3Com Router 3032, Configuration Manual

Page 1: ...http www 3com com 3Com Router Configuration Guide Published March 2004 Part No 10014299...

Page 2: ...ided to you UNITED STATES GOVERNMENT LEGEND If you are a United States government agency then this documentation and the software described herein are provided to you subject to the following All tech...

Page 3: ...GETTING STARTED 1 SYSTEM MANAGEMENT 33 INTERFACE 121 LINK LAYER PROTOCOL 183 NETWORK PROTOCOL 335 ROUTING 423 MULTICAST 517 SECURITY 543...

Page 4: ...VPN 615 RELIABILITY 665 QOS 681 DIAL UP 721...

Page 5: ...presents information as it appears on the screen Keyboard key names If you must press two or more keys simultaneously the key names are linked with a plus sign for example Press Ctrl Alt Del The words...

Page 6: ...2 ABOUT THIS GUIDE...

Page 7: ...I GETTING STARTED Chapter 1 3Com Router Introduction Chapter 2 3Com Router User Interface...

Page 8: ...4...

Page 9: ...sistent network interface user interface and management interface providing flexible and multiple application solutions for users This manual describes features and functions of the 3Com Router 1 x sy...

Page 10: ...y and Frame Relay switching Supports FRoIP FRoISDN Supports Multi link Frame Relay MFR FR compression Supports FR Traffic Shaping FRTS to ensure even traffic over the VCs on FR Supports X 25 and X 25...

Page 11: ...ase of Internetwork routes and service information Supports DLSw of SNA system implementing SNA through WAN transmission IP performance Supports IP fast forwarding Supports Van Jacobson TCP message he...

Page 12: ...classification protection user login authentication Supports IPSec provides tunnel and transmission encapsulation modes and supports AH and ESP security authentication Supports network data encryption...

Page 13: ...er Prompt Detailed debugging information helpful for diagnosis of network faults Provides network test tools such as tracert and ping commands to quickly diagnose whether the network is normal Info ce...

Page 14: ...ing neither division of multiple channel groups nor ISDN PRI either the E1 F or T1 F interface will be a good choice Null Interface The functions of the Null interface are similar to those of null dev...

Page 15: ...es In addition its network connection is no difference from a HUB 3Com Routers support transparent bridging and are compatible with IEEE 802 1d The routers support the STP and bridging functions defin...

Page 16: ...12 CHAPTER 1 3COM ROUTER INTRODUCTION...

Page 17: ...iguration interface On 3Com modular routers the CONSOLE port and AUX port are on the front of the unit while other ports are on the rear of the unit The above diagram shows the rear of the unit For de...

Page 18: ...14 CHAPTER 2 3COM ROUTER USER INTERFACE Figure 3 Establish a new connection Figure 4 Select the computer serial port for actual connection...

Page 19: ...ters Figure 6 Select terminal emulation type 3 Power on the router to display the self test information of the router Press Enter after the self test to display the prompt Username and password Type i...

Page 20: ...minal Service chapter in this manual The modem connected to the asynchronous serial interface should be set to auto answer mode 1 As shown in Figure 7 connect a modem to computer serial port and anoth...

Page 21: ...g status of the router Enter to get help when necessary For details of specific commands please refer to the following chapters Local Remote Telnet Connection Configuration Environment After the route...

Page 22: ...nvironment of a remote telnet connection 2 As shown in the following two figures Telnet client program interface in Windows 9X run the Telnet client program on the computer and set its terminal emulat...

Page 23: ...ds please refer to the following chapters In router configuration via Telnet connection the Telnet connection will be disabled if you change the IP address of the router interface So please enter the...

Page 24: ...onfiguration files Provide function similar to DosKey to execute a history command Searches the key word via command line interpreter with an incomplete match method Interpretation will be available j...

Page 25: ...nd Exit command system view Configures the system parameters Router Directly enter the view upon the login of subscribers Enter logout to disconnect the connection with the Router RIP view Configures...

Page 26: ...Router E3 0 Enter controller e3 0 in any views Enter quit to return to the system view CT3 interface view Configures a time slot binding method on the CT3 interface and the physical layer parameters R...

Page 27: ...eturn to the system view DLCI view Configures the DLCI parameters Router fr dlci 100 Enter fr dlci 100 in synchronous serial interface view The link layer protocol encapsulated on the interface should...

Page 28: ...lay access list information arp ARP table information bgp BGP protocol information bridge Remote bridge information 3 Partial help Enter a character string followed by and descriptions of all the comm...

Page 29: ...er 1 x provides the following display features Provide pause function when the information displayed exceeds one screen page and three options are available for users Operation Command Display history...

Page 30: ...ote UNIX host send Send a message to other terminals telnet Telnet to a remote host tracert Trace the route taken by packets to reach a network host undo Cancel current setting 3 A guest user has no r...

Page 31: ...ed to the Console port to clear the application password and then reboot the router At this time the operator user can log onto the router without username and password If an administrator user forget...

Page 32: ...ion Command Reboot the system right now reboot reason reason string Reboot the system after a specified time reboot mode interval hh mm time string Reboot the system at the specified time reboot mode...

Page 33: ...II SYSTEM MANAGEMENT Chapter 3 System Management Chapter 4 Terminal Service Chapter 5 Configuring Network Management Chapter 6 Display and Debugging Tools Chapter 7 POS Terminal Access Service...

Page 34: ...30...

Page 35: ...of software Boot ROM file Program file Configuration file Upgrade Boot ROM Software This section contains information to assist you with upgrading the Boot ROM software Upgrade router software carefu...

Page 36: ...dy been modified input the correct one If your attempts to input the correct password fail three times the system will halt and you must power off and then power on the router 3 If the input Boot ROM...

Page 37: ...al then press Enter to begin downloading After having set the terminal baud rate make sure to disconnect and then reconnect the terminal emulator Otherwise the new baud rate will not be effective 6 Th...

Page 38: ...d fails the system displays the following information and reboot the router Download failed 3Com Router start booting If this message is displayed you should find out the cause prior to upgrading 9 Re...

Page 39: ...Otherwise the system will start decompressing the program Reboot the router if you want to enter the 3Com Router main software upgrade menu after program decompression is started 2 The system prompts...

Page 40: ...into the baud rate selected for software downloading Figure 17 Modify the terminal baud rate Click OK after setting the new terminal baud rate Click Disconnect and then Connect in the terminal interfa...

Page 41: ...router writes the Boot ROM into the Flash or NVRAM and the following prompts display Download completed Writing into flash memory Please wait it needs a long time about 1 min Writing into Flash Succee...

Page 42: ...figuration files from the file server into the Flash or NVRAM of the local router Before using TFTP you should purchase and install a TFTP server application as the 3Com Router does not come with a TF...

Page 43: ...check the slots for a 1FE card in the order of 0 2 4 6 1 3 5 and 7 The Ethernet interface thus found will be used as the downloading network interface If the router is not available with a 1FE card ch...

Page 44: ...R PARAMETERS IP address of the TFTP host is 10 110 10 13 The file to download and start is m8240ram arj After board is reset start up code will wait 5 seconds M odify any of the 3Com router configurat...

Page 45: ...ead len 03713478 Writing program code to FLASH Please waiting it needs a long time about 1 min WriteFlash Success Press ENTER key to reboot the system 8 Press Enter upon the completion of the loading...

Page 46: ...he 3Com Router authenticates and authorizes FTP subscribers through an AAA server If no AAA is configured the local user authentication is adopted by default When using AAA the router cannot perform l...

Page 47: ...gged in ftp 4 After the authentication is passed the FTP client displays the prompt ftp enter binary after the prompt and set the upload directory on the FTP client ftp binary 200 Type set to I ftp lc...

Page 48: ...er booting the router Start the TFTP server and connect it with the router before using this method to back up the 3Com Router main software Then execute the following command in system view Table 19...

Page 49: ...the installation of the FTP application you can execute Serv u exe and configure the serv u FTP according to the following steps 1 Click Setup Users and the Setup Users dialog box displays as shown be...

Page 50: ...he card 5 The system will display the following information according to different situations If the on line upgrading succeeds the Console displays the following prompt information End of programming...

Page 51: ...saved but the defaults are not saved Please refer to the following chapters for the default values of configuration parameters Commands are organized by views Commands in the same view are organized...

Page 52: ...pment TFTP Approach With this approach you can use the get command to download the configuration files from the TFTP server after booting the router Like the preparation done before loading the 3Com R...

Page 53: ...to the PC directly or indirectly and ping operation can be performed between them then set a path and use the copy command in the system view thus you can upload the configuration files to the TFTP s...

Page 54: ...nfiguration files Either can be selected with the configfile command to serve as the storage media of configuration file The current media can be viewed by the display current configuration command Pl...

Page 55: ...ed in the following cases After upgrading if the router software does not match with the configuration file If the configuration file in Flash or NVRAM is damaged for example the wrong configuration f...

Page 56: ...install the FTP Client application You need to purchase the FTP Client application as this is not supplied as part of the 3Com Router series Configure FTP Server FTP server configuration includes Con...

Page 57: ...g status so as to make proper use of system resources 1 Set the file name on FTP server Before the file is uploaded or downloaded the name of the program configuration file should be set on the router...

Page 58: ...rking in normal update mode Please perform the following configuration in system view Table 33 Set FTP update mode By default the FTP server adopts fast update mode 3 Set the connection time limit of...

Page 59: ...FTP 55 Display FTP Server Table 36 Display FTP server Operation Command Display the configuration status of current FTP server display ftp server Display detailed information of the FTP user display l...

Page 60: ...56 CHAPTER 3 SYSTEM MANAGEMENT...

Page 61: ...rminal configuration via RLogin connection Perform remote login via X 25 PAD Perform terminal message service Features of Terminal Service at Console Port The Local configuration environment can be es...

Page 62: ...t the attributes of terminal service By default the system will enable the timeout disconnection of the terminal user Terminal Message Service Whenever the terminal users that log into the same router...

Page 63: ...Supports the users that login through Telnet or console port to use the message services Supports the input of multiple lines of messages Supports the screen paste on HyperTerminal Supports using the...

Page 64: ...us serial port and log in to the router by running the hyper terminal on PC to carry out the configuration management of the router Figure 26 Configuration management through dumb terminal The typical...

Page 65: ...serial 0 ports is as follows Router Serial0 physical mode async Router Serial0 undo modem Router Serial0 async mode flow The configuration procedure of the dumb terminal on 8 16 async serial 0 port is...

Page 66: ...he network Telnet connection services provided by the 3Com Router 1 x include Telnet Server service provides services for local and remote users to logon to the router maintains the router and accesse...

Page 67: ...Telnet service Connection Configuration of Telnet and Reverse Telnet Terminal Service Features of Telnet Connection The terminal service features of Telnet connection are shown in the following table...

Page 68: ...transmitted the Reverse Telnet will not be disconnected The Reverse Telnet can be disconnected in interface view The undo modem command must be used to disable modem calling in and calling out before...

Page 69: ...nnection Perform the following configuration in all views Table 49 Establish Telnet Server or Telnet Client connection display client can only be used to display the interface through which the Telnet...

Page 70: ...using the AT command Rlogin Terminal Service Rlogin Remote Login is one of the most common Internet applications developed by the BSD UNIX system in which a client is connected with the server by TCP...

Page 71: ...l user name abc to log on Router rlogin 10 110 96 53 root Trying 10 110 96 53 Password Last successful login for root Thu Jan 30 20 29 45 2003 on ttyp2 Last unsuccessful login for root Sun Jan 26 11 2...

Page 72: ...s the X 25 network X 25 PAD technology was developed to address how these devices can be enabled to communicate via X 25 network X 25 PAD bridges the X 25 network and non X 25 terminals it provides a...

Page 73: ...Set the response time for the Invite Clear message Configure X 25 PAD remote user Since remote PAD users can place an X 25 PAD call through the X 25 network access the local router and configure the r...

Page 74: ...be skipped If the authentication succeeds the Client side can access the Server side and configure the Server side After successful access of the remote terminals users can log out and disconnect the...

Page 75: ...ing configuration under the system view at the Server side Table 54 Set the response time to the Invite Clear message Display and Debug X 25 PAD Perform the following configuration in all views Table...

Page 76: ...r connection and both ends support X 25 PAD protocol After the above condition is met make sure that the serial port at the Server side used to receive X 25 calls has set the X 121 address and the add...

Page 77: ...ement Station and an agent NMS is the workstation running the client application It sends various request packets to the managed network devices receives the response and trap packets from the managed...

Page 78: ...standard Security of SNMPv3 is mostly represented by data security and access control Data security features provided in SNMPv3 Message level data security provided in SNMPv3 includes the following th...

Page 79: ...the command responder indication generator or proxy transponder is called the SNMP agent Nevertheless an SNMP entity can have functions of both manager and agent SNMP supported MIB To uniquely identi...

Page 80: ...in hexadecimal format By default the SNMP engine ID is MIB attribute MIB description Reference Public MIB MIB II based on TCP IP network equipment RFC1213 RMON MIB RFC1757 RIP 2 MIB RFC1389 OSPF MIB R...

Page 81: ...S have different access authority An SNMP group can have read only read write or notifying authority The authorities of the SNMP group are also determined by MIB views Perform the following configurat...

Page 82: ...as a managed device you should configure the destination and source addresses of the trap that it will send The destination address is the IP address of the NMS receiving the trap packet and the sour...

Page 83: ...age queue length undo snmp agent trap queue size Set the timeout time for traps snmp agent trap life timeout Restore the default timeout time for traps undo snmp agent trap life Operation Command Set...

Page 84: ...outer to send traps to NMS 129 102 149 23 and use the community name public and set the source address in the traps to be the IP address of the interface ethernet 0 Router snmp agent trap enable Route...

Page 85: ...mp agent sys info contact Mr Wang Tel 3306 Router snmp agent sys info location telephone closet 3rd floor 4 Configure the router to send Traps to the host whose IP address is 129 102 149 23 Router snm...

Page 86: ...andard MIB not only provides a lot of the original port data of the managed object but it provides statistics data and calculation results of a network segment By running SNMP Agent supporting RMON on...

Page 87: ...ination is another router from the Ethernet interface the interface should be added in the DLSw bridge set Otherwise the router only performs statistics for frames with this router as the destination...

Page 88: ...84 CHAPTER 5 CONFIGURING NETWORK MANAGEMENT RouterA interface ethernet 0 RouterA Ethernet0 rmon promiscuous...

Page 89: ...em Debugging Command Set The command line interface of the 3Com Router 1 x provides abundant debugging commands almost corresponding to all the protocols supported by the router helping the user to di...

Page 90: ...eshooting more convenient On the 3Com Router Syslog log system manages the output of debugging information and other prompt information Before obtaining the debugging information you need to open the...

Page 91: ...rom 202 38 160 244 bytes 56 sequence 2 ttl 255 time 2ms Reply from 202 38 160 244 bytes 56 sequence 3 ttl 255 time 1ms Reply from 202 38 160 244 bytes 56 sequence 4 ttl 255 time 3ms Reply from 202 38...

Page 92: ...ference Guide for detailed meanings of various options and parameters Described below are two examples to analyze the network connection with tracert command In the former example network connection i...

Page 93: ...dispensable part of the 3Com Router 1 x Syslog serves as the information junction of the 3Com Router 1 x system software module The log system is responsible for most of the information output and can...

Page 94: ...n parameters which include the filtering setting based on the module Chinese English selection and severity threshold When a user changes the values of these parameters other user terminals will also...

Page 95: ...rts critical errors warnings notifications informational debugging Enable to output log information with priority to the terminal info center monitor emergencies alerts critical errors warnings notifi...

Page 96: ...ecurity 2 Edit the file etc syslog conf as the root and add the following selector action pairs Router configuration messages Local4 crit var log Router config When editing etc syslog conf note the fo...

Page 97: ...og information output of the control console 1 Turn on the log system Router info center enable 2 Configure the log information output of the control console severity ranging between emergencies debug...

Page 98: ...94 CHAPTER 6 DISPLAY AND DEBUGGING TOOLS...

Page 99: ...roblem and makes it possible to use different bank cards on the same POS The POS terminal is connected to the transaction center in two ways namely through dial up POS access and POS network access Di...

Page 100: ...rk access Figure 41 Access mode when the POS access router located at the commercial client end In the POS network access mode 3Com Router series can be connected to the POS terminal in the following...

Page 101: ...S Access Server To implement the POS access service the POS access server must first be started Please perform the following configuration in system view Table 72 Start POS server By default the syste...

Page 102: ...de it is necessary to configure the POS application to UNIX FEP for the terminal Please perform the following configuration in system view Table 74 Configure a POS application By default no POS applic...

Page 103: ...for the sake of security it is necessary to hide the true IP address of the up TCP connection in the access service and set another IP address for the source address instead At the same time to perfo...

Page 104: ...s port and to avoid a POS terminal being occupied for a long time it is necessary to manage individual transaction times through configuring the parameter TRADETIME If the maximum transaction time is...

Page 105: ...plication to UNIX B in TCP IP connection mode the application is 1 Router pos server app tcp 1 10 1 1 2 9020 4 Configure the POS multi application mapping table to map the packet whose destination add...

Page 106: ...nc 0 the application sequence number is 0 Router pos server app flow 0 async 0 3 Configure the POS application to UNIX B in asynchronous connection mode the connected interface is async 1 the applicat...

Page 107: ...onnection mode II Networking Diagram Figure 44 Networking diagram when the router is located at commercial client in TCP IP connection mode III Configuration Procedures 1 Configure Router A a Start th...

Page 108: ...interface async 2 RouterA Async2 undo modem RouterA Async0 flow control none RouterA Async0 undo detect dsr dtr RouterA Async2 async mode pos 3 g Configure the route to Router B take the static route...

Page 109: ...III INTERFACE Chapter 8 Interface Configuration Overview Chapter 9 Configuring LAN Interface Chapter 10 Configuring WAN Interface Chapter 11 Configuring Logical Interface...

Page 110: ...106...

Page 111: ...e network devices in LAN Second one is the WAN interface which includes interfaces like the synchronous asynchronous serial interface asynchronous serial interface AUX interface CE1 PRI ISDN BRI inter...

Page 112: ...it is necessary to have a clear idea about the networking requirement and network diagram The following operations must be implemented at least for the interface configuration If the interface is a ph...

Page 113: ...nformation If a physical interface on the router is idle and not connected with cable use the shutdown command to disable the interface in case that the interface goes abnormal due to some interferenc...

Page 114: ...110 CHAPTER 8 INTERFACE CONFIGURATION OVERVIEW...

Page 115: ...y it can consult other network devices to determine and automatically select the optimum working mode and rate thus greatly simplifying the configuration and management of the system Configure Etherne...

Page 116: ...rame Please use the following commands in Ethernet interface view Table 88 Set frame format of sending message The frame format of sending message is Ethernet_II by default 4 Set MTU Maximum transmiss...

Page 117: ...thernet interface view Table 91 Select working mode of Ethernet interface The default is negotiation i e the system automatically chooses an optimum working mode 7 Enable or disable internal loopback...

Page 118: ...iew the statistic information of two ends of the connection such as the router and switch to observe whether the statistic number of the received error frames increases quickly If either test fails to...

Page 119: ...esses must be the same only the host addresses are different If they are not in the same sub net please re set the IP address 3 Check whether the link layer protocols match one another Take for exampl...

Page 120: ...party working in full duplex mode shows large amount of error messages received accompanied with serious message losses at both parties In this case use display interfaces ethernet command to view the...

Page 121: ...interface ISDN BRI interface CE1 PRI interfaces CT3 CT1 PRI interface E1 F interface T1 F interface CE3 interface Asynchronous Serial Interface There are two asynchronous serial interfaces in the 3Co...

Page 122: ...nous asynchronous serial interface Table 94 Set the synchronous asynchronous serial interface to work in asynchronous mode The synchronous asynchronous serial interface works in synchronous mode by de...

Page 123: ...nous serial interface is used in dialup mode the baud rate only refers to the communication rate between the asynchronous serial interface of the router and Modem And the rate between two Modems must...

Page 124: ...a transmission on the asynchronous serial interface will be controlled by the hardware signal on the interface When transmitting data the interface will automatically detect the CTS signal If there ar...

Page 125: ...the stop bit when the asynchronous serial interface works in flow mode By default there is only 1 stop bit 10 Set data bit in flow mode This command is used to set another interactive operating parame...

Page 126: ...asynchronous serial interface Table 106 Set MTU of asynchronous serial interface The unit of mtu is byte ranging from 128 to 1500 with 1500 as default 14 Set the coding format of Modem Please perform...

Page 127: ...rface Features of synchronous serial interface It can work in two modes DTE and DCE Usually the synchronous serial interface serves as DTE and receives DCE provided clock The synchronous serial interf...

Page 128: ...he synchronous asynchronous serial interface works in synchronous mode by default 2 Enter the view of the specified synchronous serial interface In all views enter the view of the specified synchronou...

Page 129: ...o 64000 bps 6 Select work clock The synchronous serial interface works in two modes DTE and DCE Different working modes have different working clocks If the synchronous serial interface is used as DCE...

Page 130: ...t be set 8 Enable or disable level detection By default when the system decides whether the synchronous serial interface is in UP status or DOWN status it detects the DSR signal DCD signal and whether...

Page 131: ...al interface mode Table 119 Set the synchronous serial interface to work in full duplex or half duplex mode By default the synchronous serial interface works in full duplex mode 11 Enable or disable i...

Page 132: ...e coding of synchronous serial interface is 7E ISDN BRI Interface Technical Background Integrated Services Digital Network ISDN is a new technology developed from the 1970 s It can provide all digital...

Page 133: ...annel contention Network terminal 2 NT2 Also called intelligent network terminal including layer 1 layer 3 of OSI Type 1 terminal equipment TE1 Also called ISDN standard terminal which is user equipme...

Page 134: ...llowing command in all views Table 124 Enter the view of the specified ISDN BRI interface The ISDN BRI interface is used to dial up Please refer to Dial up for detail CE1 PRI Interface Along with the...

Page 135: ...nterface operating mode Bind the interface to be channel sets Bind the interface to be a pri set Set the line code format Set line clock Set frame format Enable disable internal loopback external loop...

Page 136: ...E1 PRI at one time that is the interface can only be bound into either channel sets or a pri set in that period After binding the interface to be channel sets the system will automatically create a Se...

Page 137: ...orted on one CE1 PRI interface at one time that is the interface can only be bound into either channel sets or a pri set After the interface is bound to be a pri set the system will automatically crea...

Page 138: ...d no crc4 The frame format crc4 supports the 4 bit Cyclic Redundancy Check CRC on physical frames whereas the frame format no crc4 does not Perform the following configurations in CE1 PRI interface vi...

Page 139: ...an be got as follows 24 x 8 1 193 bits Since 8000 frames can be sent per second the transmission speed of DS1 is 193 x 8K 1 544 Mbps The CT1 PRI interface can only operate in channelized operating mod...

Page 140: ...ther channel sets or a pri set in that period After binding the interface to be channel sets the system will automatically create a Serial interface numbered serial number set number This interface ha...

Page 141: ...face is logically equivalent to an ISDN PRI interface and hence you can further configure it Perform the following configuration in all views Table 141 Enter the ISDN interface view The following is t...

Page 142: ...the CT1 PRI interface By default the line clock of CT1 PRI interface is slave clock 7 Set the frame format of interface A CT1 PRI interface supports two frame formats Super Frame SF and Extended Super...

Page 143: ...s not necessary in an E1 application it is too much to use CE1 PRI interface At this time E1 F interface is more than enough for meeting the simple E1 access requirements Compared with CE1 PRI interfa...

Page 144: ...tem identify an E1 F interface as a synchronous serial interface so entering the view of E1 F interface is equivalent to entering the view of the corresponding serial interface Perform the following c...

Page 145: ...ck If E1 F interface is used as DCE the slave clock should be selected If it is used as DTE the master clock should be selected If the E1 F interfaces of two routers are directly connected they must r...

Page 146: ...ocal loopback and remote loopback but these two functions cannot be enabled at the same time Display and Debug E1 F Interface Perform the display command in all views to display the state of E1 F inte...

Page 147: ...work in framed mode and it can randomly bind all time slots time slots 1 through 24 into one channel set T1 F interface has the rate of nx64kbps or nx56kbps owns logical features of synchronous serial...

Page 148: ...lines of various lengths you should match attenuation and waveform of the interface signals with the transmission lines Perform the following configuration in T1 F interface view Table 158 Set length...

Page 149: ...est is being carried out Perform the following configuration in T1 F interface view Table 161 Set frame format of T1 F interface By default the frame format of T1 F interface is ESF 7 Enable or Disabl...

Page 150: ...for transmitting frame synchronizing signals cannot participate in binding operation Therefore CE3 interface can be channelized into E1 channels of 64Kbps CE3 interface supports the link layer protoc...

Page 151: ...e channel loopback can be set on the E1 channels on a CE3 interface and the settings of individual channels are independent Table 169 Set loopback mode of E1 channel 5 Set E1 Frame Format Operation Co...

Page 152: ...whose number is serial number line number 0 and whose rate is 2048 kbps The interface has the same logic feature as that of a synchronous serial interface therefore it can be regarded as a synchronou...

Page 153: ...hannel binding operations CT3 Interface Both T3 and T1 belong to the T carrier system specified by ANSI T3 is corresponding to the digital signal level DS 3 and the data transmission rate is 44 736Mbp...

Page 154: ...ock mode of the T1 channel By default T1 channel uses slave clock 3 Set Cable Length Use the cable command to set the distance between the router and the cable distribution frame Perform the following...

Page 155: ...llowing configurations in CT3 interface view Table 181 Set the frame format of T1 channel By default the frame format of T1 channel is ESF 6 Configure Operate Mode of CT3 Interface When setting the op...

Page 156: ...re as that of a synchronous serial interface therefore it can be regarded as a synchronous serial interface for further configuration 7 Set CRC of the Serial Interface For the serial interface formed...

Page 157: ...l or the serial interface formed by timeslot bundle of T1 channel user can use command shutdown undo shutdown in Serial interface view Perform the following configuration in all views Table 186 Displa...

Page 158: ...154 CHAPTER 10 CONFIGURING WAN INTERFACE...

Page 159: ...uter realizes the Bandwidth on Demand Routing BDR function and provides two BDR configuration methods Legacy BDR and BDR profiles Please see Operation Manual Dial up for detailed information Configure...

Page 160: ...can be 255 255 255 255 The IP address with this 32 bit mask can be advertised by the routing protocols When configuring the ip address of loopback interface it is recommended to configure the 32bit ma...

Page 161: ...face These virtual interfaces share the physical layer parameters of the physical interface meanwhile they can be configured with their own link layer parameters and network layer parameters Therefore...

Page 162: ...figure sub interfaces of WAN interface which link layer protocol is frame relay 1 Create and delete WAN sub interfaces Please use the following commands in all views Table 191 Create and delete WAN su...

Page 163: ...terface and other IPX working parameters Virtual circuit of the sub interface Please see chapters in the Operation Manual Link Layer Protocol and Operation Manual Network Protocol for details about th...

Page 164: ...mitted here For fault diagnosis and troubleshooting of sub interface please see chapters in Operation Manual Link Layer Protocol and Operation Manual Network Protocol in this manual Standby Center Log...

Page 165: ...ranging 1 to 25 i e the user can create up to 25 virtual templates In executing interface virtual template command if corresponding virtual template has been created then directly enter the view of t...

Page 166: ...oting Before checking and eliminating faults of virtual template first find out the virtual template is used to create VPN virtual access interface or MP virtual interface then locate the fault of the...

Page 167: ...g PPP and MP Chapter 13 Configuring PPPoE Client Chapter 14 Configuring SLIP Chapter 15 Configuring ISDN Protocol Chapter 16 Configuring LAPB and X 25 Chapter 17 Configuring Frame Relay Chapter 18 Con...

Page 168: ...164...

Page 169: ...to negotiate some parameters of the link and is responsible for creating and maintaining the link Network Control Protocol is used to negotiate the parameters of network layer protocol PPP Authentica...

Page 170: ...otiation including negotiation of working mode SP or MP authentication mode and maximum transmission unit etc After the successful LCP negotiation the status of LCP is Open indicating that the link ha...

Page 171: ...or endpoint In the former way the router does not detect the username and endpoint and binds the interface to a specified virtual template interface In the latter way the router binds the interface t...

Page 172: ...originates the PAP authenticator only needs to start PAP authentication itself use ppp authentication mode pap command The requester does not need to configure the command If both sides originate PAP...

Page 173: ...and send its username and password to the authenticator use ppp chap user command If one side originates the CHAP authenticator only needs to start CHAP authentication itself use ppp authentication mo...

Page 174: ...configuration of local IP address and the IP address assigned to the peer refer to Network Protocol For example if it is necessary for the remote end to allocate an IP address for the local end you c...

Page 175: ...ace the keepalive packets by LQR packets that is PPP interface will send LQR packets every period in order to monitor the link When link quality is normal the system will calculate the link quality in...

Page 176: ...llowing configuration in interface view Table 204 Configure the physical interface to work in MP mode By default interface does not work in MP mode 4 Bind the Physical Interface to a Virtual Template...

Page 177: ...th the virtual template interface Bind according to endpoint The endpoint is determined automatically when the router is started and each router has its own endpoint The interfaces with the same endpo...

Page 178: ...of two routers are connected via Modems the actual transmission speed is decided by the line quality after the Modem negotiations In this case the speed is usually slower than the preset interface Bau...

Page 179: ...and password hello to the local database Router local user Router2 password simple hello b Configure to start PAP authentication at this side Router interface serial 0 Router Serial0 ppp authenticati...

Page 180: ...p user Router2 Typical MP Configuration Example I Configuration Requirement In Figure 51 two B channels of E1 interface of router a are bound to the B channel of router b and the other two B channels...

Page 181: ...Specify the virtual interface template for this user and begin PPP negotiation for the NCP information using this template Router ppp mp user router a bind virtual template 1 c Configure working para...

Page 182: ...line protocol is down Indicates that the interface is not activated or the physical layer does not turn to Up status serial number is up line protocol is up spoofing Indicates that this interface is...

Page 183: ...se Discovery phase When a host initiates a PPP session it must first go through the discovery phase to confirm the remote Ethernet MAC address and establish a PPPoE session ID Different from PPP PPPoE...

Page 184: ...up software Configure PPPoE Client The fundamental PPPoE configuration includes Configure dialer interface Configure PPPoE session The high level PPPoE configuration includes Reset or delete PPPoE se...

Page 185: ...poe client command in Ethernet interface view Table 215 Reset or delete PPPoE session The commands reset pppoe client and undo pppoe client differ in the sense that the former only resets a PPPoE sess...

Page 186: ...Internet via ADSL It uses 3com as the user name of the ADSL account and the password is 12345 Enable the PPPoE client function on the router so that the hosts on the LAN can access the Internet even...

Page 187: ...connect with the network center and ADSL is used as a standby for the DDN leased line Thus if the DDN leased line fails RouterA can still originate PPPoE call for connection to the network center acro...

Page 188: ...184 CHAPTER 13 CONFIGURING PPPOE CLIENT...

Page 189: ...mote end SLIP dialer can only be used with the standard BDR SLIP dialer on the physical port configuration includes Configure the synchronous asynchronous serial interface to asynchronous mode Configu...

Page 190: ...terface cannot be modified to asynchronous mode At this time you should first modify the link layer protocol of the interface to PPP and then you may change the interface attribute to asynchronous mod...

Page 191: ...protocol slip h Specify Dialer Group Router Serial0 dialer group 1 i Configure the default route to Route B Router ip route static 0 0 0 0 0 0 0 0 10 110 0 2 2 Configure Router B a Configure Dialer R...

Page 192: ...188 CHAPTER 14 CONFIGURING SLIP Router ip route static 0 0 0 0 0 0 0 0 10 110 0 1...

Page 193: ...D Here B channel is a user channel used to transmit the voice data and other user information with the transmission rate 64kbps D channel is a control channel and used to transmit the common channel s...

Page 194: ...ISDN PRI interface adopts QSIG signaling a Length of call reference Call reference is the flag used to distinguish the communication entities A call reference uniquely identifies a call Perform the fo...

Page 195: ...the remote call differs from the local configuration the call will be denied Otherwise the call will be accepted Perform the following configurations in interface view Table 225 Set the called number...

Page 196: ...it processes a call however the packets transmitted over the established connection are data packets Perform the following configuration in ISDN interface view Table 227 Configure an interface to rec...

Page 197: ...0 Router Serial0 15 dialer route info ip 202 38 154 2 8810154 Router Serial0 15 dialer group 1 Router Serial0 15 quit Router dialer rule 1 ip permit 2 Configure Router B The parameter configuration on...

Page 198: ...DN PRI line but pinging the routers is not successful Troubleshooting 1 Execute the display isdn call info command If the system prompts there is no isdn port it means that there is no ISDN PRI port a...

Page 199: ...ctions and facilities With X 25 two DTE can communicate with each other via the existing telephone network X 25 sessions are established when one DTE device contacts another to request a communication...

Page 200: ...and DCE The above relation is shown in the following diagram Figure 59 DTE DCE interface A virtual circuit is a logical connection created to ensure reliable communication between two network devices...

Page 201: ...tions as follows Transmit the data effectively between DTE and DCE Ensure the synchronization of information between the receiver and transmitter Detect and correct the error in the transmission Ident...

Page 202: ...nce number is selected periodically within the range of the modulo In the interface view configure as follows Table 230 Configure LAPB frame numbering mode By default the LAPB modulus is Modulo 8 b Co...

Page 203: ...ime idle channel state to the packet layer The timer value must be larger than T1 in DCE T3 T1 If T3 is 0 it indicates that the timer is not set Table 233 Configure LAPB system timer T1 T2 T3 By defau...

Page 204: ...ew Table 234 Set Cancel the X 121 address of the interface 2 Configure X 25 working mode To configure X 25 working mode perform the following task in the interface view Table 235 Set X 25 working mode...

Page 205: ...ber from the one way incoming call channel range and two way channel range to initiate a call while DCE selects an available logical channel with a larger number from the one way incoming call channel...

Page 206: ...l X 25 protocol negotiation It is necessary to first execute shutdown and undo shutdown commands 4 Configure X 25 modulo The implementation of X 25 in 3Com Router series supports both modulo 8 and mod...

Page 207: ...t is received according to M bit marker Therefore too small value of the maximum packet size will consume too much router resources on packet fragmenting and assembling thus lowering efficiency Finall...

Page 208: ...fied in ITU T Recommendation X 121 X 121 address is a character string consists of the Arabic numerals from 0 to 9 and it is of 0 to 15 characters Configure an alias for the interface When an X 25 cal...

Page 209: ...owing task in interface view Task Command Specify an alias for the interface x25 alias policy match type alias string Cancel the specification of an alias for the interface undo x25 alias policy match...

Page 210: ...ncel not carrying the called DTE address information when a call is originated undo x25 ignore called address Not carrying the calling DTE address information when a call is originated Default carry x...

Page 211: ...ed address mapping The called destination just like a calling source also has its own protocol address and X 121 address Establish the mapping between the destination protocol address and the X 121 ad...

Page 212: ...e X 25 user facility Set the length of virtual circuit queue Broadcast via X 25 Restrict the use of address mapping Configure the interface with the standby center The X 25 of the 3Com Router series a...

Page 213: ...low efficiency of sending and receiving Therefore we specify a value Each time the number of received packets reaches the value the acknowledgment will be sent to the peer thus improving receiving an...

Page 214: ...knowledgment value undo x25 receive threshold Operation Command Specify CUG Closed User Group x25 call facility closed user group group number Or x25 map protocol protocol address x121 address x 121 a...

Page 215: ...the length of virtual circuit queue Table 252 Configure the sending queue length of virtual circuit 6 Broadcast via X 25 Receive calls with reverse charging requests x25 reverse charge accept Or x25 m...

Page 216: ...ut only while others are used for calling in only The X 25 of the 3Com Router series allows restricting the use of this address mapping addition by adding some option items as shown in the following t...

Page 217: ...ss through many nodes each of which must have packet switching capability X 25 packet switching means to receive packets from one X 25 port and send them out from the X 25 port selected according to r...

Page 218: ...e table Configure X 25 Load Balancing Introduction to X 25 Load Balancing Using the property of hunt group of X 25 protocol ISPs can provide load balancing function in X 25 packet switching networks X...

Page 219: ...fective and data transmission will be processed in accordance with the normal virtual circuit After being established PVC stays at the data transmission stage without the process of call establishment...

Page 220: ...sent to Server A and Server B by turns vc number mode selects the interfaces with the free logical channels in a hunt group for every call request For example as shown in the above Figure1 1 if hunt...

Page 221: ...faces and XOT Tunnels to hunt group Perform the following configuration in X 25 hunt group view Table 262 Add Delete interfaces or XOT Tunnels in hunt group It should be noted that a hunt group can ha...

Page 222: ...svc x 121 address sub dest destination address sub source source address hunt group hunt group name Delete an X 25 switching route whose forwarding address is hunt group undo x25 switch svc x 121 addr...

Page 223: ...line is disconnected If Keepalive is configured TCP check the usability of the links in time and it will automatically clear the TCP connection if it does not receive the answer of the opposite side...

Page 224: ...X 25 side packets received are forwarded through IP net There are different views for SVC and PVC For SVC perform the following tasks in system view Table 267 Configure SVC XOT switching The local X...

Page 225: ...e configurations so that Annex G DLCI can be used to transmit IP data For the configurations of X 25 switching over Annex G DLCIs refer to the subsequent section Table 270 Configure an Annex G DLCI An...

Page 226: ...iable To ensure reliable transmission of signals for call set up and termination in dynamic calling mode these signals are transmitted over an X 25 VC Virtual Circuit Thereby reliable transmission can...

Page 227: ...Router Serial0 link protocol lapb dte d Configure other Lapb parameters if the link is of good quality and a higher rate is required the flow control parameter modulo can be increased to 128 k to 127...

Page 228: ...28 Router Serial1 lapb window size 127 Typical X 25 Configuration Example Back to Back Direct Connection of Two Routers via Serial Interface I Networking Requirement As shown in the diagram below two...

Page 229: ...1 f As this is a direct connection the flow control parameters can be increased slightly Router Serial1 x25 packet size 1024 1024 Router Serial1 x25 window size 5 5 Connect the Router to X 25 Public P...

Page 230: ...rface Serial 0 Router Serial0 ip address 168 173 24 2 255 255 255 0 b Connect to public packet network make the router as DTE side Router Serial0 link protocol x25 dte Router Serial0 x25 x121 address...

Page 231: ...y The IP network addresses of Ethernet A and B are 202 38 165 0 and 196 25 231 0 respectively It is required to exchange routing information between Ethernet A and B with RIP routing protocol so that...

Page 232: ...each logical channel has a separate number The virtual circuit between routers A and B is shown in suppose this virtual circuit passes four packet switching exchanges in the network Figure 71 A virtu...

Page 233: ...ess 300 2 Configure Router B Router interface serial 0 Router Serial0 link protocol x25 dte Router Serial0 x25 x121 address 200 Router Serial0 x25 map ip 10 1 1 2 x121 address 100 3 Configure Router C...

Page 234: ...ter Serial0 ip address 1 1 1 1 255 0 0 0 2 Configure Router D a Basic X 25 Configuration Router interface serial 0 Router Serial0 link protocol x25 dte ietf Router Serial0 x25 x121 address 2 Router Se...

Page 235: ...t interface and build TCP connection between them X 25 packets forward through TCP and configure PVC to implement the PVC function II Networking Diagram Figure 74 PVC application networking diagram of...

Page 236: ...dress 10 1 1 2 255 0 0 0 c Configure Serial 0 Router Ethernet0 interface serial 0 Router Serial0 link protocol x25 dce ietf Router Serial0 x25 vc range in channel 10 20 bi channel 30 1024 Router Seria...

Page 237: ...operty of rotary in system view Router x25 hunt group hg1 round robin f Add Serial 1 Serial 2 and XOT Tunnel to hunt group Router X25 huntgroup hg1 interface serial 1 Router X25 huntgroup hg1 interfac...

Page 238: ...to router RouterE Router x25 switch svc 8888 interface serial 0 X 25 Load Balancing Carrying IP Data Transmission I Networking Requirements X 25 packet switching networks interconnect IP networks in d...

Page 239: ...e interface Ethernet 0 Router interface ethernet 0 Router Ethernet0 ip address 10 2 1 1 255 255 255 0 b Configure interface Serial 0 Router interface serial 0 Router Serial0 link protocol x25 dte Rout...

Page 240: ...as Frame Relay DTE II Networking Diagram Figure 77 Interconnect LANs via an Annex G DLCI III Configuration Procedure 1 Configure RouterA a Create an X 25 template Router x25 template profile1 b Config...

Page 241: ...255 0 e Configure the link layer protocol of the interface to Frame Relay Router Serial1 link protocol fr Router Serial1 fr interface type dte f Configure a Frame Relay DLCI Router Serial1 fr dlci 10...

Page 242: ...nk protocol x25 dte ietf Router Serial0 x25 x121 address 2 Router Serial0 x25 map ip 1 1 1 1 x121 address 1 Router Serial0 ip address 1 1 1 2 255 0 0 0 3 Configure the router Router B a Enable X 25 sw...

Page 243: ...itch svc 2 interface serial 0 f Configure X 25 over Frame Relay switching Router x25 switch svc 1 interface serial 1 dlci 100 PVC Application of X 25 over Frame Relay I Networking Requirements RouterA...

Page 244: ...r Serial0 link protocol x25 dce ietf Router Serial0 x25 vc range in channel 10 20 bi channel 30 1024 d Configure an X 25 template Router x25 template profile1 Router x25 profile1 x25 vc range in chann...

Page 245: ...lt 2 Two connected sides use X 25 link layer protocol and the protocol is already in UP status but cannot ping through the peer Turn on the debugging switch and it is found that the received frames ar...

Page 246: ...ce status is DOWN check if the physical connection and bottom configuration are correct If the interface is properly configured then check the SVC configuration If SVC is also properly configured chec...

Page 247: ...the packets is different from that configured in the Frame Relay address map and X 25 address map you need to reconfigure the maps If multiple X 25 address maps for reaching the same destination X 121...

Page 248: ...244 CHAPTER 16 CONFIGURING LAPB AND X 25...

Page 249: ...Connection Identifier which is valid only on the local interface and the corresponding opposite interface This means that in the same Frame Relay network the same DLCI on different physical interface...

Page 250: ...the network determines the status of Permanent virtual circuits PVCs of DCE In case that the two network devices are directly connected the equipment administrator sets the virtual circuit status of...

Page 251: ...or DCE format according to its location in the network In Frame Relay networks Network to Network Interface NNI is used between the Frame Relay switches In the interface view perform the following ta...

Page 252: ...all the PVCs if the PVC status on the network changes or there is PVC added or deleted irrespective of DTE inquires for the PVC status or not Thereby DTE can know the changes on DCE side and update th...

Page 253: ...ive the response in the specified time the error will be recorded If the number of errors exceeds the threshold the DTE equipment will regard the physical path and all the virtual circuits as unusable...

Page 254: ...re is a default route In interface view perform the following task to configure the Frame Relay static address mapping Table 279 Configure Frame Relay static address mapping By default the dynamic inv...

Page 255: ...ogical interface and can be used to configure protocol address and virtual circuit One physical interface can include multiple sub interfaces which do not exist physically However for the network laye...

Page 256: ...erse arp 8 Configure Frame Relay PVC Switching Router routers can be used as Frame Relay switches to provide the function of Frame Relay PVC switching There are two ways to configure the Frame Relay s...

Page 257: ...view Table 289 Configure Frame Relay local switched PVC number Perform the following configurations in system view Table 290 Configure the Frame Relay switched PVC Operation Command Enable the Frame R...

Page 258: ...ultiple Frame Relay physical interfaces In this way the bandwidth of the virtual Frame Relay is equal to the sum of the bandwidth of each Frame Relay physical interface contained in the virtual Frame...

Page 259: ...nt on the multiple physical interfaces bundled to the MFR interface by turns 2 Configure a MFR bundle link Please perform the following configuration in synchronous serial interface view Table 293 Con...

Page 260: ...interface Perform the following configurations in interface view Table 295 Configure Frame Relay compression on point to point interface By default Frame Relay payload compression is disabled On the...

Page 261: ...packets behind it and hence degrade the voice quality The purpose of configuring Frame Relay fragmentation is to shorten voice delay and ensure real time voice transmission After configuring fragmenta...

Page 262: ...general QoS can only provide the service of QoS on the whole interface Therefore the Frame Relay QoS can provide more flexible quality services for users Figure 81 Frame Relay QoS application Frame R...

Page 263: ...the Frame Relay switch device has been configured with the function of congestion management it will notify the router of network congestion Upon receiving the notification the router will eventually...

Page 264: ...ueueing PQ Priority Queueing CQ Custom Queueing and WFQ Weighted Fair Queueing The FIFO PQ CQ WFQ and PIPQ PVC Interface Priority Queueing queues can be used on a Frame Relay interface Among them FIFO...

Page 265: ...which is the size exceeding CBS the router will mark the flag bit of DE in the Frame Relay packet headers to 1 Figure 86 Fundamentals of Frame Relay traffic policing As shown in the above figure the p...

Page 266: ...that are marked with DE flag bit will be first discarded once there is congestion The DE rule lists are applied on the Frame Relay PVCs on a router and each of them contains multiple DE rules If a pac...

Page 267: ...see the configuration of the Frame Relay class To delete the Frame Relay class use the undo fr class command When a Frame Relay PVC implements QoS it will search for the corresponding Frame Relay clas...

Page 268: ...be used to set the inbound and outbound parameters However only the outbound parameters are effective for the Frame Relay traffic shaping Operation Command Enable the Frame Relay traffic shaping fr t...

Page 269: ...figuration procedure in detail 3 Associate the Frame Relay class with the Frame Relay interface or a PVC Please refer to the above section Configure Frame Relay class for the configuration procedure i...

Page 270: ...figurations in frame relay class view Table 306 Configure the congestion management policy on a Frame Relay PVC By default the congestion management is not enabled on Frame Relay PVCs When the congest...

Page 271: ...Relay interface each PVC under this interface will own its independent PVC queue If the function is not enabled on the Frame Relay interface the PVCs will have no PVC queues Perform the following con...

Page 272: ...smitted according to the priority sequence Specifically all the packets in the top queue will be first transmitted then the packets in the middle queue followed by the packets in the normal queue and...

Page 273: ...configuration details will not be covered here Please read the related chapters in Operation manual VPN for reference 2 Configure Frame Relay Switching Enable Frame Relay switching in system view and...

Page 274: ...s much quicker and with lower cost At the same time ISDN can also be taken as a standby for Frame Relay accessing Therefore the Frame Relay over ISDN is mainly used in the following two aspects The si...

Page 275: ...th Frame Relay the calling party can directly use the configured dial string to make an ISDN call to the remote end after it finds an available B channel If dialer profiles are adopted the calling par...

Page 276: ...established Then the DCE device will look for another PVC segment according to the Frame Relay switching configuration and activate the PVC segment When both PVC segments are in active status it mean...

Page 277: ...n in physical ISDN or dialer interface view Table 315 Configure the link layer protocol of the interface The two ends of a BDR call should work with the same link layer protocol For a physical interfa...

Page 278: ...implement Frame Relay over ISDN it should be configured with Frame Relay In addition Frame Relay and PPP are probably carried on a B channel for supporting the dynamic configuration on the channel The...

Page 279: ...interface type number dlci Enable the debugging of Frame Relay arp debugging fr arp interface type number Enable the debugging of Frame Relay compression debugging fr compress interface type number En...

Page 280: ...nterface to Frame Relay Router Serial1 link protocol fr Router Serial1 fr interface type dte c Configure static address mapping Router Serial1 fr map ip 202 38 163 252 dlci 50 Router Serial1 fr map ip...

Page 281: ...face IP address Router interface serial 1 Router Serial1 ip address 202 38 163 251 255 255 255 0 b Configure the link layer protocol of the interface to Frame Relay Router Serial1 link protocol fr Rou...

Page 282: ...2 Configure RouterB a Create a MFR interface Router interface mfr 0 Router MFR0 ip address 202 38 163 252 255 255 255 0 Router MFR0 fr interface type dte Router MFR0 fr dlci 100 Router MFR0 fr map ip...

Page 283: ...Relay Network and enable Frame Relay Fragment between them II Networking Diagram Figure 96 networking diagram of Frame Relay Fragment III Configuration Procedure 1 Configure RouterA Router interface s...

Page 284: ...acl 1 Router acl 1 rule normal permit source 10 0 0 0 0 0 0 0 Router qos pql 1 protocol ip acl 1 queue top 2 Create a Frame Relay class and configure the parameters of Frame Relay traffic shaping Rout...

Page 285: ...a Configure the Frame Relay interface Serial0 Router interface serial 0 Router Serial0 link protocol fr Router Serial0 fr interface type dce Router Serial0 fr dlci 300 b Configure IP interface Ethern...

Page 286: ...cy Router Bri0 dialer group 1 Router Bri0 dialer number 660045 b Configure the Frame Relay parameters on Bri0 Router Bri0 fr map ip 110 0 0 2 dlci 100 Router Bri0 fr dlci 100 For configuring the BDR a...

Page 287: ...ervices for two dialer interfaces This PRI interface is assigned with the ISDN number 660045 and the DLCI numbers 100 and 200 respectively for these two dialer interfaces At the same time RouterB is c...

Page 288: ...number to 200 and configure to receive the incoming calls from the number 660208 and assign Dialer1 to Dialer Bundle 20 b Configure the Frame Relay switching parameters on Serial1 Router Serial1 link...

Page 289: ...hooting Check whether the link layer protocols of the equipment at both ends are UP Check whether the equipment at both ends have configured or created correct address mapping for the peer Check the r...

Page 290: ...286 CHAPTER 17 CONFIGURING FRAME RELAY Check whether the Frame Relay configurations at both ends are correct Read the section of troubleshooting in Link Layer Protocol...

Page 291: ...re the link layer protocol of the interface to HDLC 1 Configure the Link Layer Protocol of the Interface to HDLC In synchronous interface view perform the following task Table 318 Configure the link l...

Page 292: ...288 CHAPTER 18 CONFIGURING HDLC Enable HDLC packet debugging debugging hdlc packet interface type number...

Page 293: ...AC addresses and interfaces Source route Bridging Such bridging forwards frames based on the routing indicators contained in the frames The table of correlation between destination MAC addresses and r...

Page 294: ...picked up and the correlation between this MAC address and the interface receiving this frame will be added to the bridging address table As shown in the following figure four workstations A B C and D...

Page 295: ...the workstations are in use the bridge will obtain all correlation between the MAC addresses and the bridge ports as shown in the following figure Bridge Ethernet segment 1 Bridge port 1 Bridge port...

Page 296: ...Workstation B the bridge will filter this frame rather than forwarding it since Workstation B and Workstation A are located on the same physical network segment Bridge Ethernet segment 1 Bridge port 1...

Page 297: ...dges X and Y are connected with Ethernet segment 1 Once detecting a broadcasting frame both bridges will send it to all ports except the source port on which the frame is detected That is both bridges...

Page 298: ...loops is an essential requirement for ensuring the bridge working normally Therefore the third function of bridge is to locate loops and block redundant ports Spanning Tree Protocol Spanning Tree Pro...

Page 299: ...arding data to the current subordinate bridge The path cost via a designated bridge is the lowest between the leaf nodes and root bridge Specify the designated port Designated ports are those on the d...

Page 300: ...ed Specifically the root port and the designated ports will undergo a transitional state for an interval of forward delay to enter the forwarding state to resume the data forwarding Such a delay ensur...

Page 301: ...he link set can guarantee the bridging function and save the link bandwidth The solution is adding multiple parallel links to a link set Each corresponding link port can still independently take part...

Page 302: ...the correlation between the destination MAC addresses and the ports According to it a bridge implements forwarding a Configure static address table entries Normally a bridging table is dynamically gen...

Page 303: ...llowing configuration in interface view Table 326 Disable Enable STP on ports By default STP is enabled on all ports b Configure the bridge priority Bridge Identifier is comprised of the bridge priori...

Page 304: ...will cause recomputation of the spanning tree If all the bridge ports adopt the same priority the smaller the port number is the smaller the port ID will be Perform the following configuration in inte...

Page 305: ...state to resume the data forwarding Such a delay ensures that the new BPDU has already been propagated throughout the network before the data frames are forwarded according to the latest topology The...

Page 306: ...ses Perform the following configuration in system view Table 333 Create an ACL based on MAC Ethernet addresses By default no ACL based on MAC Ethernet addresses is created When creating an ACL based o...

Page 307: ...capsulated in the form of IEEE 802 2 on the port Operation Command Apply ACLs based on MAC addresses in the input direction of ports bridge set bridge set source mac acl acl number Remove the applicat...

Page 308: ...s the whole bridge set corresponding to the routed interface on the router Bridge template interface uses the same number of the bridge set represented by it All kinds of network layer attributes can...

Page 309: ...if it is configured Executing the display bridge bridge set link set command can display the configuration of the link set on each bridge as well as whether it is sharing the load 10 Configure Bridgin...

Page 310: ...ng over HDLC Perform the following configuration in interface view Table 348 Configure the link layer protocol of the interface to HDLC 15 Configure Bridging over VLAN Perform the following configurat...

Page 311: ...unters acl number Clear the entries of all the bridge sets or specified groups in the forwarding database reset bridge bridge set Clear the statistics of Spanning Tree reset stp statistics Clear the t...

Page 312: ...net0 bridge set stp disable Router Ethernet0 interface serial 0 Router Serial0 link protocol ppp Router Serial0 bridge set 1 Router Serial0 bridge set 1 stp disable 2 Configure Router B Router bridge...

Page 313: ...Serial0 fr interface type dce Router Serial0 fr dlci 50 Router Serial0 bridge set 1 Router Serial0 fr map bridge 50 broadcast Router Serial0 interface ethernet 0 Router Ethernet0 bridge set 1 Router...

Page 314: ...p Router Serial1 dialer enable legacy Router Serial1 dialer group 1 Router Serial1 dialer route bridge broadcast 660074 Router Serial1 bridge set 1 Router Serial1 interface serial 0 Router Serial0 sta...

Page 315: ...uter Serial1 dialer enable legacy Router Serial1 dialer group 1 Router Serial1 dialer route bridge broadcast 660074 Router Serial1 bridge set 1 Router Serial1 interface serial 0 Router Serial0 standby...

Page 316: ...ocedure Router bridge enable Router bridge routing enable Router bridge 1 stp ieee Router interface ethernet1 Router Ethernet1 bridge set 1 Router Ethernet1 interface ethernet2 Router Ethernet2 bridge...

Page 317: ...er Ethernet2 bridge set 2 Router Ethernet2 interface ethernet 0 1 Router Ethernet0 1 vlan type dot1q vid 1 Router Ethernet0 1 bridge set 1 Router Ethernet0 1 interface ethernet 0 2 Router Ethernet0 2...

Page 318: ...t0 bridge set 1 Router Ethernet0 interface serial0 Router Serial0 bridge set 1 Router Serial0 bridge set 1 link set 1 Router Serial0 interface serial1 Router Serial1 bridge set 1 Router Serial1 bridge...

Page 319: ...K PROTOCOL Chapter 20 Configuring IP Address Chapter 21 Configuring IP Application Chapter 22 Configuring IP Performance Chapter 23 Configuring IP Count Chapter 24 Configuring IPX Chapter 25 Configuri...

Page 320: ...316...

Page 321: ...ess of Internet is divided into five classes An IP address consists of the following 3 fields Type field also called type bit used to distinguish the type of IP address Network ID field net id Host ID...

Page 322: ...e management Please note that the division of sub nets is Network class IP network range Description A 1 0 0 0 126 0 0 0 Network IDs with all the digits being 0 or all the digits being 1 are reserved...

Page 323: ...IDs which is less than the sum before sub net classification If there is no sub net division in an enterprise then its sub net mask is the default value and the length of 1 indicates the net id lengt...

Page 324: ...h one is the master IP address and the others are slave IP addresses Any two IP addresses of a router cannot be in the same network segment Perform the following configuration in interface view 1 Conf...

Page 325: ...nt with each other and they cannot be on the same network segment with the master IP address Otherwise the system will prompt IP address configured now conflicts with others If the interface is not co...

Page 326: ...n interface has no IP address it can neither generate any route nor forward any message IP Address Unnumbered is used when you want to use an interface with no IP address In such case an IP address wi...

Page 327: ...eadquarters router R Router Ethernet0 ip address 172 16 10 1 255 255 255 0 a Borrow IP address of Ethernet interface 0 Router Serial0 ip address unnumbered Ethernet0 Router Serial0 link protocol ppp b...

Page 328: ...configured on R1 to access the Ethernet segment of router R The first static routing is to Ethernet segment of R the next hop is the IP address of serial port of R or an unnumbered IP address ip rout...

Page 329: ...pinged through by other ports Map between WAN Interface IP Address and Link Layer Protocol Address In a router you shall maintain both the mapping from an Ethernet interface IP address to an MAC addre...

Page 330: ...326 CHAPTER 20 CONFIGURING IP ADDRESS...

Page 331: ...item In some special cases for example the LAN gateway is assigned with a fixed IP address and bound to a specific network adapter so that packets to this IP address can only go out via this gateway...

Page 332: ...submits it to superior domain name resolution server if the domain name is not within local domain till the resolution is completed The result can either be an IP address or a non existing domain name...

Page 333: ...Router series is implemented by Ethernet interface and it supports IP and IPX packet In order to save port resources several subinterfaces can be encapsulated on one Ethernet interface and every subi...

Page 334: ...LAN on which Ethernet subinterface is located In order to enable a certain Ethernet subinterface to receive and transmit VLAN message it is necessary to specify to which VLAN the subinterface belongs...

Page 335: ...subinterface can be set only when this subinterface has finished the configuration of VLAN ID Display and Debug VLAN Table 365 Display and Debug VLAN Typical VLAN Configuration Example I Networking R...

Page 336: ...Vlan id 003 Including ports Port 1 YES Port 2 NO Port 3 YES Unknown Vlan Discard Vlan index 1 Vlan id 004 Including ports Port 1 NO Port 2 YES Port 3 YES Fault Diagnosis and Troubleshooting of VLAN Fa...

Page 337: ...t can dynamically request configuration information from a DHCP server including important parameters such as assigned IP addresses subnet masks and default gateways etc DHCP server can also convenien...

Page 338: ...at the same time it is difficult to centralize the management of the overall network Hosts on the network are more than the IP addresses supported by this network That is a fixed IP address cannot be...

Page 339: ...offered IP address and other settings to the DHCP client advising that the offered IP address can be used Then the DHCP client will bind its TCP IP suite with the network card Except the server selec...

Page 340: ...h the MAC address of the client b IP address that was used by the client c Address in the requested IP address option contained in the DHCP_Discover message sent by the client d IP address that is fir...

Page 341: ...an IP address the DHCP server will choose an appropriate address pool according to a certain algorithm it will select an idle IP address from this address pool and transmit it together with other para...

Page 342: ...address and static bind mac address are conflicting In other words a DHCP address pool can be used either to configure statically binding addresses or the dynamic addresses but not both b Configure t...

Page 343: ...ses are assumed to participate in auto allocation This command can be superimposed That is the latest and the original configurations will take effect simultaneously When using the undo dhcp server fo...

Page 344: ...DHCP clients By default the domain names allocated to DHCP clients are not configured 8 Configure IP Address of DNS Used by DHCP Clients When a computer accesses the Internet through the domain name...

Page 345: ...etween host names and IP addresses There are four types of NetBIOS nodes for obtaining mapping relations b node Obtain the mapping between them by means of broadcast p node Obtain the mapping relation...

Page 346: ...er ping packets Configure the longest time waiting for response after ping packets are sent by the DHCP server dhcp server ping timeout milliseconds Restore the longest time waiting for response after...

Page 347: ...s lease period is 10 days and 12 hours the domain name is 3com com The DNS address is 10 1 1 2 without NetBIOS address and the outgoing router address is 10 1 1 126 In the segment 10 1 1 128 the addre...

Page 348: ...addresses Configure DHCP Relay As the scale of networks grows and their complexities increase network configurations become more and more complex The original BOOTP protocol for static host configura...

Page 349: ...dresses For example transmit TFTP and DNS protocol messages transparently to corresponding servers To implement the DHCP relay users have to configure IP auxiliary addresses to specify the DHCP server...

Page 350: ...host is in the network segment 10 110 0 0 while DHCP server is in the network segment 202 38 0 0 DHCP relay router needs to relay DHCP messages so that DHCP client hosts can obtain configuration infor...

Page 351: ...ernet interface of the DHCP relay router processes and sends it to the helper address of the interface i e the DHCP server The DHCP server returns the generated reply message to the DHCP relay router...

Page 352: ...guration information Troubleshooting perform as follows Check whether the DHCP server is configured with the address pool of the network segment where the DHCP client host is located Check whether the...

Page 353: ...esses according to their forecast of the number of internal host computers and networks in future The internal network addresses of different enterprises can be the same Disorders are most likely to o...

Page 354: ...mechanism of address translation is to translate the IP address and port number of the host computer in the network to the external network address and port number to implement the translation from in...

Page 355: ...ranslated source address Please process the following configurations in the system view Table 383 Configure address pool All the addresses in the address pool should be consecutive For the most 64 add...

Page 356: ...EASY IP feature It refers to taking the IP address of the interface as the translated source address directly during the course of address translation which is applicable to two conditions In dial vi...

Page 357: ...TCP UDP IP or ICMP 5 Configure the Timeout of address translation As the HASH table used in the address translation can t be saved permanently the user can set up the Timeout of address translation fo...

Page 358: ...rnal FTP server address is 10 110 10 1 using the public network address 202 38 160 101 The internal WWW server1 address is 10 110 10 2 The internal WWW server 2 address is 10 110 10 3 using the 8080 p...

Page 359: ...c Set internal FTP server Router Serial0 nat server global 202 38 160 101 inside 10 110 10 1 ftp tcp d Set internal WWW server 1 Router Serial0 nat server global 202 38 160 102 inside 10 110 10 2 www...

Page 360: ...gacy Router Serial0 dialer group 1 Router Serial0 dialer number 169 3 Correlate the address translation list and the interface Router Serial0 nat outbound 1 interface 4 Configure a default route to se...

Page 361: ...ess the internal server normally check the configuration on the internal server host or the internal server configuration on the router It s possible that the internal server IP address is wrong or th...

Page 362: ...358 CHAPTER 21 CONFIGURING IP APPLICATION...

Page 363: ...The serial port mtu ranges from 128 to 1500 bytes and 1500 bytes is default value The BRI port mtu value ranges from 128 to 1500 bytes and 1500 bytes is default value 2 Configure Queue Length Perform...

Page 364: ...e TCP Timers The following TCP timers can be configured Synwait timer When a syn message is sent TCP starts the synwait timer If no response message is received till synwait timeout TCP connection wil...

Page 365: ...default value of 75 seconds The Finwait timer s timeout ranges between 76 3600 seconds with a default value of 675 seconds The value of window size ranges between 1 32Kbytes with a default value of 4...

Page 366: ...h speed link interfaces such as Ethernet synchronous PPP frame relay and HDLC Besides the 3Com Router also supports Fast forwarding when firewall is configured Fast forwarding implemented via the 3Com...

Page 367: ...again when IP messages pass the same interface Otherwise ICMP reorientation messages needs to be sent while messages are forwarded Display and Debug IP Performance Table 398 Display and Debug IP addr...

Page 368: ...Destination port 4296 Use the debugging tcp command to turn on the TCP debugging switch and trace the TCP data packet TCP has two data packet format options one is to debug and trace the receiving se...

Page 369: ...been enabled on the output interface Ethernet1 the statistics will be made on the flows transmitted from this interface to the network B A flow destined for the B network can be identified by an IP tr...

Page 370: ...or accounting entries in Interior List Configure upper threshold for accounting entries in Exterior List Configure timeout time of IP Count statistics list entries 1 Enable IP Count Service This comma...

Page 371: ...of exterior that is the max entries number of the packets incompliant with the IP Count lists Perform the following configuration in system view Table 402 Specify count maximum of exterior Operation C...

Page 372: ...exists before it times out By default IP Count entries time out after 720 minutes Display and Debug IP Count Table 405 Display and debug IP Count Typical Configuration Example I Networking Requiremen...

Page 373: ...10 2 2 Execute the display command of IP Count to view the IP Count statistics Router display ip count inbound packets interior Input packets in Interior list Src Dst Packets Bytes Protocol 169 254 10...

Page 374: ...370 CHAPTER 23 CONFIGURING IP COUNT...

Page 375: ...ormation table and then forward them out IPX address IPX address consists of network and node represented as network node Network number is the unique identifier of the physical network which is 4 byt...

Page 376: ...of RIP Figure 135 Schematic diagram of the relation between main components of RIP SAP SAP is an abbreviation for Service Advertising Protocol SAP allows providing various service nodes such as file...

Page 377: ...frame Configure IPX on WAN 1 Activate Deactivate IPX Perform the following task in system view Table 406 Activate deactivate IPX If the node of a router is not specified then the router will use the...

Page 378: ...interrupted and the message will be sent to a destination that does not exist Perform the following task in system view Table 408 Configure IPX RIP static route By default there is no static route The...

Page 379: ...ed exceeds 1 the system will implement load sharing function automatically Reuse multiple paths to send data Configuring parallel routes can decrease the possibility of congestion but occupy relativel...

Page 380: ...the route related to the static service information is invalid or deleted the static service information will be prevented from broadcasting until the router finds a new valid route related to the ser...

Page 381: ...l reply to GNS request with the service information of the nearest server There may also be exceptions if the nearest server is local server then the router will not reply to the GNS request from this...

Page 382: ...rface 6 Disable Split Horizon Split horizon algorithm can avoid generating route loop Split horizon means that routes received from a specific interface are not to be sent from this interface In speci...

Page 383: ...rnet interface is Ethernet 802 3 and that on WAN interface is PPP 10 Configure IPX on WAN In the 3Com Router series commands such as dialer route fr map and x25 map can be used to configure mapping fr...

Page 384: ...ion Procedure 1 Configure Router A a Activate IPX Router ipx enable b Activate IPX module on interface Ethernet0 the network ID being 2 Router interface ethernet 0 Router Ethernet0 ipx network 2 c Set...

Page 385: ...ialing rules Router dialer rule 1 ipx permit 2 Configure Router B a Activate IPX module Router ipx enable b Activate IPX function on interface Ethernet0 the network ID being 3 Router interface etherne...

Page 386: ...i Configure an information about Server1 directory service Router ipx service 26B tree 937f 0000 0000 0001 5 hop 2 Router ipx service 278 tree 937f 0000 0000 0001 4006 hop 2 j Configure dialing rules...

Page 387: ...remote end through TCP channel across WANs and transforms SSP frame into the corresponding frame in LLC2 format at the remote end site finally sends the latter to the next hop SNA equipment In anothe...

Page 388: ...establishing DLSw connection To create TCP channel you have to firstly configure DLSw local peer entity in order to specify the IP address of the local end for establishing TCP connection then the req...

Page 389: ...idge technology Bridge set is a unit for forwarding by bridge Several Ethernet ports can be configured into a Bridge set in order to forward messages among them To forward the messages of the specifie...

Page 390: ...s role is primary The other part is the secondary station that is controlled in a passive mode and its role is secondary Subscribers need to configure role for the interface encapsulated with SDLC pro...

Page 391: ...arer or SDLC switch One primary equipment can be connected with several secondary equipment and the relationship is unique However connection cannot be established between secondary equipment It can e...

Page 392: ...dentities each other by exchanging XID PU2 0 equipment does not exchange XID and it does not include XID Thus PU2 1 equipment does not need this command but you have to specify a XID for PU2 0 equipme...

Page 393: ...RZ encoding mode but the encoding mode of the serial ports in some SNA equipment uses NRZI So you need to change the encoding of routers according to the encoding mode used by the connected equipment...

Page 394: ...l Acknowledgement Delay Time The message transmitted by SNA over Ethernet is LLC2 message Some working parameters of LLC2 can be modified by configuring the commands related to LLC2 LLC2 local acknowl...

Page 395: ...view Table 446 Configure LLC2 premature acknowledgement window By default the length of LLC2 local acknowledgement window is 7 d Configure Modulo Value of LLC2 LLC2 uses modulo mode to number the inf...

Page 396: ...refers to duration waiting for correct information frame after sending frame P Please process the following configurations in the Ethernet interface view Table 451 Configure P F wait time of LLC2 By d...

Page 397: ...ble 455 Configure SDLC local acknowledgement window By default the length of SDLC local acknowledgement window is 7 c Configure Modulo Value of SDLC SDLC uses modulo mode to number the information mes...

Page 398: ...20 f Configure Poll Time Interval of SDLC Poll time interval of SDLC refers to wait time interval between two SDLC nodes polled by SDLC primary station Please process the following configurations in t...

Page 399: ...DLC primary station By default the acknowledgement wait time T1 of SDLC primary station is configured to be 3000 ms j Configure Acknowledgement Wait Time T2 of SDLC Secondary Station Acknowledgement w...

Page 400: ...play performance exchange information display dlsw information local ip address ip address Display Information about DLSw circuits running in the router display dlsw circuits circuit id verbose Displa...

Page 401: ...e 10 120 25 1 Router dlsw bridge set 7 Router interface ethernet 0 Router Ethernet0 bridge set 7 Thus the two LANs across WAN are connected together Note that we don t list the related IP commands her...

Page 402: ...11 Router dlsw bridge set 1 Router interface serial 1 Router Serial1 link protocol sdlc Router Serial1 baudrate 9600 Router Serial1 code nrzi Router Serial1 sdlc status primary Router Serial1 sdlc mac...

Page 403: ...c2 Router Serial0 sdlc xid c2 03e00002 Router Serial0 sdlc mac map remote 00 14 cc 00 54 af c2 Router Serial0 bridge set 1 Router Serial0 interface serial 1 Router Serial1 link protocol sdlc Router Se...

Page 404: ...outer and SNA equipment mainly the problem of SDLC configuration Firstly open the debugging switch of SDLC to observe if the SDLC interface can receive and send messages successfully You can use displ...

Page 405: ...Diagnosis and Troubleshooting of DLSw Fault 401 active equipment of SDLC such as AS 400 or S390 is activated Sometimes communication can be implemented after you activate SDLC line manually...

Page 406: ...402 CHAPTER 25 CONFIGURING DLSW...

Page 407: ...IP Routing Protocol Chapter 27 Configuring Static Routes Chapter 28 Configuring RIP Chapter 29 Configuring OSPF Chapter 30 Configuring BGP Chapter 31 Configuring IP Routing Policy Chapter 32 Configur...

Page 408: ...404...

Page 409: ...e hops from a router to the local network host total 0 In the diagram the bold arrows represent the hops The router does not handle data transmission through the physical links in each route unit Figu...

Page 410: ...to IP routing table Determines the best route There may be different next hops to the same destination These routes can be found by different routing protocols or they may be static routes configured...

Page 411: ...ined only by a unique routing protocol As a result every routing protocol including static route is assigned a priority When there are multiple route information sources the route found by higher prio...

Page 412: ...ter will send data through the main path When a fault occurs on the line the route will be hidden and router will select the backup route with second highest priority for data transmission In this way...

Page 413: ...reachable route When a static route to a certain destination has the reject attribute all IP packets to this destination are discarded and destination unreachable information is given Black hole route...

Page 414: ...ecify the transmitting interfaces in the following cases For interfaces that support resolution from the network address to the link layer address like Ethernet interface supporting ARP if a host addr...

Page 415: ...onfiguring multiple routes to the same destination if the same preference is designated load balancing can be realized If different preferences are designated route standby can be realized Other param...

Page 416: ...2 1 RouterC ip route static 1 1 4 0 255 255 255 0 1 1 3 2 Troubleshooting a Static Route Configuration The status of the physical interface and link layer protocol is UP but IP packets cannot be forwa...

Page 417: ...ions RIP 1 and RIP 2 RIP 2 supports simple text authentication and MD5 authentication as well as the variable length sub net masks To improve performance and prevent route loops RIP supports split hor...

Page 418: ...e and effective Though RIP is widely used by most of the router manufacturers it has limitations It supports a very limited number of routers RIP is only suitable to small autonomous systems such as m...

Page 419: ...following configurations in RIP view Table 470 Enable RIP at the Specified Network The undo network command is associated with RIP by default after RIP is enabled After enabling RIP you must specify...

Page 420: ...smits the broadcast packets of RIP 1 and RIP 2 but does not receive RIP 2 multicast messages When RIP 2 is running on the interface the interface can receive and transmit RIP 1 and RIP 2 broadcast pac...

Page 421: ...undo network mode routes of related interfaces are not forwarded as if an interface was missing In addition rip work functions similar to the combination of two commands rip input and rip output Disa...

Page 422: ...that the unencrypted authentication is transmitted with the packets therefore simple text authentication does not apply to a situation that requires a high level of security MD5 authentication has two...

Page 423: ...ng domain that can be imported At present RIP can import routes domain such as Connected Static OSPF OSPF ASE and BGP See Configure Route Import in Configuration of IP Routing Policy for the details o...

Page 424: ...e Preference Each routing protocol has its own preference that decides which routing protocol is used to select the best route by IP route strategy The greater the value is the lower the preference RI...

Page 425: ...number ip prefix prefix list name import Change or cancel filtering routing information received undo filter policy acl number ip prefix prefix list name import Filter routing information received fr...

Page 426: ...outerA rip RouterA rip network 192 1 1 0 2 Configure Router A s unicast peer to be Router B RouterA rip peer 192 1 1 2 3 Configure serial interface Serial 0 RouterA rip interface serial 0 RouterA Seri...

Page 427: ...abstracted reducing the bandwidth occupation in the network Equivalent route support multiple equivalent routes to the same destination address Route level the four levels of routes according to diff...

Page 428: ...sting it to record additional information for the AS Obviously each router gets a different routing table In addition multiple adjacent relationship lists must be created so that each router on the br...

Page 429: ...not been configured with IP addresses the router ID must be configured in OSPF view otherwise OSPF will not run The modified router ID takes effect after OSPF is restarted You must configure the route...

Page 430: ...n area id associated with the specified interface OSPF only works on the specified interface Configuring the Network Type of the OSPF Interface The OSPF protocol calculates the route on the basis of t...

Page 431: ...to multipoint is not a default network type No link layer protocol can be considered as a point to multipoint protocol because it must be a modification from other network types The most common practi...

Page 432: ...ap to make the whole network fully connected so there is a virtual circuit between any two routers ont eh network and they are directly reachable Then OSPF can process like a broadcast network The IP...

Page 433: ...orities are equivalent the one with higher router ID is chosen If the priority of a router is 0 it is not selected as the DR or backup designated router BDR If a DR fails due to a specific fault a new...

Page 434: ...bma interfaces on the same network segment must be identical Specifying the Dead Interval The expiration time of a neighboring router means that if a hello packet of the neighbor router peer is not re...

Page 435: ...w Table 497 Specify Transmit delay By default the time for transmit delay is 1 second Configuring a Stubby Area and a Totally Stubby Area Usually OSPF has 5 kinds of LSA packets as follows Router LSA...

Page 436: ...t be configured with this attribute An ASBR cannot be inside a stubby area or a totally stub area which means that the exterior route of the AS cannot be transferred to the area Perform the following...

Page 437: ...ted on an ASBR when there is a default route 0 0 0 0 in the routing table The no import route attribute is used on the ASBR which allows the OSPF route that is imported using the import route command...

Page 438: ...that a routing summary configuration is only valid on the ABR Creating and Configuring a Virtual Link After the OSPF area division all the areas may not be of equal size One particular area is unique...

Page 439: ...e area directly or logically The backbone area must include all ABRs and may include routers belonging to the backbone area only An ASBR may not be inside the backbone area ABRs inside the backbone ar...

Page 440: ...e route in an area of the AS Inter area route The route between different areas of the AS External router Type 1 The received IGP route such as RIP STATIC The reliability of this route is high so the...

Page 441: ...xternal Routes Operation Command Configure route import for OSPF import route protocol cost cost type 1 2 tag tag value route policy policy name Cancel route distribution for OSPF undo import route pr...

Page 442: ...formation Received by OSPF By default OSPF does not filter any route information received Displaying and Debugging OSPF Table 507 Display and Debug OSPF Operation Command Specify OSPF route preference...

Page 443: ...401 Router E communicates with Router A through DLCI 501 and communicates with Router D through DLCI 502 Figure 147 Networking diagram of running OSPF on point to multipoint interface To configure OS...

Page 444: ...mapping table RouterB interface serial 0 RouterB Serial0 ip address 1 1 1 2 255 0 0 0 RouterB Serial0 link protocol fr RouterB Serial0 fr map ip 1 1 1 1 dlci 201 broadcast RouterB Serial0 fr map ip 1...

Page 445: ...Serial0 encapsulated into frame relay and configure frame relay mapping table RouterE interface serial 0 RouterE Serial0 ip address 1 1 1 5 255 0 0 0 RouterE Serial0 link protocol fr RouterE Serial0 f...

Page 446: ...hernet0 quit RouterB router id 2 2 2 2 RouterB ospf enable RouterB ospf interface ethernet 0 RouterB Ethernet0 ospf enable area 0 3 Configure Router C RouterC interface ethernet 0 RouterC Ethernet0 ip...

Page 447: ...play ospf peer on Router D to display peers Note that Router C which was BDR now becomes DR and so does Router B RouterD display ospf peer Shutting down the router and restarting leads to the reelecti...

Page 448: ...face ethernet 0 RouterB Ethernet0 ip address 192 1 1 2 255 255 255 0 RouterB Ethernet0 interface serial 0 RouterB Serial0 ip address 193 1 1 2 255 255 255 0 RouterB Serial0 quit RouterB router id 2 2...

Page 449: ...serial interface of Router A and that of Router B are both in area 1 configured with MD5 authentication Figure 150 Networking diagram of configuring OSPF peer authentication To configure OSPF peer au...

Page 450: ...Router display ospf peer Interface 202 38 160 1 Area 0 0 0 2 Neighbors RouterID 2 2 2 2 Address 202 38 160 2 State FULL Mode None Priority 0 DR 202 38 160 1 BDR 202 38 160 1 Last Hello 14 04 Last Exc...

Page 451: ...router at least one area must be configured as a backbone area the area id of one area must be 0 or a virtual link must be configured As shown in the following diagram only one area is configured on R...

Page 452: ...448 CHAPTER 29 CONFIGURING OSPF...

Page 453: ...ng protocol Completely resolves the route loop problem by carrying AS path information Uses TCP as the transmission layer protocol improving the reliability of the protocol BGP 4 supports classless in...

Page 454: ...GP External BGP IBGP is run when routers in an autonomous system exchange network reachable information When routers of different ASs exchange network reachable information they use EBGP The BGP proto...

Page 455: ...BGP is disabled Configuring Networks for BGP Distribution Perform the following configurations in BGP view Table 509 Configure Networks for BGP Distribution By default no network is configured for BGP...

Page 456: ...terval Table 514 Configure BGP Route update Interval By default the BGP route update interval is 5 seconds 5 Configure to send community attribute to the peer Delete a BGP peer undo peer peer address...

Page 457: ...licy for the Peer Operation Command Configure to send community attribute to the peer peer peer address advertise community Cancel sending community attribute to the peer undo peer peer address advert...

Page 458: ...t hop through different external peers it makes a preference selection based on the MED values To operate the MED attribute an access control list is used to indicate what network will be operated Per...

Page 459: ...the time interval for sending a keepalive message is one third of the value for the holdtime attribute The value of the holdtime interval attribute is the time interval for continuously receiving kee...

Page 460: ...peers may discard the route updating information you have sent All peers in this group must be configured with an AS number if this group is not configured with an AS number If you add an AS number to...

Page 461: ...ending interval is 5 seconds 5 Configure to send the community attribute to a BGP peer group Table 532 Configure to Send Community Attribute to a BGP Peer Group Operation Command Configure AS number o...

Page 462: ...the default route to the peer group Table 534 Configure to Send the Default Route to the Peer Group By default the local router does not advertise the default route to any peer group A next hop should...

Page 463: ...t the same time when manual aggregation mode is configured Perform the following configurations in BGP view Table 540 Create an Aggregate Addresses Create routing policy for peer group peer group name...

Page 464: ...ansfers it to Router B Router B is a route reflector which has two clients Router A and Router C Router B can reflect the routing update from client Router A to client Router C In this instance the se...

Page 465: ...re fully connected 2 Configure the cluster ID As the route reflector is imported the route selection circle can occur in an AS and the route that leaves a cluster during update may try to reenter this...

Page 466: ...the following configurations in system view Table 543 Configure BGP Community By default no community list is created Configuring a BGP AS Confederation Attribute Confederation is another method to s...

Page 467: ...em of E Confederation By default no confederation peers are specified 3 Configure the non RFC standard AS confederation attributes The creation of an AS confederation in the devices from some other pr...

Page 468: ...ty is exponentially decreased as time goes by Once it is lower than a certain threshold the route is unsuppressed and is advertised again as shown in the following diagram Figure 153 Schematic diagram...

Page 469: ...lf life reachable half life unreachable reuse suppress ceiling route policy policy name Clear route routing dampening information and de suppress the suppressed route reset dampening network address m...

Page 470: ...tions between BGP and an IGP BGP can import route information that is found by running IGP in another AS to its own AS Perform the following configurations in BGP view Table 550 Configure Route Import...

Page 471: ...represents a group of aspath lists Each AS path list is identified with numbers Perform the following configurations in system view Table 552 Define a BGP related ACL Entry By default no access list e...

Page 472: ...to be matched in routing policy undo if match as path Specify BGP community list number to be matched in routing policy if match community standard community list number exact match extended community...

Page 473: ...pply cost cost Restore the destination routing protocol s cost value undo apply cost Set the origin attribute of the original route in the Route policy apply origin igp egp as number incomplete Remove...

Page 474: ...ed by BGP undo filter policy acl number ip prefix prefix list name export protocol Operation Command Reset BGP connection reset bgp all peer id Clear routing flapping attenuation information and cance...

Page 475: ...y the route with inconsistent source AS display bgp routing table different origin as Display peer information display bgp peer peer address Display routing information distributed through BGP display...

Page 476: ...n RouterC bgp confederation id 100 RouterC bgp confederation peer as 1001 1002 RouterC bgp peer 172 68 10 1 as number 1001 RouterC bgp peer 172 68 10 2 as number 1002 RouterC bgp peer 156 10 1 2 as nu...

Page 477: ...ial0 interface serial 1 RouterB Serial1 ip address 193 1 1 2 255 255 255 0 RouterB Serial1 ospf enable area 0 3 Configure Router C a Configure BGP peers and route reflector clients RouterC bgp 200 Rou...

Page 478: ...on Router B with display bgp routing table command Note that Router B knows that network 1 0 0 0 exists RouterB display bgp routing table View BGP routing table on Router C with display bgp routing ta...

Page 479: ..._med_100 The first routing diagram is network 1 0 0 0 The MED attribute is 50 and the second MED attribute is 100 RouterA acl 1 route policy set_med_50 permit 1 RouterA route policy if match ip addres...

Page 480: ...number 200 RouterC bgp peer 195 1 1 1 as number 200 Set the local preference attribute of Router C Add access list 1 to Router C and enable network 1 0 0 0 RouterC bgp acl 1 RouterC acl 1 rule permit...

Page 481: ...4 0 0 0 0 0 0 255 area 0 RouterD bgp 200 RouterD bgp undo synchronization RouterD bgp peer 194 1 1 2 as number 100 RouterD bgp peer 194 1 1 2 as number 200 To make the configuration effective use the...

Page 482: ...478 CHAPTER 30 CONFIGURING BGP...

Page 483: ...tegy consists of a series of rules classified into three types and used for route information filtering in route advertisement route receiving and route import Since defining a strategy is similar to...

Page 484: ...istributed by specific routers The addresses of these filters must be filtered by prefix list In this case the matching object of ip ip prefix is the source address of the IP header of the route packe...

Page 485: ...s with sequence number specifying the matching order of these parts Perform the following configurations in system view Table 560 Define a Routing Policy By default no routing policy is defined permit...

Page 486: ...the BGP community attributes to be matched from the route policy undo if match community list Specify the ACL and prefix list to be matched in the route policy if match ip address acl number ip prefix...

Page 487: ...original routing protocol At this time a route metric should be specified for the imported route Perform the following configurations in RIP view OSPF view or BGP view Operation Command Specify the AS...

Page 488: ...ands for 10 s ranging from 1 to 16777215 reliability is the channel reliability ranging 0 to 255 255 stands for 100 creditable loading is the channel seizure rate ranging 1 to 255 255 stands for 100 s...

Page 489: ...nce numbers use Boolean OR operations and the routing information matches different parts in turn Matched with a specific part of the IP prefix list is considered as successfully filter through this I...

Page 490: ...ations in all views Operation Command Filter the route information received from a specified gateway filter policy gateway prefix list name import Change or cancel filtering the route information rece...

Page 491: ...6 2 Configure Routing policy Router route policy r1 permit 10 Router route policy if match ip address ip prefix p1 Router route policy route policy r1 permit 20 Router route policy if match ip address...

Page 492: ...t any RouterB acl 1 quit b Start OSPF protocol and configure the area number of this interface RouterB router id 2 2 2 2 RouterB ospf enable c Configure filtering route information received for OSPF R...

Page 493: ...licy When all nodes of the routing policy are in deny mode no routing information will pass the filtering of this routing policy At least one item in the prefix list should be in permit matching mode...

Page 494: ...490 CHAPTER 31 CONFIGURING IP ROUTING POLICY...

Page 495: ...warding At present two if match clauses if match length and if match ip address are provided Apply clause defines the operation of the strategy there are five apply clauses apply ip precedence apply i...

Page 496: ...y routing provides two if match clauses that allow matching strategy according to IP message length and IP address One strategy includes multiple if match clauses which can be used in combination Perf...

Page 497: ...l apply clauses setting message precedence undo apply ip precedence Set message transmitting interface apply interface type number Cancel apply clauses setting message transmitting interface no apply...

Page 498: ...If nodes in deny modes are matched exit from policy routing LAN A is connected with the Internet through the 3Com router requiring that TCP messages be transmitted through path 1 and other messages be...

Page 499: ...ial0 ip address 150 1 1 1 255 255 255 0 RouterA Serial0 interface serial 1 RouterA Serial1 ip address 151 1 1 1 255 255 255 0 RouterA Serial1 quit RouterA rip RouterA rip network 192 1 1 0 RouterA rip...

Page 500: ...outing diagram lab1 They are sent to 151 1 1 2 RouterA debugging ip policy routing IP s 151 1 1 1 local d 152 1 1 1 len 101 policy match IP route map lab1 item 20 permit IP s 151 1 1 1 local d 152 1 1...

Page 501: ...VII MULTICAST Chapter 33 IP Multicast Chapter 34 Configuring IGMP Chapter 35 Configuring PIM DM Chapter 36 Configuring PIM SM...

Page 502: ...498...

Page 503: ...he network by adopting the broadcast method Using the unicast method to transmit to 200 subscribers results in wasted bandwidth Using the broadcast method risks information security and confidentialit...

Page 504: ...that IANA obtains the IEEE 802 MAC is from 01 00 5e 00 00 00 to 01 00 5E ff ff ff IP Multicast Features In simple TCP IP routing the path of a data packet transmission is from the source address to th...

Page 505: ...host can only save the multicast groups it has joined IP Multicast Routing Protocols The multicast protocol includes two parts One part is the Internet Group Management Protocol IGMP acting as the IP...

Page 506: ...with the multicast forwarding demand in the pruned branches to receive multicast data flow the pruned branches can return to forwarding state periodically To reduce the time delay for the pruned bran...

Page 507: ...erfaces This checking mechanism is the basis for most multicast routing protocols to carry out the multicast forwarding reverse path forwarding RPF check The multicast module checks the source address...

Page 508: ...504 CHAPTER 33 IP MULTICAST...

Page 509: ...sage the router is used to check whether there is any subscriber in a connecting network who wants to make the query message valid and the target group address must be zero or a valid multicast group...

Page 510: ...rval of IGMP Host Sending Query Messages Configuring IGMP Maximum Query Response Time Configuring Subnet Querier Survival Time Enabling Multicast Routing Start the IGMP protocol on all interfaces to e...

Page 511: ...nfiguring IGMP Maximum Query Response Time After the host receives the query message periodically sent by the router it starts delay timers for each of the multicast groups it joins A random number be...

Page 512: ...querier The querier selection process restarts Make the following configuration in the interface view Table 581 Configure Subnet Querier Survival Time By default subnet querier timeout is 250 seconds...

Page 513: ...e0 RouterA Ethernet0 ip address 10 16 1 3 24 RouterB interface e0 RouterB Ethernet0 ip address 10 16 1 2 24 2 Execute the multicast routing enable command on 3Com A and 3Com B to enable multicast rou...

Page 514: ...510 CHAPTER 34 CONFIGURING IGMP...

Page 515: ...for it to distribute data to the downstream nodes any more When new members appear in the prune area PIM DM sends graft message to enable the pruned path to restore to distribution status This mechani...

Page 516: ...a router receives multicast packets at the forwarding port of a shared LAN it requires all the routers operating PIM DM group address is 224 0 0 13 to send an assert message The downstream routers det...

Page 517: ...re the Time Interval of Interface Sending Hello Messages By default the time interval of interface sending hello messages is 30 seconds Displaying and Debugging PIM DM Table 586 Display and Debug PIM...

Page 518: ...EIVER 1 and RECEIVER 2 are the two receivers of this multicast group Figure 163 PIM DM configuration and networking 1 Enable multicast routing protocol Router multicast routing enable 2 Enable PIM DM...

Page 519: ...it reduces data messages and controls the network bandwidth occupied by the messages occupy by allowing routers to explicitly join and leave multicast groups PIM SM constructs an RP path tree RPT with...

Page 520: ...ers It is used to inform all the routers of the RP Set information collected by BSR Assert Message When there are multiple routers in the multiple access network and the output interface for the routi...

Page 521: ...figure Candidate BSR By default no interface is configured to be a candidate BSR Use the pim command in system view to enter PIM view Configuring the Candidate RP In the PIM SM protocol the shared tre...

Page 522: ...lo Message After the interface starts PIM SM protocol it will periodically transmits a hello message to all the PIM routers group address is 224 0 0 13 to find PIM neighbors the query interval timer d...

Page 523: ...urce spt switch threshold traffic rate infinity accept policy acl number Restore the default threshold value of the shortest path switching from the shared tree to source undo spt switch threshold acc...

Page 524: ...164 PIM SM comprehensive configuration networking diagram 1 Configure Router A a Enable PIM SM protocol RouterA multicast routing enable RouterA interface ethernet 0 RouterA Ethernet0 pim sm RouterA E...

Page 525: ...RouterC Serial1 pim sm Suppose Host A is the receiver of 225 0 0 1 Host B now begins sending data with the destination address 225 0 0 1 Router A receives the multicast data sent by Host B via Router...

Page 526: ...522 CHAPTER 36 CONFIGURING PIM SM...

Page 527: ...VIII SECURITY Chapter 37 Configuring Terminal Access Security Chapter 38 Configuring AAA and RADIUS Protocol Chapter 39 Configuring Firewall Chapter 40 Configuring IPSec Chapter 41 Configuring IKE...

Page 528: ...524...

Page 529: ...can also configure and maintain the router All users need to authenticate the usernames and passwords when visiting the router The command line interface CLI provides the following features for termin...

Page 530: ...rate how to configure login authentication for Configure a user local user user name service type type password cipher password Delete a user undo local user user name Operation Command Configure logi...

Page 531: ...rvice type exec adminstrator password cipher hello 4 Configure the default authentication method list of EXEC users Router aaa authentication scheme login default radius local 5 Configure RADIUS serve...

Page 532: ...528 CHAPTER 37 CONFIGURING TERMINAL ACCESS SECURITY...

Page 533: ...tributed client server system that provides AAA functions and protects networks from being intruded by unauthorized visitors so it is mainly applied in network environments that require high security...

Page 534: ...server can act as the client of other AAA servers to perform authentication or accounting A RADIUS server supports multiple ways to authenticate the user such as PPP based PAP CHAP and UNIX based log...

Page 535: ...ponse packet Accounting Response 6 The RADIUS client sends an accounting stop request packet Accounting Request to the RADIUS server The value of Status Type is stop 7 The RADIUS server returns an acc...

Page 536: ...et 1 Access Request Direction Client Server The Client transmits the user information to Server to decide whether or not to allow the user to access The packet must contain User Name attribute and may...

Page 537: ...ype Type Attribute type 1 User Name 23 Framed IPX Network 2 User Password 24 State 3 CHAP Password 25 Class 4 NAS IP Address 26 Vendor Specific 5 NAS Port 27 Session Timeout 6 Service Type 28 Idle Tim...

Page 538: ...user defining user name and password should be set on the RADIUS server before it is started Perform the following configuration in system view Table 600 Configure AAA Login Authentication By default...

Page 539: ...the method methods list the executing sequence defined in the default method list defined by default is used Method here refers to the authentication method The authentication method includes the fol...

Page 540: ...k resources Perform the following configurations in system view Table 603 Configure AAA Accounting Option By default the accounting option is disabled and users are charged When the method list design...

Page 541: ...thentication succeeds the user can log on normally Otherwise the user is rejected 3 If the user information is not in the local database and the RADIUS server authentication is not configured the logi...

Page 542: ...he Callback Number A RADIUS server can be configured with callback number equivalent to number which is defined locally If aaa authentication scheme ppp default radius is configured then number which...

Page 543: ...rs of exec ftp and ppp after the service type When multiple services are authorized to a user it is necessary to configure over 2 types of the above mentioned parameters other than to use this command...

Page 544: ...it can pass the authentication of the RADIUS server Table 612 Configure RADIUS Server Shared Secret By default no key is configured for the RADIUS server Configure the Time Interval at Which the Reque...

Page 545: ...e Inquiry Packet By default the inquiry packet is sent at intervals of 5 minutes after the RADIUS server fails and the interval ranges from 1 to 255 minutes Configure the Time Interval at Which the Re...

Page 546: ...d for authentication 129 7 66 66 acts as the first authentication and accounting server and 129 7 66 67 as the second authentication and accounting server both using default authentication port number...

Page 547: ...cts as the first authentication and accounting server port numbers being 1000 and 1001 respectively 129 7 66 67 acts as the second authentication and accounting server port numbers being 1812 and 1813...

Page 548: ...ter local user abc service type ftp password simple hello 4 Configure RADIUS server IP address and port using default port number Router radius server 129 7 66 66 5 Configure RADIUS server shared secr...

Page 549: ...ver may be considered by the system as unavailable by the system And as the radius timer quiet command has not been configured defaulted as 5 minutes or a relative long dead time has been configured t...

Page 550: ...546 CHAPTER 38 CONFIGURING AAA AND RADIUS PROTOCOL...

Page 551: ...ected by the firewall the firewall should be set at the intranet entry point A firewall is used not only to connect the Internet but also to control the access to some special part of the internal net...

Page 552: ...s proxy on a proxy server or a router It replaces the IP address and port of a host inside the network with the IP address and port of a server or router For example the intranet address of an enterpr...

Page 553: ...ic as from a year month day to another year month day Support ACL automatic sorting You can select sorting ACLs of a specific category to simplify the configuration and facilitate the maintenance It c...

Page 554: ...dest addr dest wildcard any icmp type icmp type icmp code logging 2 Command format when the protocol is IGMP IP GRE or OSPF rule normal special permit deny ip ospf igmp gre source source addr source w...

Page 555: ...ote commands rcmd 514 Daytime 13 Discard 9 Domain Name Service 53 Echo 7 Exec rsh 512 Finger 79 File Transfer Protocol 21 FTP data connections 20 Gopher 70 NIC hostname server 101 Internet Relay Chat...

Page 556: ...tify 512 Bootstrap Protocol Client 68 Bootstrap Protocol Server 67 Discard 9 Domain Name Service 53 DNSIX Securit Attribute Token Map 90 Echo 7 MobileIP Agent 434 MobilIP MN 435 Host Name Server 42 NE...

Page 557: ...tch rules according to the following principle Rules with the same serial number can be defined If two rules with the same serial number conflict use the depth first principle to judge the source addr...

Page 558: ...control rules compare the wildcards of source addresses If they are the same then compare the wildcards of the destination address If they are still the same compare the range of port numbers and the...

Page 559: ...e access control list and then configure specific access rules through rule command If the matching sequence is not configured it will be conducted in auto mode Perform the following configurations in...

Page 560: ...ifferent access rules It is also called the special rules for special time The time ranges are classified into two types according to actual applications Special time range Time within the set time ra...

Page 561: ...ser The newly defined special time range becomes valid about 1 minute after it is defined and that defined last time will become invalid automatically Perform the following configurations in system vi...

Page 562: ...and Debug Firewall Firewall Configuration Example The following is a sample firewall configuration in an enterprise This enterprise accesses the Internet through interface Serial 0 of one 3Com router...

Page 563: ...Router firewall default permit 3 Configure access rules to inhibit passing of all packets Router acl 101 Router acl 101 rule deny ip source any destination any 4 Configure rules to permit specific ho...

Page 564: ...al network Router acl 102 rule permit tcp source any destination 202 38 160 1 0 0 0 0 destination port greater than 1024 7 Apply rule 101 on packets coming in from interface Ethernet0 Router Ethernet0...

Page 565: ...kets are authenticated To ensure security the algorithms of encryption decryption and authentication are very complicated The encryption and decryption algorithm process of the router occupies large q...

Page 566: ...nput processing function is called This processing function authenticates the message to make a comparison with the original authentication value If the values are the same the added AH is canceled an...

Page 567: ...of SPI IP destination address security protocol number identify a specific SA uniquely When SA is configured manually SPI should also be set manually To ensure the uniqueness of an SA you must specify...

Page 568: ...is because when the data packet enters the router and is sent to a router not configured with encryption the key word any will cause the router to try to establish encryption session with a router wit...

Page 569: ...output of the crypto card log Perform the following configuration in system view Table 633 Set the Output of the NDEC Card Log By default the outputting of log is disabled Enable the main software ba...

Page 570: ...nd to clear part or all of the SA database Perform the following configurations in system view Table 635 Define IPSec Proposal By default no proposal view is configured Set the Mode for Security Proto...

Page 571: ...ere are seven kinds of security encryption algorithms supported by ESP crypto card which are 3des des blowfish cast skipjack aes and qc5 The current security authentication algorithm includes MD5 mess...

Page 572: ...e policy with a different mode you must delete the policy then recreate it with a different mode Security policies with the same name together comprise a security policy group The name and the sequenc...

Page 573: ...e local address and the remote address must be set correctly to successfully establish a security tunnel For the security policy created manually only one remote address can be specified To set a new...

Page 574: ...the quoted IPSec proposal it is necessary to set manually the SPI of AH SA and the quoted authentication key for the inbound outbound communications If the ESP protocol is included in the quoted IPSe...

Page 575: ...lete authentication key of AH protocol in hexadecimal mode applicable to IPSec software and crypto card undo sa inbound outbound ah hex key string Set authentication key of AH protocol input in string...

Page 576: ...IKE negotiation view it is unnecessary to set a local address because IKE can obtain the local address from the interface on which this security policy is applied Only specify one remote address for s...

Page 577: ...the SA established manually does not involve the concept of lifetime If a security policy is not configured with lifetime value when the router applies for a new SA it sends a request to the remote e...

Page 578: ...the communication switches back to the primary link the phase 1 SAs saved on the local router and the remote router may be inconsistent so that the IPSec tunnel cannot be established Enabling the moni...

Page 579: ...by a security policy then it will go on looking for next security policy If a message is matched with no access list quoted by the security policy then the message will be directly transmitted IPSec...

Page 580: ...ase information applicable to IPSec software display ipsec sa policy policy name sequence number Display statistic information related to security message applicable to IPSec software display ipsec st...

Page 581: ...col spi number Display statistical information of the security packets processing on crypto card applicable to crypto card display encrypt card statistic slot id Display current operating status of cr...

Page 582: ...new e Select authentication algorithm and encryption algorithm RouterA ipsec proposal tran1 esp new encryption algorithm des RouterA ipsec proposal tran1 esp new authentication algorithm sha1 hmac 96...

Page 583: ...ansform esp new e Select authentication algorithm and encryption algorithm RouterB ipsec proposal tran1 esp new encryption algorithm des RouterB ipsec proposal tran1 esp new authentication algorithm s...

Page 584: ...Router A a Configure an access list and define the data stream from Subnet 10 1 1x to Subnet 10 1 2x RouterA acl 101 RouterA acl 101 rule permit ip source 10 1 1 0 0 0 0 255 destination 10 1 2 0 0 0...

Page 585: ...unnel mode as the message encapsulating form RouterB ipsec proposal tran1 encapsulation mode tunnel d Adopt ESP protocol as security protocol RouterB ipsec proposal tran1 transform esp new e Select au...

Page 586: ...lish networking diagram of security tunnel using crypto cards 1 Configure Router A a Configure an access list and define a data stream from subnet 10 1 1 x to subnet 10 1 1 2 x RouterA acl 101 permit...

Page 587: ...ration mode and configure IP address RouterA interface serial 0 RouterA Serial0 ip address 202 38 163 1 255 255 255 0 q Return to system view and configure the static routing to network segment 10 1 2...

Page 588: ...ncryption key RouterB ipsec policy map1 10 sa outbound esp string key gfedcba RouterB ipsec policy map1 10 sa inbound esp string key abcdefg n Return to the system view RouterB ipsec policy map1 10 qu...

Page 589: ...s configured policy on the interface It shall display configuration policy under normal condition If no policy is configured map shall be configured under interface view Check the matching of the secu...

Page 590: ...586 CHAPTER 40 CONFIGURING IPSEC...

Page 591: ...cure network After establishing security association by both parties of the security association if the peer party is invalid and cannot operate normally such as shut off the local party has no way to...

Page 592: ...orithm Configuring Pre shared Key Selecting the Hashing Algorithm Selecting DH Group ID Setting the Lifetime of IKE Association SA Configuring IKE Keepalive Timer Creating an IKE Security Policy IKE n...

Page 593: ...lgorithm and Diffie Hellman algorithm the calculation resources consumed and the security capability provided Different algorithms are of different intensities and the higher the algorithm intensity i...

Page 594: ...re key i e pre share algorithm is adopted Configuring Pre shared Key If pre shared key authentication method is selected it is necessary to configure pre shared key Perform the following configuration...

Page 595: ...y parameters of the two parties be consistent SA quotes the consistent parameters at each terminal and each terminal keeps SA until its lifetime expires Before SA becomes invalid the sequent IKE negot...

Page 596: ...ed at one side the other side should be configured with a timeout timer In the actual application if one side is configured with the timeout timer the other side must be configured with the interval t...

Page 597: ...re share key abcde remote 171 69 224 33 e Configure IKE SA lifetime to 5000 seconds RouterA ike proposal 10 sa duration 5000 2 Configure Security Gateway B a Use default IKE policy on Gateway B and co...

Page 598: ...both parties to see whether the encryption algorithm and authentication algorithm are the same Unable to establish security channel Follow these steps Check whether the state of network is stable and...

Page 599: ...IX VPN Chapter 42 Configuring VPN Chapter 43 Configuring L2TP Chapter 44 Configuring GRE...

Page 600: ...596...

Page 601: ...plicated than the mechanisms of various ordinary point to point applications Network interconnection between the users of private networks is required for VPN service including the creation of VPN int...

Page 602: ...server via PSTN or ISDN the users who want a resource directly call the remote servers of enterprises VPN servers The access server of ISP along with the VPN server accomplishes the call process Clas...

Page 603: ...s Layer 3 tunneling protocol Layer 3 tunneling protocol starts from and ends in ISP PPP session ends in NAS and only layer 3 messages are carried over the tunnel The current layer 3 tunneling protocol...

Page 604: ...to partners and clients through VPN so that different enterprises can build their VPNs using public networks Networking Model VPNs are classified by the type of networking model that they use Virtual...

Page 605: ...r large sized ISPs As the access server of VPDN NAS provides WAN interfaces in charge of connecting PSTN or ISDN and supports various LAN protocols security management and authentication and supports...

Page 606: ...ing tunneling protocol conveying the PPP connection to the gateways of enterprises The current available protocols are L2F and L2TP The advantage of the method is its transparency to users After loggi...

Page 607: ...in the unreliable data channel after being encapsulated with the L2TP header and then undergoes the packet transmission process of UDP Frame Relay and ATM A control message is transmitted in the relia...

Page 608: ...sion of a control message is reliable but data message transmission is not reliable If a data message is lost it is not transmitted again L2TP supports flow control and congestion control only for con...

Page 609: ...DIUS with user name and password RADIUS server receives authentication request of the user fulfils the authentication and returns the configuration information to establish the connection to LAC Suppo...

Page 610: ...rk normally only after it is enabled If it is disabled the router will not provide the related function even if the L2TP parameters are configured Perform the following tasks in the system view Table...

Page 611: ...are compliant with the local registered user name and password and hence to check whether these users are legal VPN users Only after passing authentication successfully can the request of establishing...

Page 612: ...are configured Perform the following configurations in system view Table 670 Enable Disable L2TP By default L2TP is disabled Operation Command Enable AAA aaa enable Configure the authentication method...

Page 613: ...P bounding logic interface and L2TP logic interface Perform the following configurations in system view Table 672 Create Delete a Virtual Template By far the virtual template in L2TP application only...

Page 614: ...ion will be removed once users have passed local authentication These VPN users can access internal resource after the authentication at LNS Perform the ppp authentication mode configuration in interf...

Page 615: ...gure the Local Name This configuration is applicable to LAC and LNS Users can configure the local tunnel name at both LAC and LNS The tunnel name at LAC should keep consistent with the name of the rec...

Page 616: ...e password at the LAC side is the same as that at the LNS side Configure the Interval for Sending Hello Messages This configuration is available to LAC and LNS To detect the connectivity of the tunnel...

Page 617: ...me dnis Search according to dialed number only domain dnis Search according to domain name first then according to dialed number domain Search according to domain name only Perform the following confi...

Page 618: ...l adopt LCP renegotiation first and then use authentication methods configured on corresponding virtual template If only forcing CHAP authentication is configured LNS will authenticate users by means...

Page 619: ...ate by default After LCP renegotiation is enabled LNS will not reauthenticate users if there is no authentication information configured on the virtual template then users are authenticated only once...

Page 620: ...tunnel password are configured first can the AV pairs hiding be meaningful After the AV pairs are hidden the L2TP hiding algorithm will be implemented so that the username and password transmitted in...

Page 621: ...the Intranet of an enterprise through local dial up access The NAS authenticates the users to determine whether they are VPN users The tunnel is used to transmit data between NAS and LNS A user can h...

Page 622: ...tunnel authentication password Router LAC l2tp1 tunnel authentication Router LAC l2tp1 tunnel password simple 3Com router f Configure BDR dialup parameters Router LAC dialer rule 1 ip permit Router L...

Page 623: ...S l2tp group 1 Router LNS l2tp1 tunnel name lns end Router LNS l2tp1 allow l2tp virtual template 1 remote lac end g Enable tunnel authentication and configure a tunnel authentication password Router L...

Page 624: ...re 185 Internet Connection Wizard 1 Click Next and input the telephone number at the NAS side in the popup dialog box if it is a local telephone number you should deselect Use area code and dialing ru...

Page 625: ...onnection Wizard 2 Click Next and input username and password such as the username lac and password lac in the popup dialog box so as to access ISP The input contents must be the same as the configura...

Page 626: ...NG L2TP Figure 187 Internet Connection Wizard 3 Click Next and input the name of dialup connection such as Connection to 660046 in the popup dialog box as shown in the following figure Figure 188 Inte...

Page 627: ...lowing figure Figure 189 Internet Connection Wizard 5 Click Finish and double click Connection to 66046 icon then after inputting the username and password you can dial up to access NAS As receiving t...

Page 628: ...gh serial interfaces and transmit data through Tunnel The PC named win2000 in installed with Windows2000 The Async2 interface and the PC are connected to a Modem and the number are 660046 and 600040 s...

Page 629: ...nable Router LNS aaa authentication scheme ppp default local Router LNS aaa accounting scheme optional d Configure the IP address of Serial0 interface at LNS side Router LNS interface serial 0 Router...

Page 630: ...n and a VPN connection in Windows2000 operation system The way to create a dialup connection is the same as that introduced in the example of NAS originated VPN Networking To create a VPN connection o...

Page 631: ...Network Connection Wizard 2 Click Next and configure the IP address of LNS in the popup dialog box The address is the address of LNS interface connected to the Internet as shown in the following figu...

Page 632: ...CLI mode of Windows2000 and then you can view the IP addresses assigned by LAC NAS and LNS as shown in the following figure Windows 2000 IP Configuration Ethernet adapter Media State Cable Disconnect...

Page 633: ...scheme ppp default local Router1 aaa accounting scheme optional c Configure an IP address on Serial0 interface Router1 interface serial 0 Router1 Serial0 ip address 202 38 160 1 255 255 255 0 Router1...

Page 634: ...ation Router2 l2tp1 tunnel password simple 3Com router g Force to implement local CHAP authentication Router2 l2tp1 mandatory chap Networking of VPN Protected by IPSec I Networking requirements To cre...

Page 635: ...pmap 10 set peer 202 38 160 2 Router1 ipsec policy l2tpmap 10 set transform l2tptrans f Configure an IP address on Serial 0 interface and apply a IPSec policy Router1 interface serial 0 Router1 Serial...

Page 636: ...and configure the related attributes Router2 l2tp enable Router2 l2tp group 1 Router2 l2tp1 tunnel name lns end Router2 l2tp1 allow l2tp virtual template 1 remote lac end Router2 l2tp1 undo tunnel au...

Page 637: ...transmitted for example ping operation fails Troubleshooting The reasons may be as follows The address of LAC is configured incorrectly Generally LNS distributes addresses but LAC can also specify its...

Page 638: ...634 CHAPTER 43 CONFIGURING L2TP...

Page 639: ...Figure 198 after receiving an IPX datagram the interface connecting Group1 first delivers it to be processed by the IPX protocol which checks the destination address domain in the IPX header and deter...

Page 640: ...The IP protocol that forwards the messages is often called a delivery protocol or transport protocol The form of an encapsulated message is shown in Figure 199 Figure 199 Encapsulated tunnel message f...

Page 641: ...can Term1 and Term2 2 Enlarge the operating range of the hop limited network such as IPX Figure 202 Enlarge network operating range When using RIP if the hop count between two terminals in Figure 202...

Page 642: ...Check with Checksum Settng the Tunnel Interface to Synchronize the Datagram Sequence Number Creating a Virtual Tunnel Interface Perform the following tasks in the system view Table 687 Create Virtual...

Page 643: ...twork segment Thus the system can produce a direct tunnel route automatically Perform the following settings in the tunnel interface view Table 690 Set the Network Address of Tunnel Interface By defau...

Page 644: ...the sequence numbers The synchronized message should be further processed or it is discarded With the sequence numbers the message is unreliable but in order The receiving end establishes sequence nu...

Page 645: ...re the IP address of PC_A to 10 110 24 100 add a default gateway in the network attribute i e default route or use the following command in DOS mode C WINDOWS route add 0 0 0 0 mask 0 0 0 0 10 110 24...

Page 646: ...ddress of Ethernet0 interface RouterB Serial0 exit RouterB interface ethernet 0 RouterB Ethernet0 ip address 30 110 1 1 255 255 255 0 c Create a virtual Tunnel interface and configure the IP address s...

Page 647: ...e Configure the static route to Novell Group2 RouterA ipx route 31 1f b b b tick 2000 hop 15 2 Configure Router B a Activate IPX RouterB ipx enable node b b b b Configure the IP address and IPX addres...

Page 648: ...he ping operation between PC A and PC B fails Check whether there is a route passing through the Tunnel interface that is on Router A the route to 10 2 0 0 16 passes through Tunnel0 interface on Route...

Page 649: ...X RELIABILITY Chapter 45 Configuring a Standby Center Chapter 46 Configuring VRRP...

Page 650: ...646...

Page 651: ...on priority Interfaces such as ISDN BRI and ISDN PRI interfaces that have multiple physical channels can provide standbys to multiple main interfaces by using dialer route Standby centers support the...

Page 652: ...ual virtual circuit or dialer route Please perform the following tasks in the views of the physical interface to which the virtual circuit or the dialer route belongs and specify the corresponding log...

Page 653: ...n Interface By default the delay time for the switchover from the standby interface to the main interface is 0 second meaning that the switchover is instanteous Setting State judging Conditions of the...

Page 654: ...rocedure for each configuration Standby Between Interfaces Take interface Serial 2 as the standby interface for interface Serial 1 1 Enter the view of Serial 1 Router interface serial 1 2 Set Serial 2...

Page 655: ...10 Router Serial0 logic channel 10 4 Specify interface Serial 1 as the standby interface of this logic channel Router logic channel10 standby interface serial 1 5 Set the time interval as 10 seconds f...

Page 656: ...ogic channel 5 and set logic channel 3 and interface Serial 1 as its standby interfaces their priorities being 50 and 20 respectively Router Serial1 logic channel 5 Router logic channel5 standby logic...

Page 657: ...network segment go through the default route to Router 1 to implement communication between the host and the external network When Router 1 breaks down in this network segment all the hosts that rega...

Page 658: ...ackup router function as the new master router to continue serving the host with routing to avoid interrupting the communication between the host and the external networks For the details of VRRP refe...

Page 659: ...virtual IP address from the virtual address list on a standby group After the last virtual IP address has been deleted from the standby group this standby group is also deleted Then this standby group...

Page 660: ...entication Key VRRP provides simple character authentication method In a secure network authentication can be configured to No which means no authentication will be conducted by the router to the VRRP...

Page 661: ...r_down_interval is 3 seconds Monitoring the Specified Interface The interface monitoring function of VRRP expands backup function when the interface of the router is unavailable it is regarded that th...

Page 662: ...er A Router Ethernet0 vrrp vrid 1 virtual ip 202 38 160 111 Router Ethernet0 vrrp vrid 1 priority 120 2 Configure router B Router Ethernet0 vrrp vrid 1 virtual ip 202 38 160 111 The standby group can...

Page 663: ...will be reduced by 30 lower than that of router B so that router B will preempt to function as master for gateway services instead When Serial0 the interface of router A recovers this router will resu...

Page 664: ...eds no manual intervention Another is the long coexistence of many master routers which may be caused by failure to receive VRRP packets between master routers or the reception of illegal packets To s...

Page 665: ...XI QOS Chapter 47 QoS Overview Chapter 48 Traffic Policing Traffic Shaping and Line Rate Chapter 49 Congestion Management Chapter 50 Congestion Avoidance...

Page 666: ...662...

Page 667: ...ndwidth of the network however the increase in bandwidth is so limited and so expensive that it only relieves this problem to some extent The provision of QoS is the basic requirements for future IP n...

Page 668: ...ket at the same rate CIR The CBS the C bucket is generally smaller than EBS the E bucket When traffic conformance is being evaluated if the C bucket has sufficient tokens the traffic is said to confor...

Page 669: ...using QoS the adjustable network services of different priority levels can be provided to various types of clients Secure network services for specific data flows For example it can ensure that the m...

Page 670: ...666 CHAPTER 47 QOS OVERVIEW...

Page 671: ...specific destination addresses are classified at a high priority level Traffic Policing Overview An Internet service provider ISP must control the traffic and load sent by users in the network For an...

Page 672: ...kets can also be dropped directly which is completely dependent on the agreement and rules between the operators and users Token bucket feature The token bucket may be regarded as a container that sto...

Page 673: ...ta traffic size before the amount of some traffic exceeds the line rate At this rate the service quality of the data can be guaranteed Excess Burst Size EBS The burst data traffic size before the amou...

Page 674: ...of CAR rules can also be used in which a packet is matched with successive CAR rules Multiple CAR rules can be used on an interface The router can attempt to match the CAR rules in configured order un...

Page 675: ...ach interface both inbound and outbound directions a total of 100 CAR policies can be applied Up to 100 CAR policies can be applied on one interface inbound and outbound directions You must disable fa...

Page 676: ...0 cbs 15000 ebs 8000 conform pass exceed discard CAR policy is applied to all the packets that are output from router A Ethernet 1 RouterA Ethernet1 ip address 191 0 0 1 255 255 255 0 RouterA Ethernet...

Page 677: ...acl 2 cir 8000 cbs 15000 ebs 8000 conform pass exceed discard Configure the CAR Policy Based on the MAC Address The packet input to router A serial interface 0 the source address of the packet is 00e...

Page 678: ...uterA Serial0 ip address 10 0 0 1 255 255 255 0 RouterA Serial0 qos car inbound acl 1 cir 8000 cbs 15000 ebs 8000 conform pass exceed discard The CAR policy is applied to the packet that is output fro...

Page 679: ...ue of the interface To reduce the unnecessary loss of the packet GTS processing is performed on the packet in the upstream router egress and the packet that exceeds the GTS traffic characteristics are...

Page 680: ...all the traffic shaping parameters Displaying and Debugging Traffic Shaping Table 716 Display and Debug Traffic Shaping GTS Configuration Example 1 Configure the ACL Router acl 110 Router acl 110 rul...

Page 681: ...re is no token in the token bucket the packet cannot be sent until a new token is generated in the token bucket Thus there is a limitation that packet traffic cannot be larger than the generating spee...

Page 682: ...NG TRAFFIC SHAPING AND LINE RATE Displaying and Debugging LR Table 718 Display and Debug LR Operation Command Display the LR configuration conditions and statistic information of the interface display...

Page 683: ...cause of a timeout which can cause a communication failure There are many factors causing congestion For example when the data packet flow enters the router through the high speed link and is then tra...

Page 684: ...order of data packet from the interface depends on the order in which the data packet arrives at this interface at this time the queuing and de queuing orders of the packet are the same FIFO provides...

Page 685: ...or type of the communication However when using the FIFO policy some low priority data in abnormal operation may consume most of available bandwidths and occupy the entire queue which causes the delay...

Page 686: ...eed PQ 4 The absolute priority can be provided to various service data and the delay of the real time application sensitive to time such as VolP can be guaranteed The bandwidth occupation of the packe...

Page 687: ...he PQ queue is used to provide strict priority levels for important network data It can flexibly specify the priority order according to the network protocol such as IP or IPX the interface into which...

Page 688: ...atching the queue the data packets in the system queue are first transmitted Before the system queue is empty a certain number of data packets from user queues 1 to 16 are not extracted and sent out a...

Page 689: ...and B ready to be transmitted in the view of the statistic results the proportion between the bandwidths allocated to the key services and the bandwidths allocated to the non key services is approxima...

Page 690: ...priority list queuing group to the interface Specifying the queue length of the priority list queuing Configuring priority queuing The priority queuing classifies the packets according to a given poli...

Page 691: ...lowing configurations in the system view Table 723 Configure the Priority List Queuing According to the Interface Operation Command Configure the priority queue according to the network layer protocol...

Page 692: ...function the configured priority queue group must be applied to the specific interface Every interface can only use one priority queue group but one priority queue can be applied to multiple interfac...

Page 693: ...continuously transmitted by polling every queue Every time the packets are transmitted the packets in queues 1 to 16 are transmitted sequentially and the number of the transmitted bytes for every tran...

Page 694: ...tions in the system view Table 731 Configure the Default Custom List Queuing Multiple policies can be defined for the group of the custom list queues which is then applied to an interface When the dat...

Page 695: ...inuously transmitted bytes of the custom queue The number of bytes of the continuously transmitted packets the total number of the accommodated bytes may be specified for each custom queue Perform the...

Page 696: ...ighted fair queuing perform the following configurations in the interface view Configuring Weighted fair queuing Displaying and debugging the weighted fair queue Configuring Weighted fair queuing Tabl...

Page 697: ...riority queue to 10 while the lengths of other queues utilize the default values Router qos pql 1 queue top queue length 10 4 Apply the priority queue 1 to Serial 0 Router Serial0 qos pq pql 1 5 One p...

Page 698: ...ving 1000 RouterA qos cql 1 protocol ip acl 107 queue 1 RouterA qos cql 1 protocol ip acl 108 queue 2 b Configure Serial0 master slave addresses RouterA Serial0 ip address 192 168 0 1 255 255 255 252...

Page 699: ...queue 1 RouterB qos cql 1 protocol ip acl 108 queue 2 CQ restricts the traffic in Tunnel0 that is larger than that in tunnel1 and CQ is effective at the exit c Configure Serial0 master slave addresse...

Page 700: ...696 CHAPTER 49 CONGESTION MANAGEMENT...

Page 701: ...the router discards the packet it does not reject the cooperation with the flow control action such as the TCP flow control of the source end so as to adjust the traffic of the network to a rational...

Page 702: ...eatment on the burst data flow and be disadvantageous for the transmission of the data flow Therefore when comparing the minimum and maximum thresholds and when dropping the average lengths of the que...

Page 703: ...obability of the high priority packets The 3Com router takes WRED as its congestion avoidance policy WRED Configuration WRED configuration includes Enable the WRED Function of the Interface Configure...

Page 704: ...s will be dropped Please perform the following configurations in the interface view Table 740 Configure the Related Parameters for the Packets of Specific IP Priority ip precedence is the IP precedenc...

Page 705: ...d 3 Configure the exponent to calculate the average WRED queue length Router Ethernet0 qos wred weighting constant 1 4 Configure the lower threshold upper threshold and drop probability denominator of...

Page 706: ...702 CHAPTER 50 CONGESTION AVOIDANCE...

Page 707: ...XII DIAL UP Chapter 51 Configuring DCC Chapter 52 Configuring Modem...

Page 708: ...704...

Page 709: ...ns In practice DCC guarantees the priority of communications through designated backup lines In the case that a primary line for normal communications become unavailable for any reasons DCC uses the d...

Page 710: ...aler circular group inherit the attributes of the same dialer interface Through configuring the dialer route command a dialer interface can be associated with multiple dialing destination addresses Th...

Page 711: ...which is specified in the dialer number command Each logical dial dialer interface can use the services provided by multiple physical interfaces and each physical interface can serve multiple dialer i...

Page 712: ...and Frame Relay on dial interfaces physical or dialer interfaces Network layer protocols such as IP IPX and Bridge on dial interfaces Dynamic routing protocols such as RIP and OSPF on dial interfaces...

Page 713: ...igure the basic DCC parameters according to the selected DCC configuration method circular DCC or resource shared DCC to enable the initial DCC implementation Configure MP binding PPP callback ISDN ca...

Page 714: ...ce through the ip address or ipx network command and perform other configurations in system view Table 743 Configure Link Layer and Network and Routing Protocols on the Interface The linklayer protoco...

Page 715: ...L and associate the corresponding interface physical or dialer interface to the dialer ACL through the dialer group command Otherwise DCC cannot normally renominate a call The user can either directly...

Page 716: ...interfaces can both originate and receive calls the user can flexibly use one configuration or the combination of several configurations in the Circular DCC configurations introduced below In the circ...

Page 717: ...interfaces but disabled on other interfaces serial asynchronous AUX etc and the user should manually configure the dialer enable circular command No dialer number for calling the remote end is configu...

Page 718: ...ters irrelevant with the specific networking Figure 228 An interface placing calls to multiple remote ends As shown in the above figure a single local interface interface0 if0 originates DCC calls to...

Page 719: ...perform other configuration steps in the dial interface physical or dialer interface view Table 748 Configure a Local Interface to Receive Calls from Multiple Remote Ends By default circular DCC is e...

Page 720: ...rface dialer command to create a dialer interface in global view add it to the specified dialer circular group through the dialer circular group command and perform other configuration processes in di...

Page 721: ...user can select to configure either PAP or CHAP authentication Use the local user password command to configure the user name and password permitted to dial in system view and perform other configura...

Page 722: ...nt dialer interfaces are used for placing calls to different remote ends That is one dialer interface only corresponds to one remote end Through adding a physical interface to the bundle of some diale...

Page 723: ...rface dialer command to create a dialer interface in system view then perform other configurations in dialer interface view Table 752 Configure a Dialer Interface and Dialer Number By default no diale...

Page 724: ...interface for receiving calls then the command dialer user is a must and the command dialer number is optional While Frame Relay is encapsulated on a Dialer interface because of no username negotiati...

Page 725: ...to configure the dialer threshold command on dialer interfaces If a physical interface is an ISDN BRI or PRI interface the user can either use a dialer circular group or directly configure MP binding...

Page 726: ...nd the called party is the callback server The client first originates a call and the server determines whether to originate a return call If it determines to do that the callback server disconnects a...

Page 727: ...the local end to send the user name and password for PAP authentication ppp pap local user username password cipher simple password Configure the local user name sent to the remote end for CHAP authen...

Page 728: ...ementation must use the dialer number command to configure a dial number See Configure PPP callback client in the circular DCC implementation in Dial up Perform the following configuration in dialer i...

Page 729: ...ation callback the callback server can process a incoming call in three ways depending on the matching result of the calling number and the dialer call in command at the local end Denies the incoming...

Page 730: ...mentation perform the following configuration in dial interface physical or dialer interface view Table 762 Implement ISDN Caller Identification Callback Server Configuration in Circular DCC By defaul...

Page 731: ...form the following configuration in dial interface ISDN BRI or PRI interface view Table 765 Configure ISDN leased line for Circular DCC By default no B channel is configured for ISDN leased line conne...

Page 732: ...Number Circular Standby Configuring Attributes of DCC Dial Interface Circular DCC and resource shared DCC also have some optional parameters to improve configuration flexibility improve DCC efficiency...

Page 733: ...ion of contention occurs Normally after a line is set up idle timeout timer will take effect However if a call to a different destination address is originated at this time competion will occur In thi...

Page 734: ...rather than discarded Perform the following configuration in dial interface physical or dialer interface view Table 772 Configure the Buffer Queue Length of the Dial Interface By default no buffer qu...

Page 735: ...1 1 2 Figure 233 Network of a DCC application in common use Solution 1 Establish a connection via the serial interface by using Circular DCC configure the DCC parameters on the dialer interface for Ro...

Page 736: ...Solution 2 Establish a connection via the serial interfaces by using Resource Shared DCC and configure the DCC parameters on the dialer interfaces a Configure RouterA Router dialer rule 1 ip permit Ro...

Page 737: ...p 2 Router Dialer0 ppp authentication mode pap Router Dialer0 ppp pap local user userb password simple userb Router Dialer0 interface serial 0 Router Serial0 physical mode async Router Serial0 modem R...

Page 738: ...1 1 8810048 Solution 4 Establish a connection via the ISDN BRI or PRI interfaces by using Resource Shared DCC and configure the DCC parameters on the dialer interfaces 1 Configure RouterA Router diale...

Page 739: ...0 Router Dialer0 ip address 122 1 1 2 255 255 255 0 Router Dialer0 undo dialer enable circular Router Dialer0 dialer bundle 1 Router Dialer0 dialer number 8810148 Router Dialer0 dialer user usera Rou...

Page 740: ...entication mode pap Router Bri0 ppp pap local user usera password simple usera Router Bri0 interface bri 1 Router Bri1 undo dialer enable circular Router Bri1 dialer bundle member 1 Router Bri1 ppp mp...

Page 741: ...Configure RouterA Router dialer rule 1 ip permit Router interface bri 0 Router Bri0 ip address 100 1 1 1 255 255 255 0 Router Bri0 dialer isdn leased 2 Router Bri0 dialer group 1 Router Bri0 dialer ro...

Page 742: ...callback client 2 Configure RouterB Router dialer rule 2 ip permit Router local user usera password simple usera Router interface serial 1 Router Serial1 ip address 100 1 1 2 255 255 255 0 Router Ser...

Page 743: ...ion mode pap Router Serial1 ppp callback server Solution 3 Use Circular DCC to implement ISDN caller identification callback 1 Configure RouterA Router dialer rule 1 ip permit Router interface bri 0 R...

Page 744: ...serial 0 Router Serial0 ip address 100 1 1 1 255 255 255 0 Router Serial0 remote address 100 1 1 2 Router Serial0 physical mode async Router Serial0 modem Router Serial0 dialer enable circular Router...

Page 745: ...he modem attribute to Dial out and dial in If the modem has been installed click Configure Click the Network button on the right to set the network attributes of RAS including Select TCP IP in both Di...

Page 746: ...8810048 to 8810055 from the telecommunications service provider ISDN dial number is 8810148 which provides services for 16 network users Figure 239 Network for the DCC application providing dial numb...

Page 747: ...ppp authentication mode pap Router Dialer0 ppp pap local user userc password simple passc Router Dialer0 interface async 1 Router Async1 dialer circular group 0 Router Async1 link protocol ppp Router...

Page 748: ...rial 2 15 Router Serial2 15 ip address 100 1 1 254 255 255 255 0 Router Serial2 15 remote address pool 1 Router Serial2 15 dialer enable circular Router Serial2 15 dialer group 2 Router Serial2 15 lin...

Page 749: ...Configure RouterB Router dialer rule 2 ip permit Router interface serial 0 Router Serial0 physical mode async Router Serial0 modem Router Serial0 ip address 100 1 1 2 255 255 255 0 Router Serial0 dial...

Page 750: ...initialization process is correct For the synchronous asynchronous serial interface check whether it is configured to asynchronous and dialing mode Check whether DCC has been enabled on the dial inte...

Page 751: ...inconsistent with name configured for PPP authentication and the dialer route at the remote end does not contain the local network address The remote end disconnects the connection because the remote...

Page 752: ...ity of the phone line is bad DCC The interface has no dialer group discard the packet The debugging information is probably outputted because the dialer group command has not been configured on the co...

Page 753: ...rface works in flow mode the user can establish a remote connection to the interface through the dumb terminal or modem dialup to configure and manage the router Directly send AT commands to the modem...

Page 754: ...hed with any expected receive strings which are separated with The default timeout time waiting for a receive string is 5 seconds TIMEOUT seconds can be inserted into the script anytime to adjust the...

Page 755: ...ings sent from a modems or remote DTE device for a match The match mode is full match Multiple ABORT entries can be configured for a script and all of them take effect in the whole script execution pe...

Page 756: ...ciating modem scripts with events is to automatically execute the corresponding script after a particular event occurs to the router In 3Com routers the following script events are supported An outgoi...

Page 757: ...User The command modem login is configured to authenticate the name and password of the dial in user Generally this command is used together with the command of script trigger connect thus many userna...

Page 758: ...baud rate and send the AT command to the modem If OK is received from the modem it indicates that the modem can automatically adapt to the corresponding baud rate Then write the configuration into th...

Page 759: ...mentation to learn how the modem locks the modem speed check the settings b j q n or s register settings The modem must use the data carrier detect DCD to indicate when a connection is established wit...

Page 760: ...can logging in network and those who have failed the authentication are not allowed to log in Figure 242 Network of authentication for modem dial in user 1 Configure a modem script Router script strin...

Page 761: ...Troubleshooting 757 If the modem is still in abnormal status proceed to run the AT string such as AT F OK ATE0S0 0 C1 D2 OK AT W on the router physical interface connected to the modem...

Page 762: ...758 CHAPTER 52 CONFIGURING MODEM...