- DL manuals
- Cabletron Systems
- Network Router
- SmartSwitch 8-slot
- User's Reference Manual
Cabletron Systems SmartSwitch 8-slot User's Reference Manual
Summary of SmartSwitch 8-slot
Page 1
Smartswitch router user reference manual 9032578.
Page 3: Notice
Ssr user reference manual iii notice cabletron systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult cabletron systems to determine whether any such changes have been made. The hardwa...
Page 4: Fcc Notice
Notice iv fcc notice this device complies with part 15 of the fcc rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. Not...
Page 5: Declaration of Conformity
Ssr user reference manual v declaration of conformity addendum application of council directive(s): 89/336/eec 73/23/eec manufacturer’s name: cabletron systems, inc. Manufacturer’s address: 35 industrial way po box 5005 rochester, nh 03867 european representative name: mr. J. Solari european represe...
Page 6
Notice vi.
Page 7: About This Manual
About this manual this manual provides detailed information and procedures for configuring the 8-slot smartswitch router (ssr-8) software. If you have not yet installed the ssr, use the instructions in the smartswitch router getting started guide to install the chassis and perform basic setup tasks,...
Page 8: How To Use This Manual
About this manual viii ssr user reference manual how to use this manual related documentation the cabletron systems documentation set includes the following items. Refer to these other documents to learn more about your product. If you want to... See... Read overview information chapter 1 configure ...
Page 9
About this manual ssr user reference manual ix system messages and snmp traps smartswitch router error message ref- erence manual for information about... See the....
Page 10
About this manual x ssr user reference manual.
Page 11: Contents
Contents chapter 1 smartswitch router product overview supported media (encapsulation type) . . . . . . . . . . . . . . . . . . . 1-2 supported routing protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 configuring the cabletron smartswitch router . . . . . . . . . . . . . 1-3 under...
Page 12: Chapter 3
Contents xii ssr user reference manual spanning tree (ieee 802.1d) . . . . . . . . . . . . . . . . . . . . . . . 2-1 bridging modes (flow-based and address-based) . . . . . . . 2-1 vlan overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 ssr vlan support . . . . . ...
Page 13: Chapter 4
Contents ssr user reference manual xiii configuring ip interfaces and parameters . . . . . . . . . . . . . . . . . 3-2 configure ip addresses to ports . . . . . . . . . . . . . . . . . . . . . 3-2 configure ip interfaces for a vlan . . . . . . . . . . . . . . . . . . . 3-3 specify ethernet encapsula...
Page 14: Chapter 6
Contents xiv ssr user reference manual configure ospf area parameters . . . . . . . . . . . . . . . . . . . . 5-4 create virtual links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 configure autonomous system external (ase) link advertisements. . . . . . . . . . . . . . . . . . ....
Page 15: Chapter 7
Contents ssr user reference manual xv redistributing ospf to rip . . . . . . . . . . . . . . . . . . . . . . . . 6-11 redistributing aggregate routes . . . . . . . . . . . . . . . . . . . . 6-11 simple route redistribution examples . . . . . . . . . . . . . . . 6-11 example 1: redistribution into ri...
Page 16: Chapter 8
Contents xvi ssr user reference manual configure dvmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4 starting and stopping dvmrp . . . . . . . . . . . . . . . . . . . . . . . 7-4 configure dvmrp on an interface . . . . . . . . . . . . . . . . . . . . 7-4 configure dvmrp p...
Page 17: Chapter 9
Contents ssr user reference manual xvii create an ipx rip access control list . . . . . . . . . . . . . 8-7 monitor an ipx network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7 configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7 chapter 9 secu...
Page 18: Chapter 10
Contents xviii ssr user reference manual defining an ipx acl. . . . . . . . . . . . . . . . . . . . . . . . . . . 9-16 applying an acl to an interface. . . . . . . . . . . . . . . . . . 9-16 applying an acl to a service. . . . . . . . . . . . . . . . . . . . 9-16 edit an acl with the acl editor. . ....
Page 19: Chapter 1
Chapter 1 chapter 1 smartswitch router product overview the 8-slot smartswitch router (ssr-8) provides non-blocking, wire-speed layer-2 (switching), layer-3 (routing) and layer-4 (application) switching. The hardware provides wire-speed performance regardless of the performance monitoring, filtering...
Page 20
Chapter 1: smartswitch router product overview 1 - 2 ssr user reference manual supported media (encapsulation type) the ssr supports the following industry-standard networking media: • ip: ieee 802.3 snap and ethernet type ii • ipx: ieee 802.3 snap, ethernet type ii, ipx 802.3, 802.2 • 802.1q vlan e...
Page 21: Basic Line Editing Commands
Chapter 1: smartswitch router product overview ssr user reference manual 1 - 3 “ip routing configuration guide” on page 3 - 1 describes these protocols in detail. The ssr supports the following novell ipx routing protocols: • routing information protocol (rip) • service advertising protocol (sap) “i...
Page 22: Access Modes
Chapter 1: smartswitch router product overview 1 - 4 ssr user reference manual access modes the ssr cli has four access modes. • user – allows you to display basic information and use basic utilities such as ping but does not allow you to display snmp, filter and access control list information or m...
Page 23: User Mode
Chapter 1: smartswitch router product overview ssr user reference manual 1 - 5 note: the command prompt will show the name of the smartswitch router in front of the mode character(s). The default name is “ssr”. When you are in configure or enable mode, use the exit command or press ctrl-z to exit to...
Page 24: Enable Mode
Chapter 1: smartswitch router product overview 1 - 6 ssr user reference manual l2-tables - show l2 tables information logout - log off the system multicast - configure multicast related parameters ping - ping utility statistics - show or clear ssr statistics stp - show stp status traceroute - tracer...
Page 25: Configure Mode
Chapter 1: smartswitch router product overview ssr user reference manual 1 - 7 ipx - show ipx related parameters l2-tables - show l2 tables information logout - log off the system mtrace - multicast traceroute utility multicast - configure multicast related parameters ospf - show/monitor open shorte...
Page 26: Boot Prom Mode
Chapter 1: smartswitch router product overview 1 - 8 ssr user reference manual bgp - configure border gateway protocol (bgp) cli - modify the command line interface behavior dvmrp - configure dvmrp related parameters exit - exit current mode filters - configure l2 security filters http - configure s...
Page 27: Boot and System Image
Chapter 1: smartswitch router product overview ssr user reference manual 1 - 9 disabling a function or feature the cli provides for an implicit negate. This allows for the “disabling” of a feature or function which has been “enabled”. Use the negate command on a specific line of the active configura...
Page 28
Chapter 1: smartswitch router product overview 1 - 10 ssr user reference manual sequence. Loading system image software by default, the ssr boots using the system image software installed on the control module’s pcmcia flash card. To upgrade the system software and boot using the upgraded image, use...
Page 29: Loading Boot Prom Software
Chapter 1: smartswitch router product overview ssr user reference manual 1 - 11 ctron-ssr-1# system image list images currently available: ssr8-1.0 5. Enter the following command to select the image file the ssr will use the next time you reboot the switch. System image choose here is an example: ct...
Page 30
Chapter 1: smartswitch router product overview 1 - 12 ssr user reference manual server.) 3. Enter the following command to copy the boot prom upgrade onto the internal memory in the control module: system promimage upgrade name> here is an example: ctron-ssr-1# system promimage upgrade 10.50.11.12 p...
Page 31: Managing The Ssr
Chapter 1: smartswitch router product overview ssr user reference manual 1 - 13 copy the configuration to the startup configuration file after you save the configuration commands in the scratchpad, the control module executes the commands and makes the corresponding configuration changes to the ssr....
Page 32: Set Ssr Name
Chapter 1: smartswitch router product overview 1 - 14 ssr user reference manual set ssr name the ssr name is set to ssr by default. You may customize the name for the ssr by performing the following in configure mode:. Set ssr date and time the ssr system time keeps track of time as entered by the u...
Page 33: Configure Dns
Chapter 1: smartswitch router product overview ssr user reference manual 1 - 15 configure dns the ssr allows you to configure up to three domain name service (dns) servers. To configure the dns, the following command in configure mode. Configure http services the ssr contains an http server for resp...
Page 34
Chapter 1: smartswitch router product overview 1 - 16 ssr user reference manual show chassis id. Snmp show chassis-id show the snmp community strings. Snmp show community show snmp related statistics. Snmp show statistics show trap target related configuration. Snmp show trap show the active configu...
Page 35
Chapter 1: smartswitch router product overview ssr user reference manual 1 - 17 lists the last five telnet connections to the ssr. System show telnet-access show the default terminal settings (number of rows, number of columns, and baud rate. System show terminal show ssr uptime. System show uptime ...
Page 36
Chapter 1: smartswitch router product overview 1 - 18 ssr user reference manual.
Page 37: Chapter 2
Chapter 2 chapter 2 bridging configuration guide bridging overview the smartswitch router provides the following bridging functions: • complies with the ieee 802.1d standard • complies with the igmp multicast bridging standard • provides wire-speed address-based bridging or flow-based bridging • pro...
Page 38: Vlan Overview
Chapter 2: bridging configuration guide 2 - 2 ssr user reference manual fewer table entries while flow-based bridging provides tighter management and control over bridged traffic. Vlan overview virtual lans (vlans) are a means of dividing a physical network into several logical (virtual) lans. The d...
Page 39: Ssr Vlan Support
Chapter 2: bridging configuration guide ssr user reference manual 2 - 3 configured by the network administrator. When a frame is received at a port, its destination mac address is looked up in the vlan database, which returns the vlan to which this frame belongs. This type of vlan is powerful in the...
Page 40
Chapter 2: bridging configuration guide 2 - 4 ssr user reference manual to remember the types of vlans in order to configure the ssr, as seen in the section on configuring the ssr. Vlans and the ssr vlans are an integral part of the ssr family of switching routers. The ssr switching routers can func...
Page 41
Chapter 2: bridging configuration guide ssr user reference manual 2 - 5 unlike traditional routers, the ssr has the concept of logical interfaces rather than physical interfaces. An l3 interface is a logical entity created by the administrator. It can contain more than one physical port. When an l3 ...
Page 42
Chapter 2: bridging configuration guide 2 - 6 ssr user reference manual configuring ssr bridging functions configure address-based or flow-based bridging the ssr ports perform address-based bridging by default but can be configured to perform flow-based bridging instead of address-based bridging, on...
Page 43: Configuring Spanning Tree
Chapter 2: bridging configuration guide ssr user reference manual 2 - 7 to enable a port to flow-based bridging, enter the following command in configure mode. To change a port from flow-based bridging to address-based bridging, enter the following command in configure mode: configuring spanning tre...
Page 44
Chapter 2: bridging configuration guide 2 - 8 ssr user reference manual set the bridge priority you can globally configure the priority of an individual bridge when two bridges tie for position as the root bridge, or you can configure the likelihood that a bridge will be selected as the root bridge....
Page 45
Chapter 2: bridging configuration guide ssr user reference manual 2 - 9 define the forward delay interval the forward delay interval is the amount of time spent listening for topology change information after an interface has been activated for bridging and before forwarding actually begins. To chan...
Page 46: Configure Layer-2 Filters
Chapter 2: bridging configuration guide 2 - 10 ssr user reference manual configuring vlan trunk ports the ssr supports standards-based vlan trunking between multiple ssrs as defined by ieee 802.1q. 802.1q adds a header to a standard ethernet frame which includes a unique vlan id per trunk between tw...
Page 47: Monitor Bridging
Chapter 2: bridging configuration guide ssr user reference manual 2 - 11 monitor bridging the ssr provides display of bridging statistics and configurations contained in the ssr. To display bridging information, enter the following commands in enable mode. Configuration examples creating an ip or ip...
Page 48
Chapter 2: bridging configuration guide 2 - 12 ssr user reference manual ssr(config)# vlan add ports et.1.(1-8),gi.1.(1-2) to blue.
Page 49: Chapter 3
Chapter 3 chapter 3 ip routing configuration guide this chapter describes how to configure ip interfaces and general non-protocol- specific routing parameters. Ip routing overview internet protocol (ip) is a packet-based protocol used to exchange data over computer networks. Ip handles addressing, r...
Page 50
Chapter 3: ip routing configuration guide 3 - 2 ssr user reference manual and broadcasts its own routing information on those same networks. The ssr supports the following interior gateway protocols: • routing information protocol (rip) version 1, 2 (rfc 1058, 1723) • open shortest path first (ospf)...
Page 51
Chapter 3: ip routing configuration guide ssr user reference manual 3 - 3 configure ip interfaces for a vlan you can configure one ip interface per vlan. Once an ip interface has been assigned to a vlan, you can add a secondary ip addresses to the vlan. To configure a vlan with an ip interface, ente...
Page 52: Configure Dns Parameters
Chapter 3: ip routing configuration guide 3 - 4 ssr user reference manual stored in an arp cache for rapid retrieval. Then the ip datagram is encapsulated in a link-layer frame and sent over the network. Configure arp cache entries you can add and delete entries in the arp cache. To add or delete st...
Page 53: Configure Ip Services (Icmp)
Chapter 3: ip routing configuration guide ssr user reference manual 3 - 5 configure ip services (icmp) the ssr provides icmp message capabilities including ping and traceroute. Ping allows you to determine the reachability of a certain ip host. Traceroute allows you to trace the ip gateways to an ip...
Page 54: Configuration Examples
Chapter 3: ip routing configuration guide 3 - 6 ssr user reference manual configuration examples assigning ip/ipx interfaces to enable routing on the ssr, you must assign an ip or ipx interface to a vlan. To assign an ip or ipx interface named ‘red’ to the ‘blue’ vlan, perform the following: ssr(con...
Page 55: Chapter 4
Chapter 4 chapter 4 rip configuration guide rip overview this chapter describes how to configure routing information protocol (rip) in the smartswitch router. Rip is a distance-vector routing protocol for use in small networks. Rip is described in rfc 1723. A router running rip broadcasts updates at...
Page 56: Configure Rip Parameters
Chapter 4: rip configuration guide 4 - 2 ssr user reference manual to add rip interfaces, enter the following commands in configure mode. Configure rip parameters no further configuration is required and the system default parameters will be used by rip to exchange routing information. These default...
Page 57
Chapter 4: rip configuration guide ssr user reference manual 4 - 3 to change rip parameters, enter the following commands in configure mode. Configure rip route preference you can set the preference of routes learned from rip. To configure rip route preference, enter the following command in configu...
Page 58: Monitoring Rip
Chapter 4: rip configuration guide 4 - 4 ssr user reference manual routes from other protocols into rip, you must explicitly specify a value for the default-metric parameter. The metric specified by the default-metric parameter may be overridden by a metric specified in the export command. To config...
Page 59: Configuration Example
Chapter 4: rip configuration guide ssr user reference manual 4 - 5 configuration example ! Example configuration ! ! Create interface ssr1-if1 with ip address 1.1.1.1/16 on port et.1.1 on ssr-1 interface create ip ssr1-if1 address-netmask 1.1.1.1/16 port et.1.1 ! ! Configure rip on ssr-1 rip add int...
Page 60
Chapter 4: rip configuration guide 4 - 6 ssr user reference manual.
Page 61: Chapter 5
Chapter 5 chapter 5 ospf configuration guide ospf overview open shortest path first (ospf) is a link-state routing protocol that supports ip subnetting and authentication. The ssr supports ospf version 2.0 as defined in rfc 1583. Each link-state message contains all the links connected to the router...
Page 62: Enable Ospf
Chapter 5: ospf configuration guide 5 - 2 ssr user reference manual the default cost of an ospf interface is 1. The cost of the interface should be inversely proportional to the bandwidth of the interface; if the ssr has interfaces with differing bandwidths, the ospf costs should be set accordingly....
Page 64: Configure An Ospf Area
Chapter 5: ospf configuration guide 5 - 4 ssr user reference manual configure an ospf area ospf areas are a collection of subnets that are grouped in a logical fashion. These areas communicate with other areas via the backbone area. Once ospf areas are created, you can add interfaces, stub hosts, an...
Page 65: Create Virtual Links
Chapter 5: ospf configuration guide ssr user reference manual 5 - 5 to configure ospf area parameters, enter the following commands in the configure mode. Create virtual links in ospf, virtual links can be established: • to connect an area via a transit area to the backbone • to create a redundant b...
Page 66: Advertisements
Chapter 5: ospf configuration guide 5 - 6 ssr user reference manual configure autonomous system external (ase) link advertisements these parameters specify the defaults used when importing ospf as external (ase) routes into the routing table and exporting routes from the routing table into ospf ases...
Page 67
Chapter 5: ospf configuration guide ssr user reference manual 5 - 7 to display ospf information, enter the following commands in enable mode. Show ip routing table. Ip show table routing monitor ospf error conditions. Ospf monitor errors destination or-ipaddr> show information on all interfaces con-...
Page 68: Ospf Configuration Examples
Chapter 5: ospf configuration guide 5 - 8 ssr user reference manual ospf configuration examples for all examples in this section, refer to the configuration shown in figure 1 on page 5 - 12. The following configuration commands for router r1: • determine the ip address for each interface • specify t...
Page 69
Chapter 5: ospf configuration guide ssr user reference manual 5 - 9 ip add route 160.1.5.0/24 gateway 120.1.1.2 !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Ospf box level configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ospf start ospf c...
Page 70
Chapter 5: ospf configuration guide 5 - 10 ssr user reference manual in the configuration shown in figure 1 on page 5 - 12, suppose if we decide to run rip version 2 on network 120.190.0.0/16, connecting routers r1 and r2. We would like to redistribute these rip routes as ospf type-2 routes, and ass...
Page 71
Chapter 5: ospf configuration guide ssr user reference manual 5 - 11 ip-router policy create rip-export-destination ripexpdst 10. Create ospf export source. Ip-router policy create ospf-export-source ospfexpsrc type ospf 11. Create ospf-ase export source. Ip-router policy create ospf-export-source o...
Page 72
C h ap te r 5 : os pf c o nf ig ur a ti o n gu id e 5 - 12 s s r u s e r r e fer e n c e man ual figure 1: exporting to ospf bgp r1 r2 r3 r41 r42 r6 r11 a r e a b a c k b o n e a r e a 140.1.0.0 (ri p v2 ) 140.1.1.1/24 140.1.2.1/24 140.1.5/24 140.1.4/24 190.1.1.1/16 120.190.1.1/16 160.1.5.2/24 r10 r...
Page 73: Chapter 6
Chapter 6 chapter 6 routing policy configuration guide route import and export policy overview the ssr family of routers supports extremely flexible routing policies. The ssr allows the network administrator to control import and export of routing information based on criteria including: • individua...
Page 74: Import Policies
Chapter 6: routing policy configuration guide 6 - 2 ssr user reference manual a default preference is assigned to each source from which the ssr routing process receives routes. Preference values range from 0 to 255 with the lowest number indicating the most preferred route. The following table summ...
Page 75
Chapter 6: routing policy configuration guide ssr user reference manual 6 - 3 import-source this component specifies the source of the imported routes. It can also specify the preference to be associated with the routes imported from this source. The routes to be imported can be identified by their ...
Page 76: Export Policies
Chapter 6: routing policy configuration guide 6 - 4 ssr user reference manual route-filter this component specifies the individual routes which are to be imported or restricted. The preference to be associated with these routes can also be explicitly specified using this component. The preference as...
Page 77: Specifying A Route Filter
Chapter 6: routing policy configuration guide ssr user reference manual 6 - 5 specifies igp as the origin and no ass in the as path (the current as is added when the route is exported). For bgp routes, the as path is stored as learned from bgp. • tag associated with a route. Both ospf and rip versio...
Page 79
Chapter 6: routing policy configuration guide ssr user reference manual 6 - 7 to know about individual subnets which would increase the size of its routing table, the peer is only informed about an aggregate-route which contains all the subnets. Like export policies, aggregate-routes can have up to ...
Page 80: Authentication
Chapter 6: routing policy configuration guide 6 - 8 ssr user reference manual a route may only contribute to an aggregate route that is more general than itself; it must match the aggregate under its mask. Any given route may only contribute to one aggregate route, which will be the most specific co...
Page 81: Redistributing Static Routes
Chapter 6: routing policy configuration guide ssr user reference manual 6 - 9 secondary authentication key. In the router configuration mode, instead of specifying the key for each interface (which can be up to 16 characters long), a key-chain identifier is specified. Configure simple routing polici...
Page 82: Redistributing Rip Into Rip
Chapter 6: routing policy configuration guide 6 - 10 ssr user reference manual to redistribute static routes, enter one of the following commands in configure mode: redistributing directly attached networks routes to directly attached networks are redistributed to another routing protocol such as ri...
Page 83: Redistributing Ospf to Rip
Chapter 6: routing policy configuration guide ssr user reference manual 6 - 11 redistributing ospf to rip for the purposes of route redistribution and import-export policies, ospf intra- and inter-area routes are referred to as ospf routes, and external routes redistributed into ospf are referred to...
Page 84
Chapter 6: routing policy configuration guide 6 - 12 ssr user reference manual • specify the static routes configured on the router • determine its rip configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Create the various ip interfaces. !+++++++++++++++++++++++++++...
Page 85
Chapter 6: routing policy configuration guide ssr user reference manual 6 - 13 exporting a given static route to all rip interfaces router r1 has several static routes of which one is the default route. We would export this default route over all rip interfaces. Ip-router policy redistribute from-pr...
Page 86
Chapter 6: routing policy configuration guide 6 - 14 ssr user reference manual ospf create area 140.1.0.0 ospf create area backbone ospf set ase-defaults cost 4 !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Ospf interface configuration !+++++++++++++++++++++++++++++++++++++...
Page 87: Export Policies
Chapter 6: routing policy configuration guide ssr user reference manual 6 - 15 configure advanced routing policies advanced routing policies are used for creating complex import/export policies that cannot be done using the redistribute command. Advanced export policies provide granular control over...
Page 88
Chapter 6: routing policy configuration guide 6 - 16 ssr user reference manual complex filter requirements, then use the second method. After you create one or more building blocks, they are tied together by the iprouter policy export command. To create route export policies, enter the following com...
Page 89: Creating An Export Source
Chapter 6: routing policy configuration guide ssr user reference manual 6 - 17 creating an export source to create an export source, enter one of the following commands in configure mode: import policies import policies can be constructed from one or more of the following building blocks: • import-s...
Page 90: Creating An Import Source
Chapter 6: routing policy configuration guide 6 - 18 ssr user reference manual the is the identifier of the import-source that determines the source of the imported routes. If no routes from a particular source are to be imported, then no additional parameters are required. The , if specified, is th...
Page 91
Chapter 6: routing policy configuration guide ssr user reference manual 6 - 19 with the contributing routes from this source. The routes contributing to an aggregate can be identified by their associated attributes, including protocol type, tag associated with a route, and so on. • route filter - th...
Page 92: Creating An Aggregate Source
Chapter 6: routing policy configuration guide 6 - 20 ssr user reference manual creating an aggregate destination to create an aggregate destination, enter the following command in configure mode: creating an aggregate source to create an aggregate source, enter the following command in configure mod...
Page 93
Chap ter 6: rout ing po licy co nfi gur ati o n gu id e ss r us er re fer enc e man ual 6 - 2 1 figure 2: exporting to rip internet r6 r42 r41 r1 r2 r3 r7 135.3.1.1/24 135.3.2.1/24 135.3.3.1/24 140.1.1.4/24 140.1.1.1/24 130.1.1.1/16 130.1.1.3/16 120.190.1.1/16 120.190.1.2/16 202.1.0.0/10 160.1.5.0/2...
Page 94
Chapter 6: routing policy configuration guide 6 - 22 ssr user reference manual the following configuration commands for router r1 • determine the ip address for each interface. • specify the static routes configured on the router. • determine its rip configuration. !+++++++++++++++++++++++++++++++++...
Page 95
Chapter 6: routing policy configuration guide ssr user reference manual 6 - 23 rip set interface to-r42 version 2 type multicast rip set interface to-r6 version 2 type multicast importing a selected subset of routes from one of the rip trusted gateways. Router r1 has several rip peers. Router r41 ha...
Page 96
Chapter 6: routing policy configuration guide 6 - 24 ssr user reference manual it is only possible to restrict the importation of ospf ase routes when functioning as an as border router. Like the other interior protocols, preference cannot be used to choose between ospf ase routes. That is done by t...
Page 97
Chap ter 6: rout ing po licy co nfi gur ati o n gu id e ss r us er re fer enc e man ual 6 - 2 5 figure 3: exporting to ospf bgp r1 r2 r3 r41 r42 r6 r11 a r e a b a c k b o n e a r e a 140.1.0.0 (ri p v2 ) 140.1.1.1/24 140.1.2.1/24 140.1.5/24 140.1.4/24 190.1.1.1/16 120.190.1.1/16 160.1.5.2/24 r10 r5...
Page 98
Chapter 6: routing policy configuration guide 6 - 26 ssr user reference manual the following configuration commands for router r1: • determine the ip address for each interface • specify the static routes configured on the router • determine its ospf configuration !++++++++++++++++++++++++++++++++++...
Page 99: Examples of Export Policies
Chapter 6: routing policy configuration guide ssr user reference manual 6 - 27 examples of export policies example 1: exporting to rip exporting to rip is controlled by any of protocol, interface or gateway. If more than one is specified, they are processed from most general (protocol) to most speci...
Page 100
Chapter 6: routing policy configuration guide 6 - 28 ssr user reference manual !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Configure default routes to the 135.3.0.0 subnets reachable through ! R3. !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ip ...
Page 101
Chapter 6: routing policy configuration guide ssr user reference manual 6 - 29 3. Create a rip export source since we would like to export rip routes. Ip-router policy create rip-export-source ripexpsrc 4. Create a direct export source since we would like to export direct/interface routes. Ip-router...
Page 102
Chapter 6: routing policy configuration guide 6 - 30 ssr user reference manual 1. Create a rip export destination for interface with address 140.1.1.1, since we in- tend to change the rip export policy for interface 140.1.1.1 ip-router policy create rip-export-destination ripexpdst141 interface 140....
Page 103
Chapter 6: routing policy configuration guide ssr user reference manual 6 - 31 ip-router aggr-gen destination aggrdst140 source allaggrsrc network 140.1.2.0/ 24 4. Create a rip export destination for interface with address 130.1.1.1, since we in- tend to change the rip export policy only for interfa...
Page 104
Chapter 6: routing policy configuration guide 6 - 32 ssr user reference manual for all examples in this section, refer to the configuration shown in figure 3 on page 6 - 25. The following configuration commands for router r1: • determine the ip address for each interface • specify the static routes ...
Page 105
Chapter 6: routing policy configuration guide ssr user reference manual 6 - 33 ip-router policy create ospf-export-destination ospfexpdsttype1 type 1 metric 1 2. Create a ospf export destination for type-2 routes since we would like to redis- tribute certain routes into ospf as type 2 ospf-ase route...
Page 106
Chapter 6: routing policy configuration guide 6 - 34 ssr user reference manual 4. Create a ospf export destination for type-2 routes with a tag of 100. Ip-router policy create ospf-export-destination ospfexpdsttype2t100 type 2 tag 100 metric 4 5. Create a rip export source. Ip-router policy export d...
Page 107: Chapter 7
Chapter 7 chapter 7 multicast routing configuration guide ip multicast overview multicast routing on the ssr is supported through dvmrp and igmp. Igmp is used to determine host membership on directly attached subnets. Dvmrp is used to determine forwarding of multicast traffic between ssrs. This chap...
Page 108: Configure Igmp
Chapter 7: multicast routing configuration guide 7 - 2 ssr user reference manual • pruning, which is an operation dvmrp routers perform to exclude interfaces not in the shortest path tree. Dvmrp uses the reverse path multicasting (rpm) algorithm to perform pruning.In rpm, a source network rather tha...
Page 109
Chapter 7: multicast routing configuration guide ssr user reference manual 7 - 3 to enable igmp on an interface, enter the following command in configure mode: configure igmp query interval you can configure the ssr with a different igmp host membership query time interval. The interval you set appl...
Page 110: Configure Dvmrp
Chapter 7: multicast routing configuration guide 7 - 4 ssr user reference manual configure dvmrp you configure dvmrp routing on the ssr by performing the following dvmrp- configuration tasks. • creating ip interfaces. • setting global parameters that will be used for all the interfaces on which dvmr...
Page 111
Chapter 7: multicast routing configuration guide ssr user reference manual 7 - 5 to configure neighbor timeout or prune time, enter one of the following commands in configure mode: configure the dvmrp routing metric you can configure the dvmrp routing metric associated with a set of destinations for...
Page 112: Configure A Dvmrp Tunnel
Chapter 7: multicast routing configuration guide 7 - 6 ssr user reference manual ttl thresholding is not always considered useful. There is another approach of a range of multicast addresses for “administrative” scoping. In other words, such addresses would be usable within a certain administrative ...
Page 113: Monitor Igmp and Dvmrp
Chapter 7: multicast routing configuration guide ssr user reference manual 7 - 7 monitor igmp and dvmrp you can monitor igmp and dvmrp information on the ssr. To display igmp and dvmrp information, enter the following commands in the enable mode. Configuration examples the following is a sample ssr ...
Page 114
Chapter 7: multicast routing configuration guide 7 - 8 ssr user reference manual ! Create ip intefaces ! Interface create ip mls15 address-netmask 172.1.1.10/24 port et.5.8 interface create ip company address-netmask 207.135.89.64/25 port et.5.1 interface create ip test address-netmask 10.135.89.10/...
Page 115
Chapter 7: multicast routing configuration guide ssr user reference manual 7 - 9.
Page 116
Chapter 7: multicast routing configuration guide 7 - 10 ssr user reference manual.
Page 117: Chapter 8
Chapter 8 chapter 8 ipx routing configuration guide ipx routing overview the internetwork packet exchange (ipx) is a datagram connectionless protocol for the novell netware environment. You can configure the ssr for ipx routing and sap. Routers interconnect different network segments and by definiti...
Page 118: Configuring Ipx Rip and Sap
Chapter 8: ipx routing configuration guide 8 - 2 ssr user reference manual • routers perform broadcasting whenever they detect a change in the internetwork configurations. Ssr's rip implementation follows the guidelines given in novell's ipx rip and sap router specification version 1.30 document. Sa...
Page 119: Ipx Sap
Chapter 8: ipx routing configuration guide ssr user reference manual 8 - 3 ipx sap on the ssr, sap automatically runs on all the ipx interfaces. The ssr will keep multiple sap’s having the lowest hop count. Static saps can be configured on the ssr using the cli’s ipx add sap command. Through the use...
Page 120: Configure Ipx Routing
Chapter 8: ipx routing configuration guide 8 - 4 ssr user reference manual to configure a vlan with an ipx interface, enter the following command in configure mode: specify ipx encapsulation method the smartswitch router supports two encapsulation types for ipx. You can configure encapsulation type ...
Page 121: Enable Sap
Chapter 8: ipx routing configuration guide ssr user reference manual 8 - 5 enable sap ipx sap is enabled by default on the ssr. You must first create an ipx interface or assign an ipx interface to a vlan before sap will start learning services. Configure static routes in a novell netware network, th...
Page 122
Chapter 8: ipx routing configuration guide 8 - 6 ssr user reference manual replies. • rip access control list: restricts advertisements or learning of networks. Create an ipx access control list ipx access control lists control which ipx traffic is received from or sent to an interface based on sour...
Page 123: Monitor An Ipx Network
Chapter 8: ipx routing configuration guide ssr user reference manual 8 - 7 create an ipx rip access control list ipx rip access control lists control which rip updates are allowed. To create an ipx rip access control list, perform the following task in the configure mode: once an ipx rip access cont...
Page 124
Chapter 8: ipx routing configuration guide 8 - 8 ssr user reference manual • adds a rip access list • adds a sap access list ! Create interface ipx1 with ipx address aaaaaaaa interface create ipx ipx1 address aaaaaaaa port et.1.1 output- mac-encapsulation ethernet_802.2_ipx ! ! Create interface ipx2...
Page 125: Chapter 9
Chapter 9 chapter 9 security configuration guide security overview the ssr provides security features that help control access to the ssr and filter traffic going through the ssr. Access to the ssr can be controlled by: • enabling tacacs • login authentication traffic filtering on the ssr enables: •...
Page 126: Configure Passwords
Chapter 9: security configuration guide 9 - 2 ssr user reference manual monitor tacacs you can monitor tacacs configuration and statistics within the ssr. To monitor tacacs, enter the following commands in enable mode: configure passwords the ssr provides password authentication for accessing the us...
Page 127
Chapter 9: security configuration guide ssr user reference manual 9 - 3 • port-to-address lock filters these filters prohibit a user connected to a locked port or set of ports from using an- other port. • static entry filters these filters allow or force traffic to go to a set of destination ports b...
Page 128
Chapter 9: security configuration guide 9 - 4 ssr user reference manual configuring layer-2 port-to-address lock filters port address lock filters allow you to bind or “lock” specific source mac addresses to a port or set of ports. Once a port is locked, only the specified source mac address is allo...
Page 129
Chapter 9: security configuration guide ssr user reference manual 9 - 5 configuring layer-2 secure port filters secure port filters block access to a specified port. You can use a secure port filter by itself to secure unused ports. Secure port filters can be configured as source or destination port...
Page 131: Layer-2 Filter Examples
Chapter 9: security configuration guide ssr user reference manual 9 - 7 layer-2 filter examples example 1: address filters source filter: the consultant is not allowed to access any file servers. The consultant is only allowed to interact with the engineers on the same ethernet segment – port et.1.1...
Page 132
Chapter 9: security configuration guide 9 - 8 ssr user reference manual destination static entry: restrict "login multicasts" originating from the engineering segment (port et.1.1) from reaching the finance servers. Filters add static-entry name login-mcasts dest-mac 010000:334455 vlan 1 in-port-lis...
Page 133: The Anatomy Of An Acl Rule
Chapter 9: security configuration guide ssr user reference manual 9 - 9 filters add secure-port name engineers direction dest vlan 1 in- port-list et.1.1 to allow all engineers access to the engineering servers, you must "punch" a hole through the secure-port wall. A "dest static-entry" overrides a ...
Page 134: The Ordering Of Acl Rules
Chapter 9: security configuration guide 9 - 10 ssr user reference manual for ipx acls, the following fields can be specified: • source network address • destination network address • source ipx socket • destination ipx socket when defining an acl rule, each field in the rule is position sensitive. F...
Page 135: Implicit Deny Rule
Chapter 9: security configuration guide ssr user reference manual 9 - 11 when a tcp packet comes from subnet 10.2.0.0/16, it finds a match with the first rule. This causes the packet to be dropped. A tcp packet coming from other subnets will not match the first rule. Instead, it matches the second r...
Page 136: Applying Acls To Interfaces
Chapter 9: security configuration guide 9 - 12 ssr user reference manual although the implicit deny rule seems obvious in the above example, this is not always the case. For example, consider the following acl rule: acl 102 deny ip 10.1.20.0/24 any any any if a packet comes in from a network other t...
Page 137: Applying Acls To Services
Chapter 9: security configuration guide ssr user reference manual 9 - 13 many rules in an acl. You just have to put all of these rules into one acl and apply it to an interface. When a packet comes into a router at an interface where an inbound acl is applied, the router compares the packet with the...
Page 138
Chapter 9: security configuration guide 9 - 14 ssr user reference manual before enabling acl logging, one should consider its impact on performance. With acl logging enabled, the router prints out a message at the console before the packet is actually forwarded or dropped. Even if the console is con...
Page 139: Configure Acl
Chapter 9: security configuration guide ssr user reference manual 9 - 15 the first copy command downloads the file acl.Changes from a tftp server and puts the commands into the temporary configuration area, scratchpad. The administrator can re-examine the changes if necessary before committing the c...
Page 140
Chapter 9: security configuration guide 9 - 16 ssr user reference manual defining an ip acl to define an ip acl, perform the following in the configure mode: defining an ipx acl to define an ipx acl, perform the following in the configure mode: applying an acl to an interface to apply an acl to an i...
Page 142
Chapter 9: security configuration guide 9 - 18 ssr user reference manual.
Page 143: Chapter 10
Chapter 10 chapter 10 qos configuration guide qos and l2/l3/l4 flow overview the ssr allows network managers to identify traffic and set quality of service (qos) policies without compromising wire speed performance. The ssr can guarantee bandwidth on an application by application basis, thus accommo...
Page 144: Ssr Queuing Policies
Chapter 10: qos configuration guide 10 - 2 ssr user reference manual precedence for layer-3 flows a precedence from 1 - 7 is associated with each field in a flow. The ssr uses the precedence value associated with the fields to break ties if packets match more than one flow. The highest precedence is...
Page 145: Configure Layer-3 and 4 Qos
Chapter 10: qos configuration guide ssr user reference manual 10 - 3 if a port operates in flow-bridging mode, the user can be more specific and configure priorities for frames that match both a source and a destination mac address and a vlan id. You can also specify a list of ports to apply the pol...
Page 146: Configure Ipx Qos Policies
Chapter 10: qos configuration guide 10 - 4 ssr user reference manual 2. Specify the precedence for the fields within an ip flow. Set an ip qos policy to set a qos policy on an ip traffic flow, enter the following command in configure mode: specify precedence for an ip qos policy to specify the prece...
Page 147
Chapter 10: qos configuration guide ssr user reference manual 10 - 5 specify precedence for an ipx qos policy to specify the precedence for an ipx qos policy, enter the following command in configure mode: configure ssr queuing policy the ssr queuing policy is set on a system-wide basis. The ssr def...
Page 148: Monitor Qos
Chapter 10: qos configuration guide 10 - 6 ssr user reference manual monitor qos the ssr provides display of qos statistics and configurations contained in the ssr. To display qos information, enter the following command in enable mode: show all ip qos flows qos show ip show all ipx qos flows. Qos s...
Page 149: Chapter 11
Chapter 11 chapter 11 performance monitoring guide performance monitoring overview the ssr is a full wire-speed layer-2, 3 and 4 switching router. As packets enter the ssr, layer-2, 3, and 4 flow tables are populated on each line card. The flow tables contain information on performance statistics an...
Page 150
Chapter 11: performance monitoring guide 11 - 2 ssr user reference manual show info about multicasts registered by igmp. L2-tables show igmp-mcast-registrations show whether igmp is on or off on a vlan. L2-tables show vlan-igmp-status show info about macs registered by the system. L2-tables show bri...