- DL manuals
- Cabletron Systems
- Network Router
- SMARTSWITCH ROUTER 9032578-05
- User's Reference Manual
Cabletron Systems SMARTSWITCH ROUTER 9032578-05 User's Reference Manual
Summary of SMARTSWITCH ROUTER 9032578-05
Page 1
Smartswitch router user reference manual 9032578-05.
Page 2
Copyright © 2000 by cabletron systems, inc. All rights reserved. Cabletron systems, inc. 35 industrial way rochester, nh 03867-5005 printed in the united states of america changes cabletron systems, inc., reserves the right to make changes in specifications and other information contained in this do...
Page 3
Regulatory compliance information smartswitch router user reference manual iii regulatory compliance information this product complies with the following: safety ul 1950; csa c22.2, no. 950; 73/23/eec; en 60950; iec 950 electromagnetic fcc part 15; csa c108.8; 89/336/eec; en 55022; en 61000-3-2 comp...
Page 4
Regulatory compliance statements iv smartswitch router user reference manual industry canada compliance statement this digital apparatus does not exceed the class a limits for radio noise emissions from digital apparatus set out in the radio interference regulations of the canadian department of com...
Page 5
Safety information: class 1 laser transceivers smartswitch router user reference manual v safety information: class 1 laser transceivers this product may use class 1 laser transceivers. Read the following safety information before installing or operating this product. The class 1 laser transceivers ...
Page 6: Cabletron Systems, Inc.
Cabletron systems, inc. Program license agreement vi smartswitch router user reference manual cabletron systems, inc. Program license agreement important: this license applies for use of product in the following geographical regions: canada mexico central america south america before opening or util...
Page 7
Cabletron systems, inc. Program license agreement smartswitch router user reference manual vii if the program is exported from the united states pursuant to the license exception tsr under the u.S. Export administration regulations, in addition to the restriction on transfer set forth in sections 1 ...
Page 8: Program License Agreement
Cabletron systems sales and service, inc. Program license agreement viii smartswitch router user reference manual cabletron systems sales and service, inc. Program license agreement important: this license applies for use of product in the united states of america and by united states of america gov...
Page 9
Cabletron systems sales and service, inc. Program license agreement smartswitch router user reference manual ix if the program is exported from the united states pursuant to the license exception tsr under the u.S. Export administration regulations, in addition to the restriction on transfer set for...
Page 10: Cabletron Systems Limited
Cabletron systems limited program license agreement x smartswitch router user reference manual cabletron systems limited program license agreement important: this license applies for the use of the product in the following geographical regions: europe middle east africa asia australia pacific rim be...
Page 11
Cabletron systems limited program license agreement smartswitch router user reference manual xi if the program is exported from the united states pursuant to the license exception tsr under the u.S. Export administration regulations, in addition to the restriction on transfer set forth in sections 1...
Page 12: Declaration Of Conformity
Declaration of conformity addendum xii smartswitch router user reference manual declaration of conformity addendum application of council directive(s) 89/336/eec 73/23/eec manufacturer’s name cabletron systems, inc. Manufacturer’s address 35 industrial way po box 5005 rochester, nh 03867 european re...
Page 13: Contents
Smartswitch router user reference manual xiii contents about this manual ................................................................................... 1 related documentation.......................................................................................................... .1 document c...
Page 14
Contents xiv smartswitch router user reference manual mac-address-based vlans................................................................................. 23 protocol-based vlans........................................................................................... 23 subnet-based vlans .......
Page 15
Smartswitch router user reference manual xv contents enabling cell scrambling ..............................................................................................45 cell mapping ...................................................................................................................
Page 16
Contents xvi smartswitch router user reference manual specifying ethernet encapsulation method............................................................... 79 configuring jumbo frames .......................................................................................... 80 configuring address ...
Page 17
Smartswitch router user reference manual xvii contents configuring rip route preference .............................................................................108 configuring rip route default-metric......................................................................108 monitoring rip .........
Page 18
Contents xviii smartswitch router user reference manual notes on using route reflection........................................................................ 160 chapter 13: routing policy configuration guide................................ 161 route import and export policy overview.................
Page 19
Smartswitch router user reference manual xix contents importing a selected subset of routes from all rip peers accessible over a certain interface ...................................................................................183 example 2: importing from ospf ......................................
Page 20
Contents xx smartswitch router user reference manual firewall load balancing.............................................................................................. 214 monitoring ip policies .........................................................................................................
Page 21
Smartswitch router user reference manual xxi contents virtual ip address ranges ...................................................................................242 session and netmask persistence........................................................................243 web caching..................
Page 22
Contents xxii smartswitch router user reference manual editing acls offline ................................................................................................... 264 maintaining acls using the acl editor ................................................................ 265 using acls .....
Page 23
Smartswitch router user reference manual xxiii contents layer-2 and layer-3 & layer-4 flow specification..................................................292 precedence for layer-3 flows .....................................................................................293 ssr queuing policies.......
Page 24
Contents xxiv smartswitch router user reference manual configuration examples ............................................................................................. 321 displaying rmon information ........................................................................................ 322 rmo...
Page 25
Smartswitch router user reference manual xxv contents defining the type and location of a ppp interface .................................................346 setting up a ppp service profile..................................................................................346 applying a service profil...
Page 26
Contents xxvi smartswitch router user reference manual.
Page 27: About This Manual
Smartswitch router user reference manual 1 about this manual this manual provides information and procedures for configuring the smartswitch router (ssr) software. If you have not yet installed the ssr, use the instructions in the smartswitch router getting started guide to install the chassis and p...
Page 29: Chapter 1
Smartswitch router user reference manual 3 chapter 1 introduction this chapter provides information that you need to know before configuring the smartswitch router (ssr). If you have not yet installed the ssr, use the instructions in the smartswitch router getting started guide to install the chassi...
Page 30
Chapter 1: introduction 4 smartswitch router user reference manual using the command line interface note: the ssr provides both a graphical user interface (corewatch) and a command line interface (cli) to configure and manage the ssr. In this manual, example configurations show how to use the cli co...
Page 31
Smartswitch router user reference manual 5 chapter 1: introduction the enable mode command prompt consists of the ssr name followed by the pound sign(#): to exit enable mode and return to user mode, either type exit and press return, or press ctrl+z. Configure mode configure mode provides the capabi...
Page 32
Chapter 1: introduction 6 smartswitch router user reference manual you are. For example, if you are at the user mode prompt, enter a question mark (?) as shown in the following example to list the commands available in user mode: you can also type the ? Character while entering in a command line to ...
Page 33
Smartswitch router user reference manual 7 chapter 1: introduction without typing the subsystem name in each time. For example, if you are configuring several entries for the ip routing table, you can simply enter ip at the cli configure prompt. The prompt changes to indicate that the context for th...
Page 34
Chapter 1: introduction 8 smartswitch router user reference manual ctrl-k kill line from cursor to end of line ctrl-l refresh current line ctrl-m carriage return (executes command) ctrl-n next command from history buffer ctrl-o none ctrl-p previous command from history buffer ctrl-q none ctrl-r refr...
Page 35
Smartswitch router user reference manual 9 chapter 1: introduction displaying and changing configuration information the ssr provides many commands for displaying and changing configuration information. For example, the cli allows for the “disabling” of a command in the active configuration. Use the...
Page 36
Chapter 1: introduction 10 smartswitch router user reference manual the following figure illustrates the configuration files and the commands you can use to save your configuration: figure 1. Commands to save configurations erase commands in scratchpad. Erase scratchpad erase startup configuration. ...
Page 37: Port Names
Smartswitch router user reference manual 11 chapter 1: introduction port names the term port refers to a physical connector on a line card installed in the ssr. The figure below shows eight 10 base-t/100 base-tx ports on a line card. Each port in the ssr is referred to in the following manner: .. Wh...
Page 38
Chapter 1: introduction 12 smartswitch router user reference manual for example, the port name et.2.8 refers to the port on the ethernet line card located in slot 2, connector 8, while the port name gi.3.2 refers to the port on the gigabit ethernet line card located in slot 3, connector 2. There are...
Page 39: Chapter 2
Smartswitch router user reference manual 13 chapter 2 hot swapping line cards and control modules hot swapping overview this chapter describes the hot swapping functionality of the ssr. Hot swapping is the ability to replace a line card or control module while the ssr is operating. Hot swapping allo...
Page 40: Hot Swapping Line Cards
Chapter 2: hot swapping line cards and control modules 14 smartswitch router user reference manual hot swapping line cards the procedure for hot swapping a line card consists of deactivating the line card, removing it from its slot in the ssr chassis, and installing a new line card in the slot. Deac...
Page 41
Smartswitch router user reference manual 15 chapter 2: hot swapping line cards and control modules removing the line card to remove a line card from the ssr: 1. Make sure the offline led on the line card is lit. Warning : do not remove the line card unless the offline led is lit. Doing so can cause ...
Page 42
Chapter 2: hot swapping line cards and control modules 16 smartswitch router user reference manual hot swapping a secondary control module if you have a secondary control module installed on the ssr, you can hot swap it with another control module or line card. Warning : you can only hot swap an ina...
Page 43
Smartswitch router user reference manual 17 chapter 2: hot swapping line cards and control modules you can also use the system hotswap out command in the cli to deactivate the control module. For example, to deactivate the secondary control module in slot cm/1, enter the following command in enable ...
Page 44: Only)
Chapter 2: hot swapping line cards and control modules 18 smartswitch router user reference manual hot swapping a switching fabric module (ssr 8600 only) the ssr 8600 has slots for two switching fabric modules. While the ssr 8600 is operating, you can install a second switching fabric module. If two...
Page 45
Smartswitch router user reference manual 19 chapter 2: hot swapping line cards and control modules removing the switching fabric module to remove the switching fabric module: 1. Loosen the captive screws on each side of the switching fabric module. 2. Pull the metal tabs on the switching fabric modu...
Page 46
Chapter 2: hot swapping line cards and control modules 20 smartswitch router user reference manual.
Page 47: Chapter 3
Smartswitch router user reference manual 21 chapter 3 bridging configuration guide bridging overview the smartswitch router provides the following bridging functions: • compliance with the ieee 802.1d standard • compliance with the igmp multicast bridging standard • wire-speed address-based bridging...
Page 48: Vlan Overview
Chapter 3: bridging configuration guide 22 smartswitch router user reference manual bridging modes (flow-based and address-based) the ssr provides the following types of wire-speed bridging: address-based bridging - the ssr performs this type of bridging by looking up the destination address in an l...
Page 49
Smartswitch router user reference manual 23 chapter 3: bridging configuration guide • multicast based • policy based detailed information about these types of vlans is beyond the scope of this manual. Each type of vlan is briefly explained in the following subsections. Port-based vlans ports of l2 d...
Page 50
Chapter 3: bridging configuration guide 24 smartswitch router user reference manual multicast-based vlans multicast-based vlans are created dynamically for multicast groups. Typically, each multicast group corresponds to a different vlan. This ensures that multicast frames are received only by those...
Page 51
Smartswitch router user reference manual 25 chapter 3: bridging configuration guide the ssr as a result of creating l3 interfaces for ip and/or ipx. However, these implicit vlans do not need to be created or configured manually. The implicit vlans created by the ssr are subnet-based vlans. Most comm...
Page 52
Chapter 3: bridging configuration guide 26 smartswitch router user reference manual for example, if port 1 belongs to vlan ipx_vlan for ipx, vlan ip_vlan for ip and vlan other_vlan for any other protocol, then an ip frame received by port 1 is classified as belonging to vlan ip_vlan. Trunk ports (80...
Page 53
Smartswitch router user reference manual 27 chapter 3: bridging configuration guide the corresponding bridge tables for address-based and flow-based bridging are shown below. As shown, the bridge table contains more information on the traffic patterns when flow-based bridging is enabled compared to ...
Page 54
Chapter 3: bridging configuration guide 28 smartswitch router user reference manual configuring spanning tree note: some commands in this facility require updated ssr hardware. Please refer to appendix a for details. The ssr supports per vlan spanning tree. By default, all the vlans defined belong t...
Page 55
Smartswitch router user reference manual 29 chapter 3: bridging configuration guide setting the bridge priority you can globally configure the priority of an individual bridge when two bridges tie for position as the root bridge, or you can configure the likelihood that a bridge will be selected as ...
Page 56
Chapter 3: bridging configuration guide 30 smartswitch router user reference manual adjusting bridge protocol data unit (bpdu) intervals you can adjust bpdu intervals as described in the following sections: • adjust the interval between hello bpdus • define the forward delay interval • define the ma...
Page 57
Smartswitch router user reference manual 31 chapter 3: bridging configuration guide to change the default interval setting, enter the following command in configure mode: configuring a port- or protocol-based vlan to create a port or protocol based vlan, perform the following steps in the configure ...
Page 58
Chapter 3: bridging configuration guide 32 smartswitch router user reference manual configuring vlans for bridging the ssr allows you to create vlans for appletalk, decnet, sna, and ipv6 traffic as well as for ip and ipx traffic. You can create a vlan for handling traffic for a single protocol, such...
Page 59: Monitoring Bridging
Smartswitch router user reference manual 33 chapter 3: bridging configuration guide monitoring bridging the ssr provides display of bridging statistics and configurations contained in the ssr. To display bridging information, enter the following commands in enable mode. Configuration examples vlans ...
Page 60
Chapter 3: bridging configuration guide 34 smartswitch router user reference manual creating a non-ip/non-ipx vlan in this example, sna, decnet, and appletalk hosts are connected to et.1.1 and et.2.(1-4). You can associate all the ports containing these hosts to a vlan called ‘red’ with the vlan id ...
Page 61: Chapter 4
Smartswitch router user reference manual 35 chapter 4 smarttrunk configuration guide overview this chapter explains how to configure and monitor smarttrunks on the ssr. A smarttrunk is cabletron systems’ technology for load balancing and load sharing. For a description of the smarttrunk commands, se...
Page 62: Configuring Smarttrunks
Chapter 4: smarttrunk configuration guide 36 smartswitch router user reference manual configuring smarttrunks to create a smarttrunk: 1. Create a smarttrunk and specify a control protocol for it. 2. Add physical ports to the smarttrunk. 3. Specify the policy for distributing traffic across smarttrun...
Page 63: Monitoring Smarttrunks
Smartswitch router user reference manual 37 chapter 4: smarttrunk configuration guide to add ports to a smarttrunk, enter the following command in configure mode:: specify traffic distribution policy (optional) the default policy for distributing traffic across the ports in a smarttrunk is “round- r...
Page 64: Example Configurations
Chapter 4: smarttrunk configuration guide 38 smartswitch router user reference manual example configurations the following shows a network design based on smarttrunks. R1 is an ssr operating as a router, while s1 and s2 are ssrs operating as switches. The following is the configuration for the cisco...
Page 65
Smartswitch router user reference manual 39 chapter 4: smarttrunk configuration guide the following is the smarttrunk configuration for the ssr labeled ‘r1’ in the diagram: the following is the smarttrunk configuration for the ssr labeled ‘s1’ in the diagram: the following is the smarttrunk configur...
Page 66
Chapter 4: smarttrunk configuration guide 40 smartswitch router user reference manual.
Page 67: Chapter 5
Smartswitch router user reference manual 41 chapter 5 atm configuration guide atm overview this chapter provides an overview of the asynchronous transfer mode (atm) features available for the smartswitch router. Atm is a cell switching technology used to establish multiple connections over a physica...
Page 68: Service Class Definition
Service class definition 42 smartswitch router user reference manual channel having its own traffic parameters. The name “virtual” implies that the connection is located in silicon instead of a physical wire. Refer to “creating a service class definition” on page 43 for information about defining a ...
Page 69
Smartswitch router user reference manual 43 service class definition creating a service class definition to create a service class definition, enter the following command in configure mode: the following is a description of the parameters used to create a service class definition: service specifies ...
Page 70
Service class definition 44 smartswitch router user reference manual cells/sec). This is the same as pcr, but is expressed in kbits/sec, and therefore may be a more convenient form. However, since the natural unit for atm is cells/sec, there may be a difference in the actual rate because the kbit/se...
Page 71: Cell Scrambling
Smartswitch router user reference manual 45 cell scrambling port specifies the port, in the format: media.Slot.Port.Vpi.Vci media specifies the media type. This is at for atm ports. Slot specifies the slot number where the module is installed. Port specifies the port number. Vpi specifies the virtua...
Page 72: Cell Mapping
Cell mapping 46 smartswitch router user reference manual the following is a description of the parameters used to enable cell scrambling: port specifies the port, in the format: media.Slot.Port . Specify all-ports to enable cell scrambling on all ports. Media specifies the media type. This is at for...
Page 73: Creating A Non-Zero Vpi
Smartswitch router user reference manual 47 creating a non-zero vpi creating a non-zero vpi the virtual path identifier defines a virtual path, a grouping of virtual channels transmitting across the same physical connection. The actual number of virtual paths and virtual channels available on an atm...
Page 74
Displaying atm port information 48 smartswitch router user reference manual displaying atm port information there are a variety of atm statistics that can be accessed through the command line interface. The atm show commands can only be used in enable mode. To display information about the vpl confi...
Page 75
Smartswitch router user reference manual 49 displaying atm port information to display information about the service definition on an atm port: the following is an example of the information that is displayed with the command listed above: the following is a description of the display fields: • serv...
Page 76
Displaying atm port information 50 smartswitch router user reference manual to display information about the port settings on an atm port: the following is an example of the information that is displayed with the command listed above (for a pdh phy interface): • port type shows the type of phy inter...
Page 77
Smartswitch router user reference manual 51 displaying atm port information esf indicates extended super frame and is used for t1 framing. G832 is used for e3 framing. G751 is used for e3 framing. • vc mode shows the bit allocation for vpi and vci. • service definition shows the name of the defined ...
Page 78: Atm Sample Configuration 1
Atm sample configuration 1 52 smartswitch router user reference manual atm sample configuration 1 consider the following network configuration: the network shown consists of two smartswitch routers, vlan a, and vlan b. Both ssrs have an atm module with two atm ports. Also both ssrs contain a 10/100 ...
Page 79
Smartswitch router user reference manual 53 atm sample configuration 1 configuring an interface on an ethernet port there are two separate vlans in this network, vlan a and vlan b. Vlan a is connected to ethernet port et.2.1 on ssr1, and vlan b is connected to ethernet port et.1.1 on ssrssr2. Apply ...
Page 80
Atm sample configuration 1 54 smartswitch router user reference manual applying an atm service class after defining a service class on ssr1 and ssr2, apply them to the vc connection we created earlier. The following command line applies the service class ‘cbr1m’ to the vc (vpi=0, vci=100) on atm por...
Page 81
Smartswitch router user reference manual 55 atm sample configuration 1 creating an ip route allows the interfaces on the atm ports to act as gateways to any subnet. Traffic from vlan a reaches the ethernet port on ssr1 and is automatically directed to the gateway address (interface on the atm port f...
Page 82
Atm sample configuration 1 56 smartswitch router user reference manual.
Page 83: Chapter 6
Smartswitch router user reference manual 57 chapter 6 packet-over-sonet configuration guide overview this chapter explains how to configure and monitor packet-over-sonet (pos) on the ssr. See the sonet commands section of the smartswitch router command line interface reference manual for a descripti...
Page 84
Chapter 6: packet-over-sonet configuration guide 58 smartswitch router user reference manual configuring ip interfaces for pos links configuring ip interfaces for pos links is generally the same as for wans and for lans. You assign an ip address to each interface and define routing mechanisms such a...
Page 85
Smartswitch router user reference manual 59 chapter 6: packet-over-sonet configuration guide 2. Create a point-to-point interface with the interface create command, specifying the ip address and netmask for the interface on the ssr and the peer address of the other end of the connection: when you cr...
Page 86
Chapter 6: packet-over-sonet configuration guide 60 smartswitch router user reference manual note: in aps terminology, bridge means to transmit identical traffic on both the working and protecting lines, while switch means to select traffic from either the protecting line or the working line. • unid...
Page 87
Smartswitch router user reference manual 61 chapter 6: packet-over-sonet configuration guide to manage the working and protecting pos interfaces, enter the following commands in configure mode: note: you can only specify one option, lockoutprot, forced or manual, for a port. Also, an option can be a...
Page 88: Monitoring Pos Ports
Chapter 6: packet-over-sonet configuration guide 62 smartswitch router user reference manual • signal failure ber threshold of 10 -3 (1 out of 1,000 bits transmitted is in error). Signal failure is associated with a “hard” failure. Signal fail is determined when any of the following conditions are d...
Page 89: Example Configurations
Smartswitch router user reference manual 63 chapter 6: packet-over-sonet configuration guide example configurations this section shows example configurations for pos links. Aps pos links between ssrs the following example shows aps pos links between two ssrs, router a and router b. The following is ...
Page 90
Chapter 6: packet-over-sonet configuration guide 64 smartswitch router user reference manual pos link between the ssr and a cisco router the following example shows a pos link between an ssr, router a, and a cisco 12000 series gigabit switch router, router b. The mtu on both routers is configured fo...
Page 91
Smartswitch router user reference manual 65 chapter 6: packet-over-sonet configuration guide bridging and routing traffic over a pos link the following example shows how to configure a vlan ‘v1’ that includes the pos ports on two connected ssrs, router a and router b. Bridged or routed traffic is tr...
Page 92
Chapter 6: packet-over-sonet configuration guide 66 smartswitch router user reference manual.
Page 93: Chapter 7
Smartswitch router user reference manual 67 chapter 7 dhcp configuration guide dhcp overview the dynamic host configuration protocol (dhcp) server on the ssr provides dynamic address assignment and configuration to dhcp capable end-user systems, such as windows 95/98/nt and apple macintosh systems. ...
Page 94: Configuring Dhcp
Chapter 7: dhcp configuration guide 68 smartswitch router user reference manual configuring dhcp by default, the dhcp server is not enabled on the ssr. You can selectively enable dhcp service on particular interfaces and not others. To enable dhcp service on an interface, you must first define a dhc...
Page 95
Smartswitch router user reference manual 69 chapter 7: dhcp configuration guide to define the parameters that the dhcp server gives the clients, enter the following command in configure mode: configuring a static ip address to define a static ip address that the dhcp server can assign to a client wi...
Page 96: Monitoring The Dhcp Server
Chapter 7: dhcp configuration guide 70 smartswitch router user reference manual configuring dhcp server parameters you can configure several “global” parameters that affect the behavior of the dhcp server itself. To configure global dhcp server parameters, enter the following commands in configure m...
Page 97: Dhcp Configuration Examples
Smartswitch router user reference manual 71 chapter 7: dhcp configuration guide dhcp configuration examples the following configuration describes dhcp configuration for a simple network with just one interface on which dhcp service is enabled to provide both dynamic and static ip addresses. 1. Creat...
Page 98
Chapter 7: dhcp configuration guide 72 smartswitch router user reference manual 9. Specify a remote lease database on the tftp server 10.1.89.88. 10. Specify a database update interval of every 15 minutes. Configuring secondary subnets in some network environments, multiple logical subnets can be im...
Page 99
Smartswitch router user reference manual 73 chapter 7: dhcp configuration guide 6. Include ‘scope2’ in the superscope ‘super1’. Since there are multiple pools of ip addresses, the pool associated with ‘scope1’ is used first since ‘scope1’ is applied to the interface before ‘scope2’. Clients that are...
Page 100
Chapter 7: dhcp configuration guide 74 smartswitch router user reference manual 6. Define the address pool for ‘scope2’. 7. Create a superscope ‘super1’ that includes ‘scope1’. 8. Include ‘scope2’ in the superscope ‘super1’. For clients on the secondary subnet, the default gateway is 10.2.1.1, which...
Page 101
Smartswitch router user reference manual 75 chapter 7: dhcp configuration guide 4. Define the address pool for ‘scope1’. Dhcp scope1 define pool 10.5.1.10-10.5.1.20
Page 102
Chapter 7: dhcp configuration guide 76 smartswitch router user reference manual.
Page 103: Chapter 8
Smartswitch router user reference manual 77 chapter 8 ip routing configuration guide the ssr supports standards-based tcp, udp, and ip. This chapter describes how to configure ip interfaces and general non-protocol-specific routing parameters. Ip routing protocols the ssr supports standards-based un...
Page 104
Chapter 8: ip routing configuration guide 78 smartswitch router user reference manual exterior gateway protocols are used to transfer information between different “autonomous systems”. The ssr supports the following exterior gateway protocol: • border gateway protocol (bgp) version 3, 4 (rfc 1267, ...
Page 105
Smartswitch router user reference manual 79 chapter 8: ip routing configuration guide configuring ip interfaces to ports you can configure an ip interface directly to a physical port. Each port can be assigned multiple ip addresses representing multiple subnets connected to the physical port. For ex...
Page 106
Chapter 8: ip routing configuration guide 80 smartswitch router user reference manual configuring jumbo frames certain ssr line cards support jumbo frames (frames larger than the standard ethernet frame size of 1518 bytes). See appendix a for more information about features supported on line cards. ...
Page 107
Smartswitch router user reference manual 81 chapter 8: ip routing configuration guide configuring address resolution protocol (arp) the ssr allows you to configure address resolution protocol (arp) table entries and parameters. Arp is used to associate ip addresses with media or mac addresses. Takin...
Page 108
Chapter 8: ip routing configuration guide 82 smartswitch router user reference manual when you enable packets to be dropped for hosts with unresolved mac addresses, the ssr will still attempt to periodically resolve these mac addresses. By default, the ssr sends arp requests at 30-second intervals t...
Page 109
Smartswitch router user reference manual 83 chapter 8: ip routing configuration guide specifying ip interfaces for rarp the rarpd set interface command allows you to specify which interfaces the ssr’s rarp server responds to when sent rarp requests. You can specify individual interfaces or all inter...
Page 110
Chapter 8: ip routing configuration guide 84 smartswitch router user reference manual monitoring rarp you can use the following commands to obtain information about the ssr’s rarp configuration: configuring dns parameters the ssr can be configured to specify dns servers, which supply name services f...
Page 111
Smartswitch router user reference manual 85 chapter 8: ip routing configuration guide • bootp/dhcp (port 67 and 68) • dns (port 37) • netbios name server (port 137) • netbios datagram server (port 138) • tacacs server (port 49) • time service (port 37) to forward udp broadcast packets received on in...
Page 112
Chapter 8: ip routing configuration guide 86 smartswitch router user reference manual configuring denial of service (dos) by default, the ssr installs flows in the hardware so that packets sent as directed broadcasts are dropped in hardware, if directed broadcast is not enabled on the interface wher...
Page 113: Configuring Router Discovery
Smartswitch router user reference manual 87 chapter 8: ip routing configuration guide the following example displays the contents of the routing table. It shows that some of the route entries are for locally connected interfaces (“directly connected”), while some of the other routes are learned from...
Page 114
Chapter 8: ip routing configuration guide 88 smartswitch router user reference manual to start router discovery on the ssr, enter the following command in configure mode: the rdisc start command lets you start router discovery on the ssr. When router discovery is started, the ssr multicasts or broad...
Page 115
Smartswitch router user reference manual 89 chapter 8: ip routing configuration guide to display router discovery information: legend: 1. Information about the rdisc task. 2. Shows when the last router advertisement was sent and when the next advertisement will be sent. 3. The interface on which rou...
Page 116: Configuration Examples
Chapter 8: ip routing configuration guide 90 smartswitch router user reference manual configuration examples assigning ip/ipx interfaces to enable routing on the ssr, you must assign an ip or ipx interface to a vlan. To assign an ip or ipx interface named ‘red’ to the ‘blue’ vlan, enter the followin...
Page 117: Chapter 9
Smartswitch router user reference manual 91 chapter 9 vrrp configuration guide vrrp overview this chapter explains how to set up and monitor the virtual router redundancy protocol (vrrp) on the ssr. Vrrp is defined in rfc 2338. End host systems on a lan are often configured to send packets to a stat...
Page 118
Chapter 9: vrrp configuration guide 92 smartswitch router user reference manual basic vrrp configuration figure 5 shows a basic vrrp configuration with a single virtual router. Routers r1 and r2 are both configured with one virtual router ( vrid=1 ). Router r1 serves as the master and router r2 serv...
Page 119
Smartswitch router user reference manual 93 chapter 9: vrrp configuration guide in vrrp, the router that owns the ip address associated with the virtual router is the master. Any other routers that participate in this virtual router are backups. In this configuration, router r1 is the master for vir...
Page 120
Chapter 9: vrrp configuration guide 94 smartswitch router user reference manual figure 6. Symmetrical vrrp configuration in this configuration, half the hosts use 10.0.0.1/16 as their default route, and half use 10.0.0.2/16. Ip address 10.0.0.1/16 is associated with virtual router vrid=1 , and ip ad...
Page 121
Smartswitch router user reference manual 95 chapter 9: vrrp configuration guide on line 5, router r1 associates ip address 10.0.0.2/16 with virtual router vrid=2 . However, since router r1 does not own ip address 10.0.0.2/16, it is not the default master for virtual router vrid=2 . Configuration of ...
Page 122
Chapter 9: vrrp configuration guide 96 smartswitch router user reference manual figure 7. Multi-backup vrrp configuration in this configuration, router r1 is the master for virtual router vrid=1 and the primary backup for virtual routers vrid=2 and vrid=3 . If router r2 or r3 were to go down, router...
Page 123
Smartswitch router user reference manual 97 chapter 9: vrrp configuration guide configuration of router r1 the following is the configuration file for router r1 in figure 7 . Router r1’s ip address on interface test is 10.0.0.1. There are three virtual routers on this interface: • vrid=1 – ip addres...
Page 124
Chapter 9: vrrp configuration guide 98 smartswitch router user reference manual the following table shows the priorities for each virtual router configured on router r1. Configuration of router r2 the following is the configuration file for router r2 in figure 7 . Line 8 sets the backup priority for...
Page 125
Smartswitch router user reference manual 99 chapter 9: vrrp configuration guide note: since 100 is the default priority, line 9, which sets the priority to 100, is actually unnecessary. It is included for illustration purposes only. Configuration of router r3 the following is the configuration file ...
Page 126
Chapter 9: vrrp configuration guide 100 smartswitch router user reference manual setting the backup priority as described in “multi-backup configuration” on page 95 , you can specify which backup router takes over when the master router goes down by setting the priority for the backup routers. To se...
Page 127: Monitoring Vrrp
Smartswitch router user reference manual 101 chapter 9: vrrp configuration guide setting an authentication key by default, no authentication of vrrp packets is performed on the ssr. You can specify a clear-text password to be used to authenticate vrrp exchanges. To enable authentication, enter the f...
Page 128
Chapter 9: vrrp configuration guide 102 smartswitch router user reference manual ip-redundancy show the ip-redundancy show command reports information about a vrrp configuration. To display information about all virtual routers on interface int1: ssr# ip-redundancy show vrrp interface int1 vrrp virt...
Page 129: Vrrp Configuration Notes
Smartswitch router user reference manual 103 chapter 9: vrrp configuration guide to display vrrp statistics for virtual router 100 on interface int1: to display vrrp information, enter the following commands in enable mode. Vrrp configuration notes • the master router sends keep-alive advertisements...
Page 130
Chapter 9: vrrp configuration guide 104 smartswitch router user reference manual the skew-time depends on the backup router's configured priority: skew-time = ( (256 - priority) / 256 ) therefore, the higher the priority, the faster a backup router will detect that the master is down. For example: –...
Page 131: Chapter 10
Smartswitch router user reference manual 105 chapter 10 rip configuration guide rip overview this chapter describes how to configure the routing information protocol (rip) on the smartswitch router. Rip is a distance-vector routing protocol for use in small networks. Rip is described in rfc 1723. A ...
Page 132
Chapter 10: rip configuration guide 106 smartswitch router user reference manual enabling and disabling rip to enable or disable rip, enter one of the following commands in configure mode. Configuring rip interfaces to configure rip in the ssr, you must first add interfaces to inform rip about attac...
Page 134: Monitoring Rip
Chapter 10: rip configuration guide 108 smartswitch router user reference manual configuring rip route preference you can set the preference of routes learned from rip. To configure rip route preference, enter the following command in configure mode. Configuring rip route default-metric you can defi...
Page 135: Configuration Example
Smartswitch router user reference manual 109 chapter 10: rip configuration guide configuration example show rip information on the specified interface. Rip show interface show rip interface policy information. Rip show interface-policy show detailed information of all rip packets. Rip trace packets ...
Page 136
Chapter 10: rip configuration guide 110 smartswitch router user reference manual ! ! Change default metric-out rip set interface ssr1-if1 metric-out 3.
Page 137: Chapter 11
Smartswitch router user reference manual 111 chapter 11 ospf configuration guide ospf overview open shortest path first routing (ospf) is a shortest path first or link-state protocol. The ssr supports ospf version 2.0, as defined in rfc 1583. Ospf is an interior gateway protocol that distributes rou...
Page 138: Configuring Ospf
Chapter 11: ospf configuration guide 112 smartswitch router user reference manual • type 1 ase • type 2 ase intra-area paths have destinations within the same area. Inter-area paths have destinations in other ospf areas. Both types of autonomous system external (ase) routes are routes to destination...
Page 139
Smartswitch router user reference manual 113 chapter 11: ospf configuration guide • add ip interfaces to ospf areas. • configure ospf interface parameters, if necessary. • add ip networks to ospf areas. • create virtual links, if necessary. Enabling ospf ospf is disabled by default on the ssr. To en...
Page 140
Chapter 11: ospf configuration guide 114 smartswitch router user reference manual default cost of an ospf interface the default cost of an ospf interface is calculated using its bandwidth. A vlan that is attached to an interface could have several ports of differing speeds. The bandwidth of an inter...
Page 141
Smartswitch router user reference manual 115 chapter 11: ospf configuration guide configuring an ospf area ospf areas are a collection of subnets that are grouped in a logical fashion. These areas communicate with other areas via the backbone area. Once ospf areas are created, you can add interfaces...
Page 142
Chapter 11: ospf configuration guide 116 smartswitch router user reference manual configuring ospf area parameters the ssr allows configuration of various ospf area parameters, including stub areas, stub cost and authentication method. Information about routes which are external to the ospf routing ...
Page 143
Smartswitch router user reference manual 117 chapter 11: ospf configuration guide to configure virtual links, enter the following commands in the configure mode. Configuring autonomous system external (ase) link advertisements because of the nature of ospf, the rate at which ases are flooded may nee...
Page 144: Monitoring Ospf
Chapter 11: ospf configuration guide 118 smartswitch router user reference manual • point-to-point. A point-to-point interface can be a serial line using ppp. By default, an ip interface associated with a serial line that is using ppp is treated as an ospf point- to-point network. If an ip interface...
Page 145
Smartswitch router user reference manual 119 chapter 11: ospf configuration guide • ospf show commands allow you to display detailed versions of the various ospf tables. The ospf show commands can only display ospf tables for the router on which the commands are being entered. To display ospf inform...
Page 146: Ospf Configuration Examples
Chapter 11: ospf configuration guide 120 smartswitch router user reference manual ospf configuration examples for all examples in this section, refer to the configuration shown in figure 8 on page 124 . The following configuration commands for router r1: • determine the ip address for each interface...
Page 147
Smartswitch router user reference manual 121 chapter 11: ospf configuration guide exporting all interface & static routes to ospf router r1 has several static routes. We would export these static routes as type-2 ospf routes. The interface routes would be redistributed as type-1 ospf routes. 1. Crea...
Page 148
Chapter 11: ospf configuration guide 122 smartswitch router user reference manual router r1 would like to redistribute its ospf, ospf-ase, rip, static and interface/direct routes into rip. 1. Enable rip on interface 120.190.1.1/16. 2. Create a ospf export destination for type-1 routes. 3. Create a o...
Page 149
Smartswitch router user reference manual 123 chapter 11: ospf configuration guide 9. Create a rip export destination. 10. Create ospf export source. 11. Create ospf-ase export source. 12. Create the export-policy for redistributing all interface, rip, static, ospf and ospf- ase routes into rip. Ip-r...
Page 150
Ch apte r 11: o s pf con figuratio n guid e 1 2 4 s ma rt s w it ch route r us e r refe renc e m a nu al figure 8. Exporting to ospf bgp r1 r2 r3 r41 r42 r6 r11 a r e a b a c k b o n e a r e a 140.1.0.0 (r ip v 2 ) 140.1.1.1/24 140.1.2.1/24 140.1.5/24 140.1.4/24 190.1.1.1/16 120.190.1.1/16 160.1.5.2...
Page 151: Chapter 12
Smartswitch router user reference manual 125 chapter 12 bgp configuration guide bgp overview the border gateway protocol (bgp) is an exterior gateway protocol that allows ip routers to exchange network reachability information. Bgp became an internet standard in 1989 (rfc 1105) and the current versi...
Page 152: Basic Bgp Tasks
Chapter 12: bgp configuration guide 126 smartswitch router user reference manual the ssr bgp implementation the ssr routing protocol implementation is based on gated 4.0.3 code ( http://www.Gated.Org ). Gated is a modular software program consisting of core services, a routing database, and protocol...
Page 153
Smartswitch router user reference manual 127 chapter 12: bgp configuration guide setting the autonomous system number an autonomous system number identifies your autonomous system to other routers. To set the ssr’s autonomous system number, enter the following command in configure mode. The autonomo...
Page 154
Chapter 12: bgp configuration guide 128 smartswitch router user reference manual where: peer-group is a group id, which can be a number or a character string. Type specifies the type of bgp group you are adding. You can specify one of the following: external in the classic external bgp group, full p...
Page 155
Smartswitch router user reference manual 129 chapter 12: bgp configuration guide adding and removing a bgp peer there are two ways to add bgp peers to peer groups. You can explicitly add a peer host, or you can add a network. Adding a network allows for peer connections from any addresses in the ran...
Page 156
Chapter 12: bgp configuration guide 130 smartswitch router user reference manual ( aspath_regexp ) parentheses group subexpressions. An operator, such as * or ? Works on a single element or on a regular expression enclosed in parentheses. An as-path operator is one of the following: aspath_term {m,n...
Page 157
Smartswitch router user reference manual 131 chapter 12: bgp configuration guide as-path regular expression examples to import mci routes with a preference of 165: to import all routes (.* matches all as paths) with the default preference: to export all active routes from 284 or 813 or 814 or 815 or...
Page 158: Bgp Configuration Examples
Chapter 12: bgp configuration guide 132 smartswitch router user reference manual the following is an example: notes on using the as path prepend feature • use the as-count option for external peer-hosts only. • if the as-count option is entered for an active bgp session, routes will not be resent to...
Page 159
Smartswitch router user reference manual 133 chapter 12: bgp configuration guide • bgp multi-exit discriminator (med) attribute • ebgp aggregation • route reflection bgp peering session example the router process used for a specific bgp peering session is known as a bgp speaker. A single router can ...
Page 160
Chapter 12: bgp configuration guide 134 smartswitch router user reference manual figure 9 illustrates a sample bgp peering session. Figure 9. Sample bgp peering session the cli configuration for router ssr1 is as follows: interface create ip et.1.1 address-netmask 10.0.0.1/16 port et.1.1 # # set the...
Page 161
Smartswitch router user reference manual 135 chapter 12: bgp configuration guide the gated.Conf file for router ssr1 is as follows: the cli configuration for router ssr2 is as follows: the gated.Conf file for router ssr2 is as follows: ibgp configuration example connections between bgp speakers with...
Page 162
Chapter 12: bgp configuration guide 136 smartswitch router user reference manual an igp, like ospf, could possibly be used instead of ibgp to exchange routing information between ebgp speakers within an as. However, injecting full internet routes (50,000+ routes) into an igp puts an expensive burden...
Page 163
Smartswitch router user reference manual 137 chapter 12: bgp configuration guide figure 10 shows a sample bgp configuration that uses the routing group type. Figure 10. Sample ibgp configuration (routing group type) ssr6 ssr1 cisco ssr4 lo0 172.23.1.25/30 10.12.1.6/30 10.12.1.5/30 172.23.1.10/30 172...
Page 164
Chapter 12: bgp configuration guide 138 smartswitch router user reference manual in this example, ospf is configured as the igp in the autonomous system. The following lines in the router ssr6 configuration file configure ospf: the following lines in the cisco router configure ospf: the following li...
Page 165
Smartswitch router user reference manual 139 chapter 12: bgp configuration guide the following lines on the cisco router set up ibgp peering with router ssr6. Ibgp internal group example the ibgp internal group expects all peers to be directly attached to a shared subnet so that, like external peers...
Page 166
Chapter 12: bgp configuration guide 140 smartswitch router user reference manual figure 11 illustrates a sample ibgp internal group configuration. Figure 11. Sample ibgp configuration (internal group type) the cli configuration for router ssr1 is as follows: as-1 ssr2 ssr1 17.122.128.2/24 17.122.128...
Page 167
Smartswitch router user reference manual 141 chapter 12: bgp configuration guide the gated.Conf file for router ssr1 is as follows: the cli configuration for router ssr2 is as follows: the gated.Conf file for router ssr2 is as follows: autonomoussystem 1 ; routerid 16.122.128.1 ; bgp yes { traceopti...
Page 168
Chapter 12: bgp configuration guide 142 smartswitch router user reference manual the configuration for router c1 (a cisco router) is as follows: the configuration for router c2 (a cisco router) is as follows: ebgp multihop configuration example ebgp multihop refers to a configuration where external ...
Page 169
Smartswitch router user reference manual 143 chapter 12: bgp configuration guide this sample configuration shows external bgp peers, ssr1 and ssr4, which are not connected to the same subnet. The cli configuration for router ssr1 is as follows: physical link legend: peering relationship ssr1 16.122....
Page 170
Chapter 12: bgp configuration guide 144 smartswitch router user reference manual the gated.Conf file for router ssr1 is as follows: the cli configuration for router ssr2 is as follows: the gated.Conf file for router ssr2 is as follows: the cli configuration for router ssr3 is as follows: autonomouss...
Page 171
Smartswitch router user reference manual 145 chapter 12: bgp configuration guide the gated.Conf file for router ssr3 is as follows: the cli configuration for router ssr4 is as follows: the gated.Conf file for router ssr4 is as follows: community attribute example the following configuration illustra...
Page 172
Chapter 12: bgp configuration guide 146 smartswitch router user reference manual figure 12. Sample bgp configuration (specific community) as-64902 r11 172.26.1.2/16 172.25.1.2/16 192.168.20.2/16 172.25.1.1/16 1.1 r13 1.6 r10 192.169.20.1/16 192.169.20.2/16 100.200.13.1/24 10.200.15.1/24 1.6 r14 as-6...
Page 173
Smartswitch router user reference manual 147 chapter 12: bgp configuration guide figure 13. Sample bgp configuration (well-known community) the community attribute can be used in three ways: 1. In a bgp group statement: any packets sent to this group of bgp peers will have the communities attribute ...
Page 174
Chapter 12: bgp configuration guide 148 smartswitch router user reference manual in figure 13 , router ssr11 has the following configuration: # # create an optional attribute list with identifier color1 for a community # attribute (community-id 160 as 64901) # ip-router policy create optional-attrib...
Page 175
Smartswitch router user reference manual 149 chapter 12: bgp configuration guide in figure 13 , router ssr13 has the following configuration: 3. In an export statement: the optional-attributes-list option of the ip-router policy create bgp-export-destination command may be used to send the bgp commu...
Page 176
Chapter 12: bgp configuration guide 150 smartswitch router user reference manual in figure 13 , router ssr10 has the following configuration: in figure 13 , router ssr14 has the following configuration: any communities specified with the optional-attributes-list option are sent in addition to any re...
Page 177
Smartswitch router user reference manual 151 chapter 12: bgp configuration guide the community attribute may be a single community or a set of communities. A maximum of 10 communities may be specified. The community attribute can take any of the following forms: • specific community the specific com...
Page 178
Chapter 12: bgp configuration guide 152 smartswitch router user reference manual notes on using communities when originating bgp communities, the set of communities that is actually sent is the union of the communities received with the route (if any), those specified in group policy (if any), and t...
Page 179
Smartswitch router user reference manual 153 chapter 12: bgp configuration guide ssr12. Because local preference is exchanged between the routers within the as, all traffic from as 64901 is sent to ssr13 as the exit point. Figure 14. Sample bgp configuration (local preference) the following sections...
Page 180
Chapter 12: bgp configuration guide 154 smartswitch router user reference manual using the local-pref option for router ssr12’s cli configuration file, local-pref is set to 194: for router ssr13, local-pref is set to 204. Using the set-pref option the formula used to compute the local preference is ...
Page 181
Smartswitch router user reference manual 155 chapter 12: bgp configuration guide for example, in figure 14 , routers ssr12, ssr13, and ssr14 have the following line in their cli configuration files: • the value of the set-pref option should be consistent with the import policy in the network. The me...
Page 182
Chapter 12: bgp configuration guide 156 smartswitch router user reference manual routers ssr4 and ssr6 inform router c1 about network 172.16.200.0/24 through external bgp (ebgp). Router ssr6 announced the route with a med of 10, whereas router ssr4 announces the route with a med of 20. Of the two eb...
Page 183
Smartswitch router user reference manual 157 chapter 12: bgp configuration guide router ssr8 has the following cli configuration: router ssr9 has the following cli configuration: route reflection example in some isp networks, the internal bgp mesh becomes quite large, and the ibgp full mesh does not...
Page 184
Chapter 12: bgp configuration guide 158 smartswitch router user reference manual figure 17 shows a sample configuration that uses route reflection. Figure 17. Sample bgp configuration (route reflection) in this example, there are two clusters. Router ssr10 is the route reflector for the first cluste...
Page 185
Smartswitch router user reference manual 159 chapter 12: bgp configuration guide router ssr11 has router ssr12 and router ssr13 as client peers and router ssr10 as non- client peer. The following line in router ssr11’s configuration file specifies it to be a route reflector even though the ibgp peer...
Page 186
Chapter 12: bgp configuration guide 160 smartswitch router user reference manual notes on using route reflection • two types of route reflection are supported: – by default, all routes received by the route reflector from a client are sent to all internal peers (including the client’s group, but not...
Page 187: Chapter 13
Smartswitch router user reference manual 161 chapter 13 routing policy configuration guide route import and export policy overview the ssr family of routers supports extremely flexible routing policies. The ssr allows the network administrator to control import and export of routing information base...
Page 188
Chapter 13: routing policy configuration guide 162 smartswitch router user reference manual preference preference is the value the ssr routing process uses to order preference of routes from one protocol or peer over another. Preference can be set using several different configuration commands. Pref...
Page 189
Smartswitch router user reference manual 163 chapter 13: routing policy configuration guide import policies import policies control the importation of routes from routing protocols and their installation in the routing databases (routing information base and forwarding information base). Import poli...
Page 190
Chapter 13: routing policy configuration guide 164 smartswitch router user reference manual it is only possible to restrict the importation of ospf ase routes when functioning as an as border router. Like the other interior protocols, preference cannot be used to choose between ospf ase routes. That...
Page 191
Smartswitch router user reference manual 165 chapter 13: routing policy configuration guide the routes to be exported can be identified by their associated attributes: • their protocol type (rip, ospf, bgp, static, direct, aggregate). • interface or the gateway from which the route was received. • a...
Page 192
Chapter 13: routing policy configuration guide 166 smartswitch router user reference manual a route will match the most specific filter that applies. Specifying more than one filter with the same destination, mask, and modifiers generates an error. There are three possible formats for a route filter...
Page 193
Smartswitch router user reference manual 167 chapter 13: routing policy configuration guide route aggregation is also used by regional and national networks to reduce the amount of routing information passed around. With careful allocation of network addresses to clients, regional networks can just ...
Page 194
Chapter 13: routing policy configuration guide 168 smartswitch router user reference manual route-filter this component specifies the individual routes that are to be aggregated or summarized. The preference to be associated with these routes can also be explicitly specified using this component. Th...
Page 195
Smartswitch router user reference manual 169 chapter 13: routing policy configuration guide many protocols allow the specification of two authentication keys per interface. Packets are always sent using the primary keys, but received packets are checked with both the primary and secondary keys befor...
Page 196
Chapter 13: routing policy configuration guide 170 smartswitch router user reference manual the from-proto parameter specifies the protocol of the source routes. The values for the from-proto parameter can be rip, ospf, bgp, direct, static, aggregate and ospf-ase. The to- proto parameter specifies t...
Page 197
Smartswitch router user reference manual 171 chapter 13: routing policy configuration guide redistributing rip into rip the ssr routing process requires rip redistribution into rip if a protocol is redistributed into rip. To redistribute rip into rip, enter the following command in configure mode: r...
Page 198
Chapter 13: routing policy configuration guide 172 smartswitch router user reference manual to redistribute aggregate routes, enter one of the following commands in configure mode: simple route redistribution examples example 1: redistribution into rip for all examples given in this section, refer t...
Page 199
Smartswitch router user reference manual 173 chapter 13: routing policy configuration guide exporting a given static route to all rip interfaces router r1 has several static routes of which one is the default route. We would export this default route over all rip interfaces. Exporting all static rou...
Page 200
Chapter 13: routing policy configuration guide 174 smartswitch router user reference manual • specify the static routes configured on the router • determine its ospf configuration exporting all interface & static routes to ospf router r1 has several static routes. We would like to export all these s...
Page 201
Smartswitch router user reference manual 175 chapter 13: routing policy configuration guide in the configuration shown in figure 19 on page 185 , suppose we decide to run rip version 2 on network 120.190.0.0/16, connecting routers r1 and r2. Router r1 would like to export all rip, interface, and sta...
Page 202
Chapter 13: routing policy configuration guide 176 smartswitch router user reference manual routes to be exported can be identified by their associated attributes, such as protocol type, interface or the gateway from which the route was received, and so on. • route filter - this component provides t...
Page 203
Smartswitch router user reference manual 177 chapter 13: routing policy configuration guide creating an export destination to create an export destination, enter one the following commands in configure mode: creating an export source to create an export source, enter one of the following commands in...
Page 204
Chapter 13: routing policy configuration guide 178 smartswitch router user reference manual to create route import policies, enter the following command in configure mode: the is the identifier of the import-source that determines the source of the imported routes. If no routes from a particular sou...
Page 205
Smartswitch router user reference manual 179 chapter 13: routing policy configuration guide creating an aggregate route route aggregation is a method of generating a more general route, given the presence of a specific route. The routing process does not perform any aggregation unless explicitly req...
Page 206
Chapter 13: routing policy configuration guide 180 smartswitch router user reference manual the is the identifier of the route-filter associated with this aggregate. If there is more than one route-filter for any aggregate-destination and aggregate-source combination, then the ip-router policy aggr-...
Page 207
S m a rts wi tc h route r us e r refe re nc e m a nua l 1 8 1 cha pter 13 : ro uting poli cy con figuratio n guid e figure 18. Exporting to rip internet r6 r42 r41 r1 r2 r3 r7 135.3.1.1/24 135.3.2.1/24 135.3.3.1/24 140.1.1.4/24 140.1.1.1/24 130.1.1.1/16 130.1.1.3/16 120.190.1.1/16 120.190.1.2/16 202...
Page 208
Chapter 13: routing policy configuration guide 182 smartswitch router user reference manual the following configuration commands for router r1: • determine the ip address for each interface. • specify the static routes configured on the router. • determine its rip configuration. !+++++++++++++++++++...
Page 209
Smartswitch router user reference manual 183 chapter 13: routing policy configuration guide importing a selected subset of routes from one rip trusted gateway router r1 has several rip peers. Router r41 has an interface on the network 10.51.0.0. By default, router r41 advertises network 10.51.0.0/16...
Page 210
Chapter 13: routing policy configuration guide 184 smartswitch router user reference manual example 2: importing from ospf due to the nature of ospf, only the importation of ase routes may be controlled. Ospf intra-and inter-area routes are always imported into the ssr routing table with a preferenc...
Page 211
S m a rts wi tc h route r us e r refe re nc e m a nua l 1 8 5 cha pter 13 : ro uting poli cy con figuratio n guid e figure 19. Exporting to ospf bgp r1 r2 r3 r41 r42 r6 r11 a r e a b a c k b o n e a r e a 140.1.0.0 (ri p v2 ) 140.1.1.1/24 140.1.2.1/24 140.1.5/24 140.1.4/24 190.1.1.1/16 120.190.1.1/1...
Page 212
Chapter 13: routing policy configuration guide 186 smartswitch router user reference manual the following configuration commands for router r1: • determine the ip address for each interface • specify the static routes configured on the router • determine its ospf configuration importing a selected s...
Page 213
Smartswitch router user reference manual 187 chapter 13: routing policy configuration guide examples of export policies example 1: exporting to rip exporting to rip is controlled by any of protocol, interface or gateway. If more than one is specified, they are processed from most general (protocol) ...
Page 214
Chapter 13: routing policy configuration guide 188 smartswitch router user reference manual exporting a given static route to all rip interfaces router r1 has several static routes, of which one is the default route. We would export this default route over all rip interfaces. 1. Create a rip export ...
Page 215
Smartswitch router user reference manual 189 chapter 13: routing policy configuration guide 4. Create a direct export source since we would like to export direct/interface routes. 5. Create the export-policy redistributing the statically created default route, and all (rip, direct) routes into rip. ...
Page 216
Chapter 13: routing policy configuration guide 190 smartswitch router user reference manual exporting all static routes reachable over a given interface to a specific rip- interface in this case, router r1 would export/redistribute all static routes accessible through its interface 130.1.1.1 to its ...
Page 217
Smartswitch router user reference manual 191 chapter 13: routing policy configuration guide exporting aggregate-routes into rip in the configuration shown in figure 18 on page 181 , suppose you decide to run rip version 1 on network 130.1.0.0/16, connecting routers r1 and r3. Router r1 desires to an...
Page 218
Chapter 13: routing policy configuration guide 192 smartswitch router user reference manual 8. Create the export-policy redistributing all (rip, direct) routes and the aggregate route 140.1.0.0/16 into rip. Example 2: exporting to ospf it is not possible to create ospf intra- or inter-area routes by...
Page 219
Smartswitch router user reference manual 193 chapter 13: routing policy configuration guide exporting all interface & static routes to ospf router r1 has several static routes. We would export these static routes as type-2 ospf routes. The interface routes would redistributed as type 1 ospf routes. ...
Page 220
Chapter 13: routing policy configuration guide 194 smartswitch router user reference manual 4. Create a direct export source since we would like to export interface/direct routes. 5. Create the export-policy for redistributing all interface routes and static routes into ospf. Exporting all rip, inte...
Page 221
Smartswitch router user reference manual 195 chapter 13: routing policy configuration guide 5. Create a rip export source. 6. Create a static export source. 7. Create a direct export source. 8. Create the export-policy for redistributing all interface, rip and static routes into ospf. 9. Create a ri...
Page 222
Chapter 13: routing policy configuration guide 196 smartswitch router user reference manual 12. Create the export-policy for redistributing all interface, rip, static, ospf and ospf- ase routes into rip. Ip-router policy export destination ripexpdst source statexpsrc network all ip-router policy exp...
Page 223: Chapter 14
Smartswitch router user reference manual 197 chapter 14 multicast routing configuration guide ip multicast overview multicast routing on the ssr is supported through dvmrp and igmp. Igmp is used to determine host membership on directly attached subnets. Dvmrp is used to determine forwarding of multi...
Page 224
Chapter 14: multicast routing configuration guide 198 smartswitch router user reference manual the ssr allows per-interface control of the host query interval and response time. Query interval defines the time between igmp queries. Response time defines the time the ssr will wait for host responses ...
Page 225: Configuring Igmp
Smartswitch router user reference manual 199 chapter 14: multicast routing configuration guide configuring igmp you configure igmp on the ssr by performing the following configuration tasks: • creating ip interfaces • setting global parameters that will be used for all the interfaces on which dvmrp ...
Page 226: Configuring Dvmrp
Chapter 14: multicast routing configuration guide 200 smartswitch router user reference manual to configure the host response wait time, enter the following command in configure mode: configuring per-interface control of igmp membership you can configure the ssr to control igmp membership on a per-i...
Page 227
Smartswitch router user reference manual 201 chapter 14: multicast routing configuration guide • configuring dvmrp on individual interfaces. You do so by enabling and disabling dvmrp on interfaces and then setting dvmrp parameters on the interfaces on which dvmrp is disabled • defining dvmrp tunnels...
Page 228
Chapter 14: multicast routing configuration guide 202 smartswitch router user reference manual configuring the dvmrp routing metric you can configure the dvmrp routing metric associated with a set of destinations for dvmrp reports. The default metric is 1. To configure the dvmrp routing metric, ente...
Page 229: Monitoring Igmp & Dvmrp
Smartswitch router user reference manual 203 chapter 14: multicast routing configuration guide to prevent the ssr from forwarding any data destined to a scoped group on an interface, enter the following command in the configure mode: configuring a dvmrp tunnel the ssr supports dvmrp tunnels to the m...
Page 230: Configuration Examples
Chapter 14: multicast routing configuration guide 204 smartswitch router user reference manual configuration examples the following is a sample ssr configuration for dvmrp and igmp. Seven subnets are created. Igmp is enabled on 4 ip interfaces. The igmp query interval is set to 30 seconds. Dvmrp is ...
Page 231
Smartswitch router user reference manual 205 chapter 14: multicast routing configuration guide dvmrp enable interface 172.1.1.10 dvmrp enable interface 207.135.122.11 dvmrp enable interface 207.135.89.64 dvmrp enable interface 10.40.1.10 ! ! Set dvmrp parameters ! Dvmrp set interface 172.1.1.10 neig...
Page 232
Chapter 14: multicast routing configuration guide 206 smartswitch router user reference manual.
Page 233: Chapter 15
Smartswitch router user reference manual 207 chapter 15 ip policy-based forwarding configuration guide overview you can configure the ssr to route ip packets according to policies that you define. Ip policy-based routing allows network managers to engineer traffic to make the most efficient use of t...
Page 234: Configuring Ip Policies
Chapter 15: ip policy-based forwarding configuration guide 208 smartswitch router user reference manual isps. You can also create ip policies to select service providers based on various traffic types. Configuring ip policies to implement an ip policy, you first create a profile for the packets to b...
Page 235
Smartswitch router user reference manual 209 chapter 15: ip policy-based forwarding configuration guide for example, the following command creates an ip policy called “p1” and specifies that packets matching profile “prof1” are forwarded to next-hop gateway 10.10.10.10: you can also set up a policy ...
Page 236
Chapter 15: ip policy-based forwarding configuration guide 210 smartswitch router user reference manual setting load distribution for next-hop gateways you can specify up to four next-hop gateways in an ip-policy statement. If you specify more than one next-hop gateway, you can use the ip-policy set...
Page 237
Smartswitch router user reference manual 211 chapter 15: ip policy-based forwarding configuration guide ip policy configuration examples this section presents some examples of ip policy configurations. The following uses of ip policies are demonstrated: • routing traffic to different isps • prioriti...
Page 238
Chapter 15: ip policy-based forwarding configuration guide 212 smartswitch router user reference manual the following is the ip policy configuration for the policy router in figure 20 : prioritizing service to customers an isp can use policy-based routing on an access router to supply different cust...
Page 239
Smartswitch router user reference manual 213 chapter 15: ip policy-based forwarding configuration guide traffic from the premium customer is load balanced across two next-hop gateways in the high-cost, high-availability network. If neither of these gateways is available, then packets are forwarded b...
Page 240
Chapter 15: ip policy-based forwarding configuration guide 214 smartswitch router user reference manual packets from users defined in the “contractors” group are sent through a firewall. If the firewall cannot be reached packets from the contractors group are dropped. Packets from users defined in t...
Page 241: Monitoring Ip Policies
Smartswitch router user reference manual 215 chapter 15: ip policy-based forwarding configuration guide the following is the configuration for policy router 1 in figure 23 . The following is the configuration for policy router 2 in figure 23 . Monitoring ip policies the ip-policy show command report...
Page 242
Chapter 15: ip policy-based forwarding configuration guide 216 smartswitch router user reference manual for example, to display information about an active ip policy called “p1”, enter the following command in enable mode: legend: 1. The name of the ip policy. 2. The interface where the ip policy wa...
Page 243
Smartswitch router user reference manual 217 chapter 15: ip policy-based forwarding configuration guide 11. The sequence in which the statement is evaluated. Ip policy statements are listed in the order they are evaluated (lowest sequence number to highest). 12. The rule to apply to the packets matc...
Page 244
Chapter 15: ip policy-based forwarding configuration guide 218 smartswitch router user reference manual.
Page 245: Chapter 16
Smartswitch router user reference manual 219 chapter 16 network address translation configuration guide overview note: some commands in this facility require updated ssr hardware. Please refer to appendix a for details. Network address translation (nat) allows an ip address used within one network t...
Page 246: Configuring Nat
Chapter 16: network address translation configuration guide 220 smartswitch router user reference manual the ssr allows you to create the following nat address bindings: • static, one-to-one binding of inside, local address or address pool to outside, global address or address pool. A static address...
Page 247: Forcing Flows Through Nat
Smartswitch router user reference manual 221 chapter 16: network address translation configuration guide setting nat rules static you create nat static bindings by entering the following command in configure mode. Dynamic you create nat dynamic bindings by entering the following command in configure...
Page 248: Managing Dynamic Bindings
Chapter 16: network address translation configuration guide 222 smartswitch router user reference manual managing dynamic bindings as mentioned previously, dynamic address bindings expire only after a period of non-use or when they are manually deleted. The default timeout for dynamic address bindin...
Page 249: Nat And Icmp Packets
Smartswitch router user reference manual 223 chapter 16: network address translation configuration guide the default timeout for dns dynamic address bindings is 30 minutes. You can change this timeout by entering the following command in configure mode: nat and icmp packets nat translates addresses ...
Page 250: Monitoring Nat
Chapter 16: network address translation configuration guide 224 smartswitch router user reference manual monitoring nat to display nat information, enter the following command in enable mode. Configuration examples this section shows examples of nat configurations. Static configuration the following...
Page 251
Smartswitch router user reference manual 225 chapter 16: network address translation configuration guide using static nat static nat can be used when the local and global ip addresses are to be bound in a fixed manner. These bindings never get removed nor time out until the static nat command itself...
Page 252
Chapter 16: network address translation configuration guide 226 smartswitch router user reference manual next, define the interfaces to be nat “inside” or “outside”: then, define the nat dynamic rules by first creating the source acl pool and then configuring the dynamic bindings: using dynamic nat ...
Page 253
Smartswitch router user reference manual 227 chapter 16: network address translation configuration guide dynamic nat with ip overload (pat) configuration the following example configures a dynamic address binding for inside addresses 10.1.1.0/24 to outside address 192.50.20.0/24: the first step is t...
Page 254
Chapter 16: network address translation configuration guide 228 smartswitch router user reference manual the pools and the ssr automatically chooses a free global ip from the global pool for the local ip. Dynamic bindings are removed when the flow count goes to zero or the timeout has been reached. ...
Page 255
Smartswitch router user reference manual 229 chapter 16: network address translation configuration guide using dynamic nat with dns when a client from outside sends a query to the static global ip address of the dns server, nat will translate the global ip address to the local ip address of the dns ...
Page 256
Chapter 16: network address translation configuration guide 230 smartswitch router user reference manual then, define the nat dynamic rules by first creating the source acl pool and then configuring the dynamic bindings: using dynamic nat with matching interface redundancy if you have redundant conn...
Page 257: Chapter 17
Smartswitch router user reference manual 231 chapter 17 web hosting configuration guide overview accessing information on websites for both work or personal purposes is becoming a normal practice for an increasing number of people. For many companies, fast and efficient web access is important for b...
Page 258: Load Balancing
Chapter 17: web hosting configuration guide 232 smartswitch router user reference manual load balancing note: load balancing requires updated ssr hardware. Please refer to appendix a for details. You can use the load balancing feature on the ssr to distribute session load across a group of servers. ...
Page 259
Smartswitch router user reference manual 233 chapter 17: web hosting configuration guide redirects the request to the actual server address and port. Server selection is done according to the specified policy. To add servers to the server group, enter the following command in configure mode: session...
Page 260
Chapter 17: web hosting configuration guide 234 smartswitch router user reference manual directed to the same load balancing server (for example, the server with ip address 10.1.1.1). • sticky persistence: a binding is determined by matching the source and destination ip addresses only. This allows ...
Page 261
Smartswitch router user reference manual 235 chapter 17: web hosting configuration guide optional group or server operating parameters there are several commands you can specify that affect the operating parameters of individual servers or the entire group of load balancing servers. In many cases, t...
Page 262
Chapter 17: web hosting configuration guide 236 smartswitch router user reference manual verifying servers and applications the ssr automatically performs the following types of verification for the attached load balancing servers/applications: • verifies the state of the server by sending a ping to...
Page 263
Smartswitch router user reference manual 237 chapter 17: web hosting configuration guide verifying extended content you can also have the ssr verify the content of an application on one or more load balancing servers. For this type of verification, you specify the following: • a string that the ssr ...
Page 264
Chapter 17: web hosting configuration guide 238 smartswitch router user reference manual to set the status of a load balancing server, enter the following command in enable mode: load balancing and ftp file transfer protocol (ftp) packets require special handling with load balancing, because the ftp...
Page 265
Smartswitch router user reference manual 239 chapter 17: web hosting configuration guide to specify the timeout for load balancing mappings, enter the following command in configure mode: displaying load balancing information to display load balancing information, enter the following commands in ena...
Page 266
Chapter 17: web hosting configuration guide 240 smartswitch router user reference manual web hosting with one virtual group and multiple destination servers in the following example, a company web site is established with a url of www.Ctron.Com. The system administrator configures the networks so th...
Page 267
Smartswitch router user reference manual 241 chapter 17: web hosting configuration guide web hosting with multiple virtual groups and multiple destination servers in the following example, three different servers are used to provide different services for a site. The network shown above can be creat...
Page 268
Chapter 17: web hosting configuration guide 242 smartswitch router user reference manual virtual ip address ranges isps who provide web hosting services for their clients require a large number of virtual ip addresses (vips). The load-balance create vip-range-name and load-balance add host- to-vip-r...
Page 269
Smartswitch router user reference manual 243 chapter 17: web hosting configuration guide the network shown in the previous example can be created with the following load- balance commands: session and netmask persistence in the following example, traffic to a company web site (www.Ctron.Com) is dist...
Page 270: Web Caching
Chapter 17: web hosting configuration guide 244 smartswitch router user reference manual web caching web caching provides a way to store frequently accessed web objects on a cache of local servers. Each http request is transparently redirected by the ssr to a configured cache server. When a user fir...
Page 271
Smartswitch router user reference manual 245 chapter 17: web hosting configuration guide specifying the client(s) for the cache group (optional) you can explicitly specify the hosts whose http requests are or are not redirected to the cache servers. If you do not explicitly specify these hosts, then...
Page 272
Chapter 17: web hosting configuration guide 246 smartswitch router user reference manual configuration example in the following example, a cache group of seven local servers is configured to store web objects for users in the local network: the following commands configure the cache group ‘cache1’ t...
Page 273
Smartswitch router user reference manual 247 chapter 17: web hosting configuration guide which http requests are not redirected to the cache servers, enter the following command in configure mode: proxy server redundancy some networks use proxy servers that receive http requests on a non-standard po...
Page 275: Chapter 18
Smartswitch router user reference manual 249 chapter 18 ipx routing configuration guide ipx routing overview the internetwork packet exchange (ipx) is a datagram connectionless protocol for the novell netware environment. You can configure the ssr for ipx routing and sap. Routers interconnect differ...
Page 276
Chapter 18: ipx routing configuration guide 250 smartswitch router user reference manual this information is immediately broadcast to any neighboring routers. Routers also send periodic rip broadcast packets containing all routing information known to the router. The ssr uses ipx rip to create and m...
Page 277: Configuring Ipx Rip & Sap
Smartswitch router user reference manual 251 chapter 18: ipx routing configuration guide configuring ipx rip & sap this section provides an overview of configuring various ipx parameters and setting up ipx interfaces. Ipx rip on the ssr, rip automatically runs on all ipx interfaces. The ssr will kee...
Page 278
Chapter 18: ipx routing configuration guide 252 smartswitch router user reference manual configuring ipx interfaces and parameters this section provides an overview of configuring various ipx parameters and setting up ipx interfaces. Configuring ipx addresses to ports you can configure one ipx inter...
Page 279: Configuring Ipx Routing
Smartswitch router user reference manual 253 chapter 18: ipx routing configuration guide specifying ipx encapsulation method the smartswitch router supports four encapsulation types for ipx. You can configure encapsulation type on a per-interface basis. • ethernet ii: the standard arpa ethernet vers...
Page 280
Chapter 18: ipx routing configuration guide 254 smartswitch router user reference manual configuring static routes in a novell netware network, the ssr uses rip to determine the best paths for routing ipx. However, you can add static rip routes to rip routing table to explicitly specify a route. To ...
Page 281
Smartswitch router user reference manual 255 chapter 18: ipx routing configuration guide to create an ipx access control list, perform the following task in the configure mode: once an ipx access control list has been created, you must apply the access control list to an ipx interface. To apply an i...
Page 282
Chapter 18: ipx routing configuration guide 256 smartswitch router user reference manual creating an ipx gns access control list ipx gns access control lists control which sap services the ssr can reply with to a get nearest server (gns) request. To create an ipx gns access control list, enter the f...
Page 283: Monitoring An Ipx Network
Smartswitch router user reference manual 257 chapter 18: ipx routing configuration guide monitoring an ipx network the ssr reports ipx interface information and rip or sap routing information. To display ipx information, enter the following command in enable mode: configuration examples this example...
Page 284
Chapter 18: ipx routing configuration guide 258 smartswitch router user reference manual !Add static sap ipx add sap 0004 fileserver1 9.03:04:05:06:07:08 452 1 aaaaaaaa ! !Rip access list acl 100 deny ipxrip 1 2 ! !Rip inbound filter acl 100 apply interface ipx1 input ! !Sap access list acl 200 deny...
Page 285: Chapter 19
Smartswitch router user reference manual 259 chapter 19 access control list configuration guide this chapter explains how to configure and use access control lists (acls) on the ssr. Acls are lists of selection criteria for specific types of packets. When used in conjunction with certain ssr functio...
Page 286: Acl Basics
Chapter 19: access control list configuration guide 260 smartswitch router user reference manual acl basics an acl consists of one or more rules describing a particular type of ip or ipx traffic. Acls can be simple, consisting of only one rule, or complicated with many rules. Each rule tells the ssr...
Page 288
Chapter 19: access control list configuration guide 262 smartswitch router user reference manual how acl rules are evaluated for an acl with multiple rules, the ordering of the rules is important. When the ssr checks a packet against an acl, it goes through each rule in the acl sequentially. If a pa...
Page 289
Smartswitch router user reference manual 263 chapter 19: access control list configuration guide with the implicit deny rule, this acl actually has three rules: if a packet comes in and doesn't match the first two rules, the packet is dropped. This is because the third rule (the implicit deny rule) ...
Page 290
Chapter 19: access control list configuration guide 264 smartswitch router user reference manual you would have to create an acl to allow responses from each specific outside host. If the number of outside hosts that internal users need to access is large or changes frequently, this can be difficult...
Page 291
Smartswitch router user reference manual 265 chapter 19: access control list configuration guide suppose the following acl commands are stored in a file on some hosts: the first command, no acl *, negates all commands that start with the keyword, “acl”. This tells the ssr to remove the application a...
Page 292: Using Acls
Chapter 19: access control list configuration guide 266 smartswitch router user reference manual if you edit and save changes to an acl that is currently being used or applied to an interface, the changes will take effect immediately. There is no need to remove the acl from the interface before maki...
Page 293
Smartswitch router user reference manual 267 chapter 19: access control list configuration guide application). Note that for an external agent to modify or remove an applied acl from an interface, the acl-policy enable external command must be in the configuration. In general, you should try to appl...
Page 294
Chapter 19: access control list configuration guide 268 smartswitch router user reference manual like acls that are applied to interfaces, acls that are applied to layer 4 bridging ports can be applied to either inbound or outbound traffic. For each port, only one acl can be applied for the inbound ...
Page 295
Smartswitch router user reference manual 269 chapter 19: access control list configuration guide • unlike with other kinds of acls, there is no implicit deny rule for profile acls. • only certain acl rule parameters are relevant for each configuration command. For example, the configuration command ...
Page 296
Chapter 19: access control list configuration guide 270 smartswitch router user reference manual criteria (in this case, flows from source address 1.2.2.2). Then you use a rate-limit command to specify what happens to packets that match the selection criteria (in this example, drop them if their ban...
Page 297
Smartswitch router user reference manual 271 chapter 19: access control list configuration guide once you have defined a profile acl, you can then use the nat create dynamic command to bind the range of ip addresses defined in the local profile to a range in network 192.50.20.0/24. See “network addr...
Page 298
Chapter 19: access control list configuration guide 272 smartswitch router user reference manual redirecting http traffic to cache servers you can use a profile acl to specify which http traffic should always (or never) be redirected to the cache servers. (by default, when web caching is enabled, al...
Page 299: Enabling Acl Logging
Smartswitch router user reference manual 273 chapter 19: access control list configuration guide enabling acl logging to see whether incoming packets are permitted or denied because of an acl, you can enable acl logging. You can enable logging when applying the acl or you can enable logging for a sp...
Page 300: Monitoring Acls
Chapter 19: access control list configuration guide 274 smartswitch router user reference manual monitoring acls the ssr provides a display of acl configurations active in the system. To display acl information, enter the following commands in enable mode. Show all acls. Acl show all show a specific...
Page 301: Chapter 20
Smartswitch router user reference manual 275 chapter 20 security configuration guide security overview the ssr provides security features that help control access to the ssr and filter traffic going through the ssr. Access to the ssr can be controlled by: • enabling radius • enabling tacacs • enabli...
Page 302
Chapter 20: security configuration guide 276 smartswitch router user reference manual configuring ssr access security this section describes the following methods of controlling access to the ssr: • radius • tacacs • tacacs plus • passwords configuring radius you can secure login or enable mode acce...
Page 303
Smartswitch router user reference manual 277 chapter 20: security configuration guide monitoring radius you can monitor radius configuration and statistics within the ssr. To monitor radius, enter the following commands in enable mode: configuring tacacs in addition, enable mode access to the ssr ca...
Page 304
Chapter 20: security configuration guide 278 smartswitch router user reference manual configuring tacacs plus you can secure login or enable mode access to the ssr by enabling a tacacs plus client. A tacacs plus server responds to the ssr tacacs plus client to provide authentication. You can configu...
Page 305: Layer-2 Security Filters
Smartswitch router user reference manual 279 chapter 20: security configuration guide monitoring tacacs plus you can monitor tacacs plus configuration and statistics within the ssr. To monitor tacacs plus, enter the following commands in enable mode: configuring passwords the ssr provides password a...
Page 306
Chapter 20: security configuration guide 280 smartswitch router user reference manual a secure filter shuts down access to the ssr based on mac addresses. All packets received by a port are dropped. When combined with static entries, however, these filters can be used to drop all received traffic bu...
Page 307
Smartswitch router user reference manual 281 chapter 20: security configuration guide configuring layer-2 port-to-address lock filters port address lock filters allow you to bind or “lock” specific source mac addresses to a port or set of ports. Once a port is locked, only the specified source mac a...
Page 308
Chapter 20: security configuration guide 282 smartswitch router user reference manual configuring layer-2 secure port filters secure port filters block access to a specified port. You can use a secure port filter by itself to secure unused ports. Secure port filters can be configured as source or de...
Page 309
Smartswitch router user reference manual 283 chapter 20: security configuration guide monitoring layer-2 security filters the ssr provides display of layer-2 security filter configurations contained in the routing table. To display security filter information, enter the following commands in enable ...
Page 310
Chapter 20: security configuration guide 284 smartswitch router user reference manual destination filter: no one from the engineering group (port et.1.1) should be allowed to access the finance server. All traffic destined to the finance server's mac will be dropped. Flow filter: only the consultant...
Page 311
Smartswitch router user reference manual 285 chapter 20: security configuration guide note: if the consultant’s mac is detected on a different port, all of its traffic will be blocked. Example 2 : secure ports source secure port: to block all engineers on port 1 from accessing all other ports, enter...
Page 312
Chapter 20: security configuration guide 286 smartswitch router user reference manual layer-4 bridging and filtering layer-4 bridging is the ssr’s ability to use layer-3/4 information to perform filtering or qos during bridging. As described in “layer-2 security filters” above, you can configure por...
Page 313
Smartswitch router user reference manual 287 chapter 20: security configuration guide creating a port-based vlan for layer-4 bridging the ports to be used in layer-4 bridging must all be on the same vlan. To create a port- based vlan, enter the following command in configure mode: for example, to cr...
Page 314
Chapter 20: security configuration guide 288 smartswitch router user reference manual in the example in figure 25 on page 286 , to allow the consultants access to the file server for e-mail (smtp) traffic, but not for web (http) traffic — and allow e-mail, web, and ftp traffic between the engineers ...
Page 315
Smartswitch router user reference manual 289 chapter 20: security configuration guide • if you use a smarttrunk in a with layer-4 bridging vlan, the ssr maintains the packet order on a per-flow basis, rather than per-mac pair. This means that for traffic between a mac pair consisting of more than on...
Page 316
Chapter 20: security configuration guide 290 smartswitch router user reference manual.
Page 317: Chapter 21
Smartswitch router user reference manual 291 chapter 21 qos configuration guide qos & layer-2/layer-3/layer-4 flow overview the ssr allows network managers to identify traffic and set quality of service (qos) policies without compromising wire speed performance. The ssr can guarantee bandwidth on an...
Page 318
Chapter 21: qos configuration guide 292 smartswitch router user reference manual within the ssr, qos policies are used to classify layer-2, layer-3, and layer-4 traffic into the following priority queues (in order from highest priority to lowest): • control (for router control traffic; the remaining...
Page 319
Smartswitch router user reference manual 293 chapter 21: qos configuration guide precedence for layer-3 flows a precedence from 1 - 7 is associated with each field in a flow. The ssr uses the precedence value associated with the fields to break ties if packets match more than one flow. The highest p...
Page 320
Chapter 21: qos configuration guide 294 smartswitch router user reference manual if a port operates in flow-bridging mode, you can be more specific and configure priorities for frames that match both a source and a destination mac address and a vlan id. You can also specify a list of ports to apply ...
Page 321
Smartswitch router user reference manual 295 chapter 21: qos configuration guide you can create one or more priority maps that are different from the default priority map and then apply these maps to some or all ports of the ssr. The new priority mapping replaces the default mappings for those ports...
Page 322
Chapter 21: qos configuration guide 296 smartswitch router user reference manual configured to use the default priority map only. If the commands to create and apply priority maps exist in the active configuration, they will remain in the configuration but be ineffective. To disable the use of prior...
Page 323
Smartswitch router user reference manual 297 chapter 21: qos configuration guide setting an ip qos policy to set a qos policy on an ip traffic flow, enter the following command in configure mode: for example, the following command assigns control priority to any traffic coming from the 10.10.11.0 ne...
Page 324
Chapter 21: qos configuration guide 298 smartswitch router user reference manual specifying precedence for an ipx qos policy to specify the precedence for an ipx qos policy, enter the following command in configure mode: configuring ssr queueing policy the ssr queuing policy is set on a system-wide ...
Page 325: Tos Rewrite
Smartswitch router user reference manual 299 chapter 21: qos configuration guide weighted random early detection (wred) random early detection (wred) alleviates traffic congestion issues by selectively dropping packets before the queue becomes completely flooded. Wred parameters allow you to set con...
Page 326
Chapter 21: qos configuration guide 300 smartswitch router user reference manual for example, setting the tos field to 0010 specifies that a packet will be routed on the most reliable paths. Setting the tos field to 1000 specifies that a packet will be routed on the paths with the least delay. (refe...
Page 327
Smartswitch router user reference manual 301 chapter 21: qos configuration guide are rewritten to the value and the lower five bits are rewritten to the value. For example, the following command will rewrite the tos precedence field to 7 if the tos precedence field of the incoming packet is 6: in th...
Page 328: Monitoring Qos
Chapter 21: qos configuration guide 302 smartswitch router user reference manual monitoring qos the ssr provides display of qos statistics and configurations contained in the ssr. To display qos information, enter the following commands in enable mode: show all ip qos flows. Qos show ip show all ipx...
Page 329: Limiting Traffic Rate
Smartswitch router user reference manual 303 chapter 21: qos configuration guide limiting traffic rate note: some commands in this facility require updated ssr hardware. Please refer to appendix a for details. Rate limiting provides the ability to control the usage of a fundamental network resource,...
Page 330
Chapter 21: qos configuration guide 304 smartswitch router user reference manual to enable aggregate rate limiting mode on the ssr, enter the following command in configure mode: to change the rate limiting mode on the ssr back to per-flow mode, negate the above command. Per-flow rate limiting use a...
Page 331
Smartswitch router user reference manual 305 chapter 21: qos configuration guide to define a port rate limit policy, enter one of the following commands in configure mode: note that for output port policies, the only action that you can specify if traffic exceeds the specified rate is to drop packet...
Page 332
Chapter 21: qos configuration guide 306 smartswitch router user reference manual to define an aggregate rate limit policy and apply the policy to an interface, enter the following commands in configure mode: note: you cannot use non-ip acls for aggregate rate limit policies. Example configurations t...
Page 333
Smartswitch router user reference manual 307 chapter 21: qos configuration guide traffic from two interfaces, ‘ipclient1’ with ip address 1.2.2.2 and ‘ipclient2’ with ip address 3.1.1.1, is restricted to 10 mbps for each flow with the following configuration: aggregate rate limiting in the following...
Page 335: Chapter 22
Smartswitch router user reference manual 309 chapter 22 performance monitoring guide performance monitoring overview the ssr is a full wire-speed layer-2, 3 and 4 switching router. As packets enter the ssr, layer-2, 3, and 4 flow tables are populated on each line card. The flow tables contain inform...
Page 336
Chapter 22: performance monitoring guide 310 smartswitch router user reference manual show information about the master mac table. L2-tables show mac-table-stats show information about a particular mac address. L2-tables show mac show info about multicasts registered by igmp. L2-tables show igmp-mca...
Page 337
Smartswitch router user reference manual 311 chapter 22: performance monitoring guide configuring the ssr for port mirroring the ssr allows you to monitor activity with port mirroring. Port mirroring allows you to monitor the performance and activities of ports on the ssr or for traffic defined by a...
Page 338
Chapter 22: performance monitoring guide 312 smartswitch router user reference manual.
Page 339: Chapter 23
Smartswitch router user reference manual 313 chapter 23 rmon configuration guide rmon overview you can employ remote network monitoring (rmon) in your network to help monitor traffic at remote points on the network. With rmon, data collection and processing is done with a remote probe, namely the ss...
Page 340
Chapter 23: rmon configuration guide 314 smartswitch router user reference manual configuring and enabling rmon by default, rmon is disabled on the ssr. To configure and enable rmon on the ssr, follow these steps: 1. Turn on the lite, standard, or professional rmon groups by entering the rmon set li...
Page 341
Smartswitch router user reference manual 315 chapter 23: rmon configuration guide rmon groups the rmon mib groups are defined in rfcs 1757 (rmon 1) and 2021 (rmon 2). On the ssr, you can configure one or more levels of rmon support for a set of ports. Each level—lite, standard, or professional—enabl...
Page 342
Chapter 23: rmon configuration guide 316 smartswitch router user reference manual standard rmon groups this section describes the rmon groups that are enabled when you specify the standard support level. The standard rmon groups are shown in the table below. Professional rmon groups the professional...
Page 343
Smartswitch router user reference manual 317 chapter 23: rmon configuration guide control tables many rmon groups contain both control and data tables. Control tables specify what statistics are to be collected. For example, you can specify the port for which statistics are to be collected and the o...
Page 344: Using Rmon
Chapter 23: rmon configuration guide 318 smartswitch router user reference manual a row in the control table is created for each port on the ssr, with the owner set to “monitor”. If you want, you can change the owner by using the appropriate rmon command. See the section “configuring rmon groups” in...
Page 345: Configuring Rmon Groups
Smartswitch router user reference manual 319 chapter 23: rmon configuration guide following command: configuring rmon groups as mentioned previously, control tables in many rmon groups specify the data that is to be collected for the particular rmon group. If the information you want to collect is i...
Page 347
Smartswitch router user reference manual 321 chapter 23: rmon configuration guide configuration examples this section shows examples of configuration commands that specify an event that generates an snmp trap and the alarm condition that triggers the event. The rmon alarm group allows the ssr to pol...
Page 348: Displaying Rmon Information
Chapter 23: rmon configuration guide 322 smartswitch router user reference manual • samples taken at 300 second (5 minute) intervals. • a “startup” alarm generation condition instructing the ssr to generate an alarm if the sample is greater than or equal to the rising threshold or less than or equal...
Page 349
Smartswitch router user reference manual 323 chapter 23: rmon configuration guide 1 to display ethernet statistics and related statistics for wan ports, rmon has to be activated on that port. To activate rmon on a port, use the frame-relay define service or ppp define service command, and the frame-...
Page 350
Chapter 23: rmon configuration guide 324 smartswitch router user reference manual the following shows host table output without a cli filter: the following shows the same rmon show hosts command with a filter applied so that only hosts with inpkts greater than 500 are displayed: rmon cli filters can...
Page 351: Troubleshooting Rmon
Smartswitch router user reference manual 325 chapter 23: rmon configuration guide creating rmon cli filters to create rmon cli filters, use the following cli command in configure mode: using rmon cli filters to see and use rmon cli filters, use the following cli command in user or enable mode: troub...
Page 352
Chapter 23: rmon configuration guide 326 smartswitch router user reference manual check the following fields on the rmon show status command output: 1. Make sure that rmon has been enabled on the ssr. When the ssr is booted, rmon is off by default. Rmon is enabled with the rmon enable command. 2. Ma...
Page 353: Allocating Memory to Rmon
Smartswitch router user reference manual 327 chapter 23: rmon configuration guide allocating memory to rmon rmon allocates memory depending on the number of ports enabled for rmon, the rmon groups that have been configured, and whether or not default tables have been turned on or off. Enabling rmon ...
Page 354
Chapter 23: rmon configuration guide 328 smartswitch router user reference manual to set the amount of memory allocated to rmon, use the following cli command in user or enable mode: specifies the total amount of mbytes of memory allocated to rmon. Rmon set memory.
Page 355: Chapter 24
Smartswitch router user reference manual 329 chapter 24 lfap configuration guide overview the lightweight flow accounting protocol (lfap) agent, defined in rfc 2124, is a tcp- oriented protocol used to push accounting information collected on the ssr to a flow accounting server (fas). The lfap agent...
Page 356
Chapter 24: lfap configuration guide 330 smartswitch router user reference manual cabletron’s traffic accounting services cabletron’s accounting services consists of the following components: • lfap agent on the ssr that collects application flow accounting information and sends it to the cabletron ...
Page 357
Smartswitch router user reference manual 331 chapter 24: lfap configuration guide attempts to connect to it via tcp first. If the connection fails, then the next configured fas is tried. A fas can be configured as the primary fas for one group of ssrs and the secondary fas for another group of ssrs....
Page 358
Chapter 24: lfap configuration guide 332 smartswitch router user reference manual monitoring the lfap agent on the ssr the lfap show commands display information about the configuration of the lfap agent on the ssr and its current status. Use the following commands in enable mode to view lfap agent ...
Page 359: Chapter 25
Smartswitch router user reference manual 333 chapter 25 wan configuration guide this chapter provides an overview of wide area network (wan) applications as well as an overview of both frame relay and ppp configuration for the ssr. In addition, you can view an example of a multi-router wan configura...
Page 360
Chapter 25: wan configuration guide 334 smartswitch router user reference manual using the same approach, a ppp high-speed serial interface (hssi) wan port located at router slot 3, port 2 would be identified as “hs.3.2”. Configuring wan interfaces configuring ip & ipx interfaces for the wan is gene...
Page 361
Smartswitch router user reference manual 335 chapter 25: wan configuration guide the following command line displays an example for a vlan: mapped addresses mapped peer ip/ipx addresses are very similar to static addresses in that inarp is disabled for frame relay and the address negotiated in ipcp/...
Page 362
Chapter 25: wan configuration guide 336 smartswitch router user reference manual the following command line displays an example for a vlan: forcing bridged encapsulation wan for the ssr has the ability to force bridged packet encapsulation. This feature has been provided to facilitate seamless compa...
Page 363
Smartswitch router user reference manual 337 chapter 25: wan configuration guide average packet size in most cases, the larger the packet size, the better the potential compression ratio. This is due to the overhead involved with compression, as well as the compression algorithm. For example a link ...
Page 364
Chapter 25: wan configuration guide 338 smartswitch router user reference manual the following command line displays an example for ppp: packet encryption packet encryption allows data to travel through unsecured networks. You can enable packet encryption for ppp ports, however, both ends of a link ...
Page 365
Smartswitch router user reference manual 339 chapter 25: wan configuration guide source filtering and acls source filtering and acls can be applied to a wan interface; however, they affect the entire module, not an individual port. For example, if you want to apply a source mac address filter to a w...
Page 366: Frame Relay Overview
Chapter 25: wan configuration guide 340 smartswitch router user reference manual works with ip precedence or priority, as defined in the qos configuration command line, to provide preferential traffic handling for higher-priority traffic. The cli commands related to red in both the frame relay and p...
Page 367
Smartswitch router user reference manual 341 chapter 25: wan configuration guide permanent virtual circuits (pvcs) wan interfaces can take advantage of connections that assure a minimum level of available bandwidth at all times. These standing connections, called permanent virtual circuits (pvcs), a...
Page 368
Chapter 25: wan configuration guide 342 smartswitch router user reference manual setting up a frame relay service profile once you have defined the type and location of your frame relay wan interface(s), you can configure your ssr to more efficiently utilize available bandwidth for frame relay commu...
Page 369
Smartswitch router user reference manual 343 chapter 25: wan configuration guide monitoring frame relay wan ports once you have configured your frame relay wan interface(s), you can use the cli to monitor status and statistics for your wan ports. The following table describes the monitoring commands...
Page 370
Chapter 25: wan configuration guide 344 smartswitch router user reference manual • committed information rate (cir) of 20 million bits per second • leave high-, low-, and medium-priority queue depths set to factory defaults • random early discard (red) disabled • rmon enabled the command line necess...
Page 371: Configuring Ppp Interfaces
Smartswitch router user reference manual 345 chapter 25: wan configuration guide point-to-point protocol (ppp) overview because of its ability to quickly and easily accommodate ip and ipx protocol traffic, point- to-point protocol (ppp) routing has become a very important aspect of wan configuration...
Page 372
Chapter 25: wan configuration guide 346 smartswitch router user reference manual wan interfaces, then apply a service profile to the desired interface(s). Examples of this process are displayed in “ppp port configuration” on page 348 . Defining the type and location of a ppp interface to configure a...
Page 373
Smartswitch router user reference manual 347 chapter 25: wan configuration guide note: if it is necessary to specify a value for bridging, ip, and/or ipx, you must specify all three of these values at the same time. You cannot specify just one or two of them in the command line without the other(s)....
Page 374: Monitoring Ppp Wan Ports
Chapter 25: wan configuration guide 348 smartswitch router user reference manual processing by mlp. If compression is enabled on a link, the packets will be compressed after the mlp processing. In general, choose bundle compression over link compression whenever possible. Compressing packets before ...
Page 375
Smartswitch router user reference manual 349 chapter 25: wan configuration guide suppose you wish to set up a service profile called “profile2” that includes the following characteristics: • bridging enabled • leave high-, low-, and medium-priority queue depths set to factory defaults • ip and ipx e...
Page 376: Wan Configuration Examples
Chapter 25: wan configuration guide 350 smartswitch router user reference manual wan configuration examples simple configuration file the following is an example of a simple configuration file used to test frame relay and ppp wan ports: for a broader, more application-oriented wan configuration exam...
Page 377
Smartswitch router user reference manual 351 chapter 25: wan configuration guide multi-router wan configuration the following is a diagram of a multi-router wan configuration encompassing three subnets. From the diagram, you can see that r1 is part of both subnets 1 and 2; r2 is part of both subnets...
Page 378
Chapter 25: wan configuration guide 352 smartswitch router user reference manual router r1 configuration file the following configuration file applies to router r1. Router r2 configuration file the following configuration file applies to router r2. ---------------------------------------------------...
Page 379
Smartswitch router user reference manual 353 chapter 25: wan configuration guide router r3 configuration file the following configuration file applies to router r3. Router r4 configuration file the following configuration file applies to router r4. Rip add interface all rip set interface all version...
Page 380
Chapter 25: wan configuration guide 354 smartswitch router user reference manual router r5 configuration file the following configuration file applies to router r5. Router r6 configuration file the following configuration file applies to router r6. Port set et.1.* duplex full frame-relay create vc p...
Page 381
Smartswitch router user reference manual 355 chapter 25: wan configuration guide port set hs.3.1 wan-encapsulation frame-relay speed 45000000 frame-relay create vc port hs.3.1.106 frame-relay define service cirforr1tor6 cir 45000000 bc 450000 frame-relay apply service cirforr1tor6 ports hs.3.1.106 v...
Page 382
Chapter 25: wan configuration guide 356 smartswitch router user reference manual.
Page 383: Appendix A
Smartswitch router user reference manual 357 appendix a new features supported on line cards introduction some of the features in firmware versions 3.0 and 3.1 are only supported on certain line cards. The following sections list ssr line cards and the firmware features that are supported on each ca...
Page 384
Appendix a: new features supported on line cards 358 smartswitch router user reference manual the following table lists the line cards available for the ssr 8000/8600 prior to the 3.0 firmware release and the supported features. Line cards introduced at the 3.0 firmware release (-aa revision) line c...
Page 385
Smartswitch router user reference manual 359 appendix a: new features supported on line cards in addition, these cards support all pre-3.0 firmware features. All cards, except for the gigabit ethernet cards, also support wfq. The following table lists the line cards introduced for the ssr 8000/8600 ...
Page 386
Appendix a: new features supported on line cards 360 smartswitch router user reference manual line card part number pre-3.0 ssr firmware features wfq listed 3.0 features routing table on line card, wred, per port rate limiting jumbo frame support ssr-pos21-04 (pos oc-3c mmf) x x x x x ssr-pos29-04 (...
Page 387: Ssr 2000 Line Cards
Smartswitch router user reference manual 361 appendix a: new features supported on line cards ssr 2000 line cards the following table lists the line cards available for the ssr 2000 and the supported features: line card part number pre-3.0 ssr firmware features wfq listed 3.0 features standard chass...
Page 388
Appendix a: new features supported on line cards 362 smartswitch router user reference manual new features that require specific line cards t-series line cards, -aa revision line cards, and non -aa revision line cards can be used in the same chassis. Version 3.0 and later firmware can detect the rev...
Page 389
Smartswitch router user reference manual 363 appendix a: new features supported on line cards.
Page 390
Appendix a: new features supported on line cards 364 smartswitch router user reference manual when multiple routers are connected together, only the router using network address translation requires the -aa or t-series line card. In diagram 2, only router w requires the -aa or t-series line card sin...
Page 391
Smartswitch router user reference manual 365 appendix a: new features supported on line cards when load balancing is implemented in a single system, the ports that attach to both incoming and outgoing interfaces must reside on -aa or t-series line cards. If the servers are load-sharing across multip...
Page 392
Appendix a: new features supported on line cards 366 smartswitch router user reference manual when a vlan spans across multiple ssrs with 802.1q trunk ports, the requirements for -aa or t-series line cards depend on how layer 4 bridging is deployed. In diagram 4, yellow and blue vlans are created ac...
Page 393
Smartswitch router user reference manual 367 appendix a: new features supported on line cards on ssr c since ssr c does not have a -aa or t-series line card. Ssr c would drop all sna traffic since its module would not recognize sna traffic. Qos rate limiting there are three types of rate limiting su...
Page 394
Appendix a: new features supported on line cards 368 smartswitch router user reference manual tos rewrite the tos rewrite command allows a network administrator to change the value in the tos octet (which includes both the precedence or tos fields) in each ip packet. The ssr looks at every ip packet...
Page 395: Summary
Smartswitch router user reference manual 369 appendix a: new features supported on line cards weighted random early detection (wred) weighted random early detection (wred) algorithms can alleviate traffic congestion. Wred allows you to set conditions and limits for the selective dropping of packets ...
Page 396: Identifying A Line Card
Appendix a: new features supported on line cards 370 smartswitch router user reference manual identifying a line card atm, packet-over-sonet, and 16-port 10/100 base-tx line cards are t-series line cards introduced with the 3.1 firmware release. The following gigabit ethernet line cards are also t-s...
Page 397
Smartswitch router user reference manual 371 appendix a: new features supported on line cards example 2: ssr# system show hardware verbose : : slot cm/1, module: 10/100-tx rev. 1.0 service string: 2_d1.2_0.512_i2.0_2_o2.0_0.512 : : the above service string shows a “non -aa” 10/100 base tx line card....
Page 398
Appendix a: new features supported on line cards 372 smartswitch router user reference manual.