Cabletron Systems IA1100, IA1200 User's Reference Manual

Download

Page 1

Internet Appliance

User Reference Manual

9033371

Page 2

Changes

Cabletron Systems, Inc., reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems, Inc., to determine whether any such changes have been made.

The hardware, firmware, or software described in this manual is subject to change without notice.

Disclaimer

IN NO EVENT SHALL CABLETRON SYSTEMS BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT, EVEN IF CABLETRON SYSTEMS HAS BEEN ADVISED OF, KNOWN, OR SHOULD HAVE KNOWN, THE POSSIBILITY OF SUCH DAMAGES.

35 Industrial Way Rochester, NH 03867-5005

Printed in the United States of America

Trademarks

AppleTalk is a registered trademark of Apple Computer, Inc. Cabletron Systems is a registered trademark and Cabletron, SmartSwitch, and GIGAswitch are

trademarks of Cabletron Systems, Inc. Catalyst and EtherChannel are registered trademarks of Cisco Systems, Inc. DEC is a registered trademark and Decnet is a trademark of Digital Equipment Corporation. All other product names mentioned in this manual may be trademarks or registered trademarks of

their respective companies.

Page 3

Regulatory Compliance Information

This product complies with the following:

Safety

UL 1950; CSA C22.2, No. 950; 73/23/EEC; EN 60950; IEC 950

Electromagnetic

FCC Part 15; CSA C108.8; 89/336/EEC; EN 55022; EN 61000-3-2

Compatibility (EMC)

EN 61000-3-3; EN 50082-1, AS/NZS 3548; VCCI V-3

Regulatory Compliance Statements

Regulatory Compliance Information

FCC Compliance Statement

This device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.

NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment uses, generates, and can radiate radio frequency energy and if not installed in accordance with the operator’s manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause interference in which case the user will be required to correct the interference at his own expense.

WA R NI N G : Changes or modifications made to this device that are not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.

Industry Canada Compliance Statement

This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications.

Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la class A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le ministère des Communications du Canada.

Internet Appliance User Reference Manual iii

Page 4

Regulatory Compliance Statements

NOTICE: The Industry Canada label identifies certified equipment. This certification means that the equipment meets telecommunications network protective, operational, and safety requirements as prescribed in the appropriate Terminal Equipment Technical Requirements document(s). The department does not guarantee the equipment will operate to the user’s satisfaction.

Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company. The equipment must also be installed using an acceptable method of connection. The customer should be aware that compliance with the above conditions may not prevent degradation of service in some situations.

Repairs to certified equipment should be coordinated by a representative designated by the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may give the telecommunications company cause to request the user to disconnect the equipment.

Users should ensure for their own protection that the electrical ground connections of the power utility, telephone lines, and internal metallic water pipe system, if present, are connected together. This precaution may be particularly important in rural areas. CAUTION: Users should not attempt to make such connections themselves, but should contact the appropriate electric inspection authority, or electrician, as appropriate.

NOTICE: The Ringer Equivalence Number (REN) assigned to each terminal device provides an indication of the maximum number of terminals allowed to be connected to a telephone interface. The termination on an interface may consist of any combination of devices subject only to the requirement that the sum of the Ringer Equivalence Numbers of all the devices does not exceed 5.

VCCI Compliance Statement

This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions.

iv Internet Appliance User Reference Manual

Page 5

Safety Information: Class 1 Laser Transceivers

This product may use Class 1 laser transceivers. Read the following safety information before installing or operating this product.

The Class 1 laser transceivers use an optical feedback loop to maintain Class 1 operation limits. This control loop eliminates the need for maintenance checks or adjustments. The output is factory set and does not allow any user adjustment. Class 1 laser transceivers comply with the following safety standards:

• 21 CFR 1040.10 and 1040.11, U.S. Department of Health and Human Services (FDA)

• IEC Publication 825 (International Electrotechnical Commission)

• CENELEC EN 60825 (European Committee for Electrotechnical Standardization)

When operating within their performance limitations, laser transceiver output meets the Class 1 accessible emission limit of all three standards. Class 1 levels of laser radiation are not considered hazardous.

Laser Radiation and Connectors

When the connector is in place, all laser radiation remains within the fiber. The maximum amount of radiant power exiting the fiber (under normal conditions) is –12.6 dBm or 55 x 10

Removing the optical connector from the transceiver allows laser radiation to emit directly from the optical port. The maximum radiance from the optical port (under worst case conditions) is 0.8 W cm or 8 x 10

Do not use optical instruments to view the laser output. The use of optical instruments to view laser output increases eye hazard. When viewing the output optical port, power must be removed from the network adapter.

W m2 sr–1.

-6

watts.

-2

Internet Appliance User Reference Manual v

Page 6

Cabletron Systems, Inc. Program License Agreement

Cabletron Systems, Inc.

Program License Agreement

IMPORTANT: THIS LICENSE APPLIES FOR USE OF PRODUCT IN THE FOLLOWING GEOGRAPHICAL REGIONS:

CANADA MEXICO CENTRAL AMERICA SOUTH AMERICA

BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT.

This document is an agreement (“Agreement”) between You, the end user, and Cabletron Systems, Inc. (“Cabletron”) that sets forth your rights and obligations with respect to the Cabletron software program (“Program”) in the package. The Program may be contained in firmware, chips or other media. UTILIZING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WARRANTY AND DISCLAIMER OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, RETURN THE UNOPENED PRODUCT TO CABLETRON OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND.

IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT CABLETRON SYSTEMS (603) 332-9400. Attn: Legal Department.

1. LICENSE. You have the right to use only the one (1) copy of the Program provided in this package subject to the terms and conditions of this License Agreement.

You may not copy, reproduce or transmit any part of the Program except as permitted by the Copyright Act of the United States or as authorized in writing by Cabletron.

2. OTHER RESTRICTIONS. You may not reverse engineer, decompile, or disassemble the Program.

3. APPLICABLE LAW. This License Agreement shall be interpreted and governed under the laws and in the state and federal courts of New Hampshire. You accept the personal jurisdiction and venue of the New Hampshire courts.

4. EXPORT REQUIREMENTS. You understand that Cabletron and its Affiliates are subject to regulation by agencies of the U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products to certain countries, unless a license to export the product is obtained from the U.S. Government or an exception from obtaining such license may be relied upon by the exporting party.

If the Program is exported from the United States pursuant to the License Exception CIV under the U.S. Export Administration Regulations, You agree that You are a civil end user of the Program and agree that You will use the Program for civil end uses only and not for military purposes.

If the Program is exported from the United States pursuant to the License Exception TSR under the U.S. Export Administration Regulations, in addition to the restriction on transfer set forth in

vi Internet Appliance User Reference Manual

Page 7

Cabletron Systems, Inc. Program License Agreement

Sections 1 or 2 of this Agreement, You agree not to (i) reexport or release the Program, the source code for the Program or technology to a national of a country in Country Groups D:1 or E:2 (Albania, Armenia, Azerbaijan, Belarus, Bulgaria, Cambodia, Cuba, Estonia, Georgia, Iraq, Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya, Lithuania, Moldova, North Korea, the People’s Republic of China, Romania, Russia, Rwanda, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a complete plant o r any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a major component thereof, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List.

5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Product (i) was

developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227-19 (a) through (d) of the Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Cabletron and/or its suppliers. For Department of Defense units, the Product is considered commercial computer software in accordance with DFARS section 227.7202-3 and its successors, and use, duplication, or disclosure by the Government is subject to restrictions set forth herein.

6. EXCLUSION OF WARRANTY. Except as may be specifically provided by Cabletron in writing,

Cabletron makes no warranty, expressed or implied, concerning the Program (including its documentation and media).

CABLETRON DISCLAIMS ALL WARRANTIES, OTHER THAN THOSE SUPPLIED TO YOU BY CABLETRON IN WRITING, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE PROGRAM, THE ACCOMPANYING WRITTEN MATERIALS, AND ANY ACCOMPANYING HARDWARE.

7. NO LIABILITY FOR CONSEQUENTIAL DAMAGES. IN NO EVENT SHALL CABLETRON OR

ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THIS CABLETRON PRODUCT, EVEN IF CABLETRON HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, OR IN THE DURATION OR LIMITATION OF IMPLIED WARRANTIES IN SOME INSTANCES, THE ABOVE LIMITATION AND EXCLUSIONS MAY NOT APPLY TO YOU.

Internet Appliance User Reference Manual vii

Page 8

Cabletron Systems Sales and Service, Inc. Program License Agreement

Cabletron Systems Sales and Service, Inc.

Program License Agreement

IMPORTANT: THIS LICENSE APPLIES FOR USE OF PRODUCT IN THE UNITED STATES OF AMERICA AND BY UNITED STATES OF AMERICA GOVERNMENT END USERS.

BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT.

This document is an agreement (“Agreement”) between You, the end user, and Cabletron Systems Sales and Service, Inc. (“Cabletron”) that sets forth your rights and obligations with respect to the Cabletron software program (“Program”) in the package. The Program may be contained in firmware, chips or other media. UTILIZING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WARRANTY AND DISCLAIMER OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, RETURN THE UNOPENED PRODUCT TO CABLETRON OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND.

IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT CABLETRON SYSTEMS (603) 332-9400. Attn: Legal Department.

1. LICENSE. You have the right to use only the one (1) copy of the Program provided in this package subject to the terms and conditions of this License Agreement.

You may not copy, reproduce or transmit any part of the Program except as permitted by the Copyright Act of the United States or as authorized in writing by Cabletron.

2. OTHER RESTRICTIONS. You may not reverse engineer, decompile, or disassemble the Program.

viii Internet Appliance User Reference Manual

Page 9

Cabletron Systems Sales and Service, Inc. Program License Agreement

Republic of China, Romania, Russia, Rwanda, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a complete plant o r any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a major component thereof, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List.

5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Product (i) was

6. EXCLUSION OF WARRANTY. Except as may be specifically provided by Cabletron in writing,

Cabletron makes no warranty, expressed or implied, concerning the Program (including its documentation and media).

7. NO LIABILITY FOR CONSEQUENTIAL DAMAGES. IN NO EVENT SHALL CABLETRON

OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THIS CABLETRON PRODUCT, EVEN IF CABLETRON HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, OR IN THE DURATION OR LIMITATION OF IMPLIED WARRANTIES IN SOME INSTANCES, THE ABOVE LIMITATION AND EXCLUSIONS MAY NOT APPLY TO YOU.

Internet Appliance User Reference Manual ix

Page 10

Cabletron Systems Limited Program License Agreement

Cabletron Systems Limited

Program License Agreement

IMPORTANT: THIS LICENSE APPLIES FOR THE USE OF THE PRODUCT IN THE FOLLOWING GEOGRAPHICAL REGIONS:

EUROPE MIDDLE EAST AFRICA ASIA AUSTRALIA PACIFIC RIM

BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT.

This document is an agreement (“Agreement”) between You, the end user, and Cabletron Systems Limited (“Cabletron”) that sets forth your rights and obligations with respect to the Cabletron software program (“Program”) in the package. The Program may be contained in firmware, chips or other media. UTILIZING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WARRANTY AND DISCLAIMER OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, RETURN THE UNOPENED PRODUCT TO CABLETRON OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND.

IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT CABLETRON SYSTEMS (603) 332-9400. Attn: Legal Department.

1. LICENSE. You have the right to use only the one (1) copy of the Program provided in this package subject to the terms and conditions of this License Agreement.

You may not copy, reproduce or transmit any part of the Program except as permitted by the Copyright Act of the United States or as authorized in writing by Cabletron.

2. OTHER RESTRICTIONS. You may not reverse engineer, decompile, or disassemble the Program.

3. APPLICABLE LAW. This License Agreement shall be governed in accordance with English law. The English courts shall have exclusive jurisdiction in the event of any disputes.

x Internet Appliance User Reference Manual

Page 11

Cabletron Systems Limited Program License Agreement

If the Program is exported from the United States pursuant to the License Exception TSR under the U.S. Export Administration Regulations, in addition to the restriction on transfer set forth in Sections 1 or 2 of this Agreement, You agree not to (i) reexport or release the Program, the source code for the Program or technology to a national of a country in Country Groups D:1 or E:2 (Albania, Armenia, Azerbaijan, Belarus, Bulgaria, Cambodia, Cuba, Estonia, Georgia, Iraq, Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya, Lithuania, Moldova, North Korea, the People’s Republic of China, Romania, Russia, Rwanda, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a complete plant o r any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a major component thereof, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List.

5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Product (i) was

6. EXCLUSION OF WARRANTY. Except as may be specifically provided by Cabletron in writing,

Cabletron makes no warranty, expressed or implied, concerning the Program (including its documentation and media).

7. NO LIABILITY FOR CONSEQUENTIAL DAMAGES. IN NO EVENT SHALL CABLETRON OR

Internet Appliance User Reference Manual xi

Page 12

Declaration of Conformity Addendum

Declaration of Conformity

Addendum

Application of Council Directive(s) 89/336/EEC

73/23/EEC

Manufacturer’s Name Cabletron Systems, Inc. Manufacturer’s Address 35 Industrial Way

PO Box 5005 Rochester, NH 03867

European Representative’s Name Mr. J. Solari European Representative’s Address Cabletron Systems Limited

Nexus House, Newbury Business Park London Road, Newbury Berkshire RG13 2PZ, England

Conformance to Directive(s)/Product Standards

Equipment Type/Environment Networking equipment for use in a commercial

We the undersigned, hereby declare, under our sole responsibility, that the equipment packaged with this notice conforms to the above directives.

Manufacturer Legal Representative in Europe

Mr. Ronald Fotino Full Name

Principal Compliance Engineer Title

Rochester, NH, USA Location

EC Directive 89/336/EEC EC Directive 73/23/EEC EN 55022 EN 50082-1 EN 60950

or light-industrial environment

Mr. J. Solari Full Name

Managing Director, E.M.E.A. Title

Newbury, Berkshire, England Location

xii Internet Appliance User Reference Manual

Page 13

Contents

Preface.................................................................................................. xxiii

About This Manual............................................................................................................xx iii

Who Should Read This Manual? .....................................................................................xxiii

Related Documentation.....................................................................................................xxiii

Chapter 1: Introduction.......................................................................... 25

Reviewing Configuration Files ............................................................................................25

Using the Command Line Interface ....................................................................................26

Command Modes............................................................................................................26

User Mode.................................................................................................................26

Enable Mode.............................................................................................................27

Configure Mode.......................................................................................................27

Boot PROM Mode....................................................................................................27

Getting Help with CLI Commands..............................................................................28

Line Editing Commands................................................................................................29

Displaying and Changing Configuration Information.....................................................31

Identifying Ports on the IA-1100 and IA-1200 ...................................................................33

Chapter 2: Bridging Configuration Guide............................................. 35

Bridging Overview.................................................................................................................35

Spanning Tree (IEEE 802.1d).........................................................................................35

Bridging Modes (Flow-Based and Address-Based)...................................................36

VLAN Overview ....................................................................................................................36

Port-Based VLANs..........................................................................................................37

MAC Address-Based VLANs........................................................................................37

Protocol-Based VLANs ..................................................................................................37

Subnet-Based VLANs.....................................................................................................38

Policy-Based VLANs ......................................................................................................38

IA VLAN Support..................................................................................................................38

VLANs and the IA ..........................................................................................................38

Ports, VLANs, and Layer-3 Interfaces .........................................................................39

Access Ports and Trunk Ports (802.1Q Support)........................................................39

Explicit and Implicit VLANs.........................................................................................40

Internet Appliance User Reference Manual xiii

Page 14

Contents

Configuring IA Bridging Functions.................................................................................... 40

Configuring Address-Based or Flow-Based Bridging.............................................. 40

Configuring Spanning Tree.......................................................................................... 42

Adjusting Spanning-Tree Parameters......................................................................... 42

Setting the Bridge Priority ..................................................................................... 43

Setting a Port Priority............................................................................................. 43

Assigning Port Costs .............................................................................................. 43

Adjusting Bridge Protocol Data Unit (BPDU) Intervals.................................... 44

Adjusting the Interval between Hello Times............................................... 44

Defining the Forward Delay Interval............................................................ 44

Defining the Maximum Age .......................................................................... 45

Configuring a Port- or Protocol-Based VLAN........................................................... 45

Creating a Port- or Protocol-Based VLAN .......................................................... 45

Adding Ports to a VLAN ....................................................................................... 45

Configuring VLAN Trunk Ports.................................................................................. 46

Configuring VLANs for Bridging................................................................................ 46

Monitoring Bridging.............................................................................................................46

Configuration Examples....................................................................................................... 47

Creating an IP VLAN .................................................................................................... 47

Creating a Non-IP VLAN.............................................................................................. 47

Chapter 3: SmartTRUNK Configuration Guide......................................49

Overview ................................................................................................................................ 49

Configuring SmartTRUNKs ................................................................................................ 50

Creating a SmartTRUNK .............................................................................................. 50

Add Physical Ports to the SmartTRUNK.................................................................... 51

Specify Traffic Distribution Policy (Optional) ........................................................... 51

Monitoring SmartTRUNKs.................................................................................................. 52

Example Configurations....................................................................................................... 53

Chapter 4: IP Routing Configuration Guide .......................................... 55

IP Routing Overview ............................................................................................................ 55

IP Routing Protocols...................................................................................................... 56

Configuring IP Interfaces and Parameters ........................................................................ 56

Configuring IP Addresses to Ports.............................................................................. 56

Configuring IP Interfaces for a VLAN........................................................................ 57

Specifying Ethernet Encapsulation Method............................................................... 57

Configuring Address Resolution Protocol (ARP) ..................................................... 57

Configuring ARP Cache Entries ........................................................................... 58

Configuring Proxy ARP......................................................................................... 58

Configuring DNS Parameters ...................................................................................... 58

Configuring IP Services (ICMP)................................................................................... 59

Configuring IP Helper................................................................................................... 59

Configuring Direct Broadcast....................................................................................... 60

Configuring Denial of Service (DOS).......................................................................... 60

Monitoring IP Parameters............................................................................................. 61

Configuration Examples....................................................................................................... 61

Assigning IP Interfaces.................................................................................................. 61

xiv Internet Appliance User Reference Manual

Page 15

Contents

Chapter 5: VRRP Configuration Guide................................................... 63

VRRP Overview .....................................................................................................................63

Configuring VRRP .................................................................................................................64

Basic VRRP Configuration.............................................................................................64

Configuration of Router R1....................................................................................65

Configuration for Router R2 ..................................................................................65

Symmetrical Configuration...........................................................................................65

Configuration of Router R1....................................................................................67

Configuration of Router R2....................................................................................67

Multi-Backup Configuration.........................................................................................68

Configuration of Router R1....................................................................................69

Configuration of Router R2....................................................................................70

Configuration of Router R3....................................................................................71

Additional Configuration..............................................................................................72

Setting the Backup Priority ....................................................................................72

Setting the Advertisement Interval.......................................................................72

Setting Pre-empt Mode...........................................................................................73

Setting an Authentication Key...............................................................................73

Monitoring VRRP...................................................................................................................74

ip-redundancy trace........................................................................................................74

ip-redundancy show.......................................................................................................74

VRRP Configuration Notes...................................................................................................75

Chapter 6: RIP Configuration Guide ...................................................... 77

RIP Overview..........................................................................................................................77

Configuring RIP .....................................................................................................................78

Enabling and Disabling RIP ..........................................................................................78

Configuring RIP Interfaces............................................................................................78

Configuring RIP Parameters .........................................................................................79

Configuring RIP Route Preference...............................................................................80

Configuring RIP Route Default-Metric........................................................................80

Monitoring RIP.......................................................................................................................81

Configuration Example.........................................................................................................82

Chapter 7: OSPF Configuration Guide................................................... 83

OSPF Overview ......................................................................................................................83

OSPF Multipath...............................................................................................................84

Configuring OSPF..................................................................................................................84

Enabling OSPF.................................................................................................................8 4

Configuring OSPF Interface Parameters .....................................................................85

Configuring an OSPF Area............................................................................................86

Configuring OSPF Area Parameters ............................................................................87

Creating Virtual Links....................................................................................................88

Configuring Autonomous System External (ASE) Link Advertisements..............88

Configuring OSPF over Non-Broadcast Multiple Access.........................................89

Monitoring OSPF....................................................................................................................89

OSPF Configuration Examples.............................................................................................90

Exporting All Interface and Static Routes to OSPF....................................................91

Exporting All RIP, Interface, and Static Routes to OSPF ..........................................92

Internet Appliance User Reference Manual xv

Page 16

Contents

Chapter 8: BGP Configuration Guide.....................................................97

BGP Overview ....................................................................................................................... 97

The Internet Appliance (IA) BGP Implementation................................................... 98

Basic BGP Tasks..................................................................................................................... 98

Setting the Autonomous System Number.................................................................. 99

Setting the Router ID ..................................................................................................... 99

Configuring a BGP Peer Group.................................................................................. 100

Adding and Removing a BGP Peer........................................................................... 101

Starting BGP.................................................................................................................. 1 01

Using AS-Path Regular Expressions ......................................................................... 102

AS-Path Regular Expression Examples............................................................. 103

Using the AS Path Prepend Feature.......................................................................... 104

Notes on Using the AS Path Prepend Feature.................................................. 104

BGP Configuration Examples............................................................................................ 105

BGP Peering Session Example.................................................................................... 105

IBGP Configuration Example..................................................................................... 107

IBGP Routing Group Example............................................................................ 108

IBGP Internal Group Example............................................................................ 111

EBGP Multihop Configuration Example.................................................................. 114

Community Attribute Example ................................................................................. 117

Notes on Using Communities............................................................................. 124

Local_Pref Attribute Example.................................................................................... 124

Notes on Using the Local_Pref Attribute .......................................................... 126

Multi-Exit Discriminator Attribute Example ........................................................... 126

EBGP Aggregation Example....................................................................................... 128

Route Reflection Example........................................................................................... 129

Notes on Using Route Reflection........................................................................ 132

Chapter 9: Routing Policy Configuration Guide..................................133

Route Import and Export Policy Overview..................................................................... 133

Preference......................................................................................................................134

Import Policies.............................................................................................................. 135

Import-Source........................................................................................................ 135

Route-Filter ............................................................................................................ 136

Export Policies .............................................................................................................. 136

Export-Destination................................................................................................ 136

Export-Source ........................................................................................................ 137

Route-Filter ............................................................................................................ 137

Specifying a Route Filter ............................................................................................. 138

Aggregates and Generates.......................................................................................... 139

Aggregate-Destination ......................................................................................... 139

Aggregate-Source.................................................................................................. 139

Route-Filter ............................................................................................................ 140

Authentication.............................................................................................................. 140

Authentication Methods...................................................................................... 141

Authentication Keys and Key Management..................................................... 141

xvi Internet Appliance User Reference Manual

Page 17

Contents

Configuring Simple Routing Policies................................................................................142

Redistributing Static Routes........................................................................................142

Redistributing Directly Attached Networks.............................................................143

Redistributing RIP into RIP.........................................................................................143

Redistributing RIP into OSPF......................................................................................143

Redistributing OSPF to RIP .........................................................................................144

Redistributing Aggregate Routes ...............................................................................144

Simple Route Redistribution Examples.....................................................................144

Example 1: Redistribution into RIP.....................................................................144

Exporting a Given Static Route to All RIP Interfaces................................146

Exporting All Static Routes to All RIP Interfaces.......................................146

Exporting All Static Routes Except the Default Route to All RIP

Interfaces...................................................................................................146

Example 2: Redistribution into OSPF .................................................................146

Exporting All Interface & Static Routes to OSPF.......................................147

Exporting All RIP, Interface & Static Routes to OSPF...............................148

Configuring Advanced Routing Policies..........................................................................148

Export Policies...............................................................................................................149

Creating an Export Destination ..................................................................................150

Creating an Export Source...........................................................................................150

Import Policies...............................................................................................................150

Creating an Import Source ..........................................................................................151

Creating a Route Filter .................................................................................................151

Creating an Aggregate Route......................................................................................152

Creating an Aggregate Destination............................................................................153

Creating an Aggregate Source ....................................................................................153

Examples of Import Policies........................................................................................153

Example 1: Importing from RIP...........................................................................153

Importing a Selected Subset of Routes from One RIP Trusted

Gateway....................................................................................................155

Importing a Selected Subset of Routes from All RIP Peers

Accessible Over a Certain Interface......................................................156

Example 2: Importing from OSPF.......................................................................157

Importing a Selected Subset of OSPF-ASE Routes....................................159

Examples of Export Policies ........................................................................................160

Example 1: Exporting to RIP................................................................................160

Exporting a Given Static Route to All RIP Interfaces................................161

Exporting a Given Static Route to a Specific RIP Interface ......................162

Exporting All Static Routes Reachable Over a Given Interface to a

Specific RIP-Interface..............................................................................163

Exporting Aggregate-Routes into RIP.........................................................164

Example 2: Exporting to OSPF.............................................................................165

Exporting All Interface & Static Routes to OSPF.......................................166

Exporting All RIP, Interface & Static Routes to OSPF...............................167

Internet Appliance User Reference Manual xvii

Page 18

Contents

Chapter 10: IP Policy-Based Forwarding Configuration Guide .......... 171

Overview .............................................................................................................................. 171

Configuring IP Policies....................................................................................................... 172

Defining an ACL Profile.............................................................................................. 172

Associating the Profile with an IP Policy.................................................................. 173

Creating Multi-statement IP Policies ................................................................. 173

Setting Load Distribution for Next-Hop Gateways......................................... 174

Setting the IP Policy Action................................................................................. 174

Checking the Availability of Next-Hop Gateways .......................................... 175

Applying an IP Policy to an Interface ....................................................................... 176

Applying an IP Policy to Locally Generated Packets ...................................... 176

IP Policy Configuration Examples.................................................................................... 176

Routing Traffic to Different ISPs................................................................................ 176

Prioritizing Service to Customers.............................................................................. 178

Authenticating Users through a Firewall................................................................. 179

Firewall Load Balancing.............................................................................................. 180

Monitoring IP Policies ........................................................................................................ 181

Chapter 11: Network Address Translation Configuration Guide ......185

Overview .............................................................................................................................. 185

Configuring NAT ................................................................................................................ 186

Setting Inside and Outside Interfaces ....................................................................... 186

Setting NAT Rules........................................................................................................ 187

Static........................................................................................................................ 187

Dynamic ................................................................................................................. 187

Managing Dynamic Bindings............................................................................................ 187

NAT and FTP....................................................................................................................... 188

Monitoring NAT..................................................................................................................188

Configuration Examples..................................................................................................... 189

Static Configuration..................................................................................................... 189

Using Static NAT .................................................................................................. 190

Dynamic Configuration............................................................................................... 190

Using Dynamic NAT............................................................................................ 191

Dynamic NAT with IP Overload (PAT) Configuration ......................................... 192

Using Dynamic NAT with IP Overload ............................................................ 193

Dynamic NAT with Outside Interface Redundancy .............................................. 193

Using Dynamic NAT with Matching Interface Redundancy......................... 194

Chapter 12: Web Hosting Configuration Guide.................................. 195

Overview .............................................................................................................................. 195

Load Balancing .................................................................................................................... 196

Configuring Load Balancing ...................................................................................... 196

Creating the Server Group................................................................................... 196

Adding Servers to the Load Balancing Group.................................................. 197

Optional Group or Server Operating Parameters................................................... 197

Specifying Load Balancing Policy ...................................................................... 197

Specifying a Connection Threshold ................................................................... 198

Verifying Servers and Applications................................................................... 198

Verifying Extended Content................................................................................ 199

xviii Internet Appliance User Reference Manual

Page 19

Contents

Setting Server Status.....................................................................................................200

Load Balancing and FTP..............................................................................................201

Allowing Access to Load Balancing Servers.............................................................201

Setting Timeouts for Load Balancing Mappings......................................................201

Specifying the VPN Port Number..............................................................................202

Displaying Load Balancing Information...................................................................202

Configuration Examples ..............................................................................................203

Web Hosting with One Virtual Group and Multiple Destination Servers....203

Web Hosting with Multiple Virtual Groups and Multiple Destination

Servers..............................................................................................................204

Virtual IP Address Ranges ...................................................................................205

Web Caching.........................................................................................................................206

Configuring Web Caching...........................................................................................207

Creating the Cache Group....................................................................................207

Specifying the Client(s) for the Cache Group (Optional).................................207

Redirecting HTTP Traffic on an Interface..........................................................208

Configuration Example................................................................................................208

Other Configurations ...................................................................................................209

Bypassing Cache Servers ......................................................................................209

Proxy Server Redundancy....................................................................................209

Distributing Frequently-Accessed Sites Across Cache Servers.......................210

Monitoring Web Caching ............................................................................................210

Chapter 13: Access Control List Configuration Guide........................ 211

ACL Basics ............................................................................................................................212

Defining Selection Criteria in ACL Rules..................................................................212

How ACL Rules are Evaluated...................................................................................213

Implicit Deny Rule........................................................................................................214

Allowing External Responses to Established TCP Connections ............................215

Creating and Modifying ACLs...........................................................................................216

Editing ACLs Offline....................................................................................................216

Maintaining ACLs Using the ACL Editor.................................................................217

Using ACLs...........................................................................................................................218

Applying ACLs to Interfaces.......................................................................................218

Applying ACLs to Services .........................................................................................219

Using ACLs as Profiles.................................................................................................219

Using Profile ACLs with the IP Policy Facility .................................................220

Using Profile ACLs with the Traffic Rate Limiting Facility ............................221

Using Profile ACLs with Dynamic NAT............................................................222

Using Profile ACLs with the Port Mirroring Facility .......................................222

Using Profile ACLs with the Web Caching Facility .........................................223

Redirecting HTTP Traffic to Cache Servers................................................223

Preventing Web Objects From Being Cached.............................................224

Enabling ACL Logging........................................................................................................225

Monitoring ACLs .................................................................................................................225

Internet Appliance User Reference Manual xix

Page 20

Contents

Chapter 14: Security Configuration Guide ..........................................227

Security Overview...............................................................................................................227

Configuring IA Access Security ........................................................................................ 228

Configuring RADIUS .................................................................................................. 228

Monitoring RADIUS............................................................................................. 229

Configuring TACACS ................................................................................................. 229

Monitoring TACACS............................................................................................ 229

Configuring TACACS Plus......................................................................................... 230

Monitoring TACACS Plus................................................................................... 231

Configuring Passwords............................................................................................... 231

Chapter 15: QoS Configuration Guide................................................. 233

QoS & Layer-2, -3, and -4 Flow Overview....................................................................... 233

Layer-2, -3, and -4 Flow Specification....................................................................... 234

Precedence for Layer-3 Flows .................................................................................... 234

IA Queuing Policies ..................................................................................................... 235

Traffic Prioritization for Layer-2 Flows............................................................................ 235

Configuring Layer-2 QoS............................................................................................ 236

Traffic Prioritization for Layer-3 and -4 Flows ............................................................... 236

Configuring IP QoS Policies ....................................................................................... 236

Setting an IP QoS Policy....................................................................................... 237

Specifying Precedence for an IP QoS Policy..................................................... 237

Configuring IA Queueing Policy...................................................................................... 237

Allocating Bandwidth for a Weighted-Fair Queuing Policy ................................. 238

ToS Rewrite .......................................................................................................................... 238

Configuring ToS Rewrite for IP Packets................................................................... 239

Monitoring QoS................................................................................................................... 241

Limiting Traffic Rate...........................................................................................................241

Example Configuration............................................................................................... 242

Displaying Rate Limit Information ........................................................................... 242

Chapter 16: Performance Monitoring Guide.......................................243

Performance Monitoring Overview ................................................................................. 243

Configuring the IA for Port Mirroring............................................................................. 245

Monitoring Broadcast Traffic............................................................................................. 245

Chapter 17: RMON Configuration Guide.............................................247

RMON Overview ................................................................................................................ 247

Configuring and Enabling RMON.................................................................................... 248

Example of RMON Configuration Commands....................................................... 248

RMON Groups ............................................................................................................. 249

Lite RMON Groups .............................................................................................. 250

Standard RMON Groups..................................................................................... 250

Professional RMON Groups................................................................................ 250

Control Tables............................................................................................................... 251

Using RMON ....................................................................................................................... 252

xx Internet Appliance User Reference Manual

Page 21

Contents

Configuring RMON Groups...............................................................................................254

Configuration Examples ..............................................................................................256

Displaying RMON Information.........................................................................................257

RMON CLI Filters.........................................................................................................258

Creating RMON CLI Filters .................................................................................259

Using RMON CLI Filters ......................................................................................259

Troubleshooting RMON .....................................................................................................260

Allocating Memory to RMON............................................................................................261

Internet Appliance User Reference Manual xxi

Page 22

Page 23

About This Manual

Preface

This manual provides detailed information and procedures for configuring the software for the Cabletron instructions in the Internet Appliance 1100/1200 Getting Started Guide to install the chassis and perform basic setup tasks. Then return to this manual for more detailed configuration information.

™

Internet Appliance (IA). If you have not yet installed the IA, follow the

Who Should Read This Manual?

Read this manual if you are a network administrator responsible for configuring and monitoring the IA.

Related Documentation

The Internet Appliance documentation set includes the following items. Refer to these documents to learn more about the IA.

For information about… Refer to…

Installing and setting up the IA Internet Appliance 1100/1200 Getting Started

Guide

The complete syntax for all command line interface commands

System messages Internet Appliance Error Reference

Internet Appliance User Reference Manual xxiii

Internet Appliance Command Line Interface Reference

Page 24

Page 25

Introduction

This chapter provides information that you need to know before configuring the Internet Appliance (IA) software. If you have not yet installed the IA, follow the instructions in the Internet Appliance 1100/1200 Getting Started Guide to install the chassis and perform basic setup tasks. Then return to this manual for more detailed configuration information.

Reviewing Configuration Files

The Internet Appliance 1100/1200 Getting Started Guide introduced the following configuration files used by the IA:

• Startup – The configuration file that the IA uses to configure itself when the system is powered on. The Startup configuration remains even when the system is rebooted.

Chapter 1

• Active – The commands from the Startup configuration file and any configuration commands that you have made active from the scratchpad. The active configuration remains in effect until you power down or reboot the system.

• Scratchpad – The configuration commands you have entered during a CLI session. These commands are temporary and do not become active until you explicitly make them part of the active configuration.

Note:

Entering commands and saving configuration files are discussed in more detail in the following section.

Internet Appliance User Reference Manual 25

Because some commands depend on other commands for successful execution, the IA scratchpad simplifies system configuration by allowing you to enter configuration commands in any order, even when dependencies exist. When you activate the commands in the scratchpad, the IA sorts out the dependencies and executes the command in the proper sequence.

Page 26

Chapter 1: Introduction

Using the Command Line Interface

The CLI allows you to enter and execute commands from the IA Console or from Telnet sessions. Up to four simultaneous Telnet sessions are allowed. CLI commands are grouped by subsystems. For example, the set of commands that let you configure and display IP routing table information all start with ip. Within the set of ip commands are commands such as set, show, start, stop, configure, etc. The complete set of commands for each subsystem is described in the Internet Appliance Command Line Interface Reference Manual.

Command Modes

The CLI provides access to four different command modes. Each command mode provides a group of related commands. This section describes how to access and list the commands available in each command mode and explains the primary uses for each command mode.

User Mode

After you log in to the IA, you are automatically in User mode. The User commands available are a subset of those available in Enable mode. In general, the User commands allow you to display basic information and use basic utilities such as ping.

The User mode command prompt consists of the ia name followed by the angle bracket (>), as shown below:

ia>

The default name is ia unless it has been changed during initial configuration. Refer to the Internet Appliance 1100/1200 Getting Started Guide for the procedures for changing the system name.

26 Internet Appliance User Reference Manual

Page 27

Enable Mode

Enable mode provides more facilities than User mode. You can display critical features within Enable mode including router configuration, access control lists, and SNMP statistics. To enter Enable mode from the User mode, enter the command enable (or en), and then supply the password when prompted.

The Enable mode command prompt consists of the ia name followed by the pound sign (#):

ia#

To exit Enable mode and return to User mode, either type exit and press Return or press Ctrl+Z.

Configure Mode

Configure mode provides the capabilities to configure all features and functions on the IA. These include router configuration, access control lists, and spanning tree. To enter Configure mode, enter the command config from Enable mode.

Chapter 1: Introduction

Note: As mentioned previously, up to four Telnet sessions can be run simultaneously on

The Configure mode command prompt consists of the ia name followed by (config) and a pound sign (#):

ia(config)#

To exit Configure mode and return to Enable mode, either type exit and press Return or press Ctrl+Z.

Boot PROM Mode

If your IA does not find a valid system image on the external PCMCIA flash, the system might enter programmable read-only memory (PROM) mode. You should then reboot the IA (enter the command reboot at the boot PROM prompt) to restart the system. If the system fails to reboot successfully, call Cabletron Systems, Inc., Technical Support to resolve the problem.

For information on how to upgrade the boot PROM software and boot using the upgraded image, see the Internet Appliance 1100/1200 Getting Started Guide.

the IA. All four sessions can be in Configure mode at the same time, so you should consider limiting access to the IA to authorized users.

Internet Appliance User Reference Manual 27

Page 28

Chapter 1: Introduction

Getting Help with CLI Commands

Interactive help is available from the CLI by entering the question mark (?) character at any time. The help is context-sensitive; the help provided is based on where in the command you are. For example, if you are at the User mode prompt, enter a question mark (?), as shown in the following example, to list the commands available in User mode:

ia> ? aging - Show L2 and L3 Aging information cli - Modify the command line interface behavior enable - Enable privileged user mode exit - Exit current mode file - File manipulation commands help - Describe online help facility ip-redundancy - Show IP Redundancy information (VRRP) l2-tables - Show L2 Tables information logout - Log off the system multicast - Configure Multicast related parameters ping - Ping utility pvst - Show Per Vlan Spanning Tree Protocol (PVST) parameters statistics - Show or clear IA statistics stp - Show STP status telnet - Telnet utility traceroute - Traceroute utility vlan - Show VLAN-related parameters

You can also type the ? character following a command to see a description of the parameters or options that you can enter. Once the help information is displayed, the command line is redisplayed as before but without the ? character. The following is an example of invoking help while entering a command:

ia(config)# load-balance create ? group-name - Name of this Load Balanced group of servers vip-range-name - Name of this Virtual IP range ia(config)# load-balance create

If you enter enough characters of a command keyword to uniquely identify it and press the space bar, the CLI attempts to complete the command. If you do not enter enough characters or you enter the wrong characters, the CLI cannot complete the command. For example, if you enter the following in Enable mode and press the spacebar as indicated:

ia# system show e[space]

the CLI completes the command as follows:

ia# system show environmental

28 Internet Appliance User Reference Manual

Page 29

Chapter 1: Introduction

If you are entering several commands for the same subsystem, you can enter the subsystem name from the CLI. Then, execute individual commands for the subsystem without typing the subsystem name each time. For example, if you are configuring several entries for the IP routing table, you can simply enter ip at the CLI Configure prompt. The prompt changes to indicate that the context for the commands to be entered has changed to that of the IP subsystem. If you type a ?, only those commands that are valid for the IP subsystem are displayed. The following is an example:

ia(config)# ip ia(config)(ip)# ?

add - Add a static route dos - Configure specific denial of service features disable - Disable certain IP function enable - Enable certain IP function helper-address - Specify IP helper address for an interface l3-hash - Change IP hash variant for channel set - Set ip stack properties Ctrl-z - Exits to previous level top - Exits to the top level ia(config)(ip)# [Ctrl-Z] ia(config)#

Line Editing Commands

The IA provides line editing capabilities that are similar to Emacs, a UNIX text editor. For example, you can use certain line editing keystrokes to move forwards or backwards on a line, delete or transpose characters, and delete portions of a line. To use the line editing commands, you need to have a VT-100 terminal or terminal emulator. The line editing commands that you can use with CLI are detailed in the following table:

Command Resulting Action

Ctrl-a

Ctrl-b

Ctrl-c

Ctrl-d

Ctrl-e

Ctrl-f

Ctrl-g

Ctrl-h

Ctrl-i

Move to beginning of line

Move back one character

Abort current line

Delete character under cursor

Move to end of line

Move forward one character

Abort current line

Delete character just prior to the cursor

Insert one space (tab substitution)

Ctrl-j

Internet Appliance User Reference Manual 29

Carriage return (executes command)

Page 30

Chapter 1: Introduction

Command Resulting Action

Ctrl-k

Ctrl-l

Ctrl-m

Ctrl-n

Ctrl-o

Ctrl-p

Ctrl-q

Ctrl-r

Ctrl-s

Ctrl-t

Ctrl-u

Ctrl-v

Ctrl-w

Ctrl-x

Kill line from cursor to end of line

Refresh current line

Carriage return (executes command)

Next command from history buffer

None

Previous command from history buffer

None

Refresh current line

None

Transpose character under cursor with the character just prior to the cursor

Delete line from the beginning of line to cursor

None

Move forward one word

Ctrl-y

Ctrl-z

ESC-b

ESC-d

ESC-f

ESCBackSpace

SPACE

Paste back what was deleted by the previous Ctrl-k or Ctrl-w command. Text is pasted back at the cursor location.

If inside a subsystem, it exits back to the top level. If in Enable mode, it exits back to User mode. If in Configure mode, it exits back to Enable mode.

Move backward one word

Kill word from cursor’s current location until the first white space

Move forward one word

Delete backwards from cursor to the previous space (essentially a delete-word-backward command)

Attempts to complete command keyword. If word is not expected to be a keyword, the space character is inserted.

Show all commands currently stored in the history buffer.

30 Internet Appliance User Reference Manual

Page 31

Command Resulting Action

Chapter 1: Introduction

“<string>”

Recall a specific history command. # is the number of the history command to be recalled as shown via the !* command.

Opaque strings may be specified using double quotes. This prevents interpretation of otherwise special CLI characters.

Displaying and Changing Configuration Information

The IA provides many commands for displaying and changing configuration information. For example, the CLI allows for the disabling of a command in the active configuration. Use the negate command on a specific line of the active configuration to disable a feature or function that has been enabled. For example, Spanning Tree Protocol is disabled by default. If, after enabling the Spanning Tree Protocol on the IA, you want to disable STP, you must specify the negate command with the line number in the active configuration that contains the stp enable command.

The following table shows some useful commands for configuring the IA:

Task Command

Enable Mode:

Show active configuration of the system. system show active-config

Show the non-activated configuration changes in the scratchpad.

Show the startup configuration for the next reboot. system show startup-config

Copy between scratchpad, active configuration, startup configuration, TFTP server, RCP server, or URL.

Configure Mode:

Show the running system configuration and the non-activated changes in the scratchpad.

Compare activated commands with the startup configuration file.

Erase commands in the scratchpad. erase scratchpad

Erase the startup configuration. erase startup

Negate one or more commands by line number. negate <line number>

Negate commands that match a specified command string.

system show scratchpad

copy <source> to <destination>

show

diff <filename> | startup

no <string>

Internet Appliance User Reference Manual 31

Page 32

Chapter 1: Introduction

Task Command

Save scratchpad to the active configuration. save active

Save the active configuration to startup. save startup

The following figure illustrates the configuration files and the commands you can use to save your configuration:

StartupActiveScratchpad

temporary location; contents lost at reboot

(config)# save active (config)# save startup

Figure 1. Commands to Save Configurations

in effect until reboot

remains through reboot

32 Internet Appliance User Reference Manual

Page 33

Chapter 1: Introduction

Identifying Ports on the IA-1100 and IA-1200

The term port refers to a physical connector installed in the IA-1100 and IA-1200. Each port in the IA is referred to by the type of connector (Ethernet or Gigabit Ethernet) and its location.

Figure 2 shows the names of the ports on the IA-1100; et stands for Ethernet, and gi stands

for Gigabit Ethernet.

et .3 .1–e t.3.8 g i.4 .1 gi.4.2

10/100BASE-TX

10/100BASE-TX 10/100BASE-TX

87654321

87654321 87654321

10/100 MGMT

RST

SYS

ERR DIAG

CONSOLE

HBT

TxRxLink

1000BASE-SX

et .1 .1–e t.1.8 et .2 .1–e t.2.8

Figure 2. Port Names on the IA-1100

Figure 3 shows the names of the ports on the IA-1200; et stands for Ethernet, and gi stands

for Gigabit Ethernet.

gi.3.1 gi.3.2 gi.4.1 gi.4.2

TxRxLink

10/100 MGMT

CONSOLE

ERR DIAG

TxRxLink

HBT

RST

SYS

TxRxLink

gi.1.1 gi.1.2 gi.2.1 gi.2.2

Figure 3. Port Names on the IA-1200

There are a few shortcut notations you can use to refer to a range of port numbers. For example:

• et.(1-3).(1-8) refers to the following ports: et.1.1 through et.1.8, et.2.1 through et.2.8, and et.3.1 through et.3.8.

• et.(1,3).(1-8) refers to the following ports: et.1.1 through et.1.8, and et.3.1 through et.3.8.

• et.(1-3).(1,8) refers to the following ports: et.1.1, et.1.8, et.2.1, et.2.8, et.3.1, et.3.8.

Internet Appliance User Reference Manual 33

Page 34

Page 35

Bridging Overview

The Internet Appliance (IA) provides the following bridging functions:

• Compliance with the IEEE 802.1d standard

Chapter 2

Bridging

Configuration

Guide

• Wire-speed address-based bridging or flow-based bridging

• Ability to logically segment a transparently bridged network into virtual local-area networks (VLANs) based on physical ports or protocol (IP or bridged protocols such as AppleTalk

• Integrated routing and bridging that supports bridging of intra-VLAN traffic and routing of inter-VLAN traffic

Spanning Tree (IEEE 802.1d)

Spanning tree (IEEE 802.1d) allows bridges to dynamically discover a subset of the topology that is loop free. In addition, the loop-free tree that is discovered contains paths to every LAN segment.

Internet Appliance User Reference Manual 35

)

Page 36

Chapter 2: Bridging Configuration Guide

Bridging Modes (Flow-Based and Address-Based)

The IA provides the following types of wire-speed bridging:

Address-based bridging - The IA performs this type of bridging by looking up the destination address in a Layer-2 lookup table on the line card that receives the bridge packet from the network. The Layer-2 lookup table indicates the exit port(s) for the bridged packet. If the packet is addressed to the IA's own MAC address, the packet is routed rather than bridged.

Flow-based bridging - The IA performs this type of bridging by looking up an entry in the Layer-2 lookup table containing both the source and destination addresses of the received packet in order to determine how the packet is to be handled.

The IA ports perform address-based bridging by default, but can be configured to perform flow-based bridging instead, on a per-port basis. A port cannot be configured to perform both types of bridging at the same time.

The IA performance is equivalent when performing flow-based bridging or address-based bridging. However, address-based bridging is more efficient because it requires fewer table entries while flow-based bridging provides tighter management and control over bridged traffic.

VLAN Overview

Virtual LANs (VLANs) are a means of dividing a physical network into several logical (virtual) LANs. The division can be done on the basis of various criteria, giving rise to different types of VLANs. For example, the simplest type of VLAN is the port-based VLAN. Port-based VLANs divide a network into a number of VLANs by assigning a VLAN to each port of a switching device. Then, any traffic received on a given port of a switch belongs to the VLAN associated with that port.

VLANs are primarily used for broadcast containment. A Layer-2 broadcast frame is normally transmitted all over a bridged network. By dividing the network into VLANs, the range of a broadcast is limited, that is, the broadcast frame is transmitted only to the VLAN to which it belongs. This reduces the broadcast traffic on a network by an appreciable factor.

36 Internet Appliance User Reference Manual

Page 37

The type of VLAN depends upon one criterion: how a received frame is classified as belonging to a particular VLAN. VLANs can be categorized into the following types:

• Port-based

• MAC address-based

• Protocol-based

• Subnet-based

• Policy-based

Detailed information about these types of VLANs is beyond the scope of this manual. Each type of VLAN is briefly explained in the following subsections.

Port-Based VLANs

Ports of Layer-2 devices (switches, bridges) are assigned to VLANs. Any traffic received by a port is classified as belonging to the VLAN to which the port belongs. For example, if ports 1, 2, and 3 belong to the VLAN named Marketing, then a broadcast frame received by port 1 is transmitted on ports 2 and 3. It is not transmitted on any other port.

Chapter 2: Bridging Configuration Guide

MAC Address-Based VLANs

In this type of VLAN, each switch (or a central VLAN information server) keeps track of all MAC addresses in a network and maps them to VLANs based on information configured by the network administrator. When a frame is received at a port, its destination MAC address is looked up in the VLAN database. The VLAN database returns the name of the VLAN to which this frame belongs.

This type of VLAN is powerful in the sense that network devices such as printers and workstations can be moved anywhere in the network without the need for network reconfiguration. However, the administration is intensive because all MAC addresses on the network need to be known and configured.

Protocol-Based VLANs

Protocol-based VLANs divide the physical network into logical VLANs based on protocol. When a frame is received at a port, its VLAN is determined by the protocol of the packet. For example, there could be separate VLANs for IP and AppleTalk. An IP broadcast frame will only be sent to all ports in the IP VLAN.

Internet Appliance User Reference Manual 37

Page 38

Chapter 2: Bridging Configuration Guide

Subnet-Based VLANs

Subnet-based VLANs are a subset of protocol-based VLANs and determine the VLAN of a frame based on the subnet to which the frame belongs. To do this, the switch must look into the network layer header of the incoming frame. This type of VLAN behaves similarly to a router by segregating different subnets into different broadcast domains.

Policy-Based VLANs

Policy-based VLANs are the most general definition of VLANs. Each incoming (untagged) frame is looked up in a policy database, which determines the VLAN to which the frame belongs. For example, you could set up a policy that creates a special VLAN for all email traffic between the management officers of a company so that this traffic will not be seen anywhere else.

IA VLAN Support

The IA supports the following VLANs:

•Port-based

•Protocol-based

• Subnet-based

When using the IA as a Layer-2 bridge/switch, use the port-based and protocol-based VLAN types. When using the IA as a combined switch and router, use the subnet-based VLANs in addition to port-based and protocol-based VLANs. It is not necessary to remember the types of VLANs in order to configure the IA, as seen in the section on configuring the IA.

VLANs and the IA

VLANs are an integral part of the IA family of switching routers. The IA switching routers can function as Layer-2 switches as well as fully functional Layer-3 routers. Hence, they can be viewed as a switch and a router in one box. To provide maximum performance and functionality, the Layer-2 and Layer-3 aspects of the IA switching routers are tightly coupled.

The IA can be used purely as a Layer-2 switch. Frames arriving at any port are bridged and not routed. In this case, setting up VLANs and associating ports with VLANs is all that is required. You can set up the IA switching router to use port-based VLANs, protocol-based VLANs, or a mixture of the two types.

38 Internet Appliance User Reference Manual

Page 39

Chapter 2: Bridging Configuration Guide

The IA can also be used purely as a router, that is, each physical port of the IA is a separate routing interface. Packets received at any interface are routed and not bridged. In this case, no VLAN configuration is required. Note that VLANs are still created implicitly by the IA as a result of creating Layer-3 interfaces for IP. However, these implicit VLANs do not need to be created or configured manually. The implicit VLANs created by the IA are subnet-based VLANs.

Most commonly, an IA is used as a combined switch and router. For example, it may be connected to two subnets: S1 and S2. Ports 1 through 8 belong to S1, and ports 9 through 16 belong to S2. The required behavior of the IA is that intra-subnet frames be bridged and inter-subnet packets be routed. In other words, traffic between two workstations that belong to the same subnet should be bridged, and traffic between two workstations that belong to different subnets should be routed.

The IA switching routers use VLANs to achieve this behavior. This means that a Layer-3 subnet (that is, an IP subnet) is mapped to a VLAN. A given subnet maps to exactly one and only one VLAN. With this definition, the terms VLAN and subnet are almost interchangeable.

To configure an IA as a combined switch and router, the administrator must create VLANs whenever multiple ports of the IA are to belong to a particular VLAN/subnet. Then the VLAN must be bound to a Layer-3 (IP) interface so that the IA knows which VLAN maps to which IP subnet.

Ports, VLANs, and Layer-3 Interfaces

The term port refers to a physical connector on the IA, such as an Ethernet port. Each port must belong to at least one VLAN. When the IA is unconfigured, each port belongs to a VLAN called the default VLAN. By creating VLANs and adding ports to the created VLANs, the ports are moved from the default VLAN to the newly created VLANs.

Unlike traditional routers, the IA has the concept of logical interfaces rather than physical interfaces. A Layer-3 interface is a logical entity created by the administrator. It can contain more than one physical port. When a Layer-3 interface contains exactly one physical port, it is equivalent to an interface on a traditional router. When a Layer-3 interface contains several ports, it is equivalent to an interface of a traditional router that is connected to a Layer-2 device such as a switch or bridge.

Access Ports and Trunk Ports (802.1Q Support)

The ports of an IA can be classified into two types, based on VLAN functionality: access ports and trunk ports. By default, a port is an access port. An access port can belong to at

most one VLAN of the following type: IP or bridged protocols. The IA can automatically determine whether or not a received frame is an IP frame. Based on this, it selects a VLAN for the frame. Frames transmitted out of an access port are untagged, meaning that they contain no special information about the VLAN to which they belong. Untagged frames

Internet Appliance User Reference Manual 39

Page 40

Chapter 2: Bridging Configuration Guide

are classified as belonging to a particular VLAN based on the protocol of the frame and the VLAN configured on the receiving port for that protocol.

For example, if port 1 belongs to VLAN IP_VLAN for IP and VLAN OTHER_VLAN for any other protocol, then an IP frame received by port 1 is classified as belonging to VLAN IP_VLAN.

Trunk ports (802.1Q) are usually used to connect one VLAN-aware switch to another. They carry traffic belonging to several VLANs. For example, suppose that IA A and B are both configured with VLANs V1 and V2.

Then a frame arriving at a port on IA A must be sent to IA B if the frame belongs to VLAN V1 or to VLAN V2. Thus, the ports on IA A and B that connect the two IAs must belong to both VLAN V1 and VLAN V2. Also, when these ports receive a frame, they must be able to determine whether the frame belongs to V1 or to V2. This is accomplished by tagging the frames, that is, by prepending information to the frame in order to identify the VLAN to which the frame belongs. In the IA switching routers, trunk ports always transmit and receive tagged frames only. The format of the tag is specified by the IEEE 802.1Q standard. The only exception to this is Spanning Tree Protocol frames, which are transmitted as untagged frames.

Explicit and Implicit VLANs

As mentioned earlier, VLANs can either be created explicitly by the administrator (explicit VLANs) or are created implicitly by the IA when Layer-3 interfaces are created (implicit VLANs).

Configuring IA Bridging Functions

Configuring Address-Based or Flow-Based Bridging

The IA ports perform address-based bridging by default, but can be configured to perform flow-based bridging instead of address-based bridging on a per-port basis. A port cannot be configured to perform both types of bridging at the same time.

The IA performance is equivalent when performing flow-based bridging or address-based bridging. However, address-based bridging is more efficient because it requires fewer table entries, while flow-based bridging provides tighter management and control over bridged traffic.

40 Internet Appliance User Reference Manual

Page 41

Chapter 2: Bridging Configuration Guide

For example, the following illustration shows an IA with traffic being sent from port A to port B, port B to port A, port B to port C, and port A to port C.

ABC

The corresponding bridge tables for address-based and flow-based bridging are shown in the following table. The bridge table contains more information on the traffic patterns when flow-based bridging is enabled compared to address-based bridging.

Address-Based Bridge Table Flow-Based Bridge Table

A (source) A

B (source) B

C (destination) B

→ B → A → C

A → C

With the IA configured in flow-based bridging mode, the network manager has per-flow control of Layer-2 traffic. The network manager can then apply Quality of Service (QoS) policies based on Layer-2 traffic flows.

To enable flow-based bridging on a port, enter the following command in Configure mode.

Configure a port for flow-based

port flow-bridging <port-list>|all-ports

bridging.

To change a port from flow-based bridging to address-based bridging, enter the following command in Configure mode:

Change a port from flow-based bridging to address-based bridging.

negate <line-number of active config containing

command> list>

: port flow-bridging <port-

|all-ports

Internet Appliance User Reference Manual 41

Page 42

Chapter 2: Bridging Configuration Guide

Configuring Spanning Tree

The IA supports per VLAN spanning tree. By default, all the VLANs defined belong to the default spanning tree. You can create a separate instance of spanning tree using the following command:

Create spanning tree for a VLAN.

By default, spanning tree is disabled on the IA. To enable spanning tree on the IA, you perform the following tasks on the ports where you want spanning tree enabled.

Enable spanning tree on one or more ports for default spanning tree.

Enable spanning tree on one or more ports for a particular VLAN.

pvst create spanningtree vlan-name

stp enable port <port-list>

pvst enable port <port-list> spanning-tree

Adjusting Spanning-Tree Parameters

You may need to adjust certain spanning-tree parameters if the default values are not suitable for your bridge configuration. Parameters affecting the entire spanning tree are configured with variations of the bridge global configuration command. Interface-specific parameters are configured with variations of the bridge-group interface configuration command.

You can adjust spanning-tree parameters by performing any of the tasks in the next two sections:

• “Setting the Bridge Priority”

• “Setting a Port Priority”

Note:

42 Internet Appliance User Reference Manual

Only network administrators with a good understanding of how bridges and the Spanning-Tree Protocol work should make adjustments to spanning-tree parameters. Poorly chosen adjustments to these parameters can have a negative impact on performance. A good source on bridging is the IEEE 802.1d specification.

Page 43

Setting the Bridge Priority

You can globally configure the priority of an individual bridge when two bridges tie for position as the root bridge, or you can configure the likelihood that a bridge will be selected as the root bridge. The lower the bridge's priority, the more likely the bridge will be selected as the root bridge. This priority is determined by default; however, you can change it.

To set the bridge priority, enter the following command in Configure mode:

Chapter 2: Bridging Configuration Guide

Set the bridge priority for default spanning tree.

Set the bridge priority for a particular instance of spanning tree.

Setting a Port Priority

You can set a priority for an interface. When two bridges tie for position as the root bridge, you configure an interface priority to break the tie. The bridge with the lowest interface value is elected.

To set an interface priority, enter the following command in Configure mode:

Establish a priority for a specified interface for default spanning tree.

Establish a priority for a specified interface for a particular instance of spanning tree.

Assigning Port Costs

stp set bridging priority <num>

pvst set bridging spanning-tree <string>

priority

stp set port <port-list> priority <num>

pvst set port <port-list> spanning-tree

<num>

<string> priority <num>

Each interface has a port cost associated with it. By convention, the port cost is 1000/data rate of the attached LAN, in Mbps. You can set different port costs.

To assign port costs, enter the following command in Configure mode:

Set a different port cost other than the defaults for default spanning tree.

Set a different port cost other than the defaults for a particular instance of spanning tree.

Internet Appliance User Reference Manual 43

stp set port <port-list> port-cost <num>

pvst set port <port-list> spanning-tree

Page 44

Chapter 2: Bridging Configuration Guide

Adjusting Bridge Protocol Data Unit (BPDU) Intervals

You can adjust BPDU intervals as described in the next three sections:

• “Adjusting the Interval between Hello Times”

• “Defining the Forward Delay Interval”

• “Defining the Maximum Age”

Adjusting the Interval between Hello Times

You can specify the interval between hello time.

To adjust this interval, enter the following command in Configure mode:

Specify the interval between hello

stp set bridging hello-time <num>

time for default spanning tree.

Specify the interval between hello time for a particular instance of

pvst set bridging spanning-tree <string>

hello-time

<num>

spanning tree.

Defining the Forward Delay Interval

The forward delay interval is the amount of time spent listening for topology change information after an interface has been activated for bridging and before forwarding actually begins.

To change the default interval setting, enter the following command in Configure mode:

Set the default of the forward delay

stp set bridging forward-delay <num>

interval for default spanning tree.

Set the default of the forward delay interval for a particular instance of

pvst set bridging spanning-tree <string>

forward-delay

<num>

spanning tree.

44 Internet Appliance User Reference Manual

Page 45

Chapter 2: Bridging Configuration Guide

Defining the Maximum Age

If a bridge does not hear BPDUs from the root bridge within a specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.

To change the default interval setting, enter the following command in Configure mode:

Change the amount of time a bridge will

stp set bridging max-age <num>

wait to hear BPDUs from the root bridge for default spanning tree.

Change the amount of time a bridge will wait to hear BPDUs from the root bridge

pvst set bridging spanning-tree

for a particular instance of spanning tree.

Configuring a Port- or Protocol-Based VLAN

To create a port- or protocol-based VLAN, perform the following steps in the Configure mode:

1. Create a port or protocol based VLAN.

2. Add physical ports to a VLAN.

Creating a Port- or Protocol-Based VLAN

To create a VLAN, enter the following command in Configure mode:

Create a VLAN.

vlan create <vlan-name> <type> id <num>

Adding Ports to a VLAN

To add ports to a VLAN, enter the following command in Configure mode.

Add ports to a VLAN.

Internet Appliance User Reference Manual 45

vlan add ports <port-list> to <vlan-name>

Page 46

Chapter 2: Bridging Configuration Guide

Configuring VLAN Trunk Ports

The IA supports standards-based VLAN trunking between multiple IAs as defined by IEEE 802.1Q. 802.1Q adds a header to a standard Ethernet frame that includes a unique VLAN ID per trunk between two IAs. These VLAN IDs extend the VLAN broadcast domain to more than one IA.

To configure a VLAN trunk, enter the following command in the Configure mode.:

Configure 802.1Q VLAN trunks.

Configuring VLANs for Bridging

The IA allows you to create VLANs for AppleTalk, DECnet™, SNA, and IPv6 traffic as well as for IP traffic. You can create a VLAN for handling traffic for a single protocol, such as a DECnet VLAN, or you can create a VLAN that supports several specific protocols, such as SNA and IP traffic.

Monitoring Bridging

The IA provides a display of bridging statistics and configurations contained in the IA.

To display bridging information, enter the following commands in Enable mode:

Show IP routing table.

Show all MAC addresses currently in the l2 tables.

Show l2 table information on a specific port.

vlan make <port-type> <port-list>

ip show routes

l2-tables show all-macs

l2-tables show port-macs

Show information the master MAC table.

Show information on a specific MAC address.

Show information on MACs registered.

Show all VLANs.

46 Internet Appliance User Reference Manual

l2-tables show mac-table-stats

l2-tables show mac

l2-table show bridge-management

vlan show

Page 47

Configuration Examples

VLANs are used to associate physical ports on the IA with connected hosts that may be physically separated but need to participate in the same broadcast domain. To associate ports to a VLAN, you must first create a VLAN and then assign ports to the VLAN. This section shows examples of creating an IP VLAN and a DECnet, SNA, and AppleTalk VLAN.

Creating an IP VLAN

In this example, servers connected to ports gi.1.1 and gi.1.2 on the IA need to communicate with clients connected to ports et.4.1 through et.4.8. You can associate all the ports containing the clients and servers to an IP VLAN named BLUE.

First, enter the following command to create an IP VLAN named BLUE:

ia(config)# vlan create BLUE ip

Chapter 2: Bridging Configuration Guide

Next, enter the following command to assign ports to the VLAN named BLUE:

ia(config)# vlan add ports et.4.(1-8),gi.1.(1-2) to BLUE

Creating a Non-IP VLAN

In this example, SNA, DECnet, and AppleTalk hosts are connected to ports et.1.1 and et.2.1 through et.2.4. You can associate all the ports containing these hosts to a VLAN named RED with the VLAN ID 5.

First, enter the following command to create a VLAN named RED:

ia(config)# vlan create RED sna dec appletalk id 5

Next, enter the following command to assign ports to the RED VLAN:

ia(config)# vlan add ports et.1.1, et.2.(1-4) to RED

Internet Appliance User Reference Manual 47

Page 48

Page 49

Overview

This chapter explains how to configure and monitor SmartTRUNKs on the Internet Appliance (IA). A SmartTRUNK is Cabletron’s technology for load balancing and load sharing. For a description of the SmartTRUNK commands, see the “smarttrunk Command” section of the Internet Appliance Command Line Interface Reference.

Chapter 3

SmartTRUNK

Configuration

Guide

On the IA, a SmartTRUNK is a group of two or more ports that have been logically combined into a single port. Multiple physical connections between devices are aggregated into a single logical high-speed path that acts as a single link. Traffic is balanced across all interfaces in the combined link, thereby increasing overall available system bandwidth.

SmartTRUNKs allow administrators to increase bandwidth at congestion points in the network, thus eliminating potential traffic bottlenecks. SmartTRUNKs also provide improved data-link resiliency. If one port in a SmartTRUNK should fail, its load is distributed evenly among the remaining ports and the entire SmartTRUNK link remains operational.

SmartTRUNK is Cabletron’s standard for building high-performance links between Cabletron’s switching platforms. SmartTRUNKs can interoperate with switches, routers, and servers from other vendors as well as Cabletron platforms.

SmartTRUNKs are compatible with all IA features, including VLANs, STP, VRRP, etc. SmartTRUNK operation is supported over different media types and a variety of technologies including 10/100/1000 Mbps Ethernet.

Internet Appliance User Reference Manual 49

Page 50

Chapter 3: SmartTRUNK Configuration Guide

Configuring SmartTRUNKs

To create a SmartTRUNK

1. Create a SmartTRUNK, and specify a control protocol for it.

2. Add physical ports to the SmartTRUNK.

3. Specify the policy for distributing traffic across SmartTRUNK ports. This step is optional; by default, the IA distributes traffic to ports in a round-robin (sequential) manner.

Creating a SmartTRUNK

When you create a SmartTRUNK, you specify whether the DEC® Hunt Group control protocol is to be used or no control protocol is to be used according to the following criteria:

• If you are connecting the SmartTRUNK to another IA, other Cabletron devices (such as the SmartSwitch specify the DEC Hunt Group control protocol. The Hunt Group protocol is useful in detecting errors such as transmit/receive failures, and misconfiguration.

• If you are connecting the SmartTRUNK to a device that does not support the DEC Hunt Group control protocol, such as those devices that support Cisco’s EtherChannel technology, specify no control protocol. Only link failures are detected in this mode.

To create a SmartTRUNK, enter the following command in Configure mode:

Create a SmartTRUNK that will be connected to a device that supports the DEC Hunt Group control protocol.

Create a SmartTRUNK that will be connected to a device that does not support the DEC Hunt Group control protocol.

™

6000 or SmartSwitch 9000), or DIGITAL GIGAswitch™/Router,

smarttrunk create <smarttrunk> protocol

huntgroup

smarttrunk create <smarttrunk> protocol

no-protocol

50 Internet Appliance User Reference Manual

Page 51

Chapter 3: SmartTRUNK Configuration Guide

Add Physical Ports to the SmartTRUNK

You can add any number of ports to a SmartTRUNK. The limit is the number of ports on the IA. Any port on any module can be part of a SmartTRUNK. If one module fails, the remaining ports on other modules remain operational.

Ports added to a SmartTRUNK must:

• Be set to full-duplex.

• Be in the same VLAN.

• Have the same properties (Layer-2 aging, STP state, and so on).

To add ports to a SmartTRUNK, enter the following command in Configure mode:

Create a SmartTRUNK that will be connected to a device that supports the DEC Hunt Group control protocol.

smarttrunk add ports <port list> to

Specify Traffic Distribution Policy (Optional)

The default policy for distributing traffic across the ports in a SmartTRUNK is round-r ob in, where the IA selects the port on a rotating basis. The other policy that can be chosen is link- utilization, where packets are sent to the least-used port in a SmartTRUNK. You can choose to specify the link-utilization policy for a particular SmartTRUNK, a list of SmartTRUNKs, or for all SmartTRUNKs on the IA.

Specify traffic distribution policy.

smarttrunk set load-policy on <smarttrunk

list>

|all-smarttrunks round-robin|link-

utilization

Internet Appliance User Reference Manual 51

Page 52

Chapter 3: SmartTRUNK Configuration Guide

Monitoring SmartTRUNKs

Statistics are gathered for data flowing through a SmartTRUNK and each port in the SmartTRUNK.

To display SmartTRUNK statistics, enter one of the following commands in Enable mode:

Display information about all

smarttrunk show trunks

SmartTRUNKS and the control protocol used.

Display statistics on traffic distribution on SmartTRUNK.

Display information about the control protocol on a SmartTRUNK.

Display information about the SmartTRUNK connection (DEC

smarttrunk show distribution

<smarttrunk list>|all-smarttrunks

smarttrunk show protocol-state

<smarttrunk list>|all-smarttrunks

smarttrunk show connections <smarttrunk

list>

|all-smarttrunks

Hunt Group control protocol connections only).

To clear statistics for SmartTRUNK ports, enter the following command in Enable mode:.

Clear load distribution statistics for SmartTRUNK ports.

smarttrunk clear load-distribution

<smarttrunk list>|all-smarttrunk

52 Internet Appliance User Reference Manual

Page 53

Example Configurations

The following illustration shows a network design based on SmartTRUNKs. R1 is an IA operating as a router, while S1 and S2 are IAs operating as switches.

Chapter 3: SmartTRUNK Configuration Guide

Cisco 7500 Router

10.1.1.1/24

st.1 st.2 st.4

Router

10.1.1.2/24 to-cisco

12.1.1.2/24 to-s2

11.1.1.2/24 to-s1

st.3

Switch

st.5

Cisco Catalyst

5K Switch

The following is the configuration for the Cisco 7500 router:

interface port-channel 1 ip address 10.1.1.1 255.255.255.0 ip route-cache distributed interface fasteth 0/0 no ip address channel-group 1

Switch

Server

The following is the configuration for the Cisco Catalyst 5K switch:

set port channel 3/1-2 on

Internet Appliance User Reference Manual 53

Page 54

Chapter 3: SmartTRUNK Configuration Guide

The following is the SmartTRUNK configuration for the IA labeled R1 in the diagram:

smarttrunk create st.1 protocol no-protocol smarttrunk create st.2 protocol huntgroup smarttrunk create st.3 protocol huntgroup smarttrunk add ports et.1(1-2) to st.1 smarttrunk add ports et.2(1-2) to st.2 smarttrunk add ports et.3(1-2) to st.3

interface create ip to-cisco address-netmask 10.1.1.2/24 port st.1 interface create ip to-s1 address-netmask 11.1.1.2/24 port st.2 interface create ip to-s2 address-netmask 12.1.1.2/24 port st.3

The following is the SmartTRUNK configuration for the IA labeled S1 in the diagram:

smarttrunk create st.2 protocol huntgroup smarttrunk create st.4 protocol no-protocol smarttrunk add ports et.1(1-2) to st.2 smarttrunk add ports et.2(1-2) to st.4

The following is the SmartTRUNK configuration for the IA labeled S2 in the diagram:

smarttrunk create st.3 protocol huntgroup smarttrunk create st.5 protocol no-protocol smarttrunk add ports et.1(1-2) to st.3 smarttrunk add ports et.2(1-2) to st.5

54 Internet Appliance User Reference Manual

Page 55

This chapter describes how to configure IP interfaces and general non-protocol-specific routing parameters.

IP Routing Overview

Chapter 4

IP Routing

Configuration

Guide

Internet Protocol (IP) is a packet-based protocol used to exchange data over computer networks. IP handles addressing, routing, fragmentation, reassembly, and protocol demultiplexing. In addition, IP specifies how hosts and routers should process packets, handle errors, and discard packets. IP forms the foundation upon which transport layer protocols, such as TCP or UDP, interoperate over a routed network.

The Transmission Control Protocol (TCP) is built upon the IP layer. TCP is a connectionoriented protocol that specifies the data format, buffering, and acknowledgments used in the transfer of data. TCP is a full-duplex connection that also specifies the procedures that the computers use to ensure that the data arrives correctly.

The User Datagram Protocol (UDP) provides the primary mechanism that applications use to send datagrams to other application programs. UDP is a connectionless protocol that does not guarantee delivery of datagrams between applications. Applications that use UDP are responsible for ensuring successful data transfer by employing error handling, retransmission, and sequencing techniques.

Internet Appliance User Reference Manual 55

Page 56

Chapter 4: IP Routing Configuration Guide

TCP and UDP also specify ports that identify the application that is using TCP/UDP. For example, a web server would typically use TCP/UDP port 80, which specifies HTTP-type traffic.

The IA supports standards-based TCP, UDP, and IP.

IP Routing Protocols

The Internet Appliance (IA) supports standards-based unicast routing. Unicast routing protocol support includes Interior Gateway Protocols and Exterior Gateway Protocols. Interior Gateway Protocols are used for routing networks that are within an autonomous system, a network of relatively limited size. All IP Interior Gateway Protocols must be specified with a list of associated networks before routing activities can begin. A routing process listens to updates from other routers on these networks and broadcasts its own routing information on those same networks. The IA supports the following Interior Gateway Protocols:

• Routing Information Protocol (RIP) Version 1, 2 (RFC 1058, 1723)

• Open Shortest Path First (OSPF) Version 2 (RFC 1583)

Exterior Gateway Protocols are used to transfer information between different autonomous systems. The IA supports the following Exterior Gateway Protocol:

• Border Gateway Protocol (BGP), Version 3, 4 (RFC 1267, 1771)

Configuring IP Interfaces and Parameters

This section provides an overview of configuring various IP parameters and setting up IP interfaces.

Configuring IP Addresses to Ports

You can configure one IP interface directly to physical ports. Each port can be assigned multiple IP addresses representing multiple subnets connected to the physical port.

To configure an IP interface to a port, enter one of the following commands in Configure mode:

Configure an IP interface to a physical port.

Configure a secondary address to an existing IP interface.

interface create ip <InterfaceName>

address-mask

interface add ip <InterfaceName>

address-netmask [broadcast

<ipAddr-mask> port <port>

<ipAddr-mask>

<ipaddr>]

56 Internet Appliance User Reference Manual

Page 57

Configuring IP Interfaces for a VLAN

You can configure one IP interface per VLAN. Once an IP interface has been assigned to a VLAN, you can add a secondary IP addresses to the VLAN.

To configure a VLAN with an IP interface, enter the following command in Configure mode:

Chapter 4: IP Routing Configuration Guide

Create an IP interface for a VLAN.

Configure a secondary address to an existing VLAN.

interface create ip <InterfaceName>

address-mask

interface add ip <InterfaceName>

address-netmask

<name>

vlan

Specifying Ethernet Encapsulation Method

The IA supports two encapsulation types for IP. You can configure encapsulation type on a per-interface basis.

• Ethernet II: The standard ARPA Ethernet Version 2.0 encapsulation, which uses a 16-bit

protocol type code (the default encapsulation method)

• 802.3 SNAP: SNAP IEEE 802.3 encapsulation, in which the type code becomes the

frame length for the IEEE 802.2 LLC encapsulation (destination and source Service Access Points and a control byte)

To configure IP encapsulation, enter one of the following commands in Configure mode:

Configure Ethernet II encapsulation.

interface create ip <InterfaceName>

output-mac-encapsulation ethernet_II

<ipAddr-mask> vlan <name>

<ipAddr-mask>

Configure 802.3 SNAP encapsulation.

Configuring Address Resolution Protocol (ARP)

The IA allows you to configure Address Resolution Protocol (ARP) table entries and parameters. ARP is used to associate IP addresses with media or MAC addresses. Taking an IP address as input, ARP determines the associated MAC address. Once a media or MAC address is determined, the IP address/media address association is stored in an ARP cache for rapid retrieval. Then the IP datagram is encapsulated in a link-layer frame and sent over the network.

Internet Appliance User Reference Manual 57

interface create ip <InterfaceName>

output-mac-encapsulation ethernet_snap

Page 58

Chapter 4: IP Routing Configuration Guide

Configuring ARP Cache Entries

You can add and delete entries in the ARP cache. To add or delete static ARP entries, enter one of the following commands in Configure mode:

Add a static ARP entry.

Clear a static ARP entry.

Configuring Proxy ARP

The IA can be configured for proxy ARP. The IA uses proxy ARP (as defined in RFC 1027) to help hosts with no knowledge of routing to determine the MAC address of hosts on other networks or subnets. Through Proxy ARP, the IA will respond to ARP requests from a host with a ARP reply packet containing the IA MAC address. Proxy ARP is enabled by default on the IA.

To disable proxy ARP, enter the following command in Configure mode:

Disable Proxy ARP on

ip disable-proxy-arp interface <InterfaceName>|all

an interface.

Configuring DNS Parameters

The IA can be configured to specify DNS servers, which supply name services for DNS requests. You can specify up to three DNS servers.

arp add <host> mac-addr <MAC-addr>

exit-port

arp clear <host>

<port>

To configure DNS servers, enter the following command in Configure mode:

Configure a DNS server.

system set dns server <IPaddr>

[,<IPaddr>[,<IPaddr>]]

You can also specify a domain name for the IA. The domain name is used by the IA to respond to DNS requests.

To configure a domain name, enter the following command in Configure mode:

Configure a domain name.

58 Internet Appliance User Reference Manual

system set dns domain <name>

Page 59

Configuring IP Services (ICMP)

The IA provides ICMP message capabilities, including ping and traceroute. Ping allows you to determine the reachability of a certain IP host. Traceroute allows you to trace the IP gateways to an IP host.

To access ping or traceroute on the IA, enter the following commands in Enable mode:

Chapter 4: IP Routing Configuration Guide

Specify ping.

Specify traceroute.

Configuring IP Helper

You can configure the IA to forward UDP broadcast packets received on a given interface to all other interfaces or to a specified IP address. You can specify a UDP port number for which UDP broadcast packets with that destination port number will be forwarded. By default, if no UDP port number is specified, the IA will forward UDP broadcast packets for the following five services:

• DNS (port 37)

• NetBIOS Name Server (port 137)

• NetBIOS Datagram Server (port 138)

• TACACS Server (port 49)

• Time Service (port 37)

ping <hostname-or-IPaddr> packets <num> size <num>

wait <num> [flood] [dontroute]

traceroute <host> [max-ttl <num>] [probes <num>]

[size [wait-time

<num>] [source <secs>] [tos <num>]

<secs>] [verbose] [noroute]

To configure a destination to which UDP packets will be forwarded, enter the following command in Configure mode:

Specify local subnet interface, destination helper IP address, and UDP port number to forward.

Internet Appliance User Reference Manual 59

ip helper-address interface <interface-name>

<helper-address>|all-interfaces [<udp-port#>]

Page 60

Chapter 4: IP Routing Configuration Guide

Configuring Direct Broadcast

You can configure the IA to forward all directed broadcast traffic from the local subnet to a specified IP address or all associated IP addresses. This is a more efficient method than defining only one local interface and remote IP address destination at a time with the ip-helper command when you are forwarding traffic from more than one interface in the local subnet to a remote destination IP address.

To forward all directed broadcast traffic to a specified IP address, enter the following command in Configure mode:

Forward directed broadcast traffic.

ip enable directed-broadcast interface

Configuring Denial of Service (DOS)

By default, the IA installs flows in the hardware so that packets sent as directed broadcasts are dropped in hardware, if directed broadcast is not enabled on the interface where the packet is received. You can disable this feature, causing directed broadcast packets to be processed on the IA even if directed broadcast is not enabled on the interface receiving the packet.

Similarly, the IA installs flows to drop packets destined for the IA for which service is not provided by the IA. This prevents packets for unknown services from slowing the CPU. You can disable this behavior, causing these packets to be processed by the CPU.

Disables the directedbroadcast-protection feature of the IA.

Disables the port-attackprotection feature of the IA.

ip dos disable directed-broadcast-protection

ip dos disable port-attack-protection

<interface name>|all

60 Internet Appliance User Reference Manual

Page 61

Monitoring IP Parameters

The IA provides display of IP statistics and configurations contained in the routing table. Information displayed provides routing and performance information.

To display IP information, enter the following commands in Enable mode:

Chapter 4: IP Routing Configuration Guide

Show ARP table entries.

Show IP interface configuration.

Show all TCP/UDP connections and services.

Show configuration of IP interfaces.

Show IP routing table information.

Show ARP entries in routing table.

Show DNS parameters.

Configuration Examples

Assigning IP Interfaces

To enable routing on the IA, you must assign an IP interface to a VLAN. To assign an IP interface named RED to the BLUE VLAN, enter the following command:

ia(config)# interface create ip RED address-netmask

10.50.0.1/255.255.0.0 vlan BLUE

arp show all

interface show ip

ip show connections [no-lookup]

ip show interfaces [<interface-name>]

ip show routes

ip show routes show-arps

system show dns

You can also assign an IP interface directly to a physical port. For example, to assign IP interface RED to physical port et.3.4, enter the following command:

ia(config)# interface create ip RED address-netmask

10.50.0.0/255.255.0.0 port et.3.4

Internet Appliance User Reference Manual 61

Page 62

Page 63

VRRP Overview

This chapter explains how to set up and monitor the Virtual Router Redundancy Protocol (VRRP) on the Internet Appliance (IA). VRRP is defined in RFC 2338.

En- host systems on a LAN are often configured to send packets to a statically configured default router. If this default router becomes unavailable, all the hosts that use it as their first hop router become isolated on the network. VRRP provides a way to ensure the availability of an end host’s default router.

Chapter 5

VRRP

Configuration

Guide

This is done by assigning IP addresses that end hosts use as their default route to a virtual router. A Master router is assigned to forward traffic designated for the virtual router. If

the Master router becomes unavailable, a Backup router takes over and begins forwarding traffic for the virtual router. As long as one of the routers in a VRRP configuration is up, the IP addresses assigned to the virtual router are always available and the end hosts can send packets to these IP addresses without interruption.

Internet Appliance User Reference Manual 63

Page 64

Chapter 5: VRRP Configuration Guide

Configuring VRRP

This section presents three sample VRRP configurations:

• A basic VRRP configuration with one virtual router

• A symmetrical VRRP configuration with two virtual routers

• A multi-backup VRRP configuration with three virtual routers

Basic VRRP Configuration

Figure 4 shows a basic VRRP configuration with a single virtual router. Routers R1 and R2

are both configured with one virtual router ( Router R2 serves as the Backup. The four end hosts are configured to use 10.0.0.1/16 as the default route. IP address 10.0.0.1/16 is associated with virtual router

Master Backup

VRID=1). Router R1 serves as the Master and

VRID=1.

R1 R2

Interface Addr. =

VRID=1

Addr. =

;

10.0.0.1/16

H1 H2 H3 H4

Default Route = 10.0.0.1/16

VRID=1

10.0.0.1/16

Interface Addr. =

VRID=1

Addr. =

;

10.0.0.2/1

10.0.0.1/16

Figure 4. Basic VRRP Configuration

If Router R1 becomes unavailable, Router R2 takes over virtual router

VRID=1 and its

associated IP addresses. Packets sent to 10.0.0.1/16 go to Router R2. When Router R1 comes up again, it takes over as Master, and Router R2 reverts to Backup.

64 Internet Appliance User Reference Manual

Page 65

Configuration of Router R1

The following is the configuration file for Router R1 in Figure 4:

1: interface create ip test address-netmask 10.0.0.1/16 port et.1.1 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy associate vrrp 1 interface test address 10.0.0.1/16 4: ip-redundancy start vrrp 1 interface test

Line 1 adds IP address 10.0.0.1/16 to interface test, making Router R1 the owner of this IP address. Line 2 creates virtual router

10.0.0.1/16 with virtual router

In VRRP, the router that owns the IP address associated with the virtual router is the Master. Any other routers that participate in this virtual router are Backups. In this configuration, Router R1 is the Master for virtual router

10.0.0.1/16, the IP address associated with virtual router

Configuration for Router R2

Chapter 5: VRRP Configuration Guide

VRID=1 on interface test. Line 3 associates IP address

VRID=1. Line 4 starts VRRP on interface test.

VRID=1 because it owns

VRID=1.

The following is the configuration file for Router R2 in Figure 4:

1: interface create ip test address-netmask 10.0.0.2/16 port et.1.1 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy associate vrrp 1 interface test address 10.0.0.1/16 4: ip-redundancy start vrrp 1 interface test

The configuration for Router R2 is nearly identical to Router R1. The difference is that Router R2 does not own IP address 10.0.0.1/16. Since Router R2 does not own this IP address, it is the Backup. It takes over from the Master if the Master becomes unavailable.

Symmetrical Configuration

Figure 5 shows a VRRP configuration with two routers and two virtual routers. Routers

R1 and R2 are both configured with two virtual routers (

Router R1 serves as:

• Master for

•Backup for VRID=2

Router R2 serves as:

VRID=1

VRID=1 and VRID=2).

• Master for

•Backup for VRID=1

Internet Appliance User Reference Manual 65

VRID=2

Page 66

Chapter 5: VRRP Configuration Guide

This configuration allows you to load-balance traffic coming from the hosts on the

10.0.0.0/16 subnet and provides a redundant path to either virtual router.

Note: This is the recommended configuration on a network using VRRP.

Master for VRID=1

Backup for VRID=2

Master for VRID=2

Backup for VRID=1

R1 R2

Interface Addr. =

Addr. =

;

VRID=1

Addr. =

;

VRID=2

10.0.0.1/16

10.0.0.2/16

10.0.0.1/16

VRID=1

H1 H2 H3 H4

Default Route = 10.0.0.1/16

VRID=2

10.0.0.2/16

Interface Addr. =

Addr. =

;

VRID=1

Addr. =

;

VRID=2

Default Route = 10.0.0.2/16

10.0.0.2/16

10.0.0.1/16

10.0.0.2/16

Figure 5. Symmetrical VRRP Configuration

In this configuration, half the hosts use 10.0.0.1/16 as their default route, and half use

10.0.0.2/16. IP address 10.0.0.1/16 is associated with virtual router

10.0.0.2/16 is associated with virtual router

VRID=2.

VRID=1, and IP address

If Router R1, the Master for virtual router address 10.0.0.1/16. Similarly, if Router R2, the Master for virtual router

VRID=1, goes down, Router R2 takes over the IP

VRID=2, goes

down, Router R1 takes over the IP address 10.0.0.2/16.

66 Internet Appliance User Reference Manual

Page 67

Configuration of Router R1

The following is the configuration file for Router R1 in Figure 5:

1: interface create ip test address-netmask 10.0.0.1/16 port et.1.1 ! 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy create vrrp 2 interface test ! 4: ip-redundancy associate vrrp 1 interface test address 10.0.0.1/16 5: ip-redundancy associate vrrp 2 interface test address 10.0.0.2/16 ! 6: ip-redundancy start vrrp 1 interface test 7: ip-redundancy start vrrp 2 interface test

Router R1 is the owner of IP address 10.0.0.1/16. Line 4 associates this IP address with virtual router

VRID=1, so Router R1 is the Master for virtual router VRID=1.

Chapter 5: VRRP Configuration Guide

On line 5, Router R1 associates IP address 10.0.0.2/16 with virtual router However, since Router R1 does not own IP address 10.0.0.2/16, it is not the default Master for virtual router

Configuration of Router R2

The following is the configuration file for Router R2 in Figure 5:

1: interface create ip test address-netmask 10.0.0.2/16 port et.1.1 ! 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy create vrrp 2 interface test ! 4: ip-redundancy associate vrrp 1 interface test address 10.0.0.1/16 5: ip-redundancy associate vrrp 2 interface test address 10.0.0.2/16 ! 6: ip-redundancy start vrrp 1 interface test 7: ip-redundancy start vrrp 2 interface test

On line 1, Router R2 is made owner of IP address 10.0.0.2/16. Line 5 associates this IP address with virtual router Line 4 associates IP address 10.0.0.1/16 with virtual router Backup for virtual router

VRID=2.

VRID=2, so Router R2 is the Master for virtual router VRID=2.

VRID=1, making Router R2 the

VRID=1.

Internet Appliance User Reference Manual 67

Page 68

Chapter 5: VRRP Configuration Guide

Multi-Backup Configuration

Figure 6 shows a VRRP configuration with three routers and three virtual routers. Each

router serves as a Master for one virtual router and as a Backup for each of the others. When a Master router goes down, one of the Backups takes over the IP addresses of its virtual router.

In a VRRP configuration where more than one router is backing up a Master, you can specify which Backup router takes over when the Master goes down by setting the priority for the Backup routers.

Master for VRID=1 1st Backup for VRID=2 1st Backup for VRID=3

Master for VRID=2

1st Backup for VRID=1

2nd Backup for VRID=3

R1 R2

VRID=1

10.0.0.1/16

H1 H2 H3 H4

Default Route = 10.0.0.1/16

Default Route = 10.0.0.2/16

10.0.0.2/16

Figure 6. Multi-Backup VRRP Configuration

In this configuration, Router R1 is the Master for virtual router Backup for virtual routers

VRID=2 and VRID=3. If Router R2 or R3 go down, Router R1

assumes the IP addresses associated with virtual routers

VRID=2

Master for VRID=3 2nd Backup for VRID=1 2nd Backup for VRID=2

VRID=3

10.0.0.3/16

H5 H6

Default Route = 10.0.0.3/16

VRID=1 and the primary

VRID=2 and VRID=3.

Router R2 is the Master for virtual router

VRID=1, and the secondary Backup for virtual router VRID=3. If Router R1 fails, Router R2

becomes the Master for virtual router becomes the Master for all three virtual routers. All packets sent to IP addresses

10.0.0.1/16, 10.0.0.2/16, and 10.0.0.3/16 go to Router R2.

Router R3 is the secondary Backup for virtual routers becomes a Master router only if both Routers R1 and R2 fail. In this case, Router R3 becomes the Master for all three virtual routers.

68 Internet Appliance User Reference Manual

VRID=2, the primary Backup for virtual router

VRID=1. If both Routers R1 and R3 fail, Router R2

VRID=1 and VRID=2. Router R3

Page 69

Configuration of Router R1

The following is the configuration file for Router R1 in Figure 6:

1: interface create ip test address-netmask 10.0.0.1/16 port et.1.1 ! 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy create vrrp 2 interface test 4: ip-redundancy create vrrp 3 interface test ! 5: ip-redundancy associate vrrp 1 interface test address 10.0.0.1/16 6: ip-redundancy associate vrrp 2 interface test address 10.0.0.2/16 7: ip-redundancy associate vrrp 3 interface test address 10.0.0.3/16 ! 8: ip-redundancy set vrrp 2 interface test priority 200 9: ip-redundancy set vrrp 3 interface test priority 200 ! 10: ip-redundancy start vrrp 1 interface test 11: ip-redundancy start vrrp 2 interface test 12: ip-redundancy start vrrp 3 interface test

Router R1’s IP address on interface test is 10.0.0.1. There are three virtual routers on this interface:

Chapter 5: VRRP Configuration Guide

•

VRID=1 – IP address=10.0.0.1/16

• VRID=2 – IP address=10.0.0.2/16

VRID=3 – IP address=10.0.0.3/16

•

Since the IP address of virtual router

VRID=1 is the same as the interface’s IP address

(10.0.0.1), then the router automatically becomes the address owner of virtual router

VRID=1.

A priority is associated with each of the virtual routers. The priority determines whether the router becomes the Master or the Backup for a particular virtual router. Priorities can have values between 1 and 255. When a Master router goes down, the router with the next-highest priority takes over the virtual router. If more than one router has the nexthighest priority, the router that has the highest-numbered interface IP address becomes the Master.

If a router is the address owner for a virtual router, then its priority for that virtual router is 255 and cannot be changed. If a router is not the address owner for a virtual router, then the router’s priority for that virtual router is 100 by default and can be changed by the user.

Since Router R1 is the owner of the IP address associated with virtual router a priority of 255 (the highest) for virtual router priority for virtual routers

VRID=2 and VRID=3 at 200. If no other routers in the VRRP

VRID=1. Lines 8 and 9 set Router R1’s

VRID=1, it has

configuration have a higher priority, Router R1 will take over as Master for virtual routers

VRID=2 and VRID=3 should Router R2 or R3 go down.

Internet Appliance User Reference Manual 69

Page 70

Chapter 5: VRRP Configuration Guide

The following table shows the priorities for each virtual router configured on Router R1:

Virtual Router Default Priority Configured Priority

VRID=1 – IP address=10.0.0.1/16 255 (address owner) 255 (address owner)

VRID=2 – IP address=10.0.0.2/16 100 200 (see line 8)

VRID=3 – IP address=10.0.0.3/16 100 200 (see line 9)

Configuration of Router R2

The following is the configuration file for Router R2 in Figure 6:

1: interface create ip test address-netmask 10.0.0.2/16 port et.1.1 ! 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy create vrrp 2 interface test 4: ip-redundancy create vrrp 3 interface test ! 5: ip-redundancy associate vrrp 1 interface test address 10.0.0.1/16 6: ip-redundancy associate vrrp 2 interface test address 10.0.0.2/16 7: ip-redundancy associate vrrp 3 interface test address 10.0.0.3/16 ! 8: ip-redundancy set vrrp 1 interface test priority 200 9: ip-redundancy set vrrp 3 interface test priority 100 ! 10: ip-redundancy start vrrp 1 interface test 11: ip-redundancy start vrrp 2 interface test 12: ip-redundancy start vrrp 3 interface test

Line 8 sets the Backup priority for virtual router higher than Router R3’s Backup priority for virtual router primary Backup and Router R3 is the secondary Backup for virtual router

On line 9, the Backup priority for virtual router

VRID=1 to 200. Since this number is

VRID=1, Router R2 is the

VRID=1.

VRID=3 is set to 100. Since Router R1’s

Backup priority for this virtual router is 200, Router R1 is the primary Backup and Router R2 is the secondary Backup for virtual router

70 Internet Appliance User Reference Manual

VRID=3.

Page 71

The following table shows the priorities for each virtual router configured on Router R2:

Virtual Router Default Priority Configured Priority

VRID=1 – IP address=10.0.0.1/16 100 200 (see line 8)

VRID=2 – IP address=10.0.0.2/16 255 (address owner) 255 (address owner)

VRID=3 – IP address=10.0.0.3/16 100 100 (see line 9)

Note: Since 100 is the default priority, line 9, which sets the priority to 100, is actually

unnecessary. It is included for illustration purposes only.

Configuration of Router R3

The following is the configuration file for Router R3 in Figure 6:

1: interface create ip test address-netmask 10.0.0.3/16 port et.1.1 ! 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy create vrrp 2 interface test 4: ip-redundancy create vrrp 3 interface test ! 5: ip-redundancy associate vrrp 1 interface test address 10.0.0.1/16 6: ip-redundancy associate vrrp 2 interface test address 10.0.0.2/16 7: ip-redundancy associate vrrp 3 interface test address 10.0.0.3/16 ! 8: ip-redundancy set vrrp 1 interface test priority 100 9: ip-redundancy set vrrp 2 interface test priority 100 ! 10: ip-redundancy start vrrp 1 interface test 11: ip-redundancy start vrrp 2 interface test 12: ip-redundancy start vrrp 3 interface test

Chapter 5: VRRP Configuration Guide

Lines 8 and 9 set the Backup priority for Router R3 at 100 for virtual routers

VRID=2. Since Router R1 has a priority of 200 for backing up virtual router VRID=2, and

Router R2 has a priority of 200 for backing up virtual router secondary Backup for both virtual routers

Internet Appliance User Reference Manual 71

VRID=1 and

VRID=1, Router R3 is the

VRID=1 and VRID=2.

Page 72

Chapter 5: VRRP Configuration Guide

The following table shows the priorities for each virtual router configured on Router R3:

Virtual Router Default Priority Configured Priority

VRID=1 – IP address=10.0.0.1/16 100 100 (see line 8)

VRID=2 – IP address=10.0.0.2/16 100 100 (see line 9)

VRID=3 – IP address=10.0.0.3/16 255 (address owner) 255 (address owner)

Note: Since 100 is the default priority, lines 8 and 9, which set the priority to 100, are

actually unnecessary. They are included for illustration purposes only.

Additional Configuration

This section covers settings you can modify in a VRRP configuration, including Backup priority, advertisement interval, pre-empt mode, and authentication key.

Setting the Backup Priority

As described in “Multi-Backup Configuration” on page 68, you can specify which Backup router takes over when the Master router goes down by setting the priority for the Backup routers. To set the priority for a Backup router, enter the following command in Configure mode:

Set the Backup priority for a virtual router.

The priority can be between 1 (lowest) and 254. The default is 100. The priority for the IP address owner is 255 and cannot be changed.

Setting the Advertisement Interval

The VRRP Master router sends periodic advertisement messages to let the other routers know that the Master is up and running. By default, advertisement messages are sent once each second. To change the VRRP advertisement interval, enter the following command in Configure mode:

Set the Advertisement interval for a virtual router.

ip-redundancy set vrrp <vrid> interface

<interface> priority <number>

ip-redundancy set vrrp <vrid> interface

<interface> adv-interval <seconds>

72 Internet Appliance User Reference Manual

Page 73

Setting Pre-empt Mode

When a Master router goes down, the Backup with the highest priority takes over the IP addresses associated with the Master. By default, when the original Master comes back up, it takes over from the Backup router that assumed its role as Master. When a VRRP router does this, it is said to be in pre-empt mode. Pre-empt mode is enabled by default on the IA. You can prevent a VRRP router from taking over from a lower-priority Master by disabling pre-empt mode. To do this, enter the following command in Configure mode:

Chapter 5: VRRP Configuration Guide

Disable pre-empt mode for a virtual router.

Note: If the IP address owner is available, then it will always take over as the Master,

regardless of whether pre-empt mode is on or off.

Setting an Authentication Key

By default, no authentication of VRRP packets is performed on the IA. You can specify a clear-text password to be used to authenticate VRRP exchanges. To enable authentication, enter the following command in Configure mode:

Set an authentication key for a virtual router.

where <key> is a clear-text password.

Note: The IA does not currently support the IP Authentication Header method of

authentication.

ip-redundancy set vrrp <vrid> interface

<interface> preempt-mode disabled

ip-redundancy set vrrp <vrid> interface

Internet Appliance User Reference Manual 73

Page 74

Chapter 5: VRRP Configuration Guide

Monitoring VRRP

The IA provides two commands for monitoring a VRRP configuration: ip-redundancy trace, which displays messages when VRRP events occur, and ip-redundancy show,

which reports statistics about virtual routers.

ip-redundancy trace

The ip-redundancy trace command is used for troubleshooting purposes. This command causes messages to be displayed when certain VRRP events occur on the IA. To trace VRRP events, enter the following commands in Enable mode:

Display a message when any VRRP event occurs. (Disabled by default.)

Display a message when a VRRP router changes from one state to another; for example Backup to Master. (Enabled by default.)

Display a message when a VRRP packet error is detected. (Enabled by default.)

Enable all VRRP tracing.

ip-redundancy show

The ip-redundancy show command reports information about a VRRP configuration. To display VRRP information, enter the following commands in Enable mode:

Display information about all virtual routers.

ip-redundancy trace vrrp events enabled

ip-redundancy trace vrrp state-transitions

enabled

ip-redundancy trace vrrp packet-errors

enabled

ip-redundancy trace vrrp all enabled

ip-redundancy show vrrp

Display information about all virtual routers on a specified interface.

Display detailed statistics about a specific virtual router

74 Internet Appliance User Reference Manual

ip-redundancy show vrrp interface <interface>

ip-redundancy show vrrp <vrid> interface

<interface> verbose

Page 75

VRRP Configuration Notes

• The Master router sends keep-alive advertisements. The frequency of these keep-alive advertisements is determined by setting the Advertisement interval parameter. The default value is 1 second.

• If a Backup router doesn’t receive a keep-alive advertisement from the current Master within a certain period of time, it will transition to the Master state and start sending advertisements itself. The amount of time that a Backup router will wait before it becomes the new Master is based on the following equation:

Master-down-interval = (3 * advertisement-interval) + skew-time

The skew-time depends on the Backup router's configured priority:

Skew-time = ( (256 - Priority) / 256 )

Therefore, the higher the priority, the faster a Backup router will detect that the Master is down. For example:

– Default advertisement-interval = 1 second

– Default Backup router priority = 100

Chapter 5: VRRP Configuration Guide

– Master-down-interval = time it takes a Backup to detect the Master is down

= (3 * adv-interval) + skew-time

= (3 * 1 second) + ((256 - 100) / 256)

= 3.6 seconds

• If a Master router is manually rebooted, or if its interface is manually brought down, it will send a special keep-alive advertisement that lets the Backup routers know that a new Master is needed immediately.

• A virtual router will respond to ARP requests with a virtual MAC address. This virtual MAC depends on the virtual router ID:

virtual MAC address = 00005E:0001XX

where XX is the virtual router ID

This virtual MAC address is also used as the source MAC address of the keep-alive Advertisements transmitted by the Master router.

• If multiple virtual routers are created on a single interface, the virtual routers must have unique identifiers. If virtual routers are created on different interfaces, you can reuse virtual router IDs.

For example, the following configuration is valid:

ip-redundancy create vrrp 1 interface test-A ip-redundancy create vrrp 1 interface test-B

Internet Appliance User Reference Manual 75

Page 76

Chapter 5: VRRP Configuration Guide

• As specified in RFC 2338, a Backup router that has transitioned to Master will not respond to pings, accept telnet sessions, or field SNMP requests directed at the virtual router's IP address.

Not responding allows network management to notice that the original Master router (i.e., the IP address owner) is down.

76 Internet Appliance User Reference Manual

Page 77

RIP Overview

This chapter describes how to configure the Routing Information Protocol (RIP) on the Internet Appliance (IA). RIP is a distance-vector routing protocol for use in small networks. RIP is described in RFC 1723. A router running RIP broadcasts updates at set intervals. Each update contains paired values where each pair consists of an IP network address and an integer distance to that network. RIP uses a hop count metric to measure the distance to a destination.

Chapter 6

RIP Configuration

Guide

The IA provides support for RIP Version 1 and 2. The IA implements plain text and MD5 authentication methods for RIP Version 2.

The protocol independent features that apply to RIP are described in Chapter 4, “IP

Routing Configuration Guide.”

Internet Appliance User Reference Manual 77

Page 78

Chapter 6: RIP Configuration Guide

Configuring RIP

By default, RIP is disabled on the IA and on each of the attached interfaces. To configure RIP on the IA, follow these steps:

1. Start the RIP process by entering the rip start command.

2. Use the rip add interface command to inform RIP about the attached interfaces.

Enabling and Disabling RIP

To enable or disable RIP, enter one of the following commands in Configure mode:

Enable RIP.

Disable RIP.

Configuring RIP Interfaces

To configure RIP in the IA, you must first add interfaces to inform RIP about attached interfaces.

To add RIP interfaces, enter the following commands in Configure mode:

Add interfaces to the RIP process.

Add gateways from which the IA will accept RIP updates.

Define the list of routers to which RIP sends packets directly, not through multicast or broadcast.

rip start

rip stop

rip add interface <interfacename-or-IPaddr>

rip add trusted-gateway <interfacename-or-IPaddr>

rip add source-gateway <interfacename-or-IPaddr>

78 Internet Appliance User Reference Manual

Page 79

Configuring RIP Parameters

No further configuration is required, and the system default parameters will be used by RIP to exchange routing information. These default parameters may be modified to suit your needs by using the rip set interface command.

RIP Parameter Default Value

Version number RIP v1

Check-zero for RIP reserved parameters Enabled

Whether RIP packets should be broadcast Choose

Preference for RIP routes 100

Metric for incoming routes 1

Metric for outgoing routes 0

Authentication None

Update interval 30 seconds

Chapter 6: RIP Configuration Guide

To change RIP parameters, enter the following commands in Configure mode.

Set RIP Version on an interface to RIP V1.

Set RIP Version on an interface to RIP V2.

Specify that RIP V2 packets should be multicast on this

rip set interface <interfacename-or-IPaddr>|all

version 1

rip set interface <interfacename-or-IPaddr>|all

version 2

rip set interface <interfacename-or-IPaddr>|all

type multicast

interface.

Specify that RIP V2 packets that are RIP V1-compatible should

rip set interface <interfacename-or-IPaddr>|all

type broadcast

be broadcast on this interface.

Change the metric on incoming RIP routes.

Change the metric on outgoing RIP routes.

Set the authentication method to simple text up to 8

rip set interface <interfacename-or-IPaddr>|all

metric-in

rip set interface <interfacename-or-IPaddr>|all

metric-out

rip set interface <interfacename-or-IPaddr>|all

authentication-method simple

<num>

characters.

Set the authentication method to MD5.

rip set interface <interfacename-or-IPaddr>|all

authentication-method md5

Internet Appliance User Reference Manual 79

Page 80

Chapter 6: RIP Configuration Guide

Specify the metric to be used when advertising routes that were learned from other protocols.

Enable automatic summarization and redistribution of RIP routes.

Specify broadcast of RIP packets regardless of number of interfaces present.

Check that reserved fields in incoming RIP V1 packets are zero.

Enable acceptance of RIP routes that have a metric of zero.

Enable poison reverse, as specified by RFC 1058.

Configuring RIP Route Preference

rip set default-metric <num>

rip set auto-summary disable|enable

rip set broadcast-state always|choose|never

rip set check-zero disable|enable

rip set check-zero-metric disable|enable

rip set poison-reverse disable|enable

You can set the preference of routes learned from RIP.

To configure RIP route preference, enter the following command in Configure mode:

Set the preference of routes learned from RIP. rip set preference <num>

Configuring RIP Route Default-Metric

You can define the metric used when advertising routes via RIP that were learned from other protocols. The default value for this parameter is 16 (unreachable). To export routes from other protocols into RIP, you must explicitly specify a value for the default-metric parameter. The metric specified by the default-metric parameter may be overridden by a metric specified in the export command.

To configure default-metric, enter the following command in Configure mode:

Define the metric used when advertising routes via RIP that were learned from other protocols.

For

<num>

, you must specify a number between 1 and 16.

rip set default-metric <num>

80 Internet Appliance User Reference Manual

Page 81

Monitoring RIP

The rip trace command can be used to trace all rip request and response packets.

To monitor RIP information, enter the following commands in Enable mode:

Chapter 6: RIP Configuration Guide

Show all RIP information.

Show RIP export policies.

Show RIP global information.

Show RIP import policies.

Show RIP information on the specified interface.

Show RIP interface policy information.

Show detailed information of all RIP packets.

Show detailed information of all packets received by the router.

Show detailed information of all packets sent by the router.

Show detailed information of all request received by the router.

Show detailed information of all response received by the router.

rip show all

rip show export-policy

rip show globals

rip show import-policy

rip show interface <Name or IP-addr>

rip show interface-policy

rip trace packets detail

rip trace packets receive

rip trace packets send

rip trace request receive

rip trace response receive

Show detailed information of response

rip trace response send

packets sent by the router.

Show detailed information of request

rip trace send request

packets sent by the router.

Show RIP timer information.

Internet Appliance User Reference Manual 81

rip show timers

Page 82

Chapter 6: RIP Configuration Guide

Configuration Example

IA 1

Interface 1.1.1.1 Interface 3.2.1.1

! Example configuration ! ! Create interface

-1

interface create ip

1-if1 with ip address 1.1.1.1/16 on port et.1.1 on

1-if1 address-netmask 1.1.1.1/16 port et.1.1

! ! Configure rip on IA-1 rip add interface rip set interface

1-if1

1-if1 version 2

rip start ! ! ! Set authentication method to md5 rip set interface

1-if1 authentication-method md5

! ! Change default metric-in rip set interface

1-if1 metric-in 2

! ! Change default metric-out rip set interface

1-if1 metric-out 3

IA 2

82 Internet Appliance User Reference Manual

Page 83

OSPF Overview

Open Shortest Path First (OSPF) is a link-state routing protocol that supports IP subnetting and authentication. The Internet Appliance (IA) supports OSPF Version 2.0 as defined in RFC 1583. Each link-state message contains all the links connected to the router with a specified cost associated with the link.

Chapter 7

OSPF

Configuration

Guide

The IA supports the following OSPF functions:

• Stub Areas: Definition of stub areas is supported.

• Authentication: Simple password and MD5 authentication methods are supported

within an area.

• Virtual Links: Virtual links are supported.

• Route Redistribution: Routes learned via RIP, BGP, or any other sources can be

redistributed into OSPF. OSPF routes can be redistributed into RIP or BGP.

• Interface Parameters: Parameters that can be configured include interface output cost,

retransmission interval, interface transmit delay, router priority, router dead and hello intervals, and authentication key.

Internet Appliance User Reference Manual 83

Page 84

Chapter 7: OSPF Configuration Guide

OSPF Multipath

The IA also supports OSPF and static Multi-path. If multiple equal-cost OSPF or static routes have been defined for any destination, then the IA discovers and uses all of them. The IA will automatically learn up to four equal-cost OSPF or static routes and retain them in its forwarding information base (FIB). The forwarding module then installs flows for these destinations in a round-robin fashion.

Configuring OSPF

To configure OSPF on the IA, you must enable OSPF, create OSPF areas, assign interfaces to OSPF areas, and, if necessary, specify any of the OSPF interface parameters.

To configure OSPF, you may need to perform some or all of the following tasks:

•Enable OSPF.

• Create OSPF areas.

• Create an IP interface or assign an IP interface to a VLAN.

• Add IP interfaces to OSPF areas.

• Configure OSPF interface parameters, if necessary.

Note:

• Add IP networks to OSPF areas.

• Create virtual links, if necessary.

Enabling OSPF

OSPF is disabled by default on the IA.

To enable or disable OSPF, enter one of the following commands in Configure mode.

Enable OSPF.

By default, the priority of an OSPF router for an interface is set to zero, which makes the router ineligible from becoming a designated router on the network to which the interface belongs. To make the router eligible to become a designated router, you must set the priority to a non-zero value.

The default cost of an OSPF interface is 1. The cost of the interface should be inversely proportional to the bandwidth of the interface; if the IA has interfaces with differing bandwidths, the OSPF costs should be set accordingly.

ospf start

Disable OSPF.

84 Internet Appliance User Reference Manual

ospf stop

Page 85

Configuring OSPF Interface Parameters

You can configure the OSPF interface parameters shown in Ta b l e 1 .

Table 1. OSPF Interface Parameters

OSPF Parameter Default Value

Interface OSPF State (Enable/Disable) Enable (except for virtual links)

Cost 1

No multicast Default is using multicast mechanism

Retransmit interval 5 seconds

Transit delay 1 second

Priority 0

Hello interval 10 seconds (broadcast), 30 (non broadcast)

Chapter 7: OSPF Configuration Guide

Router dead interval 4 times the hello interval

Poll Interval 120 seconds

Key chain N/A

Authentication Method None

To configure OSPF interface parameters, enter one of the following commands in Configure mode:

Enable OSPF state on interface.

Specify the cost of sending a packet on an OSPF interface.

Specify the priority for determining the designated router on an OSPF

ospf set interface <name-or-IPaddr>|all

state disable|enable

ospf set interface <name-or-IPaddr>|all

cost

<num>

ospf set interface <name-or-IPaddr>|all

priority

<num>

interface.

Specify the interval between OSPF hello packets on an OSPF interface.

Configure the retransmission interval between link state advertisements for

ospf set interface <name-or-IPaddr>|all

hello-interval

ospf set interface <name-or-IPaddr>|all

retransmit-interval

<num>

adjacencies belonging to an OSPF interface.

Internet Appliance User Reference Manual 85

Page 86

Chapter 7: OSPF Configuration Guide

Specify the number of seconds required to transmit a link state update on an OSPF interface.

Specify the time a neighbor router will listen for OSPF hello packets before declaring the router down.

Disable IP multicast for sending OSPF packets to neighbors on an OSPF interface.

Specify the poll interval on an OSPF interface.

Specify the identifier of the key chain containing the authentication keys.

Specify the authentication method to be used on this interface.

Configuring an OSPF Area

ospf set interface <name-or-IPaddr>|all

transit-delay

ospf set interface <name-or-IPaddr>|all

router-dead-interval

ospf set interface <name-or-IPaddr>|all

no-multicast

ospf set interface <name-or-IPaddr>|all

poll-interval

ospf set interface <name-or-IPaddr>|all

key-chain

ospf set interface <name-or-IPaddr>|all

authentication-method none|simple|md5

<num>

<num-or-string>

OSPF areas are a collection of subnets that are grouped in a logical fashion. These areas communicate with other areas via the backbone area. Once OSPF areas are created, you can add interfaces, stub hosts, and summary ranges to the area.

In order to reduce the amount of routing information propagated between areas, you can configure summary-ranges on Area Border Routers (ABRs). On the IA, summary-ranges are created using the ospf add network command. The networks specified using this command describe the scope of an area. Intra-area Link State Advertisements (LSAs) that fall within the specified ranges are not advertised into other areas as inter-area routes. Instead, the specified ranges are advertised as summary network LSAs.

86 Internet Appliance User Reference Manual

Page 87

Chapter 7: OSPF Configuration Guide

To create areas and assign interfaces, enter the following commands in the Configure mode:

Create an OSPF area.

Add an interface to an OSPF area. ospf add interface <name-or-IPaddr>

Add a stub host to an OSPF area. ospf add stub-host [to-area

Add a network to an OSPF area for summarization.

Configuring OSPF Area Parameters

The IA allows configuration of various OSPF area parameters, including stub areas, stub cost, and authentication method. Stub areas are areas into which information on external routes is not sent. Instead, there is a default external route generated by the ABR, into the stub area for destinations outside the autonomous system. Stub cost specifies the cost to be used to inject a default route into a stub area. An authentication method for OSPF packets can be specified on a per-area basis.

To configure OSPF area parameters, enter the following commands in the Configure mode:

ospf create area <area-num>|backbone

[to-area [type broadcast|non-broadcast]

<area-addr>

|backbone]

<area-

addr>

[cost

ospf add network <IPaddr/mask> [to-area

<area-addr>

[host-net]

|backbone]

<num>

]

|backbone] [restrict]

Specify an OSPF stub area. ospf set area <area-num> stub

Specify the cost to be used to inject a

ospf set area <area-num> stub-cost

<num>

default route into an area.

Specify the authentication method to be used by neighboring OSPF routers.

Internet Appliance User Reference Manual 87

ospf set area <area-num> [stub]

[authentication-method none|simple|md5]

Page 88

Chapter 7: OSPF Configuration Guide

Creating Virtual Links

In OSPF, virtual links can be established:

• To connect an area via a transit area to the backbone

• To create a redundant backbone connection via another area

Each Area Border Router must be configured with the same virtual link. Note that virtual links cannot be configured through a stub area.

To configure virtual links, enter the following commands in the Configure mode:

Create a virtual link.

Set virtual link parameters.

ospf add virtual-link <number-or -string> [neighbor <IPaddr>]

[transit-area

ospf set virtual-link <number-or-string>

[state disable|enable] [cost <num>] [retransmit-interval [priority [router-dead-interval

<area-num>]

<num>] [transit-delay <num>]

<num>] [hello-interval <num>]

<num>] [poll-interval <num>]

Configuring Autonomous System External (ASE) Link Advertisements

These parameters specify the defaults used when importing OSPF AS External (ASE) routes into the routing table and exporting routes from the routing table into OSPF ASEs.

To specify AS external link advertisements parameters, enter the following commands in the Configure mode:

Specify the interval which AS external link advertisements will be generated and flooded to an OSPF AS.

ospf set export-interval <num>

Specify the number of AS external link advertisements which will be generated and flooded to an OSPF AS.

Specify AS external link advertisement default parameters.

88 Internet Appliance User Reference Manual

ospf set export-limit <num>

ospf set ase-defaults [preference

[cost [inherit-metric]

<num>

] [type

<num>

]

<num>

]

Page 89

Chapter 7: OSPF Configuration Guide

Configuring OSPF over Non-Broadcast Multiple Access

You can configure OSPF over NBMA circuits to limit the number of Link State Advertisements (LSAs). LSAs are limited to initial advertisements and any subsequent changes. Periodic LSAs over NBMA circuits are suppressed.

To configure OSPF over WAN circuits, enter the following command in Configure mode:

Configure OSPF over a WAN circuit.

Monitoring OSPF

The IA lets you display OSPF statistics and configurations contained in the routing table. Information displayed provides routing and performance information.

To display OSPF information, enter the following commands in Enable mode:

Show IP routing table.

Monitor OSPF error conditions.

Show information on all interfaces configured for OSPF.

Display link state advertisement information.

Display the link state database.

ospf add nbma-neighbor <hostname-or-IPaddr>

to-interface

ip show table routing

ospf monitor errors destination

<name-or-IPaddr> [eligible]

<hostname-or-IPaddr>

ospf monitor interfaces destination

<hostname-or-IPaddr>

ospf monitor lsa destination

<hostname-or-IPaddr>

ospf monitor lsdb destination

<hostname-or-IPaddr>

Shows information about all OSPF routing neighbors.

Show information on valid next hops.

Display OSPF routing table.

Monitor OSPF statistics for a specified destination.

Shows information about all OSPF routing version

Shows OSPF Autonomous System External Link State Database.

Show all OSPF tables.

Internet Appliance User Reference Manual 89

ospf monitor neighborsdestination

<hostname-or-IPaddr>

ospf monitor next-hop-list

destination

ospf monitor routes destination

<hostname-or-IPaddr>

ospf monitor statistics destination

<hostname-or-IPaddr>

ospf monitor version

ospf sbow AS-External-LSDB

ospf show all

Page 90

Chapter 7: OSPF Configuration Guide

Show all OSPF areas.

Show OSPF errors.

Show information about OSPF export policies.

Shows routes redistributed into OSPF.

Show all OSPF global parameters.

Show information about OSPF import policies.

Show OSPF interfaces.

Shows information about all valid next hops mostly derived from the SPF calculation.

Show OSPF statistics.

Shows information about OSPF Border Routes.

Show OSPF timers.

Show OSPF virtual-links.

ospf show areas

ospf show errors

ospf show export-policies

ospf show exported-routes

ospf show globals

ospf show import-policies

ospf show interfaces

ospf show next-hop-list

ospf show statistics

ospf show summary-asb

ospf show timers

ospf show virtual-links

OSPF Configuration Examples

For all examples in this section, refer to the configuration shown in Figure 7 on page 95.

The following configuration commands for router R1:

• Determine the IP address for each interface

• Specify the static routes configured on the router

90 Internet Appliance User Reference Manual

Page 91

Chapter 7: OSPF Configuration Guide

• Determine its OSPF configuration

!++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Create the various IP interfaces. !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface create ip to-r2 address-netmask 120.190.1.1/16 port et.1.2 interface create ip to-r3 address-netmask 130.1.1.1/16 port et.1.3 interface create ip to-r41 address-netmask 140.1.1.1/24 port et.1.4 interface create ip to-r42 address-netmask 140.1.2.1/24 port et.1.5 interface create ip to-r6 address-netmask 140.1.3.1/24 port et.1.6 !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Configure default routes to the other subnets reachable through R2. !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ip add route 202.1.0.0/16 gateway 120.1.1.2 ip add route 160.1.5.0/24 gateway 120.1.1.2 !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! OSPF Box Level Configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ospf start ospf create area 140.1.0.0 ospf create area backbone ospf set ase-defaults cost 4 !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! OSPF Interface Configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ospf add interface 140.1.1.1 to-area 140.1.0.0 ospf add interface 140.1.2.1 to-area 140.1.0.0 ospf add interface 140.1.3.1 to-area 140.1.0.0 ospf add interface 130.1.1.1 to-area backbone

Exporting All Interface and Static Routes to OSPF

Router R1 has several static routes. We would export these static routes as type-2 OSPF routes. The interface routes would be redistributed as type-1 OSPF routes.

1. Create a OSPF export destination for type-1 routes since we would like to redistribute

certain routes into OSPF as type 1 OSPF-ASE routes.

ip-router policy create ospf-export-destination ospfExpDstType1

type 1 metric 1

2. Create a OSPF export destination for type-2 routes since we would like to redistribute

certain routes into OSPF as type 2 OSPF-ASE routes.

ip-router policy create ospf-export-destination ospfExpDstType2

type 2 metric 4

Internet Appliance User Reference Manual 91

Page 92

Chapter 7: OSPF Configuration Guide

3. Create a Static export source since we would like to export static routes.

ip-router policy create static-export-source statExpSrc

4. Create a Direct export source since we would like to export interface/direct routes.

ip-router policy create direct-export-source directExpSrc

5. Create the Export-Policy for redistributing all interface routes and static routes into OSPF.

ip-router policy export destination ospfExpDstType1 source

directExpSrc network all

ip-router policy export destination ospfExpDstType2 source

statExpSrc network all

Exporting All RIP, Interface, and Static Routes to OSPF

Note:

Also export interface, static, RIP, OSPF, and OSPF-ASE routes into RIP.

In the configuration shown in Figure 7 on page 95, RIP Version 2 is configured on the interfaces of routers R1 and R2 on network 120.190.0.0/16.

We would like to redistribute these RIP routes as OSPF type-2 routes and associate the tag 100 with them. Router R1 would also like to redistribute its static routes as type-2 OSPF routes. The interface routes would redistributed as type-1 OSPF routes.

Router R1 would like to redistribute its OSPF, OSPF-ASE, RIP, Static, and Interface/Direct routes into RIP.

1. Enable RIP on interface 120.190.1.1/16.

rip add interface 120.190.1.1 rip set interface 120.190.1.1 version 2 type multicast

2. Create a OSPF export destination for type-1 routes.

ip-router policy create ospf-export-destination ospfExpDstType1

type 1 metric 1

3. Create a OSPF export destination for type-2 routes.

ip-router policy create ospf-export-destination ospfExpDstType2

type 2 metric 4

92 Internet Appliance User Reference Manual

Page 93

Chapter 7: OSPF Configuration Guide

4. Create a OSPF export destination for type-2 routes with a tag of 100.

ip-router policy create ospf-export-destination ospfExpDstType2t100

type 2 tag 100 metric 4

5. Create a RIP export source.

ip-router policy export destination ripExpDst source ripExpSrc

network all

6. Create a Static export source.

ip-router policy create static-export-source statExpSrc

7. Create a Direct export source.

ip-router policy create direct-export-source directExpSrc

8. Create the Export-Policy for redistributing all interface, RIP, and static routes into

OSPF.

ip-router policy export destination ospfExpDstType1 source

directExpSrc network all

ip-router policy export destination ospfExpDstType2 source

statExpSrc network all

ip-router policy export destination ospfExpDstType2t100 source

ripExpSrc network all

9. Create a RIP export destination.

ip-router policy create rip-export-destination ripExpDst

10. Create OSPF export source.

ip-router policy create ospf-export-source ospfExpSrc type OSPF

11. Create OSPF-ASE export source.

ip-router policy create ospf-export-source ospfAseExpSrc type OSPF-

ASE

Internet Appliance User Reference Manual 93

Page 94

Chapter 7: OSPF Configuration Guide

12. Create the Export-Policy for redistributing all interface, RIP, static, OSPF and OSPF-ASE routes into RIP.

ip-router policy export destination ripExpDst source statExpSrc

network all

ip-router policy export destination ripExpDst source ripExpSrc

network all

ip-router policy export destination ripExpDst source directExpSrc

network all

ip-router policy export destination ripExpDst source ospfExpSrc

network all

ip-router policy export destination ripExpDst source ospfAseExpSrc

network all

94 Internet Appliance User Reference Manual

Page 95

Internet Appliance User Reference Manual 95

Chapter 7: OSPF Configuration Guide

Figure 7. Exporting to OSPF

BGP

R41

R42

R11

A r e a B a c k b o n e

A r e a 140.1.0.0

(RIP V2)

140.1.1.1/24

140.1.2.1/24

140.1.5/24

140.1.4/24

190.1.1.1/16

120.190.1.1/16

160.1.5.2/24

R10

R5 R7

202.1.2.2/1 6

140.1.3.1/24

130.1.1.1/16

A r e a 150.20.0.0

150.20.3.1/16

150.20.3.2/16

140.1.1.2/24

130.1.1.3/16

120.190.1.2/16

160.1.5.2/24

Page 96

Page 97

BGP Overview

The Border Gateway Protocol (BGP) is an exterior gateway protocol that allows IP routers to exchange network reachability information. BGP became an internet standard in 1989 (RFC 1105) and the current version, BGP-4, was published in 1994 (RFC 1771). BGP is typically run between Internet Service Providers. It is also frequently used by multihomed ISP customers, as well as in large commercial networks.

Autonomous systems that wish to connect their networks together must agree on a method of exchanging routing information. Interior gateway protocols such as RIP and OSPF may be inadequate for this task since they were not designed to handle multi-AS, policy, and security issues. Similarly, using static routes may not be the best choice for exchanging AS-AS routing information because there may be a large number of routes, or the routes may change often.

Chapter 8

BGP Configuration

Guide

Note:

In an environment where using static routes is not feasible, BGP is often the best choice for an AS-AS routing protocol. BGP prevents the introduction of routing loops created by multi-homed and meshed AS topologies. BGP also provides the ability to create and enforce policies at the AS level, such as selectively determining which AS routes are to be accepted or what routes are to be advertised to BGP peers.

Internet Appliance User Reference Manual 97

This chapter uses the term Autonomous System (AS) throughout. An AS is defined as a set of routers under a central technical administration that has a coherent interior routing plan and accurately portrays to other ASs what routing destinations are reachable by way of it.

Page 98

Chapter 8: BGP Configuration Guide

The Internet Appliance (IA) BGP Implementation

The Internet Appliance (IA) routing protocol implementation is based on GateD 4.0.3 code (http://www.gated.org services, a routing database, and protocol modules supporting multiple routing protocols (RIP versions 1 and 2, OSPF version 2, BGP version 2 through 4, and Integrated IS-IS).

Since the IA IP routing code is based upon GateD, BGP can also be configured using a GateD configuration file (gated.conf) instead of the IA Command Line Interface (CLI). Additionally, even if the IA is configured using the CLI, the gated.conf equivalent can be displayed by entering the ip-router show configuration-file command at the IA Enable prompt.

VLANs, interfaces, ACLs, and many other IA configurable entities and functionality can only be configured using the IA CLI. Therefore, a gated.conf file is dependent upon some IA CLI configuration.

). GateD is a modular software program consisting of core

Basic BGP Tasks

This section describes the basic tasks necessary to configure BGP on the IA. Due to the abstract nature of BGP, many BGP designs can be extremely complex. For any one BGP design challenge, there may only be one solution out of many that is relevant to common practice.

When designing a BGP configuration, it may be prudent to refer to information in RFCs, Internet drafts, and books about BGP. Some BGP designs may also require the aid of an experienced BGP network consultant.

Basic BGP configuration involves the following tasks:

• Setting the autonomous system number

• Setting the router ID

• Creating a BGP peer group

• Adding and removing a BGP peer host

• Starting BGP

• Using AS path regular expressions

• Using AS path prepend

98 Internet Appliance User Reference Manual

Page 99

Setting the Autonomous System Number

An autonomous system number identifies your autonomous system to other routers. To set the IA’s autonomous system number, enter the following command in Configure mode:

Chapter 8: BGP Configuration Guide

Set the IA’s autonomous system number.

The autonomous-system <num1> parameter sets the AS number for the router. Specify a number from 1 to 65534. The loops <num2> parameter controls the number of times the AS may appear in the as-path. The default is 1.

Setting the Router ID

The router ID uniquely identifies the IA. To set the router ID to be used by BGP, enter the following command in Configure mode:

Set the IA’s router ID. ip-router global set router-id <hostname-or-IPaddr>

If you do not explicitly specify the router ID, then an ID is chosen implicitly by the IA. A secondary address on the loopback interface (the primary address being 127.0.0.1) is the most preferred candidate for selection as the IA’s router ID. If there are no secondary addresses on the loopback interface, then the default router ID is set to the address of the first interface that is in the up state that the IA encounters (except the interface en0, which is the Control Module’s interface). The address of a non point-to-point interface is preferred over the local address of a point-to-point interface. If the router ID is implicitly chosen to be the address of a non-loopback interface, and if that interface were to go down, then the router ID is changed. When the router ID changes, an OSPF router has to flush all its LSAs from the routing domain.

ip-router global set autonomous-system <num1>

loops <num2>

If you explicitly specify a router ID, then it would not change, even if all interfaces were to go down.

Internet Appliance User Reference Manual 99

Page 100

Chapter 8: BGP Configuration Guide

Configuring a BGP Peer Group

A BGP peer group is a group of neighbor routers that have the same update policies. To configure a BGP peer group, enter the following command in Configure mode:

Configure a BGP peer group. bgp create peer-group <number-or-string>

where:

peer-group <number-or-string>

Is a group ID, which can be a number or a character string.

type Specifies the type of BGP group you are adding. You can specify one of the

following:

external In the classic external BGP group, full policy checking is applied to all

incoming and outgoing advertisements. The external neighbors must be directly reachable through one of the machine's local interfaces.

routing An internal group which uses the routes of an interior protocol to

resolve forwarding addresses. Type Routing groups will determine the immediate next hops for routes by using the next hop received with a route from a peer as a forwarding address, and using this to look up an immediate next hop in an IGP’s routes. Such groups support distant peers, but need to be informed of the IGP whose routes they are using to determine immediate next hops. This implementation comes closest to the IBGP implementation of other router vendors.

internal An internal group operating where there is no IP-level IGP, for example

an SMDS network. Type Internal groups expect all peers to be directly attached to a shared subnet so that, like external peers, the next hops received in BGP advertisements may be used directly for forwarding. All Internal group peers should be L2 adjacent.

igp An internal group operating where there is no IP-level IGP; for

example, an SMDS network.

autonomous-system <number>

Specifies the autonomous system of the peer group. Specify a number from 1 –

65534.

100 Internet Appliance User Reference Manual

Cabletron Systems IA1100, IA1200 User's Reference Manual

Specifications and Main Features

Frequently Asked Questions

User Manual