How it Works
Foundry Networks
Loading...
AR1204
User Manual
293 pgs2.02 Mb0
Table of contents
Loading...

Foundry Networks AR3202-CL, AR3202, AR1216, AR3201-CL, AR1208 User Manual

...
Foundry AR-Series Router User Guide
For AR1202, AR1204, AR1208, AR1216, AR3201-CH/CL, and AR3202-CH/CL Routers
June 2004 © 2004 Foundry Networks, Inc.
2100 Gold Street P.O. Box 649100
San Jose, CA 95164-9100
Fax 408.586.1900
June 2004
Copyright © 2004 Foundry Networks, Inc. All rights reserved. No part of this work may be reproduced in any form or by any means – graphic, electronic or mechanical, including
photocopying, recording, taping or storage in an information retrieval system – without prior written permission of the copyright owner.
The trademarks, logos and servi ce marks (“M arks”) displ ayed he rein are the pro perty of Fou ndry or othe r third p arties. You are not permitted to use these Marks without the prior written consent of Foundry or such appropriate third party.
Foundry Networks, BigIron, FastIron, IronView, JetCore, NetIron, ServerIron, TurboIron, IronWare, EdgeIron, IronPoint, AccessIron, the Iron family of marks and the Foundry Logo are trademarks or registered trademarks of
Foundry Networks, Inc. in the United States and other countries. F-Secure is a trademark of F-Se cure Corporat ion. All other trademar ks mentio ned in this doc ument are the property of
their respective owners.

Contents

CHAPTER 1 G
ETTING STARTED...................................................................................... 1-1
INTRODUCTION ...........................................................................................................................................1-1
A
UDIENCE ..................................................................................................................................................1-1
OMENCLATURE ............................... ................................................................ ..........................................1-1
N R
ELATED PUBLICATIONS .............................................................................................................................1-2
L
IST OF FEATURES .....................................................................................................................................1-2
OW TO GET HELP ........................................................... ....... ...... ...... ....... ....................................... .........1-5
H
W
EB ACCESS ...................... ....... ...... ....... ...... ....... ...... ....... ...... ...... ....... ...... ..........................................1-5
E
MAIL ACCESS .............................................. .......................... ................................ .............................1-5
ELEPHONE ACCESS ............................................................... ............................................................. 1-5
T
W
ARRANTY COVERAGE ........................................ ............. ............. ...... ............. ............. ............. ............. ...1-5
CHAPTER 2 C
OMMAND LINE INTERFACE ........................................................................ 2-1
COMMAND TYPES .......................................................................................................................................2-1
ONTEXT-SENSITIVE COMMANDS .......................... ...... ....... ...... ...... ....... ...... ....... ...... ....... ......................2-1
C
C
OMMAND CONVENTIONS ...........................................................................................................................2-2
A
BBREVIATED COMMANDS .......... ................................................... .................................................... ...2-3
AVIGATION ............................................................... .......................... ................................ ................2-4
CLI N
N
AVIGATION KEYS ................................................ ......................... .......................... .......................... ...2-4
C
OMMAND HELP ............................................ ................................................... ..........................................2-4
ELP ...................................................................................................................................................2-4
H T
REE ..................................................................................................................................................2-5
Q
UESTION MARK HELP SCREEN ...........................................................................................................2-5
LOBAL COMMANDS ............................................................................................................................2-6
G
CHAPTER 3 P
OLICY COMMANDS.................................................................................... 3-1
June 2004 © 2004 Foundry Networks, Inc. iii
Foundry AR-Series Router User Guide
CONFIGURE POLICY ........................... ............................................. ............................................. ................3-1
CONFIGURE POLICY AS_PATH ......................................................................................................................3-2
CONFIGURE POLICY COMMUNITY_LIST ................................ ....................................................................... ...3-3
CONFIGURE POLICY COMMUNITY_LIST EXTENDED_COMMUNITY ............................ ....... ...... ....... ...... ....... ...... ...3-4
CONFIGURE POLICY COMMUNITY_LIST STANDARD_COMMUNITY .....................................................................3-5
CONFIGURE POLICY IP_ACCESS_LIST ...........................................................................................................3-6
CONFIGURE POLICY ROUTE_MAP .................................................................................................................3-8
CONFIGURE POLICY ROUTE_MAP MATCH ....................................................................................................3-10
CONFIGURE POLICY ROUTE_MAP MATCH AS_PATH ........................................ ....................................... .......3-11
CONFIGURE POLICY ROUTE_MAP MATCH COMMUNITY .................................................................................3-12
CONFIGURE POLICY ROUTE_MAP MATCH IP IP_ADDRESS ........................ ..................................................... 3-13
CONFIGURE POLICY ROUTE_MAP SET .................................................... ..................................................... 3-14
CONFIGURE POLICY ROUTE_MAP SET AS_PATH ..........................................................................................3-15
CONFIGURE POLICY ROUTE_MAP SET COMMUNITY ......................................................................................3-16
CONFIGURE POLICY ROUTE_MAP SET DISTANCE .........................................................................................3-17
CONFIGURE POLICY ROUTE_MAP SET LOCAL_PREFERENCE ........................... ....................................... .......3-18
CONFIGURE POLICY ROUTE_MAP SET METRIC .................................. ............................................. ..............3-19
CONFIGURE POLICY ROUTE_MAP SET METRIC_TYPE ...................................................................................3-20
CONFIGURE POLICY ROUTE_MAP SET ORIGIN ................................................................... .................... ....... 3-2 1
CHAPTER 4 P
ROTOCOLS OVERVIEW .............................................................................. 4-1
BGP4 ................................................................. .......................................................................................4-1
RFC C
OMPLIANCE ...............................................................................................................................4-2
OSPF .......................... .............................................. ............................................. ...................................4-2
RFC C
OMPLIANCE ...............................................................................................................................4-3
RIP .............................. ............. ............. ............. ............. ............. ............. ............. ...................................4-3
RFC C
ULTICASTING ......................................................................... ...... ...... ....... ...... ....... ...... ....... ...... ................4-4
M
P
S
ECURING REMOTE ACCESS USING IPSEC VPN .........................................................................................4-4
OMPLIANCE ...............................................................................................................................4-3
ROTOCOL INDEPENDENT MULTICAST (PIM) .........................................................................................4-4
CHAPTER 5 BGP4 C
CLEAR IP BGP .............................................................................................................................................5-1
CLEAR IP BGP ALL .......................................................................................................................................5-2
CLEAR IP BGP GROUP ........................................... .................... ................... ................... .................... .........5-3
CLEAR IP BGP NEIGHBOR ............................................. ................................................... ............................. 5-4
LEAR COMMANDS ..........................................................................5-1
CHAPTER 6 G
ENERIC ROUTING COMMANDS...................................................................6-1
CONFIGURE ROUTER ...................................................................................................................................6-1
CONFIGURE ROUTER ROUTERID ...................................................................................................................6-2
SHOW IP ROUTES .............................................................. ..........................................................................6-3
iv © 2004 Foundry Networks, Inc. June 2004
Contents
CHAPTER 7 BGP4 C
CONFIGURE ROUTER BGP ............................................................................................................................7-1
CONFIGURE ROUTER BGP AGGREGATE_ADDRESS ............................................................ .............................7-2
CONFIGURE ROUTER BGP ALWAYS_COMPARE_MED ......................................................................................7-4
CONFIGURE ROUTER BGP DEFAULT_METRIC .............................................................. ...................................7-5
CONFIGURE ROUTER BGP DISTANCE ...................... ....... ...... ....... ...... ...... ....... ...... ....... ...... ....... ......................7-6
CONFIGURE ROUTER BGP GROUP .............................................. ...... ...... ....... ...... ....... ...... ....... ...... ....... .........7-7
CONFIGURE ROUTER BGP GROUP DISTRIBUTE_LIST ......................................................................................7-8
CONFIGURE ROUTER BGP GROUP FILTER_LIST .................... ............. ............. ............. ............. ............. .........7-9
CONFIGURE ROUTER BGP GROUP NEXT_HOP_SELF ....................................................................................7-10
CONFIGURE ROUTER BGP GROUP PASSWORD ..................... ....................................... ................................. 7-11
CONFIGURE ROUTER BGP GROUP REMOVE_PRIVATE_AS ................. ........................................................... 7-12
CONFIGURE ROUTER BGP GROUP ROUTE_MAP ...........................................................................................7-13
CONFIGURE ROUTER BGP NEIGHBOR ......................................... ................................ ................................ .7-14
CONFIGURE ROUTER BGP NEIGHBOR ADVERTISEMENT_INTERVAL ................................................................7-16
CONFIGURE ROUTER BGP NEIGHBOR ALLOWBADID ........................... .......................................................... .7-17
CONFIGURE ROUTER BGP NEIGHBOR DEFAULT_ORIGINATE ............................................................ ..............7-1 8
CONFIGURE ROUTER BGP NEIGHBOR DESCRIPTION .....................................................................................7-19
CONFIGURE ROUTER BGP NEIGHBOR DISTRIBUTE_LIST .................................. ...... ....... ...... ....... ...... ....... ...... .7-20
CONFIGURE ROUTER BGP NEIGHBOR EBGP_MULTIHOP ............................................................ ....................7-21
CONFIGURE ROUTER BGP NEIGHBOR FILTER_LIST ............................ ................................ ........................... 7-22
CONFIGURE ROUTER BGP NEIGHBOR KEEP .................................................................................................7-23
CONFIGURE ROUTER BGP NEIGHBOR LOGUPDOWN ..................................................... ............. ............. ....... 7 -24
CONFIGURE ROUTER BGP NEIGHBOR MAXIMUM_PREFIX ..............................................................................7-25
CONFIGURE ROUTER BGP NEIGHBOR NEIGHBOR_GROUP ........................ .................................................... .7-26
CONFIGURE ROUTER BGP NEIGHBOR NEXT_HOP_SELF .................................. ................... .................... ....... 7-27
CONFIGURE ROUTER BGP NEIGHBOR PASSWORD ................ ................................................................. .......7-28
CONFIGURE ROUTER BGP NEIGHBOR ROUTE_MAP ......................................................................................7-29
CONFIGURE ROUTER BGP NEIGHBOR TIMERS ................ ................................................... ...........................7 -30
CONFIGURE ROUTER BGP NEIGHBOR UPDATE_SOURCE .............................................. ................................. 7-31
CONFIGURE ROUTER BGP REDISTRIBUTE ......................................... ........................................................... 7-32
CONFIGURE ROUTER BGP REDISTRIBUTE CONNECTED ......................................... ....................................... .7-33
CONFIGURE ROUTER BGP REDISTRIBUTE OSPF ...........................................................................................7-34
CONFIGURE ROUTER BGP REDISTRIBUTE RIP ..............................................................................................7-35
CONFIGURE ROUTER BGP REDISTRIBUTE STATIC .............................. ....................................... .................... 7-36
ONFIGURE COMMANDS................................................................... 7-1
CHAPTER 8 BGP4
SHOW IP BGP .................................... ................................................... .......................................................8-1
SHOW IP BGP AGGREGATE_ADDRESS .............. ................................ ................................ ............................. 8-2
SHOW IP BGP COMMUNITY ...........................................................................................................................8-3
SHOW IP BGP GROUPS ................................................................................................................................8-5
SHOW IP BGP NEIGHBORS ..................................... ............. ............. ...... ............. ............. ............. ............. ...8-6
SHOW IP BGP PATHS ...................................................................................................................................8-9
June 2004 © 2004 Foundry Networks, Inc. v
SHOW COMMANDS ...........................................................................8-1
Foundry AR-Series Router User Guide
SHOW IP BGP REGEXP .................................... ................................................... ........................................8-10
SHOW IP BGP SUMMARY ............................................................................................................................8-11
SHOW IP BGP TABLE .................................................... ...................................... ........................................8-12
SHOW POLICY ...........................................................................................................................................8-13
SHOW POLICY AS_PATH ........................................ ....... ...... ....... ...... ....................................... ...... ....... ...... .8-14
SHOW POLICY COMMUNITY_LIST ................................................................................................................8-15
SHOW POLICY IP_ACCESS_LIST .................................................................................................................8-16
SHOW POLICY ROUTE_MAP ................................................ ....................................... ................................. 8-17
CHAPTER 9 OSPF C
CONFIGURE ROUTER OSPF ..........................................................................................................................9-2
CONFIGURE ROUTER OSPF 1583 COMPATIBILITY ................................... ....................................................... 9-3
CONFIGURE ROUTER OSPF AREA .................................................................................................................9-4
CONFIGURE ROUTER OSPF AREA AREA_TYPE ...............................................................................................9-5
CONFIGURE ROUTER OSPF AREA AREA_TYPE NORMAL .................................................................. ................9- 6
CONFIGURE ROUTER OSPF AREA AREA_TYPE NSSA ......................................................................................9-7
CONFIGURE ROUTER OSPF AREA AREA_TYPE NSSA NO_SUMMARY ................................................................9-8
CONFIGURE ROUTER OSPF AREA AREA_TYPE STUB ......................................................................................9-9
CONFIGURE ROUTER OSPF AREA AREA_TYPE STUB NO_SUMMARY ..............................................................9-10
CONFIGURE ROUTER OSPF AREA DEFAULT_COST .......................................................................................9-11
CONFIGURE ROUTER OSPF AREA RANGE ....................................................................................................9-12
CONFIGURE ROUTER OSPF AREA VIRTUAL_LINK ............ ....................................................................... .......9-13
CONFIGURE ROUTER OSPF AREA VIRTUAL_LINK AUTHENTICATION ............................... ................................ .9-1 4
CONFIGURE ROUTER OSPF AREA VIRTUAL_LINK DEAD_INTERVAL ...................................... ...........................9-1 5
CONFIGURE ROUTER OSPF AREA VIRTUAL_LINK HELLO_INTERVAL ...............................................................9-16
CONFIGURE ROUTER OSPF AREA VIRTUAL_LINK RETRANSMIT_INTERVAL ......................................................9-17
CONFIGURE ROUTER OSPF AREA VIRTUAL_LINK TRANSMIT_DELAY ................. ....................................... .......9-18
CONFIGURE ROUTER OSPF DISTANCE .............................................. ............................................. ..............9-19
CONFIGURE ROUTER OSPF DISTANCE OSPF ............................................................... .................................9-20
CONFIGURE ROUTER OSPF DISTANCE OSPF EXTERNAL .................................. ....................................... .......9-21
CONFIGURE ROUTER OSPF DISTANCE OSPF NON_EXTERNAL .......................................................................9-22
CONFIGURE ROUTER OSPF INTERFACE ......................................................................................... ..............9-23
CONFIGURE ROUTER OSPF INTERFACE AUTHENTICATION ........................ ....................................... ..............9 -24
CONFIGURE ROUTER OSPF INTERFACE COST ..............................................................................................9-25
CONFIGURE ROUTER OSPF INTERFACE DEAD_INTERVAL ................... ........................................................... 9-26
CONFIGURE ROUTER OSPF INTERFACE HELLO_INTERVAL .................. ...... ....... ...... ....... ...... ....... ...... ....... ...... .9-27
CONFIGURE ROUTER OSPF INTERFACE NEIGHBOR ............... .......................... .......................... ................... .9 -28
CONFIGURE ROUTER OSPF INTERFACE NETWORK .......................................................................................9-29
CONFIGURE ROUTER OSPF INTERFACE POLL_INTERVAL .............. ................... ................... .................... ....... 9-31
CONFIGURE ROUTER OSPF INTERFACE PRIORITY ........................................................................................9-32
CONFIGURE ROUTER OSPF INTERFACE RETRANSMIT_INTERVAL ...................................................................9-33
CONFIGURE ROUTER OSPF INTERFACE TRANSMIT_DELAY ................. .......................................................... .9-34
CONFIGURE ROUTER OSPF REDISTRIBUTE ..................................................................................................9-35
CONFIGURE ROUTER OSPF REDISTRIBUTE BGP ...........................................................................................9-36
ONFIGURE COMMANDS................................................................... 9-1
vi © 2004 Foundry Networks, Inc. June 2004
Contents
CONFIGURE ROUTER OSPF REDISTRIBUTE CONNECTED ...............................................................................9-37
CONFIGURE ROUTER OSPF REDISTRIBUTE RIP ............................................................................................9-38
CONFIGURE ROUTER OSPF REDISTRIBUTE STATIC ......................................... ..............................................9 -39
CONFIGURE ROUTER OSPF REF_BW ................................... ................................................................. .......9-40
CONFIGURE ROUTER OSPF TIMERS ............................................................................................................9-41
CHAPTER 10 OSPF S
SHOW IP OSPF AREA .................................................................................................................................10-1
SHOW IP OSPF DATABASE ..... ................................ ................................ ................................. .................... 10-3
SHOW IP OSPF DATABASE ALL ..... .................... ................... ................... .................... ................... .............. 1 0-4
SHOW IP OSPF DATABASE ASBR_SUMMARY ................................................................................................10-5
SHOW IP OSPF DATABASE DATABASE_SUMMARY ........... ......................... .......................... .......................... .1 0-6
SHOW IP OSPF DATABASE EXTERNAL ........ ....................................... ...... ....... ...... ....... ...... ....... ...... ....... ...... .10-7
SHOW IP OSPF DATABASE NETWORK ..........................................................................................................10-8
SHOW IP OSPF DATABASE NSSA_EXTERNAL ........... ................................ ................................. .................... 10-9
SHOW IP OSPF DATABASE ROUTER ........... ............. ....... ............. ............ ............. ............. ............. ............10-10
SHOW IP OSPF DATABASE SELF_ORIGINATE .................................................. ................................ ............ 10-11
SHOW IP OSPF DATABASE SUMMARY ............................ ............................................................................10-12
SHOW IP OSPF GLOBAL ................................................ ...... ....... ...... ....................................... ...... ....... .....10-13
SHOW IP OSPF INTERFACE ........................................... ...................................... ...................................... 10-14
SHOW IP OSPF INTERFACE ALL ........................................... .......................... .......................... .................. 10 -15
SHOW IP OSPF INTERFACE BUNDLE ..........................................................................................................10-16
SHOW IP OSPF INTERFACE ETHERNET ......................................................................................................10-17
SHOW IP OSPF NEIGHBOR ..................................... ....................................... ....................................... .....10-1 8
SHOW IP OSPF NEIGHBOR DETAIL .............................................. ................... .......................... .................. 10-19
SHOW IP OSPF NEIGHBOR ID .................... .......................................................... ......................................10 -20
SHOW IP OSPF NEIGHBOR INTERFACE ......................................................................................................10-21
SHOW IP OSPF NEIGHBOR INTERFACE BUNDLE .................... ....................................... ............................... 10-22
SHOW IP OSPF NEIGHBOR INTERFACE ETHERNET ....................... ............................................................... 10-23
SHOW IP OSPF NEIGHBOR LIST ..................................... ......................... .......................... .................... ..... 10-24
SHOW IP OSPF REQUEST_LIST .................................................................................................................10-25
SHOW IP OSPF RETRANSMISSION_LIST .....................................................................................................10-26
SHOW IP OSPF VIRTUAL_LINKS ..................................... ................... ................... .................... ..................10-27
HOW COMMANDS .........................................................................10-1
CHAPTER 11 RIP C
CONFIGURE ROUTER RIP ...........................................................................................................................11-2
CONFIGURE ROUTER RIP DEFAULT_METRIC ................................................................................................11-3
CONFIGURE ROUTER RIP DISTANCE ........................................... ................................................... ..............11-4
CONFIGURE ROUTER RIP INTERFACE .......................................................................................................... 11-5
CONFIGURE ROUTER RIP INTERFACE AUTHENTICATION ............................................................ .................... 11-6
CONFIGURE ROUTER RIP INTERFACE DISTRIBUTE_LIST ............................................... .................................1 1-7
CONFIGURE ROUTER RIP INTERFACE METRIC ..............................................................................................11-8
CONFIGURE ROUTER RIP INTERFACE MODE ................................................................................................11-9
June 2004 © 2004 Foundry Networks, Inc. vii
ONFIGURE COMMANDS .................................................................... 11-1
Foundry AR-Series Router User Guide
CONFIGURE ROUTER RIP INTERFACE NEIGHBOR ..................................... ................................. .................. 11-10
CONFIGURE ROUTER RIP INTERFACE PASSIVE ..................................................... ................................. .....11 -11
CONFIGURE ROUTER RIP INTERFACE SPLIT_HORIZON .............................................................. ..................11 -12
CONFIGURE ROUTER RIP MODE .................................... ...................................... ...................................... 11-13
CONFIGURE ROUTER RIP PACING .............................................................................................................11-14
CONFIGURE ROUTER RIP PASSIVE ............................................................................................................11-15
CONFIGURE ROUTER RIP REDISTRIBUTE ...................................................................................................11-16
CONFIGURE ROUTER RIP REDISTRIBUTE BGP ............................................................................................11-17
CONFIGURE ROUTER RIP REDISTRIBUTE CONNECTED ................................................................................11-18
CONFIGURE ROUTER RIP REDISTRIBUTE OSPF ..........................................................................................11-19
CONFIGURE ROUTER RIP REDISTRIBUTE STATIC ........................................................................................11-20
CONFIGURE ROUTER RIP TIMERS .............. ....... ...... ....... ...... ....................................... ...... ....... ...... ....... .....11-21
CONFIGURE ROUTER RIP TIMERS FLUSH ...................................................................................................11-22
CONFIGURE ROUTER RIP TIMERS HOLDDOWN ...........................................................................................11-23
CONFIGURE ROUTER RIP TIMERS UPDATE .............................................. ................................................... 11-24
CHAPTER 12 RIP
SHOW COMMANDS .............................................................................12-1
SHOW IP RIP .............................................................................................................................................12-2
SHOW IP RIP GLOBAL ......................................................... ................... .................... ................... ..............12-3
SHOW IP RIP INTERFACE ....... .................................................... ................................................... ..............12-4
SHOW IP RIP INTERFACE ALL .............. .......................... ................................ ................................ ..............1 2-5
SHOW IP RIP INTERFACE BUNDLE ...............................................................................................................12-6
SHOW IP RIP INTERFACE ET HERNE T ...........................................................................................................12-7
SHOW IP RIP INTERFACE STATISTICS ..........................................................................................................12-8
SHOW IP RIP STATISTICS ...........................................................................................................................12-9
CHAPTER 13 AS P
MATCHING AS PATHS .......................................... ....................................... ................................ ..............13-1
AS P AS P
ATH REGULAR EXPRESSIONS............................................................13-1
ATH REGULAR EXPRESSIONS (REGEX) ................................................. ................... .................... ....... 13-1
ATH TERMS ......................................................................................................................................13-1
CHAPTER 14 M
ULTICASTING..........................................................................................14-1
MULTICASTING OVERVIEW ........................................................................................................................14-1
P
ROTOCOL INDEPENDENT MULTICAST (PIM) .......................................................................................14-1
OMMANDS ................................................................................................................................14-1
PIM C
P
ROTOCOL INDEPENDENT MULTICAST - SOURCE SPECIFIC MULTICAST (PIM-SSM) ....................................14-3
I
NTERNET GROUP MANAGEMENT PROTOCOL (IGMP) ................................................................................14-4
IGMP C
T
RACEROUTE FACILITY FOR IP MULTICAST ........................................................ ........................................ 14-6
M
ULTICAST MULTIPATH ............................................... ...................................... ....................................... .14-6
ULTIPATH COMMANDS ............................................................................................................................14-7
M
viii © 2004 Foundry Networks, Inc. June 2004
OMMANDS .............................................................................................................................14-4
Contents
GENERIC ROUTING ENCAPSULATION (GRE) ..............................................................................................14-7
CHAPTER 15 S
ECURITY FEATURES ................................................................................ 15-1
INTRODUCTION TO SECURITY ....................................................................................................................15-1
E
NABLING SECURITY FEATURES .........................................................................................................15-1
ECURING REMOTE ACCESS USING IPSEC VPN .......................................................................................15-2
S
A
CCESS METHODS ............................................................ ............................................. ....................1 5-2
E
XAMPLE 1: SECURELY MANAGING THE FOUNDRY AR1204 OVER AN IPSEC TUNNEL ................... .......15-3
XAMPLE 2: JOINING TWO PRIVATE NETWORKS WITH AN IP SECURITY TUNNEL .................................15-10
E E
XAMPLE 3: JOINING TWO NETWORKS WITH AN IPSEC TUNNEL USING MULTIPLE IPSEC PROPOSALS .15-19
E
XAMPLE 4: SUPPORTING REMOTE USER ACCESS ................................................................ ............15-28
E
XAMPLE 5: CONFIGURING IPSEC REMOTE ACCESS TO CORPORATE LAN WITH MODE-CONFIGURATION
ETHOD ................................................. ....... ...... ....... ...... ....................................... ...... ............15-37
M
C
ONFIGURING GRE ................................................................................................................................15-45
F
IREWALLS ................................ .............................................. ...............................................................15-50
IREWALL CONFIGURATION EXAMPLES .................................................. ................... .................... ..... 15-50
F S
TOPPING DOS ATTACKS ................. ....................................... ....................................... .................. 15-56
P
ACKET REASSEMBLY ......................................................................................................................15-57
NAT C NAT C
S
ECURITY PROTOCOL DEFAULTS ............................................................................................................15-61
IPS F
F
IREWALL DEFAULT VALUES ...................................................................................................................15-63
UNNELING DEFAULT VALUES ................................................................................................................. 15-65
T
ONFIGURATIONS ....................................................................................................................15-57
ONFIGURATION EXAMPLES .....................................................................................................15-58
EC SUPPORTED PROTOCOLS AND ALGORITHMS ........................ .............................................. .....15-61
OUNDRY IKE AND IPSEC DEFAULTS ...............................................................................................15-62
June 2004 © 2004 Foundry Networks, Inc. ix
Chapter 1

Getting Started

Introduction

This guide describes how to configure the AccessIron routers in typical scenarios using information presented in the configurations and user guides.

Audience

This manual is desi gned f or system ad ministrat ors with a working kn owledg e of Layer 2 and Layer 3 switchin g and routing.
If you are using a Foundry Layer 3 Switch, you should be familiar with the following protocols if applicable to your network – IP, RIP, OSPF, BGP4, PIM, and VRRP.

Nomenclature

This guide uses the following typographical conventions to show information: Italic highlights the title of another publication and occasionally emphasizes a word or phrase. Bold highlights a CLI command. Bold Italic highlights a term that is being defined. Underline Capitals highlights field names and buttons that appear in the Web management interface.
NOTE: A note emphasizes an important fact or calls your attention to a dependency.
WARNING: A warning calls your attention to a possible hazard that can cause injury or death.
CAUTION: A caution calls your attention to a possible hazard that can damage equipment.
highlights a link on the Web management interface.
June 2004 © 2004 Foundry Networks, Inc. 1 - 1
Foundry AR-Series Router User Guide

Related Publications

The following Foundry Networks documents supplement the information in this guide.
Release Notes Printed release notes provide th e latest i nformatio n. If releas e notes a re provide d with you r product, fo llow th e
instructions contained within them instead of those provided in other documentation.
Foundry AR-Series AR1202 and AR1204 Installation Guide This guide is designed to assist users with the initial installation and deployment of the Foundry AR1202 two-
port and AR1204 four-port router. The guide provides a brief overview of the installation and initial configuration proces se s.
Foundry AR-Series AR1202 and AR1204 Quick Installation Guide
This detailed guide provides an abbreviated install guide for those experienced with installing Foundry AccessIron routers.
Foundry AR-Series Rack-Mounted Router Installation Guide This guide is designed to assist users with the initial installation and deployment of Foundry rack-mounted
routers. The guide provides a brief overview of the installation and initial configuration processes.
Foundry AR-Series Rack-Mounted Router Quick Installation Guide
This detailed guide provides an abbreviated install guide for those experienced with installing Foundry AccessIron rack-mounted routers.
Foundry AR-Series Router Configurations Guide This guide provides examples of AccessIron configurations.
Foundry AR-Series Router Command Reference Guide
This guide explains the syntax and application of AccessIron router CLI commands.
To order additional copies of these manuals, do one of the following:
Call 1.877.TURBOCALL (887.2622) in the United States or 1.408.586.1881 outside the United States.
Send email to info@foundrynet.com.

List of Features

Table 1.1 shows the features supported on AccessIron devices.
T a ble 1.1: Fea ture Supporte d in AccessIro n Device s
Category Feature AR1202
AR1204 AR1208 AR1216
Interfaces
WAN/LAN 10/100 Fast Ethernet 2 2 2
T1/E1 Yes - ­Channelized T3 - - Yes
AR3201-T-CL AR3202-T-CL
AR3201-T-CH AR3202-T-CH
Clear Channel T3 - Yes -
WAN Protocols
1 - 2 © 2004 Foundry Networks, Inc. June 2004
Table 1.1: Feature Supported in AccessIron Devices (Continued)
Getting Started
Category Feature AR1202
AR1204 AR1208 AR1216
PPP, PAP, Multilink PPP, Frame Relay, Multilink Frame Relay, (FRF.15, FRF.16.1) BCP, HDLC
Layer 2 Features
802.1Q VLAN tagging and forwarding over WLAN Virtual LAN Domain (VLD) VLAN Double Tagging Transparent Bridging Jumbo Frames (4072 bytes) IP Multiplexing NAT mode Transparent Layer 3 packet forwarding
Layer 3 Features
Routing RIPv1/v2
OSPF BGP4
AR3201-T-CL AR3202-T-CL
AR3201-T-CH AR3202-T-CH
Static Routing ECMP (IP load balancing) Multicast (PIM-SM, PIM-SSM, IGMP v2/v3)
High Availabi lit y VRRP
BGP4 Multi-homing Bundle Tracking MLPPP Bundle Thresholding LAN Interface Load Sharing with Failover
Security/ Management
Stateful Packet Inspection Firewall with: Layer-3 mode (router and NAT)
Policy-based NAT/PAT Policy-based filters URL and application content filtering Time and rate limiting Denial of Service protection Network attack detection Application Level Gateway support Packet-level logging and syslog support
June 2004 © 2004 Foundry Networks, Inc. 1 - 3
Foundry AR-Series Router User Guide
Table 1.1: Feature Supported in AccessIron Devices (Continued)
Category Feature AR1202
AR1204 AR1208 AR1216
ACLs DHCP TFTP PAP RADIUS TACACS+ SSH v2 GRE Tunneling IPSec VPN with integrated IKE
Site-to-site VPN Site-to-remote VPN MD5 & SHA-1 authentication Hardware accelerated encryp tio n 3DES (168 bit), DES (56 bit), AES
VPN optional on the AR1202 and AR1204
(256 bit) encryption
AR3201-T-CL AR3202-T-CL
AR3201-T-CH AR3202-T-CH
--
QoS/Traffic Management
Service Provisioning
RED
DiffServ Class-based Queuing per:
IP address Flow VLAN tag Application port
Frame Relay traffic shaping and policing VLAN-802.1P 8 queue prioritization of VLAN frames Management (in-band, serial, Telnet, or modem) by:
CLI SNMP
Monitoring syslog Statistics Alarms
Diagnostics BERT Loopback testing Traceroute Reverse Telnet
Specialized
Hospitality Web Redirection
Features
1 - 4 © 2004 Foundry Networks, Inc. June 2004
Table 1.1: Feature Supported in AccessIron Devices (Continued)
Getting Started
Category Feature AR1202
AR1204 AR1208 AR1216
Timed Access List
AR3201-T-CL AR3202-T-CL
AR3201-T-CH AR3202-T-CH

How to Get Help

Foundry Networks technical support will ensure that the fast and easy access that you have come to expect from your Foundry Networks products will be maintained.

Web Access

http://www.foundrynetworks.com

Email Access

Technical requests can also be sent to the following email address:
support@foundrynet.com

Teleph one Access

1.877.TURBOCALL (887.2622) United States
1.408.586.1881 Outside the United States

Warranty Cove rage

Contact Foundry Networks using a ny of the methods listed above for informati on about t he sta ndard and extended warranties.
June 2004 © 2004 Foundry Networks, Inc. 1 - 5
Foundry AR-Series Router User Guide
1 - 6 © 2004 Foundry Networks, Inc. June 2004
Chapter 2

Command Line Interface

This chapter introduces the Command Line Interface (CLI) hierarchy and the conventions used to describe it. It also introduces the CLI navigation keys and methods, as well as the available help screens.

Command Types

This guide contains two types of commands: transition, or mode change, commands and standard commands. Transition commands do not affect the syst em configuration, they are used to ga in access to lower- or next-level
commands in the CLI hierarchy. Following each transition command is a brief description, a syntax and usage example, a list of next-level commands, and a list of systems for which the command is applicable.
NOTE: In certain instances, transition commands will select an interface for configuration and access next-level commands. For example, the configure interface bundle dallas command accesses the configure interface bundle mode and selects or creates the bundle dallas.
Stan da rd comma nds a re u sed t o conf igure t he syst em. Fo llowing ea ch st and ard co mman d is a brie f desc ript ion, a list of parameters and definitions, a syntax and usage example, a list of related commands, and a list of systems for which the command is applicable.

Context-Sensitive Commands

Some commands are context-sensitive. Once a module, bundle, or Ethernet port has been selected for configuration, all further configuration applies only to the selected interface. Table 2.1: shows a context-sensitive command string for a AR1208 system. In this example, T1 link 1 remains selected for configuration until you exit from the Foundry-AR1208/con fig ure / mo dul e/t1 # prom pt.
Table 2.1: Context-Sensitive Command Sequence
Context-Sensitive Command String Example
1 Go into the configuration mode. 1 Specify the type of interface (T1). Foundry-AR1208/configure#module t1
Foundry-AR1208#configure terminal
1 Choose the specific interface (T1 link 1). Foundry-AR1208/configure#module t1 1 1 From now on, al l con figurat ion co mman ds
are for T1 link 1 until y ou exi t from mo dule configuration or choose another T1 link.
June 2004 © 2004 Foundry Networks, Inc. 2 - 1
Foundry-AR1208/configure/module/t1 1#
Foundry AR-Series Router User Guide
NOTE: Command strings that require identification of a specific interface are context-sensitive.

Command Conventions

Each command is briefly described and then followed by the complete syntax, which is essentially a map of the command that shows mandatory and optional parameters.
The following tables provide details of the conventions used for syntaxes and examples.
Table 2.2: Syntax Conventions
For Syntaxes What it means
normal type Within syntaxes, “normal type” represents required words
that must be entered by the user — except when follo wed by a parameter setting that is enclosed in angled brackets. In that case, only enter the parameter setting enclosed in the angled brackets .
Example 1: Normal type only. In this example, the user enters the word or argument
(module) appearing in the syntax in “normal type.” Syntax:
module
Command execution:
module
Example 2: Normal type word or argument that is followed by a second normal type word or argument, which is followed by a p aram eter setting enclose d i n a ngl ed bra ck et s .
In this example, the user enters the first word or argument “connections,” appearing in normal type, and then only enters the value “4” of the second word or argument.
Syntax:
connections connections < n >
Command execution:
connections 4
In other words, the first occurence of “connections” must be entered because it is not followed by a setting enclosed in angled brackets. The second occurence of the word “connections” must NOT be entered bec au se it is followed by a setting enclosed in angled brackets. This value of the setting must be entered to execute the command.
2 - 2 © 2004 Foundry Networks, Inc. June 2004
Command Line Interface
Table 2.2: Syntax Conventions (Continued)
[ a | b | c ] Normal brackets “[ ]” indicate optional keywords or
arguments. A vertical bar “ | “ separates individual settings. Example: In this example, the user enters the word “timeout;” must
specify either for “tcp” or “udp” for a protocol type; and optionally enters a timeout value “n.”
Syntax:
timeout protocol_ty pe < tcp | udp > [ s econds < n > ]
Command execution:
timeout udp 3600
< # Angled brackets. All parameter settings are enclosed in
angled brackets. The user is directed to choose an appropriate setting. In some cases, the parameter name accompanies the required setting.
[ ] Optional parameter settings in each syntax are indicated by
normal brackets.
Table 2.3: Example Conventions
For Examples What it means
normal type Prompts and comman ds that are p art of th e main prompt a re
shown in normal type. Examples:
Foundry-AR1208# Foundry-AR1208/show#
bold type All character strings that a user must enter to execute a
command are in bold type. Example:
Foundry-AR1208# configure term

Abbreviated Commands

You may enter commands by typing the first few characters of each word in a command string. The Foundry system recognizes the unique abbreviated entry and executes the command exactly as if you had entered it fully.
For example, to view the currently running system configuration, you may type show configuration running at the Foundry# prompt. You may also type dis con run to get the same result. Similarly, you may abbreviate the optional parameter names required by some commands.
For example, a typical entry may be as follows: mlppp mrru 1600 sequence short seg_threshold 1000 differential_delay 100 discriminator 10.1.100.22 To save time, you may type the following equivalent abbreviated string: mlppp m 1600 seq short seg 1000 diff 100 dis 10.1.100.22
June 2004 © 2004 Foundry Networks, Inc. 2 - 3
Foundry AR-Series Router User Guide

CLI Navigation

The Tab, Esc, and Ctrl keyboard keys may be used to:
Move backwards or forwards in the CLI
Edit entered command strings
Or acceler ate the command entry process

Navigation Keys

You may use the Tab key to quickly enter each word of a command without typing its full name. For example, to enter the configure command, you may type its first two letters and then press Tab to complete the entire word. Then, you may specify an item to configure by pressing the Spacebar and then pressing Tab repeatedly until the desired sub-command appears. Repeat this sequence for each successive sub-command string until the entire command string appears.
You may also use the other keystrokes shown in during command entry. For example, to back up the cursor without deleting any charac ters, type Ctrl-B. To repeat the last command that yo u entered , type Ctrl-P. T o go back several commands, type Ctrl-P repeatedly until the desired previous command appears. Or, you may go directly back to the main CLI# prompt from anywhere in the command hierarchy by typing Ctrl-Z.
Figure 2.1 Navigation Keys
# help edit key stroke -- action
---------- -- -----­ TAB -- command completion Esc-B -- go back one word Esc-F -- forward one word Esc-DEL -- delete one word left to cursor BackSpace -- go back and delete one char Ctrl-A -- start of line Ctrl-B / <- -- go back one char Ctrl-D / DEL -- delete a char
-- go up one level if empty command Ctrl-E -- end of line Ctrl-F / -# -- forward one char Ctrl-K -- delete line ahead of cursor Ctrl-L -- refresh line Ctrl-N / DN ARROW -- next command in history Ctrl-P / UP ARROW -- previous command in history Ctrl-U -- delete entire line Ctrl-W -- delete one word left to cursor #

Command Help

Command help is availa ble for navi gating the C LI command hi erarchy and for assist ance w ith specific command s. You may obtain help by using any of the three commands described below.

Help

Type help at the main CLI prompt to see the basic Foundry system help information. Or, type help followed by a command name to view information about that command. shows the help screen.
2 - 4 © 2004 Foundry Networks, Inc. June 2004
Command Line Interface
Figure 2.2 Help Screen
# help ? -- display commands under this tree exit [level] -- exit (level nos ) from the current tree
-- 'exit' from "top level" terminates CLI Ctrl-Z -- exit to top level tree -- display tree under current node type 'help edit' to see editing features type 'help <cmd#' to get help for that command #

Tree

You may view a tree that shows all CLI commands, or a tree that shows only the commands associated with the current command mode (or th e rout ing mode for example). Figure 2.3 sh ow s two comma nd tree ex am ple s. If y ou type tree at the main (Foundry-AR1208# or equivalent) prompt, the entire list of system commands appears. If you type tree within a com ma nd mo de, such as Foundry-AR3201-CH/clear# tree, the com mand s associa ted with this command mode are displayed.
Figure 2.3 Foundry CLI Command Tree
# tree xcli |-- ping |-- clear | |-- cfg_file | |-- arp | |-- cfg_log | |-- command_log | |-- snmp_stats | |-- counters | | |-- all | | |-- ethernet | | |-- ethernets | | |-- bundle | | |-- bundles | | |-- avc | | |-- avcs | | |-- tunnel | | |-- tunnels | |-- interface | | |-- all | | |-- ethernet Press any key to continue (q : quit) :

Question Mark Help Screen

To view help information for a command cate gory, specific command, or a parameter, type the associated word followed by a space and a question mark (?). For example, if you type a question mark at the main command prompt, the system command categories appear. Shows a display of these top-level commands.
June 2004 © 2004 Foundry Networks, Inc. 2 - 5
Foundry AR-Series Router User Guide
Figure 2.4 ? Help Screen
# ?
NAME xcli -- This is root and not a command
SYNTAX COMMANDS <cr#
DESCRIPTION COMMANDS -- Any of the following commands can be used
clear -- access clear commands configure -- configure from ( flash / network / terminal ) debug -- accesses debug commands dir -- directory of files in flash erase -- access erase filesystem commands file -- access file commands mtrace -- multicast trace route to source address password -- Change the user password ping -- invoke ping reboot -- reboot the system reload -- reboot the system save -- save configuration to ( local / network ) show -- access show commands tclsh -- To invoke TCL shell telnet -- open a telnet connection test -- access test commands trace -- trace route to destination address or host name write -- write to terminal/network/flash
#
NOTE: The default parameters for specific commands appear in parenthesis.

Global Commands

All show, ping, and save commands are available from any level of the CLI. For example, the global show commands allow the user to view current configuration settings, alarms, or tests without exiting the configure mode. In Figure 2.5 on page 2-7, a user has displayed a bundle summary while configuring a new bundle.
Similarly, the ping and save commands are available at any level of the CLI command. The ping command verifies connectivity between the Foundry system and other network hosts; access to the save commands from anywhere in the CLI ensur es that your c onfigurati ons may be save d periodically.
2 - 6 © 2004 Foundry Networks, Inc. June 2004
Figure 2.5 Global show Command
# show configuration : Select type of 'configuration' ( Hit Tab ) # dir
CONTENTS OF /flash1:
size date time name
-------- ------ ------ -------­ 6467513 FEB-04-2004 13:51:22 AR0x_###x 6771268 APR-01-2004 11:38:42 AR0x_###y 1908 APR-01-2004 11:56:18 system.cfg 0 FEB-05-2004 07:12:30 oldsystem.cfg 6500329 APR-01-2004 11:49:22 AR0x_###z
Total bytes: 19741018 Bytes Free: 12713984 #
NOTE: The CLI commands show and display can be used interchangeably.
NOTE: The tab completion feature is not currently available for global commands.
Command Line Interface
June 2004 © 2004 Foundry Networks, Inc. 2 - 7
Foundry AR-Series Router User Guide
2 - 8 © 2004 Foundry Networks, Inc. June 2004

Policy Commands

This chapter provides information about routing policy commands that are supported by Foundry.

configure policy

This command provides access to the next-level commands.
Chapter 3
related commands:
configure policy as_path configure policy communi ty_list configure policy ip_access_list configure policy route_map
June 2004 © 2004 Foundry Networks, Inc. 3 - 1
Foundry AR-Series Router User Guide

configure policy as_path

This command configures the autonomous system path filter for BGP. AS path access li sts are used for matching the AS path attribute in a BGP route. An AS path access lis t s ucce eds
if any “permit” line in the list m atches, o r fails if a ny “deny” l ine matc hes. Matchin g proceed s sequen tially an d stops at the first match.
The regular expressio n p a ram ete r is an a s path regular expression. (For regular expressio n syntax, see “AS Path Regular Expressions” on page 13-1.) Note that the regular expression must be enclosed in quotation marks. The AS number is the smallest element of a Foundry regular expression. It is an integer ranging from 0 to 65536; the Foundry regular expression matcher is AS number-based.
Any number of AS path access list lines may be declared. They are evaluated in the order declared. If neither permit nor deny is specified, the default is “permit.”

Parameter Description

access_list Access list number
Range is 1 - 199.
number Sequence to insert or delete from an existing AS path entry.
Range is 0 - 65535.
action
deny Deny AS path. permit Permit AS path.
regular_expression Regular expression to match the AS paths.
Enter a quot ed string. Refer to “AS Path Regular Expressions” on page 13-1 for more
information about regular expressions.
syntax:
[ no ] policy as_path access_list < n > number < n > action < deny | permit > regular_expression < “string” >
example:
Foundry-AR1208/configure# policy as_path 1 120 permit “100”
example:
Foundry-AR1208/configure# policy as_path 1 121 deny “.* 101 .*”
applicable systems:
All models.
3 - 2 © 2004 Foundry Networks, Inc. June 2004
Policy Commands

configure policy community_list

This command accesses next-level commands for adding extended or standard community lists. Community list s are used for m atchin g the “com muni ty” attrib ute in a BGP rou te. A comm unity list su cceed s if any
“permit” line in the list matches, or fails if any “deny” line matches. Matching proceeds sequentially and stops at the first match. A line in a community list is normally said to match if the route being tested contains at least all of the communities listed in the line. That is, it may contain additional communities as well. If the exact-match keyword is used, then it must contai8n exactly the same communities as listed.
The communities pa rameter can be:
local_as
no_advertise
no_export
aa:nn (an integer between 0 and 65,535)
community (an integer between 1 and 4294967295
Note that “exact_m atc h” is su ppo rted in the community_list as well as at the route_map lev el. If n ei ther permit nor deny is specified, the default is pe rmi t. If n o community is specified, any route w il l b e ma tch ed, regardless of what communities are present. The route will even be matched if the community path attribute is not present. Any number of community list lines may be declared. They are evaluated in the order declared.
related commands:
configure policy community_list extended_community configure policy community_list standard_community
June 2004 © 2004 Foundry Networks, Inc. 3 - 3
Foundry AR-Series Router User Guide

configure policy community_list extended_community

This command configures an extended community list as part of the policy.

Parameter Description

community_list Extended community list number
The range is 100 - 199.
community_index Community index number
The range is 0 - 65535.
action
deny Specify a community to reject. permit Specify a community to permit.
community A list of community numbers
The range is 1 - 4294967295. This list can contain a maximum of 32 numbers.
generate_local_as
local_as Do not send out local AS.
aa_nn Community number in aa:nn format
This list can contain a maximum of 32 numbers.
generate_no_advertise
no_advertise Do not advertise to any neighbor.
generate_no_export
no_export Do not send to next AS
syntax:
[ no ] policy community_list extended_community community_list < n > community_index < n > action < deny | permit > [ community < n > ] [ generate _local_as < local_as > ] [ aa_nn < n > ] [ generate_no_advertise < no_advertise > ] [ generate_no_export < no_export > ]
example:
Foundry-AR1208/configure# policy community_list extended_community 100 1 deny community 44 45 local_as aa_nn 400:500 no_advertise
applicable systems:
All models.
3 - 4 © 2004 Foundry Networks, Inc. June 2004

configure policy community_list standard_community

This command configures a standard community list as part of the routing policy.

Parameter Description

community_list Extended community list number
The range is 100 - 199.
community_index Community index number
The range is 0 - 65535.
action
deny Specify a community to reject. permit Specify a community to permit.
community A list of community numbers
The range is 1 - 4294967295. This list can contain a maximum of 32 numbers.
generate_local_as
local_as Do not send out local AS.
aa_nn Community number in aa:nn format
This list can contain a maximum of 32 numbers.
generate_no_advertise
no_advertise Do not advertise to any neighbor.
generate_no_export
no_export Do not send to next AS
Policy Commands
syntax:
[ no ] policy community_list standard_community community_list < n > community_index < n > action < deny | permit > [ community < n > ] [ generate_local_as < local_as > ] [ aa_nn < n > ] [ generate_no_advertise <no_advertise > ] [ generate_no_export < no_export > ]
example:
Foundry-AR1208/configure# policy community_list standard_community 90 150 permit community 40 45 local_as aa_nn 655:232592 no_advertise
example:
Foundry-AR1208/configure/policy# community_list standard_community 90 150 permit community 42949672 no_advertise
applicable systems:
All models.
June 2004 © 2004 Foundry Networks, Inc. 3 - 5
Foundry AR-Series Router User Guide

configure policy ip_access_list

This command configures the IP access list for routes. Ip access lists are used for matching any type of route prefix. An IP access list is said to succeed if any “permit”
line in the list matc hes, or fails, if any “deny” line matches. Matching proceeds sequentially and stops at the first match. A line in an IP access list is said to match according to the rules listed below.
network netmask Matches addresses as fo llow s: The bi t s in t he add ress p art of the ro ute be ing ma sked that ar e not c overed by
“one” bits in net mask must be equal to the corresponding bits in network. The “one” bits in net mask are sometimes referred to as “don’t care” bits, because the policy engine does not care what their values are.
network netmask mask maskmask Matches addresses as follows: The first pair of parameters (network, maskmask) match the address part of
the route just as in the previous (network netmask) form. The second pair of parameters (mask, maskmask) are used to match against the mask part of the route being matched in a similar fashion. That is, the route is matched if the address part matches and the bits in the mask that are not covered by “one” bits in net mask are equal to the corresponding bits in mask.
If neither permit nor deny is specified, the default is permit. All kinds of access_list entries may be mixed freely within a list, and there are no restrictions on what the access_list number may be. Any number of IP access list lines may be declared. They are evaluated in the order declared.

Parameter Description

access_list Access list number
The range is 1 - 99
number Sequence to insert to or delete from an existing access list entry.
The range is 0 - 65535.
action
deny Route map deny set operation.
permit Route map permit set operation. network Network route (IP address in dotted notation) netmask Network mask as wildcard bits (IP address in dotted notation) mask Network route’s mask (IP address in dotted notation) maskmask Wildcard mask for network route’s mask ( in dotted notation)
syntax:
[ no ] policy ip_access_list access_list < n > number < n > action < deny | permit > [ network < IP address > ] [
netmask < IP address > ] [ mask < IP address > ] [ maskmask < IP address > ]
example:
Foundry-AR1208/configure# policy ip_access_list 1 1 permit network 10.0.0.0 netmask 0.255.255.255
This example permits prefixes 10.0.0.0/8, 10.0.0.0/9 and so on.
3 - 6 © 2004 Foundry Networks, Inc. June 2004
Policy Commands
example:
Foundry-AR1208/configure# policy ip_access_list 1 1 permit network 10.0.0.0 netmask 0.255.255.255 mask
255.0.0.0 maskmask 0.255.255.255
This example restricts the prefixes to 10.0.0.0/8 only.
applicable systems:
All models.
June 2004 © 2004 Foundry Networks, Inc. 3 - 7
Loading...
+ 263 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use