AIS AI2524 Create an Access List, Example: X.29 Access List

AI2524 Router Card User’s Manual

Page 12-46 August 1997

2524UM

Create an Access List

To specify the access conditions, restrict incoming and outgoing con-

nections between a particular Virtual Terminal (VTY) line (into a

Cisco access server) and the addresses in an access list by typing (in

global configuration mode):

x29 access-list

access-list-number

{deny |

permit}

x121-address

An access list can contain any number of lines. The lists are processed

in the order in which you type the entries. The first match causes the

permit or deny condition. If an X.121 address does not match any of

the entries in the access list, access is denied.

Example: X.29 Access List

This example illustrates an X.29 access list. Incoming permit condi-

tions are set for all IP hosts that have specific characters in their names.

All X.25 connections to a printer are denied. Outgoing connections are

list restricted.

Permit all IP hosts beginning with VMS. Deny X.25 connections to th

printer on line 5.

access-list 1 permit 0.0.0.0 255.255.255. 255

lat access-list 1 permit ^VMS.*

x29 access-list 1 deny .*

!

line vty 5

access-class 1 i

Permit outgoing connections for other lines. Permit IP access with the

network 172.30.

access-list 2 permit 172.30.0.0 0.0.255.255

Permit X.25 connections to Infonet hosts only.

x29 access-list 2 permit ^31370

!

line vty 0 16

access-class 2 ou

Contents

Main Page Page AI2524 Router Users Manual Copyright Notice FCC Warning Electrostatic Discharge Warning Specifications are subject to change without notice. Applied Innovation Inc. Contents Page Chapter 6: Using the System Configuration Dialog.................................................6-1 Chapter 9: AI2524 OSI/CLNP Configuration Steps................................................9-1 Page Chapter 11: AI2524 Sync PPP Configuration Steps...............................................11-1 Page Chapter 13: AI2524 Frame Relay Configuration Steps.........................................13-1 Page Page Chapter 1: Introduction Documentation Overview Page Related Documentation Contact Information Text Conventions Variable Arguments switch_name filename... directory n directory file Page Page Chapter 2: AI2524 Overview Introduction T1 CSU/DSU Four Wires 56K CSU/DSU 5-IN-1 Serial Cable Interface Software Features and Functions Scalability Reliable, Adaptive Routing Remote Access and Protocol Translation Chapter 2: AI2524 Overview Figure 2-1:Remote Access Functionality Management and Security Software Specifications Supported Network Protocols WAN protocols Network protocols IP Routing Protocols Connections Page Chapter 3: Configuration Overview Introduction Boot Router for First Time Configure the Router Using Configuration Mode Show Configuration Save the Configuration Configuration Overviews Use Configuration Builder Use the Command Interpreter Page Use the Web Browser Interface Configuration Storage and Hot Swap Always Modify the Configuration Using Menu 4.18 Store the Configuration on the AI198 Card Chapter 4: Understanding the User Interface Introduction Command Line Interface End a Session User Interface Task List Command Modes Page August 1997 Page 4-5 type numbe name tag keyword User EXEC Mode Commands num- ber mode name or Privileged EXEC Mode Commands Page 4-8 August 1997 ROM Monitor Mode Commands Page Page August 1997 Page 4-11 Interface Configuration Mode Commands August 1997 Page 4-13 Subinterface Configuration Mode Commands August 1997 Page 4-15 Router Configuration Mode Router configuration commands co nfigure an IP routing protocol. AI2524 Router Card Users Manual Page 4-16 August 1997 2524UM IPX-Router Configuration Mode Route-Map Configuration Mode Key Chain Configuration Mode Key Chain Key Configuration Mode Response Time Reporter Configuration Mode Access-List Configuration Mode Context-Sensitive Help Help Command Command Format command abbreviated- command-entry abbreviated- command- entry Get Word Help Get Command Syntax Help Get Help for Abbreviated Commands Examples Page Check Command Syntax Page Command History Feat u res History Commands Command Format number-of- lines] Editing Features show Editing Commands Command Format Editing Commands (Contd.) Command Format Edit Command Lines that Wrap Web Browser Interface Web Browser Interface Task List Enable the Web Browser Interface Use Compatible Hardware and Software Page Page Enter Commands Using the Command Field Enter Commands Using the URL Window Chapter 5: Using AutoInstall Introduction Preparing for AutoInstall AutoInstall Requirements Page Use a DOS-Based TFTP Server How AutoInstall Works Acquire the New Router's IP Address Page Page Page Download the New Router's Host Configuration File Page Perform the AutoInstall Procedure Modify the Existing Router's Configuration Use an HDLC-Encapsulated Serial Interface Connection interface-number address mask Use an Ethernet, Token Ring, or FDDI Interface Connection ethernet |tokenring | fddi} interface-number address2 Use a Frame Relay-Encapsulated Serial Interface Connection dlci option address3 bps1 Set Up the TFTP Server hostname address Set Up the BOOTP or RARP Server Connect the New Router to the Network existing newrouter Use Setup for Configuration Changes Setup Command Facility Task List Use Setup after First-Time S tartup Page Page Page 5-22 August 1997 August 1997 Page 5-23 Page 5-24 August 1997 August 1997 Page 5-25 Page 5-26 August 1997 Use the Streamlined Setup Facility Page Chapter 6: Using the System Configuration Dialog Introduction System Configuration Dialog Page Page Page August 1997 Page 6-5 Refer to this table for ISDN switch types: Page Chapter 7: Manually Loading System Images Introduction Page Retrieve System Images and Configuration Files Retrieve System Images and Configuration File Task List device ip-address Copy System Images from a Network Server to Flash Memory xxxx/xxxx file- Page Page Copy Configuration Files from a Network Server to the Router Change the Buffer Size for Loading Configuration Files Verify the Image in Flash Memory Display System Image and Configuration Information Page Reexecute the Configuration Commands in Startup Configuration Clear the Configuration Information Perform General Startup Tasks General Startup Task List Enter Configuration Mode and Select a Configuration Source Configure the Cisco IOS software from the Terminal Configure the Cisco IOS software from Memory Configure the Cisco IOS software from the Network network host Copy a Configuration File Directly to the Startup Configuration Modify the Configuration Register Boot Field How the Router Uses the Boot Field Setting the Boot Field Perform the Boot Field Modification Tasks Specify the Startup Configuration File Specify the Startup Configuration File Task List Download the Network Configuration File Download the Host Configuration File Page Store System Images and Configuration Files Store System Images and Configuration Files Task List Copy System Images from Flash Memory to a Network Server Page Copy Configuration Files from the Router to a Network Server Perform Startup Tasks Startup Task List Partition Flash Memory Using Dual Flash Bank Systems that Support Dual Flash Bank Benefits Flash Load Helper versus Dual Flash Bank Understanding Relocatable Images Page partitions size1 size2 partition- number: partition- number:filename Method of Downloading Result of Booting from Flash partition-number: filename partition-number:filename partition-number: Use Flash Load Helper to Upgrade Software on Run-from- Flash Systems Page Flash Load Helper Configuration Task List Download a File Using Flash Load Helper Page Page Page Monitor Flash L oad Helper Manually Load a System Image from ROM Monitor Manually Boot from Flash Manually Boot from a Network File Manually Boot from ROM Use the System Image Instead of Reloading Page Chapter 8: AI2524 Protocol Configuration Introduction AI2524 OSPF TCP/IP Configuration Steps Enable OSPF process-id area-id Configure OSPF Interface Parameters cost Configure OSPF over Different Physical Networks Configure OSPF for Nonbroadcast Networks Configure OSPF Area Parameters cost Configure OSPF Not So Stubby Area (NSSA) Implementation Considerations Configure Route Summarization between OSPF Areas Configure Route Summarization When Redistributing Routes into OSPF Create Virtual Links Generate a Default Route Configure Lookup of DNS Names Force the Router ID Choice with a Loopback Interface Disable Default OSPF Metric Calculation Based on Bandwidth Configure OSPF on Simplex Ethernet Interfaces Configure Route Calculation Timers spf-delay spf-holdtime Configure OSPF over On-Demand Circuits process-id Network Illustration AI2524 IGRP TCP/IP Configuration Steps IGRP Updates IGRP Configuration Task List Create the IGRP Routing Process Allow Point-to-Point Updates for IGRP Define Unequal-Cost Load Balancing Control Traffic Distribution Adjust the IGRP Metric Weights k1 k2 k3 k4 k5 Disable Holddown hops Enforce a Maximum Network Diameter Validate Source IP Addresses Network Illustration Figure 8-1:Interior, System, and Exterior Routes AI2524 RIP TCP/ IP Configuration RIP Configuration Task List Enable RIP network-number Allow Point-to-Point Updates for RIP Specify a RIP Version Enable RIP Authentication name-of- chain Disable Route Summarization Run IGRP and RIP Concurrently Disable the Validation of Source IP Addresses autonomous-system- sequence-number Chapter 9: AI2524 OSI/CLNP Introduction ISO CLNS Configuration Task List Understand Addresses Figure 9-1:NSAP Address Fields Figure 9-2:Sample Domainand Area Addresses ISO IGRP NSAP Address Figure 9-3:ISO IGRP NSAP Addressing Structure IS-IS NSAP Address Figure 9-4:IS-IS NSAP Addressing Structure Addressing Rules Addressing Examples Routing Table Example Page Understand Routing Processes Dynamic Routing Intermediate Systems (IS) and End Systems (ES) Static Routing Routing Decisions Configure ISO IGRP Dynamic Routing Enable ISO IGRP network-entity-title Example: Dynamic Routing within the Same Area Figure 9-5:CLNS Dynamic Routing within a Single Area Example: Dynamic Routing in More Than One Area Figure 9-6:CLNS Dynamic Routing within Two Areas Example: Dynamic Routing in Overlapping Areas Page Page Page Router Detroit Configure ISO IGRP Parameters Adjust ISO IGRP Metrics qos k1 k2 k3 k4 k5 Adjust ISO IGRP Timers update-interval holddown- interval invalidinterval Enable or Disable Split Horizon Configure IS-IS Dynamic Routing Enable IS-IS network-entity-title Examples: IS-IS Routing Configuration Level1 and Level2 Routing Level2 Routing Only OSI Configuration ISO CLNS Dynamic Route Redistribution Assign Multiple Area Addresses to IS-IS Areas Examples: NETs Configuration ISO IGRP IS-IS IS-IS Multihoming Example: Router in Two Areas ISO IGRP Figure 9-8:ISO IGRP Configuration IS-IS Configure IS-IS Parameters Specify Router-Lev elSupport Configure IS-IS Authentication Passwords Ignore IS-IS Link-State Packet (LSP) Errors Log Adjacency State Changes Change IS-IS LSP MTU Size Configure IS-IS Interface Parameters Adjust IS-IS Link-State Metrics default-metric Set the Advertised Hello Interval and Hello Multiplier multiplier Set the Advertised CSNP Interval Set the Retransmission Interval Specify Designated Router Election Specify the Interface Circuit Type Configure CLNS Static Routing Enable Static Routes next-hop-net nsap-prefix net-address Examples: Basic Static Routing Example 1 Example 2 Figure 9-9:Static Routing Example: Static Intradomain Routing Figure 9-10:CLNS X.25 Intradomain Routing Example: Static InterdomainRo uting Page Router B Configure Variations of the Static Route nsap-prefix type number nsap-prefix snpa- nsap-prefix type number nsap snpa Configure Miscellaneous Features Specify Shortcut NSAP Addresses name nsap Use the IP DomainNa me System to Discover ISO CLNS Addresses Create Packet-Forwarding Filters and Establish Adjacencies ename term sname name template Examples: CLNS Filter Redistribute Routing Information map- sequence- type number...type number metric-value tag-value Examples: Route Map Specify Preferred Routes Configure ES-IS Hello Packet Parameters Page Configure CLNS over WANs Example: ISO CLNS over X.25 Page Router B Enhance ISO CLNS Performance Specify the MTU Size Disable Checksums Disable Fast Switching Through the Cache Set the Congestion Threshold Transmit Error Protocol Data Units (ERPDUs) Control Redirect Protocol Data Units (RDPDUs) Configure Parameters for Locally Sourced Packets Example: Performance Parameters Monitor and Maintain the ISO CLNS Network host domain area-tag map-name lspid destination Configure TARP on ISO CLNS TARP Configuration Task List Enable TARP and Configure a TARP TID Disable TARP Caching Disable TARP PDU Origination and Propagation Configure Multiple NSAP Addresses tid nsap Configure Static TARP Adjacency and Blacklist Adjacency Determine TIDs and NSAPs Configure TARP Timers hops Configure Miscellaneous TARP PDU Information selector hex-digit protocol hex-digit Monitor and Maintain the TARP Protocol Examples: TARP Configuration Basic TARP Configuration Example Complex TARP Configuration Example Figure 9-13:Sample TARP Configuration Chapter 10: Serial Interface Configuration Steps Chapter 10: Serial Interface Introduction Configure the Synchronous Serial Interfaces Page Chapter 11: AI2524 Sync PPP Introduction Configuration Overview PPP Configuration Task List Enable PPP Encapsulation Enable CHAP or PAP Authentication list-name secret Example: CHAP with an Encrypted Password Enable Link Quality Monitoring (LQM) percentage Configure Automatic Detection of Encapsulation Type encapsulation-type Configure Compression of PPP Data Configure IP Address Pooling Peer Address Allocation Precedence Rules Interfaces Affected Choose the IP Address Assignment Method Define the Global Default Mechanism low-ip- high-ip-address Configure Per-Interface IP Address Assignment low-ip-address high-ip-address begin- ip-address-range end-ip-address-range Configure PPP Callback Configure a Router as a Callback Client next-hop-address hostname dial-string Example: PPP Callback Client Configure a Router as a Callback Server hostname classname classname dial-string protocol address Example: PPP Callback Server Disable or Reenable Peer Neighbor Routes Configure PPP Half-Bridging Figure11-1: Router Serial Interface Configured as a Half- Bridge n.n.n.n network Configure Multilink PPP Configure Multilink PPP on Asynchronous Interfaces load Configure Multilink PPP on a Single ISDN BRI Interface ip-address mask Page Example: Multilink PPP on One ISDN Interface Configure Multilink PPP on Multiple ISDN BRI Interfaces Page load August 1997 Page 11-25 Example: Multilink PPP on Multiple ISDN Interfaces AI2524 Router Card Users Manual Configure Virtual Private Dial-up Networks Understand Virtual Priv ate Dial-up Networks Page Page Page Page Page Page Chapter 12: AI2524 X.25 Configuration Introduction X.25 Configuration Configure Interface Set the X.25 Mode Set the Virtual Circuit Ranges Example: Virtual Circuit Ranges Set the Packet Numbering Modulo Set the X.121 Address address x121-address Set the Default Flow Control Values Set Default Window Sizes Set Default Packet Sizes Example: Typical X.25 Configuration Page Configure Additional X.25 Interface Parameters Configure the X.25 Level 3 Timers Configure X.25 Addresses Understand Normal X.25 Addressing Understand X.25 Subaddresses Configure an Interface Alias Address x121-address-pattern pattern Suppress or Replace the Calling Address Suppress the Called Address Establish a Default Virtual Circuit Protocol Disable Packet-Level Protocol (PLP) Restarts Configure an X.25 Datagram Transport Figure 12-1: Transporting LAN Protocols across an X.25 Public Data Network (PDN) Configure Subinterfaces Understand Point-to-Point and Multipoint Subinterfaces Create and Configure X.25 Subinterfaces Example: Point-to-Point Subinterface Configuration Map Protocol Addresses to X.121 Addresses Understand Protocol Encapsulation for Single-Protocol and Multiprotocol Virtual Circuits Understand Protocol Identification Protocol AI2524 Protocol Identifier IETF RFC 1356 Protocol Identifier Map Datagram Addresses to X.25 Hosts protocol address protocol2 address2 protocol9 address9 x121- Configure PAD Access Establish an Encapsulation PVC Page Set X.25 TCP/IP Header Compression Configure X.25 Bridging Configure Additional X.25 Datagram Transport Features x25 map Configure X.25 Payload Compression Configure the Encapsulation Virtual Circuit Idle Time Increase the Number of Virtual Circuits Allowed Configure the Ignore Destination Time Establish the Packet Acknowledgment Policy Configure X.25 User Facilities Page Define the Virtual Circuit Packet Hold Queue Size Restrict Map Usage Configure X.25 Routing Enable X.25 Routing Example: X.25 Route Address Pattern Matching Figure 12-3:X.25 Route Address Pattern Matching Configure a Local X.25 Route Example: X.25 Routing Configure XOT (Remote) X.25 Route type Configure a Locally Switched PVC number1 number2 Example: PVC Switching on the Same Router Example: Simple Remote PVC Tunneling Figure 12-4:X.25 Tunneling Connection Configure an XOT (Remote) PVC number1 number2 Example: Remote PVC Tunneling August 1997 Page 12-37 Figure 12-5:Local Switching and Remote Tunneling PVCs Configuration for Router X Configure Additional X.25 Routing Features Configure XOT to Use Interface Default Flow Control Values Substitute Addresses in a Local X.25 Route Configure XOT Alternate Destinations ip-address2 ip- address6 Configure CMNS Routing Enable CMNS on an Interface Specify a CMNS Static Map of Addresses nsap mac-address nsap x121-address Example: CMNS Configured for X.121 and MAC Addresses Page Example: CMNS Switched over Leased Lines Figure 12-7:Example Network Topology for Switching CMNS over a Leased Line Create X.29 Access Lists Create an Access List access-list-number Example: X.29 Access List Apply an Access List to a Line access-list-number Create an X.29 Profile Script Example: X.29 Profile Script Configure LAPB Configure a LAPB Datagram Transport Example: Typical LAPB Configuration Modify LAPB Protocol Parameters Task (LAPB Parameter) Command Values or Ranges Default tries bits modulus Page Configure LAPB Priority and Custom Queuing Configure Transparent Bridging over Multiprotocol LAPB lcn Monitor and Maintain LAPB and X.25 Example: Transparent Bridging for Multiprotocol LAPB Encapsulation Example: X.25 Configured to Allow Ping Support over Multiple Lines Figure 12-8:Parallel Serial Lines to an X.25 Network Example: Booting from a Network Server over X.25 Page Page Chapter 13: AI2524 Frame Relay Introduction Figure 13-1:Typical Frame Relay Configuration Frame Relay Hardware Frame Relay Configuration Task List Enable Frame Relay Encapsulation on an Interface Examples: IETF Encapsulation Configure Dynamic or Static Address Mapping Configure Dynamic Mapping Configure Static Mapping protocol-address Examples: Static Address Mapping Two Routers in Static Mode Example IPX Routing Example Configure the LMI Allow LMI Autosense to Operate The LMI Autosense Process Configuring LMI Autosense Explicitly Configure the LMI destination Set the LMI Type Set the LMI Keepalive Interval Set the LMI Polling and Timer Intervals events keep-exchanges timer Configure Frame Relay Switched Virtual Circuits Configure SVCs on a Physical Interface mask Example: SVCs on an Interface Configure SVCs on a Subinterface (optional) number.subinterface- mask Example: SVCs on a Subinterface Configure a Map Class bits duration class-name source-address Configure a Map Group with E.164 or X.121 Addresses destination-address Associate the Map Class with Static Protocol Address Maps Configure LAPF Parameters retries Configure Frame Relay Traffic Shaping Enable Frame Relay Traffic Shaping on the Interface Specify a Traffic-Shaping Map Class for the Interface map-class-name Define a Map Class with Queuin g and Traffic Shapi ng Parameters map-class-name peak average Define Access Lists Define Custom Queue Lists for the Map Class Example: Frame Relay Traffic Shaping August 1997 Page 13-17 Customize Frame Relay for Your Network Configure Frame Relay Subinterfaces Understand Frame Relay Subinterfaces Page Page Define Subinterface Addressing Examples: Basic Subinterface Example: Frame Relay Multipoint Subinterface with Dynamic Addressing Page Example: IPX Routes over Frame Relay Subinterfaces Configure Transparent Bridging for Frame Relay number.subinterface-number Example: Unnumbered IP over a Point-to-Point Subinterface number.subinterface-number Example: Transparent Bridging Using Subinterfaces Configure a Backup Interface for a Subinterface Configure Frame Relay Switching Figure 13-3:Frame Relay Switched Network Enable Frame Relay Switching Configure a Frame Relay DTE Device, DCE Switch, or NNI Support Specify the Static Route Example: PVC Switching Configuration Figure 13-4:PVC Switching Configuration Page Page 13-32 August 1997 Configuration for Router A August 1997 Page 13-33 Configuration for Router C Page August 1997 Page 13-35 Configuration for Router B Page August 1997 Page 13-37 Configuration for Router A Configuration for Router D Disable or Reenable Frame Relay Inverse ARP protocol dlci Create a Broadcast Queue for an Interface size byte-rate packet-rate Configure Payload Compression protocol protocol-address Configure TCP/IP Header Compression Configure an Individual IP Map for TCP/IP Header Configure an Interface for TCP/IP Header Compression Example: IP Map with Inherited TCP/IP Header Example: Using an IP Map to Override TCP/IP Header Disable TCP/IP Header Compression Example: Disabling Inherited TCP/IP Header Compression Example: Disabling Explicit TCP/IP Header Compression Configure Discard Eligibility list-number characteristic group-number dlci Configure DLCI Priority Levels group- number high-dlci medium-dlci normal-dlci low-dlci Monitor the Frame Relay Connections map route maplist Example: Configuration Providing Backward Compatibility Example: Booting from a Network Server over Frame Relay Page Page Chapter 14: T1 Interface Configuration Introduction Configure Fractional T1 Specify the Clock Source Enable Data Inversion Before Transmission Specify the Frame Type of a FT/T1 Line Specify the CSU Line Build Out Specify FT1/T1 Line-Code Type Enable Remote Alarms Enable Loopcodes that Initiate Remote Loopbacks Specify Timeslots range Page Chapter 15: 56/64-kbps Switched and Digital Data Services (DDS) Interface Chapter 15: 56/64-kbps Switched and Digital Data Services (DDS) Interface Introduction Set the Clock Source Set the Network Line Speed line-speed Chapter 15: 56/64-kbps Switched and Digital Data Services (DDS) Interface Enable Scrambled Data Coding Change between DDS and Switched Dial-Up Modes Page Chapter 16: Basic Configuration Connecting to the Network Connecting to a WAN Configuring Booting the Router for the First Time Configuring the Router Using Configuration Mode Using AutoInstall Using the System Configuration Dialog Page 3. Press <Enter> or enter yes to begin the configuration process. August 1997 Page 16-7 Page Country ISDN Switch Type Description Configuring the Ethernet or Token Ring Interfaces Country ISDN Switch Type Description Configuring the Synchronous Serial Interfaces Configuring ISDN Page Configuring Switched 56 Page Configuring DDS Configuring the Fractional T1/T1 DSU/CSU WAN Module Specifying the Boot Method Page Page 16-20 August 1997 Checking the Configuration Settings Chapter 17: Command References Chapter 17: Command References Command References Page Chapter 18: System Error Messages Page Chapter 19: Debug Command Reference Page Page Page AISwitch Release Notes Copyright FCC Warning Electrostatic Discharge Warning Applied Innovation, Inc. AISwitch Release Notes ISDN/BRI Inferface August 1997 AI2524 Router Card, Version 1.00 Release Notes Configuring ISDN Page Appendix B: Acronyms Acronym Definition