X-Pedition™ Security Router XSR CLI Reference Guide Version 7.
Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its Web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this document is subject to change without notice.
Enterasys Networks, Inc. FIRMWARE LICENSE AGREEMENT BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc.
4) EXPORT RESTRICTIONS. You understand that Enterasys and its Affiliates are subject to regulation by agencies of the U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products to certain countries, unless a license to export the Program is obtained from the U.S. Government or an exception from obtaining such license may be relied upon by the exporting party.
9) OWNERSHIP. This is a license agreement and not an agreement for sale. You acknowledge and agree that the Program constitutes trade secrets and/or copyrighted material of Enterasys and/or its suppliers. You agree to implement reasonable security measures to protect such trade secrets and copyrighted material. All right, title and interest in and to the Program shall remain with Enterasys and/or its suppliers. All rights not specifically granted to You shall be reserved to Enterasys. 10) ENFORCEMENT.
Contents Preface Chapter 1: Network Management Observing Syntax and Conventions ............................................................................................................... 1-1 Network Management Commands ................................................................................................................. 1-1 General Network Management Commands ...................................................................................................1-2 General Show Commands .........
ARP Commands ......................................................................................................................................... 5-149 Other IP Commands ................................................................................................................................... 5-151 IP Clear and Show Commands .................................................................................................................. 5-168 Network Address Translation Commands ..............
QoS Show Commands ............................................................................................................................. 12-105 Chapter 13: Configuring ADSL Observing Syntax and Conventions ........................................................................................................... 13-83 ADSL Configuration Commands ................................................................................................................ 13-83 CMV Commands ........................
viii
Preface This guide describes the Command Line Interface (CLI) commands needed to mount, connect, power‐up, and maintain an XSR from Enterasys Networks. This guide is written for administrators who want to configure the XSR or experienced users who are knowledgeable in basic networking principles. Contents of the Guide Information in this guide is arranged as follows: • Chapter 1, Network Management, describes fundamental network control commands.
Conventions Used in This Guide The following conventions are used in this guide: Caution: Contains information essential to avoid damage to the equipment. Cautela: Contiene información esencial para prevenir dañar el equipo. Achtung: Verweißt auf wichtige Informationen zum Schutz gegen Beschädigungen. Note: Calls the reader’s attention to any item of information that may be of special importance.
FTP Login Password ftp://ftp.enterasys.com anonymous your Email address Acquire the latest image and Release Notes http://www.enterasys.com/download Additional documentation http://www.enterasys.com/support/manuals Forward comments or suggestions techwriting@enterasys.com To expedite your message, type [techwriting] in the subject line, and include the document Part Number in the Email.
xii
1 Network Management Observing Syntax and Conventions The CLI Syntax and conventions use the notation described in the following table.
General Network Management Commands General Network Management Commands banner This command creates a login banner at the XSR’s CLI prompt. Text is entered one line at time and should not exceed 80 characters per line. Each successive entry adds a line to the banner, as shown in the example. Syntax banner login bannerLine bannerLine Text to be displayed at login. A maximum of 50 lines can be written per banner. Text must be enclosed in quotes.
General Network Management Commands crypto key dsa This command generates the Digital Signature Algorithm (DSA) type host key pair (private and public) as well as displays the public key. A unique set of host keys are created each time the XSR reboots but we recommend you generate a new pair of host keys when you believe security may be compromised. The master encryption key is used to encrypt the keys before being saved in the hostkey.dat file in Flash.
General Network Management Commands Example XSR#disable enable This command jumps to Privileged EXEC mode. Syntax enable Mode EXEC: XSR> Example XSR>enable end This command terminates configuration mode. Syntax end Mode Any configuration Example XSR(config)#end exit This command quits the current mode to a higher level. If you are in EXEC mode, it terminates the Telnet, SSH, or Console session.
General Network Management Commands help This command retrieves help at any Mode. Syntax help Mode All Example XSR#help ip http port This command changes the HTTP (Hyper Text Transfer Protocol) port where incoming HTTP (Web) sessions are connecting to. Syntax ip http port {port_number | default} port_number Incoming HTTP server port number from 1024 to 65535. default Sets the HTTP port to default. Note: If you try to set the port-number but it is already in use (Telnet, e.g.
General Network Management Commands Syntax ip http server [enable | disable] enable Enables HTTP server. disable Disables HTTP server. Syntax of the “no” Form The no form of this command disables the HTTP server: no ip http server Mode Global configuration: XSR(config)# Default Disable Examples XSR(config)#ip http server enable XSR(config)#no ip http server ip ssh server This command enables/disables Secure Shell (SSH) service to the client.
General Network Management Commands • Port number 22 Example XSR(config)#ip ssh server enable ip telnet port This command changes the Telnet port where incoming Telnet sessions connect to. Syntax ip telnet port {port_number | default} port_number Incoming Telnet server port number from 1024 to 65535. default Sets the Telnet port to the default. Note: If you try to set the port-number but it is already in use (the Web, e.g.) , it will be reset to the default value automatically.
General Network Management Commands Mode Global configuration: XSR(config)# Default Enabled Examples XSR(config)#ip telnet server enable XSR(config)#no ip telnet server ping This network connectivity command, which applies to IP ping only, sends five echo requests with a configurable packet size and source IP address. Ping stops when responses are received or after five requests are sent. Syntax ping dest_addr [source_addr][size pkt_size] dest_addr Destination address to be pinged.
General Network Management Commands Reply from 192.168.27.165: 10ms Reply from 192.168.27.165: 10ms Reply from 192.168.27.165: 10ms Reply from 192.168.27.165: 10ms Packets: Sent = 5, Received = 5, Lost = 0 The following example shows the destination lost after three pings: XSR>ping 134.141.235.165 Reply from 134.141.235.165: Reply from 134.141.235.165: Reply from 134.141.235.
General Network Management Commands value Privilege level associated with the mode of operation ranging from 0 to 15 (highest). reset Resets the privilege level to the default. command Command within that mode to set a privilege for. commandgroup Set of commands to associate with a privilege. For example, T1 Controller group commands. Mode Global configuration: XSR(config)# Defaults • Privilege level 0: all statistics (show) commands with low‐level security such as show version, show clock, etc.
General Network Management Commands session-timeout This command sets the interval for closing a connection when there is no input. If the keyword console, ssh, or Telnet is used, the timeout becomes the default value for the next session of the specified type, otherwise, the timeout applies to the current session. When the console session times out, it will sit idle and prompt you for your user ID and password again.
General Network Management Commands • Width: 132 characters • 0 means no limit Example XSR#terminal width 40 XSR#terminal length 40 traceroute This command gathers information regarding the route that IP datagrams follow to a specified destination. This implementation of the traceroute utility uses UDP as the transport layer. It transmits three probes for each hop between source and destination. Syntax traceroute dest-addr [source-addr] dest-addr Network address of the destination.
General Network Management Commands username This command adds a user, privilege level, password, and encryption type for those accessing the XSR. Assigning privilege levels lets you control which users can manage selective resources. The username command can also be used in conjunction with the privilege command to associate usernames with particular configuration modes.
General Show Commands Note: No user can be deleted if you presently logged in as that user and admin or other level 15 users can not be deleted unless at least one such administrator remains configured. Mode Global configuration: XSR(config)# Defaults • Username: admin • Password: ““ (null or zero length string) • New user level: 0 unless explicitly set • Privilege for special user admin: 15 • Users with a privilege level of 15 have the same rights as admin.
General Show Commands Sample Output The following output displays public key: XSR(config)#crypto key dsa show ---- BEGIN SSH2 PUBLIC KEY ---Subject: root Comment: "1024-bit dsa, administrator@Robo1, Mon Mar 03 2003 05:06:16" AAAAB3NzaC1kc3MAAACBAIgwEkVM26GpC9L+cu9HnXps8S6Qlrhp7mwGudUYDMETdWj53j u6umHQPwekw0AsTH256mbFedfilcr+W207db+YKunWh59nan/kHGg1iZpwfeaE2kNO4om2 PqXGqdJd7tEI6Ut0cCV7R9roVUDkhmkWWcxaLL5r+YkIV7II6b33AAAAFQCO4IaKlgIhPg W3oRkNWe3mq9iDrwAAAIBKHSIUIf/KkYd9r5bi7Ec8OHTbkCAcZqwH4gJIh8EryaMWAm7c zj
snmp-server Commands Sample Output The following is output from the ip telnet command: XSR#show ip telnet TELNET Information: Telnet Server: Enabled Telnet Port: 23 Active Telnet Sessions: 1 snmp-server Commands This command set configures the SNMP agent on the XSR. Currently, SNMP v1/v2 and v3 are supported. All commands are invoked in Global configuration mode.
snmp-server Commands Table 1-1 Supported Proprietary and Standard MIB Objects (continued) MIB Description Enterasys Configuration Management This MIB allows an SNMP management entity to upload and download executable images and configuration files to the XSR and identify the active executable image and configuration files. Using this MIB to reset the XSR will succeed only if SNMP system shutdown is enabled with the snmp-server system-shutdown command (see page 1‐27).
snmp-server Commands snmp-server community This command allows a community string to access MIBs in the XSR. Syntax snmp-server community community-string [view view-name][ro | rw] [access-listnum] community-string Community string with SNMP v1/v2c access. view-name Name of the view defining which MIBs are accessible. ro Read‐only permission. rw Read‐write permission. access-list-num Standard access‐list number ranging from 1 to 99.
snmp-server Commands Syntax of the “no” Form The no form of this command offers no contact information: no snmp-server contact Mode Global configuration: XSR(config)# Default Null string Example XSR(config)#snmp-server contact LarryCurtis@enterasys.com XSR(config)#snmp-server contact “Larry Curtis 508 767-2536” snmp-server enable/disable This command enables or disables the SNMP server. If the server is disabled, using any snmp CLI command will turn it back on.
snmp-server Commands Syntax of the “no” Form The no form of this command disables the sending of specified traps: no snmp-server enable traps [[snmp [authentication]] entity | frame-relay] Mode Global configuration: XSR(config)# Default Disabled Examples To enable all SNMP traps, enter the following command: XSR(config)#snmp-server enable traps snmp To enable authentication SNMP traps only, enter the following command: XSR(config)#snmp-server enable traps snmp authentication snmp-server engineID This
snmp-server Commands Mode Global configuration: XSR(config)# Example The following example specifies the Engine ID: XSR(config)#snmp-server engineID local 00020AF100 results in an engine ID of 0x800015F80500020AF100 snmp-server group This command configures a new SNMP group to associate SNMP users with views. Syntax snmp-server group group-name {v1 | v2c | v3 {auth | noauth | priv}} [read readview] [write writeview][access access-list] group Defines a User Security Model (USM) group.
snmp-server Commands snmp-server host This command specifies host parameters of the SNMP server; it adds a new management station to send traps to. If the address already exists, the command will update the server’s configuration which is stored in the snmpTarget MIB defined by RFC‐2573. Syntax snmp-server host ip-addr {traps | informs version {2c | 3 [{auth | noauth | priv}]] community-stringOrUser [udp-port port][notification-type] ip-addr IP address of the target recipient.
snmp-server Commands Example The following examples illustrate an SNMP host with trap on and off: XSR(config)#snmp-server host 192.168.1.10 traps trapsOn XSR(config)#no snmp-server host 192.168.2.11 Sample Output The following are three sample outputs from the command: Notification host: 192.168.2.10 udp-port: 162 user: v3user security model: v3 priv type: inform Notification host: 192.168.10.2 udp-port: 162 user: public security model: v1 type: trap Notification host: 192.168.1.
snmp-server Commands Example This example shows an inform with 1 retry, a 5‐second timeout and a 10 pending value: XSR(config)#snmp-server informs retries 1 timeout 5 pending 10 snmp-server location This command specifies the location of the SNMP server. Syntax snmp-server location location-string location-string Site where the SNMP server is located.
snmp-server Commands Default 0 traps (unlimited) Example The following example sets the traps permitted to 1000: XSR(config)#snmp-server max-traps-per-window 1000 snmp-server min-trap-spacing This command sets the interval between successive SNMP traps. Trap spacing is only guaranteed to occur at least every spacing ‐ it might occur more often. The command implementation can exhibit a jitter of +0 to +200 milliseconds and is linked to the XSR’s fast timer tick interval.
snmp-server Commands Syntax of the “no” Form The no form sets the maximum allowed incoming and outgoing packetsize to the default: no snmp-server packetsize Mode Global configuration: XSR(config)# Default 1,500 bytes Example The following example specifies the peak packet size as 1000 bytes: XSR#snmp-server packetsize 1000 snmp-server queue-length This command sets the retransmission queue length. Traps which have no route to the host are put into the retransmission queue for resending later.
snmp-server Commands Syntax snmp-server set entityMIB {entPhysicalAlias | entPhysicalAssetID} host entPhysicalAlias An alias name for the physical entity. entPhysicalAssetID A user‐assigned asset tracking identifier for the physical entity. string Text for the alias or ID not to exceed 32 characters.
snmp-server Commands snmp-server tftp-server-list This command specifies an Access Control List (ACL) to limit TFTP servers’ access during SNMP downloads. Syntax snmp-server tftp-server-list access-list-num access-list-num Standard ACL ranging from 1 to 99.
snmp-server Commands snmp-server trap-timeout This command specifies the interval traps in the retransmission queue are retried if no route exists to the host that SNMP traps will to be sent to. Syntax snmp-server trap-timeout timeout timeout Retry interval ranging from 1 to 9,999 seconds.
snmp-server Commands sha HMAC SHA algorithm used for authentication. auth-password The user’s authentication password. At least 8 characters is required. priv Specifies the privacy setting. des56 CBC‐DES privacy encryption algorithm. priv-password Privacy password for the user. A minimum of 8 characters is required. access Specifies an access‐list associated to this user. access-list Standard IP access‐list allowing access to this user.
snmp-server Commands Mode Global configuration: XSR(config)# Examples The following example creates a view of all objects on the XSR: XSR(config)#snmp-server view v3view internet included The following example creates a view of all objects in the MIB‐II subtree: XSR(config)#snmp-server view mib2 mib-2 included The following example creates a view for TCP: XSR(config)#snmp-server view TCPview tcp included The following example creates a view of all objects in the MIB‐II subtree excluding 1.3.6.
snmp-server Commands Table 1-2 1-32 MIB Names for SNMP View Commands (continued) SNMP Term SNMP Numerical ID at 1.3.6.1.2.1.3 atEntry 1.3.6.1.2.1.3.1.1 ip 1.3.6.1.2.1.4 ipAddrEntry 1.3.6.1.2.1.4.20.1 ipRouteEntry 1.3.6.1.2.1.4.21.1 ipNetToMediaEntry 1.3.6.1.2.1.4.22.1 icmp 1.3.6.1.2.1.5 tcp 1.3.6.1.2.1.6 tcpConnEntry 1.3.6.1.2.1.6.13.1 udp 1.3.6.1.2.1.7 udpEntry 1.3.6.1.2.1.7.5.1 egp 1.3.6.1.2.1.8 transmission 1.3.6.1.2.1.10 pppLcp 1.3.6.1.2.1.10.23.1 pppIp 1.3.6.1.2.1.10.
snmp-server Commands Table 1-2 MIB Names for SNMP View Commands (continued) SNMP Term SNMP Numerical ID snmpMPDMIB 1.3.6.1.6.3.11 snmpUsmMIB 1.3.6.1.6.3.15 snmpVacmMIB 1.3.6.1.6.3.16 snmpEngine 1.3.6.1.6.3.10.2.1 snmpMPDStats 1.3.6.1.6.3.11.2.1 usmStats 1.3.6.1.6.3.15.1.1 usmUser 1.3.6.1.6.3.15.1.2 usmUserTable 1.3.6.1.6.3.15.1.2.2 vacmContextTable 1.3.6.1.6.3.16.1.1 vacmSecurityToGroupTable 1.3.6.1.6.3.16.1.2 vacmAccessTable 1.3.6.1.6.3.16.1.4 vacmMIBViews 1.3.6.1.6.3.16.1.
SNMP Show Commands SNMP Show Commands show snmp This command information about the SNMP server. Syntax show snmp [location] location The site of the SNMP server.
SNMP Show Commands 0 Silent drops 0 Proxy drops The example below shows output with the location option entered: XSR#show snmp location Haverhill Mass. show snmp engineID This command displays the identification of the local SNMP engine. Syntax show snmp engineID Mode Privileged EXEC: XSR# Sample Output The following is sample output from the command: XSR#show snmp engineID Local SNMP engineID: 800015F8030001F423E691 IP-addr Port Rewrite Engine ID 10.10.1.
SNMP Show Commands grouname: nm readview: v1default notifyview: nmMIBIIview security model: v3 auth wirteview: nmMIBIIview The following is sample output from the command: XSR#show snmp group groupname: v3RWGroup security model: v3 readview: v3view writeView: v3view notifyview: groupname: v3ROGroup security model: v3 readview: v3view writeView: nmMIBIIview notifyview: show snmp host This command displays information from the SNMP Host table.
SLA Agent Commands User name: authprivUser Engine ID: 800015f8030001f423e691 storage-type: nonvolatile group: v3RWGroup active Parameter Description storage-type Indicates whether the settings have been saved to persistent memory (non‐volatile) or will be lost if the device is reset (volatile). show snmp view This command displays information on each SNMP view in the group username table.
SLA Agent Commands Syntax aggregate-period period period Interval between aggregate measurement, ranging from 10 to 60800 seconds.
SLA Agent Commands Example This example sets the buckets‐of‐history value to 5 records: XSR(config-rtr-echo-1)#buckets-of-history-kept 5 frequency This command specifies how frequently to send a Response Time Reporter (RTR) probe. The value you configure for frequency must be larger than your configured timeout value so that a user cannot have a frequency of 1 second and a timeout of 1001 milliseconds.
SLA Agent Commands Mode RTR Echo configuration: XSR(config-rtr-echo-xx)# Example The following example creates an RTR map: XSR(config-rtr-echo-57)#map "network in Peoria" owner This command binds a Response Time Reporter (RTR) owner (administrator) to a measurement entry. Note: Because the Enterasys service level reporting MIB requires an owner to be created before an entry, an owner must be added first. Syntax owner {owner-name} owner-name Ownerʹs name.
SLA Agent Commands Mode RTR Echo configuration: XSR(config-rtr-echo-xx)# Default Payload size: 12 bytes Example The following example limits the RTR payload size to 32 bytes: XSR(config-rtr-echo-57)#request-data-size 32 tag This command specifies an identifier (name) for this Response Time Reporter (RTR) measurement. Syntax tag {name-tag} name-tag Name assigned to this measurement.
SLA Agent Commands Syntax of the “no” Form The no form of this command returns to the default value: no timeout Mode RTR Echo configuration: XSR(config-rtr-echo-xx)# Default 5000 milliseconds Example The following example resets the RTR timeout to 500 milliseconds: XSR(config-rtr-echo-57)#timeout 500 type This command specifies the type of Response Time Reporter (RTR) measurement to be performed ‐ ICMP Echo ‐ as well as the destination and source host IP addresses.
RTR-mode Commands RTR-mode Commands rtr This command creates a Response Time Reporter (RTR) entry. The following are sub‐commands: • • rtr owner registers the RTR administrator. Go to page 1‐43 for the command description. rtr schedule configures when an RTR entry will be run. Go to page 1‐44 for the command description. Syntax rtr operation-id operation-id Measurement ID number, ranging from 1 to 2,147,483,647.
RTR-mode Commands Default Quota: 700 Example The following example registers the RTR owner: XSR(config)#rtr owner operator1 192.168.57.5 email larrycurtis@enterays.com quota 1000 rtr schedule This command schedules an Response Time Reporter (RTR) entry. Syntax rtr schedule operation-id [[life {forever | lifetime}] start-time {hh:mm:[ss][month day | day month] | pending | now | after hh:mm:ss}] operation-id Measurement ID number, ranging from 1 to 2,147,483,647.
RTR Show Commands RTR Show Commands show rtr operation-state This command displays the current operational state of the Response Time Reporter (RTR). Syntax show rtr operation-state [operation-id] operation-id Measurement ID, ranging from 1 to 2,147,483,647.
RTR Show Commands Status of Entry (SNMP RowStatus): active Protocol Type: ipIcmpEcho Target Address: 192.168.57.3 Source Address: 192.168.57.43 Request Size (data portion): 12 Life (seconds): 5000 Next Scheduled Start Time: Start Time already passed Number of History Buckets kept: 15 show rtr history This command displays the measurement history of the Response Time Reporter (RTR). Syntax show rtr [operation-id] operation-id Measurement ID number, ranging from 1 to 2,147,483,647.
2 Configuring T1/E1 and T3/E3 Subsystems Observing Syntax and Conventions The CLI Syntax and conventions use the notation described in the following table.
T1/E1 & T3/E3 Commands cablelength For T3 controllers only This command specifies the distance of cabling from the XSR to the network equipment for a T3 NIM card only. Note: Although you can specify cable length from 0 to 450 feet, the XSR recognizes only two ranges: 0 to 224 and 225 to 450. For example, entering 35 feet selects the 0 to 224 range. If you later change the cable length to 40 feet, there is no change because 40 falls within the 0 to 224 range.
T1/E1 & T3/E3 Commands the received signals. This feature is provided by placing a transmit attenuator in the data path. This attenuation is selectable from 0, ‐7.5, ‐15, or ‐22.5 dB. Note: Long haul line build-out (LBO) compensates for the loss in decibels based on the distance from the device to the first repeater in the circuit. A longer distance from the device to the repeater requires that the signal strength on the circuit be boosted to compensate for loss over that distance.
T1/E1 & T3/E3 Commands Syntax cablelength short {133 | 266 | 399 | 533 | 655} 133 0 to 133 feet (cable length for short haul pulse shaping). 266 134 to 266 feet (cable length for short haul pulse shaping). 399 267 to 399 feet (cable length for short haul pulse shaping). 533 400 to 533 feet (cable length for short haul pulse shaping). 655 534 to 655 feet (cable length for short haul pulse shaping).
T1/E1 & T3/E3 Commands range Assigns one or more timeslots or a range of timeslots to a channel group, ranging from 1 to 24 for T1 and 1 to 31 for E1. speed Line speed of the T1/E1 link in kilobits per second. Syntax of the “no” Form Use the no form of the command to remove a channel group: no channel-group number Defaults Speed: 64 kbps for both T1 and E1 controllers.
T1/E1 & T3/E3 Commands Default Line Mode Controller configuration: XSR(config-controller)# Examples The following example configures the T1 controller on NIM 1, port 0 (first port), with ESF framing, B8ZS line encoding and line source clocking: XSR(config-controller)#framing esf XSR(config-controller)#linecode b8zs XSR(config-controller)#clock source line This example set the E3 controller in with line source clocking and a national reserved bit of 0: XSR(config-controller
T1/E1 & T3/E3 Commands Syntax of the “no” Form The no form of this command deletes the defined controller: no controller {t1 | e1| t3 | e3}{slot/card/port} no controller {t1 | e1| t3 | e3}{card/port} Mode Global configuration: XSR(config)# Next Mode Controller configuration: XSR(config-controller)# Default Full rate Examples The following example sets the T1 NIM on board 1, port 0 (first port) and maps timeslots to the channel group.
T1/E1 & T3/E3 Commands Syntax crc {16 | 32} 16 or 32 CRC size in bits per channel group or fractional link (port). Syntax of the “‘no” Form The no form of this command returns to the default setting: no crc Default 16 Mode Interface configuration: XSR(config-if)# Example This example enables the 32‐bit CRC on the T1 interface: XSR(config)#interface serial 1/0:2 XSR(config-if
T1/E1 & T3/E3 Commands XSR(config)#controller t1 1/0 XSR(config-controller)#framing esf XSR(config-controller)#linecode b8zs XSR(config-controller)#clock source line XSR(config-controller)#description “Acme’s T1” The following example describes the T3 controller in slot 1, card 2: XSR(config)#controller t3 1/2 XSR(config-controller)#description “T3 Up at ACME” dsu mode For T3/E3 un-channelized controllers only This command configures an unchannelized sub‐rate T3/
T1/E1 & T3/E3 Commands XSR(config-controller)#framing m13 XSR(config-controller)#cablelength 250 XSR(config-controller)#dsu mode adtran dsu bandwidth For T3 controllers only This command specifies the peak allowable bandwidth used by the T3/E3 port. DSU bandwidth configuration must match the remote configuration and it is important that you know the bandwidth value set on the remote port.
T1/E1 & T3/E3 Commands Mode Controller configuration: XSR(config-controller xx)# Default • T3: 44,210 kbps (full‐rate) • E3: 34,099.
T1/E1 & T3/E3 Commands equipment For T3/E3 controllers only This command configures the T3/E3 controller as network or customer equipment and operates according to the T1.403 ANSI standard, allowing equipment configured as network equipment to disregard network loopback commands from the far‐end device. Note: Since remote loopback requests are available only when C-bit framing is invoked for a T3 port, the equipment command is useful only when framing is set to C-bit.
T1/E1 & T3/E3 Commands Note: The C-bit T3 parity framing format is an enhancement of the original M13 format. The main difference is the C-bit framing format always stuffs the first bit of the 8th block in each sub-frame. So, in C-bit format, C-bits permit greater management and performance functions on the M frame. Syntax framing framing framing framing {sf | esf} (T1) {crc4 | no-crc4} (E1) {c-bit | m13} (T3) {g751 | bypass} (E3) sf T1 frame type set to Super Frame (D4, F12).
T1/E1 & T3/E3 Commands interface serial This command configures the Serial interface automatically created by the controller command in conjunction with T1/E1 and T3/E3 NIM operations. The T3 module offers channels to PPP and Frame Relay protocol stacks. T3/E3 Serial channels are configured and monitored similar to serial channels provisioned via T1/E1 and serial NIMs. For full and sub‐rate T3 or E3 mode, the port and channel setting is 0 only.
T1/E1 & T3/E3 Commands Example The following example configures the E3 controller in slot 1, card 2 with line source clocking and international bits of 0 and 0: XSR(config)#controller e3 1/2/0 XSR(config-controller)#clock source line XSR(config-controller)#international bit 0 0 invert data For T1/E1 controllers only This command inverts the data stream. Data inversion is a method of avoiding excessive zeroes that is superseded by the use of B8ZS line encoding.
T1/E1 & T3/E3 Commands Syntax linecode {ami | b8zs | hdb3} ami Alternate Mark Inversion (AMI) line encoding. b8zs Bipolar 8 Zero Substitution (B8ZS) line encoding. Used for T1 controllers only. hdb3 High‐Density Bipolar 3 (HDB3) line encoding. Used for E1 controllers only.
T1/E1 & T3/E3 Commands local line Local loopback mode loops the entire bandwidth of the T1/E1/ISDN‐PRI line toward the network. Use external equipment to verify that the T1/E1/ ISDN‐PRI port is connected to the line. local payload Same as Local line, it merely loops back the T1 payload, that is, the XSR generates framing at 1.536 MBytes/sec.
T1/E1 & T3/E3 Commands Mode Controller configuration: XSR(config-controller xx)# Default 1 Example The following example configures the E3 controller in slot 1, card 2 with line source clocking and a national reserved bit of 0: XSR(config)#controller e3 1/2/0 XSR(config-controller)#clock source line XSR(config-controller)#national bit 0 scramble For T3/E3 controllers only This command assists clock recovery on the receiving end of a T3/E3 port by randomizing the pattern of 1s and 0s
T1/E1 & T3/E3 Commands Example The following example configures the T3 controller in slot 1, card 2 with line source clocking, M13 framing, in unchannelized mode, cablelength of 250, DSU interoperability mode set to a Kentrox DSU, DSU bandwidth of 44210, and scrambling enabled: XSR(config)#controller t3 1/2/0 XSR(config-controller)#no channelized XSR(config-controller)#clock source line XSR(config-controller)#framing m13 XSR(config-controller)#cablelength 250 XSR(con
T1/E1 and T3/E3 Clear and Show Commands Examples The following example disables a T1 controller: XSR(config)#controller t1 1/0 XSR(config-controller)#shutdown The following example re‐enables a T3 controller: XSR(config)#controller t3 1/2/0 XSR(config-controller)#no shutdown T1/E1 and T3/E3 Clear and Show Commands clear controller This command clears controller counters for individual T1/E1 or T3/E3 controllers.
T1/E1 and T3/E3 Clear and Show Commands show controllers This command displays the status and statistics for any controller. The T1/E1, T3/E3, and ATM subsystems track various status and statistical parameters, including the current controller configuration. The command also displays Maintenance Data Link (MDL) information (received strings) if MDL is configured and framing is set to C‐bit on T3 NIMs. Notes: The network can remotely test XSR’s T1 ports by placing them in loopback.
T1/E1 and T3/E3 Clear and Show Commands 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 Rx ABCD * * * * * * F F 0 * F F F F F F F F F F F F F F Channel 1: Timeslots 1,2,3,4,5,6,7,8,9,10 64kbps Base rate Channel 2: Timeslots 12,13 56kbps Base rate Data 0 0 0 0 0 0 0 0 0 0 in current interval (502 seconds elapsed): Line Code Violations Path Code Violations Slip Seconds Frame Loss Seconds Line Error Seconds [string] Degraded Minutes Errored Seconds Bursty Error Seconds Severely Error Seconds Unavailable Seco
T1/E1 and T3/E3 Clear and Show Commands Latest No Code II No Code Alarms Detected: LOS LOF TxAIS X X X III No Code RxAIS TxRAI IV No Code RxRAI LOOP PayLd 24 Hour Statistics cleared: MAY 04 22:33:47 Current time: MAY 04 22:34:13 Interval LVC PCV Total 4352 0 Current 4352 0 ( 28s) CCV 0 0 PES 2 2 PSES SEFS UAS 2 2 2 2 2 2 LES 2 2 CES 2 2 CSES 2 2 Note: The 24 hour statistics is applied differently based on the selected farming type, the following table marks the valid fields by a * LCV PCV
T1/E1 and T3/E3 Clear and Show Commands Rx ABCD * * * * * * F F 0 * F F F F FFFFFFFFFF Time slot that bypasses between port 0 and 1 carry Channel Associated Signaling (CAS). CAS signaling comprises four bits: Bit A, C, C and D. This line shows CAS signaling for each voice channel by which you can determine channel status based on the current CAS value. It is a debug aid.
T1/E1 and T3/E3 Clear and Show Commands FEAC code received Displays the last 4 FEAC codes or commands that were received. Applicable for C‐bit parity framing only, per ANSI T1.105‐1995. This field are intended for T3 line debugging by carrier personal. Values (the last four codes are just displayed, subsequent codes will overwrite current ones) listed are as follows: • DS3 Eqpt. Failure (SA) • DS3 LOS • DS3 Out‐of‐Frame • DS3 AIS Received • DS3 IDLE Received • DS3 Eqpt.
Drop and Insert Commands P‐bit Severely Err Secs (Valid for C‐bit & M13) PSES is a second with 44 or more PCVs, one or more Out‐of‐Frame defects, or a detected incoming AIS. This gauge is not incremented when unavailable seconds are counted. Severely Err Secs (Valid for g751) SES is a second in which more then 43 LCV were counted or one or more Out‐ of‐Frame defects, or a detected incoming AIS. This gauge is not incremented when unavailable seconds are counted.
Drop and Insert Commands Mode Controller configuration: XSR(config-controller)# Default cas Example This configuration instructs the XSR to terminate timeslots 1, 2, 3, 4, 5, 6 and 7 of controller T1 0/1/ 0 into a PPP channel and bypass the rest of the timeslots from T1 controller 0/1/0 to controller T1 0/ 1/1. controller port T0/1/0 is connected to the Central Office and controller port T0/1/1 is connected the the PBX down stream. Note that setting the clock source to internal is mandatory.
Drop and Insert Commands Applique type is Fractional T1. Loopback is set as none. Cablelength long and short 0. Framing is esf, Line Encoding is b8zs, Clock Source is line. Description: None Alarms Detected: None Rx 0signal level -0.
3 Configuring the XSR Platform Observing Syntax and Conventions The CLI command syntax and conventions use the notation described in the following table.
Clock Commands Clock Commands clock set This command sets the current time of the Real Time Clock chip (software module clock). After resetting the XSR, you must manually set the clock. Syntax clock set hh:mm:ss wday mday month year hh:mm:ss Current time. wday Day of the week, ranging from 1 to 7. Sunday is 1. mday Day of the month, ranging from 1 to 31. month Month of the year. January is 1. year Year, ranging from 2000 to 2100. Mode Privileged EXEC: XSR# Example Set the clock to 2:59:59 p.m.
Crypto Key Commands Crypto Key Commands crypto key master generate This command generates a random master encryption key. When the command is entered, you are prompted to identify the previous master key. If you successfully identify it, the current secure data files are converted to use the new key. If not, you have the following options: • Retry entering the previous key, • Abort the key change, • Remove the previous file set and enter a new key.
Other Platform Commands crypto key master specify This command allows you to specify a master encryption key. When entered, the command first prompts you to identify the previous master key. If you cannot identify it, you have the following options: • Retry entering the previous key, • Abort the key change, • Remove the previous file set and enter a new key. If you successfully identify a new key or proceed regardless of a correct response, you are prompted to specify a new key numbering 24 bytes.
Other Platform Commands Example XSR(config)#cpu-utilization debug processor This command defines a method to force forwarding engine jobs to a specific CPU or allows the jobs to float between available CPUs. Syntax debug processor {number | job type | interface | mobility} number CPU: 0 or 1. job type Input, Output, or Protocol. interface The specified interface. mobility Fixed (assign to a CPU and port) or floating (XSR assigns CPU and port).
Other Platform Commands Example XSR#hostname XSR-1800 XSR-1800# logging This command enables/disables message logging at varying severity levels for specified destinations. Refer to Appendix A in the XSR User’s Guide for a list of most router alarms and events. Normally, only HIGH severity alarms are logged to red flag critical events and those requiring operator intervention. The DEBUG alarm level is meant for maintenance personnel only.
Other Platform Commands medium Sets system log to Medium level. low Sets system log to Low level. debug Sets system log to Debug level. timestamp Sets time and date. local Sets timestamp to local time. utc Sets timestamp to the Universal Time Clock. Syntax of the “no” Form Use the no form of this command to disable the earlier configured service: no logging [console | buffered | monitor | snmp | A.B.C.D | file | timestamp] Mode Global Configuration: XSR(config)# Defaults • File: off • A.B.
Other Platform Commands Debug, severity = 7 (Debug) 15 87 Examples This example sets logging at High for the console with a local timestamp: XSR#logging console high timestamp local The following example sets a Low logging level for all destinations with a UTC timestamp: XSR#logging low timestamp utc This example sets persistent logging of High severity messages to CFlash: with a local timestamp: XSR#logging file high timestamp local The following example sets the logging timestamp to local time.
SNTP Commands Mode Global configuration: XSR(config)# Examples The following example selects a 5‐minute auto install: XSR(config)#netload The following example selects a persistent auto install: XSR(config)#netload persistent SNTP Commands sntp-client This command enables the SNTP client and sets the Simple Network Time Protocol (SNTP) primary and alternate server IP addresses. Once the XSR is configured, it sends a time request to the SNTP server every poll interval to update local time.
SNTP Commands sntp-client poll-interval This command configures the interval the SNTP client waits, when synchronized, before sending another time request to an SNTP server. The poll‐interval is applied continuously after the client is first synchronized. If both primary and alternate servers are configured, polls are sent only to the first server, once this was detected to be active and only if this server becomes inactive will the client start polling the alternate server.
SNTP Commands no sntp-server This command disables the SNTP server. Syntax no sntp-server Mode Global configuration: XSR(config)# show sntp This command displays the current status of the SNTP server. Syntax show sntp Output XSR>show sntp SNTP server 30.10.1.22 1.1.1.
Platform Clear and Show Commands Nominal freq is xxxxx Hz, actual freq is xxxx Hz, precision is 2**16 Reference time is 12345678.12345678 (01:01:01.123 EDT Mon Jan 1 2004) Clock offset is 1.1234 msec, root delay is 123.12 msec Root dispersion is 12.12 msec, peer dispersion is 1.12 msec Platform Clear and Show Commands clear counter processor This command clears processor performance information. CPU utilization is averaged over an 8‐ second interval.
Platform Clear and Show Commands clear logging This command deletes all messages from the logging buffer in RAM. Syntax clear logging Mode Privileged EXEC: XSR# Example XSR#clear logging show buffers This command displays platform memory statistics and is helpful in discovering where memory leaks exist in various XSR modules. Memory is allocated in increments no smaller than 64 bytes.
Platform Clear and Show Commands Memory Block Allocation: Memory Options enabled: None. --------------------------------------------------------------------Size Number Number Avg.Size Max.
Platform Clear and Show Commands Overhead Sum of overhead bytes used for memory tracking, etc. Uncarved Sum of bytes available to be carved into desired blocks. Max Heap Sum of bytes that can be allocated from the heap. show buffers i/o This command displays summary I/O (data buffers, frame elements) memory usage statistics. Allocations are based on the hardware present in the XSR.
Platform Clear and Show Commands Parameter Descriptions Common Buffer Pool Usage Used: FE Frag Fwd Eng Free One buffer pool exists for data buffers. These buffer blocks are pre‐ allocated as shown below: • 2000 for FE: 2000 x 1696‐byte buffers were pre‐allocated for use by the Forwarding Engine. • 1000 for FE Frag: 1000 x 1696‐byte buffers were pre‐allocated for use by FE Fragmentation. • 2048 for Eth1: 2048 x 1696‐byte buffers were pre‐allocated for use by the Ethernet Driver for Ethernet Port 1.
Platform Clear and Show Commands Sample Output Memory Block Allocation: Memory Options enabled: None. -----------------------------------------------------------------Size Number Number Avg.Size Max.
Platform Clear and Show Commands show cpu-utilization This command tracks current use of various CPU processes as a percentage of total CPU usage for the last five second, one minute, and five‐minute intervals, and the number of times each process was called in total since the XSR was powered on.
Platform Clear and Show Commands show fault-report This command displays the fault report captured when the XSR experiences a system problem. It contains information that pinpoints the cause of the software failure. This data is highly technical and is intended only for the use of service support engineers to diagnose the problem. The fault report can be viewed in Bootrom monitor mode or on the CLI.
Platform Clear and Show Commands Sample Output The following is sample output from an XSR‐3020 router: Fault Report captured in node RouterName on Sept 22, 2001 at Fault: Data TLB Miss Processor up-time = 1234 hours 59 minutes 59 seconds 3:30:59pm Processor = PowerPC 405 GP Exception Vector Number = 0x1100 PC=00012345 SP(r1)=00044444 LR=12345678 CTR=12345678 r0 =12345678 r1 =00044444 r2 =12345678 r3 =12345678 r4 =12345678 r5 =00044444 r6 =12345678 r7 =12345678 r8 =12345678 r9 =00044444 r10=12345678 r11=1
Platform Clear and Show Commands 004276be 12345678 12345678 12345678 12345678 12345678 12345678 12345678 004276ce 12345678 12345678 12345678 12345678 12345678 12345678 12345678 004276de 12345678 12345678 12345678 12345678 12345678 12345678 12345678 etc. for all tasks End of fault report. When the XSR is automatically rebooted after a crash it performs a warm start.
Platform Clear and Show Commands Syntax show logging Mode EXEC or Privileged EXEC: XSR> or XSR# Example XSR>show logging file Sample Output The following example displays the logging file information: XSR#show logging file History of logging to file cflash:loggen File logging disabled File cflash:loggen does not exist. show logging history This command displays the contents of the logging history buffer.
Platform Clear and Show Commands Mode Privileged EXEC: XSR# Sample Output XSR#show sntp Server IP:192.168.27.88 Poll Interval: 512 Sntp Requested: 1 Last Synced: 17:00:34-UTC-Sunday,26-JAN-2003 Current Time: 10:53:01-UTC-Monday,27-JAN-2003 show version This command displays current XSR hardware and firmware data.
Platform Clear and Show Commands Software: Version 5.5.1.3, Built May 16 2003, 14:31:56 CLI revision 1.5 Software file is “xsr1800.fls” with VPN; with Firewall XSR-1800 uptime is 33 days, 10 hours, 44 minutes. The following example displays output from an XSR‐3150: XSR#show version Enterasys Networks Operating Software Copyright 2003 by Enterasys Networks Inc.
File System Commands Example XSR#show whoami Sample Output XSR#show whoami Comm Server “Enterasys”, current line at 9600bps. File System Commands The XSR employs an MS‐DOS‐compatible file system in Flash memory. The following commands are available. boot system This command creates a boot-config file to store the firmware file name of the active software image. This file name points to the firmware file loaded during system initialization in the following sequence: 1.
File System Commands XSR(config)#rename VPN_XSR1800.fls xsr1800.fls Rename flash:VPN_xsr1800.fls to flash:xsr1800.fls(y/n) ? y renaming file flash:VPN_xsr1800.fls -> flash:xsr1800.fls XSR# The following example renames the firmware file as part of an FTP/TFTP transfer. After entering the command, you are prompted by this script: XSR-1800#copy tftp://192.168.37.162/c:\firmware\VPN_xsr1800.fls flash:xsr1800.fls Copy 'c:\firmware\VPN_xsr1800.fls' from server as 'xsr1800.
File System Commands XSR#copy running-config startup-config running-config Keyword alias for current running configuration. This alias is only valid as follows: copy running-config startup-config This generates the current running configuration and saves it to flash:startup-config. startup-config Keyword alias for flash:startup-config. flash:/cflash: Alias for Flash or CompactFlash memory as a source or destination.
File System Commands Configuration Load This example loads startup‐config via the network from a TFTP server. The XSR does not load the configuration from the network automatically.
File System Commands Mode Privileged EXEC: XSR# Example XSR#copy startup-config tftp://192.168.1.100/cfg.txt Sample Output XSR#copy startup-config tftp://192.168.1.100/abc.cfg Copy 'startup-config' from Flash to server as 'abc.cfg'(y/n) ? y Upload to server done File size: 2997 bytes delete This command removes a file from the XSR file system. It initiates a script requiring confirmation of your intention. Syntax delete [flash: | cflash:] filename flash: Flash memory directory.
File System Commands Mode Privileged EXEC: XSR# Default flash: unless you change the default using the cd command. Example XSR#dir flash: Sample Output The following is sample output from an XSR 1800 Series router: XSR#dir flash: Listing Directory flash: size 817496 3220453 976 308 572 0 64 0 date SEP-17-2002 SEP-17-2002 SEP-23-2002 SEP-17-2002 SEP-23-2002 SEP-23-2002 SEP-23-2002 SEP-23-2002 time 15:21:32 15:24:08 16:02:08 15:26:14 14:50:32 14:24:56 14:50:30 14:24:56 name bootrom1_18.fls xsr1800.
File System Commands Default • Format: ASCII • Directory: current directory Examples XSR#more /ascii flash:startup-config XSR#more flash:startup-config Sample Output In ASCII format (/ascii): Controller t1 1/0 Clock source line primary Framing esf In Binary format (/binary:): 00000000 12345678 12345678 12345678 12345678 00000010 12345678 12345678 12345678 12345678 00000020 12345678 12345678 12345678 12345678 pwd This command displays the current directory.
File System Commands which is specified in the flash:boot‐config file. Although you cannot configure the secondary EOS file, if you wish to rename it, use the boot system command. Be aware that if the boot‐config file does not exist in the flash: directory, EOS fallback will seach for the default xsr1200.fls, xsr1800.fls or xsr3000.fls file first in flash:, then in cflash:, finally over the network (as specified in the bootrom using the Bootrom monitor mode commands sn or np).
File System Commands Examples The following example immediately cold restarts the XSR: XSR#reload cold The following example warm upgrades the new image from the primary OS file in the flash: directory and tests it for 15 minute with the fallback option set to the secondary OS file if a syntax error is found in the startup‐config file: XSR#reload warm fallback flash:xsr1800.
File System Commands Example XSR#rename cflash:xsr3000.fls.5512 flash:xsr3000.fls show hostname This command displays the name you specified for the XSR. Syntax show hostname Mode EXEC: XSR> Example XSR#show hostname Sample Output XSR#show hostname Local hostname is XSR show reload This command displays data about scheduled reloads of the Enterasys Operating System (EOS).
File System Commands XSR#show reload No reload is scheduled No EOS fallback Parameter Description running/not polling Scheduled reload timer is running or the test period is in progress. crash monitoring A reload check for system failure. fallback config Fallback enabled or disabled. snmp monitoring A reload check for SNMP messages and SNMP server IP address.
File System Commands session-timeout console 35000 session-timeout telnet 35000 session-timeout ssh 35000 !T1E1 controller t1 0/2/0 clock source internal no shutdown !IKE crypto isakmp proposal try1 authentication pre-share encryption aes hash md5 group 5 lifetime 40000 crypto isakmp peer 2.2.2.2 255.255.255.255 crypto isakmp peer 1.1.1.1 255.255.255.
File System Commands !OSPF router ospf 1 network 30.1.1.0 0.0.0.255 area 0.0.0.0 network 20.1.1.0 0.0.0.255 area 0.0.0.0 !RIP router rip !SNMP snmp-server community public rw snmp-server enable !AAA aaa group ii dns server primary 0.0.0.0 dns server secondary 0.0.0.0 wins server primary 0.0.0.0 wins server secondary 0.0.0.0 pptp encrypt mppe 128 policy vpn ! aaa method radius RADIUS backup Radbackup enable group DEFAULT address ip-address 0.0.0.
File System Commands verify This command verifies a packed software image file. The file name must end in *.fls. If the directory name is not specified, the current directory is used. Syntax XSR#verify [flash: | cflash:]filename.fls flash: File located in the Flash directory. cflash: File located in the CompactFlash directory. filename.fls Name of a packed software image file.
Bootrom Monitor Mode Commands Bootrom Monitor Mode Commands Bootrom monitor mode offers special user access for Flash:/CompactFlash: file operations and on occasions when the XSR lacks valid software or runs abnormally. Enter the mode by pressing the key combination (CTRL-C) during the first five seconds of initialization.
Bootrom Monitor Mode Commands If the Bootrom password is lost on the XSR 1800 Series, you can restore it by pressing the Default button. Be aware that when pressed, the Default button erases all configuration files and the master encryption key. bu This command updates the Bootrom file from a local file. You are prompted to enter data by the following script. When the “Proceed with erasing current Bootrom in flash ...” statement appears, enter y.
Bootrom Monitor Mode Commands da This command displays system date and time with this sample output: XSR-1800: da Date: Thursday, 29-MAY-2003. Time: 10:14:07 del This command removes a file from flash: or cflash: memory. df This command displays free disk space with this sample output: XSR-1800: df Free space on flash: is 3383296 bytes (0x33a000). dir This command lists the contents of the current directory in long format.
Bootrom Monitor Mode Commands dt This command sets system time using the syntax hh mm ss. For example: XSR:dt 11 59 59 ff This command formats the Flash file system. We recommend you first save any.dat,.cert,.cfg, and your startup-config files to cflash: or a PC since any files in flash: will be deleted. You are prompted to enter data by the following script: XSR-1800: ff You will lose all files in the “flash:” file system.
Bootrom Monitor Mode Commands Remote Host IP address (192.168.1.10) : Remote file path (c:\) : Use TFTP (no) : Ftp userid (anonymous) : Ftp password () : Local target name (robo1) : Autoboot (yes) : Quick boot (no) : Permanently save the network parameters? (y/n) ns This command saves a file over the network using a remote IP address/file path.
Bootrom Monitor Mode Commands gp= 8219b1e0 par1= ffffffff cause= 80000014 divLo= 00000000 BadVAddr=08112233 sp= par2= cntxt= divHi= PP - Crashed Task Stack 0x85feb790 ffffffff 0x85feb7a0 00000000 0x85feb7b0 00000000 0x85feb7c0 ffffffff 0x85feb7d0 00000000 0x85feb7e0 ffffffff 85febb90 85febaf8 ffffffff 00000000 s8= par3= fpcsr= causeR= (sp=85febb90): 00000000 00000008 00000001 00000000 8214ab00 0000000a 85feb7c0 ffffffff 00000002 ffffffff 82154b50 00000000 00000000 ffffffff d3800000 ffffffff ra= par4
Bootrom Monitor Mode Commands RAM: 512MB without interleave Memory Bus at 120MHz, CASL at 2.0 Bootrom Flash: 4MB Filesystem Flash: 8MB CompactFlash not present Real Time Clock I/O on Motherboard: GigabitEthernet 1 2 3 Encryption Hardware: not present Slot 0 card 1: Empty Slot 0 card 2: Empty System up for 9 days, 3 hours, 4 minutes 10 seconds.
Bootrom Monitor Mode Commands 3-128 Configuring the XSR Platform
4 Configuring Hardware Controllers Observing Syntax and Conventions The CLI command syntax and conventions use the notation described in the following table.
Hardware Controller Commands Syntax clock rate bps bps Configures the clock rate in bits per second (baud) on the line (async only). Valid rates are: 2400, 4800, 7200, 9600, 14400, 19200, 28800, 38400, 57600, and 115200. Syntax of the “no” Form no clock rate Mode Interface configuration: XSR(config-if)# Default 9600 Example XSR(config-if)#clock rate 19200 databits This command sets the number of data bits accepted on a serial port.
Hardware Controller Commands description This command sets the description text for an interface. The description will appear in the ifDescription (interface description) variable of the MIB. Syntax description text Alphanumeric characters which describe the interface.
Hardware Controller Commands Syntax of the “no” Form no duplex Default auto Mode Interface configuration: XSR(config-if)# Example XSR(config-if)#duplex full XSR(config-if)#speed 100 loopback This command forces the port into internal loopback mode. That is, the sender is internally connected to the receiver. This command is normallyused for diagnostic purposes only. Note: Issuing this command will isolate the port from any connected network.
Hardware Controller Commands media-type This command sets the media‐type appropriate to the cable type that the interface is connected to. Syntax media-type {RS232 | RS422 | RS449 | RS530A | V35 | X21} Note: The XSR Serial NIM does not detect the media-type of an attached cable. You must configure the correct interface media-type matching the attached cable for the serial interface to function properly.
Hardware Controller Commands parity This command configures the parity on a serial interface. It is valid and takes effect only when the interface is in Asynchronous mode. Syntax parity {even | mark | none | odd | space} even Even parity. mark A constant 1 in the parity bit. none No parity. odd Odd parity. space A constant 0 in the parity bit.
Hardware Controller Commands Mode Interface configuration: XSR(config-if)# Default Sync Example XSR(config-if)#physical-layer async shutdown This command disables an interface. When the interface is created, it is disabled by default. Note: Issuing this command causes the interface to drop its link while disabled. Syntax shutdown Syntax of the “no” Form no shutdown Mode Interface configuration: XSR(config-if)# Default When the interface is created, it is disabled by default.
Hardware Controller Commands • Speed cannot be changed in loopback mode. • When connecting an auto setting on an XSR to a forced setting on another router, the forced setting must be set to half-duplex regardless of the speed (10 or 100 Mbits). • For GigabitEthernet only, you must use a cross‐over cable when one or both ends of a line are forced. If both ends of the line are auto then you may use a cross‐over or straight‐through cable.
Hardware Controller Commands Mode Interface configuration: XSR(config-if)# Default 1 Example The following example sets 2 stopbits on Serial port 1/0: XSR(config-if)#stopbits 2 vlan This command configures a Virtual LAN (VLAN) ID on a sub‐interface. Note: Similar to the PPPoE sub-interface, you must issue the no shutdown command to keep the interface up. Syntax vlan vlan-id vlan-id Identifier of the sub‐interface, ranging from 0 to 4094.
Hardware Controller Clear and Show Commands Hardware Controller Clear and Show Commands clear counters fastethernet This command clears MIB‐II counters for the FastEthernet interface.
Hardware Controller Clear and Show Commands Mode Privileged EXEC: XSR# Example The following example clears the MIB‐II counters on GigabitEthernet port 3, sub‐interface 2: XSR#clear counters gigabitethernet 3.2 clear interface fastethernet This command resets the hardware logic on the FastEthernet interface. Using it preserves the current loopback mode, duplex mode and speed. This command is available on the XSR 1800 Series routers only.
Hardware Controller Clear and Show Commands Example The following example resets GigabitEthernet port 1, sub‐interface 5: XSR#clear counters gigabitethernet 1.5 clear counters serial This command clears serial interface counters.
Hardware Controller Clear and Show Commands Syntax clear interface serial [card/port] card XSR card number. port XSR port number. Mode Privileged EXEC: XSR# Example XSR#clear interface serial 1/0 show controllers fastethernet This command displays detailed FastEthernet controller data for a port. This interface is available on the XSR 1800 Series routers only. Syntax show controllers fastethernet number number FastEthernet interface number, ranging from 1 to 2.
Hardware Controller Clear and Show Commands dataLen dataLen dataLen dataLen [...] 0x00000000, 0x00000000, 0x00000000, 0x00000000, status status status status 0x00001300, 0x00001300, 0x00001300, 0x00001300, buffer buffer buffer buffer 0x00000000 0x00000000 0x00000000 0x00000000 RX RING ENTRIES: The ring starts at 0x01fcc000. RxDRNum = 128, pRxMblkDR = 0x01f33c88, RxDRIdx = 19 RxBuffSize = 1728, RxBuffOffset = 160 dataLen dataLen dataLen dataLen dataLen [...
Hardware Controller Clear and Show Commands datalen datalen datalen datalen datalen [...] 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, status status status status status 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, buffer buffer buffer buffer buffer 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 RX RING: Ring starts at 0x81568c60. RMaxDR=512, pRCurrDR=0x00000830, RIdx=0 datalen datalen datalen datalen datalen [...
Hardware Controller Clear and Show Commands Packet Processor 0 Packet 0 Packet 0 Packet 0 Packet The The The The Tx Scheduler Stats: driver Tx OK driver not Tx: MUX END_ERR_BLOCK driver not Tx: MUX ERROR driver not Tx: Unknown Msg from MUX unit number is 50331656. interrupt number is 26. DSR poll count is 800 ms. ACCM is at 0x01040acc.
Hardware Controller Clear and Show Commands channel ISDN BRI D‐ or B‐channel, either 0 for the D‐channel, and 1 or 2 for the B‐ channels. sub-interface ISDN BRI sub‐interface, ranging from 1 to 30.
Hardware Controller Clear and Show Commands show interface dialer This command displays information about the Dialer interface. Syntax show interface dialer [number] number Dialer interface number, ranging from 0 to 255.
Hardware Controller Clear and Show Commands Internet address is 54.54.54.1, subnet mask is 255.255.255.0 Secondary Internet address is 57.57.57.1, subnet mask is 255.255.255.0 Secondary Internet address is 58.58.58.1, subnet mask is 255.255.255.0 Secondary The name of this device is Eth1. The physical link is currently up. The device is in polling mode, and is active. The last driver error is '(null)'. The duplex mode is set to auto-negotiated. The current operational duplex mode is negotiated to half.
Hardware Controller Clear and Show Commands The Name of the Access Concentrator is c3600-1 The Session Id is 0x0005 The MAC Address of the Access Concentrator is 0x00:30:85:20:47:62 The MTU is 1492 Other Interface Statistics: ifOperStatus 1 ifInOctets 119439 ifOutOctets 119256 Configured VLANs: VLAN Id 1400 PPP Encapsulation show interface gigabitethernet This command displays information about a GigabitEthernet interface which is available on XSR 3000 Series routers only.
Hardware Controller Clear and Show Commands ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 00:00:00 0 0 0 0 0 0 0 0 0 0 0 256 show interface loopback This command displays information about the loopback interface. Syntax show interface loopback [number] number Loopback address number ranging from 0 to 15.
Hardware Controller Clear and Show Commands XSR#show interface multilink 8 ********** Multilink Interface Stats ********** Multilink 8 is Admin Down Internet address is not assigned LCP State: CLOSED Multilink State: CLOSED Max Fragment delay is 10 ms MLPPP Bundle Info: Control Object state is Admin Down / Oper Down Multilink PPP has no memberlinks Data Object state is Admin Down The adjacent is DOWN and data passing is Bundle size is 0 Max Load Threshold: 0 Total Load Bandwidth is 64000 bits/sec Bundle St
Hardware Controller Clear and Show Commands Sent: 0 octets, 0 unicast packets, 0 discards, 0 errors. MTU is 1500 bytes. Proxy ARP is enabled. Helper address is not set. Directed broadcast is enabled. Outgoing access list is not set. Inbound access list is not set. IP Policy Based Routing is not enabled.
Hardware Controller Clear and Show Commands ifindex ifType ifAdminStatus ifOperStatus ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards ifInErrors ifInUnknownProtos ifOutOctets ifOutUcastPkts ifOutNUcastPkts ifOutDiscards ifOutErrors ifOutQLen 0 22 1 1 00:00:25 1500 100 0 0 0 0 2134 14 0 0 0 280 show interface vpn This command displays attributes of the configured VPN interface.
5 Configuring the Internet Protocol Observing Syntax and Conventions The CLI Syntax and conventions use the notation described below.
OSPF Commands • “VRRP Clear and Show Commands” on page 5‐197. OSPF Commands area authentication This command enables/disables authentication for an OSPF area. Syntax area area-id authentication [message-digest] area-id OSPF area to be authenticated, expressed in decimals or IP addresses.
OSPF Commands Syntax of the “no” Form The no form of this command removes the cost value from the summary route that is sent by default into the stub area identified by the area‐id: no area area-id default-cost Mode Router configuration: XSR(config-router)# Default 1 Example The following command sets the cost value for the stub area 10 as 99: XSR(config)#interface serial 1/0 XSR(config-if)#ip address 172.16.101.5 255.255.255.252 XSR(config-if)#router ospf XSR(config-router)#network 172.16.
OSPF Commands Default No NSSA defined Example The following example configures area 10 as a NSSA area: XSR(config)#interface fastethernet 1 XSR(config-if)#ip address 172.16.10.5 255.255.255.252 XSR(config)#router ospf 1 XSR(config-router)#network 172.16.10.5 0.0.0.0 area 10 XSR(config-router)#area 10 nssa default-information-originate area range This command defines the range of addresses to be used by Area Boundary Routers (ABRs) when they communicate routes to other areas.
OSPF Commands Mode Router configuration: XSR(config-router)# Examples This example sets the address range used by this router for summarized routes learned at the boundary of area 0.0.0.0, as 172.16.0.0/16: XSR(config)#interface fastethernet 1 XSR(config-if)#ip address 172.16.16.1 255.255.240.0 XSR(config)#router ospf 1 XSR(config-router)#network 172.16.16.1 0.0.0.0 area 0.0.0.0 XSR(config-router)#area range 0.0.0.0 172.16.0.0 255.255.0.0 The following example aggregates 64.64.64.
OSPF Commands XSR(config)#router ospf XSR(config)#network 172.16.152.0 0.0.0.0 area 10 XSR(config)#area 10 stub area virtual-link This command defines an OSPF virtual link, which represents a logical connection between the backbone and a non‐backbone OSPF area. Backbones are areas including all ABRs, networks not wholly contained in any area, and their attached routers.
OSPF Commands The no form of this command removes the virtual link: no area area-id virtual-link router-id [authentication [message-digest | null]] [hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds] [authentication-key key | message-digest-key keyid md5 key] Mode Router configuration: XSR(config-router)# Defaults • hello‐interval seconds: 10 seconds • retransmit‐interval seconds: 5 seconds • transmit‐delay seconds: 1 second • dead‐interval secon
OSPF Commands Figure 5-1 Area 0.0.0.0 Eth 1 172.16.150.1 Area Virtual Link Example Area 2 ABR1 ABR2 virtual link Serial 1/1 Serial 1/0 192.16.33.1 192.16.33.2 Area 3 Eth 1 172.15.0.1 auto-virtual-link This command automatically creates virtual links. Refer to the area-virtual-link command for more related information.
OSPF Commands network Network LSA (Type 2). nssa-external NSSA External LSA (Type 7). opaque-area Opaque Area LSA (Type 10). router Router LSA (Type 1). summary Summary LSA (Type 3). Option:limit Peak number of LSAs accepted before overflow occurs, ranging from ‐1 to 2,147,483,647. exit-overflow interval Interval before XSR tries to exit overflow. Range: 0 to 86,400 seconds. warning-level LSA threshold past which a warning of pending overflow is generated, ranging from 0 to 2,147,483,647.
OSPF Commands Syntax distance ospf {intra | inter | ext} weight intra OSPF intra‐area routes. inter OSPF inter‐area routes. ext OSPF external routes. weight Administrative distance used by the routing protocol. Range: 1 to 240. Syntax of the “no” Form The no command resets the administrative distance to the default value for the particular type of routes. If no type of routes is referenced, the distance for all three types of OSPF routes are reset to the default.
OSPF Commands Example This example sets the administrative distance for OSPF external routes to 65. Note that you can do so only if both intra and inter OSPF distances are less than 65, otherwise you will not be permitted to change the value.
OSPF Commands ip ospf cost This command sets the cost of sending a packet on a interface. Each router interface that participates in OSPF routing is assigned a default cost. This command overwrites the default. Syntax ip ospf cost cost cost Cost of sending a packet ranging from 1 to 65,535.
OSPF Commands Default Four times the value of the seconds parameter defined in the ospf hello-interval command. Example The following example sets the dead interval to 20 for FastEthernet port 2: XSR(config)#interface fastethernet 2 XSR(config-if)#ip address 172.16.16.1 255.255.255.0 XSR(config-if)#ip ospf dead-interval 20 ip ospf hello-interval This command sets the number of seconds a router must wait before sending a hello packet to neighbor routers on the interface.
OSPF Commands ip ospf message-digest-key This command enables/disables OSPF MD5 authentication on an interface to validate OSPF routing updates between neighboring routers. Syntax ip ospf message-digest-key keyid md5 key keyid Key identifier on the interface where MD5 authentication is enabled. Valid values are integers from 1 to 255. key Password for MD5 authentication to be used with the keyid. Valid values are alphanumeric strings of up to 16 characters.
OSPF Commands Mode Interface configuration: XSR(config-if# Example The following example imposes OSPF passive on Fast Ethernet interface 1: XSR(config)#interface fastethernet 1 XSR(config-if)#ip ospf passive ip ospf poll-interval This command sets the OSPF polling interval on Multipoint and Point‐to‐Point interfaces. The default value allows the adjacency to be established per the default Hello interval. Syntax ip ospf poll-interval interval Poll period, ranging from 1 to 65,535.
OSPF Commands Mode Interface configuration: XSR(config-if)# Default 1 Example The following example sets OSPF priority to 20 for FastEthernet port 1: XSR(config)#interface fastethernet 1 XSR(config-if)#ip address 172.16.16.1 255.255.255.0 XSR(config-if)#ip ospf priority 20 ip ospf retransmit-interval This command sets the interval between retransmissions of link state advertisements for adjacencies that belong to this interface.
OSPF Commands ip ospf transmit-delay This command sets the interval required to transmit a link state update packet on this interface. Syntax ip ospf transmit-delay seconds seconds Specifies the transmit delay, ranging from 1 to 3600 seconds. Syntax of the “no” Form The no form of this command sets the value to the default.
OSPF Commands Mode Router configuration: XSR(config-router)# Defaults • Disabled • Costs: LAN ‐ 10, Serial ‐ 64 Example In this example, three routers are configured to run OSPF. Router R1 and R3 are internal routers. R1 is internal to area 1, and R3 internal to area 0. R2 is an Area Border Router (ABR). Enter the following commands on R1: XSR(config)#interface fastethernet 1 XSR(config-if)#ip address 131.108.1.1 255.255.255.0 XSR(config)#router ospf 1 XSR(config-router)#network 131.108.1.0 0.0.
OSPF Commands metric-value Cost of a route being redistributed into OSPF, ranging from 0 to 16,777,214. metric-type OSPF exterior metric type. 1/2 OSPF external Type 1 or 2 metrics. route-mapnumber Number of the associated route map.
OSPF Commands Next Mode Router configuration: XSR(config-router)# Default OSPF disabled Example The following example enables OSPF routing: XSR(config)#router ospf 2 XSR(config-router)# summary address This command summarizes locally‐sourced (Type‐5) routes on the XSR which are redistributed from other protocols into OSPF. Type‐7 translations are not summarized.
OSPF Commands Syntax of the “no” Form The no form of this command removes summary addressing on the XSR: no summary-address ip-address ip-mask Subnet/mask used for the summary range. not-advertise Suppress routes in the summary range. tag Value used in the generated Type‐5 LSA . Mode Router configuration: XSR(config-router)# Example The following example produce a single Type‐5 LSA for all routes redistributed into OSPF covered by the prefix 64.0.0.
OSPF Debug and Show Commands OSPF Debug and Show Commands debug ip ospf dr This command debugs OSPF designated router events. As with all XSR debug commands, it is set to privilege level 15 by default. Note: This command does not display in running config because it is a debug function. It must be set manually every time the XSR is rebooted.
OSPF Debug and Show Commands Syntax of the “no” Form The no form of this command returns the debug function to the default: no debug ip ospf packet Mode EXEC configuration: XSR> Examples The following example displays a transmitted Hello packet: OSPF: Tx PKT. Hello v:2 t:1 l:44 rid:1.1.1.4 aid:0.0.0.5 chk:fa94 aut:0000 from GigabitEthernet 2 to 224.0.0.5 The following example displays a received Hello packet that failed verification because the area ID does not match: OSPF: Rx PKT.
OSPF Debug and Show Commands Rx PKT OSPF Packet received. is Ok OSPF received packet passed verification. is NOk OSPF received packet failed verification (i.e., Area ID does not match). Database OSPF Database Description Packet. LS request OSPF Link State Request Packet. LS update OSPF Link State Update Packet. LS Ack OSPF Link State Acknowledge Packet. debug ip ospf lsas This command debugs OSPF Link State Advertisements (LSAs).
OSPF Debug and Show Commands OSPF: Tx LSA. external, age:017a opt:20 id:13.0.0.0 rid:10.0.0.1 seq:80000088 chk:807a l:36 from GigabitEthernet 2 The following example displays a received LSA acknowledgement: OSPF: Rx Ack. external, nbr:10.0.0.1 age:017b opt:20 id:13.0.0.0 rid:10.0.0.1 seq:80000088 chk:807a l:36 The following example displays an LSA Updated/Modified in the database: OSPF: Upd LSA. summary, aid:00000005 age:0000 opt:02 id:1.1.1.3 rid:1.1.1.
OSPF Debug and Show Commands Syntax debug ip ospf nbr Syntax of the “no” Form The no form of this command returns the debug function to the default: no debug ip ospf nbr Mode EXEC configuration: XSR> Examples The following example displays a Transmit Database Description packet: OSPF: Tx DDP. nbr:10.0.0.1 mtu:05dc opt:42 flg:00 seq:00002400 from GigabitEthernet 2.1 The following example displays a received database description packet from incoming interface GigabitEthernet 2.1 ‐ I: OSPF: Rx DDP.
OSPF Debug and Show Commands show ip ospf This command, when any debugging type is enabled, displays output about the following types of OSPF information: designated router events, neighbor events, Link State Advertisements (LSAs), and packets. Syntax show ip ospf Mode EXEC or Global configuration: XSR> or XSR(config)# Sample Output The following is sample output when all debugging types are enabled: XSR#show ip ospf Routing Process "ospf 1 " with ID 1.1.1.
OSPF Debug and Show Commands It is OSPF router designation. Valid values: area border, autonomous system boundary, and internal. Summary Link update interval Update interval for summary LSAs generated by this router. External Link update interval Update interval for external LSAs generated by this router. Redistributing External Routes from Valid redistributed routes: static, RIP, OSPF. Number of areas in this router Sum of areas this router belongs to followed by types of areas.
OSPF Debug and Show Commands Next hop IP address of an interface on a neighboring router identified by the router ID that can be reached. Router type Type of destination border router ‐ ABR or ASBR. Area ID of the area through which the route to the destination border router identified by the router ID has been learned. SPF number Internal number identifying the SPF calculation that resulted in this coute’s installation.
OSPF Debug and Show Commands No Parameter XSR>show ip ospf database OSPF Router with ID(10.1.2.1) LinkID 10.1.1.1 10.1.2.1 Displaying ADV Router 10.0.0.1 0x0 Net Link Age 0x1 0x80000001 States (Area 0.0.0.0) Seq# Checksum 0x80000001 0x61c610.5.6.1 0x927c Displaying Router Link States (Area 0.0.0.0) LinkID 10.0.0.1 10.7.7.1 10.1.2.1 ADV Router Age 10.0.0.1 0x5 10.7.7.1 0x1 10.1.2.1 0x0 LinkID 10.5.5.1 Displaying ADV Router 10.1.2.
OSPF Debug and Show Commands (Link Data) Router Interface address: 0.0.0.0 Number of TOS metrics: 0 TOS 0 Metrics: 64 Network Parameter XSR>show ip ospf database network OSPF Router with ID (192.168.44.2) Net Link States (Area 0.0.0.0) Routing Bit Set on this LSA LS age: 332 Options: (No TOS-capability, DC) LS Type: Network Links Link State ID: 172.16.150.1 (address of Designated Router) Advertising Router: 192.168.44.1 LS Seq.
OSPF Debug and Show Commands Link State ID: 172.15.0.0 (summary Network Number) Advertising Router: 192.168.44.2 LS Seq. number: 80000006 Checksum: 0x5ACD Length: 28 Network Mask: /0 TOS: 0 Metric: 16777215 External Parameter Response XSR>show ip ospf database external OSPF Router with ID (192.168.44.2) Type-5 AS External Link States Routing Bit Set on this LSA LS age: 98 Options: (No TOS-capability, DC) LS Type: AS External Link Link State ID: 172.14.0.0 (External Network Number) Advertising Router: 192.
OSPF Debug and Show Commands Forward Address: 192.168.33.2 External Route Tag: 0 Database-summary Parameter Response XSR>show ip ospf data database-summary OSPF Router with ID (192.168.44.1) AreaID Router Network S-Net 0.0.0.
OSPF Debug and Show Commands Type of router Type of OSPF router ‐ internal, ABR, and ASBR. Number of links Total individual links inside this LS record. Link connected to Assumes different values as a function of the connection offered by a router interface (link). These links can be: point‐to‐point, to a transit network, to a stub network, and to a virtual link with assigned values from 1 to 4, respectively. Different connection types are referred to as different link types.
OSPF Debug and Show Commands LS Type Summary links (network) for summary LS record. Link State ID IP address of the summarized network. Advertising Router Originating router ID. LS Seq. Number Sequence number assigned by OSPF to this LS record at the time of its origination. Checksum Field in a LS record used to verify the integrity of the contents upon the receipt by another router. Length Length of the LS record in bytes. Network mask Summary mask for the summarized network.
OSPF Debug and Show Commands Length Length of the LS record in bytes. Network mask Mask of the network. Metric type OSPF type 1 or 2 metric. TOS 0 due to non support of TOS. Metric Cost to reach external network from advertising router (ASBR). Forward address Address to which packets for the advertised external network must be sent. When it is set to 0.0.0.0, it indicates packets must be sent to the advertising router (ASBR).
OSPF Debug and Show Commands AS external Sum of external LS records. Subtotal Subtotal Sum of LS records per area. Delete Sum of LS records waiting for deletion from LS DB. Maxage Sum of LS records that have reached maximum age. Total Sum of LS records in the LS database on XSR. show ip ospf interface This command displays interface OSPF‐related information, including network type, priority, cost, hello, interval, dead interval. Syntax show ip ospf interface [type][number] type Interface type.
OSPF Debug and Show Commands Network type OSPF network type. Values can be broadcast, non‐broadcast, point‐to‐ point, and point‐to‐multipoint. Refer to the ip ospf network command for more information about network type. Cost OSPF interface cost. This value is either the default or assigned by means of the ip ospf cost command. Transmit delay Number in seconds added to the LSA age field at the time of LSA transmission. State Interface state ‐ not state between neighbors.
OSPF Debug and Show Commands Sample Output The following are sample responses: XSR#show ip ospf neighbor ID Pri State 10.7.7.1 1 FULL 10.0.0.1 1 FULL Dead Intvl 40 40 Address 10.5.6.1 10.1.1.1 Address FastEthernet6 FastEthernet3 XSR#show ip ospf neighbor detail Neighbor 10.7.7.1 interface address 10.5.6.1 In the area 0.0.0.0 via FastEthernet6 Neighbor priority is 1, state is FULL. Options 1 Dead interval is 40 sec(s) Link state retransmission interval is 5 sec(s) Neighbor 10.0.0.
OSPF Debug and Show Commands Sample Output The following is sample output: XSR>show ip ospf virtual-links Virtual Link OSPF_VLI to router 192.168.22.1 is up Run as demand circuit. DoNotAge LSA not allowed (Number of Dcbitless LSA is 2). Transit area 4, via interface Serial1, Cost of using 64 Transmit Delay is 1 sec, State POINT-TO-POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:08 Adjacency State FULL Virtual Link OSPF_VLO to router 192.168.44.
RIP Commands RIP Commands distance (RIP) This command defines administrative distances (route preference) in the RIP domain. The RIP default ranks higher than all other routed distances. If several routes to the same destination are offered to the Routing Table Manager (RTM) by different protocols, installation is based on the distance of the protocol with the lowest value. You can set the same distance for different protocols (except for multiple static routes) with a tiebreak based on default distances.
RIP Commands Mode Router configuration: XSR(config-router)# Example The following example sets the RIP administrative distance to 85: XSR(config)#router rip XSR(config-router)#distance 85 distribute-list This RIP command filters networks received in updates/suppresses networks from being advertised in updates. Syntax distribute-list access-list-number {in | out} [type number] access-list number IP access list number, ranging from 1 to 199.
RIP Commands Note: This type of filtering might prove problematic in situations where you want to filter an exact route (for RIP v2). For example, if you want to filter route 10.0.0.0/8, a filter set as access-list 1 deny 10.0.0.0 0.255.255.255 will not suffice, because subnets such as 10.0.0.0/9, 10.0.0.0/ 10 and so on will also be denied. So, to restrict the filter to 10.0.0.0/8 only, configure an extended access list with the following format: access-list 101 deny 10.0.0.0 0.0.0.255 255.0.0.0 0.0.0.
RIP Commands FastEthernet port 2 is instructed to be totally passive (no advertising on it, no sending of triggered updates, and no receiving of updates). Serial 1 is allowed to receive both version 1 and 2 RIP, and transmits version 2. The method used is split horizon with poison reverse. Authentication mode text is used on Serial port 1, and the text is Tex: XSR(config)#router rip XSR(config-router)#network 192.168.1.0 XSR(config-router)#network 192.169.1.0 XSR(config-router)#neighbor 192.5.10.
RIP Commands Mode Interface configuration: XSR(config-if)# Default No authentication mode specified. Examples This example sets text authentication mode and the key XenObhobe for use on FastEthernet 1: XSR(config)#interface fastethernet 1 XSR(config-if)#ip rip authentication key XenObhobe XSR(config-if)#ip rip authentication mode text The following example enables RIP on both FastEthernet interfaces of router R1, also enabling routing exchanges on the serial link R1‐R2 (Serial 2).
RIP Commands Default Allows RIP to respond to a triggered update. Example This example prevents RIP from responding to a request for triggered updates on F1: XSR(config)#interface fastethernet 1 XSR(config-if)#ip rip disable-triggered-updates ip rip offset This command adds an offset onto incoming/outgoing metrics to routes learned via RIP. Syntax ip rip offset value value Positive offset to be applied to metrics for networks, ranging from 0 to 16. If the offset is 0, no action is taken.
RIP Commands Figure 5-3 Offset Example Distance Router 1-Router x2+1 hops Router 1 Router x Backup INTERNET Serial 1/0 Serial 1/1 INTERNET Distance Router1-Rx2 hops ip rip receive version This command sets RIP v1 or v2 for update packets received on the port. Syntax ip rip receive version [1] [2] 1 RIP version 1. 2 RIP version 2.
RIP Commands ip rip send version This command sets RIP v1 or v2 for update packets sent on the interface. Syntax ip rip send version {1 | 2 | r1compatible} 1 RIP version 1. 2 RIP version 2. r1compatible Sends version 2 packets, but transmits these as broadcast packets rather than multicast packets, so that systems which only understand RIP version 1 can receive them.
RIP Commands Default IP split‐horizon Example The following command sets split horizon for packets to be transmitted by RIP on interface 1: XSR(config)#interface fastethernet 1 XSR(config-if)#ip split-horizon neighbor This command directs the XSR to exchange point‐to‐point (non‐broadcast) routing information with a neighbor. When used in combination with the passive-interface command, RIP updates can be exchanged between a subset of routers and access servers on a LAN.
RIP Commands network This command attaches a network of directly connected networks to a RIP routing process. Syntax network netAddress netAddress A directly connected network that RIP will advertise to its neighboring routers. This is an IP address format. Syntax of the “no” Form The no form of this command disables RIP on the specified interface: no network netAddress Mode Router configuration: XSR(config-router)# Example This example attaches network 192.168.1.
RIP Commands Example This example sets F2 as a passive interface. No RIP updates will be transmitted on F2: XSR(config-router)#passive-interface fastethernet 2 receive-interface This command allows RIP to receive update packets on an interface. This does not affect the transmission of RIP updates on the specified interface. Syntax receive-interface type num type Interface type. num Physical interface number.
RIP Commands Syntax of the “no” Form The no form of this command cancels the redistribution of routes: no redistribute from_protocol [metric metricvalue] Mode Router configuration: XSR(config-router)# Default Disabled Examples This example redistributes static routes from 5 hops away into RIP: XSR(config-router)#router rip XSR(config-router)#redistribute static 5 This example redistributes intra, inter and external OSPF routes into RIP: XSR(config-router)#redistribute ospf match internal match external
RIP Commands Example XSR(config)#router rip XSR(config-router)# timers This command configures RIP timers. Syntax timers basic [update | invalid | flush] update Interval the RIP timer is revised, ranging from 1 to 2,147,483,647 seconds. invalid Interval the RIP timer is deemed invalid, ranging from 1 to 2,147,483,647 seconds. The invalid interval must be at least three times the update interval. flush Interval the RIP timer is flushed, ranging from 1 to 2,147,483,647 seconds.
RIP Show Commands RIP Show Commands show ip rip This command displays configuration data and statistics global to all ports. Syntax show ip rip [interface | database] interface The interface on which RIP is running. database The database on which RIP is set up.
RTP Header Compression Commands Routing Source Information: 192.168.28.0/24 via: 192.168.29.22 1.1.1.1/32 via: 192.168.29.22 10.0.0.0/32 via: 201.1.1.0 cost:2 cost:2 cost:2 age:16 age:16 age: - FastEthernet2 FastEthernet2 Serial2/0:1.1 The following is sample output with the interface option chosen: XSR#show ip rip interface FastEthernet1 is UP Internet Address 10.0.0.0, Mask 255.255.0.
RTP Header Compression Commands UDP payload must be less than 500 bytes Packet must not be fragmented The destination port of the packet must be within user configured port range (there is no restriction on the source port) Note: The XSR doesn’t impose any restrictions on RTP de‐compression. clear ip rtp header compression interface serial This command clears the RTP header compression statistics for the specific PPP serial interface. Syntax show ip rtp header-compression interface serial slot/port{.
RTP Header Compression Commands Mode Interface configuration: XSR(config-if)# This command is applicable only on serial interface with PPP encapsulation. Note: The XSR currently does not block this command on ʺinterface dialerʺ and on ʺinterface multilinkʺ, but the command has no effect on these interfaces. This command requires a reboot of the interface to take effect.
RTP Header Compression Commands Mode Interface configuration: XSR(config-if)# This command is applicable only on serial interface with PPP encapsulation. Note: The XSR currently does not block this command on ʺinterface dialerʺ and on ʺinterface multilinkʺ, but the command has no effect on these interfaces. This command requires a reboot of the interface to take effect.
RTP Header Compression Commands show ip rtp header compression interface serial This command displays the RTP header compression statistics for the specific PPP serial interface. Note: The existing command “show ppp interface serial” has been updated to add the following line in the PPP stats section “TX/RX IP Header Compression (IPHC is enabled” if IP header compression has been negotiated with the remote peer. See page 8‐102 for information on the command “show ppp interface serial”.
Triggered on Demand RIP Commands Rcvd: Compr. RTP Number of compressed RTP packets. Compr. UDP Number of compressed UDP packets. Full Header Number of full header packets received. Errors Number of packets that cannot be un‐compressed because it is out of sequence, indicating that one or more packets have been lost on the link. Dropped Packets whose IP, Port or SSRC does not match that in the received context.
Triggered on Demand RIP Commands • ip rip triggered-on-demand ‐ Enables the functionality on the specified interface. Refer to page 192 for the command definition. ip rip max-retransmissions This command sets the maximum number of retransmissions to be sent. Syntax ip rip max-retransmissions number number Number of retransmissions, ranging from 2 to 120.
Triggered on Demand RIP Commands Syntax of the “no” Form The no command resets maximum retransmissions to the default: no ip rip polling interval Mode Interface configuration: XSR(config-if)# Default 30 seconds Example The following example sets the polling interval to 120 seconds: XSR(config)#interface serial 1/0 XSR(config-if)#ip address 1.0.0.0 255.0.0.
Policy-Based Routing Commands Syntax of the “no” Form The no form of this command disables triggered RIP on the interface: no ip rip triggered-on-demand Mode Interface configuration: XSR(config-if)# Default Disabled Example The following example configures triggered RIP on Serial port 1/0: XSR(config)#interface serial 1/0 XSR(config-if)#ip address 1.0.0.0 255.0.0.0 XSR(config-if)#no shutdown XSR(config-if)#ip rip triggered-on-demand XSR(config-router)#network 1.0.0.
Policy-Based Routing Commands Examples The following example enables PBR on interface FastEthernet 2: XSR(config-if)#ip policy The following example enables PBR on interface Dialer 57: XSR(config-if)#ip policy route-map pbr This command adds or deletes PBR route‐map entries and acquires PBR Map configuration mode. The following commands are subsets of Route Map PBR functionality: • match ip address - Adds/deletes PBR match clauses. See page 5‐147 for command definition.
Policy-Based Routing Commands match ip address This command associates the PBR policy with a configured Access Control List (ACL). Syntax match ip address access-number access-number The ACL number used to match traffic.
PBR Clear and Show Commands set interface This command specifies an XSR interface as the forwarding port for Policy Based Routing. Syntax set interface interface-num interface-num Interface number.
ARP Commands XSR>show ip pbr-cache Source Destination 192.168.1.1 192.168.27.1 192.168.1.1 192.168.27.33 192.168.1.1 192.168.27.33 Age(sec) 109 70 50 IP Prot 1 255 6 TCP/UDP Port 8 ICMP Code (23, 23) Parameter Descriptions Source Source IP address of the packet. Destination Destination IP address of the packet. Age Seconds left for the lifetime of the cache. IP Protocol IP Protocol number. TCP/UDP Port TCP/UDP Port number. ICMP Code ICMP code number.
ARP Commands Syntax arp ip-address hardware-address ip-address IP address of a device on the network. Valid values are IP addresses in dotted decimal notation. hardware-address The 48‐bit hardware address expressed in hexidecimal notation and corresponding to the IP address identified in the ip‐address parameter.
Other IP Commands Example This example adds a permanent ARP entry for the IP address 130.2.3.1 and sets the timeout at 5 hours (18,000 seconds) as shown in Figure 5‐4: XSR(config)#arp 130.2.3.1 0003.4712.7a99 XSR(config)#arp-timeout 18000 Figure 5-4 130.2.3.1 ARP Timeout Example 130.2.3.0/24 130.2.3.2 Host 2 130.2.3.3 Host 1 Router 1 Other IP Commands ip address This command sets a primary or secondary IP address on an interface. Secondary IP addresses are allowed on FastEthernet interfaces only.
Other IP Commands Mode Interface configuration: XSR(config-if)# Examples The following CIDR example sets IP address 192.168.1.1 with a mask of /24 on interface F1. XSR(config)# interface FastEthernet 1 XSR(config-if)# ip address 192.168.1.1/24 The following example sets the IP address 192.168.1.1 on G2: XSR(config)#interface gigabitethernet 2 XSR(config-if)#ip address 192.168.1.1 255.255.255.0 In the example below, 131.108.1.27 is the primary address and 192.31.7.17 and 192.31.8.
Other IP Commands Mode Global configuration: XSR(config)# Example In the following example, as shown in Figure 5‐5, Router 1 sets two candidates for the default route: network 199.15.2.0 and 198.15.2.0. XSR(config)#ip default-network 199.15.2.0 XSR(config)#ip default-network 198.15.2.0 Both default routes appear in the routing table, as advertised by Router 2, and Router 3, which run RIP, so both are candidates for the default route. The route to 199.15.2.0 is three hops away, and the route to 198.15.2.
Other IP Commands Mode Interface configuration: XSR(config-if)# Default Enabled Example The following example denies ICMP broadcasts on port FastEthernet 1: XSR(config)#access-list 100 deny ICMP any any XSR(config)#interface fastethernet 1 XSR(config-if)#ip directed-broadcast 100 The following example removes the previous restriction on interface FastEthernet 1 (broadcast will be performed for all protocols): XSR(config)#interface fastethernet 1 XSR(config-if)#no ip directed-broadcast ip dh
Other IP Commands ip domain This command identifies the domain to which the XSR belongs. If the command is reissued, it is considered an update of the domain name and will overwrite the old value with a new value. The XSR uses the domain name to help create a certificate subject name, which is automatically formated to: .. You can configure the host name with the hostname command.
Other IP Commands Parameters round-robin Round robin method of selecting the routing path, if multiple paths are available. per-flow Per‐flow method of selecting the routing path, if multiple paths are available.
Other IP Commands port Destination port that controls which UDP services are forwarded.
Other IP Commands DHCP Relay Functionality The DHCP Relay functionality is applied with the help of IP broadcast forwarding. A typical situation, as shown in Figure 5‐7, occurs when a Host requests an IP address with no DHCP server located on that segment. Router 1 can forward the DHCP request (1) to the server located on N2, if IP forward‐protocol is enabled for UDP, and the address of the DHCP server is configured as a helper address on the receiving interface of Router 1.
Other IP Commands XSR(config)#ip forward-protocol udp XSR(config)#interface fastethernet 1 XSR(config-if)#ip helper-address 192.168.1.255 XSR(config)#interface fastethernet 2 XSR(config-if
Other IP Commands Syntax ip irdp [multicast|holdtime seconds | advertinterval seconds | preference number] multicast :Multicast address (224.0.0.1) instead of IP broadcasts. holdtime seconds The interval router advertisements are held valid, ranging from 1 to 9000 seconds. Value must exceed advertinterval but cannot exceed 9000 seconds. advertinterval seconds Peak interval between router advertisements, ranging from 3 to 1800 seconds.
Other IP Commands Mode Interface configuration: XSR(config-if)# Default 1500 Example The following example sets the MTU size to 1200 for interface Serial 1/0: XSR(config-if)#ip mtu 1200 ip proxy-arp This command enables/disables Proxy ARP on a per interface basis, allowing the XSR to answer ARP requests on one network for a host on another network. It is available for Fast/ GigabitEthernet interfaces only.
Other IP Commands Syntax ip proxy-dns enable Syntax of the “no” Form The no form of this command disables Proxy DNS: no ip proxy-dns enable Mode Global configuration: XSR(config)# Default Disabled ip proxy-dns name server This command specifies up to six name servers the proxy DNS server will use. Syntax ip proxy-dns name-server server-address1 [server-address2...server-address6] server-address1 IP address of the name server. server-address2...server-address6 IP address of additional name servers.
Other IP Commands Syntax of the “no” Form The no form of this command negates IP redirection: no ip redirects Default Enabled Mode Global configuration: XSR(config)# Example In the following example, IP redirection is disabled: XSR(config)#no ip redirects ip route This command configures a static IP route. Note: The XSR supports a maximum of 50 static routes with 64 MBytes of memory installed. Syntax ip route {A.B.C.D. mask} | {address&mask}{address |interface-type #}}[distance]} A.B.C.D.
Other IP Commands Mode Global configuration: XSR(config)# Examples This example, shown in Figure 5‐8, sets 2 static routes to networks 192.1.2.0 and 193.62.5.0 through gateway 192.31.7.65. Note that the distance is 1 (default), making these routes preferred in case a dynamic routing protocol is running on the same router with its own routes for these destinations. XSR(config)#ip route 192.1.2.0 255.255.255.0 192.31.7.65 XSR(config)#ip route 193.62.5.0 255.255.255.0 192.31.7.
Other IP Commands ip tcp adjust-mss This command sets the Maximum Segment Size (MSS) for TCP SYN (synchronize) packets. When the XSR terminates PPPoE traffic, a PC connected to the FastEthernet interface may have problems accessing Web sites if the PCʹs Maximum Transmission Unit (MTU) setting is too high. The MTU contains maximum segment size (MSS) values for TCP packets transmitted by the PC. Some Web sites do not perform Path MTU discovery correctly.
Other IP Commands ip telnet server This command enables or disables Telnet service to the XSR. If the optional parameter is not supplied, the Telnet server is enabled. Since the Telnet server is enabled at boot‐up, you must either manually disable it using the CLI or disable it in the startup‐config file. Syntax ip telnet server [enable | disable] enable Enables Telnet service. disable Disables Telnet service.
Other IP Commands Syntax ip unnumbered [type number] type Type of another interface on which the router has an assigned IP address. It cannot be another unnumbered interface. number Number of another interface on which the router has an assigned IP address. It cannot be another unnumbered interface.
IP Clear and Show Commands Example The following example configures a router identifier: XSR(config)#ip router-id 1.2.3.4 IP Clear and Show Commands clear arp-cache This command deletes all nonstatic entries from the ARP cache. Syntax clear arp-cache Mode Privileged EXEC: XSR# clear ip interface-counters This command clears all IP interface counters. If you do not enter the optional type or number value, all interface counters will be erased.
IP Clear and Show Commands clear ip traffic-counters This command clears all IP related counters (IP, ICMP, ARP, UDP, TCP, RIP, OSPF) displayed by the show ip traffic command. Syntax clear ip traffic-counters Mode Privileged EXEC: XSR# clear tcp counters This command clears all TCP counters. Syntax clear tcp counters Mode Privileged EXEC: XSR# show ip arp This command displays all entries in the ARP cache. Syntax show ip arp [ip-address] [H.H.
IP Clear and Show Commands Internet Internet Internet Internet Internet Internet Internet Internet Internet Internet 134.141.235.137 134.141.235.150 134.141.235.155 134.141.235.124 58.58.58.1 57.57.57.1 54.54.54.1 53.53.53.1 52.52.52.1 51.51.51.1 1 0 2 17 - 00b0.d07f.0cab 00b0.d02c.06d2 00b0.d02c.077e 00b0.d06d.b6ca 0001.f4cc.dd02 0001.f4cc.dd02 0001.f4cc.dd02 0001.f4cc.dd02 0001.f4cc.dd02 0001.f4cc.
IP Clear and Show Commands Sample Output The following is sample output from the command: XSR>show ip interface Dialer 0 is Admin Up Internet address is 1.1.1.1/24 Last change: 11:14 AM Rcvd: 10245 octets, 1231 unicast packets, 0 discards, 3 errors, 4 unknown protocol Sent: 11232 octets, 1132 unicast packets, 0 discards, 2 errors MTU is 1500 bytes Proxy ARP is enabled.
IP Clear and Show Commands Internet address is 58.58.58.1, subnet mask is 255.255.255.0 Secondary Rcvd: 515027 octets, 3306 unicast packets, 0 discards, 0 errors, 0 unknown protocol. Sent: 363256 octets, 2472 unicast packets, 0 discards, 0 errors. MTU is 1500 bytes. Helper address is not set. Directed broadcast is enabled. Outgoing access list is not set. Inbound access list is not set. Router discovery is disabled. The following is sample output from a VLAN interface on FastEthernet sub‐interface 2.
IP Clear and Show Commands Inbound access list Indicates whether the interface has an incoming access list set. show ip irdp This command displays ICMP router discovery settings. Syntax show ip irdp Configuration Mode EXEC or Global configuration: XSR> or XSR(config)# Sample Output The following is sample output: XSR>show ip irdp FastEthernet1 has router server discovery enabled. Broadcast address is used. Advertisements will occur between every 450 and 600 seconds.
IP Clear and Show Commands Sample Output The following is sample output from the command: XSR>show ip proxy-dns cache Name www.enterasys.com www.test.com Age(sec) 100 10 Parameter Description Name Designation of the DNS query. Age Seconds remaining for the lifetime of the cache. show ip route This command displays information about the Routing Table including route types, IP addresses, and costs.
IP Clear and Show Commands Sample Output The following is sample output. Note the route costs as indicated within brackets. XSR>show ip route Codes: C-connected, S-static, R-RIP, O-OSPF, IA-OSPF interarea N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 * - candidate default, D - default route originated from default net O O O C R R R C C R C C C C S S E2 222.51.51.0/24 IA 192.169.1.0/24 192.168.25.0/24 192.168.5.0/24 68.0.0.0/8 67.0.0.
IP Clear and Show Commands E2 OSPF external type 2 route * Candidate default route D Default route originated from default network U User‐configured static route [x/y] Distance/metric information [0060] Route cost show ip static database This command displays static route information including the destination IP address, gateway IP address, and administrative distance. Syntax show ip static database [A.B.C.D. A.B.C.D.
IP Clear and Show Commands show ip traffic This command displays general IP protocols statistics.
IP Clear and Show Commands 0 link state updates, 0 link state acks 0 total Sent: ARP statistics: Rcvd: 87441 requests, 5 replies Sent: 3 requests, 36 replies (0 proxy) Parameter Description Total Sum of datagrams received. Local destination Sum of local datagrams successfully delivered to upper layers. To be forwarded Sum of input datagrams, for which the XSR is not the destination.
IP Clear and Show Commands Max Unresolved ARP Requests| Routing Table Size| Number of Static Routes| Number of Secondary IP| Number of Virtual IP| IP Helper Addresses| UDP Broadcast Fwd Entries| OSPF LSA type 1| OSPF LSA type 2| OSPF LSA type 3| OSPF LSA type 4| OSPF LSA type 5| OSPF LSA type 7| Number of ACList Entries| Number of Users| SNMP Read-Only Communities| SNMP Read-Write Communities| SNMP Trap Servers| SNMP users| SNMP groups| SNMP views| Number of IP Interfaces| Number of RIP Net| AAA Sessions|
IP Clear and Show Commands Parameter Description 64MgB Amount of memory installed in the XSR. Resource Table, table entry, user, or SNMP category. ResourcesInUse Sum of entries currently in use. Bytes Per Resource Sum (in bytes) of memory in use by each entry. Total Bytes InUse Sum (in bytes) of memory currently used by this resource. show tcp This command displays TCP statistics. Syntax show tcp {connections | general} connections A summary connections display.
IP Clear and Show Commands 4 transitions from LISTEN to SYN-RCVD 2 transitions from SYN-SENT or SYN-RCVD to CLOSED 2 transitions from ESTABLISHED or CLOSE-WAIT to CLOSE Parameter Description Connection state - Possible states for a TCP connection: LISTEN Waiting for a connection request. SYNSENT Waiting for a matching connection request after having sent a connection request. SYNRCVD Waiting for a confirming connection request ack after having both received and sent a connection request.
Network Address Translation Commands Default Standard Telnet port 23. If the port is not provided, the client will try to connect to port 23 on the remote server. Example The following example connects you to the XSR at 192.57.189.4 via Telnet: XSR#telnet 192.57.189.4 23 Network Address Translation Commands The XSR commands below configure Network Address Translation (NAT). clear ip nat translation This command clears dynamic NAT translations from the table before they time out.
Network Address Translation Commands The following example clears a specific UDP entry from the NAPT table: XSR#clear ip nat translation fastEthernet 1 17 200.2.233.1 1220 192.168.27.95 1220 1 NAPT entries or NAT mapping removed The following example clears all NAPT translations for host 192.168.50.2 on the private network: XSR#clear ip nat translation fastEthernet 1 192.168.50.2 0.0.0.
Network Address Translation Commands Next Mode IP Local Pool configuration: XSR(ip-local-pool)# Example The following example creates local IP address pool marketing, which contains all IP addresses in the range 203.57.99.0 to 203.57.99.255: XSR(config)#ip local pool marketing 203.57.99.0 255.255.255.0 exclude This sub‐command bars the use of a range of IP addresses from an earlier created IP pool. Syntax exclude {ip address}{number} ip address Starting address to be excluded from pool.
Network Address Translation Commands Syntax ip nat pool name name Name of the IP local pool. Syntax of the “no” Form The no command removes one or more addresses from the NAT pool: no ip nat pool name Mode Global configuration: XSR(config)# Example The following example configures the IP NAT pool NATpool: XSR(config)#ip nat pool NATpool ip nat service list ???SPTD??? This command specifies a port other than the default port for the File Transfer Protocol (FTP).
Network Address Translation Commands XSR(config)#ip nat service list 1 ftp tcp port 2021 XSR(config)#access-list 1 permit 10.1.1.1 This example sets non‐standard port 2021 and standard port 21 for FTP. Be aware that if the FTP server is using both the default and another port, both ports must be configured in NAT. XSR(config)#ip nat service list 1 ftp tcp port 21 XSR(config)#ip nat service list 1 ftp tcp port 2021 XSR(config)#access-list 1 permit 10.1.1.
Network Address Translation Commands ip nat source intf-static (interface mode) This command configures a single static translation entry in the Network Address Translation (NAT) table. Interface static NAT is similar to global NAT; it takes precedence over global static NAT with the implication that if an outgoing/incoming packet matches the interface static NAT no other form of NAT will be performed.
Network Address Translation Commands global-ip Translated IP address. tcp | udp This value implies that his is a port‐specific static NAT. local-port Source port of outgoing packets and destination port of incoming packets. global-port Destination port of outgoing packets and source port of incoming packets.
Network Address Translation Commands Defaults • Timeout: 180 seconds (3 minutes) • UDP‐timeout: 300 seconds (5 minutes) • TCP‐timeout: 86,400 seconds (24 hours) • ICMP‐timeout: 60 seconds Example The example below times out UDP port translation entries in 15 minutes: XSR(config)#ip nat translation udp-timeout 900 show ip nat translations This command displays active NAPT translations.
Network Address Translation Commands NAPT using address: 10.10.10.2 Num translations: 8 --------------------------------------Pro Private Host NAT Addr (Local IP Addr) (Global IP Addr) UDP 192.168.50.90:1024 10.10.10.2:20002 UDP 192.168.50.90:1024 10.10.10.2:20001 UDP 192.168.50.91:1024 10.10.10.2:20004 UDP 192.168.50.91:1024 10.10.10.2:20003 TCP 192.168.50.70:1024 10.10.10.2:20006 TCP 192.168.50.70:1024 10.10.10.2:20005 TCP 192.168.50.71:1024 10.10.10.2:20008 TCP 192.168.50.71:1024 10.10.10.
Virtual Router Redundancy Protocol Commands Virtual Router Redundancy Protocol Commands vrrp adver-int This command configures the interval between successive advertisements sent by the master VR in a virtual group. Advertisements sent by the master VR communicate the state and priority of the current master VR. Note: All virtual routers in a virtual group must have the same advertisement interval. Syntax vrrp group adver-int [sec] interval group VR group number.
Virtual Router Redundancy Protocol Commands message is accepted and if not, it is discarded. All routers within the group must share the same authentication string. Note: Plain text authentication is not meant to be used for security. It simply provides a way to prevent a misconfigured router from participating in the VRRP. Syntax vrrp group authentication string group Virtual router group number. string String (up to 8 alphanumeric characters) to validate incoming VRRP packets.
Virtual Router Redundancy Protocol Commands Syntax vrrp group ip ipaddress group VR group number. If you do not specify an input group number, the default group number will be used. Limit: 11 addresses per VR, 44 per router. ipaddress IP address of the VR.
Virtual Router Redundancy Protocol Commands Defaults • Disabled ‐ the VR master will not respond to an ICMP echo request sent to the virtual IP address if it is not the physical owner. • If no group is provided, the default group is 1.
Virtual Router Redundancy Protocol Commands Mode Interface configuration: XSR(config-if)# Examples The following example enables preempt for virtual router group 1 with a 2‐second delay set on F1: XSR(config)#interface fastethernet 1 XSR(config-if)#vrrp 1 preempt delay 2 or vrrp preempt delay 2 The following example disables the preempt for VR group 1 on F1: XSR(config-if)#no vrrp 1 preempt or no vrrp preempt vrrp priority This command sets the priority level of the router within a v
Virtual Router Redundancy Protocol Commands vrrp track This command allows a Virtual Router (VR) to track another interface (FastEthernet, Serial, Dialer or Multilink PPP) or one or moe routes on the same router. When interface A is configured to track interface B, interface A will monitor the status of interface B to decide if it wants to become the master of a VR. When interface B goes down, it will lower its priority to 0 (zero) and refrain from participating in the VR master selection.
VRRP Clear and Show Commands XSR(config)#interface fastethernet 1 XSR(config-if)#vrrp 2 track serial 1/0 This example disables the tracking of interface Serial 1/0 by interface F1 on VR 2: XSR(config-if)#no vrrp 2 track VRRP Clear and Show Commands clear vrrp-counters This command clears statistics for a specified VRRP group; it is governed by the following considerations: • If you do not specify both group and interface, the statistics for all Virtual Routers (VR) in the VRRP group on this router will
VRRP Clear and Show Commands Mode EXEC: XSR> Sample Output The following sample output displays configuration data for all virtual routers on this router: XSR#show vrrp Ethernet Interface: 1 Group ID: 1 State: backup Preempt: Preempt Enabled Priority: 100 Adver-int: 1 Master Down Timer: 3 Authentication Code: mypass Virtual IP: 3.3.3.3 Primary IP: 1.1.1.1 Master Router IP: 3.3.3.
VRRP Clear and Show Commands InvalidTypePktsRcvd: UnknownAuthType: AuthTypeErrors: AuthFailures: 0 0 10 0 show vrrp interface This command displays all the virtual routers and their status on a specified interface. Syntax show vrrp interface interface Interface name, either FastEthernet 1 or 2 only.
VRRP Clear and Show Commands State Master or backup Preempt Preempt enabled or not Preempt‐Delay Preempt delay seconds Priority Priority of this group Adver‐int Advertisement interval Master Down Timer/ Advertise Interval Timer/ Master Delay Timer If in backup state, displays the seconds remaining to trigger Master Down Timer or Master Delay Timer; if in master state, displays the seconds remaining to trigger the next advertisement.
VRRP Clear and Show Commands Maximum number of virtual addresses per VR: 11 Number of virtual IP address in use: Fast Ethernet 1 Fast Ethernet 2 Fast Ethernet 3 VR1 1 1 1 VR3 1 VR2 1 ------------------------------------------------------------ XSR CLI Reference Guide 5-201
VRRP Clear and Show Commands 5-202 Configuring the Internet Protocol
6 Configuring the Border Gateway Protocol Observing Syntax and Conventions The CLI command syntax and conventions use the notation described below.
BGP Configuration Commands • Networks • Neighbor parameters • Routing policies Syntax router bgp autonomous-system autonomous-system The XSR’s Autonomous System (AS) number, ranging from 1 to 65,535. The AS number is included in routing updates traded by BGP routers.
BGP Configuration Commands as-set Prevents data loss, including contents of BGP attributes, from more specific routes in the aggregate route. Note that when the contents of those attributes vary within more specific routes, reducing them to the same value within corresponding attributes of the aggregate route can cause routing problems such as loops. summary-only Prevents more specific routes that comprise the aggregate route from being advertised.
BGP Configuration Commands Mode Router configuration: XSR(config-router)# Default Enabled Example The following example configures summarization in BGP process 100: XSR(config)#router bgp 100 XSR(config-router)#auto-summary bgp always-compare-med This command instructs the XSR to compare the Multi Exit Discriminator (MED) value for paths from neighbors in different ASs. MED is one of the parameters considered by the XSR when selecting the best path.
BGP Configuration Commands bgp bestpath med missing-as-worst This command specifies that a route with a MED is always considered better than a route without a MED by causing the missing MED attribute to have a value of infinity.
BGP Configuration Commands Example This example first disables the default reflection setting on this router then restores the default: XSR(config)#router bgp 100 XSR(config-router)#no bgp client-to-client reflection XSR(config-router)#bgp client-to-client reflection bgp cluster-id This command sets the cluster identifier for a BGP cluster that contains more than one route reflector. A cluster is comprised of one or more route reflectors and clients of those reflectors.
BGP Configuration Commands Syntax bgp confederation identifier autonomous-system autonomous-system AS number, ranging from 1 to 65535.
BGP Configuration Commands bgp dampening This command enables BGP route dampening to minimize propagation of flapping routes (repeatedly available/unavailable) across the network. Each time a route flaps, a penalty value of 1024 is assigned to that route. Syntax bgp dampening [half-life | reuse | suppress | suppress-max][route-map route-mapnumber] half-life Interval after which the route’s penalty becomes half its value, ranging from 1 to 45 minutes.
BGP Configuration Commands bgp default local-preference This command changes the default local preference value. The path with the highest local preference value is preferred over competing paths to the same destination provided that all higher‐ranking route selection criteria of those paths are the same. The local preference value for the path is sent to all routers and access servers in the local AS. Syntax bgp default local-preference value value Local preference value, ranging from 0 to 4294967295.
BGP Configuration Commands Defaults • External: 20 • Internal: 200 Mode Router configuration: XSR(config-router)# Example This example sets BGP external and internal administrative distances to 50 and 150, respectively: XSR#config terminal XSR(config)#router bgp 100 XSR(config-router)#distance bgp 50 150 neighbor advertisement-interval This command sets the minimum interval that a router waits between sending BGP routing updates to its neighbor.
BGP Configuration Commands Example The following example sets the neighbor advertisement‐interval value within BGP process 100. Note that the neighbor remote-as command must be executed before this command can be entered. In the example, the router on which the configuration occurs resides in AS 100. Neighbor 192.168.1.1 resides in AS 101. The default update interval between these peers has been changed from 30 to 90 seconds. XSR(config)#router bgp 100 XSR(config-router)#neighbor 192.168.1.
BGP Configuration Commands neighbor distribute-list This command distributes the information specified in an access‐list to a BGP neighbor. Before entering this command, a neighbor or peer group must be identified by means of the neighbor remote-as or neighbor peer-group command. Also, the prefix‐based ACL must be configured. Note: Perform a clear ip bgp neighbor whenever this command is changed.
BGP Configuration Commands neighbor ebgp-multihop This command connects the BGP neighbors on networks that are not directly‐connected to the network of the router that this command is entered on. Before entering this command, a neighbor or peer group must be identified by means of the neighbor remote-as or neighbor peer-group command. Syntax neighbor {ip-address | peer-group-name} ebgp-multihop ip-address Neighbor’s IP address. peer-group-name BGP peer group by name. Range: 1 to 64 characters.
BGP Configuration Commands peer-group-name BGP peer group by name. Range: 1 to 64 characters. filter-list Identifies the AS path access list. Range is 1‐199. in Filter list is applied to inbound routes. out Filter list is applied to outbound routes. weight Assigns a weight to all routes matching the filter list. value Weight range from 0 to 65535.
BGP Configuration Commands Syntax of the “no” Form The no form of this command removes the specified neighbor: no neighbor {ip-address | peer-group-name} maximum-prefix value [threshold] [warning-only] Mode Router configuration: XSR(config-router)# Defaults • No restriction on the number of prefixes. • Threshold: 75 prefixes Example The following example sets the maximum number of prefixes allowed from the neighbor at 192.168.1.1 to 10000: XSR(config)#router bgp 100 XSR(config-router)#neighbor 192.
BGP Configuration Commands Example The following example sets the router at 192.168.1.1 as the next hop: XSR(config)#router bgp 100 XSR(config-router)#neighbor 192.168.1.1 remote-as 101 XSR(config-router)#neighbor 192.168.1.1 next-hop-self neighbor password This command sets a password for Message Digest 5 (MD5) authentication on the TCP connection between the XSR that this command is entered on and a BGP neighbor. The same password must be configured on both routers.
BGP Configuration Commands neighbor peer-group This command creates a BGP peer group and assigns a BGP neighbor to a peer group. Syntax neighbor {ip-address | peer-group-name} peer-group [peer-group-name] ip-address Neighbor’s IP address. peer-group-name BGP peer group by name. Range: 1 to 64 characters.
BGP Configuration Commands Mode Router configuration: XSR(config-router)# Example The following example configures two neighbors. Neighbor 192.168.1.1 is an external neighbor since the AS number of 101 differs from the AS number for the router 100. Neighbor 192.168.2.1 is an internal neighbor since it resides in the same AS 100. XSR(config)#router bgp 100 XSR(config-router)#neighbor 192.168.1.1 remote-as 101 XSR(config-router)#neighbor 192.168.2.
BGP Configuration Commands neighbor route-reflector-client This command establishes the router that this command was entered on as a BGP route reflector. This command also identifies the specified neighbor router as the client of the BGP route reflector. Neighbors configured with this command are members of the client group and the remaining internal BGP peers are members of the non‐client group for the router reflector.
BGP Configuration Commands Example The following example sets a neighbor’s community: XSR(config)#router bgp 100 XSR(config-router)#neighbor 192.168.1.1 remote-as 101 XSR(config-router)#neighbor 192.168.1.1 send-community neighbor shutdown This command disables a neighbor or peer‐group. Syntax neighbor {ip-address | peer-group-name} shutdown ip-address Neighbor’s IP address. peer-group-name BGP peer group by name. Range: 1 to 64 characters.
BGP Configuration Commands Syntax of the “no” Form The no form of this command returns to the command default: no neighbor {ip-address | peer-group-name} soft-reconfiguration inbound Mode Router configuration: XSR(config-router)# Default No soft reconfiguration is done. Example The following example configures soft reconfiguration on the router: XSR(config)#router bgp 100 XSR(config-router)#neighbor 192.168.1.1 remote-as 101 XSR(config-router)#neighbor 192.168.1.
BGP Configuration Commands Mode Router configuration: XSR(config-router)# Example This example sets the peer keep‐alive to 10 seconds and, subsequently, the hold‐time to 30 seconds: XSR(config)#router bgp 100 XSR(config-router)#neighbor 1.1.1.1 timers 10 neighbor update-source This command specifies the source IP address used when communicating with a BGP neighbor. A loopback interface is typically used with this command.
BGP Configuration Commands neighbor weight This command specifies a weight value for a connection to a neighbor or a BGP peer group. Note: Perform a clear ip bgp neighbor whenever this command is changed. Syntax neighbor {ip-address | peer-group-name} weight value ip-address Neighbor’s IP address. peer-group-name BGP peer group by name. Range: 1 to 64 characters. value Assigns a weight for all routes learned from this neighbor, ranging from 0 to 65535.
BGP Configuration Commands deny Instructs XSR to deny access to paths matching specified conditions. as-regularexpression Identifies an AS in the access list by means of the regular expression.
BGP Configuration Commands community-number Community number as it was defined for this router via the set community command. Valid values are: • Range: 1 to 4,294,967,200. • aa:nn: AS number, Community number. • internet: the Internet community. • no‐export: the community route will not be advertised to an EBGP peer. • no‐advertise: the route will not be advertised to any peer.
BGP Configuration Commands network-mask The mask associated with the network‐number for which the BGP process routes. It is specified when the network‐number represents a subnet as opposed to a classful network. Syntax of the “no” Form The no form removes the network from the routing table: no network network-number [mask network-mask] Mode Router configuration: XSR(config-router)# Example The following example configures a network with and without the optional mask keyword.
BGP Configuration Commands Mode Router configuration: XSR(config-router)# Default Redistribution is not enabled. Example The following example redistributes static routes into BGP: XSR(config)#router bgp 100 XSR(config-router)#redistribute static synchronization This command synchronizes BGP with the IGP in the AS. You should synchronize BGP with IGP if there are routers in the AS that are not BGP routers.
Route Map Commands Syntax timers bgp keep-alive keep-alive Keepalive interval. A keep alive of zero indicates no keepalives are sent between neighbors so the peer session will not time out. Range: 0 ‐ 4294967296 seconds.
Route Map Commands Syntax of the “no” Form The no form of this command removes the patch list number: no match as-path path-list-number Mode Route‐map configuration: XSR(config-route-map)# Example This example sets the match as‐path in the context of configuring a route map and as‐path ACL 33. XSR(config)#route-map 1 permit 1 XSR(config-route-map)#match as-path 33 XSR(config-route-map)#set local-preference 300 XSR(config-route-map)#exit XSR(config)#ip as-path access-list 33 permit “.* 550 .
Route Map Commands Mode Route‐map configuration: XSRA(config-route-map)# Default No match based on community list Example The following example configures the match community value in the context of configuring a route map named 1 and community list 77 on XSRA and XSRB: Router A configuration: XSRA(config)#route-map 1 permit 1 XSRA(config-route-map)#match community 77 XSRA(config-route-map)#set local-preference 500 XSRA(config-route-map)#exit XSRA(config)#ip community-list 77 permit 300:22 Router B conf
Route Map Commands Mode Route‐map configuration: XSR(config-route-map)# Example The following example sets the match metric to 300: XSR(config)#route-map 1 permit 1 XSR(config-route-map)#match metric 300 match ip address This command matches IP addresses in a BGP routing update message. A route must match at least one match statement of a route-map command. If this is not done, the route is not advertised on outbound route maps and is not accepted on inbound route maps.
BGP Set Commands Syntax match ip next-hop access-list-number access-list-number The ACL to match, ranging from 1 to 199. Syntax of the “no” Form The no form of this command removes the match next hop value: no match ip next-hop access-list-number Mode Route‐map configuration: XSR(config-route-map)# Default No matching based on IP next hop. Example The following example sets the matching IP next hop to 10: XSR(config)#access-list 10 permit 1.2.3.
BGP Set Commands as-path-string The AS path list which will be prepended to the AS path attribute of the route that matches the route map. The as‐path list represents one or more valid AS numbers that are specified as an integer between 1 and 65535.
BGP Set Commands local-AS Established community which specifies that routes containing this value should not be advertised to external BGP peers. no-advertise Established community which specifies that routes containing this value should not be advertised to any other BGP peers (internal or external). no-export Established community which specifies that routes containing this value should not be advertised outside a BGP confederation boundary. none Removes any existing communities.
BGP Set Commands • The XSR penalizes a route marked as unstable with a value of 1024 each time it fails. If penalties accrue beyond the suppress threshold you set, the route is no longer advertised. • The XSR permits suppressed routes to rejoin the BGP routing table when their penalties drop below the threshold. • After a route assumes a penalty, the XSR cuts the penalty in half each time a half‐life interval you configure elapses.
BGP Set Commands XSR(config)#router bgp 100 XSR(config)#bgp dampening route-map 1 set ip next-hop This command specifies where to output packets that pass a match clause of a route map for policy routing. It modifies the value of the next hop attribute in a BGP routing update message. The next‐hop attribute identifies the next hop to reach a route. Next‐hop for an EBGP session is the IP address of the BGP neighbor that announced the route.
BGP Set Commands Syntax of the “no” Form The no form of this command removes the local preference value: no set local-preference value Mode Route‐map configuration: XSR(config-route-map)# Default Preference value: 100.
BGP Set Commands Mode Route‐map configuration: XSR(config-route-map)# Default The dynamically‐learned metric value. Example The following example displays how the set metric command is used to update the value of the MED value for BGP routes that are advertised to an external neighbor: XSR(config)#access-list 66 permit 10.0.0.0 255.0.0.
BGP Set Commands Mode Route‐map configuration: Router(config-route-map)# Default The default value for this command is the default value for the origin code. The default value for the origin code is incomplete for routes that are advertised into BGP by means of the redistribute command.
BGP Clear and Show Commands Example The following example configures the weight parameter in the context of configuring route map 1 and applying it to updates arriving from two remote neighbors: XSR(config)#ip as-path access-list 67 permit “^101 .*” XSR(config)#ip as-path access-list 57 permit “^102 .
BGP Clear and Show Commands Syntax clear ip bgp {* | address | peer-group peer-group-name} [soft [in | out]]} * A wild card which resets all current BGP sessions. address Resets the indicated BGP neighbor. peer-group-name Resets the indicated BGP peer group. soft Performs a soft reconfiguration. in Triggers an inbound soft reconfiguration. out Triggers an outbound soft reconfiguration.
BGP Clear and Show Commands show ip bgp This command displays entries in the BGP routing table. Syntax show ip bgp [network][network-mask][longer-prefixes] network Number of a network in the BGP routing table. network-mask All BGP routes matching the address and mask pair. longer-prefixes Routes and specific routers are displayed. Mode EXEC configuration: XSR> Examples The following is sample output from the command: XSR#show ip bgp Local router ID is 1.1.1.
BGP Clear and Show Commands Display Parameters Network IP address of destination network. Next Hop IP address of the next hop to the destination network. Metric Value of Multi‐Exit Descriminator. LocPrf Value of Local Preference. Weight Weight of the route. Path AS path to the destination network. The following is sample output from the command: XSR#show ip bgp 55.5.5.0/24 BGP routing table entry for 55.5.5.0 255.255.255.0 Paths: (2 available, learned over EBGP) AS Path 200, Aggregator 500 1.2.
BGP Clear and Show Commands XSR#show ip bgp community 400 Local router ID is 1.1.1.4 Status codes: s suppressed, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? = incomplete Network *> 192.4.4.0/24 *> 192.1.1.0/24 *> 66.6.6.2/32 *> 55.5.5.0/24 *> 6.6.6.2/32 Next Hop 192.168.72.100 192.168.72.100 192.168.72.100 192.168.72.100 192.168.72.
BGP Clear and Show Commands Syntax show ip bgp dampened-paths Mode EXEC configuration: XSR> Example The following is sample output from the command: XSR#show ip bgp Local router ID Status codes: s Origin codes: i dampened-paths is 1.1.1.4 suppressed, * valid, > best, i - internal - IGP, e - EGP, ? = incomplete *> 192.4.4.0/24 *> 192.1.1.0/24 192.168.72.100 192.168.72.100 0 0 100 100 100 300 ? 100 300 ? show ip bgp filter-list This command displays routes conforming to a specified filter list.
BGP Clear and Show Commands show ip bgp inconsistent-as This command displays routes that have incomplete originating ASs. Syntax show ip bgp inconsistent-as Mode EXEC configuration: XSR> Example The following is sample output from the command: XSR#show ip bgp Local router ID Status codes: s Origin codes: i inconsistent-as is 1.1.1.4 suppressed, * valid, > best, i - internal - IGP, e - EGP, ? = incomplete Network *> 192.4.4.0/24 *> 192.1.1.0/24 *> 66.6.6.2/32 *> 55.5.5.0/24 *> 6.6.6.
BGP Clear and Show Commands Hold time is 90, keepalive interval is 30 seconds Neighbor capabilities: Route Refresh: advertised & received Address family IPv4 Unicast: advertised & received Received 11 messages, 1 notifications Sent 10 messages, 1 notifications, 0 in queue Route Refresh request: received 0 sent 0 Last reset: Peer connection reset 3 accepted prefixes Outgoing update AS path filter list is 33 Route map for outgoing advertisements is 60 Display Parameters BGP neighbor IP address of the BGP n
BGP Clear and Show Commands show ip bgp peer-group This command displays information about the BGP peer group belonging to the router that this command is entered on. Syntax show ip bgp peer-group [peer-group-name][summary] peer-group-name Information about a specific peer group. summary Summary status of all peer group members.
BGP Clear and Show Commands Local router ID is 1.1.1.4 Status codes: s suppressed, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? = incomplete Network *> 192.4.4.0/24 *> 192.1.1.0/24 *> 66.6.6.2/32 *> 55.5.5.0/24 *> 6.6.6.2/32 Next Hop 192.168.72.100 192.168.72.100 192.168.72.100 192.168.72.100 192.168.72.100 Metric LocPrf Weight 0 100 100 300 0 100 100 300 0 100 100 300 0 100 100 300 0 100 100 300 Path ? ? ? ? ? show ip bgp summary This command displays status for all BGP connections.
BGP Debug Commands show route-map This command displays configured route maps and information about policy maps that are referenced. Syntax show route-map [map-number] map-number The number of a route map, ranging from 1 to 199.
BGP Debug Commands Syntax of the “no” Form The no form of this command disables debugging output: no debug ip bgp [events | updates] Mode EXEC configuration: XSR> Default BGP debugging is disabled. Examples The following is sample output with the events option chosen: XSR#debug ip bgp events BGP: Event:STOP, Nbr:192.168.2.1, AS:300, Skt:0, State:IDLE BGP: Event:START, Nbr: 192.168.2.1, AS:300, Skt:0, State:PEND_START BGP: Event:START, Nbr: 192.168.2.
BGP Debug Commands Display Parameters BGP Debug event generated by the BGP process. Rx Update Update message has been received. Tx Update Update message being transmitted. Nbr Neighbor IP address. w/ attr Path Attributes in the update message. Origin Origin of the path. AS_SEQ Path AS Sequence Path list. Next Hop Next Hop IP address. Med Multi‐exit discriminator. Rx NLRI Received Network Layer reachability information. Prefix Network IP address. Len Length of prefix mask.
7 Configuring IP Multicast Observing Syntax and Conventions The CLI command syntax and conventions use the notation described below.
Observing Syntax and Conventions Syntax The no form of the command disables the multicast service: no ip multicast-routing Mode Global configuration: XSR(config)# Default Disabled Example In the following example, multicast service is enabled on the XSR: XSR(config)#ip multicast-routing ip igmp version This command manually sets the IGMP version on a local interface. Syntax ip igmp version version_number version_number IGMP version number, ranging from 1 to 3.
Observing Syntax and Conventions ip igmp join This command manually joins a multicast group to a local interface. Syntax ip igmp join-group group-address group-address Address of the multicast group. Syntax of the “no” Form The no form of this command cancels membership in a group: no ip igmp join-group group-address Mode Interface configuration: XSR(config-if)# Example The following example joins the XSR to multicast group 225.2.2.1: XSR(config-if)#ip igmp join-group 225.2.2.
Observing Syntax and Conventions ip igmp last-member-query-interval This command sets the frequency at which IGMP group‐specific host query messages are sent. Syntax ip igmp last-member-query-interval interval interval Frequency to send IGMP group‐specific host query messages, ranging from 100 to 65535 milliseconds.
Observing Syntax and Conventions Example This example changes the frequency which IGMP host‐query messages are sent to 3 minutes: XSR(config-if)#ip igmp query-interval 180 ip igmp query-max-response-time This command configures the maximum response time advertised in IGMP queries. Syntax ip igmp query-max-response-time seconds seconds Maximum response time advertised in IGMP queries.
Observing Syntax and Conventions Mode Interface configuration: XSR(config-if)# Default Two times the query interval Example The following example sets the XSR to wait 30 seconds from the time it received the last query before it takes over as the querier for the interface: XSR(config-if)#ip igmp querier-timeout 30 ip multicast ttl-threshold This command sets the Time‐To‐Live (TTL) threshold of packets being forwarded out an interface.
PIM Commands PIM Commands ip pim sparse-mode This command enables Protocol Independent Multicast (PIM) Sparse Mode (SM) on a local interface.
PIM Commands Example The following example sets interface F1 as the PIM domain border: XSR(config-if)#ip pim bsr-border ip pim bsr-candidate This command enables the XSR to announce its candidacy as a BootStrap Router (BSR). Syntax ip pim bsr-candidate type number [hash-mask-length [priority]] type number Interface from which the BSR address is derived, to make it a candidate. This interface must be enabled with PIM.
PIM Commands ip pim dr-priority This command sets the priority for which a router is elected as the Designated Router (DR). Syntax ip pim dr-priority priority-value priority-value Preference value, ranging from 0 to 4294967294, to set the priority of the router for selection as the DR.
PIM Commands Default 60 seconds Example The following example changes the PIM‐SM message interval to 120 seconds: XSR(config-if)#ip pim message-interval 120 ip pim query-interval This command sets the frequency of Protocol Independent Multicast (PIM) router query messages. Syntax ip pim query-interval seconds seconds Interval to send periodic PIM router query messages. Range: 1 to 65535.
PIM Commands Syntax of the “no” Form The no form of this command removes the static RP configuration: no ip pim rp-address rp-address Mode Global configuration: XSR(config)# Example This example configures the RP used by the multicast groups within the range 225.1.1.0/24: XSR(config)#access-list 2 permit 225.1.1.0 0.0.0.255 XSR(config)#ip pim rp-address 192.168.2.5 ip pim rp-candidate This command sets the XSR to advertise itself as a PIM candidate Rendezvous Point (RP) to the BSR.
PIM Commands ip pim regcksum wholepacket This command changes the register checksum calculation to the industry standard. Syntax ip pim RegCksum wholepacket Syntax of the “no” Form The no command removes the static RP configuration: no ip pim RegCksum wholepacket Mode Global configuration: XSR(config)# Default Checksum based on header only.
IGMP Clear and Show Commands Default The threshold is 0 Example The following example sets the source tree switching threshold to 4 kbps: XSR(config)#ip pim spt-threshold 4 IGMP Clear and Show Commands clear ip mroute This command deletes entries from the multicast table. Syntax clear ip mroute [group-address][source-address] group-address IP address of the multicast group. source-address IP address of the multicast source.
IGMP Clear and Show Commands State: Mode: Current version: Group IP: Reporter IP: V1MEM exist timer: V2MEM exist timer: Member expire timer: Source IP: Dynamic Include V3 232.1.1.1 3.3.3.199 0 0 256 6.6.6.10 (Forward state: YES, Timer:260) Parameters in the Response Group IP Multicast group address. Interface name The interface through which the group membership is learned. State Dynamic learning or static configure. Mode Exclude or Include.
IGMP Clear and Show Commands IGMP state: Enabled Multicast ttl threshold: 0 Current query Interval: 125 Last Member Interval: 1 Querier timeout: 255 Max Response Timeout: 10 Current robust value: 2 Querier IP: 1.1.1.
IGMP Clear and Show Commands show ip mroute This command displays entries in the IP multicast routing table. Syntax show ip mroute [][source-address][summary] group-address IP address of the multicast group. source-address IP address of the multicast source. summary A one‐line, abbreviated summary of each entry in the IP multicast routing table.
IGMP Clear and Show Commands Parameters in the Response Flags Provides information about following entries: • D ‐ Dense:‐ Entry is operating in dense mode. • S ‐ Sparse: Entry is operating in sparse mode. • C ‐ Connected: A member of the multicast group is present on the directly connected interface. • P ‐ Pruned: Route has been pruned. • F ‐ Register flag: Indicates that the software is Registering for a multicast source.
IGMP Clear and Show Commands Example The following example displays sample responses: XSR>#show ip pim bsr PIMv2 Bootstrap information This system is the Elected Bootstrap Router (BSR) BSR address: 192.168.27.1 Uptime: 04:37:46, BSR Priority: 4, Hash mask length: 30 Next bootstrap message in 00:00:03 seconds This system is the Candidate Bootstrap Router (CBSR) Candidate BSR Address: 50.0.0.30 Priority: 0, Hash Mask Length: 30 Parameters in the Response BSR address IP address of the bootstrap router.
IGMP Clear and Show Commands Parameter Descriptions Address IP address of the next‐hop router. Interface Interface type and number that is configured to run PIM. Nbr Count Number of PIM neighbors discovered through this interface. Hello Intvl The interval between Hello messages. The default is 30 seconds. DR IP address of the designated router on the LAN. show ip pim neighbor This command displays discovered Protocol Independent Multicast (PIM) neighbors.
IGMP Clear and Show Commands show ip pim rp This command displays the active rendezvous points (RPs) that are cached with associated multicast routing entries. Syntax show ip pim rp [group-address | mapping] group-address Address of the group about which to display RPs. mapping Displays all group‐to‐RP mappings of which the XSR is aware. Mode EXEC configuration: XSR> Example The following example display sample responses: XSR>show ip pim rp Group: 224.2.240.20, RP: 192.168.10.13 Group: 224.1.127.
IGMP Clear and Show Commands Example The following example displays sample responses: XSR>show ip pim rp-hash 239.1.1.1 RP 192.168.27.12 Parameter Descriptions RP Address of the RP for the group specified (239.1.1.1).
IGMP Clear and Show Commands 7-104 Configuring IP Multicast
8 Configuring the Point-to-Point Protocol Observing Syntax and Conventions The CLI Syntax and conventions use the notation described in the following table.
PPP Commands encapsulation ppp This command sets the Point‐to‐Point Protocol (PPP) as the encapsulation method used by a serial port. To use PPP encapsulation, the XSR must be configured with an IP routing protocol. Note: If encapsulation is changed from one type to another, all related values of the current encapsulation and any sub-interface settings are deleted. Also, once encapsulation is set on an interface, any sub-interface of that port created later is automatically encapsulated.
PPP Commands Syntax interface type slot_num card_num port_num sub-interface_num type ATM, BRI, Dialer, Fast/GigabitEthernet, Loopback, Multilink, Serial or VPN port. slot_num The NIM number ranging from 0 to 6 depending on the XSR model. card_num The NIM card number ranging from 1 to 2 depending on the NIM installed in the slot.
PPP Commands XSR(config)#interface serial 1/0 XSR(config-if)#encapsulation ppp XSR(config-if)#no shutdown The following example selects channel group 12 of the T1/E1 port1 on the second NIM card so that later configurations will apply to this serial port: XSR(config)#interface serial 2/1:12 XSR(config-if)#no shutdown ppp authentication This command specifies the type and order in which CHAP, MS‐CHAP or PAP protocols are requested on the interface
PPP Commands ms-chap pap chap Preference of MS‐CHAP authentication, then PAP authentication, then CHAP. Syntax of the “no” Form The no form of this command disable PPP authentication: no ppp authentication Default Not enabled Mode Interface configuration: XSR(config-if)# Example 1 Figure 8‐1 shows two routers, Site A and Site B, attempting to authenticate each other using CHAP. The configuration example follows.
PPP Commands Example 2 Figure 8‐2 shows two routers, Site A and Site B, and only one peer configured to do authentication (using chap) with only Site B issuing the challenge. The configuration example follows. Figure 8-2 Authentication Configured on One Peer no ppp authentication Site A (Serial Interface 1/0) Response - ID 9 ppp chap Site B (Serial Interface 1/1) Challenge - ID 9 Success/Failure - ID 9 Refer to the following sample configuration for the preceding example.
PPP Commands Syntax of the “no” Form The no form of this command disables either function: no ppp chap {hostname | refuse | password} Mode Interface configuration: XSR(config-if)# Examples The following example creates the alternate CHAP hostname freud and the default chap password sigmund: XSR(config)#interface dialer 1 XSR(config-if)#encapsulation ppp XSR(config-if)#ppp chap hostname freud XSR(config-if)#ppp chap password sigmund The following example enables CHAP authentication refusa
PPP Commands Example The following example sets Serial interface 1/0 to have keepalive configured at 8‐second intervals: XSR(config)#interface serial 1/0 XSR(config-if)#encapsulation ppp XSR(config-if)#no shutdown XSR(config-if)#ppp keepalive 8 ppp lcp max-configure This command configures the restart timer counter for the peak number of Configure‐Requests sent out on a Point‐to‐Point interface.
PPP Commands Syntax ppp lcp max-failure number number Setting for the max‐failure counter. Range: 1 to 255.
PPP Commands Mode Serial, Dialer and Fast/GigabitEthernet Sub‐interface configuration: XSR(config-if)# Example The following example sets the terminate‐request counter at 10 requests on Dialer interface 57: XSR(config)#interface dialer 57 XSR(config-if)#ppp lcp max-terminate 10 ppp max-bad-auth This command permits multiple authentication failures.
PPP Commands Syntax ppp pap sent-username [username] password [password] username Username sent in the PAP authentication request packet. password The clear text password sent in the PAP authentication request packet. Limit: up to 255 ASCII characters.
PPP Commands Syntax ppp peer default ip address {ip address} ip address IP address of the remote peer. Syntax of the “no” Form Use the no form of this command to remove the IP address: no ppp peer default ip address Mode Interface configuration: XSR(config-if)# Examples This example sets the peer’s IP address on Serial interface 1/0: XSR(config)#interface serial 1/0 XSR(config-if)#encapsulation ppp XSR(config-if)#ppp peer default ip address 192.168.1.
PPP Commands Syntax of the “no” Form Use the no form of this command to disable LQM: no ppp quality Default Disabled Mode Interface configuration: XSR(config-if)# Example The following example enables LQM on Serial interface 2/0: XSR(config)#interface serial 2/0 XSR(config-if)#encapsulation ppp XSR(config-if)#no shutdown XSR(config-if)#ppp quality 75 ppp timeout retry This command sets the restart timer for Configure‐Requests and Terminate‐Requests on a Point‐ to‐Point interface.
PPP Commands XSR(config-if)#ppp timeout retry 20 username This command adds or modifies a user who can manage the XSR. Note: Refer to “Network Management” on page 1 for more details. This command specifies the password to be used in the PPP Challenge Handshake Authentication Protocol (CHAP) caller identification and by the Password Authentication Protocol (PAP).
PPP Debug, Clear and Show Commands Example The following example enables CHAP on serial interface 1/0 and defines a password for local server Bob and remote server John: XSR(config)#hostname Bob XSR(config)#interface serial 1/0 XSR(config-if)#encapsulation ppp XSR(config-if)#ppp authentication chap XSR(config)#username John password remote_dev PPP Debug, Clear and Show Commands debug ppp packet This command enables PPP debugging for an interface from outside the actual interface.
PPP Debug, Clear and Show Commands XSR#debug ppp packet serial 2/0:0 limit 10 lcp bacp bap Sample Output The following debugging output displays all PPP control packets: May 21, 2003: 13:00:00 Rx 20 bytes LCP CONFIG_REQ: MRU: 1500 Magic Number: 12345678 (0xBC614E) May 21, 2003: 13:00:00 Tx 12 bytes IPCP CONFIG_ACK: IP Address: 10.10.10.
PPP Debug, Clear and Show Commands Syntax of the “no” Form The no form of this command removes PPP debugging on the interface: no ppp debug packet Default Limit: 100 packets Mode Interface configuration: XSR(config-if)# Example This example sets PPP debugging of IPCP and LQM packets with a 50‐packet limit on Serial 1/0: XSR(config)#interface serial 1/0 XSR(config-if)#encapsulation ppp XSR(config-if)#ppp debug packet limit 50 ipcp lqm Sample Output The following debugging output is displ
PPP Debug, Clear and Show Commands XSR#show ppp interface ********** PPP Stats ********** Serial 1/0:0: PPP is Admin Up / Oper Up / Link Speed: 64000 LCP Current State: OPENED IPCP Current State: OPENED Multilink Current State: OPENED LCP STATS Total Rcv Total Rcv Total Rcv Total Rcv Total Total Total Total Rx Rx Rx Rx Tx Tx Tx Tx Pck: Control Pck: Data Pck: Pck Discarded: Pck: Control Pck: Data Pck: Pck Discarded: Control Control Control Control Pck Pck Pck Pck Discarded: Error: Unknown protocol: To
PPP Debug, Clear and Show Commands Mode EXEC or Global configuration: XSR> or XSR(config)# Sample Output The following output is displayed for Serial and Multilink interfaces: XSR#show ppp Serial 1/0 PPP State: LCP State: OPENED IPCP State: OPENED Multilink 8 MLPPP State: LCP State: OPENED IPCP State: OPENED Multilink State: OPENED Multilink State: OPENED The following output is displayed for configured Dialer interfaces: XSR#show ppp Dialer0 LCP Current State: INITIAL IPCP Current State: INITIAL Dialer
PPP Debug, Clear and Show Commands Mode EXEC or Global configuration: XSR> or XSR(config)# Sample Output The following output is produced by this command: Serial 1/0 is Admin Up / Oper Up Internet address is 25.25.25.3, subnet mask is 255.255.255.0 LCP State: OPENED IPCP State: OPENED Multilink State: OPENED show ppp interface This command displays all configured PPP instances, the interface they belong to and their status.
PPP Debug, Clear and Show Commands Mode EXEC or Global configuration: XSR> or XSR(config)# Sample Output The following output displays with a PPP connection established (PPP quality has not been enabled on the interface so the LINK QUALITY statistic is not monitoring): XSR>show ppp interface serial 1/0 ********** MLPPP Stats ********** Multilink 8: MLPPP is Admin Up / Oper Up Group Num: 8 LCP State: OPENED IPCP State: OPENED Multilink State: OPENED Bundle Size: Max Load Threshold: Bundle Tx Load Avg: Bund
PPP Debug, Clear and Show Commands Serial Serial Serial Serial Serial Serial Serial Serial Serial Serial Serial Serial Serial Serial 1/0:0 1/0:3 1/0:7 1/0:13 1/0:10 1/0:1 1/0:25 1/0:11 1/0:24 1/0:12 1/0:5 1/0:16 1/0:14 1/0:29 The following displays output with PPP quality enabled and a PPP connection: XSR>show ppp serial 0/4/1 ********** PPP Stats ********** Interface Serial 0/4/1 LCP Current State: IPCP Current State: Multilink Current State: OPENED OPENED OPENED LCP STATS Total Rcv Total Rcv Total Rc
PPP Debug, Clear and Show Commands Quality: good InGoodOctets: 26600 LocalPeriod: 100000 RemotePeriod: 100000 OutLQRs:1000InLQRs: 1000 LCP Configuration: LCP CONFIGURATION InitialMRU: MagicNumber: FcsSize: LQR CONFIGURATION Period: Status: 1500 true 16 10 sec Disabled Output Parameters Summary For PPP link status and statistics, refer to the following section. For LQR status and statistics, go to page 106. For LQR parameters, go to page 107.
PPP Debug, Clear and Show Commands RemoteToLocalProtocolCompression Range INTEGER {enabled (1), disabled (2)} Description Indicates whether the remote PPP entity will use Protocol Compression when sending packets to the local PPP entity. The value is meaningful only when the link has reached the open state. LocalMRU Range INTEGER (1…2147483648) Description Current value of the MRU for the local PPP Entity.
PPP Debug, Clear and Show Commands Description The LQR reporting period, in hundredths of a second, that is in effect for the local PPP entity. OutLQRs Range 32‐bit counter Description Value of the OutLQRs counter on the local node for the link. OutLQRs increases by one for each transmitted Link ‐Quality ‐Report packet. LCP Configuration This section describes LCP configuration data displayed for a PPP Link.
Multilink PPP Commands Status Range Integer ‐ Disabled or Enabled Description If enabled(2), the local node will try to perform LQR negotiation with the remote node. If disabled(1), negotiation is not tried. The local node will comply with any magic number negotiations tried by the remote node, according to the PPP RFC. Changing this object takes effect when the link is next restarted.
Multilink PPP Commands XSR(config-if)#multilink-group 2 XSR(config-if)#encapsulation ppp XSR(config-if)#ppp multilink XSR(config-if)#no shutdown multilink max-links This command sets the maximum number of links allowed in this bundle. If multilink BAP is configured and the number of active links exceed the maximum number of links, BAP will try to negotiate the links down. Syntax multilink max-links number (1-255) 1-255 Maximum number of links allowed in this bundle.
Multilink PPP Commands Default 1 Mode Dialer Interface configuration: XSR(config-if)# Examples The following example sets the minimum multilink limit to 6 on the terminating dialer interface: XSR(config)#interface dialer 4 XSR(config-if)#multilink min-links 6 ppp bap call This command sets Bandwidth Allocation Protocol (BAP) call values on a dialer interface to set up Bandwidth‐on‐Demand (BoD). It permits the port to accept links from and initiate links to a peer.
Multilink PPP Commands XSR(config-if)#ppp bap call accept ppp bap callback This command sets enables Bandwidth Allocation Protocol (BAP) callback parameters on a dialer interface to set up Bandwidth‐on‐Demand (BoD). It permits the port to initiate adding a link to or requesting a link from a peer. It applies to Dialer interfaces only. The multilink load-threshold command is a second means by which the XSR controls traffic via BoD. It is also provided by setting the multilink min-links command.
Multilink PPP Commands Syntax ppp bap number {default phone-number} default phone-number Primary number for incoming calls. Up to 5 numbers can be entered.
Multilink PPP Commands Example The following example resets the BAP pending timeout on Dialer port 1: XSR(config)#interface dialer 1 XSR(config-if)#ppp bap timeout pending 60 ppp multilink This command enables Multilink PPP on an XSR interface. Multilink PPP operates over single or multiple interfaces that are configured to support both Dial‐on‐Demand rotary groups and PPP encapsulation.
Multilink PPP Commands Default Disabled Mode Dialer or Serial Interface configuration: XSR(config-if)# Examples The following example configures a dialer for Multilink PPP. It does not show the configuration of the physical interfaces. XSR(config)#interface dialer 0 XSR(config-if)#ip address 101.0.0.2 255.0.0.0 XSR(config-if)#encapsulation ppp XSR(config-if)#dialer idle-timeout 500 XSR(config-if)#dialer map ip 101.0.0.
Multilink PPP Commands mac interface IEEE 802.1 Global MAC address class is set with a MAC address of either Fastethernet 1 or 2. fastethernet string PPP Magic Number class is specified. Instead of using the negotiated PPP magic number, you can specify any string less than 20 characters. phone PSTN Directory Number class set with a phone number of no more than 15 digits.
Multilink PPP Commands entered, no maximum fragment size will be set and the fragment size will only be decided with the load balance.
Multilink PPP Commands ppp multilink fragment disable This command disables fragmentation over a bundle PPP connection, supporting Multilink and Dialer interfaces.
Multilink PPP Commands Group Num: 1 LCP State: IPCP State: Multilink State: Multi-Class State: OPENED OPENED OPENED OPENED Multilink header format is LONG SEQ NUM Class suspendable level is 5 tx classes and 5 rcv classes Fragmentation is disabled Bundle Size: 2 Class Level Tx: 5 Rx: 5 Max Load Threshold: 0 Bundle Tx Load Avg: 0 Bundle Rx Load Avg: 0 No Of Pck in Rx Buf Q: 0 Lowest link Speed: 1536000 Max Fragment Size: Not Set High Pri Member link is Serial 2/0:0 …… The following example displays fragme
Multilink PPP Commands Syntax of the “no” Form The no form of this command removes the PPP multilink group: no multilink-group Default Disabled with no specific multilink group assigned Mode Interface configuration: XSR(config-if)# Examples The following example assigns PPP link Serial interface 1/1 to the PPP multilink group 20: XSR(config-if)#multilink group 20 The next example also assigns PPP link Serial interface 1/1 to the PPP multilink group 20: XSR(config-if)#ppp multilink group
Multilink PPP Commands Syntax multilink load-threshold number (1-255) 1-255 Load on the port: 255 indicates it has reached 100% of bandwidth.
Multilink PPP Commands Example The following example enables the multi‐class MLPPP option: XSR(config-if)#ppp multilink multi-class XSR CLI Reference Guide 8-121
Multilink Show Commands Multilink Show Commands show interface multilink This command displays multilink interface statistics including MLPPP status for both the bundle and the member link. Syntax show interface multilink [number] card/port The ML interface port for viewing link status, statistics and configuration data. number Logical interfaces.
Multilink Show Commands PPP Multilink Status LCP State Range INITIAL/ STARTING/ CLOSED/ STOPPED/ CLOSING/ STOPPING/ REQSENT/ ACKRCVD/ ACKSENT/ OPENED Description LCP state. Refer to RFC‐1661 for details. IPCP State Range INITIAL/ STARTING/ CLOSED/ STOPPED/ CLOSING/ STOPPING/ REQSENT/ ACKRCVD/ ACKSENT/ OPENED Description IPCP state. Refer to RFC‐1332 for details. Multilink State Range OPENED/CLOSED Description MLPPP state, OPENED if negotiation with peer successful; CLOSED otherwise.
Multilink Show Commands Max Fragment Size Range Not defined. Description Maximum fragment size over the member links. High Pri Member link is Serial 1/00 Range Not defined. Description Highest speed link under the bundle. Used to transmit the control packet. PPP Multilink Bundle Statistics Rx Stats Total Sum of packets received under the bundle including data, control, Null content packet and the discarded packet. Data Sum of data packets received under the bundle.
Multilink Show Commands show ppp interface multilink/dialer This command displays PPP status, statistics and configuration data for interfaces running PPP. Syntax show ppp interface [interface type/number][option type] interface type Dialer or multilink interface upon which MLPPP can be configured number Designation for multilink or dialer interface. option type Available options including the following: none Display general MLPPP status and statistics.
Multilink Show Commands Invalid Proto: Wrong Proto: Padding Error: Invalid Cls#: Error to CP: No Lower Lyr: No Upper Lyr: Others: Tx Stats Total: Data: Control: Null: Discard: Pck Too Long: No Lower Lyr: EnQueue Full: Others: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 The following is is sample output with Multi‐Class configured: ********** MLPPP Bundle Stats ********** Multilink 8: MLPPP is Admin Up / Oper Up Group Num: 8 LCP State: OPENED IPCP State: OPENED Multilink State: OPENED Multi-Class State: OPENED Multi
Multilink Show Commands Pck Too Long: Invalid Proto: Wrong Proto: Padding Error: Invalid Cls#: Error to CP: No Lower Lyr: No Upper Lyr: Others: Tx Stats Total: Data: Control: Null: Discard: Pck Too Long: No Lower Lyr: EnQueue Full: Others: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Refer to the show interface multilink command page 122 for parameter descriptions. show ppp interface multilink/dialer multi-class This command displays Multi‐Class MLPPP status and statistics.
Multilink Show Commands Max Fragment delay is 10 ms Max Fragment Size is 256 bytes Class QoSCls# ExpctSeq# LastFwdSeq# LastM# maxFListSize FragListSize TxSeq# TxBufferSize Rx Load Average Max Min Tx Load Average Max Min Rx Stats: Total Discard SeqError FListFull Seq
Multilink Show Commands Description Equivalent QoS class, • • • • • -1: fair class. 0: low priority class. 1: normal priority class. 2: medium priority class. 3: high priority class. ExpctSeq# Range ‐1 ‐ 16777215 Description Next expected sequence number of receiving fragment for this class. LastFwdSeq# Range ‐1 ‐ 16777215 Description Last forwarded sequence number of the fragment of this class to the upper layer.
Multilink Show Commands Rx Stats Total Sum of fragments received for this class. Discard Seq Error Sum of received fragments discarded for this class because sequence number is out of order. FlistFull Sum of received fragments discarded for this class because fragment list is full. Seq
Multilink Show Commands IPCP Multilink Multi-Class State: OPENED State: OPENED State: OPENED Multilink header format is LONG SEQ NUM Class suspendable level is 5 tx classes and 5 rcv classes Serial 1/0:0 Tx: Total Rx: Total 0 0 Discard Discard 0(0/0) 0 PPP Multilink Member Link Paremeter Descriptions The detail of transmit/receive statistics for the member link Serial 1/00 Name of the member link. Tx Total Sum of fragments transmitted over this member link.
Multilink Show Commands ********** MLPPP Member Link MultiClassStats ********** Multilink 1: MLPPP is Admin Up / Oper Up Group Num: 1 LCP State: OPENED IPCP State: OPENED Multilink State: OPENED Multi-Class State: OPENED Multilink header format is LONG SEQ NUM Class suspendable level is 5 tx classes and 5 rcv classes Class Serial 1/0:0 LastRxSeq# LastTxSeq# Rx Stats: Total Discard FListFull Seq#Err Seq
Multilink Show Commands Rx Stats Total Sum of fragments received for this class. Discard SeqError Sum of received fragments discarded for this class because sequence number is out of order over this member link. FlistFull Sum of received fragments discarded for this class over this member link because fragment list is full. Seq
Multilink Show Commands BACP State: OPENED Multilink State: OPENED Multi-Class State: OPENED Multilink header format is LONG SEQ NUM Class suspendable level is 5 tx classes and 5 Max Fragment delay is 10 ms Bundle Size: 20 Class Level Tx: 5 Rx: 5 Max Load Threshold: 100 Bundle Tx Load Avg: 0 Bundle Rx Load Avg: 0 No Of Pck in Rx Buf Q: 0 Lowest link Speed: 64000 Max Fragment Size: 64 High Pri Member link is Serial 3/2/0:10 Rx Stats Total: Data: Control: Null: Discard: Pck Too Long: Invalid Proto: Wrong Pro
Multilink Show Commands Rcv Call-ReqAck: Rcv CallBack-Req: Rcv CallBack-ReqAck: Rcv LinkDrop-Req: Rcv LinkDrop-ReqAck: Tx Call-Req: Tx Call-ReqAck: Tx CallBack-Req: Tx CallBack-ReqAck: Tx LinkDrop-Req: Tx LinkDrop-ReqAck: Discriminators Serial 3/2/0:26 Serial 3/2/0:30 Serial 3/2/0:29 Serial 3/2/0:28 Serial 3/2/0:27 Serial 3/2/0:25 Serial 3/2/0:24 Serial 3/2/0:23 Serial 3/2/0:22 Serial 3/2/0:21 Serial 3/2/0:20 Serial 3/2/0:14 Serial 3/2/0:19 Serial 3/2/0:18 19 0 0 0 0 20 0 0 0 0 0 Local 0 1 2 3 4 5 6 7 8 9
Multilink Show Commands 8-136 Configuring the Point-to-Point Protocol
9 Configuring Frame Relay Observing Syntax and Conventions CLI command syntax and conventions use the notation described below.
Frame Relay Commands Syntax encapsulation frame-relay Syntax of the “no” Form Disable Frame Relay encapsulation on the interface with the no form: no encapsulation frame-relay Mode Interface configuration: XSR(config-if)# Example This example sets Frame Relay encapsulation on interface serial 1/0: XSR(config)#interface serial 1/0 XSR(config-if)#encapsulation frame-relay XSR(config-if)#no shutdown frame-relay class This command associates a map class to an interface or sub‐interface.
Frame Relay Commands Syntax of the “no” Form The no form removes the association of the map class to the interface or sub‐interface: no frame-relay class name Mode Interface configuration: XSR(config-if)# Example The following commands set Frame Relay map classes fastlink and normlink with an outbound CIR value of 56 kbps and 25.
Frame Relay Commands Once chosen as static, no inverse ARP will be sent out by default. A free inverse ARP request (similar to above) can be requested by this command. Once chosen as static, this DLCI can be made to respond to a broadcast bootp message entering on this DLCI from the frame‐relay network. Non‐broadcast bootp will still be sent to the local DHCP server or relayed to the IP helper address server..
Frame Relay Commands Next Mode Frame Relay DLCI configuration: XSR(config-fr-dlci)# Examples The following example maps DLCIs 16 and 18 on serial sub‐interface 1/0.1 to the specified IP addresses, supporting bootp and sending a free inverse ARP. Also, DLCI 17 is configured on sub‐ interface 1/0.2, a free inverse ARP is sent, and emote keep‐alive is supported in P2P mode. XSR(config)#interface serial 1/0.1 multi-point XSR(config-subif)#ip helper 10.10.1.2 XSR(config-subif)#ip address 133.133.1.1 255.
Frame Relay Commands XSR(config)#interface serial 1/0 XSR(config-if)#no shutdown XSR(config-if)#encapsulation frame-relay XSR(config-if)#frame-relay intf-type dte XSR(config-if)#frame-relay lmi-type ansi The following example configures Serial interface 1/0 to act as a Frame Relay DCE, and to use the ANSI Annex‐D LMI: XSR(config)#interface serial 1/0 XSR(config-if)#no shutdown XSR(config-if)#encapsulation frame-relay XSR(config-if)#frame-relay intf-type dce XSR(co
Frame Relay Commands frame-relay lmi-n391dte This command sets the full status‐polling interval when the Digital Terminal Equipment (DTE) interface is configured to set the full status message‐polling interval. Syntax frame-relay lmi-n391dte num_ka-exchanges num_ka-exchanges Number of keep‐alive exchanges to occur before requesting a full status message, ranging from 1 to 255.
Frame Relay Commands Default 3 Mode Interface configuration: XSR(config-if)# Example This example sets the LMI failure threshold to 5 for the DCE device: XSR(config)#interface serial 1/0 XSR(config-if)#encapsulation frame-relay XSR(config-if)#frame-relay intf-type dce XSR(config-if)#frame-relay lmi-n392dce 5 frame-relay lmi-n392dte This command sets the error threshold on a Data Terminal Equipment (DTE) interface.
Frame Relay Commands frame-relay lmi-t392dce This command sets polling verification timer on a Data Communications Equipment (DCE) interface. The timer marks the duration that the DCE expects to receive a Status Enquiry from a DTE device. Syntax frame-relay lmi-t392dce period_in_sec events Interval to wait for a Status Enquiry, ranging from 5 to 30 seconds.
Frame Relay Commands Mode Interface configuration: XSR(config-if)# Example This example sets the LMI failure threshold to 5 for the DCE device: XSR(config)#interface serial 1/0 XSR(config-if)#encapsulation frame-relay XSR(config-if)#frame-relay intf-type dce XSR(config-if)#frame-relay lmi-n392dce 5 frame-relay lmi-n393dce This command sets the monitored event count on a Data Communications Equipment (DCE) interface.
Frame Relay Commands frame-relay lmi-type This command configures the Local Management Interface (LMI) type on a per‐interface basis. Syntax frame-relay lmi-type {ilmi | ansi | q933a | auto | none} ilmi Interim LMI (FRF 1.1). ansi Annex D defined by American National Standards Institute (ANSI) standard T1.617. q933a ITU‐T Q.933 Annex A. auto The port will attempt to detect and match the LMI type used by the attached Frame Relay switch. none No LMI used.
Frame Relay Commands Syntax of the “no” Form The no command disables the use of map‐class parameters: no frame-relay traffic-shaping Default Disable Mode Interface configuration: XSR(config-if)# Example This example enables both traffic shaping and per‐virtual circuit queuing: XSR(config)#interface serial 1/0 XSR(config-if)#encapsulation frame-relay XSR(config-if)#frame-relay traffic-shaping XSR(config-if)#no shutdown interface This command selects a physical port for configuratio
Frame Relay Map Class Commands Note: Leading zeros defined in interface_num can be omitted. For example, 0/1/2 is equivalent to 1/ 2. Syntax of the “no” Form The no command deletes the interface: no interface serial port_num interface_num Note: You cannot directly delete a Serial interface assigned to a T1/E1 channel group. You must instead delete a channel group to erase the Serial port.
Frame Relay Map Class Commands Mode Virtual Circuit configuration: XSR(config-fr-dlci)# Example The first three commands in the following example set up Serial sub‐interface 1/0.1 with associated DLCI 16. The last two commands define map class Hello. XSR(config)#interface serial 1/0.1 point-to-point XSR(config-if)#interface serial 1/0.
Frame Relay Map Class Commands Syntax frame-relay bc out bits out Sets the traffic direction ‐ output rate limiting only. bits Committed burst size, in bits.
Frame Relay Map Class Commands Example This example adds map class slowlink with Be of 10000 and Bc of 6000 bits: XSR(config)#map-class frame-relay slowlink XSR(config-map-class)#frame-relay be out 10000 XSR(config-map-class)#frame-relay bc out 6000 frame-relay cir This command specifies the outgoing Committed Information Rate (CIR) for a Frame Relay map‐ class.
Frame Relay Map Class Commands frame-relay fragment This command specifies the FRF.12 end‐to‐end fragment size for a Frame Relay map‐class. Fragment size is defined in bytes. It specifies the number of payload bytes from the original frame that will go into each fragment. The transmitted fragment will include eight additional bytes from headers (6) and CRC(2). Note: For proper operation of fragmentation, QOS is required to classify a service-policy which will define a high priority queue.
Frame Relay Map Class Commands dialer Sets a dialer map class. For more information, refer to “Configuring the Dialer Interface” on page 83. map-class-name Name of the map class to associate with this DLCI, up to 29 characters.
Frame Relay Map Class Commands Example The following example specifies HighPriority as the policy for the class map: XSR(config-map-class)#service-policy out HighPriority shutdown This command disables an interface or sub‐interface. A sub‐interface is shut down (no longer passing data) when one of the following occurs: • An explicit shutdown command is entered on the sub‐interface. • A shutdown command is issued on the parent Frame Relay interface of this sub‐interface.
Frame Relay Clear and Show Commands Examples This example selects sub‐interface Serial 1/0.5 on a serial interface: XSR(config)#interface serial 1/0 XSR(config-if)#encapsulation frame-relay XSR(config-if)#no shutdown XSR(config-if)#interface serial 1/0.5 multi-point XSR(config-subif
Frame Relay Clear and Show Commands interface -num If the interface‐num or sub‐interface number is set and the dlci‐num is not, all learned inverse ARP entries for the interface and its logical sub‐interfaces will be cleared. dlci-num The DLCI of a particular virtual port whose inverse ARP entry is to be cleared.
Frame Relay Clear and Show Commands XSR(config)#show frame-relay fragment interface serial 2/0.1 960 Frame Relay End-to-End Fragmentation Detailed Statistics Serial 2/0.
Frame Relay Clear and Show Commands in fragments with unexpected B bit set Sum of fragments received by this DLCI that have an unexpected B (Begin) bit set. When this occurs, all fragments being reassembled are dropped and a new frame is begun with this fragment. out interleaved packets Sum of packets leaving this DLCI that have been interleaved between segments. show frame-relay lmi This command displays Local Management Interface (LMI) statistics.
Frame Relay Clear and Show Commands Parameter Descriptions LMI The configured or auto‐detected LMI type. If the port is set for AUTO LMI, then the XSR shows AUTO (nn), where nn is ILMI, ANSI, or ITU if the port has successfully negotiated/ detected the LMI supported by the switch, otherwise it displays AUTO. Status Enq. Sent Sum of LMI status enquiry messages sent. Status Msgs Rcvd Sum of LMI status messages received.
Frame Relay Clear and Show Commands The following example displays a point‐to‐point Frame Relay map: XSR#show frame-relay map Frame Relay Map Statistics (Serial 2/0) Serial 2/0.3 dlci 981 (0x3D5, 0xF450) Remote Addr. gratuitous-inverse-arp, bootp, static ip 2.2.2.3 P2P, Parameter Descriptions Serial 2/0 Identifies a Frame Relay interface being displayed. Serial 2/0.1 Identifies the specific sub‐interface that is associated with a DLCI.
Frame Relay Clear and Show Commands PVC Statistics for Serial 2/0:1.1 (Frame Relay DTE) DLCI = 16 PVC Status = UP INPUT: Pkt/Sec = 0 Packets = 17941 Bytes = 20018904 BECN pkts = 0 FECN pkts = 0 OUTPUT: Pkt/Sec = 2 Packets = 17942 Bytes = 20018904 BECN pkts = 0 FECN pkts = 0 bcast pkts = 0 bcast bytes = 0 LMI = NONE Drop Pkts DE pkts = 0 = 0 Drop Pkts DE pkts CIR assists = 0 = 0 = 0 PVC created: 12/01/2000 02:23:37 Last status change: 12/01/2000 02:23:47 FRF.
Frame Relay Clear and Show Commands FRF.12 FRF.12 has been disabled on this PVC. This line is not printed if disabled. Fragment size Size of the payload for fragmented packets. Adaptive Shape Status of Adaptive Shaping for this PVC. Shaping Drops Sum of packets dropped due to traffic shaping. minCIR The minimum Committed Information Rate, bits/sec. BC Current Committed burst size, in bits. BE Current Excess burst size, in bits. Interval Bc/CIR in milliseconds.
Frame Relay Clear and Show Commands Serial 1/0, CIR= 64000, Bc=8000, BE= 9000, fragment=53 Adaptive Shaping: Disabled, Service Policy: Voice # FR Ports = 1, # FR sub-Interfaces = 3, # DLCIs = 7 show interface serial The following statistics are added to the command if the port is configured for Frame Relay.
Frame Relay Clear and Show Commands The The The The The The The The The The The card is 2. channel is 0. current MTU is 1506. device is in polling mode, and is active. last driver error is (null). physical-layer is HDLC-SYNC, the TX, RX clock source is external. device uses CRC-16 for Tx. device uses CRC-16 for Rx. type of encoding is NRZ. media-type is RS-232/V.28 (DTE). loopback mode is off.
Frame Relay Clear and Show Commands 9-112 Configuring Frame Relay
10 Configuring the Dialer Interface This chapter describes commands for the dialer, dialer backup, and Dial‐on‐Demand/Bandwidth‐ on‐Demand services. Observing Syntax and Conventions The CLI command syntax and conventions use the notation described in the following table.
Dialer Interface Commands • The dialer string command must be set to the dialer interface that owns the dialer pool where the dialer DTR serial interface is added. • The serial interface must be configured for synchronous data mode. • The modem must be configured with DTR‐controlled dialing interface, CTS follows DCD, DTR disconnects, sync data mode and a preset dialing out telephone number.
Dialer Interface Commands Mode Interface configuration: XSR(config-if)# Note: This command is intended for dialer interfaces only. Example The following example shows dialer interface 0 assigned to dialer pool 6. XSR(config)#interface dialer 0 XSR(config-if)#dialer pool 6 XSR(config-if)#no shutdown dialer pool-member This command configures physical interfaces for dial devices only. Syntax dialer pool-member number [priority priority] number Dialpool number ranging from 1 to 255.
Dialer Interface Commands dialer string This command creates a string used to place a call a destination or subnet. Typically, it is the telephone number needed for dialing. Syntax dialer string dial-string [class class-name] dial-string Phone number to be sent to a dial device. class-name Map class associated with this dialer string.
Dialer Interface Commands Example The following example specifies a wait time of 90 seconds for the carrier signal on serial port 1/0: XSR(config-if)#dialer wait-for-carrier-time 90 dialer wait-for-carrier-time (map-class dialer configuration) This command configures the time to wait for a carrier signal associated with a specific dialer map class. Dialer map classes are used to configure certain characteristics with dialer strings when configuring dialer ports.
Dialer Interface Commands This mode of operation of the dialer interface is called spoofing and it is the default mode for this interface. Spoofing mode changes to non‐spoofing mode when the following conditions are met: • Another interface or sub‐interface is set with the backup interface dialer command. • The interface configured with the backup command (the primary interface) is up. Dial‐on‐demand applications require that a dialer‐group, dialer‐list and ACL also be configured.
Dialer Interface Commands XSR(config-if)#dialer-group 7 XSR(config-if)#access-list 101 permit ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 XSR(config)#dialer-list 7 protocol ip list 101 map-class dialer This command defines the dial stringʹs characteristics and associates them with a unique class name. Once the map-class dialer classname command is executed the parameters assigned to that classname must be configured.
Dialer Interface Clear and Show Commands Syntax of the “no” Form The no form of this command removes the modem‐init‐string: no modem-init-string Mode Map‐Class Dialer configuration: XSR(config-map-class)# Example The following example specifies a modem initialization string to disable dialtone detection for the Map Class Remote: XSR(config-map-class)#modem-init-string ATX3 Dialer Interface Clear and Show Commands clear dialer This command clears dialer statistics for physical interfaces conn
Dialer Interface Clear and Show Commands Example XSR#show dialer 1 Sample Output The following is sample output from the show dialer command for a dialer interface: #show dialer 5 Dialer5 Dialer state is: UP Wait for carrier default: 60, default retry: 3 Dial String Success Failures Map Class 3200 2 0 Dialer pool 23 (Serial 2/0:0, ) Parameter Descriptions Dialer1 Name of the dialer interface. Wait for carrier(30 secs) Seconds to wait for carrier signal. Default retry Number of default call retries.
Dialer Interface Clear and Show Commands Phone numbers: <2400:12> Connection speed/type: <64k>/ Dialer maps configured on Interface : Next hop IP address: <20.20.20.2> Phone numbers: <2400> Connection speed/type: / show dialer sessions This command displays information regarding dialer sessions.
Dial Backup Commands Dial Backup Commands The following set of commands defines a backup dial line. backup This command set backup functionality on Serial, Ethernet or sub‐interfaces. You can also specify a delay before a secondary interface is brought up or down after a primary interface is brought up or down. We suggest this command be used when lines suffer intermittent disruptions causing the primary line to come up and fall temporarily.
Dial Backup Commands backup interface dialer This command designates a Serial or Fast/GigabitEthernet/GigabitEthernet interface or sub‐ interface as a backup dialer interface. Caution: To configure a backup FastEthernet/GigabitEthernet interface or sub-interface, the port must be in the shutdown state. Syntax backup interface dialer number number Dialer interface number to use as the backup interface. Range: 0 to 255.
Dial Backup Commands XSR(config)#interface fastethernet 2 XSR(config-if)#no shutdown XSR(config)#interface fastethernet 2.1 XSR(config-if>)#backup interface dialer 57 XSR(config-if>)#encapsulation ppp XSR(config-if>)#ip address negotiated XSR(config-if>)#ip mtu 1492 XSR(config-if>)#no shutdown backup time-range This command configures a period when the backup dialer should be up and down, regardless of traffic on the line.
DOD/BOD Commands show interface dialer This command displays general information for a dialer interface. Syntax show interface dialer number number Dialer interface number ranging from 0 to 255 Mode Privileged EXEC: XSR# Sample Output The example below displays output from the show interface dialer command: XSR#show interface dialer ********** Dialer Interface Stats ********** Dialer1 is Admin Up Internet address is 10.10.10.1, subnet mask is 255.255.255.
DOD/BOD Commands Syntax dialer-group group-number group-number Number of the dialer access group to which the specified interface belongs. Acceptable values are nonzero, positive integers between 1 and 10.
DOD/BOD Commands Example The following example maps ACL 1350 to dialer list 57: XSR(config)#access-list 57 permit ip 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 XSR(config)#dialer-list 57 protocol ip list 1350 dialer called This command maps incoming calls to one of the dialer interfaces. A maximum number of 32 called numbers per dialer interface can be configured. Syntax dialer called DNIS:subaddress Dialed Number Identification Service, or the called party number, a colon, and the ISDN subaddress.
DOD/BOD Commands Note: If the ISDN switch does not provide the calling number, callback will fail.
DOD/BOD Commands XSR(config)#interface dialer 1 XSR(config-if)#dialer idle-timeout 300 The following example disables the idle‐timeout: XSR(config-if)#dialer idle-timeout 0 dialer map This command configures a Dialer or Integrated Services Digital Network (ISDN) interface to call one or multiple sites. Each dialer interface can be configured with a maximum of 16 different dialer maps. The command also enables spoofing on the specified dialer interface but is available in multi‐point mode only.
DOD/BOD Commands Example The following example configures a next hop IP address, SPC, hostname and line speed for map class AcmeMap: XSR(config)#dialer map 1 XSR(config-if)#dialer map ip 192.168.57.9 class AcmeMap name AcmeHost spc speed 56 12345:6789 dialer persistent This command brings up a permanent switched connection in the absence of an interesting packet or primary‐line‐down backup dial trigger.
DOD/BOD Commands n Number of redial attempts made if dial-up or ISDN connection establishment fails, ranging from 1 to 65535. interval Period between redial attempts. m Interval period, ranging from 5 to 2678400 seconds (31 days). re-enable Period for which the port is disabled if all redial tries fail. t Re-enable period, ranging from 5 to 2678400 seconds.
Dialer Watch Commands Dialer Watch Commands dialer watch-group This command enables Dialer Watch backup on a dialer interface with up to 16 watch‐groups. Note: The XSR sets UTC for time-range calculation. Syntax dialer watch-group group-number group-number Assigned number that will point to a globally defined list of IP addresses to watch, ranging from 1 to 255.
Dialer Watch Commands address-mask IP address mask to be applied to the list. initial-delay The delay interval between the time when a new route is added to any dialer watch list and the start of the backup process for that route if the route fails to come up. This delay prevents the XSR from starting backup process for the configured watched routes immediately after bootup. Range: 1 to 2,147,483 seconds.
Dialer Watch Commands dial string: 3200, success: 0, fail: 0 Dialer pool 1 stats: member: Serial 1/3:0, available B-channels: 30, serial ports: 0 Watch-group stats: watch-group 1, rt cnt 1, trigg cnt 1, state is UP, delays: init 10, connect 3, disconnect 3, time range 10:15 11:15 timer expires in 18h:32m:28s watch-group 2, rt cnt 1, trigg cnt 1, state is UP, delays: init 30, connect 60, disconnect 2, time range 10:0 11:17 timer expires in 18h:17m:29s XSR CLI Reference Guide 10-105
Dialer Watch Commands 10-106 Configuring the Dialer Interface
11 ISDN BRI and PRI Commands Observing Syntax and Conventions The CLI Syntax and conventions use the notation described in the following table.
ISDN Commands Syntax of the “no” Form no interface bri board/slot Mode Global configuration: XSR(config)# Next Mode BRI Interface configuration: XSR(config-if)# Example The following example acquires BRI B‐channel 1 interface mode: XSR(config)#interface bri 1/1 XSR(config-if)# isdn answer1, isdn answer2 (BRI) This command, isdn answer1, directs the XSR to screen a called‐party or sub‐address number in the incoming setup message for ISDN BRI calls.
ISDN Commands Syntax of the “no” Form Use the no form of this command to remove the verification request: no isdn answer1 [called-party-number][:subaddress] Default No verification of either number Mode BRI Interface configuration: XSR(config-if)# Examples The following example configures BRI interface 1/1 with called‐party and sub‐address numbers: XSR(config)#interface bri 1/1 XSR(config-if)#isdn answer1 6171234:5678 The following example configures BRI interface 2/0 with a sub‐addr
ISDN Commands Example The following example sets the T1 controller to make call selections in ascending order: XSR(config)#controller t1 1/0/0 XSR(config-controller)#description “T1 at Acme” XSR(config-controller)#framing esf XSR(config-controller)#linecode b8zs XSR(config-controller)#pri-group XSR(config-controllerisdn bchan-number-order ascending isdn call This command is used for debugging purposes only to test call setup procedures with a Central Office
ISDN Commands A PRI or BRI port can have only one ISDN calling‐number entry. For ISDN PRI, this command is intended for use when the network offers better pricing on calls in which devices present the caller number. When configured, the calling number is included in the outgoing setup message. Note: There is no mechanism to mark outgoing calls with the Calling Number and Calling Subaddress for call routing on the receiving end.
ISDN Commands Example The following example sets up a test call on channel 24 on BRI port 1/1: XSR#isdn disconnect 1/1 24 <186>Jul 28 22:49:51 10.10.10.20 ISDN: No Channel Available For Test Call isdn spid1, isdn spid2 (BRI) This command specifies the Service Profile Identification Number (SPID) which is supplied by your ISDN service provider.
ISDN Commands Note: This command is valid only after the pri-group command was issued. Syntax isdn switch-type switch-type {basic-dms100 | basic-ni1 | basic-ntt | basic-net3 | primary-net5 | primary-ni2 | primary-5ess | primary-dms100 | primary-ntt} BRI Switch Types: basic-dms100 North America legacy ISDN switch. basic-ni1 National ISDN 1 switch for North America. basic-5ess North America legacy ISDN switch: not supported. basic-ntt Switch for ISDN in Japan.
ISDN Commands Example The following example selects a switch type on the BRI 1/1 interface: XSR(config)#interface bri 1/1 XSR(config-if)#isdn switch-type basic-net3 leased-line bri This command sets up an ISDN BRI port for leased‐line operation. Leased‐line service at 64 or 128 kbps via BRI is provided in Japan and Germany. The 56 and 112 kbps speeds are provided for eventual North American deployment of this service.
ISDN Commands Examples The following example configures two data streams on leased‐line BRI interface 1/1 at 56 kbps with PPP encapsulation: XSR(config)#interface bri 1/1 XSR(config-if)#leased-line 56 XSR(config)#interface bri 1/1:1 XSR(config-if)#ip address 1.1.1.2 255.255.255.0 XSR(config-if)#encapsulation ppp The following example configures BRI B‐channel 2: XSR(config)#interface bri 1/1:2 XSR(config-if)#ip address 1.1.1.3 255.255.255.
ISDN Debug and Show Commands shutdown (BRI) This command forces all data calls to be disconnected and signals all internal XSR resources that the port is not available. Syntax shutdown [board/slot/port] board/slot/port XSR board, slot and port numbers. Syntax of the “no” Form no shutdown [board/slot/port] Mode Interface configuration: XSR(config)#shutdown ISDN Debug and Show Commands debug isdn This command initiates a Layer 2 or 3 ISDN debug session to trace failed calls at the D channel level.
ISDN Debug and Show Commands Syntax of the “no” Form The no form of this command removes ISDN message tracing. You may choose to issue the command with all or no parameters selected.
ISDN Debug and Show Commands Packet Processor 0 Packet 0 Packet 0 Packet 0 Packet Tx Scheduler Stats: driver Tx OK driver not Tx: MUX END_ERR_BLOCK driver not Tx: MUX ERROR driver not Tx: Unknown Msg from MUX The unit number is 167772177. The interrupt number is 27. General: SCC 4 parm ram = 0xa0290f00, reg = 0xa0291660 TX RING ENTRIES: The data ring starts at 0xa0290200.
ISDN Debug and Show Commands • PRI ‐ show interface serial 2/1:0 - 14, 16-30 for E1 B channels Use the following table for reference.
ISDN Debug and Show Commands Standard output of the command follows but is not displayed here. The following output is displayed for the BRI interface 2/1: XSR#sh interface bri 2/1 ********** Serial Interface Stats ********** D-Serial 2/1:0 is Admin Down / Oper Down ********************** ISDN Stats ISDN-BRI 2/1 ******************* Layer 1: DOWN Layer 2: DOWN State: OFFLINE Admin Down Oper Down The name of this device is bri2/1/0. The card is 2. The port is 1. The channel is 0. The current MTU is 1506.
ISDN Debug and Show Commands show isdn history This command displays past ISDN actions on the XSR. Syntax show isdn history [board/slot/port] board/slot/port XSR board, slot and port numbers.
ISDN Debug and Show Commands show isdn active This command displays current call information of all BRI or PRI ports, or only the selected port specified by board/slot/port identifier. Syntax show isdn active [board/slot/port] board/slot/port XSR board, slot and port numbers.
ISDN Debug and Show Commands show isdn service This command displays the service status of all or selected ISDN ports. Syntax show isdn service [board/slot/port] board/slot/port XSR board, slot and port numbers.
ISDN Debug and Show Commands 20 CONNECTED 25 CONNECTED 30 CONNECTED 11-100 ISDN BRI and PRI Commands 21 CONNECTED 26 CONNECTED 22 CONNECTED 27 CONNECTED 23 CONNECTED 28 CONNECTED 24 CONNECTED 29 CONNECTED
12 Configuring Quality of Service Observing Syntax and Conventions The CLI Syntax and conventions use the notation described in the following table.
Policy-Map Commands service-policy This command attaches a policy map to an output or input interface. You can attach a single policy map to one or more interfaces. Syntax service-policy [input | output] policy-map-name policy-map-name Attaches the specified policy map onto the output port.
Policy-Map Commands • random-detect exponential-weighting-constant ‐ Configures the WRED exponential weight factor for the average queue size calculation.Refer to page 12‐95 for the command definition. • random-detect precedence ‐ Configures WRED minimum and maximum threshold and maximum drop probability values for a IP precedence value. Go to page 12‐96 for the command definition. • set cos ‐ Marks the IEEE 802.
Policy-Map Commands Example These commands create class‐map class1 and define its match criteria: XSR(config)#class-map class1 XSR(config-cmap)#match access-group 136 These commands create the policy map which is defined to contain policy specifications for class1 and the default class: XSR(config)#policy-map policy1 XSR(config-pmap)#class class1 XSR(config-pmap-c)#bandwidth 2000 XSR(config-pmap-c)#queue-limit 40 XSR(config-pmap)#class class-default XSR(config-pma
Policy-Map Commands Syntax of the “no” Form Remove the bandwidth specified for a class by using the no form of this command: no bandwidth Mode Policy‐Map Class configuration: XSR(config-pmap-c)# Example The following example specifies a bandwidth of 2000 Kbps for polmap6: XSR(config)#policy-map polmap6 XSR(config-pmap)#class acl22 XSR(config-pmap-c)#bandwidth 2000 XSR(config-pmap-c)#queue-limit 30 class This QoS policy‐map sub‐command specifies the name of the traffic class wh
Policy-Map Commands Syntax of the “no” Form The no form of this command removes a class from the policy map: no class {class-name} Mode Policy‐Map configuration: XSR(config-pmap)# Next Mode Policy‐Map Class configuration: XSR(config-pmap-c)# Example This example creates class1 with a minimum of 20 percent in the event of congestion, and the queue reserved for this class can enqueue 40 packets before tail drop is enacted to handle additional packets.
Policy-Map Commands police This command configures traffic policing. Syntax police bps [burst-normal][burst-max][conform-action action][exceed-action action][violate-action action] bps Average rate ranging from 1,000 to 100,000,000 bps. burst-normal Normal burst size ranging from 1,000 to 51,200,000 bps. If less than 1000 bytes burst‐normal will be set to 1000 bytes. burst-max Excess burst size ranging from 1,000 to 51,2000,000 bytes. Value must be greater than or equal to normal‐burst size.
Policy-Map Commands Example The following example defines a traffic class using the class-map command and match criteria from the traffic class with the Traffic Policing configuration, which is configured in the service policy using the policy-map command. The service-policy command is then used to attach this service policy to the interface.
Policy-Map Commands Mode Policy‐Map Class configuration: XSR(config-pmap-c-)# Example The following example configures two PQs for the policy map policy57, with a high priority level, guaranteed bandwidth of 300 kbps and a one‐time allowable burst size of 500 kbps for the map‐ class voice; and a low priority bandwidth, 80 bytes of guaranteed bandwidth, and a burst size 2000 bytes for map‐class beta.
Policy-Map Commands XSR(config)#policy-map policy75 XSR(config-pmap)#class acl203 XSR(config-pmap-c)#bandwidth percent 35 XSR(config-pmap-c)#queue-limit 50 random-detect (RED) This command configures RED for a policy map. This command configures and enables Random Early Detect (RED) for the class.
Policy-Map Commands random-detect (WRED) This command configures and enables Weighted Random Early Detect (WRED) for the class. WRED is a congestion avoidance mechanism that slows traffic by randomly dropping packets when congestion exists. WRED is useful with protocols like TCP that respond to dropped packets by decreasing the transmission rate. To set or change WRED parameters, use the random-detect {dscp | precedence} command. If no parameter passed to the command, the default is prec‐based WRED.
Policy-Map Commands Syntax random-detect dscp dscp-value min-thres max-thres [mark-prob] dscp-value The DSCP value. min-thres Minimum limit of average packet queue length, ranging from 1 to 4096, beyond which the XSR randomly drops packets. max-thres Maximum limit of average packet queue length, ranging from 1 to 4096, beyond which all packets are dropped. mark-prob Mark probability denominator ranging from 1 to 65,536.
Policy-Map Commands Table 12-1 DSCP Threshold/Max Drop Probability Parameters (continued) DSCP Min Threshold Max Threshold Max Drop Probability Cs1 32 40 1/10 Cs2 28 40 1/10 Cs3 24 40 1/10 Cs4 32 40 1/10 Cs5 28 40 1/10 Cs6 24 40 1/10 Cs7 32 40 1/10 Ef 28 40 1/10 Initial parameters for all other DSCP values 24 40 1/10 Examples The following example enables WRED with a minimum threshold for DSCP af21 of 24 and maximum threshold of 40.
Policy-Map Commands Syntax of the “no” Form The no form of this command sets the constant to the default value of 9: no random-detect exponential-weighting-constant Mode Policy‐Map Class configuration: XSR(config-pmap-c-)# Example The following example enables WRED and sets the weight constant to (1/2)^5: XSR(config)#policy-map wred XSR(config-pmap)#class a XSR(config-pmap-c)#random-detect dscp-based XSR(config-pmap-c)#random-detect exponential-weighting-constant 5 random-detect preceden
Policy-Map Commands Defaults • Disabled • Mark‐prob: 10 Mode Policy‐Map Class configuration: XSR(config-pmap-c-)# Examples The following example enables WRED with a minimum IP precedence threshold of 24 and maximum of 40. The dropping probability is 1/4. All other precedence types have default values.
Policy-Map Commands Mode Policy‐Map Class configuration: XSR(config-pmap-c-)# Example The following example configures policy‐map setCosTo4 that matches input priority value range from 5 to 7 and sets the output VLAN priority to 4: XSR(config)#policy-map setCosTo4 XSR(config-pmap)#class matchCos5To7 XSR(config-pmap-c)#set cos 4 set ip dscp This command marks a packet by setting the IP Differentiated Services Code Point (DSCP) in the Type of Service (ToS) byte.
Policy-Map Commands cs1 ‐ Match packets with CS1 DSCP (001000) cs2 ‐ Match packets with CS2 DSCP (010000) cs3 ‐ Match packets with CS3 DSCP (011000) cs4 ‐ Match packets with CS4 DSCP (100000) cs5 ‐ Match packets with CS5 DSCP (101000) cs6 ‐ Match packets with CS6 DSCP (110000) cs7 ‐ Match packets with CS7 DSCP (111000) default ‐ Match packets with default DSCP (000000) ef ‐ Match packets with Expedited Forwarding (EF) DSCP (101110) Syntax of the “no” Form The no form of this command removes a previously s
Policy-Map Commands Mode Policy‐Map Class configuration: XSR(config-pmap-c-xx)# Example The following example sets the IP Precedence bit to 7 for packets that satisfy the match criteria of the class map called class39. All packets that satisfy the match criteria of class39 are marked with the IP Precedence value of 7. How packets marked with the IP Precedence value of 7 are treated is determined by your network configuration.
Class-map Commands Class-map Commands class-map This command creates a class map for matching packets to a specified class. Use it to specify the name of the class for which you want to create or modify class map match criteria. Packets arriving at the output interface are checked against the match criteria set for a class map to determine if the packet belongs to that class.
Class-map Commands XSR(config)#class-map class57 XSR(config-cmap)#match access-group 136 XSR(config)#policy-map policy99 XSR(config-pmap)#class class57 XSR(config-pmap-c)#bandwidth percent 10 XSR(config-pmap-c)#queue-limit 40 XSR(config-pmap)#class class-default XSR(config)#interface serial 1/0 XSR(config-if)#service-policy output policy99 match access-group This command configures the match criteria for a class map on the basis of the specified Access
Class-map Commands match cos This command identifies a specific IEEE 802.1 priority value as a match criterion. Up to 8 priority values can be matched in one match statement. For example, if you wanted the priority values of 0, 1, 2, 3, 4, 5, 6, or 7 (note that only one of the priority values must be a successful match criterion, not all of the specified priority values), enter the match cos 0 1 2 3 4 5 6 7 command.
Class-map Commands Syntax match ip dscp ip-dscp-value [ip-dscp-value][ip-dscp-value] [ip-dscp-value] [ipdscp-value][ip-dscp-value][ip-dscp-value][ip-dscp-value] ip-dscp-value Specifies a value from 0 to 63 to identify an IP DSCP value.
QoS Show Commands Syntax of the “no” Form Use the no form of this command to remove IP precedence values from a class map: no match ip precedence ip-precedence-value [ip-precedence-value] [ip-precedencevalue][ip-precedence-value][ip-precedence-value][ip-precedence-value][ipprecedence-value] [ip-precedence-value][ip-precedence-value] Mode Class‐map configuration: XSR(config-cmap-xx)# Example The following example shows how to configure the service policy called priority50 and attach service policy priorit
QoS Show Commands Class Match Class Match Class Match map c3 access-group 103 map c2 ip precedence 2 map c1 ip dscp 32 show policy-map This command displays the configuration of all classes for a specified service policy map or all classes for all existing policy maps. It displays the configuration of a service policy map created using the policy-map command.
QoS Show Commands show policy-map interface This command shows the configuration of all service policies applied on an interface or Frame Relay Data‐link Connection Identifier (DLCI). It displays the configuration for classes on the specified interface or specified DLCI only if a service policy has been attached to the interface or PVC. This command shows input and the output policies applied to the interfaces.
QoS Show Commands XSR(config)#map-class frame-relay foo XSR(config-map-class)#frame-relay cir out 100000 XSR(config-map-class)#frame-relay bc out 10000 XSR(config-map-class)#service-policy output mypolicy XSR(config-map-class)#service policy input mypolicy XSR#show policy-map interface s1/0.1 dlci 100 Serial1/0.1: DLCI 100 output: mypolicy Class smallPackets Priority High Bandwidth 800 (kbps)Actual bandwidth 0 (kbps), Random-detect : Avg Qsize: 5.
QoS Show Commands Tail drops Sum of packets dropped by Tail Drop buffer management. Tx Sum of packets transmitted successfully. NoBuff Sum of packets rejected by the driver because of no buffer. This value is always zero when the policy map is applied to DLCI and MLPPP. Error Sum of transmit (driver) errors when trying to send out a packet. Value is always zero when the policy map is applied to DLCI and MLPPP. Avg Qsize RED average queue size. Random Drops Sum of packets dropped by RED.
QoS Show Commands DSCP 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 12-110 min-th 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 10 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 Configuring Quality of Service max-th 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 20 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 mark-prob 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
QoS Show Commands 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 2 5 20 2 5 20 2 5 20 2 5 20 2 5 20 2 5 20 2 5 20 2 5 20 2 5 20 2 5 20 2 5 20 2 5 20 2 5 20 2 5 20 2 5 20 Exponential weighting constant: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 9 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Parameter Descriptions Average Queue size Average output queue size for this interface. Total Random Drops Sum of packets dropped for all DSCP codepoint.. Min-th Minimum threshold. Max-th Maximum length of the queue.
QoS Show Commands Sample Output This following commands configure shape information for each class.
13 Configuring ADSL Observing Syntax and Conventions The CLI command syntax and conventions use the notation described below.
CMV Commands Syntax cmv append command-ID offset value command-ID Represents a 4‐character CMV command. offset Decimal or hexadecimal number representing where to write the value. value Decimal or hexadecimal number.
CMV Commands Syntax cmv cr command-ID offset command-ID Represents a 4‐character CMV command. offset Decimal or hexadecimal number representing where to read the value. Mode ATM Interface configuration: XSR(config-if)# Example The following example reads CMV STAT 0 from the DSP: XSR(config-if)#cmv cr STAT 0 cmv cw This command writes a Command Management Variable (CMV) to the DSP. This command is intended for use by Enterasys field service personnel only.
CMV Commands Syntax cmv delete command-ID offset [value] command-ID Represents a 4‐character CMV command. offset Decimal or hexadecimal number representing where to write the value. value Decimal or hexadecimal number Mode ATM Interface configuration: XSR(config-if)# Example The following example deletes CMV OPTN2, from the retaining list: XSR(config-if)#cmv delete OPTN 2 cmv print This command prints the Command Management Variable (CMV) training list on the console.
Other ADSL Commands Syntax cmv save file-name file-name The name of the file used to save the CMV training list. Mode ATM Interface configuration: XSR(config-if)# Example The following example saves the CMV training list to file retrain‐list: XSR(config-if)#cmv save retrain-list Save complete XSR(config-if)# Other ADSL Commands description This command adds a description string to an existing ATM interface object.
Other ADSL Commands interface atm This command creates an ATM interface object and its associated device driver which downloads the specified firmware file to the on‐board DSP. Depending on the size of the DSP firmware and the characteristics of the download procedure, this procedure may take a noticeable amount of time. After a successful load, the interface and device driver is in the administrative down state (shutdown).
Other ADSL Commands • backup ‐ configures and enables a backup interface for the ATM sub‐interface. Refer to page 13‐90 for the command description. • crypto ‐ enables and configures VPN parameters on the sub‐interface. Refer to page 13‐92 for the command description. • description ‐ adds a description string to an existing ATM sub‐interface. Refer to page 13‐92 for the command description. • encapsulation ‐ selects the data encapsulation method for this ATM sub‐interface.
Other ADSL Commands Defaults • Backup: Disabled • VPN: Disabled • Description: Set to the empty string • Encapsulation: None • IP: Not configured • PPP: Not configured • OAM procedures: Disabled • ATM PVC VPI/VCI: Set to 1/32 • The sub‐interface will be in the shutdown state Example The following example creates an ATM sub‐interface object on ATM interface slot 0, card 1, port 1: XSR(config)#interface atm 0/1/1.1 point-to-point XSR(config-if
Other ADSL Commands Default Disabled by default. When enabled, all operational parameters must be specified. Example The following example configures a sub‐interface backup with a Dialer ID of 1, delay of 20 seconds before switching to the backup, and a delay of 10 seconds before switching back to the ATM sub‐interface. The example also configures the sub‐interface to switch to the backup line at 8:30 P.M. then switch back to the normal interface at 9:50 P.M. : XSR(config-if
Other ADSL Commands XSR(config-if)#crypto ezipsec XSR(config-if)#crypto ipsec df-bit copy XSR(config-if)#crypto map ets-vpn description This command adds a description string to an existing ATM sub‐interface. This command requires a properly configured ATM sub‐interface. Syntax description description_text description _text A string describing the sub‐interface object. Text with embedded spaces must be enclosed in double quotes. Omitting text causes an empty string.
Other ADSL Commands service -name The name of the PPPoE service. If not specified, PPPoE connects to the first advertised service name. At this time, the XSR will connect with the first advertised service name only. Syntax of the “no” Form The no form of this command removes any form of encapsulation, effectively disabling the sub‐ interface: no encapsulation Mode ATM Sub‐Interface configuration: XSR(config-if)# Default The default encapsulation is none.
Other ADSL Commands Syntax ip address {ip-address/subnet-mask | negotiated} ip-address The IP address associated with this sub‐interface in the form: A.B.C.D. subnet-mask The subnet mask bits represents the number of bits set to 1 in the subnet mask, ranging from 0 to 32. negotiated IP address/subnet mask are negotiated by PPP. This value cannot be set when using IPoA encapsulation.
Other ADSL Commands oam-pvc This command enables end‐to‐end F5 (circuit) OAM cell procedures for ATM Permanent Virtual Circuit (PVC) management. OAM cells and how they are used are as follows: • Alarm Indication Signal (AIS) – Received from the network to indicate a problem in the forward‐to‐XSR data flow. • Continuity Check (CC) – Echoed to the sender when received. The XSR does not generate CC cells for connectivity management but will respond to CC procedure negotiation cells.
Other ADSL Commands Example The following example sets the OAM frequency to 20 seconds: XSR(config-if)#oam-pvc manage 20 oam retry This command configures parameters related to OAM cell handling for ATM VC management. This command requires a properly configured ATM sub‐interface. Syntax oam retry up-count down-count retry-frequency up-count Sum of consecutive end‐to‐end F5 OAM loopback cells responses that must be received to change the VC connection state to up. Range: 0 to 255.
Other ADSL Commands Syntax pvc vpi/vci vpi/vci ATM VC identifier values. VPI range: 0 to 255, VCI range: 0 to 65535. Syntax of the “no” Form The no form of this command returns this parameter to its default setting: no pvc Mode ATM Sub‐Interface configuration: XSR(config-if)# Default VPI/VCI defaults to 1/32. This is not the ILMI virtual circuit. Example This example sets the sub‐interface circuit type to PVC and sets the ATM VPI/VCI values to 2/48: XSR(config-if
Other ADSL Commands no shutdown This command sets the ATM interface to the administrative Up state and enables the line for operation. Data traffic cannot flow until at least one associated sub‐interface is set to the administrative Up state. Issuing this command does not change the administrative state of sub‐ interfaces associated with this ATM interface. This command surveys the status of the DSP firmware (which was loaded and started at boot time) and if it finds it in an illegal state (i.e.
PPP Configuration Commands PPP Configuration Commands This section lists the subset of PPP configuration commands that apply when an ATM sub‐ interface is configured for PPPoA or PPPoE encapsulation. ppp chap This command configures PPP to use the Challenge Handshake Authentication Protocol (CHAP) for user authentication on a PPP session. This command requires a properly configured ATM sub‐ interface specifying encapsulation type PPPoA or PPPoE.
PPP Configuration Commands Syntax of the “no” Form The no form of this command returns this parameter to its default setting: no ppp keepalive Mode ATM Sub‐Interface configuration: XSR(config-if)# Defaults • Disabled • Keepalive period: 30 seconds Example This example enables the keepalive mechanism and sets the time between messages to 20 seconds: XSR(config-if)#ppp keepalive 20 ppp lcp This command configures Link Control Protocol (LCP) parameters for PPP.
PPP Configuration Commands Example The following example sets LCP parameters: XSR(config-if)#ppp lcp max-configure 5 max-failure 5 max-terminate 2 XSR(config-if)# ppp max-bad-auth This command configures the maximum number of authentication failures for PPP. It requires a properly configured ATM sub‐interface specifying encapsulation type PPPoA or PPPoE. Syntax ppp max-bad-auth count Peak number of authentication attempts.
PPP Configuration Commands Syntax of the “no” Form The no form of this command returns this parameter to its default setting: no ppp pap Mode ATM Sub‐Interface configuration: XSR(config-if)# Default PAP is disabled Example The following example sets the PAP user name to bob and the password to confidential: XSR(config-if
ATM Clear and Show Commands ppp timeout retry This command sets the maximum time to wait for a response during PPP negotiation. It requires a properly configured ATM sub‐interface specifying encapsulation type PPPoA or PPPoE. Syntax ppp timeout retry seconds The peak wait interval, ranging from 1 to 255 seconds. Syntax of the “no” Form The no form of this command returns this parameter to its default setting: no ppp timeout retry Mode ATM Sub‐Interface configuration: XSR(config-if
ATM Clear and Show Commands Example The following example clears the ATM counters: XSR#clear counters atm show controllers atm This command displays internal hardware configuration and operational interface details regarding: receive (Rx) and transmit (Tx) DMA descriptors, memory usage, and PCI device ID information.
ATM Clear and Show Commands The following is sample output when a sub‐interface is specified: XSR#show controllers atm 1/0.1 ********** ATM Sub-Interface Stats ********** ATM 1/0.
ATM Clear and Show Commands Parameters in the Sub-Interface Response DSP Image File: CFlash:adsl.fls Name of the file containing the DSP image. DSP Image Rev.: 43e2ea93 Vendorʹs revision of the DSP image. DMT state: 42 Current operational state of the DSP. OAM counters/ UNK counters Sub‐set of the interface table input and output counters for the OAM and unconfigured channels on the ATM interface. Refer to RFC‐1213 for parameter descriptions.
ATM Clear and Show Commands show interface atm This command displays the running configuration and statistical details for an ATM interface. Statistics supported by the ADSL interface are hardware dependent.
ATM Clear and Show Commands Examples The following is sample output when an interface is specified: XSR#show interface atm 1/0 ********** ATM Interface Stats ********** ATM 1/0 is Admin Up / Oper Up The name of this device is adsl Administrative State is ENABLED Operational State is UP OAM circuit is UP The upstream data rate is 480 kbit/sec The downstream data rate is 10208 kbit/sec General info: ifindex ifType ifAdminStatus ifOperStatus ifLastChange ifInOctets ifInUcastPkts ifInNUcastPkts ifInDiscards i
ATM Clear and Show Commands The The The The The logical link is currently Up Name of the Access Concentrator is ENTERASY-CDDU1S Session Id is 0x000b MAC Address of the Access Concentrator is 0x00:60:f9:11:01:08 MTU is 1492 The name of this device is adsl-0 Administrative state is ENABLED Operational State is UP Circuit monitoring enabled VPI is 1. VCI is 32.
ATM Clear and Show Commands General info: MIB2 interface table entries as described in RFC‐1213 including AIS F4, RDI F4, CC F4, LPBK F4. The last four fields in the General info section count the number OAM cells (by type) received by the interface on the Virtual Path (F4) flow. The circuit table at the end of the display lists all the configured ATM sub‐interfaces related to this ATM interface. • VPI/VCI ‐ PVC circuit identifier. • AAL5 ‐ Sum of AAL5 frames received.
14 Configuring the VPN Observing Syntax and Conventions The CLI Syntax and conventions use the notation described in the following table.
PKI commands • “Crypto Map Mode Commands” on page 14‐110. • “Crypto Transform Mode Commands” on page 14‐115. • “Crypto Show Commands” on page 14‐118. • “Interface CLI Commands” on page 14‐121. • “Interface VPN Commands” on page 14‐122. • “Tunnel Commands” on page 14‐127. • “Tunnel Clear and Show Commands” on page 14‐132. • “Additional Tunnel Termination Commands” on page 14‐134. • “DF Bit Commands” on page 14‐137. Note: AAA commands are described in Chapter 13: Configuring Security.
CA Identity Mode Commands name Name for the CA. Syntax of the “no” Form Use the no form to delete all identity information and certificates associated with the CA: no crypto ca identity name Mode Global configuration: XSR(config)# Next Mode Certificate Authority Identity configuration: XSR(ca-identity)# Examples The following example declares and identifies characteristics of the CA. In this example, the name ACMEca is created for the CA, which is located at http://ca_server..
CA Identity Mode Commands Mode Certificate Authority Identity configuration: XSR(ca-identity)# Example The following example sets the CRL to be retrieved for five hours: XSR(config)#crypto ca identity ACMEca XSR(ca-identify)crl frequency 300 enrollment http-proxy This command specifies the local HTTP proxy server name and port. Syntax enrollment http-proxy hostname port_# hostname The URL of the local HTTP proxy server, which is the proxy serverʹs IP address.
CA Identity Mode Commands Syntax of the “no” Form The no form of this command resets the value to the default: no enrollment retry count Default 3 Mode Certificate Authority Identity configuration: XSR(ca-identity)# Example The following example declares a CA, and changes the retry period to 10 minutes and the retry count to 60.
CA Identity Mode Commands XSR(config)#crypto ca identity ACMEca XSR(ca-identity)#enrollment url http://ca_server XSR(ca-identity)#enrollment retry period 5 enrollment url This command sets the Uniform Resource Locator (URL) of the Certificate Authority (CA). If the CA cgi‐bin script site is not the default /cgi‐bin/ pkiclient.exe at the CA, you must also include the non‐standard script site in the URL as http://CA_name/ script_location where script_location is the full path to the CA scripts.
CA Identity Mode Commands Caution: We recommend that you do not enroll more certificates than permitted by the 1.5 MByte system limit imposed on the cert.dat Flash file. Doing so may destabilize the XSR and require you to delete the file. Syntax crypto ca enroll name name Name of the CA. Use the same name as when you declared the CA with the crypto ca identity command.
Other Certificate Commands show crypto ca identity This command displays data about enrolled Certificate Authorities (CA).
Other Certificate Commands Mode Global configuration: XSR(config)# Sample Output The following script prompts you to accept the certificate. XSR#crypto ca authenticate ACMEca Certificate has the following attributes: Fingerprint: 0123 4567 89AB CDEF 0123 Do you accept this certificate? [yes/no] y crypto ca certificate chain This command invokes Certificate Chain mode. In this mode, you can delete a certificate by entering the no certificate commands.
Other Certificate Commands crypto ca crl request This command downloads a new Certificate Revocation List (CRL) from the specified Certificate Authority (CA), updating the CRL. Syntax crypto ca crl request name name CA name. Use the same name you declared using crypto ca identity.
Other Certificate Commands Issuer: C=US, O=sml, CN=ldapca Valid From: 2002 Aug 20th, 18:26:01 GMT Valid To: 2002 Aug 20th, 20:01:01 GMT Issuing CDP: ldap://ldapca.sml.
IKE Security Protocol Commands The following is sample output from the command when the CA supports an RA. In this example, CA and RA certificates were requested earlier by the crypto ca authenticate command.
ISAKMP Protocol Policy Mode Commands ISAKMP Protocol Policy Mode Commands crypto isakmp proposal This command defines an IKE proposal (policy) ‐ a set of parameters used during IKE negotiation. It invokes ISAKMP protocol policy configuration mode where the following sub‐commands are available to specify parameters in the proposal: • authentication ‐ Authentication method used by an IKE proposal. Refer to page 14‐96 for the command definition. • encryption ‐ Encoding method used by an IKE proposal.
ISAKMP Protocol Policy Mode Commands Next Mode ISAKMP protocol proposal configuration: XSR(config-isakmp)# Example The following example configures two policies for the peer: XSR(config)#crypto isakmp proposal 57 XSR(config-isakmp)#hash md5 XSR(config-isakmp)#authentication rsa-sig XSR(config-isakmp)#group2 XSR(config-isakmp)#lifetime 5000 XSR(config)#crypto isakmp policy 99 XSR(config-isakmp)#authentication pre-share XSR(config-isakmp)#lifetime 10000 The above configuration results in the following poli
ISAKMP Protocol Policy Mode Commands encryption This command sets the encryption algorithm used in an IKE proposal (policy). Syntax encryption {des | 3des | aes} des Data Encryption Standard (DES) encryption. 3des Triple Data Encryption Standard (3DES) encryption. aes Advanced Encryption Standard (AES) encryption.
ISAKMP Protocol Policy Mode Commands Syntax of the “no” Form The no form of this command resets the value to the default: no group Default Group 2 Mode ISAKMP protocol policy configuration: XSR(config-isakmp)# Example The following example configures Group 5 on ACMEproposal: XSR(config)#crypto isakmp proposal ACMEproposal XSR(config-isakmp)#Group5 hash This command sets the hash algorithm used in an IKE proposal (policy). Syntax hash {sha | md5} sha Secure Hash Algorithm1 (SHA‐1) hash.
Remote Peer ISAKMP Protocol Policy Mode Commands lifetime This command specifies the lifetime of an IKE Security Association (SA) for a given IKE proposal (policy). Syntax lifetime seconds seconds The interval, in seconds, each SA exists before expiring.
Remote Peer ISAKMP Protocol Policy Mode Commands Syntax crypto isakmp peer_address subnet-mask peer_address Peerʹs IP address or IP subnet to which the policy will be attached. subnet-mask Value used with the peer‐address.
Remote Peer ISAKMP Protocol Policy Mode Commands Default Disabled Mode Remote Peer ISAKMP protocol policy configuration: XSR(config-isakmp-peer)# Example The following example configures the IKE IP address assignment mode to client: XSR(config)#crypto isakmp peer 2.2.2.2 255.255.255.0 XSR(config-isakmp-peer)#config-mode client exchange-mode This command sets IKE to main or aggressive exchange mode.
Remote Peer ISAKMP Protocol Policy Mode Commands XSR(config-isakmp-peer)#exchange-mode main nat-traversal The command sets the IKE and IPSec NAT (Network Address Translation) traversal mode used when communicating with remote peers matching the peer subnet and wildcard masks. The automatic parameter configures IKE to automatically detect unroutable IP addresses between the local and remote gateway and to then switch to UDP encapsulation of IPSec traffic.
Remote Peer ISAKMP Protocol Policy Mode Commands Syntax of the “no” Form The no form of this command removes policies from the peer: no proposal Mode Remote Peer ISAKMP protocol policy configuration: XSR(config-isakmp-peer)# Example The following example attaches a proposal to the remote peer: XSR(config)#crypto isakmp peer 192.168.57.9 255.255.255.
Remote Peer Show Commands Remote Peer Show Commands show crypto isakmp peer This command displays attributes for each ISAKMP peer. IKEʹs first configuration derives from the IP address of the remote peer. ISAKMP peers created by EZ‐IPSec configuration are marked with an asterisk (*) in the leftmost column of the show output. These proposals may not be used in other user‐defined ISAKMP policies ‐ they are reserved for EZ‐IPSec.
Remote Peer Show Commands show crypto isakmp proposal This command lists attributes for each Internet Key Exchange (IKE) proposal. ISAKMP proposals created with EZ‐IPSec are marked with an asterisk (*) in the show output. These proposals may not be used in other user‐defined ISAKMP policies ‐ they are reserved for EZ‐IPSec.
IPSec Commands Parameters Descriptions Main Mode Exchange MM_NO_STATE ISAKMP SA has only just been created and no state is yet established. MM_SA_SETUP Peers have agreed on settings for the ISAKMP SA. MM_KEY_EXCH Peers have exchanged Diffie‐Hellman public keys and built a shared secret. The ISAKMP SA is not authenticated. MM_KEY_AUTH ISAKMP SA is authenticated. If the XSR began this exchange, this state transitions immediately to QM_IDLE and a Quick Mode exchange begins.
IPSec Commands Syntax access-list acl-number {deny | permit} protocol [source_addr source_mask [eq port] destination_addr destination_mask [eq port] acl-number A uniquely defined access list number. deny Prevents traffic from being protected by IPSec in the contextof a particular crypto map entry: it does not allow the policy as set in crypto map statements to be applied to this traffic.
IPSec Clear and Show Commands IPSec Clear and Show Commands clear crypto sa This command deletes IPSec Security Associations (SAs) as follows: • If the SAs were established via IKE, they are deleted and future IPSec traffic will require new SAs to be negotiated. (When IKE is used, the IPSec SAs are established only when needed.) • The peer keyword deletes any IPSec SAs for the specified peer. • The map keyword deletes any IPSec SAs for the named crypto map set.
IPSec Clear and Show Commands number Access list number defined using the access-list command. log-update-threshold Packet ceiling, when met, will trigger violations log. Default If an access list number is not specified, all access lists are shown. Mode EXEC or Global configuration: XSR> or XSR(config)# Examples The following example displays configured access lists on the XSR: XSR#show access-lists Extended IP access list 100 permit ip any host 192.168.1.
Crypto Map Mode Commands Sample Output The following output displays when a master key is generated: XSR(config)#crypto key master generate New key is 8573 4583 3994 2ff5 183b 4bdf fe92 dbc1 1132 ffe0 f8d9 3759 A script displays when a master key is specified, prompting you for the following information: XSR(config)#crypto key master specify Specify first encryption key in hex digits: Specify second encryption key in hex digits: Specify third encryption key in hex digits: Are you sure? [y]: []: 8573 4583
Crypto Map Mode Commands Crypto Map Rules A crypto map is a collection of rules, each with a different seq‐num but the same map‐name. So, for a given interface, you can have certain traffic forwarded to one IPSec peer with specified security applied to that traffic, and other traffic forwarded to the same or a different IPSec peer with different IPSec security applied. To accomplish this you create two crypto maps, each with the same map‐name, but each with a different seq‐num.
Crypto Map Mode Commands access-list-id Identifies the extended ACL by its number. This value should match the access‐list‐number argument of the ACL being matched. Syntax of the “no” Form Use the no form to remove the ACL from a crypto map entry: no match address [access-list-id] Default No access lists are matched to the crypto map entry.
Crypto Map Mode Commands Mode Crypto Map configuration: XSR(config-crypto-m)# Example This example defines a transform‐set and changes the mode to transport mode. The mode value only applies to IP traffic with source and destination addresses at the local and remote IPSec peers. XSR(config)#crypto ipsec transform-set newer esp-des esp-sha-hmc XSR(config)crypto map ACMEmap 14 XSR(config-crypto-m)#mode transport set peer This command specifies an IPSec peer in a crypto map entry.
Crypto Map Mode Commands set security-association level per-host This command specifies that separate IPSec Security Associations (SAs) should be requested for each source/destination host pair. Syntax set security-association level per-host Syntax of the “no” Form The no form specifies that one SA should be requested for each crypto map ACL permit entry.
Crypto Transform Mode Commands Example This example defines two transform‐sets, specifying both can be used within a crypto map entry. When traffic matches ACL 101, the SA can use either transform‐set my_t_set1 (first priority) or my_t_set2 (second priority) depending on which transform‐set matches the remote peerʹs transform‐sets.
Crypto Transform Mode Commands Mode of the “no” Form The no form of the command deletes a transform‐set: no crypto ipsec transform-set transform-set-name Mode Global configuration: XSR(config)# Next Mode Crypto Transform configuration: XSR(cfg-crypto-tran)# Example The following example defines the transforms to apply for t‐set1 SA negoatiation: XSR(config)#crypto ipsec transform-set t-set1 esp-3des esp-sha-hmac set pfs This command specifies that IPSec ask for Perfect Forward Secrecy (PFS) when reques
Crypto Transform Mode Commands Mode Crypto Transform configuration: XSR(cfg-crypto-tran)# Example This example selects PFS group 2 whenever a new SA is negotiated for crypto map ACMEmap: XSR(config)#crypto map ACMEmap 7 ipsec-isakmp XSR(config)#crypto ipsec transform-set t-set1 esp-3des esp-sha-hmac XSR(cfg-crypto-tran)#set pfs group2 set security-association lifetime This command sets the lifetime interval used when negotiating IPSec Security Associations (SAs).
Crypto Show Commands Crypto Show Commands show crypto ipsec sa This command displays current Security Associations (SAs) settings. Syntax show crypto ipsec sa [map map-name | address] map-name Shows any existing SAs created for the crypto map set named map‐name. address Shows all existing SAs, sorted by the destination address (either the local address or the address of the IPSec remote peer) and then by protocol (AH or ESP).
Crypto Show Commands ESP Type of SA: either ESP or AH. SPI=40d5e065 Unique Security Parameter Index (SPI) number for the SA. Transform Encryption algorithm set. Life=3589s/249932KB Lifetime of the SA in seconds and KBytes. Local crypto endpt.‐10.2.1.34:4500 IP address and port number of the local crypto peer. Remote crypto endpt.‐10.2.1.34:4500 IP address and port number of the remote crypto peer. Encapsulation ESP or AH Encoding Mode.
Crypto Show Commands show crypto map This command displays the crypto map configuration. IPSec crypto maps created with EZ‐IPSec configuration are marked with an asterisk (*) in the leftmost column of the show output. These proposals may not be used in other user‐defined IPSec policies. They are reserved for EZ‐IPSec.
Interface CLI Commands Interface CLI Commands crypto map This command applies a previously defined crypto map to an interface. It is governed by the following rules: • A crypto map must be assigned to an interface before that port can provide IPSec services. • Only 1 crypto map can be assigned an interface although it can be attached to multiple ports. • A crypto map may not be assigned to an interface that already has crypto ezipsec enabled.
Interface VPN Commands crypto ezipsec This command creates a suite of IPSec policies, sorted by cryptographic strength, that are offered to the remote security gateway. The gateway selects one of these policies based on its local configuration. EZ‐IPSec relies upon the IKE Mode Configuration protocol to obtain an IP address from the remote security gateway. An EZ‐IPSec crypto map is also created and attached to the interface under configuration.
Interface VPN Commands • ip multicast-redirect - Native IPSec tunnels attached to VPN interfaces will not easily forward multicast traffic multicast packet redirection to the unicast address of the remote tunnel endpoint. Refer to page 14‐126 for the command definition. • ip address ‐ Defines an explicit IP address on this virtual interface. Refer to page 5‐151 for the command description. • ip nat source ‐ Controls NAT on packets entering this VPN port.
Interface VPN Commands A multi‐point interface accepts many inbound tunnels and is used when the XSR is configured as a remote access VPN gateway. Note: The no shutdown command is not required to bring up the virtual interface because it is always enabled. Syntax interface vpn {number}{point-to-point | multi-point} number VPN interface number ranging from 1 to 255. point-to-point VPN port type initiating outbound tunnels to another gateway.
Interface VPN Commands Mode VPN Interface configuration: XSR(config‐if)# Example The following example configures VPN interface 1 with an IP address, and TOS copy enabled. It also sets a peer IP address, GRE, and turns on the associated VPN tunnel. XSR(config)#interface vpn 1 XSR(config-int-vpn)#ip address 20.20.20.1/24 XSR(config-int-vpn)#copy-tos XSR(config-int-vpn)#service-policy output vpn XSR(config-int-vpn)#tunnel t1 XSR#(config-tms-tunnel)#set protocol gre XSR#(config-tms-tunnel)#set peer 10.
Interface VPN Commands ip address negotiated This command marks the VPN interface to dynamically get its IP address via the tunnel protocol. PPTP and L2TP protocols use PPP IPCP and IPSec/IKE uses the Mode Configuration protocol.
Tunnel Commands Mode Internet Protocol Interface configuration: XSR(config-int)# Example This example redirects multicast traffic to the remote tunnel server: XSR(config)#interface vpn 57 multi-point XSR(config-int)#ip multicast-redirect tunnel-endpoint service-policy This command attaches a policy map to an VPN output or input interface. You can attach a single policy map to one or more interfaces.
Tunnel Commands • set protocol - Defines the VPN tunneling protocol used when the tunnel is created: client mode or network extension mode. Refer to page 14‐130 for the command definition. • set user - Username employed when connecting to the remote peer. Refer to page 14‐131 for the command definition. Syntax tunnel tunnel-name tunnel-name The name assigned to the tunnel.
Tunnel Commands Mode Tunnel configuration: XSR(config-tms-tunnel)# Example The following example enables the tunnel ACME_VPN: XSR(config)#interface vpn 57 multi-point XSR(config-int)#tunnel ACME_VPN XSR#(config-tms-tunnel)#set active set heartbeat This command configures the mechanism to probe a tunnel peer to monitor tunnel connectivity. Ping is used over IKE/IPSec tunnels configured with dynamically assigned addresses. Syntax set heartbeat {interval | retries>} [A.B.C.
Tunnel Commands set peer This command specifies the physical IP address of the remote VPN gateway. Syntax set peer ip-address ip-address IP address of the peer. Syntax of the “no” Form no set peer ip-address Mode Tunnel configuration: XSR#(config-tms-tunnel)# Example The following example sets the IP address of the remote VPN gateway: XSR(config)#interface vpn 57 multi-point XSR(config-int)#tunnel ACME_VPN XSR#(config-tms-tunnel)#set peer ip-address 192.168.57.
Tunnel Commands Mode Tunnel configuration: XSR#(config-tms-tunnel)# Default IPSec Examples The following example sets the IPSec tunnel protocol in client mode: XSR(config)#interface vpn 29 point-to-point XSR(config-int)#tunnel ACME_VPN XSR#(config-tms-tunnel)#set protocol ipsec client-mode The example below connects a GRE tunnel attached to a VPN interface: XSR(config)#interface vpn 2 point-to-point XSR(config-int)#ip address 192.168.1.123 255.255.255.
Tunnel Clear and Show Commands Tunnel Clear and Show Commands clear tunnel This command terminates a non‐GRE tunnel associated with a user or tunnel ID. Tunnels will re‐ establish themselves if set to do so unless the user is disabled in its database. For example, a cleared IPSec tunnel will re‐establish if traffic is initiated. Note: This command terminates all but GRE and GRE/IPSec tunnels with an error message displayed if you attempt to do so.
Tunnel Clear and Show Commands User: xsrclient Tunnel ID: VPN Interface: Group: Connect Time: Protocol: Authentication Method: Packets In/Out: Errors In/Out: Discards In/Out: 40000001 VPN1 xsrgroup 11/05/2003, 23:39 L2TP MS-CHAPv2 0000000088/0000000027 0000000000/0000000000 0000000000/0000000000 The following is sample output queried by the Tunnel ID 40000001: XSR#show tunnel 40000001 Tunnel ID: 40000001 User: VPN Interface: Group: Connect Time: Protocol: Authentication Method: Packets In/Out: Errors In/
Additional Tunnel Termination Commands Additional Tunnel Termination Commands ip local pool This command configures a local pool of IP addresses for when a remote peer connects to a point‐ to‐multipoint interface or for use by DHCP. Note: If an aaa user is configured to use a static IP address which belongs to a local IP pool, you must exclude that address from the local pool to prevent it from being assigned to another user.
Additional Tunnel Termination Commands exclude This sub‐command bars the use of a range of IP addresses from an earlier created IP pool. Syntax exclude {ip address} {number} ip address Starting address to be excluded from pool. number Number of addresses to exclude, ranging from 1 to 65535.
Additional Tunnel Termination Commands show ip local pool This command displays statistics for any defined IP address pools. Syntax show ip local pool [name] name Name you specified for an IP address pool. Mode Privileged EXEC: XSR# Sample Output This output displays when the command is specified without a name: XSR#show ip local pool -----------IP Pools Statistics----------Pool Subnet Mask test 10.120.122.0 255.255.255.192 26 local 1.1.1.0 255.255.255.0 ddd 1.2.3.4 255.255.255.255 test 192.168.57.
DF Bit Commands 10.120.122.22 10.120.122.24 10.120.122.25 10.120.122.26 10.120.122.28 10.120.122.31 10.120.122.32 Inuse addresses: 10.120.122.10 10.120.122.21 10.120.122.23 10.120.122.27 10.120.122.29 10.120.122.30 10.120.122.34 Excluded addresses: Reserved addresses: 10.120.122.0 10.120.122.4 Parameter Description Pool Name of the IP pool. Subnet Mask of the IP pool. Mask IP address subnetwork of the IP pool. Free Sum of unused IP addresses within the pool.
DF Bit Commands copy XSR will search the original packet for the outer DF bit setting. Defaults • Disabled • Copy setting Mode Global configuration: XSR(config)# Example The following example clears the DF bit on all interfaces: XSR(config)#crypto ipsec df-bit clear crypto ipsec df-bit (Interface configuration) This command sets the DF bit for the encapsulating header in VPN Tunnel Mode to a specific interface.
15 Configuring DHCP Observing Syntax and Conventions The CLI command syntax and conventions use the notation described in the following table.
DHCP Commands Syntax of the “no” Form Use the no form of this command to delete the boot image name: no bootfile Mode Any of the following command modes are available: DHCP pool configuration: XSR(config-dhcp-pool)# DHCP host configuration: XSR(config-dhcp-host)# DHCP client class configuration: XSR(config-dhcp-class)# Example The following example specifies roboboot as the name of the boot file: XSR(config-dhcp-pool)#bootfile roboboot client-class This command specifies the name of a DHCP client class.
DHCP Commands Example The following example specifies string clientclass1 that will be the name of the client class: XSR(config-dhcp-pool)#client-class cc1 client-identifier This command specifies the unique identifier (in dotted hexadecimal notation) for a Microsoft DHCP client. It is valid for manual bindings only. Microsoft DHCP clients require client identifiers instead of hardware addresses. The client identifier is formed by concatenating the media type and the Ethernet hardware (MAC) address.
DHCP Commands Example The following example specifies the client identifier for MAC address 00.01f4.0127.10 in dotted hexadecimal notation: XSR(config-dhcp)#client-identifier 0100.01f4.0127.10 The following example specifies the client identifier for MAC address 0001.f401.2710 in dotted hexadecimal notation, for the host with IP address 10.10.10.20: XSR(config-dhcp-pool)#host 10.10.10.20 255.255.255.0 XSR(config-dhcp-host)#client-identifier 0100.01f4.0127.
DHCP Commands debug ip dhcp server This command enables DHCP server debugging. This command should be used for troubleshooting purposes only. Syntax debug ip dhcp server {events | packets | linkages} events Reports server events, such as address assignments and database updates. packets Decodes DHCP receptions and transmissions. linkages Displays database linkage data such as parent-child relationships in a radix tree.
DHCP Commands Mode Any of the following command modes are available: DHCP pool configuration: XSR(config-dhcp-pool)# DHCP host configuration: XSR(config-dhcp-host)# DHCP client class configuration: XSR(config-dhcp-class)# Example The following example sets 14.12.1.99 as the IP address of the default router for any client in the subnet with three other routers in descending order of preference: XSR(config-dhcp-pool)#default-router 14.12.1.99 14.13.1.66 14.12.1.56 14.12.1.
DHCP Commands Example The following example specifies 11.12.1.99 as the IP address of the DNS server of a client in the subnet: XSR(config-dhcp-pool)#dns-server 11.12.1.99 The following example specifies 11.12.1.99 as the IP address of the DNS server of the host with the MAC address 1111.2222.3333: XSR(config-dhcp-pool)#hardware-address 1111.2222.3333 XSR(config-dhcp-host)#dns-server 11.12.1.99 The following example specifies 11.12.1.
DHCP Commands The following example specifies enterasys.com as the domain name of any client in the client‐class engineering: XSR(config-dhcp-pool)#client-class engineering XSR(config-dhcp-class)#domain-name enterasys.com hardware-address This command sets the hardware address of a DHCP client and is valid for manual bindings only. Note: You cannot add a hardware address to different DHCP pools. Hardware address 0100.01f4.0127.10 cannot be added to both pool1 and pool2, e.g.
DHCP Commands Examples The following example specifies the hardware address for the DHCP client host to be of Ethernet type with MAC address 0001.f401.2710: XSR(config-dhcp-pool)#hardware-address 0001.f401.2710 ethernet The following example specifies the hardware address for the DHCP client host with IP address 10.10.10.20 to be of Ethernet type with 0001.f401.2710 as the MAC address: XSR(config-dhcp-pool)#host 10.10.10.20 255.255.255.0 XSR(config-dhcp-host)#hardware-address 0001.f401.
DHCP Commands Next Mode When this command is specified from either DHCP pool configuration mode or DHCP class configuration sub‐mode, the CLI acquires DHCP host configuration mode. When specified from DHCP host or client mode, the command does not acquire a sub‐mode. XSR(config-dhcp-host)# Examples This example sets 15.12.1.99 as the IP address of the client and 255.255.248.0 as its subnet mask: XSR(config-dhcp-pool)#host 15.12.1.99 255.255.248.0 The following example specifies 15.12.1.
DHCP Commands Default DCHP Client is not active on an interface Mode Interface configuration: XSR(config-if)# Example The following example enables DHCP Client: XSR(config)#interface FastEthernet1 XSR(config-if)#ip address dhcp ip dhcp ping packets This command specifies the number of packets a DHCP server sends to an IP address as part of a ping operation. The DHCP server pings an IP address before assigning the address to a requesting client.
DHCP Commands Syntax ip dhcp ping timeout milliseconds The interval the DHCP server waits for a ping reply before it stops trying to reach an IP address for client assignment. The peak timeout is 10 seconds.
DHCP Commands Mode Global configuration: XSR(config)# Next Mode DHCP pool configuration: XSR(config-dhcp-pool)# Example The following example adds IP local pool sales with specified subnetworks and defines sales as the name of the DHCP server IP address pool: XSR(config)#ip local pool sales 192.168.57.0/24 XSR(config)#ip dhcp pool sales XSR(config-dhcp-pool)# ip dhcp server This command enables the DHCP Server features on the XSR.
DHCP Commands ip local pool This command, when issued multiply, configures a local pool of IP addresses to be used for a DHCP Server pool range. Use it in conjunction with the no form of to create one or more local address pools from which IP addresses are assigned when a remote peer connects. Note: For clients that use a statically defined IP address (do not use DHCP to obtain an IP address), you must exclude that address from the local pool.
DHCP Commands exclude This sub‐command of ip local pool bars the use of a range of IP addresses from an earlier created IP pool. Syntax exclude {ip address}{number} ip address Starting address to be excluded from pool. number Number of addresses to exclude, ranging from 1 to 65535.
DHCP Commands lease This command configures the duration of the lease for an IP address that a DHCP server assigns to a DHCP client. The lease time set is the system default value which overrides the non‐specified default value (one day). If the client requests a lease period exceeding the period configured on the server, the lease interval offered by the server will equal that of the value configured by this command.
DHCP Commands netbios-name-server This command configures NetBIOS Windows Internet Naming Service (WINS) name servers that are available to Microsoft DHCP clients. Depending on the client configuration inheritance, the command should be used from the proper mode. If it is specified from multiple modes, an override mechanism chooses the innermost config value, with host as innermost, then client‐class and pool as the most general. Syntax netbios-name-server address [address2...
DHCP Commands netbios-node-type This command configures the NetBIOS node type for Microsoft DHCP clients. Depending on the client configuration inheritance, the command should be used in proper mode. If it is specified from multiple modes, an override mechanism chooses the innermost config value, with host as innermost, then client‐class and pool as the most general. Syntax netbios-node-type type type Specifies the NetBIOS node type.
DHCP Commands next-server This command specifies the server from which the initial boot file will be loaded. The server can be designated either by IP address or hostname. Syntax next-server server [hostname | ip_address] hostname Designation of the server by name. ip_address Designation of the server by IP address.
DHCP Commands hex string Dotted hexadecimal data. Each byte in hexadecimal character strings is two hex digits - each byte can be separated by a period, colon, or white space. The following options are set with a hex value: 2, 13, 19, 20, 22-27, 29-31, 34-39, 43, 46,58, 59. ip address Specifies an IP address. The following options are set with an IP address: 1, 3-11, 16, 21, 28, 32, 33, 41, 42, 44, 45, 48, 49, 65, 68-76, and 118.
DHCP Commands Table 15-1 XSR-Supported DHCP Options (continued) Protocol Name Category/ Type 5 Name Server 6* # Default Description BOOTP/IP address list - IEN 116 name servers available to a client. List in order of preference. Length: 4-octet minimum; multiples of 4 Domain Name Server Basic, MS DHCP Client/ IP address list - List of Domain Name System (STD 13, RFC-1035) name servers available to a client. List in order of preference.
DHCP Commands Table 15-1 XSR-Supported DHCP Options (continued) Protocol Name Category/ Type 20 Non-Local Source Routing Host IP/ Boolean (hex) 21 # Default Description false Specifies whether a client will configure its IP layer to allow forwarding of datagrams with non-local source routes.
DHCP Commands Table 15-1 XSR-Supported DHCP Options (continued) Protocol Name Category/ Type 32 Router Solicitation Address 33 # Default Description Interface/ IP address - Address to which a client should send router solicitation requests. Length: 4 octets Static Route Interface/ IP address pairs - Static routes that a client will install in its routing cache. If multiple routes to the same destination are specified, they are listed in descending order of priority.
DHCP Commands Table 15-1 # XSR-Supported DHCP Options (continued) Protocol Name Category/ Type Default Description 44* NetBIOS over TCP/ IP Name Server WINS/ NetBIOS, MS DHCP Client/ IP address list - RFC-1001/1002 NBNS name servers listed by preference. Length: 4-octet minimum; multiples of 4 CLI command: netbios-name-server 45 WINS/ NetBIOS /IP address list - NBDD name servers(RFC-1001/1002) listed by preference.
DHCP Commands Table 15-1 XSR-Supported DHCP Options (continued) Protocol Name Category/ Type Default Description 53 DHCP Message Type - - Conveys the type of DHCP message. The default is 1 (DHCPDISCOVER). 1=DHCPDISCOVER 2=DHCPOFFER 3=DHCPREQUEST 4=DHCPDECLINE 5=DHCPACK 6=DHCPNAK 7=DHCPRELEASE 8=DHCPINFORM Length: 1 octet 54 Server Identifier IP address - Used in DHCPOFFER and DHCPREQUEST messages, and may optionally be included in the DHCPACK and DHCPNAK messages.
DHCP Commands Table 15-1 XSR-Supported DHCP Options (continued) Protocol Name Category/ Type Default Description ClientIdentifier Basic/String - A DHCP client’s unique identifier. DHCP servers use this value to index their database of address bindings. This value is expected to be unique for all clients in an administrative domain. Length: 2-octet minimum CLI command: ip address dhcp 64 NIS+ Domain Servers/ ASCII string - Name of the client's NIS+ domain.
DHCP Commands Table 15-1 # XSR-Supported DHCP Options (continued) Protocol Name Category/ Type Default Description 117 Name Service Search Server/ Multiple 16-bit hex integers - Sets site of Name Service servers to clients to be used for lookup. Each 16-bit field specifies a Name Server to be used for lookup: 0 – client should refer to local naming information 6 – use DNS 41 – use NIS 44 – use NetBIOS over TCP/IP 65 – use NIS+ Defined by RFC-2937.
DHCP Commands The following example configures DHCP option 36, which specifies Ethernet encapsulation Version 2 (RFC‐894) or IEEE 802.3 for DHCP clients. Version 2 encapsulation is set in this example: XSR(config-dhcp-pool)#option 36 hex 00 The following example configures DHCP option 21, which sets a policy filter for non‐local source routing. The filters consist of a list of IP addresses and masks that specify destination/mask pairs with which to filter inbound source routes.
DHCP Clear and Show Commands service dhcp This command enables DHCP server functionality to respond to client requests. Although DHCP server is enabled by default on all XSR interfaces, you can optionally enable or disable it on a specific interface. Syntax service dhcp [interface] interface The port on which the DHCP server is enabled or disabled.
DHCP Clear and Show Commands Example The example below deletes address binding 18.12.22.99 from a DHCP server bindings database: XSR#clear ip dhcp binding 18.12.22.99 clear ip dhcp server statistics This command resets all DHCP server counters. All counters are cumulative and are initialized, or set to zero, with this command.
DHCP Clear and Show Commands Parameter Descriptions Temp IP addr IP address assigned via DHCP to the client from the server. Temp sub net mask Subnet mask assigned via DHCP to the client from the server. Temp default-gateway addr Default gateway assigned by the DHCP server.
DHCP Clear and Show Commands show ip dhcp binding This command displays active address bindings on the DHCP server. If the address is not specified, all address bindings are shown. Otherwise, only the binding for the specified client is displayed. The lease expiration time can be displayed based on the Universal Time Clock (UTC) or local clock. If the local clock is not specified, UTC is the default. Note: BOOTP bindings do not have leases: their Active designation is always N.
DHCP Clear and Show Commands 11.1.0.253 0002.2ab4.4b01 JUL 19 2003 05:07PM Automatic Y The following example the displays lease expiration of DHCP client 11.1.0.253 in local time: XSR#show ip dhcp binding local 11.1.0.253 IP address 11.1.0.253 Hardware address 0002.2ab4.4b01 Lease expiration JUL 19 2003 09:07PM Type Automatic Act. Y Parameter Descriptions IP address IP address of the DHCP client. Hardware address Ethernet MAC address of the DHCP client.
DHCP Clear and Show Commands Message BOOTREPLY DHCPOFFER DHCPACK DHCPNAK Sent 12 19 17 6 Parameter Descriptions 15-116 Memory usage Sum of bytes of RAM allocated by the DHCP server. Address pools Sum of configured address pools in the DHCP database. Database agents Sum of database agents entered in the DHCP database. Automatic bindings Sum of IP addresses automatically mapped to the Ethernet MAC addresses of hosts found in the DHCP database.
16 Configuring Security Observing Syntax and Conventions The CLI Syntax and conventions use the notation described in the following table.
General Security Commands General Security Commands access-list (extended) This command defines an extended IP Access List (ACL) by number ranging from 100 to 199.
General Security Commands srcWild CardBits Specifies bits to ignore in the source address. host Only the exact source address matches the condition. Same as srcWildCardBits = 0.0.0.0. any Any source address matches the condition. Same as srcWildCardBits = 255.255.255.255. qualifier Value applied to the source port: eq ‐ equal than, neq ‐ not equal to, lt ‐ less than, gt ‐ greater than. source-port Optional source port number (0 ‐ 65535).
General Security Commands list# The standard access list number, ranging from 1 to 99. ent1 Optional single entry number, or the first entry number in the range to be removed. If unspecified, the entire ACL is removed. ent2 Optional last entry number in the range to be removed. Mode Global configuration: XSR(config)# Default No access list defined (that is, all access permitted) Examples The following example denies access only for ICMP packets coming from hosts on the three specified networks.
General Security Commands Syntax access-list list# [[{insert | replace | move}] [{entry# destination source1 [source2]]}{deny | permit}{log} {srcIpAddr [srcWildCardBits]| host srcIpAddr | any} list# Standard access list number ranging from 1 to 99. insert New access entry is inserted before an existing entry # in an ACL. The show access-list command sequentially numbers entries for this purpose.
General Security Commands Examples The following example allows access only to those hosts on the three specified networks. The wildcard bits apply to the host portions of the network addresses. Any host with a source address that does not match the access list statements will be rejected. XSR(config)#access-list 1 permit 192.5.34.0 0.0.0.255 XSR(config)#access-list 1 permit 128.88.0.0 0.0.255.255 XSR(config)#access-list 1 permit 36.0.0.0 0.255.255.
General Security Commands Syntax of the “no” Form Threshold logging is disabled with the no form of this command: no access-list log-update-threshold Mode Global configuration: XSR(config)# Default Disabled Example The following example enables alarm logging for ACL 101 and sets the log threshold at 10000: XSR(config)#access-list 101 deny ip 15.15.15.1 0.0.0.255 16.16.16.1 0.0.0.
General Security Commands Example The example below enables protection from land attack and large ICMP packets. Synflood protection will trigger for more than 7 sessions. Protection against large ICMP packets will trigger for packets larger than 2,000 bytes. XSR(config)#hostdos land XSR(config)#hostdos largeicmp 2000 ip access-group This command applies access list restrictions to an interface.
Security Clear and Show Commands Security Clear and Show Commands clear hostdos-counters This command clears all host security statistics. Syntax clear hostdos-counters Mode Privileged EXEC: XSR# show access-lists This command displays configured IP access lists. When it is issued from Global mode, it also prints a sequential entry number beside each ACL entry. This number can be used by the accesslist and no access-list commands to specify which entries to replace, insert before, move, or delete.
Security Clear and Show Commands show access-list log-update-threshold This command displays ACL log information. It is processed as follows: • A packet with a fresh source IP address on the ACL group is reported immediately. Data is cached to keep track of the occurrence happening again in the near future.
AAA Commands IP packet with Multicast/broadcast source address Always enabled No attacks Syn flood attack mitigation Always enabled 100 attacks Fragmented ICMP traffic Enabled 38 attacks Large ICMP packets Enabled;Size 1024 42 attacks Ping-of-Death attack Always enabled No attack Filter TCP traffic with Syn and Fin bits set Always enabled No attack AAA Commands The following Authentication, Authorization and Accounting (AAA) commands and command subsets validate and display information about AAA usergroup
AAA Usergroup Commands Mode Global configuration: XSR(config)# Examples The following example configures the Telnet sub‐system to use the AAA sub‐system: XSR(config)#aaa client telnet The following example configures the SSH sub‐system to accept AAA: XSR(config)#aaa client ssh AAA Usergroup Commands aaa group This command adds a local user group and acquires Usergroup configuration mode. Each user defined in the node must belong to one group only.
AAA Usergroup Commands Example The following example adds the usergroup headquarters: XSR(config)#aaa group headquarters XSR(aaa-group)# dns server This command sets the address of DNS servers. These addresses are given to connecting clients during connection time. Syntax dns server [primary | secondary] ip-address primary Specifies primary DNS server. secondary Specifies secondary DNS server. ip-address Specifies IP address of the DNS server.
AAA Usergroup Commands Syntax of the “no” Form The no form unlinks a pool of addresses from a group of users: no ip pool pool-name Mode Usergroup configuration: XSR(aaa-group)# Example The following example adds the IP pool denver: XSR(config)#aaa group headquarters XSR(aaa-group)#ip pool denver pptp encrypt mppe This command enables Microsoft Point‐to‐Point Encryption (MPPE) on a PPTP connection. The command must be added to the interface that will carry PPTP‐MPPE traffic.
AAA User Commands wins server This command sets the WINS server address which is given to connecting clients during connection time. Syntax wins server [primary | secondary] ip-address replace Specifies the primary WINS server. secondary Specifies the secondary WINS server. ip-address Specifies the IP address of the WINS server.
AAA User Commands Syntax aaa user user-name user-name Name of new user in the group; it is employed during login. Syntax of the “no” Form The no form of this command deletes the user profile: no aaa user user-name Mode Global configuration: XSR(config)# Next Mode Username configuration: XSR(aaa-user)# Example The following example adds the user ernest to the DEFAULT usergroup: XSR(config)aaa user ernest XSR(aaa-user)# group This command specifies the group the user belongs to.
AAA User Commands ip address This command specifies the IP address to be assigned to the remote user. If an IP address is not specified, it is taken from the pool associated with the userʹs group. If an IP address is specified at the user level, it is used instead of taking a new address from the pool. Syntax ip address ip-address ip-address IP address to be assigned to the remote client.
AAA User Commands Example The following example sets the password williams for user ted: XSR(config)#aaa user ted XSR(aaa-user)#password williams policy This command configures the userʹs policy or authorized list of services, and it overrides the policy specified by the userʹs group. It is available in both AAA User and AAA Group configuration modes. Up to four keywords can be specified in the command statement.
AAA Method Commands privilege This command configures the privilege level of a user. It is available from both AAA User and AAA Group configuration modes. Compare this command with the Interface mode privilege command on page 111. Syntax privilege level (0-15) level Specifies the privilege level (0‐15) associated with this user.
AAA Method Commands • client ‐ Configures the default AAA method (plug‐in) for each client service. Refer to page 16‐106 for the command definition. • enable - Enables the current AAA server for RADIUS. Refer to page 16‐106 for the command definition. • group - Specifies the name of an existing group. Refer to page 16‐107 for the command definition. • hash enable - Enables the hash algorithm used for RADIUS. Refer to page 16‐108 for the command definition.
AAA Method Commands acct-port This command specifies the UDP port for accounting requests and uses the RADIUS method only. Note: If the port number is 0, the host will not be used for accounting. Syntax acct-port port-number port-number Port number for accounting requests, ranging from 0 to 10,000. Syntax of the “no” Form The no form of this command resets to the default port number: no acct-port Default Authorization port number: 1646.
AAA Method Commands Mode AAA Method configuration: XSR(aaa-method-radius)# Example The following example sets number9 as the RADIUS server host‐name: XSR(config)#aaa method radius ias default XSR(aaa-method-radius)#address host-name number9 attempts This command sets the number of consecutive login attempts that must transpire before the RADIUS methodʹs backup method is used. It is used for the RADIUS method only. When a user login request fails because the server did not respond, it is a failed attempt.
AAA Method Commands Syntax auth-port port-number port-number Port number for authentication requests, ranging from 0 to 10,000. Syntax of the “no” Form The no form of this command resets to the default port number ‐ 1645: no auth-port Default The default authorization port number is 1645.
AAA Method Commands client This command configures the default AAA method (plug‐in) for each client service. If a client service is not registered by this command, requests from that service will fall through to the overall default method. For example, if the authentication mode has not been set for Telnet using aaa client telnet, then the default AAA method set for Telnet users via the client command will be ignored. Telnet users will be authenticated by Telnet’s AAA scheme using its own user database.
AAA Method Commands Default Enabled Mode AAA Method configuration: XSR(aaa-method-radius)# Example The following example enables the RADIUS server: XSR(config)#aaa method radius sbr default XSR(aaa-method-radius)#enable group This command specifies the group added earlier using the aaa group command. This command is available for all AAA methods (local, RADIUS and PKI). The group will be used when a group name is not returned in the RADIUS response.
AAA Method Commands hash enable This command enables the hash for the plugin and is used for the RADIUS method only. The sub‐ command may be a plugin‐type dependent command.
AAA Method Commands Example The following example resets the RADIUS key value to 1234qwerty: XSR(config)#aaa method radius default XSR(aaa-method-radius)#key 1234qwerty qtimeout This command specifies the interval a timeout request is allowed to sit unprocessed on AAAʹs internal queue before it is discarded. Syntax qtimeout seconds seconds Timeout value ranging from 0 to 5000 seconds.
AAA Method Commands Default 3 Mode AAA Method configuration: XSR(aaa-method-xx)# Example The following example lengthens the retransmit value to 5: XSR(config)#aaa method radius default XSR(aaa-method-radius)#retransmit 5 timeout This command specifies the interval, in seconds, that the XSR waits for the AAA RADIUS server to reply before retransmitting. It is used for the RADIUS method only. Syntax timeout seconds seconds Timeout value ranging from 1 to 30 seconds.
AAA Per-Interface Commands AAA Per-Interface Commands aaa-method This command is executed at the Interface Mode. This command specifies the name of the AAA method you will use for authentication requests originating from this interface. With this command, you can process authentication requests originating from different interfaces by different methods.
AAA Debug and Show Commands Syntax of the “no” Form The no form of this command removes the user/group/interface restriction: no aaa privilege Mode Interface configuration: XSR(config-if# Default Privilege level: 15' Example This example resets the privilege level to 10 on GigabitEthernet interface 2: XSR(config-if)#aaa privilege 10 AAA Debug and Show Commands debug aaa This command activates/deactivates the output of AAA debugging data, which is classified by Authentication, Accounting and Aut
AAA Debug and Show Commands AAuthenticatePlugin::queue (alg == 0xf) groupplugin Reply: Pool = authpool IRMauthorizeMsg::clientLogon [test] The following is a debug authentication message showing the Local method failed with MSCHAP: Local::queue(test) AAuthenticatePlugin::queue (alg == 0xf) (Local) Failed mschap authentication (Local) do_ms_chap: Invalid user name or password Method [Local]: Error for user [test] on [Authenticate] show aaa group This command displays properties of the AAA group.
AAA Debug and Show Commands IP Address is: 0.0.0.0 IP Mask is: 0.0.0.0 Primary DNS server is: 0.0.0.0 Secondary DNS server is: 0.0.0.0 Primary WINS server is: 0.0.0.0 Secondary WINS server is: 0.0.0.0 IP pool for the group is: PPTP encryption is 128 bit Access Policy is: firewall Privilege Level is: 0 show aaa user This command displays user properties including the group to whom the user belongs and its IP address. Syntax show aaa user [user-name] user-name Name of the user to be displayed.
Firewall Feature Set Commands Default If the method‐name is not set, all methods and method attributes display.
Firewall Feature Set Commands port # TCP port on which the firewall authenticator will listen. Range: 1024 to 65535.
Firewall Feature Set Commands Default Disabled globally Mode Global or Interface configuration: XSR(config)# or XSR(config-if)# Example The following example enables the firewall globally: XSR(config)#ip firewall enable ip firewall filter This command defines the filter object for non‐TCP and UDP traffic, for which no stateful inspection is required. By default, all non‐TCP and UDP traffic is dropped by the firewall.
Firewall Feature Set Commands Defaults Deny all Mode Global configuration: XSR(config)# Example The following example permits any remote host to run a PPTP tunnel to a server on the internal network: XSR(config)#ip firewall network pptp-server 120.21.1.
Firewall Feature Set Commands Syntax ip firewall java {all, none, selected network_name} ip firewall activex {all, none, selected network_name} all Permit HTML pages with Java from all IP addresses. none Deny HTML pages with Java from any IP address. selected Permit HTML pages with Java from selected IP addresses. network_name Any internal or external network or network‐group object.
Firewall Feature Set Commands enable disable Executes or terminates the firewall load.
Firewall Feature Set Commands Syntax ip firewall logging event-threshold 0-7 eventthreshold Events of severity equal to or lesser than the specified value log as follows: • Level 0: Emergency • Level 1: Alert • Level 2: Critical ‐ alarms such as failure to allocate memory during initializiation are logged if system logging is enabled and firewall logging is set to level 2 or higher • Level 3: Error ‐ abnormal and deny alarms are logged if system logging is set at MEDIUM or HIGH and firewall logging
Firewall Feature Set Commands Also, all firewall object names including pre‐defined objects such as ANY_EXTERNAL and user‐ defined object names are case‐sensitive. Notes: A DMZ is considered an internal network. Use care when you have a configuration with internal and external addresses that overlap and exist off the same physical interface. In this case, the XSR may not be able to identify an address in the overlap range as being internal or external.
Firewall Feature Set Commands objects such as ANY_EXTERNAL and user‐defined object names are case‐sensitive. Refer to the ip firewall policy command for applicable policy and gating rule limits. Syntax ip firewall network-group name name1 ... name10 name Network group object name. Limit: 16 characters. name1 to name10 Name of the network or network‐group objects.
Firewall Feature Set Commands Syntax ip firewall policy policy_name src_net_name dst_net_name serv_name {allow | allowlog | allow-auth group_name | reject | log | url-b | url-w | cls name ... name}[before policy_name | after policy_name | first] [bidirectional] src_net_name Name of source network object, not to exceed 16 characters. This value must match network name exactly. dst_net_name Name of destination network object, not to exceed 16 characters. This value must match network name exactly.
Firewall Feature Set Commands Example The following policy allows FTP access to a host. Be aware that the host’s source IP address will be authenticated against the group sales‐group. XSR(config)#ip firewall network sales-host 192.168.100.2 mask 255.255.255.
Firewall Feature Set Commands Syntax of the “no” Form The no form of this command sets the default RPC timeout value: no ip firewall rpc timeout Default 5 seconds Mode Global configuration: XSR(config)# Example The following example resets the Microsoft RPC idle timeout interval to 10 minutes: XSR(config)#ip firewall rpc microsoft-rpc timeout 6000 ip firewall service This command defines a service object which reflects an application, its transport protocol (TCP or UDP), protocol type and port number r
Firewall Feature Set Commands Syntax of the “no” Form The no form of this command disables the selected service: no ip firewall service name Mode Global configuration: XSR(config)# Example The following example defines the FTP service (although this is un‐necessary as it is one of the pre‐defined services). The source port range could be any of the un‐reserved ports but the destination must be 21.
Firewall Feature Set Commands ip firewall tcp/udp timeout This command resets the idle timeout interval for Firewall sessions applying TCP or UDP packet inspection. If the Firewall session is idle for the specified period, it will be shut down. Syntax ip firewall {tcp | udp} timeout tcp Packet inspection for TCP traffic. udp Packet inspection for UDP traffic. number Idle timeout for TCP or UDP sessions, ranging from 60 to 86400 seconds.
Firewall Interface Commands Examples The following examples configure valid inputs: ip firewall url-load-black-list blacklist.txt ip firewall url-load-black-list flash:blacklist.txt ip firewall url-load-white-list cflash:whitelist.txt Firewall Interface Commands ip firewall disable This command disables firewall operation on a particular interface discrete from its application globally.
Firewall Interface Commands Example The following example disables the firewall on FastEthernet port 2 only: XSR(config-if)#ip firewall disable ip firewall ip-broadcast This command allows incoming/outgoing IP packets through the firewall with 255.255.255.255 set as the destination address. It enables broadcast protocols such as DHCP to traverse the firewall. Syntax ip firewall ip-broadcast {in | out | both} in or out Allows packets to enter or exit the interface.
Firewall Interface Commands no ip firewall ip-multicast {in | out | both} Default Multicast packets are not allowed inbound and outbound.
Firewall Interface Commands no ip firewall ip-options {loose-source-route | strict-source-route | recordroute | time-stamp | other | all} {in | out | both} Default IP options are not allowed inbound and outbound.
Firewall Show Commands Example The following example blocks the host when the sync packets exceed 1000 packets per second: XSR(config-if)#ip firewall sync-attack-protect block-host threshold 1000 Firewall Show Commands show ip firewall config Since the firewall is configured in a two‐step process, the XSR provides a means to view the un‐ committed configuration.
Firewall Show Commands Ip firewall policy dmz private SMTP allow ! ! Policies: between dmz and external ! Ip firewall policy ANY_EXTERNAL dmz HTTP allow Ip firewall policy dmz ANY_EXTERNAL HTTP allow Ip firewall policy ANY_EXTERNAL dmz SMTP allow Ip firewall policy dmz ANY_EXTERNAL SMTP allow ! ! Policy: Allow any from private to the external ! Ip firewall private ANY_EXTERNAL any allow ! ip firewall filter private dmz 17 ip firewall filter private ANY_EXTERNAL 17 ip firewall filter ANY_EXTERNAL dmz 17 di
Firewall Show Commands Mode EXEC or Privileged EXEC Mode: XSR> or XSR# Sample Output The following output displays Filter Name Source Network Destination Network Protocol Name/Number ICMP Type Bi/Log noICMP dmz private ICMP N/A Y/N show ip firewall network This static counter shows all network objects configured. If a network object name is specified then only that object is displayed.
Firewall Show Commands Sample Output The output below displays network objects for the Private‐network and Partner‐networks groups. Note that only member objects names are shown. You can enter the show ip firewall network command to get address ranges of each network object. Name Private-network Network (group) objects internet Remote-access 10.1.0.0/16 dmz ext253 ext254 int40 Partner-networks ext192 int show ip firewall service This static counter displays all configured service objects.
Firewall Show Commands Mode EXEC or Privileged EXEC Mode: XSR> or XSR# Sample Output The following output displays firewall service group data: Name all-my-tcp-services Service objects my-ftp my-telnet show ip firewall policy This static counter displays all policy objects in the order they will be applied. If a name is specified then only that policy object is displayed. Syntax show ip firewall policy [name] name Name of the policy object to display.
Firewall Show Commands Mode EXEC or Privileged EXEC Mode: XSR> or XSR# Default If no options are specified all sessions are displayed. Sample Output The following sample output displays current firewall sessions: XSR#show ip firewall sessions icmp Source Address 192.168.100.100 192.168.100.100 Port 0 0 Dest. Address 192.168.1.103 192.168.1.
Firewall Show Commands Sample Output The following sample output displays summary statistics: Overall Firewall Status: Enabled Protected Interfaces: FastEthernet2 Unprotected Interfaces: FastEthernet1 Session Information -------------------------------------------------------active peak blocked last blocked at (UTC) TCP 65 6531 0 N/A UDP 5 1271 0 N/A ICMP 0 0 3 08:20:12 FEB-03-2005 Total 0 0 3 External Hosts 867 234 0 Blocked DOS Attacks ------------------Land: 0 Christmas Tree: 0 Ping of Death: 0 Anti-S
Firewall Show Commands Mode EXEC or Privileged EXEC Mode: XSR> or XSR# Example The following is sample output from the command: show ip firewall urLlist Black URLs from File: blacklist.txt 1. 2. 3. 4. www.cisco.com www.playboy.com readme.eml amber.cl White URLs from File: NOT LOADED Redirect URL: www.msnbc.