Cabletron Systems CoreWatch User Manual

Other manuals for CoreWatch: User Manual

Page of 386

Download

Print this page

Bookmark us

CoreWatch User’s Guide

9032564

1 2 3 4 5 6 7 Next › »

Summary of CoreWatch

Page 1
Corewatch user’s guide 9032564.
Page 3: Notice
Iii notice notice cabletron systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult cabletron systems to determine whether any such changes have been made. The hardware, firmware, or so...
Page 4: Fcc Notice
Notice iv fcc notice this device complies with part 15 of the fcc rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. Not...
Page 5: Declaration of Conformity
V notice declaration of conformity addendum application of council directive(s): 89/336/eec 73/23/eec manufacturer’s name: cabletron systems, inc. Manufacturer’s address: 35 industrial way po box 5005 rochester, nh 03867 european representative name: mr. J. Solari european representative address: ca...
Page 6
Notice vi.
Page 7
Corewatch users guide 7 contents preface..................................................................................................... 15 about this guide...................................................................................................................15 who should read this...
Page 8
Contents 8 corewatch users guide chapter 4: learning configuration expert basics................................. 35 what is configuration expert?............................................................................................ 35 starting configuration expert ..............................
Page 9
Corewatch users guide 9 contents chapter 7: configuring vlans on the ssr............................................ 81 a look at vlans on the ssr...............................................................................................81 vlan configuration tips ..................................
Page 10
Contents 10 corewatch users guide chapter 11: configuring the ssr for ipx routes ................................ 147 what is ipx? ................................................................................................................... ...... 147 creating ipx interfaces.....................
Page 11
Corewatch users guide 11 contents chapter 14: configuring ospf on the ssr.......................................... 235 setting ospf global parameters........................................................................................235 configuring ospf area tables................................
Page 12
Contents 12 corewatch users guide obtaining dvmrp interface information ................................................................ 305 obtaining dvmrp neighbor information............................................................... 307 obtaining dvmrp routing information .....................
Page 13
Corewatch users guide 13 contents appendix e: error messages ................................................................ 351 missing or invalid field error messages ..........................................................................351 duplicate objects error messages .....................
Page 14
Contents 14 corewatch users guide.
Page 15
Corewatch users guide 15 preface about this guide this guide provides a general overview of corewatch and provides procedures for using that application to configure and monitor a smartswitch router (ssr). For product information not available in this guide, see the manuals listed in “related docum...
Page 16
Preface 16 corewatch users guide configure the ssr for the distance vector multicast routing protocol (dvmrp) and internet group management protocol (igmp), which ip uses to perform multicast routing chapter 10 on page 135 configure internet packet exchange (ipx) routes on the ssr chapter 11 on pag...
Page 17
Corewatch users guide 17 preface related documentation the cabletron systems documentation set includes the following items. Refer to these other docu- ments to learn more about your product. For information about see the the smartswitch router (ssr) features and the procedures for installing the s...
Page 18
Preface 18 corewatch users guide.
Page 19
Corewatch users guide 19 chapter 1 a look at corewatch cabletron systems’ corewatch is a comprehensive, easy-to-use, device management and configuration application for smartswitch routers (ssrs). Based on java programming language, corewatch provides configuration, monitoring, and reporting capabi...
Page 20
Chapter 1: a look at corewatch 20 corewatch users guide • simplified routing configuration. • quality of service (qos) policy management. Qos is a set of parameters that assign priorities to different types of traffic, define flows for internet protocol (ip) and internetwork packet exchange (ipx) p...
Page 21
Corewatch users guide 21 chapter 1: a look at corewatch – check the status of each bridge table, routing table, and qos table. These tables contain information that corewatch obtains from mibs it supports. (for a list of these mibs, see “which mibs does the ssr support?” on page 21 .) – display mes...
Page 22
Chapter 1: a look at corewatch 22 corewatch users guide – bgp4-mib/rfc 1657 – ripv2-mib/rfc 1724 – etherlike-mib/rfc 1643 – bridge-mib/rfc 1493 • ietf proposed standard mibs: – if-mib/rfc 1573 – ip-group ipcidrtable-mib/rfc 2096 • experimental/enterprise mibs: – dot1q-vlan-mib/draft-jeya-vlan-8021q...
Page 23
(change for each manual) 23 chapter 2 corewatch installation installing corewatch you can install corewatch on a solaris 2.5.1, solaris 2.6, windows nt, or windows 95 system. The method you use to install corewatch depends on your environment. Separate discussions on installing corewatch in the sola...
Page 24
Chapter 2: corewatch installation installing on a windows nt or windows 95 system (for cli manual only) 24 (change for each manual) corewatch is installed in on your system in the /opt/cscw directory. 6. Add /opt/cscw/bin to your environment path. For details on adding items to a path, see your sola...
Page 25
Corewatch users guide 25 chapter 3 learning corewatch basics before using corewatch, you should be familiar with some basic corewatch tasks and be familiar with the application’s interface. This chapter • discusses starting corewatch. • provides an overview of the corewatch interface. • discusses c...
Page 26
Chapter 3: learning corewatch basics 26 corewatch users guide starting corewatch in solaris to start corewatch in the solaris 2.5.1 or 2.6 environment: 1. Enter the following command at the solaris prompt: the login dialog dialog box appears. Note: if the corewatch command is not found, you can loc...
Page 27
Corewatch users guide 27 chapter 3: learning corewatch basics to start corewatch from within spectrum: 1. Start spectrum. 2. If you know the topology location for your smartswrtr model, proceed to that location. Otherwise, open the find view by choosing the view menu, selecting new view , and then ...
Page 28
Chapter 3: learning corewatch basics 28 corewatch users guide front panel view after you start corewatch, a front panel view similar to the following appears: figure 1. Front panel view (ssr-8) the front panel view is a graphical representation of an ssr-8's front-panel chassis. You can use this vi...
Page 29
Corewatch users guide 29 chapter 3: learning corewatch basics a look at the modules in the front panel view, an ssr’s modules appear similar to the following figure. This figure is for an ethernet 10/100base-tx module, but the information corewatch displays to represent a module depends on that mod...
Page 30
Chapter 3: learning corewatch basics 30 corewatch users guide schematic view the schematic view, which looks similar to the following figure, is a graphical representation of an ssr's functions (such as bridging, switching, and routing services) and data objects (such as qos flows). It also indicat...
Page 31
Corewatch users guide 31 chapter 3: learning corewatch basics using the schematic view you can use the schematic view to display the corewatch tables and dials discussed later in this manual, and configure qos flows and security filters. To do so, perform one of the following operations: • move the...
Page 32
Chapter 3: learning corewatch basics 32 corewatch users guide • privileged password, which is the password you are prompted for when you start configuration expert. This password logs you in to configuration expert so that you can then use that utility to configure your ssr. Changing the login pass...
Page 33
Corewatch users guide 33 chapter 3: learning corewatch basics accessing help when using corewatch, you can access online help by choosing commands from the help menu or clicking the help button. If you click the help button, corewatch displays help specific to the form, dialog box, or other item yo...
Page 34
Chapter 3: learning corewatch basics 34 corewatch users guide exiting corewatch to exit corewatch, select the file menu and choose exit. Corewatch prompts you to verify that you want to exit. Click the quit button..
Page 35
Corewatch users manual 35 chapter 4 learning configuration expert basics configuration expert is a cabletron systems utility that lets you configure an ssr. This chapter • provides an overview of configuration expert. • explains how to start configuration expert. • discusses the configuration exper...
Page 36
Chapter 4: learning configuration expert basics 36 corewatch users manual • configure vlans • configure ip and ipx routing • configure multicast routing • set qos policies • set acls and security filters • configure multiple configuration files on the ssr like corewatch, configuration expert is a j...
Page 37
Corewatch users manual 37 chapter 4: learning configuration expert basics opening configuration expert from the schematic view to open configuration expert from the schematic view: 1. If you are not currently in the schematic view, switch to it by doing one of the following: – select the file menu ...
Page 38
Chapter 4: learning configuration expert basics 38 corewatch users manual 3. If the configuration expert login form appears, enter the privileged password and click ok. The configuration expert window appears. For details on this window, see “a look at the configuration expert window” next. A look ...
Page 39
Corewatch users manual 39 chapter 4: learning configuration expert basics the left pane of the configuration expert window includes the configuration tree, which you use to navigate to the objects (modules, ports, system, bridging, routing, and so on) you want to create, edit, or delete while confi...
Page 40
Chapter 4: learning configuration expert basics 40 corewatch users manual display the contents of the chassis configuration object and the module-1 object. As the figure shows, a plus sign (+) indicates an object can be expanded further and a minus sign (-) indicates an object cannot be expanded. Y...
Page 41
Corewatch users manual 41 chapter 4: learning configuration expert basics configuration files configuration expert stores ssr configuration information in the following configuration files: • active configuration—a file containing the configuration settings for the current ssr session. • startup co...
Page 42
Chapter 4: learning configuration expert basics 42 corewatch users manual a look at the configuration tree icons the configuration tree uses the icons described in the following table to represent configuration tree objects, to indicate that there is a wizard or dialog box associated with an object...
Page 43
Corewatch users manual 43 chapter 4: learning configuration expert basics property sheets are used to add easily configurable objects and also to modify the configuration settings of objects once they have been added. If there is a dialog box associated with an object, there will be a dialog box ic...
Page 44
Chapter 4: learning configuration expert basics 44 corewatch users manual you can copy an object’s configuration settings by copying and pasting that object or by dragging it to another object. Separate discussions on each method follow. As the previous table states, you can copy a port or module t...
Page 45
Corewatch users manual 45 chapter 4: learning configuration expert basics note: dragging an object from one location to another copies the object’s configuration settings. It does not move the object. To drag objects to copy their configuration settings: 1. Double-click objects in the configuration...
Page 46
Chapter 4: learning configuration expert basics 46 corewatch users manual servers, and configure the ssr for snmp traps. For details on performing these tasks, see chapter 5: “changing system settings” on page 49 . 2. Configure bridging on the ssr as discussed in chapter 6: “configuring ssr bridgin...
Page 47
Corewatch users manual 47 chapter 4: learning configuration expert basics figure 12. Commit configuration form 2. Select one of the options listed in the to configuration list box to specify to which configuration file or files you want to apply your changes. Note: you should commit changes made in...
Page 48
Chapter 4: learning configuration expert basics 48 corewatch users manual if you commit your changes to the active configuration file, the ssr checks the file for configuration errors. Note: configuration expert displays a red indicator next to any object that the ssr determines is not configured p...
Page 49
Corewatch users guide 49 chapter 5 changing system settings you change system settings through the system configuration object of a configuration file. This chapter discusses using configuration expert to perform the following tasks: • providing system information to set the ssr’s name, identify wh...
Page 50
Chapter 5: changing system settings 50 corewatch users guide a system id dialog box similar to the following appears: figure 13. System id dialog box 4. Enter the ssr’s name, the name of the ssr administrator, and the location of the ssr in the appropriate text boxes. 5. Click ok. Configuring ports...
Page 51
Corewatch users guide 51 chapter 5: changing system settings note: cabletron has configured the ssr’s hash mode to its optimal setting. It is recommended you not change the hash mode unless advised to do so by cabletron technical support. You can configure global settings for all ssr ports as well ...
Page 52
Chapter 5: changing system settings 52 corewatch users guide negotiate port speed and mode check box. Otherwise, clear the check box to disable auto negotiation on all gigabit ethernet ports. All gigabit ethernet ports use auto negotiation. If auto negotiation is not set on a gigabit ethernet port,...
Page 53
Corewatch users guide 53 chapter 5: changing system settings configuration file and automatically opens that port’s dialog box. If you are modifying that port in the active configuration file, go to step step 6 . 2. Open the configuration file you want to modify and then double-click that file’s sy...
Page 54
Chapter 5: changing system settings 54 corewatch users guide the module’s port list appears. The number of ports in the list depends on the module type. Figure 16. Sample port list 5. Select the port you want to configure..
Page 55
Corewatch users guide 55 chapter 5: changing system settings a physical attributes of port dialog box similar to the following appears: figure 17. Physical attributes of port dialog box 6. Specify whether you want to enable or disable the port by selecting the appropriate option button. Disabled po...
Page 56
Chapter 5: changing system settings 56 corewatch users guide 8. Set the layer 2 hash mode for the port. The hash mode controls the distribution of flow entries in layer-2 and layer-3 lookup tables. Assuming a mac address of the value 0011:2233:4455, the following list describes the various hash mod...
Page 57
Corewatch users guide 57 chapter 5: changing system settings a system log dialog box similar to the following appears: figure 18. System log dialog box 4. Enter the host name or ip address of the syslog server. 5. Select the level of messages you want the ssr to log. You may select one of the level...
Page 58
Chapter 5: changing system settings 58 corewatch users guide configuring for dns as an alternative to a host table on every system, some networks use a centralized domain naming system (dns) server to maintain name-to-ip-address mappings. You may configure the ssr to reach up to three dns servers. ...
Page 59
Corewatch users guide 59 chapter 5: changing system settings b. In the name server search order text box, enter the ip address of the dns server you want to add. Then click the add button. You can specify the address in dotted-decimal notation. After you click the add button, configuration expert a...
Page 60
Chapter 5: changing system settings 60 corewatch users guide 6. Double-click the snmp trap target object. 7. Do one of the following: – if you are configuring a new trap target, select the configure new trap target object from the list of trap targets. – if you are modifying an existing trap target...
Page 61
Corewatch users guide 61 chapter 5: changing system settings establishing community strings snmp management stations that want to access the ssr must supply a community string that you establish on the ssr. You can establish an ssr community string by specifying the string’s name and selecting the ...
Page 62
Chapter 5: changing system settings 62 corewatch users guide 6. In the community string text box, enter a character string for the community string. 7. Set the level of access to the ssr by selecting one of the options described in the following table: 8. Click ok. Table 8. Level-of-access options ...
Page 63
Corewatch users guide 63 chapter 6 configuring ssr bridging the ssr provides bridging functions. This chapter • provides an overview of bridging on an ssr. • discusses configuring the bridging mode of ports. A port’s bridging mode determines the contents of that port’s layer-2 lookup table. • discu...
Page 64
Chapter 6: configuring ssr bridging 64 corewatch users guide configuring the bridging mode of ports you can configure ports to use either of the following bridging modes. Each port has a layer-2 lookup table where mac address or flows are stored. A port’s bridging mode determines the contents of ea...
Page 65
Corewatch users guide 65 chapter 6: configuring ssr bridging configuring a port for flow-based bridging to configure a port for flow-based bridging: 1. Start configuration expert if you have not already done so. 2. Open the configuration file you want to modify and then double-click that file’s bri...
Page 66
Chapter 6: configuring ssr bridging 66 corewatch users guide note: clicking a module in the address mode list rather than double-clicking it selects all of the module’s ports that are currently using address-based bridging. Use this method if you are configuring all the ports on a module to use flo...
Page 67
Corewatch users guide 67 chapter 6: configuring ssr bridging figure 23. Bridging mode dialog box (address-based bridging) 4. In the flow mode list, double-click the module on which the port you want to configure is located. Configuration expert displays the module’s ports that are currently using f...
Page 68
Chapter 6: configuring ssr bridging 68 corewatch users guide this method if you are configuring all the ports on a module to use address- based bridging. 5. Click the remove button. Configuration expert moves the selected port from the flow mode list to the corresponding module in the address mode ...
Page 69
Corewatch users guide 69 chapter 6: configuring ssr bridging a default aging timeout dialog box similar to the following appears: figure 24. Default aging timeout dialog box 5. Enter the number of seconds that the ssr is to allow a learned mac address to remain in the layer-2 lookup table. You can ...
Page 70
Chapter 6: configuring ssr bridging 70 corewatch users guide figure 25. Set aging timeout dialog box 5. From the module drop-down list, select the module containing the port you want to configure. 6. From the port drop-down list, select the port you want to configure. 7. In the timeout box, enter t...
Page 71
Corewatch users guide 71 chapter 6: configuring ssr bridging 4. In the list of aging objects that appears, select the aging state object. A bridge aging state dialog box similar to the following appears: figure 26. Bridge aging state dialog box 5. In the aging state enabled list, double-click the m...
Page 72
Chapter 6: configuring ssr bridging 72 corewatch users guide note: clicking a module in the aging state enabled list rather than double-clicking it selects all of the module’s ports on which aging is currently enabled. Use this method if you want to disable aging on all of those ports. 6. Click the...
Page 73
Corewatch users guide 73 chapter 6: configuring ssr bridging figure 27. Bridge aging state dialog box 5. In the aging state disabled list, double-click the module on which the port you want to enable is located. Configuration expert displays the module’s ports on which aging is disabled. From the l...
Page 74
Chapter 6: configuring ssr bridging 74 corewatch users guide 6. Click the remove button. Configuration expert moves the selected port from the aging state disabled list to the corresponding module in the aging state enabled list. 7. Click ok. Configuration expert adds the port to those found in the...
Page 75
Corewatch users guide 75 chapter 6: configuring ssr bridging defining stp settings for ssr bridging you can define global stp settings that the ssr uses for bridging. To define global stp settings: 1. Start configuration expert if you have not already done so. 2. Open the configuration file you wan...
Page 76
Chapter 6: configuring ssr bridging 76 corewatch users guide the maximum age is the length of time the ssr keeps the stp-protocol information it receives. You can specify a number from 6 to 40. The default is 20. 8. In the forward delay box, enter the number of seconds you want to elapse between th...
Page 77
Corewatch users guide 77 chapter 6: configuring ssr bridging a set stp port specific settings dialog box similar to the following appears: figure 29. Set stp port specific settings dialog box 6. From the module drop-down list, select the module containing the port you want to configure. 7. From the...
Page 78
Chapter 6: configuring ssr bridging 78 corewatch users guide 4. In the list of stp objects that appears, select the stp port state object. A bridging stp dialog box similar to the following appears: figure 30. Bridging stp dialog box (enabling stp) 5. In the stp disabled ports list, double-click th...
Page 79
Corewatch users guide 79 chapter 6: configuring ssr bridging note: clicking a module in the stp disabled ports list rather than double-clicking it selects all of the module’s ports on which stp is currently disabled. Use this method if you want to enable stp on all of those ports. 6. Click the add ...
Page 80
Chapter 6: configuring ssr bridging 80 corewatch users guide 5. In the stp enabled ports list, double-click the module containing the port you want to configure. Configuration expert displays the module’s ports on which stp is enabled. From the list of ports that appears, select the port on which y...
Page 81
Corewatch users guide 81 chapter 7 configuring vlans on the ssr you configure vlans to limit the scope of traffic on the ssr. This chapter • provides an overview of vlans on the ssr. • lists tips that make vlan configuration easy. • discusses defining ports for vlans. • discusses creating the diffe...
Page 82
Chapter 7: configuring vlans on the ssr 82 corewatch users guide • protocol-based vlan, which divides the physical network into logical vlans based on one or more of the following protocols: – ip vlan, which is a vlan used for ip traffic. – ipx vlan, which is a vlan used for ipx traffic. – bridged-...
Page 83
Corewatch users guide 83 chapter 7: configuring vlans on the ssr • when removing ports from a vlan, you can remove all of a module’s ports at one time rather than removing them individually.To do so, click rather than double-clock the module in the selected port list box of the dialog box you use t...
Page 84
Chapter 7: configuring vlans on the ssr 84 corewatch users guide figure 32. Bridging vlan mode dialog box 4. Do one of the following: – define an access port by double-clicking that port’s module in the trunk ports list. From the list of trunk ports that appears, select the port that you want to de...
Page 85
Corewatch users guide 85 chapter 7: configuring vlans on the ssr – define a trunk port by double-clicking that port’s module in the access ports list. From the list of access ports that appears, select the port that you want to define as a trunk port. Then click the add button. After you click the ...
Page 86
Chapter 7: configuring vlans on the ssr 86 corewatch users guide 2. Open the configuration file you want to modify and then double-click that file’s bridging configuration object. 3. Double-click the vlan configuration object. 4. Click the configure new vlan object. Configuration expert opens the v...
Page 87
Corewatch users guide 87 chapter 7: configuring vlans on the ssr figure 34. Vlan type panel (protocol-based) 6. Select the protocol-based vlan option and then click next. 7. In the wizard panel that appears, define the vlan by taking the following steps: a. In the vlan name box, enter a name for th...
Page 88
Chapter 7: configuring vlans on the ssr 88 corewatch users guide or more of the options described in the following table: the following figure is an example of the information you enter to define a protocol- based vlan: figure 35. Vlan definition panel (protocol-based) 8. Click next. A wizard panel...
Page 89
Corewatch users guide 89 chapter 7: configuring vlans on the ssr figure 36. Update port list panel (protocol-based) 9. Add a port to the vlan by doing the following: a. In the available port list, double-click the module on which the port you want to add is located. From the list of available ports...
Page 90
Chapter 7: configuring vlans on the ssr 90 corewatch users guide b. Click the add button. Configuration expert moves the selected port from the available port list to the corresponding module in the selected port list. If you accidentally add a port that you do not want to include in the vlan, you ...
Page 91
Corewatch users guide 91 chapter 7: configuring vlans on the ssr figure 38. Vlan wizard (port-based) 5. Click next. Configuration expert prompts you to specify which type of vlan you want to configure. Figure 39. Vlan type panel (port-based) 6. Select the port-based vlan option, then click next..
Page 92
Chapter 7: configuring vlans on the ssr 92 corewatch users guide 7. In the wizard panel that appears, define the vlan by taking the following steps: a. In the vlan name box, enter a name for the vlan. The vlan name is a string up to 32 characters long. You cannot begin a vlan name with an underscor...
Page 93
Corewatch users guide 93 chapter 7: configuring vlans on the ssr because port-based vlans are used for all the different types of protocol traffic, configuration expert automatically selects all the protocol binding options described in the following table. You cannot change these selections. 8. Cl...
Page 94
Chapter 7: configuring vlans on the ssr 94 corewatch users guide figure 42. Expanded update port list panel (port-based) b. Click the add button. Configuration expert moves the selected port from the available port list to the corresponding module in the selected port list. If you accidentally add ...
Page 95
Corewatch users guide 95 chapter 7: configuring vlans on the ssr discussions on modifying the different types of vlans and changing which ports are included in a vlan follow. Changing a port-based vlans name or id to change the name of a port-based vlan: 1. Start configuration expert if you have n...
Page 96
Chapter 7: configuring vlans on the ssr 96 corewatch users guide changing a protocol-based vlans name, id, or protocol binding to modify the name, id, or protocol binding of a protocol-based vlan: 1. Start configuration expert if you have not already done so. Note: if you start configuration exper...
Page 97
Corewatch users guide 97 chapter 7: configuring vlans on the ssr replacing an interfaces vlan you can quickly replace an interface’s vlan with another vlan. To do so, you either drag an ip vlan to an ip interface or an ipx vlan to an ipx interface. To replace an interface’s vlan by dragging a vlan...
Page 98
Chapter 7: configuring vlans on the ssr 98 corewatch users guide 1. Start configuration expert if you have not already done so. Note: if you start configuration expert from the schematic view using the configure vlan command, configuration expert automatically expands the active configuration file’...
Page 99
Corewatch users guide 99 chapter 7: configuring vlans on the ssr 4. Do one of the following: – if you want to change the ports of a port-based vlan, double-click the port based vlans object. – if you want to change the ports of a protocol-based vlan, double-click the protocol based vlans object. 5....
Page 100
Chapter 7: configuring vlans on the ssr 100 corewatch users guide clicking a module rather than double-clicking it in a list box selects all of the module’s ports in that list box. This is a quick way to select all of a module’s ports if you want to add or remove them all at the same time. 7. After...
Page 101
Corewatch users guide 101 chapter 8 configuring ip interfaces for the ssr configure ip interfaces for the ssr if you want to use the ssr for ip-based unicast or multicast traffic. This chapter • provides an overview of ip • describes creating and modifying ip interfaces • indicates what you need to...
Page 102
Chapter 8: configuring ip interfaces for the ssr 102 corewatch users guide to communicate with one another through the router, the hosts make entries in routing tables as shown in the following table. For example, host a communicates with host b by using the route specified with the 11.0.0.0 10.0.0...
Page 103
Corewatch users guide 103 chapter 8: configuring ip interfaces for the ssr the 32-bits of an ip address are grouped into four eight-bit octets, which are separated by decimal points. Each bit in an octet has a binary weight (128, 64, 32, 16, 8, 4, 2, 1). Each octet is represented in decimal format ...
Page 104
Chapter 8: configuring ip interfaces for the ssr 104 corewatch users guide when you create ip interfaces on the ssr, you provide information about the interface (such as its name, ip address, netmask, broadcast address, and so on). You also enable or disable the interface and bind the interface to ...
Page 105
Corewatch users guide 105 chapter 8: configuring ip interfaces for the ssr figure 46. Ip interface wizard (single port) 5. Click next. An ip interface definition panel similar to the following appears: figure 47. Interface definition panel (single port).
Page 106
Chapter 8: configuring ip interfaces for the ssr 106 corewatch users guide 6. Enter the name of the interface in the interface name box. Then either select up to enable the interface or select down to disable it. 7. Enter the number of bytes you want to specify for the maximum transmission unit (mt...
Page 107
Corewatch users guide 107 chapter 8: configuring ip interfaces for the ssr figure 49. Bind to vlan or port panel (single port) 11. Click next. Configuration expert displays a bound port list panel. Figure 50. Bound port list panel (single port) 12. Bind the interface to a single port by doing the f...
Page 108
Chapter 8: configuring ip interfaces for the ssr 108 corewatch users guide a. In the available port list, double-click the module containing the desired port. From the list of available ports that appears, select the port that you want to bind to the interface. B. Click the add button. Note: you ca...
Page 109
Corewatch users guide 109 chapter 8: configuring ip interfaces for the ssr desired acl and apply it as discussed in “applying acls to ip or ipx interfaces” on page 212 . 15. If you specified you wanted to apply an acl, use the apply ip acl panel that appears to apply an acl to the interface. Figure...
Page 110
Chapter 8: configuring ip interfaces for the ssr 110 corewatch users guide go through, you must explicitly define a rule to permit all traffic. To do so, make sure the last rule of the acl permits all traffic. Creating ip interfaces bound to a vlan if you have created an ip vlan, you can bind that ...
Page 111
Corewatch users guide 111 chapter 8: configuring ip interfaces for the ssr figure 54. Interface definition panel (vlan) 6. Enter the name of the interface in the interface name box, then either select up to enable the interface or select down to disable it. 7. Enter the number of bytes you want to ...
Page 112
Chapter 8: configuring ip interfaces for the ssr 112 corewatch users guide figure 55. Bound ip address panel (vlan) 10. Click next and then click the bind the interface to vlan option in the panel that appears. That option is available only if there are existing ip vlans. Figure 56. Bind to vlan or...
Page 113
Corewatch users guide 113 chapter 8: configuring ip interfaces for the ssr figure 57. Interface definition panel (vlan) 12. Click next. The apply acls panel appears. Figure 58. Apply acls panel (vlan).
Page 114
Chapter 8: configuring ip interfaces for the ssr 114 corewatch users guide 13. Specify whether you want to apply an acl to the interface by doing one of the following: – to not apply an acl, select no and then click finish. This completes the configuration of the interface but does not apply any ac...
Page 115
Corewatch users guide 115 chapter 8: configuring ip interfaces for the ssr inbound traffic is packets coming into the interface while outbound traffic is packets going out of that interface. Select input to filter inbound traffic and select output to filter outbound traffic. Selecting both check bo...
Page 116
Chapter 8: configuring ip interfaces for the ssr 116 corewatch users guide 5. In the list of interfaces that appears, double-click the one you want to modify. Configuration expert displays the contents of the object and the interface definition dialog box of the interface. Figure 60. Interface defi...
Page 117
Corewatch users guide 117 chapter 8: configuring ip interfaces for the ssr figure 61. Update acl list dialog box you can add an acl by selecting it in the available ip acls list and then clicking add . You can remove an acl by selecting it in the selected acls list and then clicking remove . Note: ...
Page 118
Chapter 8: configuring ip interfaces for the ssr 118 corewatch users guide figure 62. Edit acl dialog box 12. Select or clear the filter state check boxes to specify whether you want the acl to filter inbound traffic (input), outbound traffic (output), or both input and outbound traffic. Click ok. ...
Page 119
Corewatch users guide 119 chapter 9 configuring unicast routing on the ssr ip can perform unicast routing using rip. Configuration expert lets you configure the ssr for rip. This chapter • discusses configuring unicast parameters and static entries that can be used by rip. • provides an overview of...
Page 120
Chapter 9: configuring unicast routing on the ssr 120 corewatch users guide setting global parameters for unicast routing configuration expert lets you configure global unicast routing parameters for rip. To configure these global parameters: 1. Start configuration expert if you have not already do...
Page 121
Corewatch users guide 121 chapter 9: configuring unicast routing on the ssr then the router id is set to the address of the first interface which is in the up state that the ssr encounters. The address of a non-point-to-point interface is preferred over the local address of a point-to-point interfa...
Page 122
Chapter 9: configuring unicast routing on the ssr 122 corewatch users guide figure 65. Static arp entry panel 6. Enter the ip address and mac address of the host’s arp entry in the appropriate text boxes, then click next. Configuration expert displays a bound port list panel. Figure 66. Bound port ...
Page 123
Corewatch users guide 123 chapter 9: configuring unicast routing on the ssr 7. Bind the entry to a port that the host is connected to by doing the following: a. In the available port list, double-click the module containing the desired port. From the list of available ports that appears, select the...
Page 124
Chapter 9: configuring unicast routing on the ssr 124 corewatch users guide figure 67. Ip static route definition dialog box 5. Enter the route’s ip address and network mask in the appropriate text boxes. 6. In the gateway ip address box, enter the ip address of the next-hop gateway associated with...
Page 125
Corewatch users guide 125 chapter 9: configuring unicast routing on the ssr 11. Specify whether you want to cause packets to be dropped and unreachable messages to be sent to packet originators by selecting yes or no for both the reject packets to this host and send route unreachable msg on rejecti...
Page 126
Chapter 9: configuring unicast routing on the ssr 126 corewatch users guide the ssr's subnetwork. You could also configure the ssr to not accept rip data from the subnetwork but to accept rip packets from the other rip router. In the ip environment, rip bases routing on a hop count. Rip only suppor...
Page 127
Corewatch users guide 127 chapter 9: configuring unicast routing on the ssr note: do not change the default preference values unless you fully understand the implications of doing so. Even though you can set preference in several places, each route has only one preference value associated with it. ...
Page 128
Chapter 9: configuring unicast routing on the ssr 128 corewatch users guide 3. Double-click the ip routing configuration object. 4. Double-click the ip unicast routing object. Then double-click the rip routing object and click the rip global parameters object. A rip global parameters dialog box sim...
Page 129
Corewatch users guide 129 chapter 9: configuring unicast routing on the ssr note: the metric 16 (the default) is equivalent in rip to “infinite” and makes a route unreachable. You must set the default metric to a value other than 16 in order to allow the ssr to export routes from other protocols su...
Page 130
Chapter 9: configuring unicast routing on the ssr 130 corewatch users guide figure 69. Rip interface definition dialog box 6. Select the ip interface you want to define as an ip rip interface from the interface/name address drop-down list. The interface/name address drop-down list includes existing...
Page 131
Corewatch users guide 131 chapter 9: configuring unicast routing on the ssr note: setting both the rip packet receipt and rip packet transmission options to disabled will disable ip rip on an interface. You may want to do so to temporarily disable rip on an interface. 8. Click ok. 9. Repeat step 5 ...
Page 132
Chapter 9: configuring unicast routing on the ssr 132 corewatch users guide configuration expert adds the interfaces on which rip is enabled to the list of interfaces found in the rip enabled ip interfaces object. Deleting the interface from that object will disable rip on the interface, but the in...
Page 133
Corewatch users guide 133 chapter 9: configuring unicast routing on the ssr 4. Double-click the ip unicast routing object and then double-click the rip routing object. Double-click the rip source gateways object. 5. Click the configure new rip source gateway object. 6. In the rip source gateway dia...
Page 134
Chapter 9: configuring unicast routing on the ssr 134 corewatch users guide.
Page 135
Corewatch users guide 135 chapter 10 configuring multicast routing on the ssr multicast routing on the ssr is supported through the distance vector multicast routing protocol (dvmrp) and internet group management protocol (igmp). Dvmrp is used to determine forwarding of multicast traffic between ss...
Page 136
Chapter 10: configuring multicast routing on the ssr 136 corewatch users guide task force (ietf) document. The ssr’s implementation of dvmrp supports the following: • mtrace, which is a utility that tracks the multicast path from a source to a receiver. • generation identifiers, which are assigned ...
Page 137
Corewatch users guide 137 chapter 10: configuring multicast routing on the ssr • enabling or disabling dvmrp on tunnels. Setting dvmrp global parameters on the ssr set dvmrp global parameters to enable or disable multicast routing on the ssr and to specify whether or not the ssr performs pruning to...
Page 138
Chapter 10: configuring multicast routing on the ssr 138 corewatch users guide configuring dvmrp interfaces when configuring the ssr for dvmrp, you can enable or disable that protocol on ip interfaces. If you enable dvmrp on an interface, you can set dvmrp parameters on that interface. To configure...
Page 139
Corewatch users guide 139 chapter 10: configuring multicast routing on the ssr 6. If you are defining a new dvmrp interface, select the ip address or host name of the interface on which you are enabling or disabling dvmrp. You will not be able to change the ip address if you are modifying an existi...
Page 140
Chapter 10: configuring multicast routing on the ssr 140 corewatch users guide – if you are modifying an existing tunnel, select that tunnel. – if you are creating a new tunnel, select the configure new ip tunnel option. An ip tunnel definition dialog box similar to the following appears: figure 72...
Page 141
Corewatch users guide 141 chapter 10: configuring multicast routing on the ssr 7. Set the dvmrp parameters as discussed in the following table: 8. Click ok. Configuration expert adds the tunnel to the list of those found in the ip tunnel configuration object. Before the ssr can use the tunnel for m...
Page 142
Chapter 10: configuring multicast routing on the ssr 142 corewatch users guide figure 73. Dvmrp tunnel dialog box 6. Enable and disable dvmrp on tunnels. To enable dvmrp on a tunnel, select that tunnel from the available tunnels list and click the add button. To disable dvmrp on a tunnel, select th...
Page 143
Corewatch users guide 143 chapter 10: configuring multicast routing on the ssr on the ssr, igmp can be configured on a per interface basis. You can configure an ssr interface to support igmp only or both igmp and dvmrp. If an interface is configured for both igmp and dvmrp, igmp starts and stops au...
Page 144
Chapter 10: configuring multicast routing on the ssr 144 corewatch users guide 2. Open the configuration file you want to modify and then double-click that file’s routing configuration object. 3. Double-click the ip routing configuration object. 4. Double-click the ip multicast routing object. Then...
Page 145
Corewatch users guide 145 chapter 10: configuring multicast routing on the ssr 1. Start configuration expert if you have not already done so. 2. Open the configuration file you want to modify and then double-click that file’s routing configuration object. 3. Double-click the ip routing configuratio...
Page 146
Chapter 10: configuring multicast routing on the ssr 146 corewatch users guide 7. Specify whether you want to enable or disable igmp on the interface by selecting the appropriate options. 8. Click ok. 9. Repeat step 5 through step 8 until you configure all the igmp interfaces necessary for your net...
Page 147
Corewatch users guide 147 chapter 11 configuring the ssr for ipx routes the internetwork packet exchange (ipx) is a datagram connectionless protocol for the novell netware environment. You can configure the ssr for ipx routing and sap. This chapter • provides an overview of ipx on the ssr. • discus...
Page 148
Chapter 11: configuring the ssr for ipx routes 148 corewatch users guide the ssr uses ipx rip to create and maintain a database of internetwork routing information. The ssr's implementation of rip allows the following exchanges of information: • workstations locate the fastest route to a network nu...
Page 149
Corewatch users guide 149 chapter 11: configuring the ssr for ipx routes creating ipx interfaces when you create ipx interfaces on the ssr, you provide information about the interface (such as its name, output mac encapsulation, and ipx address). You also enable or disable the interface and bind th...
Page 150
Chapter 11: configuring the ssr for ipx routes 150 corewatch users guide figure 76. Ipx interface wizard (single port) 5. Click next. An ipx interface definition panel similar to the following appears: figure 77. Interface definition panel (single port).
Page 151
Corewatch users guide 151 chapter 11: configuring the ssr for ipx routes 6. Enter the name of the interface in the interface name box. Then either select up to enable the interface or select down to disable it. 7. Set the output mac encapsulation you want associated with the interface by selecting ...
Page 152
Chapter 11: configuring the ssr for ipx routes 152 corewatch users guide figure 79. Bind to vlan or port panel (single port) 10. Click next. Configuration expert displays a bound port list panel similar to the following: figure 80. Bound port list panel (single port) 11. Bind the interface to a sin...
Page 153
Corewatch users guide 153 chapter 11: configuring the ssr for ipx routes a. In the available port list, double-click the module containing the desired port. From the list of available ports that appears, select the port that you want to bind to the interface. B. Click the add button. Note: you can ...
Page 154
Chapter 11: configuring the ssr for ipx routes 154 corewatch users guide desired acl and apply it as discussed in “applying acls to ip or ipx interfaces” on page 212 . 14. If you specified you wanted to apply an acl, use the apply ipx acl panel that appears to apply an acl to the interface. Figure ...
Page 155
Corewatch users guide 155 chapter 11: configuring the ssr for ipx routes configuration expert adds the new interface to those found in the ipx interfaces bound to ports object. Note: when you apply an acl to an interface, the ssr appends an implicit deny rule to that acl. The implicit deny rule den...
Page 156
Chapter 11: configuring the ssr for ipx routes 156 corewatch users guide an ipx interface definition panel similar to the following appears: figure 84. Interface defintion (vlan) 6. Enter the name of the interface in the interface name box. Then either select up to enable the interface or select do...
Page 157
Corewatch users guide 157 chapter 11: configuring the ssr for ipx routes figure 85. Bound ipx address (vlan) 9. Click next and then select the bind the interface to vlan option in the panel that appears. This option is available only if there are existing ipx vlans. Figure 86. Bind to vlan or port ...
Page 158
Chapter 11: configuring the ssr for ipx routes 158 corewatch users guide figure 87. Interface defintion (vlan) 11. Click next. The apply acls panel appears. Figure 88. Apply acls panel.
Page 159
Corewatch users guide 159 chapter 11: configuring the ssr for ipx routes 12. Specify whether you want to apply an acl to the interface by doing one of the following. – to not apply an acl, select no. Then click finish, which completes the configuration of the interface but does not apply any acl to...
Page 160
Chapter 11: configuring the ssr for ipx routes 160 corewatch users guide traffic, outbound traffic, or both inbound and outbound traffic. Inbound traffic is packets coming into the interface while outbound traffic is packets going out of that interface. Select input to filter inbound traffic. Selec...
Page 161
Corewatch users guide 161 chapter 11: configuring the ssr for ipx routes 4. Double-click the ipx interface configuration object. Then do one of the following: – if the interface you want to modify is bound to a port, double-click the ipx interfaces bound to ports object. – if the interface you want...
Page 162
Chapter 11: configuring the ssr for ipx routes 162 corewatch users guide – if you are modifying a vlan-bound interface, click the interface’s vlan object, select a new vlan from the vlan name drop-down list that appears in the interface definition dialog box, and click ok. 9. If you want to change ...
Page 163
Corewatch users guide 163 chapter 11: configuring the ssr for ipx routes figure 92. Edit acl dialog box 12. Select or clear the filter state check boxes to specify whether you want the acl to filter inbound traffic (input), outbound traffic (output), or both input and outbound traffic. Click ok. Ca...
Page 164
Chapter 11: configuring the ssr for ipx routes 164 corewatch users guide • a router request for the names and addresses of either all the servers or all the servers of a certain type on the internetwork • a response to either a workstation or router request • periodic broadcast by servers and route...
Page 165
Corewatch users guide 165 chapter 11: configuring the ssr for ipx routes figure 93. Sap entry dialog box 6. Configure the ipx sap entry as discussed in the following table: 7. Click ok. Configuration expert adds the entry to those found in the ipx sap entries object. Table 18. Ipx sap fields field ...
Page 166
Chapter 11: configuring the ssr for ipx routes 166 corewatch users guide what to do next after configuring the ssr for ipx, you may perform the following tasks. Both tasks are optional. • control traffic as discussed in chapter 12: “configuring qos on the ssr” on page 167 . • set up security as dis...
Page 167
Corewatch users guide 167 chapter 12 configuring qos on the ssr after you define interfaces on the ssr, you can configure qos policies to control traffic. This chapter • provides an overview of qos. • lists the order in which you perform the various qos-configuration tasks. • discusses establishing...
Page 168
Chapter 12: configuring qos on the ssr 168 corewatch users guide – medium – low setting priorities for network traffic helps ensure that critical traffic will reach its destination even if the exit ports for the traffic are experiencing greater than maximum utilization. Note: control priority is re...
Page 169
Corewatch users guide 169 chapter 12: configuring qos on the ssr figure 94. Queuing discipline configuration dialog box 5. Specify whether you want to use strict priority or weighted-fair queuing by selecting the appropriate option. 6. If you selected the use weighted-fair queuing option, set the a...
Page 170
Chapter 12: configuring qos on the ssr 170 corewatch users guide • destination tcp or udp port • destination ip address • source tcp or udp port • source ip address • type of service (tos) for the packet • incoming interface • protocol (tcp or udp) to assign the ip qos precedence: 1. Start configur...
Page 171
Corewatch users guide 171 chapter 12: configuring qos on the ssr select that field and then click the up and down buttons until the field is listed next to the desired precedence value. You may assign a precedence value from 1 to 7, where 1 is the highest precedence value. The default precedences o...
Page 172
Chapter 12: configuring qos on the ssr 172 corewatch users guide figure 96. Ipx qos precedence dialog box 6. Assign one of the precedence values shown in the order list to each of the ip-flow fields shown in the flow components list. To assign a precedence value to a field, select that field and th...
Page 173
Corewatch users guide 173 chapter 12: configuring qos on the ssr • specifying to what you want the flow to apply. You apply ip and ipx flows to one or more interfaces. You apply layer-2 flows to one or more ports. The method you use to create a qos profile depends on whether you are defining an ip,...
Page 174
Chapter 12: configuring qos on the ssr 174 corewatch users guide figure 98. Qos - flow types panel (ip flow) 5. Click next. A qos l3/l4 flow priority panel similar to the following appears: figure 99. Qos - l3/l4 flow priority (ip flow) 6. Enter the flow’s name in the flow name box..
Page 175
Corewatch users guide 175 chapter 12: configuring qos on the ssr 7. From the flow priority drop-down list, select the priority you want to assign to the fields listed in the flow definition section of the panel. The following table describes the priorities you may set: 8. Define each flow field as ...
Page 176
Chapter 12: configuring qos on the ssr 176 corewatch users guide 9. Click next. In the qos flow types panel that appears, specify whether you want to apply the flow to specific ip interfaces. Selecting no applies the flow to all ip interfaces. Selecting yes allows you to apply the flow to specific ...
Page 177
Corewatch users guide 177 chapter 12: configuring qos on the ssr figure 100. Apply to ip interfaces panel (ip flow) 10. Do one of the following: – if you selected no, click finish. Configuration expert adds the qos profile to those included in the ip qos profiles object. – if you selected yes, clic...
Page 178
Chapter 12: configuring qos on the ssr 178 corewatch users guide figure 101. Policy input interface list panel (ip flow) if you accidentally add a wrong interface, remove it by selecting it in the selected interfaces list and clicking the delete button. After you click finish, configuration expert ...
Page 179
Corewatch users guide 179 chapter 12: configuring qos on the ssr figure 102. Qos wizard (ipx flow) 4. Click next. Configuration expert prompts you to specify which type of flow you want to define. Figure 103. Qos - flow types panel (ipx flow) 5. Select ipx flow and click next..
Page 180
Chapter 12: configuring qos on the ssr 180 corewatch users guide an ipx policy definition panel similar to the following appears: figure 104. Ipx policy definition panel (ipx flow) 6. Specify the flow’s name in the name box. 7. From the flow priority drop-down list, select the priority you want to ...
Page 181
Corewatch users guide 181 chapter 12: configuring qos on the ssr 8. Define each flow field as discussed in the following table. You can enter any in a flow field to specify a wildcard (“don’t care”) condition. 9. Click next. In the panel that appears, specify whether you want to apply the flow to s...
Page 182
Chapter 12: configuring qos on the ssr 182 corewatch users guide figure 105. Apply to ipx interfaces panel (ipx flow) 10. Do one of the following: – if you selected no, click finish. Configuration expert adds the qos profile to those included in the ipx qos profiles object. – if you selected yes, c...
Page 183
Corewatch users guide 183 chapter 12: configuring qos on the ssr figure 106. Policy input interface list panel (ipx flow) if you accidentally add a wrong interface, remove it by selecting it in the selected interfaces list and clicking the delete button. After you click finish, configuration expert...
Page 184
Chapter 12: configuring qos on the ssr 184 corewatch users guide figure 107. Qos wizard (layer-2 flow) 4. Click next. Configuration expert prompts you to specify which type of flow you want to define. Figure 108. Qos - flow types panel (layer-2 flow) 5. Select l2 flow and click next..
Page 185
Corewatch users guide 185 chapter 12: configuring qos on the ssr an l2 flow priority definition panel similar to the following appears: figure 109. L2 flow priority definition panel (layer-2 flow) 6. Specify the flow’s name in the name box. 7. From the flow priority drop-down list, select the prior...
Page 186
Chapter 12: configuring qos on the ssr 186 corewatch users guide 8. Define each flow field as discussed in the following table: 9. Click next. In the panel that appears, specify whether you want to apply the flow to specific ports. Selecting no applies the flow to all ports. Selecting yes allows yo...
Page 187
Corewatch users guide 187 chapter 12: configuring qos on the ssr to specify a port, double-click that port’s module in the update port list, select the port from the port list that appears, and click the add button. Figure 111. Update port list panel (layer-2 flow) clicking a module rather than dou...
Page 188
Chapter 12: configuring qos on the ssr 188 corewatch users guide 1. Start configuration expert if you have not already done so. 2. Open the configuration file you want to modify and then double-click that file’s qos configuration object. 3. Double-click the ip qos profiles object. 4. From the list ...
Page 189
Corewatch users guide 189 chapter 12: configuring qos on the ssr 2. Open the configuration file you want to modify and then double-click that file’s qos configuration object. 3. Double-click the ipx qos profiles object. 4. From the list of ipx qos profiles that appears, click the one you want to ed...
Page 190
Chapter 12: configuring qos on the ssr 190 corewatch users guide 3. Double-click the layer-2 qos profiles object. 4. From the list of layer-2 qos profiles that appears, click the one you want to edit. An l2 flow priority definition dialog box similar to the following appears: figure 114. L2 flow pr...
Page 191
Corewatch users guide 191 chapter 12: configuring qos on the ssr adding or deleting a flows interfaces through a dialog box to use a dialog box to add an interface to a flow’s list of interfaces or delete one from the list: 1. Start configuration expert if you have not already done so. 2. Open the...
Page 192
Chapter 12: configuring qos on the ssr 192 corewatch users guide – to delete interfaces, select them in the selected interfaces list and click the delete button. 7. Click ok. Dragging an interface to apply a flow to the interface you can add an interface to a qos profile’s list of interfaces by dra...
Page 193
Corewatch users guide 193 chapter 12: configuring qos on the ssr 4. From the list of flows that appears, double-click the flow associated with the port list you want to change. 5. Click the flow’s bound port list object. A bound port list dialog box similar to the following appears: figure 116. Bou...
Page 194
Chapter 12: configuring qos on the ssr 194 corewatch users guide.
Page 195
Corewatch users guide 195 chapter 13 configuring security on the ssr you configure security on the ssr by defining access control lists (acls) for ip and ipx interfaces, applying those acls to interfaces, and setting layer-2 filters. This chapter • provides an overview that briefly describes acls. ...
Page 196
Chapter 13: configuring security on the ssr 196 corewatch users guide setting ip security you can set security on an ip network by configuring acls that you will apply to ip interfaces. To set security: 1. Start configuration expert if you have not already done so. 2. Open the configuration file yo...
Page 197
Corewatch users guide 197 chapter 13: configuring security on the ssr figure 118. Ip acl name panel 6. Enter the acl’s name in the acl name box and click next. An ip acl rule panel similar to the following appears: figure 119. Ip acl rule panel.
Page 198
Chapter 13: configuring security on the ssr 198 corewatch users guide 7. If you want to permit traffic that meets the rule’s criteria, select the permit option. Otherwise, block such traffic by selecting the deny option. 8. Specify the protocol to which the rule applies by selecting the appropriate...
Page 199
Corewatch users guide 199 chapter 13: configuring security on the ssr 10. Do one of the following: – if you have defined all of the rules for the acl, click finish. – if you want to define additional rules, select the add more rules check box and click next . 11. If you selected the add more rules ...
Page 200
Chapter 13: configuring security on the ssr 200 corewatch users guide after you finish defining all of an acl’s rules, configuration expert adds the acl to the ip security object. Configuration expert also adds a separate object for each rule and places this list of rules in the acl object. The rul...
Page 201
Corewatch users guide 201 chapter 13: configuring security on the ssr figure 120. Ipx security wizard 5. Click next. Configuration expert prompts you for the acl’s name. Figure 121. Ipx acl name panel 6. Enter the acl’s name in the acl name box..
Page 202
Chapter 13: configuring security on the ssr 202 corewatch users guide you can use a string of characters or a number. 7. Click next. An ipx acl type panel similar to the following appears: figure 122. Ipx acl type panel 8. Click next. An ipx acl rule panel similar to the following appears:.
Page 203
Corewatch users guide 203 chapter 13: configuring security on the ssr figure 123. Ipx acl rule panel 9. If you want to permit ipx traffic that meets the rule’s criteria, select the permit option. Otherwise, block such traffic by selecting the deny option. 10. Define the rule’s criteria by specifyin...
Page 204
Chapter 13: configuring security on the ssr 204 corewatch users guide 11. Do one of the following: – if you have defined all of the rules for the acl, click finish. – if you want to define additional rules, select the add more rules check box and click next . 12. If you selected the add more rules ...
Page 205
Corewatch users guide 205 chapter 13: configuring security on the ssr after you finish defining all of an acl’s rules, configuration expert adds the acl to the ipx acls object. Configuration expert also adds a separate object for each rule and places this list of rules in the acl object. The rule n...
Page 206
Chapter 13: configuring security on the ssr 206 corewatch users guide figure 125. Ipx acl name panel (rip) 6. Enter the acl’s name in the acl name box. You can use a string of characters or a number. 7. Click next. An ipx acl type panel similar to the following appears: figure 126. Ipx acl type pan...
Page 207
Corewatch users guide 207 chapter 13: configuring security on the ssr 8. Select ipx rip and click next. An ipx rip acl rule panel similar to the following appears: figure 127. Ipx acl rule panel (rip) 9. If you want to permit ipx rip network advertisements that meet the rule’s criteria, select the ...
Page 208
Chapter 13: configuring security on the ssr 208 corewatch users guide 10. Define the rule’s criteria by specifying values for the fields described in the following table: 11. Do one of the following: – if you have defined all of the rules for the acl, click finish. – if you want to define additiona...
Page 209
Corewatch users guide 209 chapter 13: configuring security on the ssr setting up ipx sap filters set up ipx sap filters to permit or deny ipx sap service advertisements. You set up such filters by configuring an acl for ipx sap interfaces. To do so, take the following steps: 1. Start configuration ...
Page 210
Chapter 13: configuring security on the ssr 210 corewatch users guide figure 129. Ipx acl name panel (sap) 6. Enter the acl’s name in the acl name box. You can use a string of characters or a number. 7. Click next. An ipx acl type panel similar to the following appears: figure 130. Ipx acl type pan...
Page 211
Corewatch users guide 211 chapter 13: configuring security on the ssr 8. Select ipx sap and click next. An ipx sap acl rule panel similar to the following appears: figure 131. Ipx acl rule panel (sap) 9. If you want to permit ipx sap service advertisements that meet the rule’s criteria, select the ...
Page 212
Chapter 13: configuring security on the ssr 212 corewatch users guide 11. Do one of the following: – if you have defined all of the rules for the acl, click finish. – if you want to define additional rules, select the add more rules check box and click next . 12. If you selected the add more rules ...
Page 213
Corewatch users guide 213 chapter 13: configuring security on the ssr administrator to know ahead of time that a packet should be dropped at the inbound interface. Nonetheless, for performance reasons, whenever possible, one should create and apply an acl to the inbound interface. When a packet com...
Page 214
Chapter 13: configuring security on the ssr 214 corewatch users guide 4. Do one of the following: – if you are applying the acl to an ip interface, double-click the interface’s applied ip acls object. – if you are applying the acl to an ipx interface, double-click the interface’s bound ipx security...
Page 215
Corewatch users guide 215 chapter 13: configuring security on the ssr 4. Do one of the following: – if the interface you want to modify is bound to a port, double-click the bound to ports object of the interface to which you are applying the acl. – if the interface you want to modify is bound to a ...
Page 216
Chapter 13: configuring security on the ssr 216 corewatch users guide 8. If you are applying multiple acls to an interface, configure those acls to govern either inbound traffic or outbound traffic. To do so, take the following steps: a. Click an acl that you want to apply to inbound traffic. In th...
Page 217
Corewatch users guide 217 chapter 13: configuring security on the ssr configuring layer-2 address filters if you want to control access to a source or destination on a per-mac address basis, you can configure address filters. Address filters are always configured and applied to the input port. You ...
Page 218
Chapter 13: configuring security on the ssr 218 corewatch users guide configuration expert prompts you to select a filter type. Figure 134. L2 filter type panel (address filter) 6. Click next. An l2 address filter panel similar to the following appears: figure 135. L2 address filter panel (address ...
Page 219
Corewatch users guide 219 chapter 13: configuring security on the ssr 7. Enter the filter’s name, source mac address, destination mac address, and vlan id in the appropriate text boxes. Use the source mac address for source or flow address filters. Use the destination mac address for destination or...
Page 220
Chapter 13: configuring security on the ssr 220 corewatch users guide allowed to connect to the “locked” port and the specified source mac address is not allowed to connect to any other ports. To configure a port-to-address lock filter: 1. Start configuration expert if you have not already done so....
Page 221
Corewatch users guide 221 chapter 13: configuring security on the ssr figure 138. L2 filter type panel (lock filter) 6. Select l2 port address lock filters and click next. An l2 port address lock filter panel similar to the following appears: figure 139. L2 port address lock filter panel.
Page 222
Chapter 13: configuring security on the ssr 222 corewatch users guide 7. Enter the filter’s name, source mac address, and vlan id in the appropriate text boxes. 8. Click next. In the bind to port panel that appears, specify to which ports you want to apply the filter. If you apply a port address lo...
Page 223
Corewatch users guide 223 chapter 13: configuring security on the ssr mac addresses in flow bridging mode. Static entries are always configured and applied at the input port. You can set the following static-entry filters: • source static entry, which specifies that any frame coming from a specific...
Page 224
Chapter 13: configuring security on the ssr 224 corewatch users guide figure 142. L2 filter type panel (static-entry filter) 6. Select l2 static filters and click next. An l2 static filter panel similar to the following appears: figure 143. L2 static filter panel 7. Enter the filter’s name in the n...
Page 225
Corewatch users guide 225 chapter 13: configuring security on the ssr 8. Specify the forwarding behavior of the static entry by doing one of the following: – select allow to allow packets to go to a specific set of ports. – select disallow to prohibit packets from going to a specific set of ports. ...
Page 226
Chapter 13: configuring security on the ssr 226 corewatch users guide 11. Click next. In the second bind to port panel that appears, specify the ports to which you are allowing, disallowing, or forcing packets. Then click finish. Configuration expert adds the filter to those found in the l2 static ...
Page 227
Corewatch users guide 227 chapter 13: configuring security on the ssr figure 145. L2 security wizard (secure port filter) 5. Click next. Configuration expert prompts you to select a filter type. Figure 146. L2 filter type panel (secure port filter) 6. Select l2 secure port filters and click next..
Page 228
Chapter 13: configuring security on the ssr 228 corewatch users guide an l2 port filter panel similar to the following appears: figure 147. L2 port filter panel (secure port filter) 7. Enter the filter’s name in the name box. 8. Select either the source or destination option to specify whether the ...
Page 229
Corewatch users guide 229 chapter 13: configuring security on the ssr figure 148. Bound port list panel (secure port filter) if you want to apply the filter to a port, double-click that port’s module in the available port list, select the port from the port list that appears, and click the add butt...
Page 230
Chapter 13: configuring security on the ssr 230 corewatch users guide changing an acls name to change an acl’s name: 1. Start configuration expert if you have not already done so. 2. Open the configuration file you want to modify and then double-click that file’s security configuration object. 3. ...
Page 231
Corewatch users guide 231 chapter 13: configuring security on the ssr adding or modifying acl rules to add a rule to an existing acl or modify an acl’s rule: 1. Start configuration expert if you have not already done so. 2. Open the configuration file you want to modify and then double-click that f...
Page 232
Chapter 13: configuring security on the ssr 232 corewatch users guide 5. In the list of filters that appears, click the one you want to modify. Configuration expert displays the selected filter’s dialog box. 6. Edit the dialog box. The options of a filter’s dialog box are the same as those you spec...
Page 233
Corewatch users guide 233 chapter 13: configuring security on the ssr figure 150. Bound port list dialog box 7. Specify which port’s you want to bind to the filter by adding and removing ports in the port list. – to add a port, double-click its module in the available port list, select the port fro...
Page 234
Chapter 13: configuring security on the ssr 234 corewatch users guide.
Page 235
Corewatch users guide 235 chapter 14 configuring ospf on the ssr setting ospf global parameters you can use corewatch to set global ospf parameters to start or stop ospf on the ssr and specify how often autonomous-system export link-state advertisements will be generated and flooded into ospf. To s...
Page 236
Chapter 14: configuring ospf on the ssr 236 corewatch users guide an ospf global parameters dialog box similar to the following appears: figure 151. Ospf global parameters dialog box 5. Set the ospf facility state option to start or stop. 6. In the ase lsa export interval box, enter the interval at...
Page 237
Corewatch users guide 237 chapter 14: configuring ospf on the ssr creating ospf area tables to create ospf area tables: 1. Start configuration expert if you have not already done so. 2. Open the configuration file you want to modify and then double-click that file’s routing configuration object. 3....
Page 238
Chapter 14: configuring ospf on the ssr 238 corewatch users guide the ospf area definition panel appears. Figure 153. Ospf area definition panel 7. Create an area by either selecting the backbone option to add the backbone area or selecting the other option and then entering an id number in the are...
Page 239
Corewatch users guide 239 chapter 14: configuring ospf on the ssr figure 154. Add network ranges panel 10. If you selected yes to specify you want to associate a network with the area, use the ospf network definition panel that appears to specify which network you want to associate with the area. O...
Page 240
Chapter 14: configuring ospf on the ssr 240 corewatch users guide b. If the specified network is a host network, then check the host-network box. C. If you do not want to advertise the network or host network in the summary network link-state advertisements, select restrict network advertisement. D...
Page 241
Corewatch users guide 241 chapter 14: configuring ospf on the ssr figure 157. Ospf area broadcast interface panel (definition tab) to add a broadcast interface, take the following steps: a. From the interface/name address drop-down list, select the ip interface you want to configure as a broadcast ...
Page 242
Chapter 14: configuring ospf on the ssr 242 corewatch users guide d. Enter the interface cost and designated router priority for the broadcast interface in the appropriate text boxes. See the following table for more detailed information: e. To add another interface, select the add more interfaces ...
Page 243
Corewatch users guide 243 chapter 14: configuring ospf on the ssr g. Set the advanced options on the interface as discussed in the following table: 13. Click next. In the panel that appears, specify whether you want to add a non- broadcast interface by selecting the appropriate option. Table 30. Br...
Page 244
Chapter 14: configuring ospf on the ssr 244 corewatch users guide figure 159. Add non-broadcast interface panel 14. If you selected yes to specify you want to add a non-broadcast interface, add the interface. Otherwise, skip to step g . Figure 160. Ospf area non-broadcast interface panel (definitio...
Page 245
Corewatch users guide 245 chapter 14: configuring ospf on the ssr a. From the interface/name address drop-down list, select the ip interface you want to configure as a non-broadcast interface. B. Select the appropriate interface state option to enable or disable the interface. C. Select or clear th...
Page 246
Chapter 14: configuring ospf on the ssr 246 corewatch users guide figure 161. Ospf area non-broadcast interface panel (advanced tab) f. Set the advanced options on the interface as discussed in the following table: table 32. Non-broadcast interface options option description lsa retransmission inte...
Page 247
Corewatch users guide 247 chapter 14: configuring ospf on the ssr g. Click next. The ospf area interface neighbor panel appears. Figure 162. Ospf area interface neighbor panel hello interval enter an integer value from 0 to 255 to specify the estimated number of seconds between hello packets that t...
Page 248
Chapter 14: configuring ospf on the ssr 248 corewatch users guide h. Add a neighbor to the interface by taking the following steps: i. Specify the ip address of the nbma neighbor you want to add to the interface. Ii. Select or clear the eligible to become designated router check box to specify whet...
Page 249
Corewatch users guide 249 chapter 14: configuring ospf on the ssr configuration expert prompts you to specify whether you want to add a stub host. Figure 164. Add stub host panel 15. Do one of the following: – if you do not want to add a stub host, select no. – if you want to add a stub host, selec...
Page 250
Chapter 14: configuring ospf on the ssr 250 corewatch users guide figure 165. Ospf area stub host panel to add a stub host, take the following steps: a. Enter the address of the stub host. B. Enter an integer value from 0 to 65535 to specify the cost that should be advertised for the directly attac...
Page 251
Corewatch users guide 251 chapter 14: configuring ospf on the ssr figure 166. Add virtual links panel b. Select yes and then click next. A virtual link panel similar to the following appears: figure 167. Ospf area virtual link panel (definition tab) c. Enter a virtual link name, then enter an ip ad...
Page 252
Chapter 14: configuring ospf on the ssr 252 corewatch users guide neighbor and the area id of the transit area in the appropriate text boxes. D. Enable or disable the interfaces e. Select or clear the disallow multicast packets to neighbor check box to specify whether the ssr is to send multicast p...
Page 253
Corewatch users guide 253 chapter 14: configuring ospf on the ssr h. To add another link, select the add more link check box, click next, and then continue repeating step a through step g until you add all the appropriate neighbors. 17. Click finish. Modifying area tables to modify existing area ta...
Page 254
Chapter 14: configuring ospf on the ssr 254 corewatch users guide the options of the dialog box are the same as those you specified while creating the area table. For details on specifying these options, see “creating ospf area tables” on page 237 ..
Page 255
Corewatch users guide 255 chapter 15 checking system status corewatch can display the following system information: • details about which modules are installed in the ssr chassis and the number of ports available on those modules. • details about individual ports. This includes data about which mod...
Page 256
Chapter 15: checking system status 256 corewatch users guide figure 169. Chassis info table the following table describes the fields of the chassis info table’s upper frame. The selection details frame displays information about the item currently selected in the upper frame. For details on using t...
Page 257
Corewatch users guide 257 chapter 15: checking system status 1. If you are not currently in the front panel view, switch to it by clicking the corewatch main window. 2. Select the monitor menu, choose system state, and then choose port table. A port table similar to the following appears: figure 17...
Page 258
Chapter 15: checking system status 258 corewatch users guide.
Page 259
Corewatch users guide 259 chapter 16 monitoring real- time performance you may obtain current statistics about the following: • system performance, which indicates the speed at which the ssr is transmitting and receiving bytes and packets. • overall use of all the ports of an ssr. • packets, bytes,...
Page 260
Chapter 16: monitoring real-time performance 260 corewatch users guide 2. Do one of the following: – select the monitor menu, choose performance, and then choose system dashboard . – click the system dashboard button on the corewatch toolbar. A select dials to be displayed dialog box similar to the...
Page 261
Corewatch users guide 261 chapter 16: monitoring real-time performance 5. If you selected multiple dials, specify how you want corewatch to display the dials by selecting one of the options described in the following table: 6. Click ok. A system dashboard dialog box similar to the following figure ...
Page 262
Chapter 16: monitoring real-time performance 262 corewatch users guide 2. In the dial options dialog box that appears, select the check boxes of each dial you want to scale and also select the desired scale for those dials. Figure 173. Dial options dialog box 3. If you selected multiple dials, spec...
Page 263
Corewatch users guide 263 chapter 16: monitoring real-time performance – click the port utilization summary button on the corewatch toolbar. – select the monitor menu, choose performance, and then choose port utilization summary . A port utilization summary dialog box similar to the one described i...
Page 264
Chapter 16: monitoring real-time performance 264 corewatch users guide the following table describes the different items of the port utilization summary dialog box: obtaining statistics about an individual port you can obtain statistics about the number of • unicast, multicast, and broadcast packet...
Page 265
Corewatch users guide 265 chapter 16: monitoring real-time performance obtaining packet statistics you can obtain statistics about a port's incoming and outgoing unicast, multicast, and broadcast packets. To display such information: 1. In the front panel view, click the port that you want to monit...
Page 266
Chapter 16: monitoring real-time performance 266 corewatch users guide gathering of statistics by using the graph toolbar as discussed in “using the graph toolbar” on page 277 . Obtaining port byte statistics you can obtain statistics about how many bytes a port is sending and receiving. To display...
Page 267
Corewatch users guide 267 chapter 16: monitoring real-time performance figure 176. Port byte statistics graph the following table describes the abbreviations used in the legend located at the bottom of the graph. You can control the graph's appearance and pause or resume the gathering of statistics...
Page 268
Chapter 16: monitoring real-time performance 268 corewatch users guide a port error statistics graph similar to the following appears. By examining the graph, you can determine how many of the different errors a port is experiencing and the time at which those errors occurred. Figure 177. Port erro...
Page 269
Corewatch users guide 269 chapter 16: monitoring real-time performance monitoring ip interface statistics corewatch lets you obtain current statistics for • the number of unicast, multicast, and broadcast packets being sent and received on the ip interfaces of an ssr. • reassembly and fragmentation...
Page 270
Chapter 16: monitoring real-time performance 270 corewatch users guide the following table describes the abbreviations used in the legend located at the bottom of the graph. You can control the graph's appearance and pause or resume the gathering of statistics by using the graph toolbar as discusse...
Page 271
Corewatch users guide 271 chapter 16: monitoring real-time performance figure 179. Ip reassembly statistics graph the following table describes the abbreviations used in the legend located at the bottom of the graph. You can control the graph's appearance and pause or resume the gathering of statis...
Page 272
Chapter 16: monitoring real-time performance 272 corewatch users guide obtaining ip error statistics obtain ip error statistics for an ssr if you want to determine how many datagrams that ssr discarded because there was not enough buffer space or there were problems that prevented the processing of...
Page 273
Corewatch users guide 273 chapter 16: monitoring real-time performance gathering of statistics by using the graph toolbar as discussed in “using the graph toolbar” on page 277 . Monitoring ipx interface statistics corewatch lets you obtain current statistics for • the number of incoming and outgoin...
Page 274
Chapter 16: monitoring real-time performance 274 corewatch users guide obtaining ipx packet statistics obtain ipx packet statistics if you want to determine the following: • how many ipx packets the ssr received and how many of those packets were delivered on the ssr. • how many times the ssr was r...
Page 275
Corewatch users guide 275 chapter 16: monitoring real-time performance gathering of statistics by using the graph toolbar as discussed in “using the graph toolbar” on page 277 . Obtaining ipx error statistics obtain ipx error statistics for an ssr if you want to determine how many ipx packets had b...
Page 276
Chapter 16: monitoring real-time performance 276 corewatch users guide figure 182. Ipx error statistics graph the following table describes the abbreviations used in the legend located at the bottom of the graph. You can control the graph's appearance and pause or resume the gathering of statistics...
Page 277
Corewatch users guide 277 chapter 16: monitoring real-time performance using the graph toolbar a toolbar is located at the top of each port-statistics graph. Use this toolbar to control a graph’s appearance and stop or start the gathering of statistics as summarized in the following figure: figure ...
Page 278
Chapter 16: monitoring real-time performance 278 corewatch users guide.
Page 279
Corewatch users guide 279 chapter 17 checking the status of bridge tables corewatch lets you obtain tables that contain the following: • information about which ports are associated with which vlans and the type of module on which those ports are located. • information about the ports on which stp ...
Page 280
Chapter 17: checking the status of bridge tables 280 corewatch users guide figure 184. Vlan table the following table describes the fields of the vlan table’s upper frame. The selection details frame displays information about the item currently selected in the upper frame. For details on using the...
Page 281
Corewatch users guide 281 chapter 17: checking the status of bridge tables figure 185. Stp port table the following table describes the fields of the stp port table’s upper frame. The selection details frame displays information about the item currently selected in the upper frame. For details on u...
Page 282
Chapter 17: checking the status of bridge tables 282 corewatch users guide state indicates whether or not the port is functioning. If the port is functioning, this field identifies the port's state as one of the following: • blocking – signifies the ssr is not accepting any incoming frames except s...
Page 283
Corewatch users guide 283 chapter 18 checking the status of routing tables corewatch can display tables that include the following routing data: • details about ip, ipx, ospf, rip, dvmrp, and igmp interfaces. • information about the routing of ip and ipx packets the ssr forwarded. • information abo...
Page 284
Chapter 18: checking the status of routing tables 284 corewatch users guide obtaining ip interface information obtain ip interface information to display details about the ports and addresses of each ip interface of an ssr. To access such information, do one of the following: – in the front panel v...
Page 285
Corewatch users guide 285 chapter 18: checking the status of routing tables obtaining ip forwarding information obtain ip forwarding information to display information about the routes used by the ip interfaces configured on an ssr. The table lists each ip route's destination and provides details a...
Page 286
Chapter 18: checking the status of routing tables 286 corewatch users guide the following table describes the fields of the ip forwarding table's upper frame. The selection details frame displays information about the item currently selected in the upper frame. For details on using the table toolba...
Page 287
Corewatch users guide 287 chapter 18: checking the status of routing tables • details about the packets sent from each ipx interface including information which wan router an interface uses. • routing information of an ssr’s ipx interfaces. This includes a list of each ipx destination and provides ...
Page 288
Chapter 18: checking the status of routing tables 288 corewatch users guide upper frame. For details on using the table toolbar, see appendix a: “working with tables” on page 331 . Table 49. Ipx interface table fields field description ipx identifier indicates which instance of ipx the interface is...
Page 289
Corewatch users guide 289 chapter 18: checking the status of routing tables obtaining ipx forwarding information obtain ipx forwarding information to display details about the routes of an ssr's ipx interfaces. To access such information, do one of the following: • in the front panel view, select t...
Page 290
Chapter 18: checking the status of routing tables 290 corewatch users guide an ipx forwarding table similar to the following appears: figure 189. Ipx forwarding table the following table describes the fields of the ipx forwarding table's upper frame. The selection details frame displays information...
Page 291
Corewatch users guide 291 chapter 18: checking the status of routing tables checking ospf routing status corewatch can display the following information for ospf routes that can be configured through cli commands: • the ospf interfaces configured on an ssr. • the areas that the ssr can communicate ...
Page 292
Chapter 18: checking the status of routing tables 292 corewatch users guide figure 190. Ospf interface table the following table describes the fields of the ospf interface table's upper frame. The selection details frame displays information about the item currently selected in the upper frame. For...
Page 293
Corewatch users guide 293 chapter 18: checking the status of routing tables priority indicates the interface's priority. In multi-access networks, this field is used in the designated router election algorithm. The value 0 signifies that the router is not eligible to become the designated router on...
Page 294
Chapter 18: checking the status of routing tables 294 corewatch users guide backup designated router lists the ip address of the backup designated router. Number of events indicates how many times the spf interface has changed its state or that an error has occurred. Authentication key identifies t...
Page 295
Corewatch users guide 295 chapter 18: checking the status of routing tables obtaining ospf area information obtain ospf area information if you want details about the configuration and cumulative statistics of the ssr's attached areas. To access such information: 1. If you are not in the front pane...
Page 296
Chapter 18: checking the status of routing tables 296 corewatch users guide obtaining ospf neighbor information obtain ospf neighbor information if you want details about the neighboring routers of an ssr. To access this information: 1. If you are not in the front panel view, switch to it by clicki...
Page 297
Corewatch users guide 297 chapter 18: checking the status of routing tables an ospf neighbor table similar to the following appears: figure 192. Ospf neighbor table the following table describes the fields of the ospf neighbor table's upper frame. The selection details frame displays information ab...
Page 298
Chapter 18: checking the status of routing tables 298 corewatch users guide obtaining ospf link-state database information obtain ospf link-state database information if you want details about the link-state advertisements of the areas to which the ssr is attached. To access this information: 1. If...
Page 299
Corewatch users guide 299 chapter 18: checking the status of routing tables figure 193. Ospf link state db table the following table describes the fields of the ospf link state db table's upper frame. The selection details frame displays information about the item currently selected in the upper fr...
Page 300
Chapter 18: checking the status of routing tables 300 corewatch users guide obtaining ospf area aggregate information obtain ospf area aggregate information if you want details about the ip address and tos data that ospf uses to determine the destination of packets. To access this information: 1. I...
Page 301
Corewatch users guide 301 chapter 18: checking the status of routing tables figure 194. Ospf area aggregate table the following table describes the fields of the ospf area aggregate table's upper frame. The selection details frame displays information about the item currently selected in the upper ...
Page 302
Chapter 18: checking the status of routing tables 302 corewatch users guide checking rip routing status corewatch can display information about the following: • rip interfaces configured on an ssr. This includes details about how many packets were discarded on each interface, how many route entries...
Page 303
Corewatch users guide 303 chapter 18: checking the status of routing tables the following table describes the fields of the rip interface table's upper frame. The selection details frame displays information about the item currently selected in the upper frame. For details on using the table toolba...
Page 304
Chapter 18: checking the status of routing tables 304 corewatch users guide a rip peer table similar to the following appears: figure 196. Rip peer table the following table describes the fields of the rip peer table's upper frame. The selection details frame displays information about the item cur...
Page 305
Corewatch users guide 305 chapter 18: checking the status of routing tables checking dvmrp routing status corewatch can display information about the following: • the dvmrp interfaces configured on an ssr. This includes details about the configuration of dvmrp interfaces, whether a dvmrp interface ...
Page 306
Chapter 18: checking the status of routing tables 306 corewatch users guide figure 197. Dvmrp interface table the following table describes the fields of the dvmrp interface table's upper frame. The selection details frame displays information about the item currently selected in the upper frame. F...
Page 307
Corewatch users guide 307 chapter 18: checking the status of routing tables obtaining dvmrp neighbor information obtain dvmrp neighbor information if you want to examine details about dvmrp neighboring routers. This includes information about the length of time those routers have been neighbors to ...
Page 308
Chapter 18: checking the status of routing tables 308 corewatch users guide the upper frame. For details on using the table toolbar, see appendix a: “working with tables” on page 331 . Table 59. Dvmrp neighbor table fields field description index identifies the value of the virtual interface index ...
Page 309
Corewatch users guide 309 chapter 18: checking the status of routing tables obtaining dvmrp routing information obtain dvmrp routing information if you want details about the multicast routes dvmrp uses instead of unicast routes. This routing information includes such things as the identity of a ro...
Page 310
Chapter 18: checking the status of routing tables 310 corewatch users guide the upper frame. For details on using the table toolbar, see appendix a: “working with tables” on page 331 . Obtaining dvmrp next hop information obtain dvmrp next hop information if you want to display information about th...
Page 311
Corewatch users guide 311 chapter 18: checking the status of routing tables figure 200. Dvmrp next hop table the following table describes the fields of the dvmrp next hop table's upper frame. The selection details frame displays information about the item currently selected in the upper frame. For...
Page 312
Chapter 18: checking the status of routing tables 312 corewatch users guide obtaining igmp interface information obtain igmp interface information if you want to learn on which interfaces igmp is enabled or examine details about the igmp configuration of those interfaces. To access such information...
Page 313
Corewatch users guide 313 chapter 18: checking the status of routing tables upper frame. For details on using the table toolbar, see appendix a: “working with tables” on page 331 . Table 62. Igmp interface table fields field description index identifies an ip interface on which igmp is enabled. Que...
Page 314
Chapter 18: checking the status of routing tables 314 corewatch users guide obtaining igmp cache information obtain igmp cache information if you want to learn about the multicast groups of igmp interfaces, identify whether the ssr is a member of those groups, and examine other igmp configuration i...
Page 315
Corewatch users guide 315 chapter 18: checking the status of routing tables the following table describes the fields of the igmp cache table's upper frame. The selection details frame displays information about the item currently selected in the upper frame. For details on using the table toolbar, ...
Page 316
Chapter 18: checking the status of routing tables 316 corewatch users guide.
Page 317
Corewatch users guide 317 chapter 19 checking the status of qos tables examining quality of service (qos) information in tables, you can identify historical trends. You can obtain the following qos information in corewatch: • details about qos priorities of layer-3/ layer-4 flows. • information abo...
Page 318
Chapter 19: checking the status of qos tables 318 corewatch users guide figure 203. L2 priority table the following table describes the fields of the l2 priority table's upper frame. The selection details frame displays information about the item currently selected in the upper frame. For details o...
Page 319
Corewatch users guide 319 chapter 19: checking the status of qos tables obtaining flow priority information obtain flow priority information if you want to examine the qos priorities of layer-3 and layer-4 flows. Corewatch indicates a flow's priority and provides information about the fields for wh...
Page 320
Chapter 19: checking the status of qos tables 320 corewatch users guide upper frame. For details on using the table toolbar, see appendix a: “working with tables” on page 331 . Table 65. Flow priority table fields field description flow name identifies which flow is assigned the traffic priority sh...
Page 321
Corewatch users guide 321 chapter 19: checking the status of qos tables obtaining layer-2 switching information obtain layer-2 switching information to examine details about the routing of layer-2 data sent directly to a port rather than being sent to the control module for further processing. To a...
Page 322
Chapter 19: checking the status of qos tables 322 corewatch users guide obtaining layer-3 and layer-4 switching information obtain layer-3 and layer-4 switching information to examine details about the routing of layer-3 or layer-4 data sent directly to a port rather than being sent to the control ...
Page 323
Corewatch users guide 323 chapter 19: checking the status of qos tables figure 206. Flow table filter dialog box 2. Do the following to restrict the amount of data corewatch receives from layer 3 and layer 4: – to include an item and not limit which values are accepted for that item, leave its box ...
Page 324
Chapter 19: checking the status of qos tables 324 corewatch users guide figure 207. Flow table the following table describes the fields of the flow table's upper frame. The selection details frame displays information about the item currently selected in the upper frame. For details on using the ta...
Page 325
Corewatch users guide 325 chapter 20 monitoring faults if you experience problems while using the ssr, you may want to obtain information from the ssr boot log as discussed in this chapter. The boot log is a file that contains the messages the ssr sends when it is starting up. Obtaining boot log in...
Page 326
Chapter 20: monitoring faults 326 corewatch users guide.
Page 327
Corewatch users guide 327 chapter 21 obtaining reports while monitoring an ssr, you may want to keep a record of the information found in the ssr boot log or any corewatch table. You may keep such records by saving the boot log or corewatch table information to a corewatch report, which is an html ...
Page 328
Chapter 21: obtaining reports 328 corewatch users guide figure 208. Report selection dialog box 2. In the please select reports list, select one or more items that you want the report to include. If you want the report to include information from the boot log and all corewatch tables, click the sel...
Page 329
Corewatch users guide 329 chapter 21: obtaining reports saving a single table as a report while monitoring an ssr, you may want to keep a record of the information found in a corewatch table. You may do so by saving the table’s data to a corewatch report, which is an html file. To save the informat...
Page 330
Chapter 21: obtaining reports 330 corewatch users guide.
Page 331
Corewatch users guide 331 appendix a working with tables you can perform the following operations in any corewatch table: • find text in a table • control the contents of tables • refresh table information • restore table information • obtain additional records • save a table as a report • export t...
Page 332
: 332 corewatch users guide controlling the contents of tables you can control which fields are included in a corewatch table and also limit which values are displayed in each of the table's fields. To control the contents of a corewatch table: 1. Click the filter button on the table toolbar. The t...
Page 333
Corewatch users guide 333 : 4. Select one of the options discussed in the following table: 5. Click ok. Refreshing a table after you open a table, you may want to refresh it so that it contains the most up-to-date information. To do so, click the refresh button on the table toolbar. Restoring table...
Page 334
: 334 corewatch users guide 1. Open the table that you want to include in the report. 2. Click the report button on the table toolbar. The save as dialog box appears. 3. Enter a name for the report in the file name box. If necessary, browse to the folder in which you want to save the report. Then c...
Page 335
Corewatch users guide 335 appendix b corewatch menus this appendix describes the following corewatch menus that are located at the top of the corewatch main window. Use the commands available on these menus to perform tasks in corewatch. • file • monitor • window • help file menu the corewatch file...
Page 336
Appendix b: corewatch menus 336 corewatch users guide monitor menu monitor menu provides access to the submenus described in the following table. When you select a submenu, corewatch displays a list of commands or additional submenus. Separate discussions on each submenu follow. Performance state s...
Page 337
Corewatch users guide 337 appendix b: corewatch menus utilization summary commands directly from the performance submenu, but you choose the other commands from another submenu. Table 70. Performance state submenu commands submenu command description system dashboard lets you select and then displa...
Page 338
Appendix b: corewatch menus 338 corewatch users guide system state submenu if you select the monitor menu and then choose system state, a submenu that includes the following commands appears: bridging state submenu if you select the monitor menu and then choose bridging state, a submenu that includ...
Page 339
Corewatch users guide 339 appendix b: corewatch menus routing state submenu if you select the monitor menu and then choose routing state, the routing state submenu appears. That submenu provides access to the additional submenus listed in the following table. The table describes the commands availa...
Page 340
Appendix b: corewatch menus 340 corewatch users guide rip peer table displays information about rip peers. Dvmrp state dvmrp interface table displays information about the configuration of an ssr's dvmrp interfaces, whether those interfaces are functioning, how many packets were discarded on those ...
Page 341
Corewatch users guide 341 appendix b: corewatch menus qos state submenu if you select the monitor menu and then choose qos state, a submenu that includes the following commands appears: igmp state igmp interface table displays information about the configuration of the interfaces on which igmp is e...
Page 342
Appendix b: corewatch menus 342 corewatch users guide window menu the corewatch window menu includes the commands described in the following table: help menu the corewatch help menu includes the commands and submenu discussed in the following table. As the table indicates, you choose some commands ...
Page 343
Corewatch users guide 343 appendix b: corewatch menus frequently asked questions provides technical support for some issues or concerns that you may have while using corewatch. Technical support displays information about how to contact cabletron systems technical support. Send feedback displays a ...
Page 344
Appendix b: corewatch menus 344 corewatch users guide.
Page 345
Corewatch users guide 345 appendix c a look at ospf routing on the ssr the open shortest path routing (ospf) protocol is a link-state protocol. It is an interior gateway protocol (igp) that distributes routing information between routers in a single autonomous system. Ospf chooses the least cost pa...
Page 346
: 346 corewatch users guide comparable to ospf metrics. In this case, only the internal ospf cost to the autonomous system border router is used in the routing decision. From the topology database, each router constructs a tree of the shortest paths with itself as the root. This shortest-path tree ...
Page 347
Corewatch users guide 347 appendix d supported regular expressions when controlling the contents of a corewatch table, you may find it useful to enter a regular expression that corewatch will use as a wildcard. Corewatch will then filter entries in the table based on the specified regular expressio...
Page 348
: 348 corewatch users guide • the following atoms: – regular expression within parentheses – a . Matches everything except – character classes [such as (abcd) and ranges (such as (a-z)] you may include special backslashed characters within a character class (except for back-references and bounda...
Page 349
Corewatch users guide 349 : • corewatch matches expressions within parentheses as subpattern groups and uses certain methods to save those matches. By default, a quantified subpattern matches as many times as possible without causing the rest of the pattern not to match. If you want the quantifiers...
Page 350
: 350 corewatch users guide • corewatch also supports all of the perl5 extended regular expressions, which are described in the following table: table 80. Supported perl5 extended regular expressions expression description (?#text) an embedded comment that you enter if you want text to be ignored. ...
Page 351
Corewatch users guide 351 appendix e error messages this appendix describes error messages you may encounter while using corewatch and configuration expert. This appendix also includes possible solutions to the errors. The error messages are presented alphabetically within the following categories:...
Page 352
: 352 corewatch users guide autonomous system patch matching field is missing or invalid. Specify a regular expression for the autonomous system path matching to continue. broadcast address is missing or invalid. Specify a valid broadcast address to continue. broadcast interface address i...
Page 353
Corewatch users guide 353 : having tag field is missing or invalid. Specify a valid value for having tag field to continue. interface name is missing or invalid. Specify a valid interface name to continue. Ip address entered is missing or invalid. Specify a valid ip address to continue. Ip ...
Page 354
: 354 corewatch users guide priority value is missing or invalid. Specify a valid priority value to continue. protocol name is missing or invalid. Specify a valid protocol name to continue. Range value entered is incorrect. The first value in the range should be less than the second value. ...
Page 355
Corewatch users guide 355 : vlan name is missing or invalid. Specify a valid vlan name to continue. Duplicate objects error messages the following error messages are generated when you attempt to create or modify names of objects that conflict with another existing object. Solution: to resolve ...
Page 356
: 356 corewatch users guide a l2 flow by this name already exists. Specify a unique l2 flow name to continue. An acl by this name already exists. Select a unique acl name to continue. An ip flow by this name already exists. Specify a unique ip flow name to continue. An ipx flow by this ...
Page 357
Corewatch users guide 357 : existing dvmrp interfaces may have used up existing ip addresses. Solution: try to assign a new ip address to configure a new dvmpr interface. No more ip addresses available to configure new igmp interface. Existing igmp interfaces may have used up all existing ip addres...
Page 358
: 358 corewatch users guide this error message is generally indicative of some network problem or other error that puts corewatch in the wrong state. Corewatch sometimes displays this message if you try to log in and the ssr did not clean up an earlier session because it was busy. Normally, however...
Page 359
Corewatch users guide 359 : cannot delete selected object. This object is being referenced by at least one other configuration object. To delete this object, all associated references to this object must be deleted first. The selected object is being referenced by other objects and requires you to ...
Page 360
: 360 corewatch users guide solution: try exporting the table data again. Incorrect total percentage - the sum of percentage values of all fields should be equal to 100%. In configuring qos global queuing discipline, which uses the weighted fair queuing method, the total bandwidth reservation for e...
Page 361
Corewatch users guide 361 : solution: enter the correct password. If you are changing the corewatch login password, enter the one you were prompted for when you last started corewatch. If you are changing the privileged password, enter the one that currently provides access to configuration expert....
Page 362
: 362 corewatch users guide warning review before you delete: the object you are about to delete could be referenced by other configuration objects. To ensure consistency, remove 'all' references to this object before you delete it. Refer to corewatch documentation for more information. The selec...
Page 363
Corewatch users guide 363 glossary access control list (acl) list the ssr keeps to restrict layer 3/4 traffic going through the router. Each acl or each list consists of one or more rules describing a particular type of ip or ipx traffic. An acl can be simple and consist of only one rule or complic...
Page 364
Glossary 364 corewatch users guide autonomous system a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the autonomous system, and using an exterior gateway protocol to route packets to other autonomous systems. Si...
Page 365
Corewatch users guide 365 glossary broadcast network network supporting two or more attached routers and is capable of addressing a single physical message to all of those routers. Neighboring routers are discovered dynamically on broadcast networks using ospf’s hello protocol. The hello protocol t...
Page 366
Glossary 366 corewatch users guide dr ospf interface state that indicates the router itself is the designated router on the network to which the router is attached. Dr other ospf interface state that indicates that the interface's router is neither the designated router nor the backup designated ro...
Page 367
Corewatch users guide 367 glossary internet control message protocol (icmp) protocol that reports ip packet errors and provides other information about the processing of ip packets. Internet group management protocol (igmp) protocol ip hosts use to report their host group memberships to any multica...
Page 368
Glossary 368 corewatch users guide lossy trait of a network likely to lose data when it becomes heavily loaded. Mac address address of a port or computer that other devices use to locate those ports or computers. These addresses are also used to create and update routing tables. Management informat...
Page 369
Corewatch users guide 369 glossary nonbroadcast multiaccess (nbma) networks network that supports two or more attached routers but does not have broadcast capability. Open shortest path first (ospf) ospf is a link-state routing protocol that supports the distribution of routing information between ...
Page 370
Glossary 370 corewatch users guide • define flows that act as templates for some ip and ipx packet fields. • assign a precedence to the fields of the flows you define. • establish queuing policies to specify how the ssr handles the different traffic priorities. Requests for comments (rfcs) notes ab...
Page 371
Corewatch users guide 371 glossary smartswitch router (ssr) cabletron systems product that is capable of switching traffic at layer-2, layer-3, and layer-4. The ssrs provide full-function routing at gigabit speeds, pinpoint control over application usage, and can handle enterprise and isp backbone ...
Page 372
Glossary 372 corewatch users guide uses both the destination address and type of service fields in an ip header to choose a route. Unicast packet packet sent to a single destination. The packet is going from one point to another point. Unicast routing routing method in which a packet is sent to a s...
Page 373
Corewatch users guide 373 index a about corewatch command 343 access control lists. See acls access modes 21 access ports 82 defining 83–85 accessing online help 33 acl rule definition property sheet 231 acls adding rules to 231 applying 108, 113, 153, 158 applying by editing definitions 214 applyi...
Page 374
Index 374 corewatch users guide property sheet 83 browser requirements 20 byte statistics obtaining 266 byte statistics command 337 c cabletron home page command 343 cabletron web site submenu 342 cache obtaining information about 314–315 cascade command 342 changes committing 46–48 discarding 48 c...
Page 375
Corewatch users guide 375 index dragging objects 44–45 finding objects of 45 icons 42 overview 35 pasting objects 44 property sheets 42 starting 36–38 tasks of 45–46 toolbar 39, 43 window 38 wizards 42 configuration files active 41 committing changes to 46–48 custom 41 discarding changes 48 editing...
Page 376
Index 376 corewatch users guide arp entries 121–123 dvmrp tunnels 139–141 ip rip interfaces 129–132 static route entries 123–125 stp settings 75–76 trunk ports 83–85 deleting configuration file changes 48 interfaces from flows 191 objects 45 dial options form 262 dialog boxes, login dialog 26, 27 d...
Page 377
Corewatch users guide 377 index ports 55 rip 128 error messages 351–362 error statistics obtaining 267, 272, 275 error statistics command 337 errors listed in boot log 325 establishing community strings 61–62 ssr queuing policy 168 exit command 336 exiting 34, 48 configuration expert 48 corewatch 3...
Page 378
Index 378 corewatch users guide h half-duplex 50 hash mode 50, 52, 56 help accessing 33 help menu 33, 336, 342 hop dvmrp information 310 i icons blue indicator 42 configuration file 42 module 42 object 42 port 42 property sheet 42, 43 red indicator 42 wizard 42 igmp configuring 143–146 global param...
Page 379
Corewatch users guide 379 index obtaining error statistics 275 obtaining packet statistics 274 overview 147 qos precedences 171 routing status 286–290 setting security on 200–205 ipx error statistics graph 275 ipx forwarding table 290 ipx forwarding table command 339 ipx interface table 287 ipx int...
Page 380
Index 380 corewatch users guide ip interface statistics 269–273 ipx interface statistics 273–276 port utilization 262–264 real-time performance 259–277 system performance 259–262 mtu 106, 111, 116 multicast routing 135–146 n neighbor information dvmrp 307–308 ospf 296–298 next hop 124 o objects cop...
Page 381
Corewatch users guide 381 index packet statistics command 337 passwords login 26, 27 pasting objects 44 peer information rip 303–304 performance submenu 336 physical attributes of port property sheet 55 plus sign 40 policy input interface list property sheet 191 port byte statistics graph 266 port ...
Page 382
Index 382 corewatch users guide policy input interface list 191 purpose of 42 qos l3/l4 flow priority 188 queuing discipline configuration 168 rip global parameters 128 rip interface definition 129 sap entry 164 set aging timeout 69 set stp port specific settings 77 snmp community strings 61 snmp t...
Page 383
Corewatch users guide 383 index filters 200 global parameters 127, 129 overview 125–127 peer information 303–304 routing status 302–304 setting up filters 205–208 rip global parameters property sheet 128 rip interface definition property sheet 129 rip interface table 302 rip interface table command...
Page 384
Index 384 corewatch users guide administrator 50 aging state 68–74 and stp 74–80 and syslog server 56–57 bridging 63–80 community strings 61–62 configuring for dvmrp 136–142 configuring for rip 127–133 location 50 name 50 queuing policy 168 security 195–233 supported mibs 21–22 vlans 81–100 startin...
Page 385
Corewatch users guide 385 index exporting data from 334 finding text in 331 flow 323 flow priority 319 igmp cache 314 igmp interface 312 ip forwarding 285 ip interface 284 ipx forwarding 290 ipx interface 287 l2 forward 321 l2 priority 317 obtaining records 333 ospf area 295 ospf area aggregate 300...
Page 386
Index 386 corewatch users guide starting corewatch 26 windows nt corewatch requirements 20 installing corewatch 24 starting corewatch 26 wizards arp 121 icon 42 ip interface 104 ip interfaces 110 ip security 196 ipx interface 149, 155 ipx security 200–212 l2 security 217–229 purpose of 42 qos 173, ...