Manuals / Cabletron Systems / Computer Equipment / Network Router

Cabletron Systems 9032578-05 manual Monitoring Layer-2 Security Filters, Layer-2 Filter Examples

Models: 9032578-05

1 398

Download 398 pages 17.39 Kb

Page 309

Chapter 20: Security Configuration Guide

Monitoring Layer-2 Security Filters

The SSR provides display of Layer-2 security filter configurations contained in the routing table.

To display security filter information, enter the following commands in Enable mode.

Show address filters.	filters show address-filter
	[all-sourceall-destinationall-flow]
	[source-mac <MACaddr> dest-mac <MACaddr>]
	[ports <port-list>] [vlan <VLAN-num>]

Show port address lock	filters show port-address-lock ports
filters.	[ports <port-list>] [vlan <VLAN-num>]
	[source-mac <MACaddr>]

Show secure port filters.	filters show secure-port

Show static entry filters.	filters show static-entry
	[all-sourceall-destinationall-flow]
	ports <port-list> vlan <VLAN-num>
	[source-mac <MACaddr> dest-mac <MACaddr>]

Layer-2 Filter Examples

SSR

et.1.1

et.1.2

et.1.3

Hub

Engineering

Finance

File Servers

File Servers

Engineers,

Consultant

Figure 24. Source Filter Example

Example 1: Address Filters

Source filter: The consultant is not allowed to access any file servers. The consultant is only allowed to interact with the engineers on the same Ethernet segment – port et.1.1. All traffic coming from the consultant’s MAC address will be dropped.

filters add address-filter name consultant source-mac 001122:334455 vlan 1 in-port-list et.1.1

SmartSwitch Router User Reference Manual

283

Image 309

Cabletron Systems 9032578-05 manual Monitoring Layer-2 Security Filters, Layer-2 Filter Examples

Contents

9032578-05 SmartSwitch Router User Reference ManualChanges CopyrightDisclaimer TrademarksRegulatory Compliance Statements Regulatory Compliance InformationVcci Compliance Statement Industry Canada Compliance StatementLaser Radiation and Connectors Safety Information Class 1 Laser TransceiversCabletron Systems, Inc Program License Agreement SmartSwitch Router User Reference Manual Vii Viii SmartSwitch Router User Reference Manual SmartSwitch Router User Reference Manual Cabletron Systems Limited Program License Agreement Cabletron Systems Limited Program License Agreement Declaration of Conformity Addendum Contents SmartTRUNK Configuration Guide Dhcp Configuration Guide Vrrp Configuration Guide 111 160 Routing Policy Configuration Guide 161197 Firewall Load Balancing 214 Monitoring IP Policies 215 Network Address Translation Configuration Guide249 QoS & Layer-2/Layer-3/Layer-4 Flow Overview 291 Security Configuration Guide 275309 Lfap Configuration Guide 329 357 Contents Xxvi SmartSwitch Router User Reference Manual Related Documentation About This ManualDocument Conventions For Information About SeeOptional Keywords and arguments within a set of square brackets areKeywords or arguments separated by vertical bars indicate a Choice. Select one keyword or argumentChapter Introduction Configuration FilesCommand Modes Using the Command Line InterfaceUser Mode Enable ModeGetting Help with CLI Commands Configure ModeBoot Prom Mode CLI completes the command as follows CLI Line Editing Commands Line Editing CommandsPrevious command from history buffer Next command from history bufferWord-backward command Show all commands currently stored in the history bufferCommands to Display and Change Configuration Information Displaying and Changing Configuration InformationErase scratchpad Task CommandErase startup Save activeEach port in the SSR is referred to in the following manner Port NamesPort Numbers for Line Cards Line Card Port Number Arrangement Left to RightHssi WAN Base LLX Quad Serial WANHot Swapping Overview Chapter Hot Swapping Line Cards Control ModulesDeactivating the Line Card Hot Swapping Line CardsInstalling a New Line Card Removing the Line CardHot Swapping One Type of Line Card With Another Deactivating the Control Module Hot Swapping a Secondary Control ModuleRemoving the Control Module Installing a Control ModuleHot Swapping a Switching Fabric Module SSR 8600 only Installing a Switching Fabric Module Removing the Switching Fabric ModulePage Chapter Bridging Configuration Guide Bridging OverviewSpanning Tree Ieee 802.1d Bridging Modes Flow-Based and Address-Based Vlan OverviewMAC-address-based VLANs Port-based VLANsProtocol-based VLANs Subnet-based VLANsMulticast-based VLANs SSR Vlan SupportPolicy-based VLANs VLANs and the SSRPorts, VLANs, and L3 Interfaces Access Ports and Trunk Ports 802.1Q supportConfiguring SSR Bridging Functions Configuring Address-based or Flow-based BridgingExplicit and Implicit VLANs Address-Based Bridge Table Flow-Based Bridge Table SSRConfiguring Spanning Tree Adjusting Spanning-Tree ParametersMore ports for a particular Vlan Setting the Bridge Priority Setting a Port PriorityAssigning Port Costs Adjusting the Interval between Hello Times Adjusting Bridge Protocol Data Unit Bpdu IntervalsDefining the Forward Delay Interval Defining the Maximum AgeConfiguring Vlan Trunk Ports Configuring a Port- or Protocol-Based VlanCreating a Port or Protocol Based Vlan Adding Ports to a VlanConfiguring Layer-2 Filters Configuring VLANs for BridgingConfiguration Examples Monitoring BridgingCreating an IP or IPX Vlan Next, assign ports to the ‘RED’ Vlan Creating a non-IP/non-IPX VlanOverview Chapter SmartTRUNK Configuration GuideConfiguring SmartTRUNKs Creating a SmartTRUNKAdd Physical Ports to the SmartTRUNK Specify Traffic Distribution Policy Optional Monitoring SmartTRUNKsSt.2 St.4 Router Switch Server Example ConfigurationsSmartTRUNK Configuration Guide Page Chapter ATM Configuration Guide ATM OverviewVirtual Channels Service Class Definition Creating a Virtual ChannelAtm create vcl port port list Creating a Service Class Definition Applying a Service Class Definition Cell Scrambling Enabling Cell ScramblingAtm set port port list pdh-cell-scramble on off Selecting the Cell Mapping Format Cell MappingPdh-cell-scramble onoff Atm set port port list cell-mapping direct plcpSetting the Bit Allocation for VPI Creating a Non-Zero VPIAtm set port port list vpi-bits num Atm show vpl port port list all-ports Displaying ATM Port InformationAtm show serviceall B3ZS Atm show port-settings port list all-portsFor T1 framing Esf indicates extended super frame and is usedG832 is used for E3 framing G751 is used for E3 framingConsider the following network configuration ATM Sample ConfigurationDefining an ATM Service Class Configuring an Interface on an Ethernet PortApplying an ATM Service Class Configuring an Interface on an ATM PortConfiguring an IP Route Ssr1config# ip add route 11.1.2.0/24 gateway ATM Sample Configuration Chapter Packet-over-SONET Configuration Guide Configuring IP Interfaces for PoS Links Configuring Packet-over-SONET LinksConfiguring Automatic Protection Switching Configuring Working and Protecting Ports Specifying Bit Error Rate Thresholds Threshold Specify signal failure BER Specify signal degrade BERMonitoring PoS Ports ThresholdFollowing is the configuration for router a This section shows example configurations for PoS linksFollowing is the configuration for router B APS PoS Links Between SSRsRouter So.6.1 So-1 40.1.1.1/16 PoS Link Between the SSR and a Cisco RouterRouter So.6.1 Bridging and Routing Traffic Over a PoS LinkPage Configuration Guide ChapterDhcp Overview Configuring an IP Address Pool Configuring DhcpConfiguring Client Parameters Client ParametersGrouping Scopes with a Common Interface Configuring a Static IP AddressConfiguring Dhcp Server Parameters Updating the Lease DatabaseMonitoring the Dhcp Server Define Dhcp network parameters for the scope ‘scope1’ Dhcp Configuration ExamplesDefine an IP address pool for addresses 10.1.1.10 through Define a static IP address forConfiguring Secondary Subnets Include ‘scope2’ in the superscope ‘super1’ Secondary Subnets and Directly-Connected ClientsInteracting with Relay Agents Define the address pool for ‘scope1’ Page Chapter IP Routing Configuration Guide IP Routing ProtocolsUnicast Routing Protocols Multicast Routing Protocols Configuring IP Interfaces and ParametersConfiguring IP Interfaces to Ports Configuring IP Interfaces for a VlanSpecifying Ethernet Encapsulation Method Configuring Jumbo Frames Configuring ARP Cache Entries Configuring Address Resolution Protocol ARPTo clear the entire ARP table Unresolved MAC Addresses for ARP EntriesConfiguring Proxy ARP Configuring Reverse Address Resolution Protocol RarpDefining MAC-to-IP Address Mappings Specifying IP Interfaces for RarpConfiguring IP Services Icmp Configuring DNS ParametersConfiguring IP Helper Monitoring RarpConfiguring Direct Broadcast Monitoring IP Parameters Configuring Denial of Service DOSArp show all Configuring Router DiscoveryInterface show ip System show dnsSsrconfig# rdisc add address Ssr# rdisc show all To display router discovery informationAssigning IP/IPX Interfaces Vrrp Overview Configuring VrrpBackup Basic Vrrp ConfigurationConfiguration of Router R1 Following is the configuration file for Router R1 in FigureSymmetrical Configuration Configuration for Router R2Following is the configuration file for Router R2 in Figure Symmetrical Vrrp Configuration Master for VRID=1 Master for VRID=2 Backup for VRID=2Configuration of Router R2 Multi-Backup ConfigurationMulti-Backup Vrrp Configuration Configuration of Router R1 Virtual Router Default Priority Configured Priority Additional Configuration Configuration of Router R3Following is the configuration file for Router R3 in Figure Setting the Backup Priority Setting the Advertisement IntervalSetting Pre-empt Mode Setting an Authentication Key Monitoring VrrpIp-redundancy trace Ssr# ip-redundancy show vrrp interface int1 Ip-redundancy showSsr# ip-redundancy show vrrp 1 interface int1 verbose Vrrp Configuration Notes104 Chapter RIP Configuration Guide Configuring RIPRIP Overview Configuring RIP Interfaces Configuring RIP ParametersEnabling and Disabling RIP Characters Set the authentication method Set the authentication methodTo RIP Specify that RIP V2 packetsConfiguring RIP Route Preference Configuring RIP Route Default-MetricMonitoring RIP Configuration Example 110 Ospf Overview OspfOspf Multipath Configuring OspfConfiguring Ospf Interface Parameters Enabling OspfOspf Interface Parameters Default Cost of an Ospf Interface Ospf Default Cost Per Port TypePort Media Type Speed Ospf Default Cost Configuring an Ospf Area Create an Ospf areaAdd an interface to an Ospf area Creating Virtual Links Configuring Ospf Area ParametersAdd a stub host to an Ospf area Add a network to an Ospf area forCreate a virtual Configuring Ospf for Different Types of InterfacesLink Set virtual linkMonitoring Ospf Configured for Ospf Monitor Ospf error conditionsShow Ospf errors Show information about all interfacesRoutes Show Ospf timers Ospf Configuration ExamplesShows information about all valid next Shows information about Ospf BorderExporting All RIP, Interface & Static Routes to Ospf Exporting All Interface & Static Routes to OspfCreate a Ospf export destination for type-2 routes Create a Ospf export destination for type-1 routesCreate a RIP export source Create a Static export sourceCreate a RIP export destination Create Ospf export sourceCreate OSPF-ASE export source R10 BGP Overview Chapter BGP Configuration GuideSSR BGP Implementation Basic BGP TasksSetting the Router ID Setting the Autonomous System NumberConfiguring a BGP Peer Group Ip-router global set autonomous-system num1 loops num2Autonomous-system number WhereUsing AS-Path Regular Expressions Adding and Removing a BGP PeerStarting BGP 130 Using the AS Path Prepend Feature AS-Path Regular Expression ExamplesTo import MCI routes with a preference Following is an example BGP Configuration ExamplesBGP Peering Session Example CLI configuration for router SSR1 is as follows AS-1 AS-2Physical Link Peering Relationship CLI configuration for router SSR2 is as follows Ibgp Configuration ExampleGated.conf file for router SSR1 is as follows Gated.conf file for router SSR2 is as followsIbgp Routing Group Example AS-64801 Sample Ibgp Configuration Routing Group TypeFollowing lines in the Cisco router configure Ospf Ibgp Internal Group Example Sample Ibgp Configuration Internal Group Type Illustrates a sample Ibgp Internal group configurationSmartSwitch Router User Reference Manual 141 Ebgp Multihop Configuration Example Configuration for router C1 a Cisco router is as followsConfiguration for router C2 a Cisco router is as follows Physical Link AS-64800CLI configuration for router SSR3 is as follows Community Attribute Example CLI configuration for router SSR4 is as followsGated.conf file for router SSR3 is as follows Gated.conf file for router SSR4 is as followsSample BGP Configuration Specific Community Sample BGP Configuration Well-Known Community , router SSR11 has the following configuration , router SSR13 has the following configuration , router SSR14 has the following configuration , router SSR10 has the following configurationSmartSwitch Router User Reference Manual 151 Local Preference Examples Sample BGP Configuration Local Preference Using the local-pref Option Using the set-pref OptionFor router SSR13, local-prefis set to Multi-Exit Discriminator Attribute Example Sample BGP Configuration MED AttributeEbgp Aggregation Example Router SSR6 has the following CLI configurationAS-64900 AS-64901Router SSR8 has the following CLI configuration Router SSR9 has the following CLI configurationRoute Reflection Example AS-64902 Shows a sample configuration that uses route reflectionSmartSwitch Router User Reference Manual 159 160 Route Import and Export Policy Overview Chapter Routing Policy Configuration GuideDefault Preference Values Preference Defined by CLI Command DefaultPreference Import-Source Import PoliciesRoute-Filter Export PoliciesExport-Destination Export-SourceSpecifying a Route Filter Aggregates and Generates Aggregate-Source Aggregate-DestinationAuthentication Methods AuthenticationAuthentication Keys and Key Management Configuring Simple Routing PoliciesRedistributing Directly Attached Networks Redistributing Static RoutesRedistributing RIP into Ospf Redistributing RIP into RIPRedistributing Ospf to RIP Redistributing Aggregate RoutesTo redistribute aggregate Simple Route Redistribution ExamplesRoutes into Ospf Example 1 Redistribution into RIPExporting a Given Static Route to All RIP Interfaces Exporting All Static Routes to All RIP InterfacesExample 2 Redistribution into Ospf 174 Configuring Advanced Routing Policies 176 Creating an Export Source Creating an Export DestinationCreating a Route Filter Creating an Import SourceCreate a RIP import Destination Create an Ospf importCreating an Aggregate Route Creating an Aggregate Source Creating an Aggregate DestinationExamples of Import Policies Example 1 Importing from RIPR41 182 Rip add source-gateways 140.1.1.41 rip add trusted-gateways Example 2 Importing from Ospf 185 Routing Policy Configuration Importing a Selected Subset of OSPF-ASE Routes Example 1 Exporting to RIP Examples of Export Policies188 Exporting a Given Static Route to a Specific RIP Interface 190 Exporting Aggregate-Routes into RIP Example 2 Exporting to Ospf SmartSwitch Router User Reference Manual 193 194 SmartSwitch Router User Reference Manual 195 196 Chapter Multicast Routing Configuration Guide IP Multicast OverviewIgmp Overview Dvmrp Overview Configuring Igmp on an IP Interface Configuring IgmpConfiguring Igmp Query Interval Configuring Igmp Response Wait TimeConfiguring Per-Interface Control of Igmp Membership Configuring DvmrpConfiguring Static Igmp Groups Ship to a specific groupConfiguring Dvmrp on an Interface Configuring Dvmrp ParametersStarting and Stopping Dvmrp Configuring Dvmrp TTL & Scope Configuring the Dvmrp Routing MetricMonitoring Igmp & Dvmrp Configuring a Dvmrp TunnelShows all the interfaces Membership details running IgmpShows all Igmp group Memberships on a port basis Show all Igmp timersShow information about multicasts Registered by Igmp Show Igmp status on a VlanSmartSwitch Router User Reference Manual 205 206 Chapter IP Policy-Based Forwarding Configuration Guide Configuring IP Policies Defining an ACL ProfileAssociating the Profile with an IP Policy Creating Multi-Statement IP Policies Setting the IP Policy ActionSetting Load Distribution for Next-Hop Gateways Applying an IP Policy to an InterfaceApplying an IP Policy to Locally Generated Packets Routing Traffic to Different ISPs IP Policy Configuration ExamplesUsing an IP Policy to Prioritize Service to Customers Prioritizing Service to CustomersUsing an IP Policy to Authenticate Users Through a Firewall Authenticating Users through a FirewallSelecting Next Hop Gateway from IP Packet Information Firewall Load BalancingMonitoring IP Policies Following is the configuration for Policy Router 1 in FigureSsr# ip-policy show policy-name p1 SmartSwitch Router User Reference Manual 217 218 Chapter Network Address Translation Configuration Guide Setting Inside and Outside Interfaces Configuring NATForcing Flows through NAT Setting NAT RulesStatic DynamicNAT and DNS Managing Dynamic BindingsNAT and Icmp Packets Specify the FTP session timeoutNAT and FTP Specify the FTP control portThis section shows examples of NAT configurations Static ConfigurationMonitoring NAT Next, define the interfaces to be NAT inside or outsideUsing Static NAT Dynamic ConfigurationUsing Dynamic NAT Using Dynamic NAT with IP Overload Dynamic NAT with IP Overload PAT ConfigurationDNS Dynamic NAT with DNSDynamic NAT with Outside Interface Redundancy Using Dynamic NAT with DNSUsing Dynamic NAT with Matching Interface Redundancy Chapter Web Hosting Configuration Guide Load Balancing Configuring Load BalancingCreating the Server Group Adding Servers to the Load Balancing GroupSession Persistence Sticky Minutes Persistence Default Binding Level TimeoutOptional Group or Server Operating Parameters Specifying Load Balancing PolicySpecifying a Connection Threshold Verifying Servers and Applications Setting Server Status Verifying Extended ContentSpecify application verification Allowing Access to Load Balancing Servers Setting Timeouts for Load Balancing MappingsLoad Balancing and FTP Displaying Load Balancing Information Configuration Examples10.1.1.4 Internet Web requests Web requests forwarded to One of the servers RouterDomain Name Virtual IP TCP Port Real Server 207.135.89.16 207.135.89.17 207.135.89.18 207.135.89.50 Virtual IP Address RangesSession and Netmask Persistence Configuring Web Caching Web CachingCreating the Cache Group Redirected to cache servers Specifying the Clients for the Cache Group OptionalNot redirected to cache servers Redirecting Http Traffic on an InterfaceConfiguration Example Other ConfigurationsBypassing Cache Servers Distributing Frequently-Accessed Sites Across Cache Servers Monitoring Web-CachingProxy Server Redundancy Show cache server information Show caching policy informationChapter IPX Routing Configuration Guide IPX Routing OverviewRIP Routing Information Protocol SAP Service Advertising Protocol Configuring IPX RIP & SAP Creating IPX InterfacesIPX Addresses Configuring IPX Addresses to Ports Configuring IPX Interfaces and ParametersConfiguring Secondary Addresses on an IPX Interface Configuring IPX Interfaces for a VlanSpecifying IPX Encapsulation Method Configuring IPX RoutingEnabling IPX RIP Enabling SAPConfiguring Static SAP Table Entries Configuring Static RoutesControlling Access to IPX Networks Creating an IPX Access Control ListCreating an IPX SAP Access Control List Creating an IPX Type 20 Access Control ListCreating an IPX RIP Access Control List Creating an IPX GNS Access Control ListMonitoring an IPX Network 258 Chapter Access Control List Configuration Guide Defining Selection Criteria in ACL Rules ACL BasicsSmartSwitch Router User Reference Manual 261 Implicit Deny Rule How ACL Rules are EvaluatedAllowing External Responses to Established TCP Connections Following ACL illustrates this feature Creating and Modifying ACLsEditing ACLs Offline Maintaining ACLs Using the ACL Editor Using ACLs Applying ACLs to InterfacesThese uses of ACLs are described in the following sections Applying ACLs to Layer-4 Bridging Ports Applying ACLs to ServicesSSR Feature ACL Profile Usage Using ACLs as ProfilesUsing Profile ACLs with the Traffic Rate Limiting Facility Using Profile ACLs with the IP Policy FacilityUsing Profile ACLs with Dynamic NAT Using Profile ACLs with the Web Caching Facility Using Profile ACLs with the Port Mirroring FacilityPreventing Web Objects From Being Cached Redirecting Http Traffic to Cache ServersEnabling ACL Logging Monitoring ACLs Security Overview Chapter Security Configuration GuideConfiguring Radius Configuring SSR Access SecurityConfiguring Tacacs Monitoring RadiusMonitoring Tacacs Configuring Tacacs Plus Configuring Passwords Layer-2 Security FiltersMonitoring Tacacs Plus Configuring Layer-2 Address Filters Configuring Layer-2 Static Entry Filters Configuring Layer-2 Port-to-Address Lock FiltersConfigure a source static Configure a destination staticConfigure a source secure port Configuring Layer-2 Secure Port FiltersConfigure a destination secure Port filterLayer-2 Filter Examples Monitoring Layer-2 Security FiltersPort-to-Address Lock Examples Static Entries ExampleExample 2 Secure Ports Layer-3 Access Control Lists ACLsSample Vlan for Layer-4 bridging Layer-4 Bridging and FilteringCreating a Port-Based Vlan for Layer-4 Bridging For example, to enable Layer-4 Bridging on the blue VlanPlacing the Ports on the Same Vlan Enabling Layer-4 Bridging on the VlanApplying a Layer-4 Bridging ACL to a Port SmartSwitch Router User Reference Manual 289 290 QoS & Layer-2/Layer-3/Layer-4 Flow Overview Chapter QoS Configuration GuideLayer-2 and Layer-3 & Layer-4 Flow Specification Traffic Prioritization for Layer-2 Flows Precedence for Layer-3 FlowsSSR Queuing Policies Configuring Layer-2 QoS 802.1p Priority MappingControl Removing or Disabling Per-Port Priority Map Creating and Applying a New Priority MapConfiguring IP QoS Policies Traffic Prioritization for Layer-3 & Layer-4 FlowsDisplaying Priority Map Information Setting an IP QoS Policy Configuring IPX QoS PoliciesSetting an IPX QoS Policy Specifying Precedence for an IP QoS PolicyConfiguring SSR Queueing Policy Allocating Bandwidth for a Weighted-Fair Queuing PolicySpecifying Precedence for an IPX QoS Policy ToS Rewrite Weighted Random Early Detection WredTos-rewrite Configuring ToS Rewrite for IP PacketsTos-precedence-rewrite = 5 tos-rewrite = Monitoring QoS Rate Limiting Modes Limiting Traffic RatePort Rate Limiting Per-Flow Rate LimitingPolicy Apply a per-flow rate limitDefine a port rate limit policy to Aggregate Rate LimitingLimit incoming traffic on a port Limit outgoing traffic on a portPer-Flow Rate Limiting Example ConfigurationsAggregate Rate Limiting Displaying Rate Limit Information Performance Monitoring Overview Chapter Performance Monitoring GuideShow information about the master Show port error statisticsMAC table Show information about a Particular MAC address Show info about multicastsConfiguring the SSR for Port Mirroring Monitoring Broadcast TrafficOnly IP ACLs can be specified for port mirroring 312 Rmon Overview RmonExample of Rmon Configuration Commands Configuring and Enabling RmonLite Rmon Groups Rmon GroupsProfessional Rmon Groups Standard Rmon GroupsControl Tables Using Rmon Configuring Rmon Groups Num status enabledisable EnabledisableString status enabledisable Size owner string status enabledisableOid type absolutedelta status enabledisable Port port owner string status enabledisableRmon protocol-distribution index index-number Rmon user-history-control index index-numberDisplaying Rmon Information Rmon CLI Filters 01000CCCCCCC Following shows Host table output without a CLI filterTroubleshooting Rmon Using Rmon CLI FiltersCreating Rmon CLI Filters 326 Ssr# rmon show status Allocating Memory to RmonRmon set memory number Lfap Configuring the Lfap Agent on the SSR Cabletron’s Traffic Accounting ServicesAllow external ACL policy control Start the Lfap protocol on the SSRMonitoring the Lfap Agent on the SSR Command DisplaysWAN Overview WANPrimary and Secondary Addresses Configuring WAN InterfacesStatic, Mapped, and Dynamic Peer IP/IPX Addresses Static AddressesFollowing command line displays two examples for PPP Following command line displays an example for a VlanMapped Addresses Dynamic AddressesFollowing command line displays an example for PPP Forcing Bridged EncapsulationPacket Compression Average Packet Size Example ConfigurationsNature of the Data Link IntegrityPacket Encryption WAN Quality of ServiceSource Filtering and ACLs Weighted-Fair QueueingCongestion Management Random Early Discard REDFrame Relay Overview Virtual CircuitsAdaptive Shaping Permanent Virtual Circuits PVCs Configuring Frame Relay Interfaces for the SSRApplying a Service Profile to an Active Frame Relay WAN Port Setting up a Frame Relay Service ProfileMonitoring Frame Relay WAN Ports Frame Relay Port Configuration344 Configuring PPP Interfaces Point-to-Point Protocol PPP OverviewUse of LCP Magic Numbers Defining the Type and Location of a PPP Interface Setting up a PPP Service ProfileApplying a Service Profile to an Active PPP Port Configuring Multilink PPP BundlesCompression on MLP Bundles or Links Monitoring PPP WAN Ports PPP Port ConfigurationSsrconfig# ppp apply service profile2 ports hs.5.1 Simple Configuration File WAN Configuration ExamplesMulti-router WAN configuration Multi-Router WAN ConfigurationFollowing configuration file applies to Router R1 Router R1 Configuration FileRouter R2 Configuration File Following configuration file applies to Router R2Following configuration file applies to Router R3 Router R3 Configuration FileRouter R4 Configuration File Following configuration file applies to Router R4Following configuration file applies to Router R5 Router R5 Configuration FileRouter R6 Configuration File Following configuration file applies to Router R6SmartSwitch Router User Reference Manual 355 356 Introduction Appendix a New Features Supported on Line CardsSSR 8000/8600 Line Cards Line Cards Available Prior to the 3.0 Firmware ReleaseWFQ Pre-3.0 SSR Firmware Line Card Part Number FeaturesListed 3.0 Features Line Card Part Firmware Number FeaturesLine Cards Introduced at the 3.1 Firmware Release T-Series Pre-3.0POS OC-12cSMF SSR-ATM29-02 ATM OC-3c SSR-ATM31-02 ATM OC-12c Routing Table on Pre-3.0 Line cardSSR-2-LX70 SSR 2000 Line CardsAAs -- Chassis AAs Line CardsNew Features that Require Specific Line Cards Network Address TranslationSSR-2-LX70-AA Page Load Balancing Lsnat Layer 4 Bridging Per-Protocol Vlan Port Rate Limiting QoS Rate LimitingToS Rewrite Established Bit ACLMultiple IPX Encapsulation Port Interface Ingress Port Egress Port Features Base Weighted Random Early Detection WredSummary Jumbo FramesIdentifying a Line Card Multiple IPX Encapsulation Interface AA/T-seriesExample Non -AA Line Card 372