATION...

Страница 1729: ...es and controls accessing devices at the level of port A device connected to an 802 1x enabled port of an access control device can access the resources on the LAN only after passing authentication To...

Страница 1730: ...tity PAE refers to the entity that performs the 802 1x algorithm and protocol operations The authenticator PAE uses the authentication server to authenticate a supplicant trying to access the LAN and...

Страница 1731: ...ticator PAE EAP protocol packets are encapsulated by using EAP Encapsulation over LANs and transferred over the LAN Between the authenticator PAE and authentication server EAP protocol packets can be...

Страница 1732: ...tion EAP Packet a value of 0x00 Frame for carrying authentication information present between an authenticator system and the authentication server A frame of this type is repackaged and transferred b...

Страница 1733: ...of the EAP packet including the Code Identifier Length and Data fields in bytes Data Content of the EAP packet This field is zero or more bytes and its format is determined by the Code field EAP Enca...

Страница 1734: ...such as RADIUS so that they can go through complex networks and reach the authentication server Generally EAP relay requires that the RADIUS server support the EAP attributes of EAP Message and Messa...

Страница 1735: ...Request packet the RADIUS server compares the identify information against its user information table to obtain the corresponding password information Then it encrypts the password information using...

Страница 1736: ...ds handshake requests to the supplicant to check whether the supplicant is still online By default if two consecutive handshake attempts end up with failure the authenticator concludes that the suppli...

Страница 1737: ...mer tx period This timer is used in two cases one is when an authenticator retransmits an EAP Request Identity frame and the other is when an authenticator multicasts an EAP Request Identity frame Onc...

Страница 1738: ...the same physical port Supporting two authentication methods portbased and macbased With the portbased method after the first user of a port passes authentication all other users of the port can acces...

Страница 1739: ...tion the port leaves the guest VLAN and the supplicant can access other network resources A user of the guest VLAN can perform operations such as downloading and upgrading the authentication client so...

Страница 1740: ...n page 1769 Configuring 802 1x Globally Follow these steps to configure 802 1x globally To do Use the command Remarks Enter system view system view Enable 802 1x globally dot1x Required Disabled by de...

Страница 1741: ...enable 802 1x for a port Configuring 802 1x parameters for a port Follow these steps to configure 802 1x parameters for a port Set timers dot1x timer handshake period handshake period value quiet peri...

Страница 1742: ...e 802 1x user information in the EAP attributes of RADIUS packets and sends the packets to the RADIUS server for authentication In this case you can configure the user name format command but it does...

Страница 1743: ...st VLAN But different ports can have different guest VLANs The guest VLAN takes effect only when the port access control method is set to portbased If the port access control method is macbased the gu...

Страница 1744: ...e router to try up to five times at an interval of 5 seconds in transmitting a packet to the RADIUS server until it receives a response from the server and to send real time accounting packets to the...

Страница 1745: ...e radius radius1 secondary accounting 10 1 1 1 Specify the shared key for the router to exchange packets with the authentication server Sysname radius radius1 key authentication name Specify the share...

Страница 1746: ...the default domain Sysname domain default enable aabbcc net Enable 802 1x globally Sysname system view Sysname dot1x Enable 802 1x for port Ethernet 1 1 Sysname interface ethernet 1 1 Sysname Ethernet...

Страница 1747: ...work diagram for guest VLAN configuration Figure 509 Network diagram with VLAN10 as the guest VLAN Internet Update server Authenticator server Supplicant VLAN 10 Eth1 0 VLAN 1 Eth1 1 VLAN 5 Eth1 2 VLA...

Страница 1748: ...use RADIUS scheme 2000 for users of the domain Sysname domaim system Sysname isp system authentication default radius scheme 2000 Sysname isp system authorization default radius scheme 2000 Sysname i...

Страница 1749: ...x guest vlan 10 interface ethernet 1 1 You can use the display current configuration or display interface ethernet 1 1 command to view your configuration You can also use the display vlan 10 command i...

Страница 1750: ...1750 CHAPTER 92 802 1X CONFIGURATION...

Страница 1751: ...on to RADIUS on page 1753 Introduction to HWTACACS on page 1757 Introduction to AAA Authentication authorization and accounting AAA provides a uniform framework for configuring these three security fu...

Страница 1752: ...ing the number of local user connections and collecting statistics on number of users it does not provide statistics on the charges of users Note that the controlling of the local user connections doe...

Страница 1753: ...d throughout the network In the client server model of RADIUS the client a device passes user information to the designated RADIUS server and acts on the response of the server such as connecting disc...

Страница 1754: ...d authentication result If it accepts the user it sends an accounting start request Accounting Request to the RADIUS server with the value of Status Type being start 5 The RADIUS server returns a star...

Страница 1755: ...Main values of the Code field Code Packet type Description 1 Access Request From the client to the server A packet of this type carries user information for the server to authenticate the user It must...

Страница 1756: ...ide Figure 514 illustrates a segment of a RADIUS packet containing an extended attribute The four byte field Vendor ID indicates the ID of the vendor Its highest byte is 0 and the other three bytes co...

Страница 1757: ...ice for operations Working as the HWTACACS client the device sends the username and password to the HWTACACS server for authentication After passing authentication and being authorized the user can lo...

Страница 1758: ...lication Basic message exchange process of HWTACACS The following takes Telnet user as an example to describe how HWTACACS performs user authentication authorization and accounting Figure 516 illustra...

Страница 1759: ...or the login password 5 After receiving the login password the HWTACACS client sends to the HWTACACS server an authentication continuance packet carrying the login password U ser H W TAC AC S cl i ent...

Страница 1760: ...AAA RADIUS HWTAC ACS Configuration Task List AAA configuration task list RADIUS configuration task list Task Remarks Creating an ISP Domain on page 1761 Required Configuring ISP Domain Attributes on...

Страница 1761: ...For HWTACACS scheme configuration refer to Configuring HWTACACS on page 1777 Creating an ISP Domain For the NAS each accessing user belongs to an ISP domain Up to 16 ISP domains can be configured on...

Страница 1762: ...To do Use the command Remarks Enter system view system view Create an ISP domain and enter ISP domain view domain isp name Required Return to system view quit Specify the default ISP domain domain def...

Страница 1763: ...ate an ISP domain and enter ISP domain view domain isp name Required Specify the default authentication scheme for all types of users authentication default hwtacacs scheme hwtacacs scheme name local...

Страница 1764: ...iguration is optional in AAA configuration If you do not perform any authorization configuration the system default domain uses the local authorization scheme With the authorization scheme of none the...

Страница 1765: ...or all types of users authorization default hwtacacs scheme hwtacacs scheme name local local none radius scheme radius scheme name local Optional local by default Specify the authorization scheme for...

Страница 1766: ...and service type limiting the accounting protocols that can be used for access 3 Determine whether to configure an accounting scheme for all access modes or service types Follow these steps to config...

Страница 1767: ...hentication you must create a local user and configure the attributes A local user represents a set of users configured on a device which are uniquely identified by the username For a user requesting...

Страница 1768: ...r to use the FTP service service type ftp Optional By default no service is authorized to a user and anonymous access to FTP service is not allowed If you authorize a user to use the FTP service the u...

Страница 1769: ...red scheme by scheme After creating a RADIUS scheme you need to configure the IP addresses and UDP ports of the RADIUS servers for the scheme The servers include authentication authorization servers a...

Страница 1770: ...dius scheme name Optional By default no RADIUS scheme is created To do Use the command Remarks To do Use the command Remarks Enter system view system view Create a RADIUS scheme and enter RADIUS schem...

Страница 1771: ...s on FTP users Setting the Shared Key for RADIUS Packets The RADIUS client and RADIUS server use the MD5 algorithm to encrypt packets exchanged between them and a shared key to verify the packets Only...

Страница 1772: ...Type Follow these steps to set the supported RADIUS server type n If you change the type of RADIUS server the data stream destined to the original RADIUS server will be restored to the default unit W...

Страница 1773: ...te so that the secondary server can perform authentication If the secondary server is still in the blocked state the primary secondary switchover cannot take place If one server is in the active state...

Страница 1774: ...unity to obtain the RADIUS service The NAS uses the RADIUS server response timeout timer to control the transmission interval Primary server quiet timer timer quiet If the primary server is not reacha...

Страница 1775: ...ximum number of retransmission attempts of RADIUS packets refer to the command retry in the command manual Configuring RADIUS Accounting on With the accounting on function enabled a device sends whene...

Страница 1776: ...curity policy server The specified security policy server must be a security policy server or RADIUS server that is correctly configured and working normally Otherwise the device will regard it as an...

Страница 1777: ...the command Remarks Enter system view system view Enable the listening port of the RADIUS client radius client enable Optional Enabled by default To do Use the command Remarks Enter system view syste...

Страница 1778: ...d The defaults are as follows 0 0 0 0 for the IP address and 49 for the TCP port Configure the IP address and port of the secondary HWTACACS authorization server secondary authorization ip address por...

Страница 1779: ...and To do Use the command Remarks Enter system view system view Create a HWTACACS scheme and enter HWTACACS scheme view hwtacacs scheme hwtacacs scheme name Required By default no HWTACACS scheme is c...

Страница 1780: ...cheme hwtacacs scheme name Required By default no HWTACACS scheme is created Set the TACACS server response timeout timer timer response timeout seconds Optional 5 seconds by default Set the quiet tim...

Страница 1781: ...nses display stop accounting buffer radius scheme radius server name session id session id time range start time stop time user name user name Available in any view Clear RADIUS statistics reset radiu...

Страница 1782: ...ormat Network diagram Figure 517 Configure AAA for Telnet users by a RADIUS server Configuration procedure Configure the IP addresses of various interfaces omitted Enable the Telnet server on the rout...

Страница 1783: ...ain 1 Router isp 1 authentication default radius scheme rad Router isp 1 authorization default radius scheme rad Router isp 1 accounting default radius scheme rad AAA for FTP Telnet Users by the Devic...

Страница 1784: ...cation default local Router isp system authorization default local Router isp system accounting default local A user telnetting into the router can use the user name of userid system for local authent...

Страница 1785: ...scheme hwtac Router isp 1 authorization ppp hwtacacs scheme hwtac Router isp 1 accounting ppp hwtacacs scheme hwtac Router isp 1 ip pool 1 200 1 1 1 200 1 1 99 Router isp 1 quit Configure the default...

Страница 1786: ...serid isp name format and a default ISP domain is specified on the NAS 3 The user is configured on the RADIUS server 4 The password entered by the user is correct 5 The same shared key is configured o...

Страница 1787: ...correct on the NAS For example one server is configured on the NAS to provide all the services of authentication authorization and accounting but in fact the services are provided by different server...

Страница 1788: ...1788 CHAPTER 93 AAA RADIUS HWTACACS CONFIGURATION...

Страница 1789: ...ed by the firewall even if such an access is initiated by a user within the internal network Presently firewalls on the device mainly perform packet filtering based on the following Access control lis...

Страница 1790: ...protocols such as FTP and H 323 some security policy configurations are unpredictable A packet filter firewall alone cannot detect some attracts from the transport layer and application layer such as...

Страница 1791: ...ides some mechanisms for you to maintain and use the configuration information of the user defined ports PAM supports two types of port mapping mechanisms general port mapping and basic ACL based host...

Страница 1792: ...a user initiates a connection as a result the connection setup would fail After application protocol detection is enabled on the device the ASPF can detect each application layer session and create a...

Страница 1793: ...CL for the corresponding protocol 5 The status table and TACL are deleted when the FTP connection is removed The detection process for a single channel protocol such as SMTP and HTTP is relatively sim...

Страница 1794: ...esource consumption If exact match is not required you can disable fragments inspection to improve system performance and reduce system overhead 1 Enable the IPv4 fragment inspection function Task Rem...

Страница 1795: ...range based filtering will also work at the same time In addition you can specify separate access rules for inbound and outbound packets The effective range for basic ACL numbers is 2000 to 2999 A bas...

Страница 1796: ...ng on an interface firewall packet filter acl number name acl name inbound outbound match fragments normally exactly Required IPv4 packets are not filtered by default To do Use the command Remarks Ent...

Страница 1797: ...d only specific host on the internal network are permitted to access external networks Assume that the IP address of a specific external user is 20 3 3 3 Network diagram Figure 522 Network diagram for...

Страница 1798: ...acl adv 3002 rule permit tcp destination 20 1 1 1 0 destina tion port gt 1024 Router acl adv 3002 rule deny ip Apply ACL 3001 to packets that come in through Ethernet 1 0 Router acl adv 3002 quit Rou...

Страница 1799: ...ork from the Internet will be denied Yet the response packet can pass ASPF when internal network users access the Internet To monitor the traffic through an interface you must apply the configured ASP...

Страница 1800: ...at all TCP packets using port 8080 sent to the network segment 10 110 0 0 are regarded as HTTP packets The address range of hosts can be specified by means of a basic ACL Follow these steps to configu...

Страница 1801: ...irewall function on Router A RouterA system view RouterA firewall enable Configure ACL 3111 to prohibit all IP packets from entering into the internal network The ASPF will create a TACL for packets p...

Страница 1802: ...TP and HTTP and set the idle timeout value for the two protocols to 3 000 seconds RouterA aspf policy 1 RouterA aspf policy 1 detect ftp aging time 3000 RouterA aspf policy 1 detect http java blocking...

Страница 1803: ...ername or password to be provided during authentication Currently the device supports two MAC authentication modes Remote Authentication Dial In User Service RADIUS based MAC authentication and local...

Страница 1804: ...gone offline Once detecting that a user becomes offline the device sends to the RADIUS server a stop accounting notice Quiet timer Whenever a user fails MAC authentication the device does not initiate...

Страница 1805: ...hentication globally mac authentication Required Disabled by default Enable MAC authentication for specified ports mac authentication interface interface list Required Disabled by default interface in...

Страница 1806: ...access to the Internet All users belong to domain aabbcc net A local user uses aaa as the username and 123456 as the password for authentication Set the offline detect timer to 180 seconds and the qui...

Страница 1807: ...n command to verify your configuration Display global MAC authentication information Device display mac authentication MAC address authentication is Enabled User name format is fixed account Fixed use...

Страница 1808: ...ice radius 2000 key accounting abc Device radius 2000 user name format without domain Device radius 2000 quit Configure an AAA scheme for ISP domain 2000 Device domain 2000 Device isp 2000 authenticat...

Страница 1809: ...tication is Enabled User name format is fixed account Fixed username aaa Fixed password 123456 Offline detect period is 180s Quiet period is 60s Server response timeout value is 100s The max allowed u...

Страница 1810: ...1810 CHAPTER 95 MAC AUTHENTICATION CONFIGURATION...

Страница 1811: ...private network users to access public networks This way of using a smaller number of public IP addresses to represent a larger number of private IP addresses can effectively alleviate the depletion o...

Страница 1812: ...nd is unaware of the private address 192 168 1 3 As such NAT hides the private network from the external networks Despite the advantage of allowing internal hosts to access external resources and prov...

Страница 1813: ...ined based on the statistics on the number of the hosts that might access external networks during peak time In practice an enterprise may need to allow some internal hosts to access external networks...

Страница 1814: ...an external user accesses an internal server NAT translates the destination address in the request packet to the private IP address of the internal server When the internal server returns a packet NAT...

Страница 1815: ...can also apply to internal servers so that external users can access an internal host of an MPLS VPN For example in MPLS VPN1 the host that provides WWW service has an internal address 10 110 1 1 The...

Страница 1816: ...ackets can be translated directly according to this mapping entry For details about ACL refer to Configuring ACLs on page 1881 The configuration for different forms of address translation varies somew...

Страница 1817: ...interface interface type interface number Enable Easy IP by associating the ACL with the interface IP address nat outbound acl number Required To do Use the command Remarks Enter system view system vi...

Страница 1818: ...ay during the IP address translation NAT log contains such information as the packet s source IP address source port address destination IP address destination port address translated source IP addres...

Страница 1819: ...28 The UDP packets may come in several versions each with different packet formats Only version 1 is used presently A UDP packet is composed of a header and several NAT logs Figure 528 Export NAT logs...

Страница 1820: ...with different packet formats However the device supports only version 1 currently Follow these steps to configure a NAT log server n The IP address of the NAT log server must be a valid unicast addre...

Страница 1821: ...g connection limit policy Follow these steps to configure a connection limit policy To do Use the command Remarks Enter system view system view Enable connection limit function connection limit enable...

Страница 1822: ...p Available in any view Display the aging time for address translation display nat aging time Available in any view Display configurations about all forms of NAT display nat all Available in any view...

Страница 1823: ...ess the Internet while users in other network segments cannot External PCs can access an internal server The company has 6 legal IP addresses ranging from 202 38 160 100 24 to 202 38 160 105 24 Addres...

Страница 1824: ...0 Router Serial1 0 nat outbound 2001 address group 1 Configure the internal FTP server Router Serial1 0 nat server protocol tcp global 202 38 160 100 ins ide 10 110 10 1 ftp Configure the internal WW...

Страница 1825: ...NAT logs Configurations regarding the IP addresses of the devices and NAT function are omitted here Specify to export the NAT logs of Device A to the information center DeviceA system view DeviceA us...

Страница 1826: ...Source IP address and port number before translation 1 1 1 1 12288 Source IP address and port number after translation 2 2 2 2 768 Destination IP address and port number 2005 07 07 04 20 03 2005 07 0...

Страница 1827: ...te the problem based on the debugging display Use other commands if necessary to further identify the problem Pay special attention to the source address after the address translation and ensure that...

Страница 1828: ...28 CHAPTER 96 NAT CONFIGURATION denied external access to the internal network You can use the display acl command to verify this For details about firewall refer to Firewall Configuration on page 178...

Страница 1829: ...d by a certificate authority CA that contains a public key and the related user identity information A simplest digital certificate contains a public key an entity name and a digital signature from th...

Страница 1830: ...PKI architecture Entity An entity is an end user of PKI products or services like a person an organization a device for instance a router or a switch or a progress running on a computer CA A CA is a...

Страница 1831: ...ws for transfer of encrypted mails and mails with signature Web security For Web security two peers can establish a secure sockets layer SSL connection first for transparent and secure communications...

Страница 1832: ...om a domain name IP address of the entity Locality where the entity resides Organization to which the entity belongs Unit of the entity in the organization State where the entity resides n The configu...

Страница 1833: ...an entity to provide its identity information to a CA Create an entity and enter its view pki entity entity name Required No entity exists by default Configure the common name for the entity common n...

Страница 1834: ...riodically to get the certificate as soon as possible after the certificate is signed You can configure the polling interval and count to query the request status IP address of the LDAP server An LDAP...

Страница 1835: ...Follow these steps to configure an entity to submit a certificate request in auto mode Specify the authority for certificate request certificate request from ca ra Required No authority is specified...

Страница 1836: ...whether you want to overwrite the existing one If a PKI domain has already a local certificate you cannot request another certificate for it This is to avoid inconsistency between the certificate and...

Страница 1837: ...e and enrollment information due to related configuration changes To retrieve a new CA certificate use the pki delete certificate command to delete the existing CA certificate and local certificate fi...

Страница 1838: ...pki domain domain name Specify the URL of the CRL distribution point crl url url string Optional No CRL distribution point URL is specified by default Set the CRL update period crl update period hours...

Страница 1839: ...quired To do Use the command Remarks Enter system view system view Delete certificates pki delete certificate ca local domain domain name Required To do Use the command Remarks Enter system view syste...

Страница 1840: ...n this configuration example Network requirements The device submits a local certificate request to the CA server The device acquires CRLs for certificate validation Network diagram Figure 533 Diagram...

Страница 1841: ...mpleting the above configuration you need to perform CRL related configurations In this example select the local CRL publishing mode of HTTP and set the HTTP URL to http 4 4 4 133 447 myca crl After t...

Страница 1842: ...modulus default 1024 Generating keys 4 Apply for a certificate Retrieve the CA certificate and save it locally Router pki retrieval certificate ca domain torsa Retrieving CA RA certificates Please wai...

Страница 1843: ...A5155649 E583AC61 D3A5C849 CBDE350D 2A1926B7 0AE5EF5E D1D8B08A DBF16205 7C2A4011 05F11094 73EB0549 A65D9E74 0F2953F2 D4F0042F 19103439 3D4F9359 88FB59F3 8D4B2F6C 2B Exponent 65537 0x10001 X509v3 exte...

Страница 1844: ...me CA as required Network diagram Figure 534 Diagram for applying RSA digital signature in IKE negotiation Configuration procedure 1 Configure Router A Configure the entity name space RouterA system v...

Страница 1845: ...al crl domain 1 RouterA pki request certificate domain 1 Configure IKE proposal 1 using RSA signature for identity authentication RouterA ike proposal 1 RouterA ike proposal 1 authentication method rs...

Страница 1846: ...RouterB ike proposal 1 authentication method rsa signature RouterB ike proposal 1 quit Specify the PKI domain for the IKE peer RouterB ike peer peer RouterB ike peer peer certificate domain 1 n The ab...

Страница 1847: ...Create certificate attribute group mygroup1 and add two attribute rules The first rule defines that the DN of the subject name includes the string aabbcc and the second rule defines that the IP addres...

Страница 1848: ...based access control policy of myacp to HTTPS service Router ip https certificate access control policy myacp Enable HTTPS service Router ip https enable Troubleshooting PKI Failed to Retrieve a CA C...

Страница 1849: ...e a CA certificate Regenerate a key pair Specify a trusted CA Use the ping command to check that the RA server is reachable Configure the RA for certificate request Configure the required entity name...

Страница 1850: ...1850 CHAPTER 97 PKI CONFIGURATION...

Страница 1851: ...access the Internet the user must pass portal authentication on the portal website A user can access a known portal website enter username and password for authentication This authentication mode is c...

Страница 1852: ...unning the hypertext transfer protocol HTTP or the secure HTTP HTTPS protocol or running portal client software For portal authentication an authentication client refers to a host running portal clien...

Страница 1853: ...nauthenticated user enters a website address in the address bar of the IE to access the Internet there are two cases For portal authentication an HTTP request is created and sent to the access device...

Страница 1854: ...ough DHCP and can only access the portal server and predefined free websites After passing authentication the user is assigned a public IP address so that he or she can access the Internet No public I...

Страница 1855: ...is as follows 1 A portal user initiates an authentication request through HTTP When HTTP packets arrive at the access device the access device allows those destined for the portal server or predefined...

Страница 1856: ...ce to control user access Re DHCP authentication process Figure 538 Re DHCP authentication process For portal authentication the re DHCP authentication process is as follows Step 1 through step 6 are...

Страница 1857: ...feature provides a solution for user authentication and security authentication However the portal feature cannot implement this solution by itself Currently RADIUS authentication is required to coope...

Страница 1858: ...exist Only Layer 3 authentication mode is applicable for the applications which support portal authentication in the presence of Layer 3 forwarding devices However Layer 3 authentication does not requ...

Страница 1859: ...et in the re DHCP authentication mode is the private subnet determined by the private IP address of the interface Forcing a User to Log Out By forcing a user with the specified IP address to log out y...

Страница 1860: ...able in any view Display the portal connection statistics on the specified interface or all interfaces display portal connection statistics all interface interface type interface number Available in a...

Страница 1861: ...s before the portal feature is enabled Configure the access device 1 Configure a RADIUS scheme Create a RADIUS scheme named rs1 and enter its view Router system view Router radius scheme rs1 Set the s...

Страница 1862: ...isp dm1 accounting portal radius scheme rs1 Router isp dm1 quit Configure dm1 as the default ISP domain where all access users share the default authentication and accounting modes Router domain defau...

Страница 1863: ...o DHCP Overview on page 565 In the re DHCP authentication the access device must be configured as a DHCP relay agent instead of a DHCP server and the portal enabled interface must be configured with a...

Страница 1864: ...p service type normal Router Ethernet1 0 quit Configure the IP address of the interface which communicates with the portal server Router interface ethernet 1 1 Router Ethernet1 1 ip address 192 168 0...

Страница 1865: ...Router Ethernet1 0 ip address 20 20 20 1 255 255 255 0 Router Ethernet1 0 portal server newpt method layer3 service type normal Router Ethernet1 0 quit Configure the IP address of the interface which...

Страница 1866: ...he primary accounting server and the keys for both servers to communicate Router radius rs1 primary authentication 192 168 0 112 Router radius rs1 primary accounting 192 168 0 112 Router radius rs1 ke...

Страница 1867: ...0 111 key portal port 50100 url http 192 168 0 111 portal Enable portal authentication on the interface connected to the host Router interface ethernet 1 0 Router Ethernet1 0 ip address 2 2 2 1 255 2...

Страница 1868: ...rivate IP address IP addresses are configured for devices as required and routes are available between devices before the portal feature is enabled The following only describes the configurations rela...

Страница 1869: ...hernet 1 1 Router Ethernet1 1 ip address 192 168 0 100 255 255 255 0 Router Ethernet1 1 quit Layer 3 Portal Layer 3 Authentication Configuration Examples Network requirements Router A enables the port...

Страница 1870: ...ip address 20 20 20 1 255 255 255 0 RouterA Ethernet1 0 portal server newpt method layer3 service type plus RouterA Ethernet1 0 quit Configure the IP address of the interface which communicates with...

Страница 1871: ...50100 However if the listening port configured on the access device is not 50100 the destination port of the REQ_LOGOUT message is not the actual listening port on the server Thus the portal server ca...

Страница 1872: ...1872 CHAPTER 98 PORTAL CONFIGURATION...

Страница 1873: ...ication RSH daemon supports authentication of an RSH client by the username You can enable or disable RSH daemon using the service component on Windows NT 2000 XP 2003 Configuring RSH Configuration Pr...

Страница 1874: ...ined and installed separately on the remote host Network diagram Figure 546 Network diagram for RSH configuration Configuration Procedure On the remote host check that the RSH daemon has been installe...

Страница 1875: ...Look at the Status column to check whether the Remote Shell Daemon service is started In this example the service is not started yet 5 Double click on the service row and in the popup Remote Shell Dae...

Страница 1876: ...the route to the remote host The configuration procedure is omitted Set the time of the host remotely Router rsh 192 168 1 10 command time Trying 192 168 1 10 Press CTRL K to abort The current time i...

Страница 1877: ...packets before transmitting them over the Internet Data integrity The receiver verifies the packets received from the sender to ensure they are not tampered during transmission Data origin authentica...

Страница 1878: ...is a combination of such communication aspects as the protocol s AH ESP or both encapsulation mode transport mode or tunnel mode encryption algorithm DES 3DES or AES shared key used for protection of...

Страница 1879: ...nted through hash functions A hash function takes a message of arbitrary length and generates a message digest of fixed length IPSec peers calculate the message digests respectively If the resulting d...

Страница 1880: ...ists of one or more sets of SAs Encryption Card IPSec can either be implemented through software or an encryption card When implemented through software encryption decryption and authentication algori...

Страница 1881: ...to Configuring ACLs on page 1881 IPSec protects only data flows permitted by the ACLs So it is recommended to configure the ACLs accurately that is permit only data flows requiring IPSec protection an...

Страница 1882: ...flows An IPSec policy is uniquely identified by its name and sequence number IPSec policies fall into two categories manual IPSec policy and IKE dependent negotiated IPSec policy The former requires t...

Страница 1883: ...must match those of the inbound SA at the remote end Both ends of an IPSec tunnel must be configured with the same key in the same format Following these steps to configure an IPSec policy manually To...

Страница 1884: ...pecified in the IPSec policy template must match those of the remote end while the parameters not defined in the template are determined by the initiator Configuration prerequisites Configure the IKE...

Страница 1885: ...roposal Specify the IKE peers for the IPSec policy to reference ike peer peer name Required Enable and configure the perfect forward secrecy feature for the IPSec policy pfs dh group1 dh group2 dh gro...

Страница 1886: ...is not configured with a lifetime in IPSec policy view When negotiating to set up SAs IKE uses the smaller one between the lifetime set locally and the lifetime proposed by the peer Specify the IPSec...

Страница 1887: ...policy can be applied to more than one interface while a manual IPSec policy can be applied to only one interface Binding an IPSec Policy Group to an Encryption Card To provide data authentication en...

Страница 1888: ...the case for the IPSec module backup function In this case the matched packets are discarded unless you manually remove the binding for the encryption card If no encryption card is bound there are als...

Страница 1889: ...group or policy at the interface and then the matched tunnel The session processing mechanism of IPSec saves intermediate matching procedures and there improves IPSec forwarding efficiency Follow the...

Страница 1890: ...ilable in any view Display IPSec policy template information display ipsec policy template brief name template name seq number Available in any view Display IPSec proposal information display ipsec pr...

Страница 1891: ...tatic 10 1 2 0 255 255 255 0 serial 2 1 Create an IPSec proposal named tran1 RouterA ipsec proposal tran1 Specify the encapsulation mode as tunnel RouterA ipsec proposal tran1 encapsulation mode tunne...

Страница 1892: ...inbound esp gfedcba RouterA ipsec policy manual map1 10 quit Configure the IP address of the serial interface RouterA interface serial 2 1 RouterA Serial2 1 ip address 2 2 2 1 255 255 255 0 Apply the...

Страница 1893: ...s RouterB ipsec policy manual use1 10 sa spi outbound esp 54321 RouterB ipsec policy manual use1 10 sa spi inbound esp 12345 Configure the keys RouterB ipsec policy manual use1 10 sa string key outbou...

Страница 1894: ...atic route to Host B RouterA ip route static 10 1 2 0 255 255 255 0 serial 2 1 Create an IPSec proposal named tran1 RouterA ipsec proposal tran1 Specify the encapsulation mode as tunnel RouterA ipsec...

Страница 1895: ...source 10 1 2 0 0 0 0 255 dest ination 10 1 1 0 0 0 0 255 RouterB acl adv 3101 rule deny ip source any destination any RouterB acl adv 3101 quit Configure a static route to Host A RouterB ip route st...

Страница 1896: ...terface RouterB Serial2 2 ipsec policy use1 After above configuration IKE negotiation will be triggered to set up SAs when there is any traffic between subnet 10 1 1 0 24 and subnet 10 1 2 0 24 If IKE...

Страница 1897: ...st B RouterA ip route static 10 1 2 0 255 255 255 0 serial 2 1 Create an IPSec proposal named tran1 RouterA ipsec proposal tran1 Specify the encapsulation mode as tunnel RouterA ipsec proposal tran1 e...

Страница 1898: ...he IPSec policy group to the interface RouterA Serial2 1 ipsec policy map1 RouterA Serial2 1 quit Enter encryption card interface view RouterA interface encrypt 5 1 Bind the IPSec policy to the card a...

Страница 1899: ...g to use the IKE negotiation mode RouterB ipsec policy use1 10 isakmp Apply the ACL RouterB ipsec policy isakmp use1 10 security acl 3101 Apply the proposal RouterB ipsec policy isakmp use1 10 proposa...

Страница 1900: ...n IKE negotiation will be triggered to set up SAs when there is any traffic between subnet 10 1 1 0 24 and subnet 10 1 2 0 24 If IKE negotiation succeeds and SAs are set up the traffic between the two...

Страница 1901: ...a series of data This disables a third party from decrypting the keys even if the third party captured all exchanged data that is used to calculate the keys The section covers these topics Security M...

Страница 1902: ...Phase 2 Using the ISAKMP SA established in phase 1 the two peers negotiate to establish IPSec SAs Figure 553 IKE exchange process As shown in Figure 553 the main mode of IKE negotiation in phase 1 in...

Страница 1903: ...ationship between IKE and IPSec Relationship between IKE and IPSec IKE is an application layer protocol using UDP and functions as the signaling protocol of IPSec IKE negotiates SAs SA for IPSec and d...

Страница 1904: ...IKE negotiation Two matching IKE proposals have the same encryption algorithm authentication method authentication algorithm and DH group The initiator determines the SA lifetime The matching IKE pro...

Страница 1905: ...er view ike peer peer name Required Specify the IKE negotiation mode in phase 1 exchange mode aggressive main Optional main by default Configure the pre shared key for pre shared key authentication pr...

Страница 1906: ...IKE tunnel may have a public address while the other end may have a private address and therefore NAT traversal must be configured at the private network side to set up the tunnel If the IKE negotiati...

Страница 1907: ...to be three times of the keepalive interval Setting the NAT Keepalive Timer NAT mapping on a NAT gateway may get aged If no packet traverses an IPSec tunnel in a certain period of time the NAT mappin...

Страница 1908: ...ng IKE To do Use the command Remarks Enter system view system view Create a DPD and enter its view ike dpd dpd name Required Set the DPD query triggering interval interval time interval time Optional...

Страница 1909: ...am Figure 555 Network diagram for IKE configuration Configuration procedure 1 Configure Router A Configure an IKE peer RouterA system view RouterA ike peer peer RouterA ike peer peer pre shared key ab...

Страница 1910: ...the Intranet in the headquarters through a leased line The Serial 2 0 interface of Router A has a fixed public IP address and Router B obtains an IP address dynamically As the IP address obtained by t...

Страница 1911: ...ec proposal prop esp authentication algorithm sha1 RouterA ipsec proposal prop quit Create an IPSec policy named policy specifying to set up SAs through IKE negotiation RouterA ipsec policy policy 10...

Страница 1912: ...p encryption algorithm des RouterB ipsec proposal prop esp authentication algorithm sha1 RouterB ipsec proposal prop quit Create an IPSec policy specifying to set up SAs through IKE negotiation Router...

Страница 1913: ...twork diagram Figure 557 Network diagram for IPSec IKE with ADSL Configuration procedure 1 Configure Router A Specify a name for the local security gateway RouterA system view RouterA ike local name r...

Страница 1914: ...IPSec policy to reference ACL 3101 RouterA ipsec policy isakmp policy 10 security acl 3101 Configure the IPSec policy to reference IPSec proposal prop RouterA ipsec policy isakmp policy 10 proposal p...

Страница 1915: ...al named prop RouterB ipsec proposal prop RouterB ipsec proposal prop encapsulation mode tunnel RouterB ipsec proposal prop transform esp RouterB ipsec proposal prop esp encryption algorithm 3des Rout...

Страница 1916: ...terface atm 1 0 RouterB Atm1 0 pvc 0 100 RouterB atm pvc Atm1 0 0 100 map bridge virtual ethernet 0 RouterB atm pvc Atm1 0 0 100 quit Configure the VE interface RouterB interface virtual ethernet 0 Ro...

Страница 1917: ...nd whether the referred IPSec proposals have a match in protocol encryption and authentication algorithms Failure to Establish an IPSec Tunnel Symptom Failure to establish an IPSec tunnel Analysis Som...

Страница 1918: ...of IPSec tunnels are determined by the order they are established a device cannot interoperate with other peers in fine granularity when its outbound packets are first matched with an IPSec tunnel in...

Страница 1919: ...rs to establish SSH connections with a remote device acting as the SSH server c CAUTION Currently when acting as an SSH server the device supports two SSH versions SSH2 and SSH1 When acting as an SSH...

Страница 1920: ...connection is established the server sends the first packet to the client which includes a version identification string in the format of SSH primary protocol version number secondary protocol versio...

Страница 1921: ...ich includes the username authentication method and information related to the authentication method the password in the case of password authentication The server authenticates the client If the auth...

Страница 1922: ...the server sends back to the client an SSH_SMSG_FAILURE packet indicating that the processing fails or it cannot resolve the request Interactive session In this stage the server and the client exchan...

Страница 1923: ...g RSA and DSA Keys on page 1924 Creating RSA or DSA key pairs on page 1924 Required Exporting RSA or DSA key pairs on page 1924 Optional Destroying RSA or DSA key pairs on page 1924 Optional Configuri...

Страница 1924: ...s in the range 512 to 2048 bits With SSH2 nevertheless some clients require that the keys generated by the server must not be less than 768 bits Exporting RSA or DSA key pairs You can display or expor...

Страница 1925: ...RT 4 07 to upload the client public key to the server You can configure at most 20 client pubic keys on an SSH server Configuring a client public key manually Follow these steps to configure the clien...

Страница 1926: ...or information about sftp refer to SFTP Overview on page 1945 For successful login through SFTP you must set the user service type to sftp or all You can set the service type of an SSH user to stelnet...

Страница 1927: ...RADIUS authentication server After login the commands available to a user are determined by AAA authorization Setting the SSH Management Parameters SSH management includes Enabling the SSH server to...

Страница 1928: ...sequent authentications Without first time authentication a client not configured with the server host public key will be denied of access to the server To access the server a user must configure in a...

Страница 1929: ...ystem view system view Enable the device to support first time authentication ssh client first time Optional By default first time authentication is supported on a client To do Use the command Remarks...

Страница 1930: ...nection between the SSH client and the IPv6 server and specify the preferred key exchange algorithm encryption algorithms and HMAC algorithms for them ssh2 ipv6 server port number identity key dsa rsa...

Страница 1931: ...y local create dsa Router ssh server enable Configure an IP address for interface Ethernet 1 1 which the SSH client will use as the destination for SSH connection Router interface ethernet 1 1 Router...

Страница 1932: ...er client001 service type ssh level 3 Router luser client001 quit Specify the service type of user client001 as Stelnet and the authentication method as password Router ssh user client001 service type...

Страница 1933: ...SSH client configuration interface From the window shown in Figure 561 click Open The following SSH client interface appears If the connection is normal you will be prompted to enter the username clie...

Страница 1934: ...is used the algorithm is RSA Network diagram Figure 562 Network diagram for SSH server configuration using publickey authentication Configuration procedure Configure the SSH server Generate RSA and D...

Страница 1935: ...wing tasks you must generate an RSA public key pair using the client software on the client save the key pair in a file named key pub and then upload the file to the SSH server through FTP or TFTP For...

Страница 1936: ...Generate a client key pair 1 While generating the key pair you must move the mouse continuously and keep the mouse off the green process bar shown in Figure 564 Otherwise the process bar stops moving...

Страница 1937: ...ion Example 1937 Figure 564 Generate a client key pair 2 After the key pair is generated click Save public key to save the key in a file by entering a file name key pub in this case Figure 565 Generat...

Страница 1938: ...client key 4 n After generating a key pair on a client you need to transmit the saved public key file to the server through FTP or TFTP and have the configuration on the server done before continuing...

Страница 1939: ...on window navigate to the private key file and click OK Figure 568 SSH client configuration interface 2 From the window shown in Figure 569 click Open The following SSH client interface appears If the...

Страница 1940: ...hentication is required Network diagram Figure 570 Network diagram for SSH client configuration using password authentication Configuration procedure 1 Configure the SSH server Create RSA and DSA key...

Страница 1941: ...first time authentication RouterA undo ssh client first time Configure the host public key of the SSH server by entering public key code view and copying the DSA public key of the SSH server RouterA p...

Страница 1942: ...165 87 136 Enter password All rights reserved 2004 2006 Without the owner s prior written consent no decompiling or reverse switch fabricering shall be allowed RouterB When Using Publickey Authentica...

Страница 1943: ...remote public key pair from the file key pub RouterB public key peer Router001 import sshkey key pub Specify the authentication type for user client002 as publickey and assign the public key Router00...

Страница 1944: ...65 87 136 Press CTRL K to abort Connected to 10 165 87 136 The Server is not authenticated Continue Y N y Do you want to save the server public key Y N n All rights reserved 2004 2006 Without the owne...

Страница 1945: ...isites You have configured the SSH server For the detailed configuration procedure refer to Configuring the Device as an SSH Server on page 1922 You have used the ssh user service type command to set...

Страница 1946: ...configuration task is to enable the SFTP client to establish a connection with the remote SFTP server and enter SFTP client view Follow these steps to enable the SFTP client To do Use the command Rem...

Страница 1947: ...8 des prefer stoc hmac md5 md5 96 sha1 sha1 96 Use one command in user view as required The support for the keyword 3des in the two commands varies by device Establish a connection to the remote IPv6...

Страница 1948: ...y on the remote SFTP server mkdir remote path Optional Delete a directory from the SFTP server rmdir remote path 1 10 Optional To do Use the command Remarks To do Use the command Remarks Establish a c...

Страница 1949: ...ional The delete command functions as the remove command remove remote file 1 10 To do Use the command Remarks To do Use the command Remarks Establish a connection to the remote SFTP server and enter...

Страница 1950: ...0 4 RouterB ui vty0 4 authentication mode scheme Set the user privilege level to 3 RouterB ui vty0 4 user privilege level 3 Enable the user interfaces to support SSH RouterB ui vty0 4 protocol inbound...

Страница 1951: ...ir rwxrwxrwx 1 noone nogroup 1759 Aug 23 06 52 config cfg rwxrwxrwx 1 noone nogroup 225 Aug 24 08 01 pubkey2 rwxrwxrwx 1 noone nogroup 283 Aug 24 07 39 pubkey1 drwxrwxrwx 1 noone nogroup 0 Sep 01 06 2...

Страница 1952: ...one nogroup 0 Sep 02 06 33 new2 Download the pubkey2 file from the server and save it as local file public sftp client get pubkey2 public Remote file pubkey2 Local file public Downloading file success...

Страница 1953: ...during handshake phase Authentication SSL supports authenticating both the server and the client through certificates with the authentication of the client being optional Reliability SSL uses key base...

Страница 1954: ...application layer protocol HTTP protocol for example Configuration Prerequisites Before configuring an SSL server policy you must configure PKI public key infrastructure domain For details about PKI...

Страница 1955: ...ional The defaults are as follows 500 for the maximum number of cached sessions 3600 seconds for the caching timeout time Enable certificate based SSL client authentication client verify enable Option...

Страница 1956: ...on to locate the problem If the SSL server has no certificate request one for it If the server certificate cannot be trusted install on the SSL client the root certificate of the CA that issues the lo...

Страница 1957: ...start the packet forwarding path remains the same and the whole system can forward IP packets continuously Hence it is called Graceful Restart Basic Concepts in Graceful Restart A router with the Grac...

Страница 1958: ...replace with each other If a router is to act as a Graceful Restarter it must have the ability to preserve the routing information in the routing table forwarding table Routers that fail to meet this...

Страница 1959: ...3 GR Restarter signaling to GR Helper Figure 576 The GR Restarter signals to the GR Helper s after restart As illustrated in Figure 576 after the GR Restarter has recovered it will signal to all its...

Страница 1960: ...Boarder Gateway Protocol BGP Open Shortest Path First OSPF Intermediate System to Intermediate System IS IS Label Distribution Protocol LDP and MPLS with Resource Reservation Protocol Traffic Engineer...

Страница 1961: ...a backup interface when the primary one fails As shown in Figure 578 interfaces Serial 2 0 Serial 2 1 and Serial 2 2 on Router A back up one and another Serial 2 0 takes on data transmission and Seria...

Страница 1962: ...re 579 interface Serial 2 0 on Router A acts as the main interface and interfaces Serial 2 1 and Serial 2 2 act as the backup interfaces Figure 579 Diagram for main backup mode In interface backup mod...

Страница 1963: ...opting interface backup or load sharing mode depending on whether you have configured an upper or lower threshold for the main interface traffic As long as this threshold is configured the load sharin...

Страница 1964: ...ck object is positive it indicates that the link connecting the tracked interface is normal and the interface performing the track works as the backup interface If the state of the Track object is neg...

Страница 1965: ...andwidth it would prompt you to reconfigure If the available bandwidth configured for setting the thresholds exceeds the physical bandwidth on the interface the load balancing does not take effect Dis...

Страница 1966: ...face The configuration is omitted 2 Configure a static route On Router A configure a static route to the segment 192 168 2 0 24 where Router B resides RouterA system view RouterA ip route static 192 1...

Страница 1967: ...erface Interfacestate Standbystate Standbyflag Pri Loadstate serial2 0 UP MUP MU serial2 1 STANDBY STANDBY BU 30 serial2 2 STANDBY STANDBY BU 20 Backup flag meaning M MAIN B BACKUP V MOVED U USED D LO...

Страница 1968: ...erB ip route static 192 168 1 0 24 serial 2 0 RouterB ip route static 192 168 1 0 24 serial 2 1 RouterB ip route static 192 168 1 0 24 serial 2 2 3 Configure the backup interface and load sharing on R...

Страница 1969: ...ndbyflag Pri Loadstate serial2 0 UP MUP MUD TO HYPNOTIZE serial2 1 STANDBY STANDBY BU 30 serial2 2 STANDBY STANDBY BU 20 Backup flag meaning M MAIN B BACKUP V MOVED U USED D LOAD P PULLED When the dat...

Страница 1970: ...1970 CHAPTER 106 BACKUP CENTER CONFIGURATION...

Страница 1971: ...on page 1974 Format of VRRP Packets on page 1975 Principles of VRRP on page 1976 VRRP Tracking on page 1977 VRRP Application Taking IPv4 Based VRRP for Example on page 1977 VRRP Overview Normally as s...

Страница 1972: ...tion due to a single link failure There are two VRRP versions VRRPv2 and VRRPv3 VRRPv2 is based on IPv4 while VRRPv3 is based on IPv6 The two versions implement the same functions but provide differen...

Страница 1973: ...determines the role master or backup of each router in the standby group by priority A router with a higher priority has more opportunity to become the master VRRP priority is in the range of 0 to 255...

Страница 1974: ...ecrypt the packet and checks whether the packet is valid On a secure network you need not set the authentication mode VRRP Timers VRRP timers include VRRP advertisement interval timer and VRRP preempt...

Страница 1975: ...ity of the router in the standby group in the range 0 to 255 A greater value represents a higher priority Count IP Addrs Number of virtual IP addresses for the standby group A standby group can have m...

Страница 1976: ...IPv6 addresses Auth Type Authentication type 0 means no authentication 1 means simple authentication VRRPv3 does not support MD5 authentication Adver Int Interval for sending advertisement packets in...

Страница 1977: ...only when the interface to which a standby group is assigned fails but also when other interfaces on the router become unavailable This is achieved by tracking interfaces When a monitored interface go...

Страница 1978: ...AN Load balancing You can create more than one standby group on an interface of a router allowing the router to be the master of one standby group but a backup of another at the same time In load bala...

Страница 1979: ...tandby group 1 2 and 3 as the default gateways respectively When configuring VRRP priorities ensure that each router holds such a priority in each standby group that it will take the expected role in...

Страница 1980: ...r MAC address By default a MAC address is created for a standby group after the standby group is created and the virtual IP address is associated with the virtual MAC address With such association ado...

Страница 1981: ...ddresses in it In addition configurations on that standby group no longer take effect The virtual IP address of the virtual router can be either an unused IP address on the segment where the standby g...

Страница 1982: ...ace At present the Layer 2 protocol used by the tracked synchronous asynchronous serial interfaces should only be PPP protocol the dialer interface should function as the PPPoE client and operate in t...

Страница 1983: ...ackets and configure a preemption delay Displaying and Maintaining VRRP for IPv4 To do Use the command Remarks Enter system view system view Enter the specified interface view interface interface type...

Страница 1984: ...he packets to be forwarded to the other network segments to the master router properly There are two types of association between virtual IPv6 address and MAC address Virtual IPv6 address is associate...

Страница 1985: ...by group Configuration prerequisites Before creating standby group and configuring virtual IPv6 address you should first configure the IPv6 address of the interface and ensure that the virtual IPv6 ad...

Страница 1986: ...of a device is reset if the state of the interface under tracking changes from down to up Configuring VRRP Packet Attributes Configuration prerequisites Before configuring the relevant attributes of...

Страница 1987: ...ndby group 1 with the virtual IP address of 202 38 160 111 If Router A operates normally packets sent from Host A to Host B are forwarded by Router A if Router A fails packets sent from Host A to Host...

Страница 1988: ...emption mode and configure the preemption delay to five seconds RouterA Ethernet1 0 vrrp vrid 1 preempt mode timer delay 5 2 Configure Router B RouterB system view RouterB interface Ethernet 1 0 Route...

Страница 1989: ...ster IP 202 38 160 1 The above information indicates that in standby group 1 Router A is the master Router B is the backup and packets sent from host A to host B are forwarded by Router A If Router A...

Страница 1990: ...king in VRRP Configuration procedure 1 Configure Router A Create a standby group RouterA system view RouterA interface ethernet 1 0 RouterA Ethernet1 0 ip address 202 38 160 1 255 255 255 0 Create sta...

Страница 1991: ...simple hello Configure the master to send VRRP packets every five seconds and work in preemption mode The preemption delay is five seconds RouterB Ethernet1 0 vrrp vrid 1 timer advertise 5 RouterB Eth...

Страница 1992: ...of standby group 1 on Router A is displayed RouterA Ethernet1 0 display vrrp verbose IPv4 Standby Information Run Method VIRTUAL MAC Virtual IP Ping Enable Interface Ethernet1 0 VRID 1 Adver Timer 5 A...

Страница 1993: ...re Router A Create standby group 1 RouterA system view RouterA interface Ethernet1 0 RouterA Ethernet1 0 ip address 202 38 160 1 255 255 255 0 Create standby group 1 and configure its virtual IP addre...

Страница 1994: ...of the standby group on Router A RouterA Ethernet1 0 display vrrp verbose IPv4 Standby Information Run Method VIRTUAL MAC Virtual IP Ping Enable Interface Ethernet1 0 VRID 1 Adver Timer 1 Admin Status...

Страница 1995: ...nd the host with the default gateway of 202 38 160 112 24 accesses the Internet through Router B IPv6 Based VRRP Configuration Example This section provides these configuration examples Single VRRP St...

Страница 1996: ...andby group 1 to 110 RouterA Ethernet1 0 vrrp ipv6 vrid 1 priority 110 Set Router A to work in preemption mode RouterA Ethernet1 0 vrrp ipv6 vrid 1 preempt mode Enable Router A to send RA messages Rou...

Страница 1997: ...y vrrp ipv6 verbose IPv6 Standby Information Run Method VIRTUAL MAC Virtual IP Ping Enable Interface Ethernet1 0 VRID 1 Adver Timer 100 Admin Status UP State Backup Config Pri 100 Run Pri 100 Preempt...

Страница 1998: ...Host B are forwarded by Router A if Router A is in work but when its interface Ethernet1 1 which connects to the internet is not available packets sent from Host A to Host B are forwarded by Router B...

Страница 1999: ...64 Create a standby group 1 and set its virtual IP address to fe80 10 RouterB Ethernet1 0 vrrp ipv6 vrid 1 virtual ip fe80 10 link local Set the authentication mode of standby group 1 to SIMPLE and au...

Страница 2000: ...net 1 1 is not available you can still ping through Host B on Host A You can use the display vrrp ipv6 command to view the detailed information of the standby group If Router A is in work but its inte...

Страница 2001: ...e FE80 20 as their default gateway Load sharing and mutual backup between default gateways can be implemented by using VRRP standby groups Network diagram Figure 594 Network diagram for multiple VRRP...

Страница 2002: ...B in standby group 2 to 110 RouterB Ethernet1 0 vrrp ipv6 vrid 2 priority 110 3 Verify the configuration You can use the display vrrp ipv6 command to verify the configuration Display detailed informat...

Страница 2003: ...A is the backup Router B is the master and the host with the default gateway of FE80 20 accesses the Internet through Router B n Multiple standby groups are commonly used in actual networking In IPv6...

Страница 2004: ...If the ping fails check network connectivity If the ping succeeds check that their configurations are consistent in terms of number of virtual IP addresses virtual IP addresses advertisement interval...

Страница 2005: ...05 Configuring Device Management on page 2006 Displaying and Maintaining Device Management Configuration on page 2010 Device Management Configuration Example on page 2010 Device Management Overview Th...

Страница 2006: ...an use the display license command or log onto the network management interface to view the soft registration information of the device Follow these steps to register the software n Only users with th...

Страница 2007: ...ice boot must be saved under the root directory of the device for a device supporting storage device partition the file must be saved on the first partition You can copy or move a file to change the p...

Страница 2008: ...case when the temperature of a card is higher than the upper threshold or lower than the lower threshold the system will notify you through the information center for you to timely deal with the probl...

Страница 2009: ...the interface index in the same device For the purpose of the stability of an interface index the system will save the 16 bit interface index when a card or logical interface is removed If you repeate...

Страница 2010: ...d Remarks Display the Boot ROM file used for the next boot display boot loader slot slot number Available in any view Display the statistics of the CPU usage display cpu usage task number offset verbo...

Страница 2011: ...the FTP username to aaa and password to hello FTP Server local user aaa FTP Server luser aaa password cipher hello Configure the user to have access to the aaa directory FTP Server luser aaa service t...

Страница 2012: ...gged in successfully ftp Download the aaa bin program on FTP Server to the Flash of the device ftp get aaa bin Clear the FTP connection and return to user view ftp quit Sysname Reboot the device The a...

Страница 2013: ...t packets and provides you with network performance and service quality parameters such as jitter TCP connection delay FTP connection delay and file transfer rate With the NQA test results you can 1 K...

Страница 2014: ...ce for application modules The application modules then deal with the changes accordingly based on the status of the Track object and thus collaboration is implemented Take static routing as an exampl...

Страница 2015: ...responding function For an ICMP echo or UDP echo test one packet is sent in one probe For an SNMP test three packets are sent in one probe NQA client and server NQA client is the device initiating an...

Страница 2016: ...tests you need to configure the NQA server on the peer device The NQA server makes a response to the requests Task Remarks Configuring the NQA Server on page 2016 Required for TCP UDP echo and UDP ji...

Страница 2017: ...st Group Configuring the ICMP echo Test The ICMP test is used to test reachability of the destination host according to the ICMP echo reply or timeout information Follow these steps to configure the I...

Страница 2018: ...Specify the IP address of an interface as the source IP address of an ICMP echo probe request source interface interface type interface number Optional By default no interface address is specified as...

Страница 2019: ...P server and the time necessary for the FTP client to transfer a file to the FTP server Configuration prerequisites Before the FTP test you need to perform some configurations on the FTP server For ex...

Страница 2020: ...configured for a test operation The destination IP address for a test operation is the IP address of the FTP server Configure the source IP address of a probe request source ip ip address Required By...

Страница 2021: ...type view type http Required Configure the destination address for a test operation destination ip ip address Required By default no destination IP address is configured for a test operation The dest...

Страница 2022: ...ion address for a test operation destination ip ip address Required By default no destination IP address is configured for a test operation The destination IP address must be consistent with that of t...

Страница 2023: ...UDP jitter test probe packet timeout packet timeout Optional 3000 milliseconds by default Configure the source IP address of a probe request in a test operation source ip ip address Optional By defau...

Страница 2024: ...ress of a probe request in a test operation source ip ip address Optional By default no source IP address is specified The source IP address must be that of an interface on the device and the interfac...

Страница 2025: ...n port destination port port number Required By default no destination port number is configured for a test operation The destination port number must be consistent with port number of the listening s...

Страница 2026: ...port number of the listening service configured on the NQA server Configure the size of probe packets sent data size size Optional 100 bytes by default Configure the string of fill characters of a pr...

Страница 2027: ...gured for a test operation Configure the source IP address of a probe request in a test operation source ip ip address Optional By default no source IP address is specified The source IP address must...

Страница 2028: ...view system view Enter NQA test group view nqa entry admin name operation tag Enter test type view of the test group type dhcp dlsw ftp http icmp echo snmp tcp udp echo udp jitter Configure to send tr...

Страница 2029: ...a UDP jitter test Configure the maximum number of history records that can be saved in a test group history records number Optional 50 by default Configure the maximum number of hops a probe packet t...

Страница 2030: ...a admin test icmp echo destination ip 10 2 2 2 Configure optional parameters DeviceA nqa admin test icmp echo probe count 10 DeviceA nqa admin test icmp echo probe timeout 500 DeviceA nqa admin test i...

Страница 2031: ...admin test dhcp quit Enable the DHCP test RouterA nqa schedule admin test start time now lifetime forever Display results of one DHCP test RouterA display nqa result admin test NQA entry admin admin...

Страница 2032: ...he FTP test DeviceA nqa schedule admin test start time now lifetime forever Display results of an FTP test DeviceA display nqa result admin test NQA entry admin admin tag test test results Destination...

Страница 2033: ...est results Destination IP address 10 2 2 2 Send operation times 1 Receive response times 1 Min Max Average round trip time 64 64 64 Square Sum of round trip time 4096 Last succeeded probe time 2007 0...

Страница 2034: ...Send operation times 10 Receive response times 10 Min Max Average round trip time 31 47 32 Square Sum of round trip time 10984 Last succeeded probe time 2007 04 29 20 05 49 1 Extend results Packet lo...

Страница 2035: ...ed test parameters DeviceA system view DeviceA nqa entry admin test DeviceA nqa admin test type snmp DeviceA nqa admin test snmp destination ip 10 2 2 2 DeviceA nqa admin test snmp quit Enable the SNM...

Страница 2036: ...ry admin test DeviceA nqa admin test type tcp DeviceA nqa admin test tcp destination ip 10 2 2 2 DeviceA nqa admin test tcp destination port 9000 DeviceA nqa admin test tcp quit Enable the TCP test De...

Страница 2037: ...st DeviceA nqa admin test type udp echo DeviceA nqa admin test udp echo destination ip 10 2 2 2 DeviceA nqa admin test udp echo destination port 8000 DeviceA nqa admin test udp echo quit Enable the UD...

Страница 2038: ...LSw test DeviceA nqa schedule admin test start time now lifetime forever Display results of one DLSw test DeviceA display nqa result admin test NQA entry admin admin tag test test results Destination...

Страница 2039: ...etStream on page 2040 Introduction to NetStream NetStream provides the packet statistics function By differentiating streams by destination address source IP address destination port number source por...

Страница 2040: ...statistics are delivered in version 5 UDP packets When you configure the attributes of version 5 UDP packets If no NetStream aggregation is configured the device sends the aged statistics in version...

Страница 2041: ...Required Configuring NetStream Statistics Aging on page 2043 Optional To do Use the command Remarks Enter system view system view Configure NetStream cache size ip netstream max entry max entries Opti...

Страница 2042: ...sion 5 packets and if no attributes of NetStream statistics packets are configured in NetStream aggregation view also affects version 8 packets The ip netstream export version command can be executed...

Страница 2043: ...rt all NetStream cache entries before they automatically get aged and clear the status information of the NetStream cache and the exported packets information The information about the exported packet...

Страница 2044: ...ernet1 0 ip address 11 110 2 1 255 255 0 0 RouterA Ethernet1 0 ip netstream inbound RouterA Ethernet1 0 quit Configure interface Ethernet 1 1 and enable NetStream statistics in its outbound direction...

Страница 2045: ...net 1 0 and enable NetStream statistics in both inbound and outbound directions RouterA system view RouterA interface ethernet 1 0 RouterA Ethernet1 0 ip address 11 110 2 1 255 255 0 0 RouterA Etherne...

Страница 2046: ...dress destination port and source port of the exported UDP packets in this mode RouterA ip netstream aggregation source prefix RouterA aggregation srcpre enable RouterA aggregation srcpre ip netstream...

Страница 2047: ...1 1 as number 100 RouterB bgp peer 2 1 1 2 as number 200 3 Configure Router C Configure interface Ethernet 1 0 RouterC interface ethernet 1 0 RouterC Ethernet1 0 ip address 2 1 1 2 255 255 0 0 Router...

Страница 2048: ...2048 CHAPTER 110 NETSTREAM CONFIGURATION...

Страница 2049: ...NTP its time can be synchronized by other reference sources and can be used as a reference source to synchronize other clocks Applications of NTP An administrator can by no means keep synchronized ti...

Страница 2050: ...asy understanding we assume that Prior to system clock synchronization between Device A and Device B the clock of Device A is set to 10 00 00 am while that of Device B is set to 11 00 00 am Device B i...

Страница 2051: ...A and Device B Offset T2 T1 T3 T4 2 1 hour Based on these parameters Device A can synchronize its own clock to the clock of Device B This is only a rough description of the work mechanism of NTP For...

Страница 2052: ...1 clock has the highest precision and a stratum 16 clock is not synchronized and cannot be used as a reference clock Poll 8 bit signed integer indicating the poll interval namely the maximum interval...

Страница 2053: ...ltering and selection and synchronizes its local clock to that of the optimal reference source In this mode a client can be synchronized to a server but not vice versa Symmetric peers mode Figure 613...

Страница 2054: ...en the client enters the broadcast client mode and continues listening to broadcast messages and synchronizes its local clock based on the received broadcast messages Multicast mode Figure 615 Multica...

Страница 2055: ...e NTP client on a PE can be synchronized to the NTP server on another PE through a designated VPN instance The NTP server on a PE can synchronize the NTP clients on multiple CEs in different VPNs n A...

Страница 2056: ...ynchronized If the clock of a server has a stratum level higher than or equal to that of a client s clock the client will not synchronize its clock to the server s You can configure multiple servers b...

Страница 2057: ...or devices working in the broadcast mode you need to configure both the server and clients Because an interface need to be specified on the broadcast server for sending NTP broadcast messages and an i...

Страница 2058: ...e of the following two ways Synchronized to the local clock which as the reference source Synchronized to another device on the network in any of the four NTP operation modes previously described If y...

Страница 2059: ...low these steps to configure the allowable maximum number of dynamic sessions Configuring Access Control Rights With the following command you can configure the NTP service access control right to the...

Страница 2060: ...t Configuration Prerequisites Prior to configuring the NTP service access control right to the local device you need to create and configure an ACL associated with the access control right For the con...

Страница 2061: ...n is enabled on a client the client can be synchronized only to a server that can provide a trusted authentication key Configuration Procedure Configuring NTP authentication for a client Follow these...

Страница 2062: ...entication mode md5 value Required No NTP authentication key by default Configure the key as a trusted key ntp service reliable authentication keyid keyid Required No authentication key is configured...

Страница 2063: ...Nominal frequency 64 0000 Hz Actual frequency 64 0000 Hz Clock precision 2 7 Clock offset 0 0000 ms Root delay 0 00 ms Root dispersion 0 00 ms Peer dispersion 0 00 ms Reference time 00 00 00 000 UTC J...

Страница 2064: ...the stratum level of 2 Device B works in the client mode and Device A is to be used as the NTP server of Device B with Device B as the client Device C works in the symmetric active mode and Device B...

Страница 2065: ...ms Root dispersion 775 15 ms Peer dispersion 34 29 ms Reference time 15 22 47 083 UTC Sep 19 2005 C6D95647 153F7CED As shown above Device B has been synchronized to Device C and the clock stratum leve...

Страница 2066: ...mode and receive broadcast messages on Ethernet 1 0 RouterD system view RouterD interface ethernet 1 0 RouterD Ethernet1 0 ntp service broadcast client 3 Configuration on Router A Configure Router A t...

Страница 2067: ...RouterD display ntp service sessions source reference stra reach poll now offset delay disper 1234 3 0 1 31 127 127 1 0 2 254 64 62 16 0 32 0 16 6 note 1 source master 2 source peer 3 selected 4 cand...

Страница 2068: ...MP enabled and can be synchronized to Router C View the NTP status of Router D after clock synchronization RouterD display ntp service status Clock status synchronized Clock stratum 3 Reference clock...

Страница 2069: ...e multicast messages on Ethernet 1 0 RouterA Ethernet1 0 ntp service multicast client View the NTP status of Router A after clock synchronization RouterA Ethernet1 0 display ntp service status Clock s...

Страница 2070: ...iguration on Device A Specify the local clock as the reference source with the stratum level of 2 DeviceA system view DeviceA ntp service refclcok master 2 2 Configuration on Device B DeviceB system v...

Страница 2071: ...B has been synchronized to Device A and the clock stratum level of Device B is 3 while that of Device A is 2 View the NTP session information of Device B which shows that an association has been set...

Страница 2072: ...service broadcast server authentication keyid 88 2 Configuration on Router D Configure NTP authentication RouterD system view RouterD ntp service authentication enable RouterD ntp service authenticat...

Страница 2073: ...er D and Router C RouterD display ntp service sessions source reference stra reach poll now offset delay disper 1234 3 0 1 31 127 127 1 0 3 254 64 62 16 0 32 0 16 6 note 1 source master 2 source peer...

Страница 2074: ...ter 1 2 Configuration on CE 3 Specify CE 1 in VPN 1 as the NTP server of CE 3 CE3 system view CE3 ntp service unicast server 10 1 1 1 View the NTP session information and status information on CE 3 a...

Страница 2075: ...n Symmetric Peers Mode Network requirements PE1 s local clock is to be used as a reference source with the stratum level of 1 PE 2 is synchronized to PE 1 in the symmetric peers mode Network diagram S...

Страница 2076: ...reach poll now offset delay disper 12345 10 1 1 2 LOCL 1 1 64 29 12 0 32 0 15 6 note 1 source master 2 source peer 3 selected 4 candidate 5 configured Total associations 1 PE2 display ntp service trac...

Страница 2077: ...tween network management station NMS and agent facilitating large network management RMON comprises two parts NMSs and agents running on network devices Each RMON NMS administers the agents within its...

Страница 2078: ...per threshold an upper event is triggered if the sampled value of the monitored variable is lower than or equal to the lower threshold a lower event is triggered The event is then handled as defined i...

Страница 2079: ...a specified interface the Ethernet statistics group counts the number of packets received on the current interface The result of the statistics is a cumulative sum Configuring RMON Configuration Prere...

Страница 2080: ...ced in the event table with the rmon event command If an alarm variable is the statistics parameter of an interface configure the corresponding statistics group to make the alarm entry take effect Cre...

Страница 2081: ...Query statistics on the NMS and execute the display rmon statistics command on Agent for the same purpose Pri alarm Alarm variable formula alarm variable sampling interval sampling interval sampling t...

Страница 2082: ...statistics on interface Ethernet 1 0 Sysname Ethernet1 1 quit Sysname interface ethernet 1 0 Sysname Ethernet1 0 rmon statistics 1 owner user1 rmon Sysname Ethernet1 0 quit Create an RMON alarm entry...

Страница 2083: ...StatsJabbers 0 etherStatsCRCAlignErrors 0 etherStatsCollisions 0 etherStatsDropEvents insufficient resources 0 Packets received according to length 64 7 65 127 413 128 255 35 256 511 0 512 1023 0 1024...

Страница 2084: ...2084 CHAPTER 112 RMON CONFIGURATION...

Страница 2085: ...acturers Offering only the basic set of functions SNMP makes the management tasks independent of both the physical features of the managed devices and the underlying networking technology Thus SNMP ac...

Страница 2086: ...SNMPv3 offers an authentication that is implemented with a User Based Security Model USM for short which could be authentication with privacy authentication without privacy or no authentication no pr...

Страница 2087: ...r Required Add a new user to an SNMP agent group snmp agent usm user v3 user name group name authentication mode md5 sha auth password privacy mode aes128 des56 priv password acl acl number Required C...

Страница 2088: ...SNMP NMS access right Configure directly Configure a community name snmp agent community read write community name acl acl number mib view view name Use any command All of these three commands can be...

Страница 2089: ...All types of Trap packets are allowed by default Enter interface view interface interface type interface number Set to enable the device to send Trap packets of interface state change enable snmp tra...

Страница 2090: ...ion including the contact location and version of the SNMP display snmp agent sys info contact location version Available in any view Display SNMP agent statistics display snmp agent statistics Displa...

Страница 2091: ...t trap enable Sysname snmp agent target host trap address udp domain 1 1 1 2 udp port 5000 params securityname public 2 Configure NMS With SNMPv1 the user needs to specify the read only community the...

Страница 2092: ...performs the SET operation to Agent Jan 1 02 59 42 576 2006 Sysname SNMP 6 SET seqNO 11 srcIP 1 1 1 2 op set errorIndex 0 errorStat us noError node sysName 1 3 6 1 2 1 1 5 0 value Sysname n The syste...

Страница 2093: ...Configuration Example for SNMP Logging 2093 SNMP log to be output to other directions refer to Information Center Configuration on page 2137...

Страница 2094: ...2094 CHAPTER 113 SNMP CONFIGURATION...

Страница 2095: ...Configuration on page 2104 File System Management This section covers these topics File System Overview on page 2095 Directory Operations on page 2095 File Operations on page 2096 Storage Device Opera...

Страница 2096: ...e in user view Display the current path pwd Optional Available in user view Display files or directories dir all file url Optional Available in user view Change the current path cd directory Optional...

Страница 2097: ...n the following table You may use the two commands when some space of a storage device becomes inaccessible due to abnormal operations for example c CAUTION When you format a storage device all the fi...

Страница 2098: ...not do that in any cases To prevent undesirable consequence resulted from misoperations the alert mode is preferred File System Operations Example Display the files and the subdirectory under the cur...

Страница 2099: ...ation File Overview The operating interface provided by the configuration file management function is user friendly With it you can easily manage your configuration files Types of configuration The co...

Страница 2100: ...tion file namely only one configuration is allowed the following steps are taken during startup 1 If you specify a configuration file and this file exists the device will initialize its configuration...

Страница 2101: ...e in the device Backup attribute When you use the save safely backup command to save the current configuration the configuration file you get has backup attribute If this configuration file already ex...

Страница 2102: ...When main backup attributes are supported the following two situations exist While the reset saved configuration main command erases the configuration file with main attribute it only deletes the main...

Страница 2103: ...from the TFTP server for next startup n For a device that supports main backup attribute the effect of the backup restore operation applies to the main startup configuration file For a device that do...

Страница 2104: ...ning Device Configuration n For detailed description of the commands display this and display current configuration refer to Basic Configurations on page 2125 To do Use the command Remarks Display the...

Страница 2105: ...erver client model Your device can function either as client or as server as shown in Figure 627 They work in the following way When the device serves as the FTP client a PC user first telnets or conn...

Страница 2106: ...face is the source address of the transmitted packets The source address of the transmitted packets is selected following these rules If no source address of the FTP client is specified a device uses...

Страница 2107: ...ble in user view Log onto the remote FTP server indirectly in FTP client view ftp open server address service port To do Use the command Remarks To do Use the command Remarks Log onto the remote FTP s...

Страница 2108: ...ional Check files directories on the FTP server ls remotefile localfile Optional Download a file from the FTP server get remotefile localfile Optional Upload a file to the FTP server put localfile rem...

Страница 2109: ...Connected to 10 1 1 1 220 WFTPD 2 0 service by Texas Imperial Software ready for new user User 10 1 1 1 none abc 331 Give me your password please Password 230 Logged in successfully ftp binary 200 Ty...

Страница 2110: ...thentication and Authorization for Accessing FTP Server To allow an FTP user to access certain directories on the FTP server you need to create an account for the user authorizing access to the direct...

Страница 2111: ...figuration procedure 1 Configure Device FTP Server Create an FTP user account abc setting its password to pwd Sysname system view Sysname local user abc Sysname luser abc password simple pwd Specify a...

Страница 2112: ...in ftp put aaa app bbb app n When upgrading the configuration file with FTP put the new file under the root directory After you finish upgrading the BootROM program through FTP you must execute the b...

Страница 2113: ...Displaying and maintaining FTP 2113 Display detailed information about logged in FTP users display ftp user Available in any view To do Use the command Remarks...

Страница 2114: ...2114 CHAPTER 115 FTP CONFIGURATION...

Страница 2115: ...etween client and server TFTP uses the UDP port 69 service for data transmission For TFTP basic operation refer to RFC 1986 In TFTP file transfer is initiated by the client In a normal file downloadin...

Страница 2116: ...configuration file Multiple routes may exist for a TFTP client to successfully access the TFTP server You can specify one by configuring the source address of the packets from the TFTP client to meet...

Страница 2117: ...and a configuration file config cfg to PC for backup Network diagram Figure 631 Smooth upgrading using the TFTP client function Configure the source address of the TFTP client tftp client source inter...

Страница 2118: ...nterface 1 Sysname Vlan interface1 ip address 1 1 1 1 255 255 0 0 Sysname Vlan interface1 return Download an application file aaa app from the TFTP server Before that make sure that adequate memory is...

Страница 2119: ...responds by sending an ICMP echo reply to the source device after receiving the ICMP echo request 3 If there is network failure the source device displays timeout or destination unreachable 4 The sour...

Страница 2120: ...ssage which gives the source device the address of the second router 5 The above process continues until the ultimate destination device is reached In this way the source device can trace the addresse...

Страница 2121: ...information OFF ON OFF ON Debugging information Protocol debugging switch Screed output switch 1 3 1 2 3 OFF ON ON 1 3 1 2 3 1 3 Screed output switch Protocol debugging switch Debugging information To...

Страница 2122: ...the destination device Network diagram omitted here Configuration procedure Sysname tracert 10 1 1 4 traceroute to 10 1 1 4 30 hops max 40 bytes packet 1 128 3 112 1 19 ms 19 ms 0 ms 2 128 32 216 1 3...

Страница 2123: ...System Maintaining Example 2123 The above output shows that nine routers are involved from the source to the destination device...

Страница 2124: ...2124 CHAPTER 117 SYSTEM MAINTAINING AND DEBUGGING...

Страница 2125: ...ncurrent Users on page 2132 Displaying and Maintaining Basic Configurations on page 2132 Entering Exiting System View n With the quit command you can return to the previous view You can execute the re...

Страница 2126: ...s an optional configuration The default system clock is 2005 1 1 1 00 00 in the example Set the time zone clock timezone zone name add minus zone offset Optional Available in user view Set a daylight...

Страница 2127: ...nd clock summer time ss one off 1 00 2007 1 1 1 00 2007 8 8 2 Display 10 00 00 ss Mon 01 01 2007 1 3 and 1 If date time is not in the summer time range date time is displayed Configure clock summer ti...

Страница 2128: ...summer time ss one off 1 00 2007 1 1 1 00 2007 8 8 2 Display 04 00 00 ss Mon 01 01 2007 If the value of date time zone offset is in the summer time range date time zone offset summer offset is displa...

Страница 2129: ...are case insensitive Configuring a banner When you configure a banner the system supports two input modes One is to input all the banner information right after the command keywords The start and end...

Страница 2130: ...d with command lines by default Display hotkeys display hotkey Available in any view Refer to Table 62 for hotkeys reserved by system Table 62 Hotkeys reserved by the system Hotkey Function Ctrl A Mov...

Страница 2131: ...er of the continuous string to the left Esc D Deletes all the characters of the continuous string at the current cursor position and to the right of the cursor Esc F Moves the cursor to the front of t...

Страница 2132: ...rtain attribute only the last configuration applies When the number of users has reached the limit other users cannot enter system view Displaying and Maintaining Basic Configurations To do Use the co...

Страница 2133: ...following topics Online Help with Command Lines on page 2133 Display Features on page 2135 History Command on page 2135 Command Line Error Information on page 2135 Edit Features on page 2136 Introduc...

Страница 2134: ...minal logging Send log information to terminal monitor Send information output to current terminal trapping Send trap information to terminal 3 Enter a command and a separated by a space If is at the...

Страница 2135: ...ey have no syntax error Otherwise error information is reported Table 66 lists some common errors Table 64 Display functions Action Function Press Space when information display pauses Continues to di...

Страница 2136: ...and move the cursor to the right Backspace key Deletes the character to the left of the cursor and move the cursor back one character Left arrow key or Ctrl B The cursor moves one character space to t...

Страница 2137: ...blems n By default the information center is enabled An enabled information center affects the system performance in some degree due to information classification and output Such impact becomes more o...

Страница 2138: ...ect only after the information center is enabled warnings 4 Warnings notifications 5 Normal errors with important information informational 6 Informational information to be recorded debugging 7 Infor...

Страница 2139: ...DHCP Dynamic Host Configuration Protocol module DIAGCLI Diagnosis module DNS Domain Name System module DRVMPLS Multiprotocol label switching driver module DRVL2 Layer 2 driver module DRVL3 Layer 3 dr...

Страница 2140: ...ey Infrastructure module OSPF Open Shortest Path First module PHY Physical Sublayer Physical Layer module POE Power over Ethernet module POS_SNMP POS Simple Network Management Protocol module PPP Poin...

Страница 2141: ...a facility 8 severity in which facility is local7 by default and the range of severity is 0 to 7 Table 68 details the value and meaning associated with each severity Note that there is no space betwee...

Страница 2142: ...to the Console on page 2142 Optional Setting to Output System Information to a Monitor Terminal on page 2144 Optional Setting to Output System Information to a Log Host on page 2145 Optional Setting t...

Страница 2143: ...rity Enabled disabled Severity Console default all modules Enabled warnings Enabled debuggin g Enabled debuggin g Monitorin g terminal default all modules Enabled warnings Enabled debuggin g Enabled d...

Страница 2144: ...through which system information can be output to a monitor terminal info center monitor channel channel number channel name Optional System information is output to the monitor terminal by default w...

Страница 2145: ...number channel name debug level severity state state log level severity state state trap level severity state state Optional Refer to Table 71 for the output rules of the system information Configure...

Страница 2146: ...with channel 4 known as logbuffer as the default channel and a default buffer size of 512 Configure the output rules of the system information info center source module name default channel channel n...

Страница 2147: ...ate trap level severity state state Optional Refer to Table 71 for the output rules of the system information Configure the format of the timestamp info center timestamp debugging log trap boot date n...

Страница 2148: ...tion input If the input is interrupted by system output no system prompt will be made rather only your input will be displayed in a new line Displaying and Maintaining Information Center To do Use the...

Страница 2149: ...rap and debug information of all modules to the log host Sysname info center source default channel loghost debug state off log state off trap state off c CAUTION As the default system configurations...

Страница 2150: ...nd the accepted severity of log information specified by the etc syslog conf file must be identical to those configured on the device using the info center loghost or info center source command otherw...

Страница 2151: ...2 0 1 16 to be the log host set the severity to informational and the source modules to be all modules Sysname info center loghost 1 2 0 1 facility local7 Sysname info center source default channel lo...

Страница 2152: ...ding log information to the console Configuration procedure Enable information center Sysname system view Sysname info center enable Specify the channel to output log information to the console option...

Страница 2153: ...log information on a monitor terminal Sysname terminal monitor Current terminal monitor is on Sysname terminal logging Current terminal logging is on After the above configuration takes effect if the...

Страница 2154: ...2154 CHAPTER 119 INFORMATION CENTER CONFIGURATION...

Страница 2155: ...Shortcut Keys for Starting Terminal Sessions Aborting Tasks on page 2164 Sending Messages to the Specified User Interface s on page 2164 Releasing the Connection Established on the User Interface s o...

Страница 2156: ...is then followed by n 2 to represent the AUX port and then n 3 to represent VTY 1 and so on n The numbering approach numbers the four types of user interfaces in the sequence of Console port TTY AUX p...

Страница 2157: ...Optional Releasing the Connection Established on the User Interface s on page 2164 Optional Task Remarks To do Use the command Remarks Enter system view system view Enter user interface view user inte...

Страница 2158: ...imeout minutes seconds Optional 10 minutes by default Set the number of lines displayed on the next screen screen length screen length Optional 24 lines of data is displayed on the next screen by defa...

Страница 2159: ...in case a problem occurs Configuring User Privilege Level You can restrict a user to use only a subset of all the system commands through settings on two aspects user interface level and user level I...

Страница 2160: ...ser interface view user interface first num1 last num1 aux console tty vty first num2 last num2 Configure user s privilege level under the current user interface user privilege level level Optional By...

Страница 2161: ...se steps to configure redirection on asynchronous serial interfaces To do Use the command Remarks Enter system view system view Enter VTY user interface view user interface first num1 last num1 vty fi...

Страница 2162: ...the login fails when users relog in through other user interfaces such as the Console user interface they can log in without entering the password If you specify the authentication mode as scheme then...

Страница 2163: ...ntication password is set by default To do Use the command Remarks Enter system view system view Enter user interface view user interface first num1 last num1 aux console tty vty first num2 last num2...

Страница 2164: ...hortcut key for aborting tasks escape key default character Optional The default shortcut key combination for aborting tasks is Ctrl C To do Use the command Remarks Send messages to the specified user...

Страница 2165: ...face this device is connected and to which VLAN the interface belongs A MAC address table is consists of two types of entries static and dynamic Static entries are manually configured and never age ou...

Страница 2166: ...dresses an Ethernet Port or Aggregation Port Group Can Learn on page 2168 Configuring MAC Address Entries Follow these steps to add modify or remove entries in the MAC address table Disabling Global M...

Страница 2167: ...to retain outdated entries and fail to accommodate latest network changes a short interval may result in removal of valid entries and hence unnecessary broadcasts which may affect device performance F...

Страница 2168: ...ct on the current port only If you enter aggregation port group view the following configuration takes effect on all ports in the aggregation group Enter aggregation port group view port group aggrega...

Страница 2169: ...fc35 dc71 for port Ethernet 1 0 in VLAN 1 Configuration procedure Add a static MAC address entry Sysname system view Sysname mac address static 00e0 fc35 dc71 interface ethernet 1 0 vlan 1 Set the agi...

Страница 2170: ...2170 CHAPTER 121 MAC ADDRESS TABLE MANAGEMENT CONFIGURATION...

Страница 2171: ...automatically obtain and execute the configuration files In this way automatic configuration can be implemented greatly reducing the workload of administrators How Automatic Configuration Works The f...

Страница 2172: ...tion through DHCP When a device starts up without loading the configuration files the system automatically configures the interface which is UP for example a virtual interface corresponding with the d...

Страница 2173: ...ponse the device should obtain its host name first and then requests for the configuration file corresponding with the host name The device can obtain its host name in two ways obtaining the intermedi...

Страница 2174: ...ration files If the device successfully obtains the configuration files it removes the temporary configurations and executes the obtained configuration files otherwise it removes the temporary configu...

Страница 2175: ...this document varies with devices PoE Overview Introduction to PoE Power over Ethernet PoE means that power sourcing equipment PSE supplies power to powered devices PD such as IP telephone wireless LA...

Страница 2176: ...re standard PDs and nonstandard PDs A standard PD refers to the one that complies with IEEE 802 3af The PD that is being powered by the PSE can be connected to other power supply unit for redundancy b...

Страница 2177: ...er under the same PoE interface The PSE applies power to a PoE interface in the following two modes For a device with only signal cables power is supplied over signal cables For a device with spare ca...

Страница 2178: ...interface is 15 400 milliwatts Configure the PoE mode for the PoE interface poe mode signal spare Optional By default the PoE mode is signal power over signal cables Configure a description for the P...

Страница 2179: ...priority policy the PSE with a lower priority is first disconnected to guarantee the power supply to the new PSE with a higher priority when the PoE power is overloaded The power priority levels of P...

Страница 2180: ...l to set the priority of the PoE interface to critical Otherwise you can succeed in setting the priority to critical this PoE interface will preempt the power of other PoE interfaces with a lower prio...

Страница 2181: ...he PSE processing software and reloads it When the PSE processing software is damaged in this case you can execute none of PoE commands successfully you can upgrade the PSE processing software in full...

Страница 2182: ...the PSE to Detect Nonstandard PDs There are standard PDs and nonstandard PDs Usually the PSE can detect only standard PDs and supply power to them The PSE can detect nonstandard PDs and supply power...

Страница 2183: ...ay the mapping between ID module and slot of all PSEs display poe device Available in any view Display the power state and information of the specified PoE interface display poe interface interface ty...

Страница 2184: ...tEthernet3 1 poe enable Sysname GigabitEthernet3 1 quit Sysname interface gigabitethernet 3 2 Sysname GigabitEthernet3 2 poe enable Sysname GigabitEthernet3 2 quit Sysname interface gigabitethernet 5...

Страница 2185: ...ation file to a PoE interface fails Analysis Some configurations in the PoE configuration file are already configured Some configurations in the PoE configuration file do not meet the configuration re...

Страница 2186: ...2186 CHAPTER 123 POE CONFIGURATION...

Страница 2187: ...ata status information and control information OAP module configuration on the router includes the following Switch of the Interface on an OAP Module on page 2187 Resetting an OAP Module on page 2188...

Страница 2188: ...g the OAP module by pressing the reset button on the OAP module n Only users at management level can execute this command c CAUTION Reset of the OAP module may cause data loss and service interruption...

Страница 2189: ...et of software hardware interfaces to allow the boards cards or devices of other manufacturers to be plugged or connected to these legacy networking devices for cooperating to handle these services Th...

Страница 2190: ...ting switching component shown in Figure 639 by implementing the following functions Mirroring and redirecting the traffic on the ACFP server to the ACFP client Permitting denying the traffic from the...

Страница 2191: ...cooperation policy after reboot Currently supported context ID type The location of the context ID in the packet may vary with ACFP servers An ACFP server may support multiple types of context IDs The...

Страница 2192: ...or redirected to an ACFP client It can be 0 meaning context exchange is not supported After the interface connected to the ACFP client is specified in the policy sent the ACFP server assigns it a glob...

Страница 2193: ...e starting source port number and less than the ending source port number Starting source port number Ending source port number Destination IP address Inverse mask of destination IP address Destinatio...

Страница 2194: ...cluding queuing LR and WRED weighted random early detection CBQ does not belong to Layer 2 QoS processing but not any other service processing such as non Layer 2 QoS processing and non QoS service pr...

Страница 2195: ...ent info client id Available in any view Display the configuration information of an ACFP policy display acfp policy info client client id policy index dest interface interface type interface number i...

Страница 2196: ...ser to send information to Device where the client index and policy index is 1 the policy inbound interface is Ethernet 1 2 by setting the node h3cacfpPolicyInIfIndex the policy destination interface...

Страница 2197: ...cMAC the source IP mask is 255 255 255 0 by setting the node h3cAcfpRuleSrcIPMask and the other parameters adopt the default values Apply Configure the ACFP rule through MIB browser to send informatio...

Страница 2198: ...2198 CHAPTER 125 ACFP CONFIGURATION...

Страница 2199: ...Architecture OAA The collaborating IDS Intrusion Detection System cards or IDS devices serves as the ACFP clients which run applications of other vendors and support the IPS Intrusion Prevention Syste...

Страница 2200: ...ient to multicast the registration requests with the multicast MAC address being 010F E200 0021 You cannot set this timer The monitoring timer is used to periodically trigger the ACSEI client to send...

Страница 2201: ...emarks Enter system view system view Enable the ACSEI server function acsei server enable Required Enter ACSEI view acsei server Required Configure the monitoring timer acsei timer monitor seconds Opt...

Страница 2202: ...s enabled once it is installed and by default ACSEI client starts up with the startup of the module system You can modify the default settings through the following commands Modifying the default star...

Страница 2203: ...ears To do Use the command Remarks Configure not to start up ACSEI client automatically when the system is started up chkconfig acseid off Required By default ACSEI client installed on the OAP module...

Страница 2204: ...mmand Remarks Switch to the Linux system of the OAP module from the command line interface of the device oap connect slot slot number Required Available in user view Start up ACSEI client service acse...

Страница 2205: ...are the changes of the ACSEI client Displaying and Maintaining ACSEI Client Stop ACSEI client service acseid stop Optional This operation is available in the Linux system of the OAP module To do Use t...

Страница 2206: ...2206 CHAPTER 126 ACSEI CONFIGURATION...

Страница 2207: ...configuration A detection module probes a Reaction entry and informs the Track module of the probe result The Track module then changes the status of the Track object accordingly If the probe of the...

Страница 2208: ...k object changes to negative and the priority of the router thus decreases by a specified value allowing a higher priority router to become the master to maintain proper communication between the host...

Страница 2209: ...c route the static route and the specified Track object are associated directly for a nonexistent static route the system creates the static route and then associates it with the specified Track objec...

Страница 2210: ...licy Routing you need to create a policy or a policy node and configure the match rules as well Configuration procedure Follow these steps to configure the Track Policy Routing collaboration To do Use...

Страница 2211: ...invalid state it indicates that the Track object association does not take effect yet each interface keeps its original forwarding state After the configuration if the status of the Track object turns...

Страница 2212: ...645 Network diagram for VRRP Track NQA collaboration configuration Configuration procedure 1 Configure the IP address of each interface as shown in Figure 645 2 Configure an NQA test group on Router A...

Страница 2213: ...p RouterA interface ethernet 1 0 RouterA Ethernet1 0 vrrp vrid 1 virtual ip 10 1 1 10 Set the priority of Router A in standby group 1 to 110 RouterA Ethernet1 0 vrrp vrid 1 priority 110 Set the authen...

Страница 2214: ...rnet1 0 display vrrp verbose IPv4 Standby Information Run Method VIRTUAL MAC Virtual IP Ping Enable Interface Ethernet1 0 VRID 1 Adver Timer 5 Admin Status UP State Master Config Pri 110 Run Pri 110 P...

Страница 2215: ...Track Object 1 Pri Reduced 30 Virtual IP 10 1 1 10 Master IP 10 1 1 2 Display detailed information about standby group 1 on Router B when there is a fault on the link between Router A and Router C Ro...

Страница 2216: ...2216 CHAPTER 127 TRACK CONFIGURATION...

Страница 2217: ...ng success and connection control are provided by the protocol at the layer above IPX Any IPX packet is considered an independent entity that is not related to any other IPX packets logically or seque...

Страница 2218: ...t needs to locate a server To do so the client broadcasts a Get Nearest Server GNS request At least one router or server can give a A SAP response which contains information such as packet type servic...

Страница 2219: ...address as the node address Therefore you need not specify a node address when enabling IPX An interface can only have one network number If the IPX network number of an interface is deleted its IPX...

Страница 2220: ...currently active routes the system will turn the excessive active routes into inactive routes if the number of newly configured equivalent routes is bigger than the number of currently active routes a...

Страница 2221: ...lated parameters or service information based on actual network requirements Configuring IPX SAP updating feature Configuring GNS response of IPX SAP Configuring IPX service information Configuration...

Страница 2222: ...NetWare server is available on the client s network the connected router will respond You can configure a router to respond to a SAP GNS request with Nearest server namely the nearest server which has...

Страница 2223: ...items does not limit the amount of static service information but the amount of dynamic service information If the newly configured queue length is less than the original length the table items in the...

Страница 2224: ...cket is used in NetBIOS You can either prohibit or permit the forwarding of type 20 broadcast packets based on the actual requirements Follow these steps to configure IPX triggered updating feature To...

Страница 2225: ...an access these services through the IPX network To do Use the command Remark Ping an IPX network to check connectivity ping ipx network node c count t timeout s size Required Available in any view Op...

Страница 2226: ...ernet_II RouterA Ethernet1 1 ipx encapsulation ethernet 2 Sysname Ethernet1 1 quit Enable IPX on the interface Ethernet 1 0 with the network ID being 1000 RouterA interface ethernet 1 0 RouterA Ethern...

Страница 2227: ...on IPX forwarding failure Symptom 1 IPX can not go up on a PPP link Solution Confirm whether network IDs of both ends of the link are the same Reconfigure them if they are different Confirm whether no...

Страница 2228: ...lays that the type 20 packet is discarded and the prompt is Transport Control field of IPX type 20 packet 8 it indicates the IPX type 20 packet can only be forwarded 8 times If the upper limit is reac...

Страница 2229: ...tination server Use the display ipx interface command to ensure that the interface is UP and SAP is enabled Use the display ipx routing table to ensure that the active route to the server has a hop nu...

Страница 2230: ...o the interface will not periodically broadcast update packets If no SAP packets are sent out the interface check whether all service information is learnt from the interface If so split horizon may b...

Страница 2231: ...the static route takes effect and to check whether the next hop address is not specified or not correct on the non PPP interface Symptom 2 The router received a route from a neighbor router but the ro...

Страница 2232: ...2232 CHAPTER 128 IPX CONFIGURATION...

Страница 2233: ...Figure 647 VoIP system In Figure 647 the VoIP gateway provides interfaces for communication between the IP network and PSTN integrated services digital network ISDN users connect to the originating Vo...

Страница 2234: ...onnection the calling party and called party negotiate the encoding decoding method for the call and voice data is transferred through real time protocol RTP The RTP voice channel is used to transfer...

Страница 2235: ...s hard to recognize a busy tone feature according to a fixed threshold With the smart busy tone identification technology the VoIP gateway can sample calculate and analyze the busy tone played by the...

Страница 2236: ...n for the dial plan If no proceed with the steps below Dial Plan in Voice Volume 4 Configure POTS entity and VoIP entity VoIP in Voice Volume 5 Configure related voice subscriber lines for voice entit...

Страница 2237: ...r receive transmit E M analog voice subscriber line namely E M interface E M interfaces support analog E M signaling and divide each voice connection into trunk circuit side and signaling unit side si...

Страница 2238: ...MCU and terminals According to the ITU T specifications the gatekeeper GK should provide H 323 terminals gateway or MCU in LANs or WANs with the following functions Address translation Access permiss...

Страница 2239: ...communication process signal format control signaling and error correction of Group 3 facsimile terminals on the general switched telephone network T 4 is a standard protocol used for document transmi...

Страница 2240: ...view and sub function view s under function views Figure 650 shows the command view structure of the voice router Figure 650 Hierarchical command view structure of the voice router Table 74 Basic func...

Страница 2241: ...y in subscriber line 3 0 in voice view quit Return to voice view Voice entity view Configure voice entity system voice di al entity1 Key in entity 1 pots or entity 1 voip in voice dial program view qu...

Страница 2242: ...2242 CHAPTER 129 VOICE OVERVIEW...

Страница 2243: ...r an IP data network In a narrow sense VoIP refers to a way to carry the voice service over an IP data network The well known IP phone is a typical VoIP application Table 75 makes a comparison between...

Страница 2244: ...2244 CHAPTER 130 VOIP OVERVIEW...

Страница 2245: ...61 Configuring Adjustment Functions on page 2261 n This chapter covers the configuration of analog FXS FXO and E M voice subscriber lines Unless otherwise specified the voice subscriber line hereinaft...

Страница 2246: ...is enabled on the device P if CID is disabled on the device O if the terminating PBX fails to obtain the calling number e g the originating PBX end does not send it The FXS voice subscriber line send...

Страница 2247: ...ow levels composing a busy tone signal i e the common called make break ratio Different countries or regions have different specifications about the duty ratio of a busy tone The national standard of...

Страница 2248: ...be used Besides there are 2 or 4 signaling wires Therefore 4 wire analog E M actually has 6 wires The 2 wire mode provides full duplex voice transmission and voice is transmitted in two directions on...

Страница 2249: ...communication Figure 654 Wink start mode Configuration Task List The voice subscriber line configuration involves the following tasks Calling side E M Called side M E Pick up the phone requesting for...

Страница 2250: ...ne ringback tone special dial tone waiting tone amplitude value Optional By default the amplitude of busy tone and congestion tone is 1000 that of dial tone and special dial tone is 400 and that of ri...

Страница 2251: ...Configuring FXS Voice Subscriber Line Configuration Prerequisites The router is equipped with an FXS interface card The basic functions of the FXS voice subscriber lines are configured Configuring CI...

Страница 2252: ...c functions of FXO voice subscriber lines are configured Enabling Calling Number Receiving and Sending Follow these steps to enable calling number receiving and sending Configure the message format ci...

Страница 2253: ...correctly resulting in on hook failures or wrong on hooks By adjusting the time threshold of busy tone detection you can make the busy tone detection more precise Follow these steps to configure the b...

Страница 2254: ...sed owing to busy tone detection failure when the busy tone parameters provided by the connected PBX are special When the signal amplitude between two successive sampling points is less than the silen...

Страница 2255: ...Off Hook Mode There are two off hook modes after the FXO voice subscriber line receives ringing Immediate mode In this mode when a call arrives the FXO interface goes off hook immediately and then the...

Страница 2256: ...The on hook off hook state between the bound FXS and FXO voice subscriber lines is consistent If an FXS voice subscriber line goes off hook the calling party will hear busy tones when the correspondi...

Страница 2257: ...able the private line auto ring down PLAR function for the bound FXS voice subscriber line private line string Required Disabled by default Configure an interval between on hook and off hook timer hoo...

Страница 2258: ...ice subscriber line em signal immediate Required Immediate start mode by default Configure a delay before the originating side sends DTMF signals in the immediate start mode delay send dtmf millisecon...

Страница 2259: ...gure the delay time from when the terminating side receives a seizure signal to when it sends a wink signal in the wink start mode delay send wink milliseconds Optional 200 milliseconds by default Con...

Страница 2260: ...s to configure DTMF properties n The dtmf time and dtmf amplitude commands in voice view have global significance Once you carry out either of the two commands the configuration will take effect on th...

Страница 2261: ...TMF detection sensitivity dtmf threshold analog index value Optional By default indexes 0 to 12 correspond to 1400 458 9 9 9 9 3 12 12 30 300 3200 and 375 respectively For meanings of these parameters...

Страница 2262: ...nction on page 2264 Optional Table 77 Adjust echo duration Symptom Reason Adjustment method A user hears some echoes in conversation The echo duration is so long that the convergence time of echo canc...

Страница 2263: ...vergence rate of comfort noise amplitude is 0 the maximum amplitude of comfort noise is 256 the comfort noise mixture proportion control factor is 100 and the threshold of two way talk is 1 Enter voic...

Страница 2264: ...voice subscriber line view Configure the maximum interval for dialing the next digit timer dial interval seconds Optional 10 seconds by default Configure the maximum duration of playing ringback tones...

Страница 2265: ...on on page 2278 VoIP Configuration Example on page 2279 Troubleshooting VoIP Configuration on page 2285 Introduction to Voice Entities The voice entity configuration involves POTS entity configuration...

Страница 2266: ...enter user view Creating POTS Entity Follow these steps to create a POTS entity Task Remarks Creating POTS Entity on page 2266 Required Configuring VoIP Entity on page 2271 Required Configuring Voice...

Страница 2267: ...mber template for the terminating side when the POTS entity serves as a trunk Required By default no number template is configured for the terminating side when the POTS entity serves as a trunk Bind...

Страница 2268: ...t codecs payload size g711 g723 g726r16 g726r24 g726r32 g726r40 g729 time length Optional 20 milliseconds for a G 711 codec and 30 milliseconds for G 723 G 726 and G 729 codecs by default Configure vo...

Страница 2269: ...g and terminating sides H3C routers support different payload type values for communication Since the implementations of different manufacturers may differ different payload type values may result in...

Страница 2270: ...at G 711 codec does not support VAD To do Use the command Remarks Enter system view system view Enter voice view voice setup Enter voice dial program view dial program Create a POTS entity and enter P...

Страница 2271: ...2274 Optional Configuring VAD on page 2274 Optional Configuring Options Related to Dial Plan on page 2261 Optional To do Use the command Remarks Enter system view system view Enter voice view voice s...

Страница 2272: ...s codec for communication Enter voice dial program view dial program Create a VoIP entity and enter VoIP entity view entity entity number voip Configure the codec on basis of the priority levels compr...

Страница 2273: ...ip called start and voip called tunnel enable commands Follow these steps to enable fast connection and tunneling on the terminating GW To do Use the command Remarks Enter system view system view Ente...

Страница 2274: ...nsmission with tunneling enabled in the fast connection mode Configuring VAD Follow these steps to configure VAD Enable tunneling on the terminating GW voip called tunnel enable Optional Enabled by de...

Страница 2275: ...that G 711 codec does not support VAD To do Use the command Remarks Enter system view system view Enter voice view voice setup Enter voice dial program view dial program Create a VoIP entity and enter...

Страница 2276: ...different from the default values to specify suitable voice parameters for these voice entities one by one will waste much time In this case you can use the default command to generate new default va...

Страница 2277: ...by the command command as the default value of default and configure voice entity 1 with parameter B voice entity 2 with the default A and voice entity 3 with parameter C Figure 657 Take the system f...

Страница 2278: ...Optional Not enabled by default Configure the default global codec default entity compression 1st level 2nd level 3rd level 4th level g711alaw g711ulaw g723r53 g723r63 g726r16 g726r24 g726r32 g726r40...

Страница 2279: ...n information of different types of voice entities display voice entity all mark entity tag pots voip Available in any view Display voice subscriber line information display voice subscriber line line...

Страница 2280: ...late 0101002 RouterA voice dial entity1002 line 1 1 2 Configure Router B Configure the VoIP entity to Router A RouterB system view RouterB voice setup RouterB voice dial program RouterB voice dial ent...

Страница 2281: ...uterA voice dial entity1001 match template 0101001 RouterA voice dial entity1001 line 1 0 2 Configure Router B RouterB system view RouterB voice setup RouterB voice dial program RouterB voice dial ent...

Страница 2282: ...ably used to make calls over the IP network When the IP network is unavailable the POTS entity is used to make calls via the bound FXO voice subscriber line Configuration procedure n Router A and Rout...

Страница 2283: ...sysname voice dial select rule type first 2 1 3 2 Configure Router B Sysname system view Sysname voice setup Sysname voice dial program Configure a VoIP entity for IP calls and set the match template...

Страница 2284: ...rogram sysname voice dial select rule type first 1 2 3 Configure Router B with the POTS preferred and the other configurations remaining unchanged Sysname system view Sysname voice setup Sysname voice...

Страница 2285: ...erA voice dial entity1001 outband h225 2 Configure Router B Configure the VoIP entity RouterB system view RouterB voice setup RouterB voice dial program RouterB voice dial entity 010 voip RouterB voic...

Страница 2286: ...fault through busy tone check Solution If the PBX works in North American Standard while the router works in Europe Standard by default change into North American Standard for the router by using the...

Страница 2287: ...tion 2287 Detect busy tone following the steps for the automatic busy tone detection If failed it may be that the operation of checking busy tone parameter failed Repeat above operations until the bus...

Страница 2288: ...2288 CHAPTER 132 VOICE ENTITY CONFIGURATION...

Страница 2289: ...s increasingly important A dial plan can help voice gateways to manage numbers in a unified way and create a management policy for all numbers making number management more convenient and reasonable T...

Страница 2290: ...entity based on the voice entity selection priority rules and substitutes the calling called number 4 The gateway initiates a call to the called side and sends the calling called number On the called...

Страница 2291: ...They are not restricted to a language or system and have been widely accepted When using a regular expression you need to construct a matching pattern according to certain rules and then compare the...

Страница 2292: ...configure a number substitution rule list and then define specific number substitution rules dot match rules and preferred number substitution rules for the list Finally you can apply these substituti...

Страница 2293: ...Follow these steps to configure a calling number permitted to call in n The calling string argument is in the format of string For specific meanings of these symbols in the format refer to Dial Plan...

Страница 2294: ...ithout processing the last four digits 0011 If the router is configured to use the longest match mode it will match match template 01066880011 Namely the router will establish a call connection to 010...

Страница 2295: ...for different types of voice entities VoIP POTS and VoFR The voice gateway matches a voice entity according to the priorities of different types of voice entities Voice entity selection priority rules...

Страница 2296: ...iority priority order Optional 0 by default Exit voice entity view quit Configure voice entity type selection priority rules select rule type first 1st type 2nd type 3rd type Optional By default voice...

Страница 2297: ...onnection set The parameters include a set label and the maximum number of call connections 2 Bind the maximum call connection set to voice entities By comparing the maximum number of call connections...

Страница 2298: ...ities The voice gateway substitutes the calling called number based on the number substitution rule lists bound to the voice entity Number substitution on a specific subscriber line The voice gateway...

Страница 2299: ...ay no number substitution is performed To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter voice view voice setup Enter voice dial program view dial program...

Страница 2300: ...ities Configuration Procedure Follow these steps to configure a number sending mode To do Use the command Remarks Enter system view system view Enter voice view voice setup Enter voice dial program vi...

Страница 2301: ...ty number pots Required Configure a number sending mode send number digit number all truncate Required By default the truncate mode is used Bind a number template to the local voice entity match templ...

Страница 2302: ...igure 667 Network diagram for a voice dial plan Configuration idea The PBX calling side at place B changes the called number to an intermediate number The PBX called side at place A changes the receiv...

Страница 2303: ...ace to 1 1 1 1 RouterA system view RouterA interface ethernet 0 0 RouterA Ethernet0 0 ip address 1 1 1 1 255 255 255 0 RouterA Ethernet0 0 quit Configure a number substitution rule list for called num...

Страница 2304: ...ule rule order 1 4 command can implement load sharing Since the first rule exact match cannot distinguish the priority between Router B and Router C Router A will use the fourth rule longest idle time...

Страница 2305: ...0 RouterB Ethernet ip address 1 1 1 2 24 RouterB Ethernet quit Configure POTS entities RouterB voice setup RouterB voice dial program RouterB voice dial entity 1000 pots RouterB voice dial entity 100...

Страница 2306: ...scriber voice gateways Router A and Router B in a city To prevent the trunk lines from being totally occupied by either subscriber voice gateway you must restrict the number of calls respectively orig...

Страница 2307: ...terface ethernet 2 0 RouterB Ethernet ip address 1 1 1 2 24 RouterB Ethernet quit Configure a VoIP entity RouterB voice setup RouterB voice dial program RouterB voice dial entity 1000 voip RouterB voi...

Страница 2308: ...ber all RouterC voice dial entity 1000 quit RouterC voice dial entity 1001 pots RouterC voice dial entity 1001 match template 010 RouterC voice dial entity 1001 line 1 1 RouterC voice dial entity 1001...

Страница 2309: ...fer in these aspects E1 adopts A law coding decoding of 13 segment but T1 adopts m law coding decoding of 15 segment Each PCM primary frame of E1 contains 32 timeslots but T1 s contains 24 timeslots E...

Страница 2310: ...g or digital LGS signaling When R2 signaling is adopted every 32 timeslots form a primary frame PCM30 for example where TS0 is used for frame synchronization TS16 for digital line signaling and other...

Страница 2311: ...l E M interface with digital LGS signaling a digital FXO or FXS interface n Like VE1 voice interface cards VT1 voice interface cards also have the properties of voice subscriber lines When working in...

Страница 2312: ...nex A 5 3K and 6 3K in ITU standards E1 and T1 Configuration Task List Complete these tasks to configure E1 and T1 n The router supports the VE1 VT1 voice interface card and a VE1 VT1 voice interface...

Страница 2313: ...lly you cannot set the clock source for all interfaces in a system to internal This is to prevent frame slips and bit errors You can do this however if the remote E1 T1 interfaces adopt the line clock...

Страница 2314: ...ptional By default the internal clock is used as the TDM clock source To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter E1 interface view controller e1 sl...

Страница 2315: ...ource for the T1 interface tdm clock internal line primary Optional By default the internal clock is used as the TDM clock source To do Use the command Remarks Enter system view system view Enter T1 i...

Страница 2316: ...VoIP Overview on page 2243 Configuration Prerequisites Complete basic parameters configuration for the VE1 VT1 interface you are working with Configuring Basic Functions for the Voice Subscriber Line...

Страница 2317: ...fxo ground fxo loop fxs ground fxs loop r2 Required Exit E1 T1 interface view quit Enter voice view voice setup Enter voice subscriber line view subscriber line slot number ts set number Configure a D...

Страница 2318: ...cellation nlp on Optional Enabled by default To do Use the command Remarks To do Use the command Remarks Enter system view system view Enter E1 T1 interface view controller e1 t1 slot number Create a...

Страница 2319: ...originating PBX are called forward signals and those sent by the terminating PBX are called backward signals as shown in Figure 671 Enable the private line auto ring function private line string Optio...

Страница 2320: ...ling interaction procedures Call establishment When the trunk circuit is idle the originating point sends a forward seizure signal to the terminating point The terminating point then Telephone PSTN Te...

Страница 2321: ...nt releases the call The terminating point sends a clear back signal 11 After the originating point receives the clear back signal it sends a clear forward signal 10 After the terminating point recogn...

Страница 2322: ...point sends the forward signal 10 and the terminating point responds with the signal 10 At this time the trunk circuit regains normal state Troubleshooting during conversation After the terminating p...

Страница 2323: ...ation Basic Meaning A 1 Send next digit A 2 Send last but one digit A 3 Address complete changeover to reception of Group B signals A 4 Congestion in the national network terminate interregister signa...

Страница 2324: ...transmission for international use II 9 Subscriber with priority for international use II 10 Operator with forward transfer facility for international aid use II 11 through II 15 Spare for national u...

Страница 2325: ...ormation A 5 Send calling number digit1 I 1 Request calling party information A 5 Send calling number digit2 I 2 Request calling party information A 5 Send calling number digit3 I 3 Send number termin...

Страница 2326: ...controller e1 t1 slot number Create a TS set and enable R2 signaling for it timeslot set ts set number timeslot list timeslots list signal r2 Required Enter R2 CAS view cas ts set number Enable the t...

Страница 2327: ...ircuits of a timeslot or a range of timeslots Configure the delay before sending DTMF signals timer dtmf time Optional The default is 50 milliseconds You must configure the dtmf enable command before...

Страница 2328: ...metering enable Optional Disabled by default Enable the terminating point to send seizure acknowledgement signal seizure ack enable Optional Enabled by default Configure the ABCD bit pattern for each...

Страница 2329: ...r2 Required Enter R2 CAS view cas ts set number Enable the terminating point to request calling party information ani all ka Optional Disabled by default Configure the number of digits that should be...

Страница 2330: ...it end nullnum req billingcategory req callednum and switchg roupa req callingcategory req currentcallednum in group c req currentdigit req firstcallednum in groupc req firstcallingnum req firstdigit...

Страница 2331: ...mmediate start mode Follow these steps to configure the immediate start mode n For the timer dial interval timer wait digit timer ring back delay and delay send dtmf commands refer to VoIP Overview on...

Страница 2332: ...e sending a delay signal after it detects a seizure signal delay rising millseconds Optional 300 milliseconds by default To do Use the command Remarks Enter system view system view Enter E1 T1 interfa...

Страница 2333: ...ue received idle ABCD Optional 1101 by default Configure the ABCD bit pattern of receive seized signal signal value received seize ABCD Optional 0101 by default Configure the ABCD bit pattern of trans...

Страница 2334: ...e m wink Required Enter digital E M signaling view cas ts set number Query the trunk circuits of a timeslot or a range of timeslots ts query timeslots timeslots list Optional To do Use the command Rem...

Страница 2335: ...cted to a PBX with an E1 subscriber line on which digital E M signaling in the delay start mode travels The one stage dialing mode is configured on the two routers Network diagram Figure 676 Network d...

Страница 2336: ...h template for the POTS voice entity RouterA voice dial entity1003 match template 0101003 Associate the POTS voice entity with FXS subscriber line 3 0 RouterA voice dial entity1003 line 3 0 RouterA vo...

Страница 2337: ...0 quit Create a TS set on interface E1 1 1 RouterB system view RouterB controller e1 1 1 RouterB E1 1 1 timeslot set 1 timeslot list 1 31 signal e m delay RouterB E1 1 1 quit Create a POTS voice entit...

Страница 2338: ...Router A and Router B across an IP network as shown in the network diagram In City A Router is connected to a PBX with an E1 subscriber line and to the telephone at 0101003 with an FXS voice subscribe...

Страница 2339: ...te a POTS voice entity for the ISDN PRI interface RouterA voice dial entity 1001 pots Configure a target match template pointing to telephone number 010 1001 for the POTS voice entity RouterA voice di...

Страница 2340: ...he ISDN PRI interface RouterB voice setup RouterB voice dial program RouterB voice dial entity 2001 pots Configure a target match template pointing to telephone number 0755 2001 for the POTS voice ent...

Страница 2341: ...STN Symptom With R2 signaling adopted the router cannot establish connection with the subscriber at the switch side Solution Do the following Use display current configuration command to check that th...

Страница 2342: ...2342 CHAPTER 134 E1 AND T1 CONFIGURATION...

Страница 2343: ...dopts the signal digitizing technology Image signals are digitized and compressed internally then converted into analog signals via a Modem and finally transmitted into the PSTN switch via common subs...

Страница 2344: ...the router demodulates analog signals from PSTN into digital signals or modulates digital signals from the IP network into analog signals but does not need to compress fax signals A real time fax pro...

Страница 2345: ...utomatic repeat request ARQ function and transmit fax packets in the format of HDLC frames On the contrary the fax machines using non ECM cannot correct errors and they transmit fax packets in the for...

Страница 2346: ...uration procedure Follow these steps to configure fax capability transmission mode Configuring Maximum Fax Rate You can configure the maximum fax rate according to the fax protocols If the baud rate i...

Страница 2347: ...mission rate by comparing the received training result with its own training result The point to point protocol PPP training means that the gateways do not participate in the rate training between two...

Страница 2348: ...e local training mode is adopted use the fax local train threshold command to configure the threshold When the PPP training mode is adopted the gateway does not participate in rate training and the fa...

Страница 2349: ...uring the passthrough mode The fax passthrough technology was primarily developed for the purpose of compressing and transmitting T 30 fax packets that cannot be demodulated through packet switching n...

Страница 2350: ...11 law In addition the voice activity detection VAD function must be disabled to avoid a fax failure when the fax passthrough function is enabled You can implement the fax passthrough function on the...

Страница 2351: ...Remarks To do Use the command Remarks Enter system view system view Enter voice view voice setup Enter voice dial program view dial program Configure the transmit energy level of the gateway carrier...

Страница 2352: ...m At the headquarters in City B the number 07552001 is attached to the FXS voice subscriber line connected to the fax machine and 07552002 to the subscriber line connected to the Modem The IP addresse...

Страница 2353: ...A voice dial entity1002 match template 0101002 RouterA voice dial entity1002 line 1 0 2 Configure Router B RouterB system view RouterB voice setup RouterB voice dial program RouterB voice dial entity...

Страница 2354: ...2354 CHAPTER 135 FAX OVER IP CONFIGURATION...

Страница 2355: ...specifies the components protocols and procedures that provide multimedia communication services over packet networks that does not provide guaranteed quality of service QoS such as IP It has long be...

Страница 2356: ...the following table Table 89 Major RAS messages Category Message Registration RRQ Registration_Request RCF Registration_Confirm RRJ Registration_Reject Unregistration URQ Unregister_Request UCF Unregi...

Страница 2357: ...ction on the router at command line interface CLI They interact with gatekeepers by sending H 225 0 RAS messages In the current implementation gatekeepers are usually deployed on SUN stations or serve...

Страница 2358: ...ration either the endpoint or the gatekeeper sends an Unregister_Request URQ message However it is up to the gatekeeper to determine whether to cancel registration while the endpoint can only replies...

Страница 2359: ...the calling endpoint indicating its status for example ringing The endpoint may not send this message Connection If the called endpoint accepts the call it must send a connect message Capability Nego...

Страница 2360: ...irm the request Figure 684 shows the call setup flow and disconnection flow in which gatekeepers are involved Figure 684 Call setup flow and disconnection flow in which gatekeepers are involved H 323...

Страница 2361: ...ed during the whole register process To do Use the command Remarks Enter system view system view Enter voice view voice setup Configure an H 323 descriptor voip h323 descriptor descriptor Optional The...

Страница 2362: ...an it return the call accept message to the called gateway Configuration prerequisites Complete the required basic H 323 gateway configurations except for the ras on command The ras on command is used...

Страница 2363: ...and the area ID is 1 On City B router A loopback interface is used as an H 323 gateway interface and assigned the IP address of 2 2 2 2 The gateway alias is cityb gw Other configurations are the same...

Страница 2364: ...voice gk gk id gk center gk addr 3 3 3 3 1719 Configure the area ID RouterA voice gk area id 1 Originate registration to the GK RouterA voice gk ras on 2 Configure Router B Create a VoIP entity Route...

Страница 2365: ...e GK RouterB voice gk ras on Troubleshooting Symptom The gateway failed in registering with the gatekeeper Solution Check that 1 The gateway and the gatekeeper can communicate with each other on the n...

Страница 2366: ...2366 CHAPTER 136 H 323 CONFIGURATION...

Страница 2367: ...on value added service platform to deliver better value added services to telecom carriers banks and financial organizations SIP is used for initiating sessions It sets up and terminates a multimedia...

Страница 2368: ...rver is a device that forwards session requests to a called UA on behalf of a calling UA a SIP endpoint and responds to the calling UA on behalf of the called UA When the proxy server receives a reque...

Страница 2369: ...media parameters to be used by a called endpoint In a message exchange process each SIP endpoint carries such information in transmitted messages so that all other participants can learn about its ca...

Страница 2370: ...e class of a response and the last two digits describe the response message in more detail Table 90 lists the status codes of response messages SIP Fundamentals Registration In a complete SIP system a...

Страница 2371: ...elephone A dials the number of Telephone B 2 Upon receipt of the call Router A sends a session request INVITE to the proxy server 3 The proxy server consults its database for information corresponding...

Страница 2372: ...rvers and registrars Call redirection When a SIP redirect server receives a session request it sends back a response indicating the address of the called SIP endpoint instead of forwarding the request...

Страница 2373: ...302 Moved Temporarily ACK Invite 100 Trying 200OK Task Remarks Configuring SIP Authentication Information on page 2374 Optional Configuring Registrar Information on SIP UA on page 2375 Required Config...

Страница 2374: ...SIP client view is used c CAUTION If realm is configured on the SIP UA ensure that the value is the same as that configured on the server Otherwise the SIP UA will fail the authentication due to misma...

Страница 2375: ...rogram Enter voice entity view entity entity number pots Configure SIP authentication information in POTS entity view user username password cipher simple password cnonce cnonce realm realm Required B...

Страница 2376: ...A you need to configure SIP routing for VoIP entities On a network where no SIP proxy servers are present configure destination static IP addresses in VoIP entities for sending SIP messages If a SIP s...

Страница 2377: ...ackets sent by the SIP UA This source IP address is usually the address of a logical interface such as a loopback interface because this type of interface is always up Configuration prerequisites The...

Страница 2378: ...rsion of the user agent and server might allow the user agent and server to become more vulnerable to attacks against software that is known to contain security holes Therefore it is stipulated in RFC...

Страница 2379: ...t interface To do Use the command Remarks Enter system view system view Enter voice view voice setup Enter SIP client view sip Configure the User Agent header field in a SIP request sip comp agent pro...

Страница 2380: ...the Ethernet interface RouterB system view RouterB interface ethernet 1 0 RouterB Ethernet1 0 ip address 192 168 2 2 255 255 255 0 Configure voice entities RouterB Ethernet1 0 quit RouterB voice setu...

Страница 2381: ...RouterA voice sip register enable on RouterA voice sip quit Configure voice entities Router1 RouterA voice dial program Router1 RouterA voice dial entity 1111 pots RouterA voice dial entity1111 line...

Страница 2382: ...to SIP Routing Symptom The UA could not set up calls when the proxy server approach was adopted to SIP routing Solution Do the following Perform the display current configuration command to check for...

Страница 2383: ...ort number of the remote voice gateway are correctly configured Failed to Send REGISTER Requests Symptom The UA does not send REGISTER messages Solution Do the following Perform the debugging voice si...

Страница 2384: ...2384 CHAPTER 137 SIP OVERVIEW...

Страница 2385: ...utilization and lowers the communication cost Fundamental VoFR Architecture Figure 692 Fundamental VoRF architecture In Figure 692 the FR supported voice gateway provides an interface between the fram...

Страница 2386: ...process also involves voice codec negotiation and bandwidth request The FR supported voice gateway on the originating side requests the frame relay to establish a voice channel according to the outbo...

Страница 2387: ...ression and decompression 6 After receiving the voice packets the terminating voice gateway finds the corresponding VoFR entity according to the voice channel in the FRF 11 trunk and uses the PSTN dia...

Страница 2388: ...w Enter voice view voice setup Enter voice dial program view dial program Create a VoFR entity and enter VoFR entity view entity entity number vofr Configure a match template for the VoFR entity match...

Страница 2389: ...raded because of the consumption of the whole bandwidth by burst data Once a call is set up successfully the bandwidth will be exclusively occupied by voice until the call is completed Voice takes pre...

Страница 2390: ...ssociate the frame relay class with a frame relay interface Enter frame relay interface view interface serial interface number Use either approach By default no frame relay class is associated with a...

Страница 2391: ...Use the command Remarks Enter system view system view Enter voice view voice setup Enter voice dial program view dial program Enter VoFR entity view entity entity number vofr Configure a call mode ca...

Страница 2392: ...I view fr dlci dlci number Configure the VoFR CID selection mode cid select mode max poll min poll Optional By default CIDs are cyclically selected in descending order To do Use the command Remarks En...

Страница 2393: ...ese steps to configure a call mode Specify the link layer protocol for interface encapsulation as frame relay link protocol fr ietf nonstandard Required By default the link layer protocol for interfac...

Страница 2394: ...peer voice gateway address vofr static serial interface number dlci number cid number Required By default no channel to the peer voice gateway is configured To do Use the command Remarks Enter system...

Страница 2395: ...n so that on hook could never succeed You can configure the voice gateway to discard the received voice packets the trunk wait timer length after on hook so that the party concerned can hang up succes...

Страница 2396: ...Enter DLCI 100 view and set the frame relay class to VoFR for DLCI RouterA Serial2 0 fr dlci 100 RouterA fr dlci Serial2 0 100 fr class vofr Specify the call control protocol to be used on DLCI 100 a...

Страница 2397: ...ei compatible dte RouterB fr dlci Serial1 0 100 quit RouterB Serial1 0 quit Configure the VoFR entity 0101001 RouterB voice setup RouterB voice dial program RouterB voice dial entity 010 vofr RouterB...

Страница 2398: ...Serial 2 0 view and configure the encapsulation format RouterA interface serial 2 0 RouterA Serial2 0 link protocol fr ietf Enter DLCI 100 view and set the frame relay class to VoFR for DLCI RouterA...

Страница 2399: ...B through an FRF 11 trunk by dialing 9 The PBX in City B is connected to Router B through the FXO subscriber line Telephone B 0755 2001 in City B can communicate with Telephone A in City A through an...

Страница 2400: ...ce dial entity 1001 pots RouterA voice dial entity1001 match template 0101001 RouterA voice dial entity1001 line 3 0 2 Configure Router B Create a new frame relay class VoFR and set the maximum amount...

Страница 2401: ...ectly communicates with Telephone B 0755 2001 attached to voice Router B in City B over a frame relay network The PC in City A and the server in City B transmit data through these two routers The IP a...

Страница 2402: ...y the call control protocol to be used by DLCI 100 as Huawei compatible DTE RouterA fr dlci Serial1 0 100 vofr huawei compatible dte RouterA fr dlci Serial1 0 100 quit RouterA Serial1 0 quit Configure...

Страница 2403: ...to DCE RouterB Serial1 0 fr interface type dce Configure a frame relay DLCI and set the frame relay class to VoFR RouterB Serial 0 fr dlci 100 RouterB fr dlci Serial1 0 100 fr class vofr Specify the...

Страница 2404: ...5 and LAPB or use the display x25 vc command to check X 25 VC is congested Check that a voice bandwidth has been reserved for the corresponding DLCI Check that a frame relay class is configured for th...

Страница 2405: ...nteracts with the user according to the configured parameters encapsulates the obtained user information and statistics into RADIUS AAA messages and sends the messages to the RADIUS server The voice g...

Страница 2406: ...acknowledgment call segment 3 from the RADIUS server the terminating gateway originates a call to the called party over PSTN After receiving an Alert from PSTN the terminating gateway sends a Notific...

Страница 2407: ...erver before connecting or releasing a call and directly connects or releases the call without waiting for an acknowledgment from the RADIUS server stop only The voice gateway sends an Accounting_Stop...

Страница 2408: ...rding to the specific requirements For example you can set these access numbers as private line auto ring down PLAR numbers on voice subscriber lines to implement the auto dialing of access numbers n...

Страница 2409: ...tion including IP address of the voice gateway voice port number calling number and card number password is configured on the RADIUS server Read through the following sections and acquaint yourself wi...

Страница 2410: ...pts for card number password process and caller number process with IVR Enable the language function for the caller number process with IVR Complete the following tasks to configure voice RADIUS Task...

Страница 2411: ...dual user according to the identification Therefore the accounting function can only be enabled for all one stage dialing users Before enabling the accounting function you must ensure that the RADIUS...

Страница 2412: ...as authentication policies has been configured on the RADIUS server Configuration prerequisites A voice interface card for example an FXS interface card is inserted in the router Configuration proced...

Страница 2413: ...a call is terminated a CDR will be generated in the following two cases no matter whether the call is connected Any of the authentication authorization and accounting functions is enabled for calls or...

Страница 2414: ...es of two stage dialing process caller number process calling number authentication caller number process with IVR calling number authentication and card number password process card number password a...

Страница 2415: ...Enabling Authentication Function for Two Stage Dialing Users After configuring access numbers you can enable the RADIUS authentication function for two stage dialing users Before enabling the authent...

Страница 2416: ...re enabling the authorization function you must ensure that the RADIUS server and the RADIUS client can communicate with each other at the network layer and that a list of corresponding two stage dial...

Страница 2417: ...rror and the user can continue to dial a number This rule applies to both card numbers and passwords Configuring Number of Digits in Card Number Password For the card number password process it is nec...

Страница 2418: ...can retry in each step of this process To prevent any dial mistake from causing a failure of the entire dialing process you need to specify the maximum number of dial attempts to provide fault tolera...

Страница 2419: ...Configuration prerequisites You have configured an access number and entered access number view Configuration procedure Follow these steps to configure the language options Enter dial program view dia...

Страница 2420: ...an IP call users first dial the access number 12345 then select a language option and enter a card number and password as prompted and finally dial the called number if the card number password authen...

Страница 2421: ...orization server and the primary accounting server RouterA radius sch1 primary authentication 1 1 1 3 1812 RouterA radius sch1 primary accounting 1 1 1 3 1813 Configure RADIUS packets to carry unquali...

Страница 2422: ...o 3 RouterA voice dial anum12345 redialtimes 3 2 Configure the voice gateway Router B The configurations on Router A are basically similar to those on Router B Create a RADIUS scheme RouterB system vi...

Страница 2423: ...outerB voice dial anum12345 authentication Enable the authorization function RouterB voice dial anum12345 authorization Enable the accounting function RouterB voice dial anum12345 accounting Set the n...

Страница 2424: ...correctly 5 If the card number password authentication fails check that the card number and password are consistent with the ones generated on the CAMS 6 If the authorization fails check that call or...

Страница 2425: ...n this case User A is immediately alerted and can pick up the phone to answer the call originated by User C the waiting call Call Hold If User A in a conversation with User B presses the flash hook th...

Страница 2426: ...call to the terminating system the originating system is unable to receive a response In this case if there is another link PSTN link or VoIP link to the terminating system the originating system re...

Страница 2427: ...sages of the gateway on the held party side Functions processing forwarding messages of the gateway that receives forwarding request messages namely the originating gateway Configuring Call Waiting Th...

Страница 2428: ...make sure that different features have different priority levels Configuration Example The call waiting feature is enabled for the voice subscriber line of Telephone A Telephone C calls Telephone A wh...

Страница 2429: ...er line of Telephone A Telephone A and Telephone B are in a conversation Telephone A can interrupt the conversation with Telephone B by performing a hookflash and place a call to Telephone C after hea...

Страница 2430: ...er you enable call forwarding on a telephone you can view the corresponding operation result by using the display this command in voice subscriber line view Configuring Call Forwarding Using Command L...

Страница 2431: ...no reply enable forward number number Required Disabled by default To do Use the command Remarks Enter system view system view Enter voice view voice setup Enter voice subscriber line view subscriber...

Страница 2432: ...g unconditional for the voice subscriber line of Telephone B and forward the call from Telephone A to Telephone C 3000 Sysname system view Sysname voice setup Sysname voice subscriber line 2 0 Sysname...

Страница 2433: ...phone C and then hangs up Now the conversation between Telephone B and Telephone C is established and the call transfer by Telephone A is completed Enable call transfer for the voice subscriber line o...

Страница 2434: ...configured in POTS voice view using the priority command Telephone A calls Telephone B and Telephone B is busy In this case the hunt group service enables Telephone C to have a conversation with Tele...

Страница 2435: ...t to receive any incoming call When Telephone B calls Telephone A the line between Telephone A and Telephone B is directly cleared and Telephone B hears busy tones Enter voice subscriber line view Sys...

Страница 2436: ...voice setup Sysname voice subscriber line 1 0 Enable outgoing call barring and set the password to 1234 Sysname voice line1 0 dialout restriction enable password cipher 1234 Configuring FEATURE Servic...

Страница 2437: ...on hook Transfer To Voicemail 441 destination None Applied only once Park 444 park_num None Applied only once Do Not Disturb Toggle 446 446 Directed Pickup 455 pwd pickup_num None Applied only once C...

Страница 2438: ...d then a service feature code For example if a service feature code is 40 1234 and the match template 40 is configured for a voice entity 40 1234 dialed by a user will first match the number template...

Страница 2439: ...mplate 2000 RouterA voice dial entity3000 quit RouterA voice dial entity 1000 pots RouterA voice dial entity1000 line 1 0 RouterA voice dial entity1000 match template 1000 2 Configure Router B Configu...

Страница 2440: ...on 2 Telephone A performs a hookflash to put the call with Telephone B on hold 3 Telephone A calls Telephone C 3000 after hearing dial tones 4 Telephone A hangs up 5 Telephone B and Telephone C are in...

Страница 2441: ...l hold RouterB system view RouterB voice setup RouterB voice subscriber line 1 0 RouterB voice line1 0 call hold enable 3 Configure Router C RouterC system view RouterC voice setup RouterC voice dial...

Страница 2442: ...voice dial entity1001 line 1 1 RouterA voice dial entity1001 match template 1000 RouterA voice dial entity1001 priority 4 Enable hunt group for the voice subscriber lines RouterA voice dial entity1001...

Страница 2443: ...voice dial entity2000 line 1 0 RouterB voice dial entity2000 match template 2000 3 Configure Router C Configure voice entities RouterC system view RouterC voice setup RouterC voice dial program Route...

Отзывы:

Нет отзывов

Похожие инструкции для MSR 50 Series

3CR860-95 - OfficeConnect Secure Router

Бренд: 3Com Страницы: 2

Бренд: 3Com Страницы: 26

Бренд: 3xLogic Страницы: 2

Бренд: Galaxy Страницы: 30

HIRESCHMANN IT MAMMUTHUS MTM8003-FAN

Бренд: Belden Страницы: 84

Бренд: CalAmp Страницы: 115

Бренд: Billion Страницы: 120

NVRx-7300 series

Бренд: Swann Страницы: 9

BROADCAST POLLING FRAD BPF-14 BU

Бренд: DCB Страницы: 28

Бренд: TP-Link Страницы: 37

Бренд: Softing Страницы: 16

Бренд: ADTRAN Страницы: 161

Бренд: NETGEAR Страницы: 152

Бренд: Airlink101 Страницы: 64

Бренд: ETAS Страницы: 29

Бренд: Flexwatch Страницы: 13

Бренд: WIN Enterprises Страницы: 25

ClareVision CV-M161620-04

Бренд: Clare Controls Страницы: 32

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды