Panasonic NN46240-502 User Manual
Nortel Secure Router 8000 Series
Configuration Guide - LAN
Access and MAN Access
Release:
Document Revision:
5.3
01.01
www.nortel.com
NN46240-502 324556-A Rev01
Nortel Secure Router 8000 Series
Release: 5.3
Publication: NN46240-502
Document Revision: 01.01
Document status: Standard
Document release date: 30 March 2009
Copyright © 2009 Nortel Networks
All Rights Reserved.
Printed in Canada, India, and the United States of America
LEGAL NOTICE
While the information in this document is believed to be accurate and reliable, except as otherwise expressly
agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF
ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document are
subject to change without notice.
Nortel, the Nortel logo, and the Globemark are trademarks of Nortel Networks.
All other trademarks are the property of their respective owners.
ATTENTION
For information about the safety precautions, read "Safety messages" in this guide.
For information about the software license, read "Software license" in this guide.
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access
Contents
About this document.......................................................................................................................1
1 LAN access overview.................................................................................................................1-1
1.1 Introduction.................................................................................................................................................1-2
1.1.1 LAN interfaces..................................................................................................................................1-2
1.1.2 Link layer protocols ..........................................................................................................................1-3
1.2 Configuring interface parameters................................................................................................................ 1-3
1.2.1 Establishing the configuration task ...................................................................................................1-3
1.2.2 Entering the interface view................................................................................................................1-5
1.2.3 Configuring the interface description................................................................................................1-5
1.2.4 Configuring the interval of flow statistics.........................................................................................1-5
1.2.5 Enabling the interface........................................................................................................................1-6
1.2.6 Checking the configuration...............................................................................................................1-7
1.3 Maintaining interfaces.................................................................................................................................1-8
1.3.1 Clearing interface statistics ...............................................................................................................1-8
1.3.2 Debugging the interface ....................................................................................................................1-8
2 MAC address table configuration...........................................................................................2-1
2.1 Introduction................................................................................................................................................. 2-2
2.1.1 MAC address table overview............................................................................................................2-2
2.1.2 Classification of MAC address entries..............................................................................................2-2
2.1.3 MAC address learning limit..............................................................................................................2-2
2.2 Configuring a MAC address table...............................................................................................................2-3
2.2.1 Establishing the configuration task ...................................................................................................2-3
2.2.2 Changing MAC address entries.........................................................................................................2-3
2.2.3 Setting the aging time of a MAC address table.................................................................................2-4
2.2.4 Checking the configuration...............................................................................................................2-4
2.3 Configuring the MAC address learning limit..............................................................................................2-5
2.3.1 Establishing the configuration task ...................................................................................................2-5
2.3.2 Configuring MAC address learning limit rules based on a VSI........................................................2-6
2.3.3 Checking the configuration...............................................................................................................2-7
2.4 Configuration examples...............................................................................................................................2-7
2.4.1 Example of configuring a MAC address table..................................................................................2-7
Issue 5.3 (
30 March 2009)
Nortel Networks Inc.
i
Nortel Secure Router 8000 Series
2.4.2 Example of configuring the MAC address learning limit based on a VSI ........................................2-8
2.5 Troubleshooting...........................................................................................................................................2-9
Configuration - LAN Access and MAN Access
3 Ethernet interface configuration .............................................................................................3-1
3.1 Introduction................................................................................................................................................. 3-2
3.1.1 Introduction to Ethernet interfaces.................................................................................................... 3-2
3.1.2 Classification of Ethernet interfaces..................................................................................................3-2
3.2 Configuring Ethernet interfaces...................................................................................................................3-2
3.2.1 Establishing the configuration task ...................................................................................................3-2
3.2.2 Assigning an IP address to an Ethernet interface...............................................................................3-3
3.2.3 Configuring the MTU of an Ethernet interface.................................................................................3-4
3.2.4 Configuring the working mode of an Ethernet electrical interface....................................................3-5
3.2.5 Configuring the speed of an Ethernet electrical interface..................................................................3-5
3.2.6 Configuring the loopback function of an Ethernet interface .............................................................3-6
3.2.7 Configuring the preamble length for packets sent by the Ethernet interface.....................................3-6
3.2.8 Checking the configuration...............................................................................................................3-7
3.3 Maintaining Ethernet interfaces...................................................................................................................3-8
3.4 Configuration examples...............................................................................................................................3-8
3.4.1 Example of configuring an Ethernet interface...................................................................................3-8
3.5 Troubleshooting.........................................................................................................................................3-11
3.5.1 Pinging the Ethernet interface fails.................................................................................................3-11
3.5.2 Ethernet interfaces cannot receive and send packets.......................................................................3-11
3.5.3 Ethernet interfaces discard packets .................................................................................................3-12
4 VLAN configuration..................................................................................................................4-1
4.1 Introduction................................................................................................................................................. 4-2
4.1.1 Origin of the VLAN..........................................................................................................................4-2
4.1.2 Application of a VLAN.....................................................................................................................4-4
4.1.3 Communication between VLANs.....................................................................................................4-6
4.2 Configuring subinterfaces to support communication between VLANs.....................................................4-7
4.2.1 Establishing the configuration task ...................................................................................................4-7
4.2.2 Encapsulating the subinterface with dot1q........................................................................................4-7
4.2.3 Configuring an IP address for the subinterface .................................................................................4-8
4.2.4 Checking the configuration...............................................................................................................4-8
4.3 Maintaining the VLAN................................................................................................................................4-9
4.3.1 Clearing VLAN packet statis ti c s.......................................................................................................4-9
4.3.2 Debugging the VLA N.......................................................................................................................4-9
4.4 Configuration examples.............................................................................................................................4-10
4.4.1 Example of configuring different VLANs to communicate through routers...................................4-10
4.4.2 Example of configuring VLANs to communicate with non-VLANs through routers.....................4-13
A Glossary .................................................................................................................................... A-1
B Acronyms and Abbreviations ................................................................................................B-1
ii
Nortel Networks Inc.
Issue 5.3 (30 March 2009)
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access
Index ................................................................................................................................................ i-1
Issue 5.3 (
30 March 2009)
Nortel Networks Inc.
iii
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access
Figures
Figure 3-1 Networking diagram of Ethernet interface configuration ...............................................................3-9
Figure 4-1 Networking diagram of the traditional LAN...................................................................................4-2
Figure 4-2 Networking diagram of the Layer 2 switch.....................................................................................4-3
Figure 4-3 Schematic diagram of VLAN networking ......................................................................................4-4
Figure 4-4 VLAN frame format based on 802.1Q............................................................................................4-5
Figure 4-5 Communication between VLANs through routers..........................................................................4-6
Figure 4-6 Networking diagram of configuring VLANs to communicate through a router...........................4-11
Figure 4-7 Networking diagram of configuring VLANs to communicate with non-VLANs through a router
.........................................................................................................................................................................4-13
Issue 5.3 (
30 March 2009)
Nortel Networks Inc.
v
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access
Tables
Table 1-1 Command line views and prompts of physical interfaces.................................................................1-2
Table 1-2 Command line views and prompts of logical interfaces...................................................................1-3
Table 1-3 Interface numbering..........................................................................................................................1-4
Issue 5.3 (
30 March 2009)
Nortel Networks Inc.
vii
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access
Contents
About this document.......................................................................................................................1
Issue 5.3 (
30 March 2009)
Nortel Networks Inc.
i
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access About this document
About this document
Purpose
This section describes the organization of this document, product version, intended audience,
conventions, and update history.
Related versions
The following table lists the product versions related to this document.
Product name Version
Nortel Secure Router 8000 Series V200R005
Intended audience
This document is intended for the following audience:
z
network engineers
z
network administrators
z
customers who are familiar with network fundamentals
Organization
This document consists of four chapters and is organized as follows.
Issue 5.3 (
Chapter Content
1 LAN access overview This chapter provides a conceptual overview of the physical
2 MAC address table
configuration
30 March 2009)
and logical interfaces and the link layer protocols supported by
the Secure Router 8000 Series.
This chapter describes the fundamentals of the MAC address
table and provides configuration procedures and examples.
Nortel Networks Inc.
1
About this document
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access
Chapter Content
3 Ethernet interface
configuration
4 VLAN configuration This chapter describes the conditions in which a Virtual Local
Appendix A: Glossary;
Appendix B: Acronyms
and abbreviations
Index This section lists important keywords used in this manual to
Conventions
This section describes the symbol and text conventions used in th is document
Symbol conventions
Symbol Description
This chapter describes the significance of the Ethernet network
and provides configuration procedures and examples.
Area Network (VLAN) is used and provides configuration
procedures and examples.
This section collates the glossary and frequently used
acronyms and abbreviations.
help you access information quickly.
General conventions
Convention Description
Times New Roman Normal paragraphs are in Times New Roman font.
Boldface
Indicates a hazard with a high level of risk that, if not avoided,
can result in death or serious injury.
Indicates a hazard with a medium or low level of risk that, if
not avoided, can result in minor or moderate injury.
Indicates a potentially hazardous situation that, if not avoided,
can cause equipment damage, data loss, and performance
degradation, or unexpected results.
Indicates a tip that may help you solve a problem or save time.
Provides additional information to emphasize or supplement
important points of the main text.
Names of files, directories, folders, and users are in boldface.
For example, log on as the user root.
Italic Book titles are in italics.
2
Nortel Networks Inc.
Issue 5.3 (30 March 2009)
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access About this document
Convention Description
Courier New
Command conventions
Convention Description
Boldface
Italic Command arguments are in italics.
[ ] Items (keywords or arguments) in square brackets [ ] are
{ x | y | ... } Alternative items are grouped in braces and separated by
[ x | y | ... ] Optional alternative items are grouped in square brackets and
{ x | y | ... } * Alternative items are grouped in braces and separated by
&<1-n> The parameter before the ampersand sign (&) can be repeated
Terminal display is in Courier New font.
The keywords of a command line are in boldface.
optional.
vertical bars. You select one item.
separated by vertical bars. You can select one item or no item.
vertical bars. You can select a minimum of one item or a
maximum of all items.
1 to n times.
# A line starting with the number sign (#) contains comments.
GUI conventions
Convention Description
Boldface
> Multilevel menus are in boldface and separated by the
Keyboard operation
Format Description
Key
Key 1+Key 2
Buttons, menus, parameters, tabs, windows, and dialog box
titles are in boldface. For example, click OK.
right-angled bracket sign (>). For example, choose File >
Create > Folder.
Press the key. For example, press Enter and press Tab.
Press the keys concurrently. For example, Ctrl+Alt+A means
press the three keys concurrently.
Issue 5.3 (
30 March 2009)
Nortel Networks Inc.
3
About this document
Format Description
Key 1, Key 2 Press the keys in sequence. For example, Alt, A means press
Mouse operation
Action Description
Click Select and release the primary mouse button without moving
Double-click Press the primary mouse button twice quickly without moving
Drag Press and hold the primary mouse button and move the pointer
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access
the two keys in sequence.
the pointer.
the pointer.
to a new position.
Update history
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Updates in Issue 01 (2008-06-06)
This is the initial field trial release of this document.
4
Nortel Networks Inc.
Issue 5.3 (30 March 2009)
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access
Contents
1 LAN access overview.................................................................................................................1-1
1.1 Introduction...................................................................................................................................................1-2
1.1.1 LAN interfaces.....................................................................................................................................1-2
1.1.2 Link layer protocols.............................................................................................................................1-3
1.2 Configuring interface parameters..................................................................................................................1-3
1.2.1 Establishing the configuration task ......................................................................................................1-3
1.2.2 Entering the interface view..................................................................................................................1-5
1.2.3 Configuring the interface description...................................................................................................1-5
1.2.4 Configuring the interval of flow statistics............................................................................................1-5
1.2.5 Enabling the interface ..........................................................................................................................1-6
1.2.6 Checking the configuration..................................................................................................................1-7
1.3 Maintaining interfaces...................................................................................................................................1-8
1.3.1 Clearing interface statistics..................................................................................................................1-8
1.3.2 Debugging the interface.......................................................................................................................1-8
Issue 5.3 (
30 March 2009) Nortel Networks Inc. i
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access
Tables
Table 1-1 Command line views and prompts of physical interfaces...................................................................1-2
Table 1-2 Command line views and prompts of logical interfaces.....................................................................1-3
Table 1-3 Interface numbering............................................................................................................................1-4
Issue 5.3 (
30 March 2009) Nortel Networks Inc. iii
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access 1 LAN access overview
1 LAN access overview
About this
chapter
T le shows the con
he following tab tents of this chapter.
Section Description
1.1 Introduction describes local area network (LAN) This section
interfaces and link layer protocols.
1.2 Configuring interface
parameters
1.3 Maintaining interfaces This section describes how to maintain LAN interfaces.
This section describes how to configure LAN interface
parameters.
Issue 5.3 (
30 March 2009) Nortel Networks Inc. 1-1
1 LAN access overview
1.1 Introduction
This chapter describes the concepts of physical and logical interfaces and the link layer
protocols supported by the Nortel Secure Router 8000 Series. This chapter also describes how
to configure LAN interface parameters and maintain LAN interfaces.
For the information about wide area network (WAN) configuration, network layer protocols,
and special functions, see Nortel Secure Router 8000 Series Configuration – WAN Access
(NN46240-503).
The section describes the concepts that you need to know before you configure LAN
interfaces and link layer protocols:
z
LAN interfaces
z
Link layer protocols
1.1.1 LAN interfaces
Interface types
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access
Routers use two types of interfaces to exchange data and interact with other devices on the
network: physical interfaces and logical interfaces.
z
Physical interfaces have corresponding physical components. They are further divided
into two types.
− Local area network (LAN) interfaces: LAN interfaces are mainly Ethernet interfaces
through which routers exchange
− Wide area network (WAN) interfaces: WAN interfaces include ATM, POS, and
CE1/CT1 interfaces through which routers exchange data with devices of external
networks.
z
Logical interfaces, such as subinterfaces, do not physically exist. They are created
through configuration.
Command views and prompts
The following tables show the command line views and prompts of physical interfaces and
logical interfaces.
Table 1-1 Command line views and prompts of physical interfaces
Interface Command
View
Ethernet
interface
Ethernet
interface view
data with devices in a LAN.
Command Prompt
Run the interface
[Nortel-Ethernet1/0/0]
ethernet 1/0/0
command in the
system view.
Gigabit Ethernet
interface
Gigabit Ethernet
interface view
Run the interface
gigabitethernet 1/0/0
[Nortel-GigabitEthernet1/0
/0]
command in the
system view.
1-2 Nortel Networks Inc. Issue 5.3 (
30 March 2009)
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access 1 LAN access overview
Table 1-2 Command line views and prom pts of logical interfaces
Interface Command
View
Ethernet
subinterface
GigabitEthernet
subinterface
Ethernet
subinterface
view
GigabitEthernet
subinterface
view
1.1.2 Link layer protocols
The link layer provides reliable transmission of data from one site to another. The link layer
receives packets from the network layer and then encapsulates packets into frames to deliver
them to the physical layer.
The Nortel Secure Router 8000 Series supports LAN link layer protocols as follows:
z
The Virtual Local Area Network (VLAN) divides a physical LAN into several logical
subnets, regardless of their physical locations.
z
Data transmission within a VLAN does not interfere with that in other VLANs. This
enhances the network security.
Command Prompt
Run the interface
ethernet 1/0/0.1
command in the
system view.
Run the interface
gigabitethernet
1/0/0.1 command in
the system view
[Nortel-Ethernet1/0/0.1]
[Nortel-Gigabitethernet1/0
/0.1]
1.2 Configuring interface parameters
1.2.1 Establishing the configuration task
Applicable environment
The section describes how to configure the LAN interfaces. With the Nortel Secure Router
8000 Series, you configure and maintain interfaces from the interface views.
The following table describes interface numbering for the Secure Router 8000 Series routers.
Issue 5.3 (
30 March 2009) Nortel Networks Inc. 1-3
1 LAN access overview
Table 1-3 Interface num bering
Product Numbering
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access
SR8000 routers
Preconfiguration tasks
Before you configure an interface, install the interface card on the router.
Slot:
SR8002, SR8004, and SR8008: numbered from left to right and
from the top down on the front chassis.
z
SR8008: 0 to 8
z
SR8004: 0 to 4
z
SR8002: 0 to 2
SR8012: numbered from left to right and from the bottom up on
the front chassis.
z
SR8012: 1 to 10
Card number: numbered from 0.
If there is no pinch board, the number is fixed 0.
Interface number: numbered from 0.
Marked on each interface board.
Data preparation
To configure an interface, you need the following data.
No. Data
1 Interface type and interface number
2 Description of the interface
3 Interval for traffic statistics on the interface (optional)
Configuration procedures
No. Procedure
1 Entering the interface view
2 Configuring the interface description
3 Configuring the interval of flow statistics
4 Enabling the interface
5 Checking the configuration
1-4 Nortel Networks Inc. Issue 5.3 (
30 March 2009)
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access 1 LAN access overview
1.2.2 Entering the interface view
Do as follows on the routers:
Step 1 Run:
system-view
The system view appears.
Step 2 Run:
interface interface-type interface-number
The interface view appears.
For an overview of interface numbering, see
Table 1-3.
For detailed information about interface numbering, see Nortel Secure Router 8000 Series –
Installation (NN46240-300 or NN46240-301).
----End
1.2.3 Configuring the interface description
Before you configure an interface, you need to understand the networking requirements and
know the following information:
z
how the physical interface is connected
z
the working mode and parameters that are required for the interface
z
the negotiated link layer protocol and working parameters between the interface and the
peer interface
z
the network protocol address supported by the interface
z
the static route or dynamic routing protocol on the interface
z
parameters for packet filtering and Network Address Translation (NAT) if a firewall is
set up on the interface
NOTE
e Secure Router 8000 Series supports the description interface-description command in the interface
Th
view, which configures the interface description. The description identifies the interface function and is
useful for interface maintenance.
1.2.4 Configuring the interval of flow statistics
Configuring the global interval of flow statistics
Do as follows on the routers:
Step 1 Run:
system-view
The system view appears.
Step 2 Run:
interface traffic sampling-time time global
Issue 5.3 (
30 March 2009) Nortel Networks Inc. 1-5
1 LAN access overview
Configuration - LAN Access and MAN Access
This command configures the global interval of flow statistics.
The interval of traffic statistics configured by this command can be applied to each physical interface.
----End
Configuring the interface interval of flow statistics
Do as follows on the routers:
Step 1 Run:
system-view
The system view appears.
Step 2 Run:
interface interface-type interface-number
The specified interface view appears.
Step 3 Run:
Nortel Secure Router 8000 Series
interface traffic sampling-time time
This command configures the interface interval of flow statistics.
z
When the global interval of flow statistics and the interface interval of flow statistics are configured
at the same time, the interface selects the interface interval of flow statistics first.
z
The physical interfaces support the configuration of the interval of flow statistics. For logical
interfaces, the interval of flow statistics uses the default system value and cannot be changed through
configuration.
----End
1.2.5 Enabling the interface
After you configure the interface, enable the interface and note the following:
z
When a physical interface is idle and not connected to cables, shut down the interface to
protect it from interference.
z
After the interface configuration is complete, run the restart command, or run the
shutdown and undo shutdown commands consecutively, to validate the configuration.
Running the restart command is the same as running the shutdown and the undo
shutdown commands consecutively.
NOTE
When subinterfaces exist, if you run the shutdown command and the undo shutdown command on the
main interface in succession, the two commands must be used at an interval of at least 15 seconds.
When the interface status or the protocol status changes, the output automatically appears, as
shown in the following example:
%Jan 22 17:24:54 2007 Nortel IFNET/2/UPDOWN:Line protocol on the interface Ethe
rnet1/1/1 turns into UP state
1-6 Nortel Networks Inc. Issue 5.3 (
30 March 2009)
Nortel Secure Router 8000 Series
Configuration - LAN Access and MAN Access 1 LAN access overview
1.2.6 Checking the configuration
Run the following commands to check the previous configuration.
Action Command
Check the interface running
status and statistics.
Check brief IP information on
the interface.
display interface [ interface-type [ interface-number ] ]
| { begin | exclude | include } regular-expression ]
[
display ip interface brief [ interface-type
[ interface-number ] ]
Run the display interface command. If the physical status, link layer protocol status, IP
address, mask, MAC address, and physical parameters of an interface are displayed, the
configuration is successful. For example:
<Nortel> display interface ethernet 2/0/0
Ethernet2/0/0 current state : UP
Line protocol current state : UP
Description : NORTEL, Nortel Series, Ethernet2/0/0 Interface
The Maximum Transmit Unit is 1500 bytes, Hold timer is 10(sec)
Internet Address is 100.1.3.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc00-8fe1
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0
Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0
Output queue : (FIFO queue : Size/Length/Discards) 0/256/0
auto negotiation, speed 100M, duplex full, loopback not set
Last 300 seconds input rate 1111 bytes/sec, 1 packets/sec
Last 300 seconds output rate 349 bytes/sec, 0 packets/sec
Usage of input bandwidth:0.01%,Usage of output bandwidth:0.00%
Input: 1104 packets, 1134603 bytes
1 broadcasts, 1070 multicasts, 0 pauses
0 InvalidVlanPkts, 0 InvalidVlanOctets
0 errors, 0 shorts, 0 longs
0 physical errors, 0 input fragments
0 Jabbers, 0 CRCs, 0 overruns
Output: 402 packets, 362974 bytes
17 broadcasts, 368 multicasts
0 InvalidVlanPkts, 0 InvalidVlanOctets
0 shorts, 0 longs
0 runts, 0 Jabbers, 0 CRCs
0 deferrals, 0 underruns, 0 aborts
0 collisions, 0 lates, 0 singles, 0 multiples, 0 excessives
Issue 5.3 (
Run the display ip interface brief command. If the physical status, link layer protocol status,
IP address, loopback status, and description of an interface are displayed, the configuration is
successful. For example:
<Nortel> display ip interface brief gigabitethernet 1/0/0
*down: administratively down
(l): loopback
(s): spoofing
Interface IP Address Physical Protocol Description
GigabitEthernet1/0/0 10.5.40.1 down down Nortel
30 March 2009) Nortel Networks Inc. 1-7
Loading...