- DL manuals
- 3Com
- Network Router
- 3C13636
- Configuration Manual
3Com 3C13636 Configuration Manual
Summary of 3C13636
Page 1
3com router 3000 ethernet family configuration guide 3c13636 www.3com.Com part number: 10014939 rev. Aa february 2006.
Page 2
Copyright © 2006, 3com corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3com corporation. 3com corporation reserves th...
Page 3: Introduction
Introduction.
Page 4: Table of Contents
3com router 3000 ethernet family configuration guide table of contents table of contents chapter 1 v2.4x overview ............................................................................................................. 1-1 1.1 introduction ..........................................................
Page 5: Chapter 1 V2.4X Overview
3com router 3000 ethernet family configuration guide chapter 1 v2.4x overview 3com corporation 1-1 chapter 1 v2.4x overview 1.1 introduction versatile routing platform (v2.4x) is the versatile operating system platform of 3com technologies for data communications products. Focusing on ip services, i...
Page 6
3com router 3000 ethernet family configuration guide chapter 1 v2.4x overview 3com corporation 1-2 1.3 v2.4x functionality and use with products note: v2.4x is the network system platform for 3com 5000/6000 routers. This manual describes the functionality available with v2.4x in detail. The features...
Page 7
3com router 3000 ethernet family configuration guide chapter 1 v2.4x overview 3com corporation 1-3 attribute description ip services arp, arp proxy static domain name resolution ip unnumbered dhcp relay dhcp server dhcp client igmp non-ip services dlsw ipx network protocols ip routing static routing...
Page 8
3com router 3000 ethernet family configuration guide chapter 1 v2.4x overview 3com corporation 1-4 attribute description authenticati on, authorizatio n, accounting (aaa) services radius hwtacacs chap authentication pap authentication firewalls packet filter z interface-based acl z time-based acl fi...
Page 9
3com router 3000 ethernet family configuration guide chapter 1 v2.4x overview 3com corporation 1-5 attribute description file management file system management ftp server and client for uploading and downloading the configuration file or application tftp client for uploading and downloading files de...
Page 10
3com router 3000 ethernet family configuration guide chapter 1 v2.4x overview 3com corporation 1-6 attribute description cli multiple terminal services for entering the cli: z console port for local configuration z aux port for remote or local configuration z telnet or ssh for local or remote config...
Page 11
3com router 3000 ethernet family configuration guide chapter 1 v2.4x overview 3com corporation 1-7 attribute description e1/t1 voice e1 port for r2, dss1, q.Sig, and digital e&m signaling t1 port for dss1 and q.Sig subscriber signaling simultaneous voice data transmission over pri interfaces voice r...
Page 12
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-1 chapter 2 user configuration interface 2.1 setting up configuration environments the system supports both local and remote configuration. The following subsections tell you how to set up ...
Page 13
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-2 figure 2-2 new connection figure 2-3 set the connection port.
Page 14
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-3 figure 2-4 set the port communication parameters step 3: the router runs power-on self-test (post), and upon its completion prompts you to press until the command line prompt (such as ) a...
Page 15
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-4 telnet-enabled pc on w hich the router is configured 100base-tx serv er pc ethernet workstation laptop router telnet-enabled pc on w hich the router is configured 100base-tx serv er pc et...
Page 16
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-5 figure 2-8 set up a telnet connection with the router note: host name in figure 2-8 refers to the host name or ip address of the remote router. Step 3: enter the ip address of the router’...
Page 17
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-6 tel no.12345678 modem workstation aux interface pst n router rs-232 serial port figure 2-9 set up a remote configuration environment step 2: dial to connect the router remotely by using a...
Page 18
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-7 figure 2-11 dial on the remote pc step 3: enter the correct username and password. When you see the command line prompt ( for example) in the hyperterminal configure or manage the router....
Page 19
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-8 2.2 cli the system provides rich configuration commands and the cli through which users can configure and manage their routers. The cli supports: z local and remote configuration through ...
Page 20
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-9 login users are also classified into four levels that correspond to the four command levels. After users at different levels log in, they can only use commands at their own level or lower...
Page 21
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-10 table 2-2 command view functionality command view function prompt command to enter command to exit user view display basic information about operation and statistics enter right after co...
Page 22
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-11 command view function prompt command to enter command to exit subinterface view configure subinterface parameters [3com-serial1/ 0/0.1] key in interface serial 1/0/0.1 in system view qui...
Page 23
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-12 command view function prompt command to enter command to exit null interface view configure null interface parameters [3com-null0] key in interface null 0 in system view quit returns to ...
Page 24
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-13 [3com] interface ethernet 3? / [3com] interface ethernet 3/? [3com] interface ethernet 3/0? / [3com] interface ethernet 3/0/? [3com] interface ethernet 3/0/0 ? Indicates that there is no...
Page 25
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-14 2.2.4 history command the cli can automatically save the commands that have been entered. You can invoke and repeatedly execute them as needed. By default, the cli can save up to ten com...
Page 26
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-15 key function tab key pressing after entering part of a keyword enables the fuzzy help function. If finding a unique match, the system will substitute the complete keyword for the incompl...
Page 27
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-16 z exclude text: to display information of the lines with no "text" z include text: to display information of the lines with "text" for example, if you enter the display current-configura...
Page 28
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-17 metacharacter meaning {n} the “n” in the brace brackets is a non-negative integer, indicating that there are consecutive n matches. {n,} the “n” in the brace brackets is a non-negative i...
Page 29
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-18 for example, you can use the following command to view the current configuration information: display current-configuration # sysname 3com # controller e3 0/1/0 e1 1 channel-set 1 timesl...
Page 30
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-19 2.3 hot keys 2.3.1 classifying hot keys the hot keys in the system fall into two types user-configurable and system. The user-configurable shortcut keys include ctrl_g, ctrl_l, ctrl_o, c...
Page 31
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-20 2.3.2 usage of the hot keys z you can press a combined hot key wherever you are allowed to enter a command. The system will then display the corresponding command as if you had entered t...
Page 32
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-21 2.3.3 examples of hot keys in use # assign the hot key ctrl_u to the display ip routing-table command and execute it. [3com] hotkey ctrl_u display ip routing-table [3com] press [3com] di...
Page 33
3com router 3000 ethernet family configuration guide chapter 2 user configuration interface 3com corporation 2-22 by default, the command alias function is disabled. Ii. Mapping an alias with a command perform the following configuration in system view. Table 2-13 map an alias with a command keyword...
Page 34
3com router 3000 ethernet family configuration guide chapter 3 v2.4x basic configurations 3com corporation 3-1 chapter 3 v2.4x basic configurations 3.1.1 entering/exiting system view when logging onto the router from the console port, you enter user view and see the prompt on the screen. To enter or...
Page 36
3com router 3000 ethernet family configuration guide chapter 3 v2.4x basic configurations 3com corporation 3-3 ii. Switching user levels you must provide the correct password before you can become a higher level user. Perform the following configuration in user view. Table 3-6 switch the user level ...
Page 37
3com router 3000 ethernet family configuration guide chapter 3 v2.4x basic configurations 3com corporation 3-4 table 3-9 default command levels level privilege command 0 visit ping, tracert, telnet 1 monitor display, debugging 2 system all configuration commands except for those at manage level 3 ma...
Page 38
3com router 3000 ethernet family configuration guide chapter 3 v2.4x basic configurations 3com corporation 3-5 operation command display clipboard information. Display clipboard display the current status of the memory in the system. Display memory display statistics about cpu usage. Display cpu-usa...
Page 39: System Management
3com router 3000 ethernet family configuration guide 3com corporation proprietary i system management.
Page 40: Table of Contents
3com router 3000 ethernet family configuration guide table of contents 3com corporation proprietary i table of contents chapter 1 system management overview .................................................................................. 1-1 chapter 2 system maintenance management ...................
Page 41
3com router 3000 ethernet family configuration guide table of contents 3com corporation proprietary ii 3.4.2 using auto detect with vrrp................................................................................. 3-6 3.5 application of auto detect in interface backup ..............................
Page 42
3com router 3000 ethernet family configuration guide table of contents 3com corporation proprietary iii 5.3.8 configuration example 2: upgrading the v 2.41 application program with ftp.. 5-12 5.4 tftp configuration ........................................................................................
Page 43
3com router 3000 ethernet family configuration guide table of contents 3com corporation proprietary iv 7.4.2 performing user authentication using the local user database ........................... 7-7 chapter 8 ntp configuration .........................................................................
Page 44
3com router 3000 ethernet family configuration guide table of contents 3com corporation proprietary v 9.4 example of typical configuration .................................................................................... 9-11 chapter 10 rmon configuration ............................................
Page 45
3com router 3000 ethernet family configuration guide table of contents 3com corporation proprietary vi 11.8.2 dumb terminal service features ..................................................................... 11-39 11.8.3 typical application of dumb terminal ..........................................
Page 46
3com router 3000 ethernet family configuration guide chapter 1 system management overview 3com corporation 1-1 chapter 1 system management overview after reading the first part “getting started” in this manual, you may read this part to learn how to further manage and service your router. This part ...
Page 47
3com router 3000 ethernet family configuration guide chapter 1 system management overview 3com corporation 1-2 v. Ntp configuration this chapter presents ntp and its configurations. The ntp service available with v 2.41 allows the system to guarantee timekeeping synchronization of the devices on the...
Page 48
3com router 3000 ethernet family configuration guide chapter 1 system management overview 3com corporation 1-3 depending on network environment, three pos terminal access approaches are available: dial-up, asynchronous leased line, and pospad packet network. They will be discussed later in this part...
Page 49: Management
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-1 chapter 2 system maintenance management system maintenance management includes the following functions: z use of the system maintenance and debugging tools z maintenance and management o...
Page 50
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-2 router to be configured router to be configured router to be configured router to be configured central router and console terminal figure 2-1 network design for auto-config configuratio...
Page 51
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-3 2.1.2 manually configuring auto-config on the router i. Enabling auto-config perform the following configuration in system view. Table 2-1 enable/disable auto-config operation command en...
Page 52
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-4 modem call-in speed 57600 authentication-mode scheme 2) configuring the locally authenticated default user name and password, enabling telnet and ftp services for the default user local-...
Page 53
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-5 undo shutdown 2.1.3 configuring the central router the central router or console terminal needs to be configured by the network administrator, who determines which interfaces should be c...
Page 55
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-7 v. Connecting by dialing through am interface first connect the am interface on the router to be configured with the remote console terminal in the central equipment room through pstn. T...
Page 56
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-8 step 1: attach a modem to the aux port. Tel no.12345678 modem workstation aux interface pst n router rs-232 serial port figure 2-2 set up a remote configuration environment step 2: dial ...
Page 57
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-9 figure 2-4 dial on the remote pc step 3: enter the correct username and password. When you see the command line prompt ( for example) in the hyperterminal configure or manage the router....
Page 58
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-10 iii. Configuration procedure 1) configure r1 at the center # configure controller interface. [3com] controller e10/0/0 [3com-e1 0/0/0] using e1 # configure e1 interface to originate int...
Page 59
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-11 corresponding configuration is auto-genearted concurrently on the fixed interface of the router. 2.1.7 auto-config configuration example 2 i. Network requirements the router to be confi...
Page 60
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-12 service-type ftp interface ethernet 0/0/0 ip address dhcp-alloc user-interface vty 0 4 authentication-mode scheme corresponding configuration is auto-genearted concurrently on the fixed...
Page 61
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-13 ftp server enable local-user admin password cipher admin service-type telnet terminal level 3 service-type ftp interface analogmodem 2/0/0 async mode flow country-code united-kingdom us...
Page 62
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-14 for example: ping 202.38.160.244 ping 202.38.160.244 : 56 data bytes, press ctrl-c to break reply from 202.38.160.244 : bytes=56 sequence=1 ttl=255 time = 1ms reply from 202.38.160.244 ...
Page 63
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-15 1 helios.Ee.Lbl.Gov (128.3.112.1) 19 ms 19 ms 0 ms 2 lilac-dmc.Berkeley.Edu (128.32.216.1) 39 ms 39 ms 19 ms 3 ccngw-ner-cc.Berkeley.Edu (128.32.136.23) 39 ms 40 ms 39 ms 4 ccn-nerif22....
Page 64
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-16 table 2-11 enable ip source routing operation command enable ip source routing ip option source-routing disable ip source routing undo ip option source-routing the router can process th...
Page 65
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-17 2.2.5 debugging the system the cli of the system provides a variety of debugging functions for helping the users diagnose and isolate faults. The debugging functions are available for a...
Page 66
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-18 operation command display the enabled debugging switches display debugging [ interface { interface-type interface-number } ] [ module-name ] for the use of specific debugging commands a...
Page 67
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-19 z available with three types of information, which are log information, trap information, and debug information. Z the information is sorted into eight levels by severity and can be fil...
Page 68
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-20 table 2-17 name an information channel operation command name the information channelnumbered channel-number as channel-name info-center channel channel-number name channel-name the par...
Page 69
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-21 severity description informational common prompt information debugging debugging information # enable to output log information of ip module and allow outputting the information with th...
Page 70
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-22 caution: when there are multiple telnet users or terminal server users at the same time, they can share some configuration parameters, including the setting of filtering by module, lang...
Page 72
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-24 vi. Sending source address for system information perform the following operations in system view. Table 2-23 send source address for logging information operation command send source a...
Page 73
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-25 table 2-25 set a display terminal operation command enable the terminal information display function terminal monitor enable the terminal logging information display function terminal l...
Page 74
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-26 for information output to the log host, port 514 and the format described in the following figure are used. Feb 4 19:59:19:335 2005 quidway %%10shell/5/cmd:-devip=10.10.10.1; task:co0 i...
Page 75
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-27 vi. Severity there are eight severity levels numbered one through eight. For more information, see “table 2-19”. The severity field is separated from the digest field by a slash (/). Vi...
Page 76
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-28 operation command disable synchronous terminal output undo info-center synchronous by default, synchronous terminal output is disabled. 2.3.7 displaying and debugging information center...
Page 77
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-29 2) use the unix workstation at 202.38.1.10 as the loghost and set the severity threshold to informational and output language to english, and allow ppp and ip modules to output informat...
Page 78
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-30 the lowest level of system information is debugging. The setting of debugging will cause all system information to be output to the loghost and this may affect system performance. There...
Page 79
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-31 ii. Resetting device perform the following operations in user view. Table 2-29 reset device operation command clear all the stored alarm information reset alarm urgent iii. Configuring ...
Page 80
3com router 3000 ethernet family configuration guide chapter 2 system maintenance management 3com corporation 2-32 before inserting or removing a hot-swappable interface card, you must first use the remove slot command for pre-processing. You can also cancel a maloperation with the undo remove slot ...
Page 81
3com router 3000 ethernet family configuration guide chapter 3 auto detect configuration 3com corporation 3-1 chapter 3 auto detect configuration 3.1 introduction to auto detect auto detect is a function for checking the connectivity of a network regularly by sending icmp request/reply packets. It w...
Page 82
3com router 3000 ethernet family configuration guide chapter 3 auto detect configuration 3com corporation 3-2 to do… use the command… remarks add an ip address to the detect group. You may use the command multiple times to add up to 100 ip addresses. [3com-detect-group-x] detect-list list-number ip ...
Page 83
3com router 3000 ethernet family configuration guide chapter 3 auto detect configuration 3com corporation 3-3 ii. Network diagram 192.168.1.1 192.168.2.1 192.168.1.2/24 192.168.2.2/24 20.1.1.2/24 10.1.1.3/24 ethernet 1/0/1: ethernet 2/0/1: 10.1.1.4/24 router b router a router c router d figure 3-1 n...
Page 84
3com router 3000 ethernet family configuration guide chapter 3 auto detect configuration 3com corporation 3-4 3.3 application of auto detect in static routing you may reference a detect group in a static route to control validity of the static route according to the result of auto detect as follows:...
Page 85
3com router 3000 ethernet family configuration guide chapter 3 auto detect configuration 3com corporation 3-5 iii. Configuration procedure configure router a: # enter system view. System-view # create a detect group numbered 8 and enter its view. [3com a] detect-group 8 # add an ip address of 10.1.1...
Page 86
3com router 3000 ethernet family configuration guide chapter 3 auto detect configuration 3com corporation 3-6 no. To do… use the command… remarks 3 reference an auto detect group in vrrp [3com-ethernetx] vrrp vrid virtual-router-id track detect-group group-number [ reduced value-reduced ] required n...
Page 87
3com router 3000 ethernet family configuration guide chapter 3 auto detect configuration 3com corporation 3-7 iii. Configuration procedure 1) configure router b: # enter system view. System-view # create a detect group numbered 9 and enter its view. [3com b] detect-group 9 # add ip address 192.168.2...
Page 88
3com router 3000 ethernet family configuration guide chapter 3 auto detect configuration 3com corporation 3-8 for two interfaces pointing to the same destination, you can specify one of them as the main, and the other as the backup. By referencing a detect group on the backup interface, you can allo...
Page 89
3com router 3000 ethernet family configuration guide chapter 3 auto detect configuration 3com corporation 3-9 3.5.2 using auto detect with interface backup i. Network requirements z configure dynamic routing on routers a, b, c, and d, ensuring the routes between routers a, b, and c are reachable, an...
Page 90
3com router 3000 ethernet family configuration guide chapter 3 auto detect configuration 3com corporation 3-10 [3com a-detect-group-10] quit # specify to enable serial 1/0/0 when the detect group is unreachable. [3com a] interface serial 1/0/0 [3com a-serial1/0/0] standby detect-group 10 # configure...
Page 91
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-1 chapter 4 hwping configurations 4.1 introduction to hwping hwping is a tool used for testing performance of the protocols operating on a network. It is an enhancement to the ping function which ...
Page 92
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-2 i. Enabling hwping server some testing operations of the hwping function require the cooperation between server and client, such as jitter test (analysis on the delay variations in udp datagram ...
Page 93
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-3 on the hwping server, a tcp listening service port cannot take a value greater than 50,000 or one reserved for special purpose, such as 1701. On the hwping server, a udp listening service port c...
Page 94
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-4 following are the parameters included in an hwping test group: z destination address z destination port z source interface z source address z source port z test type z number of packets sent for...
Page 95
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-5 table 4-6 configure a destination port operation command configure a destination port. Destination-port port-number delete the destination port. Undo destination-port by default, no destination ...
Page 96
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-6 when performing an ftp test, you must specify a source port. Perform the following configurations in hwping test group view. Table 4-9 configure a source port operation command configure a sourc...
Page 97
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-7 operation command restore the default number of messages sent for a test. Undo count times by default, one message is sent for a test. 8) configuring icmp datagram size icmp datagram size refers...
Page 98
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-8 table 4-14 configure a test timeout time operation command configure a test timeout time. Timeout time restore the default setting of test timeout time. Undo timeout by default, test timeout tim...
Page 99
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-9 in icmp test, the system should stuff the data field of each transmitted icmp message. If the size of a test datagram is smaller than that of the configured stuffing character string, only a por...
Page 100
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-10 16) configuring username and password used in ftp operations you must provide the proper username and password before you perform ftp operations. This configuration task can be performed only i...
Page 101
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-11 table 4-22 configure the number of packets sent for a jitter test operation command configure the number of packets sent for a jitter test. Jitter-packetnum number restore the default setting. ...
Page 102
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-12 directly-attached network, an error is returned. You can use this function when pinging a local host on an interface that has no route defined. Table 4-25 configure routing table bypass operati...
Page 103
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-13 if send-trap is enabled, a trap is sent for each probe or test failure. Perform the following configurations in hwping test group view. Table 4-28 enable/disable trap-sending operation command ...
Page 104
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-14 table 4-30 test operation command execute test. Test-enable note: after you execute the test-enable command, the system does not display the test result. You may view the test result informatio...
Page 105
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-15 ii. Configuration procedure note: steps 1 through 3 and 6 are required for an icmp test and the remaining three steps are optional. # enable hwping client. [router] hwping-agent enable # step 1...
Page 106
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-16 ii. Configuration procedure note: steps 1 through 3 and 6 are required for a dhcp test and the remaining three steps are optional. # enable hwping client. [router] hwping-agent enable # step 1:...
Page 107
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-17 ii. Configuration procedure note: steps 1 through 3 and 6 are required for a dlsw test and the remaining three steps are optional. In addition, on the destination router specified in step 3, th...
Page 108
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-18 ii. Configuration procedure note: steps 1 through 6 and step 9 are required for an ftp test and the remaining three steps are optional. # configure the ip address of the ethernet interface. [ro...
Page 109
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-19 [router-hwping-administrator-ftp] display hwping result administrator ftp [router-hwping-administrator-ftp] display hwping history administrator ftp at the opposite end, you only need to enable...
Page 110
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-20 4.5.6 jitter test i. Introduction jitter test is performed to test the jitter delay in udp packet transmission between the local end (hwping client) and a specified destination (hwping server)....
Page 111
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-21 caution: at the destination end, you must perform the following configurations: [router] hwping-server enable [router] hwping-server udpecho 169.254.10.2 9000 the address and port number config...
Page 112
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-22 # step 5: configure a test timeout time. [router-hwping-administrator-snmp] timeout 30 # step 6: enable a test. [router-hwping-administrator-snmp] test-enable # step 7: view the test result. [r...
Page 113
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-23 # step 3: configure the ip address of an hwping server, 169.254.10.2 for example. [router-hwping-administrator- tcpprivate] destination-ip 169.254.10.2 # step 4: configure a destination port. [...
Page 114
3com router 3000 ethernet family configuration guide chapter 4 hwping configurations 3com corporation 4-24 # enable hwping client. [router] hwping-agent enable # step 1: create an hwping test group, setting administrator name to administrator and test operation tag to udpprivate. [router] hwping adm...
Page 115: Chapter 5 File Management
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-1 chapter 5 file management 5.1 file system 5.1.1 brief introduction the major function of the file system is to manage storage devices and store files in these devices. Currently, the storage devices s...
Page 116
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-2 i. Basic operations perform the following operations in the user view, (and the execute command is performed in system view). Table 5-2 file operations operation command delete a file delete [ /unrese...
Page 117
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-3 table 5-3 display files and select main/backup boot file operation command display all the boot files in the flash. Bootfile dir specify the main boot file used when booting the router. Bootfile main ...
Page 118
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-4 5.1.6 restoring the space of a storage device perform the following configuration in user view. Table 5-6 restore the space of a storage device operation command restore the space of a storage device ...
Page 119
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-5 6477 kbytes total (2144 kbytes free) 5.2 file system checking configuration 5.2.1 introduction at present, file system checking only checks for/handles corrupted files instead of the entire flash. Aft...
Page 120
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-6 note: versatile file system (vfs) is used to manage storage devices in v 2.41. Note that the vfs check check-method fix and vfs check check-method discard/vfs check check-method discard auto command a...
Page 121
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-7 z ftp client service, that is, the user can directly input the ftp command in the user view to establish a connection with a remote ftp server to access the files in the remote host. Ftp server config...
Page 122
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-8 operation command configure the authorization information of the ftp user (in local user view) service-type ftp [ ftp-directory directory] disable ftp service undo service-type ftp restore the default...
Page 123
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-9 ii. Configuring idle-timeout disconnection of ftp to prevent illegal accesses, the connection with an ftp client will be disconnected if no service request from the client has been received for a cert...
Page 124
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-10 after the above configuration, execute the display command in any view to display the running of the ftp server after configuration, and to verify the configuration. Table 5-13 commands for monitorin...
Page 125
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-11 note: you may specify a source ip address for the packets sent by the ftp server with the ftp source-interface command or with the ftp source-ip command. If both commands are configured, the one conf...
Page 126
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-12 delete sip.Cfg # log into the ftp server, get the main software of the system and store it in the root directory of the memory device on the router. # the obtained system file must be stored in the r...
Page 127
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-13 # enable ftp server. [3com ] ftp server enable # (prompt) delete the redundant files in the memory device on the router to allow enough space for storing new system files. Dir directory of flash:/ 0 ...
Page 128
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-14 tftp protocol is used to obtain the memory mirror of the system when the system is started. Generally, the tftp protocol is performed based on udp. In tftp, file transfer is originated by the client....
Page 129
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-15 perform the following configuration in system view. Table 5-17 set access control list operation command specify the access control list for accessing tftp server tftp-server acl acl-number delete th...
Page 130
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-16 note: you may specify a source ip address for the packets sent by the ftp server with the tftp source-interface command or with the tftp source-ip command. If both commands are configured, the one co...
Page 131
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-17 caution: the xmodem get command is not supported on asynchronous serial interfaces but the aux port. In addition, simultaneous operations are not allowed. 5.5.1 configuring xmodem perform the followi...
Page 132
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-18 ii. Displaying the current and initial configurations of the router when the router is powdered on, it reads out a configuration file in the default storage path to execute the initialization. So the...
Page 133
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-19 when the file-name argument is not specified, the configurations you made are saved to the configuration file loaded at this startup. Executing this command without the safely keyword can make the sp...
Page 134
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-20 v. Setting the configuration file to be used at the next boot table 5-25 set the configuration file to be used at the next boot operation command set the configuration file to be used at next startup...
Page 135
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-21 z using ftp; z using tftp. I. Backing up the display information of the current-configuration command executing the display current-configuration command can display all the configurations in the rou...
Page 136
3com router 3000 ethernet family configuration guide chapter 5 file management 3com corporation 5-22 where, localfile specifies the name of the configuration file on the router and remotefile specifies the name of the uploaded configuration file to be saved on tftp server..
Page 137
3com router 3000 ethernet family configuration guide chapter 6 user interface configuration 3com corporation 6-1 chapter 6 user interface configuration 6.1 user interface overview 6.1.1 brief introduction user interface view is a new feature provided by the system to manage asynchronous interfaces w...
Page 138
3com router 3000 ethernet family configuration guide chapter 6 user interface configuration 3com corporation 6-2 i. Absolute numbering there are four categories of user interfaces in the system and they are ordered in certain sequence, specifically, con, aux, tty, and vty. Z there is only one consol...
Page 139
3com router 3000 ethernet family configuration guide chapter 6 user interface configuration 3com corporation 6-3 table 6-1 access user interface view operation command access a single-user or multi-user interface view user-interface [ type-keyword ] number [ ending-number ] for example: access the v...
Page 140
3com router 3000 ethernet family configuration guide chapter 6 user interface configuration 3com corporation 6-4 i. Configuring transmission speed table 6-3 configure transmission speed operation command set a transmission speed speed speed-value restore the default transmission speed undo speed asy...
Page 142
3com router 3000 ethernet family configuration guide chapter 6 user interface configuration 3com corporation 6-6 i. Starting the terminal service table 6-8 enable the terminal service operation command enable the shell service shell disable the shell service undo shell caution: by default, the termi...
Page 143
3com router 3000 ethernet family configuration guide chapter 6 user interface configuration 3com corporation 6-7 table 6-10 configure user interface locking function operation command lock user interface. Lock # for example, you have accessed the router via vty1, and you lock the user-interface vty ...
Page 145
3com router 3000 ethernet family configuration guide chapter 6 user interface configuration 3com corporation 6-9 a common approach is to configure the telnet command using the auto-execute command command on the terminal so that the user may automatically connect to the specified host. Caution: you ...
Page 146
3com router 3000 ethernet family configuration guide chapter 6 user interface configuration 3com corporation 6-10 table 6-16 configure the inbound/outbound call restriction on the vty user interface operation command configure the inbound/outbound call restriction on the vty user interface acl acl-n...
Page 147
3com router 3000 ethernet family configuration guide chapter 6 user interface configuration 3com corporation 6-11 operation command delete the existing shortcut key or key combination used to abort tasks undo escape-key the default shortcut key combination for aborting tasks is . 6.3 displaying and ...
Page 148: Chapter 7 User Management
3com router 3000 ethernet family configuration guide chapter 7 user management 3com corporation 7-1 chapter 7 user management 7.1 user management overview a router is not configured with a user password when it is powered on for the first time. In that condition, any user can perform configuration o...
Page 149
3com router 3000 ethernet family configuration guide chapter 7 user management 3com corporation 7-2 commands at their own, or lower, levels. If password authentication or no authentication applies, the command level that a user can access depends on the level of the user interface where he logs in. ...
Page 150
3com router 3000 ethernet family configuration guide chapter 7 user management 3com corporation 7-3 can upload or download files on the router from the remote, and a ppp user can access the network via the ppp connection with the router. The configuration of telnet/hyperterminal user will be introdu...
Page 151
3com router 3000 ethernet family configuration guide chapter 7 user management 3com corporation 7-4 7.2.2 configuring username and password i. Setting password for password authentication if you choose password authentication when configuring the authentication mode, you need to set the password. Pe...
Page 152
3com router 3000 ethernet family configuration guide chapter 7 user management 3com corporation 7-5 operation command configure the user in the current isp domain to adopt local authentication scheme (in isp domain view) scheme local 7.2.3 configuring user priority the priority configuration of the ...
Page 153
3com router 3000 ethernet family configuration guide chapter 7 user management 3com corporation 7-6 level indicates the priority of the user, ranging from 0 to 3. 0 indicates the lowest level and 3 the highest. The default priority is 1 after the user configuration. Note: if password authentication ...
Page 154
3com router 3000 ethernet family configuration guide chapter 7 user management 3com corporation 7-7 7.4 typical example of user management 7.4.1 performing password authentication the user need enter the password 3com when logging onto the system from the vty 0 by password authentication. The user p...
Page 155
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-1 chapter 8 ntp configuration 8.1 brief introduction network time protocol is a tcp/ip protocol intended for advertising precise time throughout a network. Its transmission is based on udp. The basic ...
Page 156
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-2 z when the ntp packet leaves router b, router b adds its timestamp to it again, which is 11:00:02am (t3). Z when router a receives the response packet, it adds a new timestamp to it, which is 10:00:...
Page 157
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-3 z set the interface for the local to transmit the ntp messages z set the local clock as the ntp master clock z enable/disable the interface to receive the ntp messages z set the access control autho...
Page 161
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-7 table 8-7 configure ntp id authentication operation command enable ntp id authentication ntp-service authentication enable disable ntp id authentication undo ntp-service authentication enable ii. Se...
Page 163
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-9 table 8-13 set the local clock as the ntp master clock operation command set the local clock as the ntp master clock ntp-service refclock-master [ x.X.X.X ] [ layers-number ] remove the ntp master c...
Page 165
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-11 table 8-17 ntp monitoring and maintenance operation command display the state information of the ntp service display ntp-service status display the association state of the ntp service maintenance ...
Page 166
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-12 ii. Network diagram ...... Ethernet1/0/0: 1.0.1.11 quidway0 quidway1 quidway2 quidway3 quidway4 quidway5 ethernet1/0/0: 1.0.1.12 ethernet1/0/0: 3.0.1.31 ethernet1/0/0: 3.0.1.32 ethernet1/0/0: 3.0.1...
Page 167
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-13 the state of 3com2 after synchronization includes: [3com2] display ntp-service status clock status: synchronized clock stratum: 3 reference clock id: 1.0.1.11 nominal frequency: 250.0000 hz actual ...
Page 168
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-14 # enter the system view. System-view # set 3com3 as the time server and the stratum number is 3 after synchronization. [3com4] ntp-service unicast-server 3.0.1.31 3) configure 3com5 (3com4 has been...
Page 169
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-15 8.4.3 configuring ntp broadcast mode i. Network requirements 3com3 sets the local clock as the ntp master clock and the stratum number is 2. It transmits broadcast packets from ethernet 1/0/0. 3com...
Page 170
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-16 [3com4] display ntp-service status clock status: synchronized clock stratum: 3 reference clock id: 3.0.1.31 nominal frequency: 250.0000 hz actual frequency: 249.9992 hz clock precision: 2^19 clock ...
Page 171
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-17 # set ntp authentication key. [3com3] ntp-service authentication-keyid 88 authentication-mode md5 123456 # set the local authentication key as reliable. [3com3] ntp-service reliable authentication-...
Page 172
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-18 reference time: 17:03:32.022 utc sep 6 2003(bf422ae4.05aea86c) now 3com4 is synchronized with 3com3. Its stratum number is 4, higher than that of 3com3 by one. 8.4.5 configuring ntp multicast mode ...
Page 173
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-19 [3com1-ethernet1/0/0] ntp-service multicast-client in the above configuration, 3com4 and 3com1 are configured to listen to broadcast messages from ethernet 1/0/0 and 3com3 is configured to transmit...
Page 174
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-20 # enter the system view. System-view # set the local clock as the ntp master clock and the stratum number is 2. [3com1] ntp-service refclcok-master 2 2) configure 3com2 # enter the system view. Sys...
Page 175
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-21 clock offset: 198.7425 ms root delay: 27.47 ms root dispersion: 208.39 ms peer dispersion: 9.63 ms reference time: 17:03:32.022 utc thu sep 6 2001 (bf422ae4.05aea86c) now 3com2 is synchronized with...
Page 176
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-22 note: this example assumes that: z mpls vpn configuration is complete. Z ce 1 and pe 1 can ping each other, so can pe 1 and pe 2, and pe 2 and ce 2. 1) configure ce 1 # set the local clock to funct...
Page 177
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-23 8.4.8 configuring symmetric time synchronization for mpls vpn i. Network requirements configure devices to achieve these goals: z pe 2 synchronizes to pe 1. Z pe 1 synchronizes to local clock sourc...
Page 178
3com router 3000 ethernet family configuration guide chapter 8 ntp configuration 3com corporation 8-24 [pe2] display ntp-service sessions source reference stra reach poll now offset delay disper ************************************************************************** [12345]133.1.1.2 locl 1 1 64 2...
Page 179
3com router 3000 ethernet family configuration guide chapter 9 snmp configuration 3com corporation 9-1 chapter 9 snmp configuration 9.1 protocol introduction 9.1.1 brief introduction currently, the most widely used network management protocol in computer network is simple network management protocol...
Page 180
3com router 3000 ethernet family configuration guide chapter 9 snmp configuration 3com corporation 9-2 a 2 6 1 5 2 1 1 2 1 b figure 9-1 mib tree structure in the diagram above, the managed object b can be uniquely determined by a string of digits {1.2.1.1}, which is the object identifier of the mana...
Page 181
3com router 3000 ethernet family configuration guide chapter 9 snmp configuration 3com corporation 9-3 mib property contents of mib standard or specification performance trap mib –– device panel mib –– device resource mib –– vlan –– private mib qos –– 9.2 snmp configuration the snmp configuring incl...
Page 182
3com router 3000 ethernet family configuration guide chapter 9 snmp configuration 3com corporation 9-4 9.2.2 setting the corresponding versions of snmp this configuration is used to enable the corresponding version of snmp and the snmp v3 is enabled by default. Therefore the command needs to be conf...
Page 183
3com router 3000 ethernet family configuration guide chapter 9 snmp configuration 3com corporation 9-5 # set the public community to read privilege. [3com] snmp-agent community read public # set the private community to write privilege. [3com] snmp-agent community write private 9.2.4 setting the snm...
Page 185
3com router 3000 ethernet family configuration guide chapter 9 snmp configuration 3com corporation 9-7 operation command disable sending trap undo snmp-agent trap enable [ trap-type [ trap-list ] ] by default, trap sending is allowed. The command snmp-agent trap enable without parameter indicates al...
Page 186
3com router 3000 ethernet family configuration guide chapter 9 snmp configuration 3com corporation 9-8 9.2.10 setting the router’s location (syslocation) the argument syslocation is a management variable of the system group in mib and stands for the location of a managed device. Perform the followin...
Page 187
3com router 3000 ethernet family configuration guide chapter 9 snmp configuration 3com corporation 9-9 operation command delete a view undo snmp-agent mib-view view-name # use the following command to establish a view named mib1containing all the objects of internet. [3com] snmp-agent mib-view inclu...
Page 188
3com router 3000 ethernet family configuration guide chapter 9 snmp configuration 3com corporation 9-10 the range of the packet queue length is 1 to 1000 with the default value as 100. # set the packet queue length of the host sending the trap packets as 200. [3com] snmp-agent trap queue-size 200 9....
Page 190
3com router 3000 ethernet family configuration guide chapter 9 snmp configuration 3com corporation 9-12 [3com] snmp-agent sys-info contact mr.Wang-tel:3306 [3com] snmp-agent sys-info location telephone-closet,3rd-floor step 3: permit to send trap messages to the network management station (nms) 129....
Page 191
3com router 3000 ethernet family configuration guide chapter 9 snmp configuration 3com corporation 9-13 sysuptime.0 : (105300) 00:17:33:00 syscontact.0 : mr.Wang-tel:3306 sysname.0 : sysadm syslocation.0 : telephone-closet,3rd-floor sysservices.0 : 79 if you cannot understand the meanings of these m...
Page 192
3com router 3000 ethernet family configuration guide chapter 10 rmon configuration 3com corporation 10-1 chapter 10 rmon configuration 10.1 introduction remote monitoring (rmon) is a kind of management information base (mib) defined by internet engineering task force (ietf); it is the most important...
Page 193
3com router 3000 ethernet family configuration guide chapter 10 rmon configuration 3com corporation 10-2 10.2 rmon configuration note: to allow an nms to administer your router, you must configure snmp agents before configuring rmon on the router. Then, you can retrieve alarms and logs about the rou...
Page 194
3com router 3000 ethernet family configuration guide chapter 10 rmon configuration 3com corporation 10-3 note: before adding an alarm entry, you need to define its associated event with the rmon event command. Perform the following configuration in system view. Table 10-2 add/remove an alarm entry o...
Page 195
3com router 3000 ethernet family configuration guide chapter 10 rmon configuration 3com corporation 10-4 10.2.4 adding/removing a prialarm entry prialarm entries can operate on the samples of the monitored variables according to the defined calculating formula and compare the resultant values with t...
Page 196
3com router 3000 ethernet family configuration guide chapter 10 rmon configuration 3com corporation 10-5 operation command remove a statistics entry undo rmon statistics entry-number a statistics entry holds the accumulative value since the corresponding event is defined. You can check information a...
Page 197
3com router 3000 ethernet family configuration guide chapter 10 rmon configuration 3com corporation 10-6 router a ethernet e0/0/0: 129.1.1.100/24 nms 129.1.1.111/24 console terminal console port router a ethernet e0/0/0: 129.1.1.100/24 nms 129.1.1.111/24 console terminal console port figure 10-1 net...
Page 198
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-1 chapter 11 terminal services 11.1 terminal services overview system provides three types of terminal services entering the command line interface: z local configuration through the console z local...
Page 199
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-2 pstn, so that the user can establish the connection between pc and the remote router by dial-up on the pc. After the dial-up is successful, the user can set the working parameters of the remote ro...
Page 200
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-3 11.4 telnet terminal services 11.4.1 telnet service types the telnet protocol belongs to application layer protocol in the tcp/ip protocol suite, which provides the function of remote logon and vi...
Page 201
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-4 iii. Redirecting telnet to use terminal redirecting function, you need to log into the router from a designated port via telnet client program, and then to establish connection with the serial por...
Page 202
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-5 ii. Configuring idle timeout for a telnet connection perform the following configuration in user interface view. Table 11-5 configure idle timeout for the telnet connection operation command confi...
Page 203
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-6 i. Configuring the asynchronous interface to work in flow mode table 11-7 configure the asynchronous serial interface to work in flow mode operation command configure the asynchronous serial inter...
Page 204
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-7 note: to enable telnet redirect on a port successfully after inputting the undo redirect enable command, you must wait a while to have the system close all the sockets using that port number. Othe...
Page 205
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-8 operation command disable telnet option negotiation during setup of redirected telnet connection redirect refuse-negotiation enable telnet option negotiation during setup of redirected telnet conn...
Page 206
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-9 at ok you may terminate the redirected connection by pressing . 11.4.4 specifying a source interface/ip address for the telnet server perform the following configuration in system view. Table 11-1...
Page 207
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-10 by default, the user interface is not bound with any vpn instance. 11.4.6 displaying and debugging after completing the above configuration, execute the display commands in any view to view infor...
Page 208
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-11 ii. Shortcut when the network connection is normal, to press is to notify telnet server to interrupt the current telnet login. Its effect is the same as the quit command, that is, the server inte...
Page 209
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-12 [router-async1/0/0]] async mode flow [router-async1/0/0] quit # enable telnet redirect and configure the related parameters on the user interface. [router] user-interface tty 1 [router-ui-tty1] u...
Page 210
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-13 [router] interface ethernet0/0/0 [router-ethernet0/0/0] ip address 201.1.1.1 255.255.255.0 [router-ethernet0/0/0] quit # configure async1/0/0 and async1/1/0. [router] interface async1/0/0 [router...
Page 211
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-14 with other terminals through the x.25 network. Therefore, x.25 pad devices actually serve as a procedure translator or network server, providing services to different terminals to help them acces...
Page 212
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-15 local router local ethernet pc ssh client remote router ssh server remote ethernet wan server server pc laptop laptop workstation workstation figure 11-9 establish an ssh channel through a wan to...
Page 213
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-16 thus, the server and the client obtain the same session key. During the session, both ends use the same session key to perform encryption and decryption, thereby guaranteeing the security of data...
Page 214
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-17 i. Configuring the ssh server z set the protocols supported on the current user interface z create a local rsa key pair z configure authentication mode for ssh user z create ssh users z set an in...
Page 215
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-18 caution: if the protocol supported by the user interface is set to ssh, you must set the authentication mode to authentication-mode scheme to ensure a successful login; if you use authentication-...
Page 217
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-20 note: if password authentication is adopted, the user name specified in the ssh user command must be consistent with the user name defined in aaa. If rsa authentication is adopted, the value of t...
Page 218
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-21 perform the following configuration in system view. Table 11-21 set maximum number of ssh authentication retries operation command set maximum number of ssh authentication retries ssh server auth...
Page 219
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-22 the client public key is a hexadecimal character string generated through pkcs coding of sshkey.Exe software. The following shows configuration details. [3com] rsa peer-public-key 3com002 [3com-r...
Page 220
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-23 remove the association of a public key to an ssh user undo ssh user username assign rsa-key x. Configuring a service type for an ssh user perform the following configuration in system view to con...
Page 221
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-24 operation command delete the source ip address for the packets sent by the ssh server undo ssh-server source-ip by default, the source ip address in each packet sent by the ssh server is the ip a...
Page 222
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-25 table 11-29 associate an ssh server with a public key operation command associate an ssh server with its public key ssh client server assign rsa-key keyname remove an ssh server to public key ass...
Page 223
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-26 by default, the source ip address in each packet sent by the ssh client is the ip address of the interface where the packet is sent out. Note: you may specify a source ip address for the packets ...
Page 225
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-28 [3com] local-user client001 [3com-luser-client001] password simple 3com [3com-luser-client001] service-type ssh [3com-luser-client001] quit [3com] ssh user client001 authentication-type password ...
Page 226
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-29 sent username "client001" client001@169.254.0.1's password: ********************************************************* * all rights reserved (1997-2004) * * without the owner's prior written conse...
Page 227
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-30 ii. Network diagram pc 10.165.87.136 ssh client routera ssh server routerb figure 11-11 network diagram for ssh client configuration iii. Configuration procedure 1) configure the ssh server (rout...
Page 228
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-31 [3com-rsa-public-key] peer-public-key end [3com] ssh client 10.165.87.136 assign rsa-key 10.165.87.136 # enable the ssh client. The configuration varies depending on the adopted authentication mo...
Page 229
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-32 11.7 sftp service 11.7.1 introduction to sftp secure ftp (sftp) is a new feature introduced in ssh 2.0. Sftp is established on ssh connections to provide secured data transfer. Your router may wo...
Page 230
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-33 table 11-36 enable the sftp server operation command enable the sftp server sftp server enable disable the sftp server undo sftp server by default, the sftp server is disabled. 11.7.3 configuring...
Page 231
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-34 no. To do… use the command… in… view remarks rename a file on the sftp server rename downloa d a file from the remote sftp server get upload a file from the remote sftp server put dir display the...
Page 232
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-35 ii. Disabling the sftp client execute the following command in sftp view to disable the sftp client. Table 11-39 disable the sftp client operation command bye exit disable the sftp client quit ii...
Page 233
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-36 operation command delete remote-file delete a file from the sftp server remove remote-file v. Specifying a source interface/ip address for the sftp client perform the following configuration in s...
Page 234
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-37 11.7.4 sftp configuration example i. Network requirements as shown in figure 11-12, z an ssh connection is present between router a and router b. Z use router a as an sftp server with ip address ...
Page 235
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-38 -rwxrwxrwx 1 noone nogroup 225 sep 01 06:55 pub -rwxrwxrwx 1 noone nogroup 0 sep 01 08:00 z sftp-client> delete z remove this file?(y/n) flash:/zy file successfully removed sftp-client> dir -rwxr...
Page 236
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-39 -rwxrwxrwx 1 noone nogroup 283 aug 24 07:39 pubkey1 drwxrwxrwx 1 noone nogroup 0 sep 01 06:22 new drwxrwxrwx 1 noone nogroup 0 sep 02 06:33 new2 -rwxrwxrwx 1 noone nogroup 283 sep 02 06:35 pu -rw...
Page 237
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-40 z in flow mode, the async interface directly logs in to the command-line interface of a router via the async dedicated line, and then boots telnet client program to log in to other remote systems...
Page 238
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-41 note: set the async interface to disable modem dial-in in the relevant user interface view. For more details, see the user interface configuration chapter. Ii. Auto-execute command configuration ...
Page 239
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-42 10.110.164.44 10.110.164.45 sco unix workstation router pc ethernet figure 11-14 auto-execute command configuration diagram configuration procedure is as follows: # configure the async interface ...
Page 240
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-43 if a user has set the idle-timeout and does not receive the entry from a dumb terminal user within this time, the system will disconnect this connection to prevent the illegal intrusion of unauth...
Page 241
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-44 table 11-46 operate on the rsh client operation command execute a command remotely. Rsh host [ user username ] command remote-command 11.9.3 debugging rsh to verify the effect after you execute t...
Page 242
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-45 i. Checking that the rsh daemon has been installed and started in windows nt/2000/xp/2003 1) enter [start/settings/control panel/administrative tools]. (for windows xp, when you use the classific...
Page 243
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-46 5) double-click on the service row, and in the popup remote shell daemon properties window, click to start the service, as shown in the following figure. Figure 11-19 remote shell daemon properti...
Page 244
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-47 on the router, v 2.41 delivers the rlogin client service similar to a multi-port serial interface card, allowing the logging user terminals (digital or analog) to rlogin to a remote unix host. Te...
Page 245
3com router 3000 ethernet family configuration guide chapter 11 terminal services 3com corporation 11-48 11.10.4 rlogin configuration example i. Network requirements rlogin onto a unix server with the ip address of 192.168.0.200 as the user zhb, and abort the local session by pressing or by entering...
Page 246: Interface Operation
3com router 3000 ethernet family configuration guide 3com corporation i interface operation.
Page 247: Table of Contents
3com router 3000 ethernet family configuration guide table of contents 3com corporation i table of contents chapter 1 interface configuration overview .............................................................................. 1-1 1.1 interface overview ..............................................
Page 248
3com router 3000 ethernet family configuration guide table of contents 3com corporation ii chapter 4 logical interface configuration ................................................................................. 4-1 4.1 dialer interface................................................................
Page 249
3com router 3000 ethernet family configuration guide chapter 1 interface configuration overview 3com corporation 1-1 chapter 1 interface configuration overview 1.1 interface overview router interface refers to the part through which a router system exchanges data and interacts with other devices on ...
Page 251
3com router 3000 ethernet family configuration guide chapter 1 interface configuration overview 3com corporation 1-3 table 1-4 enable/disable the interface to send updown traps operation command enable the interface to send updown traps enable snmp trap updown disable the interface to send updown tr...
Page 252
3com router 3000 ethernet family configuration guide chapter 1 interface configuration overview 3com corporation 1-4 z if the interface supports dial-up, you should also configure parameters in dial control center (dcc) operation and modem management. Z if the interface is working as a master interf...
Page 253
3com router 3000 ethernet family configuration guide chapter 1 interface configuration overview 3com corporation 1-5 note: when a physical interface on the router has no cable connection, shut down it with the shutdown command to prevent anomalies caused by interferences..
Page 254
3com router 3000 ethernet family configuration guide chapter 2 lan interface configuration 3com corporation 2-1 chapter 2 lan interface configuration the local area network (lan) mainly includes ethernet and token-ring network. Currently, ethernet has become the most important lan networking technol...
Page 255
3com router 3000 ethernet family configuration guide chapter 2 lan interface configuration 3com corporation 2-2 z enter specified ethernet interface view z set the network protocol address z configure maximum transmission unit (mtu) z select the operating speed of ethernet interface z select the ope...
Page 256
3com router 3000 ethernet family configuration guide chapter 2 lan interface configuration 3com corporation 2-3 table 2-3 configure mtu operation command configure mtu mtu size restore mtu to default undo mtu the frame format defaults to ethernet_ii and mtu size is in the range 46 to 1500 bytes. The...
Page 257
3com router 3000 ethernet family configuration guide chapter 2 lan interface configuration 3com corporation 2-4 note: z by default, both operating speeds and modes of fe and ge electrical interfaces are negotiation. You can force to change the operating speeds and modes, but should keep the speed an...
Page 258
3com router 3000 ethernet family configuration guide chapter 2 lan interface configuration 3com corporation 2-5 table 2-6 enable or disable local loopback operation command enable local loopback loopback disable local loopback undo loopback by default, local loop is disabled. Note: z ethernet interf...
Page 259
3com router 3000 ethernet family configuration guide chapter 2 lan interface configuration 3com corporation 2-6 viii. Configuring the operating mode of a ge interface ge optical interfaces provide two operating modes: negotiation and force. In negotiation mode, the interface chip checks negotiation ...
Page 261
3com router 3000 ethernet family configuration guide chapter 2 lan interface configuration 3com corporation 2-8 step: check that the lan connection between the host and the router is correct. If the ethernet is connected to a hub or lan switch, check the on/off status of the leds for the link to the...
Page 262
3com router 3000 ethernet family configuration guide chapter 2 lan interface configuration 3com corporation 2-9 operating mode is incorrect, i.E. One party of the connection is working in full duplex mode while the other party in half duplex mode, fault will occur. That is, when the network traffic ...
Page 263
3com router 3000 ethernet family configuration guide chapter 3 layer 2 ethernet port configuration 3com corporation 3-1 chapter 3 layer 2 ethernet port configuration 3.1 introduction to layer 2 ethernet ports the legacy routers are only operating at layer 3. Now, the use of switching chips on router...
Page 264
3com router 3000 ethernet family configuration guide chapter 3 layer 2 ethernet port configuration 3com corporation 3-2 vlan a vlan b vlan a vlan b vlan a vlan b lan switch lan switch router figure 3-1 vlan vlans can be port-based, mac-based, protocol-based, ip map-based, multicast-based, or policy-...
Page 265
3com router 3000 ethernet family configuration guide chapter 3 layer 2 ethernet port configuration 3com corporation 3-3 3.2.1 entering ethernet port view before you can configure an ethernet port, you must enter its view first. Perform the following configuration in system view. Table 3-1 enter ethe...
Page 266
3com router 3000 ethernet family configuration guide chapter 3 layer 2 ethernet port configuration 3com corporation 3-4 3.2.3 configuring ethernet port description to distinguish a port from others, you may configure a port description for it. Perform the following configuration in ethernet port vie...
Page 267
3com router 3000 ethernet family configuration guide chapter 3 layer 2 ethernet port configuration 3com corporation 3-5 3.2.6 enabling/disabling flow control on the ethernet port to prevent packet loss, you may enable flow control. When congestion occurs to one of the two connected routers enabled w...
Page 268
3com router 3000 ethernet family configuration guide chapter 3 layer 2 ethernet port configuration 3com corporation 3-6 3.2.8 setting the mac address aging timer an appropriately configured aging timer can effectively implement the function of mac address aging. An inappropriate aging timer, however...
Page 269
3com router 3000 ethernet family configuration guide chapter 3 layer 2 ethernet port configuration 3com corporation 3-7 by default, all broadcast traffic can pass through without suppression. 3.2.10 enabling/disabling loopback on the ethernet port you may enable loopback on an ethernet port to test ...
Page 270
3com router 3000 ethernet family configuration guide chapter 3 layer 2 ethernet port configuration 3com corporation 3-8 after assigned to a vlan, the ethernet port can forward the packets from the vlan. If the port is hybrid or trunk, you may assign it to multiple vlans, allowing each vlan to commun...
Page 272
3com router 3000 ethernet family configuration guide chapter 3 layer 2 ethernet port configuration 3com corporation 3-10 iii. Configuration procedure enter the view of each involved ethernet port, specify its link type, and assign the port to the specified vlan. If the link type of the port is alrea...
Page 273
3com router 3000 ethernet family configuration guide chapter 3 layer 2 ethernet port configuration 3com corporation 3-11 ii. Network diagram vlan 10 vlan 20 pc1 pc2 pc3 pc4 ar 18-22-24 1.1.1.2 2.2.2.3 1.1.1.3 2.2.2.2 figure 3-3 vlans involving multiple network segments iii. Configuration procedure e...
Page 274
3com router 3000 ethernet family configuration guide chapter 3 layer 2 ethernet port configuration 3com corporation 3-12 [3com] interface ethernet 3/0/0.1 [3com-ethernet3/0/0.1] vlan-type dot1q vid 10 [3com-ethernet3/0/0.1] ip address 1.1.1.1 255.255.255.0 # configure ethernet3/0/0.2 [3com] interfac...
Page 275
3com router 3000 ethernet family configuration guide chapter 3 layer 2 ethernet port configuration 3com corporation 3-13 iii. Configuration procedure z configure the router # configure ethernet 3/0/1 [3com] interface ethernet 3/0/1 [3com-ethernet3/0/1] port link-type access [3com-ethernet3/0/1] port...
Page 276
3com router 3000 ethernet family configuration guide chapter 4 logical interface configuration 3com corporation 4-1 chapter 4 logical interface configuration logical interfaces are virtual interfaces that can be created to exchange data, such as dialer, subinterface, loopback, null, mp-group, mfr, v...
Page 277
3com router 3000 ethernet family configuration guide chapter 4 logical interface configuration 3com corporation 4-2 i. Creating a loopback interface table 4-1 create/delete a loopback interface operation command create a loopback interface and enter the loopback interface view interface loopback num...
Page 278
3com router 3000 ethernet family configuration guide chapter 4 logical interface configuration 3com corporation 4-3 table 4-2 create/delete a null interface operation command create a null interface and enter the null interface view interface null 0 delete the null interface undo interface null 0 as...
Page 279
3com router 3000 ethernet family configuration guide chapter 4 logical interface configuration 3com corporation 4-4 i. Creating an ethernet subinterface perform the following configuration in system view. Table 4-3 create/delete an ethernet subinterface operation command create an ethernet subinterf...
Page 280
3com router 3000 ethernet family configuration guide chapter 4 logical interface configuration 3com corporation 4-5 iii. Configuring other operating parameters as an ethernet subinterface that has not been assigned with vlan id can only support ipx, you can only assign an ipx address to such an ethe...
Page 281
3com router 3000 ethernet family configuration guide chapter 4 logical interface configuration 3com corporation 4-6 operation command delete the specified subinterface from the serial interface. Undo interface serial number.Sub-number if the serial subinterface (the same as sub-number) that you inte...
Page 283
3com router 3000 ethernet family configuration guide chapter 4 logical interface configuration 3com corporation 4-8 ii. Network diagram port1 non-trunk port port3 trunk port eth3/0/0.2 2.0.0.1/8 vlan 20 port2 non-trunk port port4 a vlan10 b vlan 20 2.2.2.2/8 1.1.1.1/8 4.4.4.4/8 vlan 20 d c vlan10 3....
Page 284
3com router 3000 ethernet family configuration guide chapter 4 logical interface configuration 3com corporation 4-9 [3com] max-packet-process 100000 10 [3com] max-packet-process 200000 20 4.4.5 wan subinterface configuration example i. Network requirements as shown in the following figure, the wan i...
Page 285
3com router 3000 ethernet family configuration guide chapter 4 logical interface configuration 3com corporation 4-10 # assign the vc assigned with dlci 50 to the subinterface. [3com-serial0/0/0.1] fr dlci 50 # create the subinterface serial 0/0/0.2 on serial0/0/0 on router a, specify it to work in p...
Page 286
3com router 3000 ethernet family configuration guide chapter 4 logical interface configuration 3com corporation 4-11 after setting up a vpn session, the system needs to create a virtual interface for exchanging data with the remote end. For this purpose, the system will choose a virtual-template acc...
Page 287
3com router 3000 ethernet family configuration guide chapter 4 logical interface configuration 3com corporation 4-12 ii. Setting operating parameters of virtual-template compared with a regular physical interface, virtual-templates only support ppp in terms of link layer protocol and ip and ipx in t...
Page 288
3com router 3000 ethernet family configuration guide chapter 4 logical interface configuration 3com corporation 4-13 z the virtual-template had not been assigned with an ip address. Therefore, the virtual interface failed to pass the ppp negotiation and hence could not go up. Z the virtual-template ...
Page 289
3com router 3000 ethernet family configuration guide chapter 4 logical interface configuration 3com corporation 4-14 the user may establish as many as 1024 virtual ethernet interfaces. When configuring a pvc to carry pppoeoa, you must associate a ve interface with the pvc. If the specified ve interf...
Page 290: Link Layer Protocol
3com router 3000 ethernet family configuration guide 3com corporation i link layer protocol.
Page 291: Table of Contents
3com router 3000 ethernet family configuration guide table of contents 3com corporation i table of contents chapter 1 ppp and mp configuration ......................................................................................... 1-1 1.1 introduction to ppp and mp ...................................
Page 292
3com router 3000 ethernet family configuration guide table of contents 3com corporation ii 2.3.2 configuring a pppoe session ................................................................................ 2-5 2.3.3 enabling/disabling the pppoe server to output ppp-related log .........................
Page 293
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-1 chapter 1 ppp and mp configuration 1.1 introduction to ppp and mp 1.1.1 ppp point-to-point protocol (ppp) is a link layer protocol that carries network layer packets over point-to-point links...
Page 294
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-2 z after receiving the response, the authenticator looks up its local user database for a match according to the username of the authenticatee in the response. When a match is found, it encryp...
Page 295
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-3 network fail authenticate opened fail terminate dead establish up down closing success/none figure 1-2 ppp operation flow chart for the details of ppp, refer to rfc1661. 1.1.2 introduction to...
Page 296
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-4 1.2.1 configuring ppp encapsulation on the interface perform the following configuration in interface view. Table 1-1 configure ppp encapsulation on the interface operation command configure ...
Page 297
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-5 i. Configuring the local router to authenticate the peer using pap table 1-3 configure the local router to authenticate the peer with the pap approach operation command configure the local to...
Page 298
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-6 physical interface receives a dcc call request, it first initiates ppp negotiation and authenticates the dial-in user, and then passes the call to the upper layer protocol. Ii. Configuring th...
Page 299
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-7 iii. Configuring the local to be authenticated by the peer using pap table 1-5 configure the local to be authenticated by the peer with the pap approach operation command configure pap userna...
Page 300
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-8 z at the authenticatee end, the password for chap authentication could be one set by the ppp chap password command or one set in local user view, with the former taking priority over the latt...
Page 301
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-9 by default, the ip address of interface is not negotiable. Caution: z you may configure an interface to obtain an ip address through negotiation only when the interface is encapsulated with p...
Page 302
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-10 table 1-10 assign ip addresses picked from a global address pool operation command configure a global ip address pool ip pool pool-number low-ip-address [ high-ip-address ] remove the global...
Page 303
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-11 by default, the interface does not assign ip address to the remote end. Note: when both the remote address pool [ pool-number ]command and the remote address ip-address command are configure...
Page 304
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-12 by default, the ppp user can use its self-configured ip address in ppp ipcp negotiation. If the ppp user explicitly requests an address, this end acts as requested; if the peer already has a...
Page 305
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-13 by default, dns address negotiation is disabled. The command is intended for the use with ppp, pppoe, and mp and the interface view in which the command is configured varies with the adopted...
Page 306
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-14 table 1-17 enable ppp lcp to negotiate mru operation command configure ppp lcp to negotiate mru ppp lcp mru consistent restore the default undo ppp lcp mru consistent by default, ppp lcp doe...
Page 307
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-15 i. Configuring mp on a virtual template interface fundamental mp configuration tasks include: z create a virtual template interface z associate a remote username with the virtual template in...
Page 308
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-16 endpoint descriptor. To ensure a successful link negotiation, you must configure the ppp mp command and two-way authentication (chap or pap) on the bundled interfaces. Note: z when the ppp m...
Page 309
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-17 authentication, refer to the section 1.2.3 “configuring ppp authentication mode and username and user password”. In addition, perform the following configuration in interface view to have th...
Page 310
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-18 note: z if the ppp mp binding-mode authentication command is configured to enable the router to perform mp bundling according to authenticated username, you are recommended to configure ppp ...
Page 311
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-19 note: z the upper limit on minimum/maximum number of bundled links is 128, a number set considering only the functionality of mp. Z the forwarding performance of mp is irrelevant to the numb...
Page 312
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-20 table 1-26 assign the interface to the specified mp-group operation command assign the interface to the specified mp-group ppp mp mp-group number remove the interface from the specified mp-g...
Page 313
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-21 implementations of network audio/video applications. However, there is also concern that 40-byte ip/udp/rtp header containing a 20-byte ip header, 8-byte udp header and 12-byte rtp header, i...
Page 314
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-22 scheduled and waiting for being transmitted, it has to wait until all the large packets have been transmitted. As for the real-time applications, large packets can cause block and delay, con...
Page 315
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-23 the tcp packets for rtp session setup. Likewise, disabling ip header compression disables the system to compress the tcp packets for rtp session setup. You must configure ip header compressi...
Page 316
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-24 1.4.2 configuring ppp stac lzs compression perform the following configuration in interface view. The current system version supports the stac compression described in rfc 1974. Table 1-31 c...
Page 317
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-25 i. Enabling lfi perform the following configurations in virtual template interface view or mp-group interface view. Table 1-33 enable lfi operation command enable lfi on virtual template int...
Page 318
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-26 table 1-35 display and debug ppp and mp operation command display ppp configuration and running state of an interface display interface type number display mp interface information display p...
Page 319
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-27 ii. Network diagram quidway 1 serial3/0/0: 200.1.1.1 quidway 2 serial3/0/0: 200.1.1.2 figure 1-5 network diagram for pap authentication iii. Configuration procedure 1) configure router 3com1...
Page 320
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-28 [3com-luser-3com2] password simple hello [3com-luser-3com2] service-type ppp [3com-luser-3com2] quit [3com] interface serial 3/0/0 [3com-serial3/0/0] link-protocol ppp [3com-serial3/0/0] ppp...
Page 321
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-29 1.6.3 bidirectional chap authentication i. Network requirements as shown in figure 1-7, 3com 1 and 3com 2 are required to use chap to authenticate each other. The password for chap authentic...
Page 322
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-30 1.6.4 mp configuration i. Network requirements figure 1-8 presents a scenario, where: z on an e1 interface of router a, four channels are created with interface names being serial 2/0/0:1, s...
Page 323
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-31 [3com] interface virtual-template 1 [3com-virtual-template1] ip address 202.38.166.1 255.255.255.0 [3com] interface virtual-template 2 [3com-virtual-template2] ip address 202.38.168.1 255.25...
Page 324
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-32 [3com] interface virtual-template 1 [3com-virtual-template1] ip address 202.38.168.2 255.255.255.0 # assign interfaces serial 2/0/0:1 and serial 2/0/0:2 to the mp channel, taking serial 2/0/...
Page 325
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-33 # configure serial1/0/0. [3com-virtual-template1] interface serial1/0/0 [3com-serial1/0/0] link-protocol ppp [3com-serial1/0/0] ppp authentication-mode pap domain system [3com-serial1/0/0] p...
Page 326
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-34 [3com-serial2/0/0] link-protocol ppp [3com-serial2/0/0] ppp authentication-mode pap domain system [3com-serial2/0/0] ppp pap local-user rtb password simple rtb [3com-serial2/0/0] ppp mp virt...
Page 327
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-35 the display about router a is similar. On router b ping the ip address 8.1.1.1. [3com] ping 8.1.1.1 ping 8.1.1.1: 56 data bytes, press ctrl_c to break reply from 8.1.1.1: bytes=56 sequence=1...
Page 328
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-36 [3com-serial1/0/0] ppp mp [3com-serial1/0/0] shutdown [3com-serial1/0/0] undo shutdown # configure serial2/0/0. [3com-serial1/0/0] interface serial2/0/0 [3com-serial2/0/0] link-protocol ppp ...
Page 329
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-37 [3com-serial2/0/0] ppp authentication-mode pap domain system [3com-serial2/0/0] ppp pap local-user rtb password simple rtb [3com-serial2/0/0] ppp mp [3com-serial2/0/0] shutdown [3com-serial2...
Page 330
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-38 link layer protocol is ppp lcp opened, mp opened, ipcp opened, osicp opened, mplscp opened physical is mp, baudrate: 128000 output queue : (urgent queue : size/length/discards) 0/500/0 outpu...
Page 331
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-39 [3com] interface mp-group 1 [3com-mp-group1] ip address 111.1.1.1 24 # configure serial1/0/0. [3com-mp-group1] interface serial1/0/0 [3com-serial1/0/0] link-protocol ppp [3com-serial1/0/0] p...
Page 332
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-40 [3com-serial1/0/0] shutdown [3com-serial1/0/0] undo shutdown # configure serial2/0/0. [3com-serial1/0/0] interface serial2/0/0 [3com-serial2/0/0] link-protocol ppp [3com-serial2/0/0] ppp aut...
Page 333
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-41 output queue : (fifo queuing : size/length/discards) 0/75/0 last 300 seconds input: 0 bytes/sec, 0 packets/sec last 300 seconds output: 0 bytes/sec, 0 packets/sec 5 packets input, 58 bytes, ...
Page 334
3com router 3000 ethernet family configuration guide chapter 1 ppp and mp configuration 3com corporation 1-42 ”serial number is up, line protocol is down”, which indicates that this interface is active, but link negotiation has failed..
Page 335
3com router 3000 ethernet family configuration guide chapter 2 pppoe configuration 3com corporation 2-1 chapter 2 pppoe configuration 2.1 introduction to pppoe i. Pppoe point-to-point protocol over ethernet (pppoe) connects a network of hosts formed by ethernet to a remote access device to gain acce...
Page 336
3com router 3000 ethernet family configuration guide chapter 2 pppoe configuration 3com corporation 2-2 iii. Pppoe client pppoe is widely used in adsl broadband access applications. Generally, a host must be installed with pppoe client dialing software in order to access the internet via adsl. On 3c...
Page 337
3com router 3000 ethernet family configuration guide chapter 2 pppoe configuration 3com corporation 2-3 2.2.1 creating a virtual template i. Creating a virtual template perform the following configuration in system view. Table 2-1 create/delete a virtual template operation command create a virtual t...
Page 338
3com router 3000 ethernet family configuration guide chapter 2 pppoe configuration 3com corporation 2-4 by default, pppoe is disabled. 2.2.3 configuring pppoe server parameters you may configure pppoe server parameters as needed. Normally, you can use the default settings. Perform the following conf...
Page 339
3com router 3000 ethernet family configuration guide chapter 2 pppoe configuration 3com corporation 2-5 advanced ppp configuration task includes: z terminate a pppoe session 2.3.1 configuring a dialer interface before configuring pppoe session, you should first configure a dialer interface and confi...
Page 340
3com router 3000 ethernet family configuration guide chapter 2 pppoe configuration 3com corporation 2-6 table 2-5 configure a virtual ethernet interface operation command create a virtual ethernet interface interface virtual-ethernet number delete the virtual ethernet interface undo interface virtua...
Page 341
3com router 3000 ethernet family configuration guide chapter 2 pppoe configuration 3com corporation 2-7 operation command enable the pppoe server to output ppp-related log information undo pppoe-server log-information off by default, the pppoe server output the ppp-related information. 2.3.4 resetti...
Page 343
3com router 3000 ethernet family configuration guide chapter 2 pppoe configuration 3com corporation 2-9 # configure pppoe parameters on 3com: [router] interface ethernet 1/0/0 [router-ethernet1/0/0] pppoe-server bind virtual-template 1 # configure virtual-template parameters on 3com: [router-etherne...
Page 344
3com router 3000 ethernet family configuration guide chapter 2 pppoe configuration 3com corporation 2-10 1) configure 3com 1 # add a pppoe user. [3com] local-user 3com2 [3com-luser-3com2] password simple 3com [3com-luser-3com2] service-type ppp [3com-luser-3com2] quit # configure the parameters of t...
Page 345
3com router 3000 ethernet family configuration guide chapter 2 pppoe configuration 3com corporation 2-11 [3com-virtual-template1] remote address 1.1.1.2 [3com-virtual-template1] quit # configure pppoe server. [3com] interface ethernet 1/0/0 [3com-ethernet1/0/0] pppoe-server bind virtual-template 1 2...
Page 346
3com router 3000 ethernet family configuration guide chapter 2 pppoe configuration 3com corporation 2-12 ii. Network diagram lan adsl modem eth0/0/0 eth2/0/0 192.168.1.1 routera internet pc pc pc lan adsl modem eth0/0/0 eth2/0/0 192.168.1.1 routera internet pc pc pc figure 2-4 connect a lan to the i...
Page 347
3com router 3000 ethernet family configuration guide chapter 2 pppoe configuration 3com corporation 2-13 2) configure router b # configure the atm interface. [routera] interface atm2/0/0 [routera-atm1/0/0] pvc 0/32 [routera-atm-pvc-atm1/0/0-0/32] map bridge virtual-ethernet 1 [routera-atm-pvc-atm1/0...
Page 348
3com router 3000 ethernet family configuration guide chapter 2 pppoe configuration 3com corporation 2-14 dedicated line is in failure, routera can still initiate a pppoe call and access the network center via the adsl. If there is no packet transmission on adsl for 2 minutes, the pppoe session will ...
Page 349
3com router 3000 ethernet family configuration guide chapter 2 pppoe configuration 3com corporation 2-15 ii. Network diagram router a internet adsl interface router a internet adsl interface figure 2-6 accessing the internet through an adsl interface iii. Configuration procedure # configure a dialer...
Page 350
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-1 chapter 3 bridge configuration 3.1 introduction to bridge bridge is a type of network device on the data link layer, which interconnects local area networks (lans) and transfers data between them...
Page 351
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-2 i. Obtaining address table a bridge makes forwarding decision based on the bridging table, which consists of mac addresses and interfaces. It should obtain the associations between mac addresses ...
Page 352
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-3 bridge ethernet segment 1 bridge port 1 bridge port 2 ethernet segment 2 00e0.Fcbb.Bbbb 00e0.Fcaa.Aaaa00e0.Fcbb.Bbbb source addressdestination address bridging table mac address 00e0.Fcaa.Aaaa po...
Page 353
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-4 bridge ethernet segment 1 bridge port 1 bridge port 2 ethernet segment 2 00e0.Fcaa.Aaaa bridging table mac address 00e0.Fcbb.Bbbb 00e0.Fccc.Cccc 00e0.Fcdd.Dddd 00e0.Fcaa.Aaaa port 1 1 2 2 00e0.Fc...
Page 354
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-5 please be aware that the bridge will forward the broadcast or multicast frames received on one port to the other ports. Z given that workstation a sends an ethernet frame to workstation b, the br...
Page 355
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-6 bridge ethernet segment 1 bridge port 1 bridge port 2 00e0.Fccc.Cccc 00e0.Fcdd.Dddd ethernet segment 2 00e0.Fcaa.Aaaa 00e0.Fcbb.Bbbb 00e0.Fcaa.Aaaa 00e0.Fccc.Cccc source address destination addre...
Page 356
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-7 bridge x bridge y bridge z broadcast frame ethernet segment 1 ethernet segment 2 ethernet segment 3 forwarding broadcast frame forwarding broadcast frame forwarding broadcast frame again forwardi...
Page 357
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-8 z max age of bpdu z hello time of bpdu z forward delay of port state transition i. Spanning tree protocol algorithm the spanning tree protocol algorithm contains enough information for a bridge t...
Page 358
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-9 bridge 1 bridge 2 bridge 4 bridge 3 bridge 5 hub hub dp dp dp rp dp rp rp rp dp dp dp dp dp dp dp dp dp rp = root port dp= designated port designated bridge designated bridge designated bridge de...
Page 359
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-10 3.1.3 multi-protocol router generally, a router is called multi-protocol router when it can implement the routed protocols like ip and ipx, as well as the bridging protocol. For a multi-protocol...
Page 360
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-11 5) creating and applying bridging acls z create a bridging acl z creating a bridging acl z applying the acl on an interface 6) configuring the routing function of the bridge z enabling the routi...
Page 361
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-12 table 3-3 add the port to a bridge-set operation command add the port to a bridge-set bridge-set bridge-set remove the port from the bridge-set undo bridge-set bridge-set by default, the port is...
Page 362
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-13 table 3-7 configure bridging on hdlc operation command apply a bridge-set on the hdlc interface. Bridge-set bridge-set v. Configuring bridging on x.25 in setting up a bridge, you need to map the...
Page 363
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-14 table 3-10 configure bridging on atm operation command assign a bridge-set to an atm interface (in atm interface view) bridge-set bridge-set enable a pvc to transmit and receive bpdus (in pvc vi...
Page 365
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-16 3.2.4 configuring the bridge to support stp i. Disabling/enabling stp on ports to have stp parameters take effect on a bridge port, you must enable stp on it. Perform the following configuration...
Page 366
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-17 table 3-17 assign a priority to the bridge operation command assign a priority to the bridge bridge stp priority value restore the default priority of the bridge undo bridge stp priority the def...
Page 367
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-18 operation command restore the default priority of the bridge port undo bridge-set bridge-set stp port priority the default priority of the bridge port is 128. Vi. Setting the hello time timer (o...
Page 368
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-19 table 3-21 set the forward delay timer operation command set the forward delay timer bridge stp timer forward-delay seconds restore the default setting of the forward delay timer undo bridge stp...
Page 369
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-20 3.2.5 creating and applying bridging acls i. Creating a bridging acl you can create mac-based acls. Perform the following configuration in system view (for the command acl) and acl view (for the...
Page 370
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-21 perform the following configuration in interface view. 1) applying a mac-based acl in the inbound/outbound direction of the interface perform the following configuration in interface view. Table...
Page 371
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-22 3.2.6 configuring the routing function of the bridge i. Enabling the routing function of the bridge bridge routing provides forwarding that integrates routing and bridging. For some particular p...
Page 372
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-23 table 3-28 configure a bridge-set to route or bridge for the network layer protocol operation command enable the routing function of a bridge-set for the network layer protocol. Bridge bridge-se...
Page 374
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-25 [routera-serial1/0/0] bridge-set 1 configure router b: [routerb] bridge enable [routerb] bridge 1 enable [routerb] interface ethernet 0/0/0 [routerb-ethernet0/0/0] bridge-set 1 [routerb-ethernet...
Page 375
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-26 2) configure router b: [routerb] bridge enable [routerb] bridge 1 enable [routerb] interface virtual-template 1 [routerb-virtual-template1] bridge-set 1 [routerb virtual-template1] interface eth...
Page 376
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-27 [routerb] bridge 1 enable [routerb] interface ethernet 0/0/0 [routerb-ethernet0/0/0] bridge-set 1 [routerb-ethernet0/0/0] interface serial 1/0/0 [routerb-serial1/o/0] link-protocol fr [routerb-s...
Page 377
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-28 [routerb-serial1/0/0] x25 x121-address 200 [routerb-serial1/0/0] x25 map bridge x121-address 100 broadcast [routerb-serial1/0/0] bridge-set 1 3.4.5 transparent bridging on atm i. Network require...
Page 378
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-29 3.4.6 implementing integrated routing and bridging i. Network requirements use a router, allowing routing through any interfaces in a bridge-set. Ii. Network diagram e0/0/0 bridge-set 1 bridge-t...
Page 379
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-30 e0/0/0.1 e1/0/0 e2/0/0 e0/0/0.2 router a router b e0/0/0.1 e0/0/0.2 e1/0/0 e2/0/0 e0/0/0.1 e1/0/0 e2/0/0 e0/0/0.2 router a router b e0/0/0.1 e0/0/0.2 e1/0/0 e2/0/0 figure 3-17 network diagram fo...
Page 380
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-31 [routerb-ethernet0/0/0.2] bridge-set 2 3.4.8 bridging on fr subinterfaces i. Network requirements router a and router b are connected using an fr link. Enable bridging on fr subinterfaces s0/0/0...
Page 381
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-32 [routerb] bridge enable [routerb] bridge enable [routerb] bridge 1 enable [routerb] bridge 2 enable [routerb] interface ethernet 1/0/0 [routerb-ethernet1/0/0] bridge-set 1 [routerb-ethernet1/0/0...
Page 382
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-33 iii. Configuration procedure 1) configure router 1 # enable the firewall. [router1] firewall enable # enable bridging globally. [router1] bridge enable [router1] bridge 1 enable # configure a di...
Page 383
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-34 [router1-ethernet0/0/0] promiscuous [router1-ethernet0/0/0] firewall ethernet-frame-filter 4000 inbound [router1-ethernet0/0/0] firewall ethernet-frame-filter 4000 outbound [router1-ethernet0/0/...
Page 384
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-35 # assign the ethernet interface to the bridge-set and configure mac-based filtering on the interface. [router2] interface ethernet0/0/0 [router2-ethernet0/0/0] promiscuous [router2-ethernet0/0/0...
Page 385
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-36 ethernet type-code value (in hexadecimal) represents 0bad banyan systems 1000 berkeley trailer nego 1001 – 100f berkeley trailer encap/ip 1600 valid systems 4242 pcs basic block protocol 5208 bb...
Page 386
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-37 ethernet type-code value (in hexadecimal) represents 8019 apollo computers 802e tymshare 802f tigan, inc. 8035 reverse arp 8036 aeonic systems 8038 dec lanbridge 8039 – 803c dec unassigned 803d ...
Page 387
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-38 ethernet type-code value (in hexadecimal) represents 807c merit internodal 807d-807f vitalink communications 8080 vitalink translan iii 8081-8083 counterpoint computers 809b appletalk 809c – 809...
Page 388
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-39 ethernet type-code value (in hexadecimal) represents 8132 – 8136 bridge communications 8137 – 8138 novell, inc. 8139 – 813d kti 8148 logicraft 8149 network computing devices 814a alpha micro 814...
Page 389
3com router 3000 ethernet family configuration guide chapter 3 bridge configuration 3com corporation 3-40 ethernet type-code value (in hexadecimal) represents 829a – 829b inst ind info tech 829c – 82ab taurus controls 82ac – 8693 walker richer & quinn 8694 – 869d idea courier 869e – 86a1 computer ne...
Page 390: Network Protocol
3com router 3000 ethernet family configuration guide 3com corporation i network protocol.
Page 391: Table of Contents
3com router 3000 ethernet family configuration guide table of contents 3com corporation i table of contents chapter 1 ip address configuration ........................................................................................... 1-1 1.1 ip address overview ........................................
Page 392
3com router 3000 ethernet family configuration guide table of contents 3com corporation ii 3.2.1 configuring static domain name resolution.......................................................... 3-1 3.2.2 displaying and debugging domain name resolution table ...................................... ...
Page 393
3com router 3000 ethernet family configuration guide table of contents 3com corporation iii 8.2 bootp client configuration.............................................................................................. 8-1 8.2.1 configuring an ethernet interface to obtain ip address using bootp..........
Page 394
3com router 3000 ethernet family configuration guide table of contents 3com corporation iv 9.6.3 configuring dhcp server load sharing for dhcp relay.................................... 9-39 9.6.4 releasing client ip address by dhcp relay ....................................................... 9-39 9...
Page 395
3com router 3000 ethernet family configuration guide table of contents 3com corporation v 11.2.8 multi-instance of mpls vpn nat supported..................................................... 11-7 11.3 nat configuration ....................................................................................
Page 396
3com router 3000 ethernet family configuration guide chapter 2 ip address configuration 3com corporation 1-1 chapter 1 ip address configuration 1.1 ip address overview ip addresses are unique 32-bit addresses assigned to hosts connected to internet. An ip address is composed of two parts: network id...
Page 397
3com router 3000 ethernet family configuration guide chapter 2 ip address configuration 3com corporation 1-2 table 1-1 ip address classes and ranges network class address range description a 0.0.0.0 to 127.255.255.255 network id with the format of 127.X.Y.Z is reserved for self-loop test and the pac...
Page 398
3com router 3000 ethernet family configuration guide chapter 2 ip address configuration 3com corporation 1-3 the 1s corresponds to the network id field and the sub-net number field, while the 0s correspond to the host id field. Net-id host-id net-id host-id 11111111 11111111 111111 00 00000000 local...
Page 399
3com router 3000 ethernet family configuration guide chapter 2 ip address configuration 3com corporation 1-4 host-b 209.0.0.6 08002b00ee0a dns arp network adapter ip=209.0.06 host name host-b 08002b00ee 0a host name host-a ip=209.0.05 destination host name destination host physical address net-id=20...
Page 400
3com router 3000 ethernet family configuration guide chapter 2 ip address configuration 3com corporation 1-5 table 1-2 configure main ip address of an interface operation command configure main ip address of an interface ip address ip-address net-mask a mask identifies the netid boundary of an ip ad...
Page 401
3com router 3000 ethernet family configuration guide chapter 2 ip address configuration 3com corporation 1-6 table 1-4 delete ip addresses on the interface operation command delete ip addresses on the interface. Undo ip address [ ip-address net-mask [ sub ] ] to delete all ip addresses on the interf...
Page 402
3com router 3000 ethernet family configuration guide chapter 2 ip address configuration 3com corporation 1-7 caution: z because ppp supports ip address negotiation, ip address negotiation of an interface can be set only when the interface is encapsulated with ppp. When the ppp link is down, the ip a...
Page 403
3com router 3000 ethernet family configuration guide chapter 2 ip address configuration 3com corporation 1-8 ii. Ip address unnumbered configuration task list the configuration of ip address unnumbered can be performed in the interface view. Serial interfaces encapsulated with ppp, hdlc, frame relay...
Page 404
3com router 3000 ethernet family configuration guide chapter 2 ip address configuration 3com corporation 1-9 operation command display the information of configuration that in now running display current-configuration 1.2.5 ip address configuration example i. Network requirements to configure ip add...
Page 405
3com router 3000 ethernet family configuration guide chapter 2 ip address configuration 3com corporation 1-10 ii. Network diagram r2 (shanghai branch) r3 (wuhan office) r (beijing headquarters) pstn router1 router2 router3 router eth0/0/0:172.16.10.1/24 eth0/0/0: r1 (shenzhen branch) r (beijing head...
Page 406
3com router 3000 ethernet family configuration guide chapter 2 ip address configuration 3com corporation 1-11 z the main ip address of a router ethernet interface must be in the same network segment with the lan to which this ethernet interface is connected. Z serial interface ip addresses of the ro...
Page 407
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-1 chapter 2 arp configuration 2.1 dynamic/static arp configuration 2.1.1 introduction to dynamic arp arp (address resolution protocol) is mainly used for resolution from ip address to ethernet mac add...
Page 408
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-2 table 2-1 manually add/delete static arp mapping table item operation command manually add static arp mapping table item arp static ip-address ethernet-address [ vpn-instance-name ] manually delete ...
Page 409
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-3 table 2-3 enable/disable arp request in the scope of natural network segments operation command enable arp request in the scope of natural segments. Naturemask-arp enable disable arp request in the ...
Page 410
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-4 2.2 proxy arp configuration 2.2.1 introduction you can assign physically distributed computers and routers to the same network segment by assigning them ip addresses in the same network segment. Pro...
Page 411
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-5 z on the two routers, the involved interfaces are assigned to the 192.38.0.0 segment and enabled with proxy arp. Z the two routers are connected through pstn and each configured with a static route ...
Page 412
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-6 in addition, by sending gratuitous arp messages, a network device can update its current hardware address to the caches on other devices if a hardware address change has occurred for example, after ...
Page 413
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-7 2.4 map between wan interface ip address and link layer protocol address in a router, you shall maintain both the mapping from an ethernet interface ip address to an mac address, and that from a wan...
Page 414
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-8 during arp translation, the arp cache is searched at first. If no match is found, the arp table is searched. Z arp table an arp table keeps the mappings between ip addresses and physical addresses. ...
Page 415
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-9 authorized arp entries are allowed to be populated into the arp table, while dynamic arp learning is prohibited. Arp security is independent of authorized arp, and can be employed independently. 2.5...
Page 416
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-10 z operator: indicates whether the arp packet is an arp request or an arp response. It can be 1 (for arp request), 2 (for arp response), 3 (for rarp request), or 4 (for rarp response). Z hardware ad...
Page 417
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-11 1) a dhcp client broadcasts a dhcp_discover packet. When a dhcp server receives the broadcast packet, it responds with a dhcp_offer packet, in which the dhcp server fills the configuration paramete...
Page 418
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-12 table 2-10 enable authorized arp for dhcp interface address pools operation command remarks enter system view system-view — configure interfaces to operate in dhcp server mode and specify to alloca...
Page 419
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-13 operation command remarks enter interface view interface interface-type interface-number — configure the ip address of the interface ip address ip-address net-mask — configure the interface to oper...
Page 420
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-14 operation command remarks enable authorized arp for global dhcp address pools synchronize arp required. By default, authorized arp is not enabled. Exit to system view quit — enter interface view in...
Page 421
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-15 ethernet1/0/1, that is, the interface for accessing the internet has an ip address of 10.1.2.1/24. The dhcp server is configured with global address pool 10.1.1.0/24. Z the dhcp server acts as the ...
Page 422
3com router 3000 ethernet family configuration guide chapter 2 arp configuration 3com corporation 2-16 [3com-ethernet1/0/0] quit.
Page 423
3com router 3000 ethernet family configuration guide chapter 3 dns configuration 3com corporation 3-1 chapter 3 dns configuration 3.1 dns overview tcp/ip not only provides ip address to specify devices, but also specially designs a kind of host naming mechanism called dns (domain name system) in the...
Page 424
3com router 3000 ethernet family configuration guide chapter 3 dns configuration 3com corporation 3-2 table 3-1 add or delete mapping entry in static domain name resolution table operation command add the mapping between domain name and ip address ip host hostname ip-address delete the mapping betwe...
Page 425
3com router 3000 ethernet family configuration guide chapter 3 dns configuration 3com corporation 3-3 figure 3-1 dns system components figure 3-1 illustrates the process of dns resolving: 1) the user program queries the resolver for a domain name or ip address. 2) upon receipt of the query, the reso...
Page 426
3com router 3000 ethernet family configuration guide chapter 3 dns configuration 3com corporation 3-4 perform the following configuration in system view. Table 3-3 enable/disable dns resolving operation command enable dns resolving. Dns resolve disable dns resolving. Undo dns resolve by default, dns...
Page 427
3com router 3000 ethernet family configuration guide chapter 3 dns configuration 3com corporation 3-5 note: rfc1034, however, uses a different searching approach: when you input the ping sina command, the dns client first queries the ip address mapped to “sina”. And if no response is received, it th...
Page 428
3com router 3000 ethernet family configuration guide chapter 3 dns configuration 3com corporation 3-6 table 3-7 clear the dynamic domain name cache operation command clear the dynamic domain name cache. Reset dns dynamic-host iii. Debugging the dns client perform the following operation in user view...
Page 429
3com router 3000 ethernet family configuration guide chapter 3 dns configuration 3com corporation 3-7 # configure a static route to the dns server. [router] ip route-static 10.110.66.66 s0 3.3.5 troubleshooting symptom: domain name resolving failed. Solution: 1) check the software, making sure that:...
Page 430
3com router 3000 ethernet family configuration guide chapter 3 dns configuration 3com corporation 3-8 3.4.3 configuring dns proxy i. Configuration prerequisites before configuring dns proxy, make sure that z ip addresses of dns servers are available on the dns proxy. Z the gateway enabled with dns p...
Page 431
3com router 3000 ethernet family configuration guide chapter 3 dns configuration 3com corporation 3-9 iii. Configuration example 1) configure the router # assign an ip address to interface ethernet 1/0/0. [3com] interface ethernet 1/0/0 [3com-ethernet 1/0/0] ip address 10.1.1.1 255.255.255.0 # confi...
Page 432
3com router 3000 ethernet family configuration guide chapter 4 ddns configuration 3com corporation 4-1 chapter 4 ddns configuration 4.1 introduction to ddns dynamic domain name service (ddns) is to set up bindings between static domain names and dynamic ip addresses of the hosts using the domain nam...
Page 433
3com router 3000 ethernet family configuration guide chapter 4 ddns configuration 3com corporation 4-2 usually, the user side of ddns is a server providing http, ftp, or other services. After the ip address of the server changes, the server needs to request the ddns service provider to notify the dn...
Page 434
3com router 3000 ethernet family configuration guide chapter 4 ddns configuration 3com corporation 4-3 operation command remarks configure a domain name whose domain name-to-ip address mapping on dns needs update by using the service of the ddns service provider ddns domainname name required request...
Page 435
3com router 3000 ethernet family configuration guide chapter 4 ddns configuration 3com corporation 4-4 ii. Network diagram router a pc server a ethernet 1/0/0 www.3322.Org figure 4-2 network diagram for ddns application iii. Configuration procedure # enter system view. System-view # set 3322.Org as ...
Page 436
3com router 3000 ethernet family configuration guide chapter 5 urpf configuration 3com corporation 5-1 chapter 5 urpf configuration 5.1 urpf overview unicast reverse path forwarding (urpf) serves as a safeguard against source address based network attacks. In source address spoofing attacks, attacke...
Page 437
3com router 3000 ethernet family configuration guide chapter 5 urpf configuration 3com corporation 5-2 note: urpf does not support fast forwarding. If a fast forwarding table exists, the result of a urpf check does not take effect. Thus, even a packet fails to pass urpf check, it is forwarded all th...
Page 438
3com router 3000 ethernet family configuration guide chapter 6 ip accounting configuration 3com corporation 6-1 chapter 6 ip accounting configuration 6.1 introduction to ip accounting ip accounting counts inbound and outbound ip packets on the router. These ip packets include those sent and forwarde...
Page 439
3com router 3000 ethernet family configuration guide chapter 6 ip accounting configuration 3com corporation 6-2 operation command remarks enable ip accounting ip count enable required set an aging time ip count timeout minutes optional (720 minutes by default) set the maximum length of the interior ...
Page 440
3com router 3000 ethernet family configuration guide chapter 6 ip accounting configuration 3com corporation 6-3 6.2.3 ip accounting configuration example i. Network requirements as shown in figure 6-1, the router is connected to two hosts through ethernet ports. Count the ip packets from pc1 to pc2,...
Page 441
3com router 3000 ethernet family configuration guide chapter 6 ip accounting configuration 3com corporation 6-4 # enter the view of ethernet 0/0/1 and assign it an ip address. [3com] interface ethernet 0/0/1 [3com-ethernet0/0/1] ip address 2.2.2.1 24 # configure static routes on pc1 and pc2 for them...
Page 442
3com router 3000 ethernet family configuration guide chapter 6 ip accounting configuration 3com corporation 6-5 6.4 tips for configuration z when configuring an interior or exterior hash table, you need to clear the table first and then make configuration if the number of the entries in the table is...
Page 443
3com router 3000 ethernet family configuration guide chapter 7 udp helper configuration 3com corporation 7-1 chapter 7 udp helper configuration 7.1 introduction to udp helper udp helper functions to relay udp broadcast packets to the specified server after converting them to unicast packets. With ud...
Page 444
3com router 3000 ethernet family configuration guide chapter 7 udp helper configuration 3com corporation 7-2 7.2.2 specifying by udp port number which udp broadcasts are forwarded with udp helper enabled, the system by default unicasts the broadcast packets with the udp ports listed in the following...
Page 445
3com router 3000 ethernet family configuration guide chapter 7 udp helper configuration 3com corporation 7-3 7.2.3 configuring destination servers after enabling udp helper in system view, you can configure one or multiple (up to 20) servers on an ethernet interface to have the udp broadcasts receiv...
Page 446
3com router 3000 ethernet family configuration guide chapter 8 bootp client configuration 3com corporation 8-1 chapter 8 bootp client configuration 8.1 introduction to bootp client the bootstrap protocol (bootp) adopts the client/server model where the bootp client requests the server for an ip addr...
Page 447
3com router 3000 ethernet family configuration guide chapter 8 bootp client configuration 3com corporation 8-2 table 8-2 display and debug the bootp client configuration operation command display bootp client information display bootp client [ interface interface-type interface-number ].
Page 448
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-1 chapter 9 dhcp configuration 9.1 dhcp overview 9.1.1 introduction to dhcp we are in a world where the scales of networks are ever-growing and their configurations are more and more complex, compute...
Page 449
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-2 z auto-allocation, with which fixed ip addresses are assigned to some hosts connected to networks for the first time and these hosts are allowed to use the addresses for a long period of time. Z dy...
Page 450
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-3 lan dhcp server dhcp client dhcp client dhcp client dhcp client figure 9-1 network diagram for a dhcp server application in order to obtain a valid dynamic ip address, a dhcp client should exchange...
Page 451
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-4 z upon the receipt of the dhcp_request packet, the dhcp server sends back a dhcp_ack packet allowing the client to use the requested address if it is still unallocated. Z if the dhcp server has all...
Page 452
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-5 dhcpoffer/ discard dhcpnak/ discard offer selecting select offer/ send dhcprequest renewing rebinding dhcpnak, lease expired/ halt network dhcpnak/ halt network t2 expires/ broadcast dhcprequest t1...
Page 453
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-6 figure 9-3 structure of the dhcp accounting packet z code: one byte for identifying the type of the dhcp accounting packet. A value of 4 indicates an accounting start request, while a value of 5 in...
Page 454
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-7 z if the radius server of the specified domain is unreachable for some reason, the dhcp server sends up to three dhcp accounting start requests (including the first sending attempt) at regular inte...
Page 455
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-8 sub-option 5, another sub-option of option 82, represents link selection. It holds the ip address added by the dhcp relay, so that the dhcp server can assign an ip address on the same segment as th...
Page 457
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-10 z sub-option 3: voice vlan configuration. Z sub-option 4: fail-over call routing. I. Meanings of the sub-options for option 184 z ncp-ip the ncp-ip sub-option carries the ip address of the network...
Page 458
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-11 note: for the configurations specifying to add sub-option 2, sub-option 3, and sub-option 4 in the response packets to take effect, you must configure the dhcp server to add sub-option 1. Ii. Oper...
Page 459
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-12 1) after the lcp negotiation over the ppp link succeeds, the local client (the dhcp client) sends a dhcp-discover request packet to the peer (the dhcp server), which the dhcp server discards. 2) d...
Page 460
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-13 9.3.1 principle of dhcp relay the following figure illustrates dhcp relay networking. Lan internet dhcp client dhcp client dhcp client dhcp client dhcp relay dhcp server figure 9-5 network diagram...
Page 461
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-14 option 82 provides many sub-options. Among them, only sub-option 1 and sub-option 2 are available on the dhcp relay. Option 82 allows the address information of the dhcp client and the dhcp relay ...
Page 462
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-15 9.4 dhcp common configuration dhcp common configurations refer to those configurations suitable for both dhcp server and dhcp relay. The configuration tasks include z enable/disable dhcp services ...
Page 463
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-16 by default, pseudo-dhcp server detection is disabled. 9.5 dhcp server configuration dhcp server configuration tasks include z setting interfaces to operate in dhcp server mode z adding dhcp addres...
Page 464
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-17 table 9-3 set the current interface to operate in dhcp server mode operation command send dhcp packets to the local dhcp server and allocate addresses from the global address pool dhcp select glob...
Page 465
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-18 note: to use interface address pools for address allocation, you must configure the dhcp select interface command. You may configure the subaddress keyword to allow the dhcp server to assign a dhc...
Page 466
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-19 9.5.3 defining allocation mode of dhcp address pool you can select static address binding or dynamic address binding accordingly, but you can only choose one of them for a given dhcp address pool....
Page 467
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-20 table 9-7 configure static address binding for interface address pool operation command configure a static address binding for the address pool of the current interface dhcp server static-bind ip-...
Page 468
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-21 table 9-9 exclude ip address from auto allocation operation command forbid auto allocation of an ip address dhcp server forbidden-ip low-ip-address [ high-ip-address ] allow auto allocation of the...
Page 469
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-22 iii. Multiple interface dhcp address pools you can also configure lease limit for dhcp address pool on multiple interfaces at one blow. Perform the following configurations in the system view. Tab...
Page 470
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-23 table 9-13 configure dhcp client domain name in global dhcp address pool operation command configures a domain name to dhcp client domain-name domain-name delete the domain name to dhcp client und...
Page 471
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-24 table 9-16 configure dns ip address in global dhcp address pool operation command configures a dns ip address to dhcp client dns-list ip-address [ ip-address ] delete the dns ip address to dhcp cl...
Page 472
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-25 table 9-19 configure netbios ip address in global dhcp address pool operation command configures a netbios address to dhcp client nbns-list ip-address [ ip-address ] deletes the netbios address to...
Page 473
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-26 z m-node: m here stands for mixed. It is the p-node embraces part of the broadcast attributes. Z h-node: h here stands for hybrid. It is b-node for which peer-to-peer communication is available. P...
Page 474
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-27 9.5.10 configuring dhcp customization items with further development of dhcp technology, new optional configuration items may arise. Then you can add in custom way these items into dhcp server att...
Page 475
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-28 table 9-28 configure egress gateway router for dhcp client operation command configures egress gateway router for dhcp client gateway-list ip-address [ ip-address ] deletes the egress gateway rout...
Page 476
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-29 the dhcp server detects address collisions by sending pings, while the dhcp client does that by sending arp packets. 9.5.13 configuring dhcp accounting when dhcp accounting is enabled, the dhcp se...
Page 477
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-30 note: z this mode applies to the scenario that the dhcp server allocates ip addresses from interface address pools. Z in this mode, you can configure a range of interfaces, and therefore can enabl...
Page 479
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-32 operation command remarks enable and configure bims option in system view dhcp server bims-server ip ip-address port port-number sharekey key { interface interface-type interface-number to interfa...
Page 480
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-33 ii. Configuring option 184 in system view table 9-34 configure option 184 for the dhcp server in system view operation command remarks enter system view system-view –– configure specified interfac...
Page 481
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-34 this approach allows you to configure option 184 on multiple interfaces at the same time. Iii. Configuring option 184 in interface view table 9-35 configure option 184 for the dhcp server in inter...
Page 482
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-35 iv. Configuring option 184 in dhcp global address pool view table 9-36 configure option 184 for the dhcp server in global address pool view operation command remarks enter system view system-view ...
Page 483
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-36 z the dhcp server function is enabled on your device and the network parameters of the device are configured. Z the network parameters, and address pool and address lease allocation policies are c...
Page 484
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-37 operation command clear conflict information of all address pool reset dhcp server conflict all clear statistical information in dhcp server reset dhcp server statistics 9.6 dhcp relay configurati...
Page 485
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-38 table 9-40 set multiple interfaces to operate in dhcp relay mode operation command relay dhcp packets to an external dhcp server for address allocation dhcp select relay { interface interface-type...
Page 486
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-39 perform the following configuration in system view to specify an external dhcp server address to which the dhcp broadcasts received on the specified interfaces are to be forwarded. Table 9-42 conf...
Page 487
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-40 table 9-44 release client ip address from dhcp relay operation command requests dhcp server to release client ip address dhcp relay release client-ip mac-address requests a specific dhcp server to...
Page 488
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-41 ii. Configuring option 82 support on the dhcp relay table 9-45 configure option 82 support on the dhcp relay operation command remarks enter system view system-view –– enable option 82 support on ...
Page 489
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-42 by default, dhcp client is disabled. Note the following: z after configured to obtain an ip address through dhcp, an interface cannot be configured with any subaddress. That is, the command ip add...
Page 492
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-45 limit is 5 days; the dns address is 10.1.1.2; the netbios address is 10.1.1.4; the egress router address is 10.1.1.254. Ii. Networking topology lan lan netbios server client dns server client clie...
Page 493
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-46 [3com-dhcp-1] expired day 10 hour 12 # configure attributes for dhcp address pool 2 (address pool range, egress gateway address, netbios address and address lease limit). [3com] dhcp server ip-poo...
Page 494
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-47 [3com-ethernet6/0/0] ip address 10.110.1.1 255.255.0.0 # configure ip relay address for the interface to specify the target dhcp server. [3com-ethernet6/0/0] dhcp select relay [3com-ethernet6/0/0]...
Page 495
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-48 [server1] dhcp server ip-pool 1 [server1-dhcp1] network 200.254.0.0 mask 255.255.0.0 # configure server2 [server2] dhcp enable [server2] interface ethernet0/0/0 [server2-ethernet0/0/0] ip address ...
Page 496
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-49 [client-ethernet0/0/0.1] vlan-type dot1q vid 10 [client-ethernet0/0/0.1] ip addr dhcp-alloc # configure the sub-interface which gets ip address from dhcp server2. [client] interface ethernet0/0/0....
Page 497
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-50 # create a domain, create a radius scheme, and associate them for dhcp accounting. [3com] radius scheme 123 [3com-radius-123] primary authentication 10.1.2.2 [3com-radius-123] quit [3com] domain 1...
Page 498
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-51 iii. Configuration procedure 1) configure the dhcp client (on 3com vcx) enable dhcp client, and configure it to request all suboptions of option 184 when requesting an address. 2) configure the dh...
Page 499
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-52 iii. Configuration procedure this example assumes that the dhcp relay and the dhcp server are reachable to each other. 1) configure the dhcp relay # enable dhcp. System-view [3com] dhcp enable # c...
Page 500
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-53 ii. Network diagram dhcp client dhcp relay dhcp server serial2/0/0: 10.0.0.2/24 serial2/0/0: 10.0.0.1/24 serial2/0/1: 20. 20.0.1/24 serial2/0/0 figure 9-13 network diagram for the dhcp support on ...
Page 501
3com router 3000 ethernet family configuration guide chapter 9 dhcp configuration 3com corporation 9-54 [3com] dhcp enable [3com] interface serial 2/0/0 [3com-serial2/0/0] link-protocol ppp [3com-serial2/0/0] ip address dhcp-alloc [3com-serial2/0/0] quit.
Page 502
3com router 3000 ethernet family configuration guide chapter 10 ip performance configuration 3com corporation 10-1 chapter 10 ip performance configuration 10.1 configuring maximum transmission unit (mtu) mtu size of the interface decides whether the ip packets on the interface need to be fragmented....
Page 503
3com router 3000 ethernet family configuration guide chapter 10 ip performance configuration 3com corporation 10-2 tcp connection will be terminated. The range of fin is 76 to 3600 seconds and the default of fin is 675 seconds. Z the receiving/sending buffer size of connection-oriented socket: the r...
Page 504
3com router 3000 ethernet family configuration guide chapter 10 ip performance configuration 3com corporation 10-3 table 10-4 configure the sending of icmp redirect messages operation command enable the sending of icmp redirect messages icmp redirect send disable the sending of icmp redirect message...
Page 505
3com router 3000 ethernet family configuration guide chapter 10 ip performance configuration 3com corporation 10-4 operation command enable udp information debugging debugging udp packet disable udp connection debugging. Undo debugging udp packet clear tcp traffic statistics. Reset tcp statistics sh...
Page 506
3com router 3000 ethernet family configuration guide chapter 10 ip performance configuration 3com corporation 10-5 z all pcs on 192.168.1.0/24 support remote wakeup and the wakeup function must work with power supplies, network adapters, and main boards. Z enable broadcast forwarding on interface et...
Page 507
3com router 3000 ethernet family configuration guide chapter 10 ip performance configuration 3com corporation 10-6 messages, and cuts down the route finding time and improves forwarding throughput of ip messages. Since the forwarding table in the cache has been optimized, much quicker searching spee...
Page 508
3com router 3000 ethernet family configuration guide chapter 10 ip performance configuration 3com corporation 10-7 caution: to have an interface participate in load balancing, you must disable fast forwarding on it in the forwarding direction. If fast-forwarding is configured on an interface, the de...
Page 509
3com router 3000 ethernet family configuration guide chapter 10 ip performance configuration 3com corporation 10-8 for the first packet of a data stream, the router looks up the routing table for the routing decision, while for the subsequent packets of the stream, it looks up the cached fast forwar...
Page 510
3com router 3000 ethernet family configuration guide chapter 10 ip performance configuration 3com corporation 10-9 troubleshooting: in the event of such a fault, you can enable the corresponding debugging information output to view the debugging information. Z use the command debugging udp to enable...
Page 511
3com router 3000 ethernet family configuration guide chapter 10 ip performance configuration 3com corporation 10-10 then the tcp packets received or sent can be checked in real time, and the formats are similar to those mentioned above..
Page 512
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-1 chapter 11 nat configuration 11.1 nat overview as described in rfc1631, network address translation (nat) is to translate the ip address in ip data packet header into another ip address, which is ...
Page 513
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-2 external server at 202.120.10.2, the data packet will traverse the nat server. The nat server checks the contents in the packet header. If the destination address in the header is an extranet addr...
Page 514
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-3 note: the number of public ip addresses on the nat server is far less than the number of hosts in the intranet because not all hosts will access the extranet at one time. The public ip address num...
Page 515
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-4 192.168.1.3 pc internet 192.168.1.2 server pc server 202.120.10.2 202.120.10.3 192.168.1.1 202.169.10.1 source ip:192.168.1.3 source port: 1537 source ip: source port: 2468 datagram1 source ip: 20...
Page 516
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-5 11.2.4 bidirectional nat in comparison to conventional nat which translates only the source or destination address, bidirectional nat translates both addresses. It is suitable for the situation wh...
Page 517
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-6 in the dns response following the conventional nat procedures and sends the dns response to pc 2. 2) pc 2 initiates an access to 3.0.0.1, the temporary address for www.Web.Com. When router a recei...
Page 518
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-7 rules. For the involved protocol, this is transparent. So far, v 2.41’s nat alg implementation supports point to point tunneling protocol (pptp), dns, ftp, internet locator service (ils), netbios ...
Page 519
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-8 will be chosen as the source address. Perform the following configurations in the system view. Table 11-1 configure address pool operation command define an address pool nat address-group group-nu...
Page 520
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-9 suppose that you directly take the interface address as the public network address after nat. If you change the interface address in order to visit the external network, you must use the reset nat...
Page 521
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-10 table 11-5 configure a static net-to-net nat map operation command create a static net-to-net nat map entry nat static net-to-net inside-start-address inside-end-address global global-address mas...
Page 522
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-11 table 11-8 configure napt operation command add association for access control list and address pool nat outbound acl-number [ address-group group-number ] delete association for access control l...
Page 523
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-12 table 11-10 configure internal server operation command add an internal server nat server [ acl-number ] [ vpn-instance vpn-instance-name ] protocol pro-type global global-addr [ global-port ]ins...
Page 524
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-13 table 11-12 configure a nat entry for a domain name operation command map a domain name to a triplet of external ip address, port number, and protocol type nat dns-map domain-name global-addr glo...
Page 525
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-14 11.4 displaying and debugging nat after the above configuration, execute the display command in all views to display the running of the nat configuration, and to verify the effect of the configur...
Page 526
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-15 ii. Network diagram ddn internal ethernet of enterprise internal pc ftp server 10.110.10.1 www server 1 10.110.10.2 www server 2 10.110.10.3 smtp server 10.110.10.4 internal pc 10.110.10.100 10.1...
Page 527
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-16 11.5.2 configuration example of nat using ip address of loopback interface i. Network requirements as shown in figure 11-5, the intranet accesses the internet through the serial interface 3/0/0 o...
Page 528
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-17 [3com-loopback0] quit # configure the internal ftp server. [3com] interface serial3/0/0 [3com-serial3/0/0] nat server protocol tcp global 202.38.160.100 inside 10.110.10.1 ftp # configure the int...
Page 529
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-18 z on router a create a static net-to-net nat entry, translating network address 10.1.1.0/24 to 211.2.1.0/24; and configure dynamic routing, ensuring the route to 211.2.2.0/24 is reachable. Z like...
Page 530
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-19 [routerb] interface serial0/0/0 [routerb-serial0/0/0] ip address 201.2.2.2 255.255.255.0 [routerb-serial0/0/0] nat outbound static [routerb-serial0/0/0] quit # configure interface ethernet1/0/0. ...
Page 531
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-20 # create a bidirectional nat entry. [3com] nat overlapaddress 3 10.0.0.0 3.0.0.0 address-mask 24 # configure an acl. [3com] acl number 2000 [3com-acl-basic-2000] rule 0 permit source 10.0.0.0 0.0...
Page 532
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-21 ii. Network diagram ip www server ftp server pc1 ipsec tunnel pc4 branches router 1 router2 headquarters 10.110.10.2 10.110.10.3 e0/0/0 s1/0/0 e0/0/0 s1/0/0 pc2 pc3 e0/0/1 ip www server ftp serve...
Page 533
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-22 [3com-serial1/0/0] ip address 202.38.160.1 255.255.255.0 [3com-serial1/0/0] nat outbound 2001 # configure the internal ftp and www servers. [3com-serial1/0/0] nat server 2002 protocol tcp global ...
Page 534
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-23 [3com-acl-basic-2003] rule permit ip source 10.110.30.0 0.0.0.255 destination 10.110.0.0 0.0.255.255 [3com-acl-adv-2003] rule deny ip source any destination any [3com-acl-adv-2003] quit # configu...
Page 535
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-24 configure nat entries for domain names to allow internal hosts to identify and access the internal servers correctly by domain name. Ii. Network diagram internal pc ddn 10.0.0.2 10.0.0.3 ftp serv...
Page 536
3com router 3000 ethernet family configuration guide chapter 11 nat configuration 3com corporation 11-25 after you complete the above configuration tasks, the outside hosts can access the two internal servers by domain name. To allow the internal hosts to access the internal servers by domain name, ...
Page 537: Configuration
3com router 3000 ethernet family configuration guide chapter 12 ip unicast policy routing configuration 3com corporation 12-1 chapter 12 ip unicast policy routing configuration 12.1 ip unicast policy routing overview ip policy routing is a mechanism in which packets are transmitted and forwarded by ...
Page 538
3com router 3000 ethernet family configuration guide chapter 12 ip unicast policy routing configuration 3com corporation 12-2 output-interface clause has a higher priority than the apply ip-address default next-hop clause. When both of them are configured and valid, the system executes only the appl...
Page 539
3com router 3000 ethernet family configuration guide chapter 12 ip unicast policy routing configuration 3com corporation 12-3 permit means applying policy routing for the packets meeting the conditions, and deny means not applying policy routing for the packets meeting the conditions. By default, no...
Page 540
3com router 3000 ethernet family configuration guide chapter 12 ip unicast policy routing configuration 3com corporation 12-4 the user can specify multiple next hops or set several outbound interfaces. In this case, the forwarding of packets will be shared among multiple parameters, namely, each pac...
Page 541
3com router 3000 ethernet family configuration guide chapter 12 ip unicast policy routing configuration 3com corporation 12-5 table 12-6 display and debug ip unicast policy routing operation command show local policy routing and interface policy routing display ip policy show the setting of the loca...
Page 542
3com router 3000 ethernet family configuration guide chapter 12 ip unicast policy routing configuration 3com corporation 12-6 ii. Network diagram lan a 10.110.0.0 serial2/0/0 serial1/0/0 ethernet3/0/0 path1 internet figure 12-1 network diagram for configuring policy routing based on source address i...
Page 543
3com router 3000 ethernet family configuration guide chapter 12 ip unicast policy routing configuration 3com corporation 12-7 [3com-ethernet3/0/0] ip policy route-policy aaa 12.4.2 configuring policy routing based on packet size i. Configuration requirement router a sends the packets of 64 to 100 by...
Page 544
3com router 3000 ethernet family configuration guide chapter 12 ip unicast policy routing configuration 3com corporation 12-8 [routera] route-policy lab1 permit node 20 [routera-route-policy] if-match packet-length 101 1000 [router-route-policy] apply ip-address next-hop 151.1.1.2 # configure router...
Page 545: Configuration
3com router 3000 ethernet family configuration guide error! Reference source not found.Error! Ref erence source not found. 3com corporation 13-1 chapter 13 ip multicast policy routing configuration 13.1 introduction to ip multicast policy routing 13.1.1 overview of ip multicast policy routing ip mul...
Page 546
3com router 3000 ethernet family configuration guide error! Reference source not found.Error! Ref erence source not found. 3com corporation 13-2 specified through an interface-based acl (ranging from 1000 to 1999). The next hop ip address list is specified through a standard acl (ranging from 2000 t...
Page 547
3com router 3000 ethernet family configuration guide error! Reference source not found.Error! Ref erence source not found. 3com corporation 13-3 13.2.2 defining the if-match clause of the route-policy an if-match clause defines the match rule, which is the filtering condition that should be met by t...
Page 548
3com router 3000 ethernet family configuration guide error! Reference source not found.Error! Ref erence source not found. 3com corporation 13-4 use the acl to specify the output interface list and the next hop ip address list for ip multicast policy routing. The basic acl (ranging from 2000 to 2999...
Page 549
3com router 3000 ethernet family configuration guide error! Reference source not found.Error! Ref erence source not found. 3com corporation 13-5 operation command disable the ip multicast policy routing debugging undo debugging ip multicast-policy.
Page 550: Routing Protocol
3com router 3000 ethernet family configuration guide 3com corporation i routing protocol.
Page 551: Table of Contents
3com router 3000 ethernet family configuration guide table of contents 3com corporation i table of contents chapter 1 ip routing protocol overview .................................................................................... 1-1 1.1 ip route and routing table overview ...........................
Page 552
3com router 3000 ethernet family configuration guide table of contents 3com corporation ii 3.2.6 configuring route filtering ..................................................................................... 3-8 3.2.7 disabling host route .............................................................
Page 553
3com router 3000 ethernet family configuration guide table of contents 3com corporation iii 4.2.14 setting the interface priority for dr election ...................................................... 4-21 4.2.15 configuring the cost for sending packets on an interface .................................
Page 554
3com router 3000 ethernet family configuration guide table of contents 3com corporation iv 5.2.14 configuring is-is authentication password ........................................................ 5-15 5.2.15 configuring route aggregation.................................................................
Page 555
3com router 3000 ethernet family configuration guide table of contents 3com corporation v 6.2.21 resetting bgp connection ................................................................................. 6-25 6.3 displaying and debugging bgp .............................................................
Page 556
3com router 3000 ethernet family configuration guide chapter 1 ip routing protocol overview 3com corporation 1-1 chapter 1 ip routing protocol overview 1.1 ip route and routing table overview 1.1.1 ip route and route segment routers are adopted for route selection on the internet. According to the d...
Page 557
3com router 3000 ethernet family configuration guide chapter 1 ip routing protocol overview 3com corporation 1-2 1.1.2 routing by routing table the key for a router to forward packets is the routing table. Each router saves a routing table in its memory, and each entry of this table specifies the ph...
Page 558
3com router 3000 ethernet family configuration guide chapter 1 ip routing protocol overview 3com corporation 1-3 10.0.0.0 11.0.0.0 12.0.0.0 13.0.0.0 14.0.0.0 15.0.0.0 16.0.0.0 r8 2 10.0.0.1 1 11.0.0.1 3 13.0.0.4 r2 r3 r5 r6 r7 r1 r4 10.0.0.2 16.0.0.3 16.0.0.1 16.0.0.2 13.0.0.3 15.0.0.1 15.0.0.2 14.0...
Page 559
3com router 3000 ethernet family configuration guide chapter 1 ip routing protocol overview 3com corporation 1-4 in the table, “0” represents a directly connected route, and “255” represents a route from an unknown source. Table 1-1 routing protocols and route discovery preferences routing protocol ...
Page 560
3com router 3000 ethernet family configuration guide chapter 1 ip routing protocol overview 3com corporation 1-5 z per-packet load sharing, implemented when fast forwarding is disabled. The router then distributes the arrived packets equally on the participating routes. Z bandwidth-based unbalanced ...
Page 561
3com router 3000 ethernet family configuration guide chapter 1 ip routing protocol overview 3com corporation 1-6 1.3 configuring bandwidth-based unbalanced load sharing in general, the technology of load sharing is to send packets evenly to different interfaces. For example, with load sharing, a flo...
Page 562
3com router 3000 ethernet family configuration guide chapter 1 ip routing protocol overview 3com corporation 1-7 table 1-3 assign bandwidth to the interface operation command assign bandwidth to the interface loadbandwidth bandwidth restore the default bandwidth of the interface undo loadbandwidth d...
Page 563
3com router 3000 ethernet family configuration guide chapter 1 ip routing protocol overview 3com corporation 1-8 10.1.2.2 1193501 155000 0 atm1/0/0 10.1.3.2 15914 2048 0 serial2/0/0 bandwidth:48:75:1 packets:47:74:1 flows:0:0:0 the output indicates that load is shared on the three interfaces based o...
Page 564
3com router 3000 ethernet family configuration guide chapter 1 ip routing protocol overview 3com corporation 1-9 packets:1:2:3 flows:0:0:0 the statistics indicates that load sharing is implemented according to the ratio of the specified bandwidths..
Page 565
3com router 3000 ethernet family configuration guide chapter 2 static route configuration 3com corporation 2-1 chapter 2 static route configuration note: for the parameter explanation in vpn instance, refer to "mpls" module of this manual. 2.1 static route overview 2.1.1 static route static route is...
Page 566
3com router 3000 ethernet family configuration guide chapter 2 static route configuration 3com corporation 2-2 table, the default route is in the form of the route to the network 0.0.0.0 (with the mask 0.0.0.0). You can see whether it has been set via the output of the display ip routing-table comma...
Page 567
3com router 3000 ethernet family configuration guide chapter 2 static route configuration 3com corporation 2-3 1) vpn instance name 2) ip address and mask an ip address is in dotted decimal format. As the “1” in a 32-bit mask is required to be consecutive, a mask can be represented either by dotted ...
Page 569
3com router 3000 ethernet family configuration guide chapter 2 static route configuration 3com corporation 2-5 operation command view the routes within specified range of destination addresses display ip routing-table ip-address1 mask1 ip-address2 mask2 [ verbose ] view the routes passing the filter...
Page 570
3com router 3000 ethernet family configuration guide chapter 2 static route configuration 3com corporation 2-6 ii. Network diagram host3: 1.1.5.1/24 ethernet1/0/0: 1.1.1.2/24 serial2/0/0: 1.1.2.1/24 serial2/0/0: 1.1.2.2/24 ethernet1/0/0: 1.1.5.2/24 serial2/0/1: 1.1.3.1/24 serial2/0/0: 1.1.3.2/24 eth...
Page 571
3com router 3000 ethernet family configuration guide chapter 2 static route configuration 3com corporation 2-7 2.5 troubleshooting static route symptom 1: the router is not configured with dynamic routing protocol. Both the physical status of the interface and the link layer protocol are in up statu...
Page 572
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-1 chapter 3 rip configuration note: for the parameter explanation of vpn instance, refer to "mpls" module of this manual. 3.1 rip overview rip (routing information protocol) is a relatively simple int...
Page 573
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-2 z cost: the cost for the router to reach the destination, which should be an integer in the range of 0 to 15. Z timer: duration from the last time that the routing entry is modified till now. The ti...
Page 574
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-3 note: rip-2 supports both broadcasting and multicasting. By default, multicasting applies and the ip multicast address is 224.0.0.9. When rip-2 broadcasting is running on interfaces, rip-1 packets c...
Page 575
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-4 information to their respective adjacent networks so as to make the updated route globally known. Furthermore, rip uses the timeout mechanism to handle the timeout routes so as to ensure the real ti...
Page 576
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-5 z disable host route z configure route aggregation z configure route exchange of indirectly connected rip neighbors z configure traffic share across rip interfaces 3) rip parameters configuration z ...
Page 577
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-6 table 3-2 enable rip network operation command enable rip on the specified network network network-address disable rip on the specified network undo network network-address note that the operating n...
Page 578
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-7 3.2.4 configuring additional metrics additional metrics is the input or output metrics added to an rip route. It does not change the metric value of the route in the routing table, but adds a specif...
Page 579
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-8 when the protocol argument is set to bgp, the keyword allow-ibgp is optional. Whereas the import-route bgp command redistributes only ebgp routes, the import-route bgp allow-ibgp command redistribut...
Page 581
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-10 perform the following configuration in rip view. Table 3-9 configure route aggregation operation command enable the route aggregation function of rip-2 summary disable the route aggregation functio...
Page 582
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-11 configure unicast of rip packets when the routers running rip are not directly connected neighbors. Perform the following configuration in rip view. Table 3-10 configure unicast of rip packets oper...
Page 583
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-12 this command applies to the rip protocol both running in public networks and private networks in a mpls vpn. By default, traffic sharing across rip interfaces is disabled. A simpler traffic sharing...
Page 584
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-13 timer garbage-collection may be 90 to 120 seconds. This is because a router needs to wait for 4 update packets from the same neighbor before completely removing an unreachable route from the routin...
Page 585
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-14 helps rip-1-enabled hosts to avoid mistakenly receiving and processing routes with subnet masks of rip-2. When rip-2 is enabled on an interface, rip-1 packets can also be received. Perform the foll...
Page 586
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-15 rfc2453-compliant packet format; and rfc2082, which supports the rfc2082-compliant packet format. 3.2.16 specifying the operating state of the interface in interface view, you can specify the opera...
Page 587
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-16 table 3-19 configure multi-instance operation command enter mbgp address family view of rip ipv4-family [ unicast ] vpn-instance vpn-instance-name remove the configuration of mbgp address family vi...
Page 588
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-17 operation command display the rip routing table display rip routing [vpn-instance vpn-instance-name] enable packet debugging of rip. Debugging rip packets [ interface type number ] disable the pack...
Page 589
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-18 iii. Configuration procedure 1) configure routera: # configure the interfaces ethernet 2/0/0 and ethernet 6/0/0. [router a] interface ethernet 2/0/0 [router a-ethernet2/0/0] ip address 192.1.1.1 25...
Page 590
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-19 ii. Network diagram ethernet serial1/0/0 12.0.0.1/8 ethernet2/0/0 10.0.0.1/8 router a routerb ethernet2/0/0 10.0.0.2/8 serial1/0/0 12.0.0.2/8 routerc loopback0 11.0.0.1/8 figure 3-3 configure rip t...
Page 591
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-20 after the above configuration, executing display ip routing-table command on routerb and routerc, you can view the information of route 11.0.0.0/8. Shut down the interface ethernet2/0/0 of routera,...
Page 592
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-21 [routera-rip ] undo summary [routera-rip ] network 1.0.0.0 # configure the rip peer and configure not to check the source address of the rip packet. [routera-rip ] peer 2.0.0.1 [routera-rip ] undo ...
Page 593
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-22 in addition, when routerc functions as a pe, you must configure rip multi-instance, and you must configure not to check the received rip packets in rip mbgp address family view: # configure vpn-ins...
Page 594
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-23 [router-analogmodem1/0/0] dialer-group 1 [router-analogmodem1/0/0] dialer number 6688012 [router-analogmodem1/0/0] quit # enable rip on network segment 13.0.0.0/8. [router] rip [router-rip] network...
Page 595
3com router 3000 ethernet family configuration guide chapter 3 rip configuration 3com corporation 3-24 the opposite router is configured as the multicast mode (for example, the rip version 2 multicast command is executed) but the local router is not configured as the multicast mode. Symptom 2: route...
Page 596
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-1 chapter 4 ospf configuration 4.1 ospf overview 4.1.1 introduction to ospf ospf (open shortest path first) is a link state-based internal gateway protocol developed by ietf organization. At present,...
Page 597
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-2 z a router uses the spf algorithm to calculate the shortest path tree with itself as the root. The tree shows the routes to the nodes in the autonomous system. The external routing information is l...
Page 598
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-3 if a dr becomes invalid due to some fault, it must be reelected and synchronized. It takes time and meanwhile the route calculation is incorrect. In order to speed up this process, ospf puts forwar...
Page 599
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-4 area 12 area 8 area 19 area 0 virtual link 19.1.1.0/24 19.1.2.0/24 19.1.3.0/24 rta figure 4-1 area and route aggregation 4.1.4 ospf packets ospf uses five types of packets: z hello packet: a kind o...
Page 600
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-5 4.1.5 lsa types available in ospf i. Five types of basic lsas ospf calculates and maintains routing information primarily by sending lsas. Five types of lsas are defined in rfc2328: z router-lsas: ...
Page 601
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-6 an opaque lsa includes a standard 20-byte lsa header and application information-specific domain. See the following figure: options 8-bit ls ty pe (9, 10 or 11) 8-bit ls age 16-bit opaque ty pe 8-b...
Page 602
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-7 backbone area abr 1 abr 2 a b c area 1 area 1 area 2 area 1 area 2 area 2 figure 4-3 network diagram for route backup across non-backbone areas as shown in the above figure, devices a, b, and c are...
Page 603
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-8 if the ospf backbone area is not consecutive, then it is required to z configure ospf virtual link if the network types for ospf are different, then it is required to z configure network type z con...
Page 604
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-9 automatically select one from ip addresses of the current interfaces as the router id. When you do that manually, you must guarantee that the ids of any two routers in the as are unique. A common p...
Page 605
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-10 z the default process id 1 will be selected if no one is specified when configuring the ospf command; process id 1 is disabled by default if no one is specified when configuring the undo ospf comm...
Page 606
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-11 4.2.5 configuring ospf virtual links ospf stipulates that all non-backbone areas should maintain connectivity with the backbone area. That is, at least one interface on the abr should fall into th...
Page 607
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-12 z broadcast: if ethernet or fddi is adopted, osfp defaults the network type to broadcast. Z non-broadcast multi-access (nbma): if frame relay, atm, hdlc or x.25 is adopted as a link layer protocol...
Page 608
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-13 by default, ospf identifies network type by looking at link layer type. After you specify a network type for the interface, the original network type is removed automatically. 4.2.7 configuring th...
Page 609
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-14 z external route type 1 z external route type 2 intra-area and inter-area routes describe the internal as topology whereas the external routes describe how to select the route to the destinations ...
Page 610
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-15 relevant protocol information, such as the number used to distinguish different ass when ospf receives bgp. Perform the following configuration in ospf view. Table 4-9 configure parameters for osp...
Page 611
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-16 z using the default-route-advertise command at asbr or abr in nssa, you can generate a default route which is advertised by the type-7 lsa into nssa. Z this command is absolutely ineffective to st...
Page 612
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-17 i. Configuring ospf to filter received routes after ospf receives lsas, it may decide based on certain filtering conditions whether to add the computed routes to the routing table. The routes filt...
Page 613
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-18 note: z the filter-policy import command only filters the ospf routes of this process received from the neighbors, and routes that cannot pass the filter are not to be added to the routing table. ...
Page 615
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-20 table 4-15 set ospf route preference operation command configure a preference for ospf to compare with the other routing protocols preference [ ase ]preference restore the default protocol prefere...
Page 616
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-21 perform the following configuration in interface view. Table 4-17 set dead time for the neighboring routers operation command configure a dead timer for the neighboring routers ospf timer dead sec...
Page 617
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-22 dr is elected by all the routers on the segment. Routers with the priorities greater than 0 in the network are eligible "candidates". Among all the routers self-proclaimed to be the dr, the one wi...
Page 618
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-23 table 4-19 set the interface priority for dr election operation command configure the interface with a priority for dr election ospf dr-priority priority_num restore the default interface priority...
Page 619
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-24 4.2.17 configuring an interval required for sending lsu packets transmitting-delay should be added to the aging time of the lsa in an lsu packet. Setting the parameter like this mainly considers t...
Page 620
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-25 table 4-24 configure maximum number of ospf equal-cost routes operation command configure maximum number of ospf equal-cost routes multi-path-number number restore the default maximum number of os...
Page 621
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-26 table 4-26 configure ospf packet authentication operation command specify a password for ospf simple text authentication ospf authentication-mode simple password cancel plain text authentication o...
Page 622
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-27 4.2.22 configuring ospf stub area the stub area, a type of ospf area, does not receive or advertise type-5 lsas. The stub area is often at the as border and can effectively minimize the lsdb size ...
Page 623
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-28 4.2.23 configuring nssa parameters of ospf rfc1587 (ospf nssa option) defines the not-so-stubby-area (nssa), which keeps the strong points of stub area while providing flexible networking. This ar...
Page 624
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-29 table 4-29 configure nssa area parameters of ospf operation command configure an area to be an nssa area nssa [ default-route-advertise ] [ no-import-route ] [ no-summary ] remove a configured nss...
Page 625
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-30 the default-cost parameter, which is only available for the nssa abr, defines the cost value for the default route advertised by the abr to the nssa. 4.2.24 enabling opaque capacity of ospf enable...
Page 627
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-32 table 4-34 display and debug ospf operation command display the summary of ospf redistributed routes display ospf [ process-id ] asbr-summary [ ip-address mask ] display the brief information of t...
Page 628
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-33 operation command disable the debugging of ospf lsa packet undo debugging ospf lsa enable ospf spf debugging debugging ospf spf disable ospf spf debugging undo debugging ospf spf 4.4 ospf configur...
Page 629
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-34 [routera-serial1/0/0] ip address 10.0.0.1 255.0.0.0 [routera-serial1/0/0] interface ethernet0/0/0 [routera-ethernet 0/0/0] ip address 20.0.0.1 255.0.0.0 [routera- ethernet 0/0/0] interface etherne...
Page 630
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-35 enable the ospf process 200 on the interface ethernet2/0/0 of router c in area 0. Router a and router b can be neighbors, and router b and router c can be neighbors. Ii. Network diagram ethernet1/...
Page 631
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-36 [router b-ospf-200-area-0.0.0.0] network 131.108.0.0 0.0.255.255 # configure router c: [router c] interface ethernet 2/0/0 [router c-ethernet2/0/0] ip address 131.108.1.1 255.255.0.0 [router c-eth...
Page 632
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-37 [router a-ethernet1/0/0] ospf dr-priority 100 [router a-ethernet1/0/0] quit [router a] router id 1.1.1.1 [router a] ospf [router a-ospf] area 0 [router a-ospf-area-0.0.0.0] network 192.1.1.0 0.0.0...
Page 633
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-38 [router b-ethernet1/0/0] ospf dr-priority 200 on router a, run display ospf peer to view its ospf peers. Please note the priority of router b has been modified as 200, but it is still not the dr. ...
Page 634
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-39 [router a-ospf-area-0.0.0.0] network 192.1.1.0 0.0.0.255 # configure router b: [router b] interface ethernet 2/0/0 [router b-ethernet2/0/0] ip address 192.1.1.2 255.255.255.0 [router b-ethernet2/0...
Page 635
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-40 ii. Network diagram 1.1.1.1 2.2.2.2 3.3.3.3 area 0 area 1 ethernet2/0/0 192.1.1.1/24 ethernet2/0/0 192.1.1.2/24 serial1/0/0 193.1.1.2/24 serial1/0/0 193.1.1.1/24 simple authentication md5 authenti...
Page 636
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-41 [router b] interface ethernet 2/0/0 [router b-ethernet2/0/0] ip address 192.1.1.2 255.255.255.0 [router b-ethernet2/0/0] authentication-mode simple password [router b] router id 2.2.2.2 [router b]...
Page 637
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-42 [routera-serial1/0/0] ip address 10.0.0.1 255.0.0.0 [routera-serial1/0/0] interface ethernet0/0/0 [routera-ethernet 0/0/0] ip address 20.0.0.1 255.0.0.0 [routera- ethernet 0/0/0] interface etherne...
Page 638
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-43 4.5 troubleshooting ospf symptom 1: the ospf is configured according to the above procedures, but the router ospf cannot operate normally. Troubleshooting: please check according to the following ...
Page 639
3com router 3000 ethernet family configuration guide chapter 4 ospf configuration 3com corporation 4-44 as is shown in the following figure, only an area is configured in rta and rtd, but two areas are configured in rtb (area0, area1) and rtc (area1, area2) respectively. In which, rtb has an area wi...
Page 640
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-1 chapter 5 integrated is-is configuration 5.1 integrated is-is overview intermediate system-to-intermediate system intra-domain routing information exchange protocol (is-is) is the dynam...
Page 641
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-2 ii. Link types suitable for is-is is-is can operate over point-to-point links, such as ppp and hdlc, or broadcast links, such as ethernet and token-ring. For nbma (non-broadcast multi-a...
Page 642
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-3 es routing domain boundary is-is area end system subnetwork path level 1 is-is routing level 2 is-is routing interdomain routing intermediate system es is area 1 area 2 area 3 routing d...
Page 643
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-4 level-1 routers do not know outside routing information, which may make them unable to choose the best route to a destination address outside their local area. In order to address the a...
Page 644
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-5 extend every part of the ip address 168.10.1.1 to 3 bits. Add 0 to the front of the part that includes less than 3 bits. Divide the extended address 168.010.001.001 into 3 parts, with e...
Page 645
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-6 i. Hello packet hello packets, also called as iihs (is-to-is hello pdus), are used to create and construct neighboring relationship. Among them, the level-1 lan iih apply to level-1 rou...
Page 646
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-7 z configure router type z set to generate the default route z configure is-is authentication password z configure route aggregation z configure overload flag bit z configure to ignore t...
Page 647
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-8 table 5-2 configure net operation command set net network-entity net delete net undo network-entity net the format of parameter net is x...Xxxxxxxxxxxx.Xx, among which the first "x…x" i...
Page 648
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-9 you are recommended to configure the isis small-hello command on the interfaces with an mtu greater than 1500 bytes, such as tunnel and ge interfaces. 5.2.5 configuring metrics notation...
Page 649
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-10 i. Configuring the hello packet broadcast interval is-is sends hello packets on an interface periodically. Routers maintain their neighboring relationship through the sending/receiving...
Page 650
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-11 table 5-9 configure the lsp packet transmission interval operation command set lsp packet transmission interval on the interface, measured in milliseconds. Isis timer lsp time restore ...
Page 651
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-12 by default, the number of hello messages is 3. If neither level-1 nor level-2 is configured in the command, the configuration takes effect on hello messages of both level-1 and level-2...
Page 652
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-13 so as to save the bandwidth. However level-1 and level-2 use the same kind of hello packet over the p2p link, and therefore such setting is unnecessary in this case. By default, the ci...
Page 653
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-14 by default, the lsp is flooded normally from the interface. When configured with the mesh-blocked parameter, it will not flood the lsp to other interfaces. Thus the is-is configuration...
Page 654
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-15 5.2.14 configuring is-is authentication password users can configure the is-is area or the is-is routing domain with authentication password. If area authentication is needed, the area...
Page 655
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-16 5.2.15 configuring route aggregation route aggregation aggregates multiple routes in the same segment but different subnets into a single route. The segment does not necessarily mean a...
Page 656
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-17 perform the following configuration in is-is view. Table 5-21 configure to ignore the lsp checksum errors operation command configure to ignore the lsp checksum errors ignore-lsp-check...
Page 657
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-18 5.2.20 configuring lifetime of lsp when a router generates the lsp of the system, it will fill in the maximum lifetime of this lsp. When other routers receive this lsp, its life time w...
Page 658
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-19 table 5-26 set spf fragmented calculation operation command set spf fragmented calculation spf-slice-size seconds restore the default setting undo spf-slice-size by default, spf calcul...
Page 659
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-20 table 5-28 enable/disable the interface to send is-is packets operation command disable the interface to send is-is packets silent-interface silent-interface-type silent-interface-numb...
Page 660
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-21 by default, is-is does not redistribute routing information from any other protocols. 5.2.26 configuring is-is route filtering is-is protocol can filter received and redistributed rout...
Page 661
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-22 note: z the filter-policy import command only filters the is-is routes received from neighbors, and routes that cannot pass the filter are not to be added to the routing table. This co...
Page 662
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-23 table 5-33 configure is-is routing leak operation command enable is-is routing leak import-route isis level-2 into level-1 [ acl acl-number ] disable is-is routing leak undo import-rou...
Page 663
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-24 operation command display lsdb of is-is display isis lsdb [ l1 ] [ l2 ] [ level-1 ] [ level-2 ] [ local ] [ verbose ] [ lspid ] display spf calculation logs of is-is display isis spf-l...
Page 664
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-25 ii. Network diagram e2/0/0 100.0.0.1/24 e2/0/0 200.0.0.1/24 serial1/0/0 100.10.0.1/24 serial2/0/0 100.10.0.2/24 e3/0/0 200.10.0.1/24 e1/0/0 200.10.0.2/24 e2/0/0 200.20.0.1/24 100.20.0....
Page 665
3com router 3000 ethernet family configuration guide chapter 5 integrated is-is configuration 3com corporation 5-26 [rtc] isis [rtc-isis] network-entity 86.0001.0000.0000.0007.00 [rtc] interface ethernet 1/0/0 [rtc-ethernet1/0/0] ip address 200.10.0.2 255.255.255.0 [rtc-ethernet1/0/0] isis enable [r...
Page 666
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-1 chapter 6 bgp configuration note: for vpn instances and vpnv4 configuration examples and parameter explanation in bgp, refer to the "multicast" and "mpls" modules of this manual. 6.1 bgp overview bo...
Page 667
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-2 routing policies, allowing implementing flexible filtering and route selection and being extended easily to support new developments of the networks. Bgp runs on a special router as an upper-layer p...
Page 668
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-3 z compare med routing costs from the peers in different ass z configure bgp community z configure bgp route aggregation z configure the bgp preference z configure bgp route reflector z configure bgp...
Page 669
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-4 6.2.3 configuring a bgp peer/peer group the bgp speakers who exchange bgp packets form peer relationship. A bgp peer cannot exist independently from its peer group. In other words, a peer must belon...
Page 670
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-5 you cannot specify an as number for a peer group with members. When the as number of a peer group is deleted, all peers in the peer group also are deleted. Iii. Adding a peer into a peer group a bgp...
Page 671
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-6 table 6-7 connect with ebgp peer groups on indirectly connected networks operation command configure to permit connections with ebgp peer groups on indirectly connected networks peer group-name ebgp...
Page 672
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-7 viii. Configuring to send community attributes to a peer group table 6-10 configure to send community attributes to a peer group operation command configure to send community attributes to a peer gr...
Page 673
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-8 table 6-13 configure to take the local address as the next-hop in advertising a route operation command configure itself as the next hop in advertising a route peer group-name next-hop-local disable...
Page 675
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-10 xvi. Disabling a bgp peer/peer group to initiate or receive bgp connection perform the following configuration in bgp view or vpn instance view. Table 6-18 disable a bgp peer/peer group to initiate...
Page 676
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-11 ii. Configuring a route filtering policy based on ip acl table 6-20 configure a route filtering policy based on ip acl operation command configure to apply an ip acl-based route filtering policy to...
Page 677
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-12 iv. Configuring a route filtering policy based on address prefixes table 6-22 configure a route filtering policy based on address prefixes operation command configure to apply an address prefixes-b...
Page 678
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-13 perform the following configuration in bgp view. Table 6-24 configure bgp timers operation command configure bgp timers timer keepalive keepalive-interval hold holdtime-interval restore the default...
Page 679
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-14 local preference is used to select the route for going out of an as; while the med attribute is used to judge the optimal route for entering an as. When a bgp router receives multiple routes with t...
Page 680
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-15 6.2.10 configuring the bgp community attributes the community attributes are optional and transitional. Some of them are accepted all around the world, called as standard community attributes; othe...
Page 681
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-16 table 6-29 configure bgp route aggregation operation command configure the subnet routes automatic summary function summary cancel the subnet routes automatic summary function undo summary configur...
Page 682
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-17 6.2.13 configuring the bgp route reflector to ensure the connectivity between ibgp peers, it is necessary to establish a fully connected network. In some networks, there are large numbers of ibgp p...
Page 683
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-18 function is implemented by the route reflector, and all its client peers and non-client peers are regular bgp peers that have no relation to the reflection function. The client peers are clients ju...
Page 684
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-19 6.2.14 configuring bgp as confederation attribute confederation provides another solution to handle the booming ibgp network connections inside an as. It divides an as into multiple sub-ass, with t...
Page 685
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-20 by default, no sub-as is configured as a member of the confederation. The configured confederation sub-as number cannot be the same as the as number of a certain peer who is not configured with pee...
Page 686
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-21 table 6-36 configure bgp route dampening operation command configure bgp route dampening dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling ] [ route-policy route-policy-n...
Page 687
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-22 6.2.17 configuring the repeating times of local as number this command can be used to configure the repeating times of local as number. Perform the following configuration in bgp view, vpnv4 view a...
Page 688
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-23 of this group of lists, it means that the routing information has been filtered by this group of as-path lists identified with this list number. Iii. Defining a route-policy step 1: for route-polic...
Page 690
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-25 as 100 as 200 routera routerb routerc routerd routere figure 6-2 bgp load balancing in the above figure, router d and router e are ibgp peers of router c. When router a and router b advertise route...
Page 691
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-26 table 6-43 reset bgp connection operation command reset bgp connection between specified peers reset bgp peer-address [ vpn-instance vpn-instance-name ] reset all bgp connections reset bgp all [ vp...
Page 693
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-28 operation command disable the system to output state changes of the peer for the current ospf process (in bgp view) undo log-peer-change enable/disable debugging of all bgp information [ undo ] deb...
Page 694
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-29 operation command display the route flapping information more detailed than that of the specified address display bgp routing flap-info network-address mask longer-match 6.4 bgp configuration examp...
Page 695
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-30 iii. Configuration procedure 1) configure router a: # configure the ethernet interface. [router a] interface ethernet0/0/0 [router a-ethernet0/0/0] ip address 172.68.10.1 255.255.255.0 # configure ...
Page 696
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-31 [router c-bgp] confederation peer-as 1001 1002 [router c-bgp] group confed1001 external [router c-bgp] peer confed1001 as-number 1001 [router c-bgp] peer 172.68.10.1 group confed1001 [router c-bgp]...
Page 697
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-32 [router a-bgp] group ex external [router a–bgp] peer 192.1.1.2 group ex as-number 200 [router a–bgp] network 1.0.0.0 255.0.0.0 2) configure router b: [router b] interface serial 2/0/0 [router b-ser...
Page 698
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-33 6.4.3 configuring bgp load balancing i. Network requirement ebgp connection is created between router c and router a and between router c and router b. Ibgp connection is created between router c a...
Page 699
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-34 [router c-bgp] group ex external [router c-bgp] peer ex as-number 100 [router c-bgp] peer 1.1.1.1 group ex [router c-bgp] peer 2.1.1.1 group ex [router c-bgp] group in internal [router c-bgp] peer ...
Page 700
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-35 ip-address command should be used to specify the source ip address sending ping packet. Z if the ping operation fails, use display ip routing command to check if there is available route in the rou...
Page 701
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-36 6.6.3 mbgp applied on the router the router adopts address family to differentiate different network layer protocols. For values of address family, refer to rfc1700. The router provides various mbg...
Page 702
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-37 operation command remove the mbgp multicast address family configuration undo ipv4-family multicast enter mbgp vpn-instance address family view ipv4-family vpn-instance vpn-instance-name remove mbg...
Page 703
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-38 6.9 mbgp configuration example mbgp is mainly applied to extension of some new services. Its configuration is similar to bgp. The following examples in networking and configuration are the same wit...
Page 704
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-39 # configure mbgp of router a. [router a] bgp 100 [router a-bgp] group ex external [router a-bgp] peer 192.1.1.2 group ex as-number 200 [router a-bgp] ipv4-family multicast [router a-bgp-af-mul] pee...
Page 705
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-40 [router c-serial2/0/0] ip address 193.1.1.1 255.255.255.0 [router c-serial2/0/0] quit [router c] interface serial 1/0/0 [router c-serial1/0/0] ip address 194.1.1.1 255.255.255.0 [router c-serial1/0...
Page 706
3com router 3000 ethernet family configuration guide chapter 6 bgp configuration 3com corporation 6-41 [routerd-bgp-af-mul] peer 194.1.1.1 group in use the display bgp multicast routing command on router b to display the bgp routing table. It should be noted that router b has known the existence of ...
Page 707
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-1 chapter 7 ip routing policy configuration 7.1 ip routing policy overview when a router distributes or receives routing information, it possibly needs to implement some policies to filt...
Page 708
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-2 ii. Acl there are three kinds of acls: advanced represents advanced acl, basic represents basic acl and interface represents interface-based acl. Normally, basic acl and advanced acl a...
Page 709
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-3 the definition of the community-list has already been implemented in the bgp configuration. For the relevant configurations, please refer to the ip community-list command in the bgp co...
Page 710
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-4 during the matching, the router checks list items identified by the index-number in the ascending order. If any one list item meets the condition, it means that it has passed the ip-pr...
Page 711
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-5 the filter-policy import command allows a routing protocol to filter routes received from the same routing protocol and to block the routing information filtered out from being added t...
Page 712
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-6 iv. Configuring to filter the distributed routes define a policy concerning route distribution to filter the routing information not satisfying the conditions while redistributing rout...
Page 715
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-9 table 7-7 define apply clauses operation command add the specified as number before the as-path series of the bgp routing information apply as-path as-number-1 [ as-number-2 [ as-numbe...
Page 716
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-10 by default, no configuration is performed. Please note that if the routing information meets the match conditions specified in the route-policy and also notifies the med value configu...
Page 717
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-11 7.3 displaying and debugging the routing policy after the above configuration, execute display command in all views to display the running of the routing policy configuration, and to ...
Page 718
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-12 [router] ip ip-prefix p2 permit 128.2.0.0 16 # configure a route-policy. [router] route-policy r1 permit node 10 [router-route-policy] if-match ip-prefix p1 [router-route-policy] appl...
Page 719
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-13 [router] ip ip-prefix p1 permit 192.1.1.0 24 [router] ip ip-prefix p1 permit 192.1.2.0 24 # configure rip. [router] rip [router-rip] network 192.1.0.0 [router-rip] network 202.1.1.0 [...
Page 720
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-14 [router a] ip route-static 20.0.0.1 32 serial 1/0/0 [router a] ip route-static 30.0.0.1 32 serial 1/0/0 [router a] ip route-static 40.0.0.1 32 serial 1/0/0 # enable the ospf protocol ...
Page 721
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-15 ii. Network diagram serial2/0/0 192.1.1.1/24 serial1/0/0 193.1.1.1/24 1.1.1.1 as100 ebgp network 1.0.0.0 serial2/0/0 192.1.1.2/24 2.2.2.2 3.3.3.3 4.4.4.4 network 2.0.0.0 network 3.0.0...
Page 722
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-16 [router a-route-policy] quit [router a] route-policy apply_med_100 permit node 10 [router a-route-policy] if-match acl 2001 [router a-route-policy] apply cost 100 [router a-route-poli...
Page 723
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-17 [router c-bgp] group in internal [router c-bgp] peer 195.1.1.1 group in [router c-bgp] import-route ospf 4) configure router d: [routerd] interface serial 1/0/0 [routerd-serial1/0/0] ...
Page 724
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-18 [routerc-bgp] peer 193.1.1.1 route-policy localpref import by then, due to the fact that the local preference attribute value (200) of the route 1.0.0.0 learned by router c is greater...
Page 725
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-19 # configure the rip protocol. [routera] rip [routera-rip] network 129.102.1.6 [routera-rip] quit # configure bgp internal and external neighbors. [routera] bgp 300 [routera-bgp] undo ...
Page 726
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-20 [routerd- serial 0/0/0] interface serial 0/0/1 [routerd- serial 0/0/1] ip address 120.56.0.1 255.255.255.0 [routerd- serial 0/0/1] interface ethernet 1/0/0 [routerd- ethernet 1/0/0] i...
Page 727
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-21 [routera-acl-3001] quit [routera] quit you will see that the next hop of 192.168.1.0 is changed to 10.0.0.2. If you configure the origin attribute on routerd: [routerd] bgp 100 [route...
Page 728
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-22 ii. Network diagram figure 7-6 configure routing policy based on the bgp community attribute iii. Configuration procedure 1) configure rta: [routera] bgp 100 # configure peer ex200, a...
Page 729
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-23 [rtb-bgp] peer 16.10.10.1 group ex100 as-number 100 [rtb-bgp] peer ex100 advertise-community # configure routing policy for distributing routes to ex100. [rtb-bgp] peer ex100 route-po...
Page 730
3com router 3000 ethernet family configuration guide chapter 7 ip routing policy configuration 3com corporation 7-24 troubleshooting: check the following requirements: z the if-match mode of at least one node of the route-policy should be the permit mode. When a route-policy is used for the routing ...
Page 731
3com router 3000 ethernet family configuration guide chapter 8 route capacity configuration 3com corporation 8-1 chapter 8 route capacity configuration 8.1 route capacity configuration overview 8.1.1 introduction to route capacity configuration in practical networking applications, there are always ...
Page 732
3com router 3000 ethernet family configuration guide chapter 8 route capacity configuration 3com corporation 8-2 z enable automatic recovery of the disconnected routing protocol 8.2.1 configuring the lower limit and the safety value of the router memory when the router memory is equal to or lower th...
Page 733
3com router 3000 ethernet family configuration guide chapter 8 route capacity configuration 3com corporation 8-3 table 8-2 disable the automatic recovery function operation command disable the automatic recovery function memory auto-establish disable by default, the automatic recovery function is en...
Page 734: Multicast Protocol
3com router 3000 ethernet family configuration guide 3com corporation i multicast protocol.
Page 735: Table of Contents
3com router 3000 ethernet family configuration guide table of contents 3com corporation i table of contents chapter 1 ip multicast ................................................................................................................... 1-1 1.1 ip multicast overview ..........................
Page 736
3com router 3000 ethernet family configuration guide table of contents 3com corporation ii 3.2.13 deleting igmp group from interface..................................................................... 3-9 3.3 igmp display and debug ......................................................................
Page 737
3com router 3000 ethernet family configuration guide table of contents 3com corporation iii 5.1.1 msdp working principles ....................................................................................... 5-1 5.2 msdp configuration ..................................................................
Page 738
3com router 3000 ethernet family configuration guide table of contents 3com corporation iv 6.2.14 configuring mbgp route filtering...................................................................... 6-12 6.2.15 resetting bgp connections ................................................................
Page 739: Chapter 1 Ip Multicast
3com router 3000 ethernet family configuration guide chapter 1 ip multicast 3com corporation 1-1 chapter 1 ip multicast 1.1 ip multicast overview various transmission methods can be used when the information (including data, voice and video) is to be sent to a limited number of users on the network....
Page 740
3com router 3000 ethernet family configuration guide chapter 1 ip multicast 3com corporation 1-2 if there is a router that does not support multicast, a multicast router can encapsulate the multicast packets in unicast ip packets with tunneling and send them to the neighboring multicast router. The ...
Page 741
3com router 3000 ethernet family configuration guide chapter 1 ip multicast 3com corporation 1-3 class d address range description 239.0.0.0 to 239.255.255.255 multicast addresses for local management. They are valid only in the specified local range. Reserved multicast addresses that are commonly u...
Page 742
3com router 3000 ethernet family configuration guide chapter 1 ip multicast 3com corporation 1-4 no longer a specific receiver but a group with unspecific members. Therefore, the multicast mac address should be used. A multicast mac address corresponds with a group of multicast ip addresses. As inte...
Page 743
3com router 3000 ethernet family configuration guide chapter 1 ip multicast 3com corporation 1-5 users on the network quit the multicast group, the related branch will be removed from the multicast tree. 1.3.2 multicast routing protocols multicast group uses the virtual address. In multicast, it is ...
Page 744
3com router 3000 ethernet family configuration guide chapter 1 ip multicast 3com corporation 1-6 the virtual place for data exchange) to ensure that the receiving stations it connects to can receive the multicast data stream. The path this join message takes through routers to the root (the rp) beco...
Page 745
3com router 3000 ethernet family configuration guide chapter 1 ip multicast 3com corporation 1-7 z rpf (reverse path forwarding) to ensure that multicast packets reach a router along the shortest path, the multicast router must check the receiving interface of multicast packets depending on the unic...
Page 746
3com router 3000 ethernet family configuration guide chapter 2 common multicast configuration 3com corporation 2-1 chapter 2 common multicast configuration 2.1 common multicast configuration overview both multicast group management protocol and multicast routing protocol are involved with common mul...
Page 747
3com router 3000 ethernet family configuration guide chapter 2 common multicast configuration 3com corporation 2-2 2.2.2 configuring the minimum ttl of multicast packets ttl value for multicast forwarding can be configured on all interfaces that support multicast packet forwarding. When a packet is ...
Page 748
3com router 3000 ethernet family configuration guide chapter 2 common multicast configuration 3com corporation 2-3 2.2.4 configuring the number limit of multicast routing entries the number of multicast routing entries can be limited to prevent the router memory from being exhausted. Perform the fol...
Page 749
3com router 3000 ethernet family configuration guide chapter 2 common multicast configuration 3com corporation 2-4 table 2-6 clear routing entry from the multicast kernel routing table operation command clear routing entry from the multicast kernel routing table reset multicast routing-table all res...
Page 750
3com router 3000 ethernet family configuration guide chapter 2 common multicast configuration 3com corporation 2-5 three types of multicast routing tables are involved in the multicast implementation of v 2.41: individual multicast routing tables of each multicast routing protocol; a multicast kerne...
Page 751
3com router 3000 ethernet family configuration guide chapter 3 igmp configuration 3com corporation 3-1 chapter 3 igmp configuration 3.1 igmp overview 3.1.1 introduction to igmp igmp (internet group management protocol) is a protocol in the tcp/ip suite responsible for management of ip multicast memb...
Page 752
3com router 3000 ethernet family configuration guide chapter 3 igmp configuration 3com corporation 3-2 ii. Leave group mechanism in igmp version 1, hosts leave the multicast group quietly without informing any multicast router. Only when a query message times out, can the multicast router know that ...
Page 753
3com router 3000 ethernet family configuration guide chapter 3 igmp configuration 3com corporation 3-3 exterior network general group/ group-specific query information igmp join/ igmp leave information ethernet1/0/0 ethernet0/0/0 general group/ igmp / leave ethernet0/0/0 33.33.33.1 33.33.33.2 22.22....
Page 754
3com router 3000 ethernet family configuration guide chapter 3 igmp configuration 3com corporation 3-4 z enable igmp on an interface z configure igmp proxy advanced configuration tasks of igmp include: z configure a router as a group member z control the access to ip multicast group z configure igmp...
Page 755
3com router 3000 ethernet family configuration guide chapter 3 igmp configuration 3com corporation 3-5 3.2.3 configuring igmp proxy igmp proxy can be configured to reduce the configuration and management work of the leaf network without affecting the multicast connection there. After igmp proxy is c...
Page 756
3com router 3000 ethernet family configuration guide chapter 3 igmp configuration 3com corporation 3-6 by default, a router does not join any multicast group. 3.2.5 controlling the access to ip multicast group multicast router determines the group membership of a network by received igmp response me...
Page 758
3com router 3000 ethernet family configuration guide chapter 3 igmp configuration 3com corporation 3-8 3.2.9 configuring igmp max query response time the host, when receiving a query message from the router, will configure a timer for each multicast group it belongs to. The value of the timer is sel...
Page 759
3com router 3000 ethernet family configuration guide chapter 3 igmp configuration 3com corporation 3-9 if the number of igmp groups on an interface has exceeded the specified value during configuration, no igmp group will be deleted. 3.2.11 configuring last member query interval when an igmp querier...
Page 761
3com router 3000 ethernet family configuration guide chapter 3 igmp configuration 3com corporation 3-11 ii. Network diagram router b exterior network leaf network ethernet1/0/0 ethernet0/0/0 ethernet0/0/0 33.33.33.1 33.33.33.2 22.22.22.1 router a router b receiver exterior network leaf network ether...
Page 762
3com router 3000 ethernet family configuration guide chapter 3 igmp configuration 3com corporation 3-12 [routera-ethernet0/0/0] igmp enable [routera-ethernet0/0/0] pim dm # configure interface ethernet0/0/0 to exclude 33.33.33.2 as one of its pim neighbors. [routera-ethernet0/0/0] pim neighbor-polic...
Page 763
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-1 chapter 4 pim configuration 4.1 pim overview 4.1.1 pim-dm pim-dm (protocol independent multicast, dense mode) is a kind of multicast routing protocol suitable for small-scaled networks where multica...
Page 764
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-2 packet will be discarded as a redundant one. The concerned unicast routing information can be of any unicast routing protocol such as rip or ospf. Iv. Assert mechanism as shown in figure 4-1, router...
Page 765
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-3 data flows along the shared tree to the network segments where the multicast group members are. When the data traffic is massive, the spt (shortest path tree) rooted on the source can be used to red...
Page 766
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-4 send a join message to the node of a higher level toward the source s, which results in switching from the rpt to the spt. Ii. Preparation before configuring pim-sm 1) configure candidate-rps in a p...
Page 767
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-5 4.2.2 enabling igmp on an interface refer back to the chapter “igmp configuration”. 4.2.3 enabling pim-dm if enabled on an interface, pim-dm sends pim hello message periodically and process protocol...
Page 768
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-6 table 4-3 configuring the interval of hello messages operation command configure the hello message interval on an interface pim timer hello seconds restore the default value of the interval undo pim...
Page 769
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-7 the maximum number of pim neighbors of an router interface can be configured to avoid exhausting ems memory of the router or router faults. The maximum number of pim neighbors of a router however is...
Page 770
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-8 4.3.1 enabling multicast refer back to the chapter “common multicast configuration”. 4.3.2 enabling igmp on the interface refer backup to the chapter “igmp configuration”. 4.3.3 enabling pim-sm this...
Page 771
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-9 4.3.6 configuring candidate-bsr in a pim domain, one or more c-bsrs should be configured. A bsr (bootstrap router) is elected automatically among c-bsrs, to take charge of rp information collecting ...
Page 772
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-10 4.3.7 configuring candidate-rp in pim-sm, a shared tree roots at an rp, with one or possibly many multicast groups mapped to the rp. Perform the following configuration in pim view. Table 4-10 conf...
Page 773
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-11 state, the router will function as the static rp. It is unnecessary to enable pim on the interface that functions as static rp. Basic acl can be used to control the range of multicast group served ...
Page 774
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-12 if the entry (s, g) of a source group is denied or not defined by the acl, or there is no acl, the rp will send registerstop information to the dr to stop the registration of this multicast data st...
Page 777
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-15 note: the debugging pim sm register-proxy command can only be used to enable the debugging in distributed routers where the interface board substitutes the main control board to send register packe...
Page 778
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-16 # enable pim-dm on the interfaces ethernet2/0/0, serial1/0/0 and serial1/1/0 respectively. [3com] interface serial 1/0/0 [3com-serial1/0/0] pim dm [3com-serial1/0/0] ip address 10.16.1.1 24 [3com-s...
Page 779
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-17 [3com-ospf-1-area-0.0.0.0] network 10.16.4.0 0.0.0.255 [3com-ospf-1-area-0.0.0.0] quit [3com-ospf-1] quit 3) configure router c: # enable multicast. System-view [3com] multicast routing-enable # en...
Page 780
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-18 note: in practice, a network may comprise routing devices of different vendors that run different routing protocols. In this example, the routing protocol is ospf. Ii. Network diagram router a seri...
Page 781
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-19 # configure the threshold for a specified multicast group to switch from the shared tree to the shortest path tree to 10 kbps. [routera] acl number 2005 [routera-acl-basic-2005] rule permit source ...
Page 782
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-20 system-view [routerb] multicast routing-enable [routerb] interface serial 1/0/0 [routerb-serial1/0/0] pim sm [routerb-serial1/0/0] ip address 10.16.3.2 24 [routerb-serial1/0/0] quit [routerb] inter...
Page 783
3com router 3000 ethernet family configuration guide chapter 4 pim configuration 3com corporation 4-21 on multicast source associate multicast programs with multicast addresses, for example, movie online with 224.0.1.1. After you configure the boundary on interface serial4/0/0, router d can no longe...
Page 784
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-1 chapter 5 msdp configuration 5.1 msdp overview multicast source discovery protocol (msdp) is used to discover multicast source information in other pim-sm domains. A rp configured with msdp peer no...
Page 785
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-2 3) the rp in domain 1 decapsulates the packet and forwards it along the rpt to all the members within the domain. The domain members can choose to take the path along spt. 4) the rp in domain 1 gen...
Page 786
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-3 3) if the sa message is from a static rpf peer as from rtd to rte, it is received and forwarded to other peers. 4) if the sa message is from an msdp peer in mesh group as from rtb to rtd, it is rec...
Page 787
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-4 5.2 msdp configuration basic configuration tasks of msdp include: z enable msdp z configure an msdp peer advanced configuration tasks of msdp include: z configure a static rpf peer z configure orig...
Page 788
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-5 operation command remove the description undo peer peer-address description text the command for description is optional. If the local router is also in bgp peer relation with an msdp peer, the msd...
Page 789
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-6 5.2.4 configuring originating rp during the creation of sa message, an msdp peer can be configured to use the ip address of a specified interface as the rp address in its sa message. Perform the fo...
Page 790
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-7 table 5-6 configure the maximum number of sas cached operation command configure the maximum number of sas cached peer peer-address sa-cache-maximum sa-limit restore the default configuration undo ...
Page 791
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-8 table 5-8 filter the multicast routing entries imported operation command advertise only the (s, g) entries permitted by the acl import-source [ acl acl-number ] remove the above configuration undo...
Page 792
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-9 perform the following configuration in msdp view. Table 5-10 use msdp outbound filter to control the source information forwarded operation command filter off all the sa messages to a specified msd...
Page 793
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-10 operation command cancel the filtering rule over received source information undo peer peer-address sa-policy import similar to msdp outbound filter in function, msdp inbound filter controls the r...
Page 794
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-11 5.2.13 disabling an msdp peer the session between msdp peers can be cut off and re-activated as needed. If a session between msdp peers is cut off, the tcp connection will break with no retry effo...
Page 796
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-13 to enable router d to receive the specified source information from pim-sm domains 1, 2 and 3, you can configure static rpf peers with the parameter rp-policy. After the configuration finishes, ro...
Page 797
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-14 [rtd] ip ip-prefix list-c permit 10.25.0.0 16 [rtd] msdp [rtd-msdp] peer 10.25.1.1 connect-interface ethernet 0/1/2 [rtd-msdp] static-rpf-peer 10.25.1.1 rp-policy list-c 5.4.2 configuring anycast ...
Page 798
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-15 iii. Configuration procedure 1) configure rtb: # enable multicast. System-view [rtb] multicast routing-enable # configure the ip address of interface loopback0. [rtb] interface loopback0 [rtb-loop...
Page 799
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-16 # configure originating rp. [rtb-msdp] originating-rp loopback0 [rtb-msdp] quit # configure the candidate rp and bsr. [rtb] pim [rtb-pim] c-rp loopback 10 [rtb-pim] c-bsr loopback 10 30 2) configu...
Page 800
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-17 [rta-ospf-1] quit # configure rtb as its msdp peer. [rta] msdp [rta-msdp] peer 10.10.1.1 connect-interface loopback 0 # configure originating rp. [rta-msdp] originating-rp loopback0 [rta-msdp] qui...
Page 801
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-18 ii. Network diagram src c src a ethernet0/0/0 serial1/0/0 serial1/1/0 pim-sm domain 4 10.1.1.1 loopback0 10.25.1.1 loopback0 10.25.1.2 ethernet: 10.25.2.0 loopback0 10.26.1.1 10.29.1.1 serial1/0/0...
Page 802
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-19 [rta] interface loopback10 [rta-loopback10] ip address 10.1.1.1 255.255.255.255 [rta-loopback10] pim sm [rta-loopback10] quit # configure the ip address of interface ethernet0/0/0 and enable pim-s...
Page 803
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-20 [rta-bgp] peer rtf next-hop-local [rta-bgp] ipv4-family multicast [rta-bgp-af-mul] peer rtf enable [rta-bgp-af-mul] peer rtf next-hop-local [rta-bgp-af-mul] quit # configure the ebgp peer rtg. [rt...
Page 804
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-21 [rte] interface loopback10 [rte-loopback10] ip address 10.1.1.1 255.255.255.255 [rte-loopback10] pim sm [rte-loopback10] quit # configure the ip address of interface ethernet 0/0/0 and enable pim-...
Page 805
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-22 [rte-bgp] peer rtf next-hop-local [rte-bgp] ipv4-family multicast [rte-bgp-af-mul] peer 10.26.1.2 group rtf [rte-bgp-af-mul] peer rtf enable [rte-bgp-af-mul] peer rtf next-hop-local [rte-bgp-af-mu...
Page 806
3com router 3000 ethernet family configuration guide chapter 5 msdp configuration 3com corporation 5-23 # assign an ip address to interface serial 1/0/0 and enable pim-sm on it. [rta] interface serial 1/0/0 [rta-serial1/0/0] ip address 10.25.3.2 255.255.255.0 [rta-serial1/0/0] pim sm [rta-serial1/0/...
Page 807: Configuration
3com router 3000 ethernet family configuration guide chapter 6 mbgp multicast extension configuration 3com corporation 6-1 chapter 6 mbgp multicast extension configuration 6.1 mbgp multicast extension 6.1.1 mbgp multicast extension overview at present, the most widely used inter-domain unicast routi...
Page 808
3com router 3000 ethernet family configuration guide chapter 6 mbgp multicast extension configuration 3com corporation 6-2 (network layer reachability information), with 1 for the unicast mode of nlri, and 2 for the multicast mode of nlri. I. Mp_reach_nlri attribute mp_reach_nlri is an optional non-...
Page 809
3com router 3000 ethernet family configuration guide chapter 6 mbgp multicast extension configuration 3com corporation 6-3 information among peers. It consists of three parts at the most: mp_unreach_nlri, path attributes and mp_reach_nlri. 6.2 mbgp multicast extension configuration basic configurati...
Page 810
3com router 3000 ethernet family configuration guide chapter 6 mbgp multicast extension configuration 3com corporation 6-4 table 6-1 enable the mbgp multicast extension protocol operation command enter the mbgp multicast address family view ipv4-family multicast remove the mbgp multicast address fam...
Page 811
3com router 3000 ethernet family configuration guide chapter 6 mbgp multicast extension configuration 3com corporation 6-5 for the configuration, refer to the “bgp configuration” section in “routing protocol” of this manual. 6.2.5 configuring local preference different local preference can be config...
Page 812
3com router 3000 ethernet family configuration guide chapter 6 mbgp multicast extension configuration 3com corporation 6-6 i. Creating a peer group with members by default, an ibgp peer will be added to a default peer group without configuration. Such default group is invisible. The configuration of...
Page 813
3com router 3000 ethernet family configuration guide chapter 6 mbgp multicast extension configuration 3com corporation 6-7 by default, no community attribute is advertised to any peer/peer group. Iv. Configuring a peer/peer group as an mbgp route reflector client table 6-6 configure a peer/peer grou...
Page 814
3com router 3000 ethernet family configuration guide chapter 6 mbgp multicast extension configuration 3com corporation 6-8 perform the following configuration in ipv4 multicast subaddress family view. Table 6-9 configure the times that the local as number can be received operation command configure ...
Page 815
3com router 3000 ethernet family configuration guide chapter 6 mbgp multicast extension configuration 3com corporation 6-9 ii. Configuring ip-acl-based route filtering policy for a peer/peer group table 6-11 configure the ip-acl-based route filtering policy for a peer/peer group operation command co...
Page 817
3com router 3000 ethernet family configuration guide chapter 6 mbgp multicast extension configuration 3com corporation 6-11 clients exchange path selection information with a reflector in peer relationship; the reflector transmits (reflects) information to the clients in turn. For the details of pri...
Page 818
3com router 3000 ethernet family configuration guide chapter 6 mbgp multicast extension configuration 3com corporation 6-12 configuration, refer to the “ip routing policy” section in “routing protocol” of this manual. 6.2.14 configuring mbgp route filtering the route filtering configuration of mbgp ...
Page 820
3com router 3000 ethernet family configuration guide chapter 6 mbgp multicast extension configuration 3com corporation 6-14 [routera] interface serial 1/1/0 [routera-serial1/1/0] ip address 193.1.1.1 255.255.255.0 [routera-serial1/1/0] quit # enable mbgp. [routera] bgp 100 [routera-bgp] ipv4-family ...
Page 821
3com router 3000 ethernet family configuration guide chapter 6 mbgp multicast extension configuration 3com corporation 6-15 [routera-bgp] ipv4-family multicast [routera-bgp-af-mul] peer a2 route-policy set_med_50 export [routera-bgp-af-mul] peer a1 route-policy set_med_100 export 2) configure router...
Page 822
3com router 3000 ethernet family configuration guide chapter 6 mbgp multicast extension configuration 3com corporation 6-16 [routerc-ospf-1] quit [routerc] bgp 200 [routerc-bgp] undo synchronization [routerc-bgp] group c1 external [routerc-bgp] peer 193.1.1.1 group c1 as-number 100 [routerc-bgp] gro...
Page 823
3com router 3000 ethernet family configuration guide chapter 6 mbgp multicast extension configuration 3com corporation 6-17 [routerd-serial1/1/0] quit [routerd] ospf [routerd-ospf-1] area 0 [routerd-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [routerd-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0....
Page 824
3com router 3000 ethernet family configuration guide chapter 7 multicast static route configuration 3com corporation 7-1 chapter 7 multicast static route configuration 7.1 multicast static route overview a multicast network topology may be different from a unicast topology. Some routers in the netwo...
Page 825
3com router 3000 ethernet family configuration guide chapter 7 multicast static route configuration 3com corporation 7-2 7.2.1 configuring a multicast static route perform the following configuration in system view. Table 7-1 configure a multicast static route operation command configure a multicast...
Page 826
3com router 3000 ethernet family configuration guide chapter 7 multicast static route configuration 3com corporation 7-3 table 7-2 configure the multicast rpf route selecting policy operation command apply the longest-match rule ip rpf-longest-match restore the default configuration undo ip rpf-long...
Page 827
3com router 3000 ethernet family configuration guide chapter 7 multicast static route configuration 3com corporation 7-4 iii. Configuration procedure configure rt1: system-view [rt1] ip rpf-route-static 0.0.0.0 0.0.0.0 ospf null0 preference 255 [rt1] ip rpf-route-static 0.0.0.0 0.0.0.0 tunnel1 the f...
Page 828: Mpls
3com router 3000 ethernet family configuration guide 3com corporation i mpls.
Page 829: Table of Contents
3com router 3000 ethernet family configuration guide table of contents 3com corporation i table of contents chapter 1 mpls architecture....................................................................................................... 1-1 1.1 mpls overview ..........................................
Page 830
3com router 3000 ethernet family configuration guide table of contents 3com corporation ii 2.3.6 configuring ldp authentication mode .................................................................. 2-10 2.3.7 configuring the type of label to be distributed to the penultimate hop ............. 2-10...
Page 831
3com router 3000 ethernet family configuration guide table of contents 3com corporation iii 4.2 configuration of mpls l2vpn in ccc mode ................................................................... 4-5 4.2.1 configuring the interface connecting ce .................................................
Page 832
3com router 3000 ethernet family configuration guide chapter 1 mpls architecture 3com corporation 1-1 chapter 1 mpls architecture 1.1 mpls overview mpls (multiprotocol label switching) encapsulates packets with labels of short and fixed length. Mpls obtains service from various link layers (such as ...
Page 833
3com router 3000 ethernet family configuration guide chapter 1 mpls architecture 3com corporation 1-2 label is located between the link layer header and the network layer packet, with the length of 4 bytes. A label contains four fields: label: label value, 20bits, used as the pointer for forwarding....
Page 834
3com router 3000 ethernet family configuration guide chapter 1 mpls architecture 3com corporation 1-3 for a specific fec, if lsr originates label assignment and distribution even without receiving label request messages from upstream, it is in du mode. For a specific fec, if lsr begins label assignm...
Page 835
3com router 3000 ethernet family configuration guide chapter 1 mpls architecture 3com corporation 1-4 1.3 mpls architecture 1.3.1 mpls network structure the basic composing unit of mpls network is lsr (label switching router). It runs mpls control protocol and l3 routing protocol, exchanges routing ...
Page 836
3com router 3000 ethernet family configuration guide chapter 1 mpls architecture 3com corporation 1-5 1.3.3 lsp tunnel and hierarchy i. Lsp tunnel mpls supports lsp tunnel technology. On an lsp path, lsr ru and lsr rd are upstream and downstream for each other. However, the path between lsr ru and l...
Page 837
3com router 3000 ethernet family configuration guide chapter 1 mpls architecture 3com corporation 1-6 on the lsr along the lsp, the mapping table of the import/export labels has been established (the element of this table is referred to as next hop label forwarding entry (nhlfe)). When the labeled p...
Page 838
3com router 3000 ethernet family configuration guide chapter 1 mpls architecture 3com corporation 1-7 ii. Ldp session an ldp session is to exchange label and release messages between lsrs. There are two types of ldp session: z local ldp session: an ldp session between two directly connecting lsrs. Z...
Page 839
3com router 3000 ethernet family configuration guide chapter 1 mpls architecture 3com corporation 1-8 on an lsp, along the data transmission direction, neighboring lsrs are respectively called as upstream lsr and downstream lsr. On lsp1 shown in figure 1-5, lsr b is the upstream lsr of lsr c. Labels...
Page 840
3com router 3000 ethernet family configuration guide chapter 1 mpls architecture 3com corporation 1-9 z basic discovery mechanism the basic discovery mechanism is to discover the local ldp peer, that is, to establish a local ldp session between directly connecting lsrs. In this case, the lsr periodi...
Page 841
3com router 3000 ethernet family configuration guide chapter 1 mpls architecture 3com corporation 1-10 sends a label mapping message to the upstream lsr with the allocated label information included; 4) the upstream lsr compares the received label mapping message with its label database, allocates t...
Page 842
3com router 3000 ethernet family configuration guide chapter 1 mpls architecture 3com corporation 1-11 information is the exact designation of all the lsrs along the path; and loose explicit routing where only some of the lsrs along the path are specified. 1.5 mpls and other protocols 1.5.1 mpls and...
Page 843
3com router 3000 ethernet family configuration guide chapter 1 mpls architecture 3com corporation 1-12 different branches of private network by using lsp, forming a united network. Mpls-based vpn also supports the interconnection between different vpns. Branch 2 of private network branch 1 of privat...
Page 844
3com router 3000 ethernet family configuration guide chapter 1 mpls architecture 3com corporation 1-13 mpls-based diff-serv is fulfilled by integrating ds assignment into the label distribution process of mpls. Diff-serv defines the same processing method, which includes queue selection, queuing, an...
Page 845
3com router 3000 ethernet family configuration guide chapter 1 mpls architecture 3com corporation 1-14 z impose the incoming bandwidth constraint on the mpls edge router to classify the incoming traffic. Z adopt car on the edge devices so that they can share the work of bandwidth management. Z the m...
Page 846
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-1 chapter 2 mpls basic capability configuration 2.1 introduction to mpls basic capability the following mpls basic capabilities are available: z basic mpls forwarding each router int...
Page 847
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-2 z enable ldp on interface z control ldp loop detection z set ldp session keepalive parameters on interface 2.2.1 defining mpls lsr id before configuring any other mpls command, it ...
Page 849
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-4 forwards a labeled packet, it decrements the ttl value in the top label by one. When the lsr pops the stack, it copies the ttl value in the top label back to the ip packet or the l...
Page 850
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-5 2.2.6 configuring mpls to return icmp responses by ip routing in an mpls vpn network, a p router cannot route the ip packets encapsulated in mpls. When the ttl value of an mpls pac...
Page 851
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-6 table 2-7 enable/disable ldp view operation command enable ldp mpls ldp disable ldp undo mpls ldp by default, ldp is disabled. 2.3.2 enabling/disabling ldp on interface to make the...
Page 852
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-7 ii. Configuring a remote-peer address you can specify the address of any ldp-enabled interface on the remote-peer or the address of the loopback interface on the lsr that has adver...
Page 853
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-8 note: for atm, interface configuration commands are only available for the atm subinterfaces in point-to-point mode. For those link layer protocols that do not support broadcast pa...
Page 854
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-9 id is recorded in the path information. If not, the router just adds its id. If yes, it means loop appears, so lsp setup process terminates. Perform the following configurations in...
Page 855
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-10 the maximum hop count defaults to 32. 2.3.6 configuring ldp authentication mode perform the following configurations in the interface view or remote-peer view. Table 2-16 configur...
Page 856
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-11 2.4.1 displaying and debugging mpls mpls provides abundant display and debugging commands for monitoring ldp session state, tunnel, all the lsps and their states, and so on. These...
Page 857
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-12 iv. Display lsp please execute the following commands in any view to display the information related to mpls lsp. Table 2-21 display mpls lsp operation command display the informa...
Page 858
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-13 2.4.2 displaying and debugging ldp i. Ldp display commands v 2.41 provides abundant mpls monitoring commands for monitoring states of lsrs, ldp sessions, interfaces and peers. The...
Page 859
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-14 session: displays debugging information in processing ldp session pdu: displays debugging information in processing pdu packets notification: displays debugging information in pro...
Page 860
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-15 [3com-ospf] area 0 [3com-ospf-area-0.0.0.0] network 168.1.0.0 0.0.255.255 2) configuration on router b: # configure lsr id and enable mpls and ldp. [3com] mpls lsr-id 172.17.1.1 [...
Page 861
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-16 [3com] mpls lsr-id 172.16.1.2 [3com] mpls [3com] mpls ldp # configure ip address and enable ldp on serial interface 1/0/0. [3com] interface serial 1/0/0 [3com-serial1/0/0] ip addr...
Page 862
3com router 3000 ethernet family configuration guide chapter 2 mpls basic capability configuration 3com corporation 2-17 cause 2: local machine cannot get the route to peer lsr id, so tcp connection cannot be set up. Measure: the default address for session transfer is mpls lsr id. The local machine...
Page 863
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-1 chapter 3 bgp/mpls vpn configuration 3.1 bgp/mpls vpn overview traditional vpn, for which layer 2 tunneling protocol (l2tp, l2f and pptp, etc.) or layer 3 tunnel technology (ipsec, gre and ...
Page 864
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-2 3.1.1 bgp/mpls vpn model i. Bgp/mpls vpn model site 1 vpn1 ce site 2 vpn 2 ce pe p p p p pe pe backbone network of the service provider site 1 ce site 2 ce vpn1 site 3 ce vpn2 site 1 vpn1 c...
Page 865
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-3 information (rd, route filtering policy, member interface list, etc). It includes the vpn membership and routing rules of this site. Pe is responsible for updating and maintaining the corre...
Page 866
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-4 received the route with this attribute, it will add the route into the corresponding routing table. For pe routers, there are two sets of vpn target attributes: one of them, referred to as ...
Page 867
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-5 2) routing information exchange between ingress pe and egress pe the ingress pe router uses mp-bgp to advertise routing information learned from ce to the egress pe router (with mpls label)...
Page 868
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-6 1) site 1 sends an ipv4 packet with destination address 1.1.1.2 to ce1. Ce1 looks routing information up in the ip routing table and sends the packet to pe1. 2) pe1 looks up in the vpn-inst...
Page 869
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-7 in mpls l3vpn area, huawei technologies proposed the solution of hierarchy of vpn (hovpn). In hovpn, functions of pe are distributed to multiple devices. Acting as different roles in a hier...
Page 870
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-8 z the upe implements the user access. It maintains the routes of vpn site directly connected with it. It does not maintain the routes of other remote sites in vpn, or only maintains their s...
Page 871
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-9 spe upe mpe upe upe figure 3-5 embedment of hovpn as shown in figure 3-5, the pe in the middle is called middle-level pe (mpe) in a three-level hope. Mp-bgp runs between spe, mpe, and upe. ...
Page 872
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-10 for the pe-ce downstream traffic, this function is implemented via static routing. The static routing in a multi-role host application is different from the regular static routes in the se...
Page 873
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-11 vpn1 site3 ospf area2 mpls vpn backbone vpn1 site1 ospf area0 vpn2 site1 ospf area1 vpn1 site2 ospf area1 area 0 ospf 100 vpn1 area 1 ospf 200 vpn2 ce11 ce12 ce21 ce22 pe1 pe2 area 1 ospf ...
Page 874
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-12 if the contained tag value is the same as that configured on pe during the route calculation of ospf process. Ii. Multi-vpn-instance ce if supporting ospf multi-instance, one router can ru...
Page 875
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-13 in some cases, the routes across the mpls vpn backbone network need to be firstly selected. You can establish a sham link between pes to make the routes become the intra-area routes. The s...
Page 876
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-14 ideally, each multi-as vpn has a pair of subinterfaces for exchanging vpn routing information. Bgp/mpls backbone as 100 ce-1 vpn-1 pe-2 asbr-1 (pe) pe-1 ce-2 vpn-2 ce-3 vpn-1 pe-4 asbr-2 (...
Page 877
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-15 bgp/mpls backbone as 100 ce-1 vpn-1 pe-2 asbr-1 (pe) pe-1 ce-2 vpn-2 ce-3 vpn-1 pe-4 asbr-2 (pe) pe-3 ce-4 vpn-2 bgp/mpls backbone as 200 mp-ibgp mp-ibgp mp-ibgp mp-ibgp mp-ebgp lsp1 vpn l...
Page 878
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-16 pes in different ass establish multihop ebgp connections with each other and exchange vpn-ipv4 routes. Bgp/mpls backbone as 100 ce-1 vpn-1 pe-2 asbr-1 (pe) pe-1 ce-2 vpn-2 ce-3 vpn-1 pe-4 ...
Page 879
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-17 3.2 bgp/mpls vpn configuration note: if you have configured both l2vpn and l3vpn services, l3vpn service must comply with l2vpn service. If you remove l2vpn service, you can go on using l3...
Page 880
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-18 i. Configuring static route if you select static route mode for ce-pe route switching, you should then configure a private static route pointing to pe on ce. Perform the following configur...
Page 881
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-19 the vpn instance is associated with the site. The vpn membership and routing rules of a site is configured in the corresponding vpn instance. This command is used to establish a new vpn-in...
Page 882
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-20 vpn-target attribute, a bgp extension community attribute, controls advertisement of vpn routing information. It works on such principle: z when bgp redistributes a vpn route learned at ce...
Page 883
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-21 operation command remove maximum route number limitation undo routing-table limit note: changing maximum route count for vpn-instance will not affect the existing routing table. To make th...
Page 884
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-22 you can configure a static route pointing to ce on pe for it to learn vpn routing information from ce. Perform the following configuration in the system view. Table 3-8 create/delete the s...
Page 886
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-24 perform the following configuration in the vpn-instance view of mbgp. Table 3-13 configure bgp asynchronous with igp operation command configure bgp asynchronous with igp undo synchronizat...
Page 887
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-25 note that bgp adjacency is established through loopback interface and the sub-net mask must be 32 bits. Step 3: permit bgp session over any operable tcp interface. In general, bgp uses the...
Page 889
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-27 by default, the procedure index is 1. Caution: an ospf procedure can only belong to one vpn instance, while one vpn instance may contain multiple ospf procedures. By default, an ospf proce...
Page 890
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-28 caution: the configured value will not take effect unit the command reset ospf is executed. Table 3-21 configure tag for redistributed vpn route operation command configure tag for an redi...
Page 891
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-29 operation command remove the sham-link undo sham-link source-addr destination-addr by default, the value of cost is 1, and the values of dead, hello, retransmit and trans-delay are respect...
Page 892
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-30 table 3-25 configure bgp neighbor as the upe of bgp/mpls vpn operation command configure bgp neighbor as the upe of bgp/mpls vpn peer peer-address upe disable the configuration undo peer p...
Page 894
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-32 perform the following configuration in route-policy view. Table 3-29 configure label processing on public network routes operation command assign mpls labels to the public network routes t...
Page 895
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-33 table 3-31 configure invariable next hop when advertising routes operation command configure invariable next hop when advertising routes to ebgp peers peer group-name next-hop-invariable r...
Page 896
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-34 table 3-33 display the ip routing table associated with vpn-instance operation command display the ip routing table associated with vpn-instance display ip routing-table vpn-instance vpn-i...
Page 898
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-36 ii. Network diagram as 65440 vpn-b ce4 pe1 rd(100:1) p as 65430 vpn-a ce3 ethernet0 168.3.1.1/16 ethernet1/0/0 168.3.1.2/16 as 65420 vpn-b ce2 as 65410 vpn-a ce1 ethernet0 168.1.1.1/16 ehe...
Page 899
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-37 # configure vpn-instance for vpn-a on pe1, as well as other associated attributes to control advertisement of vpn routing information. [pe1] ip vpn-instance vpna [pe1-vpn-vpna] route-disti...
Page 900
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-38 [pe1-ospf-area-0.0.0.0] network 172.1.0.0 0.0.255.255 [pe1-ospf-area-0.0.0.0] network 202.100.1.1 0.0.0.0 [pe1-ospf-area-0.0.0.0] quit [pe1-ospf] import-route direct [pe1-ospf] quit # set ...
Page 901
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-39 [p-ospf-area-0.0.0.0] network 172.3.1.0 0.0.255.255 [p-ospf-area-0.0.0.0] network 172.4.1.0 0.0.255.255 [p-ospf-area-0.0.0.0] quit [p-ospf] import-route direct 4) configure pe3 note: the c...
Page 902
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-40 [pe3-mpls] mpls ldp [pe3-mpls-ldp] quit [pe3] interface serial 2/0/0 [pe3-serial2/0/0] ip address 172.3.1.1 255.255.0.0 [pe3-serial2/0/0] mpls ldp enable [pe3-serial2/0/0] quit # enable os...
Page 903
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-41 pe 1 pe 2 l0:1.1.1.9/32 ether1/0/1: 192.168.1.0/24 ce-2 p l0:4.4.4.9/32 as 100 ce-1 ce-3 ce-4 ethenet1/0/0 ethernet1/0/0: 192.168.2.0/24 ethernet2/0/2 l0:2.2.29/32 figure 3-14 gre tunnel b...
Page 904
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-42 [pe1-loopback0] ip address 1.1.1.9 255.255.255.255 [pe1-loopback0] quit [pe1] interface ethernet 1/0/0 [pe1-ethernet1/0/0] ip binding vpn-instance vpna [pe1-ethernet1/0/0] ip address 20.1....
Page 905
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-43 [pe1] interface tunnel 1 [pe1-tunnel1] tunnel-protocol gre [pe1-tunnel1] source loopback 0 [pe1-tunnel1] destination 2.2.2.9 [pe1-tunnel1] mpls [pe1-tunnel1] mpls ldp enable # configure st...
Page 906
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-44 note: in the case the configuration is focused on controlling access authority of vpn subscribers at different cities by configuring different vpn-target attributes at different pes. Ii. N...
Page 907
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-45 [pe-a] ip vpn-instance 1 [pe-a-vpn-1] route-distinguisher 100:1 [pe-a-vpn-1] vpn-target 111:1 both [pe-a-vpn-1] quit # set up ebgp adjacency between pe-a and ce-a, redistribute intra-ce-a ...
Page 908
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-46 [pe-a-bgp-af-vpn] peer 30.1.1.1 group 30 [pe-a-bgp-af-vpn] quit 2) configure pe-c. # create a vpn-instance on pe-c, so that it can transceive vpn routing information of vpn-target 111:1 an...
Page 909
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-47 [pe-c-bgp] peer 30.1.1.1 group 30 [pe-c-bgp] peer 30.1.1.1 connect-interface loopback 0 [pe-c-bgp] ipv4-family vpnv4 [pe-c-bgp-af-vpn] peer 10 enable [pe-c-bgp-af-vpn] peer 10.1.1.1 group ...
Page 910
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-48 [pe-b] bgp 100 [pe-b-bgp] group 10 [pe-b-bgp] peer 10.1.1.1 group 10 [pe-b-bgp] peer 10.1.1.1 connect-interface loopback 0 [pe-b-bgp] group 20 [pe-b-bgp] peer 20.1.1.1 group 20 [pe-b-bgp] ...
Page 911
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-49 note: in the case the configuration is focused on two points: z route advertisement can be controlled by vpn-target settings on different pes. Z one routing loop is permitted, so that pe c...
Page 912
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-50 # configure two vpn-instances on pe1, add the specified vpn-target attribute to the routes received from pe2 and pe3. [pe1] ip vpn-instance vpn-instance2 [pe1-vpn- vpn-instance2] route-dis...
Page 913
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-51 # set up mp-ibgp adjacency between pes to exchange intra-pe vpn routing information, and activate mp-ibgp peer in vpnv4 address family view. [pe1] bgp 100 [pe1-bgp] group 22 [pe1-bgp] peer...
Page 914
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-52 # set up mp-ibgp adjacency between pe2 and pe1 to exchange intra-pe vpn routing information, and activate mp-ibgp peer in vpnv4 address family view. [pe2] bgp 100 [pe2] group 11 [pe2-bgp] ...
Page 915
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-53 [pe3-bgp] group 11 [pe3-bgp] peer 11.1.1.1 connect-interface loopback 0 [pe3-bgp] ipv4-family vpnv4 [pe3-bgp-af-vpn] peer 11 enable [pe3-bgp-af-vpn] peer 11.1.1.1 group 11 [pe3-bgp-af-vpn]...
Page 916
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-54 iii. Configuration procedure note: the configuration of ce router is omitted in this case and you can refer to 3.4.1 configuring integrated bgp/mpls vpn. 1) configure pe1 # configure two v...
Page 917
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-55 [pe1-bgp-af-vpn-instance] quit [pe1-bgp] quit # bind the interface connecting pe1 and ce1 with vpn-instance 1.1 and interface connecting pe1 and ce2 with vpn-instance 1.2. [pe1] interface ...
Page 918
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-56 [pe1] bgp 100 [pe1-bgp] group 2 [pe1-bgp] peer 2.2.2.2 group 2 [pe1-bgp] peer 2.2.2.2 connect-interface loopback 0 [pe1-bgp] group 3 [pe1-bgp] peer 3.3.3.3 group 3 [pe1-bgp] peer 3.3.3.3 c...
Page 919
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-57 [pe2-bgp-af-vpn-instance] import-route direct [pe2-bgp-af-vpn-instance] import-route static [pe2-bgp-af-vpn-instance] quit # set up ebgp adjacency between pe2 and ce2, redistribute intra-c...
Page 920
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-58 [pe3-vpn- vpn-instance3.2] vpn-target 1.1.1.1:2 import-extcommunity [pe3-vpn- vpn-instance3.2] vpn-target 2.2.2.2:2 import-extcommunity [pe3-vpn- vpn-instance3.2] quit # set up ebgp adjace...
Page 921
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-59 pc1 is accessed into the vpn1 and vpn2 through ce1. The ip address for pc1 is 100.1.1.2. Note: in the case the configuration is focused on this point: with proper configuration of static r...
Page 922
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-60 [pe1] interface serial0/0/0 [pe1-serial0/0/0] ip binding vpn-instance vpn1 [pe1-serial0/0/0] ip address 1.1.1.1 255.255.255.0 [pe1-serial0/0/0] quit # configure static route, so that pc1 c...
Page 923
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-61 ii. Network diagram mplsbackbone pe pe spe router upper vpn lower vpn as100 upe ce ce ce ce vpn1 site1 vpn2 site1 vpn1 site1 vpn2 site1 upe r3689 r2630 mpls backbone pe pe spe router upper...
Page 924
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-62 [spe-loopback 0] ip address 1.0.0.2 255.255.255.255 # configure bgp [spe] bgp 100 [spe-bgp] ipv4-family vpn-instance vpna [spe--bgp-af-vpn-instance] group 1 [spe--bgp-af-vpn-instance] peer...
Page 925
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-63 [upe] bgp 100 [upe-bgp] group 1 [upe-bgp] peer 1.0.0.2 group 1 [upe-bgp] peer 1.0.0.2 connect-interface loopback0 [upe-bgp] ipv4-family vpnv4 [upe-bgp-af-vpn] peer 1 enable [upe-bgp-af-vpn...
Page 926
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-64 iii. Configuration procedure 1) configure pe1 # enable mpls and ldp. [pe1] mpls lsr-id 1.1.1.1 [pe1] mpls [pe1] mpls ldp # configure vpn-instance. [pe1] ip vpn-instance vpn1 [pe1-vpn-vpn1]...
Page 927
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-65 [pe1-bgp] peer 2.2.2.2 group fc [pe1-bgp] peer 2.2.2.2 connect-interface loopback1 [pe1-bgp] peer 3.3.3.3 group fc [pe1-bgp] peer 3.3.3.3 connect-interface loopback1 # configure bgp to red...
Page 928
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-66 [pe2] interface serial0/0/0 [pe2-serial0/0/0] link-protocol ppp [pe2-serial0/0/0] ip address 168.1.12.2 255.255.255.0 [pe2-serial0/0/0] ospf cost 1 [pe2-serial0/0/0] mpls [pe2-serial0/0/0]...
Page 929
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-67 [pe2-bgp-af-vpn] peer fc enable [pe2-bgp-af-vpn] peer fc advertise-community [pe2-bgp-af-vpn] peer 50.1.1.1 group fc [pe2-bgp-af-vpn] peer 50.1.1.3 group fc # ospf redistributes bgp routes...
Page 930
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-68 [ce2-serial1/0/0] ip address 20.1.1.1 255.255.255.0 [ce2-serial1/0/0] ospf cost 1 # configure ospf. [ce2] ospf 100 router-id 20.20.20.20 [ce2-ospf-100] area 0.0.0.1 [ce2-ospf-100] network ...
Page 931
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-69 # [ce] interface serial2/0/0 [ce-serial2/0/0] link-protocol ppp [ce-serial2/0/0] ip binding vpn-instance ce-vpn2 [ce-serial2/0/0] ip address 20.1.1.2 255.255.255.0 # [ce] interface serial3...
Page 932
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-70 ii. Network diagram pe2 lsr id: 162.1.1.2 asbr-pe2 lsr id:162.1.1.1 bgp/mpls backbone as 200 asbr -pe1 lsr id:172.1.1.1 pe1 lsr id: 172.1.1.2 bgp/mpls backbone as 100 ethernet2/0/0: 168.1....
Page 933
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-71 [asbr-pe1] interface loopback0 [asbr-pe1-loopback 0] ip address 202.100.1.1 255.255.255.255 [asbr-pe1-loopback 0] quit [asbr-pe1] interface pos1/0/0 [asbr-pe1-pos1/0/0] ip address 172.1.1....
Page 934
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-72 you can find that the ospf neighbor relationship is in full state. Pes can learn loopback addresses from each other. The ping operation succeeds between asbr-pe and other pes in the same a...
Page 935
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-73 routerid: 202.100.1.2 address: 172.1.1.2 state: full mode: nbr is master priority: 1 dr: none bdr: none dead timer expires in 30s neighbor comes up for 00:01:49 [asbr-pe1] display ip routi...
Page 936
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-74 # configure basic mpls capability on asbr-pe1 and enable ldp on the interface connecting pe1. [asbr-pe1] mpls lsr-id 172.1.1.1 [asbr-pe1-mpls] lsp-trigger all [asbr-pe1-mpls] quit [asbr-pe...
Page 937
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-75 displaying information about all sessions: local ldp id: 172.1.1.2:0; peer ldp id: 172.1.1.1:0 tcp connection: 172.1.1.2 -> 172.1.1.1 session state: operational session role: active sessio...
Page 938
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-76 [pe1] interface ethernet 2/0/0 [pe1-ethernet2/0/0] ip binding vpn-instance vpna [pe1-ethernet2/0/0] ip address 168.1.1.1 255.255.0.0 [pe1-ethernet2/0/0] quit # configure a vpn instance on ...
Page 939
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-77 [pe1] display ip vpn-instance verbose vpn-instance : vpna no description route-distinguisher : 100:2 interfaces : ethernet2/0/0 export-ext-communities : 100:1 import-ext-communities : 100:...
Page 940
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-78 [ce1] ping 168.1.1.1 ping 168.1.1.1: 56 data bytes, press ctrl_c to break reply from 168.1.1.1: bytes=56 sequence=1 ttl=255 time=1 ms reply from 168.1.1.1: bytes=56 sequence=2 ttl=255 time...
Page 941
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-79 [pe1-bgp] peer 202.100.1.1 group 20 [pe1-bgp] peer 202.100.1.1 connect-interface loopback0 [pe1-bgp] ipv4-family vpnv4 [pe1-bgp-af-vpn] peer 20 enable [pe1-bgp-af-vpn] peer 202.100.1.1 gro...
Page 942
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-80 [pe2-bgp-af-vpn] quit [pe2-bgp] quit # configure asbr-pe2 to establish ebgp peer relationship with asbr-pe1 and ibgp peer relationship with pe2. [asbr-pe2] bgp 200 [asbr-pe2-bgp] ipv4-fami...
Page 943
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-81 [pe1] display ip routing-table vpn-instance vpna vpna route information routing table: vpna route-distinguisher: 100:2 destination/mask protocol pre cost nexthop interface 168.1.0.0/16 dir...
Page 944
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-82 0.00% packet loss round-trip min/avg/max = 70/142/190 ms 3.4.11 configuring inter-provider backbones option b i. Network requirements ce1 and ce2 belong to the same vpn. Ce1 accesses the n...
Page 945
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-83 [pe1-ospf-1] area 0 [pe1-ospf-1-area-0.0.0.0] network 172.1.0.0 0.0.255.255 [pe1-ospf-1-area-0.0.0.0] network 202.100.1.2 0.0.0.0 [pe1-ospf-1-area-0.0.0.0] quit [pe1-ospf-1] quit # configu...
Page 946
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-84 [asbr-pe2] interface pos 2/0/0 [asbr-pe2-pos2/0/0] ip address 192.1.1.2 255.255.255.0 [asbr-pe2-pos2/0/0] quit [asbr-pe2] ospf [asbr-pe2-ospf-1] area 0 [asbr-pe2-ospf-1-area-0.0.0.0] netwo...
Page 947
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-85 [asbr-pe1] mpls ldp [asbr-pe1-mpls-ldp] quit [asbr-pe1] interface pos1/0/0 [asbr-pe1-pos1/0/0] mpls [asbr-pe1-pos1/0/0] mpls ldp [asbr-pe1-pos1/0/0] quit # configure basic mpls capability ...
Page 948
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-86 note: different from option a, option b method requires that the vpn-target attribute of vpn instances of asbr-pe and pe in the same as should match each other. In addition, in different a...
Page 949
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-87 when pinging ce on pe, you need to specify the vpn to which the destination address belongs. For example, ping ce1 on pe1: [pe1] ping -vpn-instance vpna 168.1.1.2 4) configuring mp-bgp, es...
Page 950
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-88 [asbr-pe1] bgp 100 [asbr-pe1-bgp] group 10 external [asbr-pe1-bgp] peer 192.1.1.2 group 10 as-number 200 [asbr-pe1-bgp] group 20 [asbr-pe1-bgp] peer 202.100.1.2 group 20 [asbr-pe1-bgp] pee...
Page 951
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-89 [asbr-pe2-bgp] group 20 [asbr-pe2-bgp] peer 202.200.1.2 group 20 [asbr-pe2-bgp] peer 202.200.1.2 connect-interface loopback0 [asbr-pe2-bgp] ipv4-family vpnv4 [asbr-pe2-bgp-af-vpn] peer 20 ...
Page 952
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-90 1) configuring ospf on the mpls backbone network to make pes learn routes from each other note: in this part: the configurations on pe1 and pe2 are the same as those in section 3.4.11 “con...
Page 953
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-91 [pe2-loopback0] ip address 202.200.1.2 255.255.255.255 [pe2-loopback0] quit [pe2] interface pos1/0/0 [pe2-pos1/0/0] ip address 162.1.1.2 255.255.0.0 [pe2-pos1/0/0] quit [pe2] ospf [pe2-osp...
Page 954
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-92 note: in this part: the configurations on pe1 and pe2 are the same as those in section 3.4.11 “configuring inter-provider backbones option b”. It is necessary to configure mpls capability ...
Page 955
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-93 [asbr-pe2-pos1/0/0] mpls [asbr-pe2-pos1/0/0] mpls ldp [asbr-pe2-pos1/0/0] quit [asbr-pe2] interface pos2/0/0 [asbr-pe2-pos2/0/0] mpls [asbr-pe2-pos2/0/0] quit note: in this scenario, asbrs...
Page 956
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-94 [ce1-ethernet1] ip address 168.1.1.2 255.255.0.0 [ce1-ethernet1] quit # configure a vpn instance on pe1 and bind it to the interface connecting to ce1. [pe1] ip vpn-instance vpna [pe1-vpn-...
Page 957
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-95 note: in this part: z the configurations on ce1 and ce2 are the same as those in section 3.4.11 “configuring inter-provider backbones option b”. Z the exchange of labeled ipv4 routes is co...
Page 958
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-96 [asbr-pe1] acl number 2001 [asbr-pe1-acl-basic-2001] rule permit source 202.100.1.2 0 [asbr-pe1-acl-basic-2001] rule deny source any [asbr-pe1-acl-basic-2001] quit [asbr-pe1] route-policy ...
Page 959
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-97 [pe2-bgp] peer 20 label-route-capability [pe2-bgp] peer 202.200.1.1 group 20 [pe2-bgp] peer 202.200.1.1 connect-interface loopback0 [pe2-bgp] group 30 external [pe2-bgp] peer 30 ebgp-max-h...
Page 960
3com router 3000 ethernet family configuration guide chapter 3 bgp/mpls vpn configuration 3com corporation 3-98 display bgp routing label command, you can find that the two routes carry labels and the ipv4 routes learned from each other by pe1 and pe2. Ces can learn interface routes from each other....
Page 961
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-1 chapter 4 mpls l2vpn configuration 4.1 overview 4.1.1 introduction to mpls l2vpn atm-based and fr-based vpns have gained widespread applications, which can enable different vpns to share the ...
Page 962
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-2 vpn a vpn a vpn b vpn b ce ce ce ce pe pe pe vc vc lsp p p vpn a vpn a vpn b vpn b ce ce ce ce pe pe pe vc vc lsp p p figure 4-1 l2vpn mpls l2vpn offers the following benefits: z support mult...
Page 963
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-3 control word: it is unnecessary to transmit the l2 frame as a whole in transmitting 12vpn packets over mpls network. All required is to distract the l2 frame header at the ingress and to add ...
Page 964
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-4 draft-martini-l2circuit-trans-mpls-08.Txt draft-kompella-ppvpn-l2vpn-01.Txt the martini draft provisions the point-to-point link implementation of l2vpn. As ldp is used as the signaling proto...
Page 965
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-5 martini mode is more applicable to a low-density l2 connection, for example, star connection. Iv. Mpls l2vpn in kompella mode mpls l2vpn in kompella mode is similar to the l3 bgp/mpls vpn. Li...
Page 966
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-6 it suffices to enabled mpls and bidirectional static lsp on a p router. 4.2.1 configuring the interface connecting ce only some compulsory configuration tasks are listed here. For optional ta...
Page 968
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-8 table 4-4 enable mpls operation command configure lsr id mpls lsr-id x.X.X.X enable mpls mpls 4.2.3 configuring static lsp ccc makes use of static lsp for transparently transmitting l2 packet...
Page 969
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-9 4.2.5 creating ccc connection ccc connections fall into local connection and remote connection. Local connection refers to the connection established between two local ces. With local connect...
Page 970
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-10 z create svc connection refer to section 4.2 “configuration of mpls l2vpn in ccc mode” for the first three steps. 4.3.1 configuring pe-pe tunnel current two types of tunnels are available, g...
Page 971
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-11 operation command delete an svc connection undo mpls static-l2vc caution: you must guarantee the validity of transmit and receive labels of l2vpn in svc mode. 4.4 configuration of mpls l2vpn...
Page 972
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-12 caution: with ldp/mpls l2vpn, the vc id assigned to a link must be unique among all the links with the same encapsulation type. Any encapsulation change is likely to cause vc id collision. S...
Page 973
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-13 when the undo command is executed, the system returns to bgp view and delete the l2vpn address family. Ii. Activating the peer (group) perform the following configurations in l2vpn view. Tab...
Page 974
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-14 perform the following configurations in mpls l2vpn view. Table 4-15 configure vpn operation command configure rd for mpls l2vpn route-distinguisher route-distinguisher configure vpn-target f...
Page 975
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-15 suppose a corporation has ten ces in its vpn, but the expanded network may have 20 ces, so you can set the ce range as 20. Then the system will allocate labels for the future ten ces in adva...
Page 977
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-17 iii. Configuration procedure 1) configure pe-a: # globally enable mpls. [3com] mpls lsr-id 172.1.1.1 [3com] mpls # globally enable mpls l2vpn. [3com] mpls l2vpn # configure the interface ser...
Page 978
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-18 [3com] mpls # globally enable mpls l2vpn. [3com]mpls l2vpn # configure the interface serial 0/0/0. [3com] interface serial 0/0/0 [3com-serial0/0/0] link-protocol ppp # enable mpls on the int...
Page 979
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-19 the encapsulation type for the two ce interfaces is consistent and supported in current mpls l2vpn. Z for a mpls l2vpn of vlan encapsulation type, the vlan ids for the two ce interfaces can ...
Page 980
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-20 # configure serial interface. [pe1] interface serial1/1/0 [pe1-serial1/1/0] mpls ldp enable [pe1-serial1/1/0] ip address 168.1.1.1 255.255.0.0 # enable ospf. [3com] ospf 1 [3com -ospf-1] are...
Page 981
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-21 [pe2-mpls] lsp-trigger all # configure svc connection. [pe2-s3/1/0] mpls static-l2vc destination 192.1.1.1 transmit-vpn-label 333 receive-vpn-label 111 3) configure p # configure lsr id, ena...
Page 982
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-22 # configure vlan subinterface. [3com] interface ethermet0/0/0.1 [3com-ethernet0/0/0.1] vlan-type dot1q vid 20 # configure the serial interface. [3com] interface serial 0/0/0 [3com-serial0/0/...
Page 983
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-23 # assign an address to the loopback interface, which will be taken as the lsr id. [3com] interface loopback 0 [3com-loopback0] ip address 192.1.1.2 255.255.255.255 # enable ospf. [3com] ospf...
Page 984
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-24 caution: the conditions for a martini connection to go up are: z the two ce interfaces are in up state. Z two tunnels (gre or lsp, one in each direction) have been established between two pe...
Page 985
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-25 [3com] mpls [3com] mpls l2vpn # assign an address to the loopback interface. [3com] interface loopback 0 [3com-loopback0] ip address 192.1.1.1 255.255.255.255 # configure the serial interfac...
Page 986
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-26 [3com] bgp 100 [3com-bgp] group 192 internal [3com-bgp] peer 192.1.1.2 connect-interface loopback0 [3com-bgp] peer 192.1.1.2 group 192 as-number 100 [3com-bgp] peer 192.1.1.3 connect-interfa...
Page 987
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-27 [3com] interface loopback 0 [3com-loopback0] ip address 192.1.1.2 255.255.255.255 # configure serial interface. [3com-loopback0] interface serial 0/0/0 [3com-serial0/0/0] ip address 169.1.1....
Page 988
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-28 [3com-l2vpn-vpna-ce-ce-c] ce ce-c id 3 range 4 # configure connection with ce-a. [3com-l2vpn-vpna-ce-ce-c] connection atm0/0/0.1 # configure remote connection with ce-b. [3com-l2vpn-vpna-ce-...
Page 989
3com router 3000 ethernet family configuration guide chapter 4 mpls l2vpn configuration 3com corporation 4-29 4.8 troubleshooting mpls l2vpn symptom 1: configuring layer 2 vpn on a vlan interface fails. Solution: z check that mpls/bgp vpn, webswitch, multicast or vll is not enabled on the interface....
Page 990: Security
3com router 3000 ethernet family configuration guide 3com corporation i security.
Page 991: Table of Contents
3com router 3000 ethernet family configuration guide table of contents 3com corporation i table of contents chapter 1 network security configuration................................................................................. 1-1 1.1 introduction to the network security features provided by v 2....
Page 992
3com router 3000 ethernet family configuration guide table of contents 3com corporation ii 2.4.6 setting a key for securing the communication with tacacs server ................. 2-34 2.4.7 setting the username format acceptable to the tacacs server....................... 2-34 2.4.8 setting the unit...
Page 993
3com router 3000 ethernet family configuration guide table of contents 3com corporation iii chapter 5 acl configuration....................................................................................................... 5-1 5.1 introduction to acl ....................................................
Page 994
3com router 3000 ethernet family configuration guide table of contents 3com corporation iv 7.1.1 ipsec....................................................................................................................... 7-1 7.1.2 ipsec basic concepts...................................................
Page 995
3com router 3000 ethernet family configuration guide table of contents 3com corporation v 9.1.2 terminology............................................................................................................. 9-2 9.1.3 applications ...............................................................
Page 996
3com router 3000 ethernet family configuration guide chapter 1 network security configuration 3com corporation 1-1 chapter 1 network security configuration 1.1 introduction to the network security features provided by v 2.41 a router must be able to withstand the various malicious attacks from the p...
Page 997
3com router 3000 ethernet family configuration guide chapter 1 network security configuration 3com corporation 1-2 configuration in the link layer protocol part for ppp authentication protocol, networking protocol part for address translation, ip route part for adjacent router authentication. 1.2 hi...
Page 998
3com router 3000 ethernet family configuration guide chapter 1 network security configuration 3com corporation 1-3 ethernet internet pc server firewall pc pc figure 1-1 a firewall separating the intranet from the internet the firewall is not only applied to the internet connection, but also used to ...
Page 999
3com router 3000 ethernet family configuration guide chapter 1 network security configuration 3com corporation 1-4 entry in the valid connection table. After the session is terminated, the session entry will be deleted from the table. Circuit-level gw authenticates a connection only at the session l...
Page 1000
3com router 3000 ethernet family configuration guide chapter 1 network security configuration 3com corporation 1-5 carried by the ip layer, source and destination addresses of the packet, and source and destination ports. Then, it compares them with the preset rules to determine whether the packet s...
Page 1001
3com router 3000 ethernet family configuration guide chapter 1 network security configuration 3com corporation 1-6 information sent from unreliable routers. If available with the route authentication function, a router will be able to authenticate the switching route update packets received from the...
Page 1002: Configuration
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-1 chapter 2 aaa and radius/hwtacacs protocol configuration 2.1 overview 2.1.1 introduction to aaa authentication, authorization and accounting (aaa) provide a uniform fram...
Page 1003
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-2 z radius authorization following successful authentication: with radius, users are authorized only after they pass authentication. In other words, you cannot perform rad...
Page 1004
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-3 about radius clients such as shared key; and “dictionary” stores the information for interpreting radius protocol attributes and their values. Radius server users client...
Page 1005
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-4 having received the username and password, the radius client sends the authentication request (access-request) to the radius server. 2) the radius server compares the re...
Page 1006
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-5 table 2-1 code values code packet type description 1 access-request the packet carries user information and is transmitted by the client to the server to help the client...
Page 1007
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-6 type attribute type type attribute type 5 nas-port 27 session-timeout 6 service-type 28 idle-timeout 7 framed-protocol 29 termination-action 8 framed-ip-address 30 calle...
Page 1008
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-7 2.1.3 introduction to the hwtacacs protocol i. What is hwtacacs hwtacacs is an enhanced security protocol based on tacacs (rfc1492). Similar to the radius protocol, it i...
Page 1009
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-8 ii. Basic message exchange procedures in hwtacacs for example, use hwtacacs to implement authentication, authorization, and accounting for a telnet user. The basic messa...
Page 1010
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-9 user hwtacacs client hwtacacs server user logs in authentication start request packet authentication response packet, requesting for the user name request user for the u...
Page 1011
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-10 z configure the isp domain state z set an access limit z enable accounting optional z define a local ip pool and allocate ip addresses to ppp users 2) create a local us...
Page 1012
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-11 and accounting are accomplished by the specified radius or hwtacas scheme. That is, you cannot specify a separate scheme for authentication, authorization, or accountin...
Page 1013
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-12 accounting: the scheme can be radius, hwtacacs, or none. You can configure any combination of the above schemes for authentication, authorization, and accounting of ter...
Page 1014
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-13 operation command remove the accounting scheme used by the domain undo accounting by default, no separate authentication, authorization, or accouting scheme is availabl...
Page 1015
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-14 perform the following configuration in isp domain view. Table 2-8 configure an access limit operation command set an access limit to limit the number of users that the ...
Page 1016
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-15 z define an address pool in system view and assign it (only one is allowed) to the interface in the view of this interface for assigning addresses to the connected ends...
Page 1017
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-16 note: if you use a radius-scheme or hwtacacs-scheme to authenticate users, you must appropriately configure the radius or tacacs server (whether it can be configured an...
Page 1019
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-18 2.3 configuring the radius protocol the radius protocol is configured scheme by scheme. In a real networking environment, a radius scheme can comprise an independent ra...
Page 1020
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-19 operation command delete a radius scheme. Undo radius scheme radius-scheme-name a radius scheme can be referenced by several isp domains at the same time. By default, t...
Page 1021
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-20 as the authorization information from the radius server is sent to radius clients in authentication response packets, so you do not need to specify a separate authoriza...
Page 1022
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-21 ii. Enabling the stop-accounting packet buffer and retransmission since the stop-accounting packet affects the bill and eventually the charge to a user, it has importan...
Page 1023
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-22 perform the following configuration in radius view. Table 2-18 set the maximum number of real-time accounting request attempts operation command set the maximum number ...
Page 1024
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-23 communication with the current radius server has been disconnected and turns to another radius server. You can use the following command to set the maximum number of al...
Page 1025
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-24 z if the router has sent the specified maximum number of accounting-on packets without receiving any response packet from the cams server, the router stops sending acco...
Page 1027
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-26 radius servers reject the username including isp domain name. In this case, you have to remove the domain name before sending the username to the radius server. 3com ro...
Page 1028
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-27 table 2-26 configure source address for the radius packets sent by the nas operation command configure the source address to be carried in the radius packets sent by th...
Page 1029
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-28 operation command restore the default setting. Undo timer quiet by default, the primary radius server must wait five minutes before it can resume the active state. Iii....
Page 1030
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-29 table 2-31 enable the radius server to send traps when it goes down operation command enable the radius server to send traps when it goes down radius trap { authenticat...
Page 1031
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-30 2.4 configuring hwtacacs protocol the configuration tasks of hwtacacs include: z create a hwtacacs scheme z configure tacacs authentication servers z configure tacacs a...
Page 1032
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-31 operation command delete a hwtacacs scheme. Undo hwtacacs scheme hwtacacs-scheme-name if the hwtacacs scheme you specify does not exist, the system creates it and enter...
Page 1033
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-32 table 2-35 configure tacacs authorization servers operation command configure the primary tacacs authorization server. Primary authorization ip-address [ port ] delete ...
Page 1034
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-33 the primary and secondary accounting servers cannot use the same ip address. Otherwise, the system will prompt unsuccessful configuration. The default port number is 49...
Page 1035
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-34 2.4.6 setting a key for securing the communication with tacacs server when using a tacacs server as an aaa server, you can set a key to improve the communication securi...
Page 1037
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-36 table 2-44 set a real-time accounting interval operation command set a real-time accounting interval. Timer realtime-accounting minutes restore the default real-time ac...
Page 1038
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-37 note: to allow a tacacs user to change its password, you must ensure that this function is enabled on the tacacs server in addition to the tacacs client. This function ...
Page 1039
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-38 operation command disable radius packet debugging. Undo debugging radius packet clear stop-accounting packets from the buffer. Reset stop-accounting-buffer { radius-sch...
Page 1040
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-39 i. Network requirements configure the router to enable the radius server to provide authentication and accounting services for telnet users accessing the router (see th...
Page 1041
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-40 [3com-radius-cams] primary authentication 10.110.91.146 1812 [3com-radius-cams] primary accounting 10.110.91.146 1813 [3com-radius-cams] key authentication expert [3com...
Page 1042
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-41 [3com-luser-telnet] password simple huawei [3com] domain system [3com-isp-system] scheme local telnet users use usernames in the “userid@system” format to log onto the ...
Page 1043
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-42 [3com-hwtacacs-hwtac] key authentication expert [3com-hwtacacs-hwtac] key authorization expert [3com-hwtacacs-hwtac] key accounting expert [3com-hwtacacs-hwtac] user-na...
Page 1044
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-43 ii. Network diagram radius:10.110.91.145/16 tacacs:10.110.91.146/16 ppp user intranet pstn s0/0/0: 188.188.188.2 e1/0/0: 10.110.91.160 figure 2-10 configure separate aa...
Page 1045
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-44 [3com-serial0/0/0] ip address 188.188.188.2 255.255.255.0 [3com-serial0/0/0] remote address pool 1 # configure the ethernet interface. [3com-serial0/0/0] interface ethe...
Page 1046
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-45 [3com] user-interface vty0 4 [3com-ui-vty0-4] authentication-mode scheme # configure the domain name. [3com] domain tacacs [3com-isp-tacacs] access-limit enable 10 [3co...
Page 1047
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-46 step 1: type username test@ tacacs. Step 2: choose to use the winkey.Exe calculator to get the login password at the prompt “s/key 89 gf55236”. Figure 2-13 calculate lo...
Page 1048
3com router 3000 ethernet family configuration guide chapter 2 aaa and radius/hwtacacs protocol configuration 3com corporation 2-47 1) the communication links (at both physical and link layers) between the nas and the radius server work well. 2) the ip address of the radius server is correctly confi...
Page 1049
3com router 3000 ethernet family configuration guide chapter 3 portal configuration 3com corporation 3-1 chapter 3 portal configuration 3.1 portal overview 3.1.1 introduction to portal portal is also called portal website. Portal authentication is also called web authentication, which mainly falls i...
Page 1050
3com router 3000 ethernet family configuration guide chapter 3 portal configuration 3com corporation 3-2 the access device communicates with the authentication/accounting server to perform authentication and accounting. The access device in this manual refers to a 3com router. Z portal server: a web...
Page 1051
3com router 3000 ethernet family configuration guide chapter 3 portal configuration 3com corporation 3-3 rather than enter the user name and password, to initiate fast authentication. In addition, the attribute fields of the user name and password in the authentication request sent from the portal s...
Page 1052
3com router 3000 ethernet family configuration guide chapter 3 portal configuration 3com corporation 3-4 z the portal-enabled ethernet interface is configured with a legal ip address. Z the portal server and the radius server are installed and configured properly. Z with re-dhcp authentication, the ...
Page 1053
3com router 3000 ethernet family configuration guide chapter 3 portal configuration 3com corporation 3-5 to do… use the command… remarks enter interface view interface interface-type interface-num required enable portal authentication on an interface portal server-name required display portal config...
Page 1054
3com router 3000 ethernet family configuration guide chapter 3 portal configuration 3com corporation 3-6 3.2.3 direct authentication configuration example i. Network requirements z configure the router to enable portal authentication. Set the portal operating mode to direct authentication and the po...
Page 1055
3com router 3000 ethernet family configuration guide chapter 3 portal configuration 3com corporation 3-7 [3com] domain portal # configure the isp domain to use the radius scheme named portal. [3com-isp-portal] radius-scheme portal [3com-isp-portal] quit # configure the default isp domain as portal (...
Page 1056
3com router 3000 ethernet family configuration guide chapter 3 portal configuration 3com corporation 3-8 z configure router a to enable portal authentication. Set the portal operating mode to direct authentication and the name of the portal server to newp. Z router a counts on the radius server for ...
Page 1057
3com router 3000 ethernet family configuration guide chapter 3 portal configuration 3com corporation 3-9 # enable portal authentication on interface ethernet1/0/0. [3com] interface ethernet 1/0/0 [3com-ethernet 1/0/0] ip address 162.21.1.1 255.255.0.0 [3com-ethernet 1/0/0] portal newp [3com-ethernet...
Page 1058
3com router 3000 ethernet family configuration guide chapter 3 portal configuration 3com corporation 3-10 note: z the following describes only the configurations related to re-dhcp authentication. For configurations of the radius scheme and isp domain, refer to section 3.2.3 “direct authentication c...
Page 1059
3com router 3000 ethernet family configuration guide chapter 3 portal configuration 3com corporation 3-11 3.3.2 authentication-free user and free ip address configuration tasks the following table describes authentication-free user and free ip address configuration tasks. These configurations are op...
Page 1060
3com router 3000 ethernet family configuration guide chapter 3 portal configuration 3com corporation 3-12 z server 2 can access the internet without authentication. Ii. Network diagram portal server radius authentication/accounting server 192.168.1.100/16 192.168.1.200/16 192.168.1.50/16 server 2 19...
Page 1061
3com router 3000 ethernet family configuration guide chapter 3 portal configuration 3com corporation 3-13 # enable portal authentication on interface ethernet0/0/0. [3com] interface ethernet0/0/0 [3com-ethernet0/0/0] ip address 192.166.1.1 255.255.0.0 [3com-ethernet0/0/0] portal newp [3com-ethernet0...
Page 1062
3com router 3000 ethernet family configuration guide chapter 4 ead configuration 3com corporation 4-1 chapter 4 ead configuration 4.1 introduction to ead on an enterprise network that implements host-level attack defense, every user has to install antivirus software, kill virus, and update virus dat...
Page 1063
3com router 3000 ethernet family configuration guide chapter 4 ead configuration 3com corporation 4-2 z management and control. Ead provides a user management platform incorporating access policy, security policy, service policy, and security event monitoring. It can help the network administrator t...
Page 1064
3com router 3000 ethernet family configuration guide chapter 4 ead configuration 3com corporation 4-3 antivirus client, it can check antivirus software version, virus database version, and virus scan/kill history. Z implement security policies. It can receive the security policy issued by the securi...
Page 1065
3com router 3000 ethernet family configuration guide chapter 4 ead configuration 3com corporation 4-4 vii. Portal server a portal server provides portal authentication. To work with ead, a portal server must support portal+. Note: in figure 4-1, the security policy server and the radius server are p...
Page 1066
3com router 3000 ethernet family configuration guide chapter 4 ead configuration 3com corporation 4-5 1) after an endpoint user passes identity authentication, the security policy server issues the ip address and port number of a security client manager proxy and an isolation acl to the router. Acco...
Page 1068
3com router 3000 ethernet family configuration guide chapter 4 ead configuration 3com corporation 4-7 to do… use the command… remarks configure the ip address of the interface connected to the cams server portal upload-ip ip-address required this command must be configured on the interface enabled w...
Page 1069
3com router 3000 ethernet family configuration guide chapter 4 ead configuration 3com corporation 4-8 4.3 portal authentication-combined ead configuration example i. Network requirements the following figure presents a scenario, where z a security policy server, a radius server, and a portal server ...
Page 1070
3com router 3000 ethernet family configuration guide chapter 4 ead configuration 3com corporation 4-9 iii. Configuration procedure 1) configure the security cooperation router # set the portal service type to portal+. System-view [3com] portal service-type plus # configure information on the portal ...
Page 1071
3com router 3000 ethernet family configuration guide chapter 4 ead configuration 3com corporation 4-10 [3com-radius-system] server-type portal 2) configure the security policy server do the following on the security policy server: z define software names, software patches, virus database version, an...
Page 1072
3com router 3000 ethernet family configuration guide chapter 5 acl configuration 3com corporation 5-1 chapter 5 acl configuration 5.1 introduction to acl 5.1.1 acl overview in order to filter data packets, a series of rules need to be configured on the router to decide which data packets can pass. T...
Page 1073
3com router 3000 ethernet family configuration guide chapter 5 acl configuration 3com corporation 5-2 to configuration sequence. For interface-based access control rules, put the rule configured with “any” behind, and arrange others according to configuration sequence. For advance access control rul...
Page 1074
3com router 3000 ethernet family configuration guide chapter 5 acl configuration 3com corporation 5-3 5.1.5 basic acl basic acl can only adopt source address information to serve as element for defining acl rule. A basic acl can be created and basic acl view be entered by the above-mentioned acl com...
Page 1075
3com router 3000 ethernet family configuration guide chapter 5 acl configuration 3com corporation 5-4 then edit the acl rule: rule 1 deny logging and then, the acl rule becomes: rule 1 deny source 1.1.1.1 0 logging the following command can be used to delete a basic acl rule: undo rule rule-id [ com...
Page 1076
3com router 3000 ethernet family configuration guide chapter 5 acl configuration 3com corporation 5-5 parameter description: z rule-id: optional parameter, number of acl rule, ranging from 0 to 65534. After the number is specified, if the acl rule related to the number has existed, a newly defined r...
Page 1077
3com router 3000 ethernet family configuration guide chapter 5 acl configuration 3com corporation 5-6 z destination-port: optional parameter, used to specify destination port information of udp or tcp packet, only valid when the protocol number specified by the rule is tcp or udp. If it is not speci...
Page 1078
3com router 3000 ethernet family configuration guide chapter 5 acl configuration 3com corporation 5-7 for existing acl rule, if edit is performed with specified acl rule number, the rest part will not be affected. For example: first configure an acl rule: rule 1 deny ip source 1.1.1.1 0 then edit th...
Page 1079
3com router 3000 ethernet family configuration guide chapter 5 acl configuration 3com corporation 5-8 z fragment: optional parameter. Only the validation setting solely for non-first-fragment of acl rule with corresponding number will be deleted. Z vpn-instance: optional parameter. If it has been sp...
Page 1080
3com router 3000 ethernet family configuration guide chapter 5 acl configuration 3com corporation 5-9 table 5-2 port number mnemonics protocol mnemonics meaning and actual value tcp bgp chargen cmd daytime discard domain echo exec finger ftp ftp-data gopher hostname irc klogin kshell login lpd nntp ...
Page 1081
3com router 3000 ethernet family configuration guide chapter 5 acl configuration 3com corporation 5-10 protocol mnemonics meaning and actual value udp biff bootpc bootps discard dns dnsix echo mobilip-ag mobilip-mn nameserver netbios-dgm netbios-ns netbios-ssn ntp rip snmp snmptrap sunrpc syslog tac...
Page 1082
3com router 3000 ethernet family configuration guide chapter 5 acl configuration 3com corporation 5-11 table 5-3 mnemonics of icmp packet type mnemonic meaning echo echo-reply fragmentneed-dfset host-redirect host-tos-redirect host-unreachable information-reply information-request net-redirect net-t...
Page 1083
3com router 3000 ethernet family configuration guide chapter 5 acl configuration 3com corporation 5-12 may be used to overwrite the old definition, just as editing an existing acl rule. If the acl rule related to the number does not exist, use the specified number to create a new rule. When the numb...
Page 1084
3com router 3000 ethernet family configuration guide chapter 5 acl configuration 3com corporation 5-13 z type-mask represents the protocol type mask. For type-code values, refer to the chapter that discusses bridge configuration in the link layer protocol part of this manual. Z lsap-code is a hexade...
Page 1085
3com router 3000 ethernet family configuration guide chapter 5 acl configuration 3com corporation 5-14 in above rule entries, all entries are valid for non-first fragments. The first and the third entries are omitted for non-fragments and first fragment, only valid for non-first fragments. 5.2 confi...
Page 1089
3com router 3000 ethernet family configuration guide chapter 6 firewall configuration 3com corporation 6-1 chapter 6 firewall configuration 6.1 introduction to firewall in building construction, firewall is designed to prevent fire spreading from one part of the building to another part. Network fir...
Page 1090
3com router 3000 ethernet family configuration guide chapter 6 firewall configuration 3com corporation 6-2 ii. Packet filter supporting fragment filtering acl/packet filter on 3com router supports testing and filtering of fragments. Packet filter tests packet type (non-fragment packet, first fragmen...
Page 1091
3com router 3000 ethernet family configuration guide chapter 6 firewall configuration 3com corporation 6-3 z it can both filer packets based on connection status and detect packet contents at the application layer. Java blocking to distrusted sites protects the network from malicious java applet. Z ...
Page 1092
3com router 3000 ethernet family configuration guide chapter 6 firewall configuration 3com corporation 6-4 internal network is an internal interface while the one connecting with internet is an external interface. When aspf is applied to the outbound direction of an external interface on the router,...
Page 1093
3com router 3000 ethernet family configuration guide chapter 6 firewall configuration 3com corporation 6-5 following is how an ftp connection is set up: suppose that an ftp client initiates an ftp control channel connection from its port 1333 to the port 21 of ftp server. After negotiation, server i...
Page 1094
3com router 3000 ethernet family configuration guide chapter 6 firewall configuration 3com corporation 6-6 6.2.1 enabling or disabling firewall perform the following configuration in system view. Table 6-1 enable or disable firewall operation command enable firewall firewall enable disable firewall ...
Page 1096
3com router 3000 ethernet family configuration guide chapter 6 firewall configuration 3com corporation 6-8 note: the matching of non-first-fragments depends on how the first fragment is processed. Only when the first fragment of a packet is “permitted” by the acl, does the router records the extensi...
Page 1097
3com router 3000 ethernet family configuration guide chapter 6 firewall configuration 3com corporation 6-9 the default number of upper threshold fragment state records is 2000. The default number of lower threshold fragment state records is 1500. Iv. Applying acl on the interface to filter fragments...
Page 1098
3com router 3000 ethernet family configuration guide chapter 6 firewall configuration 3com corporation 6-10 6.2.6 typical configuration examples of packet filter i. Network requirements the following example of configuring firewall in a company explains firewall configuration. The company accesses t...
Page 1099
3com router 3000 ethernet family configuration guide chapter 6 firewall configuration 3com corporation 6-11 [3com] acl number 3001 # configuration rule permits specific host to access external network and permits internal server to access external network. [3com-acl-adv-3001] rule permit ip source 1...
Page 1100
3com router 3000 ethernet family configuration guide chapter 6 firewall configuration 3com corporation 6-12 table 6-8 configure acl operation command configure acl (in acl view) rule deny apply acl to external interface (in interface view) firewall packet-filter acl-num inbound 6.3.3 defining an asp...
Page 1101
3com router 3000 ethernet family configuration guide chapter 6 firewall configuration 3com corporation 6-13 iii. Configuring application layer protocol detection perform the following configuration in aspf policy view. Table 6-11 configure application layer protocol detection operation command confi...
Page 1102
3com router 3000 ethernet family configuration guide chapter 6 firewall configuration 3com corporation 6-14 you are recommended to use the application layer detection together with tcp/udp detection, for a configuration of tcp/udp detection without application layer protocol might cause packet retur...
Page 1103
3com router 3000 ethernet family configuration guide chapter 6 firewall configuration 3com corporation 6-15 operation command delete the user-configured pam of a host undo port-mapping application-name port port-number acl acl-number the range of hosts in the host-specific pam is specified using a b...
Page 1104
3com router 3000 ethernet family configuration guide chapter 6 firewall configuration 3com corporation 6-16 ii. Network diagram ethernet 202.101.1.2 ethernet1/0/0 202.101.1.1 server host 2.2.2.11 serial1/0/0 10.1.1.1 internal network external network ethernet ppp router aspf router figure 6-4 networ...
Page 1105
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-1 chapter 7 ipsec configuration 7.1 ipsec overview 7.1.1 ipsec ip security (ipsec) protocol family is a series of protocols defined by ietf. It provides high quality, interoperable and cryptology-ba...
Page 1106
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-2 z ike is to negotiate the cryptographic algorithm applied in ah and esp and to put the necessary key in the algorithm to the proper place. Note: ipsec policy and algorithm can also be negotiated m...
Page 1107
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-3 in the transport mode, ah/esp is inserted after the ip header but before all transmission layer protocols or all other ipsec protocols. In the tunnel mode, ah/esp is inserted before the original i...
Page 1108
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-4 z des(data encryption standard): encrypt a 64-bit clear text via a 56-bit key. Z 3des(triple des): encrypt a clear text via three 56-bit keys (168 bits key). Z aes (advanced encryption standard): ...
Page 1109
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-5 note: the encryption card and the ipsec module of v 2.41 adopt the same data processing mechanism. They differ in the sense that the former implements hardware encryption while the latter implemen...
Page 1110
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-6 an ike peer does not receive ipsec packets from its peer when interval-time timer expires and now, it wants to send ipsec packets to its peer. Before that, the ike peer sends a dpd query to its pe...
Page 1111
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-7 according to the vpn id in the packet. Then, it looks up the corresponding vpn routing table and according to the matched entry to identify whether the destination of this packet is a local host o...
Page 1112
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-8 therefore, you should define an ipsec proposal based on requirements so that you can associate it with data flows. 3) defining ipsec policy or ipsec policy group ipsec policy specifies a certain i...
Page 1113
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-9 z configure sa duration (optional) z configure pfs feature for negotiation a security policy can reference an ipsec proposal or card sa proposal as needed. 4) configure security policy template (o...
Page 1114
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-10 note: z ipsec protects the data flow permitted in the acl, therefore, the users are recommended to configure the acl accurately, that is, configure permit only to the data flow needing ipsec prot...
Page 1115
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-11 i. Creating an ipsec or card sa proposal an ipsec proposal is a set of security protocol, algorithms and packet encapsulation format used to implement ipsec protection. An ipsec policy can determ...
Page 1116
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-12 iii. Selecting packet encapsulation mode you must specify encapsulation mode in a security proposal. In addition, the same encapsulation mode must be adopted at the two ends of a security tunnel....
Page 1118
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-14 7.2.3 creating ipsec policies ipsec policies each specify an ipsec proposal for a certain data flow. They fall into two types, manual ipsec policy and ike negotiation ipsec policy. The former one...
Page 1119
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-15 ipsec policy will specify security protocol algorithm and packet encapsulation format by referencing ipsec proposal. Before an ipsec proposal is referenced, this ipsec proposal must be configured...
Page 1120
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-16 table 7-9 configure tunnel start/end point operation command configure local address in the ipsec policy tunnel local ip-address delete the local address configured in the ipsec policy undo tunne...
Page 1122
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-18 operation command dynamically create an ipsec policy by using ike and an ipsec policy template. Ipsec policy policy-name seq-number isakmp [ template template-name ] modify an ipsec policy that h...
Page 1123
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-19 table 7-14 reference acl in the ipsec policy operation command reference an acl in the ipsec policy security acl acl-number remove the acl referenced by the ipsec policy undo security acl one ips...
Page 1124
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-20 will negotiate to set up a new sa for ipsec. Thus, when the old sa becomes fully invalid, a new one is available. Perform the following configurations in system view. Table 7-16 configure a globa...
Page 1126
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-22 note: the parameters configurable in an ipsec policy template are the same as those of ipsec policy, but most are optional. Only ipsec proposal is mandatory. However, it should be noted that the ...
Page 1127
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-23 table 7-21 use ipsec policy group operation command use the ipsec policy group ipsec policy policy-name remove the ipsec policy group in use undo ipsec policy [ policy-name ] an interface can onl...
Page 1128
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-24 7.2.7 configuring the encryption card (optional) the basic configurations of an encryption card are the same as those of ipsec; refer to the previous sections. The following are the optional conf...
Page 1129
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-25 operation command disable ipsec module backup function undo encrypt-card backuped by default, ipsec module backup function is disabled. Iii. Configuring the fast forwarding function of the encryp...
Page 1130
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-26 7.2.8 configuring ipsec dpd i. Creating a dpd structure perform the following configuration in system view. Table 7-28 create a dpd structure and enter its view operation command create a dpd str...
Page 1131
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-27 7.3 displaying and debugging ipsec 7.3.1 displaying and debugging over ipsec module on v 2.41 platform i. Displaying and debugging ipsec configuration after the above configuration, execute displ...
Page 1132
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-28 table 7-32 clear ipsec packet statistics operation command clear ipsec packet statistical information reset ipsec statistics iii. Deleting sa the configuration is used to delete the established s...
Page 1133
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-29 operation command display system logging information on the encryption card display encrypt-card syslog [slot-id ] display interface information on the encryption card display interface encrypt [...
Page 1134
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-30 iv. Clearing packet statistics on encryption card you can reset all counters on the encryption card, including those for data packets, byte counting, lost packets, failed authentication, faulty s...
Page 1135
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-31 ii. Network diagram pc a 10.1.1.2 10.1.1.1 pc b 10.1.2.2 routera internet serial4/1/2 202.38.162.1 serial2/0/1 202.38.163.1 routerb 10.1.2.1 figure 7-3 diagram for ipsec configuration iii. Config...
Page 1136
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-32 # reference the ipsec proposal. [3com-ipsec-policy-manual-map1-10] proposal tran1 # configure the peer address. [3com-ipsec-policy-manual-map1-10] tunnel remote 202.38.162.1 # configure local end...
Page 1137
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-33 # select algorithm. [3com-ipsec-proposal-tran1] esp encryption-algorithm des [3com-ipsec-proposal-tran1] esp authentication-algorithm sha1 # return to system view. [3com-ipsec-proposal-tran1] qui...
Page 1138
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-34 7.4.2 establishing security association in isakmp mode i. Network requirements as displayed in above figure, a security tunnel is configured between router a and router b. Data flow security prot...
Page 1139
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-35 [3com] ipsec policy map1 10 isakmp # reference ipsec proposal. [3com-ipsec-policy-isakmp-map1-10] proposal tran1 # reference access control list. [3com-ipsec-policy-isakmp-map1-10] security acl 3...
Page 1140
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-36 # return to system view. [3com-ipsec-proposal-tran1] quit # configure an ike peer. [3com] ike peer peer [3com-ike-peer-peer] pre-shared-key abcde [3com-ike-peer-peer] remote-address 202.38.163.1 ...
Page 1141
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-37 sub-network (10.1.2.0/24) represented by pc b. Manually create sas, choose esp protocol, des encryption algorithm and sha1-hmac-96 authentication algorithm. Ii. Network diagram pc a pc b internet...
Page 1142
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-38 [router-ipsec-policy-policy1-10] security acl 3001 # configure the peer address. [router-ipsec-policy-policy1-10] tunnel remote 202.38.162.1 # configure local end address. [router-ipsec-policy-po...
Page 1143
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-39 # specify sa proposal trans1 to use the encryption card on the slot 1/0/0. [router-ipsec-card-proposal-tran1] use encrypt-card 1/0/0 # packet encapsulation format is tunnel mode. [router-ipsec-ca...
Page 1144
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-40 [router-serial3/0/0] ip address 202.38.162.1 255.255.255.0 # apply the security policy set on the serial interface. [router-serial0/0/0] ipsec policy map1 [router-serial3/0/0] quit # configure a ...
Page 1145
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-41 iii. Configuration procedure 1) configure router a # configure router a as the master in a vrrp group. System [3com] vrrp ping-enable [3com] interface ethernet0/0/0 [3com-ethernet0/0/0] ip addres...
Page 1146
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-42 [3com] ipsec policy map1 10 isakmp [3com-ipsec-policy-isakmp-map1-10] proposal tran1 [3com-ipsec-policy-isakmp-map1-10] security acl 3101 [3com-ipsec-policy-isakmp-map1-10] ike-peer peer [3com-ip...
Page 1147
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-43 [3com-ike-peer-peer] remote-address 13.0.0.1 [3com-ike-peer-peer] local-address 10.0.0.5 [3com-ike-peer-peer] dpd dpd1 [3com-ike-peer-peer] quit # create an ipsec policy, setting negotiation mode...
Page 1148
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-44 [3com] ipsec policy map1 10 isakmp [3com-ipsec-policy-isakmp-map1-10] proposal tran1 [3com-ipsec-policy-isakmp-map1-10] security acl 3101 [3com-ipsec-policy-isakmp-map1-10] ike-peer peer [3com-ip...
Page 1149
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-45 (seqno:1382148220) routere ike/8/debug:response(recv dpd request): received a message (seqno:1382148220) routere ike/8/debug:response(send dpd response): send a message (seqno:1382148220) 7.4.5 i...
Page 1150
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-46 [ce1] interface ethernet0/0/0 [ce1-ethernet0/0/0] ip address 21.21.21.2 255.255.255.0 [ce1-ethernet0/0/0] ipsec policy map [ce1-ethernet0/0/0] quit [ce1] interface ethernet0/0/1 [ce1-ethernet0/0/...
Page 1151
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-47 # configure the ike peer test2. [pe1] ike peer test2 [pe1-ike-peer-test2] pre-shared-key huawei [pe1-ike-peer-test2] remote-address 31.31.31.2 [pe1-ike-peer-test2] quit # configure ipsec proposal...
Page 1152
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-48 # configure the data stream to be protected by ipsec. [pe1] acl number 3000 [pe1-acl-adv-3000] rule 0 permit ip source 51.51.51.0 0.0.0.255 destination 21.21.21.0 0.0.0.255 [pe1-acl-adv-3000] qui...
Page 1153
3com router 3000 ethernet family configuration guide chapter 7 ipsec configuration 3com corporation 7-49 the configurations for ce2, ce3 and ce4 are similar to those for ce1. The configuration for pe2 is symmetric with that for pe1..
Page 1154
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-1 chapter 8 ike configuration 8.1 ike overview 8.1.1 brief introduction to ike ike (internet key exchange) is internet shared secret exchange protocol. It is a mixed protocol, configured in a framewor...
Page 1155
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-2 authentication keys to generate the same shared secret between the two parties. Authentication key is the key in identity authentication for both parties. Z identity protection after shared secret i...
Page 1156
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-3 ii. Nat traversal if there is a nat gw on the vpn tunnel set up via ipsec/ike and if this gw performs nat on the vpn service data, you must configure the nat traversal function for ipsec/ike. With t...
Page 1157
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-4 8.2 ike configuration ike configuration includes: 1) set a name for the local security gw 2) define ike proposal z establish ike proposal z select encryption algorithm z select authentication method...
Page 1158
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-5 8.2.2 defining ike proposal i. Establishing ike proposal ike proposal defines a set of attributes describing how ike negotiation conducts security communications. Configuring an ike proposal include...
Page 1161
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-8 ii. Configuring ike negotiation mode perform the following configuration in ike-peer view. Table 8-9 configure negotiation mode operation command configure ike negotiation mode. Exchange-mode { aggr...
Page 1162
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-9 in main mode, only ip address can be taken as the id in ike negotiation. In aggressive mode, however, you may use either ip address or name as the id in ike negotiation. V. Specifing id of the remot...
Page 1163
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-10 vii. Configuring nat traversal the nat traversal function must be configured so long as there is a nat ipsec device on the vpn tunnel constructed using ipsec/ike. Perform the following configuratio...
Page 1164
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-11 ix. Configuring subnet type of the ike peer you can use these two commands only when your router is interoperable with a netscreen device. Perform the following configuration in ike-peer view: tabl...
Page 1165
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-12 table 8-18 configure timeout waiting time for keepalive packet operation command configure isakmp sa timeout time for waiting keepalive packet ike sa keepalive-timer timeout seconds disable this fu...
Page 1166
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-13 if the isakmp sa at stage 1 still exists when you deleting the local sa, the system will send the delete message in the protection mode of the isakmp sa to notify the peer to clear the sa database....
Page 1167
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-14 [3com] ike proposal 10 # set the authentication algorithm used by the ike proposal to md5. [3com-ike-proposal-10] authentication-algorithm md5 # apply the pre-shared key authentication mode. [3com-...
Page 1168
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-15 note: for the purpose of highlighting the configurations of ike aggressive mode and nat traversal function, routers in this example are interconnected via their serial interfaces across the interne...
Page 1169
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-16 [routera-ipsec-proposal-prop] quit # create security policy and specify sa establishment via ike negotiation. [routera] ipsec policy policy 10 isakmp # create an ipsec policy and reference the ike ...
Page 1170
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-17 [routerb-ipsec-proposal-prop] quit # create an ipsec policy and specify to set up sa by means of ike negotiation. [routerb] ipsec policy policy 10 isakmp # reference the ike peer in the ipsec polic...
Page 1171
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-18 iii. Configuration procedure 1) configure router a # assign a name to the local security gateway. System-view [routera] ike local-name routera # configure an acl. [routera] acl number 3101 [routera...
Page 1172
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-19 [routera-ipsec-policy-isakmp-policy-10] proposal prop [routera-ipsec-policy-isakmp-policy-10] quit # assign an ip address to interface serial 0/0/0. [routera] interface serial0/0/0 [routera-serial0...
Page 1173
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-20 # create ipsec proposal prop. [routerb] ipsec proposal prop [routerb-ipsec-proposal-prop] encapsulation-mode tunnel [routerb-ipsec-proposal-prop] transform esp [routerb-ipsec-proposal-prop] esp enc...
Page 1174
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-21 [routerb-atm1/0/0] pvc 0/100 [routerb-atm-pvc-atm1/0/0-0/100] map bridge virtual-ethernet0 [routerb-atm-pvc-atm1/0/0-0/100] quit # create and configure the ve interface. [routerb] interface virtual...
Page 1175
3com router 3000 ethernet family configuration guide chapter 8 ike configuration 3com corporation 8-22 symptom 3: unable to establish security channel troubleshooting: check whether the network is stable and the security channel is established correctly. Sometimes there is a security channel but the...
Page 1176
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-1 chapter 9 pki configuration 9.1 pki overview 9.1.1 introduction public key infrastructure (pki) is a system which uses public key technology and digital certificate to protect system security and au...
Page 1177
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-2 9.1.2 terminology z public key algorithm: key algorithm that involves different encryption key and decryption key. A pair of keys are generated for each user: one is publicized as public key; the ot...
Page 1178
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-3 z pki certificate request z pki certificate validation z display and debug 9.2 certificate request configuration 9.2.1 certificate request overview certificate request is a process when an entity in...
Page 1179
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-4 by default, no pki domain is specified. Note: typically, a device may belong to two or more pki domains. Then independent configuration information is required for each domain. Parameter configurati...
Page 1180
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-5 9.2.4 configuring servers for certificate request i. Configuring the entity for certificate request an entity is required for certificate request; it is used to prove the identity to the ca. Perform...
Page 1181
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-6 note: for details about entity-name, refer to “section 9.2.5 configuring entity name space”. Iii. Configuring registration server location the registration server location (i.E., url) needs to be sp...
Page 1182
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-7 configured by using the command described here, the router rejects the root certificate. The fingerprint can be md5 or sha1 format. Perform the following configuration in pki domain view. Table 9-7 ...
Page 1183
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-8 note: entity configuration information must comply with ca certificate issue policy, for example, in determining mandatory and optional parameters. Otherwise, certificate request may be rejected. Ii...
Page 1184
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-9 operation command delete the entity fqdn undo fqdn by default, no fqdn is configured for the entity. Iv. Configuring the country code for the entity perform the following configuration in pki entity...
Page 1185
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-10 operation command delete the locality setting undo locality by default, no geographic locality is specified for the entity. Vii. Configuring the organization name for the entity perform the followi...
Page 1186
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-11 x. Configuring the ip address for the entity it is an optional operation, with the same function as specifying the entity fqdn. Perform the following configuration in pki entity view. Table 9-16 co...
Page 1187
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-12 caution: z if a local certificate already exists, you are not recommended to create another key pair. To ensure consistency between key pair and existing certificate, you should first delete the ex...
Page 1188
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-13 operation command restore the default request mode undo certificate request mode by default, manual mode is selected. 9.2.9 delivering a certificate request manually a certificate request completes...
Page 1190
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-15 9.3 certificate validation configuration 9.3.1 configuration task list at every stage of data communication, both parties should verify the validity of corresponding certificates, including issue t...
Page 1191
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-16 note: crl update period configured manually takes priority over that specified in crls. 9.3.4 enabling/disabling crl check crl check is optional for certificate validation. If it is enabled, you mu...
Page 1193
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-18 iii. Displaying and debugging configuration using the display current command, you can view current pki configuration. You can enable pki debugging to monitor and diagnose relevant certificate impl...
Page 1194
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-19 ii. Network diagram ca1 1.1.1.101 ra 1 1.1.1.100 ldap1 1.1.1.102 ca2 2.1.1.101 ra2 2.1.1.100 ldap2 2.1.1.102 pki certificate system router a router b pc a pc b 10.1.1.2 s0 202.38.162. 1 internet s0...
Page 1195
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-20 # configure entity dn. [routera] pki entity en [routera-pki-entity-en] ip 202.38.163.1 [routera-pki-entity-en] common-name routera # create local key pair using rsa algorithm. [routera-pki-entity-e...
Page 1196
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-21 note: the configuration of ike negotiation using pki identity authentication is described above. If you want to create an ipsec security channel to ensure communication security, you also need to c...
Page 1197
3com router 3000 ethernet family configuration guide chapter 9 pki configuration 3com corporation 9-22 1) software problems z no local certificate exists when you try to retrieve a crl. Z ip address of ldap server is not configured. Z crl distribution point location is not configured. Z ldap server ...
Page 1198: Vpn
3com router 3000 ethernet family configuration guide 3com corporation i vpn.
Page 1199: Table of Contents
3com router 3000 ethernet family configuration guide table of contents 3com corporation i table of contents chapter 1 vpn overview .............................................................................................................. 1-1 1.1 vpn overview.........................................
Page 1200
3com router 3000 ethernet family configuration guide table of contents 3com corporation ii 2.3.13 disconnecting an l2tp connection.................................................................... 2-22 2.3.14 enabling/disabling flow control function of tunnel .........................................
Page 1201
3com router 3000 ethernet family configuration guide table of contents 3com corporation iii 4.3.1 configuration example for dvpn with nat traversal.......................................... 4-24 4.3.2 configuration example for dvpn in combination with gre ................................ 4-29.
Page 1202: Chapter 1 Vpn Overview
3com router 3000 ethernet family configuration guide chapter 1 vpn overview 3com corporation 1-1 chapter 1 vpn overview 1.1 vpn overview along with the increasingly wide application of the internet, virtual private network (vpn) emerged to construct private networks on public networks. “virtual” her...
Page 1203
3com router 3000 ethernet family configuration guide chapter 1 vpn overview 3com corporation 1-2 business partners at a low cost, while improving utility of network resources. This will help internet service providers (isps) increase profits. Z add or delete users through software configuration rath...
Page 1204
3com router 3000 ethernet family configuration guide chapter 1 vpn overview 3com corporation 1-3 pop pop pop pc pstn/isdn cooperator remote subscriber internet isp ip frame relay atm corporate headquarter internal server figure 1-2 diagram of vpn application it can be seen that enterprise internal r...
Page 1205
3com router 3000 ethernet family configuration guide chapter 1 vpn overview 3com corporation 1-4 tunnels are implemented using tunneling protocols. Tunneling protocols are divided into layer 2 tunneling protocols and layer 3 tunneling protocols depending on at which layer of osi model tunnel is impl...
Page 1206
3com router 3000 ethernet family configuration guide chapter 1 vpn overview 3com corporation 1-5 which may not only overload the system but also decrease the scalability. The introduction of tunneling latency may incur such problems as ppp session timeout in time sensitive lcp and ncp negotiations o...
Page 1207
3com router 3000 ethernet family configuration guide chapter 1 vpn overview 3com corporation 1-6 iii. Classified by networking model 1) vll virtual leased line (vll) is emulation to traditional leased line services. By emulating leased line over ip networks, it provides asymmetric and low cost “ddn”...
Page 1208
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-1 chapter 2 configuration of l2tp 2.1 introduction to l2tp protocol 2.1.1 vpdn overview virtual private dial network (vpdn) means implementing virtual private network by employing the dial-up func...
Page 1209
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-2 between users and nas, with endpoint of layer 2 link and ppp session sticking on the same hardware. L2tp provides tunnel transmission for ppp link layer packets. It extents ppp model in that it ...
Page 1210
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-3 packet transmission packet (udp,……) l2tp data message (unreliable) l2tp data message ppp frame l2tp control tunnel (reliable) l2tp control message figure 2-2 architecture of l2tp protocol the ar...
Page 1211
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-4 control messages and data messages share the same type of packet headers. Tunnel id and session id are included in l2tp packet header, to identify different tunnels and sessions. The packets wit...
Page 1212
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-5 wan pstn/isdn lac lns pc pc pc router a router b radius server ip network radius server ip network figure 2-4 typical l2tp application network call setup flow of l2tp tunnel is shown in the foll...
Page 1213
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-6 5) radius server authenticates this user and sends back access accept, such as lns address, after authentication is passed successfully; lac is ready for initiating a new tunnel request; 6) lac ...
Page 1214
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-7 z set the lac to function as client (optional) 2.2.1 enabling l2tp only after l2tp is enabled can l2tp functions on the router work normally. If l2tp is disabled, the router cannot provide relat...
Page 1215
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-8 2.2.3 setting condition triggering l2tp tunnel setup request and lns address a router will not send l2tp tunnel setup request to some other router or lns server unless certain conditions are met...
Page 1216
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-9 table 2-4 set local tunnel name operation command set local tunnel name. Tunnel name name restore the default local tunnel name. Undo tunnel name by default, local tunnel name is the hostname of...
Page 1217
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-10 table 2-6 configure avp hiding operation command enable avp hiding tunnel avp-hidden restore the default avp transfer mode undo tunnel avp-hidden by default, avp is transferred in simple text. ...
Page 1218
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-11 table 2-8 configure a username and password operation command configure a user name and password (in system view). Local-user username delete the current setting (in system view). Undo local-us...
Page 1219
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-12 both lac side and lns side can start tunnel disconnection. After a tunnel is disconnected, the control connection and sessions on it are cleared. This tunnel can be set up when a new user dials...
Page 1220
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-13 2.2.12 configuring the tunnel-hold function of l2tp normally, the lac sets up a tunnel with the lns only when receiving an l2tp session request from a ppp user. This tunnel is automatically tor...
Page 1221
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-14 users on the lac and maintaining a permanent connection for it. The ip packets of all these actual users are forwarded to the lns through this virtual user. To use the lac as the client, you mu...
Page 1223
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-16 2.3.1 enabling l2tp only after l2tp is enabled can l2tp functions on the router work normally. If l2tp is disabled, the router cannot provide related functions even if parameters of l2tp have b...
Page 1224
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-17 lns only need to keep consistent in the configurations of the involved l2tp groups such as remote name of tunnel, start l2tp and lns address. These configurations are compulsory on lns side. Pe...
Page 1225
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-18 table 2-23 set parameters for call receiving operation command set remote name of tunnel (l2tp group not being 1). Allow l2tp virtual-template virtual-template-number remote remote-name [ domai...
Page 1227
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-20 operation command restore the default value of hello interval. Undo tunnel timer hello by default, hello interval is 60 seconds. If this configuration is not performed on lns side, lns will ado...
Page 1228
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-21 virtual template is chap and that configured on lac side is pap, authentication fails and session cannot be correctly created as the chap authentication level demanded by lns is higher than pap...
Page 1229
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-22 perform the following configuration in virtual template view. Table 2-29 set local address and assigned address pool operation command set local ip address. Ip address x.X.X.X netmask remove th...
Page 1231
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-24 operation command enable ppp packet content debugging debugging l2tp dump disable ppp packet content debugging undo debugging l2tp dump enable l2tp error debugging debugging l2tp error disable ...
Page 1232
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-25 ii. Network diagram vpn user pstn/isdn nas company headquarter internet tunnel lns figure 2-6 network diagram of nas-initialized vpn iii. Configuration procedure 1) configuration on user end on...
Page 1233
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-26 [3com] interface virtual-template 1 [3com-virtual-template1] ip address 192.168.0.1 255.255.255.0 [3com-virtual-template1] ppp authentication-mode domain chap [3com-virtual-template1] remote ad...
Page 1234
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-27 # revise connection attributes. Set adopted protocol to l2tp, encryption attribute to user defined. Choose chap authentication for tunnel authentication, with tunnel password being “3com”. 2) c...
Page 1235
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-28 ii. Network diagram quidway 1 lac quidway 2 lns internet tunnel wan modem pstn isdn pc1 pc2 headquarter figure 2-8 network diagram for interconnecting a single user with its headquarters iii. C...
Page 1236
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-29 # enable tunnel authentication and set password of tunnel authentication. [3com1-l2tp1] tunnel authentication [3com1-l2tp1] tunnel password simple 3com 3) configuration on router 3com2 (on lns ...
Page 1237
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-30 private addresses, such as 10.8.0.0, the users cannot directly access the internal servers of their own enterprises via the internet in normal circumstances. However, they can access the resour...
Page 1238
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-31 [3com1-luser-vpdn2] service-type ppp [3com1-luser-vpdn2] quit # apply local authentication to the domain user. [3com1] domain 263.Net [3com1-isp-263.Net] scheme local [3com1-isp-263.Net] quit [...
Page 1239
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-32 [3com2-luser-vpdn2] password simple 22222 [3com2-luser-vpdn2] service-type ppp [3com2-luser-vpdn2] quit # configure the domain users to use local authentication. [3com2] domain 263.Net [3com2-i...
Page 1240
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-33 [3com2-l2tp3] allow l2tp virtual-template 1 remote lac domain 263.Net [3com2-l2tp3] tunnel password simple 12345 [3com2-l2tp3] l2tp-group 4 [3com2-l2tp4] tunnel authentication [3com2-l2tp4] all...
Page 1241
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-34 [routera-virtual-template1] ip address ppp-negotiate [routera-virtual-template1] ppp pap local-user vpdnuser password simple hello [routera-virtual-template1] ppp authentication-mode pap [route...
Page 1242
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-35 [routerb-l2tp1] tunnel authentication [routerb-l2tp1] tunnel password simple 3com [routerb-l2tp1] quit # configure interface serial 1/0/0. [routerb] interface serial1/0/0 [routerb-serial1/0/0] ...
Page 1243
3com router 3000 ethernet family configuration guide chapter 2 configuration of l2tp 3com corporation 2-36 2) on lns side, l2tp group that can receive the remote end of the tunnel is not configured. For details, refer to the description of the allow command. 3) tunnel authentication fails. If authen...
Page 1244
3com router 3000 ethernet family configuration guide chapter 3 configuration of gre 3com corporation 3-1 chapter 3 configuration of gre 3.1 brief introduction to gre i. Gre overview generic routing encapsulation protocol (gre) can encapsulate datagrams of some network layer protocols (e.G. Ip and ip...
Page 1245
3com router 3000 ethernet family configuration guide chapter 3 configuration of gre 3com corporation 3-2 when receiving a datagram needed encapsulating and routing, called payload, the system first add a gre header to the datagram to form a gre packet. This gre packet is then encapsulated into an ip...
Page 1246
3com router 3000 ethernet family configuration guide chapter 3 configuration of gre 3com corporation 3-3 in the above figure, group1 and group2 are the local networks employing the novell ipx protocol; term1 and term2 are the local networks running ip. By setting up a gre tunnel between router a and...
Page 1247
3com router 3000 ethernet family configuration guide chapter 3 configuration of gre 3com corporation 3-4 present. When transmitting such multicast data as routing protocol, voice and image in an ipsec tunnel, you can set up a gre tunnel, encapsulate the multicast data with gre, and then encrypt the ...
Page 1248
3com router 3000 ethernet family configuration guide chapter 3 configuration of gre 3com corporation 3-5 card, which can take on the value of 0 or 1; port represents the number of the specified interface, ranging from 0 to 1023, but the actual number of created tunnels depends on the total number of...
Page 1249
3com router 3000 ethernet family configuration guide chapter 3 configuration of gre 3com corporation 3-6 note: z the same source address and destination address cannot be configured on two or more tunnel interfaces encapsulated with the same protocol. Z the source command configures actual physical ...
Page 1250
3com router 3000 ethernet family configuration guide chapter 3 configuration of gre 3com corporation 3-7 operation command delete the ip address of the tunnel interface. Undo ip address by default, network address of tunnel interface is not configured. 3.2.6 configuring end-to-end verification on bo...
Page 1251
3com router 3000 ethernet family configuration guide chapter 3 configuration of gre 3com corporation 3-8 table 3-7 set identification key of the tunnel interface operation command set identification key of the tunnel interface. Gre key key-number cancel the identification key of tunnel interface. Un...
Page 1252
3com router 3000 ethernet family configuration guide chapter 3 configuration of gre 3com corporation 3-9 by default, the keepalive function of gre is disabled; seconds is set to 10 and times to 3. 3.3 displaying and debugging gre upon the completion of the above configurations, execute the display c...
Page 1253
3com router 3000 ethernet family configuration guide chapter 3 configuration of gre 3com corporation 3-10 [3com1-serial1/0/0] quit # create interface tunnel 1/0/0. [3com1] interface tunnel 1/0/0 # configure ip address of interface tunnel 1/0/0. [3com1-tunnel1/0/0] ip address 10.1.2.1 255.255.255.0 #...
Page 1254
3com router 3000 ethernet family configuration guide chapter 3 configuration of gre 3com corporation 3-11 # configure static route from 3com2 to group 1 via interface tunnel2/0/0. [3com2] ip route-static 10.1.1.0 255.255.255.0 tunnel 2/0/0 3.5 gre troubleshooting gre configuration is relatively simp...
Page 1255: Chapter 4 Dvpn
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-1 chapter 4 dvpn 4.1 dvpn overview 4.1.1 introduction to dvpn dynamic virtual private network (dvpn) technology is a kind of technology that establishes virtual private networks (vpns) by dynamically acquiring inf...
Page 1256
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-2 iv. Dvpn client a dvpn access device that operates as a client in a dvpn domain. A client must successfully register with the dvpn server to access a dvpn domain. A dvpn client does these things: z initiate regi...
Page 1257
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-3 4.1.3 operation of dvpn each dvpn access device in a dvpn domain runs the proprietary dvpn protocol. The dvpn server holds information about all registered clients, and each client holds information about all se...
Page 1258
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-4 3) the client sends key negotiation request and server authentication request to the server. 4) the server sends a key negotiation response message, a client authentication message, and a server authentication r...
Page 1259
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-5 4.1.4 basic network structure dvpn adopts a client/server model. Among all the access devices in a dvpn domain, only one can be the server and uses a fixed public ip address, whereas the others operate as client...
Page 1260
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-6 egresses, you must map each private ip address to a unique public ip address. This leads to the requirement for a large amount of public ip addresses. Therefore, gre is not applicable for scenarios with nat gate...
Page 1261
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-7 with the client. A dvpn client requires only being configured with information about itself and the dvpn server; it does not need any information about other clients. This remarkably eases the network maintenanc...
Page 1262
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-8 a dvpn domain and the configuration of the entire network, dramatically improving network maintainability and automation degree. 4.1.6 extended dvpn function along with radius server, dvpn server can implement a...
Page 1263
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-9 4.2 dvpn configuration dvpn configuration comprises client configuration and server configuration. I. Client configuration dvpn client configuration includes basic configuration, tunnel interface configuration, ...
Page 1264
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-10 z enabling/disabling dvpn z configuring the pre-shared key (optional) z configuring the map aging time z configuring how to authenticate a client z configuring a local user for a client (optional) z configure a...
Page 1265
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-11 table 4-1 enable/disable dvpn operation command enable dvpn dvpn service enable disable dvpn dvpn service disable dvpn is enabled by default. Ii. Configuring the pre-shared key use these commands to configure/r...
Page 1266
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-12 iv. Configuring the map aging time you can configure a map aging time on the dvpn server, so that the server can delete maps related to unsuccessful registration. If a client successfully registers with the ser...
Page 1267
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-13 perform the following configuration in system view on a client or a dvpn server. Table 4-6 enable/disable dvpn operation command enable dvpn dvpn service enable disable dvpn dvpn service disable dvpn is enabled...
Page 1268
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-14 iv. Configuring the dumb interval when registering with the dvpn server, a client can try for a specified number of times. If all attempts fail, the client turns into the dumb state. A client in the dumb state ...
Page 1269
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-15 iii. Configuring the dvpn domain to which the tunnel interface belongs use this command to configure the id of the dvpn domain to which the tunnel interface belongs. Tunnel interfaces belonging to the same dvpn...
Page 1270
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-16 operation command disable a dvpn class on the tunnel interface undo dvpn server dvpn-class-name a tunnel interface has no dvpn class applied by default. Vi. Applying the dvpn policy to the tunnel interface (for...
Page 1271
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-17 operation command restore the default encryption mode of data streams undo dvpn security acl all packets that pass through the tunnel interface are encrypted using ipsec by default. Viii. Configuring the regist...
Page 1272
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-18 i. Creating a dvpn class and entering its view use these commands to create a dvpn class and enter its view, or remove an existing dvpn class. Note that a dvpn class in use cannot be removed. Perform the follow...
Page 1273
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-19 operation command remove the private ip address of the dvpn server undo private-ip no private ip address of the dvpn server is configured by default. Iv. Configuring the algorithm suite used during registration...
Page 1274
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-20 table 4-23 configure the pre-shared key of the dvpn server operation command configure the pre-shared key of the dvpn server pre-shared-key key remove the configured pre-shared key undo pre-shared-key no pre-sh...
Page 1275
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-21 i. Creating a dvpn policy and entering its view use these commands to create a dvpn policy and enter its view, enter an existing dvpn policy view, or remove an existing dvpn policy. To remove a dvpn policy that...
Page 1276
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-22 operation command restore the default encryption algorithm suite for sessions between the server and the clients undo session algorithm-suite by default, the algorithm suite 1 for session control packets is use...
Page 1277
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-23 vi. Configuring the session request interval if a session is not successfully established, the initiator sends a request again to try to establish the session after a specified interval. If three successive ses...
Page 1278
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-24 operation command restore the default lifetime undo data ipsec-sa duration time-base the default lifetime of the ipsec sa is 3,600 seconds. 4.2.6 displaying and debugging dvpn execute the display commands in an...
Page 1279
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-25 i. Network requirements as figure 4-3 shows, branch a and branch b establish dvpn connections with the headquarters respectively. Since the private network of branch a is connected to the private network of the...
Page 1280
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-26 ii. Network diagram ethernet0/0/1:10. 0. 1.1/24 tunnel0 : 10.0. 0.1/24 ethernet0/0/0: 201.1.1.3 tunnel0:10.0.0.3/24 ethernet0/0 /0: 201. 1. 1. 1 server client2 ethernet0/0/1:10.1.3.1/24 branch a branch b headqu...
Page 1281
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-27 [server-ethernet0/0/1] quit # configure interface tunnel0. [server] interface tunnel 0 [server-tunnel0] tunnel-protocol udp dvpn [server-tunnel0] dvpn interface-type server [server-tunnel0] ip address 10.0.0.1 ...
Page 1282
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-28 [client1-ethernet0/0/1] quit # configure the dvpn class. [client1] dvpn class testserver [client1-dvpn-class-testserver] public-ip 201.1.1.1 [client1-dvpn-class-testserver] quit # configure interface tunnel0. [...
Page 1283
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-29 [client2-tunnel0] dvpn interface-type client [client2-tunnel0] dvpn server testserver [client2-tunnel0] dvpn vpn-id 1 [client2-tunnel0] quit # configure static routes. [client2] ip route-static 10.0.1.0 255.255...
Page 1284
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-30 # enable dvpn. System-view [server] dvpn service enable # configure interface ethernet0/0/0. [server] interface ethernet0/0/0 [server-ethernet0/0/0] ip address 201.1.1.1 255.255.255.0 [server-ethernet0/0/0] qui...
Page 1285
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-31 # configure the tunnel1 interface used by gre. [server] interface tunnel 1 [server-tunnel1] ip address 10.1.0.1 255.255.255.0 [server-tunnel1] destination 211.1.1.3 [server-tunnel1] source ethernet0/0/0 [server...
Page 1286
3com router 3000 ethernet family configuration guide chapter 4 dvpn 3com corporation 4-32 [client1] ip route-static 10.1.2.0 255.255.255.0 10.0.0.1 3) configure client2 # enable dvpn. System-view [client2] dvpn service enable # configure interface ethernet0/0/0. [client2] interface ethernet0/0/0 [cl...
Page 1287: Quality of Service
3com router 3000 ethernet family configuration guide 3com corporation i quality of service.
Page 1288: Table of Contents
3com router 3000 ethernet family configuration guide table of contents 3com corporation i table of contents chapter 1 qos overview .............................................................................................................. 1-1 1.1 introduction ........................................
Page 1289
3com router 3000 ethernet family configuration guide table of contents 3com corporation ii 3.4.1 configuring cql.................................................................................................... 3-12 3.4.2 applying custom-list on the interface .........................................
Page 1290
3com router 3000 ethernet family configuration guide table of contents 3com corporation iii 6.2.1 configuring mpls pq ............................................................................................. 6-2 6.2.2 configuring mpls cq..............................................................
Page 1291: Chapter 1 Qos Overview
3com router 3000 ethernet family configuration guide chapter 1 qos overview 3com corporation 1-1 chapter 1 qos overview 1.1 introduction quality of service (qos) measures the service performance of service providers in terms of client satisfaction. Instead of giving accurate marks, qos emphasizes an...
Page 1292
3com router 3000 ethernet family configuration guide chapter 1 qos overview 3com corporation 1-2 those new applications have one thing in common, i.E. High requirements for bandwidth, delay, and jitter. For instance, videoconference and vod need the assurance of wide bandwidth, low delay and jitter....
Page 1293
3com router 3000 ethernet family configuration guide chapter 1 qos overview 3com corporation 1-3 impact congestion may cause the following negative effects: z increase the delay and jitter of packet transmission z packet re-transmission caused by high delay z decrease the efficient throughput of net...
Page 1294
3com router 3000 ethernet family configuration guide chapter 1 qos overview 3com corporation 1-4 z congestion avoidance: exceeding congestion consumes network resources. Congestion avoidance can monitor the usage status of network resources, and as congestion becomes worse actively take the policy o...
Page 1295: Shaping
3com router 3000 ethernet family configuration guide chapter 2 traffic classification, policing, and shaping 3com corporation 2-1 chapter 2 traffic classification, policing, and shaping 2.1 traffic classification traffic classification is the prerequisite and foundation for differentiated service, w...
Page 1296
3com router 3000 ethernet family configuration guide chapter 2 traffic classification, policing, and shaping 3com corporation 2-2 traffic policing and traffic shaping is a traffic monitoring policy to adjust the traffic and resources through comparing with the traffic specification. To know whether ...
Page 1297
3com router 3000 ethernet family configuration guide chapter 2 traffic classification, policing, and shaping 3com corporation 2-3 out. Otherwise, it shows that too much tokens have been used, and traffic specifications are exceeded. Iii. Complicated evaluation two token buckets can be configured to ...
Page 1298
3com router 3000 ethernet family configuration guide chapter 2 traffic classification, policing, and shaping 3com corporation 2-4 the main difference between traffic shaping and traffic policing is: the packets to be dropped in traffic policing will be stored during traffic shaping — generally they ...
Page 1299
3com router 3000 ethernet family configuration guide chapter 2 traffic classification, policing, and shaping 3com corporation 2-5 incoming packets outgoing packets token bucket tokens enter bucket at the given speed classify buffer queue figure 2-4 lr processing diagram if token bucket is used to co...
Page 1300
3com router 3000 ethernet family configuration guide chapter 2 traffic classification, policing, and shaping 3com corporation 2-6 the command will create several car lists; for the same carl-index, the repeat execution of the command will modify the parameters of car list, i.E. The car list just con...
Page 1301
3com router 3000 ethernet family configuration guide chapter 2 traffic classification, policing, and shaping 3com corporation 2-7 z remark-prec-continue new-precedence: to specify a new ip priority new-precedence and execute the next car strategy. The value range is 0~7. Z remark-prec-pass new-prece...
Page 1302
3com router 3000 ethernet family configuration guide chapter 2 traffic classification, policing, and shaping 3com corporation 2-8 table 2-4 configure interface lr operation command configure interface lr qos lr cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] dis...
Page 1303
3com router 3000 ethernet family configuration guide chapter 2 traffic classification, policing, and shaping 3com corporation 2-9 table 2-7 display gts configuration and statistics on the interface operation command display gts configuration and statistics in the interface display qos gts interface ...
Page 1304
3com router 3000 ethernet family configuration guide chapter 2 traffic classification, policing, and shaping 3com corporation 2-10 ii. Network diagram ethernet internet ethernet0/0/0 ethernet1/0/0 ethernet1/0/0 quidway2 quidway1 server pc1 ethernet0/0/0 1.1.1.1/8 1.1.1.2/8 pc2 ethernert2/0/0 figure ...
Page 1305
3com router 3000 ethernet family configuration guide chapter 2 traffic classification, policing, and shaping 3com corporation 2-11 [3com2-ethernet0/0/0] qos car acl 2 outbound cir 1000000 cbs 1000000 ebs 0 green pass red discard 2.6 mfr interface lr configuration example i. Network requirements rout...
Page 1306
3com router 3000 ethernet family configuration guide chapter 2 traffic classification, policing, and shaping 3com corporation 2-12 [3com-mfr4] fr interface-type dce [3com-mfr4] fr dlci 100 [3com-fr-dlci-mfr4-100] quit [3com-mfr4] fr map ip 10.140.10.1 100 [3com-mfr4] quit # assign interfaces serial ...
Page 1307
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-1 chapter 3 congestion management 3.1 brief introduction to congestion management as to a network device, congestion will occur on the interface where the arrival rate of packets is faster than th...
Page 1308
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-2 within each queue, the sending (sequence) of packets is defaulted as fifo. Ii. Pq (priority queuing) incoming packets top queue middle queue classify outgoing packets normal queue bottom queue t...
Page 1309
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-3 iii. Cq (custom queuing) incoming packets queue1 queue2 classify outgoing packets queue15 queue16 transmit queue interface …… 10% 30% 10% 5% scheduler figure 3-3 custom queuing cq classifies pac...
Page 1310
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-4 iv. Wfq (weighted fair queuing) incoming packets queue1 weight1 queue2 weight2 classify outgoing packets queuen-1 weightn-1 queuen weightn transmit queue interface …… scheduler figure 3-4 wfq di...
Page 1311
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-5 the bandwidth-occupying proportion for each traffic is: (priority + 1)/total quota of bandwidth, i.E. Bandwidth available for each traffic: 1/15, 2/15, 3/15, 4/15, 5/15. Because wfq can balance ...
Page 1312
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-6 or video into high-priority queue and send it first, thus minimizing delay and jitter and ensuring the quality of audio or video service which is sensitive to delay. Packets sent from this inter...
Page 1313
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-7 table 3-1 congestion management technologies type queue no. Advantages disadvantages fifo 1 z no need for configuration, easy to use z easy operation, low delay z all packets are treated equally...
Page 1314
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-8 type queue no. Advantages disadvantages wfq configur able z easily configured z capable of ensuring the bandwidth-occupying for data sources (e.G. Tcp packets sending) used for interactive purpo...
Page 1315
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-9 3.2 configuring fifo queue fifo queue configuration includes: z configure the length of fifo queue 3.2.1 configuring fifo queue length fifo is the queue scheduling mechanism for interface by def...
Page 1316
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-10 table 3-3 priority-list configuration based on network layer protocol operation command configure priority-list according to network layer protocol qos pql pql-index protocol protocol-name queu...
Page 1317
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-11 the default value for default queue is normal. Iv. Configuring the length of queue configure the length of each queue (i.E. The capability of queue). Perform the following configuration in syst...
Page 1318
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-12 caution: except for interfaces encapsulated with x.25 or lapb, all physical interfaces can use pq. You can apply pq to a dialer interface. Before that, make sure the queuing configuration on it...
Page 1319
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-13 table 3-10 configure custom-list under network layer protocol operation command configure custom-list under network layer protocol qos cql cql-index protocol protocol-name queue-key key-value q...
Page 1320
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-14 iv. Configuring length of the queue designate length for a custom queue (i.E. Capacity of the queue). Perform the following configuration in system view. Table 3-13 configure the length of the ...
Page 1321
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-15 table 3-15 apply custom-list on the interface operation command apply custom-list on the interface qos cq cql cql-index cancel using cq on the interface undo qos cq not cq but fifo is employed ...
Page 1322
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-16 3.5.1 using wfq or modifying wfq parameters wfq classifies packets based on traffic. For ip networks, packets belong to the same stream if they have the same quintuple (source ip address, desti...
Page 1323
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-17 table 3-18 display the configuration and statistics of wfq on one or all interfaces operation command display the configuration and statistics information of wfq on interfaces display qos wfq i...
Page 1324
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-18 iii. Pre-defined policies the system pre-defines a policy, and specifies the pre-defined class for the policy and specifies the pre-defined behavior for the class. The policy is named default, ...
Page 1325
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-19 z mpls-exp (in the outbound direction), ip-precedence, dscp, rtp, and acl are effective for ip and mpls packets. Z fr-de, atm-clp, protocol, inbound-interface, any, and classifier are effective...
Page 1326
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-20 this command cannot be used circularly. For example, traffic classifier a defines the rules to match traffic classifier b but traffic classifier b cannot define a rule match traffic classifier ...
Page 1327
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-21 the rule will be deleted automatically when the matched interface is deleted. Vii. Defining/deleting dscp match rule dscp (differentiated services code point) is a refined field from the 6 high...
Page 1328
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-22 because the rtp queue has a higher priority than cbq, the rtp will take effect when both the rtp queue and the cbq queue based on the class matching rtp are configured. X. Defining/deleting pro...
Page 1329
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-23 xiii. Defining or deleting an fr de matching rule perform the following configuration in class view. Table 3-32 define or delete an fr de matching rule operation command define an fr de matchin...
Page 1330
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-24 table 3-34 define a traffic behavior and enter traffic behavior view. Operation command define a traffic behavior and enter traffic behavior view. Traffic behavior behavior-name delete a traffi...
Page 1331
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-25 the same traffic behavior must use the same standard to configure queue ef and queue af, either bandwidth or percentage. Ef applies to the applications that support low drop ratio, low delay, a...
Page 1332
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-26 operation command restore the default setting undo wred dscp indicates that the dscp value is used to calculate drop proportion of a packet. Ip-precedence indicates that the ip precedence value...
Page 1333
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-27 the dscp-value is in the range of 0 to 63, which can be any of the following keys: ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7,...
Page 1334
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-28 in the command, action is a behavior conducted to the packets, which includes the following types: z discard: drops the packet z remark-dscp-pass new-dscp: sets new-dscp and transmit the packet...
Page 1335
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-29 xii. Configuring/disabling lr perform the following configuration in traffic behavior view. Table 3-45 configure/disable lr operation command configure lr lr cir committed-information-rate [ cb...
Page 1336
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-30 xiv. Remarking ip precedence value perform the following configuration in traffic behavior view. Table 3-47 remark ip precedence value operation command remark ip precedence value for packets r...
Page 1337
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-31 operation command disable remarking the clp bit of atm packets. Undo remark atmclp this behavior applies only in the outbound direction of interfaces and atm pvcs. Xviii. Configuring/disabling ...
Page 1338
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-32 interfaces, virtual ethernet interfaces, and subinterfaces. Note that cbq can be configured on atm pvcs. Z lr cannot be configured in a child policy. Z committed-information-rate can be less th...
Page 1339
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-33 3.6.5 applying policy the qos apply policy command maps a policy to an interface. One policy can be applied on multiple interfaces. Perform the following configuration in interface, subinterfac...
Page 1340
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-34 z for an fr subinterface, fr traffic shaping must be disabled on its main interface. When configuring a qos policy for a main interface, consider the following: z you can configure cq, pq, wfq,...
Page 1342
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-36 caution: except for interfaces encapsulated with x.25 or lapb, all physical interfaces can use rtpq. You can apply rtpq to a dialer interface. Before that, make sure that the queuing configurat...
Page 1343
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-37 are configured, to lose effect. To resolve this problem, the token function of qos was introduced into v 2.41. This function provides a flow control mechanism at the underlying layer queuing le...
Page 1344
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-38 ii. Network diagram server (1.1.1.1/8) (1.1.1.2/8) serial2/0/0 ethernet0/0/0 quidway1 quidway2 serial1/0/0 fr/x.25/ddn ethernet ethernet ethernet0/0/0 2m 10 m pc1 pc2 figure 3-6 network diagram...
Page 1345
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-39 b and finally to router d. Qos policy is required in configuration. For the data streams with dscp domain being af11 and af21, af (assured forwarding) and minimum bandwidth 5% is defined, while...
Page 1346
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-40 [3com-behavior-af21_behav] queue af bandwidth pct 5 [3com-behavior-af21_behav] quit # define traffic behavior, configure ef and minimum bandwidth (bandwidth and delay guarantee also available)....
Page 1347
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-41 ii. Network diagram pc ftp server & www server eth0/0/0 routera routerb s2/0/0 10.1.1.1/24 s2/0/0 10.1.1.2/24 ppp eth0/0/0 figure 3-8 network diagram for cq configuration iii. Configuration pro...
Page 1348
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-42 configure voip on the routers to have voice packets forwarded from interface serial 2/0/0 on router a to router b. Use the pc attached to router b as ftp and www client and the pc attached to r...
Page 1349
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-43 [3com] acl number 3001 match-order auto [3com-acl-adv-3001] rule 0 permit tcp source any source-port eq ftp destination any [3com-acl-adv-3001] rule 1 permit tcp source any source-port eq ftp-d...
Page 1350
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-44 [3com-qospolicy-cbq] classifier http behavior http [3com-qospolicy-cbq] classifier voice behavior voice [3com-qospolicy-cbq] quit in an af queue, the ftp packets are ensured the minimum bandwid...
Page 1351
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-45 ii. Network diagram (1.1.1.2/ 24) ethernet1/0/0:1.1 .1.1/24 quidway1 quidway2 ip ethe rnet ethernet e therne t1/0/0 pc1 serial 2/ 0/0 seria l 3/0/0 pc2 (1.1.1 .3/24) server (2.2.2 .1/24) networ...
Page 1352
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-46 [3com1-behavior-childbehav] quit # configure a child policy, applying the lr behavior to the network performance monitoring class. [3com1] qos policy childpolicy [3com1-qospolicy-childpolicy] c...
Page 1353
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-47 ii. Network diagram atm network ip: 202.38.160.1 to b: 0/40 to c: 0/41 interface: atm1/0/0 ip: 202.38.160.2 to a: 0/50 to c: 0/51 interface: atm1/0/0 ip: 202.38.160.3 to a: 0/60 to b: 0/61 inte...
Page 1354
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-48 # apply policy 1 in the outbound direction of the atm pvc to router a. [3com] interface atm 1/0/0 [3com-atm1/0/0] pvc to_b 0/40 [3com-atm-pvc-atm1/0/0-0/60-to_a] qos apply policy 1 outbound 2) ...
Page 1355
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-49 1) configure a policy allowing the router to remark ip precedence to 1 for packets with atm clp bit set to 1. 2) apply the policy to the outbound direction of interface serial 0/0/0. When conge...
Page 1356
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-50 # configure qos policy poll. [routerb] traffic classifier class1 [routerb-classifier-class1] if-match atmclp [routerb-classifier-class1] traffic behavior database1 [routerb-behavior-database] r...
Page 1357
3com router 3000 ethernet family configuration guide chapter 3 congestion management 3com corporation 3-51 policy: pol1 classifier: default-class matched : 10/890 (packets/bytes) rule(s) : if-match any behavior: be -none- classifier: class1 matched : 20/1840 (packets/bytes) operator: and rule(s) : i...
Page 1358
3com router 3000 ethernet family configuration guide chapter 4 congestion avoidance 3com corporation 4-1 chapter 4 congestion avoidance 4.1 introduction to congestion avoidance excessive congestion can endanger network resources greatly, so some avoidance measures must be taken. The congestion avoid...
Page 1359
3com router 3000 ethernet family configuration guide chapter 4 congestion avoidance 3com corporation 4-2 random number is larger than the latter, the packet will be dropped. The longer the length of queue, the higher the dropping probability is, but a maximum dropping probability will remain. Unlike...
Page 1360
3com router 3000 ethernet family configuration guide chapter 4 congestion avoidance 3com corporation 4-3 incoming packets queue1 weight1 queue2 weight2 classify outgoing packets queuen-1 weightn-1 queuen weightn transmit queue interface …… scheduler …… wred drop discarded packets figure 4-1 relation...
Page 1361
3com router 3000 ethernet family configuration guide chapter 4 congestion avoidance 3com corporation 4-4 note: make sure wfq has already been applied on the interface before enabling wred. 4.2.2 setting wred to calculate the coefficient of average queue length set wred to calculate the filter coeffi...
Page 1362
3com router 3000 ethernet family configuration guide chapter 4 congestion avoidance 3com corporation 4-5 4.2.4 setting the parameters of a wred dscp when an interface is configured with wred, you can set the lower limit, upper limit, and drop probability denominator of a wred dscp. Perform the follo...
Page 1363
3com router 3000 ethernet family configuration guide chapter 5 protocol packet priority configuration 3com corporation 5-1 chapter 5 protocol packet priority configuration 5.1 introduction to ip packet priority protocol packets carry their priorities themselves. You can however assign them new prior...
Page 1364
3com router 3000 ethernet family configuration guide chapter 5 protocol packet priority configuration 3com corporation 5-2 z expedited forwarding (ef) that does not consider whether the link is shared by other traffic streams. It is suitable for priority services requiring low latency, low loss rati...
Page 1365
3com router 3000 ethernet family configuration guide chapter 5 protocol packet priority configuration 3com corporation 5-3 keyword dscp value (binary) dscp value (decimal) default (be) 000000 0 the following table gives the drop precedence values for af classes. Table 5-3 drop precedence values for ...
Page 1366
3com router 3000 ethernet family configuration guide chapter 5 protocol packet priority configuration 3com corporation 5-4 operation command restore the default undo protocol-priority protocol-type protocol-type caution: currently, you can only change priorities of six types of protocol packets: osp...
Page 1367: Chapter 6 Mpls Qos
3com router 3000 ethernet family configuration guide chapter 6 mpls qos 3com corporation 6-1 chapter 6 mpls qos 6.1 mpls qos overview the qos solution for mpls mainly completes the following functions: classify the service traffic on ce or pe according to specific needs, for example, into three type...
Page 1368
3com router 3000 ethernet family configuration guide chapter 6 mpls qos 3com corporation 6-2 6.2.1 configuring mpls pq complete these two steps to configure mpls pq: first, configure priority list according to mpls exp. Second, apply the priority list on the interface. For more information, refer to...
Page 1369
3com router 3000 ethernet family configuration guide chapter 6 mpls qos 3com corporation 6-3 i. Configuring custom-list according to mpls exp configure custom-list according to mpls exp and enable packets to enter different queues. Perform the following configurations in system view. Table 6-3 confi...
Page 1371
3com router 3000 ethernet family configuration guide chapter 6 mpls qos 3com corporation 6-5 iii. Configuring policy firstly you should define a policy with a certain policy name and then enter the policy view to specify the behavior for the class defined. Perform the following configurations in the...
Page 1372
3com router 3000 ethernet family configuration guide chapter 6 mpls qos 3com corporation 6-6 perform the following configurations in interface view. Table 6-12 apply tp policy on the interface and label mpls packets operation command apply tp policy on the interface and label mpls packets qos car in...
Page 1373
3com router 3000 ethernet family configuration guide chapter 6 mpls qos 3com corporation 6-7 z on the router p, identify streams according to their exp domain value and configure stream-specific cbqs: exp1 streams with 10% bandwidth, exp2 streams with 20% bandwidth, exp3 streams with 30% bandwidth a...
Page 1374
3com router 3000 ethernet family configuration guide chapter 6 mpls qos 3com corporation 6-8 [pe1-classifier-efclass] quit # define four traffic behaviors and configure exp domain value for their mpls packets. [pe1] traffic behavior exp1 [pe1-behavior-exp1] remark mpls-exp 1 [pe1-behavior-exp1] traf...
Page 1375
3com router 3000 ethernet family configuration guide chapter 6 mpls qos 3com corporation 6-9 [p-behavior-af21] traffic behavior af31 [p-behavior-af31] queue af bandwidth pct 30 [p-behavior-af31] traffic behavior ef [p-behavior-ef] queue ef bandwidth pct 40 [p-behavior-ef] quit # define a qos policy ...
Page 1376: Reliability
3com router 3000 ethernet family configuration guide 3com corporation i reliability.
Page 1377: Table of Contents
3com router 3000 ethernet family configuration guide table of contents 3com corporation i table of contents chapter 1 reliability overview ..................................................................................................... 1-1 1.1 introduction to reliability...........................
Page 1378
3com router 3000 ethernet family configuration guide chapter 1 reliability overview 3com corporation 1-1 chapter 1 reliability overview 1.1 introduction to reliability during communication, any software or hardware error, network device or line fault for example, may disrupt the connection, causing ...
Page 1379
3com router 3000 ethernet family configuration guide chapter 2 backup center configurations 3com corporation 2-1 chapter 2 backup center configurations 2.1 introduction to backup center to enhance network reliability, v 2.41 provides sound backup functions using the backup center. Z interfaces that ...
Page 1380
3com router 3000 ethernet family configuration guide chapter 2 backup center configurations 3com corporation 2-2 z configuring the warmup timer z configuring backup load sharing z setting backup bandwidth of the main interface z configuring flow check interval 2.2.1 entering the view of a main inter...
Page 1381
3com router 3000 ethernet family configuration guide chapter 2 backup center configurations 3com corporation 2-3 table 2-3 create a logical channel operation command create a logical channel (in system view) interface logic-channel logic-channel-number associate the created logical channel interface...
Page 1382
3com router 3000 ethernet family configuration guide chapter 2 backup center configurations 3com corporation 2-4 2.2.5 configuring the warmup timer normally, when a router enabled with dial-up backup reboots, it may bring up the backup dial-up link if the negotiation of the main link is too slow; af...
Page 1383
3com router 3000 ethernet family configuration guide chapter 2 backup center configurations 3com corporation 2-5 table 2-7 set backup bandwidth of the main interface operation command set backup bandwidth of the main interface. Standby bandwidth number restore the default backup bandwidth of the mai...
Page 1384
3com router 3000 ethernet family configuration guide chapter 2 backup center configurations 3com corporation 2-6 operation command display the interface state and backup state of the main and backup interfaces, and the priority, backup state flag and backup load state of the backup interfaces. Displ...
Page 1385
3com router 3000 ethernet family configuration guide chapter 2 backup center configurations 3com corporation 2-7 2.4.3 configuring dial-up backup to the adsl i. Network requirements connect router a to the internet through an adsl link and back up the link with a common dial-up link, allowing the ro...
Page 1386
3com router 3000 ethernet family configuration guide chapter 2 backup center configurations 3com corporation 2-8 [3com-analogmodem 1/0/0] dialer enable-circular [3com-analogmodem 1/0/0] dialer-group 1 [3com-analogmodem 1/0/0] dialer number 163 [3com-analogmodem 1/0/0] quit # configure static routing...
Page 1387
3com router 3000 ethernet family configuration guide chapter 3 vrrp configurations 3com corporation 3-1 chapter 3 vrrp configurations 3.1 introduction to vrrp virtual router redundancy protocol (vrrp) is a fault-tolerant protocol. Normally, you can configure a default route for the hosts on a networ...
Page 1388
3com router 3000 ethernet family configuration guide chapter 3 vrrp configurations 3com corporation 3-2 virtual ip address 10.100.10.1 network host 1 host 3 host 2 10.100.10.2 10.100.10.3 master backup lan 1 router a router b ethernet 10.100.10.1 10.100.10.1 10.100.10.1 virtual ip address 10.100.10....
Page 1389
3com router 3000 ethernet family configuration guide chapter 3 vrrp configurations 3com corporation 3-3 3.2.1 enabling/disabling virtual ip address pinging according to vrrp, users cannot ping the virtual ip addresses of standby groups and as such, cannot determine whether an ip address is assigned ...
Page 1390
3com router 3000 ethernet family configuration guide chapter 3 vrrp configurations 3com corporation 3-4 note: z for the router, an interface can be assigned to 64 standby groups, each containing up to 16 virtual ip addresses. When more than 14 vrrp standby groups are present, you must enable promisc...
Page 1391
3com router 3000 ethernet family configuration guide chapter 3 vrrp configurations 3com corporation 3-5 3.2.4 configuring preemption mode and preemption delay in non-preemption mode, once a router in the standby group becomes the master and operates well, other routers, even assigned higher priority...
Page 1392
3com router 3000 ethernet family configuration guide chapter 3 vrrp configurations 3com corporation 3-6 router sends a vrrp packet, it fills the authentication key into the vrrp packet. When the router receives a vrrp packet, it compares the authentication key in the packet with the one that it reta...
Page 1393
3com router 3000 ethernet family configuration guide chapter 3 vrrp configurations 3com corporation 3-7 table 3-6 configure the adver_timer of vrrp operation command configure the adver_timer of vrrp. Vrrp vrid virtual-router-id timer advertise adver-interval restore the default. Undo vrrp vrid virt...
Page 1394
3com router 3000 ethernet family configuration guide chapter 3 vrrp configurations 3com corporation 3-8 z on a pppoe or pppoa client, a dialer interface goes down when no session is present between the server and its client and goes up when pppoe or pppoa creates a session. Note: you cannot configur...
Page 1395
3com router 3000 ethernet family configuration guide chapter 3 vrrp configurations 3com corporation 3-9 3.4 vrrp configuration example 3.4.1 configuring a single vrrp standby group i. Network requirements host a uses the vrrp standby group formed by router a and router b as its default gateway for a...
Page 1396
3com router 3000 ethernet family configuration guide chapter 3 vrrp configurations 3com corporation 3-10 in normal circumstances, router a functions as the gateway. When it is shut down or fails, router b takes over. The preemption mode however allows router a to become the master again after it rec...
Page 1397
3com router 3000 ethernet family configuration guide chapter 3 vrrp configurations 3com corporation 3-11 in normal circumstances, router a functions as the gateway. When interface serial 2/0/0 on router a becomes unavailable, the priority of router a is reduced by 30, lower than that of router b. Ro...
Page 1398
3com router 3000 ethernet family configuration guide chapter 3 vrrp configurations 3com corporation 3-12 3.5 vrrp troubleshooting the configuration of vrrp is simple. You can locate most of the problems by checking the output of the display command and the debugging command. The following present so...
Page 1399: Dial-Up
3com router 3000 ethernet family configuration guide 3com corporation i dial-up.
Page 1400: Table of Contents
3com router 3000 ethernet family configuration guide table of contents 3com corporation i table of contents chapter 1 dcc configuration ...................................................................................................... 1-1 1.1 overview ...............................................
Page 1401
3com router 3000 ethernet family configuration guide table of contents 3com corporation ii 2.3.3 dynamic routing standby configuration example iii ............................................. 2-9 2.3.4 dynamic routing standby configuration example iv........................................... 2-12 ...
Page 1402
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-1 chapter 1 dcc configuration 1.1 overview 1.1.1 introduction to dcc i. Dcc dial control center (dcc) is a routing technology for routers interconnected through a public switched network: public switc...
Page 1403
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-2 flexibly select either method as needed. In other words, one end can adopt c-dcc while the other end adopts rs-dcc to originate a call. I. C-dcc 1) c-dcc is powerful and popular while relatively lac...
Page 1404
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-3 interfaces. In addition, a physical interface does not necessarily belong to any dialer interface, and can directly route to one or multiple destination addresses. As shown above, physical interface...
Page 1405
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-4 as shown in figure 1-2, a physical interface can belong to multiple dialer bundles and serves for them, but each dialer interface can only associate with one destination address. Only one dialer bun...
Page 1406
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-5 the client and server own fixed network addresses, or that the client accepts the dynamic network address. 1.1.4 preparation for dcc configuration i. Determining the topology of dcc application z de...
Page 1407
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-6 z configure special dcc functions z configure attributes of dcc dial interface z configure traffic statistic interval z clear a dial-up link z configure dialer-route logical interfaces for backup z ...
Page 1408
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-7 ii. Configuring link layer and network and routing protocols on the interface execute the link-protocol command and ip address command in the dial interface view and perform other configurations in ...
Page 1409
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-8 to enable dcc to originate a call normally, the user must configure a dcc dialer acl and associate the corresponding interface (physical or dialer interface) to the dialer acl through the dialer-gro...
Page 1410
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-9 1.2.2 configuring c-dcc if c-dcc is used, each physical interface can either be directly configured with the dcc parameters, or bound to a dialer interface to inherit the dcc parameters through a di...
Page 1411
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-10 remote end (the picture components of inverse color represent the routers irrelevant with the networking): local end (single interface) if0 if1 remote end (single interface) figure 1-3 an interface...
Page 1412
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-11 local end (single interface) remote end a (single interface) router if0 if1 router local end (single interface) remote end a (single interface) router if0 if1 router figure 1-4 an interface receivi...
Page 1413
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-12 as shown in the above figure, a single local interface interface0 (if0) originates dcc calls to the remote interfaces if1 and if2. Since calls are originated to multiple remote ends, the user must ...
Page 1414
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-13 dialer circular group can be used to configure dcc. The user can select to configure either pap or chap authentication. Use local-user in system view and password in local user view to configure th...
Page 1415
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-14 dialer circular group for its own b channels. At the same time, they can be the physical interfaces in other dialer circular groups. Use the interface dialer command to create a dialer interface in...
Page 1416
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-15 local end (multiple interface) remote end b single/multiple interface(s) remote end a single/multiple interface(s) remote end c single/multiple interface(s) if0 if1 if2 if1 if2 if3 if4 router route...
Page 1417
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-16 z each dialer interface can use only one dialer bundle, which contains multiple physical interfaces of different priorities. However, each physical interface can be used by different dialer bundles...
Page 1418
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-17 when rs-dcc applies, you must configure authentication (including the dialer user and ppp authentication configuration tasks) on both dialer interfaces and their physical interface. That is because...
Page 1419
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-18 table 1-11 configure a dialer interface and dialer number operation command create a dialer interface, and enter the dialer interface view interface dialer number delete the existing configuration ...
Page 1420
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-19 table 1-13 configure multiple interfaces to receive calls from multiple remote ends operation command configure the remote user name dialer user username delete the remote user name undo dialer use...
Page 1421
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-20 exceeds the defined traffic threshold, the system brings up the third link, and assigns it to the mp bundle, so on and so forth. This ensures appropriate traffic distribution for dcc links. Z on th...
Page 1422
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-21 note: z the dialer threshold command takes effect only on dial mp links. It does not take effect on non-dial mp links and dial links with mp disabled. Z you need to configure the dialer threshold c...
Page 1423
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-22 when the three commands, ppp mp min-bind, dialer threshold, and ppp mp max-bind, are configured, the router performs mp bundling as follows: 1) bring up a minimum number of links depending on the s...
Page 1425
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-24 table 1-17 implement ppp callback (server configuration) in c-dcc operation command set the link layer protocol of the interface to ppp link-protocol ppp configure an authentication mode ppp authen...
Page 1426
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-25 ii. Configuring ppp callback in the rs-dcc implementation 1) configure the ppp callback client in the rs-dcc implementation as a callback client, a router can originate calls to the remote end (whi...
Page 1427
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-26 table 1-19 implement ppp callback (server configuration) in rs-dcc operation command configure a callback ppp user local-user username configure the callback number of the ppp user service-type ppp...
Page 1428
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-27 1.2.6 configuring isdn caller identification callback in an isdn environment, implementing dcc callback through the isdn caller identification function requires no authentication, nor are there oth...
Page 1429
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-28 2) implement the isdn caller identification callback server in the c-dcc perform the following configuration in dial interface (physical or dialer interface) view. Table 1-22 implement isdn caller ...
Page 1430
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-29 table 1-24 implement isdn caller identification callback (server configuration) in rs-dcc operation command configure the local end to implement isdn callback according to the isdn caller identific...
Page 1431
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-30 ii. Specifying a physical interface for placing/receiving calls when multiple physical interfaces are assigned to a dialer interface and their dial-up links are connected to different isdn switches...
Page 1432
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-31 ii. Configuring auto-dial this function can only be used with c-dcc. With a c-dcc, after the router is started, the dcc will automatically attempt to dial the remote end of the connection without r...
Page 1433
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-32 dcc dial interface attributes configuration overs the process to: z configure the link idle time z configure the link disconnection time before initiating the next call z configure the link idle ti...
Page 1434
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-33 by default, the link disconnection time is 5 seconds. Iii. Configuring the link idle time upon interface competition if all the channels are unavailable when dcc originates a new call, a condition ...
Page 1435
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-34 v. Configuring the buffer queue length of the dialer before a dialer buffer queue is established, a packet received from the dial interface will be discarded if the connection is not established ye...
Page 1436
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-35 1.2.11 clearing dial-up links execute the following command in any view. Table 1-37 clear a dial-up link operation command clear a dial-up link or the session link on the specified interface at the...
Page 1437
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-36 ii. Network diagram modem modem modem pstn modem isdn 8810048 8810049 8810052 8810063 8810148 8810152 8810163 routerb serial0/0/0 serial0/0/0 bri0/0/0 bri0/0/0 bri0/0/0 nt1 nt 1 nt 1 routerc router...
Page 1438
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-37 [3com-serial1/0/0] async mode protocol [3com-serial1/0/0] dialer circular-group 0 # configure user-interface to enable dial-up mode. [3com-serial1/0/0] user-interface tty1 [3com-ui-tty1] modem [3co...
Page 1439
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-38 [3com-ui-tty1] modem solution 2: resource-share dcc to setup a connection via the serial interface and configure dcc parameters on dialer interface. 1) configure routera # configure dial-up acl, th...
Page 1440
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-39 # configure the asynchronous protocol mode of serial0/0/0, ppp authentication information and the dialer bundle to which the interface belongs. [3com-dialer1] interface serial 0/0/0 [3com-serial0/0...
Page 1441
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-40 # configure the users that are allowed to dial-up dialer0 interface, ppp authentication information and the dcc to the remote end. [3com-dialer0] dialer-group 2 [3com-dialer0] ppp authentication-mo...
Page 1442
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-41 [3com-serial0/0/0] physical-mode async [3com-serial0/0/0] async mode protocol [3com-serial0/0/0] dialer bundle-member 1 [3com-serial0/0/0] link-protocol ppp [3com-serial0/0/0] ppp authentication-mo...
Page 1443
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-42 [3com-bri0/0/0] dialer route ip 100.1.1.1 8810048 solution 4: resource-share dcc to setup a connection via isdn bri or pri, and configure dcc parameters on dialer interface. 1) configure routera # ...
Page 1444
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-43 # configure bri0/0/0 ppp authentication information and the dialer bundle to which the interface belongs. [3com-dialer1] interface bri 0/0/0 [3com-bri0/0/0] undo dialer enable-circular [3com-bri0/0...
Page 1445
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-44 [3com-luser-usera] password simple usera [3com-luser-usera] service-type ppp [3com-luser-usera] quit # configure dialer0 interface address and enable rs-dcc. [3com] interface dialer 0 [3com-dialer0...
Page 1446
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-45 ii. Network diagram isdn 8810152 8810148 pri0/0/0 bri0/0/0 bri1/0/0 8810149 router a router b nt1 nt1 figure 1-11 network for the dcc application providing mp binding iii. Configuration procedure 1...
Page 1447
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-46 # configure bri1/0/0 ppp authentication information and the dialer bundle to which the interface belongs. [3com-bri0/0/0] interface bri 1/0/0 [3com-bri1/0/0] undo dialer enable-circular [3com-bri1/...
Page 1448
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-47 [3com-serial0/0/0:15] ppp pap local-user userb password simple userb 1.4.3 dcc application using isdn bri interface to dial and providing leased line i. Network requirements to implement c-dcc, use...
Page 1449
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-48 [3com-bri1/0/0] dialer-group 2 [3com-bri1/0/0] dialer route ip 100.1.1.1 8810148 3) configure routerc [3com] dialer-rule 1 ip permit [3com] interface bri 0/0/0 [3com-bri0/0/0] ip address 100.1.1.3 ...
Page 1450
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-49 [3com] interface serial 0/0/0 [3com-serial0/0/0] ip address 100.1.1.1 255.255.255.0 [3com-serial0/0/0] physical-mode async [3com-serial0/0/0] dialer enable-circular [3com-serial0/0/0] dialer-group ...
Page 1451
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-50 [3com-serial0/0/0] ppp pap local-user usera password simple usera [3com-serial0/0/0] ppp callback client [3com-serial0/0/0] user-interface tty1 [3com-ui-tty1] modem 2) configure routerb [3com] dial...
Page 1452
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-51 1.4.5 router-to-pc callback for dcc i. Network requirements a router and a pc realize ppp callback via the serial interfaces over pstn. As shown in the following figure, the pc and routera are inte...
Page 1453
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-52 [3com-serial0/0/0] physical-mode async [3com-serial0/0/0] modem [3com-serial0/0/0] dialer enable-circular [3com-serial0/0/0] dialer-group 1 [3com-serial0/0/0] dialer route ip 100.1.1.2 user userpc ...
Page 1454
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-53 2) configure nt server configure the modem connected to the pc to be in “auto answer mode”, open [start/programs/accessories/communications/dialup network], click [set up new connection] in the [di...
Page 1455
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-54 ii. Network diagram modem modem modem modem modem 8810148 use isdn pri interface as access server as access server 8810 048 8810054 8810053 8810051 8810050 8810049 modem modem modem pstn isdn modem...
Page 1456
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-55 [3com-serial0/0/0] ppp pap local-user user1 password simple user1 [3com-serial0/0/0] user-interface tty1 [3com-ui-tty1] modem 2) configure routerb [3com] dialer-rule 2 ip permit [3com] local-user u...
Page 1457
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-56 [3com-ui-tty2] modem …… [3com-ui-tty7] user-interface tty8 [3com-ui-tty8] modem [3com-ui-tty8] quit [3com] domain system [3com-isp-system] ip pool 1 100.1.1.1 100.1.1.16 [3com-isp-system] quit 3) c...
Page 1458
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-57 [3com-luser-user1] password simple user1 [3com-luser-user1] service-type ppp [3com-luser-user1] quit [3com] local-user user2 [3com-luser-user2] password simple user2 [3com-luser-user2] service-type...
Page 1459
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-58 ii. Network diagram pstn 8810060 router a router b modem modem serial1/0/0 serial0/0/0 serial0/0/0 serial1/0/0 8810059 figure 1-17 network for the dcc application providing logic interface standby ...
Page 1460
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-59 solution 2: adopt c-dcc and use the logical interface configured through the dialer route command as the main interface. 1) configure routera [3com] dialer-rule 1 ip permit [3com] interface serial ...
Page 1461
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-60 0/0/0 and pri 1/0/0 are associated with telephone numbers 881050 and 8810151 respectively. Ii. Network diagram 8810150 router a router b isdn bri0/0/0 bri0/0/0 nt1 pri1/0/0 pri1/0/0 8810151 7300340...
Page 1462
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-61 # configure a dialer acl. System [routerb] dialer-rule 1 ip permit # set the operating mode of the e1 interface to pri. [routerb] controller e1 1/0/0 [routerb-e1 1/0/0] pri-set [routerb-e1 1/0/0] q...
Page 1463
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-62 troubleshooting: z check whether the same link protocol is configured on the local and remote ends, and whether the configured ppp authentication parameters are correct. Use the debugging ppp all c...
Page 1464
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-63 table 1-39 debugging messages, possible reasons and solutions debugging message possible reason solution dcc: receive call_disc_ind z the physical connection between the local and remote ends is br...
Page 1465
3com router 3000 ethernet family configuration guide chapter 1 dcc configuration 3com corporation 1-64 debugging message possible reason solution dcc: peeraddr matching error on interface ***, shutdown link the local dialer route does not contain the remote network address. Add the dialer route corr...
Page 1466
3com router 3000 ethernet family configuration guide chapter 2 dynamic routing standby 3com corporation 2-1 chapter 2 dynamic routing standby 2.1 introduction to dynamic routing standby dynamic routing standby provides routing-based dial backup. It uses legacy dcc, including both c-dcc and rs-dcc, t...
Page 1467
3com router 3000 ethernet family configuration guide chapter 2 dynamic routing standby 3com corporation 2-2 the secondary link. If the route goes down before the timer expires, it does not disconnect the secondary link. 2.2 dynamic routing standby configuration dynamic routing standby configuration ...
Page 1468
3com router 3000 ethernet family configuration guide chapter 2 dynamic routing standby 3com corporation 2-3 note: the ip address configured in the standby routing-rule command is used for dialer route lookup. You must make sure that this ip address is the one configured in the corresponding dialer r...
Page 1469
3com router 3000 ethernet family configuration guide chapter 2 dynamic routing standby 3com corporation 2-4 iii. Configuring secondary link disconnection delay you may configure a delay for dynamic routing standby to disconnect the secondary link after the primary link goes up. Perform the following...
Page 1470
3com router 3000 ethernet family configuration guide chapter 2 dynamic routing standby 3com corporation 2-5 # configure a dialer acl. [3com] dialer-rule 1 ip permit # configure dial parameters on the bri 0/0/0 interface. [3com] interface bri 0/0/0 [3com-bri0/0/0] ip address 20.0.0.1 255.0.0.0 [3com-...
Page 1471
3com router 3000 ethernet family configuration guide chapter 2 dynamic routing standby 3com corporation 2-6 [3com] x25 switch svc 10 interface serial 1/0/0 3) configure routerc # configure a dialer acl. [3com] dialer-rule 1 ip permit # configure dial parameters on the bri 0/0/0 interface. [3com] int...
Page 1472
3com router 3000 ethernet family configuration guide chapter 2 dynamic routing standby 3com corporation 2-7 ii. Network diagram routera routerb isdn s1/0/0:10.0.0.1 s1/0/0:10.0.0.2 bri0/0/0:20.0.0.1 bri0/0/0:20.0.0.2 loopback0:40.0.0.1 figure 2-2 network diagram for dynamic routing standby iii. Conf...
Page 1473
3com router 3000 ethernet family configuration guide chapter 2 dynamic routing standby 3com corporation 2-8 [3com-bri0/0/0] standby routing-group 1 2) configure routerb # configure a dialer acl. [3com] dialer-rule 1 ip permit # configure dial parameters on the bri 0/0/0 interface. [3com] interface b...
Page 1474
3com router 3000 ethernet family configuration guide chapter 2 dynamic routing standby 3com corporation 2-9 [3com-loopback0] ip address 40.0.0.1 255.0.0.0 # enable ospf. [3com] ospf [3com-ospf-1] area 0 [3com-ospf-1-area-0.0.0.0] network 10.0.0.0 0.0.0.255 [3com-ospf-1-area-0.0.0.0] network 20.0.0.0...
Page 1475
3com router 3000 ethernet family configuration guide chapter 2 dynamic routing standby 3com corporation 2-10 [3com] standby routing-rule 1 ip 30.0.0.1 255.0.0.0 # configure rs-dcc and mp on the dialer 0 interface. [3com] interface dialer0 [3com-dialer0] link-protocol ppp [3com-dialer0] ppp mp [3com-...
Page 1476
3com router 3000 ethernet family configuration guide chapter 2 dynamic routing standby 3com corporation 2-11 [3com-luser-userb] password simple usera [3com-luser-userb] service-type ppp [3com-luser-userb] quit # configure rs-dcc and mp on the dialer 0 interface. [3com] interface dialer0 [3com-dialer...
Page 1477
3com router 3000 ethernet family configuration guide chapter 2 dynamic routing standby 3com corporation 2-12 2.3.4 dynamic routing standby configuration example iv i. Network requirements router a and router b are connected through a frame relay network. At the same time, they are connected through ...
Page 1478
3com router 3000 ethernet family configuration guide chapter 2 dynamic routing standby 3com corporation 2-13 [routera-serial0/0/0] link-protocol fr [routera-serial0/0/0] fr interface-type dte [routera-serial0/0/0] fr inarp [routera-serial0/0/0] fr map ip 1.0.0.2 100 [routera-serial0/0/0] quit # conf...
Page 1479
3com router 3000 ethernet family configuration guide chapter 2 dynamic routing standby 3com corporation 2-14 [routerb] interface serial1/0/0:15 [routerb-serial1/0/0:15] ip address 2.0.0.2 255.0.0.0 [routerb-serial1/0/0:15] dialer enable-circular [routerb-serial1/0/0:15] dialer-group 1 [routera-seria...
Page 1480
3com router 3000 ethernet family configuration guide chapter 3 modem configuration 3com corporation 3-1 chapter 3 modem configuration 3.1 overview of modem 3.1.1 modem functions provided by v 2.41 modem is a network device that is widely used. It is important for a router to properly manage and cont...
Page 1481
3com router 3000 ethernet family configuration guide chapter 3 modem configuration 3com corporation 3-2 modem, the routers can negotiate the protocol to be encapsulated with the physical link and its operating parameters. Ii. Syntax description of modem script the modem script format in common use i...
Page 1482
3com router 3000 ethernet family configuration guide chapter 3 modem configuration 3com corporation 3-3 execution will be terminated. Regardless of where the abort receive-string is placed, it will take effect in the whole script execution process. Z escape characters can be inserted in a script for...
Page 1483
3com router 3000 ethernet family configuration guide chapter 3 modem configuration 3com corporation 3-4 z execute the modem script manually z specify the events triggering the modem script z configure the modem-related operation mode for the asynchronous interface z configure modem answer mode z con...
Page 1484
3com router 3000 ethernet family configuration guide chapter 3 modem configuration 3com corporation 3-5 3.2.3 executing a modem script manually when necessary, you can use the start-script command to execute the designated modem script to manage the external modem connected to the interface. Perform...
Page 1485
3com router 3000 ethernet family configuration guide chapter 3 modem configuration 3com corporation 3-6 table 3-7 configure the answer mode for the modem operation command configure the modem to work in auto-answer mode modem auto-answer configure the modem to work in non-auto answer mode undo modem...
Page 1486
3com router 3000 ethernet family configuration guide chapter 3 modem configuration 3com corporation 3-7 2) network diagram pc pstn router modem pc pstn router modem figure 3-1 network of the configuration for the router to manage the modem 3) configuration procedure # set interface serial0/0/0 to as...
Page 1487
3com router 3000 ethernet family configuration guide chapter 3 modem configuration 3com corporation 3-8 [3com-ui-tty1] script trigger init init 3.4.3 dialing directly with the script i. Configuration requirement configure a modem script to dial directly. Ii. Configuration procedure [3com] script-str...
Page 1488: Acronyms & Terminology
3com router 3000 ethernet family configuration guide 3com corporation i acronyms & terminology.
Page 1489: Appendix A Acronyms
3com router 3000 ethernet family configuration guide appendix a acronyms 3com corporation a-1 appendix a acronyms a b c d e f g h i j k l m n o p q r s t u v w x y z a aaa authentication, authorization and accounting aal atm adaption layer abr area border router ack acknowledgement, acknowledgment a...
Page 1490
3com router 3000 ethernet family configuration guide appendix a acronyms 3com corporation a-2 avp attribute value pair b bdr backup designated router be best-effort becn backward explicit congestion notification bgp border gateway protocol bootp bootstrap protocol bri basic rate interface bsr bootst...
Page 1491
3com router 3000 ethernet family configuration guide appendix a acronyms 3com corporation a-3 csma carrier sense multiple access csnp complete sequence numbers protocol data unit d dcc dial control center dcd data carrier detection dce data circuit-terminating equipment ddn digital data network de d...
Page 1492
3com router 3000 ethernet family configuration guide appendix a acronyms 3com corporation a-4 ebgp external bgp ebs excess burst size ef expedited-forwarding egp exterior gateway protocol eia electronic industries association es end system esf extended super frame esp encapsulating security payload ...
Page 1493
3com router 3000 ethernet family configuration guide appendix a acronyms 3com corporation a-5 htc highest two-way channel http hypertext transfer protocol hwcm 3com configuration management i iab internet architecture board iana internet assigned numbers authority ibgp internal bgp ibm international...
Page 1494
3com router 3000 ethernet family configuration guide appendix a acronyms 3com corporation a-6 iso the international organization for standardization isp internet service provider itu-t international telecommunication union telecommunications standardization sector l l2f layer two forwarding protocol...
Page 1495
3com router 3000 ethernet family configuration guide appendix a acronyms 3com corporation a-7 m mac media access control mbgp multiprotocol extensions for bgp-4 (bgp-4+) mcir minimum committed information rate md5 message-digest algorithm 5 med multi-exit discriminators mfr multilink frame relay mib...
Page 1496
3com router 3000 ethernet family configuration guide appendix a acronyms 3com corporation a-8 nrzi nonreturn-to-zero inverted nsap network service access point n-sel nsap selector nssa not-so-stubby area nt1 network terminal 1 nt2 network terminal 2 ntp network time protocol ntt nippon telegraph and...
Page 1497
3com router 3000 ethernet family configuration guide appendix a acronyms 3com corporation a-9 pppoa ppp over aal5 pppoe point-to-point protocol over ethernet pppoeoa pppoe on aal5 pptp point-to-point tunneling protocol ppvpn provider-provisioned virtual private network pq priority queueing pri prima...
Page 1498
3com router 3000 ethernet family configuration guide appendix a acronyms 3com corporation a-10 sa security association safi subsequent address family identifier sap service advertising protocol sbm successful backward setup information message sdh synchronous digital hierarchy sdlc synchronous data ...
Page 1499
3com router 3000 ethernet family configuration guide appendix a acronyms 3com corporation a-11 ted traffic engineering data tftp trivial file transfer protocol tos type of service tp traffic policing ts traffic shaping ttl time to live u ubr unspecified bit rate udp user datagram protocol uni user-n...
Page 1500
3com router 3000 ethernet family configuration guide appendix a acronyms 3com corporation a-12 wins windows internet naming service wred weighted random early detection www world wide web x xot x.25 over tcp.