manualshive.com logo in svg

Allied Telesis AR400 Series, Руководство по выпуску

Серия Allied Telesis AR400 - это высококачественные коммутаторы для сетей среднего и крупного масштаба. Здесь вы можете скачать бесплатно руководство пользователя и релизные заметки к устройству. Посетите manualshive.com для загрузки.

Поделиться
Скачать
background image

160

Firewall Enhancements

Release Note

Software Version 2.8.1
C613-10477-00 REV B

Firewall Enhancements

This Software Version includes the following enhancements to the Firewall:

Firewall Licencing

Disabling SIP ALG Call ID Translation

Displaying SIP ALG Session Details

Firewall Policy Rules Expansion

Displaying a Subset of Policy Rules

This section describes the enhancements. The new and modified commands to 
implement them are described in 

Command Reference Updates

.

Firewall Licencing

By default, the AR415S allows up to 2000 firewall sessions, and the AR442S 
allows up to 4000 firewall sessions. Additional firewall sessions require a 
special feature licence. If you need more firewall sessions, contact your 
authorised distributor or reseller. Other products do not require special 
licences for firewall sessions.

Command changes

The following table summarises the modified command. 

Disabling SIP ALG Call ID Translation

This Software Version allows you to specify whether the SIP ALG translates the 
Call-ID field of SIP packets before sending them out onto the public network.

When NAT is configured on the router or switch, the SIP ALG translates the 
private IP addresses embedded in SIP packets into globally routable IP 
addresses before sending the packets out onto the public network. This 
includes changing the IP address part in the Call-ID field of the SIP packets. 
The device that initiated the SIP session creates the Call-ID field by combing a 
random number and the device’s IP address. Changing the IP address part in 
the Call-ID field provides security by not revealing the private IP addresses in 
your network through the Call-ID.

An example of a Call-ID field with a private address is:

[email protected]

The router or switch only translates the Call-ID when the device that initiated 
the SIP session is a device within its private network.

To specify whether the Call-ID field of SIP packets are translated before being 
sent out onto the public network, use the new command:

set firewall sipalg 

callidtranslation={on|off|yes|no|true|false}

Command

Change

show firewall

New output parameters

Содержание AR400 Series

Страница 1: ...vement 27 Route Update Queue Length 29 Removing a Description from a Switch Port 30 Securing a Single VLAN through Switch Filters 30 Change of Debug Command Syntax 32 Enhanced Static Switch Filtering on Ports within a Trunk Group 32 Ethernet Protection Switching Ring EPSR 32 Command Reference Updates 33 PPPoE Access Concentrator 47 Command Reference Updates 47 MSTP Enhancement 50 Command Reference...

Страница 2: ...103 Displaying Routes Learned from a Specific BGP Peer 104 Command Reference Updates 105 MLD and MLD Snooping Enhancements 112 MLD Packet Formats 112 ICMP type for MLDv2 Reports 112 MLD Snooping Group Membership Display 113 Change of Maximum Query Response Interval for MLD 113 Command Reference Updates 114 Extension to Range of Classifier fields for x900 Switches 117 Command Reference Updates 117 ...

Страница 3: ...187 Traps on OSPF state changes 188 Trap on VRRP topology changes 189 Traps on MSTP state and topology changes 189 Restart Log 190 Trap on Login Failures 190 VLAN based port state changes 190 Trap on Memory Levels 191 Command Reference Updates 192 CDP over WAN Interfaces 193 Command Reference Updates 193 Permanent Assignments on AR400 Series Routers 197 ...

Страница 4: ... be downloaded from the web site 2 Overview of New Features This section lists the new features and shows the product families on which each feature is supported 3 Descriptions of New Features These sections describe how to configure each new feature Caution Information in this document is subject to change without notice and does not represent a commitment on the part of Allied Telesis Inc While ...

Страница 5: ...81 rez 89 281a hlp x900 48FE 89 281 rez 89 281a hlp AT 9812T sb 281 rez 9812_281 00_en_d rsc 98 281a hlp AT 9816GB sb 281 rez 9816_281 00_en_d rsc 98 281a hlp Rapier 24i 86s 281 rez r24i_281 00_en_d rsc rp 281a hlp Rapier 48i 86s 281 rez r16i_281 00_en_d rsc rp 281a hlp Rapier16fi 86s 281 rez r48i_281 00_en_d rsc rp 281a hlp AT 8824 86s 281 rez 8824_281 00_en_d rsc 88 281a hlp AT 8848 86s 281 rez ...

Страница 6: ...ced Static Switch Filtering on Ports within a Trunk Group 9 9 9 9 9 Switching Ethernet Protection Switching Ring EPSR 9 9 9 MSTP MSTP Enhancement 9 9 9 9 9 9 9 STP STP Enhancement 9 9 9 9 9 9 9 9 Asyn Ports Making Asynchronous Ports Respond More Quickly 9 9 9 9 9 9 9 9 9 9 9 PPPoE PPPoE Access Concentrator 9 9 9 9 9 9 9 9 9 IGMP IGMP Proxy on x900 Series Switches 9 9 9 IGMP IGMP filtering extended...

Страница 7: ...erval for MLD 9 9 9 9 9 9 9 9 9 Classifier Extension to Range of Classifier fields for x900 Switches 9 9 9 QoS Port Groups 9 9 9 QoS Storm protection 9 9 9 SCP Configuring Secure Copy 9 9 9 9 9 9 9 9 9 9 9 SCP Loading using Secure Copy 9 9 9 9 9 9 9 9 9 9 9 SCP Uploading using Secure Copy 9 9 9 9 9 9 9 9 9 9 9 SSL SSL Counter Enhancement 9 9 9 9 9 9 9 9 9 9 9 Firewall Firewall Licencing 9 9 9 9 9 ...

Страница 8: ...ate and topology changes 9 9 9 9 9 9 9 SNMP MIBs Restart Log 9 9 9 9 9 9 9 9 9 9 9 SNMP MIBs Trap on Login Failures 9 9 9 9 9 9 9 9 9 9 9 SNMP MIBs VLAN based port state changes 9 9 9 9 9 9 9 9 9 9 9 SNMP MIBs Trap on Memory Levels 9 9 9 9 9 9 9 9 9 9 9 CDP CDP over WAN Interfaces 9 9 9 9 9 9 9 9 9 Permanent Assignments on AR400 Series Routers 9 AR400 AR7x5 AR750S Rapier AT 8800 AT 8700XL AT 8600 ...

Страница 9: ...s nam set sys nam Command Changes The following table summarises the modified commands Extended Monitoring of CPU Utilisation This Software Version includes a new feature for monitoring CPU utilisation You can now set the router or switch to capture data about which specific functions the CPU is executing and the level of instantaneous usage the CPU is experiencing This allows you in conjunction w...

Страница 10: ...ata entries are stored To stop capturing data and reset the start and stop parameters if they are set use the command disable cpu extended To remove data entries and reset the start and stop parameters in the activate cpu extended command use the command reset cpu utilisation This command interrupts active data capturing for a specific event However monitoring remains enabled and continues to coll...

Страница 11: ... data capturing If CPU utilisation falls below the stop percentage before the router or switch has 500 data entries then the router or switch resumes data capturing the next time utilisation reaches the start percentage When the router or switch has 500 entries it stops collecting data Example To capture extended CPU utilisation data when CPU utilisation exceeds 70 and until it falls below 50 use ...

Страница 12: ...n the MIB object sysContact If the new option none is specified no contact name is defined Any existing contact name is cleared The default is none set system location Syntax SET SYStem LOCation location NONE The location parameter specifies the location of the router or switch which is displayed in the output of the show system command stored in the MIB object sysLocation If the new option none i...

Страница 13: ... over last 5 minutes 100 Average since router restarted 5 Average over last 5 minutes 6 Average over last minute 7 Average over last 10 seconds 41 Average over last second 100 Extended CPU Information State Enabled Current Time 21 44 49 04aa9a34 2573941241 Current Install 54 281 rez 5012892 Start percent Stop percent msSM Timestamp Util Caller Return1 Return2 Return3 04aa9a34 2573927208 100 0021a3...

Страница 14: ...re the router or switch can begin capturing extended CPU utilisation data A shows if no percentage is set Stop percent Percentage of utilisation that the CPU must fall below before the router or switch stops capturing extended CPU utilisation data msSM Time when the router or switch captured the CPU utilisation sample The time format is milliseconds since midnight in hexadecimal notation Timestamp...

Страница 15: ... keywords in a command that define the object or details of the action Parameter values can be numbers or text or can come from a list of items Now you can set the syntax so that parameters and values can be separated by either one of the following an equals sign a single space The set command assignmentoperator command lets you change the syntax When using aliases we suggest you use the sign in t...

Страница 16: ...case sensitive Spaces must separate parameters Value The value assigned to a parameter Depending on the parameter a value can be an item from a list of option keywords a number arbitrary text Values are optional or required Enter values with the syntax parameter value or parameter value for details see Command Reference Updates Most values are not case sensitive except for text such as passwords O...

Страница 17: ... summarises the changes new and modified commands To move the cursor to the You could only press Now you can also press the beginning of the command line Ctrl A Home key end of the command line Ctrl E End key Command Description show command history New command that displays past commands Please note that it replaces the Ctrl C shortcut create config New set option that lets you set the switch to ...

Страница 18: ...curity officer privilege when the router or switch is in security mode Example To save the current dynamic configuration to a script file called test cfg use the command cre con test cfg Parameter Description CONfig Name of the configuration file or script to create If one already exists it is replaced The filename is in the format device filename ext and can be uppercase and lowercase letters dig...

Страница 19: ...ke care when using aliases because they match any whole word on the command line Therefore if you separate a parameter with a space a matching alias could erroneously be substituted for the value Note that certain command handlers such as those for STT PERM and ACC always require the sign Example To set the command processor so that you can enter a space between parameters and values on the comman...

Страница 20: ...h vrrp 20 134 sh vrrp 0 135 sh vrrp 21 136 sh vrrp 255 137 sh vrrp none 138 sh vrrp any 139 destroy qos queue2priomap queue 0 bwclass 2 vrrp none 140 destroy qos queue2priomap queue 0 bwclass 2 vrrp any 141 destroy qos queue2priomap queue 0 bwclass 2 vrrp 0 142 destroy qos queue2priomap queue 0 bwclass 2 vrrp 256 143 destroy qos queue2priomap queue 0 bwclass 2 vrrp 17 18 144 destroy qos queue2prio...

Страница 21: ...reset file permanentredirect New command show file permanentredirect New command Parameter Description FIle Name of the text file where you want to send output One is created if it does not already exist The filename is in the format device filename txt and can be uppercase and lowercase letters digits _ and space device indicates the physical location where the file is stored The default is flash...

Страница 22: ...ytes Parameter cont Description cont Parameter Description FIle Name of the text file that you want to create The filename is in the format device filename txt and can be uppercase and lowercase letters digits _ and space device indicates the physical location where the file is stored The default is flash Default no default FORCE Overwrites the text file if one already exists If force is not speci...

Страница 23: ... displays information about one text file or all that are permanently receiving output from commands or scripts Figure 3 Table 2 These files are typically created to collect data during debugging The file parameter displays information about a specific text file Figure 4 The filename option is in the format device filename txt and can be uppercase and lowercase letters digits _ and space Device in...

Страница 24: ...he command sh fi perm TTY Current Limit File Instance Size 17 12345 204800 bgp txt File bgp txt TTY Instance 17 Current Size 12345 Limit 204800 Input s COMMAND enable bgp debug all Table 2 Parameters in output of the show file permanentredirect command Parameter Meaning TTY Instance Instance number for the TTY device Current Size Size of the text file in bytes Limit Limit of file size in bytes set...

Страница 25: ...which adds complexity to the filtering process when packets are being sent between instances This Software Version allows you to select between two modes of using classifier based packet filtering in 48 port switches port specific filters first or non port specific filters first You can select different modes using the new set switch hwfilter mode command Selecting the right mode when setting up c...

Страница 26: ...filter when the packet travels between ports on different switch instances When to Use Non Port Specific Mode Use the non port specific npsf mode when you want port specific filters to override the non port specific filters for certain circumstances In the following example the second port specific filter stops the first non port specific filter from discarding packets from port 50 create class 1 ...

Страница 27: ...valent to entering the disable switch port command linkDown The port is physically disabled and the link is down This is equivalent to entering the disable switch port link disabled command vlanDisable The port is disabled only for the VLAN on which thrashing has occurred It can still receive and transmit traffic for any other VLANs of which it is a member When a MAC address is thrashing between t...

Страница 28: ...n has been applied the port is automatically re enabled when the defined timeout expires You cannot manually re enable the port Port Types Limiting rapid MAC movement is supported on all port types It is also supported on trunked ports Command Changes The following table summarises the new and modified commands Command Change create switch trunk New thrashaction parameter New thrashtimeout paramet...

Страница 29: ...witch hwrouteupdate 1 maximum The maximum depends on the amount of memory on the switch as shown in the table above The purpose of this feature is to enable you to tune the balance between the memory that the route update process uses and the speed with which large route updates are processed Output of the show switch command has been expanded to display information about the queue settings Comman...

Страница 30: ...ing vlansecure on page 31 Without this enhancement the default situation a switch filter only allows a host to access the network through a particular port on the switch For example if you have a PC connected to port 15 in vlan2 and define the following filter the PC can only communicate when it is connected to port 15 add switch filter entry 0 dest pc mac address vlan 2 port 15 action forward Wit...

Страница 31: ... To display which mode the filtering behaviour is in use the existing command show switch filter This command now displays the additional field VlanSecure which is either DISABLED or ENABLED Command Changes The following table summarises the new and modified commands swi filter Default behaviour vlansecure enabled port 15 port 16 vlan2 vlan1 Securing only the VLAN vlansecure disabled port 15 port ...

Страница 32: ... goes link down the router or switch drops any traffic that is forwarded by a static switch filter out of that port In this Software Version when a port that is part of a trunk group goes link down the router or switch modifies any static switch filters defined to forward traffic out of that port It modifies the egress port for the switch filter entry to a port which is link up within the trunk gr...

Страница 33: ...wn to disable all ports in the thrashing trunk until either the period specified by the thrashtimeout parameter has elapsed or until the ports or subset of ports in the trunk are re enabled by the enable switch port command If linkdown is specified the link state is down if portdisable is specified the link state remains up vlandisable to block all traffic on the VLAN where the address was learned...

Страница 34: ...rt list ALL VLAN vlan name 1 4094 ALL where port list is a port number range specified as n m or comma separated list of numbers and or ranges Port numbers start at 1 and end at m where m is the highest numbered Ethernet switch port including uplink ports vlan name is a unique name from 1 to 32 characters Valid characters are uppercase and lowercase letters digits the underscore and hyphen Descrip...

Страница 35: ...cessing that VLAN not other VLANs Example To turn on the default filtering behaviour use the command ena swi fil vlan enable switch port vlan Syntax ENAble SWItch POrt port list ALL VLAN vlan name 1 4094 ALL where port list is a port number range specified as n m or comma separated list of numbers and or ranges Port numbers start at 1 and end at m where m is the highest numbered Ethernet switch po...

Страница 36: ...to none to apply no thrash limiting on the trunk learndisable to disable MAC address learning on all ports in the thrashing trunk until the period specified with the thrashtimeout parameter has elapsed The default is learndisable portdisable or linkdown to disable all ports in the thrashing trunk until either the period specified by the thrashtimeout parameter has elapsed or until the ports or sub...

Страница 37: ...ific filters for certain circumstances If you add a port specific filter after the non port specific filters the router or switch may still use a matching non port specific filter when the packet travels between ports on different switch instances When you specify npsf the router or switch expects non port specific filters to be entered first Use this mode when you want port specific filters to ov...

Страница 38: ...n the router or switch takes when it detects MAC address thrashing on a port Thrashing occurs when one or more ports repeatedly learn the same MAC addresses for example as a result of a network loop Take care with the thrashaction parameter because misuse can impair your network operation Set the thrashaction parameter to none to apply no thrash limiting to the port learndisable to disable MAC add...

Страница 39: ...en ports in one second When the specified limit is reached the thrashaction specifed with the set switch port command is applied The default thrashlimit is 10 Example To set the switch thrash limit to 100 MAC movements per second use the command set swi thrashl 100 set switch trunk Syntax SET SWItch TRunk trunk SPeed 10M 100M 1000M 10G THRASHAction LEarndisable LINKDown NONE POrtdisable VLANdisabl...

Страница 40: ...hrashaction vlandisable ingress filtering is automatically enabled on all ports in the trunk The thrashtimeout parameter specifies the time in seconds for which the switch employs the thrash action specified by the thrashaction parameter The thrashtimeout cannot be set to none if thrashaction learndisable If thrashtimeout none and thrashaction is then changed to learndisable then the router or swi...

Страница 41: ...the trunk Disable Learning Learning is disabled on all ports in the trunk Disable Port All ports in the trunk are disabled but the links will remain up Link Down All ports in the trunk are disabled and the links will go down Disable Vlan All ports in the trunk are disabled for the VLAN that thrashing occurring on Address learn thrash timeout The thrashtimeout value to apply to any trunks created b...

Страница 42: ... the show switch command when hardware learning delay is enabled Switch Configuration Switch Address 00 00 cd 12 78 03 Learning ON Ageing Timer ON IP route Learn delay 4 ms queue size 0 queue limit 1000000 percent in use 0 high water mark 0 queue maximum 1500000 queue default 1000000 Updating hardware status 0 Pending ...

Страница 43: ... number of messages that have been seen on the queue since the switch last started up Queue maximum The maximum value to which you can set the queue size This depends on the amount of memory installed on the switch Queue default The default maximum number of entries in the queue This depends on the amount of memory installed on the switch Updating hardware status The number of entries that the sof...

Страница 44: ...outer or switch and a summary of the current filters Figure 9 Modified example output from the show switch hwfilter command Switch Filters VlanSecure ENABLED Entry VLAN Destination Address Port Action Source 0 default 1 aa ab cd 00 00 01 1 Forward static 1 default 1 aa ab cd 00 00 02 1 Forward static 0 marketing 2 aa ab cd 00 00 01 2 Discard static 1 marketing 2 aa ab cd 00 00 02 2 Discard learn T...

Страница 45: ...o intranet hub port 49 Status ENABLED Link State Up UpTime 02 35 26 Port Media Type ISO8802 3 CSMACD Configured speed duplex Autonegotiate Actual speed duplex 1000 Mbps full duplex MDI Configuration Polarity Manual MDI Loopback Off Configured master slave mode Not applicable Actual master slave mode Not applicable Acceptable Frames Type Admit All Frames Disabled egress queues Q0 Q3 4 BCast MCast r...

Страница 46: ...ken when the address learn thrash limit is exceeded Disable Learning Address learning on the port is temporarily disabled Disable Port The port is disabled but the link remains up Link Down The port is disabled and the link is down Disable VLAN The port is disabled for the VLAN on which thrashing is occurring Address learn thrash timeout The time in seconds for which a port remains disabled after ...

Страница 47: ...e to connect to the router or switch using this service To allow a PPPoE host to be defined on the router or switch as well as on an Access Concentrator service the acinterface parameter must be used The acinterface parameter specifies the interface to be used by the Access Concentrator service If none is specified the Access Concentrator service uses all valid interfaces A service can be offered ...

Страница 48: ...e specified in the add ppp acservice command If multiple interfaces exist for the service you are prompted to specify an acinterface The default is none The acinterface parameter supercedes the now deprecated vlan parameter in this command set ppp acservice Syntax SET PPP ACservice service name ACRadius OFF ON MAXSessions 1 512 TEMPlate ppp template ACINTerface NONE interface Where interface is an...

Страница 49: ...tput from the show ppp pppoe command PPPOE PPP1 Service Name bob Peer Mac Address 00 00 cd 00 ab a3 Interface eth0 Session ID a1a3 Maximum Segment Size 1292 Access Concentrator Mode Enabled Services bob Max sessions 2 Current Sessions 1 Template 1 Interface eth1 MAC RADIUS Authentication YES carol Max sessions 5 Current Sessions 0 Template 1 Interface vlan1 MAC RADIUS Authentication YES PPPOE Coun...

Страница 50: ...orter alternative to using the disable mstp cist port command followed by the disable mstp msti port command Example To disable the CIST and all MSTIs on ports 10 15 use the command dis mstp po 10 15 enable mstp port Syntax ENAble MSTP POrt port list ALL where port list is a port number range specified as n m or comma separated list of port numbers and or ranges Port numbers start at 1 and end at ...

Страница 51: ...escription The output of this command includes a new field Figure 12 Example output from the show stp port rstpstate command Command Change show stp port New Port field in output RSTP State Information STP Name default Bridge Level State Machine STATE Port Role Selection Role Selection Port 1 Port State Machines STATE Port Information Disabled Port Role Transitions Blocked Port Port State Transiti...

Страница 52: ...t However bundling reduces terminal responsiveness A ten timer value of 100 milliseconds is generally a good compromise between responsiveness and processing overhead If you need to increase the port s responsiveness this enhancement enables you to reduce the length of the ten timer To do this use the new tentimervalue parameter in the set asyn command set asyn port number tentimervalue 20 100 oth...

Страница 53: ...Character HArdware None PAGe 0 99 OFF PARity Even Mark None Odd SPace PRompt prompt DEFault OFf SECure ON OFf YES NO True False SERvice service name None SPeed AUTO 75 110 134 5 150 300 600 1200 1800 2000 24 00 4800 9600 14400 14 4K 19200 19 2K 28800 28 8K 38400 38 4K 57600 57 6K 115200 115 2K STopbits 1 2 TENtimervalue 20 100 TIMeout 1 65535 TYpe Dumb VT100 Description The new tentimervalue param...

Страница 54: ...are Autobaud mode disabled Max tx queue length 16 TX queue length 3 Transmit frame none RX queue length 0 IP address none Max transmission unit 1500 Ten timer value 100 Table 12 New parameters in the output of the show asyn port number command Parameter Meaning Ten timer value The length of the ten timer in milliseconds When an asynchronous port is in ten mode it bundles together the characters th...

Страница 55: ...E x900 48FE N AT 9924T AT 9924SP AT 9924T 4SP x900 24XT x900 24XT N In a network with a simple tree topology you can use IGMP proxy to simplify the configuration of multicast routing The router or switch at the root of the tree must run a multicast routing protocol but all other routers and switches in the network can be configured as IGMP proxy agents The IGMP proxy agent must be configured with ...

Страница 56: ...and on the interface for IGMP proxy to function When this message Is received on this interface Then the IGMP proxy agent Report downstream adds the membership subscription to the multicast group membership database forwards the report message on the upstream interface if the membership subscription is for a new multicast group upstream discards the message without processing Leave downstream remo...

Страница 57: ...ltering extended to all IGMP message types IGMP filtering lets you manage the distribution of multicast services on each switch port by controlling which multicast groups the hosts attached to a switch port can join IGMP filtering is applied to multicast streams forwarded by IGMP IGMP Snooping or MVR Filtering of IGMP membership reports was supported in a previous software version This software ve...

Страница 58: ...padd ipadd ipadd msgtype query report leave action include exclude To remove a filter from a switch port use the command set switch port port list all igmpfilter none other options To destroy a filter first remove the filter from all ports that it is applied to then use the command destroy igmp filter filter id To display information about IGMP filters use the command show igmp filter filter id To...

Страница 59: ...erval use the command set ip igmp interface interface querytimeout none 0 1 65535 To display information about IGMP and the IGMP proxy agent use the command show ip igmp Command Changes The following table summarises the new and modified commands Message IGMP No general query within time interval seconds on interface Severity 5 IMPORTANT Module 5 IPG Log Type 021 MSGS Log Subtype 002 WARN Recommen...

Страница 60: ...group address or a range of IP multicast group addresses to match Set groupaddress to 0 0 0 0 to filter IGMP general query messages a multicast address or a range of multicast addresses to filter IGMP group specific query messages report messages and leave messages The action parameter specifies the action to take when an IGMP message with a message type matching msgtype and a group address matchi...

Страница 61: ... decimal notation Description The new igmpproxy parameter specifies the status of IGMP proxying for the specified interface If you specify off the interface does not do IGMP Proxy If you specify upstream the interface passes IGMP messages in the upstream direction A router or switch can have only one interface when the IGMP proxy direction is upstream If you specify downstream the interface can re...

Страница 62: ...concatenating a Layer 2 interface type an interface instance and optionally a hyphen followed by a logical interface number from 0 to 15 If a logical interface is not specified 0 is assumed Description This new command enables the monitoring of incoming IGMP general query messages on an interface and generates a log message and an SNMP trap if an IGMP general query message is not received on the i...

Страница 63: ...tric 1 16 SAMode Block Passthrough VJC False NO OFF ON True YES VLANPRiority 0 7 None VLantag 1 4094 None where interface is an interface name formed by concatenating a Layer 2 interface type an interface instance and optionally a hyphen followed by a logical interface number from 0 to 15 If a logical interface is not specified 0 is assumed ipadd is an IP address in dotted decimal notation Descrip...

Страница 64: ...opped 0 Table 13 New parameters in the output of the show igmp filter command Parameter Meaning Msg Type The type of IGMP message being filtered by this entry one of Leave Query or Report Reports Queries Leaves The total number of IGMP messages of the specified type that were received and processed on all the switch ports that this filter is attached to Recd The number of IGMP messages of the spec...

Страница 65: ...Robustness Variable 2 Query Response Interval 100 1 10secs Disabled All groups ports 1 5 7 Interface Name vlan1 DR Status Enabled Other Querier timeout 164 secs IGMP Proxy Upstream General Query Reception Timeout None Group List Group 224 0 1 22 Last Adv 10 194 254 254 Refresh time 184 secs Ports 24 Group 224 0 1 22 Static association Refresh time Infinity Ports 11 14 17 19 Static Ports 17 19 All ...

Страница 66: ...physical interface This Software Version expands logical Ethernet interfaces not VLAN to 1000 per physical eth interface Logical Eth interfaces can be numbered from 0 to 999 for example eth0 0 to eth0 999 Note that if you use the GUI to view interfaces and have configured a large number the Interface page may take several minutes to display The add ip interface and set ip interface commands reflec...

Страница 67: ...raffic policy priority routing The type parameter is optional to ensure that this Software Version is backwards compatible with configuration scripts written using an earlier Software Version When type is not specified the router or switch determines the filter type based on the value of the filter number and the specified parameters Filters with a specified policy parameter are policy filters Fil...

Страница 68: ...address it broadcasts an ARP Request message over the egress IP interface If the router or switch does not receive a reply within a particular time it notifies the sending device that the destination is unknown This enhancement lets you increase the length of time that the router or switch waits for a response which is useful for routers or switches that communicate with devices that are slow to r...

Страница 69: ... feature is enabled you can add an ARP entry with a multicast MAC address using the add ip arp command Accepting Packets with Conflicting Addresses Enabling macdisparity also allows the router or switch to accept packets with conflicting IP and MAC addresses Normally the router or switch discards these packets as being invalid Conflicting IP and MAC addresses include A multicast IP address with a ...

Страница 70: ...errupted when a port within a trunk group goes link down In previous Software Versions when a port that is part of a trunk group goes link down the router or switch drops any traffic that is forwarded by a static ARP entry out of that port In this Software Version when a port that is part of a trunk group goes link down the router or switch modifies any static ARP entries defined to forward traffi...

Страница 71: ...NTry 1 255 Policy filter ADD IP FILter 0 999 POLIcy 0 15 SOurce ipadd TYPE POLIcy SMask ipadd SPort port name port id DEStination ipadd DMask ipadd DPort port name port id ICMPCode icmp code name icmp code id ICmptype icmp type name icmp type id LOG 4 1600 Dump Header None OPtions False OFF ON NO True YES PROTocol protocol Any Icmp Ospf Tcp Udp SEssion Any Established Start SIze size ENTry 1 255 P...

Страница 72: ...ed the router or switch determines the filter type based on the IP filter number and the specified parameters Filters with a specified policy parameter are policy filters Filters with a specified priority parameter are priority filters Filters with a specified action parameter are either traffic or routing filters If the filter number set is between 0 to 99 they are traffic filters between 100 to ...

Страница 73: ...igured on the router or switch use the command ena ip mac reset ip counter Syntax RESET IP COUnter ALL ARP CAChe ICmp INTerface IP MULticast ROUt e SNmp UDP Description This command sets IP counters to zero The counter parameter specifies particular counters depending on the option and all resets all of them You can now specify cache as an option for the counter parameter Example To reset the IP r...

Страница 74: ...de icmp code name icmp code id ICmptype icmp type name icmp type id LOG 4 1600 Dump Header None OPtions False OFF ON NO True YES PROTocol protocol Any Icmp Ospf Tcp Udp SEssion Any Established Start SIze size ENTry 1 255 Description This command changes a pattern in an IP traffic filter policy filter priority filter or routing filter You can now specify a greater range of filter numbers in the set...

Страница 75: ... 168 1 1 ppp0 Secondary Name Server Not Set Source Routed Packets Discarded Remote IP address assignment DISABLED DNS Relay DISABLED IP ARP LOG ENABLED IP ARP refresh by hit ENABLED IP MAC address disparity DISABLED Routing Protocols RIP Neighbours 0 EGP Status DISABLED Autonomous System Number Not Set Transfer RIP to EGP Disabled ARP aging timer multiplier 4 1024 2048 secs Arp wait timeout 1 secs...

Страница 76: ...3 eth0 2 Forward 1 3 10 1 1 4 192 168 100 3 eth0 3 Forward 1 3 10 1 1 5 192 168 100 3 eth0 4 Forward 1 3 10 1 1 6 192 168 100 3 eth0 5 Forward 1 3 10 1 1 7 192 168 100 3 eth0 6 Forward 1 3 10 1 1 8 192 168 100 3 eth0 7 Forward 1 3 10 1 1 9 192 168 100 3 eth0 8 Forward 1 3 10 1 1 10 192 168 100 3 eth0 9 Forward 1 3 10 1 1 11 192 168 100 3 eth0 10 Forward 1 3 Table 16 Parameters in output of the new...

Страница 77: ...put from the show ip counter cache command Type One of the following Forward Local GenBcast SpcBcast MultOsp MultLmtd MultNorm MultLocl Age Age of the entry which increases over time but is reduced when the entry is used Count Number of times the entry was found Table 16 Parameters in output of the new show ip cache command cont Parameter Meaning Cache Counters hits 304 rejects 0 deletes 0 Table 1...

Страница 78: ...est Address Dest Mask Prot C T Options Pattern Type Act Pol Pri Logging Matches 2 Traffic 1 Any 192 168 166 2 255 255 255 255 Any Yes Any 192 168 163 39 255 255 255 255 Any No General Include Off 0 2 Any 192 168 163 21 255 255 255 255 Any Yes 23 192 168 163 39 255 255 255 255 TCP No General Exclude Off 0 Requests 0 Passes 0 Fails 0 Table 18 New parameters in output of the show ip filter command Pa...

Страница 79: ...Download upload of files using the Trivial File Transfer Protocol SNMP Transfer of device management data using the Simple Network Management Protocol DHCP SVR External network node configuration by the router or switch acting as a Dynamic Host Configuration Protocol Server DHCP CLT Communications by the router or switch when acting as a client using the Dynamic Host Configuration Protocol BOOTP C...

Страница 80: ...rsion enables you to display the state of all active UDP over IPv6 sessions by using the following new command show ipv6 udp Command Changes The following table summarises the new command IPv6 Tunnel Expansion This Software Version increases the maximum number of simultaneous IPv6 tunnels available on these routers from 100 to 256 AR770S AR750S Static IPv6 tunnels and 6 to 4 tunnels share this res...

Страница 81: ...outer or switch for the given process A blank address indicates that the UDP session is active but either no packets have been transmitted yet or packets have been transmitted without specifying the source IP address Remote Port The UDP port number used for the UDP session on the remote device A value of zero indicates that UDP packets from any remote port will be accepted for the session Process ...

Страница 82: ...des control and payload messages into a human readable format For control packets all of the message is decoded For payload packets only the header is decoded The first 64 bytes of the encapsulated frame is also displayed but remains in hexadecimal format For an example of decoded control and payload packets see the enable l2tp debug command in the Command Reference Updates section To disable deco...

Страница 83: ... Proxy Authentication responses from the router or switch You can now disable Proxy Authentication on the router or switch for situations where the third party equipment is not compatible Use proxyauth off in the command add l2tp ip ipadd ipadd ppptemplate 0 31 number off on startup pre13 off on proxyauth off on tosreflect off on false true no yes The default for proxyauth is on Proxy Authenticati...

Страница 84: ...disable l2tp debug Syntax DISable L2TP DEBug ALL DECode PKT STAte CALL 1 65535 TUNnel 1 65535 Parameter Description PROXYAuth Whether the router or switch acting as an LNS performs Proxy Authentication of the PPP user if the LAC provides Authentication information Default on ON The LNS performs Proxy Authentication OFF The LNS does not perform Proxy Authentication Parameter Description DEBug The d...

Страница 85: ...ter this time all debugging modes are automatically disabled Default no time limit set debugging continues until turned off using the disable l2tp debug command 18 07 20 L2TP DECODE Rx TID 0 CID 0 from 192 168 1 1 1701 Header Version 2 Type Control Flags T L S Length 107 Tunnel ID 0 Session ID 0 Sequence Numbers Ns 0 Nr 0 Attribute Value Pairs AVPs Message Type 0 Flags M Len 8 Value SCCRQ Protocol...

Страница 86: ...ted the packet to a peer Rx Indicates that the router or switch received the packet from a peer TID The local tunnel ID number associated with the packet CID The local call ID number associated with the packet The first packet received from a peer will state the IP range and port number of the call instead of a call ID number Header Header information for the packet This specifies the version type...

Страница 87: ...ToS Reflect off Proxy Authentication on Table 22 Parameters in the output of the show l2tp ip command Parameter Meaning Proxy Authentication Whether the router or switch acting as an LNS performs Proxy Authentication for the PPP user if the LAC provides Authentication information one of on or off Tunnel ID 3 State established Started 08 Apr 2006 11 04 50 Debug decode Table 23 Parameters in the out...

Страница 88: ...all command for a specific call Call ID 52221 Tunnel ID 19223 Server Type LAC Started 01 Apr 2006 16 45 51 Username not set Sequence Numbers off Debug decode Table 24 Parameters in the output of the show l2tp tunnel call command for a specific call Parameter Meaning Debug Whether debugging is disabled or enabled on the tunnel If enabled the type of debugging is displayed one of state packet or dec...

Страница 89: ...SSA border router using the commands add ospf area backbone area number stubarea nssa nssastability 1 3600 nssatranslator candidate always other options set ospf area backbone area number stubarea nssa nssastability 1 3600 nssatranslator candidate always other options If you set nssatranslator to always the NSSA router will unconditionally translate Type 7 LSAs as long as it has NSSA border router...

Страница 90: ...ability parameter This allows a more stable transition to the newly elected translator and minimises excessive flushing of translated Type 7 LSAs The nssatranslator and nssastability parameters are only valid when stubarea is set to nssa You can display the current translator role for an area using the command show ospf area area number You can display the current translator role for all areas usi...

Страница 91: ...f redistribute protocol bgp interface rip static To change a route redistribution definition use the command set ospf redistribute protocol bgp interface rip static other options To display the currently configured route redistribution definitions use the command show ospf redistribute Interaction with global OSPF parameters You can still use the asexternal bgpfilter bgpimport bgplimit rip and sta...

Страница 92: ...erface routes and the advertisement of external routes If you set asexternal to on or nssa OSPF imported interface routes for interfaces that were not OSPF interfaces with the following exceptions Routes that were Local and within an active OSPF range Routes that exactly matched an OSPF host or stub network These routes were advertised as a stub link in the router LSA of the area to which the acti...

Страница 93: ...ic range for metric and tag parameters delete ospf redistribute New bgp interface and rip options for protocol parameter disable ospf debug New redistribute option for debug parameter enable ospf debug New redistribute option for debug parameter set ospf Modified behaviour of asexternal bgpimport rip and staticexport parameters set ospf redistribute New bgp interface and rip options for protocol p...

Страница 94: ... router status If you specify candidate the router or switch will participate in the NSSA translator election process The NSSA border router with the highest router identifier is elected as the translator Once elected the router or switch will translate Type 7 LSAs until it loses border router status or another NSSA border router with a higher router identifier is elected as the translator The def...

Страница 95: ...statically configured routes The new limit parameter specifies the maximum number of routes that can be redistributed into OSPF for the specified protocol The default is 1000 If you add a BGP redistribution definition the limit parameter overwrites the setting of the bgplimit parameter in the set ospf command on page 97 The modified metric parameter specifies the route metric that OSPF assigns to ...

Страница 96: ...bug Syntax DISable OSPF DEBug ALL IFSTate NBRSTate PACket REDistribute SPF STA te Description The modified debug parameter specifies the debugging options to disable If all is specified all debugging options are disabled If ifstate is specified interface state debugging is disabled If nbrstate is specified neighbour state debugging is disabled If packet is specified OSPF packet debugging is disabl...

Страница 97: ...STUB ASExternal NONE NO OFF False INRoutemap routemap NONE METRIC 0 16777215 PASSiveinterfacedefault ON OFF True False YES NO REFBANDWIDTH 10 10000 RIP OFF EXport IMport BOTH ROuterid ipadd PTPStub ON OFF YES NO True False STATicexport YES NO TYPE 1 2 where ipadd is an IP address in dotted decimal notation routemap is the name of an IP route map Description No parameters or options have changed Ho...

Страница 98: ... NSSA The nssatranslator parameter is only valid when stubarea is set to nssa The new nssastability parameter specifies the additional time in seconds that the router or switch will continue to translate Type 7 LSAs after losing the translator role An elected translator loses its translator role when another NSSA border router with a higher router identifier is elected as translator or an NSSA rou...

Страница 99: ...ype 1 routes or metric2 for Type 2 routes If you assign a route map that sets the metric the route map overrides the setting in this parameter The default is 20 The modified tag parameter specifies a number OSPF uses to label routes that it redistributes If you specify original the original route tag is preserved in the redistributed route If you assign a route map that sets the tag the route map ...

Страница 100: ... count 10 LSA sum of checksums 345bf Ranges Range 192 168 25 0 Mask 255 255 255 0 Range 192 168 250 0 Mask 255 255 255 0 Interfaces ppp23 Type Point to point State ptp eth0 Type Broadcast State otherDR Table 25 New parameters in output of the show ospf area command for a specific area Parameter Meaning Role NSSA translator role one of CANDIDATE or ALWAYS This field is only displayed when NSSA is Y...

Страница 101: ...g source from which OSPF imports the routes for this redistribution definition one of BGP Interface RIP or Static Metric The route metric that OSPF assigns to routes that it redistributes from this protocol or Original if the original route metric is preserved Tag The numeric tag that OSPF uses to label routes that it imports from this protocol or Original if the original tag is preserved Type The...

Страница 102: ...totallimit 0 1000 Thresholds Together the backoff and low parameters create upper and lower thresholds which trigger and maintain BGP backoff When memory usage exceeds the upper threshold BGP backoff is triggered BGP continues to back off until memory usage falls below the lower threshold At this stage BGP begins processing again unless the total or consecutive backoff limits were reached Both thr...

Страница 103: ... The enhanced parameters add bgp peer ipadd description none description inroutemap none routemap outroutemap none routemap other options set bgp peer ipadd description none description inroutemap none routemap outroutemap none routemap other options peertemplate template definitions The enhanced parameters add bgp peertemplate 1 30 description none description inroutemap none routemap outroutemap...

Страница 104: ...ck the new Routes learned field Displaying Information about Routes from a Peer To display information about each route learned from a specific peer use the new peer parameter in the command show bgp route prefix peer ipadd other optional parameters Command Changes The following table summarises the modified commands Command Change add bgp peer New none option for description inroutemap and outrou...

Страница 105: ...Fault 0 3600 NEXthopself NO YES OUTFilter NONE prefixlist name OUTPathfilter NONE 1 99 OUTRoutemap NONE routemap PASSword password PRIVateasfilter NO YES SENdcommunity NO YES ADD BGP PEer ipadd POLICYTemplate 1 30 REMoteas 1 65534 AUthentication MD5 NONE DEFaultoriginate NO YES DESCription NONE description EHOps DEFault 1 255 FASTFallover NO YES PASSword password Parameter Description DESCription ...

Страница 106: ...backoff BGP backoff delays BGP processing when the system memory utilisation is high BGP backoff is disabled by default however it automatically enables the first time a peer is added Example To disable BGP backoff use the command dis bgp bac Parameter Description DESCription A description for the peers that use the template which has no effect on their operation The new none option allows you to ...

Страница 107: ... BACkoff 20 100 BASEtime 0 100 CONSecutive 0 1000 LOW 15 99 MULtiplier 1 1000 STep 1 1000 TOTallimit 0 1000 Example To back BGP processing off when the system memory is 90 utilised and reinstate it when system memory is at 80 use the command set bgp bac 90 low 80 Parameter Description BACkoff The percentage of total system memory use that triggers BGP to back off from 20 to 100 This must be set hi...

Страница 108: ...ES SET BGP PEer ipadd POLICYTemplate 1 30 AUthentication MD5 NONE DEFaultoriginate NO YES DESCription NONE description EHOps DEFault 1 255 FASTFallover NO YES PASSword password REMoteas 1 65534 Example To remove the outroutemap for a BGP peer whose IP address is 192 168 1 1 use the command set bgp pe 192 168 1 1 outr none Parameter Description DESCription A description of the peer which has no eff...

Страница 109: ...1 99 OUTRoutemap NONE routemap PRIVateasfilter NO YES SENdcommunity NO YES Parameter Description DESCription A description for the peers that use the template which has no effect on their operation The new none option allows you to not specify a description or remove a previously specified description Default none INRoutemap The route map that filters and or modifies prefixes from peers that use t...

Страница 110: ...stablished if peers are disabled BACKED OFF is displayed when system memory use has reached its upper threshold and BGP processing is halted PEER DISABLED is displayed when the consecutive or total backoff limits have been reached and system memory use is still above the lower threshold DISABLED is displayed when backoff functionality has been disabled by the user Mem Upper Threshold Value The per...

Страница 111: ... switch only displays routes that it learned from that peer If you specify the router or switch s router ID it displays all locally originated routes The peer parameter has no default Note that this enhancement did not change any fields in the output of the show bgp route command it simply provides another method of filtering the displayed routes Peer 192 168 10 1 Description State Idle Policy Tem...

Страница 112: ...op limit of 1 a link local source address and the other format requirements of RFC 3810 This enhancement did not affect any commands ICMP type for MLDv2 Reports MLD Report messages now have an ICMP type of 143 by default as specified by RFC 3810 The previous value was 255 If you need to maintain backwards compatibility with earlier releases that use an ICMP type of 255 you can do so by using the n...

Страница 113: ...summarises the modified command Change of Maximum Query Response Interval for MLD This Software Version changes the valid range for the MLD query response interval The maximum interval is now 8387 seconds in accordance with RFC 2710 To set the query response interval use the command set ipv6 mld qrinterval 1 8387 Note that if the router or switch acts as an MLDv1 querier and qrinterval is set to m...

Страница 114: ...s the interface can process MLDv2 reports that have an ICMP type of 255 This is compatible with early Allied Telesis implementations of MLD If you specify no the interface can only process MLD Report messages that have an ICMP type of 143 as specified by RFC 3810 The default is no set ipv6 mld Syntax SET IPV6 MLD ROBustness 2 65535 DEFault QINterval 1 65535 DEFault QRInterval 1 8387 DEFault SQInte...

Страница 115: ... in Figure 32 and the new output is in Figure 33 In this example port 9 is in the All Routers group and is shown in bold MLD Protocol Status ENABLED Robustness 2 Query Interval 125 secs Query Response Interval 10 secs Startup Query Interval 31 secs Startup Query Count 2 Last Listener Query Interval 1 secs Last Listener Query Count 2 Interface vlan100 Version 2 V2 Draft Compatible NO Is querier YES...

Страница 116: ...le output from the show mldsnooping command Figure 33 New example output from the show mldsnooping command Interface vlan300 vlan300 Multicast Address All Routers Ports 9 Multicast Address ff01 1 0 0101 Ports 1 2 9 Interface vlan300 vlan300 Multicast Address All Routers Ports 9 Multicast Address ff01 1 0 0101 Ports 1 2 ...

Страница 117: ...d Reference Updates This section describes the changed portions of modified commands and output screens The new parameters and options are shown in bold for modified commands Command Change create classifier New parameters macsmask macdmask tcpflags icmptype icmpcode igmptype eipbyte01 16 set classifier New parameters macsmask macdmask tcpflags icmptype icmpcode igmptype eipbyte01 16 show classifi...

Страница 118: ...TE07 byteoffset bytevalue bytemask EIPBYTE08 byteoffset bytevalue bytemask EIPBYTE09 byteoffset bytevalue bytemask EIPBYTE10 byteoffset bytevalue bytemask EIPBYTE11 byteoffset bytevalue bytemask EIPBYTE12 byteoffset bytevalue bytemask EIPBYTE13 byteoffset bytevalue bytemask EIPBYTE14 byteoffset bytevalue bytemask EIPBYTE15 byteoffset bytevalue bytemask EIPBYTE16 byteoffset bytevalue bytemask where...

Страница 119: ...ot been specified or ipprotocol igmp has been specified If any is specified the IGMP type is ignored The default is any The eipbyte01 to eipbyte16 parameters each specify the properties of a single byte field to match in the Layer 3 header and data of a non IPv4 and non IPv6 packet The eipbyte01 parameter must be used as the first byte field and additional byte fields must increment sequentially f...

Страница 120: ...BYTE02 byteoffset bytevalue bytemask EIPBYTE03 byteoffset bytevalue bytemask EIPBYTE04 byteoffset bytevalue bytemask EIPBYTE05 byteoffset bytevalue bytemask EIPBYTE06 byteoffset bytevalue bytemask EIPBYTE07 byteoffset bytevalue bytemask EIPBYTE08 byteoffset bytevalue bytemask EIPBYTE09 byteoffset bytevalue bytemask EIPBYTE10 byteoffset bytevalue bytemask EIPBYTE11 byteoffset bytevalue bytemask EIP...

Страница 121: ...offset bytevalue bytemask EIPBYTE05 byteoffset bytevalue bytemask EIPBYTE06 byteoffset bytevalue bytemask EIPBYTE07 byteoffset bytevalue bytemask EIPBYTE08 byteoffset bytevalue bytemask EIPBYTE09 byteoffset bytevalue bytemask EIPBYTE10 byteoffset bytevalue bytemask EIPBYTE11 byteoffset bytevalue bytemask EIPBYTE12 byteoffset bytevalue bytemask EIPBYTE13 byteoffset bytevalue bytemask EIPBYTE14 byte...

Страница 122: ...ETHII UNTAGGED Protocol 0800 IP EthII S IP Address 192 168 123 123 32 D IP Address 192 168 123 123 32 IP Protocol TCP S TCP Port 23 D TCP Port 23 TCP Flags SYN FIN Classifier Rules Rule 21 M Type L2UCAST VLAN vlan1234 1234 E Format ETHII UNTAGGED Protocol 0800 IP EthII S IP Address 192 168 123 123 32 D IP Address 192 168 123 123 32 IP Protocol ICMP ICMP code 7 HOSTUNKNOWN ICMP type 3 UNREACHABLE C...

Страница 123: ... Addr mask A MAC address that specifies a 48 bit binary mask to apply to the destination MAC address before determining a match A 1 in the mask means that the value of the bit in that position is used to determine a match and a 0 means that the bit is ignored The default mask value is ff ff ff ff ff ff S MAC Addr mask A MAC address that specifies a 48 bit binary mask to apply to the source MAC add...

Страница 124: ...te 16 Each Layer 3 Byte field specifies the properties of a single byte field to match in the Layer 3 part of non IPv4 and IPv6 packets Offset The offset of a byte from the start of Layer 3 This specifies the location of the byte to match Value The hexadecimal value to match at the location specified by Offset Mask A hexadecimal number that specifies an eight bit binary mask to apply to the value ...

Страница 125: ...for metering Metering marks packets with a bandwidth class number that indicates whether the packet is within specific bandwidth limits Downstream QoS processes then determine how to handle the packets depending on their respective bandwidth class For individual ports the metering process separately measures the data rate coming into each port However with port groups metering collectively measure...

Страница 126: ...storm protection several actions are possible when a storm is detected You can disable the port physically You can disable the port logically You can disable the port for a particular VLAN Enhanced mode must be enabled with the set switch enhancedmode command in the Switching chapter before you can configure storm protection When a storm is detected on a port a message is automatically recorded in...

Страница 127: ...gured action Action What the switch does when it detects a storm on a port Timeout The length of time the port remains disabled after a port has been disabled due to a packet storm Command Change create qos policy set qos policy New dtcstormstatus parameter New dtcstormwindow parameter New dtcstormrate parameter New dtcstormaction parameter New dtcstormtimeout parameter show qos policy Output for ...

Страница 128: ...e qos policy Syntax CREate QOS POLIcy id list dtcstormstatus enable disable dtcstormwindow windowsize none dtcstormrate rate none dtcstormaction linkdown portdisable dtcstormtimeout timeoutlength none other parameters Parameter Description PORTgroup Port group to which you want to add a port The group list consists of one or more port groups a range specified with a hyphen such as 1 4 a comma sepa...

Страница 129: ...f milliseconds from 100 to 60 000 NONE Storm protection is inactive DTCSTORMRate Storm protection is activated when this rate of traffic is exceeded Required when storm protection is enabled If the value of dtcstormwindow is less than one second the rate is averaged over the last second Default none Rate Bits per second from 1Kbps to 10Gbps specified in Kbps Mbps or Gbps If you do not specify a un...

Страница 130: ...imeoutlength none other parameters Parameter Description PORTgroup Port group that you want to create The group list consists of one or more port groups a range specified with a hyphen such as 1 4 a comma separated list of numbers and or ranges an integer from 1 to 32 Default no default POrt Port to add to this port group The port list consists of one or more ports a range specified with a hyphen ...

Страница 131: ...te Bits per second from 1Kbps to 10Gbps specified in Kbps Mbps or Gbps If you do not specify a unit it uses Kbps If you specify Mbps or Gbps the rate may contain a decimal fraction with up to 3 decimal places for example 1 25 Mbps NONE Storm protection is inactive STORMAction Action QoS takes when a storm is detected on a port Default portdisable LINKDown Operationally disables ports to which the ...

Страница 132: ...an belong to any you want to destroy The group list consists of one or more port groups a range specified with a hyphen such as 1 4 a comma separated list of numbers and or ranges an integer from 1 to 32 Example To destroy the port group 1 use the command dest qos portg 1 Parameter Description PORTgroup Port group from which you want to delete a port The group id can be an integer from 1 to 32 Def...

Страница 133: ...e dtcstormaction linkdown portdisable dtcstormtimeout timeoutlength none other parameters Parameter Description PORTgroup Port group for which you want to clear counters The group list consists of one or more port groups a range specified with a hyphen such as 1 4 a comma separated list of numbers and or ranges an integer from 1 to 32 Default no default TRafficclass Traffic class counters to clear...

Страница 134: ...nd the rate is averaged over the last second Default none Rate Bits per second from 1Kbps to 10Gbps specified in Kbps Mbps or Gbps If you do not specify a unit it uses Kbps If you specify Mbps or Gbps the rate may contain a decimal fraction with up to 3 decimal places for example 1 25 Mbps NONE Storm protection is inactive DTCSTORMAction Action QoS takes when a storm is detected on a port Default ...

Страница 135: ...nt Description cont Parameter Description STORMStatus Whether storm protection is enabled for the default traffic class Default disabled STORMWindow Time between the polling of traffic class counters that checks whether storm protection should be activated Required when storm protection is enabled Default none windowsize Number of milliseconds from 100 to 60 000 NONE Storm protection is inactive S...

Страница 136: ...eout Length of time the port remains disabled after a storm is detected Default none timeoutlength Duration in seconds from 1 to 86400 NONE The port remains disabled until you enable it again with the enable switch port or enable switch port vlan command in the Switching chapter Table 31 Parameters in output of the show qos trafficclass 18 command Parameter Meaning Status Whether storm protection ...

Страница 137: ...dthClass YES Premarking USEMARKVALUE Remarking UESDSCPMAP Mark value 0 Action SENDVLANPORT VLAN 2 PORT 4 Storm Protection Status ENABLED Action PORTDISABLE Rate 1kbps Window 100ms Timeout None Table 32 New parameters in output of the show qos policy command Parameter Meaning Port Group s Assigned to ID of the port group that is assigned to the policy Trunk s Assigned to Trunks to which the policy ...

Страница 138: ...l ports Default Queue 2 Force Default Queue No Red Curve 2 New parameters in output of the show qos port 1 command Parameter Meaning Port Group ID of the port group to which the port belongs Trunk Group ID of the trunk group to which the port belongs Parameter Meaning PORTgroup Specifies a port group for which to display information Default all group list Integer from 1 to 32 Figure 41 Table 33 AL...

Страница 139: ...the port group Policy Assigned Policy Assigned to Policy attached to the port group Ports Ports that belong to the port group Parameter Meaning PORTgroup Specifies a port group for which to display information Default all group list Integer from 1 to 32 ALL All port groups no value Displays summary information about all port groups TRafficclass Traffic class attached to the port group Figure 42 Ta...

Страница 140: ...ss2 bytes 0 BwConformanceClass3 bytes 0 Dropped bytes 0 Default Traffic Class Aggregate Bytes 0 BwConformanceClass1 bytes 0 BwConformanceClass2 bytes 0 BwConformanceClass3 bytes 0 Dropped bytes 0 Port Group 2 Policy 2 Traffic Class 2 Aggregate Bytes 0 BwConformanceClass1 bytes 0 BwConformanceClass2 bytes 0 BwConformanceClass3 bytes 0 Dropped bytes 0 Default Traffic Class Aggregate Bytes 0 BwConfor...

Страница 141: ...is traffic class counted BwConformanceClass1 bytes Number of bytes that conforms with band with class 1 BwConformanceClass2 bytes Number of bytes that conforms with band with class 2 BwConformanceClass3 bytes Number of bytes that conforms with band with class 3 Dropped bytes Number of bytes this traffic class discarded Identifier 18 Description Interactive Voice Policy Assigned to 1 Flow Groups 8 ...

Страница 142: ...witch both SSH and SCP must be enabled on the SSH server If SSH is disabled SCP will not work Use the command enable ssh server scp enabled other options Secure copy can be disabled on the SSH server This allows you to disable SCP while still allowing other SSH sessions Use either of these commands enable ssh server scp disabled other options set ssh server scp disabled other options You can check...

Страница 143: ...plays whether the router or switch is acting as a client or server Use the command show ssh session scp To see details about SCP file transfers such as the number of successful or failed file transfers use the command show ssh counter scp Removing sessions SSH and SCP sessions can now be deleted without disabling the SSH server When a SSH session begins it is assigned an ID number This number is u...

Страница 144: ... a suitable client on a remote device and the SSH server on the router or switch Secure Copy connections cannot load to the bootblock Loading Files to the Switch The router or switch can load files from a remote server using SCP To do this do both of the following Check the server is running SCP and set a username Set either a password or RSA keyid on the server to authenticate the user If using R...

Страница 145: ...running as a SSH server with SCP enabled Configure the user to allow them to connect using SSH Set either a password or RSA key id on the router or switch to authenticate the user If using RSA authentication set the public key onto the router or switch Example In this example the username is Alice and the client machine is running Linux The router or switch has the IP address 192 168 1 1 To copy t...

Страница 146: ...s do all of the following Check the router or switch is running as a SSH server with SCP enabled Configure the user so that they are allowed to use SSH Set either a password or RSA keyid on the router or switch to authenticate the user If using RSA authentication set the public key onto the router or switch Example In this example the username is Alice and the client machine is running Linux The r...

Страница 147: ... is specified all connections are closed except the sessions that are listening on the TCP port for new SSH connections Example To stop the current manager sessions in the following example output use the command del ssh se 2 4 5 disable ssh debug Syntax DISable SSH DEBug SSH SCP ALL Description This new command disables the SSH server debugging facility If ssh is specified debugging is turned off...

Страница 148: ...nd SCP is turned on Debugging is disabled by default Example To enable debugging of SCP use the command ena ssh deb scp enable ssh server Syntax ENAble SSH SERver HOSTKey key id SERVERKey key id EXPirytime 0 168 LOGintimeout 1 600 SCP ENAbled DISabled Description This command enables the Secure Shell server The new scp parameter allows you to enable or disable Secure Copy service for the Secure Sh...

Страница 149: ...cfg in flash memory use this command loa met scp fi downloads abc cfg se 172 16 8 5 des fl usern john pass secret Parameter Description METhod The method used to download the file When scp is specified Secure Copy is used Default tftp or the method set in the set loader command KEYid The ID number of a RSA private or public key that is held on the router or switch The server receiving the load req...

Страница 150: ...ified with the load and upload commands can be specified as defaults with the set loader command Parameters not specified in the load or upload commands use this default Parameter Description METhod The method used to download the file When scp is specified Secure Copy is the default method for loading and uploading Default tftp KEYid The ID number of a RSA private or public key that is held on th...

Страница 151: ... that the SSH session becomes established regardless of whether the user has logged in or not If the SSH client idle timeout period is modified while there are established SSH sessions the idle timers for those sessions are reset so that they use the new timeout value Any idle time accumulated by those sessions prior to the modification is lost Default 0 0 The idle timer remains off and the sessio...

Страница 152: ...mple output from the show loader command Parameter Description SCP Whether the SSH server supports SCP connections Default enabled ENAbled Allows SCP connections DISabled Does not allow SCP connections Loader Information Defaults Method SCP File Destination File Server 192 168 1 1 HTTP Proxy Proxy Port Default 80 Username alice Asyn Destination Flash Delay sec 0 Current Load Method SCP Table 35 Mo...

Страница 153: ...able 36 Modified parameters in output of the show ssh command Parameter Meaning SSH Server Whether the Secure Shell server is enabled or disabled SCP Service Whether Secure Copy is enabled or disabled Services Available List of the available Secure Shell services one or more of Shell Cmd or SCP Debug Whether debugging is active on the server This can be set to debug SSH SCP ALL or NONE Version Com...

Страница 154: ...h downloadTotal The total number of load requests received by the router or switch uploadSuccess The number of successful upload requests downloadSuccess The number of successful load requests uploadFailed The number of failed upload requests All uncompleted requests are counted as failed except those cancelled by using the reset loader command Example reasons for failure include a request from an...

Страница 155: ...ns are displayed Figure 39 on page 156 Table 40 on page 156 If no parameter is specified the command defaults to all Figure 48 Example output from the show ssh session ssh command Figure 49 Example output from the show ssh session ssh command writeFileFailed The number of write failures A write failure results in a load failure Table 37 Modified parameters in output of the show ssh counter scp all...

Страница 156: ...ecure Shell session Type The type of Secure Copy connection either Server The router or switch is operating as a SCP server Client The router or switch is operating as a SCP client Operation The current type of file copying either Download The file is copying to the router or switch Upload The file is copying to a remote machine Filename The name of the file being copied Filesize The size of the f...

Страница 157: ...load the file When scp is specified Secure Copy is used Default tftp or the method set in the set loader command KEYid The ID number of a RSA private or public key that is held on the router or switch The server receiving the upload request must have the public key for this authentication to work The key id is a decimal number from 0 to 65535 Default no default PASSword The password for server aut...

Страница 158: ...ference Updates This section describes the changed portions of the modified command and output screens For modified commands and output new parameters options and fields are shown in bold show ssl counters Syntax SHow SSL COUnters Description The new badSessionIdLen fields display counts of hello messages with session ID lengths greater than 32 bytes received by the SSL client and server Command C...

Страница 159: ...il tls 0 badSessionIdLen 0 Client clientStart 0 inHelloRequest 0 outClientHello 0 inServerHello 0 outCert 0 inCert 0 outCKE 0 inCertRequest 0 outCertVerify 0 inSKE 0 outChangeCS 0 inHelloDone 0 outFinished 0 inChangeCipherSpec 0 inFinished 0 sslVersionFail 0 missingMessageFail 0 certRequestNoRSA 0 noCert 0 rxFinBeforeChangeCS 0 hsHashFail md5 0 hsHashFail sha 0 hsHashFail tls 0 badSessionIdLen 1 T...

Страница 160: ...you to specify whether the SIP ALG translates the Call ID field of SIP packets before sending them out onto the public network When NAT is configured on the router or switch the SIP ALG translates the private IP addresses embedded in SIP packets into globally routable IP addresses before sending the packets out onto the public network This includes changing the IP address part in the Call ID field...

Страница 161: ...The following table summarises the new and modified commands Firewall Policy Rules Expansion This Software Version increases the total number of rules and application rules apprules that a firewall policy can associate with an interface to 2099 In previous Software Versions the maximum number was 699 The rules and apprules are cumulative That is a policy cannot assign more than 2099 rules and appr...

Страница 162: ...displayed by using the show firewall sipalg counter command Example To reset the counters for the SIP ALG use the command reset fire sipa cou set firewall sipalg Syntax SET FIREwall SIPAlg CALLIdtranslation ON OFF YES NO True False Description This new command modifies how the SIP ALG operates on the router or switch The callidtranslation parameter specifies whether the Call ID field of a SIP mess...

Страница 163: ...information about the specified policy or all policies The new rule parameter allows you to display only a specific rule or subset of rules for each policy Firewall Configuration Status enabled Enabled Notify Options all Notify Port 1 Notify Mail To root netman company com Maximum Packet Fragments 20 Sessions Maximum 4000 Peak 2589 Active 400 Table 42 New parameters in output of the show firewall ...

Страница 164: ...Figure 52 on page 164 Table 43 on page 165 The Call ID is a unique call identifier assigned to the SIP session by the device that initiated the session Not valid with the ip or summary commands SUMmary Displays summary information for all the active sessions on the router or switch Figure 53 on page 166 Table 44 on page 166 Not valid with the ip or callid commands Figure 52 Example output from the...

Страница 165: ... to identify a current SIP session FROM The SIP URI address of the device that initiated the SIP session request FROM tag The tag number assigned to the SIP session by the device that initiated the SIP session request The router or switch uses this along with the TO tag and Call ID to identify a current SIP session Direction The location of the devices using the SIP session and who initiated the c...

Страница 166: ...789 20 20 20 1 1874680886 198 18 1 2 sip 1234 20 20 20 1 private to public 2 12 15 11 22 Feb 2006 sip 3456 20 20 20 1 1721829112 202 12 9 172 sip 1982 20 20 20 1 public to private Table 44 Parameters in output of the show firewall sipalg summary command Parameter Meaning SIP ALG Configuration The current SIP ALG settings on the router or switch Status Whether the SIP ALG is enabled or disabled on ...

Страница 167: ...RI address of the device that initiated the SIP session request To The SIP URI address of the device that received the SIP session request Table 44 Parameters in output of the show firewall sipalg summary command cont Parameter Meaning SIP ALG Session Counters Current SIP sessions 1 Current audio sessions 2 SIP sessions created since start up or reset 6 Audio sessions created since start up or res...

Страница 168: ... switch use the command show fire sipa cou SIP messages ignored since start up or reset Total number of SIP messages received that the SIP ALG ignored because the message was an unsupported type These messages are forwarded without the SIP ALG altering them Table 45 Parameters in output of the show firewall sipalg counter command cont Parameter Meaning ...

Страница 169: ... is only valid for connections where The peer IP address is a static IPv4 address IPsec tunnel mode is used This is specified by setting the mode parameter to tunnel in the create ipsec saspecification command The ISAKMP policy for the peer has the mode parameter set to main and the sendnotify parameter set to true The IPsec policy for the peer has the action parameter set to ipsec the keymanageme...

Страница 170: ...msgtimeout parameter The default for the parameter is incremental To set a back off pattern for ISAKMP messages use the msgbackoff parameter in the commands create isakmp policy name peer ipv4add ipv6add any msgbackoff incremental none msgretrylimit 0 1024 msgtimeout 1 86400 other parameters set isakmp policy name msgbackoff incremental none msgretrylimit 0 1024 msgtimeout 1 86400 other parameters...

Страница 171: ... retryikeattempts 0 16 continuous other parameters set isakmp policy name peer ipv4add ipv6add any retryikeattempts 0 16 continuous other parameters The retryikeattempts parameter is only valid when a specific peer IP address is configured in both the ISAKMP and IPsec policies This feature is designed for permanent VPN connections By default retryikeattempts is set at 0 and negotiations are not re...

Страница 172: ...icence If you need more VPN tunnels contact your authorised distributor or reseller Other products do not need a special feature licence for more VPN tunnels Command changes The following table summarises the modified command Command Change create isakmp policy New retryikeattempts parameter set isakmp policy New retryikeattempts parameter show isakmp counters New retryIkeAttemptsPh1 and retryIkeA...

Страница 173: ...ue False RMAsk ipv4add RNAme ANy system name RPort ANy port OPaque SASElectorfrompkt ALL LADdress LPort NONE RADdress RPort TRAnsportprotocol SRCInterface interface TRAnsportprotocol ANy EGp ESp GRe ICmp OPaque OSpf RSvp TCp UDp protocol UDPHeartbeat True False UDPPort port UDPTunnel True False USEPFSKey True False Parameter Description RESPondbadspi Whether the router or switch sends a notificati...

Страница 174: ...se SETCommitbit ON OFf TRue FAlse SRCInterface interface XAUth CLient SErver NONE XAUTHName username XAUTHPasswd password XAUTHType GEneric RAdius Parameter Description MSGBACkoff The back off pattern used when ISAKMP messages are retransmitted The initial transmission time is set using the msgtimeout parameter Default incremental INCREMental The delay between retransmissions increases in a linear...

Страница 175: ... exchange fails then ISAKMP will attempt the key exchange again If a phase 2 exchange fails the exchange is attempted over new ISAKMP SAs Default 0 0 No retry attempts occur 1 16 The specified number of retry attempts occur CONTinuous Retry attempts occur continuously until either the connection is established or 24 hours has passed After the first 16 attempts a five minute delay occurs between at...

Страница 176: ... RADdress RPort TRAnsportprotocol SRCInterface interface TRAnsportprotocol ANy EGp ESp GRe ICmp OPaque OSpf RSvp TCp UDp protocol UDPHeartbeat True False UDPPort port UDPTunnel True False USEPFSKey True False Parameter Description RESPondbadspi Whether the router or switch sends a notification to the peer when an IPsec packet is received with an unknown SPI value This establishes an ISAKMP SA to t...

Страница 177: ...bit ON OFf TRue FAlse SRCInterface interface XAUth CLient SErver NOne XAUTHName username XAUTHPasswd password XAUTHType GEneric RAdius Parameter Description MSGBACkoff The back off pattern used when ISAKMP messages are retransmitted The initial transmission time is set using the msgtimeout parameter Default incremental INCREMental The delay between retransmissions increases in a linear manner Ever...

Страница 178: ...e connection is established or 24 hours has passed After the first 16 attempts a five minute delay occurs between attempts IPSEC Module Configuration Module Status ENABLED IPsec over UDP Status OPEN Listen Port 2746 VPNs Maximum 1 Current 0 Peak 0 Table 46 New parameters in output of the show ipsec command Parameter Meaning VPNs Information about Virtual Private Network VPN tunnels Maximum The max...

Страница 179: ...Isakmp Policy Name my_isakmp_policy Bundle Specification 2 Peer IP Address Dynamic FALSE Peer IP address Any FALSE Local IP Address Dynamic FALSE Peer IP Address 192 168 10 1 Local IP Address 232 163 2 3 Use PFS Key TRUE Respond Bad SPI TRUE Group 1 Table 47 Modified parameters in output of the show ipsec policy command for a specific policy Parameter Meaning Respond Bad SPI Whether the router or ...

Страница 180: ...ProcessStart 4373 inProcessFailImm 0 inProcessFail 0 inProcessDone 4373 inEndOfBundle 0 inPrematureEndBundle 0 inBundleSaMatchFail 0 inPolicyActionFail 0 inPolSelectMatchFail 0 inBundleReplaced 0 inBundleSoftExpire 0 inBundleExpire 0 inBadDecryptedPkt 0 inBadSpiResponse 0 Table 48 Modified parameters from the show ipsec policy counter command Parameter Meaning inBadSpiResponse The number of bad SP...

Страница 181: ...NoSa 0 acquireEquivFound 0 acqPh2EquivInProgress 0 acqPh1XcgStartFailed 0 acqPh2XcgStartFailed 0 acquireQueued 0 acqPeerAddrNameIncons 0 acquirePrenegNoPolicy 0 badSpiRequests 0 badSpiFromKnownPeer 0 badSpiInAggrMode 0 badSpiSendNotifyUnset 0 msgInitPh1p5StartFail 0 doneGood 0 donePhase1Failed 0 doneSendConNoSa 0 msgTx 0 msgTxd 0 txEncryptNoExchange 0 msgTxEncryptNoEncoPrc 0 msgTxStartEncrypt 0 tx...

Страница 182: ...cation messages when the policy specifies main mode for phase 1 exchanges badSpiSendNotifyUnset The number of bad SPI requests rejected because the ISAKMP policy was not configured to send notification messages retryIkeAttemptsPh1 The number of phase 1 exchanges initiated due to an exchange failing These exchanges are only initiated for policies configured with retryikeattempts retryIkeAttemptsPh2...

Страница 183: ... Encrypted FALSE Expecting message TRUE Has SA TRUE Initiator Cookie d464cc30b348efa7 Responder Cookie 0000000000000000 Message Id 00000000 Set Commit bit FALSE Commit bit received FALSE Send notifies TRUE Send deletes FALSE Message Retry Limit 5 Packet Retry Counter 5 Message Back off Incremental Table 51 Modified parameters in output of the show isakmp exchange command for a specific exchange Pa...

Страница 184: ... policy Parameter Meaning Message Back off The back off pattern used when ISAKMP messages are retransmitted Either the back off time between message retransmissions gets larger Incremental or remains the same None Retry IKE Attempts The number of consecutive times that IKE attempts to complete an exchange if exchange failures are occurring either a number from 0 to 16 or continuous The value is se...

Страница 185: ...E Local address 202 36 163 161 Remote Address 202 36 163 201 Time of establishment Commit bit set FALSE Send notifies TRUE Send deletes FALSE Message Retry Limit 5 Initial Message Retry Timeout s 20 Message Back off None Table 53 Modified parameters in output of the show isakmp sa command for a specific Security Association Parameter Meaning Message Back off The back off pattern used when ISAKMP m...

Страница 186: ... in the MIB represent the SHDSL line from the perspective of a central site terminal unit STU C a remote site terminal unit STU R a regenerator unit SRU The objects defined in this MIB reside in the mib 1 subtree under the Transmission Group defined in MIB II and have the object identifier is hdsl2ShdslMIB transmission 48 Objects in the SHDSL MIB are organised into the following groups The Span Co...

Страница 187: ...s all groups in the SHDSL MIB However the implementation of some objects differs from RFC 3276 In particular the following objects defined with read write access are implemented as read only Logging SNMP operation The SNMP agent now generates the following log message when there is insufficient system memory to process a get or set request Object Name Object ID hdsl2ShdslSpanConfNumRepeaters 1 3 6...

Страница 188: ...interface that changed state for interfaces with an IP address ospfAddressLessIf the ifIndex of the interface that changed state for addressless interfaces ospfIfState the new state of the interface The ospfVirtIfStateChange trap ospfTraps 1 is generated when a virtual OSPF interface changes state and contains the following objects ospfRouterId the router ID of the originator of the trap ospfVirtI...

Страница 189: ...The vrrpTrapNewMaster trap vrrpNotifications 1 is generated when the sending agent becomes the new VRRP master and contains the following object vrrpOperMasterIpAddr the primary IP address of the new master Traps on MSTP state and topology changes The IEEE draft ruzin mstp mib 04 defines a portion of the Management Information Base MIB for managing Multiple and Rapid Spanning Tree Protocols Object...

Страница 190: ...jects and a trap for monitoring login failures This software version defines the following new objects and trap in the ttyTraps tty 100 subtree loginFailureUser ttyTraps 1 is the username that generated the login failure loginFailureIPAddress ttyTraps 2 is the IP address the failed login attempt originated from loginFailureAttempts ttyTraps 3 is the number of failed login attempts The loginFailure...

Страница 191: ... prefix memory enterprises 1 alliedTelesyn 207 mibObject 8 brouterMib 4 atRouter 4 sysinfo 3 7 and contains objects that describe system memory This software version defines the following new trap in the memory Group The lowMemoryTrap trap memory 11 is generated when system free memory falls below buffer level 0 and contains the following objects freeMemory memory 1 the percentage of free memory a...

Страница 192: ... Description The output of this command includes a new field Figure 63 Example output from the show buffer command Memory DRAM 16384 kB Free Memory 48 Free fast buffers 1799 Total fast buffers 1802 Free buffers 4013 Total buffers 4096 Buffer level 3 125 don t process input frames Buffer level 2 250 don t do monitor or command output Buffer level 1 500 don t buffer up log messages Buffer level 0 15...

Страница 193: ...s of modified commands and output screens The new parameters and options are shown in bold for modified commands Command Change disable lldp cdp interface New pppm option for interface parameter disable lldp cdp ppptemplate New command enable lldp cdp debug New ppp option for debug parameter enable lldp cdp interface New pppm option for interface parameter enable lldp cdp ppptemplate New command s...

Страница 194: ...s enabled by default on all interfaces even when it is disabled on the router or switch Example To disable CDP operation on PPP interface 1 of the router or switch use the command dis lldp cdp int ppp1 disable lldp cdp ppptemplate Syntax DISable LLDP CDP PPPTemplate template Where template is a number from 0 to 31 Description This new command disables CDP listening on interfaces that are dynamical...

Страница 195: ...on of CDP advertisements begins and neighbour entries are added as they are discovered CDP is enabled by default for all interfaces but you must first enable CDP using the enable lldp cdp command enable lldp cdp ppptemplate Syntax ENAble LLDP CDP PPPTemplate template Where template is a number from 0 to 31 Description This new command enables CDP listening on interfaces that are dynamically create...

Страница 196: ... the interface number Description This command displays information about the interfaces on which CDP is currently enabled Figure 65 Example output from the show lldp cdp interface command CDP general information Enabled Yes Number of CDP neighbours 14 SysUpTime 12345 42s CDP processing time 3 385727s PPP Templates Enabled 1 4 PPP Templates Disabled 2 3 Triggers CDP neighbour add CDP neighbour rem...

Страница 197: ...is Software Version adds support for permanent assignments on AR400 Series routers Permanent assignments provide a method for creating permanent links between terminal ports on routers For information and command syntax see the Permanent Assignments chapter of the Software Reference for Software Version 2 7 6 or 2 8 1 ...

Страница 198: ......

Страница 199: ... 1 6 Configuring EPSR 1 7 Single Domain Single Ring Network 1 7 Single Ring Dual Domain Network 1 9 EPSR and Spanning Tree Operation 1 13 Command Reference 1 15 add epsr datavlan 1 16 create epsr 1 17 delete epsr datavlan 1 19 destroy epsr 1 20 disable epsr 1 21 disable epsr debug 1 22 enable epsr 1 23 enable epsr debug 1 24 purge epsr 1 25 set epsr 1 26 set epsr port 1 27 show epsr 1 28 show epsr...

Страница 200: ...rts On the master node one port is configured to be the primary port and the other the secondary port Figure 1 1 Simple EPSR ring configuration EPSR Instances and Domains Each physical EPSR ring contains one or more EPSR instances An EPSR instance can be thought of as a component of an EPSR ring existing on a single node A set of instances across the whole ring is called a domain Therefore a ring ...

Страница 201: ...ode controls the ring operation It issues healthcheck messages at regular intervals from its primary port and monitors their arrival back at its secondary port after they have circled the ring Under normal operating conditions the master node s secondary port is always in the blocking state to all data VLAN traffic This is to prevent data loops forming within the ring This port however operates in...

Страница 202: ... failover timer expires before the transmitted healthcheck message is received by the master node s secondary port the master node assumes that there is a fault in the ring and implements its fault recovery procedures Because this detection method relies on a timer expiry its operation is inherently slower than the transit node unsolicited detection method described next Transit Node Unsolicited F...

Страница 203: ...rts As the data starts to flow in in the ring s new configuration each of the nodes master and transit re learn their layer 2 addresses During this period the master node continues to send health check messages over the control VLAN This situation continues until the faulty link or node is repaired Figure 1 2 shows the flow of control frames under fault conditions Figure 1 2 EPSR Fault Detection M...

Страница 204: ...te that the transit nodes do not enter the forward state until they have received the Ring Up Flush message This is to prevent the possibility of a loop condition occurring caused by the transit nodes moving into the forwarding state before the master node secondary port is able to return to the blocking state During such a period the ring would have no ports blocked Master Node With the link rest...

Страница 205: ...n Single Ring Network This example shows a very simple single ring single domain configuration with no connecting lobes Figure 1 3 EPSR Single Domain Single Ring Network Master Node Other Ports Other Ports Other Ports Control VLAN control_ring Transit Node 3 Transit Node 1 Transit Node 2 EPSR 3 eps P S Date VLAN data_ring Other Ports Port 1 Primary Port 2 Secondary C o n trol VLAN D a t a V L A N ...

Страница 206: ...ing port 1 2 frame tagged Remove the Default VLAN from ports 1 2 del vlan default po 1 2 EPSR Configuration create epsr domain_one mode master controlvlan control_ring primaryport 1 add epsr domain_one datavlan data_ring enable epsr domain_one For Transit Nodes 1 2 3 Set the Acceptable Frame Types parameter to admit only VLAN tagged frames on ports 1 and 2 set switch port 1 acc vlan set switch por...

Страница 207: ...main network are shown in Figure 1 6 on page 1 10 Figure 1 7 on page 1 11 and Figure 1 8 on page 1 12 Control VLAN control_ring Ring_A Transit Node 1 Ring_A Transit Node Ring_A Transit Node 3 Ring_B Master Node Ring_B Master Node Ring_A Transit Node Ring_B Transit Node Ring_B Transit Node Ring_A EPSR 4 eps Date VLAN data_ring Ring_A Control VLAN control_ring Ring_B EPSR Ring Date VLAN data_ring Ri...

Страница 208: ...te vlan data_ring_B vid 30 VLAN Port Configuration Ring_A add vlan control_ring_A port 1 2 frame tagged add vlan data_ring_A port 1 2 frame tagged Remove the Default VLAN from ports 1 2 del vlan default po 1 2 Ring_B add vlan control_ring_B port 3 4 frame tagged add vlan data_ring_B port 3 4 frame tagged Remove the Default VLAN from ports 3 4 del vlan default po 3 4 EPSR Configuration create epsr ...

Страница 209: ... control_ring_B vid 3 create vlan Data_ring_B vid 30 VLAN Port Configuration Ring_A add vlan control_ring_A port 1 2 frame tagged add vlan data_ring_A port 1 2 frame tagged Remove the Default VLAN from ports 1 2 del vlan default po 1 2 Ring_B add vlan control_ring_B port 3 4 frame tagged add vlan data_ring_B port 3 4 frame tagged Remove the Default VLAN from ports 3 4 del vlan default po 3 4 EPSR ...

Страница 210: ...create vlan control_ring_A vid 2 create vlan data_ring_A vid 20 VLAN Port Configuration Ring_B add vlan control_ring_B port 3 4 frame tagged add vlan data_ring_B port 3 4 frame tagged Remove the Default VLAN from ports 3 4 del vlan default po 3 4 Ring_A add vlan control_ring_A port 1 2 frame tagged add vlan data_ring_A port 1 2 frame tagged Remove the Default VLAN from ports 1 2 del vlan default p...

Страница 211: ...id EPSR STP configurations Such a configuration might have a high speed fibre loop topology backbone controlled and managed using EPSR Lobes could extend out from each loop node into a user mesh network Any loops existing within this mesh network would be controlled and managed using STP RSTP Figure 1 9 on page 1 13 shows a basic combined EPSR STP network Figure 1 9 EPSR and Spanning Tree Operatio...

Страница 212: ...n create epsr domain_one mode master controlvlan control_ring primaryport 1 add epsr domain_one datavlan data_ring enable epsr domain_one For Transit Node 3 Set the Acceptable Frame Types parameter to admit only VLAN tagged frames on ports 1 and 2 set switch port 1 acc vlan set switch port 2 acc vlan Create VLANs create vlan control_ring vid 2 create vlan data_ring vid 100 VLAN Port Configuration ...

Страница 213: ...r to your switch s Software References For Transit Nodes 2 and 4 Set the Acceptable Frame Types parameter to admit only VLAN tagged frames on ports 1 and 2 set switch port 1 acc vlan set switch port 2 acc vlan Create VLANs create vlan control_ring vid 2 create vlan data_ring vid 100 VLAN Port Configuration add vlan control_ring port 1 2 frame tagged add vlan data_ring port 1 2 frame tagged Remove ...

Страница 214: ...EPSR instance Also adding the VLAN to the EPSR instance before adding the ports to the data VLAN reduces the possibility of creating loops while configuring the ring Examples To add the vlan2 VLAN to the EPSR instance called blue use the command add epsr blue vlan vlan2 Related Commands create epsr create vlan delete epsr datavlan show epsr Parameter Description EPSR The name of the EPSR instance ...

Страница 215: ...ng s ports of the EPSR instance The control VLAN cannot be part of another EPSR instance as either a control or data VLAN If trunked ports are included as a ring port as long as one of the trunked ports is up the ring port is considered to be up SNMP traps and log messages will display the lowest number port as the ring port s port number for the trunk Ports enabled for LACP STP GARP or VLAN Assig...

Страница 216: ...00 milliseconds 100ms to 32767 seconds 32767s Only configured for the master node If no unit suffix is specified the value is read as seconds If ms is specified the value must be a multiple of 100 ms Default 1s FAilovertime The time period that a master node allows for a healthcheck frame to circle the loop before declaring that the EPSR ring has broken This time period is measured from the time t...

Страница 217: ...the EPSR instance called blue use the command del epsr blue vlan vlan2 Related Commands add epsr vlan show epsr Parameter Description EPSR The name of the EPSR instance to delete The epsr name can be a character string 1 to 15 characters long Valid characters are uppercase letters A Z lowercase letters a z digits 0 9 the underscore character _ the hyphen character The epsr name cannot be ALL Defau...

Страница 218: ...command on page 11 113 Ingress filtering is automatically enabled to ports that are added to EPSR Similarly ingress filtering is automatically disabled on ports used by an EPSR instance that is destroyed unless its ports form part of another EPSR ring instance Examples To destroy the EPSR instance called blue use the command dest epsr blue Related Commands create epsr show epsr Parameter Descripti...

Страница 219: ...and disable the ports using the disable switch port command on page 11 131 unplug the ports delete the ports from the VLAN using the delete vlan port command Examples To disable the EPSR instance called blue use the command dis epsr blue Related Commands enable epsr show epsr Parameter Description EPSR The EPSR instance to be disabled Default no default epsr name The name of the EPSR instance This...

Страница 220: ...and Parameter Description EPSR The EPSR instance on which debugging is to be disabled Default no default epsr name The name of the EPSR instance This can be a character string 1 to 15 characters long Valid characters are uppercase letters A Z lowercase letters a z digits 0 9 the underscore character _ the hyphen character The epsr name cannot be ALL ALL All EPSR instances Debug The debugging modes...

Страница 221: ...instance called blue use the command ena epsr blue Related Commands create epsr disable epsr show epsr Parameter Description EPSR The EPSR instance to be enabled Default no default epsr name The name of the EPSR instance This can be a character string 1 to 15 characters long Valid characters are uppercase letters A Z lowercase letters a z digits 0 9 the underscore character _ the hyphen character ...

Страница 222: ...o default INFo General information about the EPSR instance selected MSG Decoded display of received and transmitted EPSR frames PKT Raw ASCII display of received and transmitted EPSR frames STAte EPSR state transitions ALL All debug options OUTput When this parameter is set to console all debugging information will be sent to the console By default the debugging data is sent to the port that recei...

Страница 223: ...ANs of any EPSR instances are still configured in a ring formation purging EPSR could cause a loop in the network To avoid creating loops take one or more of these steps before running this command disable the ports using the disable switch port command unplug the ports delete the ports from the VLAN using the delete vlan port command Examples To purge all EPSRs use the command pur epsr Related Co...

Страница 224: ...ed the value is read as seconds If ms is specified the value must be a multiple of 100 ms Default 1s FAilovertime The time period that a master node allows for a healthcheck frame to circle the loop before declaring that the EPSR ring has broken This time period is measured from the time the frame leaves the master node s primary port to the time it is received at the master node s secondary port ...

Страница 225: ... on page 1 21 If a ring port for the EPSR instance is also a member of a trunk group you can run this command by entering any one of the ports within the trunk group Examples To set port 1 to be a primary port for the EPSR instance called blue use the command set epsr blue po 1 ty prim Related Commands create epsr show epsr Parameter Description EPSR The EPSR to be set for the port Default no defa...

Страница 226: ...ters a z digits 0 9 the underscore character _ the hyphen character The epsr name cannot be ALL ALL All EPSR instances EPSR Information Name blue Mode Master Status Enabled State Complete Control VLAN vlan2 2 Data VLAN s vlan100 100 vlan101 101 vlan102 102 Primary Port 1 Primary Port Status Forwarding Secondary Port 2 Secondary Port Status Blocked Hello Time 1 s Failover Time 2 s Ring Flap Time 0 ...

Страница 227: ...when the EPSR instance is disabled This parameter is only shown for a master node Hello Time The rate that the TAPS protocol health control messages are transmitted from master node It is specified in the create epsr command The unit symbol following the value shows whether the time is measured in seconds or milliseconds Failover Time The time period that a master node waits for a healthcheck fram...

Страница 228: ...rameter is only shown for a transit node Second Port The second ring port for the EPSR instance This parameter is only shown for a transit node Second Port Status The status of the second ring port either Unknown Forwarding Down or Blocked Unknown is displayed when the EPSR instance is disabled This parameter is only shown for a transit node Second Port Direction Indicates connectivity of the seco...

Страница 229: ...Unter Displays the counter information about the specified EPSR instance or all EPSR instances EPSR Counters Name blue Receive Transmit Total EPSR Packets 0 Total EPSR Packets 0 Health 0 Health 0 Ring Up 0 Ring Up 0 Ring Down 0 Ring Down 0 Link Down 0 Link Down 0 Invalid EPSR Packets 0 Name red Receive Transmit Total EPSR Packets 0 Total EPSR Packets 0 Health 0 Health 0 Ring Up 0 Ring Up 0 Ring Do...

Страница 230: ... of invalid EPSR control packets received Transmit EPSR packets transmitted Total EPSR Packets The total number of EPSR control packets transmitted Health The number of healthcheck packets transmitted Ring Up The number of ring up packets transmitted Ring Down The number of ring down packets transmitted Link Down The number of link down packets transmitted Table 1 3 Parameters displayed in output ...

Страница 231: ...LL All EPSR instances DEBug Displays the debugging information about the specified EPSR instance or all EPSR instances EPSR Name Enabled Debug Modes Output Timeout blue MSG STATE Asyn 0 16 None red None Table 1 4 Parameters displayed in the output of the show epsr debug command Parameter Meaning EPSR Name The name of the EPSR instance Enabled Debug Modes List of debug modes that are enabled for th...

Страница 232: ......

Отзывы:

Нет отзывов

Похожие инструкции для AR400 Series

D-Link Verizon DSL-2750B Connection Instructions preview
Verizon DSL-2750B
Бренд: D-Link Страницы: 2
D-Link DVA-2800 Quick Start Manual preview
DVA-2800
Бренд: D-Link Страницы: 4
Panasonic KX-UDS124 Maintenance Tool Manual preview
KX-UDS124
Бренд: Panasonic Страницы: 24
Panasonic i-Pro WV-SP302 Speci?Cations preview
i-Pro WV-SP302
Бренд: Panasonic Страницы: 2
Panasonic BB-HCM381A - Network Camera Troubleshooting Manual preview
BB-HCM381A - Network Camera
Бренд: Panasonic Страницы: 28
Panasonic BB-HCM381A - Network Camera Installation Manual preview
BB-HCM381A - Network Camera
Бренд: Panasonic Страницы: 2
bintec elmeg RM7000 Installation Manual preview
RM7000
Бренд: bintec elmeg Страницы: 33
Tripp Lite N201-005-BL Specification Sheet preview
N201-005-BL
Бренд: Tripp Lite Страницы: 3
Blackmagicdesign Teranex 2D Processor Installation And Operation Manual preview
Teranex 2D Processor
Бренд: Blackmagicdesign Страницы: 969
IDT 89HPES16NT2 User Manual preview
89HPES16NT2
Бренд: IDT Страницы: 292
MICROENER IM30-CV Operation Manual preview
IM30-CV
Бренд: MICROENER Страницы: 24
Digisol DG-BG4100NU Quick Installation Manual preview
DG-BG4100NU
Бренд: Digisol Страницы: 22
Intel 640 - Pentium 4 640 3.2GHz 800MHz 2MB Socket 775 CPU User Manual preview
640 - Pentium 4 640 3.2GHz 800MHz 2MB Socket 775 CPU
Бренд: Intel Страницы: 105
Z-Wave IOMOD10F Hardware User Manual preview
IOMOD10F
Бренд: Z-Wave Страницы: 42
Ovislink Air Live GW-300R User Manual preview
Air Live GW-300R
Бренд: Ovislink Страницы: 20
SMC Networks EZ Switch SMC-EZ1024FDT Specification Sheet preview
EZ Switch SMC-EZ1024FDT
Бренд: SMC Networks Страницы: 4
National Instruments Monochrome Image Acquisition Device NI 1410 User Manual preview
Monochrome Image Acquisition Device NI 1410
Бренд: National Instruments Страницы: 34
Paradyne 8310 MVLt User Manual preview
8310 MVLt
Бренд: Paradyne Страницы: 108

Бренды по названию

Популярные бренды

Загрузить еще бренды