Manuals / 3Com / Computer Equipment / Network Router

3Com 10014299 manual Basic Configuration at, Enable L2TP, Enable/Disable L2TP, L2tp enable

Models: 10014299

1 762

Page 610

606CHAPTER 43: CONFIGURING L2TP

addresses (RFC1918). The addresses allocated to remote users are private addresses belonging to an enterprise, thus the addresses can be easily managed and the security can also be improved.

■Flexible network charging

Charging can be fulfilled at both LAC and LNS sides at the same time, that is, at ISP (to generate bills) and Intranet gateway (to pay for charge and audit). L2TP can provide such charging data as transmitted packet number, byte number, start time and end time of the connection. And it can easily perform network charging according to these data.

■Reliability

L2TP supports the backup of LNS. When an active LNS is inaccessible, LAC can reconnect the backup LNS, which improves the reliability and error tolerance of VPN services.

Basic Configuration at

LAC

Enable L2TP

Basic configuration at LAC side includes:

■Enable L2TP

■Create a L2TP group

■Originate L2TP connection request and configure LNS address

Configure AAA and local users

The L2TP on a router can work normally only after it is enabled. If it is disabled, the router will not provide the related function even if the L2TP parameters are configured.

Perform the following tasks in the system view.

Table 665	Enable/Disable L2TP

Operation		Command

Enable L2TP		l2tp enable

Disable L2TP		undo l2tp enable

By default, L2TP is disabled.

Create a L2TP Group To configure related parameters of L2TP, an L2TP group should be added. The L2TP group is used to configure the L2TP functions on the router and facilitate the networking applications of one-to-one, one-to-multiple, multiple-to-one and multiple-to-multiple connections between the LAC and LNS. L2TP group is numbered separately on the LAC and the LNS. Hence, it is only necessary to keep the corresponding relations between the related configurations of L2TP group at LAC and LNS side (e.g., the peer end name of the tunnel originating L2TP connection request and the LNS address).

After a L2TP group is created, other configurations related to this L2TP group, such as local name, originating L2TP connection request and LNS address, can be performed in L2TP group view. L2TP group1 works as the default L2TP group.

Perform the following tasks in the system view.

Page 610

Image 610

3Com 10014299 manual Basic Configuration at, Enable L2TP, Enable/Disable L2TP, L2tp enable, Undo l2tp enable

Contents

3Com Router Configuration Guide Marlborough, MA 3Com CorporationCampus Drive 01752-3064Page VPN List conventions that are used throughout this guide This guide describes 3Com routers and how to configure themText Conventions About this Guide 3Com Router Introduction 3Com Router User Interface Page 3COM Router Introduction List of the 3Com Router 1.x features Features of the 3ComFollowing table lists the basic features of the 3Com Router Router VersionRIP-1/RIP-2 NAT Quality of service 3Com Router New Features of the 3Com Router 1.x 3COM Router Introduction Environment ConfigurationEstablish PortEstablish a new connection Set port communication parameters Establish a remote configuration environment Environment ConfigurationConnection RouterWorkstation Ethernet Command Line Interface CLI3COM Router User Interface System view Table Views and their promptsLoopback 0 in any Async 0 in anyEthernet 0 in any Enter controllerFull help HelpsPartial help For example List of common command line error messagesCommon error Message Causes Routerdisplay ?Display Features Command LineFeatures Three options are available for usersUser Identity Following commandsPlease perform the following commands in system view ManagementSystem Configure the router nameSet the system clock Reboot the system By default, the system clock is 080000 1 1Execute the following commands in all views Display the System Information RouterSystem Management Page Storage Media and File Types Supported by the System SoftwaresoftwareInput Ctrl+D, and the following prompt information displays Upgrade Boot ROM Software Software Upgrade the 3ComRouter Main Program Main Program softwareXModem Approach Modify the terminal baud rate Transfer File dialog box Enable the Tftp server program Preparation for using the Tftp serverTftp server application can run on Windows 95/98/NT Press Enter and the following prompts will be displayed Tftpd32 Set interfaceEnter Ctrl+B and the system prompts Network Interface ParametersPress Enter for loading Download configuration files from a Tftp serverOperation Command Downloads the 3Com Router main Get ip-addr file-name systemPrepare for using the FTP server Set an authentication mode for an FTP serverUpgrade the 3Com Router Main Software with FTP Enable FTP serverFTP Approach Back up the 3Com Router Main Program SoftwareTftp Approach Copy ip-addr file-name systemSetup Users Dialog Box Port-number user user-name password Configure on-line upgrading of the cardUpdate slot slot-number ftpserver host-name PasswordPerform the following command in system view Configuration File ManagementDownload Configuration File Content and Format of the Configuration FileRouter download config Load configuration filesDownload Config Set the binary transmission protocol to XModem/CRCUpload configuration files to a Tftp server Display current-configurationcommand output backup approachBack up Configuration Files File-name configPlease use the following commands in corresponding views View router configurationSet the Flag Bit to Enter the Initial Setup Mode Select and view the storage media of configuration fileSave current configuration Erase the configuration file in storage mediaClient via port 20 and transfer data Configure FTPConfigure authentication and authorization of FTP server Files on the routerPlease enter the following commands in system view Enter the following commands in system viewConfigure Parameters of FTP Service Set the authentication mode of FTP serverForce to shut down FTP process Set FTP update modeSet the connection time limit of FTP service Force to shut down FTP processServer Display detailed information of the FTP user Display FTP Server Display FTP serverDisplay ftp-server Display local-userSystem Management Service at Console Port Terminal ServiceFeatures of Terminal OverviewTerminal Message ServiceSet the attributes of terminal service On one routerDisplay Terminal Message Service Perform the following configuration in all viewsConfigure Terminal Message Service Enable/disable receiving messages from other terminalsTerminal Service Typical Example Terminal Message Service ConfigurationDumb Terminal Configure Auto-execute command Configuration Examples Dumb Terminal ServiceConfigure Dumb Terminal By default, no dumb terminal service is configuredConfigure the auto-execute command command Terminal Service Telnet ConnectionConfigure the interface to dumb terminal mode Router-Serial1auto-execute command telnetService Value Terminal service features of telnet connectionEstablish Telnet Connection Service-port Setup Reverse Telnet ConnectionEnable Reverse Telnet connection Establish Telnet Server or Telnet Client connectionExample of Telnet Typical Configuration Example of Telnet Reverse TelnetForce shut down Telnet Process Force to shut down Telnet processExample of Reverse Telnet Rlogin TerminalUse Rlogin protocol Router telnet 10.110.164.44Rlogin ip-address username Establish a Rlogin connectionTypical Rlogin Configuration Examples Use local user name abc to log onPAD Remote Access ServiceCommunicate with other terminals through the X.25 network Service-type type password Configure X.25 PAD remote userConfigure X.25 PAD remote user Local-user user-nameEstablish an X.25 PAD call Start AAA authentication of X.25 remote usersEnable AAA authentication for X.25 remote PAD users Establish a X.25 PAD callDisplay and Debug II. Networking DiagramIII. Configuration Procedure Set the Response Time to the Invite Clear MessageRouterA-serial0x25 x121-address Fault Diagnosis TroubleshootingSet its X.121 address as RouterB-serial0x25 x121-addressSnmp Overview Development of SnmpConfiguring Network Management Snmp architecture SNMP-supported MIB3Com Router-supported MIB By default, the system disables Snmp serviceEngineid Perform the following configurations in system view Configure Snmp version and related tasksV1 username Configure information of router administratorConfigure the traps to be sent by the router Interface-numberName Perform the following commands in all viewsDisplay and debug Snmp Byte-countConfigure an IP address for the Ethernet interface ethernet Example 1 Configure Network Management of SNMPv1Set the community name and access authority Examples Networking RequirementsRmon Overview Configure an IP address for the Ethernet interface ethernetNetwork equipment Schematic diagram of Rmon application Enable Rmon statistics Examples Networking RequirementRouterA-Ethernet0 rmon promiscuous Commands to display information of the whole system Ping command Test Tool of Network ConnectionPing supporting IPX protocol Ping supporting IP protocolSystem displays Ip-addressTimeout host Following command can be executed in any command modesTracert command MaxTTL -p port -q nqueriesConfigure on the router Log FunctionSet the direction of syslog outputting log information Sylog-defined severity is as follows Set Severity of Log InformationPerform the following task in system view Set Filter of Log InformationDisplay and Debug Syslog Configuration of Log HostTurn on/turn off syslog Turn on/turn off syslogRouterinfo-center enable Syslog Configuration ExampleTurn on debugging switch of PPP module Routerdebug ppp allDisplay and Debugging Tools POS Terminal Access Service Dial-up POS AccessPOS Network Access Advantages of POS network access are as followsConfigure POS access port POS Access Service ConfigurationStart POS server App-number Configure a POS applicationInterface-type interface-number Ip-address port-numberDefault app-number Configure POS multi-application mapping tableBind the source address of TCP connection Set the parameters of FCM used during Modem negotiation Display and Debug POS AccessDisplay and debug POS access Set the parameters of FCM used during Modem negotiationConfigure the POS access interface FCM0 Typical Configuration Example of POS Access ServiceConfigure the Ethernet interface Ethernet Configure POS access interface FCM1Configure POS access interface FCM0 Configure POS access interface FCM2III. Configuration Procedure 1 Start the POS access server III. Configuration Procedures Configure Async 0 to operate in POS application modeConfigure Async 1 to operate in POS application mode Configure Router a Start the POS access serverConfigure Router B Configure the Ethernet interface Ethernet RouterA ip route-static 10.1.1.2 255.255.255.0 serialIII Interface 106 Interface Configure InterfaceEnter the Interface View Set time interval for flow control statistics Exit the Interface ViewInterface view, input quit to return to the system view Interface-descriptionDisplay and debug interface Please use the following commands in all viewsDisplay and Debug Interface Interface state informationInterface Configuration Overview Configure Ethernet Interface Ethernet InterfaceSet IPX address Enter view of specified Ethernet interfaceSet IP address Set frame format of sending messageDisplay and Debug Select work mode of Ethernet interfaceEnable or disable internal loopback and external loopback Select working rate of fast Ethernet interfaceTroubleshooting Typical Ethernet Interface Configuration ExampleII. Network Diagram Troubleshooting Configuring LAN Interface Introduction WAN InterfaceAsynchronous Serial Interface Interface async number Enter view of specified asynchronous interfaceInterface serial number Modem in out Set the work mode of asynchronous serial interfaceSet the baud rate of asynchronous serial interface Link-protocol slip pppFlow-control none software Async Mode protocolHardware inbound outbound Odd space Works in flow modeParity even mark none Stopbits 1 1.5Set MTU of asynchronous serial interface BackupAUX Interface Set the coding format of ModemConfigure Synchronous Serial Interface Configure AUX interfaceConfigure AUX interface Synchronous Serial InterfacePhysical-mode sync Enter view of specified synchronous interfaceSet the link layer protocol of synchronous serial interface Link-protocol fr hdlcSet the baud rate of synchronous serial interface Select work clockWorking modes have different working clocks Synchronous serial interface is 64000 bpsSelect work clock Inversion is disabled by defaultSet clock inversion Undo detect dcd Internal loopback/external loopback are disabled by defaultDetect dcd Reverse-rtsTechnical Background Isdn BRI InterfaceIdle coding of synchronous serial interface is 7E Graphics and videoBe clear about the following items before the configuration Preparations before ConfigurationFunction group includes Network protocols such as IP and IPX Channelized operating modeCE1/PRI Interface Interface or a PRI interfaceInterface Configure CE1/PRI CE1/PRI interface configuration includesDial-on-Demand Routing Enter the view for a specified interfaceBind the interface to be channel sets Enter the synchronous serial interface viewNumber set-number Pri-set timeslot-list range Bind the interface to be a pri setEnter the Isdn interface view Undo pri-setSet the line clock of the CE1/PRI interface Enable/disable the internal loopback/external loopbackSet the line code format on the CE1/PRI interface Set the frame format of CE1/PRI interfaceConfigure CT1/PRI CT1/PRI InterfaceController t1 number Operation Command Enter the view of CT1/PRI interfaceTimeslot-list range speed Interface serial number23 Set the line clock of the CT1/PRI interface Set the line code format on the CT1/PRI interfaceSet the frame format of CT1/PRI interface E1-F Interface Choice for E1 accessE1-F interface does not support PRI operating mode Them into multiple channel setsInterface serial serial-number Set Operating mode for an E1-F interfaceEnter the view of an E1-F interface Fe1 unframedSet line code format for E1-F interfaces Set interface rate after binding operationSet line clock for an E1-F interface Display and debug E1-F interface Enable/Disable local/remote loopback on an E1-F interfaceSet frame format for an E1-F interface Serial-numberT1-F Interface Choice for T1 accessT1-F interface does not support PRI operating mode 193 X 8k = 1544kbpsSet line code format for T1-F interface Set line clock for a T1-F interface Enable/Disable local/remote loopback on a T1-F interfaceSet frame format of T1-F interface Display and Debug T1-F Other related informationCE3 Interface Display and debug T1-F interfaceEnter the view of the specified E3 interface Set the operating mode of E1 channel Set the operating mode of CE3 interfaceSet E1 frame format 44.736Mbps Mode non-channelized modeCT3 Interface Data bandwidth 44736kbpsEnter specified CT3 interface view Set clock mode of the CT3 interfaceSet clock mode of the T1 channel Set cable length of the CT3 interfaceBy default, the CT3 interface uses the C-bit frame format By default, loopback is disabled Set Frame FormatPerform the following configurations in CT3 interface view Set CRC of the serial interface Set the operating mode of T1 channelT1 line-number unframed Disable and Enable CT3 interface Display and debug of the CT3 interfaceConfiguring WAN Interface Logical Interface Dialer InterfaceConfigure Loopback Null InterfaceSub-Interface Number.sub-number Configure sub-interfaces of Ethernet interfaceCreate and delete WAN sub-interface Number.sub-number multipointSelect frame relay link layer protocol Enter the view of WAN interface Serial0 of router aRouterinterface serial Set its IP address to 202.38.160.1 and address mask to Configure the static route from router a to LAN2 and LAN3Specify DTE as its frame relay terminal type Allocate a virtual circuit with Dlci 50 to itInterface virtual-template Set work parameters of virtual-templateCreate or delete virtual-template Undo interfaceDisplay state of the specified virtual-template Fault 1 Fail to create virtual interfaceTroubleshooting the reasons may be as follows Virtual-template-numberLink Layer Protocol 164 PPP Authentication Mode PPP OverviewConfiguring PPP and MP For detailed description of PPP, refer to RFC1661 Configure PPPMP Overview Transmission time of large packetsConfigure the peer authenticates the local in PAP mode Configure the link layer protocol of the interface to PPPConfigure the local authenticates the peer in PAP mode Name-listCipher password Configure the local authenticates the peer in Chap modeConfigure as the peer authenticates the local in Chap mode User usernameConfigure the time interval of PPP negotiation timeout Configure AAA authentication and accounting of PPPConfigure PPP compression Ppp lqc forbidden-percentage Perform the following configuration in interface viewConfigure PPP link quality monitoring Resumptive-percentageCreate/Delete virtual template Configure MP Protocol Parameters Create Virtual TemplateConfigure Operating Parameters of Virtual Template Bind the physical Interface to a Virtual TemplateSpecify the conditions for MP binding User-nameConfigure virtual Baud rate on interface FragsConfiguration Requirement Typical PPP Configuration ExampleExample Configure to start Chap authentication at this side Typical MP Configuration ExampleII. Configuration Procedure Set local username as Router1Configure router-b Add a user for router-a Configure virtual interface templateConfigure router-c Add a user for router-a Fault 2 Physical link fails to turn to Up status Fault Diagnosis TroubleshootingFault 1 Link always fails to turn to up status Indicates that the interface is shutdownPPoE Overview Introduction to PPPoE clientConfigure PPPoE ClientConfigure PPPoE session Reset or delete PPPoE sessionAccess a LAN to the Internet via Adsl Typical PPPoE Configuration ExamplePerform the display and debugging command in all views III. Configuration Procedure 1 Configure a dialer interfaceConfigure the DDN interface Serial Configure a PPPoE sessionConfigure the LAN interface and the default route Use Adsl as Standby LineConfiguring Pppoe Client Slip Overview Configure SlipAsynchronous mode For further details about SLIP, you can refer to RFC1055Time Enable/Disable the information debugging of SlipTypical Slip Interconnect two Router routers via Pstn and run IPConfigure the Dialer String to router B Configure Router a Configure Dialer RuleConfigure IP address of synchronous/asynchronous interface Configure the default route to Route BRouterip route-static 0.0.0.0 0.0.0.0 Configure Isdn Isdn OverviewConfigure the length of call reference By default, DSS1 signaling is used on Isdn PRI interfacesConfigure type of signaling on Isdn interface Configure the receiving modeTimer-name all Configure the sending modeConfigure interval for Qsig signaling timer Time-intervalPerform the following configuration in Isdn interface view Configure Call Processing Method on an InterfacePerform the display and debugging commands in all views Configure the Isdn PRI interface Typical Configuration ExampleConfigure Router a Create an Isdn PRI interface RouterB transmit data after the call is set upConfigure Router a Configure Router BLapb Protocols OverviewPSN 25 packet and Lapb frame By default, the Lapb modulus is Modulo Configure LapbBy default, k is Configure Lapb N1, N2 Configure Set X.25 working mode Configure X.25 InterfaceSet/Cancel the X.121 address of the interface Address25 channel delimitation parameters Parameter MeaningSet/Cancel X.25 packet numbering modulo By default, X.25 interface use modulo 8 modeSet/cancel X.25 virtual circuit range Finally, the following should be notedSet the default flow control parameter Configure X.25 flow control parameterConfigure X.25 Interface Supplementary Parameter Out-packets25 layer 3 timer Set X.25 layer 3 timer delayAlias-string Specify/Cancel an alias for the interfaceAlias match modes and meanings Match-type alias-stringSet/Cancel the default upper layer protocol borne on Protocol-address x121-address Configure X.25 Datagram TransmissionCreate the permanent virtual circuit PVC Address optionX25 pvc pvc-number protocol Configure Additional Parameters Datagram TransmissionCreate/Delete permanent virtual circuit Undo x25 pvc pvc-numberInterface view, perform the following task Specify/Cancel packet pre-acknowledgement Configure X.25 user facilityConfigure the sending queue length of virtual circuit Serial port view, list1 can be quotedAddress broadcast Set broadcast viaSet interface with standby center Address logic-channelConfigure X.25 Switching Switching FunctionConfigure X.25 sub-Interface Number.subinterface-number multipoiAdd or delete a PVC route Configure X.25 Load BalancingIntroduction to X.25 Load Balancing Configure X.25 List of Configuration Tasks of X.25 Load Balancing Diagram of X.25 network load balancingCreate/Delete X.25 hunt group Start /Close X.25 switching functionAdd/Delete interfaces or XOT Tunnels in hunt group Configure X.25 over TCP XOT Configure X.25 over Other ProtocolsAdd/delete other X.25 switching routes Introduction to XOT ProtocolConfigure XOT Configure SVC XOT switching Start X.25 switchingConfigure local switching For PVC, perform the following tasks in interface viewConfigure X.25 over Frame Relay Annex G Configure Annex G Data InteroperationConfigure PVC XOT switching Configure Keepalive and xot-source attributesConfigure the X.25 Attributes for a Dlci Configure the X.25 attributes for an Annex G DlciCurrent status of Lapb Typical Lapb Configuration ExampleBy default, X.25 template is not applied on DLCIs Specify IP address for this interfaceConfigure Router a a Select interface Configure Router B Select interfaceSpecify X.121 address of this interface Specify address mapping to the peer Connect the Router to X.25 Public Packet NetworkConfigure Router B Configure interface IP address Configure Router a Configure interface IP addressConfigure Router C Configure interface IP address Range Configure Virtual Circuit I. Networking RequirementDisabled Transmit IP Datagram via X.25 PVCTypical Sub-Interface Configuration Example Router-Ethernet0ip address 196.25.231.1Configure Router D Configure Router CCreate sub-interface serial SVC Application of XOT I. Networking Requirement Routerx25 switch svc 2 interface serial Configure Router C Start X.25 switchingConfigure Serial Routerx25 switch svc 1 xotApplication of X.25 Load Balancing S11 Enable X.25 switching in system viewConfigure X.25 switching route to forward to X.25 terminal Add Serial 1, Serial 2 and XOT Tunnel to hunt groupLoad Balancing Carrying IP Data Transmission Routerx25 switch svc 1111 xotRouterx25 switch svc 8888 interface serial Routerinterface serial Router-Serial0link-protocol x25 dceConfigure static route to RouterC Configure RouterA Configure interface EthernetConfigure interface Serial Configure RouterB Configure interface EthernetConfigure the local X.25 address Configure the static route to RouterA and RouterBConfigure RouterA Create an X.25 template Configure an IP address for the local interfaceAssociates an X.25 template with the Dlci Configure RouterB Create an X.25 templateMap the Frame Relay address to the destination IP address SVC Application of X.25 over Frame RelayConfigure Serial 0 as the X.25 interface Configure the router Router B Enable X.25 switchingEnable switching on Frame Relay DCE Configure Serial 1 as the Frame Relay interfaceConfigure the Frame Relay Annex G Dlci Configure X.25 over Frame Relay switchingConfigure the router Router C Enable X.25 switching Configure local X.25 switching.Router-fr-dlci-100annexg dteConfigure an X.25 template Configure Router D Configure the basic X.25 parametersConfigure Router B Enable X.25 switching Configure S1 as the Frame Relay interfaceConfigure Serial Configure S1 as the Frame Relay interface LapbFacility options inhibited by network have been carried Fault Diagnosis and Troubleshooting of X.25 Configuring Lapb Configuring Frame Relay Relay By default, the interfaces link layer protocol is PPPLink-protocol fr ietf NonstandardConfigure Frame Relay interface type Configure Frame Relay LMI protocol typeFr lmi n392dce n392-value Fr lmi n391dte n391-valueUndo fr lmi-n391dte Undo fr lmi n392dceUndo fr lmi t391dte Undo fr lmi n393dceFr lmi t391dte t391-value Fr lmi t392dce t392-valueConfigure Frame Relay static address mapping Configure Frame Relay dynamic address mappingFr dlci Configure Frame Relay local virtual circuit numberCreate Frame Relay sub-interface Undo frApplying dynamic address mapping to the sub-interface Configure virtual circuit of Frame Relay sub-interfaceEstablish static address mapping Configure Frame Relay local switched PVC number Configure the Frame Relay local virtual circuit numberConfigure the route for Frame Relay PVC switching Configure the Frame Relay switched PVCConfigure Multilink Frame Relay FRF.16 OverviewConfigure MFR interface parameter Configure MFRConfigure a MFR bundle interface MFR interface SubnumberFrame Relay Compression Configuration Configure the parameters of the bundle link interfaceConfigure Frame Relay Fragment Attributes By default, interfaces use initiative compressionConfigure Frame Relay Fragment FRF.12 Configure Frame Relay Compression on multipoint interfaceFr traffic-shaping Disable the Frame Relay traffic shapingFrame Relay Traffic Shaping Undo Fr traffic-shapingRate Frame Relay Queueing Management Frame Relay Traffic Policing150 Kbps 100 Kbps CI R ALLOWº£ 64 KbpsFrame Relay Congestion Management Frame Relay DE rule listConfigure Frame Relay Traffic Shaping By default, no Frame Relay class is createdConfigure the Frame Relay class parameters Undo fr-class class-nameEnable/Disable the Frame Relay traffic shaping Configure the parameters of Frame Relay classEnable/Disable the Frame Relay traffic policing Queue-percentage Dequeue-percentageConfigure Frame Relay Queueing Management Configure Frame Relay DE Rule ListConfigure the Frame Relay PVC queueing Configure Pipq Configure a tunnel interface Configure Frame Relay over Other ProtocolsConfigure Frame Relay over IP Configure Frame Relay switchingFrame Relay over Isdn Operation Process and Fundamentals Networking of a typical Frame Relay over Isdn applicationPhysical Connection Between Frame Relay over Isdn Devices Frame Relay switching connection between DTE devicesBack-to-back connection between DTE and DCE devices Configure Frame Relay over Isdn Configure the Frame Relay-related commandsConfigure the link layer protocol of the interface Configure the commands related to Frame Relay switchingDlci Display and Debug Frame Relay Configure parameters related to dialer profilesDisplay and debug Frame Relay IsdnsubaddressType number dlci Number dlci dlci-numberNumber interface serial Mfr numberInterconnect LANs via Frame Relay Network Typical Frame Relay Configuration ExampleConfigure static address mapping Router-Serial1fr map ip 202.38.163.251 dlciInterconnect LANs via Private Line Configure local virtual circuitRelay FRF.16 Router-Serial1ip address 202.38.163.253Example FRF.9 Create a MFR interfaceBundle Serial 0 and Serial 1 to mfr ThemFRF.12 III. Configuration Procedure 1 Configure Router aIII. Configuration Procedure 1 Configure RouterA Fragment between themRouter-fr-class-96ktraffic-shaping adaptation becn IP ConfigurationRouterfr class 96k Typical Frame Relay overConfigure Frame Relay over IP Configure IP interface Ethernet0Configure tunnel interface Router-Serial0fr interface-type dceRouter-Dialer0dialer number Router-Dialer0dialer call-in Configure the Frame Relay parameters on Bri0Router-Bri0fr map ip 110.0.0.2 dlci Router-Dialer0fr interface-type dceConfigure the Frame Relay-related parameters on Bri0 Configure Frame Relay SVCs Router-Serial1.1ip address 130.0.0.2Fault 1 the physical layer in Down status Fault Diagnosis Troubleshooting Frame RelayFault 4 Frame Relay data cannot be transmitted across Isdn Configuring Frame Relay By default, the link layer protocol of the interface is PPP Configure HdlcConfigure Hdlc Display and Debug Hdlc Configure the link layer protocol of the interface to HdlcEnable Hdlc packet debugging Debugging Hdlc Packet InterfaceBridge Overview Configure Bridge’s Routing FunctionTypical Bridge Configuration Bridge OverviewObtain address table Main Functions of BridgingBridge Overview Forward and Filter Final bridging address tableEliminating loop Filter not forwardPreliminary examination state of bridging loops Spanning Tree Topology Bpdu Forwarding Mechanism Spanning tree topologyEnable/Disable bridging functions Configure Bridge’s Routing FunctionBy default, disable bridging functions Bridge enableAdd ports to a bridge-set Configure static address table entriesSpecify the STP version supported by the bridge-set Mac-addressConfigure the aging time of dynamic address table Enable/Disable forwarding by using dynamic address tableDisable/Enable STP on ports Configure the path cost of bridge port Configure the bridge priorityConfigure the bridge port priority Configure the interval for sending BPDUs Configure the forward delay for the port status transitionConfigure the Max age of Bpdu Create ACLs based on varied Ethernet encapsulation formatsAcl acl-number Configure a bridge-template interface Enable/Disable bridge’s routingBridge-set Link-set Define a link-setShare load by source MAC address Bridgebridge-set link-set link-setMap the bridge address to Dlci Configuration on the interfaceDefine a dialer list Display and debug bridge Typical Bridge ConfigurationDisplay and Debug Bridge Transparent Bridging Multiple LANsConfigure Router B Configure Router aRouter-Serial0bridge-set 1 stp disable Transparent Bridging over Frame Relay Transparent bridge over the Frame RelayRouter-Serial1dialer route bridge broadcast Connected are failed Asynchronous Dial-inStandby Please refer to FigureBridge-Template interface Networking of bridge-template interfaceBridging on Sub-Interfaces Networking for bridging on sub-interfacesRouterbridge enable Routerbridge 1 stp ieee Link-Set Configuration I. Networking RequirementsRouter-Serial1bridge-set 1 link-set Network Protocol 316 Configuring IP Address IP address classes and ranges Network IP network range Description ClassSub-net classification of IP address Configure master IP address of an interface Configure IP Address Configure IP Address for an InterfaceBy default, the interface has no master IP address Ip address ip-address maskDelete slave IP address of an interface Configure slave IP address of an interfaceIp address ip-address mask Mask-length sub Undo ip address ip-addressIntroduction to IP address unnumbered By default, the interface has no negotiating IP addressConfigure IP Address Unnumbered for an Interface Set negotiable attribute of IP address for an interfaceConfigure IP address unnumbered Configuration Example I. Configuration RequirementsConfigure routing to Ethernet segment of Shenzhen router R1 Borrow IP address of Ethernet interfaceRouter-Ethernet0ip address 172.16.20.1 Configure router R1 of Shenzhen subsidiaryBorrow IP address of Ethernet Router ip route-static 0.0.0.0 0.0.0.0Page Configuring IP Address Undo arp static ip-address Define a static ARP mappingArp static ip-address Arp dynamic ip-addressName Resolution Configure DomainName Resolution Display and Debug ARPDisplay and Debug domain name resolution Display and Debug Domain Name ResolutionDisplay ip host Interface-number.subinterface-number Create Ethernet subinterfaceSpecify the Vlan on which Ethernet subinterface is located Vlan-type dot1q vid vlan-idDisplay and Debug Display and Debug Vlan Configure IP address of Ethernet subinterfaceTypical Vlan Configuration Example Display vlanTroubleshooting The steps below can be taken Configure IP address for the subinterfaceConfigure Vlan information of LAN Switch Router-Ethernet0.1ip address 3.3.3.8Dhcp vs Bootp Dhcp Server ConfigurationFault Ping Two PCs, but fails to ping them through Background of the Dhcp developmentFollowing figure Occasions in which Dhcp server is appliedDhcp server Dhcp clients Dhcp client logs into the network again Dhcp Server Configuration Undo Dhcp enable Enable/disable the Dhcp serviceDhcp Enable Dhcp server ip-pool pool-nameNetmask Configure the statically binding IP address and MAC addressNetwork ip-address Low-ipaddress high-ipaddress Low-ipaddress high -ipaddressConfigure the domain names of Dhcp clients By default, the IP address of DNS is not configuredConfigure the gateway router address of client Configure the DNS addresses in a Dhcp address poolNbns-list ip-address1 Set the type of NetBIOS node for Dhcp clientSet the type of NetBIOS node for Dhcp client Ip-address2 ... ip-address8Display and Debug Dhcp Server Use reset, debugging and display command in All viewsConfigure Dhcp self-defined options Display and Debug Dhcp serversRouter dhcp enable III. Configuration Procedures 1 Enable the Dhcp serviceRouter dhcp server forbidden-ip At the client, use ipconfig /releaseall Router-dhcp2nbns-list Router-dhcp2gateway-listIp relay-address ip-address Configure interface relay addressOperation Command Configure interface relay address Delete interface relay addressIP address from Dhcp server through application Dhcp Relay Configuration RequirementDhcp Relay Available on Dhcp serverConfigure Dhcp relay router Networking diagram of an Dhcp relay configuration exampleFault 2 fail to forward transparent transmission protocol Private Network Address and Public Network Address Under which condition should the address be translatedRole the Network Address Translation NAT plays Characteristic of Network Address Translation NATMechanism of Network Address Translation NAT End-addr pool-name Configure address poolPerformance of Network Address Translation NAT Pool-nameUndo nat outbound acl-number Nat outbound acl-numberAddress-group pool-name Undo nat outboundNat server global global-addr global-port Configure the Internal ServerConfigure the Timeout of address translation Www inside inside-addr inside-port anyTypical NAT Configuration Example Display and Debug NAT Display and debug NATSet internal FTP server Configure address pool and access listAllow address translation of segment at 10.110.10.0/24 Set internal WWW serverConfigure a default route to serial Configure address access control list and dialer-listConfigure dial-up property for the interface Correlate the address translation list and the interfaceFault 2 Internal server abnormal Configuring IP Application Configure maximum transmission unit on an interface Configure IPTo configure IP performance, carry out the following steps PerformanceConfigure TCP Tcp window size Configure Fast ForwardingForwarding Perform the following configuration in system viewDisplay and Debug IP Display and Debug Fast Display and Debug fast forwardingRouter info-center enable Router debugging tcp packet Troubleshooting IP Performance ConfigurationRouter info-center enable Router debugging tcp event Configuring IP Count Ip count enable IP Count ConfigurationEnable/Disable IP Count service Undo ip count enableConfigure IP Count list Configure IP Count on an interfaceSpecify count maximum of exterior Specify count maximum of interior By default, IP Count entries time out after 720 minutesCount Display and debug IP CountNot been configured on the interface of the router IV. Test ProcedureInformation is displayed Configuring IP Count Configuring IPX IPX addressSAP Configure relative parameters of IPX SAP Configure IPXModify length of service information reserve queue Its first Ethernet interface as its node addressEnable/Disable a Default Route Enable IPX interfaceConfigure IPX RIP static route Perform the following task in interface viewConfigure the maximum size of RIP update packet Configure RIP updating periodConfigure RIP aging period Configure the maximum number of IPX parallel routeConfigure length of route reserve queue Configure static service information table itemConfigure reply to SAP GNS request Configure SAP aging periodConfigure size of SAP maximum updated message Ipx sap timer update secondsConfigure Using touch-off for an interface Disable split-horizonModify Encapsulation Format of IPX Frame on Interface Configure the delay of interface sending IPX packetsConfigure management of IPX packet Encapsulation format of IPX frameConfigure Router a a Activate IPX Display and Debug IPX Display and Debug IPXConfigure an information about Server2 file service Configure an address map to Router BConfigure a static route to network ID Configure an information about Server2 directory serviceConfigure an information about Server1 directory service DLSw Protocol Init-window-size max-frame Configuration of DLSwCreate DLSw local peer entity Max-frame-size max-windowConfigure Bridge set connecting to DLSw Create DLSw remote end peer entityConfigure to add ethernet port to Bridge set Configure Sdlc roleSdlc-address Configure Sdlc virtual MAC addressConfigure Sdlc address Controller sdlc-addressConfigure XID of Sdlc Configure Sdlc peer entityAdd synchronous Interface to Bridge set Configure baud rate of synchronous Interface Configure to stop running DLSwBaudrate Configure LLC2 local acknowledgement delay time Configure Idle time encoding mode of synchronous InterfaceConfigure parameters of DLSw timer MsecondsConfigure LLC2 premature acknowledgement window Configure modulo value of LLC2Configure Busy status time of LLC2 Configure retransmission number of LLC2Configure LLC2 local acknowledgement time Configure P/F wait time of LLC2Configure Queue Length of Sending Message of Sdlc Configure REJ status time of LLC2Configure queue length of sending message of LLC2 Configure Sdlc local acknowledgement windowConfigure retransmission number of Sdlc Configure maximum receivable frame length of SdlcConfigure poll time interval of Sdlc Lsap Configure SAP address for transforming Sdlc to LLC2Configure data bi-directional transmission mode of Sdlc DsapDLSw Typical DLSw Configuration ExampleDLSw Configuration Networking Requirement IP across WANDLSw Configuration Router a ConfigurationRouter B Configuration Router dlsw localNetworking diagram of DLSw configuration of SDLC-SDLC Networking Diagram of SDLC-LAN Diagnosis DLSw FaultWhen using command display dlsw remote Virtual circuit cant attain Connected stateDiagnosis and Troubleshooting of DLSw Fault Configuring Dlsw VI Routing 404 IP Routing Protocol IP Routing Protocol Routing Protocol and Routing Priority Routing Protocol or Type Corresponding Routing PriorityOspf ASE Configuring Static Routes Default RouteConfigure a Static Route Configuring a Static RouteConfiguring a Static Route Transmitting interface or next hop addressPreference Configuring a Default RouteDisplaying Debugging Routing Table Other parametersStatic Route Troubleshooting aOther RIP Overview Configure RIP Features is not subject to whether RIP has been enabledEnable RIP at the Specified Network Enabling RIPSpecify RIP Version By default, the interface runs RIP-1Define a Neighboring Router Peer ip-addressDisable a Host Route RIP Version 1 enables zero field check by defaultConfigure Check Zero Field of RIP Version Specify the Status of an InterfaceSummarization for RIP Authentication onEnabling Route VersionConfigure Route Import for RIP By default, the default route metric for RIP isConfigure RIP Horizontal Segmentation on the Interface Specify a Default Route Metric Value for RIPSpecify Additional Route Metric Value for RIP Configure filtering route information received by RIPDistribution for RIP Set Route PreferenceFilter the Routing Information Being Advertised by RIP Reset RIPDisplaying and Debugging RIP Display and Debug RIPRIP Unicast Ospf Overview Ospf Configuration ExampleOspf Overview Displaying and Debugging OspfConfiguring Ospf Router id router-id Enable OspfSpecify Router ID Undo router idArea-id By default, Ospf is disabledArea area-id Ospf network-type broadcast nbma Configure the Network Type of the Ospf InterfaceConfigure Sending Packet Cost P2mp P2pConfiguring a Peer for the Nbma Interface CostOspf Dr-priority value Operation Command Set the priority of the interface whenSpecify the Router Priority Undo Ospf dr-prioritySpecify Hello Intervall Specify Dead IntervalSpecify Transmit-delay Configuring a Stubby Area and a TotallySpecify Retransmitting Interval Stub cost cost area area-id Perform the following configuration under Ospf viewConfigure Totally Stubby Area of Ospf No-summaryPerform the following configuration in Ospf view Configure an Nssa Area of OspfArea-id advertise notadvertise Configure Route Summarization Within Ospf DomainAbr-summary address mask mask area Undo abr-summary address mask maskCreate and Configuring a Virtual Link Area-id None Router-id NoneConfigure Authentication Key-idConfigure Route Import for Ospf Configure Parameters When Importing External RoutesDebugging Ospf Configure filtering route information received by OspfDisplaying Filter for OspfConfiguring Ospf on the Point-to-Multipoint Network Ospf Configuration ExampleRouter D 201 Router B 301 302 Router C 1.3 RouterA-Serial0ospf network-type p2mp Enable OspfRouterC ospf enable RouterB-Serial0ospf network-type p2mpConfigure DR on Ospf Preference E0 192.1.1.2/24 E0 10.1.2.3/24 1.1 4.4 E0 192.1.1.1/24E0 192.1.1.4/24 2.2 3.3RouterA display ospf peer RouterD display ospf peerBetween Router B and Router C To configure an Ospf virtual link Configure Router aRouterB-ospfVlink peer-id 3.3.3.3 transit-area To configure Ospf peer authentication Configure Router a Ospf Configuration Troubleshooting anNormally Ospf Configuration Example Configuring Ospf BGP Overview BGP Configuration ExampleBGP Overview Displaying and Debugging BGPConfiguring BGP By default, BGP is disabled Resetting BGP Connections Enabling BGPPerform the following configurations in system view Perform the following configurations in BGP viewSet the Timers for BGP Peer Configure the BGP Version of the PeerConfigure BGP Route-update Interval Configure the Peer to be the Client of the Route Reflector Configure to distribute default route to the peerConfigure to Send Community Attribute to the Peer Configure to Distribute Default Router to the PeerCreate a BGP Route Filtering Based on AS Path for the Peer Create a Fltering Policy Based on Access List for the PeerConfigure the BGP MED Metric Allow Comparing Path MEDTimers keepalive-interval Configure the Local PreferenceConfigure the Keepalive Timer and Holdtime Tmer for BGP Holdtime-intervalPeer group-name By default, there is no BGP peer in a peer groupAdd a Peer to the BGP Peer Group Group-nameSet the Timers of BGP Peer Group Configure AS Number of BGP Peer GroupConfigure Connection Between Peers Indirectly Connected Configure BGP Routing Update Sending IntervalConfigure to Send the Default Route to the Peer Group Configure to send the default route to the peer groupCreate Routing Policy for Peer Group Configure BGP Version of Peer Group By default, software accepts BGP VersionCreate an Aggregate Addresses As-set By default, an aggregate is disabledAggregate address mask Undo aggregate addressClients within the reflection group Reflect between-clientsUndo reflect between-clients Standard-community-list-number Configure the Cluster IDConfigure BGP Community Extended-community-list-numberConfigure the Sub-system of E Confederation Configure a ConfederationAs-number … Schematic diagram of route dampening Display Route Flap Information Configure Route Import for BGP By default, BGP synchronizes with IGPIs insured When AS is not a transitional AS Configuring Still existsDefine an AS Path-list entry Define an access list entryEntry, an AS Path-list Define a routing policyDefine a match rule Perform the following configurations in Routing policy viewDefine an apply clause Filter for BGP Filter Routing Information Being Advertised by BGP Reset BGP ConnectionsDebugging BGP Display and Debug BGPAs-regular-expression acl BGP ConfigurationProcedure for each configuration Acl-number network-addressNetworking diagram of configuring AS confederation RouterB-Serial1ip address 193.1.1.2 Configure Router B Configure BGP peersRouterA-bgppeer 192.1.1.2 as-number RouterC-ospfinterface serialConfigure Router D Configure BGP peers Specify BGP transmission network Configure peerStart BGP RouterA-acl-1rule permit source 1.0.0.0RouterC-acl-1rule permit source 1.0.0.0 RouterC-bgppeer 193.1.1.1 route-policy localpref importRouterD-ospf network 4.0.0.0 0.0.0.255 area 0 RouterD bgp Configuring BGP IP Routing Policy Configuring IP Routing Policy Policy Configure IP RoutingOperation Command Define a routing policy and enter into Define a Routing PolicyConfigure a Matching Rules No-export addtive none Define a Setting ClauseApply community aa nn Apply tag tag-valueRoute-policy route-policy-name Configure Route ImportTag tag-value type 1 Ip ip-prefix prefix-list-name Define an IP Prefix ListGe-value less-equal le-value OSPF-ASE external route discovered by Ospf protocol Perform the following configurations in all viewsDebugging IP Routing Policy BGP route discovered by BGP protocolRouting Policy Configuring IPWith different weighting values ProtocolRoute Information Normal operation Troubleshooting IPConfigure RIP protocol Routerip ip-prefix p1 permit 192.1.1.0/24Configuring IP Routing Policy IP Policy Routing Configuring IP PolicyRouting Define Match Rules Create a Routing PolicyDefine Apply Clause Displaying Debugging IP Policy Routing By default, interface policy routing is disabledEnable/Disable Interface Policy Routing Interface Policy RoutingRouter-acl-101rule deny tcp source any destination any Suggested procedure for each configurationDefine access list Router-acl-102rule permit tcp source any destination anyRouterA-Ethernet0ip policy route-policy lab1 Adopt policy aaa in Ethernet interfaceRouter-Ethernet0ip policy route-policy aaa RouterB-ripnetworkRouterAdebugging ip policy-routing Chapter Configuring Igmp Configuring PIM-DM Configuring PIM-SMIP Multicast 498 IP Multicast List for Reserved Multicast Addresses Range and Meaning of Class D AddressesClass D address range Meaning IP Multicast Routing Protocols IP Multicast IP Multicast IP Multicast PacketApplication IP Multicast Igmp Overview Configuring IgmpIgmp Configuration Example Igmp OverviewConfiguring Igmp Configure the Igmp Version Number Run at Router Interface Make the following configuration in interface viewConfigure Igmp Maximum Query Response Time Displaying and Debugging Igmp Igmp ConfigurationDebugging command in system view to debug Igmp Interfaces are all fast Ethernet FERouter a Router B Configuring Igmp Configuring PIM-DM Enable Multicast Routing Make the following configuration in the system viewBy default, the system disables the multicast routing Operation Command Enable multicast routingDisplay and Debug PIM-DM Start/Disable PIM-DM ProtocolDisplaying and Debugging PIM-DM Group-address source-addressEnable PIM-DM protocol PIM-DM ConfigurationEnable multicast routing protocol Receiver 2 are the two receivers of this multicast groupPIM-SM Overview PIM-SM Configuration Enabling Multicast RoutingConfigure Candidate BSR By default, the interface disables PIM-SM protocolEnable/Disable PIM-SM Protocol Configure Candidate RPBy default, no PIM-SM domain boundary is configured By default, no interface is configured to be candidate RPConfigure PIM-SM Domain Boundary Use the pim command in system view to enter PIM view Debugging PIM-SMRouterA multicast routing-enable RouterA interface ethernet Configure Router a Enable PIM-SM protocolConfigure Router B Enable PIM-SM protocol RouterA-pimspt-switch-threshold 10 accept-policyNeighbors have discovered each other Display pim neighbor command can be used to check whetherFollow these steps RouterB-acl-5rule permit source 225.0.0.0Configuring PIM-SM Viii Security 524 Access Security Terminal AccessConfiguring Terminal Configuring a UserConfigure EXECLogin Authentication Configure Radius server and the shared secret Enable AAAConfigure the authentication method list of Exec users Configuring Terminal Access Security AAA Overview Radius OverviewComponents of Radius server Basic message interaction process of Radius Type of Packets Decided by Code Field Request Authenticator Adopts 16-byte random codeCode Packet type Explanation of the packet Attribute Fields Configure AAA Login Authentication By default, AAA is disabledAAA Enable/Disable AAA Server-template-name method1Default methods-list method1 Configuring an Authentication Method List for PPP UsersConfigure PPP Authentication Method List of AAA Default methods-listConfigure AAA Accounting Option By default no address pool is defined by the systemConfigure AAA Local-First Authentication Configure Local IP Address PoolConfigure Callback User By default pool-number isConfigure a User and Password Configure Ordinary User and PasswordConfigure Callback User and the Callback Number Configure User with Caller NumberConfigure FTP User and the Usable Directory Configure User with Caller NumberConfigure Authorizing a User with Usable Service Types Authorize a User with Usable Service TypesConfigure FTP User and the Usable Directory DirectoryConfigure Radius Server Shared Secret Configure Radius Server Shared SecretBy default, no key is configured for the Radius server Radius server hostname ip-addressConfigure the Request Retransmission Times Configure the Time Interval for the Inquiry PacketDisplaying Debugging AAA Accessing UserAuthentication Case AAA and RadiusRouter aaa authentication-scheme local-first Configure IP address and port of Radius serverConfigure local-first authentication Routerradius serverTroubleshooting AAA RadiusConnected user cannot be seen in display aaa user Users Radius authentication is always rejectedCan Configuring AAA and Radius Protocol Firewall Overview Classification of Firewalls Packet filtering schematic diagram Command format when the protocol is TCP or UDP Extended access control listCommand format when the protocol is IGMP, IP, GRE or Ospf Operators of the Extended Access Control ListMnemonic Symbol of the Port Number Protocol Mnemonic Symbol Meaning and Actual Value UDPMnemonic Symbol of the Icmp Message Type Configure the match sequence of access control listOperator and Syntax Meaning Firewalls are disabled by default Configure FirewallEffect Perform the following configurations in system view FirewallConfigure Standard Access Control List Configure Extended Access Control ListSet Default Firewall Filtering Mode Enabling and disabling filtering according to timerangeConfiguring Special Timerange Destination dest-addr dest- wildcardSet Special Time Range Enable/Disable Filtering According to TimerangeSet special time range Settr begin-time end-timeSpecify Logging Host Use debugging, reset and display commands in all viewsDisplaying and Debugging Firewall Display and Debug FirewallRouterfirewall enable Enable firewallConfigure access rules to inhibit passing of all packets Routerfirewall default permitRouter-Ethernet0firewall packet-filter 101 inbound Apply rule 102 on packets coming in from interface Serial0Router-Serial0firewall packet-filter 102 inbound IPSec Protocol Following terms are important to an understanding of IPSec IPSec Related TermsIPSec Message Processing Access Control List Configuring IPSecCreating an Encryption Create Encryption Access Control List Operator port1 port2By default, all the crypto cards are enabled Configure Ndec Cards Enable the crypto cardsSet the output of the crypto card log Set the Mode for Security Protocol to Encapsulate Messages By default, no proposal view is configuredEnable/Disable the Host to Backup the Ndec Cards Define IPSec proposalSelect Security Protocol Selecting the Encryption Authentication AlgorithmDefault mode is tunnel-encapsulation mode Select Security ProtocolSelect Encryption Algorithm and Authentication Algorithm Creating a Security PolicyPerform the following configurations in IPSec policy view By default, no security policy is createdConfigure access control list quoted in security policy Set start point and end point of security tunnelSet IPSec proposal quoted in security policy By default, the security policy quotes no IPSec proposalConfigure IPSec Proposal Quoted in Security Policy Set SPI of security policy association and its adopted keyConfigure Key Used by Security Policy Association By default, no key is used by any security policyConfigure SPI Parameters of Security Policy Association Hex-keyCreating a Security Policy Association with Set access control list quoted by security policySet end point of security tunnel Specify End Point of Security TunnelProposal proposal-name1 Set the IPSec proposal quoted in security policySet SA lifetime Proposal-name2...proposal-name6Configure Global SA LIfetime Configure a separate SA lifetimeBy default, apply the global SA lifetime Configure Separate SA LIfetimeApply Security Policy Group on Interface Use debugging, reset and display commands in all viewsDebugging IPSec Ipsec sa dynamic-detectDisplay and Debug IPSec Reset crypto cardDest-address protocol spi Displaying and Debugging the crypto card IPSec Configuration ExampleUse the debugging, reset and display command in all views Creating an SA ManuallyQuote access list Adopt tunnel mode as the message-encapsulating formSelect authentication algorithm and encryption algorithm Create the IPSec proposal view named tran1Apply security policy group on serial interface Configure the routeCreate a security policy with negotiation mode as manual Exit to system viewCreate the IPSec proposal view named trans1 Create a security policy with negotiation mode as isakmpSet remote addresses Configure serial interface Serial0 Configure ip address of the serial interfaceConfigure corresponding IKE Create a security policy with negotiation view as isakmpReturn to system view Establish a security policy with manual negotiation modeAdopt tunnel module for packets encapsulation form RouterB ike pre-shared-key abcde remoteSet encryption key Enter Ethernet interface view and configure IP addressSet local address Apply security policy base on serial portReturn to the system view Establish a security policy with manual configuration modeTroubleshooting IPSec Ndec card cannot be configured RouterB ipsec policy map1 10 manualDo the following Configuring Ipsec Configuring IKE IKE features Configuring IKEPolicy View Delete IKE policy Create IKE PolicyIke proposal policy-number Undo ikeConfigure Pre-shared Key Selecting an Authentication AlgorithmSelect Authentication Method Select Encryption AlgorithmSelect DH Group ID By default, 768-bit Diffie-Hellman group is selectedSelect Hashing Algorithm Set Lifetime of IKE Negotiation SADisplaying and Debugging IKE Configure IKE Keepalive TimerReset ike sa connection-ike-sa-id Display and Debug IKEIKE Configuration Invalid user ID informationUnmatched policy Unable to establish security channelConfiguring VPN Configuring L2TP Configuring GRE IX VPN596 VPN Overview Classification of IP Basic NetworkingApplications of VPN Authority given by local ISPLayer 3 tunneling protocol Layer 2 tunneling protocolComparison of layer 2 and layer 3 tunnel protocols Configuring VPN Vpdn and L2TP Vpdn OperationMethods of Implementing Vpdn L2TP channelNetworking diagram of two typical methods of Vpdn Tunnel and sessionIV. Call setup flow of L2TP tunnel Control message and data messageFeatures of L2TP Call setup flow of L2TP channelEnable/Disable L2TP Basic Configuration atEnable L2TP L2tp enableL2tp-group group-number Originate L2TP Connection Request and LNS AddressIp-address … domain domain-name Default list-name method1 By default, L2TP is disabledConfigure AAA and Local Users L2TP Attribute TableCreate/Delete L2TP Group Operation Command Create a L2TP groupOperation Command Create a virtual template Create/Delete a Virtual TemplateConfigure the Name of the Receiving End of the Tunnel Advanced Configuration at LAC or LNSBy default, receiving dial-in from LAC is disabled Configure Local VPN UsersSet Local Name Enable Tunnel Authentication Setting PasswordBy default, the local name is the host name of router Tunnel name nameSet Tunnel Authentication and Password Configure the Interval For Sending Hello MessagesSet the Interval for Sending Hello Message Force Configure Domain Delimiter and Searching OrderSet Domain Name Delimiter and Searching Order Reset l2tp tunnel remote-name This configuration is applicable to LNS onlyOperation Command Force to disconnect tunnel Force to Disconnect ChannelLCP does not renegotiate by default Configure the Local Address and Address PoolLCP to Renegotiate Enable/Disable Hiding AV Pairs Enable/Disable Hiding Attribute Value Pairs AVBy default, AV pairs are hidden Number of L2TP SessionsUse debugging, display command in all views L2TP Configuration ExamplesBy default, the maximum number of L2TP sessions is Display and Debug L2TPEnable L2TP service and configure a L2TP group Implement local AAA authentication on VPN userConfigure the IP address of Serial1 interface of LAC Configure BDR dialup parametersConfigure the IP address of Serial0 interface of LNS Configure the Virtual-Template-related informationInternet Connection Wizard Internet Connection Wizard Internet Connection Wizard Internet Connection Wizard Client-originated VPN Networking Router-LACip pool 1 192.170.0.3Configure the IP address of Serial0 interface at LNS side Configure the IP address of Serial1 interface at LAC sideConfigure BDR parameters Disable tunnel authenticationNetwork Connection Wizard Network Connection Wizard Connect Connection to Configure the domain suffix separator to @ Configure an IP address on Serial0 interfaceConfigure a L2TP group and the related attributes Router1 l2tp domain suffix-separator @Force to implement local Chap authentication Enable AAA authenticationConfigure Virtual-Template III. ProceduresConfigure an address pool 1 in the range of 192.168.0.2 to Configure a L2TP group and configure the related attributesConfiguration at Router2 LNS side Enable AAA authentication Configure an access control list and specify L2TP dataFault 1 The users fail to log PPP negotiation fails. The reasons may beTroubleshooting L2TP Configuring L2TP Encapsulation GRE ProtocolPacket Encapsulated tunnel message format Refer to RFC Enlarge network operating range Creating a Virtual Tunnel Interface Configuring GREBy default, no virtual tunnel interface is created Create Virtual Tunnel InterfacePerform the configurations in the tunnel interface view Address of a Tunnel Must be configured InterfaceSetting the Network Address of the TunnelSet the Tunnel to Synchronize Datagram Sequence Numbers Number discardedSet Tunnel Interface to Check with Checksum Gre key key-numberDebugging GRE GRE Configuration ExampleGroup1 and group2. It can be implemented by using GRE All viewsConfigure the IP address of Ethernet0 interface Configure Router B Configure the IP address of Serial0Configure the static route to Novell Group2 Configure Router a Activate IPXConfigure the IP address and IPX address of Ethernet0 Configure Router B Activate IPXNetworking of troubleshooting GRE RouterB ipx route 1e 1f.a.a.a tick 30000 hopConfiguring a Standby Center Configuring Vrrp 646 Configuring Standby Center Standby CenterFr map protocol address dlci dlci Enter the Logic Channel ViewAddress logic-channelnumber Next-hop-address dialer-numberUndo standby timer enable-delay Channel to check whether it has recoveredStandby timer enable-delay seconds Standby timer disable-delay secondsInterfaces Please perform the following configuration in all viewsLoad Sharing view Enter the view of SerialChannel Enter the view of logic channelRouter-logic-channel10standby interface serial Router-Serial1logic-channel Vrrp Overview Vrrp Configuration ExamplesTroubleshooting Vrrp Vrrp OverviewAdding a Virtual IP Configuring VrrpAddress Vrrp vrid virtualrouterid Configure Router Priority in Standby GroupAdd Virtual IP Address Undo vrrp vrid virtualrouteridConfigure Authentication Method and Authentication Key Configuring Authentication Method Authentication KeyVrrp provides simple character authentication method VirtualrouteridDebugging Vrrp Configure StandbyGroup Timer MonitoringBackup with preemption aII. Networking diagram Vrrp ConfigurationProcedure for each configuration Vrrp Single StandbyGateway function as the master Gateway services insteadBalancing and mutual backup are implemented Multiple StandbyThere is requent switchover of the Vrrp state Many master routers exist within the same standby groupXI QOS 662 Three Types of QoS Services QOS OverviewQOS Overview Benefits of QoS for the Network Service QOS Overview Traffic Classification Traffic PolicingTraffic POLICING, Traffic Shaping and Line Rate Committed Access Rate CARQos carl carl-index precedence Defining RulesDefine CAR Rules Precedence-value mac mac-addressApplying the CAR Policy on the Interface By default, no CAR rule of ACL list is establishedApply the CAR Rule on the Interface Displaying and Debugging CAR CAR Configuration Applying a CAR Policy to all PacketsConfigure the Priority Level Based CAR Policy Display and Debug CARConfigure the CAR Policy Based on the MAC Address Matches ACL Traffic ShapingApply a CAR Policy on the Packets that Match ACL PacketsConfiguring shaping parameters for a specified flow Schematic diagram of GTS processingConfigure the ACL Configuring shaping parameters for all flowsShape the flows matching 110 on Ethernet interface Rate Configure the Physical Interface LIne RatePhysical Interface Line Shape all the flows on Ethernet interfaceDisplaying Display and Debug LR Debugging LR Operation Command Display the LR configuration conditionsDisplay qos lr interface type Congestion Management Fifo Queuing CongestionManagement Policy Priority QueuingSelecting Congestion Management Policies Comparison of Several Congestion Management Policies Number Queues Advantage DisadvantageSchematic diagram of the first in first out queue Schematic diagram of the custom queuing Weighted Fair Queuing WFQ Schematic diagram of weighted fair queuingConfiguring priority queuing Configuring Congestion ManagementConfiguring Fifo Queuing Configure the First In First Out QueuingProtocol-name queue-option queue By default, no priority queue is establishedValues of Queue-Option with Protocol as IP Pql-index protocolApplying the priority-list queuing group to the interface By default, the interface utilizes the Fifo queueSpecifying the queue length of the priority-list queuing Default Length Value of the Priority Queue Configuring custom-list queuingConfiguring Custom Queuing CQ Displaying and debugging the priority queueQueue-number Configure the Custom-Lst Queuing According to the InterfaceConfigure the Default Custom-List Queuing Queue queue-numberConfigure the Queue Length of the Custom-List Queuing By default, the interface uses the Fifo queueConfiguring the queue length of the custom-list queuing Applying the custom-list queuing group to the interfaceDisplaying and debugging the weighted fair queue Configuring Weighted fair queuingDisplaying and debugging the custom-list queue Apply the priority queue 1 to Serial Congestion Management Configuration ExamplesPQ Configuration Example Apply the priority queue 2 to SerialRouterA-Tunnel0ip address 10.1.1.1 Configure the CQ queueConfigure Router B Configure the access control list RouterA-Tunnel1destinationConfigure Tunnel1 Configure Serial0 master/slave addressesConfigure Tunnel0 WFQ Configuration ExampleCongestion Management Congestion Avoidance Congestion Avoidance Enable Wred Wred ConfigurationEnable the Wred Function of the InterfaceDiscard-prob Ip-precedenceEnable Wred Congestion Avoidance Configuration ExampleConfigure a WFQ queue Displaying Debugging Congestion AvoidanceCongestion Avoidance Configuring DCC Configuring Modem XII DIAL-UP704 Terms in DCC Configuration DCC OverviewCircular DCC DCCResource-Shared DCC With 3Com Routers Basic DCC featuresImplementing callback through DCC Prepare the data for DCC configuration Configuring DCCPreparing to Configure Configure the local parameters of DCCLinklayer-protocol-type Configuring the mode of the physical interfaceConfigure Physical Interface Mode Ip address ipaddress maskAssociating a DCC dialer ACL with the interface Configuring an interface to originate calls to a remote end Dialer number dial-number Configure an interface to receive calls from a remote endDialer enable-circular Undo dialer numberRoute protocol DialerNext-hop-address dial-number Undo dialer route protocol Next-hop-addressUndo dialer circular-group Undo interface dialer numberDialer circular-group number Dialer priority priorityDialer circular-group number Interface dialer numberUndo interface dialer number Undo dialer circular-groupRouter Dialer0 By default, no dialer interface is created Configuring dialing authentication for resource-shared DCCConfiguring the dialer interface and dialer number Enabing Resource-Shared DCCConfiguring dialing authentication for resource-shared DCC Configure MP Binding in Circular DCC Configuring MP binding in circular DCCThreshold traffic-percentage Configure MP Binding in Resource-Shared DCC Configuring MP binding in resource-shared DCCConfiguring PPP callback in the circular DCC implementation Dialer threshold traffic-percentageImplement PPP Callback Client Configuration in Circular DCC Implement PPP Callback Server Configuration in Circular DCCNext-hop-address user username CommandTelephone-number Dial-numberPrimary rule The best match is the number with the fewest Features of Isdn caller identification callbackDialer callback-center dial-number Undo dialer call-in remote-number Operation Command Configure the local end to implementIdentification Callback according to the Isdn callerConfiguring Special DCC Functions Configuring Isdn leased lineConfiguring auto-dial Configure Isdn leased line for Circular DCCConfigure Auto-Dial Configuring dialer number circular standbyConfiguring the Link Idle Time Configure Dialer Number Circular StandbyConfiguring the link idle time when interface competion By default, the link idle time is 120 secondsBy default, the link disconnection time is 20 seconds Configure the Link Idle TimeConfiguring the buffer queue length of the dialer Configuring the timeout of call setting upBy default, the timeout of call setting up is 60 seconds Debugging DCCSolution DCC Configuration ExamplesDCC Applications in Common Use Router-Serial1dialer circular-group Configure RouterCConfigure RouterB Router-Serial0dialer route ip 100.1.1.1Router-Serial0dialer bundle-member Router-Serial1dialer bundle-memberConfigure RouterC Configure RouterC Router-Bri0dialer bundle-member Configure RouterARouter-Dialer0dialer threshold Router-Serial015dialer route ip 100.1.1.1Router-Bri1dialer route ip 100.1.1.1 Router-Serial0dialer route ip 100.1.1.2 Router-Serial1dialer enable-circularRouter dialer-rule 1 ip permit Router interface serial Router-Bri0dialer route ip 100.1.1.2 user usera By the NT server Configure the PCCallback for DC C NT Server-to-RouterRouter-Async0dialer route ip 100.1.1.254 Dial Number Circular Standby and Internet Access for DCC Configure subscriber PC Router-Serial0dialer route ip 100.1.1.254Router-Serial215ppp authentication-mode chap Router-Serial215ppp chap password simple passbRouter-Serial1standby logic-channel Remote end cannot be pinged after the modem is connected DCC Fault Messages Message FaultDCC peeraddr matching error Modem Function Provided by 3Com Routers Modem ScriptModem script format in common use is as follow Syntax description of modem scriptReceive-string1 send-string1 receive-string2 send-string2 Configure the Modem Dial-in and Dial-out Authorities Which, seconds defaults to 180 and is in the range of 0 toBy default, modem dial-in and dial-out are allowed Configure a Modem Script Configure Modem Through the AT CommandConfigure a Modem Script Execute a Modem Script ManuallyConfigure Authentication for a Modem Dial-in User By default, the modem works in non-auto answer modeConfigure the Answer Mode for the Modem Specify the Events Triggering the Modem ScriptsConfigure a Modem adaptation baud rate Modem Configuration ExamplesExecutethe debugging command in all views for the debugging Displaying and Debugging a ModemConfigure the modem initialization parameters Restore the ex-factory modem settingsAT&b1&c1&d2&s0=0 Directly Power-on Initialization Through Initialization ScriptAuthentication for Modem Dial-in UserTroubleshooting Configuring Modem

Basic Configuration at

LAC

Enable L2TP

Enable/Disable L2TP

l2tp enable

undo l2tp enable