manualshive.com logo in svg

Cabletron Systems CoreWatch, Руководство пользователя

CoreWatch от Cabletron Systems - надежное программное обеспечение для мониторинга сети. Управляйте своим сетевым оборудованием с легкостью благодаря нашему интуитивному пользовательскому руководству. Скачайте бесплатное руководство по использованию на manualshive.com прямо сейчас.

Поделиться
Скачать
background image

CoreWatch User’s Manual

225

Chapter 13: Configuring Security on the SSR

administrator to know ahead of time that a packet should be dropped at the inbound 
interface. Nonetheless, for performance reasons, whenever possible, one should create 
and apply an ACL to the inbound interface.

When a packet comes into a router at an interface where an inbound ACL is applied, the 
router compares the packet with the rules specified by that ACL. If it is permitted, the 
packet is allowed into the router. If not, the packet is dropped. If that packet is to be 
forwarded to go out of another interface (that is, the packet is to be routed) then a second 
ACL check is possible. At the output interface, if an outbound ACL is applied, the packet 
will be compared with the rules specified in this outbound ACL. Consequently, it is 
possible for a packet to go through two separate checks, once at the inbound interface and 
once more at the outbound interface.

Note:

When you apply an ACL to an interface, the SSR appends an 

implicit deny rule

 to 

that ACL. The implicit deny rule denies all traffic. If you intend to allow all traffic 
that does not match your specified ACL rules to go through, you must explicitly 
define a rule to permit all traffic. To do so, make sure the last rule of the ACL 
permits all traffic.

You can apply previously defined IP ACLs only to IP interfaces and previously defined 
IPX, IPX RIP, or IPX SAP ACLs only to IPX interfaces. 

Caution

: You can apply up to two IP ACLs to an IP interface, and you can apply two of 

each of the different IPX ACLs (IPX, IPX RIP, and IPX SAP) to an IPX interface. When 
applying multiple ACLs to an IP interface, one ACL must govern inbound traffic and the 
other ACL must govern outbound traffic. When applying multiple ACLs of the same type 
to an IPX interface, one ACL must govern inbound traffic and the other must govern 
outbound traffic.

You may apply an ACL to an interface either when you create the interface or afterwards. 
For details on applying an IP ACL while creating an IP interface, see 

“Creating IP 

Interfaces” on page 110

. For details on applying an IPX, IPX RIP, or IPX SAP ACL while 

creating an IPX interface, see 

“Creating IPX Interfaces” on page 161

You apply an IP or IPX, IPX RIP, or IPX SAP ACL to an interface after the interface is 
created by either copying the ACL or by editing the interface’s definition. Separate 
discussions on each task follow.

Copying an ACL to Apply It to an Interface

You can copy an ACL to apply it to an interface by either dragging it or using the Copy 
and Paste buttons. To apply an ACL by copying it to an interface:

1.

Start Configuration Expert if you have not already done so. 

2.

Open the configuration file you want to modify and then double-click that file’s 
Routing Configuration object.

3.

Expand the configuration tree until you locate the interface to which you want to 
apply the ACL. Double-click that interface’s object.

Содержание CoreWatch

Страница 1: ...CoreWatch User s Manual 9032564 04...

Страница 2: ...Notice 2 CoreWatch User s Manual...

Страница 3: ...IMITED TO LOST PROFITS ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT EVEN IF CABLETRON SYSTEMS HAS BEEN ADVISED OF KNOWN OR SHOULD HAVE KNOWN THE POSSIBILITY OF SUCH DAMA...

Страница 4: ...rence in which case the user will be required to correct the interference at his own expense WARNING Changes or modifications made to this device which are not expressly approved by the party responsi...

Страница 5: ...ement shall be interpreted and governed under the laws and in the state and federal courts of New Hampshire You accept the personal jurisdiction and venue of the New Hampshire courts Exclusion of Warr...

Страница 6: ...c in all respects is proprietary data belonging to Cabletron and or its suppliers For Department of Defense units the product is licensed with Restricted Rights as defined in the DoD Supplement to th...

Страница 7: ...nical Commission CENELEC EN 60825 European Committee for Electrotechnical Standardization When operating within their performance limitations laser transceiver output meets the Class 1 accessible emis...

Страница 8: ...3 2PZ England Conformance to Directive s Product Standards EC Directive 89 336 EEC EC Directive 73 23 EEC EN 55022 EN 50082 1 EN 60950 Equipment Type Environment Networking Equipment for use in a Comm...

Страница 9: ...a Windows NT Windows 95 or Windows 98 System 26 Chapter 3 Learning CoreWatch Basics 27 Starting CoreWatch 27 Starting CoreWatch in Solaris 28 Starting CoreWatch in Windows NT Windows 95 or Windows 98...

Страница 10: ...System Settings 49 Providing System Information 49 Configuring an SSR Chassis 50 Configuring Ports 52 Configuring Global Settings on All Ports 52 Configuring an Individual Port 54 Configuring the SSR...

Страница 11: ...P Interfaces Bound to a VLAN 116 Modifying IP Interface Definitions 121 Configuring the SSR for VRRP 124 Specifying VRRP Trace Options 125 Configuring a New VRRP Router 126 Modifying an Existing VRRP...

Страница 12: ...ng a QoS Profile for an IP Flow 185 Creating a QoS Profile for an IPX Flow 190 Creating a QoS Profile for a Layer 2 Flow 195 Modifying QoS Profiles 199 Redefining an IP Flow 199 Redefining an IPX Flow...

Страница 13: ...licy Defaults 299 A Look at the Building Blocks of Routing Policies 300 Export Destination Building Blocks 301 Configuring and Modifying RIP Export Destinations 301 Configuring and Modifying OSPF Expo...

Страница 14: ...5 Obtaining Chassis Information 365 Obtaining Port Information 366 Obtaining Trap Information 368 Obtaining SmartTRUNK Information 369 Chapter 18 Monitoring Real Time Performance 371 Monitoring System...

Страница 15: ...formation 419 Obtaining DVMRP Neighbor Information 421 Obtaining DVMRP Routing Information 423 Obtaining DVMRP Next Hop Information 424 Checking IGMP Status 425 Obtaining IGMP Interface Information 42...

Страница 16: ...oS State Submenu 453 Window Menu 454 Help Menu 454 Appendix C Supported Regular Expressions 457 Appendix D Error Messages 461 Missing or Invalid Field Error Messages 461 Duplicate Objects Error Messag...

Страница 17: ...How to Use This Manual If You Want To See Get an overview of CoreWatch Chapter 1 on page 21 Start CoreWatch or familiarize yourself with other basic tasks and the CoreWatch interface Chapter 3 on pag...

Страница 18: ...ts Chapter 17 on page 365 Monitor real time performance on the SSR Chapter 18 on page 371 Display tables that contain bridge information and data about the SSR s VLANs Chapter 19 on page 391 Display t...

Страница 19: ...R features and the procedures for installing the SSR and setting it up for management using CoreWatch software SmartSwitch Router Getting Started Guide How to use Command Line Interface CLI commands t...

Страница 20: ...Preface 20 CoreWatch User s Manual...

Страница 21: ...ch as configuring routers virtual local area networks VLANs application level Quality of Service QoS policies and security filters simple and easy You can run CoreWatch in the Solaris Windows NT Windo...

Страница 22: ...nvironments As shown in the following table CoreWatch s system requirements depend upon your operating system The table identifies which browser to use with each operating system and gives the minimum...

Страница 23: ...form of graphs or dials A Look at the Modes of CoreWatch CoreWatch can run in the following modes User which is the mode CoreWatch automatically begins operating in after you log in to CoreWatch Use t...

Страница 24: ...able MIB RFC 2096 Experimental Enterprise MIBs DOT1Q VLAN MIB draft jeya vlan 8021q mib 00 txt IGMP draft ietf idmr igmp mib 05 txt DVMRP draft thaler dvmrp mib 04 txt NOVELL RIP SAP MIB NOVELL IPX MI...

Страница 25: ...ris 2 5 1 and 2 6 operating systems Ensure that your Solaris system includes CDE before attempting to run CoreWatch Installing on a Solaris System To install CoreWatch from a CD onto a Solaris 2 5 1 o...

Страница 26: ...greement click Yes to accept it 5 Enter your name and your company s name in the appropriate text boxes Then click Next 6 Specify the folder in which you want to install the software and click Next Yo...

Страница 27: ...llation on page 25 Starting CoreWatch The method you use to start CoreWatch depends on whether you installed it in the Solaris or Windows environment If you choose to integrate CoreWatch with SPECTRUM...

Страница 28: ...Windows 98 environment 1 Choose the Start menu select Programs select Cabletron CoreWatch and then choose CoreWatch The Login Dialog dialog box appears Note If you installed the program in a startup...

Страница 29: ...5 x is network node management software for the Solaris and Windows NT environments If HP OpenView is integrated with CoreWatch you may use HP OpenView to start CoreWatch and recognize your SSRs HP O...

Страница 30: ...previous figure includes the abbreviations described in the following table Table 2 Legend abbreviations Abbreviation Description PS1 Identifies the location of the SSR s main power supply PS2 Identi...

Страница 31: ...the port is online Figure 3 Ethernet 10 100BASE TX port Each port on a Gigabit module 1000BASE SX or 1000BASE LX is represented by an object similar to the following figure The bottom LED of a port i...

Страница 32: ...ates which functions are active inactive or in error The information in the Schematic view is updated every 30 seconds The legend that appears at the bottom of the Schematic view indicates the scheme...

Страница 33: ...ption of each menu command see Appendix B CoreWatch Menus on page 447 CoreWatch Toolbar The CoreWatch toolbar is a set of buttons located at the top of the CoreWatch window Clicking buttons in this to...

Страница 34: ...ch in Configure mode 3 After the Change Login Password form appears enter your current Login password in the Old Password text box 4 Enter your new password in the New Password and Re enter New Passwo...

Страница 35: ...ssary Opens the online help glossary for CoreWatch Release Note Displays the release note s for your version of CoreWatch Cabletron Web Site submenu Product News Displays information about Cabletron S...

Страница 36: ...r 3 Learning CoreWatch Basics 36 CoreWatch User s Manual Exiting CoreWatch To exit CoreWatch select the File menu and choose Exit CoreWatch prompts you to verify that you want to exit Click the Quit b...

Страница 37: ...s the different configuration files Configuration Expert uses explains the purpose of Configuration Expert s wizards and dialog boxes discusses finding copying and deleting objects explains how to sav...

Страница 38: ...environments follow Starting Configuration Expert from the Front Panel View To save time navigating through your operating system you can open Configuration Expert while in the CoreWatch front panel v...

Страница 39: ...s 98 To start Configuration Expert in the Windows NT Windows 95 or Windows 98 environment Choose the Start menu select Programs select Cabletron CoreWatch and then choose ConfigExpert Note If you inst...

Страница 40: ...Configuration Expert icons As you configure the SSR the right pane will contain the wizard or dialog box necessary for the configuration task you are performing Configuration Tree The configuration tr...

Страница 41: ...nfiguration Expert expands the subtree to display the object s contents In the following figure the System Configuration subtree has been expanded to display the contents of the Chassis Configuration...

Страница 42: ...elect the object you want to add edit or delete After you select a configurable object the wizard or dialog box used to configure that object appears in the right pane of the Configuration Expert wind...

Страница 43: ...e used to add easily configurable objects and also to modify the configuration settings of objects once they have been added If there is a dialog box associated with an object there will be a dialog b...

Страница 44: ...nfiguration settings 3 Select the object you want to copy then drag that object to the object to which you want to apply the configuration settings Configuration Expert displays a folder icon while yo...

Страница 45: ...e bridging on the SSR as discussed in Chapter 6 Configuring SSR Bridging on page 65 3 Group physical ports on the SSR by configuring VLANs as discussed in Chapter 7 Configuring VLANs on the SSR on pag...

Страница 46: ...As The Save Configuration dialog box opens Figure 11 Save Configuration dialog box 2 Navigate to the directory in which you wish to store your configuration file and do one of the following Select on...

Страница 47: ...ctory containing the configuration file you wish to apply to the SSR and select it 3 Enter the IP address and community string for the SSR in the Switch Name IP box and Community String boxes respecti...

Страница 48: ...oxes respectively 4 Choose the Retrieve Config button Configuration Expert retrieves the specified configuration file and opens it in the main Configuration Expert window Exiting Configuration Expert...

Страница 49: ...e SSR to send system messages to a SYSLOG server Configuring the SSR for Domain Naming System DNS servers Setting up targets for SNMP traps and establishing SNMP community strings for those traps Prov...

Страница 50: ...SR is to properly configure the chassis which will be the foundation of your router s configuration file Using Configuration Expert you can determine which modules take up which slots in your router a...

Страница 51: ...select it If you accidentally select a slot other than the one you intended simply click it again to deselect it b Click one of the four module type buttons to assign that module to the slot you sele...

Страница 52: ...ash mode to its optimal setting It is recommended you not change the hash mode unless advised to do so by Cabletron Technical Support You can configure global settings for all SSR ports as well as con...

Страница 53: ...hernet ports do one of the following Otherwise skip to step 7 If you want all 10 100 Mbps Ethernet ports to detect and then use the operating mode or speed of the network segment to which the port is...

Страница 54: ...onfiguring an Individual Port Configure an individual port if you want to enable or disable that port or set the port s physical characteristics To configure an individual port 1 Start Configuration E...

Страница 55: ...stem Settings 4 Double click the module on which the port you want to configure is located The module s port list appears The number of ports in the list depends on the module type Figure 18 Sample po...

Страница 56: ...erating mode and speed of the network segment to which the port is connected select the Autodetect Port Duplex Mode and Speed check box Otherwise clear the check box to disable autodetection on the po...

Страница 57: ...ot change the hash mode unless advised to do so by Cabletron Technical Support 9 Click OK Configuring the SSR for a SYSLOG Server You can configure the SSR to send system messages to a SYSLOG server T...

Страница 58: ...5 Select the level of messages you want the SSR to log You may select one of the levels described in the following table 6 Click OK Table 5 SYSLOG error message levels Level Description Fatal Logs onl...

Страница 59: ...DNS servers you want the SSR to use You can do so by sending a ping packet to those servers 2 Start Configuration Expert if you have not already done so 3 Open the configuration file you want to modif...

Страница 60: ...IP networks You configure the SSR for SNMP by performing the following tasks Setting up targets for SNMP traps A target is a management station to which the SSR sends SNMP traps which are messages tha...

Страница 61: ...t An SNMP Trap Target dialog box similar to the following appears Figure 22 SNMP Trap Target dialog box 8 Enter the IP address of the management station from which you want to be able to access the tr...

Страница 62: ...file you want to modify and then double click that file s System Configuration object 3 Double click the SNMP Configuration object Configuration Expert displays the SNMP Trap Target and SNMP Communit...

Страница 63: ...ting one of the options described in the following table 8 Click OK Table 6 Level of access options Option Description Read only Allows SNMP GETs but not SNMP SETs on the SNMP management stations that...

Страница 64: ...Chapter 5 Changing System Settings 64 CoreWatch User s Manual...

Страница 65: ...SR uses transparent bridging to link together different segments of an Ethernet network In transparent bridging the SSR operates as a learning bridge As such it monitors traffic on subnetworks to lear...

Страница 66: ...configured for address based bridging the default each Layer 2 table entry contains a unique destination MAC address and VLAN ID Suppose that a port on the SSR is connected to a hub that is connected...

Страница 67: ...ck that file s Bridging Configuration object 3 Double click the Bridging Mode object A Bridging Mode dialog box similar to the following appears Figure 24 Bridging Mode dialog box flow based bridging...

Страница 68: ...pert adds the port to those found in the Flow Mode Bridging object which is located in the Bridging Mode object Configuring a Port for Address Based Bridging Ports are configured to use address based...

Страница 69: ...h the port you want to configure is located Configuration Expert displays the module s ports that are currently using flow based bridging From the list of ports that appears select the port that you w...

Страница 70: ...se by default The SSR uses the aging timeout to determine how long to keep learned MAC addresses Aging is a regulation mechanism the SSR uses to clean up MAC address entries that have not been used fo...

Страница 71: ...ge 70 you can set an aging timeout for learned MAC address entries that ports use by default You may override this default timeout if you want a port to use a different timeout interval To override th...

Страница 72: ...specify from 15 to 1 000 000 seconds The default is 300 seconds 8 Click OK Disabling Aging on a Port Disable aging on a port if you do not want the SSR to age MAC address entries in the port s Layer 2...

Страница 73: ...e dialog box similar to the following appears Figure 28 Bridge Aging State dialog box 5 In the Aging State Enabled list double click the module on which the port you want to disable is located Configu...

Страница 74: ...h is located in the Aging State object Enabling Aging on a Port The SSR removes aged MAC address entries from a port s Layer 2 lookup table if aging is enabled on that port Aging is enabled on all por...

Страница 75: ...is located Configuration Expert displays the module s ports on which aging is disabled From the list of ports that appears select the port on which you want to enable aging Note Clicking a module in...

Страница 76: ...information with other bridges 1 Select a root bridge 2 Calculate the shortest path from itself to the root bridge 3 Select a designated bridge A designated bridge is the bridge responsible for forwar...

Страница 77: ...select the Global STP Settings object An STP Global Settings dialog box similar to the following appears Figure 30 STP Global Settings dialog box 5 In the Bridging Priority box enter the STP bridging...

Страница 78: ...port to use if a bridge has two ports connected in a loop Port cost This attribute specifies how much a port contributes to the total cost of the path to the root bridge when the port is the root A p...

Страница 79: ...a number from 1 to 65535 The default depends on the port speed 1 for Gigabit 100 Mbps ports 10 for 100 Mbps ports and 100 for 10 Mbps ports 9 In the Priority box enter the priority you want to assign...

Страница 80: ...P dialog box similar to the following appears Figure 32 Bridging STP dialog box enabling STP 5 In the STP Disabled Ports list double click the module containing the port you want to configure Configur...

Страница 81: ...onfiguration Expert adds the port to those found in the STP Enabled Ports object which is located in the STP Port State object Disabling STP on a Port Disable STP on a port if the port does not need t...

Страница 82: ...on all of those ports 6 Click the Remove button Configuration Expert moves the selected port from the STP Enabled Ports list to the corresponding module in the STP Disabled Ports list 7 Click OK Confi...

Страница 83: ...onfiguration Expert opens the ARP wizard 5 Click Next The SmartTRUNKing Name Entry panel appears Figure 34 SmartTRUNKing Name Entry panel 6 Define the port s to be included in the SmartTRUNK by taking...

Страница 84: ...ppropriate option from the drop down list 7 Click Next The Bound Port list panel appears Figure 35 Bound Port list panel 8 Add a port to the SmartTRUNK by doing the following a In the Available Port l...

Страница 85: ...Selected Port list From the list of ports that appears select the port you do not want in the SmartTRUNK then click the Remove button 9 Continue selecting ports and clicking the Add button until you...

Страница 86: ...Chapter 6 Configuring SSR Bridging 86 CoreWatch User s Manual...

Страница 87: ...VLAN boundaries unless it passes through routers Once connected by routers VLANs are equivalent to subnets VLANs are created by grouping a set of bridged ports together as part of one bridged network...

Страница 88: ...ffic is always sent out with 802 1Q frame format VLAN Configuration Tips The following list includes tips that you should keep in mind while configuring VLANs on an SSR as discussed later in this chap...

Страница 89: ...useful for connecting SSRs together and for sending traffic of multiple VLANs on a single network segment connecting the routers Suppose you have two VLANs subnetworks of IP users on separate SSRs and...

Страница 90: ...rt by double clicking that port s module in the Trunk Ports list From the list of trunk ports that appears select the port that you want to define as an access port Then click the Remove button After...

Страница 91: ...lects all of the module s ports in that list box This is a quick way to select all of module s ports when you are defining those ports as all the same type 6 Click OK Configuration Expert adds the acc...

Страница 92: ...hen double click that file s Bridging Configuration object 3 Double click the VLAN Configuration object 4 Click the Configure New VLAN object Configuration Expert opens the VLAN wizard Figure 38 VLAN...

Страница 93: ...long You cannot begin a VLAN name with an underscore _ or the prefix SYS_ b In the VLAN ID box enter an ID number from 2 to 4093 for the VLAN The ID you enter must be unique for the VLAN If you are c...

Страница 94: ...the information you enter to define a protocol based VLAN Figure 40 VLAN Definition panel protocol based 8 Click Next A wizard panel similar to the following appears Table 8 VLAN traffic types Option...

Страница 95: ...rotocol based 9 Add a port to the VLAN by doing the following a In the Available Port list double click the module on which the port you want to add is located From the list of available ports that ap...

Страница 96: ...box This is a quick way to select all of a module s ports if you want to add or remove them all at the same time 11 Click Finish Configuration Expert adds the new VLAN to the VLANs found in the Proto...

Страница 97: ...uring VLANs on the SSR Figure 43 VLAN wizard port based 5 Click Next Configuration Expert prompts you to specify which type of VLAN you want to configure Figure 44 VLAN Type panel port based 6 Select...

Страница 98: ...In the VLAN ID box enter an ID number from 2 to 4093 for the VLAN The ID you enter must be unique for the VLAN If you are creating a VLAN that will be used on two SSRs and you want to connect those SS...

Страница 99: ...d panel similar to the following appears Figure 46 Update Port list panel port based 9 Add a port to the VLAN by doing the following a In the Available Port list double click the module on which the p...

Страница 100: ...rt you do not want in the VLAN Then click the Remove button 10 Continue selecting ports and clicking the Add button until you have added all the ports you want the VLAN to include Clicking a module ra...

Страница 101: ...Expert automatically expands the Active Configuration file s tree to the VLAN Configuration object If you are adding a VLAN to the Active Configuration file go to step 3 2 Open the configuration file...

Страница 102: ...object If you are adding a VLAN to the Active Configuration file go to step 3 2 Open the configuration file you want to modify and then double click that file s Bridging Configuration object 3 Double...

Страница 103: ...ouble click the IPX Interface Configuration object and then double click the IPX interfaces bound to VLAN object Configuration Expert displays a list of IPX interfaces bound to VLANs 4 Double click th...

Страница 104: ...he ports you want to copy appear You can copy ports from any port list such as those found in the Chassis Configuration STP Enabled STP Disabled Access Ports or Trunk Ports objects 7 Click the port yo...

Страница 105: ...he port you want to add and click the Add button Configuration Expert moves the selected port from the Available Port list to the corresponding module in the Selected Port list To remove a port double...

Страница 106: ...Chapter 7 Configuring VLANs on the SSR 106 CoreWatch User s Manual...

Страница 107: ...IP routing as specified in RFC 1812 IP is often referred to as TCP IP Acting as a connectionless packet delivery service IP does not provide a dedicated link between computers Instead IP provides dyn...

Страница 108: ...that router s routing table This is similar to sending a letter through the United States postal service The envelope has the ultimate destination address Each post office along the way checks the ul...

Страница 109: ...s on a network Traditional IP addresses are divided into network classes and the left most high order bit indicates the network class The following table describes the classes used for unicast and mul...

Страница 110: ...u should realize that interfaces bound to a single port go down when the port goes down but interfaces bound to a VLAN remain up as long as at least one port in that VLAN remains active The following...

Страница 111: ...g IP Interfaces for the SSR Configuration Expert opens the IP Interface wizard Figure 51 IP Interface wizard single port 5 Click Next An IP Interface Definition panel similar to the following appears...

Страница 112: ...between the SSR and a message s final destination Otherwise transmission speed slows down because the packets have to be fragmented 8 Set the output MAC encapsulation you want associated with the inte...

Страница 113: ...IP Interfaces for the SSR Figure 54 Bind to VLAN or Port panel single port 11 Click Next Configuration Expert displays a Bound Port List panel Figure 55 Bound Port List panel single port 12 Bind the...

Страница 114: ...VLAN 13 Click Next The Apply ACLs panel appears Figure 56 Apply ACLs panel single port 14 Specify whether you want to apply an ACL to the interface by doing one of the following To not apply an ACL s...

Страница 115: ...ltiple ACLs that use different rules but have the same name You can only apply IP ACLs to an IP interface b Use the Filter State check boxes to specify whether you want to filter out inbound traffic o...

Страница 116: ...ate an IP interface that will be bound to an existing VLAN 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you want to modify and then double click that file...

Страница 117: ...e being sent You should set the MTU equal to the smallest MTU of all the networks between the SSR and a message s final destination Otherwise transmission speed slows down because the packets have to...

Страница 118: ...el VLAN 10 Click Next and then click the Bind the interface to VLAN option in the panel that appears That option is available only if there are existing IP VLANs Figure 61 Bind to VLAN or Port panel V...

Страница 119: ...CoreWatch User s Manual 119 Chapter 8 Configuring IP Interfaces for the SSR Figure 62 Interface Definition panel VLAN 12 Click Next The Apply ACLs panel appears Figure 63 Apply ACLs panel VLAN...

Страница 120: ...y an ACL that you have not defined yet finish creating the interface Then configure the desired ACL and apply it as discussed in Chapter 13 Configuring Security on the SSR on page 207 14 If you specif...

Страница 121: ...L permits all traffic Modifying IP Interface Definitions Modify IP interface definitions to perform the following operations Change the interface s name Disable or enable the interface Change the inte...

Страница 122: ...ew IP address in the Bound Port Address dialog box that appears and click OK 8 If you want to bind the interface to a different port or VLAN do one of the following If you are modifying a port bound i...

Страница 123: ...can remove an ACL by selecting it in the Selected ACLs list and then clicking Remove Note You may also apply an ACL by copying it as discussed in Copying an ACL to Apply It to an Interface on page 225...

Страница 124: ...ter Redundancy Protocol VRRP End host systems on a LAN are often configured to send packets to a statically configured default router If this default router becomes unavailable all the hosts that use...

Страница 125: ...ting Configuration object 4 Double click the VRRP Configuration object 5 Click the VRRP Trace Options object The VRRP Trace Options dialog box appears Figure 68 VRRP Trace Options dialog box 6 Select...

Страница 126: ...ne so 2 Open the configuration file you want to modify and then double click that file s Routing Configuration object 3 Double click the IP Routing Configuration object 4 Double click the VRRP Configu...

Страница 127: ...or the SSR The VRRP Interface Definition panel appears Figure 70 VRRP Interface Definition panel 7 Select the name of your VRRP interface from the Interface Name drop down list then click Next The VRR...

Страница 128: ...dvanced tab Figure 72 VRRP Router panel Advanced tab 11 If you wish specify the following options on the Advanced tab of the VRRP Router panel a Specify values in the Priority and Advertise Interval b...

Страница 129: ...ck the VRRP Router Configuration object then select the existing VRRP interface you wish to modify The VRRP Router dialog box appears Figure 73 VRRP Router dialog box Definition tab 6 Specify a router...

Страница 130: ...he Authorization Type drop down list c Specify an authorization key in the Authorization Key box You can specify a key string up to eight characters in length d Specify whether you want to disable pre...

Страница 131: ...ting and IPX For details on multicast routing see Chapter 10 Configuring Multicast Routing on the SSR on page 147 For details on IPX see Chapter 11 Configuring the SSR for IPX Routes on page 159 Note...

Страница 132: ...IP Unicast Global Parameters dialog box similar to the following appears Figure 75 IP Unicast Global Parameters dialog box 5 Enter a number from 1 to 65534 to specify the SSR s autonomous system numb...

Страница 133: ...to MAC addresses Define static ARP entries if you want the SSR to use those entries rather than using ARP to automatically resolve host and MAC address entries To define static ARP entries 1 Start Con...

Страница 134: ...CoreWatch User s Manual Figure 77 Static ARP Entry panel 6 Enter the IP address and MAC address of the host s ARP entry in the appropriate text boxes then click Next Configuration Expert displays a B...

Страница 135: ...Finish Defining Static Route Entries Static route entries specify routes you want to explicitly configure and enter into the SSR s routing table Define static route entries if you want to configure s...

Страница 136: ...to 255 in the Route Preference box As discussed in What Is Preference on page 138 you can set preferences in several places The SSR uses preference values to determine the preference of routes from on...

Страница 137: ...her RIP interface or gateway In addition to being able to specify the handling of RIP packets on individual interfaces you can configure the SSR for the following Trusted gateways A trusted gateway is...

Страница 138: ...icating the most preferred route Preference may not be used to control the selection of routes within RIP or another Interior Gateway Protocol IGP because that is accomplished automatically by the pro...

Страница 139: ...110 2 Enable RIP on the SSR and specify global parameters if necessary For details on these tasks see Setting RIP Global Parameters on page 139 3 Configure IP interfaces for RIP For details on this ta...

Страница 140: ...utes learned by RIP To set the preference enter a number from 0 to 255 in the Default Route Preference box The preference you specify applies to all IP RIP interfaces on the SSR Note Cabletron Systems...

Страница 141: ...ver send RIP broadcasts on attached interfaces Select Choose to configure the SSR to send RIP broadcasts only if more than one interface is configured on the SSR This is the default state 9 Click OK D...

Страница 142: ...P Enabled Interface object A RIP Interface Definition dialog box similar to the following appears Figure 81 RIP Interface Definition dialog box 6 Select the IP interface you want to define as an IP RI...

Страница 143: ...select Disabled The setting of this option does not affect the sending of updates to source gateways RIP Protocol Version Select which version of RIP is used on the interface Interface Type Specify w...

Страница 144: ...ng information If trusted gateways are specified only updates from those gateways are accepted Add trusted gateways if you want the SSR to accept RIP updates from only specific sources To add trusted...

Страница 145: ...uting object Double click the RIP Source Gateways object 5 Click the Configure New RIP Source Gateway object 6 In the RIP Source Gateway dialog box that appears enter the IP address or host name of a...

Страница 146: ...Chapter 9 Configuring Unicast Routing on the SSR 146 CoreWatch User s Manual also set up security as discussed in Chapter 13 Configuring Security on the SSR on page 207 Both tasks are optional...

Страница 147: ...SSR provides an overview of the SSR s implementation of IGMP discusses configuring IGMP on the SSR In addition to configuring the SSR for multicast routing you can configure the SSR for unicast routin...

Страница 148: ...control internetwork traffic on each DVMRP interface Threshold values determine whether traffic is either restricted or not restricted to a subnet site or region Scopes define a set of multicast addr...

Страница 149: ...on Expert if you have not already done so 2 Open the configuration file you want to modify and then double click that file s Routing Configuration object 3 Double click the IP Routing Configuration ob...

Страница 150: ...ration object 4 Double click the IP Multicast Routing object and then double click the DVMRP Routing object Double click the DVMRP Interfaces object 5 Do one of the following If you are modifying the...

Страница 151: ...e object Defining DVMRP Tunnels Configuration Expert lets you define DVMRP tunnels for sending multicast traffic between two end points DVMRP treats a tunnel as another DVMRP interface When configurin...

Страница 152: ...l select the Configure New IP Tunnel option An IP Tunnel Definition dialog box similar to the following appears Figure 84 IP Tunnel Definition dialog box 5 Enter the tunnel s name 6 Enter the IP addre...

Страница 153: ...to modify and then double click that file s Routing Configuration object 3 Double click the IP Routing Configuration object 4 Double click the IP Multicast Routing object Then double click the DVMRP...

Страница 154: ...the list of tunnels found in the DVMRP Tunnels object The tunnels on which DVMRP is disabled are included in the list of tunnels found in the IP Tunnel Configuration object What Is IGMP IGMP is a grou...

Страница 155: ...elp a router determine changes to host membership A longer host query interval means less IGMP queries on the network For hosts not sending explicit messages about when they leave a group the host que...

Страница 156: ...rs Figure 86 IGMP Global Parameters Configuration dialog box 5 In the Query Timer box specify how often the SSR sends packets to learn which hosts are available You specify the interval in seconds and...

Страница 157: ...IGMP is enabled double click the IGMP Enabled Interfaces object Then select the interface you want to change If you are modifying the settings of an interface on which IGMP is disabled double click t...

Страница 158: ...terfaces on which IGMP is disabled to the list of interfaces found in the IGMP Disabled Interface object What to Do Next As discussed in the following list what you do after configuring IP interfaces...

Страница 159: ...ntry for an IPX server to the IPX SAP table What Is IPX IPX which is a datagram connectionless protocol performs various tasks including addressing and routing and switching information packets from o...

Страница 160: ...all IPX interfaces The SSR will keep multiple routes to the same network having the lowest ticks and hop count Static routes can be configured on the SSR using the CLI s ipx add route command Through...

Страница 161: ...nding an interface to a MAC address is optional If you do not bind an interface to a MAC address the interface uses the system address The procedure for creating an IPX interface depends on whether yo...

Страница 162: ...the SSR for IPX Routes 162 CoreWatch User s Manual Figure 88 IPX Interface wizard single port 5 Click Next An IPX Interface Definition panel similar to the following appears Figure 89 Interface Defini...

Страница 163: ...capsulation you want associated with the interface by selecting one of the following from the Output MAC Encapsulation drop down list ethernet_II the default ethernet_802_3 ethernet_snap ethernet_802_...

Страница 164: ...ser s Manual Figure 91 Bind to VLAN or Port panel single port 10 Click Next Configuration Expert displays a Bound Port List panel similar to the following Figure 92 Bound Port List panel single port 1...

Страница 165: ...VLAN 12 Click Next The Apply ACLs panel appears Figure 93 Apply ACLs panel single port 13 Specify whether you want to apply an ACL to the interface by doing one of the following To not apply an ACL se...

Страница 166: ...ts you configure multiple ACLs that use different rules but have the same name You can apply IPX IPX RIP and IPX SAP ACLs to an IPX interface b Use the Filter State check boxes to specify whether you...

Страница 167: ...e last rule of the ACL permits all traffic Creating IPX Interfaces Bound to a VLAN If you have created an IPX VLAN you can bind that VLAN to an IPX interface while creating the interface To create an...

Страница 168: ...in the Interface Name box Then either select Up to enable the interface or select Down to disable it 7 Set the output MAC encapsulation you want associated with the interface by selecting one of the f...

Страница 169: ...l VLAN 9 Click Next and then select the Bind the interface to VLAN option in the panel that appears This option is available only if there are existing IPX VLANs Figure 98 Bind to VLAN or Port panel V...

Страница 170: ...Chapter 11 Configuring the SSR for IPX Routes 170 CoreWatch User s Manual Figure 99 Interface Defintion panel VLAN 11 Click Next The Apply ACLs panel appears Figure 100 Apply ACLs panel...

Страница 171: ...you plan to apply an ACL that you have not defined yet finish creating the interface Then configure the desired ACL and apply it as discussed in Applying ACLs to IP or IPX Interfaces on page 224 13 If...

Страница 172: ...ew interface to those found in the IPX interfaces bound to VLAN object Note When you apply an ACL to an interface the SSR appends an implicit deny rule to that ACL The implicit deny rule denies all tr...

Страница 173: ...rface Definition dialog box 6 If you want to edit the name interface state or MAC encapsulation fields specify values as you do when creating an IPX interface Then click OK 7 If you want to change the...

Страница 174: ...e ACLs You can apply two of each of the different IPX ACLs IPX IPX RIP and IPX SAP to an IPX interface Figure 103 Update ACL List dialog box You can add an ACL by selecting it in the Available IPX ACL...

Страница 175: ...ch as file servers and print servers to advertise their services and addresses SAP makes the process of advertising and removing services dynamic On the SSR you can also add static IPX SAP entries Thr...

Страница 176: ...ies regardless of hop count Moreover when a dynamic route associated with the SAP entry is deleted or lost the SSR does not advertise the IPX SAP entry until it relearns the route entry To configure s...

Страница 177: ...able 16 IPX SAP fields Field Description Server Name Name of the IPX server You can use any characters in the name except the following Service Type The type of service Network The IPX network address...

Страница 178: ...at to Do Next After configuring the SSR for IPX you may perform the following tasks Both tasks are optional Control traffic as discussed in Chapter 12 Configuring QoS on the SSR on page 179 Set up sec...

Страница 179: ...configuring QoS policies to define flows provides details about modifying existing QoS profiles What Is QoS On the SSR QoS is a set of parameters that let you do the following Establish a queuing pol...

Страница 180: ...any value for that field Establishing the SSR s Queuing Policy You can establish one of the following queuing policies on the SSR to set the priority of the SSR s traffic Strict priority This policy...

Страница 181: ...you enter apply to all ports Make sure the total percentages for all four priorities equals 100 You cannot set a control priority to 0 7 Click OK Associating Precedences to Layer 3 Layer 4 Flows You...

Страница 182: ...eady done so 2 Open the configuration file you want to modify and then double click that file s QoS Configuration object 3 Double click the Global Settings object 4 Double click the QoS Precedence obj...

Страница 183: ...7 7 Click OK Assigning IPX QoS Precedence You can set the QoS precedence for the following flow fields in IPX traffic Destination network Source network Destination node Source node Destination port S...

Страница 184: ...ion Node Address 3 Source Node Address 4 Destination Socket Address 5 Source Socket Address 6 IPX Interface 7 7 Click OK Creating QoS Profiles On the SSR you can have multiple IP IPX and Layer 2 flows...

Страница 185: ...creating QoS policies for the different flow types follow Creating a QoS Profile for an IP Flow To create a QoS profile for an IP flow 1 Start Configuration Expert if you have not already done so 2 Op...

Страница 186: ...86 CoreWatch User s Manual Figure 110 QoS Flow Types panel IP flow 5 Click Next A QoS L3 L4 Flow Priority panel similar to the following appears Figure 111 QoS L3 L4 Flow Priority panel IP flow 6 Ente...

Страница 187: ...ystem traffic such as HTTP FTP and so on high Assigns high priority to the IP flow fields you specify medium Assigns medium priority to the IP flow fields you specify low Assigns low priority to the I...

Страница 188: ...assumes a mask of 255 255 255 255 You cannot substitute the mask by entering ANY The option ANY is for the entire Source Address and Source Mask pair Destination Mask Enter the destination network ma...

Страница 189: ...figuration Expert adds the QoS Profile to those included in the IP QoS Profiles object If you selected Yes click Next In the Policy Input Interface List panel that appears specify which interfaces you...

Страница 190: ...After you click Finish Configuration Expert adds the QoS Profile to those included in the IP QoS Profiles object Creating a QoS Profile for an IPX Flow To create a QoS profile for an IPX flow 1 Start...

Страница 191: ...er 12 Configuring QoS on the SSR Figure 114 QoS wizard IPX flow 4 Click Next Configuration Expert prompts you to specify which type of flow you want to define Figure 115 Qos Flow Types panel IPX flow...

Страница 192: ...rities you may set Table 19 IPX flow priorities Priority Description control Assigns control priority to the IPX flow fields you specify This is the highest priority Note Control priority is reserved...

Страница 193: ...al digits If you do not specify a mask value and instead use the value ANY the SSR internally sets the mask to FFFFFFFF Source MAC Addr Enter the source node address Specify it in the following format...

Страница 194: ...click Finish Configuration Expert adds the QoS Profile to those included in the IPX QoS Profiles object If you selected Yes click Next In the panel that appears specify which interfaces you want to ap...

Страница 195: ...ter you click Finish Configuration Expert adds the QoS Profile to those included in the IPX QoS Profiles object Creating a QoS Profile for a Layer 2 Flow To create a QoS profile for a Layer 2 flow 1 S...

Страница 196: ...R 196 CoreWatch User s Manual Figure 119 QoS wizard Layer 2 flow 4 Click Next Configuration Expert prompts you to specify which type of flow you want to define Figure 120 QoS Flow Types panel Layer 2...

Страница 197: ...rities you may set Table 21 L2 flow priorities Priority Description control Assigns control priority to the Layer 2 flow fields you specify This is the highest priority Note Control priority is reserv...

Страница 198: ...anel Layer 2 flow 10 Do one of the following If you selected No click Finish Configuration Expert adds the QoS Profile to those included in the Layer 2 QoS Profiles object If you selected Yes click Ne...

Страница 199: ...click Finish Configuration Expert adds the QoS Profile to those included in the Layer 2 QoS Profiles object Modifying QoS Profiles After you create a QoS profile you can modify a flow s definition to...

Страница 200: ...he flow s name priority or fields by editing the appropriate options The values for these options were specified when the QoS profile was created For details on these options see Creating a QoS Profil...

Страница 201: ...options were specified when the QoS profile was created For details on these options see Creating a QoS Profile for an IPX Flow on page 190 If you are creating a new flow based on an existing one chan...

Страница 202: ...e was created For more information on these options see Creating a QoS Profile for a Layer 2 Flow on page 195 If you are creating a new flow based on an existing one changing the flow name is optional...

Страница 203: ...interface list double click the IP QoS Profiles object If you are modifying an IPX flow s interface list double click the IPX QoS Profiles object 4 From the list of flows that appears double click th...

Страница 204: ...uting Configuration object Then double click the IP Interface Configuration object If you are applying an IPX flow to an IPX interface double click the IPX Routing Configuration object Then double cli...

Страница 205: ...ch ports you want the flow to apply to by adding and removing ports in the port list To add a port double click its module in the Available Port list select the port from the list of ports that appear...

Страница 206: ...Chapter 12 Configuring QoS on the SSR 206 CoreWatch User s Manual...

Страница 207: ...e router Each ACL or each list consists of one or more rules describing a particular type of IP or IPX traffic An ACL can be simple and consist of only one rule or complicated with many rules Each rul...

Страница 208: ...t if you have not already done so 2 Open the configuration file you want to modify and then double click that file s Security Configuration object 3 Double click the IP Security object 4 Click the Con...

Страница 209: ...ual 209 Chapter 13 Configuring Security on the SSR Figure 130 IP ACL Name panel 6 Enter the ACL s name in the ACL Name box and click Next An IP ACL Rule panel similar to the following appears Figure 1...

Страница 210: ...s that the value is a wildcard as if you had entered ANY Table 23 IP TCP UDP ACL rule criteria fields Field Description Source Address Enter the source address of the flow Source Mask Enter the filter...

Страница 211: ...r both TCP and UDP you do not need to define two separate rules Instead you can define one IP rule and specify the port that the service uses You can specify a range of port numbers using operator sym...

Страница 212: ...ctions Permit or deny traffic from one computer to another To set up this type of ACL you configure an IPX ACL Set up RIP filters which permit or deny IPX RIP network advertisements To set up such fil...

Страница 213: ...ual 213 Chapter 13 Configuring Security on the SSR Figure 132 IPX Security wizard 5 Click Next Configuration Expert prompts you for the ACL s name Figure 133 IPX ACL Name panel 6 Enter the ACL s name...

Страница 214: ...214 CoreWatch User s Manual You can use a string of characters or a number 7 Click Next An IPX ACL Type panel similar to the following appears Figure 134 IPX ACL Type panel 8 Click Next An IPX ACL Ru...

Страница 215: ...source s network address You can enter ANY to specify a wildcard don t care condition The SSR will interpret this number in hexadecimal format You do not need to use a Ox prefix Source Net Mask Enter...

Страница 216: ...same as the syntax for the source address You can enter ANY to specify a wildcard don t care condition The SSR will interpret this number in hexadecimal format You do not need to use a Ox prefix Dest...

Страница 217: ...anel when you are defining that rule Setting Up IPX RIP Filters Set up IPX RIP filters to permit or deny IPX RIP network advertisements You set up such filters by configuring an ACL for IPX RIP interf...

Страница 218: ...oreWatch User s Manual Figure 137 IPX ACL Name panel RIP 6 Enter the ACL s name in the ACL Name box You can use a string of characters or a number 7 Click Next An IPX ACL Type panel similar to the fol...

Страница 219: ...IP and click Next An IPX RIP ACL Rule panel similar to the following appears Figure 139 IPX ACL Rule panel RIP 9 If you want to permit IPX RIP network advertisements that meet the rule s criteria sele...

Страница 220: ...tomatically assigned by Configuration Expert A rule s number is included in the Rule box of the IPX ACL Rule panel when you are defining that rule Table 25 IPX RIP ACL rule criteria fields Field Descr...

Страница 221: ...so take the following steps 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you want to modify and then double click that file s Security Configuration objec...

Страница 222: ...oreWatch User s Manual Figure 141 IPX ACL Name panel SAP 6 Enter the ACL s name in the ACL Name box You can use a string of characters or a number 7 Click Next An IPX ACL Type panel similar to the fol...

Страница 223: ...rvice advertisements that meet the rule s criteria select the Permit option Otherwise block such advertisements by selecting the Deny option 10 Define the rule s criteria by specifying values for the...

Страница 224: ...CL can be applied to examine either inbound or outbound traffic Inbound traffic is traffic coming into the router Outbound traffic is traffic that is going out of the router When you apply an ACL to a...

Страница 225: ...es and previously defined IPX IPX RIP or IPX SAP ACLs only to IPX interfaces Caution You can apply up to two IP ACLs to an IP interface and you can apply two of each of the different IPX ACLs IPX IPX...

Страница 226: ...the Access Control List Edit ACL dialog box that appears ensure that there is a check mark in the Input check box and also make sure the Output check box is blank Then click OK b Click an ACL that you...

Страница 227: ...Ls object In the Update ACL List dialog box that appears remove the interface s current ACL and add the new one To apply an IPX IPX RIP or IPX SAP ACL double click the Applied IPX ACLs object In the U...

Страница 228: ...Security Layer 2 security filters on the SSR allow you to configure ports to filter specific MAC addresses When defining a Layer 2 security filter you specify to which ports you want the filter to ap...

Страница 229: ...tination MAC address which filters out any frame destined to a specific destination MAC address A flow which filters out any frame coming from a specific source MAC address that is also destined to a...

Страница 230: ...reWatch User s Manual Configuration Expert prompts you to select a filter type Figure 146 L2 Filter Type panel address filter 6 Click Next An L2 Address Filter panel similar to the following appears F...

Страница 231: ...list select the port from the port list that appears and click the Add button Clicking a module rather than double clicking it selects all of that module s ports This is a quick way to apply the filte...

Страница 232: ...ter 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you want to modify and then double click that file s Security Configuration object 3 Double click the L2...

Страница 233: ...nfiguring Security on the SSR Figure 150 L2 Filter Type panel lock filter 6 Select L2 Port Address Lock Filters and click Next An L2 Port Address Lock Filter panel similar to the following appears Fig...

Страница 234: ...rt list select the port from the port list that appears and click the Add button Clicking a module rather than double clicking it selects all of that module s ports This is a quick way to apply the fi...

Страница 235: ...ced to go to a set of ports Flow static entry which specifies that any frame coming from a specific source MAC address that is destined to a specific destination MAC address will be allowed disallowed...

Страница 236: ...eWatch User s Manual Figure 154 L2 Filter Type panel static entry filter 6 Select L2 Static Filters and click Next An L2 Static Filter panel similar to the following appears Figure 155 L2 Static Filte...

Страница 237: ...Specify the source MAC address destination MAC address and VLAN ID in the appropriate text boxes Use the source MAC address for source or flow entries Use the Destination MAC Address for destination...

Страница 238: ...ers with static entries in the following ways Combine a source secure port filter with a source static entry to drop all received traffic but allow any frame coming from a specific source MAC address...

Страница 239: ...guring Security on the SSR Figure 157 L2 Security wizard secure port filter 5 Click Next Configuration Expert prompts you to select a filter type Figure 158 L2 Filter Type panel secure port filter 6 S...

Страница 240: ...l secure port filter 7 Enter the filter s name in the Name box 8 Select either the Source or Destination option to specify whether the filter is to secure a source port or a destination port 9 Specify...

Страница 241: ...ule s ports If you accidentally add a wrong port remove it by selecting it in the Selected Port list box and clicking the Remove button 11 Click Finish Configuration Expert adds the filter to those fo...

Страница 242: ...ollowing Double click the IP Security object and then the IP ACLs object if you are modifying an IP ACL Double click the IPX Security object if you are modifying an IPX ACL Then double click the objec...

Страница 243: ...u want to modify The Create New Rule object Click this object if you want to add a new rule 5 Edit the ACL Rule Definition dialog box that appears The dialog box s rule options are the same as those y...

Страница 244: ...port bindings 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you want to modify and then double click that file s Security Configuration object 3 Double cl...

Страница 245: ...le click its module in the Available Port list select the port from the list of ports that appears and click the Add button To remove a port double click its module in the Selected Port list select th...

Страница 246: ...Chapter 13 Configuring Security on the SSR 246 CoreWatch User s Manual...

Страница 247: ...te advertisement for the multiaccess network and has other special responsibilities The designated router concept reduces the number of adjacencies required on a multiaccess network An adjacency is an...

Страница 248: ...lation of the protocol if an OSPF router did not participate fully in the area s OSPF so it is not possible to override this Although it is possible to give other routes lower preference values explic...

Страница 249: ...ystem link state advertisements are generated and flooded into OSPF Specify an integer value equal to or greater than 1 The default is 1 7 In the ASE LSA Export Limit box specify how many autonomous s...

Страница 250: ...en the configuration file you want to modify and then double click that file s Routing Configuration object 3 Double click the IP Routing Configuration object 4 Double click the IP Unicast Routing obj...

Страница 251: ...select Stub specify the cost to be used to inject a default route into the area To do so enter a number from 0 to 65535 in the Cost box that appears after you select the Stub option 9 Click Next In t...

Страница 252: ...lected Yes to specify you want to associate a network with the area use the OSPF Network Definition panel that appears to specify which network you want to associate with the area Otherwise skip to st...

Страница 253: ...isement d To associate another network with the area select the Add More Address checkbox click Next and repeat step a through step c until you associate all the appropriate networks 11 Click Next In...

Страница 254: ...teps a From the Interface Name Address drop down list select the IP interface you want to configure as a broadcast interface b Select the appropriate Interface State option to enable or disable the in...

Страница 255: ...ure 170 OSPF Area Broadcast Interface panel Advanced tab Table 27 Broadcast interface cost and designated router priority description Option Description Interface Cost Enter the sum of all interfaces...

Страница 256: ...imated number of seconds required to transmit a link state update over the interface Transit delay takes into account transmission and propagation delays and must be greater than 0 Specify an integer...

Страница 257: ...Add Non Broadcast Interface panel 14 If you selected Yes to specify you want to add a non broadcast interface add the interface Otherwise skip to step g Figure 172 OSPF Area Non Broadcast Interface p...

Страница 258: ...the non broadcast interface in the appropriate text boxes See the following table for more detailed information e Click the Advanced tab Table 29 Non broadcast interface cost and designated router pri...

Страница 259: ...Interval Enter the number of seconds between link state advertisement retransmissions for adjacencies belonging to the interface Specify an integer value equal to or greater than 1 The default is 5 se...

Страница 260: ...t to point and non broadcast interfaces Router Dead Interval Enter an integer value from 0 to 255 to specify the number of seconds that may occur without Hello packets being heard before the router s...

Страница 261: ...erface ii Select or clear the Eligible to Become Designated Router check box to specify whether the OSPF NBMA neighbor is eligible for becoming a designated router iii To add another neighbor select t...

Страница 262: ...Figure 175 Add Non Broadcast Interface panel j Do one of the following If you select Yes click Next and then add another non broadcast interface specifying options as you did when you added the other...

Страница 263: ...pert prompts you to specify whether you want to add a stub host Figure 176 Add Stub Host panel 15 Do one of the following If you do not want to add a stub host select No If you want to add a stub host...

Страница 264: ...ertised for the directly attached stub host c To add another stub host select the Add More Stub Hosts check box click Next and then repeat step a and step b until you add all the appropriate stub host...

Страница 265: ...he SSR Figure 178 Add Virtual Links panel b Select Yes and then click Next A Virtual Link panel similar to the following appears Figure 179 OSPF Area Virtual Link panel Definition tab c Enter a virtua...

Страница 266: ...f Click the Advanced tab Figure 180 OSPF Area Virtual Link panel Advanced tab g Set the options on the virtual link as discussed in the following table Table 31 Virtual link options Option Descriptio...

Страница 267: ...ject Networks Interfaces and so on you want to modify Click the object you want to modify 7 Edit the object s dialog box LSA Retransmission Interval Enter the number of seconds between link state adve...

Страница 268: ...OSPF on the SSR 268 CoreWatch User s Manual The options of the dialog box are the same as those you specified while creating the area table For details on specifying these options see Creating OSPF A...

Страница 269: ...signed to handle multi AS and security issues Similarly using static routes may not be the best choice for exchanging AS AS routing information because there may be a large number of routes or the rou...

Страница 270: ...erence and metric values as well as the cluster identification To set the SSR s global BGP parameters 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you wan...

Страница 271: ...ting Configuration object 3 Double click the IP Routing Configuration object 4 Double click the IP Unicast Routing object 5 Double click the BGP Routing object 6 Double click the BGP Groups object and...

Страница 272: ...BGP on the SSR 272 CoreWatch User s Manual Configuration Expert opens the BGP wizard Figure 182 BGP wizard 7 Click Next The BGP Peer Group Definition panel appears Figure 183 BGP Peer Group Definitio...

Страница 273: ...me or address by selecting an option from the Interface Name Address drop down list f Enter a BGP gateway for your SSR in the Gateway box If a network is not part of the peer group this option specifi...

Страница 274: ...Chapter 15 Configuring BGP on the SSR 274 CoreWatch User s Manual Figure 184 BGP Peer Group Definition panel Options tab...

Страница 275: ...r Add Host to Peer Group panel Enable Route Reflection Specifies that GateD will act as a route reflector for the peer group All routes received from any group member will be sent to all other interna...

Страница 276: ...ave full connectivity to each other or broken political situations Note This option may cause inefficient routes to be followed Cabletron recommends that you use this option only for external groups S...

Страница 277: ...l peers Note This option is ignored when set on internal groups or peers Advertise Routes with Looped AS Path to ver 4 Peers Prevents routes with looped autonomous system paths from being advertised t...

Страница 278: ...nce Note This option is designed to be used with internal routing and IGP peer groups Route Preference Specifies the preference used for routes learned from these peers This can differ from the defaul...

Страница 279: ...Currently ver 2 ver 3 and ver 4 are supported Route In Delay Used to dampen route fluctuations The In Delay option specifies the amount of time in seconds a route learned from a BGP peer must remain...

Страница 280: ...Peers option is turned on the SSR will still send multiple copies of its own autonomous system if the this option is set to something greater than 1 In addition if the value of the AS Count option cha...

Страница 281: ...the Add Peer Hosts to the BGP Group or Add Peer Networks to the BGP Group option and click Next 15 If you specified that you want to add peer hosts to the BGP use the Add Host to BGP Group panel that...

Страница 282: ...your SSR in the Gateway box c Select either or both of the Generate Default Route and Retain All Routes options by checking their respective boxes Figure 188 Add Host to BGP Group panel Options tab d...

Страница 283: ...terconnect media in cases where the routers on the shared medium do not really have full connectivity to each other or broken political situations Note This option may cause inefficient routes to be f...

Страница 284: ...ing to avoid advertising routes to peers that would automatically and erroneously forward routes on to version 3 neighbors Log Message Whenever BGP Peer Changes State Instructs the SSR to log an infor...

Страница 285: ...the Advanced tab according to the guidelines in the following table Table 36 Add Host to BGP Group advanced options Option Description Metric Out Specifies the primary metric used on all routes sent t...

Страница 286: ...reachable In either case incoming connections will only be recognized as matching a configured peer if they are addressed to the configured local address Note This option is designed to be used with i...

Страница 287: ...d the autonomous system path to an external neighbor The default value for this option is 1 Higher values are typically used to bias upstream neighbors route selection Note This option supersedes the...

Страница 288: ...sh to add another individual network to the BGP check the Add More Networks option click Next and repeat step 18 and step 19 until you have specified all of the networks you wish to add to the BGP 21...

Страница 289: ...g appears Figure 191 BGP Peer Group Definition dialog box Definition tab 7 Specify the general BGP options you wish to change by going through the following procedure a Select a BGP type from the Type...

Страница 290: ...oute and Retain All Routes options by checking their respective boxes 8 Click the Options tab Figure 192 BGP Peer Group Definition dialog box Options tab 9 If you wish activate or deactivate one or mo...

Страница 291: ...act as a route reflector for the peer group All routes received from any group member will be sent to all other internal neighbors and all routes received from any other internal neighbors will be sen...

Страница 292: ...r non existing route deletions Normally these events are silently ignored Show Warnings This option instructs GateD to specify the router identification in the aggregate attribute to be 0 instead of i...

Страница 293: ...tructs the SSR to log an informational message whenever an associated peer s state changes Log Message Whenever BGP Peer Changes State Specifies that the next hop in route advertisements for this peer...

Страница 294: ...nce Note This option is designed to be used with internal routing and IGP peer groups Route Preference Specifies the preference used for routes learned from these peers This can differ from the defaul...

Страница 295: ...uring negotiation If no version is specified version negotiation proceeds using the highest supported version first Currently ver 2 ver 3 and ver 4 are supported Route In Delay Used to dampen route fl...

Страница 296: ...se Routes with Looped AS Path to ver 4 Peers option Regardless of whether or not the Advertise Routes with Looped AS Path to ver 4 Peers option is turned on the SSR will still send multiple copies of...

Страница 297: ...and OSPF Routing Policy Defaults Before setting out to configure any definitive routing policies you can first use Configuration Expert to configure default or global routing policy attributes for all...

Страница 298: ...lick the Routing Policy Configuration object 6 Double click the Global Default Parameters object and click the RIP Defaults object A RIP Policy Defaults dialog box similar to the following appears Fig...

Страница 299: ...6 in order to allow the SSR to export routes from other protocols such as OSPF into RIP 9 Click OK Setting OSPF Routing Policy Defaults To set default values for OSPF s metric and preference that will...

Страница 300: ...h OSPF by entering a number from 0 to 65535 in the Cost box 9 Specify the OSPF interface type by selecting the appropriate option either Type 1 or Type 2 under Interface Type 10 Click OK A Look at the...

Страница 301: ...Configuration Expert to create RIP OSPF and BGP export destination building blocks The method you use to define these building blocks depends on which protocol the building block is for Separate discu...

Страница 302: ...ption and then specify IP address for the given gateway in the associated text box 11 Specify whether the SSR restricts the export route or associates a metric with the exported route by doing one of...

Страница 303: ...le click that file s Routing Configuration object 3 Double click the IP Routing Configuration object 4 Double click the IP Unicast Routing object 5 Double click the Routing Policy Configuration object...

Страница 304: ...select Inherited if you want the SSR to use the default metric from the routing policy 13 Click OK 14 Repeat step 8 through step 13 until you create all the OSPF export destinations you plan to includ...

Страница 305: ...iously specified as described in Configuring and Modifying Optional Attribute Building Blocks on page 334 12 If you wish specify a sequence number for the export destination in the Sequence Number box...

Страница 306: ...on these tasks follow Configuring Aggregate Destinations To create aggregate destination building blocks 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you...

Страница 307: ...te option 11 In the Route Preference box specify the preference you want to assign to the resulting aggregate route You can specify a value between 0 and 64 000 The default value is 130 12 If you wish...

Страница 308: ...te destinations to change their name type route preference or path name format To create aggregate destination building blocks 1 Start Configuration Expert if you have not already done so 2 Open the c...

Страница 309: ...these export sources you can use them to create or modify a number of routing policies using a variety of source protocols The procedure for defining an export source depends on whether you are confi...

Страница 310: ...export source in the Source Name box 10 Under Export RIP Routes specify whether the SSR restricts the export or associates a metric with the exported route by doing one of the following If you do not...

Страница 311: ...iguration Expert if you have not already done so 2 Open the configuration file you want to modify and then double click that file s Routing Configuration object 3 Double click the IP Routing Configura...

Страница 312: ...route by doing one of the following If you do not want the SSR to export any routes from the source select the Restrict export to the specified OSPF source option If you want the SSR to associate a me...

Страница 313: ...n object 6 Double click the Building Blocks object 7 Double click the Export Source object 8 Double click the BGP object and then do one of the following If you are creating a new export source click...

Страница 314: ...licies Configuring and Modifying Autonomous System Path Export Sources An autonomous system path export source building block specifies a source for exporting AS path routes into other protocols To de...

Страница 315: ...th export source in the Source Name box 10 Under Source Definition specify the following source criteria a Specify the autonomous system path regular expression in the AS Path Regular Expression box b...

Страница 316: ...eat step 9 through step 12 until you create all of the AS Path export sources you plan to include in your export policies Configuring and Modifying Tag Export Sources A tag export source building bloc...

Страница 317: ...following source criteria a Specify a source protocol by selecting one of the following seven options from the Protocol drop down list all static direct aggregate rip ospf bgp Note If you select the...

Страница 318: ...he export of routes from a source with routes directly attached to interfaces To define direct export source building blocks that can be used for either RIP or OSPF 1 Start Configuration Expert if you...

Страница 319: ...rom the source select the Restrict export from the specified Direct Source option If you want the SSR to associate a metric with the exported routes select a metric from the Route Metric drop down lis...

Страница 320: ...le click the Building Blocks object 7 Double click the Export Source object 8 Double click the Static object and then do one of the following If you are creating a new export source click the Configur...

Страница 321: ...ultiple routes over various protocols while simultaneously associating an identifier with the routes Note In order to define an aggregate export source building block you must have previously configur...

Страница 322: ...of the following If you do not want the SSR to export any routes from the source select the Restrict export from this Source option If you want the SSR to associate a metric with the exported routes...

Страница 323: ...g RIP Import Sources To define RIP import source building blocks 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you want to modify and then double click tha...

Страница 324: ...e Imported from Gateway option and specify that gateway s IP address in the associated text box 11 Specify whether the SSR restricts the import or associates a preference with the imported routes by d...

Страница 325: ...Open the configuration file you want to modify and then double click that file s Routing Configuration object 3 Double click the IP Routing Configuration object 4 Double click the IP Unicast Routing o...

Страница 326: ...SSR to import any routes from the source select the Restrict Route Import from the specified OSPF Source option If you want the SSR to associate a preference with the imported routes enter a number fr...

Страница 327: ...t Routing object 5 Double click the Routing Policy Configuration object 6 Double click the Building Blocks object 7 Double click the Import Source object click the BGP object and then do one of the fo...

Страница 328: ...own list The available optional attributes in this drop down list are a collection of pre defined optional attributes you may have previously specified as described in Configuring and Modifying Option...

Страница 329: ...then double click that file s Routing Configuration object 3 Double click the IP Routing Configuration object 4 Double click the IP Unicast Routing object 5 Double click the Routing Policy Configurati...

Страница 330: ...selection select the none option This selection may also be carried out by using route filters 11 Specify whether the routes are to be considered as contributors to the aggregate source by turning the...

Страница 331: ...ilters 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you want to modify and then double click that file s Routing Configuration object 3 Double click the I...

Страница 332: ...he following step Otherwise skip to step 13 12 Under Network Host Options define the following characteristics a Specify the network or host IP address and the network mask for your filter network in...

Страница 333: ...ouble click the IP Routing Configuration object 4 Double click the IP Unicast Routing object 5 Double click the Routing Policy Configuration object 6 Double click the Building Blocks object 7 Double c...

Страница 334: ...Double click the IP Routing Configuration object 4 Double click the IP Unicast Routing object 5 Double click the Routing Policy Configuration object 6 Double click the Building Blocks object 7 Double...

Страница 335: ...nity identification select the Reserved Community option and specify the community identification in the associated text box 10 Click OK Export Policies An SSR s export routing policies control which...

Страница 336: ...ion Expert if you have not already done so 2 Open the configuration file you want to modify and then double click that file s Routing Configuration object 3 Double click the IP Routing Configuration o...

Страница 337: ...nfigured as described in Export Destination Building Blocks on page 301 9 Specify the export destination type by selecting the BGP RIP or OSPF option under Specify the Type of the Export Destination P...

Страница 338: ...lection of your pre defined export sources 12 Specify the export destination type by selecting the following eight options under Specify the Type of the Export Destination Policy BGP RIP OSPF ASPATH T...

Страница 339: ...he following appears Figure 218 Filter Specification panel 14 Specify whether you wish to use an existing filter or create a new filter for your export policy by selecting the appropriate option Note...

Страница 340: ...following characteristics a Specify the network or host IP address and the network mask for your export policy network in the Network Host Address and Network Mask boxes respectively b If the IP addr...

Страница 341: ...fy an existing export policy 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you want to modify and then double click that file s Routing Configuration objec...

Страница 342: ...dure Note Before you attempt to configure an import policy you must ensure that you have previously configured at least one import source building block as described in Import Source Building Blocks o...

Страница 343: ...red as described in Import Source Building Blocks on page 322 9 Specify the import source type by selecting the BGP RIP or OSPF option under Specify the type of the import policy source Note If you ha...

Страница 344: ...panel 11 Specify whether you wish to use an existing filter or create a new filter for your import policy by selecting the appropriate option Note The Select a filter from predefined filter list optio...

Страница 345: ...following characteristics a Specify the network or host IP address and the network mask for your import policy network in the Network Host Address and Network Mask boxes respectively b If the IP addr...

Страница 346: ...s for one or more import sources To modify an existing import policy 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you want to modify and then double click...

Страница 347: ...sources aggregate destinations and aggregate sources and IP route filters as discussed earlier in this chapter you can configure aggregate routing policies by going through the following procedure Not...

Страница 348: ...gate Generate panel 8 Specify the destination name for your aggregate policy by selecting it from the Destination Name drop down list The available destinations in this drop down list are a collection...

Страница 349: ...te Policy Source panel 10 Specify the source for your aggregate policy by selecting it from the Aggregate Source drop down list The available sources in this drop down list are a collection of any pre...

Страница 350: ...panel 12 Specify whether you wish to use an existing filter or create a new filter for your aggregate policy by selecting the appropriate option Note The Select a filter from predefined filter list op...

Страница 351: ...following characteristics a Specify the network or host IP address and the network mask for your aggregate policy network in the Network Host Address and Network Mask boxes respectively b If the IP ad...

Страница 352: ...more aggregate sources associated to a particular aggregate destination To modify an existing aggregate policy 1 Start Configuration Expert if you have not already done so 2 Open the configuration fi...

Страница 353: ...bute policies is a simple way to configure export policies based primarily on routing protocols Configuring Redistribute Policies To configure a new redistribute policy for the SSR 1 Start Configurati...

Страница 354: ...he source protocol for your redistribute policy by selecting one of the available options from the Source Protocol drop down list You can select from the following seven options static direct aggregat...

Страница 355: ...10 Specify the destination protocol for your redistribute policy by selecting one of the available options from the Destination Protocol drop down list You can select from the following three options...

Страница 356: ...llowing characteristics a Specify the network or host IP address and the network mask for your redistribute policy network in the Network Host Address and Network Mask boxes respectively b If the IP a...

Страница 357: ...e redistribute destination protocol types associated with a particular redistribute source protocol type To modify an existing redistribute policy 1 Start Configuration Expert if you have not already...

Страница 358: ...Configuring Summarize Routes To configure a new Summarize Route for the SSR 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you want to modify and then doubl...

Страница 359: ...by selecting the appropriate option If you selected the IP Network option proceed with the following step If you selected the Default Network option skip to step 10 9 Under Summarized Network specify...

Страница 360: ...ce Protocol panel 12 Specify the source protocol for the summarize network by selecting one of the six available options from the Source Protocol drop down list You can select from the following six o...

Страница 361: ...ropriate option to fulfill your mask matching requirements You can select one of the following four options Ignore Mask of Destination Exact Match with Supplied Mask More Specific than Supplied Mask M...

Страница 362: ...ion for a particular summarize route select the IP address for that route from the list of existing summarize routes and modify the attributes of the route definition by editing the fields of the Summ...

Страница 363: ...CoreWatch User s Manual 363 Chapter 16 Configuring Routing Policies on the SSR 9 Click OK...

Страница 364: ...Chapter 16 Configuring Routing Policies on the SSR 364 CoreWatch User s Manual...

Страница 365: ...us information about the VLAN associated with each port and IP address information of a port Obtaining Chassis Information Obtain chassis information if you want to know which modules are installed in...

Страница 366: ...know which modules are installed in the SSR the slot number of a module or the number of ports on each module To access such information Table 39 Chassis Info table fields Field Description Slot Numbe...

Страница 367: ...the item currently selected in the upper frame For details on using the Table toolbar see Appendix A Working with Tables on page 443 Table 40 Port table fields Field Description Port ID Identifies the...

Страница 368: ...ble similar to the following appears Figure 235 Trap table The following table describes the fields of the Trap table s upper frame For details on using the Table toolbar see Appendix A Working with T...

Страница 369: ...nu choose System State and then choose SmartTRUNK Table A SmartTRUNK table similar to the following appears Figure 236 SmartTRUNK table The following table describes the fields of the SmartTRUNK table...

Страница 370: ...Chapter 17 Checking System Status 370 CoreWatch User s Manual...

Страница 371: ...X traffic of an SSR including details about incoming and outgoing packets and errors related to the IPX data the SSR receives or sends Separate discussions on the different statistics you can obtain f...

Страница 372: ...the options displays You can select up to four of these dials To select more than one dial name in Windows 95 or Windows NT hold down the Ctrl key while making your selections 4 Click the button Core...

Страница 373: ...of Dials CoreWatch automatically adjusts the scales of the System Dashboard dials For example CoreWatch will automatically change the scaling of the Bits Out dial from KBits Sec to 10 KBits Sec whene...

Страница 374: ...the following table 4 Click OK Monitoring Port Utilization CoreWatch lets you obtain a Port Utilization Summary that provides the status of each SSR port and identifies the percentage of traffic bein...

Страница 375: ...CoreWatch toolbar Select the Monitor menu choose Performance and then choose Port Utilization Summary A Port Utilization Summary dialog box similar to the one described in the following figure appears...

Страница 376: ...43 Port Utilization Summary items Item Description Module Identifier Indicates which of the following Ethernet modules are installed in an SSR slot 10 100 TX 100 FX Gigabit LX Gigabit SX Dual Serial Q...

Страница 377: ...hoose Performance choose Port and then choose Packet Statistics Click the port that you want to monitor Then click the right mouse button and choose Packet Statistics from the pop up menu that appears...

Страница 378: ...nce choose Port and then choose Byte Statistics Click the right mouse button and choose Byte Statistics from the pop up menu that appears A Port Byte Statistics graph similar to the following appears...

Страница 379: ...tics You can obtain statistics about the erroneous packets that are sent or received on a port as well as how many of those erroneous packets the SSR discarded To display such information 1 In the Fro...

Страница 380: ...ng of statistics by using the Graph toolbar as discussed in Using the Graph Toolbar on page 389 Table 46 Port Error Statistics graph abbreviations Abbreviation Description InErrs Erroneous packets rec...

Страница 381: ...nd the different IP interface graphs follow Obtaining IP Packet Statistics Obtain IP packet statistics if you want to determine how many IP packets the SSR sent received or forwarded To display such i...

Страница 382: ...l view switch to it by clicking the CoreWatch main window 2 Select the Monitor menu choose Performance choose IP and then choose Reassembly Statistics An IP Reassembly Statistics graph similar to the...

Страница 383: ...lbar on page 389 Table 48 IP Reassembly Statistics graph abbreviations Abbreviation Description ReasmFails Reassembles that failed because of time outs errors or other problems ReasmOKs IP datagrams t...

Страница 384: ...y in the Front Panel view switch to it by clicking the CoreWatch main window 2 Select the Monitor menu choose Performance choose IP and then choose Error Statistics An IP Error Statistics graph simila...

Страница 385: ...SSR discarded because the IP header s destination field included an invalid IP address such as 0 0 0 0 or an IP address of an unsupported class such as Class E InUnkownProt Incoming IP datagrams addr...

Страница 386: ...icking the CoreWatch main window 2 Select the Monitor menu choose Performance choose IPX and then choose Packet Statistics An IPX Packet Statistics graph similar to the following appears By examining...

Страница 387: ...licking the CoreWatch main window 2 Select the Monitor menu choose Performance choose IPX and then choose Error Statistics An IPX Error Statistics graph similar to the following appears By examining t...

Страница 388: ...Table 51 IPX Error Statistics graph abbreviations Abbreviation Description HdrErrors Incoming IPX packets the SSR discarded because those packets had problems in their headers This includes any IPX p...

Страница 389: ...istics graph Use this toolbar to control a graph s appearance and stop or start the gathering of statistics as summarized in the following figure Figure 249 Graph toolbar Magnifies the y axis Displays...

Страница 390: ...Chapter 18 Monitoring Real Time Performance 390 CoreWatch User s Manual...

Страница 391: ...Information about the ports on which STP is enabled Obtaining VLAN Information Obtain VLAN information to display information about which ports and modules are associated with the VLANs configured on...

Страница 392: ...tain STP Port information if you want to examine STP information about the ports on which STP is enabled To access such information do one of the following In the Front Panel view select the Monitor m...

Страница 393: ...me For details on using the Table toolbar see Appendix A Working with Tables on page 443 Table 53 STP Port table fields Field Description Port Number Identifies the port for which the table is providi...

Страница 394: ...the SSR is learning the MAC addresses of packets it receives on the port but is not forwarding those packets Listening signifies the SSR is receiving frames but is not learning them Forwarding signifi...

Страница 395: ...Interface table s upper frame For details on using the Table toolbar see Appendix A Working with Tables on page 443 Table 54 L2 Interface table fields Field Description VLAN Name Displays the name of...

Страница 396: ...Chapter 19 Checking the Status of Bridge Tables 396 CoreWatch User s Manual...

Страница 397: ...and link state advertisements Information about RIP peers Information about DVMRP neighbors routes and hops Details about IGMP caching Checking IP Routing Status CoreWatch can display the following IP...

Страница 398: ...ct An IP Interface table similar to the following appears Figure 253 IP Interface table The following table describes the fields of the IP Interface table s upper frame The Selection Details frame dis...

Страница 399: ...routing problems To access IP forwarding information do one of the following In the Front Panel view select the Monitor menu choose Routing State choose IP State and then choose IP Forwarding Table I...

Страница 400: ...op of this route If the route is bound to an interface that is accessed through a broadcast medium the value of this field is the agent s IP address on that interface Local IP Interface Indicates the...

Страница 401: ...nfigured on the SSR This information identifies each IPX interface provides details about the packets sent from each of those interfaces and indicates which WAN router an interface may use To access s...

Страница 402: ...one of the following broadcast point to point WAN RIP unnumbered RIP dynamic WAN WS or other Dialing Name Indicates the symbolic name IPX uses to reference the dialing information used to create this...

Страница 403: ...ected Uncompressed Rx Indicates how many packets were received without being compressed even though data compression was enabled on the interface Media Type Indicates that the interface is for an Ethe...

Страница 404: ...e 58 IPX Forwarding table fields Field Description IPX Identifier Indicates which instance of IPX the interface is using Network Number Identifies the IPX network number of the destination Protocol In...

Страница 405: ...ts of all routers and networks forms the protocol s topological database Routers use the information included in link state advertisements to update their routing tables The IP address and TOS data th...

Страница 406: ...tion OSPF Interface Address Identifies the interface s IP address OSPF Addressless Interface Contains the interface index for those interfaces that do not have an IP address A value of 0 is used in th...

Страница 407: ...l routes attached to the network Router Dead Interval Indicates how many seconds that a router s Hello packets have not been seen before its neighboring routers declare the router down The value of th...

Страница 408: ...int and NBMA interfaces and setting this field to 0 effectively disables all multicast forwarding Truth Value Indicates whether demand OSPF procedures hello suppression to full neighbors and setting t...

Страница 409: ...pears Figure 258 OSPF Area table The following table describes the fields of the OSPF Area table s upper frame The Selection Details frame displays information about the item currently selected in the...

Страница 410: ...k state database The value in this field does not include link state advertisements of external autonomous systems LSA Checksums Identifies the 32 bit unsigned sum of the link state advertisements lin...

Страница 411: ...is using On addressless links the value of this field will be the address of another of the neighbor s interfaces Addressless Index Displays the corresponding value of the interface index in the Inter...

Страница 412: ...ate DB Table An OSPF Link State DB table similar to the following appears State Indicates the state of the relationship with the neighbor Nbr Events Indicates how many times the neighbor relationship...

Страница 413: ...table fields Field Description Area ID Indicates the 32 bit identifier of the area from which the link state advertisement was received LS DB Type Indicates the link state advertisement s type On the...

Страница 414: ...milar to the following figure appears Sequence Indicates the sequence number of the link state advertisement This field is used to detect old and duplicate link state advertisements The larger the num...

Страница 415: ...Description Area ID Identifies the area the address aggregate is to be found within LS DB Type Indicates the address aggregate s type which specifies the link state database type that the address aggr...

Страница 416: ...running how many packets were discarded on each peer and how many route entries from each peer were ignored Obtaining RIP Interface Information Obtain RIP interface information if you want details ab...

Страница 417: ...d then choose RIP Peer Table Table 64 RIP Interface table fields Field Description Address Identifies the network IP address of the interface Each interface has a unique index that the SSR uses to ide...

Страница 418: ...s Identifies the IP address the peer is using as its source address Domain Includes the value found in the Routing Domain field of the RIP packets the SSR received from the peer RIP 2 does not use thi...

Страница 419: ...is includes details about the SSR s multicast routes such as their sources upstream neighbors and hop counts The next hops of the DVMRP interfaces to which the SSR is sending IP multicast packets Obta...

Страница 420: ...ntifies the interface s IP address Distance Metric Identifies the cost assigned to the interface The cost is a number from 1 to 31 that the SSR system administrator sets This metric is similar to the...

Страница 421: ...ers and the traffic the SSR receives from those neighbors To access such information 1 If you are not in the Front Panel view switch to it by clicking the CoreWatch main window 2 Select the Monitor me...

Страница 422: ...3 Minor Version Indicates the neighboring router s minor DVMRP version number The SSR s minor version number is 255 Capabilities Describes the neighboring router s capabilities These capabilities are...

Страница 423: ...count and an indication of how long ago the SSR learned of the route To access DVMRP routing information 1 If you are not in the Front Panel view switch to it by clicking the CoreWatch main window 2 S...

Страница 424: ...the network address of the source for which the table entry contains multicast routing information This address is combined with a source s network mask to identify that source Source Subnet Mask Indi...

Страница 425: ...the following Information about which interfaces IGMP is enabled on and details about the IGMP configuration of those interfaces Information about the multicast groups of IGMP interfaces This includes...

Страница 426: ...ch information do one of the following In the Front Panel view select the Monitor menu choose Routing State choose IGMP State and then choose IGMP Interface Table In the Schematic view double click th...

Страница 427: ...on of IGMP on that LAN The SSR runs version 2 but can communicate with hosts running version 1 If Querier Identifies the IP address of the IGMP Querier on the IP subnetwork to which the interface is a...

Страница 428: ...eWatch main window 2 Select the Monitor menu choose Routing State choose IGMP State and then choose IGMP Cache Table An IGMP Cache table similar to the following appears Figure 269 IGMP Cache table Jo...

Страница 429: ...SSR is never a member of a group Member Since Indicates how long ago the SSR joined the multicast group address A 0 signifies that the SSR is not a member of the group Last Reported Member Identifies...

Страница 430: ...Chapter 20 Checking the Status of Routing Tables 430 CoreWatch User s Manual...

Страница 431: ...ther than being sent to the Control Module for further processing Obtaining Layer 2 Priority Information Obtain Layer 2 priority information if you want to examine the QoS priorities of Layer 2 flows...

Страница 432: ...s table index Name Identifies the name of the flow Dest MAC Address Identifies the Layer 2 destination s MAC address Source MAC Address Identifies the Layer 2 source s MAC address VLAN ID Identifies t...

Страница 433: ...ds for which that priority applies To access such information 1 If you are not currently in the Front Panel view switch to it by clicking the CoreWatch main window 2 Select the Monitor menu choose QoS...

Страница 434: ...priority in the flow When configuring the SSR the network administrator can set this field to any for packets with the protocol set to TCP or UDP if the other fields match Source Address Indicates th...

Страница 435: ...lick the Layer 2 Switching function An L2 Forward table similar to the following appears Figure 272 L2 Forward table The following table describes the fields of the L2 Forward table s upper frame The...

Страница 436: ...choose L3 L4 Flows In the Schematic view double click either the Layer 3 4 Switching function or the Flows object The Flow Table Filter dialog box appears VLAN ID Identifies the VLAN that is combined...

Страница 437: ...box blank This is the default for each item To include an item but limit its contents enter the desired value in the appropriate box 3 Do one of the following Leave the And button selected if you wan...

Страница 438: ...ceived data for the flow Protocol Indicates the transport layer protocol of the flow such as TCP or UDP Source Address Indicates the network layer address of the source that originally sent the packet...

Страница 439: ...s that include boot log information or data from multiple CoreWatch tables This chapter also discusses saving a single table as a report You can view a CoreWatch report in your Web browser either imme...

Страница 440: ...to look at the report later and do not want to examine it immediately after CoreWatch generates it clear the Open report in browser option 4 Click the Save As button The Save As dialog box appears 5 E...

Страница 441: ...on the Table toolbar The Save As dialog box appears 3 Enter a name for the report in the File Name box If necessary browse to the folder in which you want to save the report then click the Open button...

Страница 442: ...Chapter 22 Obtaining Reports 442 CoreWatch User s Manual...

Страница 443: ...t Export table information to a file Sort data Most of these tasks you perform using the Table toolbar Separate discussions on these tasks finding text in a table and sorting data follow Finding Text...

Страница 444: ...e a field only if it has a specific value enter the desired value in the field s text box Leave the field s check box blank Suppose the table includes a Port field and you enter 2 in that field The ta...

Страница 445: ...eWatch can display at the same time click the Next Rows button on the Table toolbar To obtain the previous set of records CoreWatch displayed at the same time click the Previous Rows button on the Tab...

Страница 446: ...CoreWatch table to another application such as Lotus 1 2 3 or Microsoft Excel save it to an ASCII text file To do so take the following steps 1 Open the table that contains the information you want to...

Страница 447: ...h main window Use the commands available on these menus to perform tasks in CoreWatch File Monitor Window Help File Menu The CoreWatch File menu includes the commands described in the following table...

Страница 448: ...mal settings Changing some of these properties may affect system performance SSR name or IP address Opens the CoreWatch main window for the SSR represented by the name or IP address you select Exit Cl...

Страница 449: ...ncoming and outgoing bytes Error Statistics Displays the graph that lets you monitor erroneous packets on a port This graph also indicates how many packets the SSR discarded although no errors had bee...

Страница 450: ...umber of ports on each module Port Table Displays information about which modules are installed in the SSR the slot number of each module or the number of ports on each module Trap Table Displays info...

Страница 451: ...se interfaces may use IPX Forwarding Table Displays information about the routes used by the IPX interfaces on an SSR OSPF State OSPF Interface Table Displays information about the routes status authe...

Страница 452: ...tries of valid DVMRP packets the SSR ignored DVMRP Neighbor Table Displays information about an SSR s DVMRP neighboring routers DVMRP Route Table Displays information about the multicast routes DVMRP...

Страница 453: ...ate submenu commands Continued Submenu Command Description Table 82 QoS State submenu commands Command Description L2 QoS Displays information about the QoS policies of an SSR L3 L4 QoS Displays infor...

Страница 454: ...dows in columns so that you can view them all at the same time Cascade Arranges all open windows one in front of another The title bar of each window remains visible which can help you identify which...

Страница 455: ...w to contact Cabletron Systems technical support Send Feedback Displays a form that you may use to let Cabletron Systems know what you think about its products You can complete and send this form onli...

Страница 456: ...Appendix B CoreWatch Menus 456 CoreWatch User s Manual...

Страница 457: ...ter entries in the table based on the specified regular expression CoreWatch supports the following Perl5 regular expressions Alternatives separated by The quantified atoms described in the following...

Страница 458: ...table Any other backslashed character matches itself Table 86 Supported special backslashed characters Character Description b Null token that matches a word boundary w on one side and W on the other...

Страница 459: ...following table cD Matches the corresponding control character nn or nnn Octal representation of character unless a back reference 1 2 3 and so on A back reference which matches whatever the first sec...

Страница 460: ...s CoreWatch then matches a word followed by white space without including white space in the resulting match regexp A zero width negative lookahead assertion Suppose you enter port 7 matches any occu...

Страница 461: ...cellaneous error messages Missing or Invalid Field Error Messages The following error messages are generated when configuring new objects or modifying existing objects through configuration wizards or...

Страница 462: ...ecify a valid Destination Mask as a IP subnet mask example 255 255 255 0 to continue Destination name is missing or invalid Specify a valid Destination name to continue Export Destination is missing o...

Страница 463: ...to continue Learned from Autonomous System field is missing or invalid Specify a valid value for the Learned from Autonomous System to continue Local Address and Remote Address fields are missing or...

Страница 464: ...field is missing or invalid Specify a valid Source Mask as a IP subnet mask example 255 255 255 0 to continue Source Tag is missing or invalid Specify a valid Source Tag value to continue Source name...

Страница 465: ...work Address error in the selected filter Specify a unique Network Address to continue Duplicate RIP Source Gateway IP address error Specify an unused RIP Source Gateway IP address to continue Duplica...

Страница 466: ...inue This IP Address is already in use Specify a different IP Address to continue This Network Address has already been used Specify another Network Address to continue This IP Interface Name already...

Страница 467: ...is not currently available you may finish creating the interface and then apply the ACL later No IPX ACL available This configuration requires IPX ACLs which are not available Solution Create one or m...

Страница 468: ...e SSR Solution Specify whether you want to terminate the other user s session by clicking either the Yes or No button If you click No the other user s session will not be terminated and Configuration...

Страница 469: ...a writable file or directory Configure Password is invalid Indicates that the wrong Privileged password was entered when you tried to start Configuration Expert Solution Start Configuration Expert ag...

Страница 470: ...No IPX ACL available for this configuration Create IPX ACLs first and then retry this operation During creation of IPX interfaces you may optionally bind IPX ACLs An attempt was made to bind an IPX A...

Страница 471: ...ext boxes Request denied by switch Indicates that the SSR denied a connection when you tried to log in Solution Try logging in again If that attempt fails contact the administrator responsible for the...

Страница 472: ...for more information The selected object could be referenced by other configuration objects and requires you to first delete all the references before attempting to delete the object to ensure consist...

Страница 473: ...route can be advertised Aggregation reduces the amount of information that the routers must store and exchange Area A set of networks grouped together but located in the same autonomous system Settin...

Страница 474: ...Router OSPF router that will take over the functions of the designated router if that one fails The backup designated router establishes adjacencies to all other routers Boot Log File containing the m...

Страница 475: ...figure multicast routing Set QoS policies Set ACLs and security filters Configure multiple configuration files on the SSR Designated Bridge Bridge responsible for forwarding frames to the LAN segment...

Страница 476: ...t protocol is started on a router Hello Packets Packets sent to acquire neighbors which are routers on the same network as the router sending the packet Hop Count Routing metric that measures the dist...

Страница 477: ...ot guarantee delivery of those packets TCP is responsible for guaranteeing delivery Internet Service Provider ISP Company that provides access to the Internet Leaf Interface for which no downstream de...

Страница 478: ...is sent to this single IP address rather than being sent to each host s individual IP address These addresses are in the range of 224 0 0 0 to 239 255 255 255 Multicast Packets Individual packets sent...

Страница 479: ...ilization Summary to identify the traffic patterns of SSR ports This summary indicates the percentage of traffic that is being transmitted and received on each port For a detailed description of an ex...

Страница 480: ...the lowest metric as the best route The metric is a hop count representing the number of gateways through which data must pass in order to reach its destination The longest path that RIP accepts is 1...

Страница 481: ...This delivery time is usually one second on Ethernet LANs Transmission Control Protocol TCP The Internet transport layer protocol that provides reliable communication over packet switched networks Tr...

Страница 482: ...y starting Configuration Expert from within CoreWatch You will be prompted for the Privileged password User Datagram Protocol UDP Connectionless protocol in the TCP IP protocol stack It performs the s...

Страница 483: ...ling on ports 72 74 enabling on ports 74 76 of SSR bridging 70 76 overriding default 71 72 applying ACLs 114 119 165 170 224 228 flows to interfaces 204 area aggregate information OSPF 414 415 area in...

Страница 484: ...IGMP Interface Table 453 IP Forwarding Table 451 IP Interface Table 451 IPX Forwarding Table 451 IPX Interface Table 451 L2 Flows 453 L2 Interface Table 450 L2 QoS 453 L3 L4 Flows 453 L3 L4 QoS 453 Op...

Страница 485: ...asics 27 36 commands 447 455 exiting 36 features 21 22 installing in Solaris 25 26 in Windows 26 interface 29 33 linking with HP OpenView 29 linking with SPECTRUM Enterprise Manager 28 menus 447 455 o...

Страница 486: ...ging Timeout 71 Set STP Port Specific Settings 79 SNMP Community Strings 62 SNMP Trap Target 61 Static Export Source 320 STP Global Settings 77 System Configuration DNS 59 System ID 50 System Log 58 T...

Страница 487: ...nnels 153 IGMP on interfaces 156 158 ports 56 RIP 140 error messages 461 472 Error Statistics command 449 error statistics obtaining 379 384 387 establishing community strings 62 63 SSR queuing policy...

Страница 488: ...finition dialog box 157 IGMP Interface table 426 IGMP Interface Table command 453 IGMP interfaces obtaining information 426 428 IGMP State submenu 453 implicit deny rule 115 225 installing CoreWatch i...

Страница 489: ...220 setting security 217 220 IPX SAP ACLs 221 224 configuring static entries 175 177 setting security 221 224 IPX Security wizard 212 224 IPX State submenu 451 IPX submenu 449 L L2 Flow Priority Defin...

Страница 490: ...5 Layer 2 priority information 431 Layer 2 switching information 435 436 Layer 3 4 flow priority information 433 434 Layer 3 4 switching information 436 438 OSPF area aggregate information 414 415 OSP...

Страница 491: ...5 99 103 105 address based 68 70 blocking access 238 241 bound to IP interfaces 110 116 bound to IPX interfaces 161 167 bridging mode 66 68 configuring global settings 52 54 individual 54 57 cost 78 d...

Страница 492: ...irements browser 22 CoreWatch 22 CPU 22 hardware 22 restoring filtered data 445 retrieving configuration files 47 RIP configuring 139 145 defining interfaces 141 144 disabling 140 enabling 140 filters...

Страница 493: ...ing for 60 63 setting up trap targets 60 61 SNMP Community Strings dialog box 62 SNMP Trap Target dialog box 61 Solaris CoreWatch requirements 22 installing CoreWatch 25 26 starting Configuration Expe...

Страница 494: ...Chassis Info 365 controlling contents 444 457 460 DVMRP Interface 419 DVMRP Neighbor 421 DVMRP Next Hop 424 DVMRP Routing 423 exporting data 446 finding text 443 Flow 437 Flow Priority 433 IGMP Cache...

Страница 495: ...ormation 391 overview 87 port based creating 96 100 description 88 modifying 101 protocol based creating 91 96 description 88 modifying 102 removing ports 96 100 105 replacing 103 VRP wizard 126 VRRP...

Отзывы:

Нет отзывов

Похожие инструкции для CoreWatch

Cabletron Systems SmartSwitch 1800 User Manual preview
SmartSwitch 1800
Бренд: Cabletron Systems Страницы: 48
Yamaha MOTIF RACK ES Supplementary Manual preview
MOTIF RACK ES
Бренд: Yamaha Страницы: 37
MACROMEDIA COLFUSION MX 7 - INSTALLING AND USING COLDFUSION... Using Manual preview
COLFUSION MX 7 - INSTALLING AND USING COLDFUSION...
Бренд: MACROMEDIA Страницы: 72
Native Instruments Scarbee Mark 1 User Manual preview
Scarbee Mark 1
Бренд: Native Instruments Страницы: 14
TANDBERG Codian Remote Management API Reference Manual preview
Codian Remote Management API
Бренд: TANDBERG Страницы: 66
VMware VCENTER CHARGEBACK 1.5 - API Manual preview
VCENTER CHARGEBACK 1.5 - API
Бренд: VMware Страницы: 150
McAfee VIRUSSCAN HOME EDITION 7.0 Manual preview
VIRUSSCAN HOME EDITION 7.0
Бренд: McAfee Страницы: 56
Cabletron Systems SmartCell ZX Administrator Installation Manual preview
SmartCell ZX Administrator
Бренд: Cabletron Systems Страницы: 34
Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0 Configuration Manual preview
CLUSTER FOR ENTERPRISE LINUX 5.0
Бренд: Red Hat Страницы: 114
Red Hat NETWORK 4.1.0 - Manual preview
NETWORK 4.1.0 -
Бренд: Red Hat Страницы: 40
GRASS VALLEY EDIUS SP Datasheet preview
EDIUS SP
Бренд: GRASS VALLEY Страницы: 4
MACROMEDIA FREEHAND MX 11 Use Manual preview
FREEHAND MX 11
Бренд: MACROMEDIA Страницы: 412
Novell EDIRECTORY 8.8 SP1 Installation Manual preview
EDIRECTORY 8.8 SP1
Бренд: Novell Страницы: 150
McAfee HISCDE-AB-IA - Host Intrusion Prevention Product Manual preview
HISCDE-AB-IA - Host Intrusion Prevention
Бренд: McAfee Страницы: 154
Paradyne 8995 Installation And User Manual preview
8995
Бренд: Paradyne Страницы: 24
Xerox FREEFLOW 701P25032 System Manual preview
FREEFLOW 701P25032
Бренд: Xerox Страницы: 112
GameShark Media Manager for PSP Instruction Manual preview
Media Manager for PSP
Бренд: GameShark Страницы: 15
Handmark WordSmith 2.2 User Manual preview
WordSmith 2.2
Бренд: Handmark Страницы: 70

Бренды по названию

Популярные бренды

Загрузить еще бренды