3Com Router Configuration Guide
01752-3064
3Com Corporation
Campus Drive
Marlborough, MA
Page
VPN
Text Conventions
This guide describes 3Com routers and how to configure them
List conventions that are used throughout this guide
About this Guide
3Com Router Introduction 3Com Router User Interface
Page
3COM Router Introduction
Router Version
Features of the 3Com
Following table lists the basic features of the 3Com Router
List of the 3Com Router 1.x features
RIP-1/RIP-2
NAT
Quality of service
3Com Router
New Features of the 3Com Router 1.x
3COM Router Introduction
Port
Configuration
Establish
Environment
Establish a new connection
Set port communication parameters
Establish a remote configuration environment
Router
Configuration
Connection
Environment
Workstation Ethernet
Interface CLI
Command Line
3COM Router User Interface
Views and their prompts
System view Table
Enter controller
Async 0 in any
Ethernet 0 in any
Loopback 0 in any
Partial help
Helps
Full help
Routerdisplay ?
List of common command line error messages
Common error Message Causes
For example
Three options are available for users
Command Line
Features
Display Features
Management
Following commands
Please perform the following commands in system view
User Identity
Set the system clock
Configure the router name
System
Display the System Information Router
By default, the system clock is 080000 1 1
Execute the following commands in all views
Reboot the system
System Management
Page
Softwaresoftware
Storage Media and File Types Supported by the System
Input Ctrl+D, and the following prompt information displays
Upgrade Boot ROM Software
Main Program software
Upgrade the 3Com
Router Main Program
Software
XModem Approach
Modify the terminal baud rate
Transfer File dialog box
Tftp server application can run on Windows 95/98/NT
Preparation for using the Tftp server
Enable the Tftp server program
Tftpd32 Set interface
Press Enter and the following prompts will be displayed
Network Interface Parameters
Enter Ctrl+B and the system prompts
Get ip-addr file-name system
Download configuration files from a Tftp server
Operation Command Downloads the 3Com Router main
Press Enter for loading
Set an authentication mode for an FTP server
Prepare for using the FTP server
Enable FTP server
Upgrade the 3Com Router Main Software with FTP
Copy ip-addr file-name system
Back up the 3Com Router Main Program Software
Tftp Approach
FTP Approach
Setup Users Dialog Box
Password
Configure on-line upgrading of the card
Update slot slot-number ftpserver host-name
Port-number user user-name password
Content and Format of the Configuration File
Configuration File Management
Download Configuration File
Perform the following command in system view
Set the binary transmission protocol to XModem/CRC
Load configuration files
Download Config
Router download config
File-name config
Display current-configurationcommand output backup approach
Back up Configuration Files
Upload configuration files to a Tftp server
View router configuration
Please use the following commands in corresponding views
Erase the configuration file in storage media
Select and view the storage media of configuration file
Save current configuration
Set the Flag Bit to Enter the Initial Setup Mode
Files on the router
Configure FTP
Configure authentication and authorization of FTP server
Client via port 20 and transfer data
Set the authentication mode of FTP server
Enter the following commands in system view
Configure Parameters of FTP Service
Please enter the following commands in system view
Force to shut down FTP process
Set FTP update mode
Set the connection time limit of FTP service
Force to shut down FTP process
Display local-user
Display FTP Server Display FTP server
Display ftp-server
Server Display detailed information of the FTP user
System Management
Overview
Terminal Service
Features of Terminal
Service at Console Port
On one router
Service
Set the attributes of terminal service
Terminal Message
Enable/disable receiving messages from other terminals
Perform the following configuration in all views
Configure Terminal Message Service
Display Terminal Message Service
Dumb Terminal
Typical Example Terminal Message Service Configuration
Terminal Service
By default, no dumb terminal service is configured
Configuration Examples Dumb Terminal Service
Configure Dumb Terminal
Configure Auto-execute command
Router-Serial1auto-execute command telnet
Terminal Service Telnet Connection
Configure the interface to dumb terminal mode
Configure the auto-execute command command
Establish Telnet Connection
Terminal service features of telnet connection
Service Value
Establish Telnet Server or Telnet Client connection
Setup Reverse Telnet Connection
Enable Reverse Telnet connection
Service-port
Force to shut down Telnet process
Typical Configuration Example of Telnet Reverse Telnet
Force shut down Telnet Process
Example of Telnet
Router telnet 10.110.164.44
Rlogin Terminal
Use Rlogin protocol
Example of Reverse Telnet
Use local user name abc to log on
Establish a Rlogin connection
Typical Rlogin Configuration Examples
Rlogin ip-address username
Communicate with other terminals through the X.25 network
Access Service
PAD Remote
Local-user user-name
Configure X.25 PAD remote user
Configure X.25 PAD remote user
Service-type type password
Establish a X.25 PAD call
Start AAA authentication of X.25 remote users
Enable AAA authentication for X.25 remote PAD users
Establish an X.25 PAD call
Set the Response Time to the Invite Clear Message
II. Networking Diagram
III. Configuration Procedure
Display and Debug
RouterB-serial0x25 x121-address
Fault Diagnosis Troubleshooting
Set its X.121 address as
RouterA-serial0x25 x121-address
Development of Snmp
Snmp Overview
Configuring Network Management
SNMP-supported MIB
Snmp architecture
Engineid
By default, the system disables Snmp service
3Com Router-supported MIB
Configure Snmp version and related tasks
Perform the following configurations in system view
Interface-number
Configure information of router administrator
Configure the traps to be sent by the router
V1 username
Byte-count
Perform the following commands in all views
Display and debug Snmp
Name
Examples Networking Requirements
Example 1 Configure Network Management of SNMPv1
Set the community name and access authority
Configure an IP address for the Ethernet interface ethernet
Network equipment
Configure an IP address for the Ethernet interface ethernet
Rmon Overview
Schematic diagram of Rmon application
Examples Networking Requirement
Enable Rmon statistics
RouterA-Ethernet0 rmon promiscuous
Commands to display information of the whole system
Test Tool of Network Connection
Ping command
Ip-address
Ping supporting IP protocol
System displays
Ping supporting IPX protocol
MaxTTL -p port -q nqueries
Following command can be executed in any command modes
Tracert command
Timeout host
Log Function
Configure on the router
Set the direction of syslog outputting log information
Set Filter of Log Information
Set Severity of Log Information
Perform the following task in system view
Sylog-defined severity is as follows
Turn on/turn off syslog
Configuration of Log Host
Turn on/turn off syslog
Display and Debug Syslog
Routerdebug ppp all
Syslog Configuration Example
Turn on debugging switch of PPP module
Routerinfo-center enable
Display and Debugging Tools
Dial-up POS Access
POS Terminal Access Service
Advantages of POS network access are as follows
POS Network Access
Start POS server
POS Access Service Configuration
Configure POS access port
Ip-address port-number
Configure a POS application
Interface-type interface-number
App-number
Bind the source address of TCP connection
Configure POS multi-application mapping table
Default app-number
Set the parameters of FCM used during Modem negotiation
Display and Debug POS Access
Display and debug POS access
Set the parameters of FCM used during Modem negotiation
Configure POS access interface FCM1
Typical Configuration Example of POS Access Service
Configure the Ethernet interface Ethernet
Configure the POS access interface FCM0
III. Configuration Procedure 1 Start the POS access server
Configure POS access interface FCM2
Configure POS access interface FCM0
Configure Router a Start the POS access server
Configure Async 0 to operate in POS application mode
Configure Async 1 to operate in POS application mode
III. Configuration Procedures
RouterA ip route-static 10.1.1.2 255.255.255.0 serial
Configure Router B Configure the Ethernet interface Ethernet
III Interface
106
Enter the Interface View
Configure Interface
Interface
Interface-description
Exit the Interface View
Interface view, input quit to return to the system view
Set time interval for flow control statistics
Interface state information
Please use the following commands in all views
Display and Debug Interface
Display and debug interface
Interface Configuration Overview
Ethernet Interface
Configure Ethernet Interface
Set frame format of sending message
Enter view of specified Ethernet interface
Set IP address
Set IPX address
Select working rate of fast Ethernet interface
Select work mode of Ethernet interface
Enable or disable internal loopback and external loopback
Display and Debug
II. Network Diagram
Typical Ethernet Interface Configuration Example
Troubleshooting
Troubleshooting
Configuring LAN Interface
Asynchronous Serial Interface
WAN Interface
Introduction
Interface serial number
Enter view of specified asynchronous interface
Interface async number
Link-protocol slip ppp
Set the work mode of asynchronous serial interface
Set the baud rate of asynchronous serial interface
Modem in out
Hardware inbound outbound
Async Mode protocol
Flow-control none software
Stopbits 1 1.5
Works in flow mode
Parity even mark none
Odd space
Set the coding format of Modem
Backup
AUX Interface
Set MTU of asynchronous serial interface
Synchronous Serial Interface
Configure AUX interface
Configure AUX interface
Configure Synchronous Serial Interface
Link-protocol fr hdlc
Enter view of specified synchronous interface
Set the link layer protocol of synchronous serial interface
Physical-mode sync
Synchronous serial interface is 64000 bps
Select work clock
Working modes have different working clocks
Set the baud rate of synchronous serial interface
Set clock inversion
Inversion is disabled by default
Select work clock
Reverse-rts
Internal loopback/external loopback are disabled by default
Detect dcd
Undo detect dcd
Graphics and video
Isdn BRI Interface
Idle coding of synchronous serial interface is 7E
Technical Background
Function group includes
Preparations before Configuration
Be clear about the following items before the configuration
Interface or a PRI interface
Channelized operating mode
CE1/PRI Interface
Network protocols such as IP and IPX
Enter the view for a specified interface
Configure CE1/PRI CE1/PRI interface configuration includes
Dial-on-Demand Routing
Interface
Number set-number
Enter the synchronous serial interface view
Bind the interface to be channel sets
Undo pri-set
Bind the interface to be a pri set
Enter the Isdn interface view
Pri-set timeslot-list range
Set the frame format of CE1/PRI interface
Enable/disable the internal loopback/external loopback
Set the line code format on the CE1/PRI interface
Set the line clock of the CE1/PRI interface
CT1/PRI Interface
Configure CT1/PRI
Timeslot-list range speed
Operation Command Enter the view of CT1/PRI interface
Controller t1 number
Interface serial number23
Set the frame format of CT1/PRI interface
Set the line code format on the CT1/PRI interface
Set the line clock of the CT1/PRI interface
Them into multiple channel sets
Choice for E1 access
E1-F interface does not support PRI operating mode
E1-F Interface
Fe1 unframed
Set Operating mode for an E1-F interface
Enter the view of an E1-F interface
Interface serial serial-number
Set line clock for an E1-F interface
Set interface rate after binding operation
Set line code format for E1-F interfaces
Serial-number
Enable/Disable local/remote loopback on an E1-F interface
Set frame format for an E1-F interface
Display and debug E1-F interface
193 X 8k = 1544kbps
Choice for T1 access
T1-F interface does not support PRI operating mode
T1-F Interface
Set line code format for T1-F interface
Set frame format of T1-F interface
Enable/Disable local/remote loopback on a T1-F interface
Set line clock for a T1-F interface
Display and debug T1-F interface
Other related information
CE3 Interface
Display and Debug T1-F
Enter the view of the specified E3 interface
Set E1 frame format
Set the operating mode of CE3 interface
Set the operating mode of E1 channel
Data bandwidth 44736kbps
Mode non-channelized mode
CT3 Interface
44.736Mbps
Set cable length of the CT3 interface
Set clock mode of the CT3 interface
Set clock mode of the T1 channel
Enter specified CT3 interface view
Perform the following configurations in CT3 interface view
By default, loopback is disabled Set Frame Format
By default, the CT3 interface uses the C-bit frame format
T1 line-number unframed
Set the operating mode of T1 channel
Set CRC of the serial interface
Display and debug of the CT3 interface
Disable and Enable CT3 interface
Configuring WAN Interface
Dialer Interface
Logical Interface
Null Interface
Configure Loopback
Sub-Interface
Number.sub-number multipoint
Configure sub-interfaces of Ethernet interface
Create and delete WAN sub-interface
Number.sub-number
Routerinterface serial
Enter the view of WAN interface Serial0 of router a
Select frame relay link layer protocol
Allocate a virtual circuit with Dlci 50 to it
Configure the static route from router a to LAN2 and LAN3
Specify DTE as its frame relay terminal type
Set its IP address to 202.38.160.1 and address mask to
Undo interface
Set work parameters of virtual-template
Create or delete virtual-template
Interface virtual-template
Virtual-template-number
Fault 1 Fail to create virtual interface
Troubleshooting the reasons may be as follows
Display state of the specified virtual-template
Link Layer Protocol
164
PPP Overview
PPP Authentication Mode
Configuring PPP and MP
Transmission time of large packets
Configure PPP
MP Overview
For detailed description of PPP, refer to RFC1661
Name-list
Configure the link layer protocol of the interface to PPP
Configure the local authenticates the peer in PAP mode
Configure the peer authenticates the local in PAP mode
User username
Configure the local authenticates the peer in Chap mode
Configure as the peer authenticates the local in Chap mode
Cipher password
Configure PPP compression
Configure AAA authentication and accounting of PPP
Configure the time interval of PPP negotiation timeout
Resumptive-percentage
Perform the following configuration in interface view
Configure PPP link quality monitoring
Ppp lqc forbidden-percentage
Bind the physical Interface to a Virtual Template
Configure MP Protocol Parameters Create Virtual Template
Configure Operating Parameters of Virtual Template
Create/Delete virtual template
User-name
Specify the conditions for MP binding
Frags
Configure virtual Baud rate on interface
Example
Typical PPP Configuration Example
Configuration Requirement
Set local username as Router1
Typical MP Configuration Example
II. Configuration Procedure
Configure to start Chap authentication at this side
Configure router-c Add a user for router-a
Configure virtual interface template
Configure router-b Add a user for router-a
Indicates that the interface is shutdown
Fault Diagnosis Troubleshooting
Fault 1 Link always fails to turn to up status
Fault 2 Physical link fails to turn to Up status
Introduction to PPPoE client
PPoE Overview
Client
Configure PPPoE
Reset or delete PPPoE session
Configure PPPoE session
III. Configuration Procedure 1 Configure a dialer interface
Typical PPPoE Configuration Example
Perform the display and debugging command in all views
Access a LAN to the Internet via Adsl
Use Adsl as Standby Line
Configure a PPPoE session
Configure the LAN interface and the default route
Configure the DDN interface Serial
Configuring Pppoe Client
For further details about SLIP, you can refer to RFC1055
Configure Slip
Asynchronous mode
Slip Overview
Interconnect two Router routers via Pstn and run IP
Enable/Disable the information debugging of Slip
Typical Slip
Time
Configure the default route to Route B
Configure Router a Configure Dialer Rule
Configure IP address of synchronous/asynchronous interface
Configure the Dialer String to router B
Routerip route-static 0.0.0.0 0.0.0.0
Isdn Overview
Configure Isdn
Configure the receiving mode
By default, DSS1 signaling is used on Isdn PRI interfaces
Configure type of signaling on Isdn interface
Configure the length of call reference
Time-interval
Configure the sending mode
Configure interval for Qsig signaling timer
Timer-name all
Perform the display and debugging commands in all views
Configure Call Processing Method on an Interface
Perform the following configuration in Isdn interface view
RouterB transmit data after the call is set up
Typical Configuration Example
Configure Router a Create an Isdn PRI interface
Configure the Isdn PRI interface
Configure Router B
Configure Router a
Protocols Overview
Lapb
PSN
25 packet and Lapb frame
By default, k is Configure Lapb N1, N2
Configure Lapb
By default, the Lapb modulus is Modulo
Configure
Address
Configure X.25 Interface
Set/Cancel the X.121 address of the interface
Set X.25 working mode
Parameter Meaning
25 channel delimitation parameters
Finally, the following should be noted
By default, X.25 interface use modulo 8 mode
Set/cancel X.25 virtual circuit range
Set/Cancel X.25 packet numbering modulo
Out-packets
Configure X.25 flow control parameter
Configure X.25 Interface Supplementary Parameter
Set the default flow control parameter
Set X.25 layer 3 timer delay
25 layer 3 timer
Match-type alias-string
Specify/Cancel an alias for the interface
Alias match modes and meanings
Alias-string
Set/Cancel the default upper layer protocol borne on
Address option
Configure X.25 Datagram Transmission
Create the permanent virtual circuit PVC
Protocol-address x121-address
Undo x25 pvc pvc-number
Configure Additional Parameters Datagram Transmission
Create/Delete permanent virtual circuit
X25 pvc pvc-number protocol
Interface view, perform the following task
Configure X.25 user facility
Specify/Cancel packet pre-acknowledgement
Serial port view, list1 can be quoted
Configure the sending queue length of virtual circuit
Address logic-channel
Set broadcast via
Set interface with standby center
Address broadcast
Number.subinterface-number multipoi
Switching Function
Configure X.25 sub-Interface
Configure X.25 Switching
Introduction to X.25 Load Balancing
Configure X.25 Load Balancing
Add or delete a PVC route
Configure X.25
Diagram of X.25 network load balancing
List of Configuration Tasks of X.25 Load Balancing
Add/Delete interfaces or XOT Tunnels in hunt group
Start /Close X.25 switching function
Create/Delete X.25 hunt group
Introduction to XOT Protocol
Configure X.25 over Other Protocols
Add/delete other X.25 switching routes
Configure X.25 over TCP XOT
Configure XOT
For PVC, perform the following tasks in interface view
Start X.25 switching
Configure local switching
Configure SVC XOT switching
Configure Keepalive and xot-source attributes
Configure Annex G Data Interoperation
Configure PVC XOT switching
Configure X.25 over Frame Relay Annex G
Configure the X.25 attributes for an Annex G Dlci
Configure the X.25 Attributes for a Dlci
Specify IP address for this interface
Typical Lapb Configuration Example
By default, X.25 template is not applied on DLCIs
Current status of Lapb
Specify X.121 address of this interface
Configure Router B Select interface
Configure Router a a Select interface
Connect the Router to X.25 Public Packet Network
Specify address mapping to the peer
Configure Router C Configure interface IP address
Configure Router a Configure interface IP address
Configure Router B Configure interface IP address
Transmit IP Datagram via X.25 PVC
Configure Virtual Circuit I. Networking Requirement
Disabled
Range
Router-Ethernet0ip address 196.25.231.1
Typical Sub-Interface Configuration Example
Create sub-interface serial
Configure Router C
Configure Router D
SVC Application of XOT I. Networking Requirement
Routerx25 switch svc 1 xot
Configure Router C Start X.25 switching
Configure Serial
Routerx25 switch svc 2 interface serial
Application of X.25 Load Balancing
Add Serial 1, Serial 2 and XOT Tunnel to hunt group
Enable X.25 switching in system view
Configure X.25 switching route to forward to X.25 terminal
S11
Routerinterface serial Router-Serial0link-protocol x25 dce
Routerx25 switch svc 1111 xot
Routerx25 switch svc 8888 interface serial
Load Balancing Carrying IP Data Transmission
Configure RouterB Configure interface Ethernet
Configure RouterA Configure interface Ethernet
Configure interface Serial
Configure static route to RouterC
Configure an IP address for the local interface
Configure the static route to RouterA and RouterB
Configure RouterA Create an X.25 template
Configure the local X.25 address
SVC Application of X.25 over Frame Relay
Configure RouterB Create an X.25 template
Map the Frame Relay address to the destination IP address
Associates an X.25 template with the Dlci
Configure Serial 1 as the Frame Relay interface
Configure the router Router B Enable X.25 switching
Enable switching on Frame Relay DCE
Configure Serial 0 as the X.25 interface
Configure local X.25 switching.Router-fr-dlci-100annexg dte
Configure X.25 over Frame Relay switching
Configure the router Router C Enable X.25 switching
Configure the Frame Relay Annex G Dlci
Configure S1 as the Frame Relay interface
Configure Router D Configure the basic X.25 parameters
Configure Router B Enable X.25 switching
Configure an X.25 template
Lapb
Configure Serial Configure S1 as the Frame Relay interface
Facility options inhibited by network have been carried
Fault Diagnosis and Troubleshooting of X.25
Configuring Lapb
Configuring Frame Relay
Nonstandard
By default, the interfaces link layer protocol is PPP
Link-protocol fr ietf
Relay
Configure Frame Relay LMI protocol type
Configure Frame Relay interface type
Undo fr lmi n392dce
Fr lmi n391dte n391-value
Undo fr lmi-n391dte
Fr lmi n392dce n392-value
Fr lmi t392dce t392-value
Undo fr lmi n393dce
Fr lmi t391dte t391-value
Undo fr lmi t391dte
Configure Frame Relay dynamic address mapping
Configure Frame Relay static address mapping
Undo fr
Configure Frame Relay local virtual circuit number
Create Frame Relay sub-interface
Fr dlci
Establish static address mapping
Configure virtual circuit of Frame Relay sub-interface
Applying dynamic address mapping to the sub-interface
Configure the Frame Relay switched PVC
Configure the Frame Relay local virtual circuit number
Configure the route for Frame Relay PVC switching
Configure Frame Relay local switched PVC number
Overview
Configure Multilink Frame Relay FRF.16
Subnumber
Configure MFR
Configure a MFR bundle interface MFR interface
Configure MFR interface parameter
Configure the parameters of the bundle link interface
Frame Relay Compression Configuration
Configure Frame Relay Compression on multipoint interface
By default, interfaces use initiative compression
Configure Frame Relay Fragment FRF.12
Configure Frame Relay Fragment Attributes
Undo Fr traffic-shaping
Disable the Frame Relay traffic shaping
Frame Relay Traffic Shaping
Fr traffic-shaping
Rate
Frame Relay Traffic Policing
Frame Relay Queueing Management
100 Kbps CI R ALLOWº£ 64 Kbps
150 Kbps
Frame Relay DE rule list
Frame Relay Congestion Management
Undo fr-class class-name
By default, no Frame Relay class is created
Configure the Frame Relay class parameters
Configure Frame Relay Traffic Shaping
Configure the parameters of Frame Relay class
Enable/Disable the Frame Relay traffic shaping
Enable/Disable the Frame Relay traffic policing
Dequeue-percentage
Queue-percentage
Configure the Frame Relay PVC queueing
Configure Frame Relay DE Rule List
Configure Frame Relay Queueing Management
Configure Pipq
Configure Frame Relay switching
Configure Frame Relay over Other Protocols
Configure Frame Relay over IP
Configure a tunnel interface
Networking of a typical Frame Relay over Isdn application
Frame Relay over Isdn Operation Process and Fundamentals
Back-to-back connection between DTE and DCE devices
Frame Relay switching connection between DTE devices
Physical Connection Between Frame Relay over Isdn Devices
Configure the Frame Relay-related commands
Configure Frame Relay over Isdn
Dlci
Configure the commands related to Frame Relay switching
Configure the link layer protocol of the interface
Isdnsubaddress
Configure parameters related to dialer profiles
Display and debug Frame Relay
Display and Debug Frame Relay
Mfr number
Number dlci dlci-number
Number interface serial
Type number dlci
Router-Serial1fr map ip 202.38.163.251 dlci
Typical Frame Relay Configuration Example
Configure static address mapping
Interconnect LANs via Frame Relay Network
Router-Serial1ip address 202.38.163.253
Configure local virtual circuit
Relay FRF.16
Interconnect LANs via Private Line
Them
Create a MFR interface
Bundle Serial 0 and Serial 1 to mfr
Example FRF.9
Fragment between them
III. Configuration Procedure 1 Configure Router a
III. Configuration Procedure 1 Configure RouterA
FRF.12
Typical Frame Relay over
IP Configuration
Routerfr class 96k
Router-fr-class-96ktraffic-shaping adaptation becn
Router-Serial0fr interface-type dce
Configure IP interface Ethernet0
Configure tunnel interface
Configure Frame Relay over IP
Router-Dialer0fr interface-type dce
Configure the Frame Relay parameters on Bri0
Router-Bri0fr map ip 110.0.0.2 dlci
Router-Dialer0dialer number Router-Dialer0dialer call-in
Configure the Frame Relay-related parameters on Bri0
Router-Serial1.1ip address 130.0.0.2
Configure Frame Relay SVCs
Fault 4 Frame Relay data cannot be transmitted across Isdn
Fault Diagnosis Troubleshooting Frame Relay
Fault 1 the physical layer in Down status
Configuring Frame Relay
Configure the link layer protocol of the interface to Hdlc
Configure Hdlc
Configure Hdlc Display and Debug Hdlc
By default, the link layer protocol of the interface is PPP
Debugging Hdlc Packet Interface
Enable Hdlc packet debugging
Bridge Overview
Configure Bridge’s Routing Function
Typical Bridge Configuration
Bridge Overview
Main Functions of Bridging
Obtain address table
Bridge Overview
Final bridging address table
Forward and Filter
Filter not forward
Eliminating loop
Preliminary examination state of bridging loops
Spanning Tree Topology
Spanning tree topology
Bpdu Forwarding Mechanism
Bridge enable
Configure Bridge’s Routing Function
By default, disable bridging functions
Enable/Disable bridging functions
Mac-address
Configure static address table entries
Specify the STP version supported by the bridge-set
Add ports to a bridge-set
Disable/Enable STP on ports
Enable/Disable forwarding by using dynamic address table
Configure the aging time of dynamic address table
Configure the bridge port priority
Configure the bridge priority
Configure the path cost of bridge port
Configure the forward delay for the port status transition
Configure the interval for sending BPDUs
Create ACLs based on varied Ethernet encapsulation formats
Configure the Max age of Bpdu
Acl acl-number
Bridge-set
Enable/Disable bridge’s routing
Configure a bridge-template interface
Bridgebridge-set link-set link-set
Define a link-set
Share load by source MAC address
Link-set
Define a dialer list
Configuration on the interface
Map the bridge address to Dlci
Transparent Bridging Multiple LANs
Typical Bridge Configuration
Display and Debug Bridge
Display and debug bridge
Router-Serial0bridge-set 1 stp disable
Configure Router a
Configure Router B
Transparent bridge over the Frame Relay
Transparent Bridging over Frame Relay
Router-Serial1dialer route bridge broadcast
Please refer to Figure
Asynchronous Dial-in
Standby
Connected are failed
Networking of bridge-template interface
Bridge-Template interface
Networking for bridging on sub-interfaces
Bridging on Sub-Interfaces
Router-Serial1bridge-set 1 link-set
Link-Set Configuration I. Networking Requirements
Routerbridge enable Routerbridge 1 stp ieee
Network Protocol
316
Configuring IP Address
Network IP network range Description Class
IP address classes and ranges
Sub-net classification of IP address
Ip address ip-address mask
Configure IP Address Configure IP Address for an Interface
By default, the interface has no master IP address
Configure master IP address of an interface
Undo ip address ip-address
Configure slave IP address of an interface
Ip address ip-address mask Mask-length sub
Delete slave IP address of an interface
Set negotiable attribute of IP address for an interface
By default, the interface has no negotiating IP address
Configure IP Address Unnumbered for an Interface
Introduction to IP address unnumbered
Borrow IP address of Ethernet interface
Configuration Example I. Configuration Requirements
Configure routing to Ethernet segment of Shenzhen router R1
Configure IP address unnumbered
Router ip route-static 0.0.0.0 0.0.0.0
Configure router R1 of Shenzhen subsidiary
Borrow IP address of Ethernet
Router-Ethernet0ip address 172.16.20.1
Page
Configuring IP Address
Arp dynamic ip-address
Define a static ARP mapping
Arp static ip-address
Undo arp static ip-address
Display and Debug ARP
Configure Domain
Name Resolution
Name Resolution
Display ip host
Display and Debug Domain Name Resolution
Display and Debug domain name resolution
Vlan-type dot1q vid vlan-id
Create Ethernet subinterface
Specify the Vlan on which Ethernet subinterface is located
Interface-number.subinterface-number
Display vlan
Configure IP address of Ethernet subinterface
Typical Vlan Configuration Example
Display and Debug Display and Debug Vlan
Router-Ethernet0.1ip address 3.3.3.8
Configure IP address for the subinterface
Configure Vlan information of LAN Switch
Troubleshooting The steps below can be taken
Background of the Dhcp development
Dhcp Server Configuration
Fault Ping Two PCs, but fails to ping them through
Dhcp vs Bootp
Dhcp server Dhcp clients
Occasions in which Dhcp server is applied
Following figure
Dhcp client logs into the network again
Dhcp Server Configuration
Dhcp server ip-pool pool-name
Enable/disable the Dhcp service
Dhcp Enable
Undo Dhcp enable
Network ip-address
Configure the statically binding IP address and MAC address
Netmask
Low-ipaddress high -ipaddress
Low-ipaddress high-ipaddress
Configure the DNS addresses in a Dhcp address pool
By default, the IP address of DNS is not configured
Configure the gateway router address of client
Configure the domain names of Dhcp clients
Ip-address2 ... ip-address8
Set the type of NetBIOS node for Dhcp client
Set the type of NetBIOS node for Dhcp client
Nbns-list ip-address1
Display and Debug Dhcp servers
Use reset, debugging and display command in All views
Configure Dhcp self-defined options
Display and Debug Dhcp Server
Router dhcp server forbidden-ip
III. Configuration Procedures 1 Enable the Dhcp service
Router dhcp enable
Router-dhcp2nbns-list Router-dhcp2gateway-list
At the client, use ipconfig /releaseall
Delete interface relay address
Configure interface relay address
Operation Command Configure interface relay address
Ip relay-address ip-address
Available on Dhcp server
Dhcp Relay Configuration Requirement
Dhcp Relay
IP address from Dhcp server through application
Networking diagram of an Dhcp relay configuration example
Configure Dhcp relay router
Fault 2 fail to forward transparent transmission protocol
Under which condition should the address be translated
Private Network Address and Public Network Address
Mechanism of Network Address Translation NAT
Characteristic of Network Address Translation NAT
Role the Network Address Translation NAT plays
Pool-name
Configure address pool
Performance of Network Address Translation NAT
End-addr pool-name
Undo nat outbound
Nat outbound acl-number
Address-group pool-name
Undo nat outbound acl-number
Www inside inside-addr inside-port any
Configure the Internal Server
Configure the Timeout of address translation
Nat server global global-addr global-port
Display and Debug NAT Display and debug NAT
Typical NAT Configuration Example
Set internal WWW server
Configure address pool and access list
Allow address translation of segment at 10.110.10.0/24
Set internal FTP server
Correlate the address translation list and the interface
Configure address access control list and dialer-list
Configure dial-up property for the interface
Configure a default route to serial
Fault 2 Internal server abnormal
Configuring IP Application
Performance
Configure IP
To configure IP performance, carry out the following steps
Configure maximum transmission unit on an interface
Configure TCP
Tcp window size
Forwarding
Configure Fast
Display and Debug Fast Display and Debug fast forwarding
Perform the following configuration in system view
Display and Debug IP
Forwarding
Router info-center enable Router debugging tcp event
Troubleshooting IP Performance Configuration
Router info-center enable Router debugging tcp packet
Configuring IP Count
Undo ip count enable
IP Count Configuration
Enable/Disable IP Count service
Ip count enable
Specify count maximum of exterior
Configure IP Count on an interface
Configure IP Count list
Display and debug IP Count
By default, IP Count entries time out after 720 minutes
Count
Specify count maximum of interior
Information is displayed
IV. Test Procedure
Not been configured on the interface of the router
Configuring IP Count
IPX address
Configuring IPX
SAP
Its first Ethernet interface as its node address
Configure IPX
Modify length of service information reserve queue
Configure relative parameters of IPX SAP
Perform the following task in interface view
Enable IPX interface
Configure IPX RIP static route
Enable/Disable a Default Route
Configure the maximum number of IPX parallel route
Configure RIP updating period
Configure RIP aging period
Configure the maximum size of RIP update packet
Configure static service information table item
Configure length of route reserve queue
Ipx sap timer update seconds
Configure SAP aging period
Configure size of SAP maximum updated message
Configure reply to SAP GNS request
Disable split-horizon
Configure Using touch-off for an interface
Encapsulation format of IPX frame
Configure the delay of interface sending IPX packets
Configure management of IPX packet
Modify Encapsulation Format of IPX Frame on Interface
Display and Debug IPX Display and Debug IPX
Configure Router a a Activate IPX
Configure an information about Server2 directory service
Configure an address map to Router B
Configure a static route to network ID
Configure an information about Server2 file service
Configure an information about Server1 directory service
DLSw Protocol
Max-frame-size max-window
Configuration of DLSw
Create DLSw local peer entity
Init-window-size max-frame
Create DLSw remote end peer entity
Configure Bridge set connecting to DLSw
Configure Sdlc role
Configure to add ethernet port to Bridge set
Controller sdlc-address
Configure Sdlc virtual MAC address
Configure Sdlc address
Sdlc-address
Add synchronous Interface to Bridge set
Configure Sdlc peer entity
Configure XID of Sdlc
Baudrate
Configure to stop running DLSw
Configure baud rate of synchronous Interface
Mseconds
Configure Idle time encoding mode of synchronous Interface
Configure parameters of DLSw timer
Configure LLC2 local acknowledgement delay time
Configure modulo value of LLC2
Configure LLC2 premature acknowledgement window
Configure P/F wait time of LLC2
Configure retransmission number of LLC2
Configure LLC2 local acknowledgement time
Configure Busy status time of LLC2
Configure Sdlc local acknowledgement window
Configure REJ status time of LLC2
Configure queue length of sending message of LLC2
Configure Queue Length of Sending Message of Sdlc
Configure poll time interval of Sdlc
Configure maximum receivable frame length of Sdlc
Configure retransmission number of Sdlc
Dsap
Configure SAP address for transforming Sdlc to LLC2
Configure data bi-directional transmission mode of Sdlc
Lsap
IP across WAN
Typical DLSw Configuration Example
DLSw Configuration Networking Requirement
DLSw
Router dlsw local
Router a Configuration
Router B Configuration
DLSw Configuration
Networking diagram of DLSw configuration of SDLC-SDLC
Networking Diagram of SDLC-LAN
Virtual circuit cant attain Connected state
DLSw Fault
When using command display dlsw remote
Diagnosis
Diagnosis and Troubleshooting of DLSw Fault
Configuring Dlsw
VI Routing
404
IP Routing Protocol
IP Routing Protocol
Routing Protocol or Type Corresponding Routing Priority
Routing Protocol and Routing Priority
Ospf ASE
Default Route
Configuring Static Routes
Transmitting interface or next hop address
Configuring a Static Route
Configuring a Static Route
Configure a Static Route
Other parameters
Configuring a Default Route
Displaying Debugging Routing Table
Preference
Other
Troubleshooting a
Static Route
RIP Overview
Features is not subject to whether RIP has been enabled
Configure RIP
Enabling RIP
Enable RIP at the Specified Network
Peer ip-address
By default, the interface runs RIP-1
Define a Neighboring Router
Specify RIP Version
Specify the Status of an Interface
RIP Version 1 enables zero field check by default
Configure Check Zero Field of RIP Version
Disable a Host Route
Version
Authentication on
Enabling Route
Summarization for RIP
Specify a Default Route Metric Value for RIP
By default, the default route metric for RIP is
Configure RIP Horizontal Segmentation on the Interface
Configure Route Import for RIP
Set Route Preference
Configure filtering route information received by RIP
Distribution for RIP
Specify Additional Route Metric Value for RIP
Display and Debug RIP
Reset RIP
Displaying and Debugging RIP
Filter the Routing Information Being Advertised by RIP
RIP Unicast
Displaying and Debugging Ospf
Ospf Configuration Example
Ospf Overview
Ospf Overview
Configuring Ospf
Undo router id
Enable Ospf
Specify Router ID
Router id router-id
Area area-id
By default, Ospf is disabled
Area-id
P2mp P2p
Configure the Network Type of the Ospf Interface
Configure Sending Packet Cost
Ospf network-type broadcast nbma
Cost
Configuring a Peer for the Nbma Interface
Undo Ospf dr-priority
Operation Command Set the priority of the interface when
Specify the Router Priority
Ospf Dr-priority value
Specify Dead Interval
Specify Hello Intervall
Specify Retransmitting Interval
Configuring a Stubby Area and a Totally
Specify Transmit-delay
No-summary
Perform the following configuration under Ospf view
Configure Totally Stubby Area of Ospf
Stub cost cost area area-id
Configure an Nssa Area of Ospf
Perform the following configuration in Ospf view
Undo abr-summary address mask mask
Configure Route Summarization Within Ospf Domain
Abr-summary address mask mask area
Area-id advertise notadvertise
Area-id None Router-id None
Create and Configuring a Virtual Link
Key-id
Configure Authentication
Configure Parameters When Importing External Routes
Configure Route Import for Ospf
Filter for Ospf
Configure filtering route information received by Ospf
Displaying
Debugging Ospf
Router D 201 Router B 301 302 Router C 1.3
Ospf Configuration Example
Configuring Ospf on the Point-to-Multipoint Network
RouterB-Serial0ospf network-type p2mp
Enable Ospf
RouterC ospf enable
RouterA-Serial0ospf network-type p2mp
Configure DR on Ospf Preference
2.2 3.3
1.1 4.4 E0 192.1.1.1/24
E0 192.1.1.4/24
E0 192.1.1.2/24 E0 10.1.2.3/24
RouterD display ospf peer
RouterA display ospf peer
RouterB-ospfVlink peer-id 3.3.3.3 transit-area
To configure an Ospf virtual link Configure Router a
Between Router B and Router C
To configure Ospf peer authentication Configure Router a
Normally
Troubleshooting an
Ospf Configuration
Ospf Configuration Example
Configuring Ospf
Displaying and Debugging BGP
BGP Configuration Example
BGP Overview
BGP Overview
Configuring BGP
Perform the following configurations in BGP view
Resetting BGP Connections Enabling BGP
Perform the following configurations in system view
By default, BGP is disabled
Configure BGP Route-update Interval
Configure the BGP Version of the Peer
Set the Timers for BGP Peer
Configure to Distribute Default Router to the Peer
Configure to distribute default route to the peer
Configure to Send Community Attribute to the Peer
Configure the Peer to be the Client of the Route Reflector
Allow Comparing Path MED
Create a Fltering Policy Based on Access List for the Peer
Configure the BGP MED Metric
Create a BGP Route Filtering Based on AS Path for the Peer
Holdtime-interval
Configure the Local Preference
Configure the Keepalive Timer and Holdtime Tmer for BGP
Timers keepalive-interval
Group-name
By default, there is no BGP peer in a peer group
Add a Peer to the BGP Peer Group
Peer group-name
Configure BGP Routing Update Sending Interval
Configure AS Number of BGP Peer Group
Configure Connection Between Peers Indirectly Connected
Set the Timers of BGP Peer Group
Create Routing Policy for Peer Group
Configure to send the default route to the peer group
Configure to Send the Default Route to the Peer Group
Create an Aggregate Addresses
By default, software accepts BGP Version
Configure BGP Version of Peer Group
Undo aggregate address
By default, an aggregate is disabled
Aggregate address mask
As-set
Undo reflect between-clients
Reflect between-clients
Clients within the reflection group
Extended-community-list-number
Configure the Cluster ID
Configure BGP Community
Standard-community-list-number
As-number …
Configure a Confederation
Configure the Sub-system of E Confederation
Schematic diagram of route dampening
Display Route Flap Information
Still exists
By default, BGP synchronizes with IGP
Is insured When AS is not a transitional AS Configuring
Configure Route Import for BGP
Define a routing policy
Define an access list entry
Entry, an AS Path-list
Define an AS Path-list entry
Define an apply clause
Perform the following configurations in Routing policy view
Define a match rule
Filter for BGP
Display and Debug BGP
Reset BGP Connections
Debugging BGP
Filter Routing Information Being Advertised by BGP
Acl-number network-address
BGP Configuration
Procedure for each configuration
As-regular-expression acl
Networking diagram of configuring AS confederation
RouterC-ospfinterface serial
Configure Router B Configure BGP peers
RouterA-bgppeer 192.1.1.2 as-number
RouterB-Serial1ip address 193.1.1.2
Configure Router D Configure BGP peers
RouterA-acl-1rule permit source 1.0.0.0
Configure peer
Start BGP
Specify BGP transmission network
RouterC-bgppeer 193.1.1.1 route-policy localpref import
RouterC-acl-1rule permit source 1.0.0.0
RouterD-ospf network 4.0.0.0 0.0.0.255 area 0 RouterD bgp
Configuring BGP
IP Routing Policy
Configuring IP Routing Policy
Define a Routing Policy
Configure IP Routing
Operation Command Define a routing policy and enter into
Policy
Configure a Matching Rules
Apply tag tag-value
Define a Setting Clause
Apply community aa nn
No-export addtive none
Tag tag-value type 1
Configure Route Import
Route-policy route-policy-name
Ge-value less-equal le-value
Define an IP Prefix List
Ip ip-prefix prefix-list-name
BGP route discovered by BGP protocol
Perform the following configurations in all views
Debugging IP Routing Policy
OSPF-ASE external route discovered by Ospf protocol
Protocol
Configuring IP
With different weighting values
Routing Policy
Route Information
Routerip ip-prefix p1 permit 192.1.1.0/24
Troubleshooting IP
Configure RIP protocol
Normal operation
Configuring IP Routing Policy
Routing
Configuring IP Policy
IP Policy Routing
Define Apply Clause
Create a Routing Policy
Define Match Rules
Interface Policy Routing
By default, interface policy routing is disabled
Enable/Disable Interface Policy Routing
Displaying Debugging IP Policy Routing
Router-acl-102rule permit tcp source any destination any
Suggested procedure for each configuration
Define access list
Router-acl-101rule deny tcp source any destination any
RouterB-ripnetwork
Adopt policy aaa in Ethernet interface
Router-Ethernet0ip policy route-policy aaa
RouterA-Ethernet0ip policy route-policy lab1
RouterAdebugging ip policy-routing
IP Multicast
Configuring Igmp Configuring PIM-DM Configuring PIM-SM
Chapter
498
IP Multicast
Class D address range Meaning
Range and Meaning of Class D Addresses
List for Reserved Multicast Addresses
IP Multicast Routing Protocols
IP Multicast
Application
IP Multicast Packet
IP Multicast
IP Multicast
Igmp Overview
Configuring Igmp
Igmp Configuration Example
Igmp Overview
Configuring Igmp
Configure Igmp Maximum Query Response Time
Make the following configuration in interface view
Configure the Igmp Version Number Run at Router Interface
Interfaces are all fast Ethernet FE
Igmp Configuration
Debugging command in system view to debug Igmp
Displaying and Debugging Igmp
Router a Router B
Configuring Igmp
Configuring PIM-DM
Operation Command Enable multicast routing
Make the following configuration in the system view
By default, the system disables the multicast routing
Enable Multicast Routing
Group-address source-address
Start/Disable PIM-DM Protocol
Displaying and Debugging PIM-DM
Display and Debug PIM-DM
Receiver 2 are the two receivers of this multicast group
PIM-DM Configuration
Enable multicast routing protocol
Enable PIM-DM protocol
PIM-SM Overview
Enabling Multicast Routing
PIM-SM Configuration
Configure Candidate RP
By default, the interface disables PIM-SM protocol
Enable/Disable PIM-SM Protocol
Configure Candidate BSR
Configure PIM-SM Domain Boundary
By default, no interface is configured to be candidate RP
By default, no PIM-SM domain boundary is configured
Debugging PIM-SM
Use the pim command in system view to enter PIM view
RouterA-pimspt-switch-threshold 10 accept-policy
Configure Router a Enable PIM-SM protocol
Configure Router B Enable PIM-SM protocol
RouterA multicast routing-enable RouterA interface ethernet
RouterB-acl-5rule permit source 225.0.0.0
Display pim neighbor command can be used to check whether
Follow these steps
Neighbors have discovered each other
Configuring PIM-SM
Viii Security
524
Configuring a User
Terminal Access
Configuring Terminal
Access Security
Configure EXECLogin Authentication
Configure the authentication method list of Exec users
Enable AAA
Configure Radius server and the shared secret
Configuring Terminal Access Security
Radius Overview
AAA Overview
Components of Radius server
Basic message interaction process of Radius
Code Packet type Explanation of the packet
Request Authenticator Adopts 16-byte random code
Type of Packets Decided by Code Field
Attribute Fields
Server-template-name method1
By default, AAA is disabled
AAA Enable/Disable AAA
Configure AAA Login Authentication
Default methods-list
Configuring an Authentication Method List for PPP Users
Configure PPP Authentication Method List of AAA
Default methods-list method1
Configure Local IP Address Pool
By default no address pool is defined by the system
Configure AAA Local-First Authentication
Configure AAA Accounting Option
Configure Ordinary User and Password
By default pool-number is
Configure a User and Password
Configure Callback User
Configure User with Caller Number
Configure User with Caller Number
Configure FTP User and the Usable Directory
Configure Callback User and the Callback Number
Directory
Authorize a User with Usable Service Types
Configure FTP User and the Usable Directory
Configure Authorizing a User with Usable Service Types
Radius server hostname ip-address
Configure Radius Server Shared Secret
By default, no key is configured for the Radius server
Configure Radius Server Shared Secret
Configure the Time Interval for the Inquiry Packet
Configure the Request Retransmission Times
AAA and Radius
Accessing User
Authentication Case
Displaying Debugging AAA
Routerradius server
Configure IP address and port of Radius server
Configure local-first authentication
Router aaa authentication-scheme local-first
Radius
Troubleshooting AAA
Can
Users Radius authentication is always rejected
Connected user cannot be seen in display aaa user
Configuring AAA and Radius Protocol
Firewall Overview
Classification of Firewalls
Packet filtering schematic diagram
Operators of the Extended Access Control List
Extended access control list
Command format when the protocol is IGMP, IP, GRE or Ospf
Command format when the protocol is TCP or UDP
Mnemonic Symbol of the Port Number
UDP
Protocol Mnemonic Symbol Meaning and Actual Value
Operator and Syntax Meaning
Configure the match sequence of access control list
Mnemonic Symbol of the Icmp Message Type
Firewall
Configure Firewall
Effect Perform the following configurations in system view
Firewalls are disabled by default
Configure Extended Access Control List
Configure Standard Access Control List
Destination dest-addr dest- wildcard
Enabling and disabling filtering according to timerange
Configuring Special Timerange
Set Default Firewall Filtering Mode
Settr begin-time end-time
Enable/Disable Filtering According to Timerange
Set special time range
Set Special Time Range
Display and Debug Firewall
Use debugging, reset and display commands in all views
Displaying and Debugging Firewall
Specify Logging Host
Routerfirewall default permit
Enable firewall
Configure access rules to inhibit passing of all packets
Routerfirewall enable
Router-Serial0firewall packet-filter 102 inbound
Apply rule 102 on packets coming in from interface Serial0
Router-Ethernet0firewall packet-filter 101 inbound
IPSec Protocol
IPSec Message Processing
IPSec Related Terms
Following terms are important to an understanding of IPSec
Creating an Encryption
Configuring IPSec
Access Control List
Operator port1 port2
Create Encryption Access Control List
Set the output of the crypto card log
Configure Ndec Cards Enable the crypto cards
By default, all the crypto cards are enabled
Define IPSec proposal
By default, no proposal view is configured
Enable/Disable the Host to Backup the Ndec Cards
Set the Mode for Security Protocol to Encapsulate Messages
Select Security Protocol
Selecting the Encryption Authentication Algorithm
Default mode is tunnel-encapsulation mode
Select Security Protocol
Creating a Security Policy
Select Encryption Algorithm and Authentication Algorithm
Set start point and end point of security tunnel
By default, no security policy is created
Configure access control list quoted in security policy
Perform the following configurations in IPSec policy view
Set SPI of security policy association and its adopted key
By default, the security policy quotes no IPSec proposal
Configure IPSec Proposal Quoted in Security Policy
Set IPSec proposal quoted in security policy
Hex-key
By default, no key is used by any security policy
Configure SPI Parameters of Security Policy Association
Configure Key Used by Security Policy Association
Specify End Point of Security Tunnel
Set access control list quoted by security policy
Set end point of security tunnel
Creating a Security Policy Association with
Proposal-name2...proposal-name6
Set the IPSec proposal quoted in security policy
Set SA lifetime
Proposal proposal-name1
Configure Separate SA LIfetime
Configure a separate SA lifetime
By default, apply the global SA lifetime
Configure Global SA LIfetime
Ipsec sa dynamic-detect
Use debugging, reset and display commands in all views
Debugging IPSec
Apply Security Policy Group on Interface
Dest-address protocol spi
Reset crypto card
Display and Debug IPSec
Creating an SA Manually
IPSec Configuration Example
Use the debugging, reset and display command in all views
Displaying and Debugging the crypto card
Create the IPSec proposal view named tran1
Adopt tunnel mode as the message-encapsulating form
Select authentication algorithm and encryption algorithm
Quote access list
Exit to system view
Configure the route
Create a security policy with negotiation mode as manual
Apply security policy group on serial interface
Set remote addresses
Create a security policy with negotiation mode as isakmp
Create the IPSec proposal view named trans1
Create a security policy with negotiation view as isakmp
Configure ip address of the serial interface
Configure corresponding IKE
Configure serial interface Serial0
RouterB ike pre-shared-key abcde remote
Establish a security policy with manual negotiation mode
Adopt tunnel module for packets encapsulation form
Return to system view
Apply security policy base on serial port
Enter Ethernet interface view and configure IP address
Set local address
Set encryption key
RouterB ipsec policy map1 10 manual
Establish a security policy with manual configuration mode
Troubleshooting IPSec Ndec card cannot be configured
Return to the system view
Do the following
Configuring Ipsec
Configuring IKE
Policy
Configuring IKE
IKE features
Undo ike
Create IKE Policy
Ike proposal policy-number
View Delete IKE policy
Select Encryption Algorithm
Selecting an Authentication Algorithm
Select Authentication Method
Configure Pre-shared Key
Set Lifetime of IKE Negotiation SA
By default, 768-bit Diffie-Hellman group is selected
Select Hashing Algorithm
Select DH Group ID
Display and Debug IKE
Configure IKE Keepalive Timer
Reset ike sa connection-ike-sa-id
Displaying and Debugging IKE
Invalid user ID information
IKE Configuration
Unable to establish security channel
Unmatched policy
IX VPN
Configuring VPN Configuring L2TP Configuring GRE
596
VPN Overview
Authority given by local ISP
Basic Networking
Applications of VPN
Classification of IP
Comparison of layer 2 and layer 3 tunnel protocols
Layer 2 tunneling protocol
Layer 3 tunneling protocol
Configuring VPN
Vpdn Operation
Vpdn and L2TP
L2TP channel
Methods of Implementing Vpdn
Tunnel and session
Networking diagram of two typical methods of Vpdn
Control message and data message
IV. Call setup flow of L2TP tunnel
Call setup flow of L2TP channel
Features of L2TP
L2tp enable
Basic Configuration at
Enable L2TP
Enable/Disable L2TP
Ip-address … domain domain-name
Originate L2TP Connection Request and LNS Address
L2tp-group group-number
L2TP Attribute Table
By default, L2TP is disabled
Configure AAA and Local Users
Default list-name method1
Create/Delete a Virtual Template
Operation Command Create a L2TP group
Operation Command Create a virtual template
Create/Delete L2TP Group
Configure Local VPN Users
Advanced Configuration at LAC or LNS
By default, receiving dial-in from LAC is disabled
Configure the Name of the Receiving End of the Tunnel
Tunnel name name
Enable Tunnel Authentication Setting Password
By default, the local name is the host name of router
Set Local Name
Set the Interval for Sending Hello Message
Configure the Interval For Sending Hello Messages
Set Tunnel Authentication and Password
Set Domain Name Delimiter and Searching Order
Configure Domain Delimiter and Searching Order
Force
Force to Disconnect Channel
This configuration is applicable to LNS only
Operation Command Force to disconnect tunnel
Reset l2tp tunnel remote-name
LCP to Renegotiate
Configure the Local Address and Address Pool
LCP does not renegotiate by default
Number of L2TP Sessions
Enable/Disable Hiding Attribute Value Pairs AV
By default, AV pairs are hidden
Enable/Disable Hiding AV Pairs
Display and Debug L2TP
L2TP Configuration Examples
By default, the maximum number of L2TP sessions is
Use debugging, display command in all views
Configure BDR dialup parameters
Implement local AAA authentication on VPN user
Configure the IP address of Serial1 interface of LAC
Enable L2TP service and configure a L2TP group
Configure the Virtual-Template-related information
Configure the IP address of Serial0 interface of LNS
Internet Connection Wizard
Internet Connection Wizard
Internet Connection Wizard
Internet Connection Wizard
Router-LACip pool 1 192.170.0.3
Client-originated VPN Networking
Disable tunnel authentication
Configure the IP address of Serial1 interface at LAC side
Configure BDR parameters
Configure the IP address of Serial0 interface at LNS side
Network Connection Wizard
Network Connection Wizard
Connect Connection to
Router1 l2tp domain suffix-separator @
Configure an IP address on Serial0 interface
Configure a L2TP group and the related attributes
Configure the domain suffix separator to @
III. Procedures
Enable AAA authentication
Configure Virtual-Template
Force to implement local Chap authentication
Configure an access control list and specify L2TP data
Configure a L2TP group and configure the related attributes
Configuration at Router2 LNS side Enable AAA authentication
Configure an address pool 1 in the range of 192.168.0.2 to
PPP negotiation fails. The reasons may be
Fault 1 The users fail to log
Troubleshooting L2TP
Configuring L2TP
Packet
GRE Protocol
Encapsulation
Encapsulated tunnel message format Refer to RFC
Enlarge network operating range
Create Virtual Tunnel Interface
Configuring GRE
By default, no virtual tunnel interface is created
Creating a Virtual Tunnel Interface
Address of the Tunnel
Address of a Tunnel Must be configured Interface
Setting the Network
Perform the configurations in the tunnel interface view
Gre key key-number
Number discarded
Set Tunnel Interface to Check with Checksum
Set the Tunnel to Synchronize Datagram Sequence Numbers
All views
GRE Configuration Example
Group1 and group2. It can be implemented by using GRE
Debugging GRE
Configure Router B Configure the IP address of Serial0
Configure the IP address of Ethernet0 interface
Configure Router B Activate IPX
Configure Router a Activate IPX
Configure the IP address and IPX address of Ethernet0
Configure the static route to Novell Group2
RouterB ipx route 1e 1f.a.a.a tick 30000 hop
Networking of troubleshooting GRE
Configuring a Standby Center Configuring Vrrp
646
Standby Center
Configuring Standby Center
Next-hop-address dialer-number
Enter the Logic Channel View
Address logic-channelnumber
Fr map protocol address dlci dlci
Standby timer disable-delay seconds
Channel to check whether it has recovered
Standby timer enable-delay seconds
Undo standby timer enable-delay
Enter the view of Serial
Please perform the following configuration in all views
Load Sharing view
Interfaces
Router-logic-channel10standby interface serial
Enter the view of logic channel
Channel
Router-Serial1logic-channel
Vrrp Overview
Vrrp Configuration Examples
Troubleshooting Vrrp
Vrrp Overview
Address
Configuring Vrrp
Adding a Virtual IP
Undo vrrp vrid virtualrouterid
Configure Router Priority in Standby Group
Add Virtual IP Address
Vrrp vrid virtualrouterid
Virtualrouterid
Configuring Authentication Method Authentication Key
Vrrp provides simple character authentication method
Configure Authentication Method and Authentication Key
Monitoring
Configure Standby
Group Timer
Debugging Vrrp
Vrrp Single Standby
Vrrp Configuration
Procedure for each configuration
Backup with preemption aII. Networking diagram
Multiple Standby
Gateway services instead
Balancing and mutual backup are implemented
Gateway function as the master
Many master routers exist within the same standby group
There is requent switchover of the Vrrp state
XI QOS
662
QOS Overview
Three Types of QoS Services
QOS Overview
Benefits of QoS for the Network Service
QOS Overview
Traffic Policing
Traffic Classification
Traffic POLICING, Traffic Shaping and Line Rate
Rate CAR
Committed Access
Precedence-value mac mac-address
Defining Rules
Define CAR Rules
Qos carl carl-index precedence
Apply the CAR Rule on the Interface
By default, no CAR rule of ACL list is established
Applying the CAR Policy on the Interface
Display and Debug CAR
CAR Configuration Applying a CAR Policy to all Packets
Configure the Priority Level Based CAR Policy
Displaying and Debugging CAR
Configure the CAR Policy Based on the MAC Address
Packets
Traffic Shaping
Apply a CAR Policy on the Packets that Match ACL
Matches ACL
Schematic diagram of GTS processing
Configuring shaping parameters for a specified flow
Shape the flows matching 110 on Ethernet interface
Configuring shaping parameters for all flows
Configure the ACL
Shape all the flows on Ethernet interface
Configure the Physical Interface LIne Rate
Physical Interface Line
Rate
Display qos lr interface type
Operation Command Display the LR configuration conditions
Displaying Display and Debug LR Debugging LR
Congestion Management
Priority Queuing
Congestion
Management Policy
Fifo Queuing
Selecting Congestion Management Policies
Number Queues Advantage Disadvantage
Comparison of Several Congestion Management Policies
Schematic diagram of the first in first out queue
Schematic diagram of the custom queuing
Schematic diagram of weighted fair queuing
Weighted Fair Queuing WFQ
Configure the First In First Out Queuing
Configuring Congestion Management
Configuring Fifo Queuing
Configuring priority queuing
Pql-index protocol
By default, no priority queue is established
Values of Queue-Option with Protocol as IP
Protocol-name queue-option queue
Specifying the queue length of the priority-list queuing
By default, the interface utilizes the Fifo queue
Applying the priority-list queuing group to the interface
Displaying and debugging the priority queue
Configuring custom-list queuing
Configuring Custom Queuing CQ
Default Length Value of the Priority Queue
Queue queue-number
Configure the Custom-Lst Queuing According to the Interface
Configure the Default Custom-List Queuing
Queue-number
Applying the custom-list queuing group to the interface
By default, the interface uses the Fifo queue
Configuring the queue length of the custom-list queuing
Configure the Queue Length of the Custom-List Queuing
Displaying and debugging the custom-list queue
Configuring Weighted fair queuing
Displaying and debugging the weighted fair queue
Apply the priority queue 2 to Serial
Congestion Management Configuration Examples
PQ Configuration Example
Apply the priority queue 1 to Serial
RouterA-Tunnel1destination
Configure the CQ queue
Configure Router B Configure the access control list
RouterA-Tunnel0ip address 10.1.1.1
WFQ Configuration Example
Configure Serial0 master/slave addresses
Configure Tunnel0
Configure Tunnel1
Congestion Management
Congestion Avoidance
Congestion Avoidance
Function of the Interface
Wred Configuration
Enable the Wred
Enable Wred
Ip-precedence
Discard-prob
Displaying Debugging Congestion Avoidance
Congestion Avoidance Configuration Example
Configure a WFQ queue
Enable Wred
Congestion Avoidance
XII DIAL-UP
Configuring DCC Configuring Modem
704
DCC Overview
Terms in DCC Configuration
DCC
Circular DCC
Resource-Shared DCC
Implementing callback through DCC
Basic DCC features
With 3Com Routers
Configure the local parameters of DCC
Configuring DCC
Preparing to Configure
Prepare the data for DCC configuration
Ip address ipaddress mask
Configuring the mode of the physical interface
Configure Physical Interface Mode
Linklayer-protocol-type
Associating a DCC dialer ACL with the interface
Configuring an interface to originate calls to a remote end
Undo dialer number
Configure an interface to receive calls from a remote end
Dialer enable-circular
Dialer number dial-number
Next-hop-address dial-number
Dialer
Route protocol
Next-hop-address
Undo dialer route protocol
Dialer priority priority
Undo interface dialer number
Dialer circular-group number
Undo dialer circular-group
Undo dialer circular-group
Interface dialer number
Undo interface dialer number
Dialer circular-group number
Router Dialer0
Enabing Resource-Shared DCC
Configuring dialing authentication for resource-shared DCC
Configuring the dialer interface and dialer number
By default, no dialer interface is created
Configuring dialing authentication for resource-shared DCC
Threshold traffic-percentage
Configuring MP binding in circular DCC
Configure MP Binding in Circular DCC
Dialer threshold traffic-percentage
Configuring MP binding in resource-shared DCC
Configuring PPP callback in the circular DCC implementation
Configure MP Binding in Resource-Shared DCC
Implement PPP Callback Server Configuration in Circular DCC
Implement PPP Callback Client Configuration in Circular DCC
Dial-number
Command
Telephone-number
Next-hop-address user username
Dialer callback-center dial-number
Features of Isdn caller identification callback
Primary rule The best match is the number with the fewest
Callback according to the Isdn caller
Operation Command Configure the local end to implement
Identification
Undo dialer call-in remote-number
Configure Isdn leased line for Circular DCC
Configuring Isdn leased line
Configuring auto-dial
Configuring Special DCC Functions
Configure Dialer Number Circular Standby
Configuring dialer number circular standby
Configuring the Link Idle Time
Configure Auto-Dial
Configure the Link Idle Time
By default, the link idle time is 120 seconds
By default, the link disconnection time is 20 seconds
Configuring the link idle time when interface competion
Debugging DCC
Configuring the timeout of call setting up
By default, the timeout of call setting up is 60 seconds
Configuring the buffer queue length of the dialer
DCC Applications in Common Use
DCC Configuration Examples
Solution
Router-Serial0dialer route ip 100.1.1.1
Configure RouterC
Configure RouterB
Router-Serial1dialer circular-group
Router-Serial1dialer bundle-member
Router-Serial0dialer bundle-member
Configure RouterC
Configure RouterC
Router-Serial015dialer route ip 100.1.1.1
Configure RouterA
Router-Dialer0dialer threshold
Router-Bri0dialer bundle-member
Router-Bri1dialer route ip 100.1.1.1
Router dialer-rule 1 ip permit Router interface serial
Router-Serial1dialer enable-circular
Router-Serial0dialer route ip 100.1.1.2
Router-Bri0dialer route ip 100.1.1.2 user usera
NT Server-to-Router
Configure the PC
Callback for DC C
By the NT server
Router-Async0dialer route ip 100.1.1.254
Dial Number Circular Standby and Internet Access for DCC
Router-Serial0dialer route ip 100.1.1.254
Configure subscriber PC
Router-Serial215ppp chap password simple passb
Router-Serial215ppp authentication-mode chap
Router-Serial1standby logic-channel
Remote end cannot be pinged after the modem is connected
Message Fault
DCC Fault Messages
DCC peeraddr matching error
Modem Script
Modem Function Provided by 3Com Routers
Receive-string1 send-string1 receive-string2 send-string2
Syntax description of modem script
Modem script format in common use is as follow
By default, modem dial-in and dial-out are allowed
Which, seconds defaults to 180 and is in the range of 0 to
Configure the Modem Dial-in and Dial-out Authorities
Execute a Modem Script Manually
Configure Modem Through the AT Command
Configure a Modem Script
Configure a Modem Script
Specify the Events Triggering the Modem Scripts
By default, the modem works in non-auto answer mode
Configure the Answer Mode for the Modem
Configure Authentication for a Modem Dial-in User
Displaying and Debugging a Modem
Modem Configuration Examples
Executethe debugging command in all views for the debugging
Configure a Modem adaptation baud rate
AT&b1&c1&d2&s0=0
Restore the ex-factory modem settings
Configure the modem initialization parameters
Modem Dial-in User
Power-on Initialization Through Initialization Script
Authentication for
Directly
Troubleshooting
Configuring Modem