3Com 5000, 6000 3.10 Quality of Service (QoS) , 3.11 MPLS , 3.12 Interoperability Issues between the Router 5000/Router 6000 and 3Com VCX V7000

3Com Router 5000 and Router 6000 Family Release Notes v2.41 • Page 14

• With CRL checking enabled by default, certificate enrollment cannot be performed and an

IPsec tunnel cannot be established without the CRL on the router. CRL checking must be

disabled for certificate enrollment and the IPsec tunnel if the CRL is not on the router.

• If an undefined ACL is used in a configuration, a warning message is not displayed.

• In X.509 the CRL URL format determines which protocol is used to retrieve CRL from the CA

server. Use one of the following CLI commands depending on specific Server support:

HTTP: crl url http://<CA Server IP>/<CRL DP>

LDAP: crl url ldap://<CA Server IP>/<CRL DP>

SCEP: crl url "scep"

• ACL matches for IPSec only count the first packet used to open the tunnel - subsequent

packets will be logged in the IPSec SA.

• Manual Ipsec only protects the first match in an ACL with multiple rules; Recommendation:

make only one rule per ACL to protect all desired traffic.

• IPSec transform negotiation is not compatible with Cisco; configure only one transform for

any policy interacting with a Cisco router.

• IKE Keepalive is not accepted by a Cisco router and tears down the tunnel. Do not use the

ike sa keepalive-timer timeout command (default).

• Juniper’s IPSec implementation does not interoperate with the 3Com Router 5000 Family

with respect to IPSec Fragmentation. If possible, set the MTU to 1438 or lower on devices

that will be using the tunnel to avoid having to fragment IPSec packets.

3.10 Quality of Service (QoS)

• CBR miscalculates the remaining Bandwidth available after multiple PVCs oversubscribe the

link. An “undo service” will recover all but 32kbps of the available bandwidth. A router

reboot will recover the rest.

• QoS CBQ can be configured on a dialer interface but it has no effect. Place the QoS Policy

on the physical interface rather than the logical dialer interface.

• Once a QOS policy is applied use the CLI command “reset IP Fast Cache” to re-apply the

QoS functions properly.

• An under provisioned ATM service class results in link failure for that PVC only.

3.11 MPLS

• If there is no response, from pinging a CE Router from a PE Router within an MPLS/BGP L3

network use the command “ping -vpn -a xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx”, using the source

address of the PE interface that is in the VPN of the intended target.

• If Loopback0 and LSR ID ip addresses are different, MPLS LDP will not work properly. The

Loopback0 and LSR ID ip addresses must be match.

3.12 Interoperability Issues between the Router 5000/Router 6000 and 3Com VCX V7000

• SIP compatibility mode is required for calls between 3Com Convergence Center Clients to

router 5000/6000 analog phones. Execute the “sip-comp server” command from the voice

view on the router.