Cabletron Systems SSR-ATM29-02 Скачать руководство пользователя страница 212 | Manualshive

Страница: 212 / 386

Cabletron Systems SSR-ATM29-02 Скачать руководство пользователя страница 212

Chapter 13: Configuring Security on the SSR

212

CoreWatch Users Guide

11. Do one of the following:

–

If you have defined all of the rules for the ACL, click Finish.

–

If you want to define additional rules, select the Add More Rules check box and click
Next

.

12. If you selected the Add More Rules check box, define another rule in the IPX SAP ACL

Rule panel that appears. To do so repeat

step 10

and

step 11

until you define all the

desired rules for the ACL.

After you finish defining all of an ACL’s rules, Configuration Expert adds the ACL to the
IPX SAP ACLs object. Configuration Expert also adds a separate object for each rule and
places this list of rules in the ACL object.

The rule numbers displayed in an ACL’s list of rules, are automatically assigned by
Configuration Expert. A rule’s number is included in the Rule # box of the IPX ACL Rule
panel when you are defining that rule.

Applying ACLs to IP or IPX Interfaces

Defining an ACL specifies what sort of traffic to permit or deny. However, an ACL has no
effect unless it is applied to an interface. An ACL can be applied to examine either
inbound or outbound traffic. Inbound traffic is traffic coming into the router. Outbound
traffic is traffic that is going out of the router. When you apply an ACL to an interface, you
implicitly enable access control on that interface.

In general, you should try to apply ACLs at the inbound interfaces instead of the
outbound interfaces. If a packet is to be denied, you want to drop the packet as early as
possible, at the inbound interface. Otherwise, the router will have to process the packet,
determine where the packet should go only to find out that the packet should be dropped
at the outbound interface. In some cases, however, it may not be simple or possible for the

Service Type

Enter the SAP service type.

You may enter the service type as hexadecimal or select one
of the choices from the Service Type drop-down list. You do
not need to use a “0x” prefix. You can enter ANY to specify a
wildcard (“don’t care”) condition.

Network Address

Enter the SAP server’s network address You can enter ANY
to specify a wildcard (“don’t care”) condition.

Node (MAC) Address

Enter the SAP server’s MAC address. You can enter ANY to
specify a wildcard (“don’t care”) condition.

Table 28. IPX SAP ACL Rule Criteria Fields (Continued)

Field

Description

«
...
210
211
212
213
214
...
»

Содержание SSR-ATM29-02

Страница 1: ...CoreWatch User s Guide 9032564...

Страница 2: ......

Страница 3: ...DAMAGES WHATSOEVER INCLUDING BUT NOT LIMITED TO LOST PROFITS ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT EVEN IF CABLETRON SYSTEMS HAS BEEN ADVISED OF KNOWN OR SHOULD...

Страница 4: ...in which case the user will be required to correct the interference at his own expense WARNING Changes or modifications made to this device which are not expressly approved by the party responsible fo...

Страница 5: ...ype Environment Networking Equipment for use in a Commercial or Light Industrial Environment We the undersigned hereby declare under our sole responsibility that the equipment packaged with this notic...

Страница 6: ...Notice vi...

Страница 7: ...alling on a Windows NT or Windows 95 System 24 Chapter 3 Learning CoreWatch Basics 25 Starting CoreWatch 25 Starting CoreWatch in Solaris 26 Starting CoreWatch in Windows NT or Windows 95 26 Starting...

Страница 8: ...uration Expert 48 Chapter 5 Changing System Settings 49 Providing System Information 49 Configuring Ports 50 Configuring Global Settings on All Ports 51 Configuring an Individual Port 52 Configuring t...

Страница 9: ...ifying IP Interface Definitions 115 What to Do Next 118 Chapter 9 Configuring Unicast Routing on the SSR 119 Configuring Unicast Global Parameters and Static Entries 119 Setting Global Parameters for...

Страница 10: ...er 2 Flow Definition 189 Changing an IP or IPX Flow s Interface List 190 Adding or Deleting a Flow s Interfaces through a Dialog Box 191 Dragging an Interface to Apply a Flow to the Interface 192 Chan...

Страница 11: ...Statistics 272 Monitoring IPX Interface Statistics 273 Obtaining IPX Packet Statistics 274 Obtaining IPX Error Statistics 275 Using the Graph Toolbar 277 Chapter 17 Checking the Status of Bridge Tabl...

Страница 12: ...Information 325 Chapter 21 Obtaining Reports 327 Saving Multiple Tables or the Boot Log as a Report 327 Saving a Single Table as a Report 329 Appendix A Working with Tables 331 Finding Text in a Tabl...

Страница 13: ...x E Error Messages 351 Missing or Invalid Field Error Messages 351 Duplicate Objects Error Messages 355 Already Exists or in Use Error Messages 355 Unavailable Objects Error Messages 356 Miscellaneous...

Страница 14: ...Contents 14 CoreWatch User s Guide...

Страница 15: ...ow to Use This Guide If You Want To See Get an overview of CoreWatch Chapter 1 on page 19 Start CoreWatch or familiarize yourself with other basic tasks and the CoreWatch interface Chapter 3 on page 2...

Страница 16: ...at contain bridge information and data about the SSR s VLANs Chapter 17 on page 279 Display tables that contain information about the routing protocols you are using on the SSR Chapter 18 on page 283...

Страница 17: ...atures and the procedures for installing the SSR and setting it up for management using CoreWatch software SmartSwitch Router Getting Started Guide How to use Command Line Interface CLI commands to co...

Страница 18: ...Preface 18 CoreWatch User s Guide...

Страница 19: ...sks such as configuring routers virtual local area networks VLANs application level Quality of Service QoS policies and security filters simple and easy You can run CoreWatch in the Solaris Windows NT...

Страница 20: ...system requirements depend upon your operating system The table identifies which browser to use with each operating system and gives the minimum hardware requirements for each environment CoreWatch C...

Страница 21: ...form of graphs or dials A Look at the Modes of CoreWatch CoreWatch can run in the following modes User which is the mode CoreWatch automatically begins operating in after you log in to CoreWatch Use t...

Страница 22: ...able MIB RFC 2096 Experimental Enterprise MIBs DOT1Q VLAN MIB draft jeya vlan 8021q mib 00 txt IGMP draft ietf idmr igmp mib 05 txt DVMRP draft thaler dvmrp mib 04 txt NOVELL RIP SAP MIB NOVELL IPX MI...

Страница 23: ...on a Solaris System To install CoreWatch from a CD onto a Solaris 2 5 1 or 2 6 system 1 If you plan to integrate CoreWatch with HP OpenView be sure the HP OpenView daemon is running For details see y...

Страница 24: ...reement click Yes to accept it 5 Enter your name and your company s name in the appropriate text boxes Then click Next 6 Specify the folder in which you want to install the software and click Next You...

Страница 25: ...Installation on page 23 Starting CoreWatch The method you use to start CoreWatch depends on whether you installed it in the Solaris or Windows environment If you choose to integrate CoreWatch with SPE...

Страница 26: ...ppears Note If you installed the program in a startup folder other than Programs Cabletron CoreWatch select that folder from the Start menu and then select CoreWatch 2 Type the name or IP address and...

Страница 27: ...laris and Windows NT environments If HP OpenView is integrated with CoreWatch you may use HP OpenView to start CoreWatch and recognize your SSRs HP OpenView is automatically integrated with CoreWatch...

Страница 28: ...evious figure includes the abbreviations described in the following table Table 2 Legend Abbreviations Abbreviation Description PS1 Identifies the location of the SSR s main power supply PS2 Identifie...

Страница 29: ...the port is online Figure 3 Ethernet 10 100BASE TX Port Each port on a Gigabit module 1000BASE SX or 1000BASE LX is represented by an object similar to the following figure The bottom LED of a port i...

Страница 30: ...tes which functions are active inactive or in error The information in the Schematic view is updated every 30 seconds The legend that appears at the bottom of the Schematic view indicates the scheme u...

Страница 31: ...ption of each menu command see the CoreWatch Menus appendix of this guide CoreWatch Toolbar The CoreWatch toolbar is a set of buttons located at the top of the CoreWatch window Clicking buttons in thi...

Страница 32: ...ch in Configure mode 3 After the Change Login Password form appears enter your current Login password in the Old Password text box 4 Enter your new password in the New Password and Re enter New Passwo...

Страница 33: ...sary Opens the online help glossary for CoreWatch Release Note Displays the release note s for your version of CoreWatch Cabletron Web Site submenu Product News Displays information about Cabletron Sy...

Страница 34: ...er 3 Learning CoreWatch Basics 34 CoreWatch User s Guide Exiting CoreWatch To exit CoreWatch select the File menu and choose Exit CoreWatch prompts you to verify that you want to exit Click the Quit b...

Страница 35: ...ferent configuration files Configuration Expert uses explains the purpose of Configuration Expert s wizards and dialog boxes discusses copying and deleting objects explains how to save your changes di...

Страница 36: ...ion Expert from either the Front Panel view or the Schematic view Separate discussions on starting Configuration Expert from the different views follow Opening Configuration Expert from the Front Pane...

Страница 37: ...he Schematic view functions and data objects from which you can open Configuration Expert Table 4 Configuration Commands in CoreWatch Schematic View Schematic View Command ACLs Data Object Configure S...

Страница 38: ...t the Configuration Expert Window When you start Configuration Expert a window similar to the following appears Figure 7 Configuration Expert Window STP Bridging Function Configure STP Transparent Bri...

Страница 39: ...onfiguration Tree The configuration tree is a graphical representation of the SSR s configuration The configuration tree includes the configuration files discussed in Configuration Files on page 41 Wh...

Страница 40: ...s minus sign Figure 9 Expanded Configuration Tree While configuring the SSR you can continue double clicking subtree objects until you are able to select the object you want to add edit or delete Afte...

Страница 41: ...to establish traffic priority for an accounting department You could create one Custom Configuration file for the handling of traffic at the end of a month and create another Custom Configuration fil...

Страница 42: ...s and Their Descriptions Icon Description Represents a configuration file or configurable object such as an interface VLAN QoS policy ACL and so on Double clicking an object s folder icon displays the...

Страница 43: ...ly their configuration settings elsewhere to quickly configure ports ACLs and QoS profiles as well as easily setup and administer VLANs The following table lists the objects from which you can copy co...

Страница 44: ...e configuration tree until you locate the object to which you want to apply the configuration settings of the copied object For details on the objects to which you can apply configuration settings see...

Страница 45: ...re dragging an object A green check mark appears whenever the cursor is on an object to which the configuration settings can be applied 4 Release the mouse button to apply the configuration settings t...

Страница 46: ...ng the SSR in an IPX environment configure IPX interfaces as discussed in Chapter 11 Configuring the SSR for IPX Routes on page 147 6 If you want to control traffic on the SSR configure the SSR s QoS...

Страница 47: ...options listed in the To Configuration list box 3 Click OK If you want to Select Apply your changes to the current SSR session The changes will not remain in effect if you restart the SSR Active Make...

Страница 48: ...ant to save your changes Specify a filename and then click OK Discarding Your Configuration Settings If you make changes to a configuration file and then decide you want to discard all of those change...

Страница 49: ...ystem messages to a SYSLOG server Configuring the SSR for Domain Naming System DNS servers Setting up targets for SNMP traps and establishing SNMP community strings for those traps Providing System In...

Страница 50: ...gure the following characteristics Operating mode half duplex or full duplex In half duplex mode a port can transmit data in only one direction at a time between two stations In full duplex mode a por...

Страница 51: ...s on configuring default settings for all ports and configuring an individual port follow Configuring Global Settings on All Ports To configure global settings on all of the SSR s ports 1 Start Config...

Страница 52: ...n operating mode or speed the setting disables autodetection for that parameter on the port For example if you set the speed of a segment to 10 Mbps that segment no longer uses autodetection for the p...

Страница 53: ...Active Configuration file go to step step 6 2 Open the configuration file you want to modify and then double click that file s System Configuration object 3 Double click the Chassis Configuration obj...

Страница 54: ...Changing System Settings 54 CoreWatch User s Guide The module s port list appears The number of ports in the list depends on the module type Figure 16 Sample Port List 5 Select the port you want to c...

Страница 55: ...rating mode and speed of the network segment to which the port is connected select the Autodetect Port Duplex Mode and Speed check box Otherwise clear the check box to disable autodetection on the por...

Страница 56: ...t change the hash mode unless advised to do so by Cabletron Technical Support 9 Click OK Configuring the SSR for a SYSLOG Server You can configure the SSR to send system messages to a SYSLOG server To...

Страница 57: ...Select the level of messages you want the SSR to log You may select one of the levels described in the following table 6 Click OK Table 7 SYSLOG Error Message Levels Level Description Fatal Logs only...

Страница 58: ...DNS servers you want the SSR to use You can do so by sending a ping packet to those servers 2 Start Configuration Expert if you have not already done so 3 Open the configuration file you want to modif...

Страница 59: ...IP networks You configure the SSR for SNMP by performing the following tasks Setting up targets for SNMP traps A target is a management station to which the SSR sends SNMP traps which are messages tha...

Страница 60: ...An SNMP Trap Target dialog box similar to the following appears Figure 20 SNMP Trap Target Dialog Box 8 Enter the IP address of the management station from which you want to be able to access the tra...

Страница 61: ...file you want to modify and then double click that file s System Configuration object 3 Double click the SNMP Configuration object Configuration Expert displays the SNMP Trap Target and SNMP Community...

Страница 62: ...ing one of the options described in the following table 8 Click OK Table 8 Level of Access Options Option Description Read only Allows SNMP GETs but not SNMP SETs on the SNMP management stations that...

Страница 63: ...gether different segments of an Ethernet network In transparent bridging the SSR operates as a learning bridge As such it monitors traffic on subnetworks to learn about destination locations down brid...

Страница 64: ...configured for address based bridging the default each Layer 2 table entry contains a unique destination MAC address and VLAN ID Suppose that a port on the SSR is connected to a hub that is connected...

Страница 65: ...ck that file s Bridging Configuration object 3 Double click the Bridging Mode object A Bridging Mode dialog box similar to the following appears Figure 22 Bridging Mode Dialog Box Flow Based Bridging...

Страница 66: ...pert adds the port to those found in the Flow Mode Bridging object which is located in the Bridging Mode object Configuring a Port for Address Based Bridging Ports are configured to use address based...

Страница 67: ...the port you want to configure is located Configuration Expert displays the module s ports that are currently using flow based bridging From the list of ports that appears select the port that you wa...

Страница 68: ...e by default The SSR uses the aging timeout to determine how long to keep learned MAC addresses Aging is a regulation mechanism the SSR uses to clean up MAC address entries that have not been used for...

Страница 69: ...e 68 you can set an aging timeout for learned MAC address entries that ports use by default You may override this default timeout if you want a port to use a different timeout interval To override the...

Страница 70: ...pecify from 15 to 1 000 000 seconds The default is 300 seconds 8 Click OK Disabling Aging on a Port Disable aging on a port if you do not want the SSR to age MAC address entries in the port s Layer 2...

Страница 71: ...e dialog box similar to the following appears Figure 26 Bridge Aging State Dialog Box 5 In the Aging State Enabled list double click the module on which the port you want to disable is located Configu...

Страница 72: ...h is located in the Aging State object Enabling Aging on a Port The SSR removes aged MAC address entries from a port s Layer 2 lookup table if aging is enabled on that port Aging is enabled on all por...

Страница 73: ...is located Configuration Expert displays the module s ports on which aging is disabled From the list of ports that appears select the port on which you want to enable aging Note Clicking a module in t...

Страница 74: ...information with other bridges 1 Select a root bridge 2 Calculate the shortest path from itself to the root bridge 3 Select a designated bridge A designated bridge is the bridge responsible for forwar...

Страница 75: ...elect the Global STP Settings object An STP Global Settings dialog box similar to the following appears Figure 28 STP Global Settings Dialog Box 5 In the Bridging Priority box enter the STP bridging p...

Страница 76: ...port to use if a bridge has two ports connected in a loop Port cost This attribute specifies how much a port contributes to the total cost of the path to the root bridge when the port is the root A po...

Страница 77: ...a number from 1 to 65535 The default depends on the port speed 1 for Gigabit 100 Mbps ports 10 for 100 Mbps ports and 100 for 10 Mbps ports 9 In the Priority box enter the priority you want to assign...

Страница 78: ...P dialog box similar to the following appears Figure 30 Bridging STP Dialog Box Enabling STP 5 In the STP Disabled Ports list double click the module containing the port you want to configure Configur...

Страница 79: ...onfiguration Expert adds the port to those found in the STP Enabled Ports object which is located in the STP Port State object Disabling STP on a Port Disable STP on a port if the port does not need t...

Страница 80: ...ote Clicking a module in the STP Enabled Ports list rather than double clicking it selects all of the module s ports on which STP is currently enabled Use this method if you want to disable STP on all...

Страница 81: ...N boundaries unless it passes through routers Once connected by routers VLANs are equivalent to subnets VLANs are created by grouping a set of bridged ports together as part of one bridged network Bro...

Страница 82: ...ffic is always sent out with 802 1Q frame format VLAN Configuration Tips The following list includes tips that you should keep in mind while configuring VLANs on an SSR as discussed later in this chap...

Страница 83: ...seful for connecting SSRs together and for sending traffic of multiple VLANs on a single network segment connecting the routers Suppose you have two VLANs subnetworks of IP users on separate SSRs and...

Страница 84: ...t by double clicking that port s module in the Trunk Ports list From the list of trunk ports that appears select the port that you want to define as an access port Then click the Remove button After y...

Страница 85: ...selects all of the module s ports in that list box This is a quick way to select all of module s ports when you are defining those ports as all the same type 6 Click OK Configuration Expert adds the a...

Страница 86: ...hen double click that file s Bridging Configuration object 3 Double click the VLAN Configuration object 4 Click the Configure New VLAN object Configuration Expert opens the VLAN wizard Figure 33 VLAN...

Страница 87: ...long You cannot begin a VLAN name with an underscore _ or the prefix SYS_ b In the VLAN ID box enter an ID number from 2 to 4093 for the VLAN The ID you enter must be unique for the VLAN If you are cr...

Страница 88: ...the information you enter to define a protocol based VLAN Figure 35 VLAN Definition Panel Protocol Based 8 Click Next A wizard panel similar to the following appears Table 10 VLAN Traffic Types Option...

Страница 89: ...rotocol Based 9 Add a port to the VLAN by doing the following a In the Available Port list double click the module on which the port you want to add is located From the list of available ports that ap...

Страница 90: ...box This is a quick way to select all of a module s ports if you want to add or remove them all at the same time 11 Click Finish Configuration Expert adds the new VLAN to the VLANs found in the Proto...

Страница 91: ...uring VLANs on the SSR Figure 38 VLAN Wizard Port Based 5 Click Next Configuration Expert prompts you to specify which type of VLAN you want to configure Figure 39 VLAN Type Panel Port Based 6 Select...

Страница 92: ...n the VLAN ID box enter an ID number from 2 to 4093 for the VLAN The ID you enter must be unique for the VLAN If you are creating a VLAN that will be used on two SSRs and you want to connect those SSR...

Страница 93: ...panel similar to the following appears Figure 41 Update Port List Panel Port Based 9 Add a port to the VLAN by doing the following a In the Available Port list double click the module on which the po...

Страница 94: ...t you do not want in the VLAN Then click the Remove button 10 Continue selecting ports and clicking the Add button until you have added all the ports you want the VLAN to include Clicking a module rat...

Страница 95: ...Expert automatically expands the Active Configuration file s tree to the VLAN Configuration object If you are adding a VLAN to the Active Configuration file go to step 3 2 Open the configuration file...

Страница 96: ...object If you are adding a VLAN to the Active Configuration file go to step 3 2 Open the configuration file you want to modify and then double click that file s Bridging Configuration object 3 Double...

Страница 97: ...e Configuration object and then double click the IPX interfaces bound to VLAN object Configuration Expert displays a list of IPX interfaces bound to VLANs 4 Double click the Bridging Configuration obj...

Страница 98: ...iguration tree until the ports you want to copy appear You can copy ports from any port list such as those found in the Chassis Configuration STP Enabled STP Disabled Access Ports or Trunk Ports objec...

Страница 99: ...45 Bound Port List Dialog Box 6 Add and remove ports from the VLAN as necessary To add a port double click that port s module in the Available Port list From the list of ports that appears select the...

Страница 100: ...ing a module rather than double clicking it in a list box selects all of the module s ports in that list box This is a quick way to select all of a module s ports if you want to add or remove them all...

Страница 101: ...packet delivery service IP does not provide a dedicated link between computers Instead IP provides dynamic routing by using best effort delivery to route packets through any number of paths in the ne...

Страница 102: ...dress Each post office along the way checks the ultimate destination and determines the next hop the next post office When the letter gets to the post office that is serving the address on the envelop...

Страница 103: ...he following table describes the classes used for unicast and multicast IP addresses As the table shows you can determine which class an address belongs to by examining the decimal value of the first...

Страница 104: ...t interfaces bound to a VLAN remain up as long as at least one port in that VLAN remains active The following table summarizes this The procedure for creating an IP interface depends on whether you ar...

Страница 105: ...105 Chapter 8 Configuring IP Interfaces for the SSR Figure 46 IP Interface Wizard Single Port 5 Click Next An IP Interface Definition panel similar to the following appears Figure 47 Interface Defini...

Страница 106: ...etween the SSR and a message s final destination Otherwise transmission speed slows down because the packets have to be fragmented 8 Set the output MAC encapsulation you want associated with the inter...

Страница 107: ...IP Interfaces for the SSR Figure 49 Bind to VLAN or Port Panel Single Port 11 Click Next Configuration Expert displays a Bound Port List panel Figure 50 Bound Port List Panel Single Port 12 Bind the i...

Страница 108: ...VLAN 13 Click Next The Apply ACLs panel appears Figure 51 Apply ACLs Panel Single Port 14 Specify whether you want to apply an ACL to the interface by doing one of the following To not apply an ACL se...

Страница 109: ...tiple ACLs that use different rules but have the same name You can only apply IP ACLs to an IP interface b Use the Filter State check boxes to specify whether you want to filter out inbound traffic ou...

Страница 110: ...ate an IP interface that will be bound to an existing VLAN 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you want to modify and then double click that file...

Страница 111: ...being sent You should set the MTU equal to the smallest MTU of all the networks between the SSR and a message s final destination Otherwise transmission speed slows down because the packets have to b...

Страница 112: ...panel VLAN 10 Click Next and then click the Bind the interface to VLAN option in the panel that appears That option is available only if there are existing IP VLANs Figure 56 Bind to VLAN or Port VLAN...

Страница 113: ...CoreWatch User s Guide 113 Chapter 8 Configuring IP Interfaces for the SSR Figure 57 Interface Definition Panel VLAN 12 Click Next The Apply ACLs panel appears Figure 58 Apply ACLs Panel VLAN...

Страница 114: ...y an ACL that you have not defined yet finish creating the interface Then configure the desired ACL and apply it as discussed in Chapter 13 Configuring Security on the SSR on page 195 14 If you specif...

Страница 115: ...permits all traffic Modifying IP Interface Definitions Modify IP interface definitions to perform the following operations Change the interface s name Disable or enable the interface Change the inter...

Страница 116: ...ew IP address in the Bound Port Address dialog box that appears and click OK 8 If you want to bind the interface to a different port or VLAN do one of the following If you are modifying a port bound i...

Страница 117: ...an remove an ACL by selecting it in the Selected ACLs list and then clicking Remove Note You may also apply an ACL by copying it as discussed in Copying an ACL to Apply It to an Interface on page 213...

Страница 118: ...n An IP interface can have up to two ACLs applied to it If you applied two ACLs to an interface one ACL must govern the inbound traffic and the other ACL must govern outbound traffic What to Do Next A...

Страница 119: ...ing and IPX For details on multicast routing see Chapter 10 Configuring Multicast Routing on the SSR on page 135 For details on IPX see Chapter 11 Configuring the SSR for IPX Routes on page 147 Note B...

Страница 120: ...IP Unicast Global Parameters dialog box similar to the following appears Figure 63 IP Unicast Global Parameters Dialog Box 5 Enter a number from 1 to 65534 to specify the SSR s autonomous system numb...

Страница 121: ...o MAC addresses Define static ARP entries if you want the SSR to use those entries rather than using ARP to automatically resolve host and MAC address entries To define static ARP entries 1 Start Conf...

Страница 122: ...CoreWatch User s Guide Figure 65 Static ARP Entry Panel 6 Enter the IP address and MAC address of the host s ARP entry in the appropriate text boxes then click Next Configuration Expert displays a Bo...

Страница 123: ...Finish Defining Static Route Entries Static route entries specify routes you want to explicitly configure and enter into the SSR s routing table Define static route entries if you want to configure s...

Страница 124: ...to 255 in the Route Preference box As discussed in What Is Preference on page 126 you can set preferences in several places The SSR uses preference values to determine the preference of routes from on...

Страница 125: ...her RIP interface or gateway In addition to being able to specify the handling of RIP packets on individual interfaces you can configure the SSR for the following Trusted gateways A trusted gateway is...

Страница 126: ...cating the most preferred route Preference may not be used to control the selection of routes within RIP or another Interior Gateway Protocol IGP because that is accomplished automatically by the prot...

Страница 127: ...03 2 Enable RIP on the SSR and specify global parameters if necessary For details on these tasks see Setting RIP Global Parameters on page 127 3 Configure IP interfaces for RIP For details on this tas...

Страница 128: ...ence for the routes learned by RIP To set the preference enter a number from 0 to 255 in the Default Route Preference box The preference you specify applies to all IP RIP interfaces on the SSR Note Do...

Страница 129: ...ou define an IP RIP interface to set the following parameters on that interface Whether the interface will accept RIP updates Whether the interface will send RIP updates The RIP version 1 or 2 The pac...

Страница 130: ...n Creating IP Interfaces on page 103 7 Set the RIP parameters described in the following table Table 15 RIP Parameters Parameter Description RIP Packet Receipt Specify whether the interface can receiv...

Страница 131: ...cast messages by selecting the appropriate option The default is multicast You can set the interface type only if you select Version 2 for the RIP Protocol Version option Selecting broadcast specifies...

Страница 132: ...object 4 Double click the IP Unicast Routing object and then double click the RIP Routing object Double click the RIP Trusted Gateways object 5 Click the Configure New RIP Trusted Gateway object 6 In...

Страница 133: ...of source gateways What to Do Next As discussed in the following list what you do after configuring IP interfaces for unicast routing depends on your network environment and whether you want to contr...

Страница 134: ...Chapter 9 Configuring Unicast Routing on the SSR 134 CoreWatch User s Guide...

Страница 135: ...SR provides an overview of the SSR s implementation of IGMP discusses configuring IGMP on the SSR In addition to configuring the SSR for multicast routing you can configure the SSR for unicast routing...

Страница 136: ...control internetwork traffic on each DVMRP interface Threshold values determine whether traffic is either restricted or not restricted to a subnet site or region Scopes define a set of multicast addre...

Страница 137: ...n Expert if you have not already done so 2 Open the configuration file you want to modify and then double click that file s Routing Configuration object 3 Double click the IP Routing Configuration obj...

Страница 138: ...ation object 4 Double click the IP Multicast Routing object and then double click the DVMRP Routing object Double click the DVMRP Interfaces object 5 Do one of the following If you are modifying the s...

Страница 139: ...e object Defining DVMRP Tunnels Configuration Expert lets you define DVMRP tunnels for sending multicast traffic between two end points DVMRP treats a tunnel as another DVMRP interface When configurin...

Страница 140: ...l select the Configure New IP Tunnel option An IP Tunnel Definition dialog box similar to the following appears Figure 72 IP Tunnel Definition Dialog Box 5 Enter the tunnel s name 6 Enter the IP addre...

Страница 141: ...to modify and then double click that file s Routing Configuration object 3 Double click the IP Routing Configuration object 4 Double click the IP Multicast Routing object Then double click the DVMRP R...

Страница 142: ...he list of tunnels found in the DVMRP Tunnels object The tunnels on which DVMRP is disabled are included in the list of tunnels found in the IP Tunnel Configuration object What Is IGMP IGMP is a group...

Страница 143: ...elp a router determine changes to host membership A longer host query interval means less IGMP queries on the network For hosts not sending explicit messages about when they leave a group the host que...

Страница 144: ...s Figure 74 IGMP Global Parameters Configuration Dialog Box 5 In the Query Timer box specify how often the SSR sends packets to learn which hosts are available You specify the interval in seconds and...

Страница 145: ...IGMP is enabled double click the IGMP Enabled Interfaces object Then select the interface you want to change If you are modifying the settings of an interface on which IGMP is disabled double click th...

Страница 146: ...terfaces on which IGMP is disabled to the list of interfaces found in the IGMP Disabled Interface object What to Do Next As discussed in the following list what you do after configuring IP interfaces...

Страница 147: ...try for an IPX server to the IPX SAP table What Is IPX IPX which is a datagram connectionless protocol performs various tasks including addressing and routing and switching information packets from on...

Страница 148: ...all IPX interfaces The SSR will keep multiple routes to the same network having the lowest ticks and hop count Static routes can be configured on the SSR using the CLI s ipx add route command Through...

Страница 149: ...nding an interface to a MAC address is optional If you do not bind an interface to a MAC address the interface uses the system address The procedure for creating an IPX interface depends on whether yo...

Страница 150: ...the SSR for IPX Routes 150 CoreWatch User s Guide Figure 76 IPX Interface Wizard Single Port 5 Click Next An IPX Interface Definition panel similar to the following appears Figure 77 Interface Defini...

Страница 151: ...capsulation you want associated with the interface by selecting one of the following from the Output MAC Encapsulation drop down list ethernet_II the default ethernet_802_3 ethernet_snap ethernet_802_...

Страница 152: ...User s Guide Figure 79 Bind to VLAN or Port Panel Single Port 10 Click Next Configuration Expert displays a Bound Port List panel similar to the following Figure 80 Bound Port List Panel Single Port 1...

Страница 153: ...VLAN 12 Click Next The Apply ACLs panel appears Figure 81 Apply ACLs Panel Single Port 13 Specify whether you want to apply an ACL to the interface by doing one of the following To not apply an ACL se...

Страница 154: ...s you configure multiple ACLs that use different rules but have the same name You can apply IPX IPX RIP and IPX SAP ACLs to an IPX interface b Use the Filter State check boxes to specify whether you w...

Страница 155: ...e last rule of the ACL permits all traffic Creating IPX Interfaces Bound to a VLAN If you have created an IPX VLAN you can bind that VLAN to an IPX interface while creating the interface To create an...

Страница 156: ...he Interface Name box Then either select Up to enable the interface or select Down to disable it 7 Set the output MAC encapsulation you want associated with the interface by selecting one of the follo...

Страница 157: ...s VLAN 9 Click Next and then select the Bind the interface to VLAN option in the panel that appears This option is available only if there are existing IPX VLANs Figure 86 Bind to VLAN or Port VLAN 10...

Страница 158: ...Chapter 11 Configuring the SSR for IPX Routes 158 CoreWatch User s Guide Figure 87 Interface Defintion VLAN 11 Click Next The Apply ACLs panel appears Figure 88 Apply ACLs Panel...

Страница 159: ...you plan to apply an ACL that you have not defined yet finish creating the interface Then configure the desired ACL and apply it as discussed in Applying ACLs to IP or IPX Interfaces on page 212 13 If...

Страница 160: ...ew interface to those found in the IPX interfaces bound to VLAN object Note When you apply an ACL to an interface the SSR appends an implicit deny rule to that ACL The implicit deny rule denies all tr...

Страница 161: ...face Definition Dialog Box 6 If you want to edit the name interface state or MAC encapsulation fields specify values as you do when creating an IPX interface Then click OK 7 If you want to change the...

Страница 162: ...e ACLs You can apply two of each of the different IPX ACLs IPX IPX RIP and IPX SAP to an IPX interface Figure 91 Update ACL List Dialog Box You can add an ACL by selecting it in the Available IPX ACLs...

Страница 163: ...h as file servers and print servers to advertise their services and addresses SAP makes the process of advertising and removing services dynamic On the SSR you can also add static IPX SAP entries Thro...

Страница 164: ...ies regardless of hop count Moreover when a dynamic route associated with the SAP entry is deleted or lost the SSR does not advertise the IPX SAP entry until it relearns the route entry To configure s...

Страница 165: ...ble 18 IPX SAP Fields Field Description Server Name Name of the IPX server You can use any characters in the name except the following Service Type The type of service Network The IPX network address...

Страница 166: ...t to Do Next After configuring the SSR for IPX you may perform the following tasks Both tasks are optional Control traffic as discussed in Chapter 12 Configuring QoS on the SSR on page 167 Set up secu...

Страница 167: ...configuring QoS policies to define flows provides details about modifying existing QoS profiles What Is QoS On the SSR QoS is a set of parameters that let you do the following Establish a queuing pol...

Страница 168: ...any value for that field Establishing the SSR s Queuing Policy You can establish one of the following queuing policies on the SSR to set the priority of the SSR s traffic Strict priority This policy a...

Страница 169: ...you enter apply to all ports Make sure the total percentages for all four priorities equals 100 You cannot set a control priority to 0 7 Click OK Associating Precedences to Layer 3 Layer 4 Flows You a...

Страница 170: ...eady done so 2 Open the configuration file you want to modify and then double click that file s QoS Configuration object 3 Double click the Global Settings object 4 Double click the QoS Precedence obj...

Страница 171: ...7 7 Click OK Assigning IPX QoS Precedence You can set the QoS precedence for the following flow fields in IPX traffic Destination network Source network Destination node Source node Destination port S...

Страница 172: ...on Node Address 3 Source Node Address 4 Destination Socket Address 5 Source Socket Address 6 IPX Interface 7 7 Click OK Creating QoS Profiles On the SSR you can have multiple IP IPX and Layer 2 flows...

Страница 173: ...creating QoS policies for the different flow types follow Creating a QoS Profile for an IP Flow To create a QoS profile for an IP flow 1 Start Configuration Expert if you have not already done so 2 Op...

Страница 174: ...SSR 174 CoreWatch User s Guide Figure 98 QoS Flow Types Panel IP Flow 5 Click Next A QoS L3 L4 Flow Priority panel similar to the following appears Figure 99 QoS L3 L4 Flow Priority IP Flow 6 Enter th...

Страница 175: ...ystem traffic such as HTTP FTP and so on high Assigns high priority to the IP flow fields you specify medium Assigns medium priority to the IP flow fields you specify low Assigns low priority to the I...

Страница 176: ...assumes a mask of 255 255 255 255 You cannot substitute the mask by entering ANY The option ANY is for the entire Source Address and Source Mask pair Destination Mask Enter the destination network mas...

Страница 177: ...iguration Expert adds the QoS Profile to those included in the IP QoS Profiles object If you selected Yes click Next In the Policy Input Interface List panel that appears specify which interfaces you...

Страница 178: ...After you click Finish Configuration Expert adds the QoS Profile to those included in the IP QoS Profiles object Creating a QoS Profile for an IPX Flow To create a QoS profile for an IPX flow 1 Start...

Страница 179: ...er 12 Configuring QoS on the SSR Figure 102 QoS Wizard IPX Flow 4 Click Next Configuration Expert prompts you to specify which type of flow you want to define Figure 103 Qos Flow Types Panel IPX Flow...

Страница 180: ...ities you may set Table 21 IPX Flow Priorities Priority Description control Assigns control priority to the IPX flow fields you specify This is the highest priority Note Control priority is reserved f...

Страница 181: ...l digits If you do not specify a mask value and instead use the value ANY the SSR internally sets the mask to FFFFFFFF Source MAC Addr Enter the source node address Specify it in the following format...

Страница 182: ...click Finish Configuration Expert adds the QoS Profile to those included in the IPX QoS Profiles object If you selected Yes click Next In the panel that appears specify which interfaces you want to ap...

Страница 183: ...ter you click Finish Configuration Expert adds the QoS Profile to those included in the IPX QoS Profiles object Creating a QoS Profile for a Layer 2 Flow To create a QoS profile for a Layer 2 flow 1 S...

Страница 184: ...R 184 CoreWatch User s Guide Figure 107 QoS Wizard Layer 2 Flow 4 Click Next Configuration Expert prompts you to specify which type of flow you want to define Figure 108 QoS Flow Types Panel Layer 2 F...

Страница 185: ...rities you may set Table 23 L2 Flow Priorities Priority Description control Assigns control priority to the Layer 2 flow fields you specify This is the highest priority Note Control priority is reserv...

Страница 186: ...Layer 2 Flow 10 Do one of the following If you selected No click Finish Configuration Expert adds the QoS Profile to those included in the Layer 2 QoS Profiles object If you selected Yes click Next I...

Страница 187: ...click Finish Configuration Expert adds the QoS Profile to those included in the Layer 2 QoS Profiles object Modifying QoS Profiles After you create a QoS profile you can modify a flow s definition to...

Страница 188: ...e flow s name priority or fields by editing the appropriate options The values for these options were specified when the QoS profile was created For details on these options see Creating a QoS Profile...

Страница 189: ...ptions were specified when the QoS profile was created For details on these options see Creating a QoS Profile for an IPX Flow on page 178 If you are creating a new flow based on an existing one chang...

Страница 190: ...was created For more information on these options see Creating a QoS Profile for a Layer 2 Flow on page 183 If you are creating a new flow based on an existing one changing the flow name is optional...

Страница 191: ...interface list double click the IP QoS Profiles object If you are modifying an IPX flow s interface list double click the IPX QoS Profiles object 4 From the list of flows that appears double click the...

Страница 192: ...ting Configuration object Then double click the IP Interface Configuration object If you are applying an IPX flow to an IPX interface double click the IPX Routing Configuration object Then double clic...

Страница 193: ...ch ports you want the flow to apply to by adding and removing ports in the port list To add a port double click its module in the Available Port list select the port from the list of ports that appear...

Страница 194: ...Chapter 12 Configuring QoS on the SSR 194 CoreWatch User s Guide...

Страница 195: ...outer Each ACL or each list consists of one or more rules describing a particular type of IP or IPX traffic An ACL can be simple and consist of only one rule or complicated with many rules Each rule t...

Страница 196: ...if you have not already done so 2 Open the configuration file you want to modify and then double click that file s Security Configuration object 3 Double click the IP Security object 4 Click the Conf...

Страница 197: ...de 197 Chapter 13 Configuring Security on the SSR Figure 118 IP ACL Name Panel 6 Enter the ACL s name in the ACL Name box and click Next An IP ACL Rule panel similar to the following appears Figure 11...

Страница 198: ...that the value is a wildcard as if you had entered ANY Table 25 IP TCP UDP ACL Rule Criteria Fields Field Description Source Address Enter the source address of the flow Source Mask Enter the filteri...

Страница 199: ...both TCP and UDP you do not need to define two separate rules Instead you can define one IP rule and specify the port that the service uses You can specify a range of port numbers using operator symb...

Страница 200: ...ctions Permit or deny traffic from one computer to another To set up this type of ACL you configure an IPX ACL Set up RIP filters which permit or deny IPX RIP network advertisements To set up such fil...

Страница 201: ...ide 201 Chapter 13 Configuring Security on the SSR Figure 120 IPX Security Wizard 5 Click Next Configuration Expert prompts you for the ACL s name Figure 121 IPX ACL Name Panel 6 Enter the ACL s name...

Страница 202: ...R 202 CoreWatch User s Guide You can use a string of characters or a number 7 Click Next An IPX ACL Type panel similar to the following appears Figure 122 IPX ACL Type Panel 8 Click Next An IPX ACL Ru...

Страница 203: ...source s network address You can enter ANY to specify a wildcard don t care condition The SSR will interpret this number in hexadecimal format You do not need to use a Ox prefix Source Net Mask Enter...

Страница 204: ...same as the syntax for the source address You can enter ANY to specify a wildcard don t care condition The SSR will interpret this number in hexadecimal format You do not need to use a Ox prefix Dest...

Страница 205: ...nel when you are defining that rule Setting Up IPX RIP Filters Set up IPX RIP filters to permit or deny IPX RIP network advertisements You set up such filters by configuring an ACL for IPX RIP interfa...

Страница 206: ...oreWatch User s Guide Figure 125 IPX ACL Name Panel RIP 6 Enter the ACL s name in the ACL Name box You can use a string of characters or a number 7 Click Next An IPX ACL Type panel similar to the foll...

Страница 207: ...P and click Next An IPX RIP ACL Rule panel similar to the following appears Figure 127 IPX ACL Rule Panel RIP 9 If you want to permit IPX RIP network advertisements that meet the rule s criteria selec...

Страница 208: ...tomatically assigned by Configuration Expert A rule s number is included in the Rule box of the IPX ACL Rule panel when you are defining that rule Table 27 IPX RIP ACL Rule Criteria Fields Field Descr...

Страница 209: ...o take the following steps 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you want to modify and then double click that file s Security Configuration object...

Страница 210: ...oreWatch User s Guide Figure 129 IPX ACL Name Panel SAP 6 Enter the ACL s name in the ACL Name box You can use a string of characters or a number 7 Click Next An IPX ACL Type panel similar to the foll...

Страница 211: ...vice advertisements that meet the rule s criteria select the Permit option Otherwise block such advertisements by selecting the Deny option 10 Define the rule s criteria by specifying values for the f...

Страница 212: ...CL can be applied to examine either inbound or outbound traffic Inbound traffic is traffic coming into the router Outbound traffic is traffic that is going out of the router When you apply an ACL to a...

Страница 213: ...es and previously defined IPX IPX RIP or IPX SAP ACLs only to IPX interfaces Caution You can apply up to two IP ACLs to an IP interface and you can apply two of each of the different IPX ACLs IPX IPX...

Страница 214: ...the Access Control List Edit ACL dialog box that appears ensure that there is a check mark in the Input check box and also make sure the Output check box is blank Then click OK b Click an ACL that you...

Страница 215: ...s object In the Update ACL List dialog box that appears remove the interface s current ACL and add the new one To apply an IPX IPX RIP or IPX SAP ACL double click the Applied IPX ACLs object In the Up...

Страница 216: ...Security Layer 2 security filters on the SSR allow you to configure ports to filter specific MAC addresses When defining a Layer 2 security filter you specify to which ports you want the filter to app...

Страница 217: ...ination MAC address which filters out any frame destined to a specific destination MAC address A flow which filters out any frame coming from a specific source MAC address that is also destined to a s...

Страница 218: ...oreWatch User s Guide Configuration Expert prompts you to select a filter type Figure 134 L2 Filter Type Panel Address Filter 6 Click Next An L2 Address Filter panel similar to the following appears F...

Страница 219: ...list select the port from the port list that appears and click the Add button Clicking a module rather than double clicking it selects all of that module s ports This is a quick way to apply the filte...

Страница 220: ...er 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you want to modify and then double click that file s Security Configuration object 3 Double click the L2 S...

Страница 221: ...figuring Security on the SSR Figure 138 L2 Filter Type Panel Lock Filter 6 Select L2 Port Address Lock Filters and click Next An L2 Port Address Lock Filter panel similar to the following appears Figu...

Страница 222: ...t list select the port from the port list that appears and click the Add button Clicking a module rather than double clicking it selects all of that module s ports This is a quick way to apply the fil...

Страница 223: ...ced to go to a set of ports Flow static entry which specifies that any frame coming from a specific source MAC address that is destined to a specific destination MAC address will be allowed disallowed...

Страница 224: ...reWatch User s Guide Figure 142 L2 Filter Type Panel Static Entry Filter 6 Select L2 Static Filters and click Next An L2 Static Filter panel similar to the following appears Figure 143 L2 Static Filte...

Страница 225: ...Specify the source MAC address destination MAC address and VLAN ID in the appropriate text boxes Use the source MAC address for source or flow entries Use the Destination MAC Address for destination o...

Страница 226: ...rs with static entries in the following ways Combine a source secure port filter with a source static entry to drop all received traffic but allow any frame coming from a specific source MAC address t...

Страница 227: ...guring Security on the SSR Figure 145 L2 Security Wizard Secure Port Filter 5 Click Next Configuration Expert prompts you to select a filter type Figure 146 L2 Filter Type Panel Secure Port Filter 6 S...

Страница 228: ...l Secure Port Filter 7 Enter the filter s name in the Name box 8 Select either the Source or Destination option to specify whether the filter is to secure a source port or a destination port 9 Specify...

Страница 229: ...ule s ports If you accidentally add a wrong port remove it by selecting it in the Selected Port list box and clicking the Remove button 11 Click Finish Configuration Expert adds the filter to those fo...

Страница 230: ...ollowing Double click the IP Security object and then the IP ACLs object if you are modifying an IP ACL Double click the IPX Security object if you are modifying an IPX ACL Then double click the objec...

Страница 231: ...u want to modify The Create New Rule object Click this object if you want to add a new rule 5 Edit the ACL Rule Definition dialog box that appears The dialog box s rule options are the same as those y...

Страница 232: ...port bindings 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you want to modify and then double click that file s Security Configuration object 3 Double cl...

Страница 233: ...le click its module in the Available Port list select the port from the list of ports that appears and click the Add button To remove a port double click its module in the Selected Port list select th...

Страница 234: ...Chapter 13 Configuring Security on the SSR 234 CoreWatch User s Guide...

Страница 235: ...dvertisements will be generated and flooded into OSPF To set the SSR s global OSPF parameters 1 Start Configuration Expert if you have not already done so 2 Open the configuration file you want to mod...

Страница 236: ...OSPF Specify an integer value equal to or greater than 1 The default is 1 7 In the ASE LSA Export Limit box specify how many autonomous systems will be generated and flooded into each batch Specify a...

Страница 237: ...en the configuration file you want to modify and then double click that file s Routing Configuration object 3 Double click the IP Routing Configuration object 4 Double click the IP Unicast Routing obj...

Страница 238: ...select Stub specify the cost to be used to inject a default route into the area To do so enter a number from 0 to 65535 in the Cost box that appears after you select the Stub option 9 Click Next In t...

Страница 239: ...ected Yes to specify you want to associate a network with the area use the OSPF Network Definition panel that appears to specify which network you want to associate with the area Otherwise skip to ste...

Страница 240: ...sement d To associate another network with the area select the Add More Address checkbox click Next and repeat step a through step c until you associate all the appropriate networks 11 Click Next In t...

Страница 241: ...teps a From the Interface Name Address drop down list select the IP interface you want to configure as a broadcast interface b Select the appropriate Interface State option to enable or disable the in...

Страница 242: ...ure 158 OSPF Area Broadcast Interface Panel Advanced Tab Table 29 Broadcast Interface Cost and Designated Router Priority Description Option Description Interface Cost Enter the sum of all interfaces...

Страница 243: ...mated number of seconds required to transmit a link state update over the interface Transit delay takes into account transmission and propagation delays and must be greater than 0 Specify an integer v...

Страница 244: ...Add Non Broadcast Interface Panel 14 If you selected Yes to specify you want to add a non broadcast interface add the interface Otherwise skip to step g Figure 160 OSPF Area Non Broadcast Interface Pa...

Страница 245: ...the non broadcast interface in the appropriate text boxes See the following table for more detailed information e Click the Advanced tab Table 31 Non Broadcast Interface Cost and Designated Router Pri...

Страница 246: ...Interval Enter the number of seconds between link state advertisement retransmissions for adjacencies belonging to the interface Specify an integer value equal to or greater than 1 The default is 5 se...

Страница 247: ...30 seconds for both point to point and non broadcast interfaces Router Dead Interval Enter an integer value from 0 to 255 to specify the number of seconds that may occur without Hello packets being he...

Страница 248: ...outer iii To add another neighbor select the Add More NBMAs check box click Next and repeat step i and step ii until you add all the appropriate neighbors d Click Next In the panel that appears specif...

Страница 249: ...pert prompts you to specify whether you want to add a stub host Figure 164 Add Stub Host Panel 15 Do one of the following If you do not want to add a stub host select No If you want to add a stub host...

Страница 250: ...rom 0 to 65535 to specify the cost that should be advertised for the directly attached stub host c To add another stub host select the Add More Stub Hosts check box click Next and then repeat step a a...

Страница 251: ...e SSR Figure 166 Add Virtual Links Panel b Select Yes and then click Next A Virtual Link panel similar to the following appears Figure 167 OSPF Area Virtual Link Panel Definition Tab c Enter a virtual...

Страница 252: ...f Click the Advanced tab Figure 168 OSPF Area Virtual Link Panel Advanced Tab g Set the options on the virtual link as discussed in the following table Table 33 Virtual Link Options Option Descriptio...

Страница 253: ...ject Networks Interfaces and so on you want to modify Click the object you want to modify 7 Edit the object s dialog box LSA Retransmission Interval Enter the number of seconds between link state adve...

Страница 254: ...OSPF on the SSR 254 CoreWatch User s Guide The options of the dialog box are the same as those you specified while creating the area table For details on specifying these options see Creating OSPF Ar...

Страница 255: ...s information about the VLAN associated with each port and IP address information of a port Obtaining Chassis Information Obtain chassis information if you want to know which modules are installed in...

Страница 256: ...you want to know which modules are installed in the SSR the slot number of a module or the number of ports on each module To access such information Table 34 Chassis Info Table Fields Field Descriptio...

Страница 257: ...the item currently selected in the upper frame For details on using the Table toolbar see Appendix A Working with Tables on page 331 Table 35 Port Table Fields Field Description Port ID Identifies the...

Страница 258: ...Chapter 15 Checking System Status 258 CoreWatch User s Guide...

Страница 259: ...X traffic of an SSR including details about incoming and outgoing packets and errors related to the IPX data the SSR receives or sends Separate discussions on the different statistics you can obtain f...

Страница 260: ...the options displays You can select up to four of these dials To select more than one dial name in Windows 95 or Windows NT hold down the Ctrl key while making your selections 4 Click the button Core...

Страница 261: ...of Dials CoreWatch automatically adjusts the scales of the System Dashboard dials For example CoreWatch will automatically change the scaling of the Bits Out dial from KBits Sec to 10 KBits Sec whenev...

Страница 262: ...the following table 4 Click OK Monitoring Port Utilization CoreWatch lets you obtain a Port Utilization Summary that provides the status of each SSR port and identifies the percentage of traffic being...

Страница 263: ...CoreWatch toolbar Select the Monitor menu choose Performance and then choose Port Utilization Summary A Port Utilization Summary dialog box similar to the one described in the following figure appears...

Страница 264: ...phs follow Table 36 Port Utilization Summary Items Item Description Module Identifier Indicates which of the following Ethernet modules are installed in an SSR slot 10 100 TX 100 FX Gigabit LX Gigabit...

Страница 265: ...hoose Performance choose Port and then choose Packet Statistics Click the port that you want to monitor Then click the right mouse button and choose Packet Statistics from the pop up menu that appears...

Страница 266: ...nce choose Port and then choose Byte Statistics Click the right mouse button and choose Byte Statistics from the pop up menu that appears A Port Byte Statistics graph similar to the following appears...

Страница 267: ...tics You can obtain statistics about the erroneous packets that are sent or received on a port as well as how many of those erroneous packets the SSR discarded To display such information 1 In the Fro...

Страница 268: ...g of statistics by using the Graph toolbar as discussed in Using the Graph Toolbar on page 277 Table 39 Port Error Statistics Graph Abbreviations Abbreviation Description InErrs Erroneous packets rece...

Страница 269: ...d the different IP interface graphs follow Obtaining IP Packet Statistics Obtain IP packet statistics if you want to determine how many IP packets the SSR sent received or forwarded To display such in...

Страница 270: ...view switch to it by clicking the CoreWatch main window 2 Select the Monitor menu choose Performance choose IP and then choose Reassembly Statistics An IP Reassembly Statistics graph similar to the f...

Страница 271: ...lbar on page 277 Table 41 IP Reassembly Statistics Graph Abbreviations Abbreviation Description ReasmFails Reassembles that failed because of time outs errors or other problems ReasmOKs IP datagrams t...

Страница 272: ...in the Front Panel view switch to it by clicking the CoreWatch main window 2 Select the Monitor menu choose Performance choose IP and then choose Error Statistics An IP Error Statistics graph similar...

Страница 273: ...SSR discarded because the IP header s destination field included an invalid IP address such as 0 0 0 0 or an IP address of an unsupported class such as Class E InUnkownProt Incoming IP datagrams addr...

Страница 274: ...icking the CoreWatch main window 2 Select the Monitor menu choose Performance choose IPX and then choose Packet Statistics An IPX Packet Statistics graph similar to the following appears By examining...

Страница 275: ...licking the CoreWatch main window 2 Select the Monitor menu choose Performance choose IPX and then choose Error Statistics An IPX Error Statistics graph similar to the following appears By examining t...

Страница 276: ...Table 44 IPX Error Statistics Graph Abbreviations Abbreviation Description HdrErrors Incoming IPX packets the SSR discarded because those packets had problems in their headers This includes any IPX p...

Страница 277: ...istics graph Use this toolbar to control a graph s appearance and stop or start the gathering of statistics as summarized in the following figure Figure 183 Graph Toolbar Magnifies the y axis Displays...

Страница 278: ...Chapter 16 Monitoring Real Time Performance 278 CoreWatch User s Guide...

Страница 279: ...Information about the ports on which STP is enabled Obtaining VLAN Information Obtain VLAN information to display information about which ports and modules are associated with the VLANs configured on...

Страница 280: ...ain STP Port information if you want to examine STP information about the ports on which STP is enabled To access such information do one of the following In the Front Panel view select the Monitor me...

Страница 281: ...me For details on using the Table toolbar see Appendix A Working with Tables on page 331 Table 46 STP Port Table Fields Field Description Port Number Identifies the port for which the table is providi...

Страница 282: ...m Forwarding signifies the SSR is both learning and forwarding packets it receives on the port Broken signifies the port is broken Disabled signifies the port is disabled The SSR drops all frames incl...

Страница 283: ...nd link state advertisements Information about RIP peers Information about DVMRP neighbors routes and hops Details about IGMP caching Checking IP Routing Status CoreWatch can display the following IP...

Страница 284: ...ct An IP Interface table similar to the following appears Figure 186 IP Interface Table The following table describes the fields of the IP Interface table s upper frame The Selection Details frame dis...

Страница 285: ...routing problems To access IP forwarding information do one of the following In the Front Panel view select the Monitor menu choose Routing State choose IP State and then choose IP Forwarding Table In...

Страница 286: ...op of this route If the route is bound to an interface that is accessed through a broadcast medium the value of this field is the agent s IP address on that interface Local IP Interface Indicates the...

Страница 287: ...nfigured on the SSR This information identifies each IPX interface provides details about the packets sent from each of those interfaces and indicates which WAN router an interface may use To access s...

Страница 288: ...one of the following broadcast point to point WAN RIP unnumbered RIP dynamic WAN WS or other Dialing Name Indicates the symbolic name IPX uses to reference the dialing information used to create this...

Страница 289: ...ected Uncompressed Rx Indicates how many packets were received without being compressed even though data compression was enabled on the interface Media Type Indicates that the interface is for an Ethe...

Страница 290: ...e 50 IPX Forwarding Table Fields Field Description IPX Identifier Indicates which instance of IPX the interface is using Network Number Identifies the IPX network number of the destination Protocol In...

Страница 291: ...s of all routers and networks forms the protocol s topological database Routers use the information included in link state advertisements to update their routing tables The IP address and TOS data tha...

Страница 292: ...ion OSPF Interface Address Identifies the interface s IP address OSPF Addressless Interface Contains the interface index for those interfaces that do not have an IP address A value of 0 is used in thi...

Страница 293: ...routes attached to the network Router Dead Interval Indicates how many seconds that a router s Hello packets have not been seen before its neighboring routers declare the router down The value of thi...

Страница 294: ...nt and NBMA interfaces and setting this field to 0 effectively disables all multicast forwarding Truth Value Indicates whether demand OSPF procedures hello suppression to full neighbors and setting th...

Страница 295: ...ears Figure 191 OSPF Area Table The following table describes the fields of the OSPF Area table s upper frame The Selection Details frame displays information about the item currently selected in the...

Страница 296: ...state database The value in this field does not include link state advertisements of external autonomous systems LSA Checksums Identifies the 32 bit unsigned sum of the link state advertisements link...

Страница 297: ...s using On addressless links the value of this field will be the address of another of the neighbor s interfaces Addressless Index Displays the corresponding value of the interface index in the Intern...

Страница 298: ...te DB Table An OSPF Link State DB table similar to the following appears State Indicates the state of the relationship with the neighbor Nbr Events Indicates how many times the neighbor relationship h...

Страница 299: ...Table Fields Field Description Area ID Indicates the 32 bit identifier of the area from which the link state advertisement was received LS DB Type Indicates the link state advertisement s type On the...

Страница 300: ...ilar to the following figure appears Sequence Indicates the sequence number of the link state advertisement This field is used to detect old and duplicate link state advertisements The larger the numb...

Страница 301: ...Description Area ID Identifies the area the address aggregate is to be found within LS DB Type Indicates the address aggregate s type which specifies the link state database type that the address aggr...

Страница 302: ...running how many packets were discarded on each peer and how many route entries from each peer were ignored Obtaining RIP Interface Information Obtain RIP interface information if you want details abo...

Страница 303: ...e and then choose RIP Peer Table Table 56 RIP Interface Table Fields Field Description Address Identifies the network IP address of the interface Each interface has a unique index that the SSR uses to...

Страница 304: ...Identifies the IP address the peer is using as its source address Domain Includes the value found in the Routing Domain field of the RIP packets the SSR received from the peer RIP 2 does not use this...

Страница 305: ...s includes details about the SSR s multicast routes such as their sources upstream neighbors and hop counts The next hops of the DVMRP interfaces to which the SSR is sending IP multicast packets Obtai...

Страница 306: ...ntifies the interface s IP address Distance Metric Identifies the cost assigned to the interface The cost is a number from 1 to 31 that the SSR system administrator sets This metric is similar to the...

Страница 307: ...ers and the traffic the SSR receives from those neighbors To access such information 1 If you are not in the Front Panel view switch to it by clicking the CoreWatch main window 2 Select the Monitor me...

Страница 308: ...3 Minor Version Indicates the neighboring router s minor DVMRP version number The SSR s minor version number is 255 Capabilities Describes the neighboring router s capabilities These capabilities are...

Страница 309: ...ount and an indication of how long ago the SSR learned of the route To access DVMRP routing information 1 If you are not in the Front Panel view switch to it by clicking the CoreWatch main window 2 Se...

Страница 310: ...he network address of the source for which the table entry contains multicast routing information This address is combined with a source s network mask to identify that source Source Subnet Mask Indic...

Страница 311: ...the following Information about which interfaces IGMP is enabled on and details about the IGMP configuration of those interfaces Information about the multicast groups of IGMP interfaces This includes...

Страница 312: ...h information do one of the following In the Front Panel view select the Monitor menu choose Routing State choose IGMP State and then choose IGMP Interface Table In the Schematic view double click the...

Страница 313: ...on of IGMP on that LAN The SSR runs version 2 but can communicate with hosts running version 1 If Querier Identifies the IP address of the IGMP Querier on the IP subnetwork to which the interface is a...

Страница 314: ...eWatch main window 2 Select the Monitor menu choose Routing State choose IGMP State and then choose IGMP Cache Table An IGMP Cache table similar to the following appears Figure 202 IGMP Cache Table Jo...

Страница 315: ...R is never a member of a group Member Since Indicates how long ago the SSR joined the multicast group address A 0 signifies that the SSR is not a member of the group Last Reported Member Identifies th...

Страница 316: ...Chapter 18 Checking the Status of Routing Tables 316 CoreWatch User s Guide...

Страница 317: ...her than being sent to the Control Module for further processing Obtaining Layer 2 Priority Information Obtain Layer 2 priority information if you want to examine the QoS priorities of Layer 2 flows C...

Страница 318: ...s table index Name Identifies the name of the flow Dest MAC Address Identifies the Layer 2 destination s MAC address Source MAC Address Identifies the Layer 2 source s MAC address VLAN ID Identifies t...

Страница 319: ...s for which that priority applies To access such information 1 If you are not currently in the Front Panel view switch to it by clicking the CoreWatch main window 2 Select the Monitor menu choose QoS...

Страница 320: ...priority in the flow When configuring the SSR the network administrator can set this field to any for packets with the protocol set to TCP or UDP if the other fields match Source Address Indicates th...

Страница 321: ...ick the Layer 2 Switching function An L2 Forward table similar to the following appears Figure 205 L2 Forward Table The following table describes the fields of the L2 Forward table s upper frame The S...

Страница 322: ...choose L3 L4 Flows In the Schematic view double click either the Layer 3 4 Switching function or the Flows object The Flow Table Filter dialog box appears VLAN ID Identifies the VLAN that is combined...

Страница 323: ...box blank This is the default for each item To include an item but limit its contents enter the desired value in the appropriate box 3 Do one of the following Leave the And button selected if you want...

Страница 324: ...ceived data for the flow Protocol Indicates the transport layer protocol of the flow such as TCP or UDP Source Address Indicates the network layer address of the source that originally sent the packet...

Страница 325: ...e SSR boot log information to look at the messages the SSR sends when starting up To display the information included in the boot log 1 If you are not in the Front Panel view switch to it by clicking...

Страница 326: ...Chapter 20 Monitoring Faults 326 CoreWatch User s Guide...

Страница 327: ...de boot log information or data from multiple CoreWatch tables This chapter also discusses saving a single table as a report You can view a CoreWatch report in your Web browser either immediately afte...

Страница 328: ...prefer to look at the report later and do not want to examine it immediately after CoreWatch generates it clear the Open report in browser option 4 Click the Save As button The Save As dialog box app...

Страница 329: ...n the Table toolbar The Save As dialog box appears 3 Enter a name for the report in the File Name box If necessary browse to the folder in which you want to save the report then click the Open button...

Страница 330: ...Chapter 21 Obtaining Reports 330 CoreWatch User s Guide...

Страница 331: ...t Export table information to a file Sort data Most of these tasks you perform using the Table toolbar Separate discussions on these tasks finding text in a table and sorting data follow Finding Text...

Страница 332: ...f it has a specific value enter the desired value in the field s text box Leave the field s check box blank Suppose the table includes a Port field and you enter 2 in that field The table will then in...

Страница 333: ...e same time click the Next Rows button on the Table toolbar To obtain the previous set of records CoreWatch displayed at the same time click the Previous Rows button on the Table toolbar Saving a Sing...

Страница 334: ...to another application such as Lotus 1 2 3 or Microsoft Excel save it to an ASCII text file To do so take the following steps 1 Open the table that contains the information you want to export 2 Click...

Страница 335: ...h main window Use the commands available on these menus to perform tasks in CoreWatch File Monitor Window Help File Menu The CoreWatch File menu includes the commands described in the following table...

Страница 336: ...mal settings Changing some of these properties may affect system performance SSR name or IP address Opens the CoreWatch main window for the SSR represented by the name or IP address you select Exit Cl...

Страница 337: ...ncoming and outgoing bytes Error Statistics Displays the graph that lets you monitor erroneous packets on a port This graph also indicates how many packets the SSR discarded although no errors had bee...

Страница 338: ...nds Command Description Chassis Table Displays information about which modules are installed in the SSR the slot number of each module and the number of ports on each module Port Table Displays inform...

Страница 339: ...e interfaces may use IPX Forwarding Table Displays information about the routes used by the IPX interfaces on an SSR OSPF State OSPF Interface Table Displays information about the routes status authen...

Страница 340: ...tries of valid DVMRP packets the SSR ignored DVMRP Neighbor Table Displays information about an SSR s DVMRP neighboring routers DVMRP Route Table Displays information about the multicast routes DVMRP...

Страница 341: ...te Submenu Commands Continued Submenu Command Description Table 74 QoS State Submenu Commands Command Description L2 QoS Displays information about the QoS policies of an SSR L3 L4 QoS Displays inform...

Страница 342: ...dows in columns so that you can view them all at the same time Cascade Arranges all open windows one in front of another The title bar of each window remains visible which can help you identify which...

Страница 343: ...w to contact Cabletron Systems technical support Send Feedback Displays a form that you may use to let Cabletron Systems know what you think about its products You can complete and send this form onli...

Страница 344: ...Appendix B CoreWatch Menus 344 CoreWatch User s Guide...

Страница 345: ...outer concept reduces the number of adjacencies required on a multiaccess network An adjacency is an OSPF relationship formed between selected neighboring routers for the purpose of exchanging routing...

Страница 346: ...mous system OSPF intra area and inter area routes are always imported into the SSR routing database with a preference of 10 It would be a violation of the protocol if an OSPF router did not participat...

Страница 347: ...ter entries in the table based on the specified regular expression CoreWatch supports the following Perl5 regular expressions Alternatives separated by The quantified atoms described in the following...

Страница 348: ...kslashed character matches itself Table 78 Supported Special Backslashed Characters Character Description b Null token that matches a word boundary w on one side and W on the other B Null token that m...

Страница 349: ...tches the corresponding control character nn or nnn Octal representation of character unless a back reference 1 2 3 and so on A back reference which matches whatever the first second third and so on p...

Страница 350: ...tches a word followed by white space without including white space in the resulting match regexp A zero width negative lookahead assertion Suppose you enter port 7 matches any occurrence of port that...

Страница 351: ...ellaneous error messages Missing or Invalid Field Error Messages The following error messages are generated when configuring new objects or modifying existing objects through configuration wizards or...

Страница 352: ...Destination Mask as a IP subnet mask example 255 255 255 0 to continue Destination name is missing or invalid Specify a valid Destination name to continue Export Destination is missing or invalid Spe...

Страница 353: ...Learned from Autonomous System field is missing or invalid Specify a valid value for the Learned from Autonomous System to continue Local Address and Remote Address fields are missing or invalid Speci...

Страница 354: ...sing or invalid Specify a valid Source Mask as a IP subnet mask example 255 255 255 0 to continue Source Tag is missing or invalid Specify a valid Source Tag value to continue Source name is missing o...

Страница 355: ...rror in the selected filter Specify a unique Network Address to continue Duplicate RIP Source Gateway IP address error Specify an unused RIP Source Gateway IP address to continue Duplicate RIP Trusted...

Страница 356: ...Address is already in use Specify a different IP Address to continue This Network Address has already been used Specify another Network Address to continue This IP Interface Name already exists Specif...

Страница 357: ...tly available you may finish creating the interface and then apply the ACL later No IPX ACL available This configuration requires IPX ACLs which are not available Solution Create one or more IPX ACLs...

Страница 358: ...n Specify whether you want to terminate the other user s session by clicking either the Yes or No button If you click No the other user s session will not be terminated and Configuration Expert is not...

Страница 359: ...ile or directory Configure Password is invalid Indicates that the wrong Privileged password was entered when you tried to start Configuration Expert Solution Start Configuration Expert again being sur...

Страница 360: ...ailableforthisconfiguration CreateIPXACLsfirstandthenretrythis operation During creation of IPX interfaces you may optionally bind IPX ACLs An attempt was made to bind an IPX ACL to this IPX interface...

Страница 361: ...uest denied by switch Indicates that the SSR denied a connection when you tried to log in Solution Try logging in again If that attempt fails contact the administrator responsible for the SSR Static A...

Страница 362: ...rmation The selected object could be referenced by other configuration objects and requires you to first delete all the references before attempting to delete the object to ensure consistency Solution...

Страница 363: ...route can be advertised Aggregation reduces the amount of information that the routers must store and exchange Area A set of networks grouped together but located in the same autonomous system Settin...

Страница 364: ...outer OSPF router that will take over the functions of the designated router if that one fails The backup designated router establishes adjacencies to all other routers Boot Log File containing the me...

Страница 365: ...figure multicast routing Set QoS policies Set ACLs and security filters Configure multiple configuration files on the SSR Designated Bridge Bridge responsible for forwarding frames to the LAN segment...

Страница 366: ...t protocol is started on a router Hello Packets Packets sent to acquire neighbors which are routers on the same network as the router sending the packet Hop Count Routing metric that measures the dist...

Страница 367: ...t guarantee delivery of those packets TCP is responsible for guaranteeing delivery Internet Service Provider ISP Company that provides access to the Internet Leaf Interface for which no downstream dep...

Страница 368: ...s sent to this single IP address rather than being sent to each host s individual IP address These addresses are in the range of 224 0 0 0 to 239 255 255 255 Multicast Packets Individual packets sent...

Страница 369: ...lization Summary to identify the traffic patterns of SSR ports This summary indicates the percentage of traffic that is being transmitted and received on each port For a detailed description of an exa...

Страница 370: ...the lowest metric as the best route The metric is a hop count representing the number of gateways through which data must pass in order to reach its destination The longest path that RIP accepts is 1...

Страница 371: ...This delivery time is usually one second on Ethernet LANs Transmission Control Protocol TCP The Internet transport layer protocol that provides reliable communication over packet switched networks Tra...

Страница 372: ...starting Configuration Expert from within CoreWatch You will be prompted for the Privileged password User Datagram Protocol UDP Connectionless protocol in the TCP IP protocol stack It performs the sa...

Страница 373: ...217 219 defined 216 Address Resolution Protocol See ARP address based bridging 64 aging state default 68 69 disabling on ports 70 72 enabling on ports 72 74 of SSR bridging 68 74 overriding default 6...

Страница 374: ...ascade 342 Chassis Table 338 Close All 342 Contents and Index 342 DVMRP Interface Table 340 DVMRP Neighbor Table 340 DVMRP Next Hop Table 340 DVMRP Route Table 340 Error Statistics 337 Exit 336 Freque...

Страница 375: ...es 147 163 ports 50 56 port to address lock filters 219 222 QoS 167 193 RIP 127 133 secure port filters 226 229 SSR bridging 63 80 static IPX SAP entries 163 165 static entry filters 222 226 the SSR 4...

Страница 376: ...information 322 324 OSPF area aggregate information 300 301 OSPF area information 295 296 OSPF interface information 291 294 OSPF link state database information 298 300 OSPF neighbor information 296...

Страница 377: ...Table Filter form 322 flow based bridging 64 flows adding interfaces to 191 deleting interfaces from 191 dragging interfaces to 192 field of IPX 181 fields of IP 175 fields of Layer 2 186 modifying l...

Страница 378: ...VLANs on 97 Internet Group Management Protocol See IGMP Internet Protocol See IP IP 101 103 ACLs 196 200 addresses 102 creating QoS profiles for 173 178 forwarding information 285 obtaining error sta...

Страница 379: ...L2 Security wizard 217 229 L3 L4 Flows command 341 L3 L4 QoS command 341 Layer 2 changing flow port list 192 creating QoS profiles for 183 187 modifying filters 231 obtaining priority information 317...

Страница 380: ...on 291 294 OSPF link state database information 298 300 OSPF neighbor information 296 298 packet statistics of a port 265 packet statistics of IP 269 packet statistics of IPX 274 port information 256...

Страница 381: ...2 modifying in filters 232 obtaining byte statistics 266 obtaining error statistics 267 obtaining information about 256 280 282 obtaining packet statistics 265 overriding default aging 69 70 priority...

Страница 382: ...83 187 modifying 187 193 QoS State submenu 341 QoS tables checking status of 317 324 QoS wizard 173 183 Quality of Service See QoS Quality of Service See QoS Queuing Discipline Configuration property...

Страница 383: ...cts 37 functions 37 opening 30 starting Configuration Expert from 37 38 using 31 secure port filters combining with static entries 226 configuring 226 229 defined 216 security 195 configuring 195 233...

Страница 384: ...ng on ports 79 80 enabling on ports 77 79 port information 280 282 setting up 74 80 STP Global Settings property sheet 75 STP Port table 280 STP settings defining 75 76 STP Table command 338 strict pr...

Страница 385: ...9 43 CoreWatch 31 graph 277 traffic priority 168 traffic rules 195 traps setting targets for 59 60 trunk ports 82 defining 83 85 trusted gateways adding 132 tunnels defining DVMRP 139 141 disabling DV...

Страница 386: ...indows NT CoreWatch requirements 20 installing CoreWatch 24 starting CoreWatch 26 wizards ARP 121 icon 42 IP Interface 104 IP interfaces 110 IP Security 196 IPX Interface 149 155 IPX Security 200 212...

Отзывы:

Нет отзывов