Firewall Load Balancing | Cabletron Systems 9032578-05 manual

Chapter 15: IP Policy-Based Forwarding Configuration Guide

Packets from users defined in the “contractors” group are sent through a firewall. If the firewall cannot be reached packets from the contractors group are dropped. Packets from users defined in the “full-timers” group do not have to go through the firewall.

The following is the IP policy configuration for the Policy Router in Figure 22:

interface create ip mls0 address-netmask 10.50.1.1/16 port et.1.1

acl contractors permit ip 10.50.1.0/24 any any any 0 acl full-timers permit ip 10.50.2.0/24 any any any 0

ip-policy access permit acl contractors next-hop-list 11.1.1.1 action policy-only

ip-policy access permit acl full-timers next-hop-list 12.1.1.1 action policy-first

ip-policy access apply interface mls0

Firewall Load Balancing

The next hop gateway can be selected by the following information in the IP packet: source IP, destination IP, or both the source and destination IP. Figure 23 illustrates this configuration.

Intranet

Internet

Firewalls

1.1.1.1 1 2.2.2.1

mls1	Policy
	Router 1
	1.1.1.5
	1.1.1.5

		1					e
		1					t
		.						.
1								1
.				1.1.1.2		2.2.2.2				.
t				1.1.1.2	2	2.2.2.2					1
e		.2					et.1.2
		.2					et.1.2
	1
t.
e							.1
et.							.1
	1.						et	.3
t			3	1.1.1.3		2.2.2.3			.4
e								1
.								1
1							.
	.				3		et
	4

Policy Router 2

2.2.2.5

mls2

1.1.1.44 2.2.2.4

Figure 23. Selecting Next Hop Gateway from IP Packet Information

One session should always go to a particular firewall for persistence.

214	SmartSwitch Router User Reference Manual

Image 240

Cabletron Systems 9032578-05 manual Firewall Load Balancing, Selecting Next Hop Gateway from IP Packet Information

Contents

SmartSwitch Router User Reference Manual 9032578-05 Copyright ChangesDisclaimer Trademarks Regulatory Compliance Information Regulatory Compliance Statements Industry Canada Compliance Statement Vcci Compliance Statement Safety Information Class 1 Laser Transceivers Laser Radiation and Connectors Cabletron Systems, Inc Program License Agreement SmartSwitch Router User Reference Manual Vii Viii SmartSwitch Router User Reference Manual SmartSwitch Router User Reference Manual Cabletron Systems Limited Program License Agreement Cabletron Systems Limited Program License Agreement Declaration of Conformity Addendum Contents SmartTRUNK Configuration Guide Dhcp Configuration Guide Vrrp Configuration Guide 111 Routing Policy Configuration Guide 161 160 197 Network Address Translation Configuration Guide Firewall Load Balancing 214 Monitoring IP Policies 215 249 Security Configuration Guide 275 QoS & Layer-2/Layer-3/Layer-4 Flow Overview 291 309 Lfap Configuration Guide 329 357 Contents Xxvi SmartSwitch Router User Reference Manual About This Manual Related DocumentationDocument Conventions For Information About See Keywords and arguments within a set of square brackets are OptionalKeywords or arguments separated by vertical bars indicate a Choice. Select one keyword or argument Configuration Files Chapter Introduction Using the Command Line Interface Command ModesUser Mode Enable Mode Getting Help with CLI Commands Configure ModeBoot Prom Mode CLI completes the command as follows Line Editing Commands CLI Line Editing Commands Next command from history buffer Previous command from history bufferWord-backward command Show all commands currently stored in the history buffer Displaying and Changing Configuration Information Commands to Display and Change Configuration Information Task Command Erase scratchpadErase startup Save active Port Names Each port in the SSR is referred to in the following mannerPort Numbers for Line Cards Line Card Port Number Arrangement Left to Right Base LLX Quad Serial WAN Hssi WAN Chapter Hot Swapping Line Cards Control Modules Hot Swapping Overview Hot Swapping Line Cards Deactivating the Line Card Installing a New Line Card Removing the Line CardHot Swapping One Type of Line Card With Another Hot Swapping a Secondary Control Module Deactivating the Control Module Installing a Control Module Removing the Control Module Hot Swapping a Switching Fabric Module SSR 8600 only Removing the Switching Fabric Module Installing a Switching Fabric ModulePage Chapter Bridging Configuration Guide Bridging OverviewSpanning Tree Ieee 802.1d Vlan Overview Bridging Modes Flow-Based and Address-Based Port-based VLANs MAC-address-based VLANsProtocol-based VLANs Subnet-based VLANs SSR Vlan Support Multicast-based VLANsPolicy-based VLANs VLANs and the SSR Access Ports and Trunk Ports 802.1Q support Ports, VLANs, and L3 Interfaces Configuring SSR Bridging Functions Configuring Address-based or Flow-based BridgingExplicit and Implicit VLANs SSR Address-Based Bridge Table Flow-Based Bridge Table Configuring Spanning Tree Adjusting Spanning-Tree ParametersMore ports for a particular Vlan Setting the Bridge Priority Setting a Port PriorityAssigning Port Costs Adjusting Bridge Protocol Data Unit Bpdu Intervals Adjusting the Interval between Hello TimesDefining the Forward Delay Interval Defining the Maximum Age Configuring a Port- or Protocol-Based Vlan Configuring Vlan Trunk PortsCreating a Port or Protocol Based Vlan Adding Ports to a Vlan Configuring VLANs for Bridging Configuring Layer-2 Filters Configuration Examples Monitoring BridgingCreating an IP or IPX Vlan Creating a non-IP/non-IPX Vlan Next, assign ports to the ‘RED’ Vlan Chapter SmartTRUNK Configuration Guide Overview Configuring SmartTRUNKs Creating a SmartTRUNKAdd Physical Ports to the SmartTRUNK Monitoring SmartTRUNKs Specify Traffic Distribution Policy Optional Example Configurations St.2 St.4 Router Switch Server SmartTRUNK Configuration Guide Page Chapter ATM Configuration Guide ATM OverviewVirtual Channels Service Class Definition Creating a Virtual ChannelAtm create vcl port port list Creating a Service Class Definition Applying a Service Class Definition Cell Scrambling Enabling Cell ScramblingAtm set port port list pdh-cell-scramble on off Cell Mapping Selecting the Cell Mapping FormatPdh-cell-scramble onoff Atm set port port list cell-mapping direct plcp Setting the Bit Allocation for VPI Creating a Non-Zero VPIAtm set port port list vpi-bits num Displaying ATM Port Information Atm show vpl port port list all-ports Atm show serviceall Atm show port-settings port list all-ports B3ZS Esf indicates extended super frame and is used For T1 framingG832 is used for E3 framing G751 is used for E3 framing ATM Sample Configuration Consider the following network configuration Configuring an Interface on an Ethernet Port Defining an ATM Service Class Applying an ATM Service Class Configuring an Interface on an ATM PortConfiguring an IP Route Ssr1config# ip add route 11.1.2.0/24 gateway ATM Sample Configuration Chapter Packet-over-SONET Configuration Guide Configuring Packet-over-SONET Links Configuring IP Interfaces for PoS Links Configuring Automatic Protection Switching Configuring Working and Protecting Ports Specifying Bit Error Rate Thresholds Specify signal degrade BER Threshold Specify signal failure BERMonitoring PoS Ports Threshold This section shows example configurations for PoS links Following is the configuration for router aFollowing is the configuration for router B APS PoS Links Between SSRs PoS Link Between the SSR and a Cisco Router Router So.6.1 So-1 40.1.1.1/16 Bridging and Routing Traffic Over a PoS Link Router So.6.1Page Configuration Guide ChapterDhcp Overview Configuring Dhcp Configuring an IP Address PoolConfiguring Client Parameters Client Parameters Configuring a Static IP Address Grouping Scopes with a Common Interface Configuring Dhcp Server Parameters Updating the Lease DatabaseMonitoring the Dhcp Server Dhcp Configuration Examples Define Dhcp network parameters for the scope ‘scope1’Define an IP address pool for addresses 10.1.1.10 through Define a static IP address for Configuring Secondary Subnets Secondary Subnets and Directly-Connected Clients Include ‘scope2’ in the superscope ‘super1’ Interacting with Relay Agents Define the address pool for ‘scope1’ Page Chapter IP Routing Configuration Guide IP Routing ProtocolsUnicast Routing Protocols Configuring IP Interfaces and Parameters Multicast Routing Protocols Configuring IP Interfaces to Ports Configuring IP Interfaces for a VlanSpecifying Ethernet Encapsulation Method Configuring Jumbo Frames Configuring Address Resolution Protocol ARP Configuring ARP Cache EntriesTo clear the entire ARP table Unresolved MAC Addresses for ARP Entries Configuring Reverse Address Resolution Protocol Rarp Configuring Proxy ARP Specifying IP Interfaces for Rarp Defining MAC-to-IP Address Mappings Configuring DNS Parameters Configuring IP Services IcmpConfiguring IP Helper Monitoring Rarp Configuring Direct Broadcast Configuring Denial of Service DOS Monitoring IP Parameters Configuring Router Discovery Arp show allInterface show ip System show dns Ssrconfig# rdisc add address To display router discovery information Ssr# rdisc show all Assigning IP/IPX Interfaces Configuring Vrrp Vrrp Overview Basic Vrrp Configuration BackupConfiguration of Router R1 Following is the configuration file for Router R1 in Figure Symmetrical Configuration Configuration for Router R2Following is the configuration file for Router R2 in Figure Master for VRID=1 Master for VRID=2 Backup for VRID=2 Symmetrical Vrrp Configuration Multi-Backup Configuration Configuration of Router R2 Multi-Backup Vrrp Configuration Configuration of Router R1 Virtual Router Default Priority Configured Priority Additional Configuration Configuration of Router R3Following is the configuration file for Router R3 in Figure Setting the Backup Priority Setting the Advertisement IntervalSetting Pre-empt Mode Setting an Authentication Key Monitoring VrrpIp-redundancy trace Ip-redundancy show Ssr# ip-redundancy show vrrp interface int1 Vrrp Configuration Notes Ssr# ip-redundancy show vrrp 1 interface int1 verbose 104 Chapter RIP Configuration Guide Configuring RIPRIP Overview Configuring RIP Interfaces Configuring RIP ParametersEnabling and Disabling RIP Set the authentication method Characters Set the authentication methodTo RIP Specify that RIP V2 packets Configuring RIP Route Preference Configuring RIP Route Default-MetricMonitoring RIP Configuration Example 110 Ospf Ospf Overview Configuring Ospf Ospf Multipath Configuring Ospf Interface Parameters Enabling OspfOspf Interface Parameters Default Cost of an Ospf Interface Ospf Default Cost Per Port TypePort Media Type Speed Ospf Default Cost Configuring an Ospf Area Create an Ospf areaAdd an interface to an Ospf area Configuring Ospf Area Parameters Creating Virtual LinksAdd a stub host to an Ospf area Add a network to an Ospf area for Configuring Ospf for Different Types of Interfaces Create a virtualLink Set virtual link Monitoring Ospf Monitor Ospf error conditions Configured for OspfShow Ospf errors Show information about all interfaces Ospf Configuration Examples Routes Show Ospf timersShows information about all valid next Shows information about Ospf Border Exporting All Interface & Static Routes to Ospf Exporting All RIP, Interface & Static Routes to Ospf Create a Ospf export destination for type-1 routes Create a Ospf export destination for type-2 routesCreate a RIP export source Create a Static export source Create a RIP export destination Create Ospf export sourceCreate OSPF-ASE export source R10 Chapter BGP Configuration Guide BGP Overview Basic BGP Tasks SSR BGP Implementation Setting the Autonomous System Number Setting the Router IDConfiguring a BGP Peer Group Ip-router global set autonomous-system num1 loops num2 Where Autonomous-system number Using AS-Path Regular Expressions Adding and Removing a BGP PeerStarting BGP 130 Using the AS Path Prepend Feature AS-Path Regular Expression ExamplesTo import MCI routes with a preference BGP Configuration Examples Following is an example BGP Peering Session Example CLI configuration for router SSR1 is as follows AS-1 AS-2Physical Link Peering Relationship Ibgp Configuration Example CLI configuration for router SSR2 is as followsGated.conf file for router SSR1 is as follows Gated.conf file for router SSR2 is as follows Ibgp Routing Group Example Sample Ibgp Configuration Routing Group Type AS-64801 Following lines in the Cisco router configure Ospf Ibgp Internal Group Example Illustrates a sample Ibgp Internal group configuration Sample Ibgp Configuration Internal Group Type SmartSwitch Router User Reference Manual 141 Ebgp Multihop Configuration Example Configuration for router C1 a Cisco router is as followsConfiguration for router C2 a Cisco router is as follows AS-64800 Physical Link CLI configuration for router SSR3 is as follows CLI configuration for router SSR4 is as follows Community Attribute ExampleGated.conf file for router SSR3 is as follows Gated.conf file for router SSR4 is as follows Sample BGP Configuration Specific Community Sample BGP Configuration Well-Known Community , router SSR11 has the following configuration , router SSR13 has the following configuration , router SSR10 has the following configuration , router SSR14 has the following configuration SmartSwitch Router User Reference Manual 151 Local Preference Examples Sample BGP Configuration Local Preference Using the local-pref Option Using the set-pref OptionFor router SSR13, local-prefis set to Sample BGP Configuration MED Attribute Multi-Exit Discriminator Attribute Example Router SSR6 has the following CLI configuration Ebgp Aggregation ExampleAS-64900 AS-64901 Router SSR8 has the following CLI configuration Router SSR9 has the following CLI configurationRoute Reflection Example Shows a sample configuration that uses route reflection AS-64902 SmartSwitch Router User Reference Manual 159 160 Chapter Routing Policy Configuration Guide Route Import and Export Policy Overview Default Preference Values Preference Defined by CLI Command DefaultPreference Import Policies Import-Source Export Policies Route-FilterExport-Destination Export-Source Specifying a Route Filter Aggregates and Generates Aggregate-Destination Aggregate-Source Authentication Authentication Methods Configuring Simple Routing Policies Authentication Keys and Key Management Redistributing Static Routes Redistributing Directly Attached Networks Redistributing RIP into RIP Redistributing RIP into OspfRedistributing Ospf to RIP Redistributing Aggregate Routes Simple Route Redistribution Examples To redistribute aggregateRoutes into Ospf Example 1 Redistribution into RIP Exporting a Given Static Route to All RIP Interfaces Exporting All Static Routes to All RIP InterfacesExample 2 Redistribution into Ospf 174 Configuring Advanced Routing Policies 176 Creating an Export Destination Creating an Export Source Creating an Import Source Creating a Route FilterCreate a RIP import Destination Create an Ospf import Creating an Aggregate Route Creating an Aggregate Destination Creating an Aggregate SourceExamples of Import Policies Example 1 Importing from RIP R41 182 Rip add source-gateways 140.1.1.41 rip add trusted-gateways Example 2 Importing from Ospf 185 Routing Policy Configuration Importing a Selected Subset of OSPF-ASE Routes Examples of Export Policies Example 1 Exporting to RIP 188 Exporting a Given Static Route to a Specific RIP Interface 190 Exporting Aggregate-Routes into RIP Example 2 Exporting to Ospf SmartSwitch Router User Reference Manual 193 194 SmartSwitch Router User Reference Manual 195 196 Chapter Multicast Routing Configuration Guide IP Multicast OverviewIgmp Overview Dvmrp Overview Configuring Igmp Configuring Igmp on an IP InterfaceConfiguring Igmp Query Interval Configuring Igmp Response Wait Time Configuring Dvmrp Configuring Per-Interface Control of Igmp MembershipConfiguring Static Igmp Groups Ship to a specific group Configuring Dvmrp on an Interface Configuring Dvmrp ParametersStarting and Stopping Dvmrp Configuring the Dvmrp Routing Metric Configuring Dvmrp TTL & Scope Configuring a Dvmrp Tunnel Monitoring Igmp & DvmrpShows all the interfaces Membership details running Igmp Memberships on a port basis Show all Igmp timers Shows all Igmp groupShow information about multicasts Registered by Igmp Show Igmp status on a Vlan SmartSwitch Router User Reference Manual 205 206 Chapter IP Policy-Based Forwarding Configuration Guide Configuring IP Policies Defining an ACL ProfileAssociating the Profile with an IP Policy Setting the IP Policy Action Creating Multi-Statement IP Policies Setting Load Distribution for Next-Hop Gateways Applying an IP Policy to an InterfaceApplying an IP Policy to Locally Generated Packets IP Policy Configuration Examples Routing Traffic to Different ISPs Prioritizing Service to Customers Using an IP Policy to Prioritize Service to Customers Authenticating Users through a Firewall Using an IP Policy to Authenticate Users Through a Firewall Firewall Load Balancing Selecting Next Hop Gateway from IP Packet Information Following is the configuration for Policy Router 1 in Figure Monitoring IP Policies Ssr# ip-policy show policy-name p1 SmartSwitch Router User Reference Manual 217 218 Chapter Network Address Translation Configuration Guide Configuring NAT Setting Inside and Outside Interfaces Setting NAT Rules Forcing Flows through NATStatic Dynamic Managing Dynamic Bindings NAT and DNS Specify the FTP session timeout NAT and Icmp PacketsNAT and FTP Specify the FTP control port Static Configuration This section shows examples of NAT configurationsMonitoring NAT Next, define the interfaces to be NAT inside or outside Dynamic Configuration Using Static NAT Using Dynamic NAT Dynamic NAT with IP Overload PAT Configuration Using Dynamic NAT with IP Overload Dynamic NAT with DNS DNS Using Dynamic NAT with DNS Dynamic NAT with Outside Interface Redundancy Using Dynamic NAT with Matching Interface Redundancy Chapter Web Hosting Configuration Guide Configuring Load Balancing Load BalancingCreating the Server Group Adding Servers to the Load Balancing Group Session Persistence Persistence Default Binding Level Timeout Sticky Minutes Optional Group or Server Operating Parameters Specifying Load Balancing PolicySpecifying a Connection Threshold Verifying Servers and Applications Setting Server Status Verifying Extended ContentSpecify application verification Allowing Access to Load Balancing Servers Setting Timeouts for Load Balancing MappingsLoad Balancing and FTP Configuration Examples Displaying Load Balancing Information Web requests forwarded to One of the servers Router 10.1.1.4 Internet Web requests Domain Name Virtual IP TCP Port Real Server Virtual IP Address Ranges 207.135.89.16 207.135.89.17 207.135.89.18 207.135.89.50 Session and Netmask Persistence Configuring Web Caching Web CachingCreating the Cache Group Specifying the Clients for the Cache Group Optional Redirected to cache serversNot redirected to cache servers Redirecting Http Traffic on an Interface Configuration Example Other ConfigurationsBypassing Cache Servers Distributing Frequently-Accessed Sites Across Cache Servers Monitoring Web-CachingProxy Server Redundancy Show caching policy information Show cache server information Chapter IPX Routing Configuration Guide IPX Routing OverviewRIP Routing Information Protocol SAP Service Advertising Protocol Configuring IPX RIP & SAP Creating IPX InterfacesIPX Addresses Configuring IPX Interfaces and Parameters Configuring IPX Addresses to PortsConfiguring Secondary Addresses on an IPX Interface Configuring IPX Interfaces for a Vlan Configuring IPX Routing Specifying IPX Encapsulation MethodEnabling IPX RIP Enabling SAP Configuring Static Routes Configuring Static SAP Table EntriesControlling Access to IPX Networks Creating an IPX Access Control List Creating an IPX Type 20 Access Control List Creating an IPX SAP Access Control List Creating an IPX GNS Access Control List Creating an IPX RIP Access Control List Monitoring an IPX Network 258 Chapter Access Control List Configuration Guide ACL Basics Defining Selection Criteria in ACL Rules SmartSwitch Router User Reference Manual 261 How ACL Rules are Evaluated Implicit Deny Rule Allowing External Responses to Established TCP Connections Following ACL illustrates this feature Creating and Modifying ACLsEditing ACLs Offline Maintaining ACLs Using the ACL Editor Using ACLs Applying ACLs to InterfacesThese uses of ACLs are described in the following sections Applying ACLs to Services Applying ACLs to Layer-4 Bridging Ports Using ACLs as Profiles SSR Feature ACL Profile Usage Using Profile ACLs with the IP Policy Facility Using Profile ACLs with the Traffic Rate Limiting Facility Using Profile ACLs with Dynamic NAT Using Profile ACLs with the Port Mirroring Facility Using Profile ACLs with the Web Caching Facility Redirecting Http Traffic to Cache Servers Preventing Web Objects From Being Cached Enabling ACL Logging Monitoring ACLs Chapter Security Configuration Guide Security Overview Configuring SSR Access Security Configuring Radius Configuring Tacacs Monitoring RadiusMonitoring Tacacs Configuring Tacacs Plus Configuring Passwords Layer-2 Security FiltersMonitoring Tacacs Plus Configuring Layer-2 Address Filters Configuring Layer-2 Port-to-Address Lock Filters Configuring Layer-2 Static Entry FiltersConfigure a source static Configure a destination static Configuring Layer-2 Secure Port Filters Configure a source secure portConfigure a destination secure Port filter Monitoring Layer-2 Security Filters Layer-2 Filter Examples Static Entries Example Port-to-Address Lock Examples Layer-3 Access Control Lists ACLs Example 2 Secure Ports Layer-4 Bridging and Filtering Sample Vlan for Layer-4 bridging For example, to enable Layer-4 Bridging on the blue Vlan Creating a Port-Based Vlan for Layer-4 BridgingPlacing the Ports on the Same Vlan Enabling Layer-4 Bridging on the Vlan Applying a Layer-4 Bridging ACL to a Port SmartSwitch Router User Reference Manual 289 290 Chapter QoS Configuration Guide QoS & Layer-2/Layer-3/Layer-4 Flow Overview Layer-2 and Layer-3 & Layer-4 Flow Specification Traffic Prioritization for Layer-2 Flows Precedence for Layer-3 FlowsSSR Queuing Policies Configuring Layer-2 QoS 802.1p Priority MappingControl Creating and Applying a New Priority Map Removing or Disabling Per-Port Priority Map Configuring IP QoS Policies Traffic Prioritization for Layer-3 & Layer-4 FlowsDisplaying Priority Map Information Configuring IPX QoS Policies Setting an IP QoS PolicySetting an IPX QoS Policy Specifying Precedence for an IP QoS Policy Configuring SSR Queueing Policy Allocating Bandwidth for a Weighted-Fair Queuing PolicySpecifying Precedence for an IPX QoS Policy Weighted Random Early Detection Wred ToS Rewrite Configuring ToS Rewrite for IP Packets Tos-rewrite Tos-precedence-rewrite = 5 tos-rewrite = Monitoring QoS Limiting Traffic Rate Rate Limiting Modes Per-Flow Rate Limiting Port Rate LimitingPolicy Apply a per-flow rate limit Aggregate Rate Limiting Define a port rate limit policy toLimit incoming traffic on a port Limit outgoing traffic on a port Example Configurations Per-Flow Rate Limiting Aggregate Rate Limiting Displaying Rate Limit Information Chapter Performance Monitoring Guide Performance Monitoring Overview Show port error statistics Show information about the masterMAC table Show information about a Particular MAC address Show info about multicasts Configuring the SSR for Port Mirroring Monitoring Broadcast TrafficOnly IP ACLs can be specified for port mirroring 312 Rmon Rmon Overview Configuring and Enabling Rmon Example of Rmon Configuration Commands Rmon Groups Lite Rmon Groups Standard Rmon Groups Professional Rmon Groups Control Tables Using Rmon Configuring Rmon Groups Enabledisable Num status enabledisableString status enabledisable Size owner string status enabledisable Port port owner string status enabledisable Oid type absolutedelta status enabledisableRmon protocol-distribution index index-number Rmon user-history-control index index-number Displaying Rmon Information Rmon CLI Filters Following shows Host table output without a CLI filter 01000CCCCCCC Troubleshooting Rmon Using Rmon CLI FiltersCreating Rmon CLI Filters 326 Allocating Memory to Rmon Ssr# rmon show status Rmon set memory number Lfap Cabletron’s Traffic Accounting Services Configuring the Lfap Agent on the SSR Start the Lfap protocol on the SSR Allow external ACL policy control Command Displays Monitoring the Lfap Agent on the SSR WAN WAN Overview Configuring WAN Interfaces Primary and Secondary AddressesStatic, Mapped, and Dynamic Peer IP/IPX Addresses Static Addresses Following command line displays an example for a Vlan Following command line displays two examples for PPPMapped Addresses Dynamic Addresses Following command line displays an example for PPP Forcing Bridged EncapsulationPacket Compression Example Configurations Average Packet SizeNature of the Data Link Integrity WAN Quality of Service Packet Encryption Weighted-Fair Queueing Source Filtering and ACLsCongestion Management Random Early Discard RED Frame Relay Overview Virtual CircuitsAdaptive Shaping Configuring Frame Relay Interfaces for the SSR Permanent Virtual Circuits PVCs Setting up a Frame Relay Service Profile Applying a Service Profile to an Active Frame Relay WAN Port Frame Relay Port Configuration Monitoring Frame Relay WAN Ports 344 Configuring PPP Interfaces Point-to-Point Protocol PPP OverviewUse of LCP Magic Numbers Setting up a PPP Service Profile Defining the Type and Location of a PPP Interface Applying a Service Profile to an Active PPP Port Configuring Multilink PPP BundlesCompression on MLP Bundles or Links PPP Port Configuration Monitoring PPP WAN Ports Ssrconfig# ppp apply service profile2 ports hs.5.1 WAN Configuration Examples Simple Configuration File Multi-Router WAN Configuration Multi-router WAN configuration Router R1 Configuration File Following configuration file applies to Router R1Router R2 Configuration File Following configuration file applies to Router R2 Router R3 Configuration File Following configuration file applies to Router R3Router R4 Configuration File Following configuration file applies to Router R4 Router R5 Configuration File Following configuration file applies to Router R5Router R6 Configuration File Following configuration file applies to Router R6 SmartSwitch Router User Reference Manual 355 356 Appendix a New Features Supported on Line Cards IntroductionSSR 8000/8600 Line Cards Line Cards Available Prior to the 3.0 Firmware Release Pre-3.0 SSR Firmware Line Card Part Number Features WFQ Line Card Part Firmware Number Features Listed 3.0 FeaturesLine Cards Introduced at the 3.1 Firmware Release T-Series Pre-3.0 Routing Table on Pre-3.0 Line card POS OC-12cSMF SSR-ATM29-02 ATM OC-3c SSR-ATM31-02 ATM OC-12c SSR 2000 Line Cards SSR-2-LX70AAs -- Chassis AAs Line Cards New Features that Require Specific Line Cards Network Address TranslationSSR-2-LX70-AA Page Load Balancing Lsnat Layer 4 Bridging Per-Protocol Vlan QoS Rate Limiting Port Rate Limiting ToS Rewrite Established Bit ACLMultiple IPX Encapsulation Weighted Random Early Detection Wred Port Interface Ingress Port Egress Port Features BaseSummary Jumbo Frames Identifying a Line Card Multiple IPX Encapsulation Interface AA/T-seriesExample Non -AA Line Card 372