Alcatel-Lucent 7450 ESS Series Скачать руководство пользователя страница 413

Страница: 413 / 540

Filter Policies

7450 ESS OS Router Configuration Guide

Page 413

Default

dst-addr

Parameters

dst-addr —

Specifies that received log packets are summarized based on the destination IP, IPv6, or

MAC address.

src-addr —

Specifies that received log packets are summarized based on the source IP, IPv6 or MAC

address.

wrap-around

Syntax

[

]

wrap-around

Context

config>filter>log

Description

This command configures a memory filter log to log until full or to store the most recent log entries
(circular buffer).

Specifying

wrap-around

configures the memory filter log to store the most recent filter log entries

(circular buffer). When the log is full, the oldest filter log entries are overwritten with new entries.

The

form of the command configures the memory filter log to accept filter log entries until full.

When the memory filter log is full, filter logging for the log filter ID ceases.

Default

wrap-around

Содержание 7450 ESS Series

Страница 1: ...7450 ESS OS Router Configuration Guide Software Version 7450 ESS OS 10 0 R4 July 2012 Document Part Number 93 0103 09 02 93 0103 09 02...

Страница 2: ...itten permission from Alcatel Lucent Alcatel Lucent Alcatel Lucent and the Alcatel Lucent logo are trademarks of Alcatel Lucent All other trademarks are the property of their respective owners The inf...

Страница 3: ...38 Proxy ARP 40 DHCP Relay 41 Internet Protocol Versions 42 Bi directional Forwarding Detection 43 BFD Control Packet 43 Control Packet Format 44 BFD for RSVP TE 46 Echo Support 47 BFD Support for BGP...

Страница 4: ...s 239 Virtual Router 239 IP Address Owner 239 Primary and Secondary IP Addresses 240 Virtual Router Master 240 Virtual Router Backup 241 Owner and Non Owner VRRP 241 Configurable Parameters 242 Virtua...

Страница 5: ...ts 268 Configuring Service VRRP Parameters 269 Non Owner VRRP Example 269 Owner Service VRRP 270 Configuring Router Interface VRRP Parameters 271 Router Interface VRRP Non Owner 271 Router Interface V...

Страница 6: ...figuration Tasks 363 Creating an IP Filter Policy 363 IP Filter Policy 363 IP Filter Entry 364 IP Entry Matching Criteria 367 Creating a MAC Filter Policy 368 MAC Filter Policy 368 Creating an ISID Fi...

Страница 7: ...Cflowd Overview 470 Operation 471 Version 9 474 Version 10 474 Cflowd Filter Matching 475 Cflowd Configuration Process Overview 476 Configuration Notes 477 Configuring Cflowd with CLI 479 Cflowd Confi...

Страница 8: ...tion Guide Table of Contents Modifying Cflowd Collector Parameters 500 Cflowd Configuration Commands 501 Global Commands 501 Cflowd Command Reference 509 Show Commands 511 Clear Commands 517 Standards...

Страница 9: ...VRRP Statistics Output 326 Filter Policies Table 7 Applying Filter Policies 335 Table 8 Applying Filter Policies 336 Table 9 DSCP Name to DSCP Value Table 350 Table 10 IP Option Values 352 Table 11 M...

Страница 10: ...Page 10 7450 ESS OS Router Configuration Guide List of Tables...

Страница 11: ...Policies Figure 8 Web Redirect Traffic Flow 340 Figure 9 VID Filtering Examples 342 Figure 10 Port Groups 344 Figure 11 Filter Creation and Implementation Flow 345 Figure 12 Creating and Applying Fil...

Страница 12: ...Page 12 7450 ESS OS Router Configuration Guide List of Figures...

Страница 13: ...and provides concepts and descriptions of the implementation flow as well as Command Line Interface CLI syntax and command usage Audience This manual is intended for network administrators who are res...

Страница 14: ...s configuration examples for RIP OSPF IS IS BGP and route policies 7450 ESS OS MPLS Guide This guide describes how to configure Multiprotocol Label Switching MPLS and Label Distribution Protocol LDP 7...

Страница 15: ...ement for your router and related products from a distributor or authorized reseller contact the technical support staff for that distributor or reseller for assistance If you purchased an Alcatel Luc...

Страница 16: ...Preface Page 16 7450 ESS OS Router Configuration Guide...

Страница 17: ...an overall logical configuration flow Each section describes a software area and provides CLI syntax and command usage to configure parameters for a functional area Table 1 Configuration Process Area...

Страница 18: ...Getting Started Page 18 7450 ESS OS Router Configuration Guide...

Страница 19: ...on about commands required to configure basic router parameters Topics in this chapter include Configuring IP Router Parameters on page 20 Interfaces on page 20 Autonomous Systems AS on page 37 Confed...

Страница 20: ...features can be configured Interfaces on page 20 Creating an IP Address Range on page 24 Autonomous Systems AS on page 37 Confederations on page 38 Proxy ARP on page 40 Refer to 7450 ESS OS Triple Pla...

Страница 21: ...nterfaces in this context Network domains are not applicable to loopback and system interfaces The network domain information will only be used for ingress VPLS sap queue allocation It will not be tak...

Страница 22: ...S attacks including smurf and tribe flood network TFN can take advantage of forged or rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter the attacks For Inte...

Страница 23: ...f the routes that can be originated from this specific interface The source IP address of the packet doesn t match any specific routes in the forwarding table uRPF check fails if the following is true...

Страница 24: ...ng a range that is a superset of a previously defined service prefix the subset will be replaced with the superset definition For example if a service prefix exists for 10 10 10 0 24 and a new service...

Страница 25: ...application of QPPB a BGP route is advertised with a BGP community attribute that conveys a particular QoS Routers that receive the advertisement accept the route into their routing table and set the...

Страница 26: ...se traffic flows can be identified with known routes For example the operator of an ISP network may want to give priority to traffic originating in a particular ASN the ASN of a content provider offer...

Страница 27: ...tent Provider AS 300 Route Policy Accept all routes with AS_PATH ending with ASN 300 and set fcto high 1 QoSPolicy Lookup the destination IP address of all packets arriving on this interface to determ...

Страница 28: ...se of this command is illustrated by the following example config router policy options begin community gold members 300 100 policy statement qppb_policy entry 10 from protocol bgp community gold exit...

Страница 29: ...instance QPPB is supported for BGP routes belonging to any of the address families listed below IPv4 AFI 1 SAFI 1 IPv6 AFI 2 SAFI 1 VPN IPv4 AFI 1 SAFI 128 VPN IPv6 AFI 2 SAFI 128 Note that a VPN IP...

Страница 30: ...tic route This feature uses a qos keyword to the show router route table command When this option is specified the output includes an additional line per route entry that displays the forwarding class...

Страница 31: ...oup interfaces config service ies sub if grp if When the qos route lookup command with the destination parameter is applied to an IP interface and the destination address of an incoming IP packet matc...

Страница 32: ...packet matching an ECMP route is based on the particular next hop used to forward the packet When Edge PIC 1 is enabled some BGP routes may have a backup next hop in the forwarding table in addition...

Страница 33: ...fc2 is explicitly configured in or out and fc2 is not mapped to a priority mode queue then the packet is assigned this profile state In both cases there is no consideration of whether or not fc1 was...

Страница 34: ...t1p exp DSCP mapping or policy default From new base FC From original FC and sub class Policer Policer From new base FC unless overridden by DE 1 If DE 1 override then low otherwise from QPPB If no DE...

Страница 35: ...w base FC From original FC and sub class Profile mode queue Policer From new base FC unless overridden by DE 1 If DE 1 override then low otherwise from QPPB If no DEI or QPPB overrides then follows or...

Страница 36: ...instance There are several ways to obtain the router ID On each router the router ID can be derived in the following ways Define the value in the config router router id context The value becomes the...

Страница 37: ...area no routing information obtained from outside the area can be used This protects intra area routing from the injection of bad routing information Routers that belong to more than one area are cal...

Страница 38: ...metric and local preference settings are preserved The confederation appears and behaves like a single AS Confederations have the following characteristics A large AS can be sub divided into sub confe...

Страница 39: ...confederations must be explicitly created Figure 2 depicts a confederation configuration example Figure 2 Confederation Configuration SRSG005 Confederation Member 1 Confederation Member 2 ALA D ALA B...

Страница 40: ...and other edge like environments proxy ARP supports policies that allow the provider to configure prefix lists that determine for which target networks proxy ARP will be attempted and prefix lists th...

Страница 41: ...Configuration 7450 ESS OS Router Configuration Guide Page 41 DHCP Relay Refer to 7450 ESSOS Triple Play Guide for information about DHCP and support provided by the 7450 ESS as well as configuration...

Страница 42: ...is used to send a packet to any one of a group of nodes Header format simplification Some IPv4 header fields have been dropped or made optional to reduce the common case processing cost of packet han...

Страница 43: ...length is carried in a jumbo payload hop by hop option Next Header 8 bit selector Identifies the type of header immediately following the IPv6 header This field uses the same values as the IPv4 protoc...

Страница 44: ...nge peering Figure 4 shows an IPv6 Internet exchange where multiple ISPs peer over native IPv6 Figure 4 IPv6 Internet Exchange IPv6 transit services Figure 5 shows IPv6 transit provided by an ISP Figu...

Страница 45: ...outer supports dynamic IPv6 over IPv4 tunneling The ipv4 source and destination address are taken from configuration the source address is the ipv4 system address and the ipv4 destination is the next...

Страница 46: ...nt is extended to use IPv6 as transport and to handle the IPv6 address in the DNS AAAA resource record from an IPv4 or IPv6 DNS server An assigned name can be used instead of an IPv6 address since IPv...

Страница 47: ...es no backbone infrastructure upgrades and no re configuration of core routers because forwarding is purely based on MPLS labels 6PE is a cost effective solution for IPv6 deployment Figure 8 Example o...

Страница 48: ...hat it advertises and can accept an arbitrary label from its peers LDP is used to create the MPLS full mesh between the 6PE routers and the IPv4 addresses that are embedded in the next hop field are r...

Страница 49: ...g Detection that allows either of the two systems to send a sequence of BFD echo packets to the other system which loops them back within that system s forwarding plane If a number of these echo packe...

Страница 50: ...The initial protocol version is 0 Diag A diagnostic code specifying the local system s reason for the last transition of the session from Up to some other state Possible values are 0 No diagnostic 1 C...

Страница 51: ...hat value is unknown Desired Min TX Interval This is the minimum interval in microseconds that the local system would like to use when transmitting BFD control packets Required Min RX Inter val This i...

Страница 52: ...cess This greatly accelerates the overall RSVP TE response to network failures All encapsulation types supporting IPv4 and IPv6 is supported as all BFD packets are carried in IPv4 and IPv6 packets thi...

Страница 53: ...n the packet The echo function is useful when the local router does not have sufficient CPU power to handle a periodic polling rate at a high frequency As a result it relies on the echo sender to send...

Страница 54: ...ed to 25 sessions and minimum BFD timer supported is 300 msec IES Over Spoke SDP One application for a central BFD implementation is so BFD can be supported over spoke SDPs used to inter connection IE...

Страница 55: ...ES VPRN over Spoke SDP Fig_31 Metro POP 1 Metro POP 2 Metro POP 4 Metro POP 3 Primary Path BFD Secondary Path Note In this case BFD is run between the IES VPRN interfaces independent of the SPD LSP pa...

Страница 56: ...ailure detection In this application the BFD session can run between the IP interfaces associated with the LAG or VSM interface but there is only one session between the two nodes There is no requirem...

Страница 57: ...ust be assigned to each IP interface System interface This creates an association between the logical IP interface and the system loopback address The system interface address is the circuitless addre...

Страница 58: ...bes router configuration caveats A system interface and associated IP address should be specified Boot options file BOF parameters must be configured prior to configuring router parameters Confederati...

Страница 59: ...ring a System Name on page 62 Configuring Interfaces on page 63 Configuring a System Interface on page 63 Configuring a Network Interface on page 63 Configuring Proxy ARP on page 67 Creating an IP Add...

Страница 60: ...onfigure appropriate routing protocols A system interface and network interface should be configured System Interface The system interface is associated with the network entity such as a specific Alca...

Страница 61: ...SPF and BGP The most basic router configuration must have the following System name System address The following example displays a router configuration A ALA A config info Router Configuration router...

Страница 62: ...for the device The name is used in the prompt string Only one system name can be configured If multiple system names are configured the last one configured will overwrite the previous entry If special...

Страница 63: ...ystem interface cannot be deleted Configuring a System Interface To configure a system interface CLI Syntax config router interface interface name address ip address mask ip address netmask broadcast...

Страница 64: ...interface system address 10 10 0 4 32 exit interface to ALA 2 address 10 10 24 4 24 port 1 1 1 egress filter ip 10 exit exit A ALA A config router To enable CPU protection CLI Syntax config router int...

Страница 65: ...nfo detail port 1 2 37 ipv6 packet too big 100 10 param problem 100 10 redirects 100 10 time exceeded 100 10 unreachables 100 10 exit A ALA 49 config router if ipv6 exit all Use the following CLI synt...

Страница 66: ...tisement interval seconds min advertisement interval seconds mtu mtu bytes other stateful configuration autonomous on link preferred lifetime seconds infinite valid lifetime seconds infinite reachable...

Страница 67: ...or which ARP requests can or cannot be forwarded to non local networks depending on the specified action In the policy statement entry from context specify network prefixes that ARP requests will or w...

Страница 68: ...max The following displays prefix list and policy statement configuration examples A ALA 49 config router policy options info prefix list prefixlist1 prefix 10 20 30 0 24 through 32 exit prefix list...

Страница 69: ...Router Configuration Guide Page 69 The following displays a proxy ARP configuration example A ALA 49 config router if info address 128 251 10 59 24 local proxy arp proxy arp policy statement ProxyARPp...

Страница 70: ...all prefixes for which it activated an LDP FEC For a given prefix two route entries are populated in RTM One corresponds to the LDP shortcut next hop and has an owner of LDP The other one is the regul...

Страница 71: ...P Shortcut Forwarding Plane Once LDP activated a FEC for a given prefix and programmed RTM it also programs the ingress Tunnel Table in IOM with the LDP tunnel information When an IPv4 packet is recei...

Страница 72: ...message appears as a user packet to the ingress LER node A locally generated response to a received ICMP ping or trace route message All other control plane packets that require an RTM lookup and kno...

Страница 73: ...sume it is an egress LER for the FEC until the route disappears from the routing table or the next hop advertised a binding for the FEC prefix In the latter case the 7x50 becomes a transit LSR for the...

Страница 74: ...tocols are not automatically restarted with the new router ID The next time a protocol is initialized the new router ID is used An interim period of time can occur when different protocols use differe...

Страница 75: ...the following CLI syntax to configure a confederation CLI Syntax config router confederation confed as num members member as num The following example displays the commands to configure the confedera...

Страница 76: ...gure an autonomous system CLI Syntax config router autonomous system as number The following displays an autonomous system configuration example A ALA A config router info IP Configuration interface s...

Страница 77: ...SFMs are being actively used when there is an SFM failure multicast traffic needs to be rerouted around the node Some scenarios include There is only one SFM installed in the system One SFM active or...

Страница 78: ...igured the last one configured will overwrite the previous entry Use the following CLI syntax to change the system name CLI Syntax config system name system name The following example displays the com...

Страница 79: ...ALA A config router if address 10 0 0 25 24 A ALA A config router if no shutdown To modify a port perform the following steps Example A ALA A config router interface to sr1 A ALA A config router if sh...

Страница 80: ...ce can be deleted 1 Before an IP interface can be deleted it must first be administratively disabled with the shutdown command 2 After the interface has been shut down it can then be deleted with the...

Страница 81: ...Command Hierarchies Configuration Commands Router Commands on page 82 Router L2TP Commands on page 83 Router Interface Commands on page 85 Router Interface IPv6 Commands on page 87 Router Advertisemen...

Страница 82: ...refix netmask sgt qos application dscp app name dscp dscp value dscp name application dot1p app name dot1p dot1p priority no application dscp app name dot1p app name dscp dscp name fc fc name no dscp...

Страница 83: ...roup id no lns group load balance method per session per tunnel no load balance method local address ip address no local address local name host name no local name max retries estab max retries no max...

Страница 84: ...idle timeout infinite no idle timeout load balance method per session per tunnel no load balance method local address ip address no local address local name host name no local name max retries estab...

Страница 85: ...nable description description string no description egress filter ip ip filter id no filter ip ip filter id icmp no mask reply redirects number seconds no redirects ttl expired number seconds no ttl e...

Страница 86: ...sted untrusted no tos marking state unnumbered ip addr ip int name no unnumbered no urpf check mode strict loose no mode no mh primary interface address ip address mask ip address netmask no address d...

Страница 87: ...o interval type cpm np no bfd icmp6 packet too big number seconds no packet too big param problem number seconds no param problem redirects number seconds no redirects time exceeded number seconds no...

Страница 88: ...advertisement interval min advertisement interval seconds no min advertisement interval mtu mtu bytes no mtu no other stateful configuration prefix no autonomous no on link preferred lifetime seconds...

Страница 89: ...n id detail group detail session id session id v2 state session state peer ip address group group name assignment id assignment id local namelocal host name remote name remote host name tunnel id tunn...

Страница 90: ...tocol route table ip prefix prefix length next hop type tunneled rtr advertisement interface interface name prefix prefix length conflicts service prefix sgt qos application app name dscp dot1p dscp m...

Страница 91: ...address dhcp6 statistics ip int name ip address forwarding table slot number icmp redirect route all ip address icmp6 all icmp6 global icmp6 interface interface name interface ip int name ip addr icmp...

Страница 92: ...ass task task name function function name router router instance ip no arp icmp no icmp icmp6 ip int name no icmp6 no interface ip int name ip address no neighbor packet ip int name ip address headers...

Страница 93: ...onfiguration file shutdown and no shutdown are always indicated in system generated configuration files The no form of the command puts an entity into the administratively enabled state Default no shu...

Страница 94: ...g tables of downstream routers Both the original components and the aggregated route source protocol aggregate are offered to the Routing Table Manager RTM Subsequent policies can be configured to ass...

Страница 95: ...he IP address of the BGP system that created the aggregate route black hole This optional parameter installs the aggregate route when activated in the FIB with a black hole next hop where packets matc...

Страница 96: ...m can be configured Values 1 65535 ecmp Syntax ecmp max ecmp routes no ecmp Context config router Description This command enables ECMP and configures the number of routes for path sharing for example...

Страница 97: ...IS prefixes forwarded in the base router instance to a network IP interface or to an IES SAP interface or spoke interface It is also supported for VPRN VPN IPv4 OSPF prefixes and VPN IPv6 OSPF prefix...

Страница 98: ...when the VPRN instance is shutdown Default no mc maximum routes Parameters number Specifies the maximum number of routes to be held in a VRF context Values 1 2147483647 log only Specifies that if the...

Страница 99: ...ters network domain name Network domain name character string router id Syntax router id ip address no router id Context config router Description This command configures the router ID for the router...

Страница 100: ...a service prefix exists for 10 10 10 0 24 and a service prefix is configured as 10 10 0 0 16 then 10 10 10 0 24 is replaced by the new 10 10 0 0 16 configuration When a range that is a subset of a pre...

Страница 101: ...dp mld msdp ndis ntp ospf pim ptp radius rip rsvp snmp snmp notification srrp ssh syslog tacplus telnet tftp traceroute vrrp dscp value Specifies the DSCP value Values 0 63 dscp name Specifies the DSC...

Страница 102: ...ed that would affect every BGP peer on a router the consequences could be dramatic It would be more effective to control changes on a peer by peer basis If the triggered policy command is enabled and...

Страница 103: ...tered If a CPE connectivity check target address is already being used as the target address in a different static route then cpe check parameters must match If they do not the new configuration comma...

Страница 104: ...not change unless specified This value is also used to determine which static route to install in the forwarding table If there are multiple static routes with the same preference but different metri...

Страница 105: ...discarded The black hole keyword and the next hop or indirect keywords are mutually exclusive If an identical command is entered with the exception of either the next hop or indirect parameters then...

Страница 106: ...6 multicast RTM Values mcast ipv4 mcast ipv6 rsvp te This parameter allows the static route to be resolved via an RSVP TE based LSP The static route nexthop will be resolved via the best RSVP TE based...

Страница 107: ...1 1 0 24 Remote Static 00h01m29s 0 172 31 117 1 1 138 203 0 0 16 Remote Static 05h01m11s 0 172 31 117 1 1 172 31 117 0 24 Local Local 05h04m10s 0 management 0 No of Routes 3 B Dut C config router B Du...

Страница 108: ...Met Pref Type Act Next Hop Interface 1 1 1 0 24 0 1 5 NH Y 172 31 117 1 n a No of Static Routes 1 B Dut C config router B Dut C config router show router management static route ipv6 Static Route Tabl...

Страница 109: ...t Context config router l2tp Description This command specifies the L2TP calling number AVP Parameters ascii spec Specified as either char specification or ascii spec char specification Ascii char cha...

Страница 110: ...address and does not change the destination address insubsequent L2TP messages reject Specifies that this system rejects any source IP address change of received L2TP control messages and drops those...

Страница 111: ...e tunnel between the LAC and LNS There is a one to one relationship between established L2TP sessions and their associated calls Parameters session limit Specifies the number of sessions allowed Defau...

Страница 112: ...e command removes the value from the configuration Default no destruct timeout Parameters destruct timeout Specifies the automatic removal of dynamic L2TP sessions in seconds that are no longer active...

Страница 113: ...lns group lns group id no lns group Context config router l2tp group Description This command configures the ISA LNS group Parameters lns group id Specifies the LNS group ID Values 1 4 load balance me...

Страница 114: ...authentication phase of tunnel establishment It can be used to distinguish tunnels The no form of the command removes thename from the configuration Default local name Parameters host name Specifies t...

Страница 115: ...7 password Syntax password password hash hash2 no password Context config router l2tp group config router l2tp group tunnel Description This command configures the password between L2TP LAC and LNS T...

Страница 116: ...n policy Context config router l2tp group ppp Description This command configures the authentication policy Parameters auth policy name Specifies the authentication policy name Values 32 chars max def...

Страница 117: ...yntax mtu mtu bytes no mtu Context config router l2tp group ppp Description This command configures the maximum PPP MTU size Parameters mtu bytes Specifies in bytes the maximum PPP MTU size Values 512...

Страница 118: ...the available tunnels If necessary new tunnels are set up until the maximum number is reached The distribution aims at an equal ratio of the actual number of sessions to the maximum number of session...

Страница 119: ...tunnel Description This command specifies if this tunnel is to be automatically set up by the system no auto establish avp hiding Syntax avp hiding never sensitive always no avp hiding Context config...

Страница 120: ...llo interval hello interval hello interval infinite no hello interval Context config router l2tp group tunnel Description This command configures the number of seconds between sending Hellos for a L2T...

Страница 121: ...l2tp group tunnel Description This command configures a preference number that indicates the relative preference assigned to a tunnel when using a weighted session assignment The no form of the comman...

Страница 122: ...configuration Although not a keyword the ip int name system is associated with the network entity such as a specific 7450 ESS not a specific interface The system interface is also referred to as the l...

Страница 123: ...this command can only be performed when the IP interface is administratively shut down Shutting down the IP interface will operationally stop any protocol interfaces or MPLS LSPs that explicitly refe...

Страница 124: ...wing the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address This is an IP address that corresponds to the local...

Страница 125: ...seen from an IP host Otherwise the ARP entry is aged from the ARP table If the arp timeout value is set to 0 seconds ARP aging is disabled The no form of the command reverts to the default value Defa...

Страница 126: ...network planning and traffic engineering capacity planning security application and user profiling performance monitoring usage based billing and SLA measurement When cflowd is enabled at the interfa...

Страница 127: ...al by the specified number of seconds The value is used whenever the system attempts to bring the interface operationally up Parameters seconds Specifies a delay in seconds to make the interface opera...

Страница 128: ...chable over RSVP LSPs in the case of LDP over RSVP but not both When the preferred RTM entry corresponds to a regular IP route spraying will be performed across regular IP next hops for the prefix The...

Страница 129: ...e bindings and services should remain UP as long as there is one interface that is UP However the user configured LDP synchronization timer still applies on the failed then restored interface In this...

Страница 130: ...irst nibble following the bottom of the label stack is 4 This feature is supported for IPv4 support only and on IOM 3 and IMMs only IPv6 packets are hashed on label stack only The hash on label and IP...

Страница 131: ...e anycase based label assignments are flushed from the forwarding plane Values 0 65535 Default 90 network domain Syntax network domain network domain name no network domain Context config router inter...

Страница 132: ...ort id must include the channel id The POS interface must be configured as a network port The no form of the command deletes the association with the port The no form of this command can only be perfo...

Страница 133: ...nd priority associated with that route overriding the fc and priority profile determined from the sap ingress or network qos policy associated with the IP interface If the destination address of the i...

Страница 134: ...pplied to the IP interface with a valid egress port queue group name The queue group name must exist on the egress port associated with the IP interface and the group must contain a queue ID matching...

Страница 135: ...ow the prefix mask length The subnet mask length when the IP prefix is specified in CIDR notation When the IP prefix is specified in CIDR notation a forward slash separates the ip address from the mas...

Страница 136: ...ed by the IP interface igp inhibit The secondary IP address should not be recognized as a local interface by the running IGP static arp Syntax static arp ip addr ieee mac addr unnumbered no static arp...

Страница 137: ...ured as single fiber for the command to be valid Default no strip label tos marking state Syntax tos marking state trusted untrusted no tos marking state Context config router interface Description Th...

Страница 138: ...nterface according to the egress marking definitions on each network interface unnumbered Syntax unnumbered ip address ip int name no unnumbered Context config router interface Description This comman...

Страница 139: ...y associated with that route overriding the fc and priority profile determined from the sap ingress or network qos policy associated with the IP interface If the source address of the incoming packet...

Страница 140: ...whether incoming packet has source address with a corresponding prefix in the routing table However the loose mode does not check whether the interface expects to receive a packet with a specific sou...

Страница 141: ...citly reference that IP address When a new IP address is defined the IP interface can be administratively enabled no shutdown which reinitializes the protocol interfaces and MPLS LSPs associated with...

Страница 142: ...no shutdown Context config router mh primary interface config router mh secondary interface Description The shutdown command administratively disables an entity The operational state of the entity is...

Страница 143: ...s how long label information leraned about the secondary anycast address should be kept after that peer is declared down This timer should be set to a value large enough for the remainder of the netwo...

Страница 144: ...Context config router interface ingress Description This command enables flowspec filtering on an IP interface of the base router Filtering is based on all of the flowspec routes that have been receiv...

Страница 145: ...en pre configured before this filter command is executed If the filter ID does not exist an error occurs Only one filter ID can be specified The no form of the command removes the filter policy associ...

Страница 146: ...erface Default mask reply Replies to ICMP mask requests redirects Syntax redirects number seconds no redirects Context config router if icmp Description This command enables and configures the rate fo...

Страница 147: ...the command disables the generation of TTL expired messages Default ttl expired 100 10 Maximum of 100 TTL expired message in 10 seconds Parameters number The maximum number of ICMP TTL expired message...

Страница 148: ...MP destination unreachables on the router interface Default unreachables 100 10 Maximum of 100 unreachable messages in 10 seconds Parameters number The maximum number of ICMP unreachable messages to s...

Страница 149: ...one Parameters ipv6 address prefix length Specify the IPv6 address on the interface Values ipv6 address prefix ipv6 address x x x x x x x x eight 16 bit pieces x x x x x x d d d d x 0 FFFF H d 0 255 D...

Страница 150: ...ption This command configures the rate for ICMPv6 param problem messages Parameters number Limits the number of param problem messages issued per the time frame specifed in the seconds parameter Value...

Страница 151: ...the time frame in seconds that is used to limit the number of time exceeded messages issued per time frame Values 1 60 unreachables Syntax unreachables number seconds no unreachables Context config r...

Страница 152: ...licy for the interface Parameters policy name The neighbor discovery policy name Allowed values are any string up to 32 characters long composed of printable 7 bit ASCII characters If the string conta...

Страница 153: ...ameters ipv6 address The IPv6 address assigned to a router interface Values ipv6 address x x x x x x x x eight 16 bit pieces x x x x x x d d d d x 0 FFFF H d 0 255 D mac address Specifies the MAC addr...

Страница 154: ...router advertisement properties on a specific interface The interface must already exist in the config router interface context Default No interfaces are configured by default Parameters ip int name...

Страница 155: ...gures the maximum interval between sending router advertisement messages Default 600 Parameters seconds Specifies the maximum interval in seconds between sending router advertisement messages Values 4...

Страница 156: ...xt config router router advert if Description This command configures an IPv6 prefix in the router advertisement messages To support multiple IPv6 prefixes use multiple prefix statements No prefix is...

Страница 157: ...rocessed as expected Default 604800 Parameters seconds Specifies the remaining length of time in seconds that this prefix will continue to be preferred infinite Specifies that the prefix will always b...

Страница 158: ...imer milli seconds no retransmit timer Context config router router advert if Description This command configures the retransmission frequency of neighbor solicitation messages Default no retransmit t...

Страница 159: ...if Description This command enables sending router advertisement messages using the VRRP virtual MAC address provided that the virtual router is currently the master If the virtual router is not the...

Страница 160: ...Page 160 7450 ESS OS Router Configuration Guide...

Страница 161: ...Parameters ip address mask Only displays ARP entries associated with the specified IP address and mask ip int name Only displays ARP entries associated with the specified IP interface name mac ieee ma...

Страница 162: ...A show router ARP 10 10 0 3 ARP Table IP Address MAC Address Expiry Type Interface 10 10 0 3 04 5d ff 00 00 00 00 00 00 Oth system A ALA A A ALA A show router ARP to ser1 ARP Table IP Address MAC Addr...

Страница 163: ...terface ip int name ip address Specifies an existing interface name or IP address Values ip int name 32 chars max ip address a b c d policy name Specifies an existing policy name Output Authentication...

Страница 164: ...464 iom No of BFD sessions 2 A Dut D A Dut C show router bfd session src 11 120 1 4 dest 11 120 1 3 BFD Session Remote Address 11 120 1 3 Admin State Up Oper State Up 3 Protocols static Rx Interval 10...

Страница 165: ...3 port 1 2 500 500 3 port 1 2 10 10 3 port 1 3 500 500 3 port 1 3 10 10 3 port 1 4 500 500 3 port 1 4 10 10 3 port 1 5 500 500 3 A Dut B session Syntax session src ip address dst ip address detail ses...

Страница 166: ...port 1 1 Up 3 10 10 3 FE80 A0A A03 pim isis ospf3 N A N A cpm np port 1 2 Up 3 500 500 3 10 2 1 3 pim isis 50968 50718 iom port 1 2 Up 3 10 10 3 3FFE A02 103 static bgp N A N A cpm np port 1 2 Up 3 1...

Страница 167: ...1 10 dest FE80 A0A A03 port 1 10 BFD Session Remote Address FE80 A0A A03 Admin State Up Oper State Up 3 Protocols pim isis ospf3 Rx Interval 10 Tx Interval 10 Multiplier 3 Echo Interval 0 Up Time 0d 0...

Страница 168: ...Pkts Type port 1 1 Up 3 10 10 3 3FFE A01 103 static bgp N A N A cpm np port 1 1 Up 3 10 10 3 FE80 A0A A03 pim isis ospf3 N A N A cpm np port 1 2 Up 3 10 10 3 3FFE A02 103 static bgp N A N A cpm np po...

Страница 169: ...y and DHCP snooping If no IP address or interface name is specified then all configured interfaces are displayed If an IP address or interface name is specified then only data regarding the specified...

Страница 170: ...0 6 Unable to determine destinatinon client Itf 0 7 Out of Memory 0 8 No global Pfx on Client Itf 0 Received Untrusted Packets The number of untrusted packets received from the DHCP clients Client Pa...

Страница 171: ...ress 0 24 The Client was assigned an illegal address 0 25 Illegal msg encoding 0 A ALA 1 summary Syntax summary Context show router dhcp Description Display the status of the DHCP Relay and DHCP Snoop...

Страница 172: ...ays the ECMP settings for the router Output ECMP Settings Output The following table describes the output fields for the router ECMP settings Sample Output A ALA A show router ecmp Router ECMP Instanc...

Страница 173: ...enabled ip prefix prefix length Displays FIB entries only matching the specified ip prefix and length Values ipv4 prefix a b c d host bits must be 0 ipv4 prefix length 0 32 longer Displays FIB entries...

Страница 174: ...AL 1 2 3 0 to_Dut B 1 2 9 0 24 ISIS 1 2 3 2 to_Dut B 10 12 0 0 24 LOCAL 10 12 0 0 itfToArborCP_02 10 20 1 1 32 ISIS 1 1 3 1 to_Dut A 10 20 1 2 32 ISIS 1 2 3 2 to_Dut B 10 20 1 3 32 LOCAL 10 20 1 3 sys...

Страница 175: ...ceeded 0 Pkt Too Big 0 Echo Request 0 Echo Reply 0 Router Solicits 0 Router Advertisements 4 Neighbor Solicits 0 Neighbor Advertisements 0 Label Description Total The total number of all messages Dest...

Страница 176: ...ow router icmp6 interface output fields Label Description Total The total number of all messages Destination Unreachable The number of message that did not reach the destination Time Exceeded The numb...

Страница 177: ...estination Unreachable 0 Redirects 0 Time Exceeded 0 Pkt Too Big 0 Echo Request 0 Echo Reply 0 Router Solicits 0 Router Advertisements 0 Neighbor Solicits 20 Neighbor Advertisements 21 Sent Total 47 E...

Страница 178: ...summary IP interface information for the router exclude services Displays IP interface information excluding IP interfaces configured for customer services Only core network IP interfaces are display...

Страница 179: ...a 3FFE B04 7104 120 PREFERRED FE80 200 FF FE00 4 64 PREFERRED ip 11 4 114 4 Up Up Up Up Network 6 1 2 11 4 114 4 24 n a 3FFE B04 7204 120 PREFERRED FE80 200 FF FE00 4 64 PREFERRED ip 12 2 4 4 Up Up Do...

Страница 180: ...FE 1802 404 120 PREFERRED FE80 200 FF FE00 4 64 PREFERRED system Up Up Up Up Network system 200 200 200 4 32 n a 3FFE C8C8 C804 128 PREFERRED Interfaces 15 A ALA A A ALA A show router interface 10 10...

Страница 181: ...State Down The IP interface is administratively disabled Up The IP interface is administratively enabled Oper State Down The IP interface is operationally disabled Up The IP interface is operationall...

Страница 182: ...ID associated with the IP interface MAC Address The MAC address of the interface Arp Timeout The ARP timeout for the interface in seconds which is the time an ARP entry is maintained in the ARP cache...

Страница 183: ...Time seconds 10 TTL Expired Number 100 Time seconds 10 IPCP Address Extension Details Peer IP Addr Not configured Peer Pri DNS Not configured A Dut A A Dut C show router 1 interface mda 3 1 detail Int...

Страница 184: ...kflow TMS 5 6 build BHDF Mitigations 1 Status message Unavailable with Rx Pkts Rx Bytes Offramped traffic counters Tx Pkts Tx Bytes Onramped traffic counters Tx Discard Pkts Discarded packets by TMS I...

Страница 185: ...n State Up Oper v4 v6 Up Down Protocols None IP Addr mask 20 12 0 46 32 Address Type Primary IGP Inhibit Disabled Broadcast Address Host ones HoldUp Time 0 Track Srrp Inst 0 Details Description tms 3...

Страница 186: ...Flags Metric Lvl Typ Ver SysID Hostname NextHop MT AdminTag 1 1 1 0 24 L 7540 1 Int 6109 SRL 60 60 1 1 0 0 No of Routes 1 Flags L LFA nexthop available A SRR A SRR show router isis routes 1 1 1 0 24 a...

Страница 187: ...32 20 2 Int 3 Dut C 10 20 3 3 0 0 10 20 1 6 32 20 2 Int 3 Dut D 10 20 4 4 0 0 10 20 3 0 24 10 1 Int 3 Dut B 0 0 0 0 0 0 10 20 4 0 24 10 1 Int 3 Dut B 0 0 0 0 0 0 10 20 5 0 24 20 2 Int 2 Dut C 10 20 3...

Страница 188: ...nd displays LDP bindings information Sample Output A Dut A show router ldp bindings active Legend S Static M Multi homed Secondary Support B BGP Next Hop BU Alternate Next hop for Fast Re Route LDP Pr...

Страница 189: ...tus Signaled Down E Epipe Service V VPLS Service M Mirror Service A Apipe Service F Fpipe Service I IES Service R VPRN service P Ipipe Service WP Label Withdraw Pending C Cpipe Service BU Alternate Ne...

Страница 190: ...ys Multicast VPN related information The router instance must be specified Sample Output A Dut C show router 1 mvpn MVPN 1 configuration data signaling Bgp auto discovery Enabled UMH Selection Highest...

Страница 191: ...Sample Output B CORE2 show router neighbor Neighbor Table Router Base IPv6 Address Interface MAC Address State Expiry Type RTR FE80 203 FAFF FE78 5C88 net1_1_2 00 16 4d 50 17 a3 STALE 03h52m08s Dynam...

Страница 192: ...rk domains Network Domain Table Network Domain Description net1 Network domain 1 default Default Network Domain Network Domains 2 A Dut T config router A Dut T config router show router network domain...

Страница 193: ...cy related information Parameters name Specify an existing policy statement name damping Specify damping to display route damping profiles prefix list name Specify a prefix list name to display the ro...

Страница 194: ...t show router Description This command displays the active routes in the routing table If no command line arguments are specified all routes are displayed sorted by prefix Parameters family Specify th...

Страница 195: ...t Hop Interface Name Metric 10 10 1 0 24 Local Local 00h01m25s 0 ip 10 10 1 2 0 10 10 2 0 24 L Remote ISIS 00h00m58s 15 10 10 12 3 13 10 10 3 0 24 Local Local 00h01m25s 0 ip 10 10 3 2 0 10 10 4 0 24 L...

Страница 196: ...e Table Router Base Dest Prefix Flags Type Proto Age Pref Next Hop Interface Name Metric Alt NextHop Alt Metric 10 10 1 0 24 Local Local 00h02m28s 0 ip 10 10 1 2 0 10 10 2 0 24 Remote ISIS 00h02m01s 1...

Страница 197: ...GP backup routeLFA Loop Free Alternate nexthop A Dut C show router route table 1 1 1 1 32 Route Table Router Base Dest Prefix Type Proto Age Pref Next Hop Interface Name Metric 1 1 1 1 32 Remote BGP 0...

Страница 198: ...ress Next Hop Type Protocol Age Metric Pref 10 10 0 4 32 10 10 34 4 Remote OSPF 3523 1001 10 A ALA A A ALA A show router route table 10 10 0 4 32 longer Route Table Dest Address Next Hop Type Protocol...

Страница 199: ...0 138 203 71 202 32 Remote Static 00h44m29s 5 10 12 0 2 1 No of Routes 17 Flags L LFA nexthop available B BGP backup route available n Number of times nexthop is repeated A ALA A show router route ta...

Страница 200: ...1 6 32 Remote OSPF 00h02m20s 10 10 20 1 5 tunneled RSVP 1 1100 No of Routes 4 A Dut B show router route table 10 20 1 5 32 next hop type tunneled Route Table Router Base Dest Prefix Type Proto Age Pre...

Страница 201: ...wards the total Summary Route Table Output Summary output for the route table displays the number of active routes and the number of routes learned by the router by protocol Total active and available...

Страница 202: ...arameters interface name Maximum 32 characters Output Router Advertisement Table Output The following table describes the output fields for router advertisement Label Description Rtr Advertisement Tx...

Страница 203: ...Pv6 has been configured False Indicates that DHCPv6 is not available for address config uration Reachable Time The time in milliseconds that a node assumes a neighbor is reachable after receiving a re...

Страница 204: ...0 Nbr Advertisement Rx 166 Nbr Solicitation Rx 143 Max Advert Interval 601 Min Advert Interval 201 Managed Config TRUE Other Config TRUE Reachable Time 00h00m00s400ms Router Lifetime 00h30m01s Retran...

Страница 205: ...ent from FE80 200 FF FE00 2 Managed Config FALSE TRUE Other Config FALSE TRUE Reachable Time 00h00m00s0ms 00h00m00s400ms Router Lifetime 00h30m00s 00h30m01s Retransmit Time 00h00m00s0ms 00h00m00s400ms...

Страница 206: ...e 00h30m00s 00h30m01s Retransmit Time 00h00m00s0ms 00h00m00s400ms Hop Limit 64 63 Link MTU 0 1500 Prefix not present in own router advertisement Prefix 2 120 Autonomous Flag TRUE On link flag TRUE Pre...

Страница 207: ...llowing table describes the output fields for the ARP table Sample Output A ALA A show router static arp ARP Table IP Address MAC Address Age Type Interface 10 200 0 253 00 00 5a 40 00 01 00 00 00 Sta...

Страница 208: ...atic entries in the routing table If no options are present all static routes are displayed sorted by prefix Parameters family Specify the type of routing information to be distributed by this peer gr...

Страница 209: ...Pref The route preference value for the static route Metric The route metric value for the static route Type BH The static route is a black hole route The Nexthop for this type of route is black hole...

Страница 210: ...face Active 192 168 253 0 24 5 1 NH 10 10 0 254 n a N A ALA A service prefix Syntax service prefix Description This command displays the address ranges reserved by this node for services sorted by pre...

Страница 211: ...Parameters app name The specific application Values arp bgp cflowd dhcp dns ftp icmp igmp isis ldp mld msdp ndis ntp ospf pimradius rip rsvpsnmp snmp notification srrp ssh syslog tacplus telnet tftp...

Страница 212: ...e OSPF protocol RIP The administrative and operational states for the RIP protocol ISIS The administrative and operational states for the IS IS protocol MPLS The administrative and operational states...

Страница 213: ...utdown A Performance show router status Router Status Router Base Admin State Oper State Router Up Up OSPFv2 0 Up Up OSPFv2 1 Down Down OSPFv2 2 Down Down OSPFv2 3 Down Down OSPFv2 4 Down Down OSPFv2...

Страница 214: ...19 03 39 680 Single SFM Interval 0d 00 16 06 Triggered Policies No A Performance tms Syntax tms routes Context show router router instance Description This command displays Threat Management Services...

Страница 215: ...for IP reachability For a VPRN service this object specifies the lookup to be used by the routing instance if no SDP to the destination exists Parameters ip address mask Displays the specified tunnel...

Страница 216: ...ap Tunnel Id Pref Nexthop Metric 10 0 0 1 32 sdp GRE 10 5 10 0 0 1 0 10 0 0 1 32 sdp GRE 21 5 10 0 0 1 0 10 0 0 1 32 sdp GRE 31 5 10 0 0 1 0 10 0 0 1 32 sdp GRE 41 5 10 0 0 1 0 A ALA A config service...

Страница 217: ...tion Parameters tunnel group name Displays information for the specified tunnel group statistics Displays statistics for the specified tunnel group Sample Output A Dut C show router l2tp group L2TP Gr...

Страница 218: ...e Total Tunnels 3 0 0 2 3 Sessions 8 0 N A 5 8 Pkt Ctl Pkt Err Octets Rx 51 0 1224 Tx 51 0 2796 A Dut C peer Syntax peer ip address peer ip address statistics peer draining unreachable Context show ro...

Страница 219: ...Role Tun Total Ses Total 10 10 20 101 0 0 unreach LAC 1 1 No of peers 1 A Dut C A Dut C show router l2tp peer 10 10 20 101 Peer IP 10 10 20 101 Role LAC Draining false Tunnels 1 Tunnels Active 0 Sess...

Страница 220: ...t 1 IncomingCallConnected 1 ZeroLengthBody 1 originalTransmittedMsgType StartControlConnectionReply 1 IncomingCallReply 1 ZeroLengthBody 3 last cleared time N A session Syntax session connection id co...

Страница 221: ...al host name Specifies the host name used by this system during the authentication phase of tunnel establishment remote name remote host name Specifies a string that is compared to the host name used...

Страница 222: ...ID isp1 tunnel 3 Error Message Terminated by PPPoE RX PADT Control Conn ID 143523840 Remote Conn ID 1148557524 Tunnel ID 2190 Remote Tunnel ID 17525 Session ID 7822 Remote Session ID 39124 Time Starte...

Страница 223: ...of sessions 1 A Dut C show router l2tp session connection id 143524786 detail L2TP Session Status Connection ID 143524786 State established Tunnel Group isp1 group 2 Assignment ID isp1 tunnel 3 Error...

Страница 224: ...009 18 44 37 Time Closed 04 17 2009 18 44 50 CDN Result generalError General Error noError No of sessions 1 A Dut C A Dut C show router l2tp session assignment id isp1 tunnel 2 L2TP Session Summary ID...

Страница 225: ...658187773 658178048 10043 9725 established 658198275 658178048 10043 20227 established 658210606 658178048 10043 32558 established No of sessions 5 A Dut C A Dut C show router l2tp session peer 10 10...

Страница 226: ...shed 143531662 143523840 2190 7822 closed 236926987 236912640 3615 14347 closed 236927915 236912640 3615 15275 closed 379407426 379387904 5789 19522 established 658187773 658178048 10043 9725 establis...

Страница 227: ...010 09 08 54 Time Closed N A CDN Result noError General Error noError PPP information Service Id 100 Interface gi_base_lns_base_lac LCP State opened IPCP State opened PPP MTU 1492 PPP Auth Protocol ch...

Страница 228: ...cs Context show router l2tp Description This command displays L2TP statistics Sample Output A Dut C show router l2tp statistics L2TP Statistics Tunnels Sessions Active 3 Active 6 Setup history since 0...

Страница 229: ...el state Displays the operational state of the tunnel remote connection id remote connection id v3 Displays information for the specified remote connection ID group group name Displays L2TP tunnel inf...

Страница 230: ...nel 2 379387904 5789 4233 established 1 isp1 group 1 1 isp1 tunnel 1 658178048 10043 33762 draining 3 isp1 group 2 3 isp1 tunnel 2 No of tunnels 4 A Dut C A Dut C show router l2tp tunnel state closed...

Страница 231: ...ve Group Ses Total Assignment 143523840 2190 17525 established 2 isp1 group 2 3 isp1 tunnel 3 379387904 5789 4233 established 1 isp1 group 1 1 isp1 tunnel 1 No of tunnels 2 A Dut C A Dut C show router...

Страница 232: ...unnel ID 17525 UDP Port 1701 Remote UDP Port 1701 Preference 100 Hello Interval s 300 Idle TO s 0 Destruct TO s 7200 Max Retr Estab 5 Max Retr Not Estab 5 Session Limit 1000 AVP Hiding never Transport...

Страница 233: ...7200 Max Retr Estab 5 Max Retr Not Estab 5 Session Limit 1000 AVP Hiding never Transport Type udpIp Challenge never Time Started 04 17 2009 18 41 03 Time Idle 04 17 2009 18 43 20 Time Established 04...

Страница 234: ...wholesaler com remote name lns2 retailer1 net state draining Conn ID Loc Tu ID Rem Tu ID State Ses Active Group Ses Total Assignment 658178048 10043 33762 draining 3 isp1 group 2 3 isp1 tunnel 2 No of...

Страница 235: ...Max Ack Cur Q Length 1 0 1 0 Window Size Cur 4 acceptedMsgType StartControlConnectionRequest 1 StartControlConnectionConnected 1 IncomingCallRequest 1 IncomingCallConnected 1 ZeroLengthBody 3 origina...

Страница 236: ...iption This command clears all or specific ARP entries The scope of ARP cache entries cleared depends on the command line option s specified Parameters all Clears all ARP cache entries ip addr Clears...

Страница 237: ...ax statistics src ip ip address dst ip ip address statistics all Context clear router bfd Description This command clears BFD statistics Parameters src ip ip address Specifies the address of the local...

Страница 238: ...1 10 icmp redirect route Syntax icmp redirect route all ip address Context clear router Description This command deletes routes created as a result of ICMP redirects received on the management interfa...

Страница 239: ...icmp Specifies to reset the ICMP statistics for the IP interface s used for ICMP rate limiting urpf stats Resets the statistics associated with uRPF failures statistics Resets the IP interface traffi...

Страница 240: ...s or interface name is specified then statistics are cleared for all configured interfaces If an IP address or interface name is specified then only data regarding the specified interface is cleared P...

Страница 241: ...ce Description This command enables the trace The no form of the command disables the trace trace point Syntax no trace point module module name type event type class event class task task name functi...

Страница 242: ...and configures route table debugging icmp Syntax no icmp Context debug router ip Description This command enables ICMP debugging icmp6 Syntax icmp6 ip int name no icmp6 Context debug router ip Descrip...

Страница 243: ...terface information associated with the specified IP address headers Only displays information associated with the packet header protocol id Specifies the decimal value representing the IP protocol to...

Страница 244: ...0 ESS OS Router Configuration Guide tunnel table Syntax tunnel table ip address ldp rsvp tunnel id tunnel id sdp sdp id sdp id Context debug router ip Description This command enables debugging for tu...

Страница 245: ...P on page 249 Configurable Parameters on page 250 VRRP Priority Control Policies on page 258 VRRP Virtual Router Policy Constraints on page 258 VRRP Virtual Router Instance Base Priority on page 258 V...

Страница 246: ...s LAN the routers sharing the IP interface prevent a single point of failure by limiting access to this gateway address VRRP can be implemented on IES service interfaces and on core network IP interfa...

Страница 247: ...single Alcatel Lucent IP interface The virtual routers must be in the same subnet Each virtual router has its own VRID state machine and messaging instance IP Address Owner VRRP can be configured in e...

Страница 248: ...f the forwarding responsibility if the master becomes unavailable This allows any of the virtual router IP addresses on the LAN to be used as the default first hop router by end hosts This enables a h...

Страница 249: ...his message domain must have the same VRID configured The most important parameter to be defined on a non owner virtual router instance is the priority The priority defines a virtual router s selectio...

Страница 250: ...heritance on page 252 Master Down Interval on page 253 Preempt Mode on page 253 VRRP Message Authentication on page 254 Authentication Data on page 256 Virtual MAC Address on page 256 Inherit Master V...

Страница 251: ...uters may be configured with a priority of 254 through 1 The default value is 100 Multiple non owners can share the same priority value When multiple non owner backup virtual routers are tied transmit...

Страница 252: ...vertisement message is received with an advertisement interval set to a value different than the local value and the inherit parameter is disabled the message is discarded without processing The maste...

Страница 253: ...ower priority master The IP address owner will always become master when available Preempt mode cannot be set to false on the owner virtual router The default value for preempt mode is true When preem...

Страница 254: ...on methods which provide varying degrees of security The supported authentication types are 0 No Authentication 1 Simple Text Password 2 IP Authentication Header Authentication Type 0 No Authenticatio...

Страница 255: ...the criteria are silently dropped Authentication Type 1 Simple Text Password The use of type 1 indicates that VRRP advertisement messages are authenticated with a clear simple text password All virtu...

Страница 256: ...AC address configuration must be the same for all virtual routers participating as a virtual router or indeterminate connectivity by the attached IP hosts will result All VRRP advertisement messages a...

Страница 257: ...owner nodal context It is used to allow the current virtual router instance master to dictate the master down timer for all backup virtual routers Policies Policies can be configured to control VRRP...

Страница 258: ...RRP virtual router instances may be associated with the same IP interface allowing multiple priority control policies to be associated with the IP interface An applied VRRP priority control policy onl...

Страница 259: ...apply simultaneously creating a dynamic priority value The base priority for the instance less the sum of the delta values derives the actual priority value in use An explicit priority event is a con...

Страница 260: ...a in use priority limit is used as the in use priority for the virtual router instance Otherwise the in use priority is set to the base priority less the sum of the delta events Each event generates a...

Страница 261: ...be defined each with its own priority value If the LAG transitions from one threshold to the next the previous threshold priority value is subtracted from the total delta sum while the new threshold p...

Страница 262: ...hold 4 ports down Hold Set Timer Expired Set to hold set parameter 102 Three ports down Event State Set 5 ports down Event Threshold 4 ports down Hold Set Timer 3 seconds 103 All ports up Event State...

Страница 263: ...reshold 4 ports down Hold Set Timer Expired Set to hold set parameter 102 Three ports down Event State Set 5 ports down Event Threshold 4 ports down Hold Set Timer 3 seconds 103 All ports up Event Sta...

Страница 264: ...e Unknown Priority Event The route unknown priority event defines a task that monitors the existence of a given route prefix in the system s routing table The route monitoring task can be constrained...

Страница 265: ...in the active route table that matches the defined match criteria the route unknown priority event is considered false or cleared When a route prefix does not exist within the active route table match...

Страница 266: ...echo request messages destined to the non owner virtual router instance IP addresses are silently discarded in both the master and backup modes Non Owner Access Telnet When non owner access Telnet is...

Страница 267: ...he IP interface when destined to a virtual router IP address operating in backup mode Enabling non owner access SSH does not guarantee SSH access proper management and security features must be enable...

Страница 268: ...mentation Flow ENABLE START CONFIGURE VRRP PRIORITY CONTROL POLICIES optional CONFIGURE IES SERVICE CONFIGURE ROUTER INTERFACE CONFIGURE INTERFACE CONFIGURE INTERFACE SPECIFY ADDRESS SECONDARY ADDRESS...

Страница 269: ...kup command The backup IP address es must be on the same subnet The backup addresses explicitly define which IP addresses are in the VRRP advertisement message IP address list In the owner mode the ba...

Страница 270: ...Page 270 7450 ESS OS Router Configuration Guide...

Страница 271: ...asic VRRP Configurations on page 273 Common Configuration Tasks on page 276 Configuring VRRP Policy Components on page 278 VRRP Configuration Management Tasks on page 283 Modifying a VRRP Policy on pa...

Страница 272: ...n domain VRRP provides dynamic fail over of the forwarding responsibility if the master becomes unavailable The VRRP implementation allows one master per IP subnet All other VRRP instances in the same...

Страница 273: ...efined A VRRP configuration must include the following Policy ID Define at least one of the following priority events Port down LAG port down Host unreachable Route unknown The following example displ...

Страница 274: ...on an IES service interface Each virtual router instance can manage up to 16 backup IP addresses VRRP parameters configured within an IES service must include the following VRID Backup IP address es T...

Страница 275: ...IDs vrid can be configured on a router interface Each virtual router instance can manage up to 16 backup IP addresses VRRP parameters configured on a router interface must include the following VRID B...

Страница 276: ...on owner configurations must include the following parameters All participating routers in a VRRP instance must be configured with the same vrid All participating non owner routers can specify up to 1...

Страница 277: ...on each subnet The following displays an IP interface configuration example A SR1 config router info echo IP Configuration interface system address 10 10 0 1 32 exit interface testA address 123 123 1...

Страница 278: ...icy Components The following displays a VRRP policy configuration example A SR1 config vrrp info policy 1 delta in use limit 50 priority event port down 1 1 2 hold set 43200 priority 100 delta exit ro...

Страница 279: ...ter in case of failure VRRP can be configured the following ways Non Owner VRRP Example on page 279 Owner Service VRRP on page 280 Non Owner VRRP Example The following displays a basic non owner VRRP...

Страница 280: ...P The following displays the owner VRRP configuration example A SR4 config router info echo IP Configuration interface test2 address 10 10 10 23 24 vrrp 1 owner backup 10 10 10 23 authentication type...

Страница 281: ...can be configured the following ways Router Interface VRRP Non Owner on page 281 Router Interface VRRP Non Owner The following displays a non owner interface VRRP configuration example A SR2 config in...

Страница 282: ...RP Owner The following displays router interface owner VRRP configuration example A SR2 config router info interface vrrpowner address 10 10 10 23 24 vrrp 1 owner backup 10 10 10 23 authentication typ...

Страница 283: ...ner Parameters on page 285 Deleting VRRP on an Interface or Service on page 285 Modifying a VRRP Policy To access a specific VRRP policy you must specify the policy ID To display a list of VRRP polici...

Страница 284: ...ace or to an IES service Each instance in which the policy is applied must be deleted The Applied column in the following example displays whether or not the VRRP policies are applied to an entity A S...

Страница 285: ...p Entering the owner keyword is optional when entering the vrid for modification purposes Deleting VRRP on an Interface or Service The vrid does not need to be shutdown to remove the virtual router in...

Страница 286: ...Page 286 7450 ESS OS Router Configuration Guide...

Страница 287: ...n Guide Page 287 VRRP Command Reference Command Hierarchies Configuration Commands VRRP Network Interface Commands on page 289 VRRP Priority Control Event Policy Commands on page 290 Show Commands on...

Страница 288: ...Page 288 7450 ESS OS Router Configuration Guide...

Страница 289: ...no unnumbered vrrp virtual router id owner no vrrp virtual router id authentication key authentication key hash key hash hash2 no authentication key no backup ip address no bfd enable service id inte...

Страница 290: ...iority timeout seconds no timeout no lag port down lag id hold clear seconds no hold clear hold set seconds no hold set no number down number of lag ports down priority priority level delta explicit n...

Страница 291: ...interval seconds repeat repeat absolute rate Clear Commands clear vrrp statistics router vrrp interface ip int name vrid virtual router id statistics interface interface name vrid virtual router id s...

Страница 292: ...Page 292 7450 ESS OS Router Configuration Guide...

Страница 293: ...sage authentication data fields The first field contains the first four characters with the first octet starting with IETF RFC bit position 0 containing the first character The second field similarly...

Страница 294: ...P addresses that are advertised within VRRP advertisement messages This communicates the IP addresses that the master is representing to backup virtual routers receiving the messages Advertising a cor...

Страница 295: ...e of the parent IP interface defined IP addresses primary and secondary For non owner virtual router instances the virtual router IP addresses each must be within one of the parental IP interface IP a...

Страница 296: ...IP interface is not configured the virtual router IP address assignment fails Parent Primary IP Address Changed When a virtual router IP address is set and the associated parent IP interface IP addres...

Страница 297: ...nstance but there can be multiple SRRP VRRP sessions using the same BFD session BFD control the state of the associated interface By enabling BFD on a given protocol interface the state of the protoco...

Страница 298: ...both non owner and owner vrrp nodal contexts The mac command can be executed at any time and takes effect ediately When the virtual router MAC on a master virtual router instance changes a gratuitous...

Страница 299: ...virtual router instances usage of the message interval setting is dependent on the state of the virtual router master or backup and the state of the master int inherit parameter When a non owner is o...

Страница 300: ...conditions within the chassis The policy can be associated with more than one virtual router instance The priority events within the policy either override or diminish the base priority set with the p...

Страница 301: ...le in the non owner vrrp nodal context The owner may not be preempted because the priority of non owners can never be higher than the owner The owner always preempts all other virtual routers when it...

Страница 302: ...o ping reply Context config router if vrrp Description This command enables the non owner master to reply to ICMP echo requests directed at the vritual router instances IP addresses Non owner virtual...

Страница 303: ...lse backup master state changes If the shutdown command is executed no VRRP advertisement messages are generated and all received VRRP advertisement messages are silently discarded with no processing...

Страница 304: ...specifies whether this VRRP instance allows forwarding packets to a standby router When disabled a standby router should not forward traffic sent to virtual router s MAC address However the standby ro...

Страница 305: ...is valid only if the VRRP virtual router instance associated with this entry is a non owner When this command is enabled a non owner master can reply to traceroute requests directed to the virtual ro...

Страница 306: ...h reply The owner virtual router instance always allows Ping Telnet and SSH if the management and security parameters are configured to accept them on the parent IP interface vrrp shutdown The owner v...

Страница 307: ...ority control event overrides the delta priority control events the delta in use limit has no effect Setting the limit to a higher value than the default of 1 limits the effect of the delta priority c...

Страница 308: ...ts It is a parental node for the various VRRP priority control policy commands that define the policy parameters and priority event conditions The virtual router instance priority command defines the...

Страница 309: ...oes not apply to a service but applies to the base router instance Values 1 2147483647 priority event Syntax no priority event Context config vrrp policy vrrp priority id Description This command crea...

Страница 310: ...conds no hold set Context config vrrp policy priority event host unreachable config vrrp policy priority event lag port down config vrrp policy priority event port down config vrrp policy priority eve...

Страница 311: ...t id channel id config vrrp policy priority event route unknown prefix mask length Description This command controls the effect the set event has on the virtual router instance in use priority When th...

Страница 312: ...priority event priority level values on all set delta priority events are subtracted from the virtual router base priority to derive the virtual router instance in use priority value If the delta prio...

Страница 313: ...et When an event transitions from clear to set the set is processed ediately and must be reflected in the associated virtual router instances in use priority value As the event transitions from cleare...

Страница 314: ...he VRRP priority control event The port id channel id can only be monitored by a single event in this policy The channel can be monitored by multiple VRRP priority control policies A port and a specif...

Страница 315: ...an arbitrary LAG The lag id does have to already exist within the system The operational state of the lag port down event will indicate Set non existent Set one port down Set two ports down Set three...

Страница 316: ...se priority of all associated virtual router instances must be reevaluated The events hold set timer has no effect on the removal procedure Default no lag port down No LAG priority control events are...

Страница 317: ...thresholds must be re evaluated after removal Default no number down No threshold for the LAG priority event is created Parameters number of lag ports down The number of LAG ports down to create a se...

Страница 318: ...op counter The event is not cleared until the consecutive drop counter is less than the drop count value and the hold set timer has a value of zero expired The no form of the command reverts to the de...

Страница 319: ...s in use priority value As the event transitions from clear to set a hold set timer is loaded with the value configured by the events hold set command This timer prevents the event from clearing until...

Страница 320: ...ach session originates a unique identifier value for the ICMP echo request messages it generates This allows received ICMP echo reply messages to be directed to the appropriate sending application Val...

Страница 321: ...eout after the message timeout timer expires In this case the message request is unsuccessful If an ICMP echo reply message is not received prior to the timeout period for a given ICMP echo request th...

Страница 322: ...llow default optional parameter extends the less specific match to include the default route 0 0 0 0 The no form of the command prevents RTM lookup results that are less specific than the route prefix...

Страница 323: ...nknown event transitions to the set state The protocol command is optional If the protocol command is not executed the comparison between the RTM prefix return and the route unknown IP route prefix wi...

Страница 324: ...refix within the routing table The route unknown command configures a priority control event that defines a link between the VRRP priority control policy and the Route Table Manager RTM The RTM regist...

Страница 325: ...apping If the event clears and becomes set again before the hold set timer expires the timer is reset to the hold set value extending the time before another clear can take effect The no form of the c...

Страница 326: ...trol policies The IP address can be used in one or multiple ping requests Each VRRP priority control host unreachable and ping destined to the same ip addr is uniquely identified on a per message basi...

Страница 327: ...or the specified VRRP instance on the IP interface Default All VRIDs for the IP interface Values 1 255 Output VRRP Instance Output The following table describes the instance command output fields for...

Страница 328: ...own timer is indirectly derived from the value in the advertisement interval field of the VRRP message received from the current master No When the VRRP instance is operating as a backup and the maste...

Страница 329: ...IP address of the VRRP master Primary IP The IP address of the VRRP owner Up Time The date and time when the operational state of the event last changed Virt MAC Addr The virtual MAC address used in...

Страница 330: ...n Use Mesg Intvl 1 Master Inherit Intvl No Base Priority 100 In Use Priority 100 Policy ID n a Preempt Mode Yes Ping Reply No Telnet Reply No SSH Reply No Traceroute Reply No Init Delay 0 Init Timer E...

Страница 331: ...nd qualifiers Values port down port id lag port down lag id host unreachable host ip addr route unknown route prefix mask specific qualifier Display information about the specified qualifier Values po...

Страница 332: ...ess this value is 0 Description A text string which describes the VRRP policy Event Type ID A delta priority event is a conditional event defined in a priority con trol policy that subtracts a given a...

Страница 333: ...nless this value is 0 Description A text string which describes the VRRP policy Event Type ID A delta priority event is a conditional event defined in a priority con trol policy that subtracts a given...

Страница 334: ...pe ID Event Oper State Hold Set Priority In Remaining Effect Use Host Unreach 10 10 200 252 n a Expired 20 Del No Host Unreach 10 10 200 253 n a Expired 10 Del No Route Unknown 10 10 100 0 24 n a Expi...

Страница 335: ...ith the priority control policy happen simultane ously This sum is subtracted from the base priority of the virtual router to give the in use priority Delta Limit The delta in use limit for a VRRP pol...

Страница 336: ...P pri ority control event can transition to the cleared state to dampen flap ping events Priority The base priority used by the virtual router instance Priority Effect Delta The priority level value i...

Страница 337: ...7 04 54 35 A ALA A A ALA A show vrrp policy 1 event host unreachable VRRP Policy 1 Event Host Unreachable 10 10 200 252 Description 10 10 200 253 reachability Current Priority None Applied No Current...

Страница 338: ...0 100 0 24 Priority 1 Priority Effect Explicit Less Specific No Default Allowed No Next Hop s None Protocol s None Hold Set Config 0 sec Hold Set Remaining Expired Value In Use No Current State n a tr...

Страница 339: ...VRRP 7450 ESS OS Router Configuration Guide Page 339 Sample Output A ALA 48 show router vrrp statistics VRRP Global Statistics VR Id Errors 0 Version Errors 0 Checksum Errors 0 A ALA 48...

Страница 340: ...ted Default 10 Values 1 999 absolute When the absolute keyword is specified the raw statistics are displayed without pro cessing No calculations are performed on the delta or rate statistics rate When...

Страница 341: ...ntext clear router vrrp Description This command enables the context to clear and reset VRRP entities Parameters policy policy id Clears statistics for the specified policy Values 1 9999 statistics Sy...

Страница 342: ...Page 342 7450 ESS OS Router Configuration Guide policy vrrp policy id Clears VRRP statistics for all or the specified VRRP priority control pol icy Default All VRRP policies Values 1 9999...

Страница 343: ...disables debugging Parameters ip int name Displays the specified interface name vrid virtual router id Displays the specified VRID packets Syntax packets interface ip int name vrid virtual router id p...

Страница 344: ...Page 344 7450 ESS OS Router Configuration Guide...

Страница 345: ...ed in the SROS Triple Play Guide and CPM security and Management Interface described in SROS Router Configuration Guide Topics in this chapter include Filter Policy Configuration Overview on page 346...

Страница 346: ...ith a unique filter id but each filter has also a unique filter name argument that can be defined once the filter policy has been created Either filter id or filter name can then be used throughout th...

Страница 347: ...ned a unique filter ID Each filter policy is defined with Scope Default action Description Filter Name that can be optionally used in CLI to reference this filter policy instead of Filter ID some exce...

Страница 348: ...ke SDP Fpipe SAP spoke SDP Fpipe SAP spoke SDP Ipipe SAP spoke SDP Ipipe SAP spoke SDP Pseudowire template Pseudowire template Table 9 Applying Filter Policies IP Filter MAC Filter Security CPM N A CR...

Страница 349: ...nation with the highest priority value is selected There are no default redirect policies Each redirect policy must be explicitly configured and specified in an IPv4 filter entry To facilitate redirec...

Страница 350: ...rection 1 The customer gets an IP address using DHCP if the customer is trying to set a static IP he will be blocked by the anti spoofing filter 2 The customer tries to connect to a website 3 The rout...

Страница 351: ...riber identification string Note that the subscriber identification string is available only when used with subscriber management Refer to the subscriber management section of the SROS Triple Play Gui...

Страница 352: ...be flooded in the BVPLS context as unknown unicast in the BVPLS context for both IVPLS and PBB Epipe To restrict distribution of this traffic for local PBB services ISID filters can be deployed The ma...

Страница 353: ...1 x 0 The matching is based on the port configuration and the SAP configuration In the industry the QinQ tags are often referred to as the C VID Customer VID and S VID service VID The terms outer tag...

Страница 354: ...the Service Tags Too Deep to be Service Delimiting or to be Used for VID Filtering Tag Available for Matching and Indication of Which Match Criteria to Use 20 10 Payload MAC 10 20 30 Payload MAC 10 2...

Страница 355: ...ional check for the 0 VID tag may be required when using certain wild card operations For example frames with no tags on null encapsulated ports will match a value of 0 in outer tag and inner tag beca...

Страница 356: ...ve a filter as shown below while port A sap 1 1 1 2 would not mac filter 4 create default action forward type vid entry 1 create match frame type ethernet_II outer tag 30 4095 exit action drop exit ex...

Страница 357: ...ion and Implementation Flow Figure 18 displays the process to create a filter policy and apply that policy to a service or network port CREATE A REDIRECT POLICY CREATE IP FILTER SPECIFY DESTINATION PR...

Страница 358: ...er Policies CREATE AN IP OR MAC FILTER FILTER ID CREATE FILTER ENTRIES ENTRY ID SPECIFY SCOPE DEFAULT ACTION DESCRIPTION SPECIFY ACTION PACKET MATCHING CRITERIA SAVE CONFIGURATION CREATE SERVICE ASSOC...

Страница 359: ...ader of the packet src port dst port When protocol IPv4 specifies TCP UDP or both for this entry it matches against the Source Port Number Destination Port Number of the outer IPv4 header of the packe...

Страница 360: ...fying an Ethernet 802 2 LLC DSAP value allows the filter to match a destination access point on the network node designated in the destination field of a packet snap pid Specifying an Ethernet IEEE 80...

Страница 361: ...Value Table DSCP Name Decimal DSCP Value Hexadecimal DSCP Value Binary DSCP Value default 0 cp1 1 cp2 2 cp3 3 cp4 4 cp5 5 cp6 6 cp7 7 cs1 8 cp9 9 af10 10 af11 11 af12 12 cp13 13 cp14 14 cp15 15 cs2 16...

Страница 362: ...f43 38 cp39 39 cs5 40 cp41 41 cp42 42 cp43 43 cp44 44 cp45 45 ef 46 cp47 47 nc1 48 cs6 cp49 49 cp50 50 cp51 51 cp52 52 cp53 53 cp54 54 cp55 55 cp56 56 cp57 57 nc2 58 cs7 cp60 60 cp61 61 cp62 62 Table...

Страница 363: ...e 1 0 2 130 SEC Security 1 0 3 131 LSR Loose source router 1 0 5 133 E SEC Extended security 1 0 6 134 CIPSO Commercial security 1 0 8 136 SID Stream id 1 0 9 137 SSR Strict source route 1 0 14 142 VI...

Страница 364: ...num filter policy command When a filter consists of a single entry the filter executes actions as follows If a packet matches all the entry criteria the entry s specified action is performed drop or f...

Страница 365: ...d Source Address 10 10 10 103 Destination Address 10 10 10 105 FILTER ENTRY ID 20 Action Forward REMAINING PACKETS ARE DROPPED PER THE DEFAULT ACTION DROP FORWARD PACKETS WITH MATCHING SA AND DA FORWA...

Страница 366: ...t for CPM and IOM filter policies are introduced to eliminate above operational complexity by simplifying the IOM and CPM filter policy management on a list of a match criterion Instead of defining mu...

Страница 367: ...unless resources exist in hardware to implement the required filter policy ies that reference that list If that is not the case addition of a new element to the list or use of the list by another pol...

Страница 368: ...ters are applied to a SAP packets received at the egress SAP are checked against the matching criteria in the filter entries If the packet completely matches all criteria in an entry the checking stop...

Страница 369: ...is configured it may take a few seconds to load and initiate the filter policy configuration The action keyword must be entered for the entry to be active Any filter entry without the action keyword...

Страница 370: ...Page 370 7450 ESS OS Router Configuration Guide a When snap header is present this is always set to AA AA...

Страница 371: ...e filters The implementation of the feature applies to filter logs with destination syslog In case of VPLS scenario both Layer 2 Layer 3 are applicable Layer 2 Source MAC or optionally destination MAC...

Страница 372: ...Page 372 7450 ESS OS Router Configuration Guide...

Страница 373: ...Filter Policy on page 375 Creating Filter Log Policies on page 384 Applying Filter Policies on page 385 Apply IPv4 Filter Policies to a Network Port on page 387 Creating a Redirect Policy on page 388...

Страница 374: ...nfiguration of an IP filter policy The configuration blocks all incoming TCP session except Telnet and allows all outgoing TCP sessions from IP net 10 67 132 0 24 Figure 22 depicts the interface to ap...

Страница 375: ...etwork Port on page 387 Creating an IP Filter Policy Configuring and applying filter policies is optional Each filter policy must have the following The filter type specified IP A filter policy ID A d...

Страница 376: ...are handled either dropped or forwarded Enter a filter entry ID The system does not dynamically assign a value Assign an action either drop or forward Specify matching criteria The following displays...

Страница 377: ...n http redirect configuration example A ALA 48 config filter ip filter info description filter main scope exclusive entry 10 create description no 91 match dst ip 10 10 10 91 24 src ip 10 10 0 100 24...

Страница 378: ...scription no 91 filter sample interface disable sample match exit action forward redirect policy redirect1 exit A ALA 7 config filter ip filter Within a filter entry you can also specify that traffic...

Страница 379: ...specified MAC normal MAC isid MAC vid A filter policy ID A default action either drop or forward Filter policy scope either exclusive or template At least one filter entry Matching criteria specified...

Страница 380: ...filter configuration example A ALA 7 config filter info mac filter 90 create description filter wan man scope template type isid entry 1 create description drop local isids match isid 100 to 1000 exi...

Страница 381: ...ID filter configuration example A TOP_NODE config filter mac filter info default action forward type vic entry 1 create match frame type ethernet_II ouiter tag 85 4095 exit action drop exit entry 2 cr...

Страница 382: ...n the entry determine how the packets are handled either dropped or forwarded Enter a filter entry ID The system does not dynamically assign a value Assign an action either drop or forward Specify mat...

Страница 383: ...pecify at least one list argument a valid IPv4 address prefix for example Optionally a description can also be defined The following displays an IPv4 address prefix list configuration example and usag...

Страница 384: ...Guide Creating Filter Log Policies The following displays a filter matching configuration example A ALA 48 config filter log info detail description Test filter log destination memory 1000 wrap aroun...

Страница 385: ...es can be associated with the following entities Table 13 Applying Filter Policies IP Filter MAC Filter Epipe SAP spoke SDP Epipe SAP spoke SDP Fpipe SAP spoke SDP N A IES interface SAP N A Ipipe SAP...

Страница 386: ...an existing filter policy or if defined a Filter Name for that Filter ID policy can be used in the CLI The following output displays IP and MAC filters assigned to an ingress and egress SAP and spoke...

Страница 387: ...licies are applied to network interfaces by associating a policy with ingress and or egress direction as desired Filter ID is used to associate an existing filter policy or if defined a Filter Name fo...

Страница 388: ...redirection policy configuration A ALA 7 config filter info redirect policy redirect1 create destination 10 10 10 104 create description SNMP_to_104 priority 105 snmp test SNMP 1 interval 30 drop cou...

Страница 389: ...I performs packet inspection modification and either drops the traffic or forwards the traffic back into the box through SAP 1 1 21 1 Traffic will then be sent to spoke sdp 3 5 SAP 1 1 23 5 is configu...

Страница 390: ...zon group split create disable learning static mac 00 00 00 31 11 01 create exit sap 1 1 22 1 split horizon group dpi create disable learning static mac 00 00 00 31 12 01 create exit sap 1 1 23 5 crea...

Страница 391: ...p split create exit stp shutdown exit sap 1 1 5 5 split horizon group split create ingress filter mac 100 exit static mac 00 00 00 31 15 05 create exit sap 1 1 21 1 split horizon group split create di...

Страница 392: ...s The system exits the matching process when the first match is found and then executes the actions in accordance with the specified action Because the ordering of entries is important the numbering s...

Страница 393: ...ion forward exit entry 40 create match dst ip 10 10 10 91 24 src ip 10 10 10 106 24 exit action drop exit exit A ALA 7 config filter A ALA 7 config filter info ip filter 11 create description filter m...

Страница 394: ...command to remove the command parameters or return the parameter to the default setting Example config filter ip filter description New IP filter info config filter ip filter entry 2 create config fi...

Страница 395: ...on Guide Page 395 entry 15 create description no 91 match dst ip 10 10 10 91 24 src ip 10 10 10 103 24 exit action forward exit entry 30 create match dst ip 10 10 10 91 24 src ip 10 10 0 200 24 exit a...

Страница 396: ...in all context where the filter is used The following illustrates an example of removing a filter filter ID 11 from an ingress ePipe SAP Example config service epipe 5 config service epipe sap 1 1 2 3...

Страница 397: ...l test url http www alcatel com config filter redirect policy dest url test interval 10 config filter redirect policy dest url test timeout 10 config filter redirect policy dest url test return code 1...

Страница 398: ...cy from the filter configuration Example config filter ip filter 11 config filter ip filter entry 1 config filter ip filter entry action forward redirect policy redirect2 config filter ip filter entry...

Страница 399: ...ilter policies can also be created by copying an existing policy and renaming the new filter The following displays the command usage to copy an existing IP filter 11 to create a new filter policy 12...

Страница 400: ...Page 400 7450 ESS OS Router Configuration Guide...

Страница 401: ...nds on page 406 Configuration Commands Log Commands config filter log log id create no log log id description description string no description destination memory num entries syslog syslog id destinat...

Страница 402: ...rect ip address interface ip int name action forward redirect policy policy name action forward sap sap id sdp sdp id action http redirect url action nat no action description description string no de...

Страница 403: ...id count count no sub insert radius sub insert wmark low low watermark high high watermark no sub insert wmark description description string no description entry entry id time range time range name n...

Страница 404: ...Page 404 7450 ESS OS Router Configuration Guide no ssap src mac ieee address ieee address mask no src mac renum old entry id new entry id scope exclusive template no scope type filter type...

Страница 405: ...seconds no timeout snmp test test name create no snmp test test name drop count consecutive failures hold down seconds no drop count interval seconds no interval oid oid string community community st...

Страница 406: ...counters log bindings log log id match string mac mac filter id entry entry id association counters redirect policy redirect policy name dest ip address association Clear Commands clear filter ip filt...

Страница 407: ...ist ip prefix list Description This command creates a text description stored in the configuration file for a configuration context The description command associates a text string with a configuratio...

Страница 408: ...to multiple services or multiple network ports as long as the scope of the policy is template Any changes made to the existing policy using any of the sub commands will be applied immediately to all s...

Страница 409: ...letes the mac filter policy A filter policy cannot be deleted until it is removed from all SAP where it is applied Parameters filter id The MAC filter policy ID number Values 1 65535 create Keyword re...

Страница 410: ...xact invert match option dhcp option number match string ascii string exact invert match no option Context config filter dhcp filter entry Description This command configures the action to take on DHC...

Страница 411: ...ed as a decimal integer Values 10 50000 syslog syslog id Specifies the destination of the filter log ID is a Syslog server The syslog id parameter is the number of the Syslog server definition Values...

Страница 412: ...are always indicated in system generated configuration files The no form of the command puts an entity into the administratively enabled state Default no shutdown summary Syntax summary Context config...

Страница 413: ...onfig filter log Description This command configures a memory filter log to log until full or to store the most recent log entries circular buffer Specifying wrap around configures the memory filter l...

Страница 414: ...l packets will be forwarded unless there is a specific filter entry which causes the packet to be dropped filter name Syntax filter name filter name Context config filter ip filter config filter mac f...

Страница 415: ...t control Syntax sub insert credit control start entry entry id count count no sub insert credit control Context config filter ip filter Description This command inserts point information for credit c...

Страница 416: ...table full alarm will be cleared by the agent Values 0 100 high high watermark Specifies the utilization of the filter ranges for filter entry insertion at which a table full alarm will be raised by t...

Страница 417: ...ices or network ports where that filter is applied Default none Parameters entry id An entry id uniquely identifies a match criteria and the corresponding action It is recommended that multiple entrie...

Страница 418: ...50 ESS OS Router Configuration Guide The no form of the command disables logging for the filter entry Default no log Parameters log id The filter log ID destination expressed as a decimal integer Valu...

Страница 419: ...ward Specifies packets matching the entry criteria will be forwarded next hop ip address The IP address of the direct next hop to which to forward matching packets in dotted decimal notation indirect...

Страница 420: ...mer s subscriber identification string Values 255 characters maximum filter sample Syntax no filter sample Context config filter ip filter entry Description Specifies that traffic matching the associa...

Страница 421: ...otocol to be used as an IP filter match criterion The protocol type such as TCP or UDP is identified by its respective protocol number protocol id Configures the decimal value representing the IP prot...

Страница 422: ...ncapsulation Header pnni 102 PNNI over IP pim 103 Protocol Independent Multicast vrrp 112 Virtual Router Redundancy Protocol l2tp 115 Layer Two Tunneling Protocol stp 118 Spanning Tree Protocol ptp 12...

Страница 423: ...tatement The filter entry is considered incomplete and hence rendered inactive without the action keyword Default none Parameters drop Specifies packets matching the entry criteria will be dropped for...

Страница 424: ...statement are configured then all criteria must be satisfied AND function before the action associated with the match will be executed A match context may consist of multiple match criteria but multip...

Страница 425: ...Filter Policies 7450 ESS OS Router Configuration Guide Page 425 ethernet_II Specifies the frame type is Ethernet Type II...

Страница 426: ...efix list name no dst ip Context config filter ip filter entry match Description This command configures a destination IP address range to be used as an IP filter match criterion To match on the desti...

Страница 427: ...match gt specifies all port numbers greater than dst port number match eq specifies that dst port number must be an exact match eq Specifies the operator to use relative to dst port number for specify...

Страница 428: ...nted packet since only the first fragment contains the L4 information This option is only meaningful if the protocol match criteria specifies ICMP 1 The no form of the command removes the criterion fr...

Страница 429: ...integer The mask is applied as an AND to the option byte the result is compared with the option value The decimal value entered for the match should be a combined value of the eight bit option type f...

Страница 430: ...in the IP header as a match criterion Parameters true Specifies matching on all IP packets that contain the option field in the header A match will occur for all packets that have the option field pre...

Страница 431: ...filter match criterion Note that an entry containing L4 match criteria will not match non initial 2nd 3rd etc fragments of a fragmented packet since only the first fragment contains the L4 informatio...

Страница 432: ...ave the ACK bit set in the control bits of the TCP header of the IP packet tcp syn Syntax tcp syn true false no tcp syn Context config filter ip filter entry match Description This command configures...

Страница 433: ...lease see general description related to match list usage in filter policies Default none Parameters ip prefix list name A string of up to 32 characters of printable ASCII characters If special charac...

Страница 434: ...OS Router Configuration Guide Parameters ip prefix A valid IPv4 address prefix in dotted decimal notation Values 0 0 0 0 to 255 255 255 255 host bit must be 0 prefix length Length of the entered IP p...

Страница 435: ...xample if a packet ingresses on a null encapsulated SAP and the customer packet is IEEE 802 1Q or 802 1p tagged the 802 1p bits will be present for a match evaluation On the other hand if a customer t...

Страница 436: ...of the command to remove the dsap value as the match criterion Default no dsap Parameters dsap value The 8 bit dsap match criteria value in hexadecimal Values 0x00 0xFF hex mask This is optional and m...

Страница 437: ...field is a two byte field used to identify the protocol carried by the Ethernet frame For example 0800 is used to identify the IPv4 packets The Ethernet type field is used by the Ethernet version II...

Страница 438: ...ilter mac filter entry match Description This command configures the matching of the second tag that is carried transparently through the service The inner tag on ingress is the second tag on the fram...

Страница 439: ...will contain the next tag which is still the first tag carried transparently through the service On SAPs with two service delimiting tags two tags stripped outer tag will contain 0 even if there are...

Страница 440: ...but the same PID field will both match the same filter entry based on a snap pid match criteria The no form of the command removes the snap pid value as the match criteria Default no snap pid Paramet...

Страница 441: ...2 3 Ethernet Frame The snap pid field etype field ssap and dsap fields are mutually exclusive and may not be part of the same match criteria MAC Match Criteria Exclusivity Rules on page 369 describes...

Страница 442: ...id identifies the source filter policy from which the copy command will attempt to copy The filter policy must exist within the context of the preceding keyword ip filter or mac filter dest filter id...

Страница 443: ...o properly sequence filter entries This may be required in some cases since the OS exits when the first match is found and executes the actions according to the accompanying action command This requir...

Страница 444: ...ig filter destination ping test config filter destination snmp test Description This command configures parameters to perform connectivity ping tests to validate the ability for the destination to rec...

Страница 445: ...t Default 1 Parameters seconds Specifies the amount of time in seconds between consecutive requests sent to the far end host Values 1 60 timeout Syntax timeout seconds no timeout Context config filter...

Страница 446: ...characters long composed of printable 7 bit ASCII characters If the string contains special characters spaces etc the entire string must be enclosed within double quotes oid Syntax oid oid string comm...

Страница 447: ...olicy destination Description The context to enable URL test parameters IP filters can be used to selectively cache some web sites Default none Parameters test name The name of the URL test Allowed va...

Страница 448: ...cified range lower priority priority Specifies the amount to lower the priority of the destination when the return code falls within the specified range raise priority priority Specifies the amount to...

Страница 449: ...48 ip Syntax ip ip filter id entry entry id association counters type entry type Context show filter Description This command shows IP filter information Parameters ip filter id Displays detailed info...

Страница 450: ...specified Sample Output A ALA 49 show filter ip IP Filters Filter Id Scope Applied Description 1 Template Yes 3 Template Yes 6 Template Yes 10 Template No 11 Template No Num IP filters 5 A ALA 49 A D...

Страница 451: ...tch Criteria IP Indicates the filter is an IP filter policy Entry The filter ID filter entry ID If the filter entry ID indicates the entry is Inactive then the filter entry is incomplete as no action...

Страница 452: ...mber or port rangee Dscp The DiffServ Code Point DSCP name ICMP Code The ICMP code field in the ICMP header of an IP packet Option present Off Specifies not to search for packets that contain the opti...

Страница 453: ...er Id fSpec 1 Applied Yes Scope Template Def Action Forward Radius Ins Pt n a CrCtl Ins Pt n a Entries 2 insert By Bgp Description BGP FlowSpec filter for the Base router Filter Association IP Service...

Страница 454: ...n Off TCP ack Off Match action Drop Ing Matches 0 pkts Egr Matches 0 pkts Entry fSpec 1 49151 inserted by BGP FLowSpec Description Not Specified Log Id n a Src IP 0 0 0 0 0 Src Port None Dest IP 0 0 0...

Страница 455: ...tion Off TCP syn Off TCP ack Off Match action Forward Next Hop 138 203 228 28 Ing Matches 0 Egr Matches 0 Entry 1020 time range night Cur Status Active Log Id n a Src IP 0 0 0 0 0 Src Port None Dest I...

Страница 456: ...e Service Access Point on which the filter policy ID is applied Ingress The filter policy ID is applied as an ingress filter policy on the inter face Egress The filter policy ID is applied as an egres...

Страница 457: ...ing the filter entry Forward The explicit action to perform is forwarding of the packet If the action is Forward then if configured the nexthop infor mation should be displayed including Nexthop IP ad...

Страница 458: ...mpling On IP Option 0 0 Multiple Option Off TCP syn Off TCP ack Off Match action Drop Ing Matches 0 Egr Matches 0 A ALA 49 Output Show Filter Associations with TOD suite specified If a filter is refer...

Страница 459: ...er policy ID has not been applied Yes The filter policy ID is applied Def Action Forward The default action for the filter ID for packets that do not match the filter entries is to forward Drop The de...

Страница 460: ...s entries is produced The following table describes the command output for the command Label Description Filter Id The IP filter ID Scope Template The filter policy is of type Template Exclusiv The fi...

Страница 461: ...lue for the match criteria Undefined indicates no value is specified Ethertype The Ethertype value match criterion DSAP The DSAP value match criterion Undefined indicates no value specified SSAP SSAP...

Страница 462: ...hes 0 Egr Matches 0 Filter Associations The associations for a filter ID will be displayed if the associations keyword is specified The assocation information is appended to the filter information The...

Страница 463: ...ed Def Action Forward The default action for the filter ID for packets that do not match the filter entries is to forward Drop The default action for the filter ID for packets that do not match the fi...

Страница 464: ...nd displays Lawful Intercept MAC filter information Parameters li mac filter id Displays detailed information for the specified Lawful Intercept filter ID and its filter entries Values 1 65535 associa...

Страница 465: ...ot been applied Yes The filter policy ID is applied Def Action Forward The default action for the filter ID for packets that do not match the filter entries is to forward Drop The default action for t...

Страница 466: ...tes no value specified SSAP SSAP value match criterion Undefined indicates no value specified Snap pid The Ethernet SNAP PID value match criterion Undefined indicates no value specified Esnap oui zero...

Страница 467: ...n The following table describes the fields in the appended associations output Sample Output show li filter li mac testLiMacFilter association LI Mac Filter Filter Id testLiMacFilter Associated Yes En...

Страница 468: ...lied Def Action Forward The default action for the filter ID for packets that do not match the filter entries is to forward Drop The default action for the filter ID for packets that do not match the...

Страница 469: ...r Description This command shows redirect filter information Parameters redirect policy name Displays information for the specified redirect policy dest ip address Directs the router to use a specifie...

Страница 470: ...destination Ping Test Specifies the name of the ping test Timeout Specifies the amount of time in seconds that is allowed for receiving a response from the far end host If a reply is not received wit...

Страница 471: ...Admin Priority 95 Oper Priority 105 Admin State Up Oper State Down Ping Test Interval 1 Timeout 30 Drop Count 5 Hold Down 0 Hold Remain 0 Last Action at 03 19 2007 00 46 55 Action Taken Disable Destin...

Страница 472: ...ription Not Specified Admin Priority 90 Oper Priority 90 Admin State Up Oper State Down URL Test URL_to_Proxy Interval 10 Timeout 10 Drop Count 3 Hold Down 0 Hold Remain 0 Last Action at 03 19 2007 05...

Страница 473: ...s ip filter id The IP filter policy ID Values 1 65535 entry id Specifies that only the counters associated with the specified filter policy entry will be cleared Values 1 65535 ingress Specifies to on...

Страница 474: ...ng the command line parameters Default Clears all counters associated with the MAC filter policy entries Parameters mac filter id The MAC filter policy ID Values 1 65535 entry id Specifies that only t...

Страница 475: ...60 repeat repeat Configures how many times the command is repeated Default 10 Values 1 999 absolute When the absolute keyword is specified the raw statistics are displayed without pro cessing No calcu...

Страница 476: ...t repeat Configures how many times the command is repeated Default 10 Values 1 999 absolute When the absolute keyword is specified the raw statistics are displayed without pro cessing No calculations...

Страница 477: ...s Chapter This chapter provides information to configure Cflowd Topics in this chapter include Cflowd Overview on page 478 Operation on page 479 Cflowd Filter Matching on page 483 Cflowd Configuration...

Страница 478: ...low structures The amount of data stored depends on the cflowd configurations Cflowd maintains a list of data flows through a router A flow is a uni directional traffic stream defined by several chara...

Страница 479: ...maximum number of entries are already in the flow cache the earliest expiry entry is removed The earliest expiry entry flow is the next flow that will expire due to the active or inactive timer expir...

Страница 480: ...l flow captured Version 10 IPFIX Generates a variable export record depending on user configuration and sampled traffic type IPv4 IPv6 or MPLS for each individual flow captured There are several diffe...

Страница 481: ...onfigurable values The cache size default is 64K flow entries A flow terminates when one of the following conditions is met When the inactive timeout period expires default 15 seconds A flow is consid...

Страница 482: ...le with RFC 3954 Cisco Systems NetFlow Services Export Version 9 Version 10 Version 10 is a new format and protocol that inter operates with the specifications from the IETF as the IP Flow Information...

Страница 483: ...t criteria to determine acceptability With cflowd only the first packet of a flow is checked If the first packet is forwarded an entry is added to the cflowd cache Subsequent packets in the same flow...

Страница 484: ...rs which specify an action of interface disable sample in which traffic that matches these filter entries will not be subject to cflowd sampling Cflowd ACL where IP filters must be created with entrie...

Страница 485: ...erational Cflowd is enabled globally At least one collector must be configured and enabled A cflowd option must be specified and enabled on a router interface Sampling must be enabled on either An IP...

Страница 486: ...Page 486 7450 ESS OS Router Configuration Guide...

Страница 487: ...owd Configuration on page 491 Common Configuration Tasks on page 492 Enabling Cflowd on page 494 Configuring Global Cflowd Parameters on page 495 Configuring Cflowd Collectors on page 496 Dependencies...

Страница 488: ...ve sampling over an extended period of time for example more than every 1000th packet can burden router processing resources The following data is maintained for each individual flow in the raw flow c...

Страница 489: ...greater flexibility in the types of flows that are captured Collectors A collector defines the data flow for exporting sampled data from the cache A maximum of 5 collectors can be configured Each coll...

Страница 490: ...prefix and mask source AS and ingress interface Destination prefix Flows are aggregated based on destination prefix and mask destination AS and egress interface Source destination prefix Flows are agg...

Страница 491: ...e collector must be configured and enabled Sampling must be enabled on either An IP filter entry and applied to a service or an port An interface applied to a port The following example displays a cfl...

Страница 492: ...to configure cflowd and provides the CLI commands In order to begin traffic flow sampling cflowd must be enabled and at least one collector must be configured Global Cflowd Components The components c...

Страница 493: ...ng Cflowd on Interfaces and Filters on page 501 CLI Syntax config cflowd active timeout minutes cache size num entries inactive timeout seconds template retransmit seconds overflow percent rate sample...

Страница 494: ...collector to be active Use the following CLI syntax to enable cflowd CLI Syntax config cflowd no shutdown The following example displays the default values when cflowd is initially enabled No collect...

Страница 495: ...lowing CLI commands to configure cflowd parameters CLI Syntax config cflowd active timeout minutes cache size num entries inactive timeout seconds overflow percent rate sample rate template retransmit...

Страница 496: ...shutdown template set basic mpls ip The following example displays a basic cflowd configuration A ALA 1 config cflowd info active timeout 20 inactive timeout 10 overflow 10 rate 100 collector 10 10 10...

Страница 497: ...ponding template used to export the flow data Basic IPv4 Template 0 IPv4 Src Addr 8 0 IPv4 Dest Addr 12 0 IPv4 Nexthop 15 0 BGP Nexthop 18 0 Iingress Interface 10 0 Egress Interface 14 0 Packet Count...

Страница 498: ...est IPv4 Prefix Length 13 0 MPLS Label 1 70 0 MPLS Label 2 71 0 MPLS Label 3 72 0 MPLS Label 4 73 0 MPLS Label 5 74 0 MPLS Label 6 75 Basic IPv6 Template 0 IPv6 Src Addr 27 0 IPv6 Dest Addr 28 0 IPv6...

Страница 499: ...0 TCP control Bits Flags 6 0 Protocol 4 0 IPv6 Option Hdr 64 0 IPv6 Next Header 193 0 IPv6 Flow Label 31 0 TOS 5 0 IP version 60 0 IPv6 ICMP Type Code 139 0 BGP Source ASN 16 0 BGP Dest ASN 17 0 IPv6...

Страница 500: ...Interface 10 0 Egress Interface 14 0 Packet Count 2 0 Byte Count 1 0 Start Time 22 0 End Time 21 0 Flow Start Milliseconds 152 0 Flow End Milliseconds 153 0 Src Port 7 0 Dest Port 11 0 TCP control Bit...

Страница 501: ...n discusses the following cflowd configuration management tasks Dependencies on page 505 Specifying Cflowd Options on an IP Interface on page 502 Interface Configurations on page 502 Service Interface...

Страница 502: ...n of the 4 To omit certain types of traffic from being sampled when the interface sampling is enabled the config filter ip filter entry interface disable sample option may be enabled via an ip filter...

Страница 503: ...abled on a service interface cflowd collects routed traffic flow samples through a router for analysis Cflowd is supported on IES and VPRN services interfaces only Layer 2 traffic is excluded All pack...

Страница 504: ...option must be selected See Interfcace Configuration For configuration information refer to the IP Router Confguration Overview section of the 4 On the IP filter being used the entry filter sample op...

Страница 505: ...for traffic sampling to occur on an enabled entity If a specific collector UDP port is not identified then by default flows are sent to port 2055 Cflowd can also be dependent on the following entity c...

Страница 506: ...filter sampled No traffic is sampled on this interface IP filter mode or cflowd not enabled on interface ACL interface disable sample Command is ignored No sampling occurs Interface mode interface int...

Страница 507: ...modify global cflowd parameters CLI Syntax config cflowd active timeout minutes no active timeout cache size num entries no cache size inactive timeout seconds no inactive timeout overflow percent no...

Страница 508: ...stination prefix no source prefix no autonomous system type origin peer no description description string no shutdown template set basic mpls ip If a specific collector UDP port is not identified then...

Страница 509: ...iption This command configures the maximum amount of time before an active flow is aged out of the active cache If an individual flow is active for this amount of time the flow is aged out and a new f...

Страница 510: ...collector for cflowd data The IP address of the flow collector must be specified The UDP port number is an optional parameter If it is not set the default of 2055 is used for all collector versions To...

Страница 511: ...aggregation Description This command specifies that the aggregation data should be based on autonomous system AS information An AS matrix contains packet and byte counters for traffic from either sour...

Страница 512: ...efault none source destination prefix Syntax no source destination prefix Context config cflowd collector aggregation Description This command configures cflowd aggregation based on source and destina...

Страница 513: ...cflowd collector Description This command creates a text description stored in the configuration file for a configuration context The no form of this command removes the description string from the c...

Страница 514: ...active timeout Syntax inactive timeout seconds no inactive timeout Context config cflowd Description This command specifies the amount of time in seconds that must elapse without a packet matching a f...

Страница 515: ...Syntax rate sample rate no rate Context config cflowd Description This command specifies the rate N at which traffic is sampled and sent for flow analysis A packet is sampled every N packets for exam...

Страница 516: ...Page 516 7450 ESS OS Router Configuration Guide...

Страница 517: ...destination prefix no protocol port no raw no source destination prefix no source prefix autonomous system type origin peer no autonomous system type description description string no description no s...

Страница 518: ...Page 518 7450 ESS OS Router Configuration Guide cflowd top protocols clear top flows ipv4 ipv6 mpls clear packet size ipv4 ipv6 clear Clear Commands clear cflowd...

Страница 519: ...ble 16 Show Cflowd Collector Output Fields Label Description Host Address The IP address of a remote Cflowd collector host to receive the exported Cflowd data Port The UDP port number on the remote Cf...

Страница 520: ...collector Cflowd Collectors Host Address Port Version AS Type Admin Oper Sent 138 120 135 103 2055 v5 peer up up 1380 records 138 120 135 103 9555 v8 origin up up 90 records 138 120 135 103 9996 v9 up...

Страница 521: ...host Oper State The current operational status of this Cflowd remote collector host Records Sent The number of Cflowd records that have been transmitted to this remote collector host Last Changed The...

Страница 522: ...Oper State up Packets Sent 51 Last Changed 09 03 2009 17 24 04 Last Pkt Sent 09 03 2009 18 07 10 Template Set Basic Traffic Type Template Sent Sent Open Errors IPv4 09 03 2009 18 07 29 51 1 0 MPLS No...

Страница 523: ...sr 002 show cflowd interface 11 10 1 2 Label Description Interface Displays the physical port identifier IPv4 Address Displays the primary IPv4 address for the associated IP interface IPv6 Address Dis...

Страница 524: ...0 1 2 24 Interface Up Down Main 120 1 1 1 24 Filter Down Down New 120 2 1 1 24 Filter Up Up Interfaces 8 B sr12 002 status Syntax status Context show cflowd Description This command displays basic inf...

Страница 525: ...ds before template definitions are sent Cache Size The maximum number of active flows to be maintained in the flow cache table Overflow The percentage number of flows to be flushed when the flow cache...

Страница 526: ...Status Cflowd Admin Status Enabled Cflowd Oper Status Enabled Active Timeout 1 minutes Inactive Timeout 30 seconds Template Retransmit 60 seconds Cache Size 65536 entries Overflow 1 Sample Rate 1 Acti...

Страница 527: ...he decimal protocol number Total Flows Displays the total number of flows recorded since the last clearing of cflowd statistics with this protocol type Flows Sec Displays the average number of flows d...

Страница 528: ...ted since the cflowd top flow table was last cleared or initialized Output Tools Dump Cflowd Top Flows Output The following table describes the tools dump cflowd top flows output fields Table 20 Tools...

Страница 529: ...0 17 0x23 2001 0db8 85a3 0000 0000 8a2e 1234 5678 1234567890 1500 13600 S Port Src Port Displays the source protocol port number Msk Displays the route prefix length for route to source IP address AS...

Страница 530: ...pv6 clear Context tools dump cflowd Description This command displays packet size distribution for sampled IP traffic Values are displays in decimal format 1 0 100 500 50 Separate statistics are maint...

Страница 531: ...iption Clears the raw and aggregation flow caches which are sending flow data to the configured collectors This action will trigger all the flows to be discarded The cache restarts flow data collectio...

Страница 532: ...Page 532 7450 ESS OS Router Configuration Guide...

Страница 533: ...2385 Protection of BGP Sessions via MD5 RFC 2439 BGP Route Flap Dampening RFC 2547bis BGP MPLS VPNs RFC 2918 Route Refresh Capability for BGP 4 RFC 3107 Carrying Label Information in BGP 4 RFC 3392 Ca...

Страница 534: ...entication Confidentiality for OSPFv3 RFC 4659 BGP MPLS IP Virtual Private Network VPN Extension for IPv6 VPN RFC 5072 IP Version 6 over PPP RFC 5095 Deprecation of Type 0 Routing Headers in IPv6 draf...

Страница 535: ...PLS Extensions to LSP Ping RIP RFC 1058 RIP Version 1 RFC 2082 RIP 2 MD5 Authentication RFC 2453 RIP Version 2 TCP IP RFC 768 UDP RFC 1350 The TFTP Protocol Rev RFC 791 IP RFC 792 ICMP RFC 793 TCP RFC...

Страница 536: ...4619 Encapsulation Methods for Transport of Frame Relay over MPLS Networks draft ietf pwe3 frame relay 07 txt RFC 4446 IANA Allocations for PWE3 RFC 4447 Pseudowire Setup and Maintenance Using LDP dr...

Страница 537: ...logy OSI Structure of Management Information ITU T X 734 Information technology OSI Systems Management Event Report Management Function M 3100 3120 Equipment and Connection Models TMF 509 613 Network...

Страница 538: ...G MIB mib TIMETRA MIRROR MIB mib TIMETRA MPLS MIB mib TIMETRA NG BGP MIB mib TIMETRA OAM TEST MIB mib TIMETRA OSPF NG MIB mib TIMETRA OSPF V3 MIB mib TIMETRA PIM NG MIB mib TIMETRA PORT MIB mib TIMETR...

Страница 539: ...matching criteria DSCP values 350 IP 347 IP option values 352 MAC 348 packets 347 policies 335 policy entries 335 port based filtering 334 redirect policies 338 scope 358 services 336 configuring bas...

Страница 540: ...wner 241 virtual router 239 virtual router backup 241 virtual router master 240 VRID 242 configuring basic 263 command reference 278 IES parameters 269 non owner 269 owner 270 management tasks 273 ove...

Результаты поиска

Содержание 7450 ESS Series

Отзывы:

Похожие инструкции для 7450 ESS Series

Бренды по названию

Популярные бренды

Alcatel-Lucent 7450 ESS Series, Руководство по настройке

Результаты поиска

Содержание 7450 ESS Series

Отзывы:

Похожие инструкции для 7450 ESS Series

Бренды по названию

Популярные бренды