- DL manuals
- 3Com
- Network Router
- Router 3012
- Configuration Manual
3Com Router 3012 Configuration Manual
Summary of Router 3012
Page 1
3com router configuration guide for v1.20 http://www.3com.Com/ part no. 10014303 published january 2004.
Page 2
1.1. Introduction 1.1.1. Scope this manual provides configuration information for new software features found in v1.20 of the 3com router operating system. Use this addendum to supplement configuration information found in the 3com router configuration guide. 1.1.2. Online resources download the rou...
Page 3
Chapter 1 configuring class-based queuing as an extension of wfq, class based queuing (cbq) provides users with class definition support. Cbq assigns individual fifo reservation queues to the classes defined by each user to buffer data of the same class. When there is network congestion, cbq matches...
Page 4
Policing upon congestion. If no congestion occurs, the priority class is permitted to use bandwidth exceeding the assigned value. In case of congestion, packets exceeding the assigned bandwidth of the priority class will be discarded. Burst size is also configurable under llq. When the system matche...
Page 5
Table 1-2 define/delete the rule matching all packets operation command define the rule matching all packets if-match [logic-not ] any delete the rule matching all packets undo if-match [logic- not ] any 2) define the class matching rule perform the following configurations in class view. Table 1-3 ...
Page 6
The matching rules of the source mac address are only meaningful for the policies in inbound direction and the interface of ethernet type. 5) define the inbound interface matching rule of a class perform the following configurations in class view. Table 1-6 define/delete the inbound interface matchi...
Page 7
Use the corresponding command to configure the value of ip precedence during the configuration; otherwise, the configuration of the if-match ip precedence command will overwrite the previous configurations. 8) define the rtp port matching rule perform the following configurations in class view. Tabl...
Page 8
Perform the following configurations in the system view. Table 1-12 define the policy and enter the policy view operation command define the policy and enter the policy view qos policy policy-name delete the specified policy undo qos policy policy-name if an interface applies this policy, this polic...
Page 9
Configured with a maximum bandwidth, the system will assign the class an individual queue, called the default queue. Theoretically, each class can be configured with bandwidth of any size, but generally, the priority classes can occupy 70% of the total bandwidth, and other ordinary classes and the d...
Page 10
3) configure the maximum queue length of the class configure maximum queue length of the class and configure the drop type as tail drop. Perform the following configurations in the policy-class view. Table 1-16 configure the maximum queue length of the class operation command configure the maximum q...
Page 11
Table 1-18 configure exponential of average queue length calculated by wred operation command configure exponential of average queue length calculated by wred wred weighting-constant exponent delete the configuration of exponential of average queue length calculated by wred undo wred weighting-const...
Page 12
The discarding mode based on wred must already have been enabled via the wred ip-precedence command. When the configuration of qos wred is deleted, the wred ip-precedence is also deleted. When the af configuration is deleted, the configuration of discarding parameters will also be deleted. 8) enable...
Page 13
If qos gts is used in the class-policy that is applied to the interface, it can only be applied to the outbound interface. When the class including ts is applied to the interface, the original qos gts command that is configured on the interface will become invalid. If this command is repeatedly exec...
Page 14
The following is the rule for a policy to be applied in interface view. A policy configured with various features (including remark, car, gts, af, ef, wfq, and wred,) apply to a common physical interface and a virtual template interface over mp. The policy configured with ts (gts), and ef, af, wfq c...
Page 15
In terms of service, service flow 1 must occupy a bandwidth of 10k, service flow 2 must occupy a bandwidth of 20k, under the premise of ensuring voice service. 10.1.1.1/24 e0 1.1.1.2/24 e0 1.1.4.2/24 router a router b s0 1.1.6.1 s0 1.1.6.2/24 1.1.1.1/24 pc2 pc1 pc3 pc4 tel ephone tel ephone e1 10.1....
Page 16
[routera-qosclass-voip] if-match rtp start-port 16384 end-port 32767 [routera-qosclass-voip] quit 5 configure cbq policy: [routera] qos policy 1 6 configure the bandwidth of service 1 to be 10k: [routera-qospolicy-1]qos-class 1 [routera-qospolicy-c-1 1] af bandwidth 10 [routera-qospolicy-c-1 1] quit...
Page 17
Chapter 2 configuring tacacs+ tacacs+ is facilitated with aaa to control ppp, vpdn, and login access to routers. Cisco acs is the only application software that is supported. Compared to radius, tacacs+ features more reliable transmission and encryption, and is more suitable for security control. Th...
Page 18
2.2 the basic message interaction flow of tacacs+ for example, use tacacs+ to implement aaa on a telnet user, and the basic message interaction flow described below is used: 1) a user requests access to the router. The router(tacacs+ client) sends the authentication start packet to the tacacs+ serve...
Page 19
User hwtacacs client hwtacacs server user logs in authentication start request packet authentication response packet, requesting for the user name request user for the user name user enters the user name authentication continuance packet carrying the user name authentication response packet, request...
Page 20
Standby/primary server switchover interval the shared key for the aaa negotiation between the router and tacacs+ server set the timeout time waiting for a tacacs+ server to make a response specify a source ip address for all the tacacs+ packets to be transmitted 2.4.1 create a tacacs+ server group b...
Page 21
Note: when this command is used without being configured with the parameter shared-key key-string for negotiation, the default key configured using the shared-key command will be used. 2.4.3 standby/primary server switchover interval if you have specified the primary and standby servers in a tacacs+...
Page 22
Caution: 1) the entered key must match the key used by the tacacs+ server. 2) all the leading spaces and ending spaces in a key string will be ignored. In addition, a key that contains spaces in the middle is not supported. 2.4.5 specify a source ip address for the tacacs+ packets to be transmitted ...
Page 23
2.5 displaying and debugging tacacs+ execute the following commands in all views. Table 2-7 display and debug aaa and radius operation command display all the accounting details. Display hwtacacs accounting [ verbose ] display all the router-tacacs+ interaction details. Display hwtacacs server [ ver...
Page 24
2 configure “mykey” as the shared key for the aaa negotiation with the tacacs+ server. [3com-hwtacacs-tactemplate1]shared-key mykey [3com-hwtacacs-tactemplate1] quit 3 enable aaa. [3com]aaa-enable 4 implement authentication on telnet login users. [3com]login telnet [3com]aaa authentication-scheme lo...
Page 25
[3com-serial0] quit 12 assign an ip address to the interface ethernet0. [3com]interface ethernet 0 [3com-ethernet0]ip address 10.110.1.10 255.255.0.0 13 assign an ip address to ethernet1. [3com-ethernet0]interface ethernet 1 [3com-ethernet0]ip address 192.10.1.1 255.255.255.0 [3com-ethernet0]return ...
Page 26
[3com-hwtacacs-tactemplate1] shared-key mykey [3com-hwtacacs-tactemplate1] quit 5 configure the ip address, authentication port, and accounting port on the radius server. [3com]radius server 10.110.1.2 6 configure the key, retransmission times, and the timeout time for the radius server. [3com] radi...
Page 27
13 apply the default scheme for accounting on telnet login users. [3com]login-method accounting-mode login telnet default 14 enable accounting on serial0, and configure and apply the default accounting scheme. [3com] aaa accounting-scheme ppp default radius template tactemplate1 [3com]interface seri...
Page 28
Chapter 3 configuring ssh terminal service secure shell (ssh) is a feature that provides information about security and powerful authentication functions, which can protect a router from the attacks such as ip address spoofing and plain text password. This is especially evident for remote users who ...
Page 29
To set up a secure and authenticated ssh connection, the server and client must go through the communication procedure that falls into five stages; version negotiation, key algorithm negotiation, authentication type negotiation, session request, and session interaction. 3.1 configuring ssh the basic...
Page 30
Table 3-2 configure and destroy rsa key-pairs operation command generate rsa key-pairs rsa local-key-pair create destroy the rsa key-pairs rsa local-key-pair destroy caution: an essential operation underlying a successful ssh login is generating local rsa key-pairs. Before performing any other ssh c...
Page 31
Set a server key-pair updating interval ssh server rekey-interval hours restore the default updating interval undo ssh server rekey-interval by default, the system does not update the server key-pair. Perform this task to set an ssh authentication timeout time period. Perform the following configura...
Page 32
When entering key data but they will be deleted by the system. The configured public key must be a consecutive hexadecimal character string coded in the public key format. Execute the public-key-code end command to stop public key editing and save the key. Before you save the key however, you should...
Page 34
Choose the proper ssh version. Generally the client provides several ssh versions. V1.20 supports ssh server 1.5, so you must choose 1.5 or lower. Specify the rsa key file. If you have configured to choose rsa authentication at the server, you must specify the rsa key file at the client. In normal c...
Page 35
Iii. Choose the ssh version click “ssh” under “connection” in the left “category” of the interface, then the following interface appears. Figure 3-2 ssh client configuration interface (2) specify the ssh version to “1”, as shown in the above interface. Iv. Enable the ssh connection in password authe...
Page 36
Figure 3-3 ssh client login interface (in password authentication mode ) after you have entered the correct user name and password, you can implement the connection. To log out, just use the logout command. V. Enable the ssh connection in ras authentication mode to enable the ssh connection in rsa m...
Page 37
Figure 3-4 putty generator software interface (1) choose “ssh1(rsa)” or “ssh2 rsa” as the parameter and enter the number of bits in the key. Click [generate] button to generate the rsa key. To ensure the random key, you are required to move the mouse. Once you stop moving the cursor, the generating ...
Page 38
Figure 3-5 putty key generator interface (2) enter a passphrase, if you want to use one. Save the key after you have generated the keys, you have an rsa public key and an rsa private key. Click [save public key] button and [save private key] menu to save the keys into files (e.G., publicmykey.Ppk an...
Page 39
If you need to perform an rsa authentication, you must specify the rsa private key file. If you only need to perform the password authentication, it is not necessary. Click the “auth” under “ssh” in the putty configuration interface and the following figure appears. Figure 3-6 ssh client configurati...
Page 40
Figure 3-7 ssh client login interface (in rsa authentication mode) after you have entered the correct username, you can perform the ssh connection. If a passphrase was used when generating the keys, the passphrase is also required before a successful ssh connection can be achieved. Note: the key gen...
Page 41
Note: if a local key-pair exists, you can omit this step. Authenticate login users with the password approach [3com] protocol inbound ssh 5 [3com] local-user client001 service-type operator ssh password simple 3com [3com] ssh user client001 authentication-type password you can adopt the default ssh ...
Page 42: Chapter 4 Configuring Ntp
Chapter 4 configuring ntp as provisioned in rfc1305, network time protocol (ntp) is a protocol of the tcp/ip suite, which is used to synchronize the timekeeping among a set of distributed time servers and clients on a network. The transmission relies on udp. Netw ork netw ork ntpmessage 10:00:00am n...
Page 43
Upon the departure of the ntp message, router b adds its timestamp 11:00:02am (t 3 ) again. Upon the receipt of the response, router a adds a new timestamp, that is, 10:00:03am (t 4 ). In this way, router a obtains adequate information for calculating two essential parameters. They are: roundtrip de...
Page 44
Configure the ntp server mode configure the ntp peer mode configure the ntp broadcast server mode configure ntp broadcast client mode configure ntp multicast server mode configure ntp multicast client mode i. Configure ntp server mode this task sets a remote server as the local time server by specif...
Page 46
Table 4-4 configure ntp broadcast client mode operation command configure ntp broadcast client mode ntp-service broadcast-client disable ntp broadcast client mode undo ntp-service broadcast-client this command must be configured on the interface to be used for receiving ntp broadcast messages. V. Co...
Page 47
Table 4-6 configure ntp multicast client mode operation command configure ntp multicast client mode ntp-service multicast-client [ x.X.X.X ] disable ntp multicast client mode undo ntp-service multicast-client multicast ip address x.X.X.X defaults to 224.0.1.1. This command must be configured on the ...
Page 48
4.2.4 specify reliable key you must specify a key to be a reliable one before it can be used for authentication. For example, if two routers want to use keyid 1 for authentication, both of them must specify it to be a reliable one. Perform the following configuration in system view. Table 4-9 specif...
Page 49
Table 4-11 set an external reference clock or the local clock as the ntp master clock operation command set an external reference clock or the local clock as the ntp master clock ntp-service refclock-master [ x.X.X.X ] [ stratum ] disable the ntp master clock setting undo ntp-service refclock-master...
Page 51
Perform the debugging command in all views to debug the ntp information. Table 4-15 display and debug the ntp information operation command display the state information of the ntp services display ntp-service status display the sessions state of the ntp service maintenance display ntp-service sessi...
Page 52
4.3.2 ntp-service source-interface disable syntax ntp-service source-interface disable undo ntp-service source-interface disable view interface view parameter none description using the ntp-service source-interface disable command, you can disable an interface to receive ntp messages. Using the undo...
Page 53
Version: defines ntp version number. Number: ntp version number in the range of 1 to 3. Authentication-keyid: defines an authentication key. Keyid: the key id carried in the messages transmitted to the remote server, which is in the range of 1 to 4294967295. Source-interface: specifies interface nam...
Page 55
This command declares that the local time server is the remote server specified by x.X.X.X. X.X.X.X represents a host address, which must not be a broadcast or multicast address, or the ip address of the reference clock. Configured with this command, the local device is working in client mode and th...
Page 56: Chapter 5 Configuring X2T
Chapter 5 configuring x2t the x.25 to tcp switch (x2t) technology can interconnect x.25 and ip networks and enables access between x.25 and ip hosts. X.25 terminal ip host router x.25 network tcp/ip network x.25 lapb x.25 lapb physical layer physical layer data link layer x2t ip data link layer ip t...
Page 57
Configure x2t route i. Enabling x.25 swit c hing before configuring x2t, you must enable x.25 switching. Perform the following configuration in system view. Table 5-1 configure x.25 switching operation command enable x.25 switching x25 switching disable x.25 switching undo x25 switching 5.2.2 config...
Page 58
Forwarding route delete the x.25-to-ip x2t forwarding route undo translate x25 x.121-address 2) configuring an ip-to-x.25 x2t forwarding route perform the following configuration in system view. Table 5-4 configure an ip-to-x.25 x2t forwarding route operation command configure an ip-to-x.25 x2t forw...
Page 59
2 configure the interface at the x.25 network side. [3com]interface serial 0 [3com-serial0]link-protocol x25 dce [3com-serial0]x25 x121-address 1111 3 configure the interface at the ip network side. [3com]interface ethernet 0 [3com-ethernet0]ip address 10.1.1.1 255.255.255.0 4 configure an x.25 rout...
Page 60
Chapter 6 configuring additional isdn support isdn configuration includes the following tasks: • configuring the isdn signaling type. • configuring the negotiation parameters of isdn layer 3. • configuring the spid parameters of the national (ni) isdn protocol. 6.1 configuring isdn signaling type by...
Page 61
Configure the router to become active to start data exchange before receiving connect ack messages. Undo isdn waitconnectack configure the interval for the q931 timers isdn q931-timer timer-name time-interval restore the default interval timers undo isdn q931-timer timer-name time-interval the isdn ...
Page 62
These can optionally be removed from the setup message. 6.2.3 att 5ess (lucent 5e) table 6-5 required att 5ess commands operation command disable the sending-complete information element in the setup message undo isdn sending-complete disable the setup ack messages if the received setup messages in ...
Page 63
Restore the setup message. Undo isdn ignore llc configure the router to wait for connect ack message replies from the connected exchange until switching to the active state. Isdn waitconnectack configure the router to become active to start data exchange before receiving connect ack messages. Undo i...