Allied Telesis AT-AR300 User Manual

Software Release 2.3.1
For Rapier Switches, AR300 and AR700 Series Routers, and AR800 Series Modular Switching Routers
Introduction ...................................................................................................... 2
Hardware Platforms .......................................................................................... 2
Rapier i Series ............................................................................................. 2
Software Features ............................................................................................. 5
NSM Hot Swap Software Support ..................................................................... 6
Domain Name Server Enhancements ................................................................. 7
DNS Caching .............................................................................................. 7
Server Selection .......................................................................................... 8
Automatic Nameserver Configuration ......................................................... 9
Telnet Server Port Number ................................................................................ 9
Triggers for Ethernet Interfaces ......................................................................... 9
ENCO Channels .............................................................................................. 10
IP Security (IPsec) Source Interface and Enhancements ..................................... 11
OSPF on Demand ............................................................................................ 12
Paladin Firewall Enhancements ........................................................................ 14
Interface-based NAT ................................................................................. 14
Rule-based NAT ........................................................................................ 14
Time Limited Rules ................................................................................... 15
New Command Syntax ............................................................................. 15
Web Redirection with Reverse NAT Rules .................................................. 18
Further Examples ...................................................................................... 19
SHOW Output .......................................................................................... 21
Paladin Firewall HTTP Application Gateway (Proxy) .......................................... 21
Firewall HTTP Proxies and Firewall Policies ................................................. 22
HTTP Filters .............................................................................................. 22
Firewall Policy Debugging ......................................................................... 25
VRRP Port Monitoring ..................................................................................... 26
Border Gateway Protocol 4 (BGP-4) ................................................................. 28
Internet Protocol (IP) ................................................................................. 29
IP and Interface Counters ................................................................................ 29
Telephony (PBX) Functionality .......................................................................... 33
Bandwidth Limiting ......................................................................................... 34
Errata: Telnet Server ........................................................................................ 34
DISABLE TELNET SERVER .......................................................................... 34
ENABLE TELNET SERVER ........................................................................... 35
SHOW TELNET .......................................................................................... 35
Installation ...................................................................................................... 35
Simply connecting the world
2 Release Note

Introduction

Allied Telesyn International announces the release of Software Release 2.3.1 on the AR300 and AR700 Series routers, Rapier Series layer 3 switches, and AR800 Series modular switching routers. This release note describes software features that are new since Software Release 2.2.2. It should be read in conjunction with the Quick Install Guide, Quick Start Guide, User Guide, Hardware Reference and Software Reference for your router or switch. These documents can be found on the Documentation and Tools CD-ROM packaged with your router or switch, or on the support site at:
www.alliedtelesyn.co.nz/documentation/documentation.html
The main new features in release 2.3.1 are:
Border Gateway Protocol Phase 1a
Paladin Firewall HTTP Proxy (Application Gateway), additional Firewall
NAT features and rule expiry
Support for Rapier i Series layer three switches.
WARNING: Information in this release note is subject to change without notice and does not represent a commitment on the part of Allied Telesyn International. While every effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesyn International can not accept any type of liability for errors in, or omissions arising from the use of this information.

Hardware Platforms

Software Release 2.3.1 is available for the following hardware platforms:
AR300 Series Routers
AR700 Series Routers
AR800 Series Modular Switching Routers
Rapier Series Layer 3 Switches
Software Release 2.3.1 will support the Rapier i Series hardware platforms as they become available (“Rapier i Series” on page 2).
For existing models with Network Service Module (NSM) bays, Software Release 2.3.1 supports hot swapping of NSMs, and some PICs in those NSMs, so that they can be installed and uninstalled without the need to power down the entire router or switch (“Hot Swapping Network Service Modules” on page 3).

Rapier i Series

The Rapier i Series layer 3 switches will provide all the features of the original Rapier series. While the first software release on these hardware models will provide the same features as the original Rapier Series (plus bandwidth limiting), the hardware on the Rapier i Series layer 3 switches will allow later software releases to provide enhanced Virtual LAN and Quality of Service features.
Software Release 2.3.1 C613-10325-00 REV B
Software Release 2.3.1 3

Hot Swapping Network Service Modules

In routers and switches that have NSM bays, this release allows the following NSMs to be hot swapped, so that they can be installed and uninstalled without powering down the entire router or switch:
AT-AR040 NSM with 4 PIC slots (NSM-4PIC)
AT-AR041 NSM with 8 BRI S/T WAN ports (NSM-8BRI)
AT-AR042 NSM with 4 BRI S/T WAN Ports (NSM-4BRI)
The following PIC cards can be hot swapped if they are in NSM bays:
AT-AR021(S) PIC BRI (S)
AT-AR021(U) PIC BRI (U)
AT-AR0 2 2 PIC Eth
AT-AR0 2 3 PIC Sync
AT-AR026 PIC 10/100 Eth
PICs in PIC bays in base router units (for instance, the AR720 and AR740 routers) do not support hot swapping. The PICs in an NSM can only be hot swapped by preparing the NSM bay for hotswap.
An NSM, with or without PICs, can be hot inserted into a previously empty bay. Hot inserted cards behave as though they had been present at router start­up, except that the router configuration script will not be scanned for commands that may relate to interfaces on the hot-inserted cards.
An NSM, with or without PIC cards, can be hot swapped out, and an identical combination of NSM and PIC cards can be hot swapped into the same bay. The software configurations of the interfaces on the hot-swapped cards are preserved across the hot swap so that modules configured to interfaces on the cards can continue to use the interfaces.
An NSM, with or without PICs, can be hot swapped out and a different combination of NSM and PICs can be hot swapped into the same bay. For any card in the combination that is replaced by a card of a different type, software interface instances for the old card are destroyed and their configurations forgotten, and new interface instances are created from scratch for the new card. For any card in the combination that is replaced by a card of the same type, interface instances are preserved.
NSM-4PIC (AR040) only: Cards of the same type but with differing manufacturing revision levels may in some cases be treated as cards of different types when hot swapping.
Software Release 2.3.1 C613-10325-00 REV B
WARNING: It is important to observe the following procedure carefully when hot swapping NSMs. Failure to follow this procedure will cause the router to crash, and may cause damage to files stored in FLASH. Do not attempt to hot swap while the contents of FLASH memory are being modified, for instance when files are being loaded onto the router or during FLASH compaction. Hot swapping while FLASH memory is being modified may corrupt FLASH memory, damaging configuration files, software release
4 Release Note
files, feature licences and other files. (If this happens, FLASH memory may need to be cleared completely, leaving no functioning software to run the router.)
Hot swap an NSM out of an NSM bay
Follow these steps to hot swap an NSM, or PICs in an NSM-4PIC, out of an NSM bay.
1. Prepare the NSM bay for hot swap.
Look at the “Swap” and “In use” LEDs beside the NSM bay. If the “In
Use” LED is lit, press the “Hot Swap” switch slowly using a pointed object
such as a pencil tip. The “In Use” LED should go out and the “Swap” LED
should light.
If the “In Use” LED remains lit, or if neither of the LEDs beside the NSM
bay is lit, the router software release does not support hot swap, and the
router must be switched off to remove the NSM.
2. Remove the NSM or PIC.
When the “Swap” LED is lit, remove the NSM or the PIC that is being
swapped.
Hot swap an NSM into an NSM bay
Follow these steps to hot swap an NSM, or PICs in an NSM-4PIC, into an empty NSM bay.
1. Check that the NSM or PIC bay is empty.
2. Check that the NSM bay is ready for hot swap.
Look at the “Swap” and “In use” LEDs beside the NSM bay. The “Swap”
LED should be lit.
If the “In Use” LED is lit, press the “Hot Swap” switch slowly using a
pointed object such as a pencil tip. The “In Use” LED should go out and
the “Swap” LED should light.
If the “In Use” LED remains lit, or if neither of the LEDs beside the NSM
bay is lit, the router software release does not support hot swap, and the
router must be switched off to remove the NSM.
3. Insert the NSM or PIC.
When the “Swap” LED is lit, insert the NSM or PIC.
4. Return the NSM bay to use.
Press the “Hot Swap” switch using a pointed object such as a pencil tip. The
Swap” LED will go out and the “In Use” LED will light.
the NSM is of a type that the software release does not support.
For information about the behaviour of interfaces during and after NSM hot swapping, see “NSM Hot Swap Software Support” on page 6.
Software Release 2.3.1 C613-10325-00 REV B
Software Release 2.3.1 5

Software Features

The following features are available on all routers and switches supported by this release, unless otherwise stated:
Major features
NSM Hot Swap software support for models with NSM bays (“NSM Hot
Swap Software Support” on page 6)
Domain Name Server Enhancements (IP) (“Domain Name Server
Enhancements” on page 7)
Configurable Telnet Server Port Number (“Telnet Server Port Number” on
page 9)
Up and down triggers for Ethernet interfaces (“Triggers for Ethernet
Interfaces” on page 9)
Changes to the number of encryption and compression channels,
depending on the amount of RAM on the router or switch (“ENCO
Channels” on page 10)
IP Security (IPsec) enhancements: the Source Interface can be now be
specified, and IPsec performance is enhanced (“IP Security (IPsec) Source
Interface and Enhancements” on page 11)
OSPF on Demand (“OSPF on Demand” on page 12)
Paladin Firewall Enhancements (“Paladin Firewall Enhancements” on
page 14)
Paladin Firewall HTTP Application Gateway (Proxy) (“Paladin Firewall
HTTP Application Gateway (Proxy)” on page 21)
VRRP Port Monitoring (“VRRP Port Monitoring” on page 26)
Minor improvements
Border Gateway Protocol version 4, phase 1 (“Border Gateway Protocol 4
(BGP-4)” on page 28) (not available on AR300 Series routers).
Commands to reset interface and IP MIB counters to zero, and changes to
the display of MIB counters (“IP and Interface Counters” on page 29)
An extended range of telephony functions, on AR300 and AR310 routers
(“Telephony (PBX) Functionality” on page 33)
Bandwidth limiting on Rapier i Series switch ports (“Bandwidth Limiting”
on page 34)
The DHCP server is now able to successfully allocate addresses to
Macintosh devices running Open Transport version 2.5.1 and 2.5.2.
To increase switch security, the INFILTERING parameter of the SET
SWITCH PORT command now defaults to ON.
The INFILTERING parameter enables or disables Ingress Filtering of frames
admitted according to the ACCEPTABLE parameter, on the specified ports.
Each port on the switch belongs to one or more VLANs. If INFILTERING is
set to ON, Ingress Filtering is enabled: any frame received on a specified
port is only admitted if the port belongs to the VLAN with which the frame
is associated. Conversely, any frame received on the port is discarded if the
port does not belong to the VLAN with which the frame is associated.
Untagged frames admitted by the ACCEPTABLE parameter are admitted,
since they have the numerical VLAN Identifier (VID) of the VLAN for
which the port in an untagged member. If OFF is specified, Ingress Filtering
is disabled, and no frames are discarded by this part of the Ingress Rules.
Software Release 2.3.1 C613-10325-00 REV B
This change does not apply to AR300 or AR700 Series routers.
6 Release Note

NSM Hot Swap Software Support

When a card is hot-swapped out of a bay, its interface instances become dormant. They stay dormant until either another card of the same type is hot­swapped into the bay, in which case they are reactivated, or a card of a different type is hot-swapped into the bay, in which case they are destroyed.
Dormant interfaces are included in the SHOW INTERFACE command output and in the SNMP interfaces MIB, marked as swapped out. In other router or switch commands, however, the router or switch behaves as though dormant interfaces do not exist.
Instances of higher-level modules such as LAPD and Q931, ISDNCC, PPP, and IP, that are attached to an interface that becomes dormant, do not themselves become dormant. They behave as if the interface has stopped communicating, for example as if its cable has been unplugged.
The router does not scan the configuration script for commands relating to interfaces on hot-inserted cards until the router or switch is restarted. These interfaces must be configured manually. The router or switch does not update the MAC address of any hot-swapped Ethernet interface until the router or switch is restarted.
The SHOW INTERFACE command is modified to show “Swapped out” in the ifOperStatus column for dormant interface instances.
All other commands that show or set board or interface properties behave as if swapped-out boards and interfaces do not exist. Commands that operate on multiple boards or interfaces skip swapped-out boards and interfaces, and commands to which a dormant interface is specified explicitly fail in their usual way for a non-existent interface.
Figure 1: Example output from the SHOW INTERFACE command.
Interfaces sysUpTime: 00:00:46
DynamicLinkTraps.....Disabled
TrapLimit............20
Number of unencrypted PPP/FR links.....0
ifIndex Interface ifAdminStatus ifOperStatus ifLastChange
-----------------------------------------------------------------------------­ 1 eth0 Up Up 00:00:03 2 eth1 Up Down 00:00:00 3 bri0 Up Swapped out 00:00:43 4 eth2 Up Swapped out 00:00:42
------------------------------------------------------------------------------
Interface name summary
Interface Full name
-----------------------------------------------------------------------------­asyn0 asyn0 asyn1 asyn1 eth0 eth0 eth1 eth1
------------------------------------------------------------------------------
Software Release 2.3.1 C613-10325-00 REV B
Software Release 2.3.1 7
Figure 2: Example output from the SHOW INTERFACE command for a specific interface.
Interface.................. bri0
ifIndex.................. 3
ifMTU.................... 1712
ifSpeed.................. 144000
ifAdminStatus............ Up
ifOperStatus............. Swapped out
ifLinkUpDownTrapEnable... Disabled
TrapLimit................ 20
Interface Counters
ifInOctets .................. 52190 ifOutOctets ................. 52190
ifInUcastPkts ................ 3070 ifOutUcastPkts ............... 3071
ifInNUcastPkts .................. 0 ifOutNUcastPkts ................. 0
ifInDiscards .................... 0 ifOutDiscards ................... 0
ifInErrors ...................... 0 ifOutErrors ..................... 0
Table 1: New parameter displayed in the output of the SHOW INTERFACE command.
Parameter Meaning
ifOperStatus The current operational state of the interface; one of “Up”,
”Down”, “Testing”, or “Swapped Out”.

Domain Name Server Enhancements

Software Release 2.3.1 includes two enhancements to Domain Name Server (DNS) functionality:
The router can now store recently obtained DNS information in a cache.
The router can now be configured to use a range of DNS servers. Server
selection is based on the host name that is being resolved.

DNS Caching

DNS caching allows the router to store recently requested domain or host addresses so they can be quickly retrieved if an identical DNS request is received. DNS caching reduces traffic on the Internet and improves performance for both DNS and DNS relay under heavy usage. The DNS cache is of a limited size, and times out entries after a specified period of up to 60 minutes.
Software Release 2.3.1 C613-10325-00 REV B
When a domain or host is requested, the cache is searched for a matching entry. If a match is found, a response is sent to the requesting PC or host. If a matching entry is not found, a request will be sent to a remote server.
First, add a DNS server to the list of DNS servers used to resolve host names into IP addresses, using the command:
ADD IP DNS [DOMAIN={ANY|domain-name}] {INTERFACE=interface|
PRIMARY=ipadd [SECONDARY=ipadd]}
8 Release Note
If the DNS servers have already been configured, the configuration information can be set using the command:
SET IP DNS [DOMAIN={ANY|domain-name}] {INTERFACE=interface|
[PRIMARY=ipadd] [SECONDARY=ipadd]}
For example, to add or set the IP addresses of the default primary and secondary name servers to 192.168.20.1 and 192.168.20.2 respectively, use the commands:
ADD IP DNS PRIMARY=192.168.20.1 SECONDARY=192.168.20.2
SET IP DNS PRIMARY=192.168.20.1 SECONDARY=192.168.20.2
To set the DNS cache size and timeout values, use the command:
SET IP DNS CACHE [SIZE=cache-entries] [TIMEOUT=cache-max-age]
The name server information can be deleted from the DNS server by using the command:
DELETE IP DNS

Server Selection

The router can be configured to use a range of DNS servers with different servers being selected based on the host name being resolved.
The DOMAIN parameter in the ADD IP DNS command allows the user to specify a suffix that must be present on a host name in order for the name servers specified by the command to be used.
If the DOMAIN parameter is not specified, the name servers will be used as the default name servers. All DNS requests that do not match another specified domain will be sent to the default name servers. This is equivalent to specifying DOMAIN=ANY.
To add primary and secondary name servers with IP addresses of 202.36.163.1 and 202.36.163.3 respectively, for use as default name servers, use the command:
ADD IP DNS DOMAIN=ANY PRIMARY=202.36.163.1
SECONDARY=202.36.1.3
These servers will be used for all host names that do not match any of the domains that are configured with their own set of name servers.
For example, to add primary and secondary name servers with IP addresses of
192.168.10.1 and 192.168.10.2 respectively, for use when resolving host names in the domain apples.com, use the command:
ADD IP DNS DOMAIN=apples.com PRIMARY=192.168.1.1
SECONDARY=192.168.1.2
If a request is sent for the domain www.fruit.apples.com, the DNS servers at
192.168.1.1 or 192.168.1.2 will be used, as the domain matches apples.com.
If a request is sent for the domain ftp.fruitpunch.apples.com, the DNS servers at
192.168.1.1 or 192.168.1.2 will also be used, as the domain matches apples.com.
If a request is sent for the domain www.armadillo.com, the domain does not match apples.com, so the ANY servers 202.36.1.1 or 202.36.1.3 will be used.
Software Release 2.3.1 C613-10325-00 REV B
Software Release 2.3.1 9

Automatic Nameserver Configuration

The primary and secondary name server ’s addresses can either be statically configured as above, or learned dynamically over an interface. Name servers can be learned via DHCP over an Ethernet interface or via IPCP over a PPP interface. The interface is specified using the command:
ADD IP DNS [DOMAIN={ANY|domain-name}] INTERFACE=interface
If no nameservers have been manually configured, and nameserver configuration is assigned to an interface by either PPP or DHCP, this configuration will be automatically used for the default nameservers. Name servers configured in this way are identified by an “*” in the “Domain” column of the SHOW IP DNS output table. Automatically-configured nameservers can be deleted or replaced, using the commands:
DELETE IP DNS
SET IP DNS
A deleted automatic configuration may subsequently reappear if the interface concerned is reset.

Telnet Server Port Number

The listen port for the Telnet server is now configurable, so that it can be changed from the default value 23.
The LISTENPORT parameter has been added to the SET TELNET command. The syntax is:
SET TELNET [TERMTYPE=termstring] [INSERTNULL={ON|OFF}]
[LISTENPORT=port]
The LISTENPORT parameter sets the TCP port over which the Telnet server listens for connections. If this parameter is not used, the default port number is
23.
If the TCP listen port is changed from the default of 23, care must be taken to ensure that any firewall or IP filtering configurations are matched accordingly.

Triggers for Ethernet Interfaces

Support for Ethernet UP and DOWN triggers on Ethernet interfaces has been added, as per existing triggers for other interface types. This limitation on the CREATE TRIGGER and SET TRIGGER commands is removed.
Software Release 2.3.1 C613-10325-00 REV B
CREATE TRIGGER=trigger-id INTERFACE=interface EVENT={UP|DOWN|
FAIL|ANY} [CIRCUIT=miox-circuit] [CP={APPLE|ATCP|BCP|CCP| DCP|DNCP|IPCP|IPXCP|LCP}] [DLCI=dlci]] [AFTER=hh:mm] [BEFORE=hh:mm] [{DATE=date|DAYS=day-list}] [NAME=name] [REPEAT={YES|NO|ONCE|FOREVER|count}] [SCRIPT=filename...] [STATE={ENABLED|DISABLED}] [TEST={YES|NO|ON|OFF|TRUE| FALSE}]
10 Release Note
SET TRIGGER=trigger-id [INTERFACE[=interface]] EVENT={UP|
DOWN|FAIL|ANY} [CIRCUIT=miox-circuit] [CP={APPLE|ATCP|BCP| CCP|DCP|DNCP|IPCP|IPXCP|LCP}] [DLCI=dlci] [AFTER=hh:mm] [BEFORE=hh:mm] [{DATE=date|DAYS=day-list}] [NAME=name] [REPEAT={YES|NO|ONCE|FOREVER|count}] [TEST={YES|NO|ON| OFF|TRUE|FALSE}]
The INTERFACE parameter defines an interface (link) trigger and specifies the interface to monitor. The EVENT parameter is required for an INTERFACE trigger. The INTERFACE parameter must be followed by the EVENT parameter. The CIRCUIT parameter may be used if INTERFACE specifies an X.25T interface; the CP parameter may be used if INTERFACE specifies a PPP interface; the DLCI parameter may be used if INTERFACE specifies a Frame Relay interface. The general trigger parameters may also be specified. The type of trigger cannot be changed.

ENCO Channels

The ENCO module provides services to user modules via channel pairs. A user module requests a service, specifying any configuration needed for the service, and is attached to an ENCO channel pair if the service and free channels are available. A channel pair consists of an encoding channel and a decoding channel. An encoding channel is used for compression, encryption, authentication or Diffie-Hellman key exchange. A decoding channel is used for decompression, decryption or authentication.
With Software Release 2.3.1, the number of channels available is now dependent on the amount of RAM on the router or switch. Routers with up to 8 MBytes of RAM (the AR300 Series) can have up to 512 encryption and compression channels. Routers with 16 MBytes (the AR700 Series) can have up to 1024 channels, and routers and switches with 32 Mbytes (the Rapier and AR800 Series) up to 2048 channels. The amount of RAM on a router or switch can be checked, using the command:
SHOW SYSTEM
The identification number of the lowest and highest channels available can be displayed, using the command:
SHOW ENCO
Information about all currently active channels, or a particular channel, can be displayed, using the command:
SHOW ENCO CHANNEL[=channel]
Note that
MAC cards have a limit of 128 compression channels
If compression is performed by the router’s CPU, because a MAC card is
not installed, the number of compression channels is limited, and must be
configured in the boot configuration script, using the command:
SET ENCO SW PREDCHANNELS=0..4 STACCHANNELS=0..4
On AR300 Series routers the limit is two Predictor channels and four STAC
LZS channels. On all other router and switch models the limit is four
Predictor channels and four STAC LZS channels. By default no compression
channels are configured.
Software Release 2.3.1 C613-10325-00 REV B
Software Release 2.3.1 11

IP Security (IPsec) Source Interface and Enhancements

A source interface can now be specified for tunnelled IPsec traffic. The performance of IPsec is also enhanced, and more simultaneous IPsec tunnels are supported, because of the increase in ENCO channels.
A new SRCINTERFACE parameter has been added to the SET and CREATE IPSEC POLICY commands. The SRCINTERFACE parameter specifies which interface on the router will be used as the source interface for tunnelled IPsec traffic. If the SRCINTERFACE parameter is not specified, the router defaults to the INTERFACE parameter.
The syntax for these commands is now:
SET IPSEC POLICY=name [ACTION={DENY|IPSEC|PERMIT}]
[BUNDLESPECIFICATION=bundlespecification-id] [DFBIT={SET| COPY|CLEAR}] [GROUP={0|1|2}] [IPROUTETEMPLATE=template-
name] [ISAKMPPOLICY=isakmp-policy-name] [LADDRESS={ANY| ipadd[-ipadd]}] [LMASK=ipadd] [LNAME={ANY|system-name}]
[LPORT={ANY|OPAQUE|port}] [PEERADDRESS={ipadd|ANY| DYNAMIC}] [POSTION=pos] [RADDRESS={ANY|ipadd[-ipadd]}] [RMASK=ipadd] [RNAME={ANY|system-name}] [RPORT={ANY|port| OPAQUE}] [SRCINTERFACE=interface] [TRANSPORTPROTOCOL={ANY| EGP|ESP|GRE|ICMP|OPAQUE|OSPF|RSVP|TCP|UDP|protocol}] [UDPHEARTBEAT={TRUE|FALSE}] [UDPPORT=port] [UDPTUNNEL={TRUE|FALSE}] [USEPFSKEY={TRUE|FALSE}]
CREATE IPSEC POLICY=name INTERFACE=interface
ACTION={DENY|IPSEC|PERMIT} [BUNDLESPECIFICATION=bundlespecification-id] [DFBIT={SET| COPY|CLEAR}] [GROUP={0|1|2}] [IPROUTETEMPLATE=template- name] [ISAKMPPOLICY=isakmp-policy-name] [KEYMANAGEMENT={ISAKMP|MANUAL}] [LADDRESS={ANY| ipadd[-ipadd]}] [LMASK=ipadd] [LNAME={ANY|system-name}] [LPORT={ANY|OPAQUE|port}] [PEERADDRESS={ipadd|ANY| DYNAMIC}] [POSTION=pos] [RADDRESS={ANY|ipadd[-ipadd]}] [RMASK=ipadd] [RNAME={ANY|system-name}] [RPORT={ANY|port| OPAQUE}] [SASELECTORFROMPKT={ALL|LADDRESS|LPORT|NONE| RADDRESS|RPORT|TRANSPORTPROTOCOL}] [SRCINTERFACE=interface] [TRANSPORTPROTOCOL={ANY|EGP|ESP| GRE|ICMP|OPAQUE|OSPF|RSVP|TCP|UDP|protocol}] [UDPHEARTBEAT={TRUE|FALSE}] [UDPPORT=port] [UDPTUNNEL={TRUE|FALSE}] [USEPFSKEY={TRUE|FALSE}]
where:
interface is an interface name formed by joining a layer 2 interface type, an
interface instance, and optionally a hyphen followed by a logical interface
number in the range 0 to 15 (e.g. eth0, vlan1, ppp1-1).
Software Release 2.3.1 C613-10325-00 REV B
Loading...
+ 25 hidden pages