Nokia 7210 SAS D, 7210 SAS K, 7210 SAS E Configuration Manual

Download

Page 1

TitlePage Guide Name

7210 SERVICE ACCESS SWITCH

7210 SAS D, E, K OS Router Configuration Guide Release 9.0.R1

3HE11494AAAATQZZA

Issue: 01

November 2016

Nokia — Proprietary and confidential. Use pursuant to applicable agreements.

Page 2

7210 SAS D, E, K OS Router Configuration

Guide

Nokia is a registered trademark of Nokia Corporation. Other products and company names mentioned herein may be trademarks or tradenames of their respective owners.

The information presented is subject to change without notice. No responsibility is assumed for inaccuracies contained herein.

Contains proprietary/trade secret information which is the property of Nokia and must not be made available to, or copied or used by anyone outside Nokia without its written authorization. Not to be used or disclosed except in accordance with applicable agreements.

3HE11494AAAATQZZA Issue: 01

Page 3

Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

List of Technical Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Getting Started

In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Alcatel-Lucent 7210 SAS-Series Router Configuration Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

IP Router Configuration

In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Configuring IP Router Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

System Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Internet Protocol Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

IPv6 Applications for 7210 SAS-D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Process Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Configuration Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Configuring an IP Router with CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

Router Configuration Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

System Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Basic Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Common Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Configuring a System Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Configuring Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Configuring a System Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Configuring IPv6 Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Router Advertisement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Service Management Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

Changing the System Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

Deleting a Logical IP Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

IP Router Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Command Hierarchies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

Filter Policies

In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81

Filter Policy Configuration Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82

Service -Based Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82

Filter Policy Entities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

Applying Filter Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

ACL on range SAPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86

Creating and Applying Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

Packet Matching Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89

7210 SAS D, E, K OS Router Configuration Guide Page 3

Page 4

Table of Contents

Ordering Filter Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94

Applying Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96

Configuration Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97

MAC Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

IP Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

IPv6 Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99

Resource Usage for Ingress Filter Policies for 7210 SAS-D and SAS-E . . . . . . . . . . . . . . . . . . . . .99

Resource Usage for Egress Filter Policies (supported only for 7210 SAS-D) . . . . . . . . . . . . . . . .100

Resource Usage for Ingress Filter Policies for 7210 SAS-K . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102

Configuring Filter Policies with CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Basic Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106

Common Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108

Allocating Resources for Filter policies (Ingress and Egress) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108

Creating an IP Filter Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108

IP Filter Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108

IP Filter Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110

IP Entry Matching Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

Creating an IPv6 Filter Policy (applicable only for 7210 SAS-D). . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

IPv6 Filter Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

Creating a MAC Filter Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113

MAC Filter Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113

MAC Filter Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114

MAC Entry Matching Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115

Apply IP and MAC Filter Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115

Apply Filter Policies to an IES Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116

Filter Management Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117

Renumbering Filter Policy Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117

Modifying an IP Filter Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119

Modifying a MAC Filter Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121

Deleting a Filter Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122

From an Ingress SAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122

From an Egress SAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122

From the Filter Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123

Copying Filter Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124

Filter Command Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

Command Hierarchies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125

Common CLI Command Descriptions

In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179

Common Service Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180

Standards and Protocol Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181

Page 4 7210 SAS D, E, K OS Router Configuration Guide

Page 5

LIST OF TABLES

Getting Started

Table 1: Configuration Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

IP Router Configuration

Table 2: IPv6 Header Field Descriptions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

Filter Policies

Table 3: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

Table 4: Applying Filter Policies for 7210 SAS-D and 7210 SAS-K . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85

Table 5: Applying Filter Policies for 7210 SAS-E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85

Table 6: Applying ACLs support on Epipe and VPLS services on 7210 SAS-D and 7210 SAS-K

variants when using range SAPs86

Table 7: DSCP Name to DSCP Value Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92

Table 8: MAC Match Criteria Exclusivity Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

Table 9: Show Filter (no filter-id specified) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163

Table 10: Show Filter (with filter-id specified) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164

Table 11: Show Filter Associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166

Table 12: Show Filter Counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167

Common CLI Command Descriptions

7210 SAS D, E, K OS Router Configuration Guide Page 5

Page 6

List of Tables

Page 6 7210 SAS D, E, K OS Router Configuration Guide

Page 7

LIST OF FIGURES

IP Router Configuration

Figure 1: IPv6 Header Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

Filter Policies

Figure 2: Filtering Process Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95

Figure 3: Applying an IP Filter to an Ingress Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107

Common CLI Command Descriptions

7210 SAS D, E, K OS Router Configuration Guide Page 7

Page 8

7210 SAS D, E, K OS Router Configuration Guide Page 8

Page 9

About This Guide

This guide describes logical IP routing interfaces, IP and MAC-based filtering support provided by the 7210 SAS D, E, K OS and presents configuration and implementation examples.

On 7210 SAS devices, not all the CLI commands are supported on all the platforms and in all the modes. In many cases, the CLI commands are mentioned explicitly in this document. In other cases, it is implied and easy to know the CLIs that are not supported on a particular platform.

NOTE: 7210 SAS-E and 7210 SAS-D operate in access-uplink mode by default. No explicit user configuration is needed for this.

Preface

Audience

This document is organized into functional chapters and provides concepts and descriptions of the implementation flow, as well as Command Line Interface (CLI) syntax and command usage.

This manual is intended for network administrators who are responsible for configuring the 7210 SAS-Series routers. It is assumed that the network administrators have an understanding of networking principles and configurations. Protocols, standards, and services described in this manual include the following:

• IP router configuration

• Virtual routers

• IP and MAC-based filters

7210 SAS D, E, K OS Router Configuration Guide Page 9

Page 10

Preface

List of Technical Publications

The 7210-SAS D, E, K OS documentation set is composed of the following books:

• 7210-SAS D, E, K OS Basic System Configuration Guide

This guide describes basic system configurations and operations.

• 7210-SAS D, E, K OS System Management Guide

This guide describes system security and access configurations as well as event logging and accounting logs.

• 7210-SAS D, E, K OS Interface Configuration Guide

This guide describes card, Media Dependent Adapter (MDA), link aggregation group (LAG) and port provisioning.

• 7210-SAS D, E, K OS Router Configuration Guide

This guide describes logical IP routing interfaces and associated attributes such as an IP address, port, as well as IP and MAC-based filtering.

• 7210-SAS D, E, K OS Routing Protocols Guide

This guide provides an overview of routing concepts and provides configuration examples for routing protocols and route policies.

• 7210-SAS D, E, K OS Services Guide

This guide describes how to configure service parameters such as customer information, and user services.

• 7210-SAS D, E, K OS OAM and Diagnostic Guide

This guide describes how to configure features such as service mirroring and Operations, Administration and Management (OAM) tools.

• 7210-SAS D, E, K OS Quality of Service Guide

This guide describes how to configure Quality of Service (QoS) policy management.

Page 10 7210 SAS D, E, K OS Router Configuration Guide

Page 11

Technical Support

If you purchased a service agreement for your 7210 SAS router and related products from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance. If you purchased an Alcatel-Lucent service agreement, contact your welcome center at:

Web: http://www.alcatel-lucent.com/wps/portal/support

Preface

7210 SAS D, E, K OS Router Configuration Guide Page 11

Page 12

Preface

Page 12 7210 SAS D, E, K OS Router Configuration Guide

Page 13

Getting Started

In This Chapter

This chapter provides process flow information to configure routing entities, virtual routers, IP and MAC filters.

Alcatel-Lucent 7210 SAS-Series Router Configuration Process

Table 1 lists the tasks necessary to configure logical IP routing interfaces, virtual routers, IP and

MAC-based filtering.

This guide is presented in an overall logical configuration flow. Each section describes a software area and provides CLI syntax and command usage to configure parameters for a functional area.

Table 1: Configuration Process

Area Task Chapter

Router configuration Configure router parameters,

including router interfaces and addresses and router IDs.

IP and MAC filters Filter Policies on page 81

Reference List of IEEE, IETF, and other

proprietary entities.

IP Router Configuration on page 15

Standards and Protocol Support on page 339

7210 SAS D, E, K OS Router Configuration Guide Page 13

Page 14

Getting Started

Page 14 7210 SAS D, E, K OS Router Configuration Guide

Page 15

In This Chapter

IP Router Configuration

This chapter provides information about commands required to configure basic router parameters.

Topics in this chapter include:

• Configuring IP Router Parameters on page 16

→ Interfaces on page 16

• Configuration Notes on page 21

Page 15 7210 SAS D, E, K OS Router Configuration Guide

Page 16

Configuring IP Router Parameters

In order to provision services on a 7210 SAS device, logical IP routing interfaces must be configured to associate attributes such as an IP address or the system with the IP interface.

A special type of IP interface is the system interface. A system interface must have an IP address with a 32-bit subnet mask.

The following router features can be configured:

• Interfaces on page 16

Interfaces

7210 SAS routers use different types of interfaces for various functions. Interfaces must be configured with parameters such as the interface type (system) and address. A port is not associated with a system interface. An interface can be associated with the system (loopback address).

System Interface

The system interface is associated with the network entity (such as a specific router or switch), not a specific interface. The system interface is also referred to as the loopback address.

The system interface is used to preserve connectivity (when routing reconvergence is possible) when an interface fails or is removed. The system interface is also referred to as the loopback address and is used as the router identifier.

Page 16 7210 SAS D, E, K OS Router Configuration Guide

Page 17

Internet Protocol Versions

The TiMOS implements IP routing functionality, providing support for IP version 4 (IPv4) and IP version 6 (IPv6). IP version 6 (RFC 1883, Internet Protocol, Version 6 (IPv6)) is a newer version of the Internet Protocol designed as a successor to IP version 4 (IPv4) (RFC-791, Internet Protocol). The changes from IPv4 to IPv6 effects the following categories:

• Expanded addressing capabilities — IPv6 increases the IP address size from 32 bits (IPv4) to 128 bits, to support more levels of addressing hierarchy, a much greater number of addressable nodes, and simpler auto-configuration of addresses. The scalability of multicast routing is improved by adding a scope field to multicast addresses. Also, a new type of address called an anycast address is defined that is used to send a packet to any one of a group of nodes.

• Header format simplification — Some IPv4 header fields have been dropped or made optional to reduce the common-case processing cost of packet handling and to limit the bandwidth cost of the IPv6 header.

• Improved support for extensions and options — Changes in the way IP header options are encoded allows for more efficient forwarding, less stringent limits on the length of options, and greater flexibility for introducing new options in the future.

IP Router Configuration

• Flow labeling capability — The capability to enable the labeling of packets belonging to particular traffic flows for which the sender requests special handling, such as non-default quality of service or “real-time” service was added in IPv6.

• Authentication and privacy capabilities — Extensions to support authentication, data

integrity, and (optional) data confidentiality are specified for IPv6.

7210 SAS D, E, K OS Router Configuration Guide Page 17

Page 18

Configuring IP Router Parameters

Figure 1: IPv6 Header Format

Table 2: IPv6 Header Field Descriptions

Field Description

Version 4-bit Internet Protocol version number = 6.

Prio. 4-bit priority value.

Flow Label 24-bit flow label.

Payload Length 6-bit unsigned integer. The length of payload, for example, the rest of the

packet following the IPv6 header, in octets. If the value is zero, the payload length iscarried in a jumbo payload hop-by-hop option.

Next Header 8-bit selector. Identifies the type of header immediately following the IPv6

header. This field uses the same values as the IPv4 protocol field.

Hop Limit 8-bit unsigned integer. Decremented by 1 by each node that forwards the

packet. The packet is discarded if the hop limit is decremented to zero.

Source Addres 128-bit address of the originator of the packet.

Destination Address 128-bit address of the intended recipient of the packet (possibly not the ulti-

mate recipient if a routing header is present).

Page 18 7210 SAS D, E, K OS Router Configuration Guide

Page 19

IPv6 Applications for 7210 SAS-D

The IPv6 applications for 7210 SAS-D are:

• IPv6 inband management of the node using access-uplink port IPv6 IP interface

• IPv6 transit management traffic (using access-uplink port port IPv6 IP interfaces)

DNS

The DNS client is extended to use IPv6 as transport and to handle the IPv6 address in the DNS AAAA resource record from an IPv4 or IPv6 DNS server. An assigned name can be used instead of an IPv6 address as IPv6 addresses are more difficult to remember than IPv4 addresses.

IP Router Configuration

7210 SAS D, E, K OS Router Configuration Guide Page 19

Page 20

Process Overview

The following items are components to configure basic router parameters.

• System interface — This creates an association between the logical IP interface and the system (loopback) address. The system interface address is the circuitless address (loopback)

Page 20 7210 SAS D, E, K OS Router Configuration Guide

Page 21

Configuration Notes

The following information describes router configuration guidelines.

• A system interface and associated IP address should be specified.

• Boot options file (BOF) parameters must be configured prior to configuring router parameters.

• IPv4 and IPv6 route table lookup entries are shared. Before adding routes for IPv6 destinations, route entries in the routed lookup table needs to be allocated for IPv6 addresses. This can be done using the CLI command config> system> resource-profile> max-ipv6-routes. This command allocates route entries for /64 IPv6 prefix route lookups. The system does not allocate any IPv6 route entries by default and user needs to allocate some resources before using IPv6. For the command to take effect the node must be rebooted after making the change. Please see the example below and the Systems Basic guide for more information.

• A separate route table (or a block in the route table) is used for IPv6 /128-bit prefix route lookup. A limited amount of IPv6 /128 prefixes route lookup entries is supported. The software enables lookups in this table by default (in other words no user configuration is required to enable IPv6 /128-bit route lookup).

IP Router Configuration

• IPv6 interfaces are allowed to be created without allocating IPv6 route entries. With this only IPv6 hosts on the same subnet will be reachable.

7210 SAS D, E, K OS Router Configuration Guide Page 21

Page 22

Configuration Notes

Page 22 7210 SAS D, E, K OS Router Configuration Guide

Page 23

Configuring an IP Router with CLI

This section provides information to configure an IP router.

Topics in this section include:

• Router Configuration Overview on page 24

• Basic Configuration on page 25

• Common Configuration Tasks on page 26

→ Configuring a System Name on page 26

→ Configuring Interfaces on page 27

• Configuring a System Interface on page 27

→ Service Management Tasks on page 31

• Service Management Tasks on page 31

→ Changing the System Name on page 31

→ Modifying Interface Parameters on page 54

→ Deleting a Logical IP Interface on page 32

IP Router Configuration

7210 SAS D, E, K OS Router Configuration Guide Page 23

Page 24

Router Configuration Overview

In a 7210 SAS, an interface is a logical named entity. An interface is created by specifying an interface name under the context where objects like static routes are defined. An IP interface name can be up to 32 alphanumeric characters long, must start with a letter, and is case-sensitive; for example, the interface name “1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed.

To create an interface on an Alcatel-Lucent 7210 SAS router, the basic configuration tasks that must be performed are:

• Assign a name to the interface.

• Associate an IP address with the interface.

• Associate the interface with a system or a loopback interface.

A system interface should be configured.

configure>router context. This is the global router configuration

System Interface

The system interface is associated with the network entity , not a specific interface.

The system interface is used to preserve connectivity (when routing reconvergence is possible) when an interface fails or is removed. The system interface is used as the router identifier. A system interface must have an IP address with a 32-bit subnet mask.

Page 24 7210 SAS D, E, K OS Router Configuration Guide

Page 25

Basic Configuration

The most basic router configuration must have the following:

• System name

• System address

The following example displays a router configuration:

A:ALA-A> config# info . . . #-----------------------------------------# Router Configuration #----------------------------------------- router interface "system" address 10.10.10.103/32 exit ...

exit

exit ... #-----------------------------------------A:ALA-A> config#

IP Router Configuration

7210 SAS D, E, K OS Router Configuration Guide Page 25

Page 26

Common Configuration Tasks

The following sections describe basic system tasks.

• Configuring a System Name on page 26

• Configuring Interfaces on page 27

→ Configuring a System Interface on page 27

Configuring a System Name

Use the system command to configure a name for the device. The name is used in the prompt string. Only one system name can be configured. If multiple system names are configured, the last one configured will overwrite the previous entry.

If special characters are included in the system name string, such as spaces, #, or ?, the entire string must be enclosed in double quotes. Use the following CLI syntax to configure the system name:

CLI Syntax: config# system

name system-name

Example

: config# system

config>system# name ALA-A ALA-A>config>system# exit all ALA-A#

The following example displays the system name output.

A:ALA-A>config>system# info #-----------------------------------------# System Configuration #----------------------------------------- name "ALA-A" location "Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." snmp exit . . . exit

----------------------------------------------

Page 26 7210 SAS D, E, K OS Router Configuration Guide

Page 27

Configuring Interfaces

The following command sequences create a system IP interface. The system interface assigns an IP address to the interface in the IES context and create logical IP interfaces for inband management.

Note that the system interface cannot be deleted.

Configuring a System Interface

To configure a system interface:

CLI Syntax: config>router

interface interface-name

address {[ip-address/mask]|[ip-address] [netmask]}

IP Router Configuration

7210 SAS D, E, K OS Router Configuration Guide Page 27

Page 28

Common Configuration Tasks

Configuring IPv6 Parameters

IPv6 interfaces and associated routing protocols may be configured:

*A:7210SAS>config>system>res-prof# info

----------------------------------------------

.....

max-ipv6-routes1000

....

------------------------------------------------

The following displays the interface configuration showing the IPv6 default configuration when IPv6 is enabled on the interface.

*A:dut-d>config>router>if>ipv6# info detail

--------------------------------------------- icmp6 packet-too-big 100 10 param-problem 100 10 redirects 100 10 time-exceeded 100 10 unreachables 100 10 exit address 4000:1000:1::1/64 no dad-disable no reachable-time no neighbor-limit no qos-route-lookup no local-proxy-nd no tcp-mss

----------------------------------------------

Use the following CLI syntax to configure IPv6 parameters on a router interface.

CLI Syntax: config>router# interface interface-name

port port-name

ipv6

address {ipv6-address/prefix-length} [eui-64] icmp6

packet-too-big [number seconds] param-problem [number seconds] redirects [number seconds] time-exceeded [number seconds] unreachables [number seconds] neighbor ipv6-address mac-address

The following displays a configuration example showing interface information.

A:ALA-49>config>router>if# info

----------------------------------------------

address 10.11.10.1/64

Page 28 7210 SAS D, E, K OS Router Configuration Guide

Page 29

port 1/1/10

ipv6

address 10::1/64

exit

---------------------------------------------A:ALA-49>config>router>if#

IP Router Configuration

7210 SAS D, E, K OS Router Configuration Guide Page 29

Page 30

Common Configuration Tasks

Router Advertisement

To configure the router to originate router advertisement messages on an interface, the interface must be configured under the router-advertisement context and be enabled (no shutdown). All other router advertisement configuration parameters are optional.

Use the following CLI syntax to enable router advertisement and configure router advertisement parameters:

CLI Syntax: config>router# router-advertisement interface ip-int-name

current-hop-limit number

managed-configuration

max-advertisement-interval seconds

min-advertisement-interval seconds

mtu mtu-bytes

other-stateful-configuration

prefix ipv6-prefix/prefix-length

autonomous on-link preferred-lifetime {seconds | infinite}

valid-lifetime {seconds | infinite} reachable-time milli-seconds retransmit-time milli-seconds router-lifetime seconds no shutdown use-virtual-mac

The following displays a router advertisement configuration example.

*A:sim131>config>router>router-advert# info

---------------------------------------------interface "n1"

prefix 3::/64 exit use-virtual-mac no shutdown

exit

----------------------------------------------

*A:sim131>config>router>router-advert# interface n1 *A:sim131>config>router>router-advert>if# prefix 3::/64 *A:sim131>config>router>router-advert>if>prefix# info detail

---------------------------------------------autonomous on-link preferred-lifetime 604800 valid-lifetime 2592000

----------------------------------------------

*A:tahi>config>router>router-advert>if>prefix#

Page 30 7210 SAS D, E, K OS Router Configuration Guide

Page 31

Service Management Tasks

This section discusses the following service management tasks:

• Changing the System Name on page 31

• Modifying Interface Parameters on page 54

• Deleting a Logical IP Interface on page 32

Changing the System Name

The system command sets the name of the device and is used in the prompt string. Only one system name can be configured. If multiple system names are configured, the last one configured will overwrite the previous entry.

Use the following CLI syntax to change the system name:

IP Router Configuration

CLI Syntax: config# system

name system-name

The following example displays the command usage to change the system name:

Example:A:ALA-A>config>system# name tgif

A:TGIF>config>system#

The following example displays the system name change:

A:ALA-A>config>system# name TGIF A:TGIF>config>system# info #-----------------------------------------# System Configuration #----------------------------------------- name "TGIF"

location "Mt.View, CA, NE corner of FERG 1 Building" coordinates "37.390, -122.05500 degrees lat." synchronize snmp

exit security snmp community "private" rwa version both exit exit . . .

----------------------------------------------

A:TGIF>config>system#

7210 SAS D, E, K OS Router Configuration Guide Page 31

Page 32

Service Management Tasks

Deleting a Logical IP Interface

The no form of the interface command typically removes the entry, but all entity associations must be shut down and/or deleted before an interface can be deleted.

1. Before loopback IP interface can be deleted, it must first be administratively disabled with the

shutdown command.

2. After the interface has been shut down, it can then be deleted with the no interface command.

CLI Syntax: config>router

no interface

ip-int-name

Example

: config>router# interface test-interface

config>router>if# shutdown config>router>if# exit config>router# no interface test-interface config>router#

Page 32 7210 SAS D, E, K OS Router Configuration Guide

Page 33

IP Router Command Reference

Command Hierarchies

Configuration Commands

• Router Commands on page 34

• Router Interface Commands on page 35

• Router Interface IPv6 Commands (supported only on 7210 SAS-D) on page 36

• Show Commands on page 37

• Clear Commands on page 38

IP Router Configuration

7210 SAS D, E, K OS Router Configuration Guide Page 33

Page 34

IP Router Command Reference

Router Commands

config

— router [router-name]

—[no] static-route {ip-prefix/prefix-length | ip-prefix netmask}[preference preference] [met-

ric metric] [enable | disable] next-hop ip-address

—[no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [met-

ric metric] [enable | disable] black-hole

— interface interface-name —no interface interface-name

Page 34 7210 SAS D, E, K OS Router Configuration Guide

Page 35

Router Interface Commands

config

—router [router-name]

— [no] interface ip-int-name [unnumbered-mpls-tp]

IP Router Configuration

— address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-

ones}]

—no address — delayed-enable —no delayed-enable — description long-description-string —no description — icmp

— redirects [number seconds] —no redirects — ttl-expired [number seconds] —no ttl-expired — unreachables [number seconds] —no unreachables

— [no] loopback — [no] shutdown

7210 SAS D, E, K OS Router Configuration Guide Page 35

Page 36

IP Router Command Reference

Router Interface IPv6 Commands (supported only on 7210 SAS-D)

config

—router [router-name]

— [no] interface ip-int-name

—[no] ipv6

— address ipv6-address/prefix-length [eui-64] —no address ipv6-address/prefix-length — icmp6

— packet-too-big [number seconds] —no packet-too-big — param-problem [number seconds] —no param-problem — redirects [number seconds] —no redirects — time-exceeded number seconds] —no time-exceeded — unreachables [number seconds] —no unreachables

— link-local-address ipv6-address [preferred] — [no] local-proxy-nd — neighbor ipv6-address [mac-address] —no neighbor ipv6-address — proxy-nd-policy policy-name [ policy-name...(up to 5 max)] —no proxy-nd-policy

[preferred]

Page 36 7210 SAS D, E, K OS Router Configuration Guide

Page 37

Show Commands

show

—router router-instance

IP Router Configuration

static]

— dhcp

— statistics [interface ip-int-name|ip-address] — summary

— interface [{[ip-address | ip-int-name] [detail]} | [summary] — interface [ip-address | ip-int-name] [detail] — interface [ip-address | ip-int-name] — icmp6

— interface [interface-name] — interface [{[ip-address | ip-int-name] [detail] [family]} — interface [family] [detail] — interface ip-address | ip-int-name> stastistics — neighbor [family] [ip-address | ip-int-name | mac ieee-mac-address | summary]

[dynamic|static|managed]

— route-table [ip-address[mask] [longer|exact]]|[summary] — route-table [family] [summary] — rtr-advertisement [interface interface-name] [prefix ipv6-prefix[/prefix-length] [conflicts] — static-arp [ip-address | ip-int-name | mac ieee-mac-addr] — static-route [family] [[ip-prefix /mask] [ip-prefix /prefix-length] | [preference preference

[next-hop ip-address| tag tag] | [detail]

— status

| [summary] | [exclude-services]

] |

7210 SAS D, E, K OS Router Configuration Guide Page 37

Page 38

IP Router Command Reference

Clear Commands

clear

— router [router-instance]

Debug Commands

debug

—trace — router router-instance

— arp {all | ip-addr | interface {ip-int-name | ip-addr}} — dhcp

— statistics [ip-int-name|ip-address] — icmp6 all — icmp6 global — icmp6 interface interface-name — neighbor {all | ipv6-address} — neighbor interface [ip-int-name | ipv6-address] — router-advertisement all — router-advertisement [interface interface-name]

— ip

—[no] arp

— icmp

—no icmp

— icmp6 [ip-int-name]

—no icmp6

— [no] interface [ip-int-name | ip-address]

— neighbor [ip-int-name]

— packet [ip-int-name | ip-address] [headers] [protocol-id]

—no packet [ip-int-name | ip-address]

— route-table [ip-prefix/prefix-length] [longer]

—no route-table

Page 38 7210 SAS D, E, K OS Router Configuration Guide

Page 39

IP Router Configuration

Configuration Commands

Generic Commands

shutdown

Syntax [no] shutdown

Context config>router>interface

Description The shutdown command administratively disables the entity. When disabled, an entity does not

change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.

The shutdown command administratively disables an entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system generated configuration files.

The no form of the command puts an entity into the administratively enabled state.

Default no shutdown

description

Syntax description description-string

no description

Context config>router>if

Description This command creates a text description stored in the configuration file for a configuration context.

The no form of the command removes the description string from the context.

Default No description is associated with the configuration context.

Parameters description-string — The description character string. Allowed values are any string up to 80

characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

7210 SAS D, E, K OS Router Configuration Guide Page 39

Page 40

Configuration Commands

Router Global Commands

router

Syntax router

Context config

Description This command enables the context to configure router parameters, and interfaces.

static-route

Syntax [no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference]

[metric metric] [enable | disable] next-hop ip-address

[no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [metric metric] [enable | disable] black-hole

Context config>router

Description This command creates static route entries for both the network and access routes.

When configuring a static route, either next-hop or black-hole must be configured. The no form of the command deletes the static route entry. If a static route needs to be removed when multiple static routes exist to the same destination, then as many parameters to uniquely identify the static route must be entered.

Default No static routes are defined.

Parameters ip-prefix/prefix-length — The destination address of the static route.

ipv4-prefix a.b.c.d (host bits must be 0) ipv4-prefix-length 0 — 32 ip-address — The IP address of the IP interface. The ip-addr portion of the address command

specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.

ipv4-address a.b.c.d (host bits must be 0)netmask — The subnet mask in dotted decimal

notation.

Val ues 0.0.0.0 — 255.255.255.255 (network bits all 1 and host bits all 0)

preference preference — The preference of this static route versus the routes from different sources

such as OSPF, expressed as a decimal integer. When modifing the preference of an existing static route, the metric will not be changed unless specified.

Page 40 7210 SAS D, E, K OS Router Configuration Guide

Page 41

IP Router Configuration

Different protocols should not be configured with the same preference.

If multiple routes are learned with an identical preference using the same protocol, the lowest- cost route is used. metric metric — The cost metric for the static route, expressed as a decimal integer.

When modifying the metric of an existing static route, the preference will not change unless specified. This value is also used to determine which static route to install in the forwarding table:

• If there are multiple routes with different preferences then the lower preference route will be installed.

• If there are multiple static routes with the same preference but different metrics then the lower cost (metric) route will be installed.

• If there are multiple static routes with the same preference and metric, then the route with the lowest next-hop IP address will be installed.

Default 1

Values 0 — 65535

next-hop ip-address — Specifies the directly connected next hop IP address used to reach the

destination.

The next-hop keyword and the black-hole keywords are mutually exclusive. If an identical command is entered (with the exception of either the black-hole parameters), then this static route will be replaced with the newly entered command, and unless specified, the respective defaults for preference and metric will be applied.

The ip-address configured here can be either on the network side or the access side on this node. This address must be associated with a network directly connected to a network configured on this node.

Values

enable — Static routes can be administratively enabled or disabled. Use the enable parameter to re-

enable a disabled static route. In order to enable a static route, it must be uniquely identified by the IP address, mask, and any other parameter that is required to identify the exact static route.

The administrative state is maintained in the configuration file.

Default enable

disable — Static routes can be administratively enabled or disabled. Use the disable parameter to

disable a static route while maintaining the static route in the configuration. In order to enable a static route, it must be uniquely identified by the IP address, mask, and any other parameter that is required to identify the exact static route.

The administrative state is maintained in the configuration file.

Default enable

7210 SAS D, E, K OS Router Configuration Guide Page 41

Page 42

Configuration Commands

Page 42 7210 SAS D, E, K OS Router Configuration Guide

Page 43

IP Router Configuration

Router Interface Commands

interface

Syntax [no] interface ip-int-name

Contextconfig>router

Description This command creates a system or a loopback IP routing interface. Once created, attributes like IP

address, or system can be associated with the IP interface.

Interface names are case-sensitive and must be unique within the group of IP interfaces defined for config router interface. Interface names must not be in the dotted decimal notation of an IP address.; for example, the name “1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. Show commands for router interfaces use either the interface names or the IP addresses. Ambiguity can exist if an IP address is used as an IP address and an interface name.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

Although not a keyword, the ip-int-name “system” is associated with the network entity , not a specific interface. The system interface is also referred to as the loopback address.

The no form of the command removes the IP interface and all the associated configurations. The interface must be administratively shut down before issuing the no interface command.

Default No interfaces or names are defined within the system.

Parameters ip-int-name — The name of the IP interface. Interface names must be unique within the group of

defined IP interfaces for config router interface commands. An interface name cannot be in the form of an IP address. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

Values 1 — 32 alphanumeric characters.

If the ip-int-name already exists, the context is changed to maintain that IP interface. If ip-int-

name already exists within another service ID or is an IP interface defined within the config router commands, an error will occur and the context will not be changed to that IP interface. If

ip-int-name does not exist, the interface is created and the context is changed to that interface for further command processing.

accounting-policy

Syntax accounting-policy acct-policy-id

no accounting-policy

Context config>router

7210 SAS D, E, K OS Router Configuration Guide Page 43

Page 44

Configuration Commands

Description An accounting policy must be defined before it can be associated with a SAP. If the policy-id does

not exist, an error message is generated. A maximum of one accounting policy can be associated with a SAP at one time.

Default Default accounting policy

Parameters acct-policy-id — Enter the accounting policy-id as configured in the config>router>accounting-

policycontext.

Val ues 1 — 99

address

Syntax address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]

no address

Context config>router>interface

Description This command assigns an IP addressto a system IP interface. Only one IP address can be associated

with an IP interface.

The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted decimal notation. Show commands display CIDR notation and are stored in configuration files.

By default, no IP address or subnet association exists on an IP interface until it is explicitly created.

The no form of the command removes the IP address assignment from the IP interface. The no form of this command can only be performed when the IP interface is administratively shut down.

If a new address is entered while another address is still active, the new address will be rejected.

Default No IP address is assigned to the IP interface.

Parameters ip-address — The IP address of the IP interface. The ip-addr portion of the address command

specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.

Val ues 1.0.0.0 — 223.255.255.255

/ — The forward slash is a parameter delimiter that separates the ip-addr portion of the IP address

from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-

addr, the “/” and the mask-length parameter. If a forward slash does not ediately follow the ip- addr, a dotted decimal mask must follow the prefix.

mask-length — The subnet mask length when the IP prefix is specified in CIDR notation. When the

IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-addr from the masklength parameter. The mask length parameter indicates the number of bits used for the network

portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address. Allowed values are integers in the range 1— 32. Note that a mask length of 32 is reserved for system IP addresses.

Val ues 1 — 32

Page 44 7210 SAS D, E, K OS Router Configuration Guide

Page 45

IP Router Configuration

mask — The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR

notation, a space separates the ip-addr from a traditional dotted decimal mask. The mask parameter indicates the complete mask that will be used in a logical ‘AND’ function to derive the local subnet of the IP address. Note that a mask of 255.255.255.255 is reserved for system IP addresses.

Values 128.0.0.0 — 255.255.255.255

netmask — The subnet mask in dotted decimal notation.

Values 0.0.0.0 — 255.255.255.255 (network bits all 1 and host bits all 0)

broadcast {all-ones | host-ones} — The optional broadcast parameter overrides the default

broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones, which indictates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.

The all-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.

The host-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-addr and the mask-length or mask with all the host bits set to binary 1. This is the default broadcast address used by an IP interface.

The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-

ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host- ones) will be received by the IP interface.

Default host-ones

Values all-ones, host-ones

delayed-enable

Syntax delayed-enable seconds

no delayed-enable

Context config>router>interface

Description This command creates a delay to make the interface operational by the specified number of seconds

The value is used whenever the system attempts to bring the interface operationally up.

7210 SAS D, E, K OS Router Configuration Guide Page 45

Page 46

Configuration Commands

Parameters seconds — Specifies a delay, in seconds, to make the interface operational.

Val ues 1 — 1200

local-proxy-arp

Syntax [no] local-proxy-arp

Context config>router>interface

Description This command enables local proxy ARP on the interface.

Default no local-proxy-arp

loopback

Syntax [no] loopback

Context config>router>interface

Description This command configures the interface as a loopback interface.

Default Not enabled

mac

Syntax mac ieee-mac-addr

no mac

Context config>router>interface

Description This command assigns a specific MAC address to an IP interface. Only one MAC address can be

assigned to an IP interface. When multiple mac commands are entered, the last command overwrites the previous command.

The no form of the command returns the MAC address of the IP interface to the default value.

Default IP interface has a system-assigned MAC address.

Parameters ieee-mac-addr — Specifies the 48-bit MAC address for the IP interface in the form aa:bb:cc:dd:ee:ff

or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

proxy-arp-policy

Syntax [no] proxy-arp-policy policy-name [policy-name...(up to 5 max)]

Page 46 7210 SAS D, E, K OS Router Configuration Guide

Page 47

IP Router Configuration

Context config>router>interface

Description This command enables and configures proxy ARP on the interface and specifies an existing

policystatement to analyze match and action criteria that controls the flow of routing information to and from a given protocol, set of protocols, or a particular neighbor. The policy-name is configured in the config>router>policy-options context.

Use proxy ARP so the 7210 SAS responds to ARP requests on behalf of another device. Static ARP is used when a 7210 SAS needs to know about a device on an interface that cannot or does not respond to ARP requests. Thus, the 7210 SAS configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address.

Default no proxy-arp-policy

Parameters policy-name — The export route policy name. Allowed values are any string up to 32 characters long

composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. The specified policy name(s) must already be defined.

remote-proxy-arp

Syntax [no] remote-proxy-arp

Context config>router>interface

Description This command enables remote proxy ARP on the interface.

Default no remote-proxy-arp

7210 SAS D, E, K OS Router Configuration Guide Page 47

Page 48

Configuration Commands

Router Interface ICMP Commands

icmp

Syntax icmp

Context config>router>interface

Description This command enables access to the context to configure Internet Control Message Protocol (ICMP)

parameters on a network IP interface. ICMP is a message control and error reporting protocol that also provides information relevant to IP packet processing.

redirects

Syntax redirects [number seconds]

no redirects

Context config>router>if>icmp

Description This command enables and configures the rate for ICMP redirect messages issued on the router

interface.

When routes are not optimal on this router, and another router on the same subnetwork has a better route, the router can issue an ICMP redirect to alert the sending node that a better route is available.

The redirects command enables the generation of ICMP redirects on the router interface. The rate at which ICMP redirects are issued can be controlled with the optional number and time parameters by indicating the maximum number of redirect messages that can be issued on the interface for a given time interval.

By default, generation of ICMP redirect messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of the command disables the generation of ICMP redirects on the router interface.

Default redirects 100 10 — Maximum of 100 redirect messages in 10 seconds.

Parameters number — The maximum number of ICMP redirect messages to send, expressed as a decimal integer.

This parameter must be specified with the time parameter.

Val ues 10 — 1000

seconds — The time frame, in seconds, used to limit the number of ICMP redirect messages that can

be issued,expressed as a decimal integer.

Val ues 1 — 60

Page 48 7210 SAS D, E, K OS Router Configuration Guide

Page 49

IP Router Configuration

ttl-expired

Syntax ttl-expired [number seconds]

no ttl-expired

Context config>router>if>icmp

Description This command configures the rate that Internet Control Message Protocol (ICMP) Time To Live

(TTL) expired messages are issued by the IP interface.

By default, generation of ICMP TTL expired messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of the command disables the generation of TTL expired messages.

Default ttl-expired 100 10 — Maximum of 100 TTL expired message in 10 seconds.

Parameters number — The maximum number of ICMP TTL expired messages to send, expressed as a decimal

integer. The seconds parameter must also be specified.

Values 10 — 1000

seconds — The time frame, in seconds, used to limit the number of ICMP TTL expired messages that

can be issued, expressed as a decimal integer.

Values 1 — 60

unreachables

Syntax unreachables [number seconds]

no unreachables

Context config>router>if>icmp

Description This command enables and configures the rate for ICMP host and network destination unreachable

messages issued on the router interface.

The unreachables command enables the generation of ICMP destination unreachables on the router interface. The rate at which ICMP unreachables is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a given time interval.

By default, generation of ICMP destination unreachables messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of the command disables the generation of ICMP destination unreachables on the router interface.

Default unreachables 100 10 — Maximum of 100 unreachable messages in 10 seconds.

Parameters number — The maximum number of ICMP unreachable messages to send, expressed as a decimal

integer. The seconds parameter must also be specified.

Values 10 — 1000

7210 SAS D, E, K OS Router Configuration Guide Page 49

Page 50

Configuration Commands

seconds — The time frame, in seconds, used to limit the number of ICMP unreachable messages that

can be issued, expressed as a decimal integer.

Val ues

icmp6

Syntax icmp6

Context config>router>if>ipv6

Description This command enables the context to configure ICMPv6 parameters for the interface.

packet-too-big

Syntax packet-too-big [number seconds]

no packet-too-big

Context config>router>if>ipv6>icmp6

Description This command configures the rate for ICMPv6 packet-too-big messages.

Parameters number — Limits the number of packet-too-big messages issued per the time frame specifed in the

seconds parameter.

Val ues 10 — 1000

seconds — Determines the time frame, in seconds, that is used to limit the number of packet-too-big

messages issued per time frame.

Val ues 1 — 60

param-problem

Syntax param-problem [number seconds]

no param-problem

Context config>router>if>ipv6>icmp6

Description This command configures the rate for ICMPv6 param-problem messages.

Parameters number — Limits the number of param-problem messages issued per the time frame specifed in the

seconds parameter.

Val ues 10 — 1000

seconds — Determines the time frame, in seconds, that is used to limit the number of param-problem

messages issued per time frame.

Val ues 1 — 60

Page 50 7210 SAS D, E, K OS Router Configuration Guide

Page 51

IP Router Configuration

redirects

Syntax redirects [number seconds]

no redirects

Context config>router>if>ipv6>icmp6

Description This command configures the rate for ICMPv6 redirect messages. When configured, ICMPv6

redirects are generated when routes are not optimal on the router and another router on the same subnetwork has a better route to alert that node that a better route is available.

The no form of the command disables ICMPv6 redirects.

Default 100 10 (when IPv6 is enabled on the interface)

Parameters number — Limits the number of redirects issued per the time frame specifed in seconds parameter.

Values 10 — 1000

seconds — Determines the time frame, in seconds, that is used to limit the number of redirects issued

per time frame.

Values 1 — 60

time-exceeded

Syntax time-exceeded [number seconds]

no time-exceeded

Context config>router>if>ipv6>icmp6

Description This command configures rate for ICMPv6 time-exceeded messages.

Parameters number — Limits the number of time-exceeded messages issued per the time frame specifed in

seconds parameter.

Values 10 — 1000

seconds — Determines the time frame, in seconds, that is used to limit the number of time-exceeded

messages issued per time frame.

Values 1 — 60

unreachables

Syntax unreachables [number seconds]

no unreachables

Context config>router>if>ipv6>icmp6

Description This command configures the rate for ICMPv6 unreachable messages. When enabled, ICMPv6 host

and network unreachable messages are generated by this interface.

7210 SAS D, E, K OS Router Configuration Guide Page 51

Page 52

Configuration Commands

The no form of the command disables the generation of ICMPv6 host and network unreachable messages by this interface.

Default 100 10 (when IPv6 is enabled on the interface)

Parameters number — Determines the number destination unreachable ICMPv6 messages to issue in the time

frame specified in seconds parameter.

Val ues 10 — 1000

seconds — Sets the time frame, in seconds, to limit the number of destination unreachable ICMPv6

messages issued per time frame.

Val ues 1 — 60

link-local-address

Syntax link-local-address ipv6-address [preferred]

no link-local-address

Context config>router>if>ipv6

Description This command configures the link local address.

local-proxy-nd

Syntax [no] local-proxy-nd

Context config>router>if>ipv6

Description This command enables local proxy neighbor discovery on the interface.

The no form of the command disables local proxy neighbor discovery.

proxy-nd-policy

Syntax proxy-nd-policy policy-name [policy-name...(up to 5 max)]

no proxy-nd-policy

Context config>router>if>ipv6

Description This command configure a proxy neighbor discovery policy for the interface.

Parameters policy-name — The neighbor discovery policy name. Allowed values are any string up to 32

characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes. The specified policy name(s) must already be defined.

Page 52 7210 SAS D, E, K OS Router Configuration Guide

Page 53

IP Router Configuration

neighbor

Syntax neighbor [ipv6-address] [mac-address]

no neighbor [ipv6-address]

Context config>router>if>ipv6

Description This command configures an IPv6-to-MAC address mapping on the interface. Use this command if a

directly attached IPv6 node does not support ICMPv6 neighbor discovery, or for some reason, a static address must be used. This command can only be used on Ethernet media.

The ipv6-address must be on the subnet that was configured from the IPv6 address command or a link-local address.

Parameters ipv6-address — The IPv6 address assigned to a router interface.

Values ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d x: [0 — FFFF]H d: [0 — 255]D

mac-address — Specifies the MAC address for the neighbor in the form of xx:xx:xx:xx:xx:xx or xx-

xx-xx-xx-xx-xx.

7210 SAS D, E, K OS Router Configuration Guide Page 53

Page 54

Configuration Commands

Page 54 7210 SAS D, E, K OS Router Configuration Guide

Page 55

IP Router Configuration

Show Commands

arp

static]

Context show>router

Description This command displays the router ARP table sorted by IP address. If no command line options are spec-

ified, all ARP entries are displayed.

Parameters ip-address/mask — Only displays ARP entries associated with the specified IP address and mask.

ip-int-name — Only displays ARP entries associated with the specified IP interface name.

mac ieee-mac-addr — Only displays ARP entries associated with the specified MAC address.

summary — Displays an abbreviate list of ARP entries.

[local | dynamic | static] — Only displays ARP information associated with the keyword.

Output ARP Table Output — The following table describes the ARP table output fields:

Label Description

IP Address

MAC Address

Expiry

Type

Int

[I}

Interface

No. of ARP Entries

The IP address of the ARP entry.

The MAC address of the ARP entry.

The age of the ARP entry.

Dyn — The ARP entry is a dynamic ARP entry. Inv — The ARP entry is an inactive static ARP entry (invalid). Oth — The ARP entry is a local or system ARP entry. Sta — The ARP entry is an active static ARP entry.

The ARP entry is an internal ARP entry.

The ARP entry is in use.

The IP interface name associated with the ARP entry.

The number of ARP entries displayed in the list.

Sample Output

*B:7710-Red-RR# show router arp ===============================================================================

7210 SAS D, E, K OS Router Configuration Guide Page 55

Page 56

Show Commands

neighbor

Syntax neighbor [ip-int-name | ip-address | mac ieee-mac-address | summary]

ARP Table (Router: Base) =============================================================================== IP Address MAC Address Expiry Type Interface

-------------------------------------------------------------------------------

10.20.1.24 00:16:4d:23:91:b8 00h00m00s Oth system

10.10.4.11 00:03:fa:00:d0:c9 00h57m03s Dyn[I] to-core-sr1

10.10.4.24 00:03:fa:41:8d:20 00h00m00s Oth[I] to-core-sr1

------------------------------------------------------------------------------No. of ARP Entries: 3 ===============================================================================

[dynamic|static|managed]

Context show>router

Description This command displays information about the IPv6 neighbor cache.

Parameters ip-int-name — Specify the IP interface name.

ip-address — Specify the address of the IPv6 interface address.

mac ieee-mac-address — Specify the MAC address.

summary — Displays summary neighbor information.

dynamic — The IPv6 neighbor entry is a dynamic neighbor entry.

static — The IPv6 neighbor entry is an active static neighbor entry.

managed — The IPv6 neighbor entry is a managed neighbor entry.

Output Neighbor Output — The following table describes neighbor output fields.

Label Description

IPv6 Address

Interface

MAC Address

State

Displays the IPv6 address.

Displays the name of the IPv6 interface name.

Specifies the link-layer address.

Displays the current administrative state.

Exp

Type

Displays the number of seconds until the entry expires.

Displays the type of IPv6 interface.

Page 56 7210 SAS D, E, K OS Router Configuration Guide

Page 57

IP Router Configuration

Label Description (Continued)

Interface

Rtr

Dynamic

Static

Managed

Mtu

Displays the interface name.

Specifies whether a neighbor is a router.

The Ipv6 neighbor entry is a dynamic neighbor entry.

The Ipv6 neighbor entry is an active static neighbor entry.

The Ipv6 neighbor entry is a managed neighbor entry.

Displays the MTU size.

Sample Output

*A:Dut-A>config>router# show router neighbor

=============================================================================== Neighbor Table (Router: Base) =============================================================================== IPv6 Address Interface MAC Address State Expiry Type RTR

------------------------------------------------------------------------------2193:12:17:1::5 A_to_B2_17 00:00:1b:00:00:01 REACHABLE - Static No 2193:12:23:1::2 A_to_B2_23 e4:81:84:24:1d:6c STALE 01h12m35s Dynamic Yes

------------------------------------------------------------------------------No. of Neighbor Entries: 2 =============================================================================== *A:Dut-A>config>router# show router neighbor dynamic

------------------------------------------------------------------------------2193:12:23:1::2 A_to_B2_23 e4:81:84:24:1d:6c STALE 01h12m27s Dynamic Yes

------------------------------------------------------------------------------No. of Neighbor Entries: 1 =============================================================================== *A:Dut-A>config>router# *A:Dut-A>config>router# show router neighbor static

------------------------------------------------------------------------------2193:12:17:1::5 A_to_B2_17 00:00:1b:00:00:01 REACHABLE - Static No

------------------------------------------------------------------------------No. of Neighbor Entries: 1

7210 SAS D, E, K OS Router Configuration Guide Page 57

Page 58

Show Commands

=============================================================================== *A:Dut-A>config>router# show router neighbor ma mac managed *A:Dut-A>config>router# show router neighbor managed

Page 58 7210 SAS D, E, K OS Router Configuration Guide

Page 59

IP Router Configuration

dhcp

Syntax dhcp

Context show>router

Description This command enables the context to display DHCP information for the specified service.

statistics

Syntax statistics interface [ip-int-name|ip-address]

Context show>router>dhcp

Description Displays DHCP statistics information.

Parameters ip-int-name | ip-address — Displays statistics for the specified IP interface.

Show DHCP Statistics Output — The following table describes the output fields for DHCP

statistics.

Label Description

Received Packets

Transmitted Packets

Received Malformed Packets

Received Untrusted Packets

Client Packets Discarded

Client Packets Relayed

Client Packets Snooped

Server Packets Discarded

The number of packets received from the DHCP clients. Includes DHCP packets received from both DHCP client and DHCP server.

The number of packets transmitted to the DHCP clients. Includes DHCP packets transmitted from both DHCP client and DHCP server.

The number of corrupted/invalid packets received from the DHCP clients. Includes DHCP packets received from both DHCP client and DHCP server

The number of untrusted packets received from the DHCP clients. In this case, a frame is dropped due to the client sending a DHCP packet with Option 82 filled in before “trust” is set under the DHCP interface command.

The number of packets received from the DHCP clients that were discarded.

The number of packets received from the DHCP clients that were forwarded.

The number of packets received from the DHCP clients that were snooped.

The number of packets received from the DHCP server that were discarded.

7210 SAS D, E, K OS Router Configuration Guide Page 59

Page 60

Show Commands

Label Description

Server Packets Relayed

Server Packets Snooped

*A:7210SAS>show>router>dhcp# statistics

==================================================================== DHCP Global Statistics, service 1 ==================================================================== Rx Packets : 416554 Tx Packets : 206405 Rx Malformed Packets : 0 Rx Untrusted Packets : 0 Client Packets Discarded : 0 Client Packets Relayed : 221099 Client Packets Snooped : 0 Client Packets Proxied (RADIUS) : 0 Client Packets Proxied (Lease-Split) : 0 Server Packets Discarded : 0 Server Packets Relayed : 195455 Server Packets Snooped : 0 DHCP RELEASEs Spoofed : 0 DHCP FORCERENEWs Spoofed : 0 ==================================================================== *A:7210SAS>show>service>id>dhcp#

The number of packets received from the DHCP server that were forwarded.

The number of packets received from the DHCP server that were snooped.

summary

Syntax summary

Context show>router>dhcp

Description Displays DHCP configuration summary information.

Output Show DHCP Summary Output — The following table describes the output fields for DHCP

summary.

Label Description

Interface Name

Arp Populate

Used/Provided

Info Option

Admin State

Name of the router interface.

Specifies whether or not ARP populate is enabled. 7210 SAS does not support ARP populate.

7210 SAS does not maintain lease state.

Indicates whether Option 82 processing is enabled on the interface.

Indicates the administrative state.

Page 60 7210 SAS D, E, K OS Router Configuration Guide

Page 61

fib

IP Router Configuration

Sample Output

A:7210SAS# show router dhcp summary DHCP Summary, service 1 =======================================================================

Interface Name Arp Used/ Info Admin SapId/Sdp Populate Provided Option State

------------------------------------------------------------------------------egr_1 No 0/0 Replace Up i_1 No 0/0 Replace Up

------------------------------------------------------------------------------Interfaces: 2 =======================================================================

*A:7210SAS>show>service>id>dhcp#

Syntax

Context show>router

Description This command displays the active FIB entries for a specific .

Parameters ip-prefix/prefix-length — Displays FIB entries only matching the specified ip-prefix and length.

ipv4-prefix: a.b.c.d (host bits must be 0) ipv4-prefix-length: 0 — 32longer — Displays FIB entries matching the ip-prefix/mask

and routes with longer masks.

7210 SAS D, E, K OS Router Configuration Guide Page 61

Page 62

Show Commands

icmp6

Syntax icmp6

Context show>router

Description This command displays Internet Control Message Protocol Version 6 (ICMPv6) statistics. ICMP

generates error messages (for example, ICMP destination unreachable messages) to report errors during processing and other diagnostic functions. ICMPv6 packets can be used in the neighbor discovery protocol and path MTU discovery.

Output icmp6 Output — The following table describes the show router icmp6 output fields:

Label Description

Total

Destination Unreachable

Time Exceeded

Echo Request

Router Solicits

Neighbor Solicits

Errors

Redirects

Pkt Too big

Echo Reply

Router Advertisements

Neighbor Advertisements

Sample Output

The total number of all messages.

The number of message that did not reach the destination.

The number of messages that exceeded the time threshold.

The number of echo requests.

The number of times the local router was solicited.

The number of times the neighbor router was solicited.

The number of error messages.

The number of packet redirects.

The number of packets that exceed appropriate size.

The number of echo replies.

The number of times the router advertised its location.

The number of times the neighbor router advertised its location.

A:SR-3>show>router>auth# show router icmp6 =============================================================================== Global ICMPv6 Stats =============================================================================== Received Total : 14 Errors : 0 Destination Unreachable : 5 Redirects : 5 Time Exceeded : 0 Pkt Too Big : 0

Page 62 7210 SAS D, E, K OS Router Configuration Guide

Page 63

Echo Request : 0 Echo Reply : 0 Router Solicits : 0 Router Advertisements : 4 Neighbor Solicits : 0 Neighbor Advertisements : 0

------------------------------------------------------------------------------Sent Total : 10 Errors : 0 Destination Unreachable : 0 Redirects : 0 Time Exceeded : 0 Pkt Too Big : 0 Echo Request : 0 Echo Reply : 0 Router Solicits : 0 Router Advertisements : 0 Neighbor Solicits : 5 Neighbor Advertisements : 5 =============================================================================== A:SR-3>show>router>auth#

interface

Syntax interface [interface-name]

Context show>router>icmpv6

Description This command displays interface ICMPv6 statistics.

IP Router Configuration

Parameters interface-name — Only displays entries associated with the specified IP interface name.

Output icmp6 interface Output — The following table describes the show router icmp6 interface output

fields:

Label Description

Total

Destination Unreachable

Time Exceeded

Echo Request

Router Solicits

Neighbor Solicits

Errors

Redirects

Pkt Too big

Echo Reply

The total number of all messages.

The number of message that did not reach the destination.

The number of messages that exceeded the time threshold.

The number of echo requests.

The number of times the local router was solicited.

The number of times the neighbor router was solicited.

The number of error messages.

The number of packet redirects.

The number of packets that exceed appropriate size.

The number of echo replies.

Router Advertisements

Neighbor Advertisements

The number of times the router advertised its location.

The number of times the neighbor router advertised its location.

7210 SAS D, E, K OS Router Configuration Guide Page 63

Page 64

Show Commands

interface

Syntax interface [{[ip-address | ip-int-name] [detail]}

interface [{[ip-address | ip-int-name] [detail] [family]} | [summary] | [exclude-services] interface family [detail] interface [ip-address | ip-int-name]

Context show>router

Description This command displays the router IP interface table sorted by interface index.

Parameters ip-address — Only displays the interface information associated with the specified IP address.

Val ues ipv4-address a.b.c.d (host bits must be 0)

ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d x: [0 — FFFF]H d: [0 — 255]D

ip-int-name — Only displays the interface information associated with the specified IP interface name.

detail — Displays detailed IP interface information.

family — Specifies the router IP interface family to display.

Val ues ipv4 — Displays the peers that are IPv6-capable.

ipv6 — Displays the peers that are IPv6-capable.

Output Standard IP Interface Output — The following table describes the standard output fields for an IP

interface.

Label Description

Interface-Name

Type

The IP interface name.

n/a — No IP address has been assigned to the IP interface, so the IP address type is not applicable. Pri — The IP address for the IP interface is the Primary address on the IP interface.

IP-Address

Adm

The IP address and subnet mask length of the IP interface.

n/a — Indicates no IP address has been assigned to the IP interface.

Down — The IP interface is administratively disabled. Up — The IP interface is administratively enabled.

Opr

Down — The IP interface is operationally disabled. Up — The IP interface is operationally disabled.

Mode

Port

Network — The IP interface is a network/core IP interface.

The physical network port associated with the IP interface.

Page 64 7210 SAS D, E, K OS Router Configuration Guide

Page 65

IP Router Configuration

Sample Output

A:ALU-7210# show router interface =============================================================================== Interface Table (Router: Base) =============================================================================== Interface-Name Adm Opr Mode Port/SapId IP-Address PfxState

------------------------------------------------------------------------------system Up Up Network system

72.22.24.169/32 n/a

------------------------------------------------------------------------------Interfaces : 1 =============================================================================== A:ALU-7210# A:ALA-A# show router interface 6.6.6.2 =============================================================================== Interface Table (Router: Base) =============================================================================== Interface-Name Adm Opr Mode Port/SapId IP-Address PfxState

------------------------------------------------------------------------------to-PE-E Up Up IES 1/1/3:0.*

6.6.6.2/24 n/a

------------------------------------------------------------------------------Interfaces : 1 =============================================================================== A:ALA-A#

Detailed IP Interface Output — The following table describes the detailed output fields for an IP interface.

Label Description

If Name

Admin State

The IP interface name.

Down — The IP interface is administratively disabled.

Up — The IP interface is administratively enabled.

Oper State

Down — The IP interface is operationally disabled.

Up — The IP interface is operationally enabled.

IP Addr/mask

The IP address and subnet mask length of the IP interface. Not Assigned — Indicates no IP address has been assigned to the IP interface.

If Index

Virt If Index

Last Oper Change

The interface index of the IP router interface.

The virtual interface index of the IP router interface.

The last change in operational status.

7210 SAS D, E, K OS Router Configuration Guide Page 65

Page 66

Show Commands

Label Description (Continued)

Global If Index

If Type

SNTP B.cast

QoS Policy

MAC Address

Arp Timeout

The global interface index of the IP router interface.

Network — The IP interface is a network/core IP interface.

Displays if the broadcast-client global parameter is configured.

The QoS policy ID associated with the IP interface.

The MAC address of the interface.

The ARP timeout for the interface, in seconds, which is the time an ARP entry is maintained in the ARP cache without being refreshed.

Sample Output

A:SIM7# show router interface tosim6 detail =============================================================================== Interface Table (Router: Base) =============================================================================== Interface

------------------------------------------------------------------------------If Name : tosim6 Admin State : Up Oper State : Up Protocols : None IP Addr/mask : 20.0.0.7/24 Address Type : Primary IGP Inhibit : Disabled Broadcast Address: Host-ones

------------------------------------------------------------------------------Details

------------------------------------------------------------------------------If Index : 5 Virt. If Index : 5 Last Oper Chg: 01/09/2009 03:30:15 Global If Index : 4 SAP Id : 1/1/2:0.* TOS Marking : Untrusted If Type : IES SNTP B.Cast : False IES ID : 100 MAC Address : 2e:59:01:01:00:02 Arp Timeout : 14400 IP MTU : 1500 Arp Timeout : 14400

ICMP Details Redirects : Number - 100 Time (seconds) - 10 Unreachables : Number - 100 Time (seconds) - 10 TTL Expired : Number - 100 Time (seconds) - 10 =============================================================================== A:SIM7# *A:Dut-C# show router 1 mvpn =============================================================================== MVPN 1 configuration data =============================================================================== signaling : Bgp auto-discovery : Enabled UMH Selection : Highest-Ip intersite-shared : Enabled vrf-import : N/A vrf-export : N/A vrf-target : target:1:1 C-Mcast Import RT : target:10.20.1.3:2

ipmsi : pim-asm 224.1.1.1

Page 66 7210 SAS D, E, K OS Router Configuration Guide

Page 67

admin status : Up three-way-hello : N/A hello-interval : N/A hello-multiplier : 35 * 0.1 tracking support : Disabled Improved Assert : N/A

spmsi : pim-ssm 225.0.0.0/32 join-tlv-packing : N/A data-delay-interval: 3 seconds data-threshold : 224.0.0.0/4 --> 1 kbps

===============================================================================

route-table

Syntax route-table [ip-address[mask] [longer|exact]]|[summary]

Context show>router

Description This command displays the active routes in the routing table.

If no command line arguments are specified, all routes are displayed, sorted by prefix.

IP Router Configuration

Parameters ip-prefix[/prefix-length] — Displays routes only matching the specified ip-address and length.

Values ipv4-address: a.b.c.d (host bits must be set to 0)

ipv4-prefix-length: 0 — 32

longer — Displays routes matching the ip-prefix/mask and routes with longer masks.

exact — Displays the exact route matching the ip-prefix/mask masks.

summary — Displays a route table summary information.

Output Standard Route Table Output — The following table describes the standard output fields for the

route table.

Label Description

Dest Address

Next Hop

Type

The route destination address and mask.

The next hop IP address for the route destination.

Local — The route is a local route.

Remote — The route is a remote route.

Protocol

Age

Metric

The protocol through which the route was learned.

The route age in seconds for the route.

The route metric value for the route.

A:ALA# show router route-table =============================================================================== Route Table (Router: Base) ===============================================================================

7210 SAS D, E, K OS Router Configuration Guide Page 67

Page 68

Show Commands

Dest Prefix Type Proto Age Pref Next Hop[Interface Name] Metric

----------------------------------------------------------------------------------

1.1.1.1/32 Remote Static 00h22m29s 5

6.6.6.1 1

2.2.2.2/32 Local Local 00h22m52s 0 system 0

5.5.5.0/24 Remote Static 00h22m29s 5

6.6.6.1 1

6.6.6.0/24 Local Local 00h22m30s 0 to-PE-E 0

----------------------------------------------------------------------------------No. of Routes: 4 =============================================================================== A:ALA#

B:ALA-B# show router route-table 100.10.0.0 exact =============================================================================== Route Table (Router: Base) =============================================================================== Dest Address Next Hop Type Proto Age Metric Pref

-------------------------------------------------------------------------------

100.10.0.0/16 Black Hole Remote Static 00h03m17s 1 5

------------------------------------------------------------------------------No. of Routes: 1 =============================================================================== B:ALA-B#

Summary Route Table Output — Summary output for the route table displays the number of active routes and the number of routes learned by the router by protocol. Total active and available routes are also displayed.

Sample Output

A:ALA-A# show router route-table summary =============================================================================== Route Table Summary =============================================================================== Active Available

------------------------------------------------------------------------------Static 1 1 Direct 6 6

------------------------------------------------------------------------------Total 7 7 =============================================================================== A:ALA-A#

Page 68 7210 SAS D, E, K OS Router Configuration Guide

Page 69

IP Router Configuration

static-arp

Syntax static-arp [ip-addr | ip-int-name | mac ieee-mac-addr]

Context show>router

Description This command displays the router static ARP table sorted by IP address. If no options are present, all

ARP entries are displayed.

Parameters ip-addr — Only displays static ARP entries associated with the specified IP address.

ip-int-name — Only displays static ARP entries associated with the specified IP interface name.

mac ieee-mac-addr — Only displays static ARP entries associated with the specified MAC address.

Output Static ARP Table Output — The following table describes the output fields for the ARP table.

Label Description

IP Address

MAC Address

Age

Type

The IP address of the static ARP entry.

The MAC address of the static ARP entry.

The age of the ARP entry. Static ARPs always have 00:00:00 for the age.

Inv — The ARP entry is an inactive static ARP entry (invalid).

Sta — The ARP entry is an active static ARP entry.

Interface

No. of ARP Entries

The IP interface name associated with the ARP entry.

The number of ARP entries displayed in the list.

Sample Output

A:ALA-A# show router static-arp =============================================================================== ARP Table =============================================================================== IP Address MAC Address Age Type Interface

-------------------------------------------------------------------------------

10.200.0.253 00:00:5a:40:00:01 00:00:00 Sta to-ser1

12.200.1.1 00:00:5a:01:00:33 00:00:00 Inv to-ser1a

------------------------------------------------------------------------------No. of ARP Entries: 1 =============================================================================== A:ALA-A#

A:ALA-A# show router static-arp 12.200.1.1 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Age Type Interface

-------------------------------------------------------------------------------

7210 SAS D, E, K OS Router Configuration Guide Page 69

Page 70

Show Commands

12.200.1.1 00:00:5a:01:00:33 00:00:00 Inv to-ser1

=============================================================================== A:ALA-A#

A:ALA-A# show router static-arp to-ser1 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Age Type Interface

-------------------------------------------------------------------------------

10.200.0.253 00:00:5a:40:00:01 00:00:00 Sta to-ser1 =============================================================================== A:ALA-A#

A:ALA-A# show router static-arp mac 00:00:5a:40:00:01 =============================================================================== ARP Table =============================================================================== IP Address MAC Address Age Type Interface

-------------------------------------------------------------------------------

10.200.0.253 00:00:5a:40:00:01 00:00:00 Sta to-ser1 =============================================================================== A:ALA-A#

static-route

Syntax static-route [[ip-prefix /mask] | [preference preference] | [next-hop ip-address| tag tag]

Context show>router

Description This command displays the static entries in the routing table. If no options are present, all static routes

are displayed sorted by prefix.

Parameters

ip-prefix /mask — Displays static routes only matching the specified ip-prefix and mask.

ipv4-prefix: a.b.c.d (host bits must be 0) ipv4-prefix-length:0 — 32preference preference — Only displays static routes with the specified route

preference.

Val ues 0 — 65535

next-hop ip-address — Only displays static routes with the specified next hop IP address.

Val ues ipv4-address: a.b.c.d (host bits must be 0)

tag tag — Displays the tag used to add a 32-bit integer tag to the static route. The tag is used in route policies to control distribution of the route into other protocols.

Val ues 1 — 4294967295

Page 70 7210 SAS D, E, K OS Router Configuration Guide

Page 71

IP Router Configuration

Output Static Route Output — The following table describes the output fields for the static route table.

Label Description

IP Addr/mask

Pref

Metric

Type

Next Hop

Protocol

Interface

Active

No. of Routes

The static route destination address and mask.

The route preference value for the static route.

The route metric value for the static route.

BH — The static route is a black hole route. The Nexthop for this type of route is

black-hole.

NH — The route is a static route with a directly connected next hop. The

Nexthop for this type of route is either the next hop IP address or an

egress IP interface name.

The next hop for the static route destination.

The protocol through which the route was learned.

The egress IP interface name for the static route.

n/a — indicates there is no current egress interface because the static

route is inactive or a black hole route.

N — The static route is inactive; for example, the static route is disabled or the next hop IP interface is down.

Y — The static route is active.

The number of routes displayed in the list.

Sample Output

A:ALA-A# show router static-route =============================================================================== Route Table =============================================================================== IP Addr/mask Pref Metric Type Nexthop Interface Active

-------------------------------------------------------------------------------

192.168.250.0/24 5 1 ID 10.200.10.1 to-ser1 Y

192.168.252.0/24 5 1 NH 10.10.0.254 n/a N

192.168.253.0/24 5 1 NH to-ser1 n/a N

192.168.253.0/24 5 1 NH 10.10.0.254 n/a N

192.168.254.0/24 4 1 BH black-hole n/a Y =============================================================================== A:ALA-A#

A:ALA-A# show router static-route 192.168.250.0/24 =============================================================================== Route Table =============================================================================== IP Addr/mask Pref Metric Type Nexthop Interface Active

-------------------------------------------------------------------------------

192.168.250.0/24 5 1 ID 10.200.10.1 to-ser1 Y

7210 SAS D, E, K OS Router Configuration Guide Page 71

Page 72

Show Commands

=============================================================================== A:ALA-A#

A:ALA-A# show router static-route preference 4 =============================================================================== Route Table =============================================================================== IP Addr/mask Pref Metric Type Nexthop Interface Active

-------------------------------------------------------------------------------

192.168.254.0/24 4 1 BH black-hole n/a Y =============================================================================== A:ALA-A#

A:ALA-A# show router static-route next-hop 10.10.0.254 =============================================================================== Route Table =============================================================================== IP Addr/mask Pref Metric Type Nexthop Interface Active

-------------------------------------------------------------------------------

192.168.253.0/24 5 1 NH 10.10.0.254 n/a N =============================================================================== A:ALA-A#

status

Syntax status

Context show>router

Description This command displays the router status.

Output Router Status Output — The following table describes the output fields for router status

information.

Label Description

Router

Max Routes

Total Routes

Sample Output

A:DUT-B>show>router# show router status ================================================================ Router Status (Router: Base) ================================================================ Admin State Oper State

---------------------------------------------------------------Router Up Up

The administrative and operational states for the router.

The maximum number of routes configured for the system.

The total number of routes in the route table.

Page 72 7210 SAS D, E, K OS Router Configuration Guide

Page 73

IP Router Configuration

Max Routes 10000 Total IPv4 Routes 5 ECMP Max Routes 1 ================================================================

A:DUT-B>show>router#

7210 SAS D, E, K OS Router Configuration Guide Page 73

Page 74

Clear Commands

router

Syntax router

Context clear>router

Description This command clears for a the router instance in which they are entered.

Parameters router-instance — Specify the router name or service ID.

Val ues service-id:1 — 2147483647

Default Base

arp

Syntax arp {all | ip-addr | interface {ip-int-name | ip-addr}}

Context clear>router

Description This command clears all or specific ARP entries.

The scope of ARP cache entries cleared depends on the command line option(s) specified.

Parameters all — Clears all ARP cache entries.

ip-addr — Clears the ARP cache entry for the specified IP address.

interface ip-int-name — Clears all ARP cache entries for the IP interface with the specified name.

interface ip-addr — Clears all ARP cache entries for the specified IP interface with the specified IP

address.

icmp6

Syntax icmp6 all

icmp6 global icmp6 interface interface-name

Context clear>router

Description This command clears ICMP statistics.

Parameters all — Clears all statistics.

global — Clears global statistics.

Page 74 7210 SAS D, E, K OS Router Configuration Guide

Page 75

interface-name — Clears ICMP6 statistics for the specified interface.

dhcp

Syntax dhcp

Context clear>router

Description This command enables the context to clear DHCP related information.

statistics

Syntax statistics [ip-address | ip-int-name]

IP Router Configuration

Context clear>router>dhcp

Description This command clear statistics for DHCP relay and snooping statistics.

If no IP address or interface name is specified, then statistics are cleared for all configured interfaces.

If an IP address or interface name is specified, then only data regarding the specified interface is cleared.

Parameters ip-int-name | ip-address — Displays statistics for the specified IP interface.

neighbor

Syntax neighbor {all | ip-address [interface interface-name}

neighbor [interface ip-int-name | ipv6-address]

Context clear>router

Description This command clears IPv6 neighbor information.

Parameters all — Clears IPv6 neighbors.

ip-int-name — Clears the specified neighbor interface information.

Values 32 characters maximum

7210 SAS D, E, K OS Router Configuration Guide Page 75

Page 76

Clear Commands

ip-address — Clears the specified IPv6 neighbors.

Val ues ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 — FFFF]H d: [0 — 255]D

router-advertisement

Syntax router-advertisement all

router-advertisement [interface interface-name]

Context clear>router

Description This command clears all router advertisement counters.

Parameters all — Clears all router advertisement counters for all interfaces.

interface interface-name — Clear router advertisement counters for the specified interface.

Page 76 7210 SAS D, E, K OS Router Configuration Guide

Page 77

Debug Commands

router

Syntax router

Context debug

Description This command configures debugging for a router instance.

Parameters router-instance — Specify the router name or service ID.

Values service-id: 1 — 2147483647

Default Base

IP Router Configuration

Syntax ip

Context debug>router

Description This command configures debugging for IP.

arp

Syntax arp

Context debug>router>ip

Description This command configures route table debugging.

icmp

Syntax [no] icmp

Context debug>router>ip

Description This command enables ICMP debugging.

7210 SAS D, E, K OS Router Configuration Guide Page 77

Page 78

Debug Commands

icmp6

Syntax icmp6 [ip-int-name]

Context debug>router>ip

no icmp6

Description

This command enables ICMP6 debugging.

interface

Syntax [no] interface [ip-int-name | ip-address]

Context debug>router>ip

Description This command displays the router IP interface table sorted by interface index.

Parameters ip-address — Only displays the interface information associated with the specified IP address.

Val ues ipv4-address a.b.c.d (host bits must be 0)

ip-int-name — Only displays the interface information associated with the specified IP interface name.

Val ues 32 characters maximum

packet

Syntax packet [ip-int-name | ip-address] [headers] [protocol-id]

no packet [ip-int-name | ip-address]

Context debug>router>ip

Description This command enables debugging for IP packets.

Parameters ip-int-name — Only displays the interface information associated with the specified IP interface name.

Val ues 32 characters maximum

ip-address — Only displays the interface information associated with the specified IP address.

Val ues ipv4-address a.b.c.d (host bits must be 0)

ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 — FFFF]H d: [0 — 255]D

headers — Only displays information associated with the packet header.

Page 78 7210 SAS D, E, K OS Router Configuration Guide

Page 79

protocol-id — Specifies the decimal value representing the IP protocol to debug. Well known protocol

numbers include ICMP(1), TCP(6), UDP(17). The no form the command removes the protocol from the criteria.

Values 0 — 255 (values can be expressed in decimal, hexidecimal, or binary)

* — udp/tcp wildcard

route-table

Syntax route-table [ip-prefix/prefix-length]

route-table ip-prefix/prefix-length longer no route-table

Context debug>router>ip

Description This command configures route table debugging.

Parameters ip-prefix — The IP prefix for prefix list entry in dotted decimal notation.

Values ipv4-prefix a.b.c.d (host bits must be 0)

ipv4-prefix-length 0 — 32

IP Router Configuration

longer — Specifies the prefix list entry matches any route that matches the specified ip-prefix and pre-

fix mask length values greater than the specified mask.

7210 SAS D, E, K OS Router Configuration Guide Page 79

Page 80

Debug Commands

Page 80 7210 SAS D, E, K OS Router Configuration Guide

Page 81

In This Chapter

This chapter provides information about filter policies and management.

Topics in this chapter include:

• Filter Policy Configuration Overview on page 82

→ Service -Based Filtering on page 82

Filter Policies

→ Filter Policy Entities on page 84

• Creating and Applying Policies on page 88

• Configuration Notes on page 97

7210 SAS D, E, K OS Router Configuration Guide Page 81

Page 82

Filter Policy Configuration Overview

Filter policies, also referred to as Access Control Lists (ACLs), are templates applied to services or access uplink ports to control network traffic into (ingress) or out of (egress) a service access port (SAP) or access uplink based on IP and MAC matching criteria. Filters are applied to services to look at packets entering or leaving a SAP . Filters can be used on several interfaces. The same filter can be applied to ingress traffic, egress traffic, or both. Ingress filters affect only inbound traffic destined for the routing complex, and egress filters affect only outbound traffic sent from the routing complex.

Configuring an entity with a filter policy is optional. If an entity such as a service is not configured with filter policies, then all traffic is allowed on the ingress and egress interfaces. By default, there are no filters associated with services or interfaces. They must be explicitly created and associated. When you create a new filter, default values are provided although you must specify a unique filter ID value to each new filter policy as well as each new filter entry and associated actions. The filter entries specify the filter matching criteriaand also an action to be taken upon a match.

In 7210 SAS-D and 7210 SAS-E, the available ingress and egress (egress CAM resources allocation is supported only on 7210 SAS-D) CAM hardware resources can be allocated as per user needs for use with different filter criteria. By default, the system allocates resources to maintain backward compatibility with release 4.0. Users can modify the resource allocation based on their need to scale the number of entries or number of associations (that is, number of SAP/IP interfaces using a filter policy that defines particular match criteria). If no CAM resources are allocated to particular match criteria defined in a filter policy, then the association of that filter policy to a SAP will fail. This is true for both ingress and egress filter policy. Please read the configuration notes section below for more information.

Only one ingress IP or MAC filter policy and one egress IP or MAC filter policy can be applied to a Layer 2 SAP. Both IPv4 and IPv6 ingress and egress filter policy can be used simultaneously with a Layer 2 SAP. Only one ingress IP filter policy and one egress IP filter policy can be applied to a network IP interface. Both IPv4 and IPv6 ingress and egress filter policy can be used simultaneously with an IP interface (For example: IES IP interface in access-uplink mode in 7210 SAS-D) for which IPv6 addressing is supported. Network filter policies control the forwarding and dropping of packets based on IP match criteria. Note that non-IP packets are not hitting the IP filter policy, so the default action in the filter policy will not apply to these packets.Note that non-IP packets are not hitting the IP filter policy, so the default action in the filter policy will not apply to these packets.

Service -Based Filtering

IP and MAC filter policies specify either a forward or a drop action for packets based on information specified in the match criteria.

Filter entry matching criteria can be as general or specific as you require, but all conditions in the entry must be met in order for the packet to be considered a match and the specified entry action

Page 82 7210 SAS D, E, K OS Router Configuration Guide

Page 83

Filter Policies

performed. The process stops when the first complete match is found and executes the action defined in the entry, either to drop or forward packets that match the criteria.

7210 SAS D, E, K OS Router Configuration Guide Page 83

Page 84

Filter Policy Configuration Overview

Filter Policy Entities

A filter policy compares the match criteria specified within a filter entry to packets coming through the system, in the order the entries are numbered in the policy. When a packet matches all the parameters specified in the entry, the system takes the specified action to either drop or forward the packet. If a packet does not match the entry parameters, the packet continues through the filter process and is compared to the next filter entry, and so on. If the packet does not match any of the entries, then system executes the default action specified in the filter policy. Each filter policy is assigned a unique filter ID. Each filter policy is defined with:

•Scope

• Default action

• Description

Each filter entry contains:

• Match criteria

• An action

Applying Filter Policies

Filter policies can be applied to specific service types:

• Epipe — Both MAC and IP filters are supported on an Epipe SAP.

• IES — Only IP filters are supported on IES SAP

• VPLS — Both MAC and IP filters are supported on a VPLS SAP.

The tables below provides more details on use of filter policies.

Page 84 7210 SAS D, E, K OS Router Configuration Guide

Page 85

Table 4: Applying Filter Policies for 7210 SAS-D and 7210 SAS-K

Service IPv4 Filter IPv6 filter MAC Filter

Filter Policies

Epipe Epipe access SAP

(egress and ingress), Epipe access-uplink SAP (egress and ingress)

VPLS VPLS access SAP

(ingress and egress), VPLS access-uplink SAP (ingress and egress)

RVPLS (VPLS SAPs)

VPLS access (ingress and egress) and access-uplink SAPs (ingress and egress)

RVPLS (RVPLS IES IP Interface)

Ingress Override filters (ingress)

IES IES access SAP, IES

access-uplink SAP

Table 5: Applying Filter Policies for 7210 SAS-E

Epipe (egress and ingress), Epipe access-uplink SAP (egress and ingress)

VPLS access SAP (ingress and egress), VPLS access-uplink SAP (ingress and egress)

Epipe (egress and ingress), Epipe access-uplink SAP (egress and ingress)

VPLS access SAP (ingress and egress), VPLS access-uplink SAP (ingress and egress)

Not Available Not Available

IES access-uplink

Not Available

SAP

Service IPv4 Filter IPv6 filter MAC Filter

Epipe Epipe access SAP

(egress and ingress), Epipe access-uplink SAP (egress and ingress)

VPLS VPLS access SAP

(ingress and egress), VPLS access-uplink SAP (ingress and egress)

VPLS (RVPLS SAPs)

Routed VPLS is not supported

IES Ingress and egress of

IES access SAP and IES access-uplink SAP

Epipe access SAP (ingress only), Epipe access-uplink SAP (ingress only)

VPLS access SAP (ingress only), VPLS access-uplink SAP (ingress only)

Epipe (egress and ingress), Epipe access-uplink SAP (egress and ingress)

VPLS access SAP (ingress and egress), VPLS access-uplink SAP (ingress and egress)

Routed VPLS is not supported

Not Available Not Available

7210 SAS D, E, K OS Router Configuration Guide Page 85

Page 86

Filter Policy Configuration Overview

ACL on range SAPs

The ACLs on VLAN range SAPs are supported only on ingress (for Epipe and VPLS services).

Table 6: Applying ACLs support on Epipe and VPLS services on 7210 SAS-D and 7210 SASK variants when using range SAPs

Types of filters Epipe VPLS

Ingress IP or IPv6 Yes Yes

Ingress MAC Yes Yes

Egress IP No No

Egress MAC No No

Page 86 7210 SAS D, E, K OS Router Configuration Guide

Page 87

Filter Policies

Filter policies are applied to the following service entities:

• SAP ingress — IP and MAC filter policies applied on the SAP ingress define the Service Level Agreement (SLA) enforcement of service packets as they ingress a SAP according to the filter policy match criteria. SAP ingress policies can be applied on SAP created on access ports or access uplink ports.

• SAP egress — Filter policies applied on SAP egress define the Service Level Agreement (SLA) enforcement for service packets as they egress on the SAP according to the filter policy match criteria. SAP egress policies can be applied on both access ports and access uplink ports.

• IES IP interfaces — IP filter policies are applied to IES SAPs (ingress and egress).

NOTE: For details on filter support for various services and SAPs on different platforms, see “Table 4, “Applying Filter Policies for 7210 SAS-D and 7210 SAS-K,”Table 5, “Applying Filter Policies for 7210 SAS-E,”Table 7, “Applying Filter Policies for 7210 SAS-K,”.

7210 SAS D, E, K OS Router Configuration Guide Page 87

Page 88

Creating and Applying Policies

CREATE AN IP OR MAC FILTER (FILTER ID)

CREATE FILTER ENTRIES (ENTRY ID)

SPECIFY SCOPE, DEFAULT ACTION, DESCRIPTION

SPECIFY ACTION, PACKET MATCHING CRITERIA

SAVE CONFIGURATION

CREATE SERVICE

ASSOCIATE FILTER ID

START

Creating and Applying Policies

Page 88 7210 SAS D, E, K OS Router Configuration Guide

Page 89

Packet Matching Criteria

As few or as many match parameters can be specified as required, but all conditions must be met in order for the packet to be considered a match and the specified action performed. The process stops when the first complete match is found and then executes the action defined in the entry, either to drop or forward packets that match the criteria.

IP filter policies match criteria that associate traffic with an ingress or egress SAP. Matching criteria to drop or forward IP traffic include:

• Source IP address and mask

Source IP address and mask values can be entered as search criteria. The IP Version 4 addressing scheme consists of 32 bits expressed in dotted decimal notation (X.X.X.X).

Address ranges are configured by specifying mask values, the 32-bit combination used to describe the address portion which refers to the subnet and which portion refers to the host. The mask length is expressed as an integer (range 1 to 32).

The IP Version 6 (IPv6) addressing scheme consists of 128 bits expressed in compressed representation of IPv6 addresses (RFC 1924, A Compact Representation of IPv6 Addresses). 7210 supports use of either IPv6 64-bit address match or IPv6 128-bit address match. Use of IPv6 64-bit address in the match criteria provides better scale but provides lesser IPv6 header fields for match criteria. Use of IPv6 128-bit address in the match criteria provides lesser scale but provides more IPv6 header fields for match criteria.

Filter Policies

• Destination IP address and mask — Destination IP address and mask values can be entered as search criteria. Similar choice as available for source IPv6 addresses is available for destination IPv6 addresses (see above).

• Protocol — Entering a protocol ID (such as TCP, UDP, etc.) allows the filter to search for the protocol specified in this field.

• Protocol — For IPv6: entering a next header allows the filter to match the first next header following the IPv6 header.

• Source port — Entering the source port number allows the filter to search for matching TCP or UDP port values.

• Destination port — Entering the destination port number allows the filter to search for matching TCP or UDP .

• DSCP marking — Entering a DSCP marking enables the filter to search for the DSCP marking specified in this field. See Table 7, DSCP Name to DSCP Value Table, on

page 92.

• ICMP code — Entering an ICMP code allows the filter to search for matching ICMP code in the ICMP header.

• ICMP type — Entering an ICMP type allows the filter to search for matching ICMP types in the ICMP header.

7210 SAS D, E, K OS Router Configuration Guide Page 89

Page 90

Creating and Applying Policies

• Ipv4 filter created in the mode to use ipv6 resource cannot be applied at egress SAP. Similarly IPv4 filter created in the mode to use IPv6 resource, will fail to match fragment option.

• Fragmentation — IPv4 only: Enable fragmentation matching. A match occurs if packets have either the MF (more fragment) bit set or have the Fragment Offset field of the IP header set to a non-zero value.

• Option present — Enabling the option presence allows the filter to search for presence or absence of IP options in the packet. Padding and EOOL are also considered as IP options.

• TCP-ACK/SYN flags — Entering a TCP-SYN/TCP-ACK flag allows the filter to search for the TCP flags specified in these fields.

MAC filter policies match criteria that associate traffic with an ingress or egress SAP. Matching criteria to drop or forward MAC traffic include:

• Source MAC address and mask

Entering the source MAC address range allows the filter to search for matching a source MAC address and/or range. Enter the source MAC address and mask in the form of xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx; for example, 00:dc:98:1d:00:00.

• Destination MAC address and mask

Entering the destination MAC address range allows the filter to search for matching a destination MAC address and/or range. Enter the destination MAC address and mask in the form of xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx; for example, 02:dc:98:1d:00:01.

• Dot1p and mask

Entering an IEEE 802.1p value or range allows the filter to search for matching 802.1p frame. The Dot1p and mask accepts decimal, hex, or binary in the range of 0 to 7. This is not supported on 7210 SAS-K devices.

• Ethertype

Entering an Ethernet type II Ethertype value to be used as a filter match criterion. The Ethernet type field is a two-byte field used to identify the protocol carried by the Ethernet frame. The Ethertype accepts decimal, hex, or binary in the range of 1536 to 65535.

•

• Outer Dot1p (Only on 7210 SAS-K)

Entering the Outer Dot1p value or range (using the mask) allows the filter to search for frames whose outermost Dot1p (that is, the Dot1p in the outermost VLAN tag of the packet) matches the Dot1p value configured. The Dot1p value and mask accepts decimal values in the range 0 to 7.

• Inner Outer Dot1p (Only on 7210 SAS-K)

Entering the Inner Dot1p value or range (using the mask) allows the filter to search for frames whose inner Dot1p (thats is, the Dot1p in the VLAN tag immediately following the

Page 90 7210 SAS D, E, K OS Router Configuration Guide

Page 91

Filter Policies

outermost VLAN tag of the packet) matches the Dot1p value configured. The Dot1p value and mask accepts decimal values in the range 0 to 7.

7210 SAS D, E, K OS Router Configuration Guide Page 91

Page 92

Creating and Applying Policies

DSCP Values

Table 7: DSCP Name to DSCP Value Table

DSCP Name Decimal

DSCP Value

default 0 *

cp1 1

cp2 2

cp3 3

cp4 4

cp5 5

cp6 6

cp7 7 *

cs1 8

cp9 9

af11 11 *

af12 12 *

cp13 13

cp15 15

cs2 16 *

cp17 17

af21 18 *

cp19 19

Hexadecimal

DSCP Value

Binary

DSCP Value

af22 20 *

cp21 21

af23 22 *

cp23 23

cs3 24 *

cp25 25

af31 26 *

cp27 27

af32 28 *

cp29 29

af33 30 *

cp21 31

Page 92 7210 SAS D, E, K OS Router Configuration Guide

Page 93

Table 7: DSCP Name to DSCP Value Table (Continued)

Filter Policies

DSCP Name Decimal

DSCP Value

Hexadecimal

DSCP Value

cs4 32 *

cp33 33

af41 34 *

cp35 35

af42 36 *

cp37 37

af43 38 *

cp39 39

cs5 40 *

cp41 41

cp42 42

cp43 43

cp44 44

cp45 45

ef 46 *

cp47 47

nc1 48 * (cs6)

cp49 49

Binary

DSCP Value

cp50 50

cp51 51

cp52 52

cp53 53

cp54 54

cp55 55

cp56 56

cp57 57

nc2 58 * (cs7)

cp60 60

cp61 61

cp62 62

7210 SAS D, E, K OS Router Configuration Guide Page 93

Page 94

Creating and Applying Policies

Ordering Filter Entries

When entries are created, they should be arranged sequentially from the most explicit entry to the least explicit. Filter matching ceases when a packet matches an entry. The entry action is performed on the packet. 7210 SAS supports either drop or forward action.To be considered a match, the packet must meet all the conditions defined in the entry.

Packets are compared to entries in a filter policy in an ascending entry ID order. To reorder entries in a filter policy, edit the entry ID value; for example, to reposition entry ID 6 to a more explicit location, change the entry ID 6 value to entry ID 2.

When a filter consists of a single entry, the filter executes actions as follows:

• If a packet matches all the entry criteria, the entry’s specified action is performed (drop or forward).

• If a packet does not match all of the entry criteria, the policy’s default action is performed.

If a filter policy contains two or more entries, packets are compared in ascending entry ID order (1, 2, 3 or 10, 20, 30, etc.):

• Packets are compared with the criteria in the first entry ID.

• If a packet matches all the properties defined in the entry, the entry’s specified action is executed.

• If a packet does not completely match, the packet continues to the next entry, and then subsequent entries.

• If a packet does not completely match any subsequent entries, then the default action is performed.

Page 94 7210 SAS D, E, K OS Router Configuration Guide

Page 95

Filter Policies

INGRESSING PACKETS: #1: SA: 10.10.10.103, DA: 10.10.10.104

#2: SA: 10.10.10.103, DA: 10.10.10.105 #3: SA: 10.10.10.103, DA: 10.10.10.106

Source Address: 10.10.10.103 Destination Address: 10.10.10.106

FILTER ENTRY ID: 30

Action: Forward

Source Address: 10.10.10.103 Destination Address: 10.10.10.104

SEARCH CRITERIA:

Source Address: 10.10.10.103 Destination Address: 10.10.10.104

FILTER ENTRY ID: 10

Action: Forward

Source Address: 10.10.10.103 Destination Address: 10.10.10.105

FILTER ENTRY ID: 20

Action: Forward

REMAINING PACKETS ARE DROPPED PER THE DEFAULT ACTION (DROP)

FORWARD PACKETS WITH MATCHING SA AND DA

SA: 10.10.10.103, DA: 10.10.10.104

INGRESS PACKETS:

SA: 10.10.10.103, DA: 10.10.10.105 SA: 10.10.10.103, DA: 10.10.10.106

(SA: 10.10.10.103, DA: 10.10.10.104)

(SA: 10.10.10.103, DA: 10.10.10.105)

(SA: 10.10.10.103, DA: 10.10.10.106)

SA: 10.10.10.103, DA: 10.10.10.107 SA: 10.10.10.103, DA: 10.10.10.108

DEFAULT ACTION: DROP

FILTER ID: 5

FILTER ENTIES: 10 (ACTION: FORWARD)

20 (ACTION: FORWARD) 30 (ACTION: FORWARD)

SA: 10.10.10.192, DA: 10.10.10.16 SA: 10.10.10.155, DA: 10.10.10.21

Figure 2 displays an example of several packets forwarded upon matching the filter criteria and

several packets traversing through the filter entries and then dropped.

Figure 2: Filtering Process Example

7210 SAS D, E, K OS Router Configuration Guide Page 95

Page 96

Creating and Applying Policies

Applying Filters

After filters are created, they can be applied to the following entities:

• Applying a Filter to a SAP on page 96

• Applying a Filter to an IES Interface on page 96

Applying a Filter to a SAP

During the SAP creation process, ingress and egress filters are selected from a list of qualifying IP and MAC filters. When ingress filters are applied to a SAP, packets received at the SAP are checked against the matching criteria in the filter entries. If the packet completely matches all criteria in an entry, the checking stops and an entry action is performed. If permitted, the traffic is forwarded according to the specification of the action. If the packets do not match, the default filter action is applied. If permitted, the traffic is forwarded.

When egress filters are applied to a SAP, packets received at the egress SAP are checked against the matching criteria in the filter entries. If the packet completely matches all criteria in an entry, the checking stops. If permitted, the traffic is transmitted. If denied, the traffic is dropped. If the packets do not match, the default filter action is applied.

Filters can be added or changed to an existing SAP configuration by modifying the SAP parameters. Filter policies are not operational until they are applied to a SAP and the service enabled.

Applying a Filter to an IES Interface

An IP filter can be applied an IES SAP. Packets received on the interface are checked against the matching criteria in the filter entries. If the packet completely matches all criteria in an entry, the checking stops. If permitted, the traffic is forwarded. If the packets do not match, they are discarded or forwarded based on the default action specified in the policy.

Page 96 7210 SAS D, E, K OS Router Configuration Guide

Page 97

Configuration Notes

NOTE: Please refer to the 7210 Services Guides for Service specific ACL support and restrictions.

The following information describes filter implementation caveats:

• Creating a filter policy is optional.

• Associating a service with a filter policy is optional.

• When a filter policy is configured, it should be defined as having either an exclusive scope for one-time use, or a template scope meaning that the filter can be applied to multiple SAPs.

• A specific filter must be explicitly associated with a specific service in order for packets to be matched.

• A filter policy can consist of zero or more filter entry. Each entry represents a collection of filter match criteria. When packets enter the ingress or egress ports, packets are compared to the criteria specified within the entry or entries.

• When a large (complex) filter is configured, it may take a few seconds to load the filter policy configuration and be instantiated.

Filter Policies

• IP filters applied on an IES SAP cannot match against IP packets containing IP options.

• The action keyword must be entered for the entry to be active. Any filter entry without the action keyword will be considered incomplete and be inactive. Ingress filter CAM resources used to match packet fields are shared with other features such as SAP ingress QoS, CFM UP MEP, and G8032. By default software assigns a fixed amount of resources for use by ingress ACLs. User has an option to either increase this by taking away resources from other features or decrease by taking away resources from ingress ACLs. The number of ACLs that can be supported is directly depdendent on the amount of resources allocated towards ingress ACLs.

• In 7210 SAS-D and SAS-E, when a filter policy is created with the option ipv6-64bitaddress, the entries can only use only the IPv6 src-ip and IPv6 dst-ip fields in the match criteria.

• In 7210 SAS-D and SAS-E, when a filter policy is created with the option ipv6-128bitaddress, the entries can use the IPv6 src-ip, IPv6 dst-ip, IPv6 DSCP, TCP/UDP port numbers (source and destination port), ICMP code and type, and TCP flags fields in the match criteria.In 7210 SAS-D and SAS-E, the resources must be allocated for use by ingress IPv6 filters, before associating an IPv6 filter policy to a SAP. By default, the software does not enable the use of IPv6 resources. Until resources are allocated for use by IPv6 filters, software fails all attempts to associate a IPv6 filter policy with a SAP.

• In 7210 SAS-D, the available ingress CAM hardware resources can be allocated as per user needs for use with different filter criteria using the commands under configure> system> resource-profile> ingress-internal-tcam> acl-sap-ingress. By default, the system allocates resources to maintain backward compatibility with release 4.0. Users can modify

7210 SAS D, E, K OS Router Configuration Guide Page 97

Page 98

Configuration Notes

• In 7210 SAS-D, the available egress CAM hardware resources can be allocated as per

• In 7210 SAS-D and SAS-E, IPv6 ACLs and MAC QoS policies cannot co-exist on the

• In 7210 SAS-D and SAS-E, if no CAM resources are allocated to a particular match

• Only 7210 SAS-K allows for use of outer VLAN ID and inner VLAN ID for match in

the resource allocation based on their need to scale the number of entries or number of associations (that is, number of SAP/IP interfaces using a filter policy that defines a particular match criterion).

user needs for use with different filter criteria using the commands under configure> system>resource-profile> egress-internal-tcam> acl-sap-egress. By default, the system allocates resources to maintain backward compatibility with release 4.0. Users can modify the resource allocation based on their needs to scale the number of entries or the number of associations (that is, number of SAP/IP interfaces using a filter policy that defines a particular match criterion). In 7210 SAS-E, the available egress CAM hardware resources are allocated equally among IP match criteria and MAC criteria on system bootup.

SAP.

criterion defined in a filter policy, then the association of that filter policy to a SAP will fail. This is true for both ingress and egress filter policy.

MAC criteira with both ingress and egress ACLs. Other 7210 SAS platforms do not support use of outer and inner VLAN ID field for match in the MAC criteria.

MAC Filters

Table 8: MAC Match Criteria Exclusivity Rules

Ethernet – II

802.3

802.3 – snap

802.3-llc

• If a MAC filter policy is created with an entry and entry action specified but the packet matching criteria is not defined, then all packets processed through this filter policy entry will pass and take the action specified. There are no default parameters defined for matching criteria.

• MAC filters cannot be applied to network interfaces, routable VPLS or IES services.

• Some of the MAC match criteria fields are exclusive to each other, based on the type of Ethernet frame. Use the following table to determine the exclusivity of fields.In the 7210 SAS, the default frame-format is “EthernetII”

Frame Format Etype

Ye s

Page 98 7210 SAS D, E, K OS Router Configuration Guide

Page 99

IP Filters

IPv6 Filters

Filter Policies

• Define filter entry packet matching criteria — If a filter policy is created with an entry and entry action specified but the packet matching criteria is not defined, then all packets processed through this filter policy entry will pass and take the action specified. There are no default parameters defined for matching criteria.

• Action — An action parameter must be specified for the entry to be active. Any filter entry without an action parameter specified will be considered incomplete and be inactive.

• Define filter entry packet matching criteria — If a filter policy is created with an entry and entry action specified, but the packet matching criteria is not defined, then all packets processed through this filter policy entry passes and takes the action specified. There are no default parameters defined for matching criteria.

• Action — An action parameter must be specified for the entry to be active. Any filter entry without an action parameter specified is considered incomplete and inactive.

Resource Usage for Ingress Filter Policies for 7210 SAS-D and SAS-E

When the user allocates resources from the ingress CAM resource pool for use by filter policies using the configure> system> resource-profile CLI commands, the system allocates resources in chunks of fixed-size entries (example - 256 entries per chunk on 7210 SAS-D). The usage of these entries by different type of match criteria is given below:

• mac-criteria - User needs to allocate resources for mac-criteria from the filter resource pool by using the command “configure> system> resource-profile> ingress-internaltcam>acl-sap-ingress> mac-match-enable" before using ingress ACLs with mac-criteria. Every entry configured in the filter policy using the mac-criteria uses one (1) entry from the chunks allocated for use by mac-criteria in the hardware. For example: Assume a filter policy is configured with 50 entries and uses “configure>system> resource-profile> ingress-internal-tcam> acl-sap-ingress> mac-match-enable 1”, the user configures one chunk for use by mac-criteria (allowing a total of 256 entries. one reserved for internal use entries for use by SAPs using filter policies that use mac-criteria). In this case, the user can have 5 SAPs using mac-criteria filter policy and consumes 250 entries.

• ipv4-criteria - User needs to allocate resources for ip(v4)-criteria from the filter resource pool by using the command "configure> system> resource-profile> ingress-internal-tcam> acl-sap-ingress> ipv4-match-enable" before using ingress ACLs with ipv4-criteria. The resource usage per IPv4 match entry is same as the mac-criteria. Please check the above

7210 SAS D, E, K OS Router Configuration Guide Page 99

Page 100

Configuration Notes

• ipv6-criteria using ipv6-64-bit addresses - User needs to allocate resources for ipv6-

• ipv6-criteria using ipv6-128-bit addresses - User needs to allocate resources for ipv6-

example. When created with "use-ipv6-resource" the resource usage is the same as IPv6 filters using ipv6-128-bit-addresses.

criteria with 64-bit address match from the filter resource pool by using the command "configure> system> resource-profile> ingress-internal-tcam> acl-sap-ingress> ipv664only-match-enable" before using ingress ACLs with ipv6-criteria that use only IPv6 64bit address for source and destination IPv6 addresses. The IPv6 headers fields available for match is limited. Please see the CLI description for filter below for more information. The usage is same as the ipv4 and mac-criteria. An ipv6 128 bit address uses 2 entries from the chunk for every match entry configured in filter policy, whereas, an IP filter uses only one entry from the chunk for every entry configured.

criteria with 128-bit address match from the filter resource pool by using the command "configure> system> resource-profile> ingress-internal-tcam> acl-sap-ingress> ipv4-ipv6128-match-enable" before using ingress ACLs with ipv6-criteria that use only IPv6 128bit address for source and destination IPv6 addresses. These resources can be shared by a policy that uses only IPv4 criteria entries. Every entry configured in the filter policy using the ipv6-criteria with 128-bit addresses uses two (2) entries from the chunks allocated for use by ipv6-criteria (128-bit) in the hardware. For example: Assume a filter policy is configured with 50 entries and using “configure>system> resource-profile> ingressinternal-tcam> acl-sap-ingress> ipv4-ipv6-128-match-enable 1”, the user configures one chunk for use by ipv6-criteria with 128-bit addresses (allowing for a total of 128 entries for use by SAPs using filter policies that use this criteria). In this case, user can have five (5) SAPs using this filter policy and consumes 125 entries. Note when a chunk is allocated to IPv6 criteria, software automatically adjusts the number of available entries in that chunk to 128, instead of 256, since 2 entries are needed to match IPv6 fields.

The users can use “tools>dump> system-resources” command to know the current usage and availability. For example: Though chunks are allocated in 256 entries, only 128 entries show up against filters using those of IPv6 128-bit addresses. One or more entries are reserved for system use and is not available for user.

Resource Usage for Egress Filter Policies (supported only for 7210 SAS-D)

Note: 7210 SAS-E does not support allocation of egress CAM resources and these resources are pre-allocated on boot up by software.

When the user allocates resources for use by filter policies using the configure> system> resource- profile> egress-internal-tcam> CLI commands, the system allocates resources in chunks of 128

Page 100 7210 SAS D, E, K OS Router Configuration Guide

Nokia 7210 SAS D, 7210 SAS K, 7210 SAS E Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

TABLE OF CONTENTS

LIST OF TABLES

LIST OF FIGURES

About This Guide

Preface

Audience

List of Technical Publications

Technical Support

Getting Started

In This Chapter

In This Chapter

IP Router Configuration

Configuring IP Router Parameters

Interfaces

System Interface

Internet Protocol Versions

IPv6 Applications for 7210 SAS-D

Process Overview

Configuration Notes

Configuring an IP Router with CLI

Router Configuration Overview

System Interface

Basic Configuration

Common Configuration Tasks

Configuring a System Name

Configuring Interfaces

Configuring a System Interface

Configuring IPv6 Parameters

Router Advertisement

Service Management Tasks

Changing the System Name

Deleting a Logical IP Interface

IP Router Command Reference

Command Hierarchies

Show Commands

In This Chapter

Filter Policies

Filter Policy Configuration Overview

Service -Based Filtering

Filter Policy Entities

Applying Filter Policies

ACL on range SAPs

Creating and Applying Policies

Packet Matching Criteria

Ordering Filter Entries

Applying Filters

Configuration Notes

MAC Filters

IP Filters

IPv6 Filters

Resource Usage for Ingress Filter Policies for 7210 SAS-D and SAS-E

Resource Usage for Egress Filter Policies (supported only for 7210 SAS-D)