Cabletron Systems 9032578-05 manual

Chapter 19

Access Control List

Configuration

Guide

This chapter explains how to configure and use Access Control Lists (ACLs) on the SSR. ACLs are lists of selection criteria for specific types of packets. When used in conjunction with certain SSR functions, ACLs allow you to restrict Layer-3/4 traffic going through the router.

This chapter contains the following sections:

•“ACL Basics” on page 260 explains how ACLs are defined and how the SSR evaluates them.

•“Creating and Modifying ACLs” on page 264 describes how to edit ACLs, either remotely or by using the the SSR’s built-in ACL Editor function.

•“Using ACLs” on page 266 describes the different kinds of ACLs: Interface ACLs, Service ACLs, Layer-4 Bridging ACLs, and Profile ACLs, and gives examples of their usage.

•“Enabling ACL Logging” on page 273 explains how to log information about packets that are permitted or denied because of an ACL.

•“Monitoring ACLs” on page 274 lists the commands you can use to display information about ACLs active on the SSR.

SmartSwitch Router User Reference Manual

259

Image 285

Cabletron Systems 9032578-05 manual Chapter Access Control List Configuration Guide

Contents

9032578-05 SmartSwitch Router User Reference Manual Changes CopyrightDisclaimer Trademarks Regulatory Compliance Statements Regulatory Compliance Information Vcci Compliance Statement Industry Canada Compliance Statement Laser Radiation and Connectors Safety Information Class 1 Laser Transceivers Cabletron Systems, Inc Program License Agreement SmartSwitch Router User Reference Manual Vii Viii SmartSwitch Router User Reference Manual SmartSwitch Router User Reference Manual Cabletron Systems Limited Program License Agreement Cabletron Systems Limited Program License Agreement Declaration of Conformity Addendum Contents SmartTRUNK Configuration Guide Dhcp Configuration Guide Vrrp Configuration Guide 111 160 Routing Policy Configuration Guide 161 197 Firewall Load Balancing 214 Monitoring IP Policies 215 Network Address Translation Configuration Guide 249 QoS & Layer-2/Layer-3/Layer-4 Flow Overview 291 Security Configuration Guide 275 309 Lfap Configuration Guide 329 357 Contents Xxvi SmartSwitch Router User Reference Manual Related Documentation About This ManualDocument Conventions For Information About See Optional Keywords and arguments within a set of square brackets areKeywords or arguments separated by vertical bars indicate a Choice. Select one keyword or argument Chapter Introduction Configuration Files Command Modes Using the Command Line InterfaceUser Mode Enable Mode Getting Help with CLI Commands Configure ModeBoot Prom Mode CLI completes the command as follows CLI Line Editing Commands Line Editing Commands Previous command from history buffer Next command from history bufferWord-backward command Show all commands currently stored in the history buffer Commands to Display and Change Configuration Information Displaying and Changing Configuration Information Erase scratchpad Task CommandErase startup Save active Each port in the SSR is referred to in the following manner Port NamesPort Numbers for Line Cards Line Card Port Number Arrangement Left to Right Hssi WAN Base LLX Quad Serial WAN Hot Swapping Overview Chapter Hot Swapping Line Cards Control Modules Deactivating the Line Card Hot Swapping Line Cards Installing a New Line Card Removing the Line CardHot Swapping One Type of Line Card With Another Deactivating the Control Module Hot Swapping a Secondary Control Module Removing the Control Module Installing a Control Module Hot Swapping a Switching Fabric Module SSR 8600 only Installing a Switching Fabric Module Removing the Switching Fabric ModulePage Chapter Bridging Configuration Guide Bridging OverviewSpanning Tree Ieee 802.1d Bridging Modes Flow-Based and Address-Based Vlan Overview MAC-address-based VLANs Port-based VLANsProtocol-based VLANs Subnet-based VLANs Multicast-based VLANs SSR Vlan SupportPolicy-based VLANs VLANs and the SSR Ports, VLANs, and L3 Interfaces Access Ports and Trunk Ports 802.1Q support Configuring SSR Bridging Functions Configuring Address-based or Flow-based BridgingExplicit and Implicit VLANs Address-Based Bridge Table Flow-Based Bridge Table SSR Configuring Spanning Tree Adjusting Spanning-Tree ParametersMore ports for a particular Vlan Setting the Bridge Priority Setting a Port PriorityAssigning Port Costs Adjusting the Interval between Hello Times Adjusting Bridge Protocol Data Unit Bpdu IntervalsDefining the Forward Delay Interval Defining the Maximum Age Configuring Vlan Trunk Ports Configuring a Port- or Protocol-Based VlanCreating a Port or Protocol Based Vlan Adding Ports to a Vlan Configuring Layer-2 Filters Configuring VLANs for Bridging Configuration Examples Monitoring BridgingCreating an IP or IPX Vlan Next, assign ports to the ‘RED’ Vlan Creating a non-IP/non-IPX Vlan Overview Chapter SmartTRUNK Configuration Guide Configuring SmartTRUNKs Creating a SmartTRUNKAdd Physical Ports to the SmartTRUNK Specify Traffic Distribution Policy Optional Monitoring SmartTRUNKs St.2 St.4 Router Switch Server Example Configurations SmartTRUNK Configuration Guide Page Chapter ATM Configuration Guide ATM OverviewVirtual Channels Service Class Definition Creating a Virtual ChannelAtm create vcl port port list Creating a Service Class Definition Applying a Service Class Definition Cell Scrambling Enabling Cell ScramblingAtm set port port list pdh-cell-scramble on off Selecting the Cell Mapping Format Cell MappingPdh-cell-scramble onoff Atm set port port list cell-mapping direct plcp Setting the Bit Allocation for VPI Creating a Non-Zero VPIAtm set port port list vpi-bits num Atm show vpl port port list all-ports Displaying ATM Port Information Atm show serviceall B3ZS Atm show port-settings port list all-ports For T1 framing Esf indicates extended super frame and is usedG832 is used for E3 framing G751 is used for E3 framing Consider the following network configuration ATM Sample Configuration Defining an ATM Service Class Configuring an Interface on an Ethernet Port Applying an ATM Service Class Configuring an Interface on an ATM PortConfiguring an IP Route Ssr1config# ip add route 11.1.2.0/24 gateway ATM Sample Configuration Chapter Packet-over-SONET Configuration Guide Configuring IP Interfaces for PoS Links Configuring Packet-over-SONET Links Configuring Automatic Protection Switching Configuring Working and Protecting Ports Specifying Bit Error Rate Thresholds Threshold Specify signal failure BER Specify signal degrade BERMonitoring PoS Ports Threshold Following is the configuration for router a This section shows example configurations for PoS linksFollowing is the configuration for router B APS PoS Links Between SSRs Router So.6.1 So-1 40.1.1.1/16 PoS Link Between the SSR and a Cisco Router Router So.6.1 Bridging and Routing Traffic Over a PoS LinkPage Configuration Guide ChapterDhcp Overview Configuring an IP Address Pool Configuring DhcpConfiguring Client Parameters Client Parameters Grouping Scopes with a Common Interface Configuring a Static IP Address Configuring Dhcp Server Parameters Updating the Lease DatabaseMonitoring the Dhcp Server Define Dhcp network parameters for the scope ‘scope1’ Dhcp Configuration ExamplesDefine an IP address pool for addresses 10.1.1.10 through Define a static IP address for Configuring Secondary Subnets Include ‘scope2’ in the superscope ‘super1’ Secondary Subnets and Directly-Connected Clients Interacting with Relay Agents Define the address pool for ‘scope1’ Page Chapter IP Routing Configuration Guide IP Routing ProtocolsUnicast Routing Protocols Multicast Routing Protocols Configuring IP Interfaces and Parameters Configuring IP Interfaces to Ports Configuring IP Interfaces for a VlanSpecifying Ethernet Encapsulation Method Configuring Jumbo Frames Configuring ARP Cache Entries Configuring Address Resolution Protocol ARPTo clear the entire ARP table Unresolved MAC Addresses for ARP Entries Configuring Proxy ARP Configuring Reverse Address Resolution Protocol Rarp Defining MAC-to-IP Address Mappings Specifying IP Interfaces for Rarp Configuring IP Services Icmp Configuring DNS ParametersConfiguring IP Helper Monitoring Rarp Configuring Direct Broadcast Monitoring IP Parameters Configuring Denial of Service DOS Arp show all Configuring Router DiscoveryInterface show ip System show dns Ssrconfig# rdisc add address Ssr# rdisc show all To display router discovery information Assigning IP/IPX Interfaces Vrrp Overview Configuring Vrrp Backup Basic Vrrp ConfigurationConfiguration of Router R1 Following is the configuration file for Router R1 in Figure Symmetrical Configuration Configuration for Router R2Following is the configuration file for Router R2 in Figure Symmetrical Vrrp Configuration Master for VRID=1 Master for VRID=2 Backup for VRID=2 Configuration of Router R2 Multi-Backup Configuration Multi-Backup Vrrp Configuration Configuration of Router R1 Virtual Router Default Priority Configured Priority Additional Configuration Configuration of Router R3Following is the configuration file for Router R3 in Figure Setting the Backup Priority Setting the Advertisement IntervalSetting Pre-empt Mode Setting an Authentication Key Monitoring VrrpIp-redundancy trace Ssr# ip-redundancy show vrrp interface int1 Ip-redundancy show Ssr# ip-redundancy show vrrp 1 interface int1 verbose Vrrp Configuration Notes 104 Chapter RIP Configuration Guide Configuring RIPRIP Overview Configuring RIP Interfaces Configuring RIP ParametersEnabling and Disabling RIP Characters Set the authentication method Set the authentication methodTo RIP Specify that RIP V2 packets Configuring RIP Route Preference Configuring RIP Route Default-MetricMonitoring RIP Configuration Example 110 Ospf Overview Ospf Ospf Multipath Configuring Ospf Configuring Ospf Interface Parameters Enabling OspfOspf Interface Parameters Default Cost of an Ospf Interface Ospf Default Cost Per Port TypePort Media Type Speed Ospf Default Cost Configuring an Ospf Area Create an Ospf areaAdd an interface to an Ospf area Creating Virtual Links Configuring Ospf Area ParametersAdd a stub host to an Ospf area Add a network to an Ospf area for Create a virtual Configuring Ospf for Different Types of InterfacesLink Set virtual link Monitoring Ospf Configured for Ospf Monitor Ospf error conditionsShow Ospf errors Show information about all interfaces Routes Show Ospf timers Ospf Configuration ExamplesShows information about all valid next Shows information about Ospf Border Exporting All RIP, Interface & Static Routes to Ospf Exporting All Interface & Static Routes to Ospf Create a Ospf export destination for type-2 routes Create a Ospf export destination for type-1 routesCreate a RIP export source Create a Static export source Create a RIP export destination Create Ospf export sourceCreate OSPF-ASE export source R10 BGP Overview Chapter BGP Configuration Guide SSR BGP Implementation Basic BGP Tasks Setting the Router ID Setting the Autonomous System NumberConfiguring a BGP Peer Group Ip-router global set autonomous-system num1 loops num2 Autonomous-system number Where Using AS-Path Regular Expressions Adding and Removing a BGP PeerStarting BGP 130 Using the AS Path Prepend Feature AS-Path Regular Expression ExamplesTo import MCI routes with a preference Following is an example BGP Configuration Examples BGP Peering Session Example CLI configuration for router SSR1 is as follows AS-1 AS-2Physical Link Peering Relationship CLI configuration for router SSR2 is as follows Ibgp Configuration ExampleGated.conf file for router SSR1 is as follows Gated.conf file for router SSR2 is as follows Ibgp Routing Group Example AS-64801 Sample Ibgp Configuration Routing Group Type Following lines in the Cisco router configure Ospf Ibgp Internal Group Example Sample Ibgp Configuration Internal Group Type Illustrates a sample Ibgp Internal group configuration SmartSwitch Router User Reference Manual 141 Ebgp Multihop Configuration Example Configuration for router C1 a Cisco router is as followsConfiguration for router C2 a Cisco router is as follows Physical Link AS-64800 CLI configuration for router SSR3 is as follows Community Attribute Example CLI configuration for router SSR4 is as followsGated.conf file for router SSR3 is as follows Gated.conf file for router SSR4 is as follows Sample BGP Configuration Specific Community Sample BGP Configuration Well-Known Community , router SSR11 has the following configuration , router SSR13 has the following configuration , router SSR14 has the following configuration , router SSR10 has the following configuration SmartSwitch Router User Reference Manual 151 Local Preference Examples Sample BGP Configuration Local Preference Using the local-pref Option Using the set-pref OptionFor router SSR13, local-prefis set to Multi-Exit Discriminator Attribute Example Sample BGP Configuration MED Attribute Ebgp Aggregation Example Router SSR6 has the following CLI configurationAS-64900 AS-64901 Router SSR8 has the following CLI configuration Router SSR9 has the following CLI configurationRoute Reflection Example AS-64902 Shows a sample configuration that uses route reflection SmartSwitch Router User Reference Manual 159 160 Route Import and Export Policy Overview Chapter Routing Policy Configuration Guide Default Preference Values Preference Defined by CLI Command DefaultPreference Import-Source Import Policies Route-Filter Export PoliciesExport-Destination Export-Source Specifying a Route Filter Aggregates and Generates Aggregate-Source Aggregate-Destination Authentication Methods Authentication Authentication Keys and Key Management Configuring Simple Routing Policies Redistributing Directly Attached Networks Redistributing Static Routes Redistributing RIP into Ospf Redistributing RIP into RIPRedistributing Ospf to RIP Redistributing Aggregate Routes To redistribute aggregate Simple Route Redistribution ExamplesRoutes into Ospf Example 1 Redistribution into RIP Exporting a Given Static Route to All RIP Interfaces Exporting All Static Routes to All RIP InterfacesExample 2 Redistribution into Ospf 174 Configuring Advanced Routing Policies 176 Creating an Export Source Creating an Export Destination Creating a Route Filter Creating an Import SourceCreate a RIP import Destination Create an Ospf import Creating an Aggregate Route Creating an Aggregate Source Creating an Aggregate DestinationExamples of Import Policies Example 1 Importing from RIP R41 182 Rip add source-gateways 140.1.1.41 rip add trusted-gateways Example 2 Importing from Ospf 185 Routing Policy Configuration Importing a Selected Subset of OSPF-ASE Routes Example 1 Exporting to RIP Examples of Export Policies 188 Exporting a Given Static Route to a Specific RIP Interface 190 Exporting Aggregate-Routes into RIP Example 2 Exporting to Ospf SmartSwitch Router User Reference Manual 193 194 SmartSwitch Router User Reference Manual 195 196 Chapter Multicast Routing Configuration Guide IP Multicast OverviewIgmp Overview Dvmrp Overview Configuring Igmp on an IP Interface Configuring IgmpConfiguring Igmp Query Interval Configuring Igmp Response Wait Time Configuring Per-Interface Control of Igmp Membership Configuring DvmrpConfiguring Static Igmp Groups Ship to a specific group Configuring Dvmrp on an Interface Configuring Dvmrp ParametersStarting and Stopping Dvmrp Configuring Dvmrp TTL & Scope Configuring the Dvmrp Routing Metric Monitoring Igmp & Dvmrp Configuring a Dvmrp TunnelShows all the interfaces Membership details running Igmp Shows all Igmp group Memberships on a port basis Show all Igmp timersShow information about multicasts Registered by Igmp Show Igmp status on a Vlan SmartSwitch Router User Reference Manual 205 206 Chapter IP Policy-Based Forwarding Configuration Guide Configuring IP Policies Defining an ACL ProfileAssociating the Profile with an IP Policy Creating Multi-Statement IP Policies Setting the IP Policy Action Setting Load Distribution for Next-Hop Gateways Applying an IP Policy to an InterfaceApplying an IP Policy to Locally Generated Packets Routing Traffic to Different ISPs IP Policy Configuration Examples Using an IP Policy to Prioritize Service to Customers Prioritizing Service to Customers Using an IP Policy to Authenticate Users Through a Firewall Authenticating Users through a Firewall Selecting Next Hop Gateway from IP Packet Information Firewall Load Balancing Monitoring IP Policies Following is the configuration for Policy Router 1 in Figure Ssr# ip-policy show policy-name p1 SmartSwitch Router User Reference Manual 217 218 Chapter Network Address Translation Configuration Guide Setting Inside and Outside Interfaces Configuring NAT Forcing Flows through NAT Setting NAT RulesStatic Dynamic NAT and DNS Managing Dynamic Bindings NAT and Icmp Packets Specify the FTP session timeoutNAT and FTP Specify the FTP control port This section shows examples of NAT configurations Static ConfigurationMonitoring NAT Next, define the interfaces to be NAT inside or outside Using Static NAT Dynamic Configuration Using Dynamic NAT Using Dynamic NAT with IP Overload Dynamic NAT with IP Overload PAT Configuration DNS Dynamic NAT with DNS Dynamic NAT with Outside Interface Redundancy Using Dynamic NAT with DNS Using Dynamic NAT with Matching Interface Redundancy Chapter Web Hosting Configuration Guide Load Balancing Configuring Load BalancingCreating the Server Group Adding Servers to the Load Balancing Group Session Persistence Sticky Minutes Persistence Default Binding Level Timeout Optional Group or Server Operating Parameters Specifying Load Balancing PolicySpecifying a Connection Threshold Verifying Servers and Applications Setting Server Status Verifying Extended ContentSpecify application verification Allowing Access to Load Balancing Servers Setting Timeouts for Load Balancing MappingsLoad Balancing and FTP Displaying Load Balancing Information Configuration Examples 10.1.1.4 Internet Web requests Web requests forwarded to One of the servers Router Domain Name Virtual IP TCP Port Real Server 207.135.89.16 207.135.89.17 207.135.89.18 207.135.89.50 Virtual IP Address Ranges Session and Netmask Persistence Configuring Web Caching Web CachingCreating the Cache Group Redirected to cache servers Specifying the Clients for the Cache Group OptionalNot redirected to cache servers Redirecting Http Traffic on an Interface Configuration Example Other ConfigurationsBypassing Cache Servers Distributing Frequently-Accessed Sites Across Cache Servers Monitoring Web-CachingProxy Server Redundancy Show cache server information Show caching policy information Chapter IPX Routing Configuration Guide IPX Routing OverviewRIP Routing Information Protocol SAP Service Advertising Protocol Configuring IPX RIP & SAP Creating IPX InterfacesIPX Addresses Configuring IPX Addresses to Ports Configuring IPX Interfaces and ParametersConfiguring Secondary Addresses on an IPX Interface Configuring IPX Interfaces for a Vlan Specifying IPX Encapsulation Method Configuring IPX RoutingEnabling IPX RIP Enabling SAP Configuring Static SAP Table Entries Configuring Static RoutesControlling Access to IPX Networks Creating an IPX Access Control List Creating an IPX SAP Access Control List Creating an IPX Type 20 Access Control List Creating an IPX RIP Access Control List Creating an IPX GNS Access Control List Monitoring an IPX Network 258 Chapter Access Control List Configuration Guide Defining Selection Criteria in ACL Rules ACL Basics SmartSwitch Router User Reference Manual 261 Implicit Deny Rule How ACL Rules are Evaluated Allowing External Responses to Established TCP Connections Following ACL illustrates this feature Creating and Modifying ACLsEditing ACLs Offline Maintaining ACLs Using the ACL Editor Using ACLs Applying ACLs to InterfacesThese uses of ACLs are described in the following sections Applying ACLs to Layer-4 Bridging Ports Applying ACLs to Services SSR Feature ACL Profile Usage Using ACLs as Profiles Using Profile ACLs with the Traffic Rate Limiting Facility Using Profile ACLs with the IP Policy Facility Using Profile ACLs with Dynamic NAT Using Profile ACLs with the Web Caching Facility Using Profile ACLs with the Port Mirroring Facility Preventing Web Objects From Being Cached Redirecting Http Traffic to Cache Servers Enabling ACL Logging Monitoring ACLs Security Overview Chapter Security Configuration Guide Configuring Radius Configuring SSR Access Security Configuring Tacacs Monitoring RadiusMonitoring Tacacs Configuring Tacacs Plus Configuring Passwords Layer-2 Security FiltersMonitoring Tacacs Plus Configuring Layer-2 Address Filters Configuring Layer-2 Static Entry Filters Configuring Layer-2 Port-to-Address Lock FiltersConfigure a source static Configure a destination static Configure a source secure port Configuring Layer-2 Secure Port FiltersConfigure a destination secure Port filter Layer-2 Filter Examples Monitoring Layer-2 Security Filters Port-to-Address Lock Examples Static Entries Example Example 2 Secure Ports Layer-3 Access Control Lists ACLs Sample Vlan for Layer-4 bridging Layer-4 Bridging and Filtering Creating a Port-Based Vlan for Layer-4 Bridging For example, to enable Layer-4 Bridging on the blue VlanPlacing the Ports on the Same Vlan Enabling Layer-4 Bridging on the Vlan Applying a Layer-4 Bridging ACL to a Port SmartSwitch Router User Reference Manual 289 290 QoS & Layer-2/Layer-3/Layer-4 Flow Overview Chapter QoS Configuration Guide Layer-2 and Layer-3 & Layer-4 Flow Specification Traffic Prioritization for Layer-2 Flows Precedence for Layer-3 FlowsSSR Queuing Policies Configuring Layer-2 QoS 802.1p Priority MappingControl Removing or Disabling Per-Port Priority Map Creating and Applying a New Priority Map Configuring IP QoS Policies Traffic Prioritization for Layer-3 & Layer-4 FlowsDisplaying Priority Map Information Setting an IP QoS Policy Configuring IPX QoS PoliciesSetting an IPX QoS Policy Specifying Precedence for an IP QoS Policy Configuring SSR Queueing Policy Allocating Bandwidth for a Weighted-Fair Queuing PolicySpecifying Precedence for an IPX QoS Policy ToS Rewrite Weighted Random Early Detection Wred Tos-rewrite Configuring ToS Rewrite for IP Packets Tos-precedence-rewrite = 5 tos-rewrite = Monitoring QoS Rate Limiting Modes Limiting Traffic Rate Port Rate Limiting Per-Flow Rate LimitingPolicy Apply a per-flow rate limit Define a port rate limit policy to Aggregate Rate LimitingLimit incoming traffic on a port Limit outgoing traffic on a port Per-Flow Rate Limiting Example Configurations Aggregate Rate Limiting Displaying Rate Limit Information Performance Monitoring Overview Chapter Performance Monitoring Guide Show information about the master Show port error statisticsMAC table Show information about a Particular MAC address Show info about multicasts Configuring the SSR for Port Mirroring Monitoring Broadcast TrafficOnly IP ACLs can be specified for port mirroring 312 Rmon Overview Rmon Example of Rmon Configuration Commands Configuring and Enabling Rmon Lite Rmon Groups Rmon Groups Professional Rmon Groups Standard Rmon Groups Control Tables Using Rmon Configuring Rmon Groups Num status enabledisable EnabledisableString status enabledisable Size owner string status enabledisable Oid type absolutedelta status enabledisable Port port owner string status enabledisableRmon protocol-distribution index index-number Rmon user-history-control index index-number Displaying Rmon Information Rmon CLI Filters 01000CCCCCCC Following shows Host table output without a CLI filter Troubleshooting Rmon Using Rmon CLI FiltersCreating Rmon CLI Filters 326 Ssr# rmon show status Allocating Memory to Rmon Rmon set memory number Lfap Configuring the Lfap Agent on the SSR Cabletron’s Traffic Accounting Services Allow external ACL policy control Start the Lfap protocol on the SSR Monitoring the Lfap Agent on the SSR Command Displays WAN Overview WAN Primary and Secondary Addresses Configuring WAN InterfacesStatic, Mapped, and Dynamic Peer IP/IPX Addresses Static Addresses Following command line displays two examples for PPP Following command line displays an example for a VlanMapped Addresses Dynamic Addresses Following command line displays an example for PPP Forcing Bridged EncapsulationPacket Compression Average Packet Size Example ConfigurationsNature of the Data Link Integrity Packet Encryption WAN Quality of Service Source Filtering and ACLs Weighted-Fair QueueingCongestion Management Random Early Discard RED Frame Relay Overview Virtual CircuitsAdaptive Shaping Permanent Virtual Circuits PVCs Configuring Frame Relay Interfaces for the SSR Applying a Service Profile to an Active Frame Relay WAN Port Setting up a Frame Relay Service Profile Monitoring Frame Relay WAN Ports Frame Relay Port Configuration 344 Configuring PPP Interfaces Point-to-Point Protocol PPP OverviewUse of LCP Magic Numbers Defining the Type and Location of a PPP Interface Setting up a PPP Service Profile Applying a Service Profile to an Active PPP Port Configuring Multilink PPP BundlesCompression on MLP Bundles or Links Monitoring PPP WAN Ports PPP Port Configuration Ssrconfig# ppp apply service profile2 ports hs.5.1 Simple Configuration File WAN Configuration Examples Multi-router WAN configuration Multi-Router WAN Configuration Following configuration file applies to Router R1 Router R1 Configuration FileRouter R2 Configuration File Following configuration file applies to Router R2 Following configuration file applies to Router R3 Router R3 Configuration FileRouter R4 Configuration File Following configuration file applies to Router R4 Following configuration file applies to Router R5 Router R5 Configuration FileRouter R6 Configuration File Following configuration file applies to Router R6 SmartSwitch Router User Reference Manual 355 356 Introduction Appendix a New Features Supported on Line CardsSSR 8000/8600 Line Cards Line Cards Available Prior to the 3.0 Firmware Release WFQ Pre-3.0 SSR Firmware Line Card Part Number Features Listed 3.0 Features Line Card Part Firmware Number FeaturesLine Cards Introduced at the 3.1 Firmware Release T-Series Pre-3.0 POS OC-12cSMF SSR-ATM29-02 ATM OC-3c SSR-ATM31-02 ATM OC-12c Routing Table on Pre-3.0 Line card SSR-2-LX70 SSR 2000 Line CardsAAs -- Chassis AAs Line Cards New Features that Require Specific Line Cards Network Address TranslationSSR-2-LX70-AA Page Load Balancing Lsnat Layer 4 Bridging Per-Protocol Vlan Port Rate Limiting QoS Rate Limiting ToS Rewrite Established Bit ACLMultiple IPX Encapsulation Port Interface Ingress Port Egress Port Features Base Weighted Random Early Detection WredSummary Jumbo Frames Identifying a Line Card Multiple IPX Encapsulation Interface AA/T-seriesExample Non -AA Line Card 372