Benutzeranleitung / Produktwartung 10014299 des Produzenten 3Com
Zur Seite of 762
http://www.3com.com/ 3Com Router Configuration Guide Published March 2004 Part No. 10014299.
3Com Corporation 350 Campus Drive Marlbor ough, MA 01752-3064 Copyright © 2004, 3Com C orporation. All rights r eserv ed. No part of this do cumentation m ay be r epr oduc ed in any form or by any means or used to make any deri vative work (such as translat ion, transformation, or adaptation) without written perm ission fr om 3 Com Co rporatio n.
G ETTING S TARTED 1 S YSTEM M ANAGEMENT 33 I NTERFACE 121 L INK L AYER P RO T O C O L 183 N ETWORK P RO T O C O L 335 R OUTING 423 M ULTICAST 517 S ECURITY 543.
VPN 615 R ELIABILITY 665 Q O S 681 D IAL - UP 721.
A BOUT T HIS G UIDE This guide describes 3Com r outers and how to configure them. Conventions Ta b l e 1 and Ta b l e 2 list conventions that are used thr oughout this guid e. Ta b l e 1 No tice Icons Ta b l e 2 T ext Conventions Icon Notice Type Description Information note Information that describes important features or instructions.
2 A BOUT T HIS G UIDE.
I G ETTING S TARTED Chapter 1 3Com Router Introduction Chapter 2 3Com Router User Interface.
4.
1 3C OM R OUTER I NTR ODUCTION This chapter includes information on the following topics: ■ Overview of the 3Com Router System ■ Architectur e of the 3Com Router ■ Features of the 3Com Router V ersion 1.10 ■ New Features of the 3Com Router 1.x Overview of the 3Com Router System The 3Com Router OS is the network ope rating system platform.
6 C HAPTER 1: 3C OM R OUTER I NTRODUCTION Figure 1 Schematic diagram of the 3Com Router architectur e Features of the 3Com Router V ersion 1.10 The following table lists the basic features of the 3Com Router 1.
Features of the 3Com Router Version 1.10 7 Network prot ocol IP service ■ Supports AR P ■ Supports Static domain name resolution ■ Supports IP Address Un numbered ■ Supports DHCP Server and DH.
8 C HAPTER 1: 3C OM R OUTER I NTRODUCTION Network security Authen ticati on, Authorization and Accounting (AAA) service ■ Provides PPP and login user authentication ■ Supports RADIUS, provides RAD.
Features of the 3Com Router Version 1.10 9 Quality of service (QoS) Traffic classification and flow control ■ Supports CAR (Commi tted Access Speed ) and packet priority, monitoring the ne twork tra.
10 C HAPTER 1: 3C OM R OUTER I NTRODUCTION New Features of the 3Com Router 1.x New features have been adde d to the 3Com Rout er1.10. Support New Interfaces E3 and CE3 Interfaces Both E3 and E1 are part of the ITU-T digital carrier architecture and ar e used in most regions beyond North America.
New Features of the 3Com Router 1.x 11 ■ Combined with BDR, Frame Relay over ISDN can be taken as the backup communication method for Frame Relay . Multilink Frame Relay The Multilink Frame Relay (MFR) featur e introduces function ality based on the Frame Relay Forum Multilink Frame Rela y UNI/NNI Implem entation Agr eement (FRF .
12 C HAPTER 1: 3C OM R OUTER I NTRODUCTION.
2 3C OM R OUTER U SER I NTERFACE This chapter includes information on the following topics: ■ Establish Configuration Environment ■ Command Line Interface (CLI) ■ User Identity Management ■ Basic Configuration and Management of the System Establish Configuration Environment The 3Com Router 1.
14 C HAPTER 2: 3C OM R OUTER U SER I NTERFACE Figure 3 Establish a new connection Figure 4 Select the computer serial port for actual connection.
Establish Configuration Environment 15 Figure 5 Set port communication parameters Figure 6 Select terminal emulation type 3 Power on the router to display the self-test information of the router . Press Enter after the self-test to disp lay the prompt “Username:” and “password:”.
16 C HAPTER 2: 3C OM R OUTER U SER I NTERFACE 4 Enter the command to config ure the r outer or view the running status of the router . Enter “?” to get help when nece ssary . For details of specific commands, please refer to the following chapt ers .
Establish Configuration Environment 17 Figure 8 Establish a dial-up connect ion via “HyperT erminal” Figure 9 Dial on r emote computer 4 If a dial-up connection is established, then press Enter after t he self-t es t to disp lay the prompt “Username:” and “password:”.
18 C HAPTER 2: 3C OM R OUTER U SER I NTERFACE configuration environment, connect the computer with th e router via the W AN interface . Figure 10 . Establish configuration environm ent of local telnet.
Command Line Interface (CLI) 19 Figure 12 Run a telnet pr ogram Figure 13 Establish a telnet connection with r outer The host name in the above figur e is the na me or IP address of a router interf ace of the remote connection.
20 C HAPTER 2: 3C OM R OUTER U SER I NTERFACE ■ Provide online help any time the user keys in “?”. ■ Provide network test commands, such as tracert and ping , etc. to quickly diagnose whether the network is normal. ■ Provide rich and detailed debugging information for diagnosis of network faults.
Command Line Interface (CLI) 21 Figure 14 Hierar chical view structure of the 3Com Router The following table gives some details of the fun ct i onalit y features of the command views as well as the commands for entering these views.
22 C HAPTER 2: 3C OM R OUTER U SER I NTERFACE async serial interface view Configures the asynchronous serial interface parameters [Router-Async0] Enter interface async 0 in any views Enter quit to ret.
Command Line Interface (CLI) 23 The command line prompt character consist s of the network device name (Router by default) and the command view name, such as [Router -rip].
24 C HAPTER 2: 3C OM R OUTER U SER I NTERFACE ■ The help information obtained via the above-mentioned online help is described as follows: 1 Full help: Enter “?” in any view , all th e commands in this view and their brief descriptions can be obtained.
Command Line Interface (CLI) 25 History Command The command line interface of the 3Com R outer 1.x provides a function similar to DOSKey by automatically saving the history of commands inputted users. Users can check the history of comm ands sa ved in the command line to repe at execution.
26 C HAPTER 2: 3C OM R OUTER U SER I NTERFACE Ta b l e 9 Display function table User Identity Management The 3Com Router sets three kinds of router management users: administrator user , operator user and guest user . Differ ent kinds of users have differ ent rights to execute commands.
User Identity Management 27 By defaul t, no user is set on the r outer . In this case, th e user can lo g onto the router without user name and password, op erating as the administrator u ser and have the right to execute all commands. The router should be configured with at least one administrator user .
28 C HAPTER 2: 3C OM R OUTER U SER I NTERFACE By default, the system clock is 08:0 0:00 1 1 199 7. The system clock will reset to the initial number when the conf iguration is deleted by using the delete command or is deleted at the boot menu. 3 Reboot the system Please perform the followin g commands in all views.
II S YSTEM M ANAGEMENT Chapter 3 System Manage ment Chapter 4 T erminal Service Chapter 5 Configuring Network Management Chapter 6 Display and Debugging T ools Chapter 7 POS T erminal Access Service.
30.
3 S YSTEM M ANAGEMENT This chapter includes information on the following topics: ■ Storage Media and File T ypes Supported by the System ■ Upgrade Boot R OM Software ■ Upgrade th e 3Com Rou ter .
32 C HAPTER 3: S YSTEM M ANAGEMENT Quickly input Ctrl+D to enter the Boot ROM menu. If Ctrl+D is not input within three seconds, the system will restart the r outer and the following pr ompt information displays: **************************** ************** * * * 3Com Router Series Bootrom , V4.
Upgrade Boot ROM Software 33 5 Example: if you select baud rate 115200 bps, the system will prompt you to modify the baud rate and select XMO DEM transfer protocol: Download speed is 115200 bps. Change t he terminal's speed to 115200 bps, and select XMODEM protocol.
34 C HAPTER 3: S YSTEM M ANAGEMENT Figure 16 “Send file” message window 8 After downloading, the router will save th e file into Flash or NVRAM, display the following information, and prompt rest oring of the baud-rate setting of the terminal emulator .
Upgrade the 3Com Router Main Program Software 35 Y ou can load the 3Com Router main softwa re with XModem or TF TP (T rivial File T ransfer Protocol) approach when poweri ng on the router . Alternatively , you can load the software with the F T P (File T ransfer Protocol) approach after the router is booted.
36 C HAPTER 3: S YSTEM M ANAGEMENT 3: 38400 bps 4: 57600 bps 5: 115200 bps 6: Exit and Reboot Enter your choice(1-6): Make your selection as needed. 5 After a baud rate (11 5200 bps for example) is se.
Upgrade the 3Com Router Main Program Software 37 Figure 18 T ransfer File dialog box 7 Click Browse to open the fold er containing the Boot ROM so ftware, select the file, change the download prot oco.
38 C HAPTER 3: S YSTEM M ANAGEMENT 9 Restore the baud rate of the terminal emulation pr ogram to 9600 bps and press Enter for rebooting the router so that the new 3Co m Router main program softwar e can be run. TF TP Approach TF TP is a pr otocol used fo r transferring trivial files be t ween clients and servers in the TCP/IP suite.
Upgrade the 3Com Router Main Program Software 39 Figure 21 Tftp d32: Set interface Enter the file dire ctory in the field of Base Director y , and click OK for confirmation. The setting interface may var y with di fferent TF TP server program software.
40 C HAPTER 3: S YSTEM M ANAGEMENT NETWORK INTERFACE PARAMETERS: Do you want a LAN interface? [N] y This board's LAN IP address? [169. 254.1.1] 10.110.10.1 Subnet mask for LAN (0 for none)? [255.255.0.0] TFTP SERVER PARAMETERS: IP address of the TFTP server? [16 9.
Upgrade the 3Com Router Main Program Software 41 Input the Boot ROM password at the prompt . (By default, no ex-facto ry Boot ROM password is set on the r outer . Simply press Enter in this case.) If the Boot ROM password has been modified, enter the correct password.
42 C HAPTER 3: S YSTEM M ANAGEMENT After a client originates a control connection to a server by using the port command and uses a randomly assigned F TP port to establish the control link with port 21 on the server , the link will be in place until there is no data waiting for transmission.
Upgrade the 3Com Router Main Program Software 43 remote F TP user sends a request to the F TP server , and the server will perform actions accordingly and return the execution result to the subscriber . Perform the following configuration in system view .
44 C HAPTER 3: S YSTEM M ANAGEMENT 7 At the prompt ftp> , appearing after the file uploading is completed, en ter the dir command to display the file name and size on the router . If the uploading operation is successful, t he program or configuration file on the router and the uploaded file on the host should have the same size.
Configure On-Line Upgrad ing of the Card 45 Configure On-Line Upgrading of the Card The 3Com Router 1.x supports on-line upgrading of such cards as 2SA/4SA, E1VI and 6AM/12AM. While upgrading, the host ac ts as F TP Server and the router to be upgraded as the F TP Client.
46 C HAPTER 3: S YSTEM M ANAGEMENT Figure 24 Path Name dialog box Select the check boxes Read, W rit e and De lete in FILES and click OK to r eturn. Figure 25 Edit Users/Grou p check box 4 The car ds can be upgraded on-line after the on-line upgrading files are copied to the path of the serv-u F TP .
Configuration File Manag ement 47 After the display version command is used, the information on the slot displays: card name Driver need to be updated On-line upgrading uses the upgrading program of other car ds and this car d will not be upgraded on-line.
48 C HAPTER 3: S YSTEM M ANAGEMENT Ta b l e 21 Load configuration files Follow these steps in the te rminal emulation program: 1 Enter the comma nd an d make the confir mation. [Router] download config Do you want really download the co nfig.ini?(Y/N)y 2 Set the binary transmission protocol to XModem/CRC.
Configuration File Manag ement 49 At the prompt of “ftp>”, use the put Lo calFile [ RemoteFile ] command to upload the specif ied file to the router . RemoteFile should use the name of the config file on the router , and the name is case sensitive.
50 C HAPTER 3: S YSTEM M ANAGEMENT 226 file transmit success. ftp: 735 bytes received in 0.06Sec onds 12.25Kbytes/sec. View Current and Saved Configuration of the Router During the power - on of th e router , read the configuration files from Flash (or NVRAM) to initialize the r outer .
Configuration File Manag ement 51 Ta b l e 25 Select and view the storage media of configuration file If ther e is only one type of stora ge media availabl e, the configfile command will not be effective. Modify and Sa ve Current Config uration Users can modify the current configurat ion of the router via the command line interface.
52 C HAPTER 3: S YSTEM M ANAGEMENT Ta b l e 28 Set/clear the flag bit to enter the initial setup By default, no flag bit fo r enteri ng the initial setup mode is set. Configure F TP F T P (File T ransfer Protocol), which belongs to the application layer pr otocol in the TCP/IP protocol suite, mainly provides f ile transfer between remote hosts.
Configure FTP 53 Ta b l e 29 Set the authentication mode of F TP server 2 Add F TP authorized user name and pa ssword Input the following command in system view .
54 C HAPTER 3: S YSTEM M ANAGEMENT The names of the program/configuration file are “system” and “config” respectively by default. In the command, file-n ame is a character string with the length of 1 to 30. 2 Set F TP update mode When logging onto the F TP Serv er from a PC, you can use t he put command to upload the file.
Configure FTP 55 Display F TP Serve r Ta b l e 36 Display F TP server Operation Command Display the configuration status of current FTP server display ftp-server Display detailed information of the FT.
56 C HAPTER 3: S YSTEM M ANAGEMENT.
4 T ERMINAL S ERVICE This chapter includes information on the following topics: ■ T erminal Service Overview ■ T erminal Message Service ■ Dumb T erminal Service ■ T erminal Service of T elnet Connection ■ Rlogin T erminal Service ■ X.
58 C HAPTER 4: T ERMINAL S ERVICE Features of T erminal Service at Async Serial Port The 3Com Router supports remote configuration on the router via asynchronous serial port (including synchronous/asynchr onous serial port, 8/16 asynchronous serial port, and AUX port).
Terminal Message Service 59 with user B, user A should telnet onto Router B and execute the send command to send the related information in all views. Then user B can receive the “message” sent from user A.
60 C HAPTER 4: T ERMINAL S ERVICE T ypical Example of T erminal Message Service Configuration # Input the send command in system view. [Router] send Enter message, end with CTRL/Z; ab ort with CTRL/C: # Input the contents of the messa ge that the terminal will send.
Dumb Terminal Service 61 By default, no dumb terminal service is configured. 2 Configure auto-exe cute command command If the auto-execute command command is configured on the asynchronous serial inte.
62 C HAPTER 4: T ERMINAL S ERVICE Figure 27 Dumb terminal networking diagram 1 Configure the interface to dumb ter minal mode. [Router-Serial1] physical-mode async [Router-Serial1] undo modem [Router-Serial1] async mode flow 2 Configure the auto-execute command command.
Terminal Service of Telnet Connection 63 Figure 29 T elnet client servic e Reverse T elnet Overview Reverse T elnet service: the user logs on the r outer with a specified port number by running the T eln et client program on the PC. Then the connection to the serial port device connected with the async port of the router is established.
64 C HAPTER 4: T ERMINAL S ERVICE Ta b l e 46 Establish T elnet Server or T elnet Client connection By default, T elnet Server starts automatically . The default value of ser vice-port is 23. T o terminate T elnet service, enter Ctrl+] at T elnet Client side.
Terminal Service of Telnet Connection 65 The interface listen port number is within the range of 1025 to 65535. Please note that the listen port number can not be the same as that of the widely used ports. By default, the port number and asynchronous interface have th e following relations: ■ The async serial interface number starts from 2 001.
66 C HAPTER 4: T ERMINAL S ERVICE Password: User guest logged in . 3 The message showing successful T e lnet to Router B shou ld pop up and display the host name of RouterB.
Rlogin Terminal Service 67 ■ Only supports IP address configuration. DNS is not supported. ■ The supported terminal type is VT100. ■ The supported b aud rate is 9600 bps.
68 C HAPTER 4: T ERMINAL S ERVICE SCO OpenServer(TM) Release 5 (C) 1976-1998 The Santa Cruz Opera tion, Inc. (C) 1980-1994 Microsoft Corporatio n. All rights reserved. For complete copyright credits, enter "copyrights" at the command prompt.
X.25 PAD Remote Access Service 69 Therefore X.25 P AD devices actually serv e as a procedur e translator or network server , pr oviding services to differ ent terminals and helping them to access the X.25 network. The 3Com Router implements X.29 and X.
70 C HAPTER 4: T ERMINAL S ERVICE By default, no X.25 P AD remote user is configured at the Server side. For details of the Command, refer to the relevant sections on Security Configuration Co mmands in Command Reference (V1.6). Start AAA authentication of X.
X.25 PAD Remote Access Service 71 Exit command can also be nested with the Pad command. That is, users can access a thir d or even more r outers from a r outer by repeatedly using the telnet/pad comma.
72 C HAPTER 4: T ERMINAL S ERVICE c Enter the view of interface Serial 0 and set its link layer pr otocol as X.25 DTE IETF . [RouterA] interface serial 0 [RouterA-serial0] link-protocol x25 dte ietf d Set its X.
5 C ONFIGURING N ETWORK M ANAGEMENT This chapter includes information on the following topics: ■ SNMP Overview ■ RMON Overview SNMP Overview Simple Network Mana gement Protocol (SNMP), a widely accepted industry standard, is the most dominant networ k management protocol in computer networks by far .
74 C HAPTER 5: C ONFIGURING N ETWORK M ANAGEMENT addition to the fun ctions define d in SNMPv2c and SNMPv1 . In other wor ds, SNMPv3 dev elops SNMP v2c by adding securit y an d management fun ctions. SNMPv1 and SNMPv2c lack security func tions, especially in the aspect of authentication and privacy .
SNMP Overview 75 sub-tree, the network administrator can access the device wi th read or write authority . Otherwise, the op erations will be r ejected. SNMP ar chitectur e An SNMP entity comprises one SNMP engi ne and multiple SNMP applications. The SNMP engine is the core of the SNMP entity .
76 C HAPTER 5: C ONFIGURING N ETWORK M ANAGEMENT Ta b l e 56 3Com Router -supported MIB Configure SNMP SNMP configur ation includes: ■ Configure the network management agent on a router ■ Configur.
SNMP Overview 77 “Corporation code of 3Com Corpo ration. (800007DB) + Equipment information” . Equipment information can be the IP ad dr ess, MAC address or self-defined hexadecimal digit string.
78 C HAPTER 5: C ONFIGURING N ETWORK M ANAGEMENT By default, SNMPv3 is used . The default view name in the system is View Default, and OID of which is 1.3.6.1. SNMP group has only the r ead-only authority by default. If SNMPv1/SNMPv2c is used, the comm unity name or SNMPv1/SNMPv2c groups and users should be configured.
SNMP Overview 79 By default, the router is disabled to send traps. 5 Configure the maximum size of SNMP pa ckets that the router can send/ receive Set the Max SNMP messages that can be r eceived/sen t by the agent accor ding to the network loading capacity .
80 C HAPTER 5: C ONFIGURING N ETWORK M ANAGEMENT T ypical Configuration Examples Example 1: Configure Network Management of SNMPv1 I. Networking Requirements In the following diag ram the NMS and a router are connected via the Ether n et. The IP addresses of NMS and the Ether n et interface on the router are r espectively 129.
RMON Overview 81 ■ Required if traps ar e to be sent — the IP address of the interface ethernet 0 is the source addr ess of the traps, and the address of the NMS is the destination address. II. Networking Diagram Refer to the networking diagram of Example 1.
82 C HAPTER 5: C ONFIGURING N ETWORK M ANAGEMENT thus managing large-scale interconnection networks easily and effective ly . RMON also allows several monitors and can collect data in two ways: one is to co llect with the RMON probe — NMS dir ectly obt ains management data from an RMON probe and contr ols network resources.
RMON Overview 83 ■ Enable RMON statistics of Ether net in ter face 1 Enable RMON statistics of Ether net in ter face After enabling RMON statistics of an Ethe rnet interface, the router will perform the statistics of the packet incoming and outgo ing through this interface.
84 C HAPTER 5: C ONFIGURING N ETWORK M ANAGEMENT [RouterA] interface ethernet 0 [RouterA-Ethernet0] rmon promiscuo us.
6 D ISPLAY AND D EBUGGING T OOLS This chapter includes information on the following topics: ■ Display Command Set ■ Debugging Command Set ■ T est T ool of Network Connection ■ Log Function Display Command Set Wi th display commands, the system status and system info rmation can be viewed.
86 C HAPTER 6: D ISPLAY AND D EB UGGING T OOLS T wo switches control the output of the debugging information: ■ Debugging switch, which controls whether to test a certain function/module/protocol.
Test Tool of Network Connection 87 Please see relevant chapters in the 3Com Router Command Reference Guide for detailed meanings of various options and parameters.
88 C HAPTER 6: D ISPLAY AND D EB UGGING T OOLS !!!!! --2.0.0c91.f61f IPX ping statistics-- 5 packets transmitted 5 packets received 0% packet loss round-trip min/avg/max = 1/2/3 m s tracert command (T race Route Command) The t race route command helps to trace the current network path to a destinatio n.
Log Function 89 3 lilac-dmc.Berkeley.EDU (128.32.216. 1) 39 ms 19 ms 19 ms 4 ccngw-ner-cc.Berkeley.EDU (128.32.1 36.23) 19 ms 39 ms 39 ms 5 ccn-nerif22.Berkeley.EDU (128.32.16 8.22) 20 ms 39 ms 39 ms 6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms 7 131.
90 C HAPTER 6: D ISPLAY AND D EB UGGING T OOLS Set the direction of syslog outputting log information As described before, Syslog of the 3Com Router 1.
Log Function 91 Set Severity of Log Information Syslog is divided into 8 levels accordin g to the Severity (or priority) of the information. The rule to f ilter the log information acco rding to the level is: the more urgent the log information is, the le ss sever e it will be .
92 C HAPTER 6: D ISPLAY AND D EB UGGING T OOLS Here, module stands for the module name. Only the log information re lated to a specified module can be filtered and output.
Log Function 93 3 When log files like config an d security ar e created and /etc/syslog.conf file is modified, an HUP will be sent to the sy stem daemon, Syslogd, by executin g the following commands to make Syslo gd re-read its configuration file /etc/syslog.
94 C HAPTER 6: D ISPLAY AND D EB UGGING T OOLS.
7 POS T ERMINAL A CCESS S ERVICE This chapter contains information on the following top ics: ■ POS Access Service Overvi ew ■ POS Access Service Configuration ■ Display and Debug POS Access ■ .
96 C HAPTER 7: POS T ERMINAL A CCESS S ERVI CE Figure 40 Dial-up access when the POS access router is located at the commer cial client side Due to the way POS access se rvice usually operates, that i.
POS Access Service Configuration 97 ■ Avoiding the dial-up time problem and fast connecting to the transaction processing center . ■ Reducing the numb er of occupied communication links, hence saving the communications cost greatly .
98 C HAPTER 7: POS T ERMINAL A CCESS S ERVI CE If the FCM interface is used as POS access interf ace undo modem cannot be configured. If another in ter face is used as the POS access interface undo modem must be configured. Since POS access does not support flow control, the interface should be configured with t he flow-control none comman d.
POS Access Service Configuration 99 POS access does not support flow control, therefore, the interface should be configured with the flow-control none command.
100 C HAPTER 7: POS T ERMINAL A CCESS S ERVICE implemented otherwise, the system will pr ompt as follows to indicate that the configuration has failed: App-state is wrong .
Typical Configuration Exam ple of POS Access Service 101 T yp ical Configu ration Example of POS Access Service Configuration Example when the Router is Located at the FEP Side in TCP/IP Mode I. Networking Requirements Three POS te rminals ac cess the Router A located at the FEP side thr ough the FC M card and connect to UNIX A (10.
102 C HAPTER 7: POS T ERMINAL A CCESS S ERVICE 9 Configure POS access interface FCM2 [Router] interface fcm2 [Router-FCM2] async mode pos 3 Configuration Example when the Router is Located at the FEP Side in Asynchronous Connection Mode I.
Typical Configuration Exam ple of POS Access Service 103 [Router-FCM2] async mode pos 3 9 Configure Async 0 to operate in POS application mode. [Router] interface async 0 [Router-Async0] undo modem [Router-Async0] flow-control none [Router-Async0] async mode posapp 10 Configure Async 1 to operate in POS application mode.
104 C HAPTER 7: POS T ERMINAL A CCESS S ERVICE [RouterA] interface async 1 [RouterA-Async1] undo modem [RouterA-Async0] flow-control none [RouterA-Async0] undo detect dsr-d tr [RouterA-Async1] async mode pos 2 f Configure POS access interface 2.
III I NTERFACE Chapter 8 Interface Configuration Overview Chapter 9 Configuring LAN Interface Chapter 10 Configuring W AN Interface Chapter 11 Configuring Logical Interface.
106.
8 I NTERFACE C ONFIGURATION O VERVIEW This chapter contains information on the following top ics: ■ Interface Configuration Overview ■ Configure Interface ■ Display and Debug Interface Interface.
108 C HAPTER 8: I NTERFACE C ONFIGURAT ION O VERVIEW In the 3Com Rout er , the command to enter E1/T1 interface view is controller { e1 | t1 } , which is diff e re n t fr om th e command of other interfaces. Exit the Interface View . In the interface view , in put quit to return to th e system view .
Display and Debug Interface 109 ■ If a firewall is to be establ ished on this interface, please conf igure parameters about related message filtering or add ress conversion.
110 C HAPTER 8: I NTERFACE C ONFIGURAT ION O VERVIEW.
9 C ONFIGURING LAN I NTERFACE This chapter contains information on the following top ics: ■ Ethernet Interface Overview ■ Configure Ethernet Interface ■ Display and Debug Ether net Interface ■.
112 C HAPTER 9: C ONFIGURING LAN I NTERFACE Ta b l e 85 Enter view of specified Ether net interface 2 Set network protocol address The 3Com Router supports IP and IPX at Ethernet interface. Therefore, it is necessary to configure IP or IPX network address.
Display and Debug Ethernet Interface 113 V alue r anges and default values of MTUs with different link layer protocol ar e differ ent. When Ether net_II frame format is adopted, MTU value range will b.
114 C HAPTER 9: C ONFIGURING LAN I NTERFACE T ypical Ethernet Interface Configuration Example I. Networking Requirement As shown below , the Ethernet int erfaces of Routers A is con nected to IP networks 192.168.0.0. The computer in LAN connects to the Inter net through Router A.
Troubleshoo ting 115 the party with 10 0 Mbps configuration s hows no connection, while the party with 10 Mbps connect io n sho w s th e co nn ec t i on ha s bee n esta blished. Furthe r mo r e, the activity indicator of the physical layer blin k quickly and messages can not be received or transm itted normally .
116 C HAPTER 9: C ONFIGURING LAN I NTERFACE HUB is connected, all the other devices on the whole network segment will show serious network collisions), while the pa rty working in full duplex mode shows large amount of error messages r eceived , accompanied with serious message losses at both parties.
10 C ONFIGURING WA N I NTERFACE This chapter contains information on the following top ics: ■ W AN Interface Intr oduction ■ Asynchronous Serial Interface ■ AUX Interface ■ Synchronous Serial .
118 C HAPTER 10: C ONFIGU RING WAN I NTERFACE ■ Set the asynchronous serial interface to work in dialup or dedicated line mode ■ Set link layer pr otocol ■ Set baud rate ■ Set link establishme.
Asynchronous Serial Interface 119 instructions in dialup mode. In dedicated line mode, ensure that modem command is not configured, i.e. disable dial with undo modem command. Please use the following commands in the view of asynchronous serial interface.
120 C HAPTER 10: C ONFIGU RING WAN I NTERFACE Dedicated mode is usually used when as ynchronous serial interfaces are directly connected. ■ Flow: Also cal led the Interactive mo de, which means two ends of the link interact with each other after the set up of a physical conn ection.
Asynchronous Serial Interface 121 When the link establishment mode of async serial interface is flow or TTY , the two ends of the link will interact with each other after the setup of a physical connection.
122 C HAPTER 10: C ONFIGU RING WAN I NTERFACE Please use the following commands in the view of the asynchr onous serial interface . Ta b l e 104 Enable or disable the level detection for the asynchronous serial interface By default the level detection is enable d for the asynchronous serial interface.
Synchronous Serial Interface 123 Configure AUX interface 1 Enter AUX interface view Perform the following configuration in the all views. Ta b l e 108 Enter AUX interface view 2 Configure AUX interface The configuration of AUX interface is basically the same with that of common asynchronous serial interfaces.
124 C HAPTER 10: C ONFIGU RING WAN I NTERFACE ■ Enable or disable level detection ■ Enable or disable data carrier detection ■ Setting the synchronous serial interface to work in full duplex or .
Synchronous Serial Interface 125 Perform following commands in synchronous serial interface view . Ta b l e 112 Set the digital signal encoding format of synchronous serial interface By default, the digital signal encoding fo rmat of synchronous serial interface is NRZ.
126 C HAPTER 10: C ONFIGU RING WAN I NTERFACE TxClk stands for transmitting clock, RxClk for receiving clock, the clock before “=” is DTE-side clock, and that b ehind “=” is DCE-side clock. Please use the following commands in the view of the synchronous serial interface .
Synchronous Serial Interface 127 Level detection is enabled fo r the sync hronous serial inte rface by default. 9 Enable or disable data carrier detection By default, when the system decides whethe r .
128 C HAPTER 10: C ONFIGU RING WAN I NTERFACE 12 Configure MTU MTU of synchronous serial interface af fects the fragme ntation and reassembling of IP network protocol message on this interface. Please use the following commands in the view of the synchronous serial interface .
ISDN BRI Interface 129 equipment complying with relevant ISDN standard of ITU-T able to access ISDN easily . User -n etwork interface specification of ISDN: In ITU-T I.
130 C HAPTER 10: C ONFIGU RING WAN I NTERFACE ■ Whether the interface provided by tele com service provider is ISDN BRI U interface or ISDN BRI S/T interface: In ITU-T I.411 recommendation, the refer ence model of ISDN user -n etwork interface is given.
CE1/PRI Interface 131 ■ When the interface is used as a CE1 inte rface, all the timeslots except timeslot 0 can be divided into multiple channel se ts at will, and each gr oup can be used as an interface upon timeslot binding. Its logic feature is the same as that of a synchronous serial interface.
132 C HAPTER 10: C ONFIGU RING WAN I NTERFACE Ta b l e 127 Enter the synchronous serial interface view The following ar e to be set: ■ Operating parameters of data link laye r protocol, such as PPP , Frame Relay , LAPB or X.
CE1/PRI Interface 133 ■ The rules for address translation or packet f iltering need to be set if the firewal l is to be set up on the interface. For more details, r efer to the related sections of this manual. 4 Bind an interface to be a pri set Perform the following configurations in CE1/PRI interface view .
134 C HAPTER 10: C ONFIGU RING WAN I NTERFACE Ta b l e 132 Set the line code format on the CE1/PRI interface By default, the line code form at on the CE1/PRI interface is hdb3 . 6 Set line clock When the CE1/PRI in terface operate s as DCE, you should choose the interna l clock, that is, master clock mode.
CT1/PRI Interface 135 By default, the functions of inter nal lo opback and external loopback are disabled on the CE 1/PRI inte rface. Display and Debug CE1/PRI Interface Perform the following configurations in all views to display the status and related information of the CE1/PRI interface, so as to monitor and maintain it.
136 C HAPTER 10: C ONFIGU RING WAN I NTERFACE ■ Bind the interface to be a pri set ■ Set the length/attenuation of the transmission cable ■ Set the line code format ■ Set line clock ■ Set fr.
CT1/PRI Interface 137 ■ The rules for address translation or packet f iltering need to be set if the firewal l is to be set up on the interface. For more details, r efer to the related sections of this manual. 3 Bind an interface to be a pri set Perform the following configurations in CT1/PRI interface view .
138 C HAPTER 10: C ONFIGU RING WAN I NTERFACE By default, the a ttenuation of trans mission cabl e that the CT1/PRI interface matches is long 0db . 5 Set the line code format A CT1/PRI interface supports two types of line code formats: ami format and b8zs format.
E1-F Interface 139 By default, the frame format of CT1/PRI interface is ESF . 8 Enable/disable internal loopback/exter nal loopback The interface needs to be set to internal loopback or exter nal loopback wh en during the test on some special functions.
140 C HAPTER 10: C ONFIGU RING WAN I NTERFACE supporting the data link layer protocols PPP , HDLC, Frame Relay , LAPB and X.25, as well as the network pr otocols IP and IPX. When it works in framed mode , however , it is physically divided into 32 time slots numbered in the range of 0 to 31.
E1-F Interface 141 Perform the following configuration in E1-F interface view . Ta b l e 150 Set interface rate after binding operation By default, binding operation will be done on all the ti me slots on E1-F interface. Ti me sl ot 0 on E1 -F in te r fa ce is us e d for synchro nization information transmission.
142 C HAPTER 10: C ONFIGU RING WAN I NTERFACE Ta b l e 153 Set frame format for an E1-F interface By default, the frame fo rmat of E1-F inter face is no-CRC4. 7 Enable or Disable Local Loopback/Remote Loopback An interface should be place in local loopback or r emote loopback for some special functionality tests.
T1-F Interface 143 T1-F Interface T1-F interface is fractional T1 interface, and it is r esp ectively simplified CT1/PRI interface. If there is no need to use mu ltiple channel sets or if ISDN PRI is not necessary in an T1 application, it is too much to use CT1/PRI interface.
144 C HAPTER 10: C ONFIGU RING WAN I NTERFACE module in slot 2. Hence, the E1-F interf ace will be numbered Serial 0, and the 4SA interfaces will be number ed Serial 1 through Serial 4, an d the T1-F interfaces will be numbered Serial 5 and Serial 6.
T1-F Interface 145 If T1-F interface is used as DCE, the slave clock should be selected. If it is used as DTE, the master clock should be selected. If the T1-F interfaces of two routers ar e di rectly connected, they must re spectively work in slave and master clock modes.
146 C HAPTER 10: C ONFIGU RING WAN I NTERFACE Display and Debug T1-F Interface Perform the display command in all views to displa y the state of T1-F interface and other related informatio n.
CE3 Interface 147 Ta b l e 164 Enter the view of the spec ified E3 interface 2 Set Clock Mode of CE3 Interface Perform the following configuration in CE3 interface view . Ta b l e 165 Set clock mode of the CE3 interface By defaul t, CE3 inte rface uses slave clo ck.
148 C HAPTER 10: C ONFIGU RING WAN I NTERFACE If framing has been enabled on an E1 chann el, you can set its frame format. Perform the following configuration in CE3 interface view . Ta b l e 170 Set E1 frame forma t By default, the frame fo rmat of E1 channel is no-crc4 .
CT3 Interface 149 Display and Debug CE3 Interface The display and debug operat ions of CE3 in terface include d isa bling interface and displaying interface information. But y ou should be careful when using the shutdown command, because disabling an in terface will cause the interface to stop working.
150 C HAPTER 10: C ONFIGU RING WAN I NTERFACE ■ Set CRC of the Serial Interface Depending on the networ king requir ements, the user p erhaps needs t o configure the parameters such as PPP , Frame Relay and IP addr ess for the CT3 interface. For details, r efer to the involving chapters.
CT3 Interface 151 Ta b l e 178 Set loopback mode of the CT3 interface Differ ence between two types of exter nal loopback o f the CT3 interf ace: Frame header overhead should be proce ssed for extern al payload loopb ack ( payload ) while frame is not processed for exter nal remote loopback ( rem o t e ).
152 C HAPTER 10: C ONFIGU RING WAN I NTERFACE By default, CT3 mode is used. When CT3 interface works in T3 mode, the system will automatically create a serial interface whose number is serial number /0:0 and whose rate is 44.
CT3 Interface 153 Ta b l e 185 Disable and Enabl e CT3 interface The enabling/disabling operatio n done on the CT3 interface takes effect on CT3 interface, the T1 channels and the se rial interfaces formed through binding operation.
154 C HAPTER 10: C ONFIGU RING WAN I NTERFACE.
11 C ONFIGURING L OGICAL I NTERFACE This chapter contains information on the following top ics: ■ Logical Interface Introduction ■ Dialer Interface ■ Loopback Interface ■ Null Interface ■ Su.
156 C HAPTER 11: C ONFIGU RING L OGICAL I NTERFACE Some applications (such as configuring local peer of SNA) requir es that a local interface with specified IP address should be configured without af fecting physical interfa ce co nf ig u r at io n.
Sub-Interface 157 Any packet reaching the null i nterface w ill be dropped, which provides another method for packet filtering: Just sendi ng unnecessary netwo r k traffic to Null0 interface, so that there is no need to configur e ACL. For example: Use static routing configuration command ip route-static 192.
158 C HAPTER 11: C ONFIGU RING L OGICAL I NTERFACE Configure sub-interfaces of Ethernet interface 1 Create and delete Ethernet sub-interfaces Please use the following commands in all views.
Sub-Interface 159 ■ IPX network number which is dif feren t from that of the af filiated W AN interface, and other IPX working paramet ers ■ Virtual circuit of the sub-interface Please see chapters in Operation Manual - Link Layer Protocol and Operation Manual - Network Protocol for details about the above configurations.
160 C HAPTER 11: C ONFIGU RING L OGICAL I NTERFACE [Router-Serial0] link-protocol fr 3 Specify DTE as its fra me r elay terminal ty pe [Router-Serial0] fr interface-type dte 4 Create sub-interface Serial 0.1 on W AN in terface Serial0 of router A in point-to point mode, and enter it s view [Router] interface serial 0.
Virtual-Template and Virtual Interface 161 dynamically cr eate a virtual interface based on the config uration parameters of the template. Similarly , after multiple PPP links ar e bound as MP , a virtual interface also needs to be created to exchange data with the opposite end.
162 C HAPTER 11: C ONFIGU RING L OGICAL I NTERFACE 3 Create corr esponding relation between the virtual-template a nd related physical interface In VPN application environment, it is nece ssary to build up corresponding relations between L2TP group and virtua l-template.
IV L INK L AYER P RO T O C O L Chapter 12 Configuring PPP and MP Chapter 13 Configuring PPPoE Client Chapter 14 Configuring SLIP Chapter 15 Configuring ISDN Protocol Chapter 16 Configuring LAPB and X.
164.
12 C ONFIGURING PPP AND MP This chapter contains information on the following top ics: ■ PPP Overview ■ MP Overview ■ Configure PPP ■ Configure MP ■ Display and Debug PPP ■ T ypical PPP Co.
166 C HAPTER 12: C ONFIGU RING PPP AND MP The authenticator sends some rand omly generated packets to the requester (challenge), and at the same time it sends its configured username to the req u es t e r .
MP Overview 167 Figure 49 Diagram of PPP negotiation phases For detailed description of PPP , refer to RFC1661. MP Overview MP protocol (PPP Multilink protocol) can bi nd multiple PPP links, so as to increase bandwidth.
168 C HAPTER 12: C ONFIGU RING PPP AND MP Ta b l e 194 Configure the link layer protocol of the interface to PPP The default link layer protocol of the interface is PPP . 2 Configure PPP Authentication PPP has two authentication modes: P AP mo de and CHAP mode.
Configure PPP 169 Ta b l e 197 Configure the local authenticates the peer in CHAP mode b Configure the r equester of CHAP authentication Perform the following configuration in the interface view , and use the local-user command in the system view .
170 C HAPTER 12: C ONFIGU RING PPP AND MP Whether the PPP user passes th e authentica tion will be finally decided by AAA, which can authen ticate PPP user at local o r at RADIUS server .
Configure MP 171 In MP working mode, it is not recommended to use PPP compress ion. T o configure PPP compression negotiation on the virtual interface, PPP compr ession must be configured on Virtual-template interface before the subordinate p hysical interface can accept the PPP compression neg otiation.
172 C HAPTER 12: C ONFIGU RING PPP AND MP ■ Configure MP Protocol Parameters 1 Cr eate Virtual T emplate Ta b l e 203 Create/Delete virtual template 2 Configure Operating Parameters of Virtual T emp.
Configure MP 173 ■ Bind accor ding t o use rname or en dp o i n t Here the username refers to the received remote username when PPP link performs P AP or CHAP authentication. En dpoint is the unique mar k of a router and refers to the r eceived r emote endpoint when performing LCP negotiation.
174 C HAPTER 12: C ONFIGU RING PPP AND MP By default, the maximum link numb er of links that MP channel permits to bind is 16. b Configure the maximum number of fragments r eceived by MP channel Ta b .
Display and Debug PPP 175 By default, virtual Baud rate is not set on interface. Display and Debug PPP Please use the disp lay and debugging commands in all views. Ta b l e 212 Display and debug PPP T y pical PPP Configuration Example P AP Authentication Example I.
176 C HAPTER 12: C ONFIGU RING PPP AND MP II. Configuration Procedur e 1 Configure Router1: a Add a user with name Router2 and pa ssword hello to the local database [Router] local-user Router2 passwor.
Typical MP Configuration Example 177 [Router] local-user router-c password si mple router-c b Specify the virtual interface templa tes for the two users and begin PPP negotiation for the NCP informati.
178 C HAPTER 12: C ONFIGU RING PPP AND MP [Router] interface serial2: 1 [Router-Serial2:1] ppp mp [Router-Serial2:1] ppp authenticati on-mode pap [Router-Serial2:1] ppp pap local-us er router-c password simple router-c Fault Diagnosis and T roubleshooting of PPP Fault 1: Link always fails to turn to up status.
13 C ONFIGURING PPP O E C LIENT This chapter contains information on the following top ics: ■ PPoE Overview ■ Configure PPPoE Clie nt ■ Display and Debug PPPoE Client ■ T ypical PPPoE Co nfigu.
180 C HAPTER 13: C ONFIGU RING PPP O E C LIENT implement the client dial-up function of PP Po E), so the subscribers can access the Internet w ithout installing a PPPoE client software on PCs. Furthermore, all the PCs on the same LAN can share an ADSL account.
Configure PPPoE Client 181 Depending on the n eeds, it is probably re quired to configure the parameters such as PPP authentication on a dialer interfac e. The dialer interf ace configuration will not be covered in this sect ion, however . Please see Operation Manual - Dial-up for ref e re nc e .
182 C HAPTER 13: C ONFIGU RING PPP O E C LIENT Regardless of whether a PPPoE session is permanent or packet-triggered, executing the undo pppoe-client command will permanently delete the session. Hence, you need to make r econfiguratio n for establishing a new PPPoE session.
Typical PPPoE Configuration Example 183 [Router-Dialer1] ip ppp-negotiate [Router-Dialer1] ppp pap local-user 3com password cipher 12345 2 Configure a PPPoE se ssion [Router] interface ethernet 1 [Rou.
184 C HAPTER 13: C ONFIGU RING PPP O E C LIENT.
14 C ONFIGURING SLIP This chapter contains information on the following top ics: ■ SLIP Overview ■ Configure SLI P ■ Display and Debug SLIP ■ T ypical SLIP Configuration Example SLIP Overview SLIP (Serial Link Internet Protocol) can transmit data ov er the asynchronous serial link.
186 C HAPTER 14: C ONFIGU RING SLIP By default, the synchronous/asynchronous se rial interface operates in synchronous mode 2 Configure the link layer pr otocol of the interface to SLIP Perform the following task in the asynchronous interface view .
Typical SLIP Configurati on Example 187 III. Configuration Procedur e 1 Configure Router A: a Configure Dialer Rule [Router] dialer-rule 1 ip permit b Configure the synchronous/asynchr onous interface.
188 C HAPTER 14: C ONFIGU RING SLIP [Router] ip route-static 0.0.0.0 0.0.0.0 10.110.0.1.
15 C ONFIGURING ISDN P RO T O C O L This chapter contains information on the following top ics: ■ ISDN Overview ■ Configure ISDN ■ Display and Debug ISDN ■ T ypical Configurat ion Examp le ■.
190 C HAPTER 15: C ONFIGU RING ISDN P ROTOCOL ■ Set the called nu mb er or sub -a d dr ess to be checked in digital incoming call 1 Configure ISDN Signal ing T ype Perform the following configuration s in either system view or inter face view .
Configure ISDN 191 When a router originates a call to PBX, it usually contains all called number information in the SETUP message . However , you can configure the command to determine whether th e Sending Se nding-Co mplete Information Element (SCIE) should be c arried in the SETUP message .
192 C HAPTER 15: C ONFIGU RING ISDN P ROTOCOL Configur e ISDN DoV ISDN call includes voice call and digital call. Dif fer ent communi cati on mode ma kes differ ent calls. In common cir cumstances, users initiate voice call when making voice commun ication and initiate digit al ca ll when making data transmission.
Typical Configur ati on Example 193 T ypical Configuration Example Interconnect Rou ters for Data T ransmission via ISDN PRI Line I. Networking Requirement Router A is connected with router B via W AN, as shown in the following diagram. II. Networking Diagram Figure 56 Networking diagram of ISDN pr otocol configuration example III.
194 C HAPTER 15: C ONFIGU RING ISDN P ROTOCOL II. Networking Diagram Figure 57 Networking for ISDN DoV III. Configuration Procedu re 1 Configure Router A: [Router] dialer-rule 1 ip permit [Router] interface bri 0 [Router-Bri0] ip address 100.1.1.1 255.
16 C ONFIGURING LAPB AND X.25 This chapter contains information on the following top ics: ■ X.25 and LAPB Protocols Overview ■ Configure LAPB ■ Configure X.25 ■ Configure X.25 over Other Protocols ■ Display and Debug LAPB and X.25 ■ T ypical LAPB Configurat io n Example ■ T ypical X.
196 C HAPTER 16: C ONFIGU RING LAPB AND X.25 Figure 58 X.25 network model The X.25 protocol suite maps to the lowe st three layers of the OSI (Open System Interconnection) refer ence model.
X.25 and LAPB Protocols Overview 197 Once a virtual circuit is established between a pair of DTEs, it is assigned with a unique virtual circuit number . When one DTE is to send a packet t o the other , it numbers this pack et (wi th vi r tua l circui t nu mb e r) and sends it to DCE.
198 C HAPTER 16: C ONFIGU RING LAPB AND X.25 Figure 61 Relations among LAPB, X.25 and X.25 switching Configure LAPB LAPB configuration includ es: ■ Configure the link pr otocol of the interface to L.
Configure X.25 199 N1 value r epresents the maximum number bits of I frame that DCE or DTE wants to receive fr om DTE or DCE. N2 value r epresents the maximum number of times that DCE or DTE tries to successfully send a frame to DTE or DCE. Ta b l e 232 Configure LAPB N1, N2 By default, n1 is 12032, and n2 is 10.
200 C HAPTER 16: C ONFIGU RING LAPB AND X.25 Configure X.25 Interface The configuration of X.2 5 interface includes: ■ Configure X.121 address ■ Configure X.25 working mode ■ Configure X.25virtual circuit range ■ Configure X.25 modulo ■ Configure X.
Configure X.25 201 X.25 protocol can multiplex multiple virtual conne ction over a real physical link between DTE and DCE, also called virt ual ci rcuit (VC) or logical channel (LC). X.25 can establish up to 4095 virtual connections numbered from 1 to 4095.
202 C HAPTER 16: C ONFIGU RING LAPB AND X.25 Ta b l e 237 Set/cancel X.25 virtual circuit range The above shows that each section (except the permanent virtual circuit section) is defined by two parameters: upper limit an d lower limit, the value of which ranges between 1 and 4095 (including 1 and 4095 ).
Configure X.25 203 end-to-end is affected, that is, the effici ency between t w o set s of c ommunicatin g DTE increases. 5 Configure X.25 flow contro l parameter It is essential to set corr ect default flow control pa rameters (window size and packet size) for the operation of the link because X.
204 C HAPTER 16: C ONFIGU RING LAPB AND X.25 ■ Prohibit the r estart of X.25 layer 3 It is necessary to config ure certain supple mentary X.25 paramete rs in some special network environments. 1 Configure the delay of X.25 layer 3 timer X.25 protocol defines a series of timers to facilitate its procedure.
Configure X.25 205 of a call that reaches X.25 interface may be inconsistent with X.121 address of the destination interface (because th e de stination address of this call is modified within the network), still th e interface will accept this call.
206 C HAPTER 16: C ONFIGU RING LAPB AND X.25 Ta b l e 244 Configure/Cancel the attributes related to the addr ess code block in the call packet or call accept packet 4 Configure default upper layer protocol X.25 call r equest packet incl udes a CUD field (Call Us er Data), which shows the upper layer protocol type X.
Configure X.25 207 Configur e X.25 Datagram T ransmission The configuration of X.25 data gram tr ansmission includes: ■ Create the mapping fr om the pr otocol address to X.121 addr ess ■ Create the permanent virtual circuit In the most frequently used X.
208 C HAPTER 16: C ONFIGU RING LAPB AND X.25 process and it always exists. An addr ess ma pping will be created implicitly while a permanent virtual circuit is cr eated. T o create/delete a permanent virtual circ uit, perform the following tasks in interface view .
Configure X.25 209 Ta b l e 248 Specify/Cancel SVC maximum idle time By default, the value of SVC maximum idle time is 0 minute, which means this SVC will not be disconnected for idle times out.
210 C HAPTER 16: C ONFIGU RING LAPB AND X.25 Ta b l e 250 Specify/Cancel packet pre-acknowledgement By default, the number of pr e-acknowledged pa ckets is 0. 4 Configur e X.25 user facil ity X.25 pr otocol defines various user fa cility options. The user can choose and configure the facilities.
Configure X.25 211 window-size and packet-size options are also supported in x25 pvc command. However , in x25 pvc command, these two options specify the window size and maximum packet length of the set PVC. If these two options are not selected in the x25 pvc command, the set PVC will choose the default value of X.
212 C HAPTER 16: C ONFIGU RING LAPB AND X.25 Generally , inter -network protocols will ne ed to send some broadcast datagrams for specific purposes. On the broadcasting physical networks (s uch as Ethernet ), such requir ement s are naturally supported.
Configure X.25 213 Configur e X.25 Sub-Interface X.25 sub-interface is a virtual interface with its own protocol address and virtual circuit. Multiple sub-interf aces can be created on a physical interface, so the networks can be interconnected via one physical interface.
214 C HAPTER 16: C ONFIGU RING LAPB AND X.25 Figure 64 X.25 switching networking diagram 1 Enable or disable X.25 switching In the system view , perform the following task to enable or disable X.
Configure X.25 215 which guarantees no occurrence of link over load when an address is accessed by a large number of su b s cr ib er s. X.25 load balancing is provided by DCEs.
216 C HAPTER 16: C ONFIGU RING LAPB AND X.25 Figure 65 Diagram of X.25 network load balancing As shown in the above figure, Server A and Server B concurrently provide subscribers with identical services. They are configur ed as a hunt group named hg1.
Configure X.25 217 DCE equipment in X.25 networks to provid e the function of load balancing for DTE equipment) then configuration of X.25 load balancin g needs to be made on the routers. The main configuration tasks of X.25 load balancing are as follows: ■ Start X.
218 C HAPTER 16: C ONFIGU RING LAPB AND X.25 Ta b l e 263 Add/Delete X.25 switching route whose forwarding addr ess is hunt gr oup 5 Configure other X.25 switching routes Ta b l e 264 Add/delete other X.25 switching routes Configure X.25 over Other Protocols Configur e X.
Configure X.25 over Other Protocols 219 protocol pr ovides reliable data transmi ssion link. Because TCP has the mechanism of error r e dir ection and window flow cont rolling to guarantee the r eliability of links, it can be used by X.25. XOT builds a TCP tunne l connection between the two X.
220 C HAPTER 16: C ONFIGU RING LAPB AND X.25 Ta b l e 265 Start X.25 switching 1 By default, do not start X.25 switch. 2 Configure IP side interface Because the XOT implements the connection of two X.25 nets thr ough IP net, first you should ensure that the IP net is exped ite.
Configure X.25 over Other Protocols 221 Ta b l e 268 Configure PVC XOT switching 5 Configure Keepalive and xot-source attributes After the TCP link is established, TCP will not be easily cleared even if the link is disconnected. But after configuring Keepalive, the router will send checking packets in time to check the usability of the link.
222 C HAPTER 16: C ONFIGU RING LAPB AND X.25 When configuring an Annex G DLCI, the user must explicitly configure it with the argument DCE or DTE . In addition, the configurations on the routers of a connection should not be the same. That is, if a router is configured to work as DTE, the other router must be configured as DCE.
Display and Debug LAPB and X.25 223 By default, X.25 template is not applied on DLCIs. Display and Debug LAPB and X.25 In the all views, perform the following tasks to enable real-time monitoring of the current status of LAPB a nd X.25. Ta b l e 273 Display and debug LAPB and X.
224 C HAPTER 16: C ONFIGU RING LAPB AND X.25 [Router-Serial0] lapb module 128 [Router-Serial0] lapb window-size 1 27 2 Configure Router B: a Select interface [Router] configure [Router] interface serial 1 b Specify IP address for this interface [Router-Serial1] ip address 202.
Typical X.25 Configuration Example 225 e Specify address mapping to the peer [Router-Serial0] x25 map ip 202.38.160.2 x121-address 20112452 f As this is a direct conn ec tion, the flow contr ol parame.
226 C HAPTER 16: C ONFIGU RING LAPB AND X.25 II. Networking Diagram Figure 69 Connect the router to X.25 public packet network III. Configuration Procedu re 1 Configure Router A: a Configure interface IP addr ess [Router] interface Serial 0 [Router-Serial0] ip address 168.
Typical X.25 Configuration Example 227 [Router-Serial0] x25 map ip 168.173.24.1 x121-address 30561001 [Router-Serial0] x25 map ip 168.173.24.2 x121-address 30561002 Configure Virtual Cir cuit Range I. Networking Requirement The link layer protocol of router's interfac e Serial0 is X.
228 C HAPTER 16: C ONFIGU RING LAPB AND X.25 [Router-Ethernet0] ip address 196.2 5.231.1 255.255.255.0 [Router-Ethernet0] interface serial 0 [Router-Serial0] ip address 192.
Typical X.25 Configuration Example 229 II. Networking Diagram Figure 72 Diagram of X.25 sub-interface configuratio n III. Configuration Procedur e 1 Configure Router A: [Router] interface serial 0 [Router-Serial0] link-protocol x25 dte [Router-Serial0] x25 x121-address 100 [Router-Serial0] interface serial 0.
230 C HAPTER 16: C ONFIGU RING LAPB AND X.25 SVC Application of XOT I. Networking Requirement Router B and C connect through Ethernet interface, and build TCP connection between them. X.25 packets for w ard through TCP , and configu re SVC to implement the SVC function.
Typical X.25 Configuration Example 231 4 Configure Router C a Start X.25 switching [Router] x25 switching b Configure X.25 local switching [Router] x25 switch svc 2 interface seri al 0 c Configure XOT switching [Router] x25 switch svc 1 xot 10.1.1.1 d Configure Ethernet 0 [Router] interface ethernet 0 [Router-Ethernet0] ip address 10.
232 C HAPTER 16: C ONFIGU RING LAPB AND X.25 [Router-Serial0] x25 x121-address 2 [Router-Serial0] x25 x25 vc-range i n-channel 10 20 bi-channel 30 1024 [Router-Serial0] x25 pvc 1 ip 1.1.1 .1 x121-address 1 [Router-Serial0] ip address 1.1.1.2 255.0.0.0 3 Configure Router B a Start X.
Typical X.25 Configuration Example 233 II. Networking Diagram Figure 75 Networking diagram of typical configuration of X.25 hunt gr oup III. Configuration Procedur e 1 Configure RouterA a Configure the link layer pr otocol of interface Serial1 to X.25 and specify it to operate in DCE mode .
234 C HAPTER 16: C ONFIGU RING LAPB AND X.25 [Router] interface serial 0 [Router-Serial0] link-protocol x25 dte [Router-Serial0] x25 x121-address 8 888 The configurations o f RouterC and RouterE are identica l with the configu ration of RouterB 3 Configure RouterD a Configure link layer protocol of interface Serial 0 to X.
Typical X.25 Configuration Example 235 Note that you must configure a virtual IP address and two static r outes on interface Serial 1 to deceive the router because two lines conne ct ed to the same peer exist in router RouterC.
236 C HAPTER 16: C ONFIGU RING LAPB AND X.25 [Router-Serial1] x25 x121-address 3 333 [Router-Serial1] ip address 2.1.1.3 255.255.255.0 [Router-Serial1] x25 map ip 1.1.1.1 x121-address 1111 [Router-Serial1] x25 map ip 2.1.1.1 x121-address 1111 [Router-Serial1] x25 map ip 1.
Typical X.25 Configuration Example 237 [Router-fr-dlci-100] x25-template profil e1 [Router-fr-dlci-100] quit i Map the Frame Relay address to the destination IP address. [Router-Serial1] fr map ip 202.38.163.25 2 100 2 Configure RouterB: a Create an X.
238 C HAPTER 16: C ONFIGU RING LAPB AND X.25 II. Networking Diagram Figure 78 Networking for the SVC application of X.25 over Frame Relay III. Configuration Procedu re 1 Configure the r outer Router A: a Configure the basic X.
Typical X.25 Configuration Example 239 [Router] x25 switch svc 1 interface seri al 0 g Configure X.25 over Frame Relay switch ing. [Router] x25 switch svc 2 interface seri al 1 dlci 100 4 Configure the router Router C: a Enable X.25 switching. [Router] x25 switching b Configure Seria l 0 as the X.
240 C HAPTER 16: C ONFIGU RING LAPB AND X.25 [Router-Serial0] x25 x121-address 1 [Router-Serial0] x25 vc-range in-ch annel 10 20 bi-channel 30 1024 [Router-Serial0] x25 pvc 1 ip 1.1.1 .2 x121-address 2 [Router-Serial0] ip address 1.1.1.1 255.0.0.0 2 Configure Router D: a Configure the basic X.
Fault Diagnosis and Troubl eshooting of LAPB 241 [Router-x25-profile1] x25 vc-range in-ch annel 10 20 bi-channel 30 1024 [Router-x25-profile1] x25 pvc 1 interfac e serial 0 pvc 1 5 Configure Se ria l 1.
242 C HAPTER 16: C ONFIGU RING LAPB AND X.25 ■ Facility options inhibited by network have been carried. T roubleshooting: if the address is configur ed incorrectly , chang e the configuration. For the last two causes, please consult the network management department fo r correct channel range and pe rmissible facility options.
Fault Diagnosis and Troubleshooting of X.25 243 ■ If receiving the ping packet forwarded fr om the router at one end, check whether the returning route has been configured in the r outing table. In addition, if the destination IP address for r eturning the packets is different fr om that configured in the Frame Relay address map and X.
244 C HAPTER 16: C ONFIGU RING LAPB AND X.25.
17 C ONFIGURING F RAME R ELAY This chapter contains information on the following top ics: ■ Frame Relay Protocol Overview ■ Configure Frame Relay ■ Configure Frame Relay QoS ■ Configure Frame .
246 C HAPTER 17: C ONFIGU RING F RAME R ELAY Virtual circuits can be divided into perm anent virtual cir cuit and switching virtual ci rc ui t , ac c o rdi n g to t h ei r d iff e re nt configuration meth od.
Configure Frame Relay 247 Note the following: ■ The interface's link layer pr otocol can be configur ed to Frame Relay only wh en it operates in the synchronous mode. ■ When the interface's link la yer protocol is SLIP , the physical attributes of the interface cannot be modified to synchronous mode.
248 C HAPTER 17: C ONFIGU RING F RAME R ELAY When the Frame Relay interface type is DCE or NNI, the default type of LMI pr o t ocol of interfa ce is Q933a.
Configure Frame Relay 249 The following table de scribes the value ranges and default values of re lated parameters of the Fr ame Relay LMI protocol Ta b l e 278 D escriptions of related parameters of.
250 C HAPTER 17: C ONFIGU RING F RAME R ELAY N392, the DTE equipment will assume th at the number of errors reaches the threshold, and will r egard the physical path and all the virtual cir cuits as unusable. The parameters at the DCE side include: ■ T392DCE: Define the longest duration for the DCE equipment to wait for a status enquiry message.
Configure Frame Relay 251 The map created thr ough the dynamic inverse ARP has broadcast attribute. 6 Configure Frame Relay Local Virtual Circuit Number Perform the following configurations in synchronous serial interface view .
252 C HAPTER 17: C ONFIGU RING F RAME R ELAY b Configure virtual circuit of Frame Relay sub-interface In interface view , perform the following task to configure the virtual circuit of Frame Relay sub-interf ace.
Configure Frame Relay 253 Perform “Enabling/Disabling Frame Relay PVC switching” in system view , and configure all the other commands in synchronous serial interface view . Ta b l e 286 Configure the Frame Relay PVC switching By default, Frame Relay PVC swit ching is disabled.
254 C HAPTER 17: C ONFIGU RING F RAME R ELAY By default, no Frame Rela y switched PVC is cr eated. After configuring the Frame Relay switched PVC, the user will enter the frame relay switch view to perform the operations of shutdown and undo shutdown on the switched PVC.
Configure Frame Relay 255 will not take ef fect. On th e MFR interface, you can co nfigure the network layer parameters (e.g., IP address) and Frame Rela y parameters (e.g., DLCI). The physical interface bundled on the MFR interfac e will use the parameters on the MFR interface.
256 C HAPTER 17: C ONFIGU RING F RAME R ELAY Ta b l e 294 Configure the parameters of the bundle link interface The default link identification is th e name of its physical interface.
Configure Frame Relay 257 Perform the following configurations in interface view . Ta b l e 296 Configure Frame Relay Compression on multipoint interface By defaul t, Frame Re lay payl oad compr ession is disable. On the 3Com Router , both the Frame Rela y main interfaces a nd sub-interfaces can be multipoint interfaces.
258 C HAPTER 17: C ONFIGU RING F RAME R ELAY Configure Frame Relay QoS Quality of Service (QoS) is a set of te chnologies adopted to meet the users' requir ements in thr oughput, delay jitter , delay and packet loss ratio.
Configure Frame Relay QoS 259 Figure 82 Frame Relay traf fic shaping If the Frame Relay traffic shaping is applied on the out going interface Serial 0 on Router B, the interface will be able to transmit packets at 64 kbps, a relatively average rate, so as to avoid the network cong estion.
260 C HAPTER 17: C ONFIGU RING F RAME R ELAY notification (BECN) flag bit is 1, indicating that the congestion has occurred to the network, and the transmit rate of the PVC will be lowered to CIR.
Configure Frame Relay QoS 261 Figure 85 Frame Relay traf fic policing As shown in the above figure, Router A at the user side transmits packets at 192 kbps to Router B at the switching side. However , Router B only wants to provide the 64 kbps bandwidth for Router A.
262 C HAPTER 17: C ONFIGU RING F RAME R ELAY Frame Relay Congestion Management Frame Relay congestion ma nagement can process th e Frame Relay pack ets whenever there is network congestion. It will discard the packets that are marked with the DE flag bit.
Configure Frame Relay QoS 263 Ta b l e 299 Create/Delete a Frame Relay class By defa ult, no Fram e Relay class is cr eated. After creating the Frame Relay class using this command, the user will enter the frame relay class view under which you can configure the pa rameters like CIR.
264 C HAPTER 17: C ONFIGU RING F RAME R ELAY ■ Configure the parameters of Frame Relay class 1 Enable the Frame Relay traffic shaping Perform the following configurations in synchr onous serial interface view .
Configure Frame Relay QoS 265 Numerically , the value of CBS should not be less than CIR ALLOW , otherwise , the large packets may not be sent. Configure Frame Relay T raffic Policing Frame Relay traf.
266 C HAPTER 17: C ONFIGU RING F RAME R ELAY Configure Frame Relay Congestion Manageme nt There ar e two ways to set the congestion threshold. One is to configure the congestion threshold for a PVC in a specified Frame Relay class, an othe r is to configure the congestion threshold for the overall interface in interface view .
Configure Frame Relay QoS 267 Configure Frame Relay DE Rule List 1 Configure a DE rule list Perform the following configurations in system view . Ta b l e 307 Configure a DE rule list By default, no DE rule list is defined. A router can support up to 10 DE rule lists, and each of them can contain up to 100 DE rules.
268 C HAPTER 17: C ONFIGU RING F RAME R ELAY By default, the queue type of a Frame Relay PVC is FIFO. When the congestion management is en abled on Frame Relay PVCs, the queue type on the interface can only be FIFO. For the configuration of PQ, CQ and WFQ, refer to the part of QoS .
Configure Frame Relay over Other Protocols 269 Configure Frame Relay over Other Protocols Frame Relay over IP IP networks are used to carry the Fram e Relay data to interconnect the Frame Relay networks.
270 C HAPTER 17: C ONFIGU RING F RAME R ELAY After configuring t he Frame Relay route through the fr dlci-switch interface tunnel command, two r outes will be added to the Frame Relay routing table on the router . One route takes the tunnel inte rface as the incoming interface and the serial interface as the outgoing interface.
Configure Frame Relay over Other Protocols 271 ■ The DCE device identifies the calli ng number of the in co ming call and authenticates the DTE device according to it to determine wheth er to accept or deny the call.
272 C HAPTER 17: C ONFIGU RING F RAME R ELAY A DCE devic e provides Frame Re lay swit ching. Its one end is connected to a DTE device via ISDN, and the other end is directly connected to another DTE d.
Configure Frame Relay over Other Protocols 273 2 Configuration Related to Frame Relay Switch ing Only some simple Frame Relay switching conf igurations are covere d in this section.
274 C HAPTER 17: C ONFIGU RING F RAME R ELAY In the legacy BDR implementat ion of Frame Relay over ISDN, a diale r interface and all the ISDN physical interfaces (including BR I a nd PRI interfaces) attache d to it will be Configured with Frame Relay .
Display and debug Frame Relay 275 Display Frame Relay data receiving/sending statistics information. displ ay fr statistics [ interface type number ] Display the Frame Relay PVC stat istics display fr.
276 C HAPTER 17: C ONFIGU RING F RAME R ELAY T y pical Frame Rela y Configuration Example Inter connect LANs via Frame Relay Network I. Networking Requirement Interconnect LANs via the public Frame Re lay network. The r outer work as user equipment in the Frame Relay DTE mo de.
Typical Frame Relay Configur ati on Example 277 [Router-Serial1] ip address 202.38.163. 253 255.255.255.0 b Configure the link layer protocol of the interface to Frame Relay [Router-Serial1] link-protocol fr [Router-Serial1] fr interface-type dte c Configur e stati c addr ess mapping [Router-Serial1] fr map ip 202.
278 C HAPTER 17: C ONFIGU RING F RAME R ELAY II. Networking Diagram Figure 94 MFR bundle networking III. Configuration Procedu re 1 Configure RouterA a Create a MFR interface. [Router] interface mfr 0 [Router-MFR0] ip address 202.38.163 .251 255.255.255.
Typical Frame Relay Configur ati on Example 279 II. Networking Diagram Figure 95 networking diagram of Frame Relay over IP III. Configuration Procedur e 1 Configure Router A [Router] interface serial 0 [Router-Serial0] ip address 202.38.163.2 51 255.255.
280 C HAPTER 17: C ONFIGU RING F RAME R ELAY [Router-fr-class-frts] cir allow 64 000 64000 [Router-fr-class-frts] cbs 64000 [Router-fr-class-frts] cir 64000 [Router-fr-class-frts] fragment 80 data-level Configuration Example of Frame Relay T r affic Shaping I.
Typical Frame Relay Configur ati on Example 281 II. Networking Diagram Figure 98 Networking diagram of Frame Relay over IP III. Configuration Procedur e 1 Configure RouterA a Configure the Frame Relay.
282 C HAPTER 17: C ONFIGU RING F RAME R ELAY On RouterA, two BRI interfaces, Bri0 and Bri1 , are available. Bri0 is assigned with the ISDN number 660218, the IP addr ess 110.0.0.1 and the DLCI number 100. Bri1 is assigned with the ISDN number 660208, th e IP ad dress 120.
Typical Frame Relay Configur ati on Example 283 [Router-Serial2:15] dialer bundle-member 20 For configuring the BDR and Fr ame Relay parameters on Dialer1, refer to the configuration on Dialer0. The user only needs to change the IP address to 120.0.0.
284 C HAPTER 17: C ONFIGU RING F RAME R ELAY 2 Configure RouterB a Configur e the BD R an d Fram e Relay parameters on the PRI interface. [Router] dialer-rule 1 ip permit [Router] fr switching [Router] controller e1 0 [Router-E1-0] pri-set [Router] interface dialer 0 [Router-Dialer0] ip address 110.
Fault Diagnosis and Troubleshooting of Frame Relay 285 Fault Diagnosis and T roubleshooting of Frame Relay Fault 1: the physical layer in DOWN status. T r oubleshooting: ■ Check whether the physical line is norma l. ■ Check whether the opposite equipment runs nor mally .
286 C HAPTER 17: C ONFIGU RING F RAME R ELAY ■ Check whether the Frame Relay configurat ions at both ends are correct. Read the section of troubleshooting in Link Layer Protocol .
18 C ONFIGURING HDLC This chapter contains information on the following top ics: ■ Configure HDLC ■ Display and Debug HDLC Configure HDLC HDLC (High Data Link Control) is a bit-oriented link layer protocol.
288 C HAPTER 18: C ONFIGU RING HDLC Enable HDLC p acket debugging debugging hdlc packet [ interface type number ].
19 C ONFIGURING B RIDGE This chapter contains information on the following top ics: ■ Bridge Overview ■ Configure Bridge’ s Routing Function ■ Display and Debug Bridge ■ T ypical Bridge Conf.
290 C HAPTER 19: C ONFIGU RING B RIDGE ■ Supports bridging on the Frame Relay links. ■ Supports bridging on the sub-interfaces of VLAN. ■ Supports bridging o n BDR and dialing standby . ■ Supports binding of multiple ports and load sharing. ■ Support both routing and bridging function for specified protocol .
Bridge Overview 291 Figure 102 Bridge learns that Workstation A is connected with Port 1 Once Workstation B r esponds to Workstation A, the bridge can detect the responding Ethernet frame from W orkstat ion B and learn that Workstation B is also connected to Bridge port 1 b ecause the frame is detected o n port 1 too.
292 C HAPTER 19: C ONFIGU RING B RIDGE Figure 104 Final bridging address table Forward and Filter The bridge will make the decision to fo rward frames or not (that is, to filter frames) depending on t.
Bridge Overview 293 Figure 106 Filter (not forwar d) ■ Suppose that Workstation A sends an Ethernet frame to Workstation C, and the bridge does not find the corr elation between th e MAC address of .
294 C HAPTER 19: C ONFIGU RING B RIDGE Figure 108 Pr eliminary examination state of bridging loops As shown in the following figure, the broadcast frame is forwarded over Ethernet segment 2 and Ethernet segment 3 that are connected with Bridge Z.
Bridge Overview 295 will also specify which bridge to be the “root bridge” and whic h bridges to be the “leaf nodes” . A BPDU cont ains the fo llowing inform ation: ■ Root Identi fier: Consists of the Brid ge Priority and th e MAC address of the root bridge.
296 C HAPTER 19: C ONFIGU RING B RIDGE Figure 110 Spanning tr ee topology BPDU Forwar ding Mechanism Upon the initiation of the network, all th e bridges assume them selves as the root bridge. The designated interface of the bridge r egularly sends its BPDU once a Hello Time.
Configure Bridge’s Routing Functi on 297 will be routed through IP . Certainly , if IP cannot find a route, it will discard the packet instead of forwarding it to the brid ge for pr ocessing. If the packet uses a protocol other than IP (for example, if it is the pack et from the ne twork like AppleT alk or DecNet), it will be bridged.
298 C HAPTER 19: C ONFIGU RING B RIDGE 2 Configure Bridge-Set Each bridge set is independent, and packets can not be transmitted between the ports belonging to differ ent bridge sets. That is, the packets re ceived via one bridge set port can only be sent via the po rts of the same bridge set.
Configure Bridge’s Routing Functi on 299 Perform the following configuration in system view . Ta b l e 324 Enable/Disable forwarding by using dynamic address table By default, the dynamic address table is used to forward frames.
300 C HAPTER 19: C ONFIGU RING B RIDGE Ta b l e 327 Configure the bridge priority By default, the bridge priority is 32768. It is valued in the range of 0 to 65 535. c Configur e the pat h co st of br id ge port The path cost of the p ort is related to its link speed.
Configure Bridge’s Routing Functi on 301 Ta b l e 330 Configure the interval for sending BPDUs By default, the value of Hello T ime timer is 2 seconds.
302 C HAPTER 19: C ONFIGU RING B RIDGE The Max Age is the parameter used t o ju dge whether the BP DUs are “timeout”. Users can configure it accor ding to the actual network conditions. When a port enables the STP , the Max Age timer begins to time.
Configure Bridge’s Routing Functi on 303 When creating an ACL based on Ethernet type code (Ether net-II, SNAP or LSAP), you can specify aclt- number in the range of 200 to 299. type-code is a 16-bit hexadecimal number written with a leading “0x”, co rresponding to the type-code field in the Ethe rnet-II or SNAP frames.
304 C HAPTER 19: C ONFIGU RING B RIDGE By default, no ACL is applied on the port. When applying an ACL on the port, note that: ■ Add the port to a bridge-set first, then apply the ACL on that port. ■ If ACLs of the same type are applied to the same port, the lat est ACL applied will replace the previous ones.
Configure Bridge’s Routing Functi on 305 Ta b l e 340 Configure bridge set to route or bridge the network layer pr otoco l By default, the bridging is enabled, the routing is disabled. Y ou can execute the display bridge bridge- set bridge-template command to view the configuration of routing and bridging on each interface.
306 C HAPTER 19: C ONFIGU RING B RIDGE Ta b l e 343 Map the bridge address to DLC I 11 Configure Bridging over BDR Perform the following confi guration in system view . a Define a dialer list Ta b l e 344 Define a dialer list b Configure the bridge interface Perform the following confi guration in interface view .
Display and Debug Bridge 307 Ta b l e 349 Configure bridge on VLAN Display and Debug Bridge Perform the reset , display and debugging commands in all vi ews. Ta b l e 350 Display and debug bridge T ypical Bridge Configuration T ranspar ent Bridging Multiple LANs I.
308 C HAPTER 19: C ONFIGU RING B RIDGE II. Networking Diagram Figure 111 Networkin g of building transparent bridges between multiple Ethernet segments III.
Typical Bridge Config uration 309 T ranspar ent Bridging over Frame Relay I. Networking Requirements T w o routers are dire ctly connected via serial interfaces. Imple ment transparent bridging over the Frame Relay . II. Networking Diagram Figure 112 T ransparent bridge over the Frame Relay III.
310 C HAPTER 19: C ONFIGU RING B RIDGE T ransparent Bridging for Synchronous Dial-in Standby I. Networking Requirements Configure transpar ent bridging for synchr onous dial-in standby on two routers.
Typical Bridge Config uration 311 T ranspar ent Bridging for Asynchronous Dial-in Standby I. Networking Requirements Configure transparent bridging for asynchronous dial-in standby on two routers.
312 C HAPTER 19: C ONFIGU RING B RIDGE Bridge-T emplate interface I. Networking Requirements Configur e a r outer so that r outing can be carried out on each int er f ace in th e bridge-set. II. Networking Diagram Figure 114 Networking of bridge-template interface III.
Typical Bridge Config uration 313 Bridging on Sub-Interfaces I. Networking Requirements T w o r outers are connected via a network ca ble. Enabling bridging on the Ether net sub-interfaces so that the two bridges established via the routers can be interconnected.
314 C HAPTER 19: C ONFIGU RING B RIDGE Link-Set Configuration I. Networking Requirements Bind multiple parallel links between bridge s into a link-set so that the links can share the load when bridging the traffic. II. Networking Diagram Figure 116 Networkin g of use link-set to implement port binding III.
V N ETWORK P RO T O C O L Chapter 20 Configuring IP Address Chapter 21 Configuring IP Application Chapter 22 Configuring IP Performance Chapter 23 Configuring IP Count Chapter 24 Configuring IPX Chapt.
316.
20 C ONFIGURING IP A DDR ESS This chapter contains information on the following top ics: ■ IP Address Overview ■ T r oubleshooting IP Address Configuration ■ Map between W AN Interface IP Addre ss and Link Layer Protocol Addr ess IP Address Overview IP address is a unique 32-b it address assigned to a host conn ected to Internet.
318 C HAPTER 20: C ONFIGU RING IP A DDRESS The IP addresses a user can use are listed in the following table. Ta b l e 351 IP address classes and ranges Important features of IP address: Some IP addr esses are not in a hierarc hic al structur e, which is differ ent from the structure of telephone number .
IP Address Overview 319 completely inter nal to the en terprise itself, and seen from the outside, the enterprise only has one net-id. When an ex ternal message enters this enterprise network , th e int ernal route r can ro u t e accor ding to the sub-net number , and finally reach the destination host.
320 C HAPTER 20: C ONFIGU RING IP A DDRESS Figure 119 Relation between host name, IP addr ess and physical address Configur e IP Addr ess Configure IP Addr es s for an Interface Use a mask to label the network ID contained in an IP address. Example : the IP address of an Ethernet interface of a router is 129.
IP Address Overview 321 When configuring the mast er IP address for an interface, note: ■ An interface can only have one master IP address. ■ When deleting the IP address of the in terface, if no IP addr ess and mask is specified, all the IP addr e sses (including all slave IP addresses) will be deleted from the interface.
322 C HAPTER 20: C ONFIGU RING IP A DDRESS Ta b l e 354 Set negotiable attribute of IP address for an interface By default, the interface ha s no negotia ting IP addr ess. Note the following: ■ Because PPP supports IP address negotia tion, IP address negotiation of an interface can be set only when the interface is encapsula ted with PPP .
IP Address Overview 323 Ta b l e 355 Configure IP address unnumber ed By default, the interfa ce has no IP address. 2 Display IP address unnumbered Ta b l e 356 Display IP address unnumber ed Configuration Example I.
324 C HAPTER 20: C ONFIGU RING IP A DDRESS 2 Configure r outer R1 of Shenzhen subsidiary: [Router-Ethernet0] ip address 172. 16.20.1 255.255.255.0 a Borrow IP addr ess of Ethernet [Router-Serial0] ip .
Map between WAN Interface IP Address and Link Layer Protocol Address 325 cannot r eceive the arp m essage, then possibly t he err or is on the Ethe rnet physical layer . Fault 2: When the interface is encapsulated with PPP or Frame Relay , the link layer protocol status does not change to UP .
326 C HAPTER 20: C ONFIGU RING IP A DDRESS.
21 C ONFIGURING IP A PPLICATION This chapter contains information on the following top ics: ■ Configure Addr ess Resolution Protocol (ARP) ■ Configure Domain Name Resolution (DNS) ■ VLAN Configu.
328 C HAPTER 21: C ONFIGU RING IP A PPLICATION By default, the system ex ecutes static ARP mapping. Static ARP mapping items ar e valid as l ong as the r outer works normally , but dynamic ARP mapping items are valid for only 20 minutes.
VLAN Configuration 329 By default, the system has no static domain name resolution mapping. Pay attention that when adding a domain n ame mapp ing, if the same hostname has been input twice, the current confi guration will overwrite the pr evious one.
330 C HAPTER 21: C ONFIGU RING IP A PPLICATION Figure 122 Format of VLAN tag TPID (T ag Protocol Identifier) field has two bytes. When its value is 0X8100, it means the Et her net frame header contain s VLAN tag.
VLAN Configuration 331 In as Ethernet interface is connected wi th a LAN Switch port. As the Ether net subinterface of every specif ied VLAN ID can act as an indep endent gateway , this subinterface and other Ether net subinte rface in the same VL AN ID should belong to the same subnet segment.
332 C HAPTER 21: C ONFIGU RING IP A PPLICATION [Router] interface ethernet 0.1 b Specify 3 as the ID nu mb er of the VLAN on which the subinterface is located. [Router-Ethernet0.1] vlan-type dot 1q vid 3 c Configure IP address for the subinterface. [Router-Ethernet0.
DHCP Server Configuration 333 connected with PC must be set as “untagged ” for th e reason that PC cannot identify data packet marked with VLAN tag. Fault: Ping T wo PCs, but fa ils to ping them through. T r oublesh ooting: The st eps below can be taken.
334 C HAPTER 21: C ONFIGU RING IP A PPLICATION DHCP server can provide thr ee types of IP address allocation policies accor ding to t he d i ff ere n t req u ire m e nt s : ■ Allocate addresses ma n ually: Administrators configu r e special IP addresses for a small number of part icular hosts such as the service server WWW .
DHCP Server Configuration 335 ■ DHCP client logins the network f or the first time If it is the first time for a DHCP client to login to the network, it will establish a connection with the DHCP server through four s tages: ■ Discovering stage. This is the stage when the DHCP client searches the DHCP servers.
336 C HAPTER 21: C ONFIGU RING IP A PPLICATION will take bac k the IP address. If the DHCP client wants to continue to use this address, it should r enew the IP leasing contract such as extending the leasing contract o f the IP address.
DHCP Server Configuration 337 ■ Configure the range of a DHCP addr ess pool ■ Configure the IP addr esses that do no t participate in auto-allocation in the DHCP addr e ss pool ■ Configure the l.
338 C HAPTER 21: C ONFIGU RING IP A PPLICATION By default, no DHCP ad dress pool is created. 3 Configure the range of a DHCP addr ess pool a Configure the static binding add ress allocated to the client Some special clients (e.
DHCP Server Configuration 339 The command network cannot be superimposed, that is, the latest configuration will overwrite the previous one. The command network and the commands static-bind ip-address and static-bind mac-address are conflicting.
340 C HAPTER 21: C ONFIGU RING IP A PPLICATION By default, the valid leasing period of IP address is 1 day . 6 Configure the IP Address of Egress Gateway Router for DHCP Clients When a DHCP client accesse s a server (or host) beyond the local subnetwork, all the data must be sent and received via the egress gateway for the local network.
DHCP Server Configuration 341 That is because the new DNS address will replace the previous one rather than superimpose it. 9 Configure IP Addr ess of NetBIO S Server U sed by DHCP Clients Clients can communicate through the NetBIOS protocol.
342 C HAPTER 21: C ONFIGU RING IP A PPLICATION assume that the IP addr ess in this segment is not in use. Only when it is not in use can the IP address be alloca ted to the specified client.
DHCP Server Configuration 343 T ypical DHCP Se rver Configuration Example The common DHCP networking methods can be classified into two cat egories: One is that the DHCP server and the clients reside on the same subnetwork and they directly carry out the interaction of DHCP .
344 C HAPTER 21: C ONFIGU RING IP A PPLICATION 4 Configure the attributes (address pool ra nge, outgoing gateway and addr ess lease period) in DHCP pool 1. [Router] dhcp server ip-pool 1 [Router-dhcp1] network 10.1.1.0 ma sk 255.255.255.128 [Router-dhcp1] gateway-list 10.
Configure DHCP Relay 345 Figure 127 Schematic diagram of DHCP r elay The above figur e is the schematic diagra m of DHCP relay . Its work ing principle is as follows: After starting DHCP client, a con.
346 C HAPTER 21: C ONFIGU RING IP A PPLICATION UDP needs to be forwarded Broadcast messages of common protocols usually adopt UDP . The destination port numb er of UDP is configured to set the transparent transmission pr otocol.
Configure DHCP Relay 347 II. Networking Diagram Figure 128 Networking diagram of an DHCP r elay configuration example III. Configuration Procedur e 1 Configure DHCP relay r outer: [Router-Ethernet0] ip address 10.110.1. 1 255.255.0.0 [Router-Ethernet0] ip relay-address 202 .
348 C HAPTER 21: C ONFIGU RING IP A PPLICATION II. Networking Diagram Figure 129 Config uration example of transpar ent transmission forwar ding protocol III. Configuration Procedu re 1 Configure Router A: [Router] ip relay protocol udp 69 [Router] interface ethernet 0 [Router-Ethernet0] ip address 10.
Configure Network Address Translation (NAT) 349 ■ Check whether the transp arent transmission r outer itself is configured with services of t he pr otocol tra nsmitted tran sparen tly .
350 C HAPTER 21: C ONFIGU RING IP A PPLICATION 203.196.3.23:32814. The destination addre ss and port remains unchanged. In the proxy server , it maintains one corresponding table of address port.
Configure Network Address Translation (NAT) 351 ■ The debugging of the network becomes ev e n m o re d iff i cu l t . F o r in s t an c e, when one host machin e of the inter nal network attempts to.
352 C HAPTER 21: C ONFIGU RING IP A PPLICATION access control list, then locate the co rresponding data pool according to the correlation. Thus, the source address is translated into one address in the data pool and the address translation pr ocess is completed.
Configure Network Address Translation (NAT) 353 corresponding internal server . During the course of ad dress translation, it will look up the resour ce addr ess of the message, to determine if the message is sent fro m the internal server . If yes, the source address is translated to the corresponding public network address.
354 C HAPTER 21: C ONFIGU RING IP A PPLICATION Display and Debug NA T Ta b l e 388 Display and debug NA T Ty p i c a l N A T Configuration Example An enterprise is connected to W AN by the address translation function of an internal server .
Configure Network Address Translation (NAT) 355 II. Networking Diagram Figure 132 NA T configuration case networking diagram 1 III. Configuration Procedur e a Configure addr ess pool and access list [Router] nat address-group 202.38.160.101 202. 38.160.
356 C HAPTER 21: C ONFIGU RING IP A PPLICATION The internal LAN of an enterprise ca n dial-up to access Inter net by the address translation. I. Networking Requirement The internal LAN of an enterprise can dial -up to access Internet through serial port S0 by the addr ess translation of the 3Com Router series.
Configure Network Address Translation (NAT) 357 Fault 2: Internal server abnormal T r oubleshooting: If an exter nal host cannot access th e internal s erver normally , check the configuration on the internal server host, or the inter nal server configuration on the router .
358 C HAPTER 21: C ONFIGU RING IP A PPLICATION.
22 C ONFIGURING IP P ERFORMANCE This chapter contains information on the following top ics: ■ Configure IP Performance ■ Configure TCP Performance ■ Configure Fast Forwarding ■ Display and Deb.
360 C HAPTER 22: C ONFIGU RING IP P ERFORMANCE Ta b l e 391 Configure router forwar ding redir ect packets By default, r outer forwarding r edirect packets is enabled. 4 Configure Router Receiving/Forwarding Sour ce Route Packets The following configurations should be made in system view .
Configure TCP Performance 361 The Synwait timer's timeout ranges between 2~6 00 seconds, with a defau lt value of 75 seconds. The Finwait timer's timeout ranges between 76~3600 seconds, with a default value of 675 seconds. Th e value of window-size ranges between 1~32Kbytes, with a de f au l t valu e of 4Kb yt e s.
362 C HAPTER 22: C ONFIGU RING IP P ERFORMANCE Configure Fast Forwarding Message forwar ding efficiency is a key feature evaluating r outer performance. According to r egular flow , wh en a message arrives, the r outer will copy it from the interface memory to t he main CPU.
Display and Debug IP Performance 363 By default, fast-forwarding is enabled in the input/output directions of the interface. When fast-forwarding is carried out on an interface, note that: ■ Y ou can disable fast-forwarding as necessary .
364 C HAPTER 22: C ONFIGU RING IP P ERFORMANCE T roubleshooting IP Performance Configuration Fault 1: TCP and UDP ar e created u pon IP protocol, and IP is able to provide data packet transmission.
23 C ONFIGURING IP C OUNT This chapter contains information on the following top ics: ■ IP Count Introduction ■ IP Count Configuration ■ Display and Debug IP Count ■ T ypical Configurat ion Ex.
366 C HAPTER 23: C ONFIGU RING IP C OUNT Figure 134 Networkin g for an IP Count application IP Count mainly implements the following functions: ■ Configure IP Count list ■ Make statistics on the o.
IP Count Configuration 367 Configuring IP Count on an interface can enable packet accounting on the interface. Y ou can configure to make statistics on the packets input or output on the interface, as well as packets denied by firewall. Perform the following configuration in interface view .
368 C HAPTER 23: C ONFIGU RING IP C OUNT The default max entries number of exterior is set to 0, namely , the packets that do not match the rules will not be counted.
Troubleshoo ting 369 II. Networking Diagram See Figure 4-1 Networking for IP Count ap plication for refere nce. III. Configuration Procedur e 1 Configure the r outer a Enable IP Count service [Router].
370 C HAPTER 23: C ONFIGU RING IP C OUNT.
24 C ONFIGURING IPX This chapter contains information on the following top ics: ■ IPX Pr otocol Overview ■ Configure IPX IPX Protocol Overview Novell IPX protocol is a connectionless pr otocol.
372 C HAPTER 24: C ONFIGU RING IPX network routing information which can be sent to destination or needs to be forwarded, so that when a packet is received, the next router can be found to transmit the packet. The routing inform ation here can be configured both statically and dynamically .
Configure IPX 373 clients can always obtain the latest se rver addresses. The following diagram describes the r elation be t w ee n main components of SAP .
374 C HAPTER 24: C ONFIGU RING IPX Perform the following task in interface view . Ta b l e 407 Enable IPX interface By default, IPX is disabled on all interfaces after being started. Delete interface IPX, then IPX configurat ion is removed from the interface, static service information and static r out ing information will be deleted.
Configure IPX 375 Ta b l e 410 Configure RIP updating period By default, the time interval for RI P updating period is adjusted to be 60 seconds. c Configur e aging per i o d of I PX RIP Perform the following task in system view .
376 C HAPTER 24: C ONFIGU RING IPX When the length of a route reserve queue is 1, the system only saves one route for a destination. If this unique r oute is faulty , it will be deleted by the system and ther e will be no route to the destinat ion while sear ching for the substitute routes, r esulting in huge loss of packets.
Configure IPX 377 Ta b l e 416 Configure IPX SAP updating period By default, the updating perio d of IP X SAP is 1 tick (i.e. 1/18 seconds). c Configure SAP aging period Perform the following task in system view .
378 C HAPTER 24: C ONFIGU RING IPX If the length of a service information re serve queue is 1 , th e system saves only one service information. If the server to which the only service infor mation cor.
Configure IPX 379 Ta b l e 423 Configure the delay of interface sending IPX packets By default, the delay of Ethernet interface is 1 tick, For asynchronous serial port is 30 ticks and that for W AN port is 6 ticks.
380 C HAPTER 24: C ONFIGU RING IPX Display and Debug IPX Ta b l e 427 Display and Debug IPX Ty p i c a l I P X Configuration Example I. Networking Requirement Networking with Router A and Router B. Here, both Server1 and Server2 are installed with NetWar e 4.
Configure IPX 381 d Activate IPX module on interface Se rial0, the network ID being 1000. Configuring BDR parameter [Router] interface serial 0 [Router-Serial0] dialer enable-legacy [Router-Serial0] dialer-group 1 [Router-Serial0] ipx network 1000 e Configure an address map to Router B [Router-Serial0] dialer route ipx 1000.
382 C HAPTER 24: C ONFIGU RING IPX i Configure an information about Server 1 directory service [Router] ipx service 26B tree 937f .0000.0000.0001 5 hop 2 [Router] ipx service 278 tree 937f .
25 C ONFIGURING DLS W This chapter contains information on the following top ics: ■ DLSw Protocol Overview ■ Configurat io n of DLS w ■ Display and Debug DLSw ■ T ypical DLSw Configuratio n Ex.
384 C HAPTER 25: C ONFIGU RING DLS W Configuration of DLSw DLSw configuration includes: ■ Cr ea te DLSw local peer entity ■ Cr ea te DLSw r emote end peer entity ■ Configur e Brid ge set conne c.
Configuration of DLSw 385 Please perform th e following configuration s in system view . Ta b l e 429 Create DLSw remote end peer entity No DLSw r emote end peer entity is crea ted by default.
386 C HAPTER 25: C ONFIGU RING DLS W Please process the following configurations in the Ether net interf ace view . Ta b l e 431 Configure to add ethernet port to Bridge set No Ethernet port is added to Bridge set by default. 5 Configure Link Layer Protocol for Interface Encapsulation as SDLC SDLC is a link layer pr otocol relative to SN A.
Configuration of DLSw 387 forwarding. This command is used to specify the virtual MAC address on the interface, thus providing source MAC ad dr ess for transformin g SDLC message into LLC2 message. Please process the following configurati ons in the synchronous interface view .
388 C HAPTER 25: C ONFIGU RING DLS W partner shall be the MAC address of th e r emote end SNA equipment (physical addresses of such equipment as Ethern et and T oken- Ring) or next-hop MAC address composed of SDLC. Please process the following configurations in the synchronous interface view .
Configuration of DLSw 389 12 Configure to Stop Running DLSw Please carry out the follow ing configuratio n und er overall view . Ta b l e 439 Configure to stop running DLSw By default, the system does not run DLSw protocol. After using this command, the system w ill release all the dynamic r esources but reserv e the ex isting configuration.
390 C HAPTER 25: C ONFIGU RING DLS W Ta b l e 442 Configure Idle time encoding mode of synchronous Interface By default, the synchronous inte rface uses encoding mod e "7E". Generally , the idle time encoding mode of synchronous interface doesn't need to be modified.
Configuration of DLSw 391 LLC2 pre-answer refers to sending answe r packet to the peer in advance afte r receiving the specified amount of p ack ets. This parameter and local answer display time in 1 controls the time to send answer packet together .
392 C HAPTER 25: C ONFIGU RING DLS W Ta b l e 448 Configure retransmission number of LLC2 By default, the retransmi ssion number of LLC2 is 20. f Configure LLC2 Local Ackn owled gement T ime LLC2 local acknowledgement time refers to max wait time for waiting for the other part's acknowledgement after sendi ng a piece of LLC2 data message.
Configuration of DLSw 393 Ta b l e 452 Configure REJ status time of LLC2 By default, REJ status time of LLC2 is 500 ms. j Configure Queue Length of Sending Message of LLC2 Please process the following configurat ions in the Ethernet interface view .
394 C HAPTER 25: C ONFIGU RING DLS W By default, the modulo value of SDLC is 8. d Configure Maximum Receivable Frame Length N1 of SDLC Maximum frame length of SDLC refe rs to byte number of maximum transmissible and receivable message, no t including parity bit an d stop bit.
Configuration of DLSw 395 Ta b l e 460 Configure SAP address for tr ansforming SDLC to LLC2 By default, both LSAP and DSAP of LLC2 are 04. h Configure Data Bi-dir ectional T ransmission Mo de of SDLC .
396 C HAPTER 25: C ONFIGU RING DLS W Ta b l e 463 Configure acknowledgement wait time T2 of SDLC secondary station By default, the ack nowledgement wait time T2 of SDLC s econdary station is configured to be 500 ms. Display and Debug DLSw Ta b l e 464 Display and debug DLSw Ty p i c a l D L S w Configuration Example DLSw Configuration of LAN-LAN I.
Typical DLSw Configuration Example 397 II. Networking Diagram Figure 139 Networking diagram of DLSw configuration o f LAN-LAN III. Configuration Procedur e 1 Router A Configuration : [Router] dlsw local 10.
398 C HAPTER 25: C ONFIGU RING DLS W II. Networking Diagram Figure 140 Networking diagram of DLSw configuration of SDLC-SDLC III. Configuration Procedu re 1 Router A Configuration: [Router] dlsw local 110.
Typical DLSw Configuration Example 399 II. Networking Diagram Figure 141 Networking Diagram of SDLC-LAN III. Configuration Procedur e: 1 Router A Configuration: [Router] dlsw local 110.
400 C HAPTER 25: C ONFIGU RING DLS W above example, c1 and c2 are the equi pment of PU2.0 type, and c3 is the equipm ent of PU2.1 ty pe. Diagnosis and T roubleshooting of DLSw Fault The normal communi.
Diagnosis and Troublesho oting of DLSw Fault 401 active equipment of SDLC (such as AS/4 00 or S390) is activated. Sometimes, communication can be implemented afte r you activate SDLC line manually .
402 C HAPTER 25: C ONFIGU RING DLS W.
VI R OUTING Chapter 26 IP Routing Protocol Chapter 27 Configuring Static Routes Chapter 28 Configuring RIP Chapter 29 Configuring OSPF Chapter 30 Configuring BGP Chapter 31 Configuring IP Routin g Pol.
404.
26 IP R OUTING P RO T O C O L IP Routing Protocol Overview Routers are used to sel ect the route in the Internet. A router sele cts a suitable path according to the destination host address contained in a r eceived data packet, and sends the data packet to the next router .
406 C HAPTER 26: IP R OUTING P ROTOCO L of the router should be used to tran sfer a data packet to a sub-network or a host, so the packet can reach the next router on this path, or reach the host as a directly connected destination without passing through other routers.
Routing Mana gem ent Strategy 407 Figure 143 Routing table illustratio n 3Com routers support not only static route configuration, but also dynamic routing protocols such as RIP , OSPF an d BGP . Depen ding on th e interface status and user configuration, a router can automatically obtain some direct routes during their operation.
408 C HAPTER 26: IP R OUTING P ROTOCO L Except for the direct r oute (Connected), the priority of each dynamic routing protocol can be manually config ured accord ing to specific requir ements. In addition, each static route can have a differ ent priority .
27 C ONFIGURING S TATIC R OUTES This chapter covers the following topics: ■ Static Route Overview ■ Configuring a Static Route ■ Displaying and Debugging t he Routing T a ble ■ Static Route Co.
410 C HAPTER 27: C ONFIGU RING S TATIC R OUTES Default routes ar e very useful in networ k. In a typical network with hundreds of routers, dynamic r outing protocols may consume lot s of bandwidth resource.
Displaying and Debugging the Routing Table 411 IP addr ess to the link layer address (such as dialer ro ute ip, x.25 map ip or fr map ip commands, and so on). In this case, you cannot specify the transmitting in terface for the sta tic route and must configure the IP address of the next hop.
412 C HAPTER 27: C ONFIGU RING S TATIC R OUTES Static Route Configuration Example By configuring a status route, any two hosts or routes can communicate with each other . Figure 144 Example of static r oute configuration T o configure a static route: 1 Configure the static route for RouterA: [RouterA] ip route-static 1.
28 C ONFIGURING RIP This chapter covers the following topics: ■ RIP Overview ■ Configur e RIP ■ Displaying and Debugging R IP ■ RIP - Unicast Configuration Example ■ T r oubleshooting RIP RI.
414 C HAPTER 28: C ONFIGU RING RIP The procedur e of running RIP can be described as follows: 1 When a specific router is starting RIP for the first time, it broadcasts request messages to the neighbor routers.
Configure RIP 415 ■ Configuring RIP Ho rizontal Segmentation on the Interface ■ Configuring Route Import fo r RIP ■ Specifying Default Route Metric V alue fo r RIP ■ Specifying Additional Rout.
416 C HAPTER 28: C ONFIGU RING RIP Defining a Neighboring Route r RIP is a broadcast protocol. It ex changes r outing information with non-broadcasting networks in unicast mode. Perform the following configurations in RIP view . Ta b l e 471 Define a Neighboring Router By default, no neighbor in g routers ar e defined.
Configure RIP 417 RIP V ersion 2 does not have provisions for a zer o field in its header so this configuration is invalid for RIP-2. Perform the following configurations in RIP view . Ta b l e 473 Configure Check Zero Field of RIP V ersion 1 RIP VERSION 1 ena bles zero fiel d check by default.
418 C HAPTER 28: C ONFIGU RING RIP By default, the router is en ab led to receive the host routes. Enabling Route Summarization for RIP V ersion 2 Route summarization summarizes the routes of differ ent subnets within the same natural network segment an d sends the su mmary to other network segmen ts as a summarized r oute with a na tural mask.
Configure RIP 419 Configuring RIP Horizontal Segmentation on the Interface RIP is a Distance-V ector algorithm routing pr otocol. It uses the split-horizon algorithm to avoid loop routes. Split-horiz on means that routes received at a certain interface are not sent to the same interface.
420 C HAPTER 28: C ONFIGU RING RIP Since the route metric of route import cannot be r everted, the dynamic route information may be significantly distorted. Therefore, r oute import is done cautiously to prevent loss of RIP protocol's performance.
Displaying and Debugging RIP 421 Configure filtering the routing information bein g advertised Ta b l e 484 Filter the Routing Information Being Advertised by RIP By default, RIP does not filter any rout e information received or being advertised. The protocol attribute specifies the routing domain that can be filter ed.
422 C HAPTER 28: C ONFIGU RING RIP RIP - Unicast Configuration Example RIP is a br oadcast protocol so it can only exchange r outing information with non-broadcasting networks in unicas t mode. This example shows how to configure RIP message unicasting.
29 C ONFIGURING OSPF This chapter covers the following topics: ■ OSPF Overview ■ Configuring OSPF ■ Displaying and Debugging OSPF ■ OSPF Configuration Example OSPF Overview Open Shortest Path First (OSPF) is an autonomous, link-state-based inter nal routing protocol developed by Internet E ngineering T ask Fo rce (IETF).
424 C HAPTER 29: C ONFIGU RING OSPF 0.0.0.0. All areas must be continuous logically . Thus, a virtual link is introduced to the backbone to ensure that physically se parated ar eas are still connected logically . The r outer between the ASs is called auto nomous system boundary router (ASBR).
Configuring OSPF 425 ■ Configuring Sending Packet Cost ■ Configuring a Peer for the NBMA Interface ■ Specifying the Router Priority ■ Specifying the Hello Interval ■ Specifying the Dead Inte.
426 C HAPTER 29: C ONFIGU RING OSPF By default, OSPF is disabled. Associating an Area-id with the Specified Interface The OSPF protocol divides the autonomous system in to areas. An ar ea is the logical group of the router . Some routers belong to differ ent areas (called area boundary router ABR), while a network segment can only be in one area.
Configuring OSPF 427 hello packet before this interface sets up neighboring r elations with the adjacent rou t e rs . The interface can be configured into nbma mode on the broadcast network without multi-access capability . If not all routers are inter -reachable on NBMA network, the interface can be configured into p2mp mode.
428 C HAPTER 29: C ONFIGU RING OSPF The default value of the cost o f sending a pack et on the interface is calculated automatically according to the in terface bau d rat e as follows: The default value is automatically calcul ated accor ding to interface baud r ate.
Configuring OSPF 429 Specifying the Router Priority It is necessary to establish the peer rela tionship manually between interfaces for multi-point access network, (NBMA and broadcast type networks). But establishing peer relationshipoccupies large amounts of system r esources when there ar e hundreds of r outers in the network.
430 C HAPTER 29: C ONFIGU RING OSPF Specifying the Hello Interval The Hello packet is periodically sen t to th e neighboring router to find and main tain OSPF neighbor relationship, and to el ect the DR and BDR in the NBMA and broadcast networks.
Configuring OSPF 431 Specifying the Retransmitting Interval The router waits for confirmation from the ne ighbor to whom it has sent an LSA. If the router does not receive the neighbor's confirmation after a specified interval, the retransmitting interval, it resends the LSA.
432 C HAPTER 29: C ONFIGU RING OSPF information is reduced gr eatly . A default r o uting (0.0.0.0) is generated for the area by the ABR of the area to insure that thes e r outes ar e reac ha ble. A stub area is a n optional configured attribute, but it does no t mean that each area i s configurable.
Configuring OSPF 433 In the following group network, an AS operating the O SPF protocol includes thr ee areas, ar ea 1, area 2, and area 0. Ar ea 0 is the backbone area. The other ASs operate RIP . Area 1 is defined as an NSSA area . After an RIP route adve rtises to the NSSA ASBR that generates a T ype-7 LS A and propagates in Area 1.
434 C HAPTER 29: C ONFIGU RING OSPF which reduces the LSDB in other areas. The configuration of range is only effective when it is configured on teh ABR in the stub area. For example, ther e ar e two network segments in an area a s follows: 202.38.160.
Configuring OSPF 435 The virtual link is acti vated after the r oute thr ough the transit ar ea is calculated. It is equivalent to a point-to-point connec tion between t wo terminals. Parameters can be configured for this connection like a physical interface, such as sending a hello-timer .
436 C HAPTER 29: C ONFIGU RING OSPF ■ dead-timer: 40 seconds Configuring Authentication OSPF supports simple text authentica tion and MD5 authen tication between adjacent routers. Perform the following configurations in int erface view . Ta b l e 502 Configure Authentication By default, the inte rface does not authenticat e OSPF packets.
Configuring OSPF 437 Ta b l e 503 Configure Route Import for OSPF By default, OSPF does not import routes from other domains into the routing table. The protocol attribute specifies the source r outing domain that can be imported. At present, OSPF can import r outes doma in such as connected, static, RIP , and BGP .
438 C HAPTER 29: C ONFIGU RING OSPF By default, the cost value is 1, and th e tag value is 1. The imported r oute is external route T ype 2, th e interval of im porting exter nal route is 1 second and at most 150 extern al routes can be imported in each interval.
OSPF Configuration Example 439 OSPF Configuration Example This section describes several dif ferent c onfigurations of OSPF with a suggested procedur e for each configuration Configuring OSPF on the Point-to-Multipoint Network.
440 C HAPTER 29: C ONFIGU RING OSPF [RouterA] interface serial 0 [RouterA-Serial0] ip address 1.1.1 .1 255.0.0.0 [RouterA-Serial0] link-protocol fr [RouterA-Serial0] fr map IP 1.1.1. 2 dlci 101 broadcast [RouterA-Serial0] fr map IP 1.1.1.3 dlci 1 02 broadcast [RouterA-Serial0] fr map IP 1.
OSPF Configuration Example 441 c Configure the ar ea-id of the in terface and the interface type [RouterC-ospf] quit [RouterC] interface serial 0 [RouterC-Serial0] ospf enable area 0 [RouterC-Serial0] ospf network-type p2m p [RouterC-Serial0] ospf peer 1.
442 C HAPTER 29: C ONFIGU RING OSPF II. Networking diagram Figure 148 Networkin g diagram of configuring “DR” selection of OSPF prefer ence III. Configuration pr ocedure 1 Configure Router A: [RouterA] interface ethernet 0 [RouterA-Ethernet0] ip address 192 .
OSPF Configuration Example 443 Run display ospf peer on Router A to show OSPF peer . Note that Router A has 3 peers. [RouterA] display ospf peer The status of every pe er is full, wh ich means that Router A has created neighboring relation with all peers.
444 C HAPTER 29: C ONFIGU RING OSPF Configuring an OSPF Virtual Link Area 4 is not directly connected with ar ea 0 in the following diagram. Area 1 serves as the transit ar ea to connect are a 4 and ar ea 0. Configur e a virtual link between Router B and Router C.
OSPF Configuration Example 445 [RouterC] router id 3.3.3.3 [RouterC] ospf enable [RouterC-ospf] interface ethernet 0 [RouterC-Ethernet0] ospf enable area 2 [RouterC-Ethernet0] interface serial 0 [RouterC-Serial0] ospf enable area 1 [RouterC-Serial0] quit [RouterC] ospf [RouterC-ospf] vlink peer-id 2.
446 C HAPTER 29: C ONFIGU RING OSPF [RouterB] ospf enable [RouterB] interface ethernet 0 [RouterB-Ethernet0] ip address 192 .1.1.2 255.255.255.0 [RouterB-Ethernet0] ospf enable ar ea 0 [RouterB-Ethernet0] ospf authentic ation-mode simple 3Com 3 Configure Router C: [RouterC] router id 3.
OSPF Configuration Example 447 dial-up mode, although the PPP protocol is enc apsulated on the link layer , it is still NBMA type. The peer must be specified manually . Use the ospf peer ip-address command . ■ If the network type is broadcast network or NBMA, at least the priority of one interface must be over 0.
448 C HAPTER 29: C ONFIGU RING OSPF.
30 C ONFIGURING BGP This chapter covers the following topics: ■ BGP Overview ■ Configuring BGP ■ Displaying and Debugging B GP ■ BGP Configuration Example BGP Overview Border Gateway Pr otocol (BGP) is an int e r -AS dynamic route discovery protocol.
450 C HAPTER 30: C ONFIGU RING BGP The BGP system runs on a specific r outer as a high layer pr otocol. A t system startup, the whole BGP routing table is transmitted for the exchang e of routing information. Later on, only an update message is tr ansmitted for updating the routing tabl e.
Configuring BGP 451 ■ Configuring a BGP Community ■ Configuring a BGP AS Confederation Attribute ■ Configuring Route Dampening ■ Configuring Synchronization of BGP and IGP ■ Configuring the .
452 C HAPTER 30: C ONFIGU RING BGP BGP peer advanced configurati on incl udes the following steps: 1 Configure the connection between EBGP peers th at are connected indirectly . Ta b l e 511 Configure Connection Between EBGP Peers Connected Indirectly By default, the BGP co nnecti on can be established with a directly connected peer router .
Configuring BGP 453 Ta b l e 515 Configure to Send Community Attribute to the Pee r By default, the community attrib utes are not sent to the peer . 6 Configure the peer to be the client of the r oute reflector . Ta b l e 516 Configure the Peer to be the Client of the Route Reflector 7 Configure to distribute default r oute to the peer .
454 C HAPTER 30: C ONFIGU RING BGP By default, the route from the peer or pe er group is not designated with any route policy . 10 Create an filtering policy ba sed on access list for the peer . Ta b l e 520 Create a Fltering Policy Based on Access List for the Peer By default, no r oute filtering policy based on IP ACL for a peer is set.
Configuring BGP 455 By default, MED values from dif ferent AS neighboring r outes are not compar ed when determining the best route. This configuration should not be used unle ss it is certain that differ ent ASs uses the same IGP and routing modes.
456 C HAPTER 30: C ONFIGU RING BGP holdtime-interval attribute is 180 seconds and may have a time interval ranging from 3 to 42949675 seconds. Configuring a BGP Peer Group The BGP peer gr oup command can be used for user configuration.
Configuring BGP 457 T o configure an advanced BG P peer group configuration: 1 Configure the AS number of BGP peer group Ta b l e 528 Configure AS Number of BGP Peer Group By default, there is no AS number for BGP peer group.
458 C HAPTER 30: C ONFIGU RING BGP By default, send no community attribute to any peer group. 6 Configure a peer group as the client of a BGP reflector In general, the AS requires that all the IBGP routers should be connected to one another , and the routes sent by the IBGP neighbors is not advertised, to prevent route l oop.
Configuring BGP 459 By default, the route fr om the peer or pe er gro up is not de signated with a ny r oute policy . 10 Create a filtering policy based on the access list for the peer group Ta b l e 537 Create a Filtering Policy Based on Access List for Peer Group By default, no rout e fi ltering polic y based on IP ACL for peer gr oup is set.
460 C HAPTER 30: C ONFIGU RING BGP By default, an aggr egate is disabled. Configur e BGP Route Reflector T o guarantee the connectivity between t h e IBGP peers, an all-closed network should exist between IBGP peers.
Configuring BGP 461 The non-clients must form an all-closed ne twork with the reflector , as they follow the basic rules of IBGP . A client should not be peer o f othe r inter nal speakers outside its cluster . The r eflecting function is achieved only on the route reflector .
462 C HAPTER 30: C ONFIGU RING BGP Ta b l e 542 Configure the Cluster ID By default, the router ID of the rout e reflector is used as the cluster ID. Configuring a BGP Community In BGP range, a community is a logical ar ea formed by a group of destinatio ns which share common attributes for applying the route policy .
Configuring BGP 463 The disadvantage is that when a non-confederation scheme ch anges to a confederation scheme, it is required to reconfigur e the router and to modify the logical topology . In addition, if the BGP strategy is not manually configured, the best path may not be selected through the confederation.
464 C HAPTER 30: C ONFIGU RING BGP Configuring Route Dampening Route instability is frequently indicated when a r oute disa ppears that used to exist in the routing table. This route may r ea ppear and disappear fr equently , which is called routing flapping.
Configuring BGP 465 Ta b l e 547 Configure Route Dampening By default, route dampening is disabled. 2 Display route flap information. Perform the following configurations in system view .
466 C HAPTER 30: C ONFIGU RING BGP peer and advertises it to other EBGP peers, it will try to check whether this destination can be reached through its AS. Perform the following configurations in BGP view . Ta b l e 549 Configure Synchron ization of BGP and IGP By default, BGP synchr onizes with IGP .
Configuring BGP 467 Ta b l e 551 Allow the Import of Network 0.0.0.0 into the BGP By default, the import of netwo rk 0.0.0.0 into BGP is disabled. Defining an Access List Entry , an AS Path-list Entry , a Routing Policy This section describes the configuration of an access list, an AS path list, and a rout in g po licy .
468 C HAPTER 30: C ONFIGU RING BGP Perform the following confi gurations in system view . Ta b l e 553 Define a Routing Policy Define a match rule Perform the following configuratio ns in BGP Routing policy view .
Configuring BGP 469 By default, AS serial numbe r , BGP community attribute, next hop, local prefer ence, metric value, and origin attributes are not applied. See “Define Apply Clause “of “Config uration of IP Routing Policy” for details. Configuring a Route Filter for BGP Perf orm the following configurations in BGP view .
470 C HAPTER 30: C ONFIGU RING BGP Configure Filtering Route Information being Advertised by BGP Ta b l e 557 Filter Routing Information Being Advertised by BG P By default, BGP does not filter any route information that is received or advertised. protocol specifies the routing domain that can will be filter ed.
BGP Configuration Example 471 BGP Configuration Example This section describes several dif ferent configurations of BGP with a suggested procedur e for each configuration.
472 C HAPTER 30: C ONFIGU RING BGP Figure 154 Networkin g diagram of configuring AS confederation 1 Configure Router A: [RouterA] bgp 1001 [RouterA-bgp] undo synchronization [RouterA-bgp] confederation id 100 [RouterA-bgp] confederation peer-a s 1002 1003 [RouterA-bgp] peer 172.
BGP Configuration Example 473 Figure 155 Networking diagram of con figuring route r eflector 1 Configure Router A: [RouterA] bgp 100 [RouterA-bgp] undo synchronization [RouterA-bgp] peer 192.1.1.2 as-number 200 [RouterA-bgp] interface serial 0 [RouterA-Serial0] ip address 192.
474 C HAPTER 30: C ONFIGU RING BGP [RouterC-Serial0] ip address 193.1 .1.1 255.255.255.0 d Configure Serial 1 [RouterC-Serial0] interface serial 1 [RouterC-Serial1] ip address 194.
BGP Configuration Example 475 Figure 156 Networking diagram of con figuring BGP path selection 1 Configure Router A: [RouterA] interface serial 0 [RouterA-Serial0] ip address 192.1.1.1 255.255.255.0 [RouterA] interface serial 1 [RouterA-Serial1] ip address 193.
476 C HAPTER 30: C ONFIGU RING BGP 2 Configure Router B: [RouterB] interface serial 0 [RouterB-Serial0] ip address 192.1.1.2 255 .255.255.0 [RouterB] interface serial 1 [RouterB-Serial1] ip address 194.1 .1.2 255.255.255.0 [RouterB] ospf enable [RouterB-ospf] network 194.
BGP Configuration Example 477 [RouterD-ospf] network 4.0.0.0 0.0.0.255 area 0 [RouterD] bgp 200 [RouterD-bgp] undo synchronization [RouterD-bgp] peer 194.1.1.2 as-number 100 [RouterD-bgp] peer 194.1.1.2 as-number 200 T o make the configuration effectiv e, use the reset bgp all command to r eset all BGP neighbors.
478 C HAPTER 30: C ONFIGU RING BGP.
31 C ONFIGURING IP R OUTING P OLICY This chapter covers the following topics: ■ IP Routing Policy Overview ■ Configure IP Routing Policy ■ Displaying and Debugging IP R outing Policy ■ Configu.
480 C HAPTER 31: C ONFIGU RING IP R OUTING P OLICY Routing Policy A routing policy matches attributes of the given routing information and sets some attributes of the routing information when the conditions are matched. A routing policy contains several "if-mat ch" clauses and "apply" clauses.
Configure IP Routing Policy 481 community . Actually , it is a method of grouping accor ding to the destination address wher e the packets a re sent. Afte r gr ouping, the whole group of r outing information should be distributed, receiv ed or imported.
482 C HAPTER 31: C ONFIGU RING IP R OUTING P OLICY Define a Matching Rules The if-match clause defines matching ru les to meet th e filter ing conditions of the routing information of the current r outing policy . The matched objects ar e the attributes of this routing information.
Configure IP Routing Policy 483 be filtered thr ough the routing policy unless it matches all if-match clauses of this part and it can execute the operation of teh apply sub-clause. ■ If an if-match clause is not specified, all r outing information is filter ed through the policy of this n ode.
484 C HAPTER 31: C ONFIGU RING IP R OUTING P OLICY Ta b l e 563 Configure Route Import By default, a protocol does not import routes from other domains into the its routing table. protocol specifies the source routing domain that can be imported. At present, it can import routes domain such as direct , static, RIP , OSPF , OSPF-ASE and BGP .
Configure IP Routing Policy 485 type is the type of ospf extern al route corr esponding to the imported route when ospf is importing other protocol r outes.
486 C HAPTER 31: C ONFIGU RING IP R OUTING P OLICY Ta b l e 565 Configure Filtering Route Information Received 2 Configure filtering the route information being advertised Define a strategic rule and quote an AC L or prefix-list to filter the routing information that does not meet the requirements when r eceiving routes.
Configuring IP Routing Po lic y 487 Ta b l e 567 Display and Debug of IP Routing Policy Configuring IP Routing Policy This example explains how an OSPF pr ot ocol selectively imports an RIP ro ute.
488 C HAPTER 31: C ONFIGU RING IP R OUTING P OLICY Figure 158 Networking diagram of configuring OSPF r oute filtering 1 Configure Router A: a Configure static r outes: [RouterA] ip route-static 20.0.0.1 32 ethernet 0 [RouterA] ip route-static 30.0.0.1 32 ethernet 0 [RouterA] ip route-static 40.
Troubleshooting IP Routing Po licy 489 Figure 159 Networking diagram of filtering th e distributed r outing information 1 Configure ip-pr efix [Router] ip ip-prefix p1 permit 192.1.1. 0/24 2 Configure RIP protocol [Router] rip [Router-rip] network 192.
490 C HAPTER 31: C ONFIGU RING IP R OUTING P OLICY.
32 C ONFIGURING IP P OLICY R OUTING This chapter covers the following topics: ■ IP Policy Routing Overview ■ Configuring IP Policy Routing ■ Displaying and Debugging IP Policy Routing ■ IP Pol.
492 C HAPTER 32: C ONFIGU RING IP P OLICY R OUTI NG Creating a Routing Policy The strategy specified with the strategy name may have several strategy points and each strategy poin t is specified with sequence-num . The smaller the sequence-num , the higher t he prefer ence and the defined strategy will be executed first.
Displaying and Debugging IP Policy Rou ting 493 Y ou can specify multiple next-hops or se nd th e message to multiple interfaces. Generally , only th e first para meter works. If the first parameter is mismatched, the second parameter will take effect, and so on.
494 C HAPTER 32: C ONFIGU RING IP P OLICY R OUTI NG IP Policy Routing Configuration Example This section describes two differ ent configurations for IP policy routing with a suggested procedur e for each configuration.
IP Policy Routing Configurati on Example 495 4 Adopt policy aaa in Ether net interface [Router-route-policy] interface ethernet 0 [Router-Ethernet0] ip policy route-polic y aaa Configure Policy Routin.
496 C HAPTER 32: C ONFIGU RING IP P OLICY R OUTI NG [RouterA] debugging ip policy-routi ng IP: s=151.1.1.1(local),d=152.1.1.1, len 64, policy match IP: r oute map lab1, item 10, permit IP: s=151.1.1.1(local),d=152.1.1.1, len 64, policy routed IP: local to serial 150.
VII M ULTICAST Chapter 33 IP Multicast Chapter 34 Configuring IGMP Chapter 35 Configuring PIM-DM Chapter 36 Configuring PIM-SM.
498.
33 IP M ULTICAST This chapter covers the following topics: ■ IP Multicast Overview ■ IP Multicast Addresses ■ IP Multicast Features ■ IP Multicast Routing Protocols ■ IP Multicast Packet For.
500 C HAPTER 33: IP M ULTICAST Class D address is 1110, the range of the multicast addresses is from 224.0.0.0 to 239.255.255.255. The multicast group can be either permanent or temporary . The permanent gr oup has a constant group address assigned by IANA, while the number of members in the group can be random, even zer o.
IP Multicast Routing Protocols 501 the IP multicast environment, the destinat ion address of a data packet is not one address but a group, forming a group addr ess.
502 C HAPTER 33: IP M ULTICAST Multicast Routing Protocol The gr oup address in the multicast protocol is a virtual address. Therefor e, unlike unicast, data packets cannot be routed di r ectly from the data source to the specific destination address.
IP Multicast Packet Forwarding 503 The transmitting end is first register ed at the RP if it needs to send data to a specific address, and then sends the data to the RP . Once data reaches the RP , multicast data packets are duplicated and sent to receivers who ar e interested in getting them along the distribution tree path.
504 C HAPTER 33: IP M ULTICAST.
34 C ONFIGURING IGMP This chapter covers the following topics: ■ IGMP Overview ■ Configuring IGMP ■ Displaying and Debugging IGMP ■ IGMP Configuration Example IGMP Overview The Inter net Group Management Protocol (IGM P) is a pr otocol that is r esponsible for the IP multicast member man agement among the TCP/IP protocol family .
506 C HAPTER 34: C ONFIGU RING IGMP IGMP is asymmetric between hosts and ro uters. The host re sponds to the IGMP query message of the multicast router , a nd makes a r esponse in the membership report message. The r outer periodically sends a general quer y message.
Configuring IGMP 507 Configuring the V ersion Number of IGMP at the Router Interface IGMP V e rsion 2 is able to configure query message timeout and the maximum query response time.
508 C HAPTER 34: C ONFIGU RING IGMP The default maximum query r esponse time is 10 seconds but ranges from 1 to 25 seconds. This configuration can only be carried out if the current router interface is operating IGMP V er s io n 2.
IGMP Configuration Example 509 Figure 162 IGMP network diagram 1 Configure the IP addr esses of the interfa ces of Router A, Router B and the PC. [RouterA] interface e0 [RouterA-Ethernet0 ]ip address 10.16.1.3 24 [RouterB] interface e0 [RouterB-Ethernet0] ip address 10.
510 C HAPTER 34: C ONFIGU RING IGMP.
35 C ONFIGURING PIM-DM This chapter covers the following topics: ■ PIM-DM Overview ■ PIM-DM Configuration ■ Displaying and Debugging PIM-DM ■ PIM-DM Configuration Example PIM-DM Overvie w Prot.
512 C HAPTER 35: C ONFIGU RING PIM-DM operating IGMPv1 (each PIM router pe riodically broadcasts a hello message, and the route r with higher IP addr ess is chosen to be the D R). ■ Graft Message: The host informs the router which multicast gr oups it wants to join by a IGMP memb ership report message.
Displaying and Debugging PIM-DM 513 Starting the PIM-DM Protocol Y ou must start the PIM-DM protocol at each interface. By default, the system disables the PIM-DM protocol.
514 C HAPTER 35: C ONFIGU RING PIM-DM After making the previous configuration, execute the display command in all views to display the running of the PIM-DM configur ation, and to verify the effect of the configuration. Execute the debugging command in system view to debug PIM-DM.
36 C ONFIGURING PIM-SM This chapter covers the following topics: ■ PIM-SM Overview ■ PIM-SM Configuration ■ Displaying and Debugging PIM-SM ■ PIM-SM Configuration Example ■ T r oubleshooting.
516 C HAPTER 36: C ONFIGU RING PIM-SM neighbors. The hello message also t akes charge of choosing a DR for the router operating IGMPv1. ■ Register Message: When the DR receiv es the multicast messag.
PIM-SM Configuration 517 Ta b l e 588 Enable/Disable PIM-SM Protocol By defaul t, the inter face disables PIM-SM pr otocol . Note that PIM-S M only runs on spec ific interfaces. One interf ace can only run one multicast r outing pr otoc ol at one time.
518 C HAPTER 36: C ONFIGU RING PIM-SM By default, no interface is c onfigured to be candidate RP . Use pim command in system view to enter PIM view . Generally , only one C-BSR and on e C-RP are configur ed in the network, and usually it is the same router .
Displaying and Debugging PIM-SM 519 By default, the time interval of interfa ce sending Hello messag e is 30 seconds. Configuring the Threshold of the Shortest Path The PIM-SM router first forwards multicast data packets by the shared tr ee.
520 C HAPTER 36: C ONFIGU RING PIM-SM After the above configurat ion, execute the display command in all views to display PIM-SM configuration, and to verify the effect of the configuration. Executethe debugging command in system view for the debugging of PIM-SM.
Troubleshooting PIM-SM 521 [RouterB-Serial1] pim sm [RouterB] interface serial 2 [RouterB-Serial2] pim sm b Configure the candidate BSR [RouterB-pim] c-bsr serial 0 30 2 c Configure the candidate RP [RouterB-pim] acl 5 [RouterB-acl-5] rule permit source 225.
522 C HAPTER 36: C ONFIGU RING PIM-SM.
VIII S ECURITY Chapter 37 Configuring T erminal Access Security Chapter 38 Configuring AAA and RADIUS Protocol Chapter 39 Configuring Firewall Chapter 40 Configuring IPSec Chapter 41 Configuring IKE.
524.
37 C ONFIGURING T ERMINAL A CCESS S ECURITY This chapter pr ovides an overview to the security features pr ovided for terminal access of 3Com routers and covers the fo llowing topics: ■ T erminal Ac.
526 C HAPTER 37: C ONFIGU RING T ERMINAL A CCESS S ECURITY By default, no user is config ured. Configuring User Login Authentication All users who access a router through a term inal are called terminal users. 3Com routers divide terminal users into five types: ■ Asynchronous port terminal user ■ X.
EXEC Configuration Example 527 ■ An administrator user using the co nsole port ■ An operator user using telnet Configureng Administrator User Login Authentication fr om a Console Port In this example, the u ser name is abc and the password is hello.
528 C HAPTER 37: C ONFIGU RING T ERMINAL A CCESS S ECURITY.
38 C ONFIGURING AAA AND RADIUS P RO T O C O L This chapter covers the following topics: ■ AAA Overview ■ RADIUS Overview ■ Configuring AAA and RADIUS ■ Displaying and Debugging AAA and RADIUS .
530 C HAPTER 38: C ONFIGU RING AAA AND RADIUS P ROTOCOL responsible for receiving a user's r equest for connection, authen ticating the user , and returning the requir ed information to NAS.
RADIUS Overview 531 Figure 166 Basic message interaction pr ocess of RADIUS The basic operation is described as follows: 1 The user enters a user name and password. 2 Having received the username and pa ssword, teh RADIUS client sends an authentication request packet (Access- Request) to the RADIUS server .
532 C HAPTER 38: C ONFIGU RING AAA AND RADIUS P ROTOCOL Figure 167 RADIUS packet structur e The Identifier field is used to match request packets and r esponse requests. It varies with the Attribute field and the valid received r esponse packets, but r emains unchanged during retransmission.
Configuring AAA and RADIUS 533 Ta b l e 598 Attribute Fi elds Attribute field 26 (V ender -Specific) in the RADIUS protocol can be easily extended, so that the user can define extension attrib utes.
534 C HAPTER 38: C ONFIGU RING AAA AND RADIUS P ROTOCOL ■ Assigning an IP Addr ess for a PPP User ■ Configuring a Local User Database ■ Configure RADIUS Server Enabling and Disabling AAA Please perform the follo win g configurations in the system view .
Configuring AAA and RADIUS 535 methods the subsequ ent methods can be used. If authentication again, the authentication is terminated. The none method is meaningful only when it is the last item of the method list. Note th at only one login method list can be configured, which can use a different name from the previously configur ed list.
536 C HAPTER 38: C ONFIGU RING AAA AND RADIUS P ROTOCOL ■ aaa authentication-scheme p pp default radius local Differ ent PPP authentication method lists can be configured for differ ent interface s. Configuring the Local-First Authentication of AAA When local-first authentication is configured , the user is authenticated locally first.
Configuring AAA and RADIUS 537 The pool-number ranges from 0 to 99. Addr esses in each address pool must be consecutive, and each address pool can have at most 256 addr esses.
538 C HAPTER 38: C ONFIGU RING AAA AND RADIUS P ROTOCOL The Call back techniqu e enhances sec urity . In the pr ocessing of a Callback, th e server calls the client accor ding to the ca ll number configured locally . This avoids security risks caused by leakage of user name or password.
Configuring AAA and RADIUS 539 Ta b l e 609 Configure F TP User and the Usable Directory Authorize a Us er with Us able Service T ypes The services, which can be used by a user , ar e authorized in the local database.
540 C HAPTER 38: C ONFIGU RING AAA AND RADIUS P ROTOCOL ■ When the RADIUS server used first does not respond, the succeeding servers are used in sequence. When the authentication or accounting po rt number is configured to 0, the client does not use the authentication or accounting function provided by the server .
Configuring AAA and RADIUS 541 Configure the Request Retransmission Times If the RADIUS server fails to respond, th e router sends the authentication request packet again periodically . If no RADIUS server r esponse is received after the configured value of timeout, the authen tication request pa cket need s to be transmitted again.
542 C HAPTER 38: C ONFIGU RING AAA AND RADIUS P ROTOCOL By default, the real-time accounting packet is sent to th e RADIUS server at an interval of 0 minutes, indicati ng that real-time accounting is disabled. The inter val ranges from 0 to 32767 minutes.
AAA and RADIUS Configuration Examples 543 Figure 169 Networking diagram of typical AAA and RADIUS configuration 1 Enable AAA and configure default authentication metho d list of PPP user . [Router] aaa-enable [Router] aaa authentication-scheme ppp d efault radius 2 Configure IP addr ess and port of RADIUS server .
544 C HAPTER 38: C ONFIGU RING AAA AND RADIUS P ROTOCOL 3 Configure RADIUS server [Router] radius server 129.7.66.66 authentication-port 1000 accounting-port 1001 [Router] radius server 129.
Troubleshooting AAA and RADIUS 545 unavailable. Moreover as the radius timer quiet command has not been configured (defaulted as 5 minutes), or a r elative long dead-time has been configured, the system does not know that the server has recover ed.
546 C HAPTER 38: C ONFIGU RING AAA AND RADIUS P ROTOCOL.
39 C ONFIGURING F IR EWALL This chapter covers the following topics: ■ Firewall Ov erview ■ Configure Fir ewall ■ Displaying and Debugging Firewall ■ Firewall Configuration Example Firewall Overview A fir ewall is used to control the network equipment, which accesses the internal network resour ces.
548 C HAPTER 39: C ONFIGU RING F IREWALL Classification of Firewall s Usually firewalls ar e divided into two type s: network layer fire walls and application layer firewalls.
Firewall Overview 549 Figure 171 Packet filtering schematic diagram The following can be realized by data packet filtering: ■ Prohibit logging on with telnet from outside ■ Every E-mail is sent by S MTP (S imple Message T ransfer Protocol). ■ One PC, rather than all other PCs, can send news to us by NNTP (Network News T ransfer Protocol).
550 C HAPTER 39: C ONFIGU RING F IREWALL acl acl-number [ match-order confi g | auto ] rule { normal | special }{ permit | deny } [source source-addr source-wildcard | any ] ■ Extended access contr .
Firewall Overview 551 Ta b l e 619 Mnemonic Symbol of the Port Number Protocol Mnemonic Symbol Meaning and Actual Value TCP bgp chargen cmd daytime discard domain echo exec finger ftp ftp-data gopher .
552 C HAPTER 39: C ONFIGU RING F IREWALL As for the ICMP , you can sp ecify the ICMP packet type. Y ou can use a number (ranging 0 to 255) or a mnemonic sy mbol to specify the packet type.
Firewall Overview 553 Ta b l e 620 Mnemonic Symbol of the ICMP Message T ype By configuring the firewall and adding appropriate access rules, you can use packet filtering to check IP packets that pass the router . The passing of unexpected packets can thus be prohibited.
554 C HAPTER 39: C ONFIGU RING F IREWALL The “depth -f ir st ” pr in ci ple means matchi ng the access rules with the smallest definition range of data p ackets. It can be achieved by comparing the wildcards of address. The smaller the wildcards ar e, the smaller the range specified by th e host is.
Configure Firewall 555 Configuring Standard Access Control List The value of the standard access contr ol list is an integer from 1 to 99. First of all, enter the ACL view through acl command, and configure the match sequence of the access control list, and then configur e specific access rules through rule command.
556 C HAPTER 39: C ONFIGU RING F IREWALL normal means that this rule functions during normal time range, while special means that this rule will function dur ing the special time range . Users shall set the special time range when using special . Multiple rules with the same serial number will be matched accordi ng to “depth-first”principle.
Configure Firewall 557 one to use after viewing the current time range (special or normal). For example, the current system time is in special time range (which is defined by rule special acl-number ), and then the special time range ru les will be used for filtering.
558 C HAPTER 39: C ONFIGU RING F IREWALL Ta b l e 627 Configure Rules for Applying Access Contr ol List on Interface By default no rule for filtering me ssages on interface is specified. In one direction of an interface ( inbound or outbound ), up to 20 access rules can be applied.
Firewall Configuration Examp le 559 www server address 129.38.1 .3. Th e enterprise address to the outside is 202.38.160.1.Address conversion has been co nfigured on the router so that the internal PC can access the Internet, and the external PC can access the internal server .
560 C HAPTER 39: C ONFIGU RING F IREWALL 6 Configure rules to permit specific user to obtain data (only packets of port greater than 1024) from an external network [Router-acl-102] rule permit tcp source any destination 202.
40 C ONFIGURING IPS EC This chapter covers the following topics: ■ IPSec Protocol Overview ■ Configuring IPSec ■ Crea ting a Se curity Policy ■ Displaying and Debugging IPSec ■ IPSec Configu.
562 C HAPTER 40: C ONFIGU RING IPS EC state by po lling. Thus , crypto car ds can synchronously pr oce ss user data, which improves the speed of data encryption and decryption.
Configuring IPSec 563 policy with smaller sequence number in the same security policy group is of higher prio r ity . ■ SA (Security Association): IPSec provides security service for data str eams through security association, which in cl udes protocol, algorithm, key and other contents and sp ecifies how to process IP messages.
564 C HAPTER 40: C ONFIGU RING IPS EC authentication and encrypt ion, for instance), it is necessary to create two dif fer ent encryption access control lists and apply them to different security policies. Encryption access control list can be us ed to judge both inbound communication and outb ou n d co mmu n i ca tion.
Configuring IPSec 565 Configure NDEC Car d s Enable the crypto car ds When several crypto car ds on the r out er work simultaneously , The commands enable and disable can be used to manage the crypto car ds.
566 C HAPTER 40: C ONFIGU RING IPS EC Ta b l e 634 Enable/Disable the Host to Backup the NDEC Cards By default, the host is disabled to backup the crypto cards.
Configuring IPSec 567 The default mode is tunn el-encapsulat io n mo de. Select Security Protocol After the transport mode is defined, it is necessary to select the security protocol for the transport mode. The security protoc ols available at present include AH and ESP , both o f which can also be used at th e same time.
568 C HAPTER 40: C ONFIGU RING IPS EC Perform the following configur ations in IPSec proposal view (or proposal view of crypto card) Ta b l e 638 Select Encryption Algorithm and Authentication Algorit.
Creating a Security Policy 569 higher priority . When a security policy group is applied on an interface, actually multiple differ ent security policies in th is security policy gr oup are applied on it at the same time, so that dif fer ent data str eams a r e pr otected by dif fer ent SAs.
570 C HAPTER 40: C ONFIGU RING IPS EC By default, the sta rt poin t and the end point of the security tunnel are not specified. Set IPSec proposal quoted in security policy When SA is cr eated manually , a security policy can quote only one IPSec proposal, and to set new IPSec proposal, the previously configured one must be deleted first.
Creating a Security Policy 571 Perform the following configurations in IPSec policy view . 1 Set SPI parameters for the security policy association Ta b l e 643 Configure SPI Parameters of Security Policy Association By default, no SPI value of inbound/outbound SA is set.
572 C HAPTER 40: C ONFIGU RING IPS EC The keys are input in two modes and those input in string mode are pr eferred. At both ends of the security tunnel, the keys should be input in the same mode. If the key is input at one end in string mode, but at the other end in hexad ecimal mode, the security tunnel cannot be created corr ec tly .
Creating a Security Policy 573 By default, the end point of the securi ty tunnel is not specified . Set the IPSec pr oposal quot ed in security policy Perform the following configurations in IPSec policy view . Ta b l e 648 Configure IPSec Proposal Quoted in Security Policy By default, the security policy quotes no IPSec proposal.
574 C HAPTER 40: C ONFIGU RING IPS EC defined by kilobytes . Hard timeout of SA means that the SA lives for the whole lifetime. Perform the following confi gurations in system view . Ta b l e 649 Configure Global SA LIfetime By default, time-based lifetime is 3600 seconds (an hour),- and traffic-based lifetime is 1843200 kilobytes.
Displaying and Debuggi ng IPSec 575 Ta b l e 651 Enable Detection of the Router at the Remote End of the T unnel By default, detection of the router at th e remote end of the tunnel is disabled.
576 C HAPTER 40: C ONFIGU RING IPS EC Ta b l e 653 Display and Debug IPSec Displaying and Debugging the NDEC Car d Resetting the crypto card When the crypto card operates abnormally , resetting the crypto card can be used to restor e the crypto car d to normality .
IPSec Configuration Example 577 Displaying and Debugging the crypto car d Use the debugging , re se t and display command in all views. Ta b l e 655 Display and Debug NDEC Card IPSec Configuration Exa.
578 C HAPTER 40: C ONFIGU RING IPS EC Figure 174 Networking diagram of manually cr eating SA Prior to the configuration, you should ensure that Router A and Router B can interwork at the network layer through a serial interface. 1 Configure Router A: a Configure an access list and define the data stream fr om Subnet 10.
IPSec Configuration Example 579 l Apply security policy group on serial interface [RouterA] interface serial 0 [RouterA-Serial0] ipsec policy policy1 [RouterA-Serial0] ip address 202.38.163 .1 255.255.255.0 m Configure the r oute. [RouterA] ip route-static 10.
580 C HAPTER 40: C ONFIGU RING IPS EC [RouterB-Serial0] ipsec policy use 1 [RouterB-Serial0] ip address 202.3 8.162.1 255.255.255.0 o Configure the r oute.
IPSec Configuration Example 581 [RouterA] interface serial 0 l Configure ip addr ess of the serial interface [RouterA-Serial0] ip address 202.38.163 .1 255.255.255.0 m Apply security policy group on serial interface [RouterA-Serial0] ipsec policy policy1 n Configure the r oute.
582 C HAPTER 40: C ONFIGU RING IPS EC m Configure corresponding IKE [RouterB] ike pre-shared-key abcde remote 202.38.163.1 After the above co nfigu rations are comp leted, if the messa ges between Subnet 10.1.1.x and Subnet 10.1.2x transmits between Router -A and Router -B, IKE will be triggered to negotiate to establish SA.
IPSec Configuration Example 583 [RouterA-ipsec-policy-policy1-10] secur ity acl 101 i Set remote addr ess. [RouterA-ipsec-policy-policy1-10] tunne l remote 202.38.162.1 j Set local address. [RouterA-ipsec-policy-policy1-10] tunne l local 202.38.163.1 k Quote IPSec proposal.
584 C HAPTER 40: C ONFIGU RING IPS EC [RouterB-ipsec-card-proposal-tran1 ] esp-new authentication-algorith m sha1-hmac-96 f Return to system view . [RouterB-ipsec-card-proposal-tran1 ] quit g Establish a security policy w ith manual configuration mod e.
Troubleshooting IPSec 585 Do the following: ■ Display the plugging conditions of the crypt o card to check whether the crypto card was plugged in corr ectly . Under normal condition, the “run” indicat or of the crypto card will blink normally (one second on, one second off).
586 C HAPTER 40: C ONFIGU RING IPS EC.
41 C ONFIGURING IKE This chapter covers the following topics: ■ IKE Pr otocol Overview ■ Configuring IKE ■ Displaying and Debugging IKE ■ IKE Configuration Example ■ T r oubleshooting IKE IK.
588 C HAPTER 41: C ONFIGU RING IKE Figure 176 Diagram o f relationship between IKE and IPSec IKE features ■ Avoid specifying manually all IPSec secu rity parameters in password mapping of both communication ends.
Configuring IKE 589 ■ Hashing algorithm: SHA-1(HMAC anamorphosis) or MD5 (HMAC anamorphosis) algorithm ■ Authentication method: RSA signatu re or RSA r eal-time encryption ■ Diffie-Hellm an grou.
590 C HAPTER 41: C ONFIGU RING IKE The system cr eates only the default IKE secu rity policy that cannot be deleted or modified by users. Selecting an Encryption Algorithm The two types of encryptio n algorithms that are supported are the 56-bit DES-Cipher Block Chaining (DES-CBC) algorithm and the 168-bit 3DES-CBC algorithm.
Configuring IKE 591 There ar e two hashing algorithm options : SHA- 1 and MD5. Both algorithms provide data source authentication and integrity protection mechanism. Compared with MD5, SHA-1 contained more summary information, and is mo re secure, but the authentication speed is r ela tively slow .
592 C HAPTER 41: C ONFIGU RING IKE By default, SA lifetime is 86400 seconds (a day). It is r ecommended that the configured seconds should be greater than 10 minutes. Configuring IKE Keepalive Timer The Keepalive function detects and dele tes idle security association when the peer party is invalid and cannot operate.
IKE Configuration Example 593 IKE Configuration Example ■ Hosts A and B communica tes secur ely , and a security cha n ne l is estab lish e d with IKE automatic negotiatio n between security gateways A and B. ■ Configure an IKE policy on Gateway A, with Policy 10 is of highest priority and the default IKE policy is of the lowest priority .
594 C HAPTER 41: C ONFIGU RING IKE for protecting dif ferent data streams. At pr esent, we use the user IP ad dress to identify the user . got NOTIFY of type INVALID_ID_INFO RMATION or drop message from X.
IX VPN Chapter 42 Configuring VPN Chapter 43 Configuring L2TP Chapter 44 Configuring GRE.
596.
42 C ONFIGURING VPN This chapter covers the following topics: ■ VPN Overview ■ Basic Networking Applications of VPN ■ Classification of IP VPN VPN Overview VPN establishes private networks on public networks by creating a “virtual”, or logical networ k fr om r esour ces of the ex is ting ne twork.
598 C HAPTER 42: C ONFIGU RING VPN The VPN with service quality guarantee ca n provide dif ferent levels of service quality guarantees for users by charging for different services. Basic Networking Applications of VPN An enterprise that has an intranet estab lished with VPN is shown in the following figure.
Classification of IP VPN 599 T unnel Protocols The tunnel protocols can be divided into layer 2 tunneling protocols and layer 3 tunneling protocols depending on the layer at which the tunnelin g is implemented based on OSI model. Layer 2 tunneling protocol The Layer 2 tunneling protocol encapsulates the whole PPP frame in the internal tunnel.
600 C HAPTER 42: C ONFIGU RING VPN ISP gateway and PPP se ssion ends at NAS, it is unneces sary for the gateway at the user end to manage and maintain the status of every PPP session, thus improving system performance.
43 C ONFIGURING L2TP VPDN and L2TP Overview Virtual Pr ivate Dial Network (VPD N) is fu lf illed with the help of dial-up and access services of public network (ISDN and PS TN), which pr ovides access services for enterprises, small ISPs , and mobile offices.
602 C HAPTER 43: C ONFIGU RING L2TP Figure 179 Networking diagram of typical VPDN application In this figure, LAC stands for L2TP Access Con centrator , which is a switch network device with a PPP end system and L2TP clie nt-side processing ability . Usually , LAC is a NAS, which provides access service for us ers through PSTN/ISDN.
VPDN and L2TP Overview 603 The networking diagram of these two typical methods is illustrated in the following figure: Figure 180 Networking diagram of two typical methods of VPDN Overview of L2TP The.
604 C HAPTER 43: C ONFIGU RING L2TP The L2TP header includes the informat io n of tunnel and session IDs, which are used to identify differ ent tunnels and sessions. The messages with the same tunnel ID and differ ent session IDs is multiplexed in o n e tu nnel.
VPDN and L2TP Overview 605 Figure 182 Call setup flow of L2TP channel V . Features of L2TP ■ Flexible identity authentication mechanism and high secur ity L2TP protocol by itself does not provid e connection security , but it can depend on the authentication (e.
606 C HAPTER 43: C ONFIGU RING L2TP addresses (RFC1918). The addresses allocated to remote users are private addresses belonging to an enterprise , thus the addresses can be easily managed and the security can also be improved.
Basic Configuration at LAC 607 Ta b l e 666 Create/Delete a L2TP Group Originate L2TP Connection Request and Configure LNS Address After a dial-up user passes VPN authentication succes sfully , LAC conveys the request of creating tunnel to a designated LNS.
608 C HAPTER 43: C ONFIGU RING L2TP Ta b l e 668 Configure AAA and Local Users By default, the local user name and passwor d are not configured. As the AAA attributes of L2TP are not standa r d attributes of RADIUS protocol, it is necessary to add the definition of L2TP a ttributes to the attribute set of RADIUS server .
Basic Configuration at LNS 609 Create an L2TP Group T o configure related parameters of L2TP , L2TP group should be added. The L2TP group is used to configure the L2TP func tions on the router and fac.
610 C HAPTER 43: C ONFIGU RING L2TP Ta b l e 673 Configure the Name of the Receiving End of the T unnel When the group number of L2TP is 1 (the default L2TP group number), it is unnecessary to specify the remote-name . If the name of r emote end is still specified in the view of L2TP group 1, L2TP group 1 will not work as the default L2TP group.
Advanced Configuration at LAC or LNS 611 ■ Configure to disconnect tunnel by force ■ Configure the r eceiving window size for controlling flow over tunnel ■ Enable/Disable hi ding A V pairs ■ .
612 C HAPTER 43: C ONFIGU RING L2TP ■ LAC and LNS authe nticate each other . It can be found that either LAC or LNS can originate tunnel authentication request. However , if o ne side enables the tunnel authentica tion, the tunn el can be established only when the passwords on bo th ends of the tunne l are exactly the same.
Advanced Configuration at LAC or LNS 613 By default, the interval for sending the tu nnel Hello message is 60 seconds. If this configuration is not implemented, LAC or LNS will adopt the default value as the interval to send the Hello message to the peer .
614 C HAPTER 43: C ONFIGU RING L2TP information (ACK) and wait for some time before clearing the tunnel, so that the request transmitted again from the peer can be pr operly received when ACK message is lost. After disc onnecting the tunnel by force, all control connections and session connections on the tunnel will also be cleared.
Advanced Configuration at LAC or LNS 615 Ta b l e 680 Force Local End to Perform CHAP Authentication Local CHAP authentication will not be carried out by default. Configur e to Force the LCP to Renegotiate This co nfiguration is applicable to LNS only .
616 C HAPTER 43: C ONFIGU RING L2TP By default, address pool 0 (t he default one) will be used by the peer for allocating addresses. When specifying the address pool from which addresses are allocated for users, the default address pool will be used for allocating addresses if no specific pool-number value is configured after the key word pool .
Display and Debug L2TP 617 of each VPN connection can be guaranteed. The maximum number of sessions can be c onfigur ed at eith er LNS or LAC, and the smaller one is valid. Perform the following configurations in system view . Ta b l e 685 Configure the Maximum Number of L2TP Sessions By default, the maximum numb er of L2TP sessions is 1000.
618 C HAPTER 43: C ONFIGU RING L2TP II. Networking diagram Figure 183 Networking diagram of NAS-originated VPN III. Configuration pr ocedure 1 Configuration at the LAC (NAS) side:) a Configure username and password (when dialing in W i ndo ws2000).
L2TP Configuration Examples 619 d Configure the IP addr ess of Serial0 interface of LNS. [Router-LNS] interface serial 0 [Router-LNS-Serial0] ip address 192.167 .0.1 255.255.255.0 e Configure the Virtual-T emplate-related information. [Router-LNS] interface virtual-template 1 [Router-LNS-Virtual-Template1] ip addre ss 192.
620 C HAPTER 43: C ONFIGU RING L2TP Figure 185 Internet Connection Wizard (1) ■ Click <Next> and input the telephone number at the NAS side in the popup dialog box (if it is a local telephone numb er , you should deselect “Use area code and dialing rules”), as shown in the following figure.
L2TP Configuration Examples 621 Figure 186 Internet Connection Wizard (2) ■ Click <Next> and input username and pa s sword (such as the username lac and password lac) in the popup dialog box so as to access ISP . The input conten ts must be the same as the configurat ion at the NAS side, as shown in the following figure.
622 C HAPTER 43: C ONFIGU RING L2TP Figure 187 Internet Connection Wizard (3) ■ Click <Next> and input the name of dialup connection (such as “Connection to 660046”) in the popup dialog box, as shown in the followin g figure.
L2TP Configuration Examples 623 ■ Click <Next> and deselect "T o connect to the Inter net immediat ely , select this box and then click Finish" in the popup dialog box, as shown in the following figure.
624 C HAPTER 43: C ONFIGU RING L2TP Figure 190 Connect to “Connection to 66046” T o determine the IP address assigned to your computer by the LNS, use the DOS-based command ipconfig. Client-originated VPN Networking I. Networking requir ements After connecting to the Inter net, the VPN user originates request for connect ing T unnel.
L2TP Configuration Examples 625 c Configure the IP addr ess of Se rial1 interface at LAC side. [Router-LAC] interface serial 1 [Router-LAC-Serial1] ip address 192.
626 C HAPTER 43: C ONFIGU RING L2TP ■ Search for HKEY_LOCAL_MACHINE, System, CurrentControlSet, Services, Rasman and Para meters le vel by level in the r egister in the left. Click <Parameters>, and click in the blank space in the right window .
L2TP Configuration Examples 627 Figure 193 Net work Connection Wizard (2) ■ Click <Next>, and configure the IP addr ess of LNS in the popup dialog box (The address is the addr ess of LNS interface connected to the Inter net), as shown in the following figure.
628 C HAPTER 43: C ONFIGU RING L2TP ■ Click <Next> to comple te the configuration. ■ Double click [Connect Connection to 6600 46] to start VPN conn ection. Before that, if the dialup connection is not set up, the system will automatically prompt you to set up dialup connection.
L2TP Configuration Examples 629 through the Internet. Through setting up a VPN, the user can have access to the information in the internal network. II. Networking diagram Figure 196 Networking diagram of an individua l user interconnecting headquarters III.
630 C HAPTER 43: C ONFIGU RING L2TP [Router2] ip pool 1 192.168.0.2 19 2.168.0.100 b Enable AAA authentication. [Router2] aaa-enable [Router2] aaa authentication-schem e ppp default local c Configure Virtual-T emplate 1. [Router2] interface virtual-templa te 1 [Router2-Virtual-Template1] ip add ress 192.
L2TP Configuration Examples 631 b Adopt AAA authentication. [Router1] aaa-enable [Router1] aaa authentication-scheme ppp default local [Router1] aaa accounting-scheme optiona l c Create an access control list and specify the encrypted L2TP data. [Router1] acl 101 [Router1-acl-101] rule permit udp sourc e 202.
632 C HAPTER 43: C ONFIGU RING L2TP [Router2-ipsec-proposal-l2tptrans] transform esp-new [Router2-ipsec-proposal-l2tptrans] esp-new encryption-algorithm des [Router2-ipsec-proposal-l2tptrans] esp-new .
Troubleshooting L2TP 633 ■ Errors occur to user name and password set at LAC, or the corresponding user information is not set at LNS. ■ LNS cannot allocate addresses, e.g., the address pool is set too small, or is not set at all. ■ The types of tunnel password authentica tion are inconsistent.
634 C HAPTER 43: C ONFIGU RING L2TP.
44 C ONFIGURING GRE This chapter covers the following topics: ■ GRE Protocol Overview ■ Configuring GRE ■ Displaying and Debugging G RE ■ GRE Configuration Example ■ T r oubleshooting GRE GR.
636 C HAPTER 44: C ONFIGU RING GRE which examines the key , checksum or message sequence number . After the GRE header is removed, the IP message is pr ocessed by the IPX pr otocol in the same way as an ordinary datagram. The system receives a datagram to be encapsulated and routed,.
GRE Protocol Overview 637 GRE Services GRE can fulfill the following services: 1 Implement the LAN protocol communication in W AN by encapsulating all kinds of LAN protocols into a W AN protocol.
638 C HAPTER 44: C ONFIGU RING GRE The two sub-networks group1 and group2 that ar e running the Novell IPX protocol ar e in differ ent cities. Wit h th e tunnel available, the trans-W AN VPN can be establ ished.
Configuring GRE 639 Setting the Destination Address of a T unnel Interface After a tunnel interface is cr eated, the destination addr ess of the tunnel channel must be configur ed The destination addr ess is the addr ess of the physical interface where the GRE packets are r eceived.
640 C HAPTER 44: C ONFIGU RING GRE By default, no iden t ification key word of the tunnel interface is configur ed. Setting the T unnel Interface to Check with Checksum It is stipulated in RFC 1701 that if the ch ecksum field of the GRE he ader is set, the checksum is valid.
Displaying and Debugging GRE 641 By default, the tunnel interface to sy nchronize datagram sequence numbers is disabled. Displaying and Debugging GRE T o view the working status of the tunnel interface, use the display command in all views.
642 C HAPTER 44: C ONFIGU RING GRE b Configure the IP addr ess of Ethernet0 interface. [RouterA-Serial0] exit [RouterA] interface ethernet 0 [RouterA-Ethernet0] ip address 10. 110.24.1 255.255.255.0 c Create a virtual T unnel interface and conf igure the IP addr ess, source address and destinat io n ad d r ess.
GRE Configuration Example 643 Figure 205 Networking of GRE 1 Configure Router A: a Activate IPX. [RouterA] ipx enable node a.a.a b Configure the IP addr ess an d IPX address of Ethernet0. [RouterA] interface ethernet 0 [RouterA-Ethernet0] ip address 10.
644 C HAPTER 44: C ONFIGU RING GRE [RouterB] ipx route 1e 1f.a.a.a ti ck 30000 hop 15 T roubleshooting GRE The two interfaces at both ends of the tunnel ar e corr ectly configur ed and the ping operation is successful, bu t the ping operation between PC A and PC B fails.
X R ELIABILITY Chapter 45 Configuring a Standby Center Chapter 46 Configuring VRRP.
646.
45 C ONFIGURING A S TANDBY C ENTER This chapter covers the following topics: ■ Standby Center Overview ■ Configuring the Standby Center ■ Displaying and Debugging t he Standby Center ■ Standby.
648 C HAPTER 45: C ONFIGU RING A S TANDBY C ENTER main interface is a physical interface or sub-interface, use the following commands in system view to ent er th e view of the interface.
Configuring the Standby Center 649 Setting the Delay Time for Switchover between Main and Standby Interface When the state of the main interface changes from up to down, the system doesn't switch to a standby interface immediately , but waits for a preset time delay instead.
650 C HAPTER 45: C ONFIGU RING A S TANDBY C ENTER priority; after the logic channel changes to up, it's requir ed to switch from the standby interface with the second high est priority to this logic channel. Perform the following commands in the view of the logic channe l.
Standby Center Configuration Examples 651 Multiple Standby Interfaces T ake both interf aces Serial 1 and Serial 2 as the stan dby interface of interface Serial 0, and use interface Se rial 1 as a prefer ence.
652 C HAPTER 45: C ONFIGU RING A S TANDBY C ENTER 5 Enter the view of logic channel 5 and set logic channel 3 and interface Serial 1 as its standby interfaces, their priorities being 50 an d 20 respectively .
46 C ONFIGURING VRRP This chapter covers the following topics: ■ VRRP Overview ■ Configuring VRRP ■ Displaying and Debugging VR RP ■ VRRP Configuration Examples ■ T r oubleshooting VRRP VRRP Overview Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol.
654 C HAPTER 46: C ONFIGU RING VRRP Figure 208 Virtual r outer diagram This virtual router has its own IP addr ess: 10.100.10.1 (it can be the same as the interface address of a router within the standby group). The routers within the standby group have their own IP addr e sses (10.
Configuring VRRP 655 Ta b l e 704 Add Virtual IP Address The standby group numbers ranges from 1 to 255. The virtual IP addr ess should be the address of the n etwork segment wh ere the interface resides. It can b e an unused IP address in the network segment, or the r outer's own IP address.
656 C HAPTER 46: C ONFIGU RING VRRP Configuring Preemption Mode an d De lay of Standby Group Routers Once a router in the standby gr oup becomes the master router , so long as it still functions prope.
Displaying and Debugging VRRP 657 Configure Standby Group Timer The master router of a VRRP standby group notifies its normal operation state to the routers within the gr oup by sending them VRRP packets regularly ( adver_inter val).
658 C HAPTER 46: C ONFIGU RING VRRP Ta b l e 710 Display and Debug VRRP VRRP Configuration Examples This section describes several different configurations of VRRP with a suggested procedur e for each.
Troubleshooting VRRP 659 VRRP Monitoring Interface As shown in Figure 209 , even when router A is still f unctioning, it may want router B to function as a gateway when the Inter n et int erface connected with it doe s not function properly . This can be implemented by configuring the monitoring interface.
660 C HAPTER 46: C ONFIGU RING VRRP The console f r equ ently disp lays messages about configuration mistakes. This shows that a mistaken VRRP packet has been r eceived. One r eason may be inconsistent configuration of another router within the standby group.
XI Q O S Chapter 47 QoS Overview Chapter 48 T r affic Policing, T raffic Shaping and Line Rate Chapter 49 Congestion Management Chapter 50 Congestion Avoidance.
662.
47 Q O S O VERVIEW This chapter covers the following topics: ■ What Is QoS? ■ Three T ypes of QoS Services ■ Benefits of QoS for the Network Service What Is QoS? In the traditional IP network, all the packets are treated identic ally . Each router ha s to handle these packets a following first in first out (FIFO) policy .
664 C HAPTER 47: Q O S O VERVIEW ■ Differ entiated service: This is is a kind of mult i-service model oriented to dif f er ent de mands. It sort s the services into classe s, and provides differ ent qualities of services according to the various classes without the support of signal.
Benefits of QoS for the N etwork Service 665 ■ Adjustable network service. If the user is ISP , by using QoS, the adjustable network ser vices of dif fer ent pr iority leve ls can be provided to various types of clients. ■ Secure network services for specific data flows.
666 C HAPTER 47: Q O S O VERVIEW.
48 T RAF FIC P OLICING , T RAF FIC S HAPING AND L INE R ATE T raffic Classification Overview T raffic classification means classifying pa ckets into multiple priority levels or multiple service types according to the T oS (T ype of Service) of IPv4 packet header .
668 C HAPTER 48: T RAFFIC P OLICING , T RAFFIC S HAPING AND L INE R ATE ■ Dropping dir ectly — CAR drops the packets that do not "conform to" the traffic specifications.
Committed Access Rate (CAR) 669 does not ha ve suffic ient tokens, it is considered “out of conformance”. “Conformance” indicates that the traffic does not exceed the limit--at this time, the .
670 C HAPTER 48: T RAFFIC P OLICING , T RAFFIC S HAPING AND L INE R ATE ■ Destination IP address ■ Destination MAC address ■ Application port ■ IP pr otocol type ■ Other standards that may be identified through the access list and extended access list.
Committed Access Rate (CAR) 671 By defaul t, no CAR ru le of ACL list is established. For the same carl-index, only one CAR rule can be defined. The later defined CAR rule will overwrite the ear lier CAR rule. Howeve r , multiple CAR ru les with different carl-index may be defined.
672 C HAPTER 48: T RAFFIC P OLICING , T RAFFIC S HAPING AND L INE R ATE Displaying and Debugging CAR Ta b l e 713 Display and Debug CAR CAR Configuration Examples Applying a CAR Policy to all Packets .
Committed Access Rate (CAR) 673 Figure 212 Networking diagram of con figuring th e priority level based CAR policy 1 Configure Router A: The CAR policy is applied to the packet i nputted to router A serial interf ace 0 and matching priority level 1. [RouterA] qos carl 1 precedence 1 [RouterA] acl 1 [RouterA-acl-1] rule permit source 10.
674 C HAPTER 48: T RAFFIC P OLICING , T RAFFIC S HAPING AND L INE R ATE Apply a CAR Policy on the Packets that Match ACL ■ The CAR policy is applied to the packet that is input to router A serial in.
Traffic Shaping 675 Figure 215 Schematic diagram of GTS processing If an interface does not use the rule defined by rule to classify the packet, the interface has only one queue. If GTS uses the rule defined by rule to classify th e packet, it maintains a separate queue for every type of flow .
676 C HAPTER 48: T RAFFIC P OLICING , T RAFFIC S HAPING AND L INE R ATE Ta b l e 714 Configure Shaping Parameters for a Specified Flow By default, the traffic shaping is not performed on the interface. This command may be repeatedly used to set different shap ing parameters for different flows.
Physical Interface Line Rate 677 Shape all the flows on Ether net inter face 1. [Router] interface ethernet1 [Router-Ethernet1] qos gts any cir 4500 0000 cbs 5800000 ebs 5800000 Physical Interface Lin.
678 C HAPTER 48: T RAFFIC P OLICING , T RAFFIC S HAPING AND L INE R ATE Displaying and Debugging LR Ta b l e 718 Display and Debug LR Operation Command Display the LR configuration condi tions and sta.
49 C ONGESTION M ANAGEMENT This chapter covers the following topics: ■ What is Congestion? ■ Congesti on Manageme nt Policy Over view ■ Selecting Congestion Management Policies ■ Operating Pri.
680 C HAPTER 49: C ONGESTIO N M ANAGEMENT Figure 217 Schematic diagram of the congested network Congestion Management Policy Overview When the congestion occurs, if not enough memory space is provided to buffer the packets, som e of the packets will be lost.
Selecting Congestion Management Policies 681 For the interface with the lower rate, cu stomizing the queue for it can guarant ee that the data flows passing through this interface may also obtain the netwo rk services to certain extent.
682 C HAPTER 49: C ONGESTIO N M ANAGEMENT Ta b l e 719 Comparison of Several Congestion Management Policies Operating Principle of the Congestion Management Policies For congestion management , queuing technology is used. When congestion occurs, the data packet is que ued at the r outer by a policy .
Operating Principle of the Congestion Management Policies 683 Figure 218 Schematic diagram of t he first in first out queue First-In, First-Out (FIFO) Queuing As shown in Figure 21 8 , the data packets are input to t he first-in, first-out (FIFO) queue according to the priority order of their arrivals.
684 C HAPTER 49: C ONGESTIO N M ANAGEMENT rate and throughput rate can be guaranteed to a certain extent in case of n etwork congestion. The key se rvice (such as E RP) data pa ckets may be p ut into .
Operating Principle of the Congestion Management Policies 685 In the network shown in Figure 217 , it is assumed that the server of LAN 1 transmits the data of the key service t o th e server of LAN 2, and the PC of LAN 1 transmits the data of the non -key service to PC of LAN 2.
686 C HAPTER 49: C ONGESTIO N M ANAGEMENT occupied by each traffic is (each priority + 1)/ the sum of each priority plus 1, that is, 1/15, 2/15, 3/15, 4/15 and 5/15.
Configuring Congestion Manag ement 687 lengths of various qu eues, and the numbe r of bytes that may be continuously transmitted by polling of every queue.
688 C HAPTER 49: C ONGESTIO N M ANAGEMENT By default, no priority queue is established. 3 Configure the default priority-list queuing. The data packets that are not matched with any policy in the priority queue (both protocol type and interface type ar e not matched) will be allocated to the default priority queue.
Configuring Congestion Manag ement 689 queue-length is th e queues lengths of the 4 priori ty levels. They range 1 to 1024 packets. The default length of each priority queue is shown in the following .
690 C HAPTER 49: C ONGESTIO N M ANAGEMENT Configure the custom queue according to the network layer protocol The data packets can be classified accord ing to differ ent protocol types, and be input to different custom queues. Perform the following configur ations in the system view .
Configuring Congestion Manag ement 691 Applying the custom-list queuing group to the interface T o put the custom-list queue into operat io n, the configured custom-list queue must be applied to the spe cific in ter face. Every interface can only use one custom queue, but one custom queue can be appl ied to multiple interfaces.
692 C HAPTER 49: C ONGESTIO N M ANAGEMENT byte-count : When the router dispatches the user queue of CQ, it continuously extracts and sends the data packets from this queue, u ntil the number o f the t.
Congestion Management Configuration Ex amples 693 Congestion Management Configuration Examples PQ Configuration Example 1 Define the access control table, and allow the packets from 10.10.0.0 network segment to pass t hrough. [Router] acl 1 [Router-acl-1] rule permit source 10.
694 C HAPTER 49: C ONGESTIO N M ANAGEMENT Figure 222 Networking diagram of CQ typical configuration 1 Configur e Router A [RouterA] acl 105 [RouterA-acl-105] rule normal permit ip sou rce 10.
Congestion Management Configuration Ex amples 695 [RouterB-acl-105] rule normal permit ip source 10.1.5.0 0.0.0.255 destination 10.1.4.0 0.0.0.255 [RouterB-acl-105] rule normal deny ip s ource any destination any [RouterB-acl-105] acl 107 [RouterB-acl-107] rule normal permit ip source 192.
696 C HAPTER 49: C ONGESTIO N M ANAGEMENT.
50 C ONGESTION A VOIDANCE This chapter covers the following topics: ■ Congestion Avoidance Overview ■ WRED Configuratio n ■ Displaying and Debugging Con gestion Avoidance ■ Congestion Avoidanc.
698 C HAPTER 50: C ONGESTIO N A VOIDANCE and it causes the sudden increase and decrease of the network t raffic, and the line traffic always fluctuates between the states of few or none and full. RED and WRED RED and WRED can avoid global synchr onization of TCP by dr opping packets randomly .
WRED Configuration 699 ■ When the length of the queue is between the minimum threshold and maximum threshold, the WRED algorithm is used to calculate and determine whether the packet is dropped.
700 C HAPTER 50: C ONGESTIO N A VOIDANCE exponent is the filtering coefficient for calculating the average queue length, and the range of the value is 1 to 16, and the default value is 9. When exponent=0 and the que ue length exceeds the thre shold, WRED will act accordingly .
Displaying and Debugging Congestio n Avoidance 701 Displaying and Debugging Congestion A voidance Ta b l e 741 Display and Debug Congestion Avoidance Congestion A voidance Configuration Example 1 Configure a WFQ queue. [Router] interface ethernet 0 [Router-Ethernet0] qos wfq 2 Enable WRED.
702 C HAPTER 50: C ONGESTIO N A VOIDANCE.
XII D IAL - UP Chapter 51 Configuring DCC Chapter 52 Configuring Modem.
704.
51 C ONFIGURING DCC This chapter covers the following topics: ■ DCC Overview ■ Configuring DCC ■ Displaying and Debugging DCC ■ DCC Configuration Examples ■ T r oubleshooting DCC DCC Overvie.
706 C HAPTER 51: C ONFIGU RING DCC DCC Configuration Methods 3Com routers pr ovide two DCC configuration methods: circular DCC, and resour ce-shared DCC. With distinguishing features, these two methods are applicable to dif ferent applications. In applications, the participating parties of a call can flexibly select either m ethod as needed.
DCC Overview 707 associate with multiple destination addre sses. Each dialer interface can contain multiple physical interfaces . In addition, a physical interface does not necessarily belong to any dialer interface, and can dire ctly route to one or multiple destination addresses.
708 C HAPTER 51: C ONFIGU RING DCC As shown in Figure 225 , a physical interface can belong to multiple dialer bund les and hence serve multip le dialer int erfaces, but each dialer interface associates with only one destination address.
Configuring DCC 709 Pr eparing to Configure DCC Determine the topology of DCC application ■ Determine which routers w ill pr ovide DCC and the r elevant communication parameters between the routers. ■ Determine the interfaces on the routers that p rovide DCC the functions carried out by ea ch ro uter .
710 C HAPTER 51: C ONFIGU RING DCC Configuring the mode of the physical interface For a synchronous/asynchr onous serial in terface, config ure th e physical interface to operate in asynchronous and dial mode if it is connected to an asynchr onous modem.
Configuring DCC 711 becomes the same as that on the Dialer interface, which allows the same B channel to be used by differe nt link layer protocols, impr oving flexibility . When the B channel is disconnected, the encapsulation protocol on the ISDN interface will be automatically restored to PPP .
712 C HAPTER 51: C ONFIGU RING DCC Assure that the commands dialer rule dialer-group and dialer-group dialer-group adopt the same dialer -gr oup. Do not concurrently configure the functi onal arguments of the protocol-name an d acl-number for the same dialer rule command when configuring a dialer ACL.
Configuring DCC 713 Figure 226 An interface placing a call to a r emote end As shown in this figur e, the single local interface interf ace0 (if0) originates a DCC call to the single remote interface if1. Since the call originates at a single remote end the dialer string can be configured using the dialer number or dialer r oute command.
714 C HAPTER 51: C ONFIGU RING DCC As shown in this figure, the single local interface interface0 (i f0) r eceives a DCC call fr om a single re mote interface if1. Since the call is received by a single local interface, the dialer circular gr oup can be used to configure DCC.
Configuring DCC 715 By default, Circular DCC is enabled on IS DN BRI and PRI interfaces, but disabled on other interfaces (serial, asynch ronous, AUX, etc.) and the user should manually configure the dialer enable-circular command. No dialer numbers for calling the remote ends are configur ed by default.
716 C HAPTER 51: C ONFIGU RING DCC Figure 230 Multiple interfaces placing calls to multiple r emote ends As shown in Figure 230 , the local interfaces interf ace0 (if0), if1, and if2 originate DCC calls to the remote interfaces if1, if2 and if3.
Configuring DCC 717 By default, circular DCC is enabled on ISDN BRI and PRI interfaces, b ut disabled on other interfaces (serial, asynch ronous, AUX, etc.
718 C HAPTER 51: C ONFIGU RING DCC Configuring Resource-Shar ed DCC Each RS-attribute set consists of a dialer interface, the attributes o f the interface, and a dialer bundle. Specifically , ■ Only one dialer number can be defined for a dialer in terface.
Configuring DCC 719 ■ Configuring dialing authentication for resource-shar ed DCC Enabing Resour ce-Shared DCC Before enabling the r esour ce-shar e d DCC, please use the command undo dialer enable-circular to disable cir cular DCC first, then enable the resource-shar ed DCC by using dialer bundle command.
720 C HAPTER 51: C ONFIGU RING DCC Ta b l e 753 Create a Dialer Bundle and Assigning the Physical Interfaces to it By default, no dialer bund le is created, and the physi cal interfaces do not belong to any dialer bundle. If a physical interfac e is assign ed to a dialer bundle, a default priority of 1 is assigned.
Configuring DCC 721 Configuring MP Binding for DCC In DCC applications, the user can configur e a traffic threshold for links. Setting the traffic thr eshold to 0 means that the max bandwidth of all the channels is enabled and there is no flow control.
722 C HAPTER 51: C ONFIGU RING DCC Configuring MP binding in r esour ce-shared DC C If an interface is a serial, asynchr onous interface or an AUX interface, then the resour ce-shar ed DCC will enable.
Configuring DCC 723 Ta b l e 757 Implement PPP Call back (Client C onfiguration) in Circular DCC By default, the system doe s not enable callback function and is not configured with any W indows NT server callback dial number .
724 C HAPTER 51: C ONFIGU RING DCC By default, the system does not enable th e callback function. On ce it is enabled, the server will originate retu rn calls according to the user name configur ed in the dialer route command.
Configuring DCC 725 By default, the system doe s not enable callback function and is not configured with any W indows NT server callback dial number . 2 Configure the PPP callback server i n the resou.
726 C HAPTER 51: C ONFIGU RING DCC ■ Secondary rule: The best match is the one that is found first. Confirm which dialer call-in at server end is associated with the incoming call ■ In circular DC.
Configuring DCC 727 Ta b l e 763 Implement ISDN Call er Identification Callback (Client Configuration) in Resource-Shar ed DCC T o configure the ISDN caller identification callback server in the resource-shar ed DCC implementation, perform the following c onfiguration in dialer inter face view .
728 C HAPTER 51: C ONFIGU RING DCC do not automatically disconnect due to timeout. In other words, the dialer timer idle command does not take effect on auto-dial. Perform the following configur ation in dial interface (physical or dialer inter face) view .
Configuring DCC 729 idle time, no the packet which comp lies with the “permit” statements are transmitted over the line. Perform the following configuration in dial interface (physical or dialer interface) view . Ta b l e 768 Configure the Link Idle Time By defaul t, the link id le time is 120 seconds.
730 C HAPTER 51: C ONFIGU RING DCC Configuring the timeout of call setting up When placing DCC calls to some remote ends, the intervals bet ween originating the calls and establishing the connections are not the same.
DCC Configuration Examples 731 DCC Configuration Examples DCC Applications in Common Use RouterA can call RouterB an d RouterC via multiple interfaces. Likewise, Rout erB and RouterC can respectively call Router A. However , Ro uterB and RouterC cannot call each other .
732 C HAPTER 51: C ONFIGU RING DCC [Router-Serial0] dialer circular-group 0 [Router-Serial0] interface serial 1 [Router-Serial1] physical-mode async [Router-Serial1] modem [Router-Serial1] dialer circ.
DCC Configuration Examples 733 [Router-Serial0] dialer bundle-member 1 [Router-Serial0] dialer bundle-member 2 [Router-Serial0] link-protocol ppp [Router-Serial0] ppp authentication-mod e pap [Router-.
734 C HAPTER 51: C ONFIGU RING DCC Solution 3: Establish a connection via ISDN BRI or PR I inter faces by using Circular DCC, and configure the DCC parameters on the physical interfaces. 1 Configure RouterA: [Router] dialer-rule 1 ip permit [Router] interface bri 0 [Router-Bri0] ip address 100.
DCC Configuration Examples 735 [Router-Bri0] dialer bundle-member 1 [Router-Bri0] dialer bundle-member 2 [Router-Bri0] link-protocol ppp [Router-Bri0] ppp authentication-mode p ap 2 Configure Route r B: [Router] dialer-rule 2 ip permit [Router] local-user usera password simp le usera [Router] interface dialer 0 [Router-Dialer0] ip address 100.
736 C HAPTER 51: C ONFIGU RING DCC Figure 234 Network for the DCC application pr oviding MP binding 1 Configur e RouterA: [Router] dialer-rule 1 ip permit [Router] local-user userb password simple userb [Router] flow-interval 3 [Router] interface dialer 0 [Router-Dialer0] ip address 100.
DCC Configuration Examples 737 DCC Application Using ISDN BRI Interface to Dial and Providing Leased Line T o implement circular DCC, use a B cha nnel on the ISDN BRI inter face to provide a leased line, and another B channel to implement remote dialing connection.
738 C HAPTER 51: C ONFIGU RING DCC callback servers. RouterA and RouterC use the same address 100.1.1.1, whereas RouterB and RouterD u se the same address 100.1.1.2. Figure 236 Network for the DCC application pr oviding router -to-router callback Solution 1: Use Cir cular DCC to implement P PP callback.
DCC Configuration Examples 739 [Router-Serial0] ip address 100.1.1.1 2 55.255.255.0 [Router-Serial0] physical-mode async [Router-Serial0] modem [Router-Serial0] dialer enable-circular [Router-Serial0] dialer-group 1 [Router-Serial0] dialer route ip 100.
740 C HAPTER 51: C ONFIGU RING DCC Figure 237 Network for the DCC application pr oviding router -to-PC callback 1 Configur e the PC: a Configure the modem connected to the PC to be in “autoanswer mode”. b Select Start > Programs > Accessories > Communications > Dialup network .
DCC Configuration Examples 741 Figure 238 Network for the DCC application pr oviding NT server -to-router callback 1 Configur e Rou terA: [Router] dialer-rule 1 ip permit [Router] interface async 0 [R.
742 C HAPTER 51: C ONFIGU RING DCC Dial Number Cir cular Standby and Internet Access for DCC In PSTN, the dial number circular stan dby is fulfilled through configuring the dialer route command a t the dialing side.
DCC Configuration Examples 743 [Router-Serial0] ip address ppp-negotia te [Router-Serial0] dialer enable-circular [Router-Serial0] dialer-group 1 [Router-Serial0] dialer route ip 100.1. 1.254 8810048 [Router-Serial0] dialer route ip 100.1. 1.254 8810049 …… [Router-Serial0] dialer route ip 100.
744 C HAPTER 51: C ONFIGU RING DCC c Start dialing, and input the user name user1 and the password pass1. Solution 2: The dialing side uses a single number to di al, and the accessing side uses circular DCC to set up the connection via the ISDN PRI interface.
DCC Configuration Examples 745 Figure 240 Network for the DCC application pr oviding logic interface standby through dialer route Solution 1: Adopt circular DCC and use the logic interface configur ed through the dialer route command as the standby interface.
746 C HAPTER 51: C ONFIGU RING DCC [Router-Serial0] dialer route ip 100.1.1.2 8810060 logic-channel 1 [Router-Serial0] logic-channel 1 [Router-logic-channel1] standby in terface serial 1 [Router-logic-channel1] interface serial 1 [Router-Serial1] ip address 200.
Troubleshooting DCC 747 Use the DCC Debugging Information to Locate Problems Enabling DCC debugging Execute the following c ommands in sy stem view for displaying the DCC debugging informat ion: [Rout.
748 C HAPTER 51: C ONFIGU RING DCC DCC : peeraddr matching error on interface *** , shutdown link The debugging information is probably outputted because the local dialer route does not contain the remote network address.
52 C ONFIGURING M ODEM This chapter covers the following topics: ■ Modem Function Provided by 3Com Routers ■ Configuring a Modem ■ Displaying and Debugging a Mod em ■ Modem Configuration Examp.
750 C HAPTER 52: C ONFIGU RING M ODEM Syntax description of modem script The modem script format in common use is as follow: receive-string1 send-string1 recei ve-string2 send-string2...... Where: ■ Normally , receive-strin g and send-string appear in pairs, and the script must begin with a receive-string.
Configuring a Modem 751 Ta b l e 775 Script Keywords In which, seconds defaults to 180 and is in the range of 0 to 180. Ta b l e 776 Script Escape Characters Configuring a Modem Modem Configuration in.
752 C HAPTER 52: C ONFIGU RING M ODEM Configure Modem Through the A T Comma nd Perform the following configuration in in terface (asynchronous serial, AUX or AM interface) vi ew . Ta b l e 778 Configure a Modem Script A modem can accept the A T commands only when it is in A T command mode.
Configuring a Modem 753 Perform the following co nfiguration in int e rface (asyn chronous serial, AUX or AM interface) view . Ta b l e 781 Specify the Events T riggering the Modem Scripts The argument following the script init-str ing command is the initialization string rather than the modem script name.
754 C HAPTER 52: C ONFIGU RING M ODEM Ta b l e 783 Configure Authentication for Modem Dial-In User By default, the authentication for a mo dem dial-in user is not configured. Displaying and Debugging a Modem Execute the debugging command in all views for t he debugging.
Modem Configuration Examples 755 Restore the ex-factory modem settings T o restore the ex-factory modem settings, use the “A T&F” command. [Router] script-string factory "" AT OK AT&.
756 C HAPTER 52: C ONFIGU RING M ODEM Power -on Initialization through the Initialization Script Enable the router to initialize t he modem to which the asynchronous interface is connected when powering on the router or r ebooting it.
Troubleshoo ting 757 ■ If the modem is still in abnormal status, proceed to run the AT string, such as “A T&F OK A TE0S0=0&C1&D2 OK A T&W” on th e router physical interface connected to the modem.
758 C HAPTER 52: C ONFIGU RING M ODEM.
Ein wichtiger Punkt beim Kauf des Geräts 3Com 10014299 (oder sogar vor seinem Kauf) ist das durchlesen seiner Bedienungsanleitung. Dies sollten wir wegen ein paar einfacher Gründe machen:
Wenn Sie 3Com 10014299 noch nicht gekauft haben, ist jetzt ein guter Moment, um sich mit den grundliegenden Daten des Produkts bekannt zu machen. Schauen Sie zuerst die ersten Seiten der Anleitung durch, die Sie oben finden. Dort finden Sie die wichtigsten technischen Daten für 3Com 10014299 - auf diese Weise prüfen Sie, ob das Gerät Ihren Wünschen entspricht. Wenn Sie tiefer in die Benutzeranleitung von 3Com 10014299 reinschauen, lernen Sie alle zugänglichen Produktfunktionen kennen, sowie erhalten Informationen über die Nutzung. Die Informationen, die Sie über 3Com 10014299 erhalten, werden Ihnen bestimmt bei der Kaufentscheidung helfen.
Wenn Sie aber schon 3Com 10014299 besitzen, und noch keine Gelegenheit dazu hatten, die Bedienungsanleitung zu lesen, sollten Sie es aufgrund der oben beschriebenen Gründe machen. Sie erfahren dann, ob Sie die zugänglichen Funktionen richtig genutzt haben, aber auch, ob Sie keine Fehler begangen haben, die den Nutzungszeitraum von 3Com 10014299 verkürzen könnten.
Jedoch ist die eine der wichtigsten Rollen, die eine Bedienungsanleitung für den Nutzer spielt, die Hilfe bei der Lösung von Problemen mit 3Com 10014299. Sie finden dort fast immer Troubleshooting, also die am häufigsten auftauchenden Störungen und Mängel bei 3Com 10014299 gemeinsam mit Hinweisen bezüglich der Arten ihrer Lösung. Sogar wenn es Ihnen nicht gelingen sollte das Problem alleine zu bewältigen, die Anleitung zeigt Ihnen die weitere Vorgehensweise – den Kontakt zur Kundenberatung oder dem naheliegenden Service.