Cabletron Systems 9032578-02 User Manual

Download

SmartSwitch Router

User Reference Manual

9032578-02

Notice

2 SSR User Reference Manual

Notice

Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made.

The hardware, firmware, or software described in this manual is subject to change without notice. IN NO EVENT SHALL CABLETRON SYSTEMS BE LIABLE FOR ANY INCIDENTAL, INDIRECT,

SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT, EVEN IF CABLETRON SYSTEMS HAS BEEN ADVISED OF, KNOWN, OR SHOULD HAVE KNOWN, THE POSSIBILITY OF SUCH DAMAGES.

35 Industrial Way Rochester, NH 03867-5005

Order Number:9032578-02

LANVIEW is a registered trademark, and SmartSwitch is a trademark of Cabletron Systems, Inc.

CompuServe is a registered trademark of CompuServe, Inc.

i960 microprocessor is a registered trademark of Intel Corp.

Ethernet is a trademark of Xerox Corporation.

FCC Notice

This device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.

NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment uses, generates, and can radiate radio frequency energy and if not installed in accordance with the operator’s manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause interference in which case the user will be required to correct the interference at his own expense.

WARNING: Changes or modifications made to this device which are not expressly approved by the par t y responsible for compliance could void the user’s authority to operate the equipment.

SSR User Reference Manual 3

Notice

VCCI Notice

This is a Class A product based on the standard of the Voluntary Control Council for Interference by In formation Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions.

DOC Notice

This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications.

Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la class A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le ministère des Communication s du Canada .

4 SSR User Reference Manual

Notice

DECLARATION OF CONFORMITY

ADDENDUM

Application of Council Directive(s): 89/336/EEC

73/23/EEC

Manufacturer’s Name: Cabletron Systems, Inc.

Manufacturer’s Address: 35 Industrial Way

PO Box 5005 Rochester, NH 03867

European Representative Name: Mr. J. Solari

European Representative Address: Cabletron Systems Limited

Nexus House, Newbury Business Park London Road, Newbury Berkshire RG13 2PZ, England

Conformance to Directive(s)/Product Standards: EC Directive 89/336/EEC

EC Directive 73/23/EEC EN 55022 EN 50082-1 EN 60950

Equipment Type/Environment: Networking Equipment, for

use in a Commercial or Light Industrial Environment.

We the undersigned, hereby declare, under our sole responsibility, that the equipment packaged with this notice conforms to the above directives.

Manufacturer Legal Representative in Europe Mr. Ronald Fotino Mr. J. Solari

____________________________________________________ ____________________________________

Full Name Full Name Principal Compliance Engineer Managing Director - E.M.E.A.

____________________________________________________ ____________________________________

Title Title Rochester, NH, USA Newbury, Berkshire, England

____________________________________________________ ____________________________________

Location Location

SSR User Reference Manual 5

Notice

6 SSR User Reference Manual

Preface..................................................................................................... 15

About This Manual ................................................................................................................15

Who Should Read This Manual? .........................................................................................15

How to Use This Manual ......................................................................................................16

Related Documentation.........................................................................................................16

Chapter 1: SmartSwitch Router Product Overview.............................. 17

Supported Media (Encapsulation Type).............................................................................19

Supported Routing Protocols...............................................................................................19

Configuring the Cabletron SmartSwitch Router...............................................................20

Understanding the Command Line Interface.............................................................20

Basic Line Editing Commands......................................................................................20

Access Modes ..................................................................................................................21

User Mode........................................................................................................................22

Enable Mode....................................................................................................................22

Configure Mode ..............................................................................................................24

Boot PROM Mode...........................................................................................................25

Disabling a Function or Feature....................................................................................25

Loading System Images and Configuration Files .............................................................25

Boot and System Image..................................................................................................26

Configuration Files .........................................................................................................26

Loading System Image Software..................................................................................26

Loading Boot PROM Software......................................................................................27

Activate the Configuration Commands in the Scratchpad.......................................28

Copy the Configuration to the Startup Configuration File.......................................29

Managing the SSR ..................................................................................................................29

Set SSR Name ..................................................................................................................30

Set SSR Date and Time ...................................................................................................30

Configure NTP ................................................................................................................30

Configure the SSR CLI ...................................................................................................30

Configure SNMP Services .............................................................................................31

Configure DNS................................................................................................................31

Monitoring Configuration ....................................................................................................31

Chapter 2: Bridging Configuration Guide............................................. 33

Bridging Overview.................................................................................................................33

Spanning Tree (IEEE 802.1d).........................................................................................33

Bridging Modes (Flow-Based and Address-Based)...................................................34

VLAN Overview ....................................................................................................................34

SmartSwitch Router User Reference Manual 7

Contents

Port-based VLANs.................................................................................................. 35

MAC-address-based VLANs................................................................................. 35

Protocol-based VLANs........................................................................................... 35

Subnet-based VLANs............................................................................................. 35

Multicast-based VLANs......................................................................................... 36

Policy-based VLANs .............................................................................................. 36

SSR VLAN Support........................................................................................................ 36

VLANs and the SSR................................................................................................ 36

Ports, VLANs, and L3 Interfaces .......................................................................... 37

Access Ports and Trunk Ports (802.1Q support)................................................. 37

Explicit and Implicit VLANs................................................................................. 38

Configuring SSR Bridging Functions ................................................................................. 38

Configure Address-based or Flow-based Bridging .................................................. 38

Configuring Spanning Tree.......................................................................................... 39

Adjust Spanning-Tree Parameters............................................................................... 40

Set the Bridge Priority ............................................................................................ 40

Set a Port Priority.................................................................................................... 40

Assign Port Costs.................................................................................................... 41

Adjust Bridge Protocol Data Unit (BPDU) Intervals ......................................... 41

Adjust the Interval between Hello Times .................................................... 41

Define the Forward Delay Interval ............................................................... 41

Define the Maximum Age .............................................................................. 42

Configuring a Port or Protocol based VLAN............................................................. 42

Create a Port or Protocol Based VLAN................................................................ 42

Adding Ports to a VLAN ....................................................................................... 42

Configuring VLAN Trunk Ports.................................................................................. 42

Configure Bridging for Non-IP/IPX Protocols.......................................................... 43

Configure Layer-2 Filters.............................................................................................. 43

Monitor Bridging................................................................................................................... 43

Configuration Examples....................................................................................................... 44

Creating an IP or IPX VLAN........................................................................................ 44

Chapter 3: IP Routing Configuration Guide ..........................................45

IP Routing Overview ............................................................................................................ 45

IP Routing Protocols...................................................................................................... 46

Unicast Routing Protocols ..................................................................................... 46

Multicast Routing Protocols.................................................................................. 46

Configuring IP Interfaces and Parameters ........................................................................ 47

Configure IP Addresses to Ports.................................................................................. 47

Configure IP Interfaces for a VLAN............................................................................ 47

Specify Ethernet Encapsulation Method .................................................................... 47

Configure Address Resolution Protocol..................................................................... 48

Configure ARP Cache Entries............................................................................... 48

Configure Proxy ARP............................................................................................. 48

Configure DNS Parameters .......................................................................................... 49

Configure IP Services (ICMP) ...................................................................................... 49

Configure IP Helper....................................................................................................... 49

Configure Direct Broadcast .......................................................................................... 50

Monitor IP Parameters.......................................................................................................... 50

Configuration Examples....................................................................................................... 51

8 SmartSwitch Router User Reference Manual

Contents

Assigning IP/IPX Interfaces..........................................................................................51

Chapter 4: RIP Configuration Guide ...................................................... 53

RIP Overview..........................................................................................................................53

Configure RIP .........................................................................................................................53

Enabling and Disabling RIP ..........................................................................................54

Configuring RIP Interfaces............................................................................................54

Configure RIP Parameters.............................................................................................54

Configure RIP Route Preference...................................................................................55

Configure RIP Route Default-Metric ...........................................................................56

Monitoring RIP.......................................................................................................................56

Configuration Example.........................................................................................................57

Chapter 5: OSPF Configuration Guide................................................... 59

OSPF Overview ......................................................................................................................59

OSPF Multipath...............................................................................................................60

Configure OSPF......................................................................................................................60

Enable OSPF.....................................................................................................................60

Configure OSPF Interface Parameters.........................................................................61

Configure an OSPF Area................................................................................................62

Configure OSPF Area Parameters................................................................................63

Create Virtual Links........................................................................................................63

Configure Autonomous System External (ASE) Link Advertisements..................64

Configure OSPF over Non-Broadcast Multiple Access.............................................64

Monitoring OSPF....................................................................................................................65

OSPF Configuration Examples.............................................................................................66

Exporting All Interface & Static Routes to OSPF.........................................67

Export All RIP, Interface & Static Routes to OSPF ......................................67

Chapter 6: BGP Configuration Guide..................................................... 71

BGP Overview ........................................................................................................................71

The SSR BGP Implementation.......................................................................................72

Basic BGP Tasks......................................................................................................................72

Setting the Autonomous System Number ..................................................................73

Setting the Router ID......................................................................................................73

Configuring a BGP Peer Group ....................................................................................73

Adding a BGP Peer.........................................................................................................75

Starting BGP.....................................................................................................................75

Using AS-Path Regular Expressions ............................................................................75

AS-Path Regular Expression Examples................................................................76

Using the AS Path Prepend Feature.............................................................................77

Notes on Using the AS Path Prepend Feature.....................................................78

BGP Configuration Examples ..............................................................................................78

BGP Peering Session Example ......................................................................................78

IBGP Configuration Example........................................................................................81

IBGP Routing Group Example...............................................................................81

IBGP Internal Group Example...............................................................................84

EBGP Multihop Configuration Example.....................................................................87

Community Attribute Example....................................................................................90

SmartSwitch Router User Reference Manual 9

Contents

Notes on Using Communities............................................................................... 97

Local_Pref Attribute Example...................................................................................... 97

Notes on Using the Local_Pref Attribute ............................................................ 99

Multi-Exit Discriminator Attribute Example ............................................................. 99

EBGP Aggregation Example....................................................................................... 101

Route Reflection Example........................................................................................... 102

Notes on Using Route Reflection........................................................................ 105

Chapter 7: Routing Policy Configuration Guide.................................. 107

Route Import and Export Policy Overview..................................................................... 107

Preference......................................................................................................................108

Import Policies.............................................................................................................. 109

Import-Source........................................................................................................ 109

Route-Filter ............................................................................................................ 110

Export Policies .............................................................................................................. 110

Export-Destination................................................................................................ 110

Export-Source ........................................................................................................ 110

Route-Filter ............................................................................................................ 111

Specifying a Route Filter ............................................................................................. 111

Aggregates and Generates.......................................................................................... 112

Aggregate-Destination ......................................................................................... 113

Aggregate-Source.................................................................................................. 113

Route-Filter ............................................................................................................ 114

Authentication.............................................................................................................. 114

Authentication Methods...................................................................................... 114

Authentication Keys and Key Management..................................................... 115

Configure Simple Routing Policies................................................................................... 115

Redistributing Static Routes ....................................................................................... 116

Redistributing Directly Attached Networks ............................................................ 116

Redistributing RIP into RIP ........................................................................................ 117

Redistributing RIP into OSPF..................................................................................... 117

Redistributing OSPF to RIP ........................................................................................ 117

Redistributing Aggregate Routes .............................................................................. 117

Simple Route Redistribution Examples.................................................................... 118

Example 1: Redistribution into RIP.................................................................... 118

Exporting a Given Static Route to All RIP Interfaces............................... 119

Exporting All Static Routes to All RIP Interfaces...................................... 119

Exporting All Static Routes Except the Default Route to All RIP

Interfaces ..................................................................................................... 119

Example 2: Redistribution into OSPF................................................................. 119

Exporting All Interface & Static Routes to OSPF ...................................... 120

Export all RIP, Interface & Static Routes to OSPF..................................... 120

Configure Advanced Routing Policies............................................................................. 121

Export Policies .............................................................................................................. 121

Creating an Export Destination.................................................................................. 123

Creating an Export Source.......................................................................................... 123

Import Policies.............................................................................................................. 123

Creating an Import Source.......................................................................................... 124

Creating a Route Filter ................................................................................................ 124

Creating an Aggregate Route..................................................................................... 124

10 SmartSwitch Router User Reference Manual

Contents

Creating an Aggregate Destination............................................................................126

Creating an Aggregate Source ....................................................................................126

Examples of Import Policies........................................................................................126

Example 1: Importing from RIP...........................................................................126

Importing a Selected Subset of Routes from One RIP Trusted

Gateway........................................................................................................128

Importing a Selected Subset of Routes from All RIP Peers Accessible Over

a Certain Interface.......................................................................................129

Example 2: Importing from OSPF.......................................................................129

Importing a Selected Subset of OSPF-ASE Routes....................................132

Examples of Export Policies ........................................................................................133

Example 1: Exporting to RIP................................................................................133

Exporting a Given Static Route to All RIP Interfaces................................134

Exporting a Given Static Route to a Specific RIP Interface ......................135

Exporting All Static Routes Reachable Over a Given Interface to a Specific

RIP-Interface ................................................................................................136

Exporting Aggregate-Routes into RIP.........................................................136

Example 2: Exporting to OSPF.............................................................................138

Exporting All Interface & Static Routes to OSPF.......................................139

Exporting All RIP, Interface & Static Routes to OSPF...............................140

Chapter 8: Multicast Routing Configuration Guide ........................... 143

IP Multicast Overview.........................................................................................................143

IGMP Overview ............................................................................................................143

DVMRP Overview........................................................................................................144

Configure IGMP...................................................................................................................145

Configuring IGMP on an IP Interface........................................................................145

Configure IGMP Query Interval.................................................................................145

Configure IGMP Response Wait Time.......................................................................145

Configure Per-Interface Control of IGMP Membership..........................................146

Configure DVMRP...............................................................................................................146

Starting and Stopping DVMRP...................................................................................146

Configure DVMRP on an Interface ............................................................................147

Configure DVMRP Parameters...................................................................................147

Configure the DVMRP Routing Metric .....................................................................147

Configure DVMRP TTL & Scope................................................................................148

Configure a DVMRP Tunnel.......................................................................................148

Monitor IGMP & DVMRP...................................................................................................149

Configuration Examples .....................................................................................................150

Chapter 9: IPX Routing Configuration Guide...................................... 151

IPX Routing Overview ........................................................................................................151

RIP (Routing Information Protocol)...........................................................................151

SAP (Service Advertising Protocol) ...........................................................................152

Configuring IPX RIP & SAP ...............................................................................................153

IPX RIP............................................................................................................................153

IPX SAP ..........................................................................................................................153

Creating IPX Interfaces ................................................................................................153

SmartSwitch Router User Reference Manual 11

Contents

IPX Addresses............................................................................................................... 153

Configuring IPX Interfaces and Parameters.................................................................... 154

Configure IPX Addresses to Ports............................................................................. 154

Configure IPX Interfaces for a VLAN....................................................................... 154

Specify IPX Encapsulation Method........................................................................... 154

Configure IPX Routing ....................................................................................................... 155

Enable IPX RIP.............................................................................................................. 155

Enable SAP.................................................................................................................... 155

Configure Static Routes............................................................................................... 155

Configure Static SAP Table Entries ........................................................................... 156

Control Access to IPX Networks................................................................................ 156

Create an IPX Access Control List...................................................................... 156

Create an IPX Type 20 Access Control List....................................................... 157

Create an IPX SAP Access Control List ............................................................. 157

Create an IPX GNS Access Control List............................................................. 157

Create an IPX RIP Access Control List............................................................... 158

Monitor an IPX Network.................................................................................................... 158

Configuration Examples..................................................................................................... 158

Chapter 10: Security Configuration Guide .......................................... 161

Security Overview...............................................................................................................161

Configuring SSR Access Security...................................................................................... 162

Configure RADIUS ...................................................................................................... 162

Monitor RADIUS .................................................................................................. 162

Configure TACACS ..................................................................................................... 162

Monitor TACACS ................................................................................................. 163

Configure TACACS Plus............................................................................................. 163

Monitor TACACS Plus......................................................................................... 163

Configure Passwords................................................................................................... 164

Layer-2 Security Filters....................................................................................................... 164

Configuring Layer-2 Address Filters ........................................................................ 165

Configuring Layer-2 Port-to-Address Lock Filters................................................. 165

Configuring Layer-2 Static Entry Filters................................................................... 166

Configuring Layer-2 Secure Port Filters................................................................... 166

Monitor Layer-2 Security Filters................................................................................ 167

Layer-2 Filter Examples............................................................................................... 168

Example 1: Address Filters.................................................................................. 168

Static Entries Example................................................................................... 168

Port-to-Address Lock Examples.................................................................. 169

Example 2 : Secure Ports...................................................................................... 169

Layer-3 Access Control Lists (ACLs)................................................................................ 170

Layer-3 & Layer-4 Traffic Filters (Access Control List).......................................... 170

Anatomy of an ACL Rule............................................................................................ 170

Ordering of ACL Rules................................................................................................ 171

Implicit Deny Rule....................................................................................................... 172

Applying ACLs to Interfaces...................................................................................... 173

Applying ACLs to Services......................................................................................... 174

ACL Logging ................................................................................................................ 174

Maintaining ACLs Offline Using TFTP or RCP....................................................... 175

Maintaining ACLs Using the ACL Editor................................................................ 176

12 SmartSwitch Router User Reference Manual

Contents

Configure ACL..............................................................................................................176

Defining an IP ACL ...............................................................................................176

Defining an IPX ACL.............................................................................................177

Applying an ACL to an Interface........................................................................177

Applying an ACL to a Service .............................................................................177

Edit an ACL with the ACL Editor.......................................................................177

Monitoring Access Control Lists ................................................................................177

Chapter 11: QoS Configuration Guide ................................................ 179

QoS & Layer-2/Layer-3/Layer-4 Flow Overview..........................................................179

Layer-2, Layer-3 & Layer-4 Flow Specification ........................................................179

Precedence for Layer-3 Flows .....................................................................................180

SSR Queuing Policies....................................................................................................180

Configure Layer-2 QoS........................................................................................................181

Configuring Layer-3 & Layer-4 QoS .................................................................................181

Configuring IP QoS Policies........................................................................................182

Setting an IP QoS Policy .......................................................................................182

Specifying Precedence for an IP QoS Policy......................................................182

Configuring IPX QoS Policies .....................................................................................182

Setting an IPX QoS Policy.....................................................................................183

Specifying Precedence for an IPX QoS Policy ...................................................183

Configuring SSR Queueing Policy.....................................................................................183

Allocating Bandwidth for a Weighted-Fair Queuing Policy..................................183

Monitoring QoS....................................................................................................................184

Chapter 12: Performance Monitoring Guide ...................................... 185

Performance Monitoring Overview ..................................................................................185

Configuring the SSR for Port Mirroring....................................................................187

Chapter 13: Hot Swapping

Line Cards and Control Modules....................................................... 189

Hot Swapping Overview ....................................................................................................189

Hot Swapping Line Cards ..................................................................................................189

Deactivating the Line Card..........................................................................................190

Removing the Line Card..............................................................................................190

Installing a New Line Card ..................................................................................191

Hot Swapping One Type of Line Card With Another.............................................191

Hot Swapping a Secondary Control Module...................................................................191

Deactivating the Control Module...............................................................................192

Removing the Control Module...................................................................................192

Installing the Control Module.....................................................................................193

Hot Swapping a Switching Fabric Module (SSR 8600 only)..........................................193

Chapter 14: VRRP Configuration Guide............................................... 195

VRRP Overview ...................................................................................................................195

Configuring VRRP ...............................................................................................................195

Basic VRRP Configuration...........................................................................................196

Configuration of Router R1..................................................................................196

SmartSwitch Router User Reference Manual 13

Contents

Configuration for Router R2................................................................................ 197

Symmetrical Configuration ........................................................................................ 197

Configuration of Router R1................................................................................. 198

Configuration of Router R2................................................................................. 199

Multi-Backup Configuration ...................................................................................... 199

Configuration of Router R1................................................................................. 201

Configuration of Router R2................................................................................. 202

Configuration of Router R3................................................................................. 203

Additional Configuration ........................................................................................... 203

Setting the Backup Priority.................................................................................. 204

Setting the Advertisement Interval.................................................................... 204

Setting Pre-empt Mode ........................................................................................ 204

Setting an Authentication Key............................................................................ 205

Monitoring VRRP................................................................................................................ 205

ip-redundancy trace..................................................................................................... 205

ip-redundancy show.................................................................................................... 206

VRRP Configuration Notes................................................................................................ 206

14 SmartSwitch Router User Reference Manual

About This Manual

This manual provides detailed information and procedures for configuring the SmartSwitch Router SSR software. If you have not yet installed the SSR, use the instructions in the SmartSwitch Router Getting Started Guide to install the chassis and perform basic setup tasks, then return to this manual for more detailed configuration information.

Who Should Read This Manual?

Read this manual if you are a network administrator responsible for configuring and monitoring the SSR.

Preface

SmartSwitch Router User Reference Manual 15

Preface

How to Use This Manual

If You Want To See

Read overview information Chapter 1 on page 17

Configure bridging Chapter 2 on page 33

Configure IP interfaces and global routing parameters Chapter 3 on page 45

Configure RIP routing Chapter 4 on page 53

Configure OSPF routing Chapter 5 on page 59

Configure BGP routing Chapter 6 on page 71

Configure routing policies Chapter 7 on page 107

Configure IP multicast routing Chapter 8 on page 143

Configure IPX routing Chapter 9 on page 151

Configure security Chapter 10 on page 161

Configure QoS (Quality of Service) parameters Chapter 11 on page 179

Monitor performance Chapter 12 on page 185

Hot swap line cards and Control Modules Chapter 13 on page 189

Configure VRRP Chapter 14 on page 195

Supported Media (Encapsulation Type)

The SSR supports the following industry-standard networking media:

• IP: IEEE 802.3 SNAP and Ethernet Type II

• IPX: IEEE 802.3 SNAP, Ethernet Type II, IPX 802.3, 802.2

• 802.1Q VLAN Encapsulation

Supported Routing Protocols

The SSR supports many routing protocols based on open standards. The SSR can receive and forward packets concurrently from any combination of the following:

• Interior gateway protocols:

– Open Shortest Path First (OSPF) Version 2

– Routing Information Protocol (RIP) Version 1, 2

Chapter 3: “IP Routing Configuration Guide” on page 45 describes these protocols in

detail.

• Exterior gateway protocol:

– Border Gateway Protocol (BGP) Version 2,3,4

Chapter 6: “BGP Configuration Guide” on page 71 describes this protocol in detail.

• Novell IPX routing protocols:

– Routing Information Protocol (RIP)

SmartSwitch Router User Reference Manual 19

Chapter 1: SmartSwitch Router Product Overview

– Service Advertising Protocol (SAP)

Chapter 9: “IPX Routing Configuration Guide” on page 151 describes these protocols

in detail.

Configuring the Cabletron SmartSwitch Router

The SSR provides a command line interface (CLI) that allows you to configure and manage the SSR. The CLI has several command modes, each of which provides a group of related commands that you can use to configure the SSR and display its status. Some commands are available to all users; others can be executed only after the user enters an “Enable” password.

You use the CLI to configure ports, IP/IPX interfaces, routing, switching, security filters and Quality of Service (QoS) policies.

Understanding the Command Line Interface

The SSR Command Line Interface (CLI) provides access to several different command modes. Each command mode provides a group of related commands. This chapter describes how to access and list the commands available in each command mode and explains the primary uses for each command mode. This chapter also describes the other features of the user interface.

SSR commands can be entered at a terminal connected to the access server or router using the command line interface (CLI). The SSR can also be configured using the CoreWatch Java-based management application. Using CoreWatch is described in the CoreWatch User’s Guide.

Basic Line Editing Commands

The CLI supports EMACs-like line editing commands. The following table lists some commonly used commands.

Table 2. Common CLI key commands

Key Sequence Command

Ctrl+A Move cursor to beginning of line

Ctrl+B Move cursor back one character

Ctrl+D Delete character

Ctrl+E Move cursor to end of line

20 SmartSwitch Router User Reference Manual

Table 2. Common CLI key commands (continued)

Key Sequence Command

Ctrl+F Move cursor forward one character

Ctrl+N Scroll to next command in command history (use the cli show

Ctrl+P Scroll to previous command in command history

Ctrl+U Erase entire line

Ctrl+X Erase from cursor to end of line

Ctrl+Z Exit current access mode to previous access mode

Access Modes

The SSR CLI has four access modes.

Chapter 1: SmartSwitch Router Product Overview

history command to display the history)

• User – Allows you to display basic information and use basic utilities such as ping but does not allow you to display SNMP, filter and access control list information or make other configuration changes. You are in User mode when the command prompt ends with the

character:

• Enable – Allows you to display SNMP, filter, and access control information as well as all the information you can display in User mode. To enter Enable mode, enter the enable command, then supply the password when prompted. When you are in Enable mode, the command prompt ends with the

character:

• Configure – Allows you to make configuration changes. To enter Configure mode, first enter Enable mode (enable command), then enter the configure command from the Enable command prompt. When you are in Configure mode, the command prompt ends with

(config)

• Boot – This mode appears when the SSR the external flash card or the system image is not found during bootup. You should enter the reboot command to reset the SSR. If the SSR still fails to bootup, please call Cabletron Technical Support.

Note:

The command prompt will show the name of the SmartSwitch Router in front of the mode character(s). The default name is “ssr”.

When you are in Configure or Enable mode, enter the exit command or press Ctrl+Z to exit to the previous access mode.

Note:

When you exit Configure mode, the CLI will ask you whether you want to activate the configuration commands you have issued. If you enter Y (Yes), the configuration commands you issued are placed into effect and the SmartSwitch Router’s configuration is changed accordingly. However, the changes are not written to the Startup configuration file in the Control Module’s boot flash and therefore are not reinstated after a reboot.

SmartSwitch Router User Reference Manual 21

Chapter 1: SmartSwitch Router Product Overview

User Mode

After you log in to the SSR, you are automatically in User mode. The User commands available are a subset of those available in Enable mode. In general, the User commands allow you to display basic information and use basic utilities such as ping information.

To list the User commands, enter:

List the User commands. ?

The User mode command prompt consists of the SSR name followed by the angle bracket (>):

ssr>

The default name is SSR unless it has been changed during initial configuration using the system set name command. Refer to the SmartSwitch Router Command Line Interface Reference Manual for information on the system facility.

To list the commands available in User mode, enter a question mark (?) as shown in the following example:

ssr> ? aging - Show L2 and L3 Aging information cli - Modify the command line interface behavior dvmrp - Show DVMRP related parameters enable - Enable privileged user mode exit - Exit current mode file - File manipulation commands igmp - Show IGMP related parameters ipx - Show IPX related parameters l2-tables - Show L2 Tables information logout - Log off the system multicast - Configure Multicast related parameters ping - Ping utility statistics - Show or clear SSR statistics stp - Show STP status traceroute - Traceroute utility vlan - Show VLAN-related parameters

Enable Mode

Enable mode provides more facilities than User mode. You can display critical features within Enable mode including router configuration, access control lists and SNMP statistics. To enter Enable mode, enter the enable command, then supply the password when prompted.

22 SmartSwitch Router User Reference Manual

Chapter 1: SmartSwitch Router Product Overview

To list the Enable commands, enter:

List the Enable commands. ?

The Enable mode command prompt consists of the SSR name followed by the pound sign(#):

ssr#

To list the commands available in Enable mode, enter a question mark (?) as shown in the following example:

ssr# ? acl - Show L3 Access Control List aging - Show L2 and L3 Aging information arp - Show or modify ARP entries cli - Modify the command line interface behavior configure - Enter Configuration Mode copy - Copy configuration database dvmrp - Show DVMRP related parameters enable - Enable privileged user mode exit - Exit current mode file - File manipulation commands filters - Show L2 security filters http - Show http parameters igmp - Show IGMP related parameters interface - Show interface related parameters ip - Show IP related parameters ip-router - Show unicast IP Routing related parameters ipx - Show IPX related parameters l2-tables - Show L2 Tables information logout - Log off the system mtrace - Multicast Traceroute utility multicast - Configure Multicast related parameters ospf - Show/Monitor Open Shortest Path First Protocol

(OSPF). ping - Ping utility port - Show or change Port parameters qos - Show Quality of Service parameters reboot - Reboot the system rip - Show/Query Routing Information Protocol(RIP)

tables snmp - Show SNMP related parameters. statistics - Show or clear SSR statistics stp - Show STP status system - Show system-wide parameters tacacs - Show TACACS related parameters traceroute - Traceroute utility vlan - Show VLAN-related parameters

SmartSwitch Router User Reference Manual 23

Chapter 1: SmartSwitch Router Product Overview

To exit Enable mode and return to User mode, use one of the following commands:

Exit Enable mode.

Configure Mode

Configure mode provides the capabilities to configure all features and functions on the SSR. You can configure features and functions within Configure mode including router configuration, access control lists and spanning tree.

To list the Configure commands, enter:

List the Configure commands. ?

The Configure mode command prompt consists of the SSR name followed by the pound sign (#):

ssr(config)#

To list the commands available in Configure mode, enter a question mark (?) as shown in the following example:

exit

Ctrl+Z

ssr(config)# ? acl - Configure L3 Access Control List acl-edit - Edit an ACL in the ACL Editor aging - Configure L2 and L3 Aging arp - Configure ARP entries bgp - Configure Border Gateway Protocol (BGP) cli - Modify the command line interface behavior dvmrp - Configure DVMRP related parameters exit - Exit current mode filters - Configure L2 security filters http - Configure SNMP related parameters. igmp - Configure IGMP related parameters interface - Configure interface related parameters ip - Configure IP related parameters ip-router - Configure Unicast Routing Protocol related

parameters ipx - Configure IPX related parameters ospf - Configure Open Shortest Path Protocol (OSPF) port - Configure Port parameters qos - Configure Quality of Service parameters rip - Configure Routing Information Protocol (RIP) snmp - Configure SNMP related parameters. stp - Configure STP parameters system - Configure system-wide parameters

24 SmartSwitch Router User Reference Manual

Chapter 1: SmartSwitch Router Product Overview

tacacs - Configure TACACS related parameters vlan - Configure VLAN-related parameters

Special configuration mode commands: erase - Erase configuration information negate - Negate a command or a group of commands

using line numbers no - Negate matching commands save - Save configuration information search - Look up a command in configuration show - Show configuration commands

To exit Configure mode and return to Enable mode, use one of the following commands:

Exit Configure mode.

Boot PROM Mode

If your SSR does not find a valid system image on the external PCMCIA flash, the system might enter programmable read-only memory (PROM) mode. You should then reboot the SSR at the boot PROM to restart the system. If the system fails to reboot successfully, please call Cabletron Systems Technical Support to resolve the problem.

To reboot the SSR from the ROM monitor mode, enter the following command.

Reboot in Boot PROM mode.

Disabling a Function or Feature

The CLI provides for an implicit negate. This allows for the “disabling” of a feature or function which has been “enabled”. Use the negate command on a specific line of the active configuration to “disable” a feature or function which has been enabled. For example, Spanning Tree Protocol is disabled by default. If after enabling Spanning Tree Protocol on the SmartSwitch Router, you want to disable STP, you must specify the negate command on the line of the active configuration containing the

exit

Ctrl+Z

reboot

stp enable

command.

Loading System Images and Configuration Files

The SSR contains an internal flash on the Control Module and an external PC flash. The internal flash contains the SSR boot image and user defined configuration files. An external PC flash contains the system image executed by the Control module. When an

SmartSwitch Router User Reference Manual 25

Chapter 1: SmartSwitch Router Product Overview

SSR boots, the boot image is executed first, followed by the system image and finishing with a configuration file.

Boot and System Image

Only one boot image exists on the internal flash of the SSR Control Module. Multiple system images can be stored on the external PC flash.

Configuration Files

The SSR uses three special configuration files:

• Active – The commands from the Startup configuration file and any configuration commands that you have made active from the scratchpad (see below).

Caution:

you power down or reboot the SSR without saving the active configuration changes to the Startup configuration file, the changes are lost.

• Startup – The configuration file that the SSR uses to configure itself when the system

• Scratchpad – The configuration commands you have entered during a management

The active configuration remains in effect only during the current power cycle. If

is powered on.

session. These commands do not become active until you explicitly activate them. Because some commands depend on other commands for successful execution, the SSR scratchpad simplifies system configuration by allowing you to enter configuration commands in any order, even when dependencies exist. When you activate the commands in the scratchpad, the SSR sorts out the dependencies and executes the command in the proper sequence.

Loading System Image Software

By default, the SSR boots using the system image software installed on the Control Module’s PCMCIA flash card. To upgrade the system software and boot using the upgraded image, use the following procedure.

1. Display the current boot settings by entering the system show version command:

Here is an example:

ctron-ssr-1# system show version Software Information Software Version : 1.0 Copyright : Copyright (c) 1996-1998 Cabletron Systems, Inc. Image Information : Version 1.0, built on Fri Mar 20 19:28:49 1998 Image Boot Location: file:/pc-flash/boot/ssr8/

26 SmartSwitch Router User Reference Manual

Chapter 1: SmartSwitch Router Product Overview

Note: In this example, the location “pc-flash” indicates that the SSR is set to use the

factory-installed software on the flash card.

2. Copy the software upgrade you want to install onto a TFTP server that the SSR can

access. (Use the ping command to verify that the SSR can reach the TFTP server.)

3. Use the system image add command to copy the software upgrade onto the PCMCIA

flash card in the Control Module.

Here is an example:

ctron-ssr-1# system image add 10.50.11.12 ssr8000 Downloading image 'ssr8000' from host '10.50.11.12' to local image ssr8000 (takes about 3 minutes) kernel: 100% Image checksum validated. Image added.

4. Enter the system image list command to list the images on the PCMCIA flash card

and verify that the new image is on the card:

Here is an example:

ctron-ssr-1# system image list Images currently available: ssr8-1.0

5. Use the system image choose command to select the image file the SSR will use the

next time you reboot the switch.

Here is an example:

ctron-ssr-1# system image choose ssr8000_10A9 Making image ssr8-1.0 the active image for next reboot

6. Enter the system image list command to verify the change.

Note: You do not need to activate this change.

Loading Boot PROM Software

The SSR boots using the boot PROM software installed on the Control Module’s internal memory. To upgrade the boot PROM software and boot using the upgraded image, use the following procedure.

1. Display the current boot settings by entering the system show version command:

SmartSwitch Router User Reference Manual 27

Chapter 1: SmartSwitch Router Product Overview

Here is an example:

ctron-ssr-1# system show version Software Information Software Version : 1.0 Copyright : Copyright (c) 1996-1998 Cabletron Systems, Inc. Image Information : Version 1.0.B.13, built on Wed Mar 25 22:49:07 1998 Image Boot Location: file:/pc-flash/boot/ssr8/ Boot Prom Version : prom-1.0

In this example, the location “pc-flash” indicates that the SSR is set to use the factoryinstalled software on the flash card.

2. Copy the software upgrade you want to install onto a TFTP server that the SSR can access. (Use the ping command to verify that the SSR can reach the TFTP server.)

3. Use the system promimage upgrade command to copy the boot PROM upgrade onto the internal memory in the Control Module.

Here is an example:

ctron-ssr-1# system promimage upgrade 10.50.11.12 prom2 Downloading image 'prom2' from host '10.50.11.12' to local image prom2 (takes about 3 minutes) kernel: 100% Image checksum validated. Image added.

4. Enter the system show version command to verify that the new boot PROM software is on the internal memory of the Control Module:

Activate the Configuration Commands in the Scratchpad

The configuration commands you have entered using procedures in this chapter are in the Scratchpad but have not yet been activated. Use the following procedure to activate the configuration commands in the scratchpad.

1. If you have not already done so, enter the enable command to enter Enable mode in the CLI.

2. If you have not already done so, enter the configure command to enter Configure mode in the CLI.

3. Enter the following command:

save active

28 SmartSwitch Router User Reference Manual

Chapter 1: SmartSwitch Router Product Overview

4. The CLI displays the following message:

Do you want to make the changes Active? [y]

5. Enter yes or y to activate the changes.

Note: If you exit Configure mode (by entering the exit command or pressing Ctrl+Z),

the CLI will ask you whether you want to make the changes in the scratchpad active.

Copy the Configuration to the Startup Configuration File

After you save the configuration commands in the scratchpad, the Control Module executes the commands and makes the corresponding configuration changes to the SSR. However, if you power down or reboot the SSR, the new changes are lost. Use the following procedure to save the changes into the Startup configuration file so that the SSR reinstates the changes when you reboot the software.

1. Ensure that you are in the Enable mode by entering the enable command.

2. Enter the following command to copy the configuration changes in the Active

configuration to the Startup configuration:

copy active to startup

3. When the CLI displays the following message, enter yes or y to save the changes.

Are you sure you want to overwrite the Startup configuration? [n]

Note: You also can save active changes to the Startup configuration file from within

Configure mode by entering the save startup command:

The new configuration changes are added to the Startup configuration file stored in the Control Module’s boot flash.

Managing the SSR

The SSR contains numerous system facilities for system management. You can perform configuration management tasks on the SSR including:

• Setting the SSR name

• Setting the SSR date and time

• Configuring the CLI

• Configuring SNMP services

SmartSwitch Router User Reference Manual 29

Chapter 1: SmartSwitch Router Product Overview

Set SSR Name

The SSR name is set to ssr by default. You may customize the name for the SSR by entering the following command in Configure mode:.

Set the SSR name.

Set SSR Date and Time

The SSR system time can keep track of time as entered by the user or via NTP. To configure the SSR date and time manually, enter the following command in Enable mode:

Set SSR date and time.

Configure NTP

You can use the ntp set server command to instruct the SSR’s NTP client to periodically synchronize its clock. By default, the SSR specifies an NTPv3 client that sends a synchronization packet to the server every 60 minutes. This means the SSR will attempt to set its own clock against the server once every hour. The synchronization interval as well as the NTP version number can be changed.

Note:

To ensure that NTP has the correct time, you need to specify the time zone, as well. You can set the time zone by using the system set timezone command. When specifying daylight saving time, you’ll need to use the system set daylight- saving command.

system set name

system set date year

day

<day>

hour

<hour>

<system-name>

month

<year>

min

<month>

<min>

second

<sec>

To configure the SSR’s NTP client to synchronize its clock, enter the following command in Configure mode:

Instruct SSR’s NTP server to periodically synchronize clock

ntp set server

[source

<host>

] [version

[interval

<num>

]

Configure the SSR CLI

You can customize the CLI display format to a desired line length or row count. To configure the CLI terminal display, enter the following command in Enable mode:

Configure the CLI terminal display.

cli set terminal rows

<num>

30 SmartSwitch Router User Reference Manual

columns

Configure SNMP Services

The SSR accepts SNMP sets and gets from an SNMP manager. You can configure SSR SNMP parameters including community strings and trap server target addresses.

To configure the SSR SNMP community string, enter the following command in Configure mode:

Chapter 1: SmartSwitch Router Product Overview

Configure the SNMP community string.

To configure the SNMP trap server target address, enter the following command in Configure mode:

Configure the SNMP trap server target address.

Configure DNS

The SSR allows you to configure up to three Domain Name Service (DNS) servers.

To configure the DNS, the following command in Configure mode.

Configure DNS.

system set dns server

domain

Monitoring Configuration

snmp set community

privilege read|read-write

snmp set target

<community-name>

enable|disable]

<name>

<community-name>

<IP-addr>

[status

community

]]

The SSR provides many commands for displaying configuration information. After you add configuration items and commit them to the active configuration, you can display them using the following commands.

Task Command

Display history buffer.

Show terminal settings.

Show all accesses to the SNMP agent.

Show all SNMP information.

Show chassis ID.

SmartSwitch Router User Reference Manual 31

cli show history

cli show terminal

snmp show access

snmp show all

snmp show chassis-id

Chapter 1: SmartSwitch Router Product Overview

Task Command

Show the SNMP community strings.

Show SNMP related statistics.

Show trap target related configuration.

Show the active configuration of the system.

Show the contents of the boot log file, which contains all the system messages generated during bootup.

Show the most recent Syslog messages kept in the local syslog message buffer.

Show the contact information (administrator name, phone number, and so on).

Show the SSR date and time.

Show the IP addresses and domain names for DNS servers.

Show SSR hardware information.

Show SSR location.

Show SSR name.

snmp show community

snmp show statistics

snmp show trap

system show active-config

system show bootlog

system show syslog buffer

system show contact

system show date

system show dns

system show hardware

system show location

system show name

Show the type of Power-On Self Test (POST) that should be performed.

Show the configuration changes in the scratchpad. These changes have not yet been activated.

Show the startup configuration for the next reboot.

Show the IP address of the SYSLOG server and the level of messages the SSR sends to the server.

Lists the last five Telnet connections to the SSR.

Show the default terminal settings (number of rows, number of columns, and baud rate.

Show SSR uptime.

Show the software version running on the SSR.

system show poweron-selftestmode

system show scratchpad

system show startup-config

system show syslog

system show telnet-access

system show terminal

system show uptime

system show version

32 SmartSwitch Router User Reference Manual

Bridging Overview

The SmartSwitch Router provides the following bridging functions:

• Complies with the IEEE 802.1d standard

Chapter 2

Bridging

Configuration

Guide

• Complies with the IGMP multicast bridging standard

• Provides wire-speed address-based bridging or flow-based bridging

• Provides the ability to logically segment a transparently bridged network into virtual

local-area networks (VLANs) based on physical ports or protocol (IP or IPX or bridged protocols like Appletalk)

• Allows frame filtering based on MAC address for bridged and multicast traffic

• Provides integrated routing and bridging, which supports bridging of intra-VLAN

traffic and routing of inter-VLAN traffic

Spanning Tree (IEEE 802.1d)

Spanning tree (IEEE 802.1d) allows bridges to dynamically discover a subset of the topology that is loop-free. In addition, the loop-free tree that is discovered contains paths to every LAN segment.

SmartSwitch Router User Reference Manual 33

Chapter 2: Bridging Configuration Guide

Note: WAN interfaces on the SSR do not currently support Spanning Tree operations.

However, future implementations of WAN for the SSR family of routers will support Spanning Tree.

Bridging Modes (Flow-Based and Address-Based)

The SSR provides the following types of wire-speed bridging:

Address-based bridging - The SSR performs this type of bridging by looking up the destination address in an L2 lookup table on the line card that receives the bridge packet from the network. The L2 lookup table indicates the exit port(s) for the bridged packet. If the packet is addressed to the SSR's own MAC address, the packet is routed rather than bridged.

Flow-based bridging - The SSR performs this type of bridging by looking up an entry in the L2 lookup table containing both the source and destination addresses of the received packet in order to determine how the packet is to be handled.

The SSR ports perform address-based bridging by default but can be configured to perform flow-based bridging instead, on a per-port basis. A port cannot be configured to perform both types of bridging at the same time.

The SSR performance is equivalent when performing flow-based bridging or addressbased bridging. However, address-based bridging is more efficient because it requires fewer table entries while flow-based bridging provides tighter management and control over bridged traffic.

VLAN Overview

Virtual LANs (VLANs) are a means of dividing a physical network into several logical (virtual) LANs. The division can be done on the basis of various criteria, giving rise to different types of VLANs. For example, the simplest type of VLAN is the port-based VLAN. Port-based VLANs divide a network into a number of VLANs by assigning a VLAN to each port of a switching device. Then, any traffic received on a given port of a switch belongs to the VLAN associated with that port.

VLANs are primarily used for broadcast containment. A layer-2 (L2) broadcast frame is normally transmitted all over a bridged network. By dividing the network into VLANs, the range of a broadcast is limited, i.e., the broadcast frame is transmitted only to the VLAN to which it belongs. This reduces the broadcast traffic on a network by an appreciable factor.

The type of VLAN depends upon one criterion: how a received frame is classified as belonging to a particular VLAN. VLANs can be categorized into the following types:

• Port based

34 SmartSwitch Router User Reference Manual

• MAC address based

• Protocol based

• Subnet based

• Multicast based

• Policy based

Detailed information about these types of VLANs is beyond the scope of this manual. Each type of VLAN is briefly explained in the following subsections.

Port-based VLANs

Ports of L2 devices (switches, bridges) are assigned to VLANs. Any traffic received by a port is classified as belonging to the VLAN to which the port belongs. For example, if ports 1, 2, and 3 belong to the VLAN named “Marketing”, then a broadcast frame received by port 1 is transmitted on ports 2 and 3. It is not transmitted on any other port.

Chapter 2: Bridging Configuration Guide

MAC-address-based VLANs

In this type of VLAN, each switch (or a central VLAN information server) keeps track of all MAC addresses in a network and maps them to VLANs based on information configured by the network administrator. When a frame is received at a port, its destination MAC address is looked up in the VLAN database, which returns the VLAN to which this frame belongs.

This type of VLAN is powerful in the sense that network devices such as printers and workstations can be moved anywhere in the network without the need for network reconfiguration. However, the administration is intensive because all MAC addresses on the network need to be known and configured.

Protocol-based VLANs

Protocol-based VLANs divide the physical network into logical VLANs based on protocol. When a frame is received at a port, its VLAN is determined by the protocol of the packet. For example, there could be separate VLANs for IP, IPX and Appletalk. An IP broadcast frame will only be sent to all ports in the IP VLAN.

Subnet-based VLANs

Subnet-based VLANs are a subset of protocol based VLANs and determine the VLAN of a frame based on the subnet to which the frame belongs. To do this, the switch must look into the network layer header of the incoming frame. This type of VLAN behaves similar to a router by segregating different subnets into different broadcast domains.

SmartSwitch Router User Reference Manual 35

Chapter 2: Bridging Configuration Guide

Multicast-based VLANs

Multicast-based VLANs are created dynamically for multicast groups. Typically, each multicast group corresponds to a different VLAN. This ensures that multicast frames are received only by those ports that are connected to members of the appropriate multicast group.

Policy-based VLANs

Policy-based VLANs are the most general definition of VLANs. Each incoming (untagged) frame is looked up in a policy database, which determines the VLAN to which the frame belongs. For example, you could set up a policy which creates a special VLAN for all email traffic between the management officers of a company, so that this traffic will not be seen anywhere else.

SSR VLAN Support

The SSR supports:

• Port-based VLANs

• Protocol-based VLANs

• Subnet-based VLANs

When using the SSR as an L2 bridge/switch, use the port-based and protocol-based VLAN types. When using the SSR as a combined switch and router, use the subnet-based VLANs in addition to port-based and protocol-based VLANs. It is not necessary to remember the types of VLANs in order to configure the SSR, as seen in the section on configuring the SSR.

VLANs and the SSR

VLANs are an integral part of the SSR family of switching routers. The SSR switching routers can function as layer-2 (L2) switches as well as fully-functonal layer-3 (L3) routers. Hence they can be viewed as a switch and a router in one box. To provide maximum performance and functionality, the L2 and L3 aspects of the SSR switching routers are tightly coupled.

The SSR can be used purely as an L2 switch. Frames arriving at any port are bridged and not routed. In this case, setting up VLANs and associating ports with VLANs is all that is required. You can set up the SSR switching router to use port-based VLANs, protocolbased VLANs, or a mixture of the two types.

The SSR can also be used purely as a router, i.e., each physical port of the SSR is a separate routing interface. Packets received at any interface are routed and not bridged. In this case, no VLAN configuration is required. Note that VLANs are still created implicitly by

36 SmartSwitch Router User Reference Manual

Chapter 2: Bridging Configuration Guide

the SSR as a result of creating L3 interfaces for IP and/or IPX. However, these implicit VLANs do not need to be created or configured manually. The implicit VLANs created by the SSR are subnet-based VLANs.

Most commonly, an SSR is used as a combined switch and router. For example, it may be connected to two subnets S1 and S2. Ports 1-8 belong to S1 and ports 9-16 belong to S2. The required behavior of the SSR is that intra-subnet frames be bridged and inter-subnet packets be routed. In other words, traffic between two workstations that belong to the same subnet should be bridged, and traffic between two workstations that belong to different subnets should be routed.

The SSR switching routers use VLANs to achieve this behavior. This means that a L3 subnet (i.e., an IP or IPX subnet) is mapped to a VLAN. A given subnet maps to exactly one and only one VLAN. With this definition, the terms VLAN and subnet are almost interchangeable.

To configure an SSR as a combined switch and router, the administrator must create VLANs whenever multiple ports of the SSR are to belong to a particular VLAN/subnet. Then the VLAN must be bound to an L3 (IP/IPX) interface so that the SSR knows which VLAN maps to which IP/IPX subnet.

Ports, VLANs, and L3 Interfaces

The term port refers to a physical connector on the SSR, such as an ethernet port. Each port must belong to at least one VLAN. When the SSR is unconfigured, each port belongs to a VLAN called the “default VLAN”. By creating VLANs and adding ports to the created VLANs, the ports are moved from the default VLAN to the newly created VLANs.

Unlike traditional routers, the SSR has the concept of logical interfaces rather than physical interfaces. An L3 interface is a logical entity created by the administrator. It can contain more than one physical port. When an L3 interface contains exactly one physical port, it is equivalent to an interface on a traditional router. When an L3 interface contains several ports, it is equivalent to an interface of a traditional router which is connected to a layer-2 device such as a switch or bridge.

Access Ports and Trunk Ports (802.1Q support)

The ports of an SSR can be classified into two types, based on VLAN functionality: access ports and trunk ports. By default, a port is an access port. An access port can belong to at

most one VLAN of the following types: IP, IPX or bridged protocols. The SSR can automatically determine whether a received frame is an IP frame, an IPX frame or neither. Based on this, it selects a VLAN for the frame. Frames transmitted out of an access port are untagged, meaning that they contain no special information about the VLAN to which they belong. Untagged frames are classified as belonging to a particular VLAN based on the protocol of the frame and the VLAN configured on the receiving port for that protocol.

SmartSwitch Router User Reference Manual 37

Chapter 2: Bridging Configuration Guide

For example, if port 1 belongs to VLAN IPX_VLAN for IPX, VLAN IP_VLAN for IP and VLAN OTHER_VLAN for any other protocol, then an IP frame received by port 1 is classified as belonging to VLAN IP_VLAN.

Trunk ports (802.1Q) are usually used to connect one VLAN-aware switch to another. They carry traffic belonging to several VLANs. For example, suppose that SSR A and B are both configured with VLANs V1 and V2.

Then a frame arriving at a port on SSR A must be sent to SSR B, if the frame belongs to VLAN V1 or to VLAN V2. Thus the ports on SSR A and B which connect the two SSRs together must belong to both VLAN V1 and VLAN V2. Also, when these ports receive a frame, they must be able to determine whether the frame belongs to V1 or to V2. This is accomplished by “tagging” the frames, i.e., by prepending information to the frame in order to identify the VLAN to which the frame belongs. In the SSR switching routers, trunk ports always transmit and receive tagged frames only. The format of the tag is specified by the IEEE 802.1Q standard. The only exception to this is Spanning Tree Protocol frames, which are transmitted as untagged frames.

Explicit and Implicit VLANs

As mentioned earlier, VLANs can either be created explicitly by the administrator (explicit VLANs) or are created implicitly by the SSR when L3 interfaces are created (implicit VLANs).

Configuring SSR Bridging Functions

Configure Address-based or Flow-based Bridging

The SSR ports perform address-based bridging by default but can be configured to perform flow-based bridging instead of address-based bridging, on a per-port basis. A port cannot be configured to perform both types of bridging at the same time.

For example, the following illustration shows an SSR with traffic being sent from port A to port B, port B to port A, port B to port C, and port A to port C.

38 SmartSwitch Router User Reference Manual

Chapter 2: Bridging Configuration Guide

SSR

ABC

The corresponding bridge tables for address-based and flow-based bridging are shown below. As shown, the bridge table contains more information on the traffic patterns when flow-based bridging enabled compared to address-based bridging.

Address-Based Bridge Table Flow-Based Bridge Table

→

<port-list>

|all-ports

A (source) A

B (source) B → A

C (destination) B

With the SSR configured in flow-based bridging mode, the network manager has “per flow” control of layer-2 traffic. The network manager can then apply Quality of Service (QoS) policies or security filters based layer-2 traffic flows.

To enable flow-based bridging on a port, enter the following command in Configure Mode.

Configure a port for flow-based bridging.

To change a port from flow-based bridging to address-based bridging, enter the following command in Configure mode:

Change a port from flowbased bridging to addressbased bridging.

negate

port flow-bridging

<line-number of active config containing command>

port flow-bridging

Configuring Spanning Tree

The SSR supports only one spanning tree process per SSR. By default, spanning tree is disabled on the SSR. To enable spanning tree on the SSR, you perform the following task on the ports where you want spanning tree enabled.

SmartSwitch Router User Reference Manual 39

Chapter 2: Bridging Configuration Guide

Note: If you are running spanning tree on one or more VLANs, you must enable

spanning tree on all ports belonging to each VLAN.

Enable spanning tree on one or more ports.

Adjust Spanning-Tree Parameters

You may need to adjust certain spanning-tree parameters if the default values are not suitable for your bridge configuration. Parameters affecting the entire spanning tree are configured with variations of the bridge global configuration command. Interface-specific parameters are configured with variations of the bridge-group interface configuration command.

You can adjust spanning-tree parameters by performing any of the tasks in the following sections:

• Set the Bridge Priority

• Set an Interface Priority

Note: Only network administrators with a good understanding of how bridges and the

Spanning-Tree Protocol work should make adjustments to spanning-tree parameters. Poorly chosen adjustments to these parameters can have a negative impact on performance. A good source on bridging is the IEEE 802.1d specification.

stp enable port

<port-list>

Set the Bridge Priority

You can globally configure the priority of an individual bridge when two bridges tie for position as the root bridge, or you can configure the likelihood that a bridge will be selected as the root bridge. The lower the bridge's priority, the more likely the bridge will be selected as the root bridge. This priority is determined by default; however, you can change it.

To set the bridge priority, enter the following command in Configure mode:

Set the bridge priority.

Set a Port Priority

You can set a priority for an interface. When two bridges tie for position as the root bridge, you configure an interface priority to break the tie. The bridge with the lowest interface value is elected.

40 SmartSwitch Router User Reference Manual

stp set bridging priority

<num>

Chapter 2: Bridging Configuration Guide

To set an interface priority, enter the following command in Configure mode:

Establish a priority for a specified interface.

Assign Port Costs

Each interface has a port cost associated with it. By convention, the port cost is 1000/data rate of the attached LAN, in Mbps. You can set different port costs.

To assign port costs, enter the following command in Configure mode:

Set a different port cost other than the defaults.

Adjust Bridge Protocol Data Unit (BPDU) Intervals

You can adjust BPDU intervals as described in the following sections:

• Adjust the Interval between Hello BPDUs

• Define the Forward Delay Interval

• Define the Maximum Idle Interval

stp set port

<port-list>

priority

port-cost

<num>

Adjust the Interval between Hello Times

You can specify the interval between hello time.

To adjust this interval, enter the following command in Configure mode:

Specify the interval between hello

stp set bridging hello-time

<num>

time

Define the Forward Delay Interval

The forward delay interval is the amount of time spent listening for topology change information after an interface has been activated for bridging and before forwarding actually begins.

To change the default interval setting, enter the following command in Configure mode:

Set the default of the forward delay

stp set bridging forward-delay

<num>

interval.

SmartSwitch Router User Reference Manual 41

Chapter 2: Bridging Configuration Guide

Define the Maximum Age

If a bridge does not hear BPDUs from the root bridge within a specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.

To change the default interval setting, enter the following command in Configure mode:

Change the amount of time a bridge will wait to hear BPDUs from the root bridge.

stp set bridging max-age

Configuring a Port or Protocol based VLAN

To create a port or protocol based VLAN, perform the following steps in the Configure mode.

1. Create a port or protocol based VLAN.

2. Add physical ports to a VLAN.

Create a Port or Protocol Based VLAN

To create a VLAN, perform the following command in the Configure mode.

Create a VLAN.

Adding Ports to a VLAN

vlan create

<vlan-name> <type>

<num>

To add ports to a VLAN, perform the following command in the Configure mode.

Add ports to a VLAN.

vlan add ports

<port-list>

<vlan-name>

Configuring VLAN Trunk Ports

The SSR supports standards-based VLAN trunking between multiple SSRs as defined by IEEE 802.1Q. 802.1Q adds a header to a standard Ethernet frame which includes a unique VLAN id per trunk between two SSRs. These VLAN ids extend the VLAN broadcast domain to more than one SSR.

To configure a VLAN trunk, perform the following command in the Configure mode.

Configure 802.1Q VLAN trunks.

42 SmartSwitch Router User Reference Manual

vlan make

<port-type> <port-list>

Configure Bridging for Non-IP/IPX Protocols

By default, all non-routable protocols (AppleTalk and DECnet) are bridged within the SSR. All physical ports containing non-routable protocols should be assigned to the same VLAN, thus allowing bridging between ports. Routing can still be performed on the defined VLAN by assigning an IP or IPX interface.

Configure Layer-2 Filters

Layer-2 security filters on the SSR allow you to configure ports to filter specific MAC addresses. When defining a Layer-2 security filter, you specify to which ports you want the filter to apply. Refer to the “Security Configuration Chapter” for details on configuring Layer-2 filters. You can specify the following security filters:

• Address filters

These filters block traffic based on the frame's source MAC address, destination MAC address, or both source and destination MAC addresses in flow bridging mode. Address filters are always configured and applied to the input port.

Chapter 2: Bridging Configuration Guide

• Port-to-address lock filters

These filters prohibit a user connected to a locked port or set of ports from using another port.

• Static entry filters

These filters allow or force traffic to go to a set of destination ports based on a frame's source MAC address, destination MAC address, or both source and destination MAC addresses in flow bridging mode. Static entries are always configured and applied at the input port.

• Secure port filters

A secure filter shuts down access to the SSR based on MAC addresses. All packets received by a port are dropped. When combined with static entries, however, these filters can be used to drop all received traffic but allow some frames to go through.

Monitor Bridging

The SSR provides display of bridging statistics and configurations contained in the SSR.

To display bridging information, enter the following commands in Enable mode.

Show IP routing table.

Show all MAC addresses currently in the l2 tables.

SmartSwitch Router User Reference Manual 43

ip show routes

l2-tables show all-macs

Chapter 2: Bridging Configuration Guide

Show l2 table information on a specific port.

Show information the master MAC table.

Show information on a specific MAC address.

Show information on MACs registered.

Show all VLANs.

Configuration Examples

Creating an IP or IPX VLAN

VLANs are used to associate physical ports on the SSR with connected hosts that may be physically separated but need to participate in the same broadcast domain. To associate ports to a VLAN, you must first create an IP or IPX VLAN and then assign ports to the VLAN.

l2-tables show port-macs

l2-tables show mac-table-stats

l2-tables show mac

l2-table show bridge-management

vlan list

For example, servers connected to port gi.1.(1-2) on the SSR need to communicate with clients connected to et.4.(1-8). You can associate all the ports containing the clients and servers to an IP VLAN called ‘BLUE’.

First, create an IP VLAN named ‘BLUE’

ssr(config)# vlan create BLUE ip

Next, assign ports to the ‘BLUE’ VLAN.

ssr(config)# vlan add ports et.1.(1-8), gi.1.(1-2) to BLUE

44 SmartSwitch Router User Reference Manual

This chapter describes how to configure IP interfaces and general non-protocol-specific routing parameters.

IP Routing Overview

Chapter 3

IP Routing

Configuration

Guide

Internet Protocol (IP) is a packet-based protocol used to exchange data over computer networks. IP handles addressing, routing, fragmentation, reassembly, and protocol demultiplexing. In addition, IP specifies how hosts and routers should process packets, handle errors and discard packets. IP forms the foundation upon which transport layer protocols, such as TCP or UDP, interoperate over a routed network.

The Transmission Control Protocol (TCP) is built upon the IP layer. TCP is a connectionoriented protocol that specifies the data format, buffering and acknowledgments used in the transfer of data. TCP is a full-duplex connection which also specifies the procedures that the computers use to ensure that the data arrives correctly.

The User Datagram Protocol (UDP) provides the primary mechanism that applications use to send datagrams to other application programs. UDP is a connectionless protocol that does not guarantee delivery of datagrams between applications. Applications which use UDP are responsible for ensuring successful data transfer by employing error handling, retransmission and sequencing techniques.

TCP and UDP also specify “ports,” which identify the application which is using TCP/UDP. For example, a web server would typically use TCP/UDP port 80, which specifies HTTP-type traffic.

SmartSwitch Router User Reference Manual 45

Chapter 3: IP Routing Configuration Guide

The SSR supports standards based TCP, UDP, and IP.

IP Routing Protocols

The SSR supports standards based unicast and multicast routing. Unicast routing protocol support include Interior Gateway Protocols and Exterior Gateway Protocols. Multicast routing protocols are used to determine how multicast data is transferred in a routed environment.

Unicast Routing Protocols

Interior Gateway Protocols are used for routing networks that are within an “autonomous system,” a network of relatively limited size. All IP interior gateway protocols must be specified with a list of associated networks before routing activities can begin. A routing process listens to updates from other routers on these networks and broadcasts its own routing information on those same networks. The SSR supports the following Interior Gateway Protocols:

• Routing Information Protocol (RIP) Version 1, 2 (RFC 1058, 1723)

• Open Shortest Path First (OSPF) Version 2 (RFC 1583)

Exterior Gateway Protocols are used to transfer information between different “autonomous systems”. The SSR supports the following Exterior Gateway Protocol:

• Border Gateway Protocol (BGP) Version 3, 4 (RFC 1267, 1771)

Multicast Routing Protocols

IP multicasting allows a host to send traffic to a subset of all hosts. These hosts subscribe to group membership, thus notifying the SSR of participation in a multicast transmission.

Multicast routing protocols are used to determine which routers have directly attached hosts, as specified by IGMP, that have membership to a multicast session. Once host memberships are determined, routers use multicast routing protocols, such as DVMRP, to forward multicast traffic between routers.

The SSR supports the following multicast routing protocols:

• Distance Vector Multicast Routing Protocol (DVMRP) RFC 1075

• Internet Group Management Protocol (IGMP) as described in RFC 2236

The SSR also supports the latest DVMRP Version 3.0 draft specification, which includes mtrace, Generation ID and Pruning/Grafting.

46 SmartSwitch Router User Reference Manual

Chapter 3: IP Routing Configuration Guide

Configuring IP Interfaces and Parameters

This section provides an overview of configuring various IP parameters and setting up IP interfaces.

Configure IP Addresses to Ports

You can configure one IP interface directly to physical ports. Each port can be assigned multiple IP addresses representing multiple subnets connected to the physical port.

To configure an IP interface to a port, enter one of the following commands in Configure mode.

Configure an IP interface to a physical port.

Configure a secondary address to an existing IP interface.

Configure IP Interfaces for a VLAN

You can configure one IP interface per VLAN. Once an IP interface has been assigned to a VLAN, you can add a secondary IP addresses to the VLAN.

To configure a VLAN with an IP interface, enter the following command in Configure mode:

Create an IP interface for a VLAN.

Configure a secondary address to an existing VLAN.

interface create ip

address-mask

interface add ip

address-netmask [broadcast

interface create ip

address-mask

interface add ip

address-netmask vlan

<name>

<ipAddr-mask>

<ipAddr-mask>

port

<ipAddr-mask>

]

vlan

<ipAddr-mask>

<port>

<name>

Specify Ethernet Encapsulation Method

The SmartSwitch Router supports two encapsulation types for IP. You can configure encapsulation type on a per-interface basis.

• Ethernet II: The standard ARPA Ethernet Version 2.0 encapsulation, which uses a 16-

bit protocol type code (the default encapsulation method)

SmartSwitch Router User Reference Manual 47

Chapter 3: IP Routing Configuration Guide

• 802.3 SNAP: SNAP IEEE 802.3 encapsulation, in which the type code becomes the frame length for the IEEE 802.2 LLC encapsulation (destination and source Service Access Points, and a control byte)

To configure IP encapsulation, enter one of the following commands in Configure mode.

Configure Ethernet II encapsulation.

Configure 802.3 SNAP encapsulation.

interface create ip

encapsulation ethernet_II

interface create ip

encapsulation ethernet_snap

Configure Address Resolution Protocol

The SSR allows you to configure Address Resolution Protocol (ARP) table entries and parameters. ARP is used to associate IP addresses with media or MAC addresses. Taking an IP address as input, ARP determines the associated MAC address. Once a media or MAC address is determined, the IP address/media address association is stored in an ARP cache for rapid retrieval. Then the IP datagram is encapsulated in a link-layer frame and sent over the network.

Configure ARP Cache Entries

You can add and delete entries in the ARP cache. To add or delete static ARP entries, enter one of the the following commands in Configure mode:

Add a static ARP entry.

arp add

exit-port

mac-addr

<host>

<port>

output-mac-

<MAC-addr>

Clear a static ARP entry.

arp clear

<host>

Configure Proxy ARP

The SSR can be configured for proxy ARP. The SSR uses proxy ARP (as defined in RFC 1027) to help hosts with no knowledge of routing determine the MAC address of hosts on other networks or subnets. Through Proxy ARP, the SSR will respond to ARP requests from a host with a ARP reply packet containing the SSR MAC address. Proxy ARP is enabled by default on the SSR.

To disable proxy ARP, enter the following command in Configure mode:

Disable Proxy ARP on

ip disable-proxy-arp interface

|all

an interface.

48 SmartSwitch Router User Reference Manual

Configure DNS Parameters

The SSR can be configured to specify DNS servers which supply name services for DNS requests. You can specify up to three DNS servers.

To configure DNS servers, enter the following command in Configure mode:

Chapter 3: IP Routing Configuration Guide

Configure a DNS server.

You can also specify a domain name for the SSR. The domain name is used by the SSR to respond to DNS requests.

To configure a domain name, enter the following command in Configure mode:

Configure a domain name.

Configure IP Services (ICMP)

The SSR provides ICMP message capabilities including ping and traceroute. Ping allows you to determine the reachability of a certain IP host. Traceroute allows you to trace the IP gateways to an IP host.

To access ping or traceroute on the SSR, enter the following commands in Enable mode:

Specify ping.

Specify traceroute.

ping

traceroute

system set dns server

system set dns domain

<hostname-or-IPaddr>

wait

<num>

[size

<num>

[wait-time

[flood] [dontroute]

<host>

[max-ttl

] [source

] [verbose] [noroute]

<secs>

packets

<num>

<secs>

]]

<num>

] [probes

] [tos

<name>

size

<num>

]

Configure IP Helper

You can configure the SSR to forward UDP broadcast packets recieved on a given interface to a specified IP address. You can specify a UDP port number for which UDP broadcast packets with that destination port number will be forwarded. By default, if no UDP port number is specified, the SSR will forward UDP broadcast packets for the following six services:

• BOOTP/DHCP (port 67 and 68)

• DNS (port 37)

• NetBIOS Name Server (port 137)

SmartSwitch Router User Reference Manual 49

Chapter 3: IP Routing Configuration Guide

• NetBIOS Datagram Server (port 138)

• TACACS Server (port 49)

• Time Service (port 37)

To configure a destination to which UDP packets will be forwarded, enter the following command in Configure mode:

Specify local subnet interface, destination “helper” IP address, and UDP port number to forward

Configure Direct Broadcast

You can configure the SSR to forward all directed broadcast traffic from the local subnet to a specified IP address or all associated IP addresses. This is a more efficient method than defining only one local interface and remote IP address destination at a time with the ip- helper command when you are forwarding traffic from more than one interface in the local subnet to a remote destination IP address.

To forward all directed broadcast traffic to a specified IP address, enter the following command in Configure mode:

Forward directed broadcast traffic

Monitor IP Parameters

ip helper-address interface

<helper-address> <udp-port#>

ip enable directed-broadcast interface

|all

<interface-name>

The SSR provides display of IP statistics and configurations contained in the routing table. Information displayed provides routing and performance information.

To display IP information, enter the following command in Enable mode:

Show ARP table entries.

Show IP interface configuration

Show all TCP/UDP connections and services.

Show configuration of IP interfaces.

Show IP routing table information.

50 SmartSwitch Router User Reference Manual

arp show all

interface show ip

ip show connections [no-lookup]

ip show interfaces [

ip show routes

<interface-name>

]

Chapter 3: IP Routing Configuration Guide

Show ARP entries in routing table.

Show DNS parameters.

Configuration Examples

Assigning IP/IPX Interfaces

To enable routing on the SSR, you must assign an IP or IPX interface to a VLAN. To assign an IP or IPX interface named ‘RED’ to the ‘BLUE’ VLAN, enter the following command:

ssr(config)# interface create ip RED address-netmask

10.50.0.1/255.255.0.0 vlan BLUE

You can also assign an IP or IPX interface directly to a physical port. For example, to assign an IP interface ‘RED’ to physical port et.3.4, perform the following:

ssr(config)# interface create ip RED address-netmask

10.50.0.0/255.255.0.0 port et.3.4

ip show routes show-arps

system show dns

SmartSwitch Router User Reference Manual 51

Chapter 3: IP Routing Configuration Guide

52 SmartSwitch Router User Reference Manual

RIP Overview

This chapter describes how to configure Routing Information Protocol (RIP) in the SmartSwitch Router. RIP is a distance-vector routing protocol for use in small networks. RIP is described in RFC 1723. A router running RIP broadcasts updates at set intervals. Each update contains paired values where each pair consists of an IP network address and an integer distance to that network. RIP uses a hop count metric to measure the distance to a destination.

Chapter 4

RIP Configuration

Guide

The SmartSwitch Router provides support for RIP Version 1 and 2. The SSR implements plain text and MD5 authentication methods for RIP Version 2.

The protocol independent features that apply to RIP are described in Chapter 3: “IP

Routing Configuration Guide” on page 45.

Configure RIP

By default, RIP is disabled on the SSR and on each of the attached interfaces. To configure RIP on the SSR, follow these steps:

1. Start the RIP process by entering the rip start command.

2. Use the rip add interface command to inform RIP about the attached interfaces.

SmartSwitch Router User Reference Manual 53

Chapter 4: RIP Configuration Guide

Enabling and Disabling RIP

To enable or disable RIP, enter one of the following commands in Configure mode.

Enable RIP.

Disable RIP.

Configuring RIP Interfaces

To configure RIP in the SSR, you must first add interfaces to inform RIP about attached interfaces.

To add RIP interfaces, enter the following commands in Configure mode.

Add interfaces to the RIP process.

Add gateways from which the SSR will accept RIP updates.

Define the list of routers to which RIP sends packets directly, not through multicast or broadcast.

rip start

rip stop

rip add interface

rip add trusted-gateway

rip add source-gateway

<interfacename-or-IPaddr>

Configure RIP Parameters

No further configuration is required and the system default parameters will be used by RIP to exchange routing information. These default parameters may be modified to suit your needs by using the rip set interface command.

RIP Parameter Default Value

Version number RIP v1

Check-zero for RIP reserved parameters Enabled

Whether RIP packets should be broadcast Choose

Preference for RIP routes 100

Metric for incoming routes 1

Metric for outgoing routes 0

54 SmartSwitch Router User Reference Manual

Chapter 4: RIP Configuration Guide

RIP Parameter Default Value

Authentication None

Update interval 30 seconds

To change RIP parameters, enter the following commands in Configure mode.

Set RIP Version on an interface to RIP V1.

Set RIP Version on an interface to RIP V2.

Specify that RIP V2 packets should be multicast on this interface.

Specify that RIP V2 packets that are RIP V1-compatible should be broadcast on this interface.

Change the metric on incoming RIP routes.

Change the metric on outgoing RIP routes.

Set the authentication method to simple text up to 8 characters.

Set the authentication method to MD5.

rip set interface

version 1

rip set interface

version 2

rip set interface

type multicast

rip set interface

type broadcast

rip set interface

metric-in

rip set interface

metric-out

rip set interface

authentication-method simple

rip set interface

authentication-method md5

<interfacename-or-IPaddr>

<num>

<interfacename-or-IPaddr>

<num>

<interfacename-or-IPaddr>

|all

Specify the metric to be used

rip set default-metric

<num>

when advertising routes that were learned from other protocols.

Configure RIP Route Preference

You can set the preference of routes learned from RIP.

To configure RIP route preference, enter the following command in Configure mode.

Set the preference of routes learned from RIP.

SmartSwitch Router User Reference Manual 55

rip set preference

<num>

Chapter 4: RIP Configuration Guide

Configure RIP Route Default-Metric

You can define the metric used when advertising routes via RIP that were learned from other protocols. The default value for this parameter is 16 (unreachable). To export routes from other protocols into RIP, you must explicitly specify a value for the default-metric parameter. The metric specified by the default-metric parameter may be overridden by a metric specified in the export command.

To configure default-metric, enter the following command in Configure mode.

Define the metric used when advertising routes via RIP that were learned from other protocols.

<num>

For

, you must specify a number between 1 and 16.

Monitoring RIP

The rip trace command can be used to trace all rip request and response packets.

To monitor RIP information, enter the following commands in Enable mode.

Show all RIP information.

Show RIP export policies.

Show RIP global information.

Show RIP import policies.

Show RIP information on the specified interface.

Show RIP interface policy information.

rip set default-metric

rip show all

rip show export-policy

rip show globals

rip show import-policy

rip show interface

rip show interface-policy

<num>

Show detailed information of all RIP

rip trace packets detail

packets

Show detailed information of all packets

rip trace packets receive

received by the router.

Show detailed information of all packets

rip trace packets send

sent by the router.

Show detailed information of all request

rip trace request receive

received by the router.

Show detailed information of all response

rip trace response receive

received by the router.

56 SmartSwitch Router User Reference Manual

Chapter 4: RIP Configuration Guide

Show detailed information of response packets sent by the router.

Show detailed information of request packets sent by the router.

Show RIP timer information.

Configuration Example

SSR 1 SSR 2

Interface 1.1.1.1 Interface 3.2.1.1

! Example configuration ! ! Create interface ssr1-if1 with ip address 1.1.1.1/16 on port et.1.1 on SSR-1 interface create ip ssr1-if1 address-netmask 1.1.1.1/16 port et.1.1 ! ! Configure rip on SSR-1 rip add interface ssr1-if1 rip set interface ssr1-if1 version 2 rip start ! ! ! Set authentication method to md5 rip set interface ssr1-if1 authentication-method md5 ! ! Change default metric-in rip set interface ssr1-if1 metric-in 2 ! ! Change default metric-out rip set interface ssr1-if1 metric-out 3

rip trace response send

rip trace send request

rip show timers

SmartSwitch Router User Reference Manual 57

Chapter 4: RIP Configuration Guide

58 SmartSwitch Router User Reference Manual

OSPF Overview

Open Shortest Path First (OSPF) is a link-state routing protocol that supports IP subnetting and authentication. The SSR supports OSPF Version 2.0 as defined in RFC

1583. Each link-state message contains all the links connected to the router with a specified cost associated with the link.

Chapter 5

OSPF

Configuration

Guide

The SSR supports the following OSPF functions:

• Stub Areas: Definition of stub areas is supported

• Authentication: Simple password and MD5 authentication methods are supported

within an area

• Virtual Links: Virtual links are supported

• Route Redistribution: Routes learned via RIP, BGP, or any other sources can be

redistributed into OSPF. OSPF routes can be redistributed into RIP or BGP

• Interface Parameters: Parameters that can be configured include interface output cost,

retransmission interval, interface transmit delay, router priority, router dead and hello intervals, and authentication key

SmartSwitch Router User Reference Manual 59

Chapter 5: OSPF Configuration Guide

OSPF Multipath

The SSR also supports OSPF and static Multi-path. If multiple equal-cost OSPF or static routes have been defined for any destination, then the SSR “discovers” and uses all of them. The SSR will automatically learn up to four equal-cost OSPF or static routes and retain them in its forwarding information base (FIB). The forwarding module then installs flows for these destinations in a round-robin fashion.

Configure OSPF

To configure OSPF on the SSR, you must enable OSPF, create OSPF areas, assign interfaces to OSPF areas, and, if necessary, specify any of the OSPF interface parameters.

To configure OSPF, you may need to perform some or all of the following tasks:

•Enable OSPF.

• Create OSPF areas.

• Create an IP interface or assign an IP interface to a VLAN.

• Add IP interfaces to OSPF areas.

• Configure OSPF interface parameters, if necessary.

Note:

• Add IP networks to OSPF areas.

• Create virtual links, if necessary.

Enable OSPF

OSPF is disabled by default on the SSR.

To enable or disable OSPF, enter one of the following commands in Configure mode.

Enable OSPF.

By default, the priority of an OSPF router for an interface is set to zero, which makes the router ineligible from becoming a designated router on the network to which the interface belongs. To make the router eligible to become a designated router, you must set the priority to a non-zero value.

The default cost of an OSPF interface is 1. The cost of the interface should be inversely proportional to the bandwidth of the interface; if the SSR has interfaces with differing bandwidths, the OSPF costs should be set accordingly.

ospf start

Disable OSPF.

60 SmartSwitch Router User Reference Manual

ospf stop

Configure OSPF Interface Parameters

You can configure the OSPF interface parameters shown in the table below.

Table 3. OSPF Interface Parameters

OSPF Parameter Default Value

Interface OSPF State (Enable/Disable) Enable (except for virtual links)

Cost 1

No multicast Default is using multicast mechanism.

Retransmit interval 5 seconds

Transit delay 1 second

Priority 0

Hello interval 10 seconds (broadcast), 30 (non broadcast)

Chapter 5: OSPF Configuration Guide

Router dead interval 4 times the hello interval

Poll Interval 120 seconds

Key chain N/A

Authentication Method None

To configure OSPF interface parameters, enter one of the following commands in Configure mode:

Enable OSPF state on interface.

Specify the cost of sending a packet on an OSPF interface.

Specify the priority for determining the designated router on an OSPF

ospf set interface

state disable|enable

ospf set interface

cost

<num>

ospf set interface

priority

<num>

<name-or-IPaddr>

interface.

Specify the interval between OSPF hello packets on an OSPF interface.

Configure the retransmission interval between link state advertisements for

ospf set interface

hello-interval

ospf set interface

retransmit-interval

<name-or-IPaddr>

<num>

<name-or-IPaddr>

<num>

adjacencies belonging to an OSPF interface.

|all

SmartSwitch Router User Reference Manual 61

Chapter 5: OSPF Configuration Guide

Specify the number of seconds required to transmit a link state update on an OSPF interface.

Specify the time a neighbor router will listen for OSPF hello packets before declaring the router down.

Disable IP multicast for sending OSPF packets to neighbors on an OSPF interface.

Specify the poll interval on an OSPF interface.

Specify the identifier of the key chain containing the authentication keys.

Specify the authentication method to be used on this interface.

Configure an OSPF Area

ospf set interface

transit-delay

ospf set interface

router-dead-interval

ospf set interface

no-multicast

ospf set interface

poll-interval

ospf set interface

key-chain

ospf set interface

authentication-method none|simple|md5

<num-or-string>

<name-or-IPaddr>

<num>

<name-or-IPaddr>

<num>

<name-or-IPaddr>

<num>

<name-or-IPaddr>

|all

OSPF areas are a collection of subnets that are grouped in a logical fashion. These areas communicate with other areas via the backbone area. Once OSPF areas are created, you can add interfaces, stub hosts, and summary ranges to the area.

In order to reduce the amount of routing information propagated between areas, you can configure summary-ranges on Area Border Routers (ABRs). On the SSR, summary-ranges are created using the ospf add network command – the networks specified using this command describe the scope of an area. Intra-area Link State Advertisements (LSAs) that fall within the specified ranges are not advertised into other areas as inter-area routes. Instead, the specified ranges are advertised as summary network LSAs.

To create areas and assign interfaces, enter the following commands in the Configure mode.

Create an OSPF area.

Add an interface to an OSPF area.

ospf create area

ospf add interface

[to-area [type broadcast|non-broadcast]

<area-num>

<name-or-IPaddr>

<area-addr>

|backbone

|backbone]

62 SmartSwitch Router User Reference Manual

Chapter 5: OSPF Configuration Guide

Add a stub host to an OSPF area.

Add a network to an OSPF area for summarization.

Configure OSPF Area Parameters

The SSR allows configuration of various OSPF area parameters, including stub areas, stub cost and authentication method. Stub areas are areas into which information on external routes is not sent. Instead, there is a default external route generated by the ABR, into the stub area for destinations outside the autonomous system. Stub cost specifies the cost to be used to inject a default route into a stub area. An authentication method for OSPF packets can be specified on a per-area basis.

To configure OSPF area parameters, enter the following commands in the Configure mode.

Specify an OSPF stub area.

Specify the cost to be used to inject a default route into an area.

ospf add stub-host [to-area

|backbone]

addr>

[cost

ospf add network

<num>

<area-addr>

[host-net]

ospf set area

]

|backbone] [restrict]

<area-num>

stub

<area-num>

<area-

[to-area

stub-cost

<num>

Specify the authentication method to be used by neighboring OSPF routers.

Create Virtual Links

In OSPF, virtual links can be established:

• To connect an area via a transit area to the backbone

• To create a redundant backbone connection via another area

Each Area Border Router must be configured with the same virtual link. Note that virtual links cannot be configured through a stub area.

ospf set area

[authentication-method none|simple|md5]

<area-num>

[stub]

SmartSwitch Router User Reference Manual 63

Chapter 5: OSPF Configuration Guide

To configure virtual links, enter the following commands in the Configure mode.

Create a virtual link.

Set virtual link parameters.

ospf add virtual-link

[transit-area

ospf set virtual-link

[state disable|enable] [cost [retransmit-interval [priority [router-dead-interval

<num>

<number-or -string>

<area-num>

<number-or-string>

] [hello-interval

]

<num>

] [transit-delay

[neighbor

<num>

]

<num>

] [poll-interval

]

<num>

]

Configure Autonomous System External (ASE) Link Advertisements

These parameters specify the defaults used when importing OSPF AS External (ASE) routes into the routing table and exporting routes from the routing table into OSPF ASEs.

To specify AS external link advertisements parameters, enter the following commands in the Configure mode:

Specify the interval which AS external link advertisements will be generated and flooded to an OSPF AS.

Specify the number of AS external link advertisements which will be generated and flooded to an OSPF AS.

ospf set export-interval

ospf set export-limit

<num>

]

Specify AS external link advertisement default parameters.

ospf set ase-defaults [preference

[cost [inherit-metric]

<num>

] [type

<num>

]

<num>

]

Configure OSPF over Non-Broadcast Multiple Access

You can configure OSPF over NBMA circuits to limit the number of Link State Advertisements (LSAs). LSAs are limited to initial advertisements and any subsequent changes. Periodic LSAs over NBMA circuits are suppressed.

To configure OSPF over WAN circuits, enter the following command in Configure mode:

Configure OSPF over a WAN circuit.

64 SmartSwitch Router User Reference Manual

ospf add nbma-neighbor

to-interface

<name-or-IPaddr>

<hostname-or-IPaddr>

[eligible]

Monitoring OSPF

The SSR provides display of OSPF statistics and configurations contained in the routing table. Information displayed provides routing and performance information.

To display OSPF information, enter the following commands in Enable mode.

Chapter 5: OSPF Configuration Guide

Show IP routing table.

Monitor OSPF error conditions.

Show information on all interfaces configured for OSPF.

Display link state advertisement information.

Display the link state database.

Shows information about all OSPF routing neighbors.

Show information on valid next hops.

Display OSPF routing table.

Monitor OSPF statistics for a specified destination.

Shows information about all OSPF routing version

ip show table routing

ospf monitor errors destination

<hostname-or-IPaddr>

ospf monitor interfaces destination

<hostname-or-IPaddr>

ospf monitor lsa destination

<hostname-or-IPaddr>

ospf monitor lsdb destination

<hostname-or-IPaddr>

ospf monitor neighborsdestination

<hostname-or-IPaddr>

ospf monitor next-hop-list

destination

ospf monitor routes destination

<hostname-or-IPaddr>

ospf monitor statistics destination

<hostname-or-IPaddr>

ospf monitor version

Shows OSPF Autonomous System

ospf sbow AS-External-LSDB

External Link State Database.

Show all OSPF tables.

Show all OSPF areas.

Show OSPF errors.

Show information about OSPF export

ospf show all

ospf show areas

ospf show errors

ospf show export-policies

policies.

Shows routes redistributed into OSPF.

Show all OSPF global parameters.

Show information about OSPF import

ospf show exported-routes

ospf show globals

ospf show import-policies

policies.

SmartSwitch Router User Reference Manual 65

Chapter 5: OSPF Configuration Guide

Show OSPF interfaces.

Shows information about all valid next hops mostly derived from the SPF calculation.

Show OSPF statistics.

Shows information about OSPF Border Routes.

Show OSPF timers.

Show OSPF virtual-links.

OSPF Configuration Examples

For all examples in this section, refer to the configuration shown in Figure 1 on page 70.

The following configuration commands for router R1:

• Determine the IP address for each interface

• Specify the static routes configured on the router

ospf show interfaces

ospf show next-hop-list

ospf show statistics

ospf show summary-asb

ospf show timers

ospf show virtual-links

• Determine its OSPF configuration

!++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Create the various IP interfaces. !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface create ip to-r2 address-netmask 120.190.1.1/16 port et.1.2 interface create ip to-r3 address-netmask 130.1.1.1/16 port et.1.3 interface create ip to-r41 address-netmask 140.1.1.1/24 port et.1.4 interface create ip to-r42 address-netmask 140.1.2.1/24 port et.1.5 interface create ip to-r6 address-netmask 140.1.3.1/24 port et.1.6 !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Configure default routes to the other subnets reachable through R2. !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ip add route 202.1.0.0/16 gateway 120.1.1.2 ip add route 160.1.5.0/24 gateway 120.1.1.2 !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! OSPF Box Level Configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ospf start ospf create area 140.1.0.0 ospf create area backbone ospf set ase-defaults cost 4 !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! OSPF Interface Configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ospf add interface 140.1.1.1 to-area 140.1.0.0

66 SmartSwitch Router User Reference Manual

Chapter 5: OSPF Configuration Guide

ospf add interface 140.1.2.1 to-area 140.1.0.0 ospf add interface 140.1.3.1 to-area 140.1.0.0 ospf add interface 130.1.1.1 to-area backbone

Exporting All Interface & Static Routes to OSPF

Router R1 has several static routes. We would export these static routes as type-2 OSPF routes. The interface routes would be redistributed as type-1 OSPF routes.

1. Create a OSPF export destination for type-1 routes since we would like to redistribute

certain routes into OSPF as type 1 OSPF-ASE routes.

ip-router policy create ospf-export-destination ospfExpDstType1 type

1 metric 1

2. Create a OSPF export destination for type-2 routes since we would like to redistribute

certain routes into OSPF as type 2 OSPF-ASE routes.

ip-router policy create ospf-export-destination ospfExpDstType2 type

2 metric 4

3. Create a Static export source since we would like to export static routes.

ip-router policy create static-export-source statExpSrc

4. Create a Direct export source since we would like to export interface/direct routes.

ip-router policy create direct-export-source directExpSrc

5. Create the Export-Policy for redistributing all interface routes and static routes into

OSPF.

ip-router policy export destination ospfExpDstType1 source

directExpSrc network all

ip-router policy export destination ospfExpDstType2 source

statExpSrc network all

Export All RIP, Interface & Static Routes to OSPF

Note: Also export interface, static, RIP, OSPF, and OSPF-ASE routes into RIP.

In the configuration shown in Figure 1 on page 70, suppose if we decide to run RIP Version 2 on network 120.190.0.0/16, connecting routers R1 and R2.

We would like to redistribute these RIP routes as OSPF type-2 routes, and associate the tag 100 with them. Router R1 would also like to redistribute its static routes as type 2 OSPF routes. The interface routes would redistributed as type 1 OSPF routes.

SmartSwitch Router User Reference Manual 67

Chapter 5: OSPF Configuration Guide

Router R1 would like to redistribute its OSPF, OSPF-ASE, RIP, Static and Interface/Direct routes into RIP.

1. Enable RIP on interface 120.190.1.1/16.

rip add interface 120.190.1.1 rip set interface 120.190.1.1 version 2 type multicast

2. Create a OSPF export destination for type-1 routes.

ip-router policy create ospf-export-destination ospfExpDstType1 type

1 metric 1

3. Create a OSPF export destination for type-2 routes.

ip-router policy create ospf-export-destination ospfExpDstType2 type

2 metric 4

4. Create a OSPF export destination for type-2 routes with a tag of 100.

ip-router policy create ospf-export-destination ospfExpDstType2t100

type 2 tag 100 metric 4

5. Create a RIP export source.

ip-router policy export destination ripExpDst source ripExpSrc

network all

6. Create a Static export source.

ip-router policy create static-export-source statExpSrc

7. Create a Direct export source.

ip-router policy create direct-export-source directExpSrc

8. Create the Export-Policy for redistributing all interface, RIP and static routes into OSPF.

ip-router policy export destination ospfExpDstType1 source

directExpSrc network all

ip-router policy export destination ospfExpDstType2 source

statExpSrc network all

ip-router policy export destination ospfExpDstType2t100 source

ripExpSrc network all

68 SmartSwitch Router User Reference Manual

Chapter 5: OSPF Configuration Guide

9. Create a RIP export destination.

ip-router policy create rip-export-destination ripExpDst

10. Create OSPF export source.

ip-router policy create ospf-export-source ospfExpSrc type OSPF

11. Create OSPF-ASE export source.

ip-router policy create ospf-export-source ospfAseExpSrc type OSPF-

ASE

12. Create the Export-Policy for redistributing all interface, RIP, static, OSPF and OSPF-

ASE routes into RIP.

ip-router policy export destination ripExpDst source statExpSrc

network all

ip-router policy export destination ripExpDst source ripExpSrc

network all

ip-router policy export destination ripExpDst source directExpSrc

network all

ip-router policy export destination ripExpDst source ospfExpSrc

network all

ip-router policy export destination ripExpDst source ospfAseExpSrc

network all

SmartSwitch Router User Reference Manual 69

Figure 1. Exporting to OSPF

140.1.4/24

R42

R11

140.1.5/24

140.1.1.2/24

A r e a 140.1.0.0

140.1.1.1/24

140.1.3.1/24

140.1.2.1/24

190.1.1.1/16

120.190.1.1/16

120.190.1.2/16

202.1.2.2/16

R41

(RIP V2)

130.1.1.1/16

160.1.5.2/24

130.1.1.3/16

BGP

A r e a B a c k b o n e

R5 R7

R10

150.20.3.1/16

150.20.3.2/16

A r e a 150.20.0.0

Chapter 5: OSPF Configuration Guide

160.1.5.2/24

70 SmartSwitch Router User Reference Manual

BGP Overview

The Border Gateway Protocol (BGP) is an exterior gateway protocol that allows IP routers to exchange network reachability information. BGP became an internet standard in 1989 (RFC 1105) and the current version, BGP-4, was published in 1994 (RFC 1771). BGP is typically run between Internet Service Providers. It is also frequently used by multihomed ISP customers, as well as in large commercial networks.

Autonomous systems that wish to connect their networks together must agree on a method of exchanging routing information. Interior gateway protocols such as RIP and OSPF may be inadequate for this task since they were not designed to handle multi-AS, policy, and security issues. Similarly, using static routes may not be the best choice for exchanging AS-AS routing information because there may be a large number of routes, or the routes may change often.

Chapter 6

BGP Configuration

Guide

Note:

In an environment where using static routes is not feasible, BGP is often the best choice for an AS-AS routing protocol. BGP prevents the introduction of routing loops created by multi-homed and meshed AS topologies. BGP also provides the ability to create and enforce policies at the AS level, such as selectively determining which AS routes are to be accepted or what routes are to be advertised to BGP peers.

SmartSwitch Router User Reference Manual 71

This chapter uses the term Autonomous System (AS) throughout. An AS is defined as a set of routers under a central technical administration that has a coherent interior routing plan and accurately portrays to other ASs what routing destinations are reachable by way of it.

Chapter 6: BGP Configuration Guide

The SSR BGP Implementation

The SSR routing protocol implementation is based on GateD 4.0.3 code (http://www.gated.org). GateD is a modular software program consisting of core services, a routing database, and protocol modules supporting multiple routing protocols (RIP versions 1 and 2, OSPF version 2, BGP version 2 through 4, and Integrated IS-IS).

Since the SSR IP routing code is based upon GateD, BGP can also be configured using a GateD configuration file (gated.conf) instead of the SSR Command Line Interface (CLI). Additionally, even if the SSR is configured using the CLI, the gated.conf equivalent can be displayed by entering the ip-router show configuration-file command at the SSR Enable prompt.

VLANs, interfaces, ACLs, and many other SSR configurable entities and functionality can only be configured using the SSR CLI. Therefore, a gated.conf file is dependent upon some SSR CLI configuration.

Basic BGP Tasks

This section describes the basic tasks necessary to configure BGP on the SSR. Due to the abstract nature of BGP, many BGP designs can be extremely complex. For any one BGP design challenge, there may only be one solution out of many that is relevant to common practice.

When designing a BGP configuration, it may be prudent to refer to information in RFCs, Internet drafts, and books about BGP. Some BGP designs may also require the aid of an experienced BGP network consultant.

Basic BGP configuration involves the following tasks:

• Setting the autonomous system number

• Setting the router ID

• Creating a BGP peer group

• Adding a BGP peer host

• Starting BGP

• Using AS path regular expressions

• Using AS path prepend

72 SmartSwitch Router User Reference Manual

Setting the Autonomous System Number

An autonomous system number identifies your autonomous system to other routers. To set the SSR’s autonomous system number, enter the following command in Configure mode.

Chapter 6: BGP Configuration Guide

Set the SSR’s autonomous system number

The autonomous-system <num1> parameter sets the AS number for the router. Specify a number from 1–65534. The loops <num2> parameter controls the number of times the AS may appear in the as-path. The default is 1.

Setting the Router ID

The router ID uniquely identifies the SSR. To set the router ID to be used by BGP, enter the following command in Configure mode.

Set the SSR’s router ID ip-router global set router-id <hostname-or-IPaddr>

If you do not explicitly specify the router ID, then an ID is chosen implicitly by the SSR. A secondary address on the loopback interface (the primary address being 127.0.0.1) is the most preferred candidate for selection as the SSR’s router ID. If there are no secondary addresses on the loopback interface, then the default router ID is set to the address of the first interface that is in the up state that the SSR encounters (except the interface en0, which is the Control Module’s interface). The address of a non point-to-point interface is preferred over the local address of a point-to-point interface. If the router ID is implicitly chosen to be the address of a non-loopback interface, and if that interface were to go down, then the router ID is changed. When the router ID changes, an OSPF router has to flush all its LSAs from the routing domain.

ip-router global set autonomous-system <num1>

loops <num2>

If you explicitly specify a router ID, then it would not change, even if all interfaces were to go down.

Configuring a BGP Peer Group

A BGP peer group is a group of neighbor routers that have the same update policies. To configure a BGP peer group, enter the following command in Configure mode:

Configure a BGP peer group bgp create peer-group <number-or-string>

SmartSwitch Router User Reference Manual 73

Chapter 6: BGP Configuration Guide

where:

peer-group <number-or-string>

Is a group ID, which can be a number or a character string.

type Specifies the type of BGP group you are adding. You can specify one of the

following:

external In the classic external BGP group, full policy checking is applied to all

incoming and outgoing advertisements. The external neighbors must be directly reachable through one of the machine's local interfaces.

routing An internal group which uses the routes of an interior protocol to

resolve forwarding addresses. Type Routing groups will determine the immediate next hops for routes by using the next hop received with a route from a peer as a forwarding address, and using this to look up an immediate next hop in an IGP’s routes. Such groups support distant peers, but need to be informed of the IGP whose routes they are using to determine immediate next hops. This implementation comes closest to the IBGP implementation of other router vendors.

internal An internal group operating where there is no IP-level IGP, for example

an SMDS network. Type Internal groups expect all peers to be directly attached to a shared subnet so that, like external peers, the next hops received in BGP advertisements may be used directly for forwarding. All Internal group peers should be L2 adjacent.

igp An internal group operating where there is no IP-level IGP; for

example, an SMDS network.

autonomous-system <number>

Specifies the autonomous system of the peer group. Specify a number from 1 –

65534.

proto Specifies the interior protocol to be used to resolve BGP next hops. Specify one of

the following:

any Use any igp to resolve BGP next hops.

rip Use RIP to resolve BGP next hops.

ospf Use OSPF to resolve BGP next hops.

static Use static to resolve BGP next hops.

interface <name-or-IPaddr> | all

Interfaces whose routes are carried via the IGP for which third-party next hops may be used instead. Use only for type Routing group. Specify the interface or all for all interfaces.

74 SmartSwitch Router User Reference Manual

Adding a BGP Peer

There are two ways to add BGP peers to peer groups. You can explicitly add a peer host, or you can add a network. Adding a network allows for peer connections from any addresses in the range of network and mask pairs specified in the bgp add network command.

To add BGP peers to BGP peer groups, enter one of the following commands in Configure mode.

Chapter 6: BGP Configuration Guide

Add a host to a BGP peer group.

Add a network to a BGP peer group.

bgp add peer-host <ipaddr> group <number-or-string>

bgp add network <ip-addr-mask>|all group <number-

Starting BGP

BGP is disabled by default. To start BGP, enter the following command in Configure mode.

Start BGP bgp start

Using AS-Path Regular Expressions

An AS-path regular expression is a regular expression where the alphabet is the set of AS numbers. An AS-path regular expression is composed of one or more AS-path expressions. An AS-path expression is composed of AS path terms and AS-path operators.

An AS path term is one of the following three objects:

or-string>

autonomous_system

Is any valid autonomous system number, from one through 65534 inclusive.

. (dot)

Matches any autonomous system number.

( aspath_regexp )

Parentheses group subexpressions. An operator, such as * or ? works on a single element or on a regular expression enclosed in parentheses

An AS-path operator is one of the following:

aspath_term {m,n}

A regular expression followed by {m,n} (where m and n are both non-negative integers and m <= n) means at least m and at most n repetitions.

SmartSwitch Router User Reference Manual 75

Chapter 6: BGP Configuration Guide

aspath_term {m}

A regular expression followed by {m} (where m is a positive integer) means exactly m repetitions.

aspath_term {m,}

A regular expression followed by {m,} (where m is a positive integer) means m or more repetitions.

aspath_term *

An AS path term followed by * means zero or more repetitions. This is shorthand for {0,}.

aspath_term +

A regular expression followed by + means one or more repetitions. This is shorthand for {1,}.

aspath_term ?

A regular expression followed by ? means zero or one repetition. This is shorthand for {0,1}.

aspath_term | aspath_term

Matches the AS term on the left, or the AS term on the right.

For example:

(4250 .*) Means anything beginning with 4250

(.* 6301 .*) Means anything with 6301.

(.* 4250) Means anything ending with 4250.

(. * 1104|1125|1888|1135 .*)

Means anything containing 1104 or 1125 or 1888 or 1135.

AS-path regular expressions are used as one of the parameters for determining which routes are accepted and which routes are advertised.

AS-Path Regular Expression Examples

To import MCI routes with a preference of 165:

ip-router policy create bgp-import-source mciRoutes aspath-regular-

expression "(.* 3561 .*)" origin any sequence-number 10

ip-router policy import source mciRoutes network all preference 165

76 SmartSwitch Router User Reference Manual

To import all routes (.* matches all AS paths) with the default preference:

ip-router policy create bgp-import-source allOthers aspath-regular-

expression "(.*)" origin any sequence-number 20

ip-router policy import source allOthers network all

To export all active routes from 284 or 813 or 814 or 815 or 816 or 3369 or 3561 to autonomous system 64800.

ip-router policy create bgp-export-destination to-64800 autonomous-

system 64800

ip-router policy create aspath-export-source allRoutes aspath-regular-

expression "(.*(284|813|814|815|816|3369|3561) .*)" origin any protocol all

ip-router policy export destination to-64800 source allRoutes network

all

Using the AS Path Prepend Feature

Chapter 6: BGP Configuration Guide

When BGP compares two advertisements of the same prefix that have differing AS paths, the default action is to prefer the path with the lowest number of transit AS hops; in other words, the preference is for the shorter AS path length. The AS path prepend feature is a way to manipulate AS path attributes to influence downstream route selection. AS path prepend involves inserting the originating AS into the beginning of the AS prior to announcing the route to the exterior neighbor.

Lengthening the AS path makes the path less desirable than would otherwise be the case. However, this method of influencing downstream path selection is feasible only when comparing prefixes of the same length because an instance of a more specific prefix always is preferable.

On the SSR, the number of instances of an AS that are put in the route advertisement is controlled by the as-count option of the bgp set peer-host command.

The following is an example:

# # insert two instances of the AS when advertising the route to this peer # bgp set peer-host 194.178.244.33 group nlnet as-count 2 # # insert three instances of the AS when advertising the route to this # peer # bgp set peer-host 194.109.86.5 group webnet as-count 3

SmartSwitch Router User Reference Manual 77

Chapter 6: BGP Configuration Guide

Notes on Using the AS Path Prepend Feature

• Use the as-count option for external peer-hosts only.

•If the as-count option is entered for an active BGP session, routes will not be resent to reflect the new setting. To have routes reflect the new setting, you must restart the peer session. To do this:

a. Enter Configure mode.

b. Negate the command that adds the peer-host to the peer-group. (If this causes the

number of peer-hosts in the peer-group to drop to zero, then you must also negate the command that creates the peer group.)

c. Exit Configure mode.

d. Re-enter Configure mode.

e. Add the peer-host back to the peer-group.

If the as-count option is part of the startup configuration, the above steps are unnecessary.

BGP Configuration Examples

This section presents sample configurations illustrating BGP features. The following features are demonstrated:

• BGP peering

• Internal BGP (IBGP)

• External BGP (EBGP) multihop

• BGP community attribute

• BGP local preference (local_pref) attribute

• BGP Multi-Exit Discriminator (MED) attribute

• EBGP aggregation

• Route reflection

BGP Peering Session Example

The router process used for a specific BGP peering session is known as a BGP speaker. A single router can have several BGP speakers. Successful BGP peering depends on the establishment of a neighbor relationship between BGP speakers. The first step in creating

78 SmartSwitch Router User Reference Manual

Chapter 6: BGP Configuration Guide

a BGP neighbor relationship is the establishment of a TCP connection (using TCP port

179) between peers.

A BGP Open message can then be sent between peers across the TCP connection to establish various BGP variables (BGP Version, AS number (ASN), hold time, BGP identifier, and optional parameters). Upon successful completion of the BGP Open negotiations, BGP Update messages containing the BGP routing table can be sent between peers.

BGP does not require a periodic refresh of the entire BGP routing table between peers. Only incremental routing changes are exchanged. Therefore, each BGP speaker is required to retain the entire BGP routing table of their peer for the duration of the peer’s connection.

BGP “keepalive” messages are sent between peers periodically to ensure that the peers stay connected. If one of the routers encounter a fatal error condition, a BGP notification message is sent to its BGP peer and the TCP connection is closed.

Figure 2 illustrates a sample BGP peering session.

AS-1

SSR1

1.1

10.0.0.1/16

AS-2

10.0.0.2/16

Legend:

Physical Link

Figure 2. Sample BGP Peering Session

SSR2

1.1

Peering Relationship

SmartSwitch Router User Reference Manual 79

Chapter 6: BGP Configuration Guide

The CLI configuration for router SSR1 is as follows:

interface create ip et.1.1 address-netmask 10.0.0.1/16 port et.1.1 # # Set the AS of the router # ip-router global set autonomous-system 1 # # Set the router ID # ip-router global set router-id 10.0.0.1 # # Create EBGP peer group pg1w2 for peering with AS 2 # bgp create peer-group pg1w2 type external autonomous-system 2 # # Add peer host 10.0.0.2 to group pg1w2 # bgp add peer-host 10.0.0.2 group pg1w2 bgp start

The gated.conf file for router SSR1 is as follows:

autonomoussystem 1 ; routerid 10.0.0.1 ; bgp yes { group type external peeras 2 { peer 10.0.0.2 ; }; };

The CLI configuration for router SSR2 is as follows:

interface create ip et.1.1 address-netmask 10.0.0.2/16 port et.1.1 ip-router global set autonomous-system 2 ip-router global set router-id 10.0.0.2 bgp create peer-group pg2w1 type external autonomous-system 1 bgp add peer-host 10.0.0.1 group pg2w1 bgp start

80 SmartSwitch Router User Reference Manual

The gated.conf file for router SSR2 is as follows:

autonomoussystem 2 ; routerid 10.0.0.2 ; bgp yes { group type external peeras 1 { peer 10.0.0.1 ; }; };

IBGP Configuration Example

Connections between BGP speakers within the same AS are referred to as internal links. A peer in the same AS is an internal peer. Internal BGP is commonly abbreviated IBGP; external BGP is EBGP.

An AS that has two or more EBGP peers is referred to as a multihomed AS. A multihomed AS can “transit” traffic between two ASs by advertising to one AS routes that it learned from the other AS. To successfully provide transit services, all EBGP speakers in the transit AS must have a consistent view of all of the routes reachable through their AS.

Chapter 6: BGP Configuration Guide

Multihomed transit ASs can use IBGP between EBGP-speaking routers in the AS to synchronize their routing tables. IBGP requires a full-mesh configuration; all EBGP speaking routers must have an IBGP peering session with every other EBGP speaking router in the AS.

An IGP, like OSPF, could possibly be used instead of IBGP to exchange routing information between EBGP speakers within an AS. However, injecting full Internet routes (50,000+ routes) into an IGP puts an expensive burden on the IGP routers. Additionally, IGPs cannot communicate all of the BGP attributes for a given route. It is therefore recommended that an IGP not be used to propagate full Internet routes between EBGP speakers. IBGP should be used instead.

IBGP Routing Group Example

An IBGP Routing group uses the routes of an interior protocol to resolve forwarding addresses. An IBGP Routing group will determine the immediate next hops for routes by using the next hop received with a route from a peer as a forwarding address, and using this to look up an immediate next hop in an IGP’s routes. Such groups support distant peers, but need to be informed of the IGP whose routes they are using to determine immediate next hops. This implementation comes closest to the IBGP implementation of other router vendors.

You should use the IBGP Routing group as the mechanism to configure the SSR for IBGP. If the peers are directly connected, then IBGP using group-type Internal can also be used.

SmartSwitch Router User Reference Manual 81

Chapter 6: BGP Configuration Guide

Note that for running IBGP using group-type Routing you must run an IGP such as OSPF to resolve the next hops that come with external routes. You could also use protocol any so that all protocols are eligible to resolve the BGP forwarding address.

Figure 3 shows a sample BGP configuration that uses the Routing group type.

AS-64801

10.12.1.2/30

172.23.1.5/30

Figure 3. Sample IBGP Configuration (Routing Group Type)

10.12.1.1/30

SSR4

172.23.1.6/30

lo0 172.23.1.25/30

OSPF

lo0 172.23.1.26/30

Cisco

IBGP

SSR6

10.12.1.6/30

10.12.1.5/30

SSR1

172.23.1.10/30

172.23.1.9/30

82 SmartSwitch Router User Reference Manual

Chapter 6: BGP Configuration Guide

In this example, OSPF is configured as the IGP in the autonomous system. The following lines in the router SSR6 configuration file configure OSPF:

# # Create a secondary address for the loopback interface # interface add ip lo0 address-netmask 172.23.1.26/30 ospf create area backbone ospf add interface to-SSR4 to-area backbone ospf add interface to-SSR1 to-area backbone # # This line is necessary because we want CISCO to peer with our loopback # address.This will make sure that the loopback address gets announced # into OSPF domain # ospf add stub-host 172.23.1.26 to-area backbone cost 1 ospf set interface to-SSR4 priority 2 ospf set interface to-SSR1 priority 2 ospf set interface to-SSR4 cost 2 ospf start

The following lines in the Cisco router configure OSPF:

The following lines on the CISCO 4500 configures it for OSPF. router ospf 1 network 10.12.1.1 0.0.0.0 area 0 network 10.12.1.6 0.0.0.0 area 0 network 172.23.1.14 0.0.0.0 area 0

The following lines in the SSR6 set up peering with the Cisco router using the Routing group type.

# Create a internal routing group. bgp create peer-group ibgp1 type routing autonomous-system 64801 proto any interface all # Add CISCO to the above group bgp add peer-host 172.23.1.25 group ibgp1 # Set our local address. This line is necessary because we want CISCO to # peer with our loopback bgp set peer-group ibgp1 local-address 172.23.1.26 # Start BGP bgp start

SmartSwitch Router User Reference Manual 83

Chapter 6: BGP Configuration Guide

The following lines on the Cisco router set up IBGP peering with router SSR6.

router bgp 64801 ! ! Disable synchronization between BGP and IGP ! no synchronization neighbor 172.23.1.26 remote-as 64801 ! ! Allow internal BGP sessions to use any operational interface for TCP ! connections ! neighbor 172.23.1.26 update-source Loopback0

IBGP Internal Group Example

The IBGP Internal group expects all peers to be directly attached to a shared subnet so that, like external peers, the next hops received in BGP advertisements may be used directly for forwarding. All Internal group peers should be L2 adjacent.

84 SmartSwitch Router User Reference Manual

Chapter 6: BGP Configuration Guide

Figure 4 illustrates a sample IBGP Internal group configuration.

AS-1

16.122.128.8/24 16.122.128.9/24

16.122.128.1/24 16.122.128.1/24

SSR2SSR1

17.122.128.1/24

17.122.128.2/24

Legend:

Physical Link

Peering Relationship

Figure 4. Sample IBGP Configuration (Internal Group Type)

The CLI configuration for router SSR1 is as follows:

ip-router global set autonomous-system 1 bgp create peer-group int-ibgp-1 type internal autonomous-system 1 bgp add peer-host 16.122.128.2 group int-ibgp-1 bgp add peer-host 16.122.128.8 group int-ibgp-1 bgp add peer-host 16.122.128.9 group int-ibgp-1

SmartSwitch Router User Reference Manual 85

Chapter 6: BGP Configuration Guide

The gated.conf file for router SSR1 is as follows:

autonomoussystem 1 ;

routerid 16.122.128.1 ;

bgp yes { traceoptions aspath detail packets detail open detail update ;

group type internal peeras 1 { peer 16.122.128.2 ; peer 16.122.128.8 ; peer 16.122.128.9 ; }; };

The CLI configuration for router SSR2 is as follows:

ip-router global set autonomous-system 1 bgp create peer-group int-ibgp-1 type internal autonomous-system 1 bgp add peer-host 16.122.128.1 group int-ibgp-1 bgp add peer-host 16.122.128.8 group int-ibgp-1 bgp add peer-host 16.122.128.9 group int-ibgp-1

The gated.conf file for router SSR2 is as follows:

autonomoussystem 1 ;

routerid 16.122.128.2 ;

bgp yes { traceoptions aspath detail packets detail open detail update ;

group type internal peeras 1 { peer 16.122.128.1 ; peer 16.122.128.8 ; peer 16.122.128.9 ; }; };

86 SmartSwitch Router User Reference Manual

Chapter 6: BGP Configuration Guide

The configuration for router C1 (a Cisco router) is as follows:

router bgp 1 no synchronization network 16.122.128.0 mask 255.255.255.0 network 17.122.128.0 mask 255.255.255.0 neighbor 16.122.128.1 remote-as 1 neighbor 16.122.128.1 next-hop-self neighbor 16.122.128.1 soft-reconfiguration inbound neighbor 16.122.128.2 remote-as 1 neighbor 16.122.128.2 next-hop-self neighbor 16.122.128.2 soft-reconfiguration inbound neighbor 16.122.128.9 remote-as 1 neighbor 16.122.128.9 next-hop-self neighbor 16.122.128.9 soft-reconfiguration inbound neighbor 18.122.128.4 remote-as 4

The configuration for router C2 (a Cisco router) is as follows:

router bgp 1 no synchronization network 16.122.128.0 mask 255.255.255.0 network 17.122.128.0 mask 255.255.255.0 neighbor 14.122.128.5 remote-as 5 neighbor 16.122.128.1 remote-as 1 neighbor 16.122.128.1 next-hop-self neighbor 16.122.128.1 soft-reconfiguration inbound neighbor 16.122.128.2 remote-as 1 neighbor 16.122.128.2 next-hop-self neighbor 16.122.128.2 soft-reconfiguration inbound neighbor 16.122.128.8 remote-as 1 neighbor 16.122.128.8 next-hop-self neighbor 16.122.128.8 soft-reconfiguration inbound

EBGP Multihop Configuration Example

EBGP Multihop refers to a configuration where external BGP neighbors are not connected to the same subnet. Such neighbors are logically, but not physically connected. For example, BGP can be run between external neighbors across non-BGP routers. Some additional configuration is required to indicate that the external peers are not physically attached.

SmartSwitch Router User Reference Manual 87

Chapter 6: BGP Configuration Guide

This sample configuration shows External BGP peers, SSR1 and SSR4, which are not connected to the same subnet.

AS-64800

SSR1

16.122.128.1/16

16.122.128.3/16

SSR2

17.122.128.4/16

SSR3

17.122.128.3/16

18.122.128.3/16

AS-64801

18.122.128.4/16

Legend:

Physical Link

SSR4

Peering Relationship

The CLI configuration for router SSR1 is as follows:

bgp create peer-group ebgp_multihop autonomous-system 64801 type external bgp add peer-host 18.122.128.2 group ebgp_multihop ! ! Specify the gateway option, which indicates EBGP multihop. Set the ! gateway option to the address of the router that has a route to the ! peer. ! bgp set peer-host 18.122.128.2 gateway 16.122.128.3 group ebgp_multihop

88 SmartSwitch Router User Reference Manual

The gated.conf file for router SSR1 is as follows:

autonomoussystem 64800 ;

routerid 0.0.0.1 ;

bgp yes { traceoptions state ;

group type external peeras 64801 { peer 18.122.128.2 gateway 16.122.128.3 ; }; };

static {

18.122.0.0 masklen 16 gateway 16.122.128.3 ; };

Chapter 6: BGP Configuration Guide

The CLI configuration for router SSR2 is as follows:

interface create ip to-R1 address-netmask 16.122.128.3/16 port et.1.1 interface create ip to-R3 address-netmask 17.122.128.3/16 port et.1.2 # # Static route needed to reach 18.122.0.0/16 # ip add route 18.122.0.0/16 gateway 17.122.128.4

The gated.conf file for router SSR2 is as follows:

static {

18.122.0.0 masklen 16 gateway 17.122.128.4 ; };

The CLI configuration for router SSR3 is as follows:

interface create ip to-yago3 address-netmask 17.122.128.4/16 port et.4.2 interface create ip to-yago2 address-netmask 18.122.128.4/16 port et.4.4 ip add route 16.122.0.0/16 gateway 17.122.128.3

SmartSwitch Router User Reference Manual 89

Chapter 6: BGP Configuration Guide

The gated.conf file for router SSR3 is as follows:

static {

16.122.0.0 masklen 16 gateway 17.122.128.3 ; };

The CLI configuration for router SSR4 is as follows:

The gated.conf file for router SSR4 is as follows:

autonomoussystem 64800 ;

routerid 0.0.0.1 ;

bgp yes { traceoptions state ;

group type external peeras 64801 { peer 18.122.128.2 gateway 16.122.128.3

Community Attribute Example

The following configuration illustrates the BGP community attribute. Community is specified as one of the parameters in the optional attributes list option of the ip-router policy create command.

Figure 5 shows a BGP configuration where the specific community attribute is used. Figure 6 shows a BGP configuration where the well-known community attribute is used.

90 SmartSwitch Router User Reference Manual

Chapter 6: BGP Configuration Guide

AS-64901

ISP1

R11

1.1

192.168.20.2/16

1.6

172.25.1.1/16

AS-64902

172.25.1.2/16

172.26.1.2/16

AS-64900 AS-64899

192.168.20.1/16 172.26.1.1/16

100.200.12.1/24

100.200.13.1/24

1.1

1.3

1.6

R10

192.169.20.1/16 192.169.20.2/16

1.8

CS1 CS2

ISP2

1.1

1.6

R13

1.6

1.8

R14

10.200.14.1/24

1.1

10.200.15.1/24

1.3

Legend:

Physical Link

Peering Relationship

Information Flow

Figure 5. Sample BGP Configuration (Specific Community)

SmartSwitch Router User Reference Manual 91

Chapter 6: BGP Configuration Guide

AS-64901

AS-64900

100.200.12.20/24

100.200.13.1/24

SSR11

172.25.1.1/16

192.168.20.2/16

192.168.20.1/16

SSR10

AS-64902

Legend:

ISP2

SSR13

Physical Link

Peering Relationship

Information Flow

10.220.1.1/16172.25.1.2/16

Figure 6. Sample BGP Configuration (Well-Known Community)

The Community attribute can be used in three ways:

1. In a BGP Group statement: Any packets sent to this group of BGP peers will have the communities attribute in the BGP packet modified to be this communities attribute value from this AS.

2. In an Import Statement: Any packets received from a BGP peer will be checked for the community attribute. The optional-attributes-list option of the ip-router policy create command allows the specification of an import policy based on optional path attributes (for instance, the community attribute) found in the BGP update. If multiple communities are specified in the optional-attributes-list option, only updates carrying all of the specified communities will be matched. If well-known-community none is specified, only updates lacking the community attribute will be matched.

Note that it is quite possible for several BGP import clauses to match a given update. If more than one clause matches, the first matching clause will be used; all later matching clauses will be ignored. For this reason, it is generally desirable to order import clauses from most to least specific. An import clause without an optional- attributes-list option will match any update with any (or no) communities.

92 SmartSwitch Router User Reference Manual

Chapter 6: BGP Configuration Guide

In Figure 6, router SSR11 has the following configuration:

# # Create an optional attribute list with identifier color1 for a community # attribute (community-id 160 AS 64901) # ip-router policy create optional-attributes-list color1 community-id 160

autonomous-system 64901 # # Create an optional attribute list with identifier color2 for a community # attribute (community-id 155 AS 64901) # ip-router policy create optional-attributes-list color2 community-id 155

autonomous-system 64901 # # Create a BGP import source for importing routes from AS 64900 containing the # community attribute (community-id 160 AS 64901). This import source is given an # identifier 901color1 and sequence-number 1. # ip-router policy create bgp-import-source 901color1 optional-attributes-list

color1 autonomous-system 64900 sequence-number 1 ip-router policy create bgp-import-source 901color2 optional-attributes-list

color2 autonomous-system 64900 sequence-number 2 ip-router policy create bgp-import-source 901color3 optional-attributes-list

color1 autonomous-system 64902 sequence-number 3 ip-router policy create bgp-import-source 901color4 optional-attributes-list

color2 autonomous-system 64902 sequence-number 4 # # Import all routes matching BGP import source 901color1 (from AS 64900 having # community attribute with ID 160 AS 64901) with a preference of 160 # ip-router policy import source 901color1 network all preference 160 ip-router policy import source 901color2 network all preference 155 ip-router policy import source 901color3 network all preference 160 ip-router policy import source 901color4 network all preference 155

SmartSwitch Router User Reference Manual 93

Chapter 6: BGP Configuration Guide

In Figure 6, router SSR13 has the following configuration:

ip-router policy create optional-attributes-list color1 community-id 160

autonomous-system 64902

ip-router policy create optional-attributes-list color2 community-id 155

autonomous-system 64902

ip-router policy create bgp-import-source 902color1 optional-attributes-list

color1 autonomous-system 64899 sequence-number 1

ip-router policy create bgp-import-source 902color2 optional-attributes-list

color2 autonomous-system 64899 sequence-number 2

ip-router policy create bgp-import-source 902color3 optional-attributes-list

color1 autonomous-system 64901 sequence-number 3

ip-router policy create bgp-import-source 902color4 optional-attributes-list

color2 autonomous-system 64901 sequence-number 4 ip-router policy import source 902color1 network all preference 160 ip-router policy import source 902color2 network all preference 155 ip-router policy import source 902color3 network all preference 160 ip-router policy import source 902color4 network all preference 155

3. In an Export Statement: The optional-attributes-list option of the ip-router policy create bgp-export-destination command may be used to send the BGP community

attribute. Any communities specified with the optional-attributes-list option are sent in addition to any received in the route or specified with the group.

94 SmartSwitch Router User Reference Manual

Chapter 6: BGP Configuration Guide

In Figure 6, router SSR10 has the following configuration:

# # Create an optional attribute list with identifier color1 for a community # attribute (community-id 160 AS 64902) # ip-router policy create optional-attributes-list color1 community-id 160

autonomous-system 64902 # # Create an optional attribute list with identifier color2 for a community # attribute (community-id 155 AS 64902) # ip-router policy create optional-attributes-list color2 community-id 155

autonomous-system 64902 # # Create a direct export source # ip-router policy create direct-export-source 900toanydir metric 10 # # Create BGP export-destination for exporting routes to AS 64899 containing the # community attribute (community-id 160 AS 64902). This export-destination has an # identifier 900to899dest # ip-router policy create bgp-export-destination 900to899dest autonomous-system

64899 optional-attributes-list color1 ip-router policy create bgp-export-destination 900to901dest autonomous-system

64901 optional-attributes-list color2 # # Export routes to AS 64899 with the community attribute (community-id 160 AS # 64902) # ip-router policy export destination 900to899dest source 900toanydir network all ip-router policy export destination 900to901dest source 900toanydir network all

In Figure 6, router SSR14 has the following configuration:

ip-router policy create bgp-export-destination 899to900dest autonomous-system

64900 optional-attributes-list color1 ip-router policy create bgp-export-destination 899to902dest autonomous-system

64902 optional-attributes-list color2 ip-router policy create bgp-export-source 900toany autonomous-system 64900 metric

10 ip-router policy create optional-attributes-list color1 community-id 160

autonomous-system 64901 ip-router policy create optional-attributes-list color2 community-id 155

autonomous-system 64901 ip-router policy export destination 899to900dest source 899toanydir network all ip-router policy export destination 899to902dest source 899toanydir network all

Any communities specified with the optional-attributes-list option are sent in addition to any received with the route or associated with a BGP export destination.

SmartSwitch Router User Reference Manual 95

Chapter 6: BGP Configuration Guide

The community attribute may be a single community or a set of communities. A maximum of 10 communities may be specified.

The community attribute can take any of the following forms:

• Specific community

The specific community consists of the combination of the AS-value and community ID.

• Well-known-community no-export

Well-known-community no-export is a special community which indicates that the routes associated with this attribute must not be advertised outside a BGP confederation boundary. Since the SSR’s implementation does not support Confederations, this boundary is an AS boundary.

For example, router SSR10 in Figure 6 has the following configuration:

ip-router policy create optional-attributes-list noexport well-known-

community no-export

ip-router policy create bgp-export-destination 900to901dest autonomous-

system 64901 optional-attributes-list noexport

ip-router policy export destination 900to901dest source 900to901src

network all

ip-router policy export destination 900to901dest source 900to901dir

network all

• Well-known-community no-advertise

Well-known-community no-advertise is a special community indicating that the routes associated with this attribute must not be advertised to other bgp peers. A packet can be modified to contain this attribute and passed to its neighbor. However, if a packet is received with this attribute, it cannot be transmitted to another BGP peer.

• Well-known-community no-export-subconfed

Well-known-community no-export-subconfed is a special community indicating the routes associated with this attribute must not be advertised to external BGP peers. (This includes peers in other members’ autonomous systems inside a BGP confederation.)

A packet can be modified to contain this attribute and passed to its neighbor. However, if a packet is received with this attribute, the routes (prefix-attribute pair) cannot be advertised to an external BGP peer.

• Well-known-community none

This is not actually a community, but rather a keyword that specifies that a received BGP update is only to be matched if no communities are present. It has no effect when originating communities.

96 SmartSwitch Router User Reference Manual

Notes on Using Communities

When originating BGP communities, the set of communities that is actually sent is the union of the communities received with the route (if any), those specified in group policy (if any), and those specified in export policy (if any).

When receiving BGP communities, the update is only matched if all communities specified in the optional-attributes-list option of the ip-router policy create command are present in the BGP update. (If additional communities are also present in the update, it will still be matched.)

Local_Pref Attribute Example

Figure 7 shows a BGP configuration that uses the BGP local preference (Local_Pref)

attribute in a sample BGP configuration with two autonomous systems.

The local preference is not set directly in the CLI, but rather is a function of the GateD preference and setpref metric. The setpref option allows GateD to set the local preference to reflect GateD's own internal preference for the route, as given by the global protocol preference value. The setpref option may be used with routing or internal type groups. BGP routes with a larger Local_Pref are preferred.

Chapter 6: BGP Configuration Guide

The formula used to compute the local preference is as follows:

Local_Pref = 254 – (global protocol preference for this route) + set preference metric

Note: A value greater than 254 will be reset to 254. GateD will only send Local_Pref

values between 0 and 254.

In a mixed GateD and non-GateD network, the non-GateD IBGP implementation may send Local_Pref values that are greater than 254. When operating a mixed network of this type, you should make sure that all routers are restricted to sending Local_Pref values in the range metric to 254.

SmartSwitch Router User Reference Manual 97

Chapter 6: BGP Configuration Guide

In the sample network in Figure 7, all the traffic exits Autonomous System 64901 through the link between router SSR13 and router SSR11. This is accomplished by setting the Local_Pref attribute.

10.200.12.1/24 10.200.13.1/24 10.200.14.1/24 10.200.15.1/24

AS-64900

1.1 1.3

SSR10

1.6

192.168.20.1/16

192.169.20.1/16

192.169.20.2/16

172.28.1.1/16

1.1 1.3

SSR11

1.6

EBGP EBGP

192.168.20.2/16

1.1

SSR12 SSR13

1.3

1.6

172.25.1.1/16

172.26.1.1/16

172.26.1.2/16

172.27.1.2/16

172.28.1.2/16

172.25.1.2/16

172.27.1.1/16

1.1

1.3

1.6

SSR14

1.3 1.1

AS-64901

Legend:

Physical Link

Peering Relationship

Information Flow

Figure 7. Sample BGP Configuration (Local_Pref Attribute)

98 SmartSwitch Router User Reference Manual

In router SSR12’s CLI configuration file, the import preference is set to 160:

# # Set the set-pref metric for the IBGP peer group # bgp set peer-group as901 set-pref 100 ip-router policy create bgp-import-source as900 autonomous-system 64900

preference 160

Using the formula for local preference [Local_Pref = 254 - (global protocol preference for this route) + metric], the Local_Pref value put out by router SSR12 is 254 - 160+100 = 194

For router SSR13, the import preference is set to 150. The Local_Pref value put out by router SSR12 is 254 - 160+100 = 204.

ip-router policy create bgp-import-source as900 autonomous-system 64900

preference 150

Notes on Using the Local_Pref Attribute

Chapter 6: BGP Configuration Guide

• All routers in the same network that are running GateD and participating in IBGP should use the setpref metric, and the setpref metric should be set to the same value.

For example, in Figure 7, routers SSR12, SSR13, and SSR14 have the following line in their CLI configuration files:

bgp set peer-group as901 set-pref 100

• The value of the setpref metric should be consistent with the import policy in the network.

The metric value should be set high enough to avoid conflicts between BGP routes and IGP or static routes. For example, if the import policy sets GateD preferences ranging from 170 to 200, a setpref metric of 170 would make sense. You should set the metric high enough to avoid conflicts between BGP routes and IGP or static routes.

Multi-Exit Discriminator Attribute Example

Multi-Exit Discriminator (MED) is a BGP attribute that affects the route selection process. MED is used on external links to discriminate among multiple exit or entry points to the same neighboring AS. All other factors being equal, the exit or entry point with a lower metric should be preferred. If received over external links, the MED attribute may be propagated over internal links to other BGP speakers within the same AS. The MED attribute is never propagated to other BGP speakers in neighboring autonomous systems.

Figure 8 shows a sample BGP configuration where the MED attribute has been used.

SmartSwitch Router User Reference Manual 99

Chapter 6: BGP Configuration Guide

SSR4

172.16.200.4/24

172.16.200.6/24

SSR6

10.200.12.4/24

10.200.12.6/24

AS 64752

Legend:

Physical Link

Peering Relationship

Information Flow

10.200.12.0/24

10.200.12.15/24

AS 64751

Figure 8. Sample BGP Configuration (MED Attribute)

Routers SSR4 and SSR6 inform router C1 about network 172.16.200.0/24 through External BGP (EBGP). Router SSR6 announced the route with a MED of 10, whereas router SSR4 announces the route with a MED of 20. Of the two EBGP routes, router C1 chooses the one with a smaller MED. Thus router C1 prefers the route from router SSR6, which has a MED of 10.

Router SSR4 has the following CLI configuration:

bgp create peer-group pg752to751 type external autonomous-system 64751 bgp add peer-host 10.200.12.15 group pg752to751 # # Set the MED to be announced to peer group pg752to751 # bgp set peer-group pg752to751 metric-out 20

Router SSR6 has the following CLI configuration:

bgp create peer-group pg752to751 type external autonomous-system 64751 bgp add peer-host 10.200.12.15 group pg752to751 bgp set peer-group pg752to751 metric-out 10

100 SmartSwitch Router User Reference Manual

Cabletron Systems 9032578-02 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

About This Manual

Who Should Read This Manual?

Preface

How to Use This Manual

Related Documentation

Supported Media (Encapsulation Type)

Supported Routing Protocols

Configuring the Cabletron SmartSwitch Router

Understanding the Command Line Interface

Basic Line Editing Commands

Access Modes

User Mode

Enable Mode

Configure Mode

Boot PROM Mode

Disabling a Function or Feature

Loading System Images and Configuration Files

Boot and System Image

Configuration Files

Loading System Image Software

Loading Boot PROM Software

Activate the Configuration Commands in the Scratchpad

Copy the Configuration to the Startup Configuration File

Managing the SSR

Set SSR Name

Set SSR Date and Time

Configure NTP

Configure the SSR CLI

Configure SNMP Services

Configure DNS

Monitoring Configuration

Bridging Overview

Spanning Tree (IEEE 802.1d)

Bridging Modes (Flow-Based and Address-Based)

VLAN Overview

Port-based VLANs

MAC-address-based VLANs

Protocol-based VLANs

Subnet-based VLANs

Multicast-based VLANs

Policy-based VLANs

SSR VLAN Support

VLANs and the SSR

Ports, VLANs, and L3 Interfaces

Access Ports and Trunk Ports (802.1Q support)

Explicit and Implicit VLANs

Configuring SSR Bridging Functions

Configure Address-based or Flow-based Bridging

Configuring Spanning Tree

Adjust Spanning-Tree Parameters

Set the Bridge Priority

Set a Port Priority

Assign Port Costs

Adjust Bridge Protocol Data Unit (BPDU) Intervals

Configuring a Port or Protocol based VLAN

Create a Port or Protocol Based VLAN

Adding Ports to a VLAN

Configuring VLAN Trunk Ports

Configure Bridging for Non-IP/IPX Protocols

Configure Layer-2 Filters

Monitor Bridging

Configuration Examples

Creating an IP or IPX VLAN

IP Routing Overview

IP Routing Protocols

Unicast Routing Protocols

Multicast Routing Protocols

Configuring IP Interfaces and Parameters

Configure IP Addresses to Ports

Configure IP Interfaces for a VLAN

Specify Ethernet Encapsulation Method

Configure Address Resolution Protocol

Configure ARP Cache Entries

Configure Proxy ARP

Configure DNS Parameters