Enterasys X-Pedition XSR Скачать руководство пользователя страница 628

Страница: 628 / 684

General Security Commands

16-84 Configuring Security

General Security Commands

access-list (extended)

This

command

defines

extended

Access

List

(ACL)

number

ranging

from

100

199.

You

can

restrict

allow

the

following

traffic:

•

(Any

Internet

Protocol)

•

TCP

(Transmission

Protocol)

•

UDP

(User

Datagram

Protocol)

•

ICMP

(Internet

Control

Message

Protocol)

•

ESP

(Encapsulation

Security

Payload)

•

GRE

(Generic

Router

Encapsulation)

protocol

•

(Authentication

Header)

protocol

New

and

existing

ACL

entries

can

added/replaced

particular

ACL

without

you

having

rewrite

the

entire

ACL

using

the

insert

replace

number

parameters.

neither

the

insert

nor

the

replace

option

specified,

then

the

new

entry

appended

the

list.

This

noteworthy

since

ACL

criteria

are

evaluated

the

order

displayed

the

show access-list

command.

Apply

restrictions

defined

ACL

with

ip access-group

command.

Syntax

access-list

list

# {

insert

replace

}

entry

# {

deny

permit

}{

protocol

}|{

log

}

{

srcIpAddr

[

srcWildCardBits

]| [

qualifier

] |

source-port

host

srcIpAddr

any

}

range

min-sport

max-sport

{

dstIpAddr

[

dstWildCardBits

]| [

qualifier

destn-port

host

dstIpAddr

any

}

[

established

]

range

min-dprt

max-dprt

type

[

code

]

list#

Extended

ACL

number,

ranging

from

100

‐

199

insert

New

access

entry

inserted

before

existing

entry

the

existing

ACL.

The

show access-list

command

from

within

Global

mode

sequentially

numbers

entries

for

this

purpose.

replace

New

access

entry

replaces

entry

the

existing

ACL

(the

entry

must

already

exist.)

entry#

Entry’s

list

number

within

the

ACL.

number

required

for

first

entry.

deny

Access

denied

specified

conditions

are

met.

permit

Access

permitted

conditions

met.

protocol

Specifies

the

protocol:

IP,

TCP,

UDP,

ICMP,

ESP,

GRE,

AH.

represents

any

protocol.

log

Enables

alarm

logging

and

reporting

source

addresses

for

configured

ACL

entries.

srcIPAddr

The

source

expressed

address.

Содержание X-Pedition XSR

Страница 1: ...X Pedition Security Router XSR CLI Reference Guide Version 7 6 P N 9033842 07...

Страница 2: ......

Страница 3: ...DOCUMENT WEB SITE OR THE INFORMATION CONTAINED IN THEM EVEN IF ENTERASYS NETWORKS HAS BEEN ADVISED OF KNEW OF OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES Enterasys Networks Inc 50 Minutem...

Страница 4: ...ENTERASYS OR YOUR DEALER IF ANY WITHIN TEN 10 DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT CONTACT ENTERASYS NETWORKS LEGAL DEPARTMENT AT 978 68...

Страница 5: ...7 7202 3 and its successors and use duplication or disclosure by the Government is subject to restrictions set forth herein 6 DISCLAIMER OF WARRANTY EXCEPT FOR THOSE WARRANTIES EXPRESSLY PROVIDED TO Y...

Страница 6: ...e benefit of the parties their legal representatives permitted transferees successors and assigns as permitted by this Agreement Any attempted assignment transfer or sublicense in violation of the ter...

Страница 7: ...x and Conventions 3 83 Platform Commands 3 83 Clock Commands 3 84 Crypto Key Commands 3 85 Other Platform Commands 3 86 SNTP Commands 3 91 Platform Clear and Show Commands 3 94 File System Commands 3...

Страница 8: ...onventions 8 83 PPP Commands 8 83 PPP Debug Clear and Show Commands 8 97 Multilink PPP Commands 8 108 Multilink Show Commands 8 122 Chapter 9 Configuring Frame Relay Observing Syntax and Conventions 9...

Страница 9: ...rypto Map Mode Commands 14 110 Crypto Transform Mode Commands 14 115 Crypto Show Commands 14 118 Interface CLI Commands 14 121 Interface VPN Commands 14 122 Tunnel Commands 14 127 Tunnel Clear and Sho...

Страница 10: ...viii...

Страница 11: ...l details BGP commands Chapter 7 Configuring IP Multicast defines XSR commands for Protocol Independent Multicast Sparse Mode PIM SM and the Internet Group Management Protocol IGMP Chapter 8 Configuri...

Страница 12: ...r variable un importante nuevo t rmino o el t tulo de un manual SMALL CAPS Small caps specify the keys to press on the keyboard a plus sign between keys indicates that you must press the keys simultan...

Страница 13: ...network environment layout cable type etc Network load and frame size at the time of the problem The XSR s history i e have you returned the device before is this a recurring problem etc Any previous...

Страница 14: ...xii...

Страница 15: ...on xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vertical bar...

Страница 16: ...form of this command to remove all banners XSR config no banner login Mode Global configuration XSR config Example The following example configures a login banner XSR config banner login Welcome Larr...

Страница 17: ...ional host key behavior is described as follows If you have not generated a master encryption key before using SSH the XSR will prompt you with the crypto key master generate command One to three minu...

Страница 18: ...Syntax enable Mode EXEC XSR Example XSR enable end This command terminates configuration mode Syntax end Mode Any configuration Example XSR config end exit This command quits the current mode to a hi...

Страница 19: ...rt number 80 Example XSR config ip http port 1234 ip http server This command enables disables HTTP Web service to the router If the optional parameter is not supplied the HTTP server will be enabled...

Страница 20: ...Secure Shell SSH service to the client Because the SSH server is enabled at boot up you can either manually disable the SSH server using CLI or disable the SSH server in the startup config file If the...

Страница 21: ...the optional parameter is not supplied the Telnet server is enabled Since the Telnet server is enabled at boot up you must either manually disable it using the CLI or disable it in startup config Syn...

Страница 22: ...ping dest_addr source_addr size pkt_size Mode Privileged EXEC XSR Default Packet size 72 bytes Sample Output This example shows a timed out ping with an unreachable destination XSR ping 134 141 235 1...

Страница 23: ...cular CLI configuration mode You can also associate a privilege level with another command or group of commands The modes which can be set include the following class map configure global controller e...

Страница 24: ...write Only an admin can issue these commands Any user privilege level automatically inherits all privileges granted to lower privilege levels Admin privilege level 15 cannot be changed Privilege for s...

Страница 25: ...Defaults Timeout 1 800 seconds If neither Console SSH nor Telnet is specified the timeout value will be set for the current session Example This example sets the current Console timeout session to 15...

Страница 26: ...ute dest addr source addr Mode EXEC XSR Defaults Maximum interval to wait for a response 3 seconds Maximum interval to live 30 seconds Packet size 40 bytes Sample Output XSR traceroute 140 252 13 65 1...

Страница 27: ...ensure that the administrator can always login The show running config command displays user information By contrast consult the aaa client command which configures a user with AAA security by the XSR...

Страница 28: ...ame 2ndUser password cleartext Celtic The example below sets the privilege for larryc to 15 with an already coded password XSR config username larryc privilege 15 password secret 5 J I8 The following...

Страница 29: ...h8EryaMWAm7c zjWtSlLNYhz q5J2uoPKjct4gqxRv4RLo5yKxsSIcgD6WauvANO7yzQ1CRFBAXL9iZZMEa AhJQbAE1WVXjD61kBmKvrcR2ZDEnpRaueAaojF4Rslo66Y6pn77gAAAIAKjfSPLGIXe0gF JqsEIPkrY 0sMwltOV zd8NPp NqkIOxg9kZVASQCn hu...

Страница 30: ...iption ctron chassis mib XSR components and modules MIB Enterasys Download ctron download mib txt supported via online download only This is the only MIB with v1 v2c write access PPP LCP RFC 1471 pppL...

Страница 31: ...etsysSnmp PersistenceSave to save 2 running config is saved to startup config The only etsysSnmpPersistenceMode supported is pushButtonSave 2 Enterasys Firewall This MIB implements SNMP based Firewal...

Страница 32: ...te access and applies ACL 57 XSR snmp server community MyCommunity rw 57 snmp server contact This command specifies contact information regarding the SNMP server Syntax snmp server contact contact nam...

Страница 33: ...command will turn it back on Syntax snmp server enable disable Mode Global configuration XSR config Default Disable snmp server enable traps This command enables traps and informs to be sent SNMPv1 tr...

Страница 34: ...tities which this command allows you to configure The command also lets you configure the XSR local engineID All engineID settings must be set before adding users to the User Security Model USM table...

Страница 35: ...tion XSR config Example This example specifies the v3auth SNMP group with auth security the v3 view for read and write access and is matched with an ACL written earlier XSR config snmp server group v3...

Страница 36: ...onfig Defaults Trap type SNMP entity frame relay UDP port 162 ip addr IP address of the target recipient traps Sends SNMP traps to this host informs Sends Inform notifications version The security mod...

Страница 37: ...estuser security model v3 noauth snmp server informs This command specifies inform request options Syntax snmp server informs retries retries timeout seconds pending pending Syntax of the no Form The...

Страница 38: ...configuration XSR config Default Null string Example The following example describes the SNMP server location Note the quotation marks XSR config snmp server location Beacon Street Branch snmp server...

Страница 39: ...acing spacing Syntax of the no Form The no formsets the minimum interval between successive traps to the default value no snmp server min trap spacing Mode Global configuration XSR config Default 200...

Страница 40: ...the retransmission queue length Traps which have no route to the host are put into the retransmission queue for resending later Syntax snmp server queue length length Syntax of the no Form The no com...

Страница 41: ...alAlias host aliasSalesServer snmp server system shutdown This command allows the SNMP server to reboot the XSR usually after a software download Syntax snmp server system shutdown Syntax of the no Fo...

Страница 42: ...terface serving as the source for all traps and informs Use the address of the interface from which the trap inform goes out as the source address for the trap inform Syntax snmp server trap source in...

Страница 43: ...emote ip address udp port port v1 v2c v3 encrypted auth md5 sha auth password priv des56 priv password access access list timeout Retry interval ranging from 1 to 9 999 seconds Note Be aware that the...

Страница 44: ...ax of the no Form Use the no form of this command to remove a view entry no snmp server view view name sha HMAC SHA algorithm used for authentication auth password The user s authentication password A...

Страница 45: ...ded The following example removes a view of MIN II subtree 1 3 6 1 XSR config no snmp server view 1 3 6 1 The following example creates a view of all objects in private Enterasys and Cabletron MIBs ex...

Страница 46: ...IB 1 3 6 1 2 1 10 131 snmp 1 3 6 1 2 1 11 ospf 1 3 6 1 2 1 14 bgp 1 3 6 1 2 1 15 rip2 1 3 6 1 2 1 23 ifMIB 1 3 6 1 2 1 31 entityMIB 1 3 6 1 2 1 47 cabletron 1 3 6 1 4 1 52 chassis 1 3 6 1 4 1 52 4 1 1...

Страница 47: ...lowing example sets the moving window interval to ten minutes XSR config snmp server window time 600 snmpMPDMIB 1 3 6 1 6 3 11 snmpUsmMIB 1 3 6 1 6 3 15 snmpVacmMIB 1 3 6 1 6 3 16 snmpEngine 1 3 6 1 6...

Страница 48: ...s in 0 Bad SNMP version errors 0 Unknown community names 0 Illegal operations for name supplied 0 Encoding errors 0 Packets too big 0 No such names 0 Bad values 0 Read onlys 0 General Errors 0 Request...

Страница 49: ...SNMP engineID 800015F8030001F423E691 IP addr Port Rewrite Engine ID 10 10 1 48 162 800009041234 show snmp group This command displays the names of groups on the XSR with their security model and view...

Страница 50: ...host This command displays information from the SNMP Host table Syntax show snmp host Sample Output The following is sample output from the command Notification host 192 168 2 10 udp port 162 type in...

Страница 51: ...tput The following is sample output from the command XSR show snmp view viewname v3view included internet excluded viewname v1default included internet excluded snmpUsmMIB snmpVacmMIB viewname MIBIIvi...

Страница 52: ...regate period 60 buckets of history kept This command specifies how many history entries will be maintained by the Response Time Reporter RTR Syntax buckets of history kept size Syntax of the no Form...

Страница 53: ...ency frequency interval Syntax of the no Form The no form of this command returns to the default value no frequency Mode RTR Echo configuration XSR config rtr echo xx Default Frequency 60 seconds Exam...

Страница 54: ...ner Mode RTR Echo configuration XSR config rtr echo xx Example The following example specifies the RTR owner XSR config rtr echo 57 owner operator1 request data size This command specifies the Respons...

Страница 55: ...The no form of this command removes any configured tag no tag Mode RTR Echo configuration XSR config rtr echo xx Example The following example specifies the RTR name XSR config rtr echo 57 tag one wa...

Страница 56: ...nd specifies the type of Response Time Reporter RTR measurement to be performed ICMP Echo as well as the destination and source host IP addresses Syntax type echo protocol ipIcmpEcho dst source ipaddr...

Страница 57: ...d configures RTR entry 1 and acquires RTR mode XSR config rtr 1 XSR config rtr 1 rtr owner This command registers the Response Time Reporter RTR administrator owner Syntax rtr owner owner name ipAddre...

Страница 58: ...ing now after hh mm ss Mode Global configuration XSR config Default pending Example The following example schedules the RTR measurement immediately XSR config rtr schedule 1 now operation id Measureme...

Страница 59: ...curred FALSE Operational State of Entry INACTIVE show rtr configuration This command displays your configuration of the Response Time Reporter RTR Syntax show rtr configuration operation id Mode EXEC...

Страница 60: ...operation id Mode EXEC configuration XSR Sample Output The following is sample output from the command XSR show rtr history 57 Owner operator toronto Target Address 1 1 1 1 NET HISTORY TABLE Bucket S...

Страница 61: ...talic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vertical bar indicate a choice of a required value x y z Combination of square brackets with braces and vert...

Страница 62: ...SR config controller T3 1 2 0 framing m13 XSR config controller T3 1 2 0 cablelength 225 cablelength long For T1 controllers only This command decreases the pulse from the transmitter for long haul ap...

Страница 63: ...e haul length ranges are defined each with different pulse shaping settings 0 133 ft 0 40m 133 266 ft 40 81m 266 399 ft 81 122m 399 533 ft 122 162m and 533 655 ft 162 200m Note Long haul line build ou...

Страница 64: ...a single channelized T1 or E1 controller port The logical interfaces created can have different encapsulation types PPP Frame Relay etc For each channel group a fraction of a T1 E1 ISDN PRI line the...

Страница 65: ...b8zs XSR config controller T1 1 0 channel group 0 timeslot 1 10 XSR config controller T1 1 0 channel group 1 timeslot 11 20 clock source This command defines the clock source for a T1 E1 or T3 E3 line...

Страница 66: ...t and acquires Controller mode in which additional commands defining clock source framing line encoding and others must be executed to configure the controller For T1 E1 controllers only if you prefer...

Страница 67: ...SR config interface serial 1 0 0 XSR config if S1 0 0 ip address 10 1 11 2 255 255 255 0 XSR config if S1 0 0 encapsulation ppp XSR config if S1 0 0 no shutdown This example sets the E1 NIM on board 1...

Страница 68: ...can be a string value of arbitrary length max 80 characters In all statistics reporting this value identifies the T1 E1 or T3 E3 line in a more descriptive way This command is functional for all seria...

Страница 69: ...This command enables interoperability with providers using various T3 or E3 DSUs to provision the T3 E3 line Syntax dsu mode digitallink kentrox larscom adtran verilink Syntax of the no Form The no fo...

Страница 70: ...s support bandwidths only in certain values So the XSR sets the user configured bandwidth to the closest vendor supported bandwidth refer to Table 2 1 and a message displayed showing the new bandwidth...

Страница 71: ...SR config controller T3 1 2 0 no channelized XSR config controller T3 1 2 0 clock source line XSR config controller T3 1 2 0 framing m13 XSR config controller T3 1 2 0 cablelength 250 XSR config contr...

Страница 72: ...the circuit provider and the T1 E1 or T3 E3 interface with the circuit provider determining which framing type is required Framing type defines the type and format of the transmission frame for T1 or...

Страница 73: ...annelized mode XSR config controller T3 1 2 0 channelized XSR config controller T3 1 2 0 clock source line XSR config controller T3 1 2 0 framing m13 Note The C bit T3 parity framing format is an enha...

Страница 74: ...ial interface 2 0 XSR config interface serial 2 0 XSR config if S2 0 international bit For E3 controllers only This command sets bits 6 and 8 respectively of set II in the E3 frame Syntax internationa...

Страница 75: ...stream can be inverted to satisfy requirements of the line Syntax invert data Syntax of the no Form Disable inverting the data stream by using the command s no form no invert data Default Data is not...

Страница 76: ...ter ID If there is no loopback address defined the Router ID is the highest non zero IP address of existing configured and active interfaces When a T1 E1 ISDN PRI line malfunctions one troubleshooting...

Страница 77: ...interface loopback 0 XSR config if L0 ip address 193 23 24 1 255 255 255 255 XSR config if L0 no shutdown national bit For E3 controllers only This command sets the national bit in the E3 frame bit 1...

Страница 78: ...able bit patterns in other words long strings of all 1s or 0s Several physical layer protocols rely on transitions between 1s and 0s to maintain clocking Scrambling can prevent some bit patterns from...

Страница 79: ...nd does not require any specific booting procedure and can be performed dynamically during system run time When the interface is created it is disabled by default Disabling a T3 E 3 controller causes...

Страница 80: ...set or bring down the controller Syntax clear controller t1 e1 t3 e3 slot card port clear controller t1 e1 t3 e3 card port Mode Privileged EXEC XSR Examples The following example clears the T1 control...

Страница 81: ...oopback is set as none Cablelength long is 0db and Cablelength short is 133ft Framing is esf Line Encoding is b8zs Clock Source is line Description None Alarms Detected None Rx signal level 0 0DB Accu...

Страница 82: ...24 hours 0 Line Code Violations 0 Path Code Violations 0 Slip Seconds 0 Frame Loss Seconds 0 Line Error Seconds 0 Degraded Minutes 0 Errored Seconds 0 Bursty Error Seconds 0 Severely Error Seconds 0 U...

Страница 83: ...S CSES T3 C_bit T3 M13 E3 G751 SES E3 Bypass Parameter Descriptions Rx signal level 0 0DB Accuracy 3DB string String values can be NULL string port locked on the signal range 0 to 43 4 not valid port...

Страница 84: ...troller s state can be up down or administratively down Loopback conditions are shown as Locally looped or Remotely Looped Applique type Channelized or Non Channelized Alarms detected Any alarms detec...

Страница 85: ...Line Code is Line coding format on the controller B3ZS Clock Source is Clock source on the controller Internal or Line Line Code Violations Valid for C bit M13 g751 bypass A count of both Bipolar Vio...

Страница 86: ...roup P bit Severely Err Secs Valid for C bit M13 PSES is a second with 44 or more PCVs one or more Out of Frame defects or a detected incoming AIS This gauge is not incremented when unavailable second...

Страница 87: ...fig if S0 1 0 no shutdown XSR config controller 0 1 1 XSR config controller T1 0 1 0 drop and insert group XSR config controller T1 0 1 0 no channel group 0 XSR config controller T1 0 1 0 clock source...

Страница 88: ...6 7 8 9 0 1 2 3 4 Rx ABCD F F 0 F F F F F F F F F F F F F F Channel 0 Timeslots 10 64kbps Base rate Data in current interval 300 seconds elapsed 0 Line Code Violations 0 Path Code Violations 8 Slip S...

Страница 89: ...mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vertical bar indicate a choice...

Страница 90: ...the time zone to reflect the local time and can be offset by up to 12 hours behind or 13 hours ahead of the Universal Time Clock UTC time as set for Greenwich Mean Time GMT Syntax clock timezone hh m...

Страница 91: ...e set and enter a new key Syntax crypto key master generate Mode Global configuration XSR config Example XSR config crypto key master generate crypto key master remove This command removes the master...

Страница 92: ...jected if it is identified as a weak semi weak or possibly weak key If you specify a valid new key the current secure data files are converted to the new key Syntax crypto key master specify Mode Glob...

Страница 93: ...now fixed to Processor 0 This example forces CPU 1 to accept protocol forwarding jobs on interface F2 XSR debug processor 1 Protocol FE2 FIXED Protocol Job for Interface FastEthernet 2 is now fixed to...

Страница 94: ...gen once per second If power to the XSR is lost the alarm history is preserved in loggen When the XSR comes up again it copies the history from loggen back into the RAM buffer The entire logging histo...

Страница 95: ...medium Sets system log to Medium level low Sets system log to Low level debug Sets system log to Debug level timestamp Sets time and date local Sets timestamp to local time utc Sets timestamp to the...

Страница 96: ...s a sample LogGen message 186 Jan 27 09 13 05 10 8 40 2 LOGGEN Message Flood Display disabled messages logged to History Buffer The following is sample output for a message flood by the show log histo...

Страница 97: ...e request to the SNTP server every poll interval to update local time Syntax sntp client server A B C D A B C D Syntax of the no Form The no form of this command disables the SNTP client no sntp clien...

Страница 98: ...up a resynchronization interval is used to send time requests to the server at fixed intervals of 60 seconds A maximum of 10 such requests are sent in case no answer was received before the SNTP clie...

Страница 99: ...ized stratum 10 reference is RTC or last synchronized reference SNTP server 30 10 1 22 The IP address of the designated SNTP server Stratum Level of the network where the clock is located The primary...

Страница 100: ...ispersion is 1 12 msec Platform Clear and Show Commands clear counter processor This command clears processor performance information CPU utilization is averaged over an 8 second interval Syntax clear...

Страница 101: ...Syntax show buffers Mode Privileged EXEC configuration XSR Sample Output XSR show buffers Common Buffer Pool Usage Pre Allocated 1000 for FE 1000 for FE Frag 512 for Eth1 512 for Eth2 1536 for 4 port...

Страница 102: ...olumn 1 Number in Use Sum of blocks currently in use in this pool Every time you enter the show buffers command this column s data will be marked with a plus or negative sign The indicates the number...

Страница 103: ...796 including overhead 19181280 bytes Used FE Frag 0 of 1500 in use 0 allocations denied Fwd Eng 0 of 3200 in use 0 allocations denied Eth2 128 of 512 in use 0 allocations denied T1E1 0 2 256 of 768 i...

Страница 104: ...for serial card 1536 x 1696 byte buffers were pre allocated for use by the Serial NIM card Total 10680 1696 byte buffers Total number of 1696 byte buffers that were pre allocated There are 100 bytes...

Страница 105: ...5 40048 14 0 69632 7 7 60418 65604 7 0 135168 3 2 118344 131072 556 0 291104 3 3 220710 270336 3 0 480000 1 1 354400 354400 1 0 700000 1 1 628488 628488 1 0 1560000 1 1 1033920 1033920 1 0 TotalBytes...

Страница 106: ...mmand draws on processor capacity at the expense of operational needs Syntax show cpu utilization Mode EXEC or Privileged EXEC XSR or XSR Default CPU usage tracking is on by default Sample Output XSR...

Страница 107: ...ntains the following data relevant to the failure Cause of processor exception Time stamp Contents of processor registers Operating system status Status of tasks current task e g crashed task Contents...

Страница 108: ...45678 iccr 12345678 sgr 12345678 sler 12345678 suor 12345678 bear 12345678 besr 12345678 ccr0 12345678 evpr 12345678 esr 12345678 dear 12345678 srr0 12345678 srr1 12345678 srr2 12345678 srr3 12345678...

Страница 109: ...Syntax show logging Mode EXEC or Privileged EXEC XSR or XSR Example XSR show logging Sample Output The following example displays logging information on the XSR including three Syslog servers XSR sho...

Страница 110: ...ing command displays logging history and severity levels Log history buffer logging severity MEDIUM HIGH messages logged 8 186 Feb 4 09 12 28 192 168 27 38 CLI User admin logged in from console 186 Fe...

Страница 111: ...SR 1805 XSR show version Enterasys Networks Operating Software Copyright 2002 by Enterasys Networks Inc Hardware Motherboard Information XSR 1800 ID 9002854 02 REV0A Serial Number 0000019876543210 Pro...

Страница 112: ...PowerSupply1 PowerSupply2 Fans 1 2 3 4 5 6 7 8 CPU Temperature Max 80C Current 38C Router Temperature Max 60C Current 24C RAM 512MB without interleave Memory Bus at 120MHz CASL at 2 0 Bootrom Flash 4M...

Страница 113: ...le xsr1800 fls or xsr3000 fls is not found the router goes to Step 3 3 An FTP TFTP server as defined in network parameters of Bootrom mode is queried If the image is not found in this remote location...

Страница 114: ...directory to flash or cflash on the XSR file system Syntax cd flash cflash Mode Privileged EXEC XSR Example XSR cd cflash copy file This command copies a file to a new file which may reside in a local...

Страница 115: ...S into Flash y n y Download from server done File size 1856714 bytes The image is copied to flash and its checksum verified Should the transfer fail then the router is temporarily without valid softwa...

Страница 116: ...non volatile memory It initiates a script requiring confirmation of your intention Syntax copy running config startup config Mode Privileged EXEC XSR Example XSR copy running config startup config Sam...

Страница 117: ...from the XSR file system It initiates a script requiring confirmation of your intention Syntax delete flash cflash filename Mode Privileged EXEC XSR Sample Output XSR delete startup config Delete fil...

Страница 118: ...p config 308 SEP 17 2002 15 26 14 user dat 572 SEP 23 2002 14 50 32 cert dat 0 SEP 23 2002 14 24 56 leases cfg 64 SEP 23 2002 14 50 30 dhcpd cfg 0 SEP 23 2002 14 24 56 leases cfg bak 2 328 576 bytes f...

Страница 119: ...ew image the primary Enterasys Operating System EOS file or falling back to the secondary existing file stored in Flash or Cflash if an error is detected EOS Fallback tests the primary EOS and if it i...

Страница 120: ...Reloads after a specified interval expressed in minutes or hours minutes at Reloads at a particular time expressed in hours and minutes cancel Cancels a pending reload primary file The filename inclu...

Страница 121: ...fls 6 snmp 1 1 1 2 The following example upgrades the new image in 12 hours 12 minutes with a fallback to the secondary OS if syntax errors are detected or if no SNMP messages are received from SNMP s...

Страница 122: ...g System EOS Syntax show reload Mode Privileged EXEC XSR Sample Output The following is sample output from the command when a reload is scheduled XSR show reload Reload scheduled in 9 56 minutes eos f...

Страница 123: ...ds under the appropriate modules XSRtop config show running config PLATFORM CLI version 1 5 XSR 1800 Software Version 5 5 1 2 Built Jul 17 2003 13 50 37 hostname XSRtop NETWORK MANAGEMENT username adm...

Страница 124: ...crypto ipsec transform set jj no set security association lifetime kilobytes no set security association lifetime seconds INTERFACE AND SUB INTERFACE interface FastEthernet 1 ip address 20 1 1 1 255 2...

Страница 125: ...client firewall auth port 851 acct port 850 attempts 5 retransmit 5 timeout 25 qtimeout 800 FIREWALL ip firewall network private 1 0 0 0 150 255 255 255 internal ip firewall network any_ext 150 0 0 0...

Страница 126: ...77 entry 0x10000 Diagnostics size 815012 sum 0x2a32 compressed_size 266244 entry 0x10000 xsr1800 fls is a valid S W image file or an error message Invalid chksum 0xf2d9 Expected chksum0x4800 write Thi...

Страница 127: ...menu provides the following functions Reboot warm or cold Update Bootrom File system related commands for the Flash ROM file system Modify network parameters Various status show commands Version numb...

Страница 128: ...s y Do not interrupt or power down until complete Erasing 8 sectors at address 0xfff00000 Programming 130816 0x1ff00 bytes at address 0xfff00100 Programming 131072 0x20000 bytes at address 0xfff20000...

Страница 129: ...MAY 08 2002 03 05 14 xsr1800 fls 1569 MAY 14 2002 02 25 00 startup config 214 JAN 01 2000 22 05 22 user dat 794828 JAN 01 2000 00 01 52 bootrom1_11 fls 0 DEC 27 2019 11 07 14 cert dat 1352 JAN 18 202...

Страница 130: ...ng This command retrieves a file over the network using a remote IP address and remote file path np This command modifies network parameters You are prompted to enter data by the following script Whi...

Страница 131: ...sample output for the XSR 1800 Series On XSR 3000 Series routers you can enter sf 0 or sf 1 to display output from either CPU XSR 1800 sf No fault report at 0x1feef00 This command displays the follow...

Страница 132: ...is sample output XSR 1800 si IBM PowerPC 405GP Rev D Processor speed 200 MHz PLB speed 100 MHz OPB speed 33 MHz Ext Bus speed 25 MHz PCI Bus speed 33 MHz Sync Internal PCI arbiter enabled RAM installe...

Страница 133: ...l IP address 10 120 112 33 Gateway IP address 10 120 112 1 Remote IP address 10 120 112 88 Remote file path c tftpDir Transfer Protocol TFTP Local target name XSR1 Autoboot enabled Quick boot no IP ad...

Страница 134: ...Bootrom Monitor Mode Commands 3 128 Configuring the XSR Platform...

Страница 135: ...nous mode the clock rate is received externally Convention Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vert...

Страница 136: ...ommand is valid and takes effect only when the interface is running in Async mode In Sync mode the clock rate is received externally Syntax databits bits Mode Interface configuration XSR config if Sx...

Страница 137: ...egotiate the other For example you cannot set the speed to 10 Mb s and set the duplex to auto negotiate When issuing this command be aware of the following additional conditions Duplex mode cannot be...

Страница 138: ...d forces the port into internal loopback mode That is the sender is internally connected to the receiver This command is normallyused for diagnostic purposes only Syntax loopback Syntax of the no Form...

Страница 139: ...e to NRZI It is valid and takes effect only when the interface is running in Synchronous mode Some computers require the encoding type to be set to NRZI Syntax nrzi encoding Syntax of the no Form The...

Страница 140: ...er This command specifies the mode of a serial interface as either synchronous or asynchronous If set to synchronous the port is configured as a DTE requiring an external transmit and receive clock to...

Страница 141: ...conjunction with the duplex command forces the FastEthernet interface to operate at a specific speed and or duplex mode Setting the speed or duplex to auto negotiate implies that both the speed and t...

Страница 142: ...plex and speed must be set to auto on both ends of the line otherwise the connection is unpredictable Syntax speed 10 100 auto Syntax of the no Form no speed Mode Interface configuration XSR config if...

Страница 143: ...llowing example configures a FastEthernet sub interface with VLAN ID 10 XSR config interface fastethernet 2 1 XSR config if F2 1 vlan 10 XSR config if F2 1 ip address 1 2 3 4 255 255 255 0 XSR config...

Страница 144: ...stethernet interface sub interface Mode Privileged EXEC XSR Example The following example clears the MIB II counters on FastEthernet port 1 sub interface 20 XSR clear counters fastethernet 1 20 clear...

Страница 145: ...nd resets the hardware on the GigabitEthernet interface This command is available on the XSR 3000 Series routers only Syntax clear interface gigabitethernet number Mode Privileged EXEC XSR Note Issuin...

Страница 146: ...ts ifInDiscards ifInErrors ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifInUnknownProtos Syntax clear counters serial card port Mode Privileged EXEC XSR Example XSR clear coun...

Страница 147: ...example displays output from FastEthernet port 1 XSR config show controllers fastethernet 1 Packet Processor Tx Scheduler Stats 157 Packet driver Tx OK 0 Packet driver not Tx MUX END_ERR_BLOCK 0 Packe...

Страница 148: ...buffer 0x01cc8720 show controllers gigabitethernet This command displays detailed FastEthernet controller data for an interface This command is available on the XSR 3000 Series routers only Syntax sh...

Страница 149: ...8fe86ce0 datalen 0x00000000 status 0x00000000 buffer 0x8fe873a0 datalen 0x00000000 status 0x00000000 buffer 0x8fe87a60 The secondary MAC addresses are in hex 0 not used 1 not used 2 not used 3 not use...

Страница 150: ...0000 buffer 0x00000000 0 next 0xe04d8f21 flag1 0x00000000 flag2 0x00000000 buffer 0x00000000 1 next 0x004e8f21 flag1 0x00000000 flag2 0x00000000 buffer 0x00000000 2 next 0x204e8f21 flag1 0x00000000 fl...

Страница 151: ...0 The card is 1 The port is 0 The channel is 0 The current MTU is 1500 The device is in polling mode and is active The channel is logically INACTIVE The operational state is OPER_DOWN The protocol use...

Страница 152: ...ap Class Free pool ISDN channels 0 Free pool serial ports 0 show interface fastethernet This command displays information about a FastEthernet interface This interface is available on the XSR 1800 Ser...

Страница 153: ...nterface Statistics ifindex 0 ifType 6 ifAdminStatus 1 ifOperStatus 1 ifLastChange 00 32 39 ifInOctets 529727 ifInUcastPkts 0 ifInNUcastPkts 7328 ifInDiscards 0 ifInErrors 0 ifInUnknownProtos 0 ifOutO...

Страница 154: ...ple Output The following example is sample output from GigabitEthernet interface 1 XSR show interface gigabitethernet 1 GigabitEthernet 1 is Admin Up Internet address is 150 50 1 14 subnet mask is 255...

Страница 155: ...or Global configuration XSR or XSR config Sample Output The following is sample output from Loopback interface 5 XSR show interface loopback5 Loopback5 is Admin Up Description My loopback interface In...

Страница 156: ...command displays attributes of the null interface Null 0 an IP interface which uniquely does not require an IP address to appear It is installed automatically by the XSR so that discard routes can be...

Страница 157: ...ace serial card port Mode Privileged EXEC or Global configuration XSR or XSR config Sample Output The following example displays output from Serial interface 1 0 XSR show interface serial 1 0 Serial I...

Страница 158: ...attributes of the configured VPN interface Syntax show interface vpn 0 255 Mode Privileged EXEC or Global configuration XSR or XSR config Sample Output The following is sample output displaying VPN i...

Страница 159: ...on Commands on page 5 182 Virtual Router Redundancy Protocol Commands on page 5 191 Convention Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter it...

Страница 160: ...defined for it XSR config interface serial 1 1 XSR config if S1 1 ip address 172 16 77 1 255 255 255 0 XSR config if S1 1 ip ospf message digest key 20 md5 pass1 XSR config router ospf 1 XSR config ro...

Страница 161: ...is command configures an area as a Not So Stubby Area NSSA which allows some external routes represented by external Link State Advertisements LSAs to be imported into it This is in contrast to a stub...

Страница 162: ...a A discard route is installed for an active summary range Conversely when it becomes inactive the discard route is removed The cost of the summary range is the highest cost among all leaked intra are...

Страница 163: ...lable for creation of inter area routes XSR config router ospf 1 XSR config router area 1 range 64 0 0 0 255 0 0 0 area stub This command defines an area as a stub area Syntax area area id stub no sum...

Страница 164: ...on type message digest MD5 authentication is used null No authentication is used hello interval seconds Interval between hello packets on a port It must be the same for all nodes attached to a network...

Страница 165: ...rea 3 to area 2 A virtual link is created between the two ABRs by means of area 2 which becomes the transit area The RouterID for ABR1 is 192 168 33 1 The RouterID for ABR2 is 192 168 33 2 On ABR1 ent...

Страница 166: ...to maintain the database in its entirety Typically database overflow occurs when a router imports a large number of external Type 5 LSA routes into OSPF This command lets you control other LSA types a...

Страница 167: ...route preference for the OSPF domain OSPF distances are ranked higher than connected or static networks but lower than RIP networks If several routes to the same destination are offered to the Routing...

Страница 168: ...tion of intra area distance is less than inter area distance is less than external distance is always preserved If you attempt to configure otherwise the configuration will fail and you will receive a...

Страница 169: ...ts the administrative distance for OSPF external routes to 65 Note that you can do so only if both intra and inter OSPF distances are less than 65 otherwise you will not be permitted to change the val...

Страница 170: ...R config if F1 ip ospf cost 20 ip ospf dead interval This command sets the interval a router must wait to receive a hello packet from its neighbor before determining that the neighbor is out of servic...

Страница 171: ...t to neighbor routers on the interface Syntax ip ospf hello interval seconds Syntax of the no Form The no form of this command sets the value to the default no ip ospf hello interval Mode Interface co...

Страница 172: ...the password as pass1 XSR config interface serial 1 0 XSR config if S1 0 ip address 172 16 77 1 255 255 255 0 XSR config if S1 0 ip ospf message digest key 20 md5 pass1 XSR config router ospf 1 XSR c...

Страница 173: ...his command removes the poll interval no ip ospf poll interval Mode Interface configuration XSR config if xx Example This example configures the poll interval to 12 times the default hello interval 10...

Страница 174: ...ons of link state advertisements for adjacencies that belong to this interface Syntax ip ospf retransmit interval seconds Syntax of the no Form The no form of this command sets the value to the defaul...

Страница 175: ...ospf transmit delay 20 network This command identifies and defines area IDs for interfaces OSPF runs on Syntax network address wildcard mask area area id Syntax of the no Form The no form of this com...

Страница 176: ...XSR config interface serial 1 0 XSR config if S1 0 ip address 131 108 2 3 255 255 255 0 XSR config router ospf 1 XSR config router network 131 108 1 0 0 0 0 255 area 1 XSR config router network 131 1...

Страница 177: ...ribute ospf match internal match external The following example imports all OSPF routes into RIP with the default RIP metric of 1 It is equivalent to the command entered earlier XSR config router redi...

Страница 178: ...luded locally sourced routes The forwarding address is 0 Summary ranges may overlap So for a locally sourced route the most specific range becomes active Appendix E processing provides a unique link s...

Страница 179: ...rm of this command restores the default timer values no timers spf Mode Router configuration XSR config router Defaults spf delay 5 spf holdtime 10 Example XSR config router ospf 1 XSR config router n...

Страница 180: ...r 53 53 53 21 bdr 53 53 53 6 GigabitEthernet 2 Parameter Descriptions debug ip ospf packet This command debugs received and transmitted OSPF packets As with all XSR debug commands it is set to privile...

Страница 181: ...ed database description packet OSPF Tx PKT Database v 2 t 2 l 172 rid 1 1 1 4 aid 0 0 0 5 chk 7204 aut 0000 from GigabitEthernet 2 to 53 53 53 21 The following example displays a transmitted link stat...

Страница 182: ...ng example displays a queue delayed acknowledgement 191 May 21 07 52 39 1 1 1 4 OSPF Queue Delayed Ack router nbr 10 0 0 1 age 002f opt 22 id 10 0 0 1 rid 10 0 0 1 seq 800001aa chk f671 l 36 The follo...

Страница 183: ...OSPF neighbor events As with all XSR debug commands it is set to privilege level 15 by default Add LSA OSPF Lsa Added to database summary OSPF Summary LSA aid 0 0 0 4 OSPF LSA Area id age 0000 OSPF L...

Страница 184: ...hanging state where the neighbor router ID is 10 0 0 1 the neighbor IP address is 2 2 3 21 and the previous state is EXCHANGE OSPF NBR change state nbr 10 0 0 1 ipa 1 2 3 21 state EXCHANGE The followi...

Страница 185: ...1 4 Supports only single TOS TOS0 route It is an area border and autonomous system boundary router Summary Link update interval is 0 seconds External Link update interval is 0 seconds Debugging enabl...

Страница 186: ...192 168 44 2 64 via 192 168 11 1 Serial1 ABR Area 0 SPF 10 Parameter Descriptions It is OSPF router designation Valid values area border autonomous system boundary and internal Summary Link update in...

Страница 187: ...he SPF calculation that resulted in this coute s installation This number usually corresponds to the number of SPF calculations on this router for an area through which the route was learned link stat...

Страница 188: ...ip ospf database router OSPF Router with ID 192 168 44 1 Router Link States Area 0 0 0 0 Routing Bit Set on the LSA LS age 1292 Options No TOS capability No DC LS Type Router L inks Link State ID 192...

Страница 189: ...work mask 24 Attached Router 192 168 44 1 Attached Router 192 168 44 2 Summary Parameter Response XSR show ip ospf database summary OSPF Router with ID 192 168 44 2 Summary Net Link States Area 0 0 0...

Страница 190: ...Network Number Advertising Router 192 168 33 2 LS Seq number 80000003 Checksum 0x76E0 Length 36 Network Mask 16 Metric Type 2 Larger than any link state path TOS 0 Metric 20 Forward Address 0 0 0 0 Ex...

Страница 191: ...twork prefix ADV Router Router ID of the router originating the LS record Age Age of the LS record in seconds Seq Sequence number assigned by OSPF to each LS record at its time of origination Checksum...

Страница 192: ...router interface address to the network Stub network Network mask Virtual link Originating router MIB II ifIndex value for the unnumbered interface Virtual links are treated as unnumbered point to po...

Страница 193: ...ber assigned by OSPF to this LS record at the time of its origination Checksum Field in a LS record used to verify the integrity of the contents upon the receipt by another router Length Length of the...

Страница 194: ...f the external network Advertising Router Originating router ID ASBR between the OSPF and non OSPF domain LS Seq Number Sequence number assigned by OSPF to this LS record at the time of its originatio...

Страница 195: ...ed router on this network Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 No Hellos Passive Interface Neighbor Count is 0 Adjacent neighbor count is 0 Parameter Descriptions AS extern...

Страница 196: ...ress of the designated router s interface to this subnet if a DR exists Timer intervals configured Refers to the ip ospf hello interval and ip ospf dead interval commands for hello and dead interval v...

Страница 197: ...ec s Parameter Description show ip ospf virtual links This command displays data about virtual links configured on a router Syntax show ip ospf virtual links Mode EXEC or Global configuration XSR or X...

Страница 198: ...th the DoNotAge bit set in the age field are not permitted in the link state database Number of Dcbitless LSA Sum of LSAs without the Demand Circuit DC bit set in the options fields in the link state...

Страница 199: ...efault distances Refer to distance ospf command on page 147 and ip route on page 209 for comparison with OSPF and static routes Syntax distance weight Syntax of the no Form The no command resets the a...

Страница 200: ...config router Default No filter applied Example The following example suppresses network 192 5 34 0 from being advertised in updates on FastEthernet interface 1 XSR config access list 1 deny 192 5 34...

Страница 201: ...ation key phone XSR config if F1 ip rip authentication mode text RIP Example The following example as shown in Figure 5 2 enables RIP on both FastEthernet interfaces of Router 1 also enabling routing...

Страница 202: ...thernet 2 XSR config if F2 ip rip disable triggered updates XSR config interface serial 1 0 XSR config if S1 0 ip rip receive version 1 2 XSR config if S1 0 ip rip send version 2 XSR config if S1 0 ip...

Страница 203: ...d is split horizon with poison reverse Authentication mode text is used and the text is Tex XSR config router rip XSR config router network 192 168 1 0 XSR config router network 192 169 1 0 XSR config...

Страница 204: ...The no form of this command removes an offset no ip rip offset Mode Interface configuration XSR config if xx Default No offset applied Example The following example sets an offset of 1 for Serial por...

Страница 205: ...te packets that are accepted on the interface no ip rip receive version Mode Interface configuration XSR config if xx Default Accept both RIP version 1 and 2 Example This example sets both RIP version...

Страница 206: ...ts RIP version 2 for packets sent on FastEthernet interface 1 XSR config interface fastethernet 1 XSR config if F1 ip rip send version 2 ip split horizon This command sets split horizon mode for the p...

Страница 207: ...AN segment cannot accept RIP broadcast packets only configured neighbors will get RIP updates Multiple neighbor commands can be used to specify additional neighbors or peers Syntax neighbor neighborAd...

Страница 208: ...ter network 192 168 1 0 passive interface This command prevents RIP from transmitting update packets on an interface although it can still monitor updates on the interface Syntax passive interface typ...

Страница 209: ...interface Example The following example denies the reception of RIP updates on F2 XSR config router no receive interface fastethernet 2 redistribute OSPF Static This command redistributes static or OS...

Страница 210: ...r redistribute ospf match internal match external The following example imports all OSPF routes into RIP with the default RIP metric of 1 It is equivalent to the command entered earlier XSR config rou...

Страница 211: ...date 30 seconds Invalid 180 seconds Flush 300 seconds Example The following example sets values for the RIP timers XSR config router timers basic 10 30 60 update Interval the RIP timer is revised rang...

Страница 212: ...conds Update interval 30 Invalid interval 180 Flush interval 300 Routing for Networks 172 16 101 1 172 16 101 5 172 16 150 0 Route Exchanging Neighbors 172 23 11 21 172 23 11 25 Passive Interfaces Fas...

Страница 213: ...on is 2 Rip authentication mode is text key is Rip offset metric is 1 Parameter Descriptions RTP Header Compression Commands The following commands configures the Real Time Protocol RTP header compres...

Страница 214: ...l 2 0 1 ip rtp compression connections By default the software supports a total of 16 RTP header compression connections on the PPP interface This command will allow the user to change the number of R...

Страница 215: ...ssed If you use the command without the passive keyword the software compresses all RTP traffic Note With this release XSR now supports both the VJ Header Compression for TCP and UDP header and the ne...

Страница 216: ...o screen for RTP compression Syntax ip rtp range starting port Num end Port Num Syntax of the no Form The no command removes the RTP packet ranges no ip rtp range Default Disabled Mode Interface confi...

Страница 217: ...ode Privileged EXEC XSR Example The following example displays the RTP Statistics for serial interface 2 0 1 Router show ip rtp header compression interface serial 2 0 1 RTP UDP IP Header compression...

Страница 218: ...ion Bytes Saved Number of bytes saved due to RTP compression Efficiency Improve Efficiency Improvement ratio Equals Bytes of actual packet bytes received Bytes Received Sent Compr RTP Number of compre...

Страница 219: ...number of retransmissions to 50 XSR config interface serial 1 0 XSR config if S1 0 ip address 1 0 0 0 255 0 0 0 XSR config if S1 0 no shutdown XSR config if S1 0 ip rip triggered on demand XSR config...

Страница 220: ...n the database changes or when a next hop s reachability is detected on the WAN side of the connection This functionality reduces the on demand WAN circuit s routing traffic and allows the link to be...

Страница 221: ...fig interface serial 1 0 XSR config if S1 0 ip address 1 0 0 0 255 0 0 0 XSR config if S1 0 no shutdown XSR config if S1 0 ip rip triggered on demand XSR config router network 1 0 0 0 Policy Based Rou...

Страница 222: ...inition set ip next hop Adds or deletes PBR set clauses for the next hop router See page 5 147 for command defintion set interface Adds or deletes PBR set clauses on an interface See page 5 148 for co...

Страница 223: ...e ACL 101 is used to match the traffic XSR config pbr map match ip address 101 set ip next hop This command specifies a next hop IP address as the forwarding router for Policy Based Routing Syntax set...

Страница 224: ...onfig pbr map Example The following example sets F1 as the forwarding interface XSR config pbr map set interface FastEthernet 1 PBR Clear and Show Commands clear ip pbr cache This command deletes entr...

Страница 225: ...le Output The following is sample output when the command is issued XSR show route map pbr route map pbr sequence 10 Match clauses ip address 102 ip address 101 Set clauses next hop 192 168 27 33 inte...

Страница 226: ...ts the duration of a dynamic ARP entry in the ARP table before expiring Syntax arp timeout seconds Syntax of the no Form The no form of his command restores the default value no arp timeout Mode Globa...

Страница 227: ...outing CIDR Syntax ip address address mask address mask negotiated secondary Syntax of the no Form The no form of this command removes specified IP addresses no ip address address mask address mask ne...

Страница 228: ...1 from the interface by entering no ip address 4 4 4 1 255 255 255 0 secondary and updates the primary IP address to 9 9 9 1 by entering ip address 9 9 9 1 255 255 255 0 XSR config interface FastEthe...

Страница 229: ...t route and Serial 1 0 is the gateway of last resort for Router 1 A default route 0 0 next hop Serial 1 0 is configured on Router 1 Figure 5 5 IP Default Route Example ip directed broadcast This comma...

Страница 230: ...ip directed broadcast ip dhcp relay source gateway This command allows users to select the source address to use when relaying packets to the DHCP servers The DHCP servers are configured using ip help...

Страница 231: ...ip domain name domain name Syntax of the no Form The no form of this command resets the IP domain name to no value no ip domain name domain name Mode Global configuration XSR config Example In the fo...

Страница 232: ...arding Also refer to the ip helper address command which specifies the new destination If a certain service exists inside the node and there is no need to forward the request to remote networks the no...

Страница 233: ...if F1 ip helper address 196 1 1 255 This example removes DNS from the list of ports for which UDP broadcast forwarding is done XSR config no ip forward protocol udp 53 Figure 5 6 IP Forward Protocol E...

Страница 234: ...Example ip helper address This command enables forwarding of local broadcasts specifying the new destination address It is one of two commands used for UDP broadcast forwarding Also refer to the ip f...

Страница 235: ...ACME XSR config ip host ACME 192 168 57 28 ip irdp This command enables disables the ICMP Router Discovery Protocol IRDP which dynamically discovers routes to other networks as defined by RFC 1256 IR...

Страница 236: ...1 ip irdp holdtime 10 XSR config if F1 ip irdp preference 10 XSR config if F1 ip irdp multicast ip mtu This command sets the Maximum Transmit Unit MTU size on a port Syntax ip mtu size Syntax of the n...

Страница 237: ...y Syntax ip proxy arp Syntax of the no Form The no form of this command disables Proxy ARP no ip proxy arp Mode Interface configuration XSR config if xx Default Enabled Example The following example d...

Страница 238: ...Syntax of the no Form The no form of this command removes the configured name server no ip proxy dns name server server address1 server address2 server address6 Mode Global configuration XSR config Ex...

Страница 239: ...ote The XSR supports a maximum of 50 static routes with 64 MBytes of memory installed A B C D The IP route prefix for the static route destination mask The prefix mask for the static route destination...

Страница 240: ...255 255 0 192 31 7 65 Figure 5 8 Static Route Example ip route maximum_multiple This command specifies the maximum number of multiple static routes which are static routes having the same destination...

Страница 241: ...on ppp mux pppoe ip mtu 1492 ip tcp adjust mtu 1400 Setting the MSS will cause all TCP SYN packets with the MSS option being modified if the option value exceeds the configured MSS Syntax ip tcp adjus...

Страница 242: ...ss to the interface it associates a numbered interface whose address will be used with packets originating on this interface The following conventions are observed If the numbered interface is deleted...

Страница 243: ...astethernet 2 ip router id This command configures a router identifier an IPv4 address specified in dotted decimal notation It is used in routing protocols such as OSPF to uniquely identify a routing...

Страница 244: ...e ARP cache Syntax clear arp cache Mode Privileged EXEC XSR clear ip interface counters This command clears all IP interface counters If you do not enter the optional type or number value all interfac...

Страница 245: ...n the ARP cache Syntax show ip arp ip address H H H type number Mode EXEC or Global configuration XSR or XSR config Sample Output The following are sample responses XSR show ip arp Protocol Address Ag...

Страница 246: ...3 4712 7a99 ARPA FastEthernet1 Internet 134 141 235 165 0002 1664 a5b3 ARPA FastEthernet1 Internet 134 141 235 150 2 00b0 d02c 06d2 ARPA FastEthernet1 Internet 134 141 235 155 5 00b0 d02c 077e ARPA Fa...

Страница 247: ...2 errors MTU is 1500 bytes Proxy ARP is enabled Helper address is not set Directed broadcast forwarding is enabled Outgoing access list is not set Inbound access list is not set Router Discovery is e...

Страница 248: ...Router discovery is disabled IP Policy Based Routing is not enabled Parameter Description FastEthernet 1 is Admin Up This refers to Layer 3 state for this interface Valid states are Up and Down Last c...

Страница 249: ...s router server discovery disabled FastEthernet2 has router server discovery disabled Parameter Description show ip proxy dns cache This command displays the proxy DNS cache Syntax show ip proxy dns c...

Страница 250: ...address mask longer prefixes bgp ospf rip static Mode EXEC or Global configuration XSR or XSR config Defaults LAN FastEthernet 1 2 interface cost 10 Serial interface cost 64 Name Designation of the DN...

Страница 251: ...1 directly connected FastEthernet2 R 55 0 0 0 8 120 0002 via 51 51 51 9 FastEthernet2 C 54 54 54 0 24 0 0001 directly connected FastEthernet2 C 53 53 53 0 24 0 0001 directly connected FastEthernet2 C...

Страница 252: ...Description E2 OSPF external type 2 route Candidate default route D Default route originated from default network U User configured static route x y Distance metric information 0060 Route cost distan...

Страница 253: ...ds 0 drop no route 0 discards ICMP statistics Rcvd 44 total 0 format errors 0 checksum errors 0 redirects 0 unreachable 2 echo 2 echo reply 0 mask requests 0 mask replies 0 quench 0 parameter 0 timest...

Страница 254: ...Use Resource InUse Denied Number of Dynamic ARPs 1 96 96 0 Number of Static ARPs 0 192 0 0 Total Sum of datagrams received Local destination Sum of local datagrams successfully delivered to upper laye...

Страница 255: ...P users 0 9952 0 0 SNMP groups 2 4672 9344 0 SNMP views 3 3744 11232 0 Number of IP Interfaces 17 7936 134912 0 Number of RIP Net 0 96 0 0 AAA Sessions 0 320 0 0 Authenticated Tunnels 0 640 0 0 IKE IP...

Страница 256: ...ral Information Display XSR show tcp general TCP Statistics TCP General Infomation Maximum number of TCP connections is dynamic 2 connections in state ESTABLISHED or CLOSE WAIT Retransmission timeouts...

Страница 257: ...ote TCP host or an ack of the connection termination request previously sent FINWAIT2 Waiting for a connection termination request from the remote TCP host CLOSEWAIT Waiting for a connection terminati...

Страница 258: ...anslations on GigabitEthernet interface 2 XSR clear ip nat translations g 2 2 NAPT entries or NAT mapping removed interface Port number Dialer 0 255 FastEthernet 1 2 Loopback 0 65535 Serial card port...

Страница 259: ...local pool of IP addresses for distribution to remote peers seeking connection to an interface The command acquires IP Local Pool mode and makes available this sub command exclude Bars a range of IP...

Страница 260: ...pool Examples The following example excludes the ten IP addresses between 192 168 57 100 and 192 168 57 110 from local pool HQ XSR config ip local pool HQ 192 168 57 0 255 255 255 0 XSR ip local pool...

Страница 261: ...nt NAT to pass only FTP control sessions that are using that port In this case all client requests using the default port 21 will be dropped by NAT Syntax ip nat service list access list number ftp tc...

Страница 262: ...he no Form The no command removes NAT rules from the interface no ip nat source list access list number assigned overload address ip address overload pool pool_name overload Mode Interface configurati...

Страница 263: ...s a single static translation entry in the Network Address Translation NAT table Interface static NAT is similar to global NAT it takes precedence over global static NAT with the implication that if a...

Страница 264: ...ut icmp timeout seconds never Syntax of the no Form The no command configures default timeout values no ip nat translation timeout udp timeout tcp timeout icmp timeout seconds never Mode Global config...

Страница 265: ...ng example displays four static NAT entries Note that external hosts are not tracked for static NAT nor are idle times XSR show ip nat translations Interface GigabitEthernet 2 Num Interface Static NAT...

Страница 266: ...lowing example displays NAT pool entries with overload statistics Note that a unique NAT IP address is assigned to each internal host and that if there are more internal hosts than the number of addre...

Страница 267: ...llowing example sets advertising interval 2 for VR group 2 on FastEthernet interface 1 XSR config interface fastethernet 1 XSR config if F1 vrrp 2 adver int 2 The following example sets the default ad...

Страница 268: ...if F1 no vrrp 1 authentication or no vrrp authentication vrrp group ip This command adds up to 11 virtual IP addresses per group and enables a corresponding Virtual Router VR on an interface Be aware...

Страница 269: ...IP address 10 0 1 20 is the address of the virtual router XSR config if F1 no vrrp 1 ip 10 0 1 20 or vrrp ip 10 0 1 20 vrrp group master respond ping This command allows the Virtual Router VR master t...

Страница 270: ...master Virtual Router VR for a virtual group if it has higher priority than the current master VR This feature is enabled by default You can also configure a delay which will cause the virtual router...

Страница 271: ...tual group Use it to control which router becomes the master VR Syntax vrrp group priority level Syntax of the no Form The no form of this command restores the default value no vrrp group priority Def...

Страница 272: ...0 and when at least one of the routes come up the VR will return to its original priority When specifying a watch group be aware that you can use the associated dialer watch list command Syntax of the...

Страница 273: ...the VRRP group whose group ID matches the specified ID on this router will be cleared If you do specify the interface only statistics for all VRs in the VRRP group configured on this interface on thi...

Страница 274: ...Master Router IP 3 3 3 3 Virtual MAC 0x00005e005101 BecomeMaster 2 AdvertiseRcvd 96 ChecksumErrors 0 VersionErrrors 0 PriorityZeroPktsRcvd 0 PriorityZeroPktsSend 0 InvalidTypePktsRcvd 0 UnknownAuthTyp...

Страница 275: ...vrrp interface fastethernet 2 Eathernet Interface 2 Group ID 2 State master Preempt Preempt Enable Priority 15 Adver int 1 Advertise Interval Timer 1 Authentication Code mypass Virtual IP 3 3 3 3 Pri...

Страница 276: ...Delay Timer if in master state displays the seconds remaining to trigger the next advertisement Authentication Code Password Virtual IP Virtual IP address Primary IP Interface IP address Master Route...

Страница 277: ...Clear and Show Commands XSR CLI Reference Guide 5 201 Maximum number of virtual addresses per VR 11 Number of virtual IP address in use Fast Ethernet 1 Fast Ethernet 2 Fast Ethernet 3 VR1 1 1 1 VR3 1...

Страница 278: ...VRRP Clear and Show Commands 5 202 Configuring the Internet Protocol...

Страница 279: ...GP neighbors Convention Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of value...

Страница 280: ...ple the BGP process was already activated with AS 100 when an attempt was made to activate it again with the AS 11 XSR config router bgp 11 BGP Already running in AS 100 aggregate address This command...

Страница 281: ...and restores the default behavior of BGP by summarizing redistributed IGP subnets on classful network boundaries Automatic summarization of IGP subnets reduces the number of routes in the BGP routing...

Страница 282: ...ters considered by the XSR when selecting the best path The path with the lowest MED value is chosen when all higher ranking BGP route selection criteria are the same for all competing paths to the sa...

Страница 283: ...ing MED attribute is considered to have a value of zero Example This example configures the bgp bestpath med missing as worst value within BGP process 100 XSR config router bgp 100 XSR config router b...

Страница 284: ...ute reflector in the cluster Example The following example configures the bgp cluster id value within the BGP process 600 The BGP process corresponds to the AS in which the router resides The cluster...

Страница 285: ...yntax bgp confederation peers autonomous system autonomous system Syntax of the no Form The no form of this command deletes the confederation Ss no bgp confederation peers autonomous system autonomous...

Страница 286: ...Half life 15 minutes Reuse 750 Suppress 2000 Suppress max 60 minutes Disabled Example The following example enables route flap dampening XSR config router bgp 100 XSR config bgp dampening half life In...

Страница 287: ...onfigures the BGP default local preference of 300 for BGP process 100 This setting indicates that all routes this router advertises to its internal BGP neighbors will have a local preference of 300 XS...

Страница 288: ...nd a neighbor or peer group must be identified by means of the neighbor remote as or neighbor peer group command Configuring a minimum interval of zero means that there is no delay in sending BGP rout...

Страница 289: ...0 0 0 to the BGP neighbor of the router that this command is entered on so that it can be used as the default route Before entering this command a neighbor or peer group must be identified by means o...

Страница 290: ...n XSR config router Default No access list applied Example This example applies access list 1 to incoming advertisements from neighbor 192 168 1 1 Only routes which match 10 0 0 0 8 11 0 0 0 8 or 12 0...

Страница 291: ...The following example allows connections to or from neighbor 192 168 1 1 which resides on a network that is not directly connected XSR config router bgp 100 XSR config router neighbor 192 168 1 1 remo...

Страница 292: ...the connection is cleared To reactivate the session enter clear ip bgp IP address If the number of prefixes is set to zero no prefixes will be accepted from the neighbor Syntax neighbor ip address pee...

Страница 293: ...R config router neighbor 192 168 1 1 remote as 101 XSR config router neighbor 192 168 1 1 maximum prefix 10000 neighbor next hop self This command disables automatic next hop selection Updates meant f...

Страница 294: ...onfigured for a neighbor the existing session is replaced by a new session Syntax neighbor ip address peer group name password password value Syntax of the no Form This command s no form removes the p...

Страница 295: ...ds an entry to the BGP neighbor table BGP requires manual neighbor configuration The configuration of neighbors on both of the neighboring BGP routers allows a BGP session to be set up between the rou...

Страница 296: ...up The route map must be configured first Syntax neighbor ip address peer group name route map route map in out Syntax of the no Form The no form of this command deletes the specified neighbor s route...

Страница 297: ...peer group name route reflector client Mode Router configuration XSR config router Example The following example sets a neighbor s reoute reflector XSR config router bgp 100 XSR config router neighbo...

Страница 298: ...config router Default No change is made to status of BGP neighbor or peer group Example This example disables any active session for neighbor 192 168 1 1 XSR config router bgp 100 XSR config router ne...

Страница 299: ...gotiated hold time and the configured keep alive interval By default the keep alive timer is set to 30 seconds and the hold time timer set to 90 seconds This 1 to 3 ratio is strictly maintained betwee...

Страница 300: ...te source interface Syntax of the no Form The no form of this command removes a neighbor s update source no neighbor ip address peer group name update source interface Mode Router configuration XSR co...

Страница 301: ...ied to filter inbound and outbound BGP updates The as path variable in the BGP routing update message is examined against a required parameter of this command which represents AS numbers identified by...

Страница 302: ...oute map match as path 33 XSR config route map set local preference 300 ip community list This command defines a community list that filters on the BGP COMMUNITY attribute The community list you defin...

Страница 303: ...be notified about the networks it will route which con occurs via manual injection of routes into the BGP process with the network command Routes originated by BGP via the network command have their...

Страница 304: ...col into the BGP Redistributed routes can be learned from dynamic routing OSPF RIP static routes and connected routes Redistributed routes can have their path attributes set in BGP by the route map co...

Страница 305: ...rm The no form of this command disables synchronization no synchronization Mode Router configuration XSR config router Default Enabled Example The following example disables synchronization XSR config...

Страница 306: ...h criteria are processed via set commands and those that do not match all of the defined match criteria in the route map are ignored match as path This command matches the values of the as_path variab...

Страница 307: ...a match will occur if the as_path variable in a BGP update message contains AS number 550 If a match occurs then the set local preference command sets the local preference attribute for the matching...

Страница 308: ...ers within the same AS The community is identified by name 300 22 The numeric format aa nn where aa and nn represent two byte numbers is one of the allowable formats for community names BGP updates ma...

Страница 309: ...this command removes the match IP address value no match ip address access list number Mode Route map configuration XSR config route map Default No matching based on IP prefix Example The following ex...

Страница 310: ...ored set as path This command increases the length of the AS path attribute for the BGP routing update messages that meet the match conditions specified within a route map The length of the AS path at...

Страница 311: ...nfig route map match as path 37 XSR config route map set as path prepend 100 XSR config route map set as path prepend 100 100 set community This command specifies the community attribute in a BGP rout...

Страница 312: ...P updates against the criteria specified in ACL 37 10 0 0 0 8 If there is not a match the second instance of route map 1 is invoked which matches on all remaining routes and removes any community attr...

Страница 313: ...orm of this command removes route dampening no set dampening Mode Route map configuration XSR config route map Defaults Half life 15 minutes Reuse 750 seconds Suppress 2000 Suppress max 60 minutes fou...

Страница 314: ...e no set ip next hop value Mode Route map configuration XSR config route map Example The following example sets the IP next hop attribute in the BGP update which matches 10 0 0 0 255 0 0 0 to 1 2 3 4...

Страница 315: ...tes with the highest local preference will be chosen as the best routes to the identified destinations This however applies only in multi homed ASs as the local preference attribute impacts only which...

Страница 316: ...ge the value of the MED which impacts the flow of inbound traffic into a multi homed AS All of the outbound updates leaving this router and matching ACL 66 will have MED value of 20 assigned to them A...

Страница 317: ...t a match clause has been specified Weight is used for best path selection and is assigned locally to the router It is not propagated or carried through any route updates Routes with a higher weight a...

Страница 318: ...1 perform a match on IP as path access lists 67 and 57 in that order with a weight of 6000 for updates matching ACL 67 and 5000 for updates matching ACL 57 If the same destinations are advertised by a...

Страница 319: ...p bgp dampening ip address mask Mode Privileged EXEC XSR Examples The following example clears route dampening information about the route to all routers and unsuppresses suppressed routes XSR clear i...

Страница 320: ...00 300 192 1 1 0 24 192 168 72 100 0 300 100 300 55 5 5 0 24 52 52 52 3 200 100 200 55 5 5 0 24 192 168 72 100 0 300 100 300 6 6 6 2 32 192 168 72 100 0 300 100 300 Local Router ID IP Address of the r...

Страница 321: ...ax show ip bgp community community number internet local AS no export no advertise Mode EXEC configuration XSR Example The following is sample output from the command Network IP address of destination...

Страница 322: ...community list Syntax show ip bgp community list community list number exact match Mode EXEC configuration XSR Example The following is sample output from the command XSR show ip bgp community communi...

Страница 323: ...plays routes conforming to a specified filter list Syntax show ip bgp filter list access list number Mode EXEC configuration XSR Example The following example is sample output from the command XSR sho...

Страница 324: ...92 168 72 100 0 100 100 300 55 5 5 0 24 192 168 72 100 0 100 100 300 6 6 6 2 32 192 168 72 100 0 100 100 300 show ip bgp neighbors This command displays information about TCP and BGP connections to ne...

Страница 325: ...peer BGP version BGP version used to communicate with the peer remote router ID IP address of the neighbor BGP state Internal state of the BGP connection Hold Time Maximum interval in seconds that can...

Страница 326: ...n advertisement runs is 0 seconds peer group is external members 18 1 1 3 192 168 72 19 XSR show ip bgp peer group external summary Neighbor V AS MsgRcvd MsgSent InQ OutQ State 192 168 72 19 4 400 157...

Страница 327: ...ctions Syntax show ip bgp summary Mode EXEC configuration XSR Example The following is sample output from the command XSR show ip bgp summary Neighbor V AS MsgRcvd MsgSent InQ OutQ State 192 168 72 19...

Страница 328: ...clauses community list 1 Set clauses local preference 300 route map 1 permit sequence 2 Match clauses community list 2 Set clauses local preference 200 route map 2 permit Match clauses ip address 1 S...

Страница 329: ...BLISHED BGP Event RX_UPDATE Nbr 192 168 2 1 AS 300 Skt 2 State ESTABLISHED BGP Event KEEP_EXP Nbr 192 168 2 1 AS 300 Skt 2 State ESTABLISHED BGP Debug event generated from the BGP process Event BGP ev...

Страница 330: ...ute refresh Sent 186 total 4 opens 0 notifications 6 updates 176 keepalives 0 route refresh BGP Debug event generated by the BGP process Rx Update Update message has been received Tx Update Update mes...

Страница 331: ...ers bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vertical bar indicate a choice of a required valu...

Страница 332: ...ip multicast routing ip igmp version This command manually sets the IGMP version on a local interface Syntax ip igmp version version_number Syntax of the no Form The no form of this command sets the d...

Страница 333: ...if F1 ip igmp join group 225 2 2 1 ip igmp last member query count This command configures the retransmit count at which the XSR sends IGMP group specific host query messages Syntax ip igmp last memb...

Страница 334: ...le changes the IGMP group specific host query message interval to 2 seconds XSR config if F1 ip igmp last member query interval 2000 ip igmp query interval This command configures the frequency at whi...

Страница 335: ...uration XSR config if xx Default 10 seconds Example The following example sets a maximum response time of 8 seconds XSR config if F1 ip igmp query max response time 8 ip igmp querier timeout This comm...

Страница 336: ...TL threshold of packets being forwarded out an interface Syntax ip multicast ttl threshold ttl value Syntax of the no Form The no form of this command sets this threshold to the default value no ip mu...

Страница 337: ...Mode Interface configuration XSR config if xx Default PIM SM is disabled on an interface Example The following example enables PIM sparse mode on F1 XSR config if F1 ip pim sparse mode ip pim bsr bor...

Страница 338: ...y 0 Example The following example configures the IP address of the router on F1 to be a candidate XSR config ip pim bsr candidate FastEthernet 1 type number Interface from which the BSR address is der...

Страница 339: ...the DR priority value of F1 to 20 XSR config if F1 ip pim dr priority 20 ip pim message interval This command configures the frequency at which a Protocol Independent Multicast Sparse Mode PIM SM rout...

Страница 340: ...configuration XSR config if xx Default 30 seconds Example This example resets the PIM router query message interval to 60 seconds XSR config if F1 ip pim query interval 60 ip pim rp address This comm...

Страница 341: ...mber group list access list priority priority value Syntax of the no Form The no form of this command removes this XSR as an RP candidate no ip pim rp candidate Mode Global configuration XSR config De...

Страница 342: ...he register packet to the industry standard XSR config ip pim RegCksum wholepacket ip pim spt threshold This command configures the threshold over which a PIM leaf router should join the shortest path...

Страница 343: ...splays the multicast groups with receivers that are directly connected to the XSR and were learned through the Internet Group Management Protocol IGMP Syntax show ip igmp groups group address type num...

Страница 344: ...g example displays sample responses XSRinterface Interface name FastEthernet2 Interface state Up IGMP version 2 Protocol owner PIM SM Group IP Multicast group address Interface name The interface thro...

Страница 345: ...in the Response Interface name Interface type number Interface state Interface status IGMP version IGMP version on this interface Protocol owner Multicast routing protocol configured on this interfac...

Страница 346: ...e Expires Interface state Interface Next Hop State Mode 224 0 255 3 5 29 15 00 01 14 RP is 192 168 26 2 flags Incoming interface FastEthernet1 RPF neighbor 10 3 35 1 Outgoing interface list FastEthern...

Страница 347: ...utes and seconds the entry has been in the IP multicast routing table RP Address of the rendezvous point RP router For routers and access servers operating in sparse mode this address is always 0 0 0...

Страница 348: ...interface type number Mode EXEC configuration XSR Example The following example display sample responses XSR show ip pim interface PIM Interface Table Address Interface Nbr Count Hello Intvl DR 30 0...

Страница 349: ...Address IP address of the next hop router Interface Interface type and number that is configured to run PIM Nbr Count Number of PIM neighbors discovered through this interface Hello Intvl The interva...

Страница 350: ...224 0 0 0 Mask 240 0 0 0 RP Address 30 0 0 20 Holdtime 150 Priority 192 RP Address 50 0 0 40 Holdtime 150 Priority 192 Parameter Descriptions show ip pim rp hash This command displays the rendezvous...

Страница 351: ...mmands XSR CLI Reference Guide 7 103 Example The following example displays sample responses XSR show ip pim rp hash 239 1 1 1 RP 192 168 27 12 Parameter Descriptions RP Address of the RP for the grou...

Страница 352: ...IGMP Clear and Show Commands 7 104 Configuring IP Multicast...

Страница 353: ...Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vert...

Страница 354: ...up the Console port on the XSR 1800 series as a WAN interface for dial backup purposes refer to the Caution below Do so by entering 0 only Note If encapsulation is changed from one type to another all...

Страница 355: ...1 to 2 FastEthernet 1 to 3 GigabitEthernet and 0 Console If a Serial port resides on a T1 E1 port then channel group data must be added at the end of the string to mark which channel group of the T1 E...

Страница 356: ...al challenge and verify that encrypted values match MS CHAP is closely derived from the PPP CHAP with the exception that it uses MD4 as the hashing algorithm You may enable PAP or CHAP MS CHAP or all...

Страница 357: ...e following sample configuration illustrates the preceding example On Site A enter the following commands XSR config interface serial 1 0 XSR config if S1 0 encapsulation ppp XSR config if S1 0 no shu...

Страница 358: ...on requests from peers or uses a default password during CHAP authentication when no other password is available It can enable multiple routers to appear to have the same hostname when using CHAP auth...

Страница 359: ...ppp XSR config if D1 ppp chap refuse ppp keepalive This command sets the keepalive timer on a Point to Point port PPP keepalives are sent out as echo requests over the PPP port at specified intervals...

Страница 360: ...e Nak or Configure Reject Syntax ppp lcp max configure number Syntax of the no Form The no command resets the counter to the default value no ppp lcp max configure Default 10 Mode Serial Dialer or Fas...

Страница 361: ...stethernet 2 1 XSR config if F2 1 1 ppp lcp max failure 200 ppp lcp max terminate This command configures the restart timer counter for the number of Terminate Requests sent out on a Point to Point in...

Страница 362: ...tion is enabled Syntax ppp max bad auth number Syntax of the no Form Use the no form of this command to reset to the default immediate reset no ppp max bad auth Default 0 Mode Interface configuration...

Страница 363: ...sends a 0 0 0 0 IP address in the CONFIG REQUEST and asks the local system to assign an IP address The address will not be used if the peer already has been assigned an IP address with its own local...

Страница 364: ...SR config if D1 encapsulation ppp XSR config if D1 dialer map ip 20 20 20 1 9051234567 ppp quality This command sets the minimum Link Quality Monitoring LQM value on a serial interface before the link...

Страница 365: ...ure Requests and Terminate Requests on a Point to Point interface The timer is the peak interval to wait for a response during PPP negotiation This command applies to any serial port on which PPP enca...

Страница 366: ...AP responses it also searches through its list of usernames to match passwords Syntax username name password cleartext secret type password Syntax of the no Form The no form of this command deletes th...

Страница 367: ...t interface type number limit x type1 type2 Syntax of the no Form The following no form of the command returns the default value no debug ppp packet interface type number Mode EXEC configuration XSR E...

Страница 368: ...are decoded and displayed protocol see list below code type of packet packet identifier packet length and the type length and content of the option You can select these packet types to be debugged PAP...

Страница 369: ...packet limit 50 ipcp lqm Sample Output The following debugging output is displayed on Multilink interface 57 XSR show interface multilink 57 Multilink Interface Stats Multilink 57 is Admin Up Internet...

Страница 370: ...Data Pck 0 Total Tx Pck Discarded 0 Rx Control Pck Discarded 0 Rx Control Pck Error 0 Rx Control Pck Unknown protocol 0 Rx Control Pck Too Long 0 LocalToRemoteProtocolCompression Disabled RemoteToLoc...

Страница 371: ...pened Multilink State opened Dialer4 MLPPP State LCP State opened Multilink State opened Dialer5 MLPPP State LCP State opened Multilink State opened Dialer33 MLPPP State LCP State opened Multilink Sta...

Страница 372: ...and displays link status statistics and configuration for the interface type number The show ppp interface dialer number multi class serial command displays Dialer statistics with Serial and Multiclas...

Страница 373: ...OPENED Bundle Size 31 Max Load Threshold 120 Bundle Tx Load Avg 240 Bundle Rx Load Avg 240 Last Tx Seq Num 14787652 Last Fwd Seq Num 12933548 Last Rcv M 12933518 No Of Frag Rcvd 12920875 No Of Frag D...

Страница 374: ...Interface Serial 0 4 1 LCP Current State OPENED IPCP Current State OPENED Multilink Current State OPENED LCP STATS Total Rcv Pck 1618575 Total Rcv Control Pck 420 Total Rcv Data Pck 1618155 Total Rcv...

Страница 375: ...Control Pck Too Long LocalToRemoteProtocolCompression Range 32 bit counter Description Sum of received packets discarded because length is too short less than 4 Range 32 bit counter Description Sum o...

Страница 376: ...of the MRU for the remote PPP Entity This value is the MRU that the local entity uses when sending packets to the remote PPP entity The value is meaningful only when the link has reached the open sta...

Страница 377: ...ed Changing this object will take effect when the link is next restarted Default 1500 Range Integer False or True Description If true 2 the local node will try to perform Magic Number negotiation with...

Страница 378: ...owing example enables multilink on group 2 with serial interface 1 1 configured as the physical interface XSR config interface multilink 2 XSR config if M2 ppp multilink endpoint ip 192 168 10 214 XSR...

Страница 379: ...mand triggers the dialer to maintain the minimum number of links in a bundled multilink over a switched line and should be configured on the called side of a connection It is the first means by which...

Страница 380: ...means by which the XSR controls traffic via BoD It is also provided by setting the multilink min links command Syntax ppp bap call accept request Syntax of the no Form The no form of this command dis...

Страница 381: ...o ppp bap callback accept request Example The following example configures BAP to accept and request callbacks XSR config interface dialer 1 XSR config if D1 encapsulation ppp XSR config if D1 no shut...

Страница 382: ...s to set up Bandwidth on Demand BoD The multilink load threshold command is a second means by which the XSR controls traffic via BoD It is also provided by setting the multilink min links command Synt...

Страница 383: ...link group Refer to page 8 118 for command details load threshold set the value which triggers the dialer to add or delete a link from the multilink bundle See page 8 119 for details multi class sets...

Страница 384: ...rame Relay service XSR config interface bri 2 1 XSR config if BRI 2 1 leased line 56 XSR config interface bri 2 1 1 XSR config if BRI 2 1 1 encapsulation ppp XSR config if BRI 2 1 1 ppp multilink XSR...

Страница 385: ...bundle The maximum fragment size is calculated as Fragment size in bytes fragment delay ms x link speed kbps 8 Table 8 1 below shows the relationship between maximum fragment delay and maximum fragme...

Страница 386: ...sets the fragment delay to 30 milliseconds on the Dialer 2 interface XSR config if D2 ppp multilink fragment delay 30 Table 8 1 Maximum Fragment Size bytes Fragment Delay ms Link Speed Fragment Delay...

Страница 387: ...R config if M1 ppp multilink fragment disable Display Examples The following examples display fragmentation settings by the show interface multilink command XSR show interface multilink 1 Multilink In...

Страница 388: ...displays fragmentation settings XSR show ppp interface multilink 1 multiclass MLPPP Bundle MultiClass Stats Multilink 1 MLPPP is Admin Up Oper Up Group Num 1 LCP State OPENED IPCP State OPENED Multili...

Страница 389: ...s sampled every second and averaged over an 8 second period Triggering is delayed for 10 seconds when the load surpasses or falls below the threshold Triggering is generated when Either the inbound or...

Страница 390: ...etween peers It supports five streams of sequence numbers the long sequence format by default and the short sequence number by negotiation Any class lower than the default requested by the peer will b...

Страница 391: ...Multilink PPP Commands XSR CLI Reference Guide 8 121 Example The following example enables the multi class MLPPP option XSR config if D57 ppp multilink multi class...

Страница 392: ...ENED Multilink State OPENED Multi Class State OPENED Multilink header format is LONG SEQ NUM Class suspendable level is 5 tx classes and 5 rcv classes Max Fragment delay is 10 ms MLPPP Bundle Info Con...

Страница 393: ...e OPENED CLOSED Description MLPPP state OPENED if negotiation with peer successful CLOSED otherwise Range OPENED CLOSED Description Multi Class state OPENED if negotiation is successful with the peer...

Страница 394: ...s wrong for MLPPP Padding Error Sum of packets discarded because padding size is wrong Invalid Cls Sum of packets discarded because class number greater than class level negotiated Error to CP Sum of...

Страница 395: ...lass State CLOSED Bundle Size 1 Class Level Tx 1 Rx 1 Max Load Threshold 0 Bundle Tx Load Avg 0 Bundle Rx Load Avg 0 No Of Pck in Rx Buf Q 0 Lowest link Speed 1984000 Max Fragment Size 256 High Pri Me...

Страница 396: ...igured MLPPP Bundle Stats Multilink 8 MLPPP is Admin Up Oper Up Group Num 8 LCP State OPENED IPCP State OPENED Multilink State OPENED Multi Class State OPENED Multilink header format is LONG SEQ NUM C...

Страница 397: ...ler multi class This command displays Multi Class MLPPP status and statistics Syntax show ppp interface type type number multi class Mode EXEC XSR Sample Output The following example displays output o...

Страница 398: ...0 0 0 Rx Load Average 0 0 0 0 0 Max 0 0 0 0 0 Min 0 0 0 0 0 Tx Load Average 0 0 0 0 0 Max 0 0 0 0 0 Min 0 0 0 0 0 Rx Stats Total 0 0 0 0 0 Discard SeqError 0 0 0 0 0 FListFull 0 0 0 0 0 Seq Exp 0 0 0...

Страница 399: ...ber of the fragment of this class to the upper layer Range 1 16777215 Description Last M the smallest received sequence number of all the member links in this class to the upper layer Range Not define...

Страница 400: ...d fragments discarded for this class because fragment list is full Seq Exp Sum of received fragment discarded for this class because sequence number is less than expected NoBgnFlg Sum of received frag...

Страница 401: ...ilink 1 32767 memberlink multi class type number show ppp interface dialer 1 256 memberlink multi class type number Parameters Mode EXEC XSR Sample Output The following example displays output of this...

Страница 402: ...d FListFull 0 0 0 0 0 Seq Err 0 0 0 0 0 Seq Expt 0 0 0 0 0 NoBegin 0 0 0 0 0 AddFrgFail 0 0 0 0 0 CleanQ 0 0 0 0 0 Tx Stats Total 0 0 0 0 0 Discard CleanQ 0 0 0 0 0 QFull 0 0 0 0 0 PPP Multilink Membe...

Страница 403: ...for this class over this member link because fragment list is full Seq Exp Sum of received fragments discarded for this class over this member link because sequence number is less than expected NoBgnF...

Страница 404: ...0 Bundle Tx Load Avg 0 Bundle Rx Load Avg 0 No Of Pck in Rx Buf Q 0 Lowest link Speed 64000 Max Fragment Size 64 High Pri Member link is Serial 3 2 0 10 Rx Stats Total 20137 Data 19103 Control 2 Null...

Страница 405: ...lBack Req 0 Tx CallBack ReqAck 0 Tx LinkDrop Req 0 Tx LinkDrop ReqAck 0 Discriminators Local Remote Serial 3 2 0 26 0 1 Serial 3 2 0 30 1 3 Serial 3 2 0 29 2 5 Serial 3 2 0 28 3 7 Serial 3 2 0 27 4 9...

Страница 406: ...Multilink Show Commands 8 136 Configuring the Point to Point Protocol...

Страница 407: ...tory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vertical bar indicate a choice of a r...

Страница 408: ...rface inherits all relevant parameters defined in the named map class For each virtual circuit the precedence rules are as follows Use the map class associated with the virtual circuit if it is config...

Страница 409: ...if S1 0 frame relay class normlink The following commands configure sub interface serial 1 0 2 to use a different map class fastlink than that specified for serial 1 0 XSR config interface serial 1 0...

Страница 410: ...ng from 16 to 1007 For the Point to Point P2P sub interface type only one DLCI is allowed For Point to Multi Point P2MP you can configure multiple DLCIs gratuitous inverse arp Sends inverse ARP reques...

Страница 411: ...8 ip 133 133 1 3 bootp XSR config fr dlci no shutdown XSR config fr dlci interface serial 1 0 2 point to point XSR config subif ip helper 10 10 1 2 XSR config subif ip address 133 134 1 1 255 255 255...

Страница 412: ...intf type dce XSR config if S1 0 frame relay lmi type ansi frame relay lmi t391dte This command sets the interval between LMI Link Integrity Verification LIV message transmissions on the Data Terminal...

Страница 413: ...request a full status response from the Frame Relay switch The other nine status inquiries will request keep alive exchanges only XSR config interface serial 1 0 XSR config if S1 0 encapsulation fram...

Страница 414: ...his command sets the error threshold on a Data Terminal Equipment DTE interface Syntax frame relay lmi n392dte threshold Syntax of the no Form Use the no command to remove the current setting no frame...

Страница 415: ...ample sets the DCE to wait 20 seconds for a status enquiry from the DTE before declaring an error event XSR config interface serial 1 0 XSR config if S1 0 encapsulation frame relay XSR config if S1 0...

Страница 416: ...ce This command sets the monitored event count on a Data Communications Equipment DCE interface Syntax frame relay lmi n393dce events Syntax of the no Form The no form of this command removes the curr...

Страница 417: ...R config if S1 0 encapsulation frame relay XSR config if S1 0 frame relay lmi type ansi XSR config if S1 0 no shutdown frame relay traffic shaping This command enables map class parameters for all Per...

Страница 418: ..._num Caution Be aware that when you enable the Console port as a WAN port you can no longer directly connect to it because it is in data communication mode Your only access to the CLI will be to Telne...

Страница 419: ...lay Map Class Commands class This command assigns a map class to a specific Data Link Connection Identifier DLCI This can be used to override the default values for the DLCIs or to override a class as...

Страница 420: ...dback indicating upstream congestion conditions Frame Relay switches use BECN Back End Congestion Notification to indicate congestion and throttle the DTE traffic rate Syntax frame relay adaptive shap...

Страница 421: ...frame relay slowlink XSR config map class slowlink frame relay bc out 6000 frame relay be This command specifies the outgoing excess Burst size Be for a Frame Relay map class Syntax frame relay be ou...

Страница 422: ...In this sense Committed Burst Bc is not really a burst but a smoothing function for the number of bits that the XSR is allowed to transmit during the Tc period in order to achieve the specified CIR Si...

Страница 423: ...lowlink frame relay fragment 53 XSR config map class slowlink service policy frf12 map class frame relay The command selects a supported Frame Relay map class and gives it a mnemonic name that can be...

Страница 424: ...the service policy profile for the class map The service policy is a flexible method to configure QoS for an interface sub interface and DLCI You can use it to create priority queues custom queues WF...

Страница 425: ...the interface after it is shut down no shutdown Mode Interface configuration XSR config if xx sub interface This command starts configuration for a sub interface on a serial interface You can configu...

Страница 426: ...a specified Frame Relay sub interface or a Frame Relay port or all Frame Relay ports on the XSR Syntax clear frame relay counter interface interface num dlci dlci num Mode EXEC XSR clear frame relay i...

Страница 427: ...of fragments transmitted received and dropped When a specific interface and DLCI are specified additional details are displayed Syntax show frame relay fragment interface interface dlci Mode Privileg...

Страница 428: ...12 header In assembled pkts Sum of fully reassembled frames received by this DLCI including frames without a Frame Relay fragmentationheader in un fragmented packets This counter corresponds to frames...

Страница 429: ...h a T1 E1 Serial controller NIM installed LMI Statistics for Serial 0 2 0 1 Frame Relay DTE LMI NONE Interface down Status Enq Sent 0 Status Msg Rcvd 0 Status Timeout 0 Updated Status Rcvd 0 configure...

Страница 430: ...the port has successfully negotiated detected the LMI supported by the switch otherwise it displays AUTO Status Enq Sent Sum of LMI status enquiry messages sent Status Msgs Rcvd Sum of LMI status mess...

Страница 431: ...nterface that is associated with a DLCI dlci 981 0x3D5 0xF450 DLCI number displayed three ways its decimal value its hexadecimal value 0x3D5 and its value as it appears on the wire 0xF450 Remote Addr...

Страница 432: ...ming data rate for this PVC in packets per second measured for 8 seconds Input pkts Sum of packets received on this PVC Input bytes The packet rate in pps on this PVC in the last sampling period last...

Страница 433: ...whether they are being referenced by any Frame Relay interfaces Syntax show frame relay map class Mode Privileged EXEC XSR Example XSR show frame relay map class Total 7 frame relay map classes confi...

Страница 434: ...1 Total LMI Tx 0 LMI Rx 0 TX Packets 18155 Bytes 20214344 PPS 0 RX Packets 18154 Bytes 20214072 PPS 0 Approximate Speed 128 Kbps Discarded Packets TX RX 0 0 Sub Interface 1 State UP Num Stations 1 Co...

Страница 435: ...ernal The device uses CRC 16 for Tx The device uses CRC 16 for Rx The type of encoding is NRZ The media type is RS 232 V 28 DTE The loopback mode is off Other Interface Statistics ifindex 0 ifType 23...

Страница 436: ...Frame Relay Clear and Show Commands 9 112 Configuring Frame Relay...

Страница 437: ...IA signaling will be used on the serial line interface This signal is known as the DTR signal The dialer string command has no effect on DTR dialers Be aware of the following mandatory conditions Conv...

Страница 438: ...e and a preset dialing out telephone number Syntax dialer dtr Syntax of the no Form no dialer dtr Default DTR dialing is disabled Mode Interface configuration XSR config if xx Example XSR config if S1...

Страница 439: ...led no default dialing pool number is assigned Priority 0 Minimum 0 Maximum 255 Mode Interface configuration XSR config if xx Example The following example shows a serial interface belonging to two di...

Страница 440: ...if interface dialer 0 XSR config if D0 dialer string 9055559988 class XXX dialer wait for carrier time interface configuration This command configures the time a dialer interface waits for a carrier s...

Страница 441: ...of the dialer map class TEST on Dialer port 57 XSR config if D57 interface dialer 57 XSR config if D57 ip address 196 16 25 1 255 255 255 0 XSR config if D57 encapsulation ppp XSR config if D57 dialer...

Страница 442: ...ings XSR config interface dialer 200 XSR config if D200 ip address 200 17 10 5 255 255 255 0 XSR config if D200 encapsulation ppp XSR config if D200 authentication chap XSR config if D200 no shutdown...

Страница 443: ...name Default None no class name Mode Global configuration XSR config Next Mode Map Class Dialer configuration XSR config map class xx Example The example below specifies a 90 second wait time for the...

Страница 444: ...ATX3 Dialer Interface Clear and Show Commands clear dialer This command clears dialer statistics for physical interfaces connected to the dialer interfaces If the interface is not specified all inter...

Страница 445: ...r maps Mode EXEC XSR Sample Output The following is sample output from the show dialer maps command Dialer maps configured on Interface Dialer1 Next hop IP address 10 10 10 2 Remote host robo2 Map cla...

Страница 446: ...01 3100 Serial 2 0 30 0003 Dialer1 Incoming CONNECTED 001 Serial 2 0 12 0004 Dialer0 On Demand WAITING 000 2600 D Serial 1 0 0 Parameter Descriptions ID Dial session ID number node wide and unique Ran...

Страница 447: ...following example provides a 10 second delay in activating the secondary line and a 20 second delay in deactivating the secondary line when the primary serial line goes up and down XSR config interfa...

Страница 448: ...wn XSR config interface dialer 57 XSR config if D57 dialer pool 1 XSR config if D57 dialer redial attempts 3 forever XSR config if D57 dialer string 67921 XSR config if D57 encapsulation ppp XSR confi...

Страница 449: ...interface and once its time range is specified the backup dialer port can be enabled and disabled Syntax backup time range start time end time Syntax of the no Form The no form of this command disable...

Страница 450: ...DN channels 25 Free pool serial ports 0 Neighbor Dial String Success Failures Map Class 3100 1 0 Active links MLPPP group 1 to 10 10 10 2 5 DOD BOD Commands The XSR supports the following Dial on Dema...

Страница 451: ...List ACL Because IP is the sole protocol supported at this time an ACL must be specified using the dial list command Syntax dialer list dialer group protocol protocol name list access list number Synt...

Страница 452: ...ler 1 XSR config if D1 dialer called 12345 6789 dialer caller This command configures caller ID screening with an option providing ISDN callback The XSR will accept calls from a specified phone number...

Страница 453: ...er is based on outbound traffic only Syntax dialer idle timeout seconds Syntax of the no Form Use the no form of this command to reset the idle timeout to the default no dialer idle timeout Mode Diale...

Страница 454: ...l next hop address name hostname class map class spc speed 56 64 broadcast dial string isdn subaddress Mode Dialer Interface configuration XSR config if Dx Default Speed 64 kbps protocol Protocol keyw...

Страница 455: ...nfiguration XSR config if Dx Default 1 second Example The following example configures Dialer interface 57 to be persistent for two minutes XSR config interface dialer 57 XSR config if D57 dialer pers...

Страница 456: ...emote name username Mode Dialer Interface configuration XSR config if Dx Example The following example sets the authentication name for the remote router on Dialer interface 7 XSR config interface dia...

Страница 457: ...nitored Use this command with the dialer watch group interface configuration command The number of the group list must match the group number Syntax dialer watch list group number delay route check in...

Страница 458: ...us is SPOOFING Dial stats wait for carrier 60s redial attempts 3 redial interval 10s address mask IP address mask to be applied to the list initial delay The delay interval between the time when a new...

Страница 459: ...ailable B channels 30 serial ports 0 Watch group stats watch group 1 rt cnt 1 trigg cnt 1 state is UP delays init 10 connect 3 disconnect 3 time range 10 15 11 15 timer expires in 18h 32m 28s watch gr...

Страница 460: ...Dialer Watch Commands 10 106 Configuring the Dialer Interface...

Страница 461: ...tion Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with...

Страница 462: ...sing and or accepting the call The verification proceeds from right to left for the called party number it also proceeds from right to left for the sub address number You can configure the called part...

Страница 463: ...ures an ISDN PRI interface to choose an outgoing call in either ascending or descending order The XSR selects the lowest or highest available B channel starting at either channel B1 ascending or chann...

Страница 464: ...nected after 30 seconds Syntax isdn call c p board slot port dialing string 56 64 Mode Privileged EXEC XSR Example The following example initiates an ISDN call on BRI port 2 1 at 56 kbps XSR isdn call...

Страница 465: ...mber 5088781234 isdn disconnect This command is used for debugging purposes to test ISDN connectivity It sets up an ISDN data call to test call setup procedures with a Central Office ISDN switch or te...

Страница 466: ...SPID and LDN for the B1 channel XSR config if BRI 2 1 isdn spid1 508876123401 5088761234 isdn switch type BRI PRI This command sets the central office switch type for the ISDN port and triggers the cr...

Страница 467: ...J1 primary ntt Mode BRI PRI Interface configuration XSR config if BRI PRI xx Note This command is valid only after the pri group command was issued basic dms100 North America legacy ISDN switch basic...

Страница 468: ...d once for speeds equal to and higher then 112 as both B channels are bound to the created serial interface For 56 and 64 bps speeds the command can be issued twice to create individual serial interfa...

Страница 469: ...1 1 at 112 kbps with Frame Relay encapsulation XSR config interface bri 1 1 XSR config if BRI 1 1 leased line 112 XSR config interface bri 0 1 2 1 XSR config if BRI 1 2 1 ip address 1 1 1 3 255 255 25...

Страница 470: ...debug isdn command or terminating the Telnet or Console session Optionally you can set a limit of up to 9999 messages which will display at the CLI after which the debug session will end If the limit...

Страница 471: ...Tracing show controllers bri This command displays physical line data concerning Basic Rate Interface BRI sub interfaces Syntax show controllers bri board slot port channel number Mode Privileged EXEC...

Страница 472: ...fd200 RxDRIdx 0 RxBuffSize 1728 RxBuffOffset 160 2 CmdStsLen 0x80000000 pBuf 0x21e146e0 1 CmdStsLen 0xa0000000 pBuf 0x21e14da0 0 CmdStsLen 0x80000000 pBuf 0x21e11e60 1 CmdStsLen 0x80000000 pBuf 0x21e1...

Страница 473: ...r 1 DOWN Layer 2 DOWN State OFFLINE Admin Up Oper Down Term 1 Spid 2200555 State OFFLINE Cause 000 Term 2 Spid 2201555 State OFFLINE Cause 000 Total Length 257 The name of this device is bri1 1 0 The...

Страница 474: ...0 The card is 2 The port is 1 The channel is 0 The current MTU is 1506 The device is in polling mode and is INACTIVE The channel is logically INACTIVE The operational state is OPER_DOWN The protocol...

Страница 475: ...06 21 07 906 016 2100 BRI 1 0 1 OUTGOING 06 21 03 719 06 21 07 906 016 2100 The following output displays incoming call data for PRI interface 2 0 and sub interfaces 23 30 XSR show isdn history 2 0 I...

Страница 476: ...lot and port numbers Call Type Type of call INCOMING for incoming OUTGOING for outgoing or when call direction cannot be determined Calling or Called Phone Number for outgoing call displays 10 leastsi...

Страница 477: ...dn service 1 0 BRI ISDN Service ISDN BRI 1 0 Layer 1 UP Layer 2 UP State ONLINE Admin Up Oper Up Ch No State Ch No State Ch No State Ch No State Ch No State 1 IDLE 2 IDLE The following example shows o...

Страница 478: ...DN Debug and Show Commands 11 100 ISDN BRI and PRI Commands 20 CONNECTED 21 CONNECTED 22 CONNECTED 23 CONNECTED 24 CONNECTED 25 CONNECTED 26 CONNECTED 27 CONNECTED 28 CONNECTED 29 CONNECTED 30 CONNECT...

Страница 479: ...ameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vertical bar indicate a choice of a required value x y z Combination of square brackets with braces...

Страница 480: ...and are bandwidth Specifies the bandwidth allocated for a class belonging to a policy map Go to page 12 86 for the command definition class Specifies the criteria for classifying traffic Go to page 12...

Страница 481: ...h criteria are defined in a class map Invoking the policy map command enables QoS Policy Map configuration mode in which you can configure or modify the class policies for that policy map You can conf...

Страница 482: ...pecified for that class over the available link bandwidth The available link bandwidth is equal to the interface bandwidth minus the sum of all bandwidth reserved for low latency queues When configure...

Страница 483: ...nge This also allows you to enter QoS policy map configuration mode After you specify a policy map you can configure policy for new classes or modify policy for any existing classes in that policy map...

Страница 484: ...th for this class in the event of congestion RED drops up to one out of three packets when the average queue size becomes bigger than 34 and drops each packet if it becomes bigger than 57 RED packet d...

Страница 485: ...han 1000 bytes burst normal will be set to 1000 bytes burst max Excess burst size ranging from 1 000 to 51 2000 000 bytes Value must be greater than or equal to normal burst size It will automatically...

Страница 486: ...d Fair Queueing CBWFQ Strict PQ allows delay sensitive data such as voice to be de queued and sent before packets in other queues are dequeued The burst argument specifies the burst size and as such c...

Страница 487: ...CBWFQ creates a queue for every class for which a class map is defined Packets satisfying the match criteria for a class accumulate in the queue reserved for the class until they are sent which occurs...

Страница 488: ...res mark prob Syntax of the no Form The no form of this command disable RED on an interface no random detect Mode Policy Map Class configuration XSR config pmap c xx Defaults Disabled Mark prob 10 Exa...

Страница 489: ...fig policy map DSCP XSR config pmap DSCP class A XSR config pmap c a random detect dscp based random detect dscp This command changes the Weighted Random Early Detect WRED minimum and maximum threshol...

Страница 490: ...gth ranging from 1 to 4096 beyond which the XSR randomly drops packets max thres Maximum limit of average packet queue length ranging from 1 to 4096 beyond which all packets are dropped mark prob Mark...

Страница 491: ...ponential weighting constant This command configures the Weighted Random Early Detect WRED exponential weight factor for the average queue size calculation The weight constant is expressed as a power...

Страница 492: ...a MinTh 1 2 precvalue 16 x MaxTh To change the default setting use the random detect precedence default command By doing so all IP precedence will share the same values except those which were explici...

Страница 493: ...nfig pmap c a random detect prec based XSR config pmap c a random detect precedence default 10 20 set cos This command marks the IEEE 802 1 priority in the header of output VLAN packets with a Class o...

Страница 494: ...speed up handling for high precedence traffic at congestion points Syntax set ip dscp ip dscp value Note You cannot mark a packet by the IP precedence with the set ip precedence command and mark the...

Страница 495: ...n of CBWFQ or RED at points downstream in the network Typically you set IP Precedence at the edge of the network or administrative domain data then is queued based on the precedence CBWFQ can speed up...

Страница 496: ...e and is calculated from the rate and the default measurement interval of 10 milliseconds Burst equals rate multiplied by 10 milliseconds divided by 1000 In order to sustain the average rate the norma...

Страница 497: ...Point DSCP value as a match criterion Go to page 12 103 for the command definition match ip precedence identifies IP precedence values as match criteria Go to page 12 104 for the command definition Sy...

Страница 498: ...ch criteria against which packets are checked to determine if they belong to the class set by the class map To use the match access group command you must first enter the class map command to specify...

Страница 499: ...ng example example configures classmap matchCos5To7 that matches input priority values from 5 to 7 XSR config class map matchCos5To7 XSR config cmap matchCos5To7 match cos 5 6 7 match ip dscp This com...

Страница 500: ...R config interface fastethernet 1 XSR config if F1 service policy output priority55 match ip precedence This command identifies IP precedence values as match criteria Up to 4 precedence values can be...

Страница 501: ...pprec5 XSR config cmap ipprec5 match ip precedence 5 XSR config policy map priority50 XSR config pmap priority50 class ipprec5 XSR config pmap c ipprec5 priority high 50 XSR config interface fastether...

Страница 502: ...Privileged EXEC or Global configuration XSR XSR or XSR config Sample Output This example displays the contents of the service policy map called po1 XSR show policy map po1 Policy Map po1 CLass c1 Weig...

Страница 503: ...ion XSR or XSR config Sample Output The following example shows policy map mypolicy attached to DLCI 100 on Serial interface 1 0 Policy is applied simultaneously to input and output traffic Input poli...

Страница 504: ...dwidth 300 kbps Actual bandwidth 0 kbps Max Qsize 64 Qsize 32 Tail drops 223 Tx NoBuff Error 3321 22 0 Class class default Weighted Fair Queuing Bandwidth 436 kbps Actual bandwidth 0 kbps Max Qsize 64...

Страница 505: ...2 XSR show random detect interface serial 1 0 0 Serial 1 0 0 output Shape output Shape Class d32 Weighted Random detect Avg Qsize 5 Total Random Drops 2223 Tail drops Sum of packets dropped by Tail Dr...

Страница 506: ...2 5 20 0 0 15 2 5 20 0 0 16 2 5 20 0 0 17 2 5 20 0 0 18 2 5 20 0 0 19 2 5 20 0 0 20 2 5 20 0 0 21 2 5 20 0 0 22 2 5 20 0 0 23 2 5 20 0 0 24 2 5 20 0 0 25 2 5 20 0 0 26 2 5 20 0 0 27 2 5 20 0 0 28 2 5...

Страница 507: ...vileged EXEC or Global configuration XSR or XSR config Average Queue size Average output queue size for this interface Total Random Drops Sum of packets dropped for all DSCP codepoint Min th Minimum t...

Страница 508: ...wing is sample output displays shape information for classes d32 and d33 XSR show shape interface serial 1 0 0 Serial 0 1 0 0 output Shape Serial 0 1 1 1 output Shape Class d32 Traffic shaping Average...

Страница 509: ...rsonnel only This command requires that the ADSL NIM be installed and the DSP firmware file be present in the Flash directory Convention Description xyz Key word or mandatory parameters bold x Square...

Страница 510: ...command requires that the ADSL NIM be installed and the DSP firmware file be present in the Flash directory Syntax cmv clear Mode ATM Interface configuration XSR config if ATMxx Example The following...

Страница 511: ...ATMxx Example The following example writes UOPT 2 with a hex value to the DSP XSR config if ATM0 1 1 cmv cw UOPT 2 0x0c0e1014 cmv delete This command deletes the specified Command Management Variable...

Страница 512: ...d the DSP firmware file be present in the Flash directory Syntax cmv print Mode ATM Interface configuration XSR config if ATMxx Example The following example prints the CMV training list to the consol...

Страница 513: ...stalled and the DSP firmware file be present in the Flash directory Syntax description description_text Syntax of the no Form The no form of this command sets the description text to an empty string n...

Страница 514: ...n ATM interface on slot 0 card 1 port 1 XSR config interface atm 0 1 1 XSR config if ATM0 1 1 interface atm sub interface This command creates an ATM sub interface object and associates it with its AT...

Страница 515: ...94 for the command description oam pvc enables end to end F5 circuit OAM cell procedures for ATM Permanent Virtual Circuit PVC management Refer to page 13 95 for the command description oam retry conf...

Страница 516: ...ires a properly configured ATM sub interface and Dialer group Syntax backup delay down wait up wait never interface dialer id time range begin hh mm end hh mm Syntax of the no Form The no form of this...

Страница 517: ...erly configured ATM sub interface Syntax crypto ezipsec ipsec df bit clear copy set map map name Syntax of the no Form This command s no disables the specified DF bit setting no crypto ezipsec ipsec d...

Страница 518: ...1 32 encapsulation This command selects the data encapsulation method for this ATM sub interface Be aware that an encapsulation method must be selected before the sub interface can pass data Syntax en...

Страница 519: ...lexing and PPPoA encapsulated traffic XSR config if ATM0 1 0 1 encapsulation snap pppoa exit This command quits the ATM Sub Interface mode and returns to Global mode Syntax exit Mode ATM Sub Interface...

Страница 520: ...sets the ATM sub interface to the administrative Up state no shutdown and enables the virtual circuit The associated ATM interface must be in the administrative Up state no shutdown before a no shutd...

Страница 521: ...a problem in the local node XSR as well as in response to any AIS cells received The loopback cells monitor and declare the circuit up or down as follows The circuit is UP immediately after line trai...

Страница 522: ...ettings apply only when OAM management has been enabled with the oam pvc command Example This example sets the up count to 5 the down count to 8 and the retry frequency to 2 seconds XSR config if ATM0...

Страница 523: ...type to PVC and sets the ATM VPI VCI values to 2 48 XSR config if ATM0 1 0 1 pvc 2 48 shutdown This command sets the ATM sub interface to the administrative Down state halting all data traffic on thi...

Страница 524: ...down operation Depending on the size of the DSP firmware and characteristics of the download process this operation may take a noticeable length of time Syntax no shutdown Mode ATM Interface configura...

Страница 525: ...pwd refuse Syntax of the no Form The no form of this command returns this parameter to its default setting no ppp chap Mode ATM Sub Interface configuration XSR config if ATMx x x x Default Disabled E...

Страница 526: ...LCP parameters for PPP It requires a properly configured ATM sub interface specifying encapsulation type PPPoA or PPPoE Syntax ppp lcp max configure count1 max failure count2 max terminate count3 Syn...

Страница 527: ...rameter to its default setting no ppp max bad auth Mode ATM Sub Interface configuration XSR config if ATMx x x x Default Default number of attempts 0 Example The following example resets the command p...

Страница 528: ...ty for PPP which is a measure of the amount of data successfully passed over the link The minimum quality value is specified as a percentage of the total data sent This command requires a properly con...

Страница 529: ...TM Sub Interface configuration XSR config if ATMx x x x Default 3 seconds Example This example resets the maximum wait time for a response during PPP negotiation to 12 seconds XSR config if ATM0 1 0 1...

Страница 530: ...d XSR show controllers atm 1 0 ATM Controller Stats ATM 1 0 DSP Image File CFlash adsl fls DSP File Rev 1 0 0 1 DSP Image Rev 43e2ea93 Attenuation 43 0 db SNR Margin 6 db CRC Errors 0 DMT state 42 OAM...

Страница 531: ...nt 987 Rx PacketDiscardCount 18 Rx MuxHeaderError 0 Rx SnapHeaderError 0 Rx PPPoEethTypeError 0 Rx PPPoEethTypeARP 6 Rx PPPoEethTypeIP 12 Rx PPPoEethTypeRARP 0 Tx PacketTotalCount 952 Tx PacketDiscard...

Страница 532: ...nsmit attempts due to the driver returning an unknown error status Rx PacketTotalCount Sum of packets received Rx PacketDiscardCount Sum of packets received that were discarded because of an error Rx...

Страница 533: ...d Operational state Up Down Loopback on DSP firmware Backup interface Description string When you issue the command to display sub interface statistics the output returned includes VPI VCI IP address...

Страница 534: ...tus 1 ifLastChange 00 02 34 ifInOctets 2950 ifInUcastPkts 47 ifInNUcastPkts 0 ifInDiscards 0 ifInErrors 0 ifInUnknownProtos 0 ifOutOctets 5088 ifOutUcastPkts 48 ifOutNUcastPkts 0 ifOutDiscards 0 ifOut...

Страница 535: ...tPkts 0 ifInDiscards 0 ifInErrors 0 ifInUnknownProtos 0 ifOutOctets 37728 ifOutUcastPkts 388 ifOutNUcastPkts 0 ifOutDiscards 0 ifOutErrors 0 ifOutQLen 100 Parameters in the Interface Response ATM 1 0...

Страница 536: ...alarm state of the circuit AIS or RDI ATM 1 0 1 is Admin Up Oper Up Administrative state Admin Up or Admin Down Operational state Oper Up or Oper Down Internet address is 30 0 0 11 subnet mask is 255...

Страница 537: ...ands on page 14 108 Convention Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice o...

Страница 538: ...require a particular CA name such as its domain name Performing this command acquires CA Identity mode where you can specify CA characteristics with the following sub commands crl frequency Specifies...

Страница 539: ...tes when CRLs are not obtainable XSR config crypto ca identity ACMEca XSR ca identity enrollment url http AAA_ca coldstorage scripts exe XSR ca identity query url ldap serverx XSR ca identity enrollme...

Страница 540: ...rity Identity configuration XSR ca identity Example The following example sets the HTTP proxy server IP address and port XSR config crypto ca identity ACMEca XSR ca identity enrollment http proxy 192...

Страница 541: ...first 10 minutes x 60 tries 600 minutes 10 hours XSR config crypto ca identity ACMEca XSR ca identity enrollment url http ca_server XSR ca identity enrollment retry period 10 XSR ca identity enrollmen...

Страница 542: ...XSR config crypto ca identity CAserver XSR ca identity enrollment url http ParentCA domain com certsrv mscep mscep dll crypto ca enroll This command enrolls a certificate for the XSR with the specifie...

Страница 543: ...ved in the configuration Please make a note of it Password Re enter password Include the router serial number in the subject name y n y The serial number in the certificate will be 3526015000250142 Re...

Страница 544: ...ity childca1 Enrollment Information Retry Period 5 minutes Retry Count 3 Crl Frequency 60 minutes CA Identity ldapca Enrollment Information URL http 1 1 1 10 certsrv mscep mscep dll Retry Period 5 min...

Страница 545: ...upply the challenge password you created when you first got the certificates with crypto ca enroll Remove the XSR s certificates from the configuration using the certificate command Syntax crypto ca c...

Страница 546: ...command displays data about Certificate Revocation Lists CRL issued by a Certificate Authority CA Syntax show crypto ca crls Mode EXEC or Global configuration XSR or XSR config Sample Output The foll...

Страница 547: ...authenticate command Syntax show crypto ca certificates Mode EXEC or Global configuration XSR or XSR config Example The following sample output shows two XSRs certificates and the CA s certificate In...

Страница 548: ...ge Encryption IKE Security Protocol Commands The following commands configure the Internet Key Exchange IKE Security Protocol on the XSR clear crypto isakmp This command clears one or all active Inter...

Страница 549: ...thm used by an IKE proposal Refer to page 14 98 for the command definition lifetime SA interval used by an IKE proposal Refer to page 14 99 for the command definition Many IKE proposals policies can b...

Страница 550: ...tion Encrypt Integrity Group Lifetime 57 RSASignature DES HMAC MD5 Modp1024 5000 99 PreSharedKeys DES HMAC SHA Modp768 10000 DEFAULT RSASignature DES HMAC SHA Modp768 86400 authentication This command...

Страница 551: ...es 3DES as the encryption method for the IKE proposal ACMEproposal XSR config crypto isakmp proposal ACMEproposal XSR config isakmp encryption 3des group This command sets the Diffie Hellman group in...

Страница 552: ...proposal XSR config isakmp Group5 hash This command sets the hash algorithm used in an IKE proposal policy Syntax hash sha md5 Syntax of the no Form The no form this command resets to the default sha...

Страница 553: ...gures the remote peer s IP address and or subnet and acquires ISAKMP configuration mode The following sub commands can be entered at ISAKMP Peer mode config mode sets the local IKE Mode configuration...

Страница 554: ...lemented by many vendors allows a gateway to download an IP address and other network level configuration to the client as part of IKE negotiation Using this exchange the gateway gives IP addresses to...

Страница 555: ...fig isakmp peer Example The following example configures the IKE mode to main XSR config crypto isakmp peer 192 168 57 9 255 255 255 255 Notes It is useful to specify a user ID instead of an IP addres...

Страница 556: ...ckets on or off respectively Syntax nat traversal automatic enabled disabled Syntax of the no Form The no form of this command resets the default value no nat traversal Default Disabled Mode Remote Pe...

Страница 557: ...whose IP address is dynamic If you specify no ID the IP address will be used by default But in that case you will have to re configure with a new entry in the aaa user database both ends of the tunnel...

Страница 558: ...put from the command XSR show crypto isakmp peer Applicable Subnet Exch Mode Config Mode NAT User ID Proposals 192 168 57 4 2 Main Client Off p1 NONE 192 168 57 9 32 Main Disabled Off NONE The followi...

Страница 559: ...Modp1024 28800 ez ike 3des md5 psk PreSharedKeys 3DES HMAC MD5 Modp1024 28800 ez ike 3des sha rsa RSASignature 3DES HMAC SHA Modp1024 28800 ez ike 3des md5 rsa RSASignature 3DES HMAC MD5 Modp1024 288...

Страница 560: ...ws when processing IKE negotiation from the IPSec peer negotiation is done only for ipsec isakmp crypto map entries In order to be accepted if the peer initiates IPSec negotiation it must specify a da...

Страница 561: ...m being protected by IPSec in the contextof a particular crypto map entry it does not allow the policy as set in crypto map statements to be applied to this traffic permit Causes all IP traffic that m...

Страница 562: ...eer name clear crypto sa map map name clear crypto sa counters Default If peer map or counters keywords are not used all IPSec SAs are deleted Mode Privileged EXEC XSR Example The following example cl...

Страница 563: ...ey master generate remove specify Mode Global configuration XSR config number Access list number defined using the access list command log update threshold Packet ceiling when met will trigger violati...

Страница 564: ...lects encapsulation type tunnel or transport for a transform set Refer to page 14 112 for the command definition set peer Specifies peer s IP address Refer to page 14 113 for the command definition se...

Страница 565: ...map map name seq num ipsec isakmp Syntax of the no Form To delete a crypto map entry use the no form of this command no crypto map map name seq num Mode Global configuration XSR config Next Mode Crypt...

Страница 566: ...mode This command selects one of two IPSec defined encapsulation modes tunnel or transport for a transform set Tunnel mode the default typically is used with VPNs because the entire private network pa...

Страница 567: ...matches a crypto map entry a tunnel is opened to the peer specified by this command Syntax set peer ip address Syntax of the no Form To remove an IPSec peer from a crypto map entry use the no form of...

Страница 568: ...a single crypto map ACL permit entry will share the same SA Mode Crypto Map configuration XSR config crypto m Example The following example sets the SA request on a per host basis XSR config crypto m...

Страница 569: ...available in this mode set pfs Specifies that IPSec should ask for PFS when seeking new SAs for this crypto map entry or that IPSec requires PFS when getting requests for new SAs Refer to page 14 116...

Страница 570: ...security condition under which there is confidence that the compromise of a session s key will not lead to easier compromise of the key used in the next session after the key is refreshed When PFS is...

Страница 571: ...ew keys are generated and traffic continues to be passed using new keys Syntax set security association lifetime seconds seconds kilobytes kilobytes Syntax of the no Form The no form of this command d...

Страница 572: ...is sample output when NAT is present between the crypto endpoints Note that UDP Encaps displays indicating that encapsulation is enabled with a NAT present 10 2 1 10 32 UDP 1701 10 2 1 34 32 UDP 1701...

Страница 573: ...ESP AH AH IPCOMP ez esp 3des sha pfs Modp768 3DES HMAC SHA None None ez esp 3des sha no pfs Disabled 3DES HMAC SHA None None ez esp 3des md5 pfs Modp768 3DES HMAC MD5 None None ez esp 3des md5 no pfs...

Страница 574: ...4 196 87 ez esp 3des sha pfs ez esp 3des md5 pfs ez esp aes sha pfs ez esp aes md5 pfs ez esp 3des sha no pfs ez esp 3des md5 no pfs ez esp aes sha no pfs ez esp aes md5 no pfs n03 n03 Process Tunnel...

Страница 575: ...rypto map map name Syntax of the no Form Delete a crypto map from the interface with the no form of this command no crypto map map name Mode Interface configuration XSR config if xx Next Mode Crypto M...

Страница 576: ...to maps may be attached to other network interfaces EZ IPSec parameters cannot be changed but can be supplemented with custom values Syntax crypto ezipsec Syntax of the no Form no crypto ezipsec Defau...

Страница 577: ...e associated with a specific network interface or require creation of virtual network interfaces that represent tunnels This section defines the VPN related subcommands provided by the interface vpn c...

Страница 578: ...OS bits during the encapsulation decapsulation process It can be applied to a VPN interface or inserted in the crypto isamp peer command When applied the command copies the TOS byte from the inner to...

Страница 579: ...fig tms tunnel set protocol gre XSR config tms tunnel set peer 10 10 10 2 XSR config tms tunnel set active XSR config tms tunnel no shutdown description This commands describes a VPN interface and any...

Страница 580: ...nd of an unnumbered tunnel The command is useful because native IPSec tunnels attached to VPN interfaces will not easily forward multicast traffic without substantial crypto map configuration Multicas...

Страница 581: ...xample The following example attaches service policy VPNpolicy to VPN output interface 1 XSR config interface vpn 1 XSR config int vpn service policy output VPNpolicy Tunnel Commands tunnel This sub c...

Страница 582: ...he no Form The no form of this command deletes the tunnel no tunnel tunnel name Mode Interface Internet Protocol configuration XSR config int vpn Next Mode Tunnel configuration XSR config tms tunnel E...

Страница 583: ...rval retries A B C D Syntax of the no Form The no form of this command disables the heartbeat no set heartbeat Defaults Interval 6 seconds Retries 3 Mode Tunnel configuration XSR config tms tunnel Exa...

Страница 584: ...that create a Client or Network Extension mode site to site tunnel Client mode creates NAT on the VPN interface to hide the addresses of the trusted network attached to F1 IPSec security policy encry...

Страница 585: ...user s identity when connecting to a peer It invokes EZ IPSec by applying the credentials password and or certificate used during tunnel creation obtained from the AAA subsystem An EZ IPSec tunnel use...

Страница 586: ...D Mode Privileged EXEC XSR Example The following example terminates tunnel 40000001 XSR clear tunnel 40000001 show tunnels This command lists all tunnels currently connected to the XSR Syntax show tun...

Страница 587: ...HAPv2 Packets In Out 0000000088 0000000027 Errors In Out 0000000000 0000000000 Discards In Out 0000000000 0000000000 Parameter Description VPN Interface VPN port number to which the client is connecte...

Страница 588: ...l name Mode Global configuration XSR config Next Mode IP Local Pool configuration XSR ip local pool Example The following example creates a local IP address pool named marketing which contains all IP...

Страница 589: ...sses between 192 168 57 100 and 192 168 57 110 from local pool HQ XSR config ip local pool HQ 192 168 57 0 255 255 255 0 XSR ip local pool exclude 192 168 57 100 10 The following example negates the e...

Страница 590: ...0 255 0 0 1 ddd 1 2 3 4 255 255 255 255 1 0 0 0 test 192 168 57 1 255 255 255 255 1 0 0 0 test1 192 168 57 252 255 255 255 255 1 0 0 0 test3 192 168 58 0 255 255 255 0 246 0 10 0 The following output...

Страница 591: ...when you can transmit packets larger than the available MTU size or you do not know the available MTU size Syntax crypto ipsec df bit clear set copy Pool Name of the IP pool Subnet Mask of the IP poo...

Страница 592: ...e or you do not know the available MTU size Syntax crypto ipsec df bit clear set copy Defaults Disabled Copy setting Mode Interface configuration XSR config if xx Example The following example sets th...

Страница 593: ...Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square brackets with vertical bar indicate a choice of values x y z Braces with vert...

Страница 594: ...ass to different DHCP pools in not permitted For example you cannot add client class marketing to both pool1 and pool2 Syntax client class name Syntax of the no Form Use the no form of this command to...

Страница 595: ...0100 01f4 0127 10 cannot be added to both pool1 and pool2 Syntax client identifier identifier client class name Syntax of the no Form Use the no form of this command to delete the client identifier n...

Страница 596: ...ool client class eng XSR config dhcp class client identifier 0100 01f4 0127 10 client name This command specifies the name of a DHCP client The client name should not include the domain name The comma...

Страница 597: ...mmand should be used from the proper mode If it is specified from multiple modes an override mechanism chooses the innermost config value with host as innermost then client class and pool as the most...

Страница 598: ...config dhcp pool client class eng XSR config dhcp class default router 14 12 1 99 dns server This command specifies the DNS IP servers available to a DHCP client It is available from DHCP pool host o...

Страница 599: ...nfiguration inheritance the command should be used from the proper mode If it is specified from multiple modes an override mechanism chooses the innermost config value with host as innermost then clie...

Страница 600: ...guration XSR config dhcp pool DHCP host configuration XSR config dhcp host DHCP client class configuration XSR config dhcp class Next Mode When this command is entered from DHCP pool configuration sub...

Страница 601: ...ss and network mask for a manual binding to a DHCP client By default the DHCP server will examine its defined IP address pools if the mask and prefix length are unspecified If no mask is specified in...

Страница 602: ...g dhcp class host 15 12 1 99 255 255 248 0 ip address dhcp This command configures an interface as a DHCP Client An Ethernet interface can be configured to use DHCP Client to acquire an IP address as...

Страница 603: ...is not in use and assigns the address to the requesting client Setting the number argument to a value of 0 turns off the DHCP server ping operation completely Syntax ip dhcp ping packets number Syntax...

Страница 604: ...gures a DHCP server IP address pool The XSR supports adding 1000 network addresses per pool and one DHCP pool per network Class B or higher subnet masks are supported Syntax ip dhcp pool name Syntax o...

Страница 605: ...Server can be enabled on a FastEthernet GigabitEthernet primary interface and VLAN sub interface Secondary interface assignment is not supported Syntax ip dhcp server Syntax of the no Form Use the no...

Страница 606: ...no Form Use the no form of this command to delete an IP address from the pool no ip local pool pool name Default No address pools are configured Mode Global configuration XSR config Next Mode IP Local...

Страница 607: ...92 168 57 100 and 192 168 57 110 from local pool HQ XSR config ip local pool HQ 192 168 57 0 255 255 255 0 XSR ip local pool exclude 192 168 57 100 10 The following example negates the exclusion of IP...

Страница 608: ...override mechanism chooses the innermost config value with client class as innermost then pool as most general Syntax lease days hours minutes infinite Syntax of the no Form Use the no form of this co...

Страница 609: ...ass Example The following example specifies the IP address of a NetBIOS name server available to a Microsoft DHCP client in the subnet XSR config dhcp pool netbios name server 13 12 1 90 The following...

Страница 610: ...CP host configuration XSR config dhcp host DHCP client class configuration XSR config dhcp class Example This example sets NetBIOS name server type as hybrid for a Microsoft DHCP client in the subnet...

Страница 611: ...data to hosts on a TCP IP network Configuration values and other control data are carried in tagged data items stored in the options field of the DHCP message The data items are also called options o...

Страница 612: ...Table 15 1 XSR Supported DHCP Options Protocol Name Category Type Default Description 0 Pad Causes subsequent fields to align on word boundaries Length 1 octet 1 Subnet Mask Basic Address Mask See des...

Страница 613: ...der of preference Length 4 octet minimum multiples of 4 12 Host Name Basic ASCII string Name of the client which will or will not be qualified with the local domain name See RFC 1035 for character set...

Страница 614: ...use when performing Path MTU Discovery RFC 1191 It is ordered from smallest to largest Length 2 octet minimum multiples of 2 Value 68 minimum 26 Interface MTU Interface 16 bit hex integer s 576 Maximu...

Страница 615: ...terface 8 bit integer 0 60 Default TTL a client will use when sending TCP segments Length 1 octet expressed in hex Value minimum 1 38 TCP Keepalive Interval Interface 32 bit hex integer 0 keep alives...

Страница 616: ...ow System Display Manager and are available to a client List addresses in order of preference Length 4 octet minimum multiples of 4 50 Requested IP Address IP address Used in a client request DHCPDISC...

Страница 617: ...equested order but must try to insert the requested options in the order requested by the client Length 1 octet minimum 56 Message String Used by a DHCP server to print an error message to a DHCP clie...

Страница 618: ...NNTP servers available to a client List in order of preference Length 4 octet minimum multiples of 4 72 Default WWW Server Servers IP address list WWW servers available to a client List in order of p...

Страница 619: ...HCP option 72 which specifies World Wide Web WWW servers for DHCP clients Two WWW server addresses are configured in the following example XSR config dhcp pool option 72 ip 168 24 3 252 168 24 3 253 T...

Страница 620: ...ion 35 hex 93A8 The following example sets DHCP option 14 specifying the pathname where a DHCP client s core image will be placed if the client crashes XSR config dhcp pool option 14 ascii c dump path...

Страница 621: ...ation XSR config Example The example below enables DHCP services on interface FastEthernet 1 XSR config service dhcp fastethernet 1 DHCP Clear and Show Commands clear ip dhcp binding This command dele...

Страница 622: ...eged EXEC XSR Example The following example resets all DHCP counters to zero XSR clear ip DHCP server statistics show dhcp lease This command displays DHCP Client information Syntax show dhcp lease Mo...

Страница 623: ...sr show interface FastEthernet 1 is Admin Up Internet address is 172 16 1 1 subnet mask is 255 255 255 0 Temp IP addr IP address assigned via DHCP to the client from the server Temp sub net mask Subne...

Страница 624: ...XSR show ip dhcp binding 168 16 22 254 IP address Hardware address Lease expiration Type ACT 168 16 3 254 02c7 f800 0423 Infinite Manual N The following example displays the lease expiration in local...

Страница 625: ...erver statistics Mode Privileged EXEC or Global configuration XSR or XSR config Example The following example displays DHCP server statistics XSR show ip DHCP server statistics Database agents 1 Memor...

Страница 626: ...ts Sum of database agents entered in the DHCP database Automatic bindings Sum of IP addresses automatically mapped to the Ethernet MAC addresses of hosts found in the DHCP database Manual bindings Sum...

Страница 627: ...e Commands on page 16 129 Firewall Show Commands on page 16 133 Convention Description xyz Key word or mandatory parameters bold x Square brackets indicate an optional parameter italic x y z Square br...

Страница 628: ...ions defined by an ACL with ip access group command Syntax access list list insert replace entry deny permit protocol log srcIpAddr srcWildCardBits qualifier source port host srcIpAddr any range min s...

Страница 629: ...range min sport Lowest port number from 0 to 65535 Combine with max sport max sport Highest port number from 0 to 65535 Normally greater than min sport but if less than min values are swapped dstIPAd...

Страница 630: ...2 The following example moves entries 16 18 within an ACL to the beginning of the list XSR config access list 101 move 1 16 18 The example below moves entries 16 18 from ACL 144 to its beginning XSR c...

Страница 631: ...L to add delete ranging from 1 to 999 destination Position before which entries are to be moved Range 1 999 source1 Sequential number of first ACL entry to move Range 1 999 source2 Sequential number o...

Страница 632: ...d publishes an ACL violations log when a specified number of packets the XSR processes is met ACL violations logging is updated every five minutes so regardless of how you specify this command the fiv...

Страница 633: ...ce IP address validation Syntax hostdos land fragmicmp largeicmp size checkspoof Syntax of the no Form The no form disables the specified security feature no hostdos land fragmicmp largeicmp size chec...

Страница 634: ...e specified access group no ip access group access list number in out Mode Interface configuration XSR config if xx Example The following example as illustrated in Figure 16 1 applies ACL 101 to all i...

Страница 635: ...lists number Mode Privileged EXEC or Global configuration XSR or XSR config Sample Output The following output displays when the command is issued at the Privileged EXEC mode XSR show access lists 101...

Страница 636: ...matches the threshold then the alarm is logged and the count reset Other packets received after the threshold is met will increment the count until the next threshold is met or five minutes have elap...

Страница 637: ...and Accounting AAA commands and command subsets validate and display information about AAA usergroups users and methods on the XSR aaa client AAA Usergroup User Method amd AAA show commands aaa clien...

Страница 638: ...of DNS servers Refer to page 16 95 for the command definition ip pool Links a globally defined pool of IP addresses to the user group Refer to page 16 95 for the command definition pptp encrypt mppe...

Страница 639: ...s XSR config aaa group headquarters XSR aaa group dns server primary 192 168 57 9 ip pool This command links a globally defined pool of IP addresses to the group of users IP pool is defined globally b...

Страница 640: ...added to the interface that will carry PPTP MPPE traffic All Windows clients using MPPE require MS CHAP Syntax pptp encrypt mppe auto 40 128 Syntax of the no Form The no form of this command disables...

Страница 641: ...f you do not later associate this new user with a group it will be added to the DEFAULT AAA group The following sub commands can be configured in AAA User mode group Specifies the group the user belon...

Страница 642: ...XSR aaa user group This command specifies the group the user belongs to Syntax group group name Syntax of the no Form The no form of this command resets a user to the DEFAULT group no group Default Us...

Страница 643: ...IP address from a user profile no ip address Default IP address is not assigned to the user Mode Username configuration XSR aaa user Example This example sets an IP address that will be assignd to re...

Страница 644: ...ssh ppp Syntax of the No Form The no form of this command disables the earlier configured policy no policy vpn telnet console firewall ssh ppp Mode AAA User Group configuration XSR aaa user or XSR aa...

Страница 645: ...command is executed at the Global Mode This command configures the AAA method plug in to be used The following sub commands are available in AAA Method mode acct port Sets the UDP port for accounting...

Страница 646: ...a server Refer to page 16 109 for the command definition timeout Sets the interval the XSR waits for the AAA RADIUS server to reply before retransmitting Refer to page 16 110 for the command definitio...

Страница 647: ...dius sbr default XSR aaa method radius auth port 6000 address This command specifies the address of the RADIUS server with either a host name or IP address It is used for the RADIUS method only Syntax...

Страница 648: ...t fails because the server did not respond it is a failed attempt Syntax attempts number of attempts Syntax of the no Form The no form of this command resets to the default attempts number no attempts...

Страница 649: ...an have a backup method 2 but its backup method 3 cannot back up method 1 Be aware that when the primary RADIUS server fails and AAA switches to the backup use of the primary server will not automatic...

Страница 650: ...the associated client service no client vpn telnet firewall console ssh ppp Mode AAA Method configuration XSR aaa method xx Default VPN access is enabled all other access types are disabled Example Th...

Страница 651: ...nd is available for all AAA methods local RADIUS and PKI The group will be used when a group name is not returned in the RADIUS response Syntax group group name Syntax of the no Form The no form of th...

Страница 652: ...thod radius hash enable key This command specifies the authentication and encryption key used between the XSR and the server daemon running on this RADIUS server The sub command may be a plugin type d...

Страница 653: ...ets to the default value no qtimeout Default 30 seconds Mode AAA Method configuration XSR aaa method xx Example The following example sets the qtimeout to 3 600 seconds XSR aaa method local qtimeout 3...

Страница 654: ...he interval in seconds that the XSR waits for the AAA RADIUS server to reply before retransmitting It is used for the RADIUS method only Syntax timeout seconds Syntax of the no Form The no form of thi...

Страница 655: ...service type s default method assigned via the client sub command in AAA method configuration mode and the AAA service s default method Syntax aaa method method name Syntax of the no Form The no form...

Страница 656: ...tion categories The command s output will be sent to the terminal that most recently requested debug information Also if multiple AAA debug messages are activated all debug data will be sent to the te...

Страница 657: ...aaa group group name Default If a group name is not specified all groups are displayed including the DEFAULT group Mode Privileged EXEC or Global configuration XSR or XSR config Sample Output The foll...

Страница 658: ...es including the group to whom the user belongs and its IP address Syntax show aaa user user name Mode EXEC or Global configuration XSR or XSR config Sample Output The following output is displayed by...

Страница 659: ...Method Name def This method is currently enabled Backup Radius server name is RADbackup Default group name is DEFAULT IP Address is 0 0 0 0 Hash is currently enabled Authentication and encryption key...

Страница 660: ...modes as follows The system level firewall is disabled by default The interface level firewall is enabled by default unless explicitly disabled If the firewall is enabled packet inspection will occur...

Страница 661: ...e alpha numeric characters only A Z upper or lower case 0 9 dash or _ underscore Also all firewall object names including pre defined objects such as ANY_EXTERNAL and user defined object names are cas...

Страница 662: ...ion Syntax ip firewall icmp timeout seconds Syntax of the no Form The no form of this command sets the timeout to the default value no ip firewall icmp timeout Default Timeout 60 seconds Mode Global c...

Страница 663: ...e re established Because the no version of this command is not available in order to undo a recent firewall configuration you must execute no versions of commands which invoke the configuration Option...

Страница 664: ...wall The Firewall has just executed a delayed load command successfully ip firewall logging This command defines logging object parameters that apply to the firewall log operation Logging is cumulativ...

Страница 665: ...ting any internal external network Network objects are referenced by the name within the policy and network group objects Define network objects for internal hosts and networks A name for any firewall...

Страница 666: ...c values ANY_INTERNAL all internal network objects defined and ANY_EXTERNAL all external network objects defined are a convenient option to define a set of network objects Membership in these sets is...

Страница 667: ...packets will not pass through the firewall This eliminates the need to define catch all reject policies in each direction Policies apply to traffic directed at the router as well So policy objects mu...

Страница 668: ...inst the group_name length not to exceed 16 characters This value must match network group name exactly reject Drop all packets matching the policy log Drop all matching packets and log the activity u...

Страница 669: ...rm The no form of this command removes a previously configured redirectURL no ip firewall redirectURL Mode Global configuration XSR config Example The following example redirects a user to the specife...

Страница 670: ...d destination port range and protocol For flexibility port ranges can be specified using qualifiers such as eq lt and gt which are also available for configuring access lists A name for any firewall o...

Страница 671: ...ded in a service group A name for any firewall object must use these alpha numeric characters only A Z upper or lower case 0 9 dash or _ underscore Also all firewall object names are case sensitive Sy...

Страница 672: ...ffic to time out if idle for 10 minutes XSR config ip firewall udp timeout 6000 ip firewall url load black white list This command clears the specified Black URL or the White URL database then re load...

Страница 673: ...ewall enabled at the interface level A particular interface may be enabled but subsequently disabling the firewall globally overrides all enabled interfaces If you enable the firewall globally all int...

Страница 674: ...cast packets are not allowed inbound and outbound Mode Interface configuration XSR config if xx Example The example below allows broadcast filtering on outgoing packets only XSR config if F2 ip firewa...

Страница 675: ...rk hops between successive addresses on the list strict source route Specifies an exact route through the Internet This routing path includes a sequence of IP addresses a datagram must follow hop by h...

Страница 676: ...he no form of this command disables the function no ip firewall sync attack protect block host check host sync queue threshold Mode Interface configuration XSR config if xx block host Block host when...

Страница 677: ...e running configuration will be displayed If this command is issued after the firewall commands were entered but before a firewall load was performed the following text appears Uncommitted Firewall Co...

Страница 678: ...28 Internal ip firewall Network Private 220 150 2 32 28 Internal ip firewall system event threshold 3 ip firewall policy private dmz http allow ip firewall policy dmz private http allow ip firewall p...

Страница 679: ...de XSR or XSR Sample Output This output displays a network object for the Engineering firewall in the 192 168 100 0 24 range Name Start Address End Address Internal External Engineering 192 168 100 1...

Страница 680: ...plays all services pre defined and user defined Show ip firewall user defined Displays user defined services only Show ip firewall service name Displays a specific service object identified by name Sy...

Страница 681: ...XSR or XSR Sample Output The following sample output displays configured firewall policies Name Source Network Destination Network Service Action outftp admin ANY_EXTERNAL ftp allow outhttp priv netw...

Страница 682: ...3 01 2002 192 168 100 100 0 192 168 1 20 0 ICMP 20 28 42 03 01 2002 show ip firewall auth This dynamic counter displays the IP addresses that have been authenticated along with the group name Syntax s...

Страница 683: ...12 FEB 03 2005 0 Total 0 0 3 Blocked DOS Attacks Land 0 Christmas Tree 0 Ping of Death 0 Anti Spoofing 0 ICMP Flood 0 Smurf 0 SYN Flood 370393 Tear Drop 0 TCP Backlog Queue Length 23 TCP Backlog Queue...

Страница 684: ...Privileged EXEC Mode XSR or XSR Example The following is sample output from the command show ip firewall urLlist Black URLs from File blacklist txt 1 www cisco com 2 www playboy com 3 readme eml 4 amb...

Результаты поиска

Содержание X-Pedition XSR

Отзывы:

Бренды по названию

Популярные бренды

Enterasys X-Pedition XSR, Справочное руководство CLI

Результаты поиска

Содержание X-Pedition XSR

Отзывы:

Бренды по названию

Популярные бренды