Enterasys Networks Security Router X-PeditionTM User Manual

X-Pedition

™

XSR User’s Guide

Version 7.6

Security Router

P/N 9033837-09

Electrical Hazard: Only qualified personnel should perform installation procedures.

Riesgo Electrico: Solamente personal calificado debe realizar procedimientos de instalacion.

Elektrischer Gefahrenhinweis: Installationen sollten nur durch ausgebildetes und qualifiziertes Personal

vorgenommen werden.

Notice

Enterasys Networksreservestherighttomakechangesinspecificationsandotherinformationcontainedinthisdocumentand
itswebsitewithoutpriornotice.ThereadershouldinallcasesconsultEnterasys Networkstodeterminewhetheranysuch
changeshavebeenmade.

Thehardware,firmware,orsoftwaredescribedinthisdocumentissubject

INNOEVENTSHALLENTERASYS NETWORKSBELIABLEFORANYINCIDENTAL,INDIRECT,SPECIAL,OR
CONSEQUENTIALDAMAGESWHATSOEVER(INCLUDINGBUTNOTLIMITEDTOLOSTPROFITS)ARISINGOUTOF
ORRELA TEDTOTHISDOCUMENT,WEBSITE,ORTHEINFORMATIONCONTAINEDINTHEM,EVENIF
ENTERASYS NETWORKSHASBEENADVISEDOF,KNEW
SUCHDAMAGES.

Enterasys Networks, Inc.
50MinutemanRoad
Andover,MA01810

©2005Enterasys Networks, Inc.Allrightsreserved.

PartNumber: 9033837‐09 September 2005

OF,ORSHOULDHAVEKNOWNOF,THEPOSSIBILITYOF

tochangewithoutnotice.

ENTERASYSNETWORKS,ENTERASYSXSR,andanylogosassociatedtherewith,aretrademarksorregisteredtrademarksof
EnterasysNetworks,Inc.intheUnitedStatesandothercountries.Allother
trademarksorregisteredtrademarksoftheirrespectiveowners.

DocumentationURL:http://www.enterasys.com/support/manuals

DocumentacionURL:http://www.enterasys.com/support/manuals

DokumentationURL:http://www.enterasys.com/support/manuals

productnamesmentionedinthismanualmaybe

i

Regulatory Compliance Information

Federal Communications Commission (FCC) Notice

TheXSRcomplieswithTitle47,Part15,ClassAofFCCrules.Operationissubjecttothefollowingtwoconditions:

•Thisdevicemaynotcauseharmfulinterference.

•Thisdevicemustacceptanyinterferencereceived,includinginterferencethatmaycauseundesiredoperation.

NOTE:TheXSRhasbeentestedandfoundtocomply
rules.TheselimitsaredesignedtoprovidereasonableprotectionagainstharmfulinterferencewhentheXSRisoperatedina
commercialenvironment.ThisXSRuses,generates,andcanradiateradiofrequencyenergyandifnotinstalled
withtheoperator’smanual,maycauseharmfulinterferencetoradiocommunications.OperationoftheXSRinaresidential
areaislikelytocauseinterferenceinwhichcaseyouwillberequiredtocorrecttheinterferenceatyourownexpense.

withthelimitsforaclassAdigitaldevice,pursuanttoPart15oftheFCC

inaccordance

WARN ING: ModificationsorchangesmadetotheXSR,andnot

approvedbyEnterasysNetworksmayvoidtheauthority

grantedbytheFCCorothersuchagencytooperatetheXSR.

TheXSRcomplieswithPart68oftheFCCrulesandtherequirementsadoptedbytheAdministrativeCouncilforTer minal
Attachments(ACTA).AlabelonthecircuitboardoftheNetwork

InterfaceModulecontains,amongotherinformation,a
productidentifierintheformatlistedinthefollowingtable.Ifrequested,thisnumbermustbeprovidedtothetelephone
company.

Product Product Identifier

NIM-T1/E1-xx, NIM-CT1E1/PRI-xx US: 5N5DENANET1

NIM-BRI-U-xx US: 5N5DENANEBU

NIM-ADSL-AC-xx US: 5N5DL02NEAA

NIM-DIRELAY-xx US: 5N5DENANEDI

NIM-TE1-xx, NIM-CTE1-PRI-xx US: 5N5DENANECT

AplugandjackusedtoconnecttheXSRtothepremiseswiringandtelephonenetworkmustcomplywiththeapplicableFCC

68rulesandrequirementsadoptedbyACTA.Refertothefollowingtableandinstallationinstructionsfordetails.

Part

Product Jack Used

NIM-T1/E1-xx, NIM-CT1E1/PRI-xx,
NIM-DIRELAY-xx, NIM-TE1-xx,
NIM-CTE1-PRI-xx

NIM-BRI-U-xx RJ49C

NIM-ADSL-AC-xx RJ11C

RJ48C

Codesapplicabletothisequipment:

Product Facilities Interface Code (FIC) Service Order Code (SOC)

NIM-T1/E1-xx, NIM-CT1E1/PRI-xx,
NIM-DIRELAY-xx, NIM-TE1-xx,
NIM-CTE1-PRI-xx

NIM-BRI-U-xx 02IS5 6.0N

NIM-ADSL-AC-xx 02LS2 7.0Y

04DU9.BN, 04DU9.DN,
04DU9.1KN, 04DU9.1SN

6.0N

IftheXSRharmsthetelephonenetwork,thetelephonecompanywillnotifyyouinadvancethatitmayneedtotemporarily
discontinueservice.Butifadvancenoticeisnotpractical,thetelephonecompanywillnotifyyouassoonaspossible.Also,you
willbeadvisedofyourrighttofileacomplaintwiththeFCCifyoubelieveitisnecessary.

Thetelephonecompanymaymakechangesinitsfacilities,equipment,operations,orproceduresthatcouldaffecttheoperation
of

theXSR.Ifthishappens,thetelephonecompanywillprovideadvancenoticeforyoutomakenecessarymodificationsand

maintainuninterruptedservice.

IfyouexperiencetroublewiththeXSR,forrepairorwarrantyinformation,pleasecontactEnterasysNetworks,Inc.,at978‐684‐

1000.IftheXSRiscausingharmtothe

telephonenetwork,thetelephonecompanymayrequestthatyoudisconnectthe

equipmentuntiltheproblemissolved.TheXSRisnotintendedtoberepairedbythecustomer.

ii

Industry Canada Notices

ThisdigitalapparatusdoesnotexceedtheclassAlimitsforradionoiseemissionsfromdigitalapparatussetoutintheRadio
InterferenceRegulationsoftheCanadianDepartmentofCommunications.

Leprésentappareilnumériquen’émetpasdebruitsradioélectriquesdépassantleslimitesapplicablesauxappareils
numériquesdelaclassAprescrites
CommunicationsduCanada.

“NOTICE:TheIndustryCanadalabelidentifiescertifiedequipment.Thiscertificationmeansthattheequipmentmeets
telecommunicationsnetworkprotective,operationalandsafetyrequirementsasprescribedintheappropriateTermi nal
EquipmentTechnicalRequirementsdocument(s).Thedepartmentdoesnot
satisfaction.

Beforeinstallingthisequipment,usersshouldensurethatitispermissibletobeconnectedtothefacilitiesofthelocal
telecommunicationscompany.Theequipmentmustalsobeinstalledusinganacceptablemethodofconnection.Thecustomer
shouldbeawarethatcompliance

Repairstocertifiedequipmentshouldbecoordinatedbyarepresentativedesignatedbythesupplier.Anyrepairsoralterations
madebytheusertothisequipment,orequipmentmalfunctions,maygivethetelecommunicationscompanycausetorequest
theuser

Usersshouldensurefortheirownprotectionthattheelectricalgroundconnectionsofthepowerutility,telephonelinesand
internalmetallicwaterpipesystem,ifpresent,areconnectedtogether.Thisprecautionmaybeparticularlyimportantinrural
areas.Caution:Usersshouldnotattempttomakesuchconnections
inspectionauthority,orelectrician,asappropriate.”

“NOTICE:TheRingerEquivalenceNumber(REN)assignedtoeachterminaldeviceprovidesanindicationofthemaximum
numberofterminalsallowedtobeconnectedtoatelephoneinterface.Theterminationonaninterfacemayconsistofany
combination
notexceed5.ʺ

todisconnecttheequipment.

ofdevicessubjectonlytotherequirementthatthesumoftheringerequivalenceNumbersofallthedevicesdoes

dansleRèglementsurlebrouillageradioélectriqueédictéparleministèredes

Equipment Attachments Limitations

guaranteetheequipmentwilloperatetotheuserʹs

withtheaboveconditionsmaynotpreventdegradationofserviceinsomesituations.

themselves,butshouldcontacttheappropriateelectric

R & TTE Directive Declaration

Hereby,EnterasysNetworks,Inc.declaresthatthisXSR‐1850X‐PeditionSecurityRouteriscompliantwithessential
requirementsandotherrelevantprovisionsofDirective1999/5/EC.

Class A ITE Notice

WARNING: ThisisaClassAproduct.Inadomesticenvironmentthisproductmaycauseradiointerferenceinwhichcasethe
usermayberequiredtotakeadequatemeasures.

Clase A. Aviso de ITE

ADVERTENCIA:EsteesunproductodeClaseA.Enunambientedomésticoesteproductopuedecausarinterferenciaderadio
encuyocasopuedeserrequeridotomarmedidasadecuadas.

Klasse A ITE Anmerkung

WARNHINWEIS:DiesesProduktzähltzurKlasseA(Industriebereich).InWohnbereichenkanneshierdurchzu
Funkstörungenkommen,dahersolltenangemesseneVorkehru ngenzumSchutzgetroffenwerden.

Product Safety

Thisproductcomplieswiththefollowing:UL60950,CSAC22.2No.60950,73/23/EEC,EN60950,EN60825,IEC60950.

UsetheXSRwiththeAdvancedPowerSolutions(APS61ES‐30)powersupplyincludedwiththebranchrouter.Enterasys
Networksstronglyrecommendsthatyouuseonlythepropertypeofpowersupplycord
detachabletype,ULlisted/CSAcertified,typeSJorSJT,rated250Vminimum,7ampwithgrounding‐typeattachmentplug.
Maximumlengthis15feet(4.5meters).Thecordsetshouldhavetheappropriatesafetyapprovalforthecountryinwhichthe
equipment

willbeinstalled.

setfortheXSR.Itshouldbea

Seguridad del Producto

ElproductodeEnterasyscumpleconlosiguiente:UL60950,CSAC22.2No.60950,73/23/EEC,EN 60950,EN60825,IEC60950.

Produktsicherheit

DiesesProduktentsprichtdenfolgendenRichtlinien:UL60950,CSAC22.2No.60950,73/23/EEC,EN60950,EN60825,
IEC 60950.

iii

Electromagnetic Compatibility (EMC)

Thisproductcomplieswiththefollowing:47 CFRParts2and15,CSA C108.8,89/336/EEC,EN 55022,EN55024,EN 61000‐3‐2,
EN 61000‐3‐3,AS/NZSCISPR22,andVCCIV‐3.

Compatibilidad Electromágnetica (EMC)

EsteproductodeEnterasyscumpleconlosiguiente:47CFRPartes2y15,CSAC108.8,89/336/EEC,EN 55022,EN 55024,
EN 61000‐3‐2,EN 61000‐3‐3,AS/NZSCISPR22,VCCI V‐3.

Elektro- magnetische Kompatibilität ( EMC )

DiesesProduktentsprichtdenfolgendenRichtlinien:47CFRParts2and15,CSAC108.8,89/336/EEC,EN55022,EN 55024,
EN 61000‐3‐2,EN61000‐3‐3,AS/NZSCISPR22,VCCIV‐3.

European Waste Electrical and Electronic Equipment (WEEE) Notice

InaccordancewithDirective2002/96/ECoftheEuropeanParliamentonwasteelectricalandelectronicequipment(WEEE):

1. Thesymbolaboveindicatesthatseparatecollectionofelectricalandelectronicequipmentisrequiredandthatthisproduct

wasplacedontheEuropeanmarketafterAugust13,2005,thedateofenforcementforDirective2002/96/EC.

2. When

3. IthasbeendeterminedbytheEuropeanParliamentthattherearepotentialnegativeeffectsontheenvironmentandhuman

4. Itistheusers’responsibilitytoutilizetheavailablecollectionsystemtoensureWEEEisproperlytreated.

thisproducthasreachedtheendofitsserviceablelife,itcannotbedisposedofasunsortedmunicipalwaste.Itmust

becollectedandtreatedseparately.

healthasaresultofthe

Forinformationabouttheavailablecollectionsystem,pleasegotohttp://www.enterasys.com/support/orcontactEnterasys

CustomerSupportat35361705586(Ireland).

presenceofhazardoussubstancesinelectricalandelectronicequipment.

VCCI Notice

ThisisaclassAproductbasedonthestandardoftheVoluntaryControlCouncilforInterferencebyInformationTechnol og y
Equipment(VCCI)V‐3.Ifthisequipmentisusedinadomesticenvironment,radiodisturbancemayarise.Whensuchtrouble
occurs,theusermayberequiredtotakecorrectiveactions.

BSMI EMC Statement — Taiwan

ThisisaclassAproduct.Inadomesticenvironmentthisproductmaycauseradiointerferenceinwhichcasetheusermaybe
requiredtotakeadequatemeasures.

iv

Declaration of Conformity

ApplicationofCouncilDirective(s): 89/336/EEC

73/23/EEC

Manufacturer’sName: Enterasys Networks, Inc.

Manufacturer’sAddress: 50MinutemanRoad

Andover,MA01810
USA

EuropeanRepresentativeAddress: Enterasys Networks,Ltd.

NexusHouse,NewburyBusinessPark
LondonRoad,Newbury
BerkshireRG142PZ,England

ConformancetoDirective(s)/ProductStandards: ECDirective89/336/EEC

EN55022
EN61000‐3‐2
EN61000‐3‐3
EN55024
ECDirective73/23/EEC
EN60950
EN60825

Equipment

Enterasys Networks, Inc.declaresthattheequipmentpackagedwiththisnoticeconformstotheabovedirectives.

Typ e/ En vi ro nm en t: NetworkingEquipment,foruseinaCommercial

orLightIndustrialEnvironment.

Australian Telecom

N826

WARNING:Donotinstallphonelineconnectionsduringanelectricalstorm.

WARNING:Donotconnectphonelineuntiltheinterfacehasbeenconfiguredthroughlocalmanagement.Theservice

providermayshutoffserviceifanun‐configuredinterfaceisconnectedtothephonelines.

WARNING:TheNIM‐BRI‐STcannotbeconnecteddirectlytooutsidelines.Anapprovedchannelserviceunit(CSU)mustbe
usedforconnectiontotheISDNnetwork.InsomeareasthisCSUissuppliedbythenetworkproviderandinothersitmustbe
suppliedbytheuser.Contactyourserviceproviderfordetails.

Federal Information Processing Standard (FIPS) Certification

TheXSRhasbeensubmittedtotheNationalInstituteofStandardsandTechnology(NIST)forFIPS140‐2certificationandis
nowofficiallylistedontheNISTpre‐validationlist.FormoreinformationabouttheFIPSvalidationprogram,gotohttp://

csrc.nist.gov/cryptval/preval.htm.FortheFIPS140‐1and140‐2Pre

page.

‐Valida tio nList,clickonthe[PDF]linkatthetopofthe

v

Independent Communications Authority of South Africa

Thisproductcomplieswiththetermsoftheprovisionsofsection54(1)oftheTelecommunicationsAct(Act103of1996)andthe
TelecommunicationsRegulationprescribedunderthePostOfficeAct(Act44of1958).

TE-2002/195

APPROVED

TE-2003/112

APPROVED

TE-2002/190

APPROVED

TE-2003/113

APPROVED

SS/366.01

APPROVED

VPN Consortium Interoperability

TheVPNConsortium’s(VPNC)testingprogramisanimportantsourceforcertificationofconformancetoIPSecstandards.
Withrigorousinteroperabilitytesting,theVPNClogoprogramprovidesIPSecusersevenmoreassurancethattheXSRwill
interoperateintypicalbusinessenvironments.VPNCistheonlymajorIPSectestingorganizationthatshowsboth
interoperabilityaswellasthestepstakensothatyoucanreproducethetests.

proofof

vi

Enterasys Networks, Inc.

Firmware License Agreement

BEFOREOPENINGORUTILIZINGTHEENCLOSEDPRODUCT,

CAREFULLYREADTHISLICENSEAGREEMENT.

Thisdocumentisanagreement(“Agreement”)betweentheenduser(“You”)andEnterasys Networks, Inc.onbehalfofitself
anditsAffiliates(ashereinafterdefined)(“Enterasys”)thatsetsforthYou rrightsandobligationswithrespecttotheEnterasys
softwareprogram/firmwareinstalledon
media)(“Program”)inthepackageandprevailsoveranyadditional,conflictingorinconsistenttermsandconditions
appearingonanypurchaseorderorotherdocumentsubmittedbyYou .“Affiliate”meansanyperson,partnership,corporation,
limitedliabilitycompany,orotherformofenterprise
iscontrolledby,orisundercommoncontrolwiththepartyspecified.ThisAgreementconstitutestheentireunderstanding
betweentheparties,andsupersedesallpriordiscussions,representations,understandingsoragreements,whetheroralorin
writing,betweenthepartieswithrespect
chipsorothermedia.

BYINSTALLINGOROTHERWISEUSINGTHEPROGRAM,YOUREPRESENTTHATYOUAREAUTHORIZEDTO
ACCEPTTHESETERMSONBEHALFOFTHEENDUSER(IFTHEENDUSERISANENTITYONWHOSEBEHALF
AREAUTHORIZEDTOACT,“YOU”AND“YOUR”SHALLBEDEEMEDTOREFERTOSUCHENTITY)ANDTHATYOU
AGREETHATYOUAREBOUNDBYTHETERMSOFTHISAGREEMENT,WHICHINCLUDES,AMONGOTHER
PROVISIONS,THELICENSE,THEDISCLAIMEROFWARRANTYANDTHELIMITATIONOFLIABILITY.IFYOUDO

AGREETOTHETERMSOFTHISAGREEMENTORARENOTAUTHORIZEDTOENTERINTOTHISAGREEMENT,

NOT
ENTERASYSISUNWILLINGTOLICENSETHEPROGRAMTOYOUANDYOUAGREETORETURNTHEUNOPENED
PRODUCTTOENTERASYSORYOURDEALER,IFANY ,WITHINTEN(10)DAYSFOLLOWINGTHEDATEOFRECEIPT

FULLREFUND.

FORA

IFYOUHAVEANYQUESTIONSABOUTTHISAGREEMENT,CONTACTENTERASYS NETWORKS,LEGAL
DEPARTMENTAT(978)684‐1000.

You andEnterasysagreeasfollows:

1. LICENSE. Youhavethenon‐exclusiveandnon‐transferablerighttouseonlytheone(1)copyoftheProgramprovidedin
thispackagesubjecttothe

2. RESTRICTIONS. ExceptasotherwiseauthorizedinwritingbyEnterasys,Youmaynot,normayYoupermitanythird

partyto:

(i) Reverseengineer,decompile,disassembleormodifytheProgram,inwholeorinpart,includingforreasonsoferror

correctionorinteroperability,excepttotheextentexpressly
shallnotbepermittedbythatapplicablelaw,suchrightsareexpresslyexcluded.Informationnecessarytoachieve
interoperabilityorcorrecterrorsisavailablefromEnterasysuponrequestanduponpaymentofEnterasys’applicable
fee.

(ii) IncorporatetheProgram,inwholeorin

wholeorinpart.

(iii) Publish,disclose,copy,reproduceortransmittheProgram,inwholeorinpart.

(iv) Assign,sell,license,sublicense,rent,lease,encumberbywayofsecurityinterest,pledgeorotherwisetransferthe

Program,inwhole

(v) Removeanycopyright,trademark,proprietaryrights,disclaimerorwarningnoticeincludedonorembeddedinany

partoftheProgram.

3. APPLICABLELAW. ThisAgreementshallbeinterpretedandgovernedunderthelawsandinthestateandfederalcourts

oftheCommonwealthofMassachusettswithoutregardtoitsconflicts
jurisdictionandvenueoftheCommonwealthofMassachusettscourts.Noneofthe1980UnitedNationsConventionon
ContractsfortheInternationalSaleofGoods,theUnitedNationsConventionontheLimitationPeriodintheInternational
SaleofGoods,andtheUniformComputerInformation

termsandconditionsofthisAgreement.

orinpart.

theEnterasysproduct(includinganyaccompanyingdocumentation,hardwareor

thatdirectlyorindirectlythroughoneormoreintermediaries,controls,or

tothesubjectmatterofthisAgreement.TheProgrammaybecontainedinfirmware,

YOU

permittedbyapplicablelawandtotheextenttheparties

part,inanyotherproductorcreatederivativeworksbasedontheProgram,in

oflawsprovisions.Youacceptthepersonal

TransactionsActshallapplytothisAgreement.

vii

4. EXPORTRESTRICTIONS. YouunderstandthatEnterasysanditsAffiliatesaresubjecttoregulationbyagenciesofthe

U.S.Government,includingtheU.S.DepartmentofCommerce,whichprohibitexportordiversionofcertaintechnical
productstocertaincountries,unlessalicensetoexporttheProgramisobtainedfromtheU.S.Governmentoranexception
fromobtainingsuchlicensemayberelieduponbytheexportingparty.

IftheProgramisexportedfromtheUnitedStatespursuanttotheLicenseExceptionCIVundertheU.S.Export

AdministrationRegulations,You agreethatYouareacivilenduseroftheProgramandagreethat
forcivilendusesonlyandnotformilitarypurposes.

IftheProgramisexportedfromtheUnitedStatespursuanttotheLicenseExceptionTSRundertheU.S.Export

AdministrationRegulations,inadditiontotherestrictionontransfersetforthinSections1or2of
agreenotto(i)reexportorreleasetheProgram,thesourcecodefortheProgramortechnologytoanationalofacountryin
CountryGroupsD:1orE:2(Albania,Armenia,Azerbaijan,Belarus,Bulgaria,Cambodia,Cuba,Estonia,Georgia,Iraq,
Kazakhstan,Kyrgyzstan,Laos,Latvia,Libya,Lithuania,Moldova,North
Russia,Rwanda,Tajikistan,Turkmenistan,Ukraine,Uzbekistan,Vietnam,orsuchothercountriesasmaybedesignatedby
theUnitedStatesGovernment),(ii)exporttoCountryGroupsD:1orE:2(asdefinedherein)thedirectproductofthe
Programorthetechnology,ifsuchforeignproduced
theU.S.CommerceControlList,or(iii)ifthedirectproductofthetechnologyisacompleteplantoranymajorcomponent
ofaplant,exporttoCountryGroupsD:1orE:2thedirectproductoftheplantor
produceddirectproductissubjecttonationalsecuritycontrolsasidentifiedontheU.S.CommerceControlListorissubject
toStateDepartmentcontrolsundertheU.S.MunitionsList.

5. UNITEDSTATESGOVERNMENTRESTRICTEDRIGHTS. TheenclosedProgram(i)wasdevelopedsolelyatprivate

expense;
(a)through(d)oftheCommercialComputerSoftware‐RestrictedRightsClauseanditssuccessors,and(iii)inallrespectsis
proprietarydatabelongingtoEnterasysand/oritssuppliers.ForDepartmentofDefenseunits,theProgramisconsidered
commercialcomputersoftwareinaccordancewithDFARSsection227.7202‐3anditssuccessors,anduse,duplication,or
disclosurebytheGovernmentissubjecttorestrictionssetforthherein.

6. DISCLAIMEROFWARRANTY. EXCEPTFORTHOSEWARRANTIESEXPRESSLYPROVIDEDTOYOUINWRITING

BYEnterasys,EnterasysDISCLAIMSALLWARRANTIES,EITHEREXPRESSORIMPLIED,INCLUDINGBUTNOT
LIMITEDTOIMPLIEDWARRANTIESOFMERCHANTABILITY,SATISFACTORYQUALITY,FITNESSFORA
PARTICULARPURPOSE,TITLEANDNON‐INFRINGEMENTWITHRESPECTTOTHEPROGRAM.IFIMPLIED
WARRANTIESMAYNOTBEDISCLAIMEDBYAPPLICABLELAW,THENANYIMPLIEDWARRANTIESARE
LIMITEDINDURATIONTOTHIRTY(30)DAYSAFTERDELIVERY

7. LIMITATIONOFLIABILITY. INNOEVENTSHALLENTERASYSORITSSUPPLIERSBELIABLEFORANY

DAMAGESWHATSOEVER(INCLUDING,WITHOUTLIMITATION,DAMAGESFORLOSSOFBUSINESS,PROFITS,
BUSINESSINTERRUPTION,LOSSOFBUSINESSINFORMATION,SPECIAL,INCIDENTAL,CONSEQUENTIAL,OR
RELIANCEDAMAGES,OROTHERLOSS)ARISINGOUTOFTHEUSEORINABILITYTOUSETHEPROGRAM,EVEN
IFENTERASYSHASBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.THISFOREGOINGLIMITATION
SHALLAPPLYREGARDLESSOFTHECAUSEOFACTIONUNDERWHICHDAMAGESARESOUGHT.

THECUMULATIVELIABILITYOFENTERASYSTOYOUFORALLCLAIMSRELATINGTOTHEPROGRAM,IN

CONTRACT,TORTOROTHERWISE,SHALLNOTEXCEEDTHETOTALAMOUNTOFFEESPAIDTOENTERASYSBY
YOUFORTHERIGHTSGRANTEDHEREIN.

8. AUDITRIGHTS. YouherebyacknowledgethattheintellectualpropertyrightsassociatedwiththeProgramareofcritical

valuetoEnterasysand,accordingly,Youherebyagreeto maintaincompletebooks,recordsand
feesdueandpaid,and(ii)theuse,copyinganddeploymentoftheProgram.YoualsogranttoEnterasysanditsauthorized
representatives,uponreasonablenotice,therightto auditandexamineduringYournormalbusinesshours,Yourbooks,
records,accountsandhardwaredevicesuponwhichthe
Agreement,includingtheverificationofthelicensefeesdueandpaidEnterasysandtheuse,copyinganddeploymentof
theProgram.Enterasys’rightofexamination shallbeexercisedreasonably,ingoodfaithandinamannercalculatedtonot
unreasonablyinterferewithYour
includingcopiesoftheProgrammade,usedordeployedinbreachofthisAgreement,YoushallpromptlypaytoEnterasys
theappropriatelicensefees.Enterasys reservestheright,tobeexercisedinitssolediscretionandwithoutpriornotice,
terminatethislicense,effectiveimmediately,forfailuretocomplywiththisAgreement.Uponanysuchtermination,You
shallimmediatelyceasealluseoftheProgramandshallreturntoEnterasystheProgramandallcopiesoftheProgram.

9. OWNERSHIP. Thisisalicenseagreementandnotanagreementforsale.

constitutestradesecretsand/orcopyrightedmaterialofEnterasysand/oritssuppliers.Youagreetoimplementreasonable
securitymeasurestoprotectsuchtradesecretsandcopyrightedmaterial.Allright,titleandinterestinandtotheProgram
shallremainwithEnterasysand/oritssuppliers.All

(ii)contains“restrictedcomputersoftware”submittedwithrestrictedrightsinaccordancewithsection52.227‐19

business.Intheeventsuchauditdiscoversnon‐compliancewiththisAgreement,

directproductissubjecttonationalsecuritycontrolsasidentifiedon

Programmaybedeployedtoverifycompliancewiththis

rightsnotspecificallygrantedtoYoushallbereservedtoEnterasys.

Korea,thePeople’sRepublicofChina,Romania,

amajorcomponentthereof,ifsuchforeign

OFTHEPROGRAMTOYOU.

YouacknowledgeandagreethattheProgram

YouwillusetheProgram

thisAgreement,You 

accountsshowing(i)license

to

viii

10. ENFORCEMENT. YouacknowledgeandagreethatanybreachofSections2,4,or9ofthisAgreementbyYoumaycause

Enterasysirreparabledamageforwhichrecoveryofmoneydamageswouldbeinadequate,andthatEnterasysmaybe
entitledtoseektimelyinjunctiverelieftoprotectEnterasys’rightsunderthis
availableatlaw.

11. ASSIGNMENT. Youmaynotassign,transferorsublicensethisAgreementoranyofYourrightsorobligationsunderthis

Agreement,exceptthatYoumayassignthisAgreementtoanypersonorentitywhichacquiressubstantiallyallofYour
stockor
tothebenefitoftheparties,theirlegalrepresentatives,permittedtransferees,successorsandassignsaspermittedbythis
Agreement.Anyattemptedassignment,transferorsublicenseinviolationofthetermsofthis
abreachofthisAgreement.

12. WAIVER. AwaiverbyEnterasysofabreachofanyofthetermsandconditionsofthisAgreementmustbeinwritingand

willnotbeconstruedasawaiverofanysubsequentbreachofsuchtermorcondition.Enterasys’failure
uponYourbreachofsuchtermshallnotbeconstruedasawaiverofYourbreachorpreventenforcementonanyother
occasion.

13. SEVERABILITY. IntheeventanyprovisionofthisAgreementisfoundtobeinvalid,illegalorunenforceable,thevalidity,

legalityandenforceabilityofanyoftheremainingprovisionsshallnotinanywaybeaffectedorimpairedthereby,andthat
provisionshallbereformed,construedandenforcedtothemaximumextentpermissible.Anysuchinvalidity,illegalityor
unenforceabilityinanyjurisdictionshallnotinvalidateorrenderillegalorunenforceablesuchprovisioninanyother
jurisdiction.

14. TERMINATION. EnterasysmayterminatethisAgreementimmediatelyuponYourbreachofanyofthetermsand

conditionsofthisAgreement.Uponanysuchtermination,YoushallimmediatelyceasealluseoftheProgramandshall
returntoEnterasystheProgramandallcopiesoftheProgram.

assets.EnterasysmayassignthisAgreementinitssolediscretion.ThisAgreementshallbebindinguponandinure

Agreementinadditiontoanyandallremedies

Agreementshallbevoidand

toenforceaterm

ix

x

Contents

Preface

Contents of the Guide ................................................................................................................................... xxvii

Conventions Used in This Guide ..................................................................................................................xxviii

Getting Help .................................................................................................................................................... xxx

Chapter 1: Overview

Chapter 2: Managing the XSR

Utilizing the Command Line Interface ............................................................................................................. 2-1

Connecting via the Console Port on XSR Series ..................................................................................... 2-1

Using the Console Port for Dial Backup on the XSR 1800 Series...................................................... 2-1

Using the Console Port to Remotely Control the XSR ....................................................................... 2-2

Connecting a Serial Interface to a Modem ......................................................................................... 2-2

Terminal Commands .......................................................................................................................... 2-3

Connecting via Telnet .............................................................................................................................. 2-3

Connecting via SSH ................................................................................................................................. 2-3

Accessing the Initial Prompt ..................................................................................................................... 2-4

Synchronizing the Clock ........................................................................................................................... 2-4

Managing the Session .............................................................................................................................. 2-5

Remote Auto Install .................................................................................................................................. 2-5

RAI Features and Requirements ........................................................................................................ 2-5

RAI Requirements on the XSR ........................................................................................................... 2-7

How RAI Components Work............................................................................................................... 2-7

CLI Editing Rules ................................................................................................................................... 2-11

Setting CLI Configuration Modes ........................................................................................................... 2-12

User EXEC Mode ............................................................................................................................. 2-14

Privileged EXEC Mode ..................................................................................................................... 2-14

Global Configuration Mode .................................................................................................................... 2-14

Exiting From the Current Mode .............................................................................................................. 2-14

Mode Examples ..................................................................................................................................... 2-15

Observing Command Syntax and Conventions ..................................................................................... 2-15

CLI Command Limits ........................................................................................................................ 2-16

Describing Ports and Interfaces ............................................................................................................. 2-16

Supported Physical Interfaces.......................................................................................................... 2-16

Supported Virtual Interfaces ............................................................................................................. 2-16

Supported Ports................................................................................................................................ 2-17

Numbering XSR Slots, Cards, and Ports ............................................................................................... 2-17

Setting Port Configuration Mode ...................................................................................................... 2-17

Setting Interface Type and Numbering .................................................................................................. 2-17

Configuration Examples ................................................................................................................... 2-18

Entering Commands that Control Tables ............................................................................................... 2-20

Adding Table Entries ........................................................................................................................ 2-20

Deleting Table Entries ...................................................................................................................... 2-21

Modifying Table Entries .................................................................................................................... 2-21

Displaying Table Entries................................................................................................................... 2-21

Managing XSR Interfaces ...................................................................................................................... 2-21

Enabling an Interface........................................................................................................................ 2-22

Disabling an Interface....................................................................................................................... 2-22

xi

Configuring an Interface ................................................................................................................... 2-22

Displaying Interface Attributes .......................................................................................................... 2-22

Managing Message Logs ....................................................................................................................... 2-23

Logging Commands ......................................................................................................................... 2-23

Performing Fault Management ............................................................................................................... 2-23

Fault Report Commands .................................................................................................................. 2-24

Capturing Fault Report Data............................................................................................................. 2-24

Using the Real-Time Clock .................................................................................................................... 2-25

RTC/Network Clock Options............................................................................................................. 2-25

RTC Commands............................................................................................................................... 2-25

Managing the System Configuration ...................................................................................................... 2-25

Resetting the Configuration to Factory Default ...................................................................................... 2-26

Using the Default Button (XSR 1800/1200 Series Only) .................................................................. 2-26

Configuration Save Options ................................................................................................................... 2-27

Using File System Commands ......................................................................................................... 2-27

Bulk Configuration Management ............................................................................................................ 2-27

Downloading the Configuration ........................................................................................................ 2-27

Uploading the Configuration/Crash Report....................................................................................... 2-28

Creating Alternate Configuration Files.............................................................................................. 2-28

Managing the Software Image ............................................................................................................... 2-29

Creating Alternate Software Image Files.......................................................................................... 2-29

BootRom Upgrade Choices .............................................................................................................. 2-29

Loading Software Images................................................................................................................. 2-34

Using EOS Fallback to Upgrade the Image...................................................................................... 2-34

Downloading with FIPS Security ...................................................................................................... 2-36

Software Image Commands ............................................................................................................. 2-36

Configuration Change Hashing ........................................................................................................ 2-36

Displaying System Status and Statistics ................................................................................................ 2-37

Memory Management ................................................................................................................................... 2-37

Creating Resources ............................................................................................................................... 2-37

Network Management through SNMP .......................................................................................................... 2-38

SNMP Informs ........................................................................................................................................ 2-39

Shaping Trap Traffic ............................................................................................................................... 2-39

Statistics ................................................................................................................................................. 2-39

Alarm Management (Traps) ................................................................................................................... 2-40

Network Monitoring via Service Level Agreement Agent ....................................................................... 2-40

Measuring Performance Metrics....................................................................................................... 2-40

Configuration Examples ................................................................................................................... 2-41

Using the SLA Agent in SNMP ......................................................................................................... 2-43

Full Configuration Backup/Restore ........................................................................................................ 2-43

Cabletron CTdownload MIB ............................................................................................................. 2-43

Enterasys Configuration Management MIB...................................................................................... 2-43

Software Image Download using NetSight ............................................................................................. 2-44

CLI Translator................................................................................................................................... 2-44

Appending CLI Commands to Configuration Files via SNMP ................................................................ 2-44

Accessing the XSR Through the Web .......................................................................................................... 2-45

Network Management Tools ......................................................................................................................... 2-45

NetSight Atlas Router Services Manager v2.0 ....................................................................................... 2-45

Firmware Upgrade Procedures .............................................................................................................. 2-45

Using the CLI for Downloads............................................................................................................ 2-46

Using SNMP for Downloads ............................................................................................................. 2-46

Fault Reporting ....................................................................................................................................... 2-46

Auto-discovery ....................................................................................................................................... 2-46

xii

Chapter 3: Managing LAN/WAN Interfaces

Overview of LAN Interfaces ............................................................................................................................ 3-1

LAN Features ................................................................................................................................................. 3-1

Configuring the LAN ....................................................................................................................................... 3-2

MIB Statistics .................................................................................................................................................. 3-2

Overview of WAN Interfaces .......................................................................................................................... 3-3

WAN Features ................................................................................................................................................ 3-3

Configuring the WAN ...................................................................................................................................... 3-4

Chapter 4: Configuring T1/E1 & T3/E3 Interfaces

Overview ......................................................................................................................................................... 4-1

T1/E1 Functionality .................................................................................................................................. 4-1

T3/E3 Functionality .................................................................................................................................. 4-1

Features ......................................................................................................................................................... 4-1

T1/E1 Mode .............................................................................................................................................. 4-1

T3 Mode ................................................................................................................................................... 4-2

E3 Mode ................................................................................................................................................... 4-2

T1/E1 Subsystem Configuration .............................................................................................................. 4-3

T3/E3 Subsystem Configuration .............................................................................................................. 4-3

T1 Drop & Insert One-to-One DS0 Bypassing ......................................................................................... 4-4

Drop and Insert Features.................................................................................................................... 4-4

Configuring Channelized T1/E1 Interfaces ..................................................................................................... 4-5

Configuring Un-channelized T3/E3 Interfaces ................................................................................................ 4-6

Troubleshooting T1/E1 & T3/E3 Links ............................................................................................................ 4-7

T1/E1 & T3/E3 Physical Layer Troubleshooting ...................................................................................... 4-7

T1/E1 & T3/E3 Alarm Analysis ................................................................................................................. 4-9

Receive Alarm Indication Signal (AIS - Blue Alarm) ........................................................................... 4-9

Receive Remote Alarm Indication (RAI - Yellow Alarm)................................................................... 4-10

Transmit Remote Alarm Indication (RAI - Yellow Alarm).................................................................. 4-10

Transmit Sending Remote Alarm (Red Alarm) ................................................................................. 4-10

Transmit Alarm Indication Signal (AIS - Blue Alarm) ........................................................................ 4-10

T1/E1 & T3/E3 Error Events Analysis .................................................................................................... 4-11

Slip Seconds Counter Increasing ..................................................................................................... 4-12

Framing Loss Seconds Increasing ................................................................................................... 4-13

Line Code Violations Increasing ....................................................................................................... 4-13

Configuring the D&I NIM ........................................................................................................................ 4-13

Chapter 5: Configuring IP

Overview ......................................................................................................................................................... 5-1

General IP Features ....................................................................................................................................... 5-1

ARP and Proxy ARP ................................................................................................................................ 5-4

Proxy DNS ............................................................................................................................................... 5-4

BOOTP/DHCP Relay ............................................................................................................................... 5-4

Broadcast ................................................................................................................................................. 5-5

Directed Broadcast ............................................................................................................................. 5-5

Local Broadcast.................................................................................................................................. 5-5

ICMP ........................................................................................................................................................ 5-5

TCP .......................................................................................................................................................... 5-6

UDP .......................................................................................................................................................... 5-6

Telnet ....................................................................................................................................................... 5-6

SSH .......................................................................................................................................................... 5-6

Trivial File Transfer Protocol (TFTP) ........................................................................................................ 5-7

IP Interface ............................................................................................................................................... 5-7

xiii

Secondary IP ............................................................................................................................................ 5-7

Interface & Secondary IP.................................................................................................................... 5-7

ARP & Secondary IP .......................................................................................................................... 5-8

ICMP & Secondary IP......................................................................................................................... 5-8

Routing Table Manager & Secondary IP ............................................................................................5-9

OSPF & Secondary IP........................................................................................................................ 5-9

RIP & Secondary IP............................................................................................................................ 5-9

Unnumbered Interface & Secondary IP .............................................................................................. 5-9

NAT & Secondary IP .......................................................................................................................... 5-9

DHCP & Secondary IP ....................................................................................................................... 5-9

VPN & Secondary IP .......................................................................................................................... 5-9

VRRP & Secondary IP...................................................................................................................... 5-10

PPPoE & Secondary IP .................................................................................................................... 5-10

Maximum Transmission Unit (MTU) ....................................................................................................... 5-10

Ping ........................................................................................................................................................ 5-10

Traceroute .............................................................................................................................................. 5-10

IP Routing Protocols ..................................................................................................................................... 5-10

RIPv1 and v2 .......................................................................................................................................... 5-11

Triggered-on-Demand RIP ..................................................................................................................... 5-12

How Triggered-on-Demand RIP Works ............................................................................................ 5-12

OSPF ..................................................................................................................................................... 5-14

LSA Type 3 and 5 Summarization.................................................................................................... 5-15

OSPF Database Overflow ................................................................................................................ 5-15

OSPF Passive Interfaces ................................................................................................................. 5-16

OSPF Troubleshooting ........................................................................................................................... 5-17

Null Interface .......................................................................................................................................... 5-17

Route Preference ................................................................................................................................... 5-17

Static Routes .......................................................................................................................................... 5-18

VLAN Routing ........................................................................................................................................ 5-18

Forwarding VLAN, PPPoE over VLAN ............................................................................................. 5-19

VLAN Processing Over the XSR’s Ethernet Interfaces .................................................................... 5-20

VLAN Processing: VLAN-enabled Ethernet to Standard LAN Interfaces ......................................... 5-20

VLAN Processing: VLAN-enabled Ethernet to WAN Interfaces ....................................................... 5-21

VLAN Processing: WAN Interface to a VLAN-enabled Ethernet Interface ....................................... 5-21

QoS with VLAN................................................................................................................................. 5-22

Policy Based Routing ............................................................................................................................. 5-22

Accessing the Global Routing Policy Table ...................................................................................... 5-22

Match Clauses.................................................................................................................................. 5-23

Set Clauses ...................................................................................................................................... 5-23

PBR Cache....................................................................................................................................... 5-23

Default Network ...................................................................................................................................... 5-24

Classless Inter-Domain Routing (CIDR) ................................................................................................ 5-24

Router ID ................................................................................................................................................ 5-24

Real Time Protocol (RTP) Header Compression ................................................................................... 5-25

Network Address Translation ................................................................................................................. 5-26

Features ........................................................................................................................................... 5-26

Virtual Router Redundancy Protocol ...................................................................................................... 5-27

VRRP Definitions.............................................................................................................................. 5-28

How the VRRP Works ...................................................................................................................... 5-29

Different States of a VRRP Router ................................................................................................... 5-29

VRRP Features ...................................................................................................................................... 5-30

Multiple Virtual IP Addresses per VR ............................................................................................... 5-30

Multiple VRs Per Router ................................................................................................................... 5-30

Authentication................................................................................................................................... 5-30

xiv

Load Balancing................................................................................................................................. 5-31

ARP Process on a VRRP Router ..................................................................................................... 5-31

Host ARP.......................................................................................................................................... 5-31

Proxy ARP ........................................................................................................................................ 5-31

Gratuitous ARP................................................................................................................................. 5-31

Traffic Process on a VRRP Router ................................................................................................... 5-31

ICMP Ping ........................................................................................................................................ 5-32

Interface Monitoring.......................................................................................................................... 5-32

Watch Group Monitoring................................................................................................................... 5-33

Physical Interface and Physical IP Address Change on a VRRP Router ......................................... 5-33

Equal-Cost Multi-Path (ECMP) .............................................................................................................. 5-34

Configuration Considerations ........................................................................................................... 5-34

Configuring RIP Examples ........................................................................................................................... 5-35

Configuring Unnumbered IP Serial Interface Example ................................................................................. 5-37

Configuring OSPF Example ......................................................................................................................... 5-37

Configuring NAT Examples .......................................................................................................................... 5-38

Basic One-to-One Static NAT ................................................................................................................ 5-38

Configuring Static Translation .......................................................................................................... 5-38

Dynamic Pool Configuration ................................................................................................................... 5-39

Configuring Dynamic Pool Translation ............................................................................................. 5-39

Network Address and Port Translation .................................................................................................. 5-40

Configuring NAPT............................................................................................................................. 5-40

Configuring NAPT............................................................................................................................. 5-41

Multiple NAT Pools within an Interface .................................................................................................. 5-41

Static NAT within an Interface ................................................................................................................ 5-42

NAT Port Forwarding ............................................................................................................................. 5-44

Configuring Policy Based Routing Example ................................................................................................. 5-44

Configuring VRRP Example ......................................................................................................................... 5-45

Router XSRa .................................................................................................................................... 5-45

Router XSRb .................................................................................................................................... 5-45

Configuring VLAN Examples ........................................................................................................................ 5-46

Chapter 6: Configuring the Border Gateway Protocol

Features ......................................................................................................................................................... 6-1

Overview ......................................................................................................................................................... 6-1

Describing BGP Messages ...................................................................................................................... 6-2

Open................................................................................................................................................... 6-2

Update ................................................................................................................................................ 6-3

Keepalive............................................................................................................................................ 6-3

Notification.......................................................................................................................................... 6-3

Defining BGP Path Attributes ................................................................................................................... 6-3

AS Path .............................................................................................................................................. 6-4

Origin .................................................................................................................................................. 6-4

Next Hop............................................................................................................................................. 6-5

Local Preference ................................................................................................................................ 6-5

Weight ................................................................................................................................................ 6-7

Atomic Aggregate ............................................................................................................................... 6-7

Aggregator.......................................................................................................................................... 6-8

Multi-Exit Discriminator ....................................................................................................................... 6-8

Community ......................................................................................................................................... 6-9

BGP Path Selection Process ................................................................................................................. 6-11

BGP Routing Policy ................................................................................................................................ 6-11

Access Control Lists ......................................................................................................................... 6-12

xv

Filter Lists ......................................................................................................................................... 6-12

Community Lists ............................................................................................................................... 6-12

Route Maps ...................................................................................................................................... 6-12

Regular Expressions ........................................................................................................................ 6-13

Regular Expression Characters........................................................................................................ 6-13

Regular Expression Examples ......................................................................................................... 6-13

Peer Groups ..................................................................................................................................... 6-14

Initial BGP Configuration ........................................................................................................................ 6-15

Adding BGP Neighbors .......................................................................................................................... 6-15

Resetting BGP Connections .................................................................................................................. 6-15

Synchronization ...................................................................................................................................... 6-16

Address Aggregation .............................................................................................................................. 6-16

Route Flap Dampening .......................................................................................................................... 6-16

Recommendations for Route Flap Dampening ................................................................................ 6-17

Capability Advertisement ....................................................................................................................... 6-17

Route Refresh ........................................................................................................................................ 6-17

Scaling BGP ........................................................................................................................................... 6-18

Route Reflectors............................................................................................................................... 6-19

Confederations ................................................................................................................................. 6-20

Displaying System and Network Statistics ............................................................................................. 6-21

Configuring BGP Route Maps ...................................................................................................................... 6-22

Configuring BGP Neighbors ................................................................................................................... 6-23

BGP Path Filtering by Neighbor Example .............................................................................................. 6-23

BGP Aggregate Route Examples ........................................................................................................... 6-24

Configuring BGP Confederations ........................................................................................................... 6-24

TCP MD5 Authentication for BGP Example ........................................................................................... 6-25

Configuring BGP Peer Groups ..................................................................................................................... 6-25

IBGP Peer Group Example .................................................................................................................... 6-25

EBGP Peer Group Example ................................................................................................................... 6-26

BGP Community with Route Maps Examples ........................................................................................ 6-26

Chapter 7: Configuring PIM-SM and IGMP

Features ......................................................................................................................................................... 7-1

Differences with Industry-Standard Approach .......................................................................................... 7-1

IP Multicast Overview ..................................................................................................................................... 7-2

Defining Multicast Group Addressing ....................................................................................................... 7-2

Outlining IGMP Versions .......................................................................................................................... 7-3

Comparing Multicast Distribution Trees ................................................................................................... 7-3

Forwarding Multicast Traffic ..................................................................................................................... 7-4

Describing the XSR’s IP Multicast Features ................................................................................................... 7-4

Group Membership Actions ...................................................................................................................... 7-5

Sending and Receiving Queries and Reports .......................................................................................... 7-5

Sending a Query................................................................................................................................. 7-5

Receiving a Query .............................................................................................................................. 7-6

Receiving a Report ............................................................................................................................. 7-6

Source-Specific Forwarding Rules ..................................................................................................... 7-6

Interoperating with Older IGMP Versions ................................................................................................. 7-6

Query Version Distinctions ................................................................................................................. 7-6

Behavior of Group Members Among Older Version Queriers ............................................................ 7-6

Behavior of Group Members Among Older Version Group Members ................................................ 7-7

Behavior of Multicast Routers Among Older Version Queriers .......................................................... 7-7

Behavior of Multicast Routers Among Older Version Group Members .............................................. 7-7

xvi

Describing the XSR’s PIM-SM v2 Features .................................................................................................... 7-7

Phase 1: Building a Shared Tree ............................................................................................................. 7-8

Phase 2: Building Shortest Path Tree Between Sender & RP ................................................................. 7-8

Phase 3: Building Shortest Path Tree Between Sender & Receiver ........................................................ 7-9

Neighbor Discovery and DR Election ..................................................................................................... 7-10

PIM Register Message ........................................................................................................................... 7-11

PIM Join/Prune Message ....................................................................................................................... 7-11

Bootstrap & Rendezvous Point .............................................................................................................. 7-11

Assert Processing .................................................................................................................................. 7-11

Source-Specific Multicast ....................................................................................................................... 7-12

PIM SM over Frame Relay ..................................................................................................................... 7-12

PIM Configuration Examples ........................................................................................................................ 7-13

Chapter 8: Configuring PPP

Overview ......................................................................................................................................................... 8-1

PPP Features ................................................................................................................................................. 8-1

Link Control Protocol (LCP) ..................................................................................................................... 8-2

Network Control Protocol (NCP) .............................................................................................................. 8-2

Authentication .......................................................................................................................................... 8-3

Password Authentication Protocol (PAP) ........................................................................................... 8-3

Challenge Handshake Authentication Protocol (CHAP)..................................................................... 8-3

Microsoft Challenge Handshake Protocol (MS-CHAP) ...................................................................... 8-3

Link Quality Monitoring (LQM) ................................................................................................................. 8-4

Multilink PPP (MLPPP) ............................................................................................................................ 8-4

Multi-Class MLPPP .................................................................................................................................. 8-5

MLPPP Packet Fragmentation and Serialization Transmission Latency............................................ 8-6

Fragment Interleaving Over the Link .................................................................................................. 8-7

Multilink Head Format Negotiation ..................................................................................................... 8-7

Events and Alarms ............................................................................................................................. 8-8

IP Control Protocol (IPCP) ....................................................................................................................... 8-8

IP Address Assignment ...................................................................................................................... 8-9

PPP Bandwidth Allocation/Control Protocols (BAP/BAPC) ...................................................................... 8-9

Configuring PPP with a Dialed Backup Line ................................................................................................. 8-10

Configuring a Synchronous Serial Interface ................................................................................................. 8-10

Configuring a Dialed Backup Line ................................................................................................................ 8-11

Configuring the Dialer Interface ............................................................................................................. 8-11

Configuring the Physical Interface for the Dialer Interface ..................................................................... 8-11

Configuring the Interface as the Backup Dialer Interface .......................................................................8-12

Configuring MLPPP on a Multilink/Dialer interface ....................................................................................... 8-13

Multilink Example ................................................................................................................................... 8-13

Dialer Example ....................................................................................................................................... 8-13

Configuring BAP ........................................................................................................................................... 8-14

Dual XSRs: One Router Using DoD with Call Request .......................................................................... 8-1

XSR1 Configuration.......................................................................................................................... 8-14

XSR2 Configuration.......................................................................................................................... 8-15

Dual XSRs: BAP Using Call/Callback Request ...................................................................................... 8-16

XSR1 Configuration.......................................................................................................................... 8-16

XSR2 Configuration.......................................................................................................................... 8-16

4

xvii

Chapter 9: Configuring Frame Relay

Overview ......................................................................................................................................................... 9-1

Virtual Circuits .................................................................................................................................... 9-1

DLCIs.................................................................................................................................................. 9-1

DTEs................................................................................................................................................... 9-2

DCEs .................................................................................................................................................. 9-2

Frame Relay Features .................................................................................................................................... 9-3

Multi-Protocol Encapsulation .................................................................................................................... 9-3

Address Resolution .................................................................................................................................. 9-4

Dynamic Resolution Using Inverse ARP .................................................................................................. 9-4

Controlling Congestion in Frame Relay Networks .......................................................................................... 9-4

Rate Enforcement (CIR) - Generic Traffic Shaping .................................................................................. 9-4

Discard Eligibility (DE) Bit ........................................................................................................................ 9-5

Forward Explicit Congestion Notification (FECN) .................................................................................... 9-5

Backward Explicit Congestion Notification (BECN) .................................................................................. 9-5

Link Management Information (LMI) ............................................................................................................... 9-7

Sub-interfaces ................................................................................................................................................ 9-7

FRF.12 Fragmentation ................................................................................................................................... 9-8

End-to-End Fragmentation ....................................................................................................................... 9-8

User Configuration Commands ................................................................................................................ 9-8

Map-Class Configuration .................................................................................................................... 9-9

Show Running Configuration.............................................................................................................. 9-9

Displaying Statistics............................................................................................................................ 9-9

Reports and Alarms ................................................................................................................................. 9-9

Clear Statistics ......................................................................................................................................... 9-9

Interconnecting via Frame Relay Network .................................................................................................... 9-10

Configuring Frame Relay .............................................................................................................................. 9-11

Multi-point to Point-to-Point Example ..................................................................................................... 9-11

Chapter 10: Configuring Dialer Services

Overview of Dial Services ............................................................................................................................. 10-1

Dial Services Features ........................................................................................................................... 10-1

Asynchronous and Synchronous Support .................................................................................................... 10-2

AT Commands on Asynchronous Ports ................................................................................................. 10-2

V.25bis over Synchronous Interfaces .................................................................................................... 10-2

DTR Dialing for Synchronous Interfaces ................................................................................................ 10-3

Time of Day feature ................................................................................................................................ 10-3

Typical Use for Dial Services ................................................................................................................. 10-3

Ethernet Backup ..................................................................................................................................... 10-3

Implementing Dial Services .......................................................................................................................... 10-4

Dialer Profiles ......................................................................................................................................... 10-4

Dialer Interface ....................................................................................................................................... 10-5

Dialer Strings .......................................................................................................................................... 10-5

Dialer Pool .............................................................................................................................................. 10-5

Addressing Dialer Resources ................................................................................................................. 10-5

Configuring Encapsulation ..................................................................................................................... 10-6

ISDN Callback ........................................................................................................................................ 10-6

Configuring the Dialer Interface ........................................................................................................... 10-10

Creating and Configuring the Dialer Interface ................................................................................ 10-10

Configuring the Map Class ............................................................................................................. 10-11

Configuring the Physical Interface for the Dialer Interface ............................................................. 10-11

Sample Dialer Configuration ................................................................................................................ 10-11

xviii

Configuring ISDN Callback .................................................................................................................. 10-12

Point-to-Point with Matched Calling/Called Numbers ..................................................................... 10-12

Point-to-Point with Different Calling/Called Numbers ..................................................................... 10-12

Point-to-Multipoint with One Neighbor............................................................................................ 10-12

Point-to-Multipoint with Multiple Neighbors .................................................................................... 10-12

Overview of Dial Backup ............................................................................................................................ 10-13

Dial Backup Features ........................................................................................................................... 10-13

Sequence of Backup Events ...................................................................................................................... 10-13

Link Failure Backup Example ..................................................................................................................... 10-14

Configuring a Dialed Backup Line .............................................................................................................. 10-14

Configuring the Dialer Interface ........................................................................................................... 10-14

Configuring the Physical Interface for the Dialer Interface ................................................................... 10-15

Configuring Interface as the Backup Dialer Interface ...........................................................................10-15

Sample Configuration ........................................................................................................................... 10-16

Overview of Dial on Demand/Bandwidth on Demand ................................................................................ 10-17

Dialer Interface Spoofing ............................................................................................................................ 10-18

Dialer Watch ............................................................................................................................................... 10-18

Dialer Watch Behavior ......................................................................................................................... 10-19

Caveat .................................................................................................................................................. 10-20

Answering Incoming ISDN Calls ................................................................................................................. 10-20

Incoming Call Mapping Example .......................................................................................................... 10-21

Node A (Calling Node) Configuration .............................................................................................10-21

Node B (Called Node) Configuration ..............................................................................................10-22

Node D (Calling Node) Configuration .............................................................................................10-22

Configuring DoD/BoD ................................................................................................................................. 10-23

PPP Point-to-Multipoint Configuration .................................................................................................. 10-24

Node A (Calling Node) Configuration .............................................................................................10-24

Node B (Called Node) Configuration ..............................................................................................10-25

PPP Multipoint-to-Multipoint Configuration .......................................................................................... 10-25

Node A Configuration ..................................................................................................................... 10-25

Node B Configuration ..................................................................................................................... 10-26

PPP Point-to-Point Configurations ....................................................................................................... 10-26

Dial-in Routing for Dial on Demand Example ................................................................................. 10-27

Dial-out Routing for Dial on Demand Example ............................................................................... 10-27

PPP Point-to-Multipoint Configurations ........................................................................................

........ 10-28

Dial-out Router Example ................................................................................................................ 10-29

Dial-in Router Example................................................................................................................... 10-29

MLPPP Point-to-Multipoint Configuration ............................................................................................. 10-30

Node A (Calling Node) Configuration .............................................................................................10-30

Node B (Called Node) Configuration ..............................................................................................10-31

MLPPP Point-to-Point Configurations .................................................................................................. 10-31

Dial-in Router Example................................................................................................................... 10-31

Dial-out Router Example ................................................................................................................ 10-32

MLPPP Point-to-Multipoint Configurations ........................................................................................... 10-32

Dial-out Router Example ................................................................................................................ 10-33

Dial-in Router Example................................................................................................................... 10-34

MLPPP Multipoint-to-Multipoint Configuration ..................................................................................... 10-34

Node A Configuration ..................................................................................................................... 10-34

Node B Configuration ..................................................................................................................... 10-35

Switched PPP Multilink Configuration ........................................................................................................ 10-35

Bandwidth-on-Demand ........................................................................................................................ 10-35

Node A (Calling Node) Configuration .............................................................................................10-36

Node C (Called Node) Configuration ..............................................................................................10-36

Backup Configuration ................................................................................................................................. 10-37

xix

Backup Using ISDN ............................................................................................................................. 10-37

Node A (Backed-up Node) Configuration ....................................................................................... 10-37

Node C (Called Node) Configuration ..............................................................................................10-38

Configuration for Backup with MLPPP Bundle .....................................................................................10-39

Node A (Backed-up Node) Configuration ....................................................................................... 10-39

Node C (Called Node) Configuration ..............................................................................................10-40

Configuration for Ethernet Failover ...................................................................................................... 10-40

Configuration for Frame Relay Encapsulation ..................................................................................... 10-41

Chapter 11: Configuring Integrated Services Digital Network

ISDN Features .............................................................................................................................................. 11-1

BRI Features .......................................................................................................................................... 11-2

PRI Features .......................................................................................................................................... 11-2

Understanding ISDN ..................................................................................................................................... 11-2

Basic Rate Interface ............................................................................................................................... 11-3

Primary Rate Interface ........................................................................................................................... 11-3

B-Channels ............................................................................................................................................ 11-3

D-Channel .............................................................................................................................................. 11-3

D-Channel Standards ............................................................................................................................. 11-4

D-Channel Signaling and Carrier Networks ........................................................................................... 11-4

ISDN Equipment Configurations ............................................................................................................ 11-4

Bandwidth Optimization ......................................................................................................................... 11-5

Security .................................................................................................................................................. 11-5

Call Monitoring ....................................................................................................................................... 11-6

ISDN Trace ............................................................................................................................................ 11-6

Trace Decoding ................................................................................................................................ 11-6

Q921 Decoding................................................................................................................................. 11-6

Q931 Decoding................................................................................................................................. 11-7

Decoded IEs ..................................................................................................................................... 11-9

BRI NI-1, DMS100 & 5ESS SPID Registration................................................................................. 11-9

Terminal Endpoint Identifier (TEI) Management Procedures ........................................................... 11-9

ISDN Configuration ....................................................................................................................................... 11-9

BRI (Switched) Configuration Model .................................................................................................... 11-10

PRI Configuration Model ...................................................................................................................... 11-12

Leased-Line Configuration Model ........................................................................................................ 11-14

More Configuration Examples .................................................................................................................... 11-15

T1 PRI .................................................................................................................................................. 11-15

E1 PRI .................................................................................................................................................. 11-15

ISDN BRI .............................................................................................................................................. 11-15

BRI Leased Line ................................................................................................................................... 11-16

BRI Leased PPP .................................................................................................................................. 11-16

BRI Leased Frame Relay ..................................................................................................................... 11-16

ISDN (ITU Standard Q.931) Call Status Cause Codes ..............................................................................11-16

Chapter 12: Configuring Quality of Service

Overview ....................................................................................................................................................... 12-1

Mechanisms Providing QoS ......................................................................................................................... 12-2

Traffic Classification ............................................................................................................................... 12-2

Describing the Class Map................................................................................................................. 12-3

Describing the Policy Map ................................................................................................................ 12-3

Queuing and Services ............................................................................................................................ 12-4

Describing Class-Based Weight Fair Queuing ................................................................................. 12-4

Configuring CBWFQ......................................................................................................................... 12-5

xx

Measuring Bandwidth Utilization ...................................................................................................... 12-5

Describing Priority Queues............................................................................................................... 12-5

Configuring Priority Queues ............................................................................................................. 12-5

Describing Traffic Policing ...................................................................................................................... 12-6

Configuring Traffic Policing............................................................................................................... 12-6

Class-based Traffic Shaping .................................................................................................................. 12-7

Traffic Shaping per Policy-Map .............................................................................................................. 12-8

Differences Between Traffic Policing and Traffic Shaping ..................................................................... 12-9

Traffic Shaping and Queue Limit ............................................................................................................ 12-9

Congestion Control & Avoidance ......................................................................................................... 12-10

Describing Queue Size Control (Drop Tail) .................................................................................... 12-10

Describing Random Early Detection...............................................................................................12-10

Describing Weighted Random Early Detection .............................................................................. 12-11

Configuration per Interface ................................................................................................................... 12-12

Suggestions for Using QoS on the XSR .............................................................................................. 12-13

QoS and Link Fragmentation and Interleaving (LFI) .................................................................................. 12-13

Configuring QoS with MLPPP Multi-Class ........................................................................................... 12-13

Configuring QoS with FRF.12 .............................................................................................................. 12-14

QoS with VLAN ........................................................................................................................................... 12-14

Traffic Classification ............................................................................................................................. 12-14

Describing VLAN QoS Packet Flow ..................................................................................................... 12-15

VLAN Packet with Priority Routed out a Fast/GigabitEthernet Interface ........................................ 12-15

VLAN Packet with Priority Routed out a Serial Interface ................................................................ 12-15

Non-VLAN IP Packet Routed Out a Fast/GigabitEthernet Interface............................................... 12-16

QoS with VLAN Configuration Process ................................................................................................ 12-16

QoS on Input .............................................................................................................................................. 12-17

QoS on VPN ............................................................................................................................................... 12-17

QoS over VPN Features ...................................................................................................................... 12-18

Configuring QoS on a Physical Interface ............................................................................................. 12-18

Configuring QoS on a Virtual Tunnel Interface .................................................................................... 12-18

QoS on a Virtual Interface Example ............................................................................................... 12-19

QoS and VPN Interaction ..................................................................................................................... 12-22

Configuring the Shaper on the VPN Interface ................................................................................ 12-23

QoS Policy Configuration Examples ........................................................................................................... 12-24

Simple QoS on Physical Interface Policy ............................................................................................. 12-24

QoS for Frame Relay Policy ................................................................................................................. 12-25

QoS with MLPPP Multi-Class Policy .................................................................................................... 12-26

QoS with FRF.12 Policy ....................................................................................................................... 12-27

QoS with VLAN Policy .......................................................................................................................... 12-28

Input and Output QoS Policy ................................................................................................................ 12-28

Input QoS on Ingress to the Diffserv Domain Policy ............................................................................ 12-29

Chapter 13: Configuring ADSL

Overview ....................................................................................................................................................... 13-1

Features ....................................................................................................................................................... 13-1

PDU Encapsulation Choices .................................................................................................................. 13-2

PPP over ATM.................................................................................................................................. 13-2

PPP over Ethernet over ATM (Routed) ............................................................................................ 13-3

Routed IP over ATM ......................................................................................................................... 13-4

ADSL Limitations .................................................................................................................................... 13-5

xxi

ADSL Hardware ..................................................................................................................................... 13-5

NIM Card .......................................................................................................................................... 13-5

ADSL on the Motherboard................................................................................................................ 13-6

DSP Firmware .................................................................................................................................. 13-6

ADSL Data Framing ............................................................................................................................... 13-6

ATM Support .......................................................................................................................................... 13-6

Virtual Circuits .................................................................................................................................. 13-6

OAM Cells ........................................................................................................................................ 13-7

Performance Monitoring ................................................................................................................... 13-7

Class of Service................................................................................................................................ 13-7

DSLAM Compatibility ............................................................................................................................. 13-7

Access Concentrator Restrictions .......................................................................................................... 13-7

Inverse ARP ........................................................................................................................................... 13-8

QoS ........................................................................................................................................................ 13-8

SNMP ..................................................................................................................................................... 13-8

Configuration Examples ............................................................................................................................... 13-8

PPPoE .............................................................................................................................................. 13-8

PPPoA .............................................................................................................................................. 13-9

IPoA................................................................................................................................................ 13-10

Chapter 14: Configuring the Virtual Private Network

VPN Overview .............................................................................................................................................. 14-1

Internet Security Issues .......................................................................................................................... 14-1

How a Virtual Private Network Works .................................................................................................... 14-2

Ensuring VPN Security with IPSec/IKE/GRE ............................................................................................... 14-2

GRE over IPSec ..................................................................................................................................... 14-4

Defining VPN Encryption ........................................................................................................................ 14-5

Describing Public-Key Infrastructure (PKI) ................................................................................................... 14-5

Digital Signatures ................................................................................................................................... 14-5

Certificates ............................................................................................................................................. 14-6

Machine Certificates for the XSR ........................................................................................................... 14-6

CA Hierarchies ....................................................................................................................................... 14-7

Certificate Chains ................................................................................................................................... 14-7

RA Mode ................................................................................................................................................ 14-8

Pending Mode ........................................................................................................................................ 14-9

Enroll Password ..................................................................................................................................... 14-9

CRL Retrieval ......................................................................................................................................... 14-9

Renewing and Revoking Certificates ..................................................................................................... 14-9

DF Bit Functionality ...................................................................................................................................... 14-9

VPN Applications ........................................................................................................................................ 14-10

Site-to-Site Networks ........................................................................................................................... 14-11

Site-to-Central-Site Networks ............................................................................................................... 14-11

NAT Traversal ................................................................................................................................ 14-11

Client Mode .................................................................................................................................... 14-12

Network Extension Mode (NEM) ....................................................................................................14-13

Remote Access Networks .................................................................................................................... 14-13

Using OSPF Over a VPN Network ....................................................................................................... 14-14

OSPF Commands .......................................................................................................................... 14-14

Configuring OSPF Over Site-to-Central Site in Client Mode .......................................................... 14-14

Configuring OSPF over Site-to-Central Site in Network Extension Mode ...................................... 14-16

Server ............................................................................................................................................. 14-17

Client .............................................................................................................................................. 14-17

Configuring OSPF with Fail Over (Redundancy) ............................................................................ 14-17

xxii

Server 1 .......................................................................................................................................... 14-17

Server 2 .......................................................................................................................................... 14-18

Client .............................................................................................................................................. 14-18

Limitations ...................................................................................................................................... 14-18

XSR VPN Features ..................................................................................................................................... 14-18

VPN Configuration Overview ...................................................................................................................... 14-20

Master Encryption Key Generation ...................................................................................................... 14-20

ACL Configuration Rules ...................................................................................................................... 14-21

Configuring ACLs ........................................................................................................................... 14-21

Selecting Policies: IKE/IPSec Transform-Sets ..................................................................................... 14-22

Security Policy Considerations ....................................................................................................... 14-23

Configuring Policy........................................................................................................................... 14-23

Creating Crypto Maps .......................................................................................................................... 14-24

Configuring Crypto Maps................................................................................................................ 14-24

Authentication, Authorization and Accounting Configuration ............................................................... 14-25

AAA Commands ............................................................................................................................. 14-26

Configuring AAA ............................................................................................................................. 14-26

PKI Configuration Options .................................................................................................................... 14-27

Configuring PKI .............................................................................................................................. 14-28

PKI Certificate Enrollment Example ..................................................................................................... 14-28

Interface VPN Options ......................................................................................................................... 14-31

VPN Interface Sub-Commands ......................................................................................................14-32

Configuring a Simple VPN Site-to-Site Application .................................................................................... 14-32

Configuring the VPN Using EZ-IPSec ........................................................................................................ 14-34

EZ-IPSec Configuration ....................................................................................................................... 14-35

Configuration Examples ............................................................................................................................. 14-36

XSR with VPN - Central Gateway ........................................................................................................ 14-36

GRE Tunnel for OSPF ......................................................................................................................... 14-40

Tunnel A: XSR-3250 VPN GRE Site-to-Site Tunnel....................................................................... 14-40

Tunnel B: XSR-1805 VPN GRE Site-to-Site Tunnel....................................................................... 14-42

XSR/Cisco Site-to-Site Example .......................................................................................................... 14-44

Cisco Configuration ........................................................................................................................ 14-44

XSR Configuration.......................................................................................................................... 14-45

Interoperability Profile for the XSR ............................................................................................................. 14-46

Scenario 1: Gateway-to-Gateway with Pre-Shared Secrets ................................................................ 14-46

Scenario 2: Gateway-to-Gateway with Certificates .............................................................................. 14-49

Chapter 15: Configuring DHCP

Overview of DHCP ....................................................................................................................................... 15-1

Features ....................................................................................................................................................... 15-1

DHCP Server Standards ........................................................................................................................ 15-2

How DHCP Works ........................................................................................................................................ 15-2

DHCP Services ............................................................................................................................................. 15-3

Persistent Storage of Network Parameters for Clients ...........................................................................15-3

Temporary or Permanent Network Address Allocation .......................................................................... 15-3

Lease................................................................................................................................................ 15-3

Assigned Network Configuration Values to Clients: Options ................................................................. 15-3

Provisioning Differentiated Network Values by Client Class .................................................................. 15-4

BOOTP Legacy Support ........................................................................................................................ 15-4

Nested Scopes: IP Pool Subsets ........................................................................................................... 15-4

Scope Caveat ......................................................................................................................................... 15-5

Manual Bindings ..................................................................................................................................... 15-5

xxiii

DHCP Client Services .................................................................................................................................. 15-6

Router Option ......................................................................................................................................... 15-6

Parameter Request List Option .............................................................................................................. 15-6

DHCP Client Interaction ......................................................................................................................... 15-6

Secondary Address Caveats ............................................................................................................ 15-6

Interaction with Remote Auto Install (RAI)........................................................................................ 15-7

DHCP Client Timeouts ........................................................................................................................... 15-7

DHCP CLI Commands ................................................................................................................................. 15-8

DHCP Set Up Overview ............................................................................................................................... 15-9

Configuring DHCP Address Pools ......................................................................................................... 15-9

Configuring DHCP - Network Configuration Parameters ....................................................................... 15-9

Configuration Steps ...................................................................................................................................... 15-9

Create an IP Local Client Pool ............................................................................................................... 15-9

Create a Corresponding DHCP Pool ................................................................................................... 15-10

Configure DHCP Network Parameters ................................................................................................. 15-10

Enable the DHCP Server ..................................................................................................................... 15-10

Optional: Set Up a DHCP Nested Scope ............................................................................................. 15-10

Optional: Configure a DHCP Manual Binding ......................................................................................15-10

DHCP Server Configuration Examples ....................................................................................................... 15-11

Pool with Hybrid Servers Example ....................................................................................................... 15-11

Manual Binding Example ..................................................................................................................... 15-11

Manual Binding with Class Example .................................................................................................... 15-11

BOOTP Client Support Example .......................................................................................................... 15-12

DHCP Option Examples ....................................................................................................................... 15-12

Chapter 16: Configuring Security on the XSR

Features ....................................................................................................................................................... 16-1

Access Control Lists ............................................................................................................................... 16-1

ACL Violations Alarm Example......................................................................................................... 16-2

Packet Filtering ...................................................................................................................................... 16-2

LANd Attack ........................................................................................................................................... 16-2

Smurf Attack ........................................................................................................................................... 16-3

Fraggle Attack ........................................................................................................................................ 16-3

IP Packet with Multicast/Broadcast Source Address ............................................................................. 16-3

Spoofed Address Check ........................................................................................................................ 16-3

SYN Flood Attack Mitigation .................................................................................................................. 16-3

Fragmented and Large ICMP Packets ................................................................................................... 16-3

Fragmented ICMP Traffic ................................................................................................................. 16-3

Large ICMP Packets......................................................................................................................... 16-4

Ping of Death Attack......................................................................................................................... 16-4

Spurious State Transition ....................................................................................................................... 16-4

General Security Precautions ....................................................................................................................... 16-4

AAA Services ................................................................................................................................................ 16-5

Connecting Remotely via SSH or Telnet with AAA Service ................................................................... 16-6

Firewall Feature Set Overview ..................................................................................................................... 16-9

Reasons for Installing a Firewall ............................................................................................................ 16-9

Types of Firewalls ................................................................................................................................ 16-10

ACL and Packet Filter Firewalls ..................................................................................................... 16-10

ALG and Proxy Firewalls ................................................................................................................ 16-11

Stateful Inspection Firewalls ........................................................................................................... 16-12

XSR Firewall Feature Set Functionality ...................................................................................................... 16-12

Stateful Firewall Inspection (SFI).................................................................................................... 16-12

Filtering non-TCP/UDP Packets ..................................................................................................... 16-12

xxiv

Application Level Commands ......................................................................................................... 16-13

Application Level Gateway ............................................................................................................. 16-13

On Board URL Filtering .................................................................................................................. 16-14

Denial of Service (DoS) Attack Protection ...................................................................................... 16-15

Alarm Logging ................................................................................................................................ 16-16

Alarms ............................................................................................................................................ 16-16

Authentication................................................................................................................................. 16-17

Firewall and NAT ............................................................................................................................ 16-18

Firewall and VPN............................................................................................................................ 16-18

ACLs and Firewall .......................................................................................................................... 16-18

Dynamic Reconfiguration ............................................................................................................... 16-18

Firewall CLI Commands ............................................................................................................................. 16-19

Firewall Limitations ..................................................................................................................................... 16-22

Pre-configuring the Firewall ........................................................................................................................ 16-23

Steps to Configure the Firewall .................................................................................................................. 16-23

Configuration Examples ............................................................................................................................. 16-24

XSR with Firewall ................................................................................................................................. 16-24

XSR with Firewall, PPPoE and DHCP ................................................................................................. 16-26

XSR with Firewall and VPN .................................................................................................................. 16-27

Firewall Configuration for VRRP .......................................................................................................... 16-33

Firewall Configuration for RADIUS Authentication and Accounting ..................................................... 16-33

Configuring Simple Security ................................................................................................................. 16-34

RPC Policy Configuration ..................................................................................................................... 16-35

Appendix A: Alarms/Events, System Limits, and Standard ASCII Table

Recommended System Limits ........................................................................................................................ A-1

System Alarms and Events ............................................................................................................................ A-3

Firewall and NAT Alarms and Reports .........................................................................................................A-14

Standard ASCII Character Table ..................................................................................................................A-19

Appendix B: XSR SNMP Proprietary and Associated Standard MIBs

Service Level Reporting MIB Tables ..............................................................................................................B-1

etsysSrvcLvlMetricTable.....................................................................................................................B-1

etsysSrvcLvlOwnerTable ....................................................................................................................B-2

etsysSrvcLvlHistoryTable ...................................................................................................................B-2

etsysSrvcLvlNetMeasureTable ...........................................................................................................B-3

etsysSrvcLvlAggrMeasureTable .........................................................................................................B-4

BGP v4 MIB Tables ........................................................................................................................................B-5

General Variables Table..................................................................................................................... B-5

BGP v4 Peer Table.............................................................................................................................B-5

BGP-4 Received Path Attribute Table ................................................................................................B-7

BGP-4 Traps.......................................................................................................................................B-8

Firewall MIB Tables ........................................................................................................................................B-9

Global Interface Operations .....................................................................................................................B-9

Monitoring Objects .................................................................................................................................B-10

Policy Rule Table Totals Counters ...................................................................................................B-10

Policy Rule True Table .....................................................................................................................B-10

Session Totals Counters .................................................................................................................. B-10

Session Totals Table ........................................................................................................................B-10

IP Session Counters.........................................................................................................................B-11

IP Session Table .............................................................................................................................. B-11

Authenticated Address Counters......................................................................................................B-11

Authenticated Addresses Table........................................................................................................B-11

xxv

DOS Attacks Blocked Counters........................................................................................................B-12

DOS Attacks Blocked Table .............................................................................................................B-12

VPN MIB Tables ...........................................................................................................................................B-12

etsysVpnIkePeer Table ....................................................................................................................B-13

etsysVpnIkePeerProposals Table ....................................................................................................B-13

etsysVpnIkeProposal Table ..............................................................................................................B-14

etsysVpnIpsecPolicy Table...............................................................................................................B-14

etsysVpnIntfPolicy Table ..................................................................................................................B-14

etsysVpnIpsecPolicyRule Table .......................................................................................................B-15

etsysVpnIpsecPolProposals Table ...................................................................................................B-15

etsysVpnIpsecProposal Table ..........................................................................................................B-16

etsysVpnIpsecPropTransforms Table .............................................................................................. B-16

etsysVpnAhTransform Table ............................................................................................................B-16

etsysVpnEspTransform Table ..........................................................................................................B-17

etsysVpnIpcompTransform Table.....................................................................................................B-17

ipCidrRouteTable for Static Routes ..............................................................................................................B-18

Host Resources MIB Objects .......................................................................................................................B-18

Enterasys Configuration Management MIB ..................................................................................................B-19

Enterasys Configuration Change MIB ..........................................................................................................B-20

Enterasys SNMP Persistence MIB ...............................................................................................................B-21

Enterasys Syslog Client MIB ........................................................................................................................B-22

xxvi

This guide provides a general overview of the XSR hardware and software features. It describes
how to configure and maintain the router. Refer to the XSR CLI Reference Guide and the XSR
Getting Started Guide for information not contained in this document.

This guide is written for administrators who want to configure the XSR or experienced users who
are knowledgeable of basic networking principles.

Contents of the Guide

Information in this guide is arranged as follows:

• Chapter 1, Overview, introduces key features of the XSR.

• Chapter 2, Managing the XSR, describes the three methods of managing the router along with

the control commands and tools available to accomplish that task including Remote Auto
Install (RAI) and memory management.

• Chapter 3, Managing LAN/WAN Interfaces, describes system FastEthernet/GigabitEthernet and

High Speed Serial features, how to configure them, and MIB-II statistics collected for LAN
interfaces.

• Chapter 4, Configuring T1/E1 & T3/E3 Interfaces, outlines XSR controller features, including the

Drop and Insert NIM, and how to configure and troubleshoot them.

Preface

• Chapter 5, Configuring IP, outlines a host of XSR IP protocol suite features, including Secondary

IP, VRRP, Proxy DNS, VLAN and Policy Based routing, Route Preference, multiple static
routes, CIDR, and their associated configuration.

• Chapter 6, Configuring the Border Gateway Protocol, describes XSR-supported BGP-4 features

including MIB tables defined in RFC-1657, BGP SNMP traps, protection of sessions,
capabilities advertisement, route reflection, communities, route refresh, route flap
dampening, AS confederations, and debug capability.

• Chapter 7, Configuring PIM-SM and IGMP, describes Protocol Independent Multicast - Sparse

Mode (PIM-SM) and Internet Group Management Protocol (IGMP) configuration with these
features and how to configure them: IGMP versions 1, 2 and 3 (on LAN interface only), PIM­SM version 2, Static IGMP group membership, Dynamic and Static RP, Register and Assert
Mechanism, Rendezvous Point Tree (RPT) Build-up, Shortest Path Tree (SPT) Build-up, RPT
to SPT Switch, Join/Prune Mechanism, and Source Specific Multicast (SSM) Support.

• Chapter 8, Configuring PPP, details XSR support for the PPP and Multi-link PPP protocols,

Multi-Class MLPPP, peer entity authentication, Bandwidth on Command (BAP), and how to
configure these features.

• Chapter 9, Configuring Frame Relay, details how to set up Frame Relay networks on the XSR,

including using rate enforcement (CIR) and congestion control (FECN and BECN), Discard
Eligibility, Frame Relay Inverse ARP, LMI support, and FRF.12 fragmentation.

• Chapter 10, Configuring Dial Services and Back Up, details background information about Dial

Services and Dial Backup across a PSTN, Ethernet failover, Dial on Demand (DoD) and
Bandwidth on Demand (BoD), Multi-link PPP, dialer interface spoofing, Dialer Watch, ISDN
callback, and the commands to configure these features.

XSR User’s Guide xxvii

Conventions Used in This Guide

• Chapter 11, Configuring ISDN, outlines how to set up the Integrated Services Digital Network

protocol on the XSR for BRI, PRI and leased line applications. ISDN protocol tracing and
partial decoding of Q921 and Q931 frames is also described.

• Chapter 12, Configuring Quality of Service, describes XSR support for QoS, including Random

Early Detection (RED), Weighted Random Early Detection (WRED), tail-drop, DSCP, IP
precedence, traffic policing and shaping, priority and CBWFQ queuing, and class-based traffic
shaping.

• Chapter 13, Configuring ADSL, details ADSL line operation over POTS and ISDN circuits,

ADSL data framing format ATM Frame UNI, OAM cell behavior, PDU encapsulation choices:
PPP over ATM (PPPoA), PPP over Ethernet (PPPoE), and Routed IP over ATM (IPoA).

• Chapter 14, Configuring the Virtual Private Network, outlines XSR support for Site-to-Site, Site-

to-Central-Site, and Remote Access VPN applications. Other supported functionality includes
RADIUS authentication, PKI authentication, NAT traversal, IP address management,
dynamic routing over VPN (remote access only), digital signature and certificate support,
GRE over IPSec, and AAA.

• Chapter 15, Configuring DHCP, details the router’s support for the Dynamic Host

Configuration Protocol including dynamic and manual IP address allocation, persistent
storage of client values, temporary or permanent network address allocation, and nested
scopes.

• Chapter 16, Configuring Security on the XSR, describes methods to protect the router against

hacker attacks and install strong security including ACLs, AAA service, firewall, and how to
configure these features.

• Appendix A, Alarms/Events and System Limits, lists the high, medium and low severity alarms

and events captured by the XSR as well as system limits for various XSR functions as a
function of installed memory.

• Appendix B, SNMP Proprietary and Associated Standard MIBs, lists and describes XSR-supported

SNMP tables and objects for the following standard (partial listing) and proprietary MIBS.

Conventions Used in This Guide

The following conventions are used in this guide

Note: Calls the reader’s attention to any item of information that may be of special importance.

Nota: Llama la atencion del lector a cierta información que puede ser de especial importancia.

Caution: Contains information essential to avoid damage to the equipment.

Precaución: Contiene información esencial para prevenir dañar el equipo.

Achtung: Verweißt auf wichtige Informationen zum Schutz gegen Beschädigungen.

Electrical Hazard: Warns against an action that could result in personal injury or death due to an

electrical hazard.

Riesgo Electrico: Advierte contra una acción que pudiera resultar en lesión corporal o la muerte
debido a un riesgo eléctrico.

Elektrischer Gefahrenhinweis: Installationen sollten nur durch ausgebildetes und qualifiziertes.
Personal vorgenommen werden.

xxviii Preface