Layer-3 Access Control Lists ACLs | Cabletron Systems 9032578-05

Chapter 20: Security Configuration Guide

Note: If the consultant’s MAC is detected on a different port, all of its traffic will be blocked.

Example 2 : Secure Ports

Source secure port: To block all engineers on port 1 from accessing all other ports, enter the following command:

filters add secure-port name engineers direction source vlan 1 in-port-list et.1.1

To allow ONLY the engineering manager access to the engineering servers, you must "punch" a hole through the secure-port wall. A "source static-entry" overrides a "source secure port".

filters add static-entry name eng-mgr source-mac 080060:123456 vlan 1 in-port-list et.1.1 out-port-list et.1.2 restriction allow

Destination secure port: To block access to all file servers on all ports from port et.1.1 use the following command:

filters add secure-port name engineers direction dest vlan 1 in-port-list et.1.1

To allow all engineers access to the engineering servers, you must "punch" a hole through the secure-port wall. A "dest static-entry" overrides a "dest secure port".

filters add static-entry name eng-server dest-mac 080060:abcdef vlan 1 in-port-list et.1.1 out-port-list et.1.2 restriction allow

Layer-3 Access Control Lists (ACLs)

Access Control Lists (ACLs) allow you to restrict Layer-3/4 traffic going through the SSR. Each ACL consists of one or more rules describing a particular type of IP or IPX traffic. An ACL can be simple, consisting of only one rule, or complicated with many rules. Each rule tells the router to either permit or deny the packet that matches the rule's packet description.

For information about defining and using ACLs on the SSR, see “Access Control List Configuration Guide” on page 259.

SmartSwitch Router User Reference Manual

285

Image 311

Cabletron Systems 9032578-05 manual Layer-3 Access Control Lists ACLs, Example 2 Secure Ports

Contents

9032578-05 SmartSwitch Router User Reference Manual Trademarks CopyrightChanges Disclaimer Regulatory Compliance Statements Regulatory Compliance Information Vcci Compliance Statement Industry Canada Compliance Statement Laser Radiation and Connectors Safety Information Class 1 Laser Transceivers Cabletron Systems, Inc Program License Agreement SmartSwitch Router User Reference Manual Vii Viii SmartSwitch Router User Reference Manual SmartSwitch Router User Reference Manual Cabletron Systems Limited Program License Agreement Cabletron Systems Limited Program License Agreement Declaration of Conformity Addendum Contents SmartTRUNK Configuration Guide Dhcp Configuration Guide Vrrp Configuration Guide 111 160 Routing Policy Configuration Guide 161 197 Firewall Load Balancing 214 Monitoring IP Policies 215 Network Address Translation Configuration Guide 249 QoS & Layer-2/Layer-3/Layer-4 Flow Overview 291 Security Configuration Guide 275 309 Lfap Configuration Guide 329 357 Contents Xxvi SmartSwitch Router User Reference Manual For Information About See About This ManualRelated Documentation Document Conventions Choice. Select one keyword or argument Keywords and arguments within a set of square brackets areOptional Keywords or arguments separated by vertical bars indicate a Chapter Introduction Configuration Files Enable Mode Using the Command Line InterfaceCommand Modes User Mode Boot Prom Mode Getting Help with CLI CommandsConfigure Mode CLI completes the command as follows CLI Line Editing Commands Line Editing Commands Show all commands currently stored in the history buffer Next command from history bufferPrevious command from history buffer Word-backward command Commands to Display and Change Configuration Information Displaying and Changing Configuration Information Save active Task CommandErase scratchpad Erase startup Line Card Port Number Arrangement Left to Right Port NamesEach port in the SSR is referred to in the following manner Port Numbers for Line Cards Hssi WAN Base LLX Quad Serial WAN Hot Swapping Overview Chapter Hot Swapping Line Cards Control Modules Deactivating the Line Card Hot Swapping Line Cards Hot Swapping One Type of Line Card With Another Installing a New Line CardRemoving the Line Card Deactivating the Control Module Hot Swapping a Secondary Control Module Removing the Control Module Installing a Control Module Hot Swapping a Switching Fabric Module SSR 8600 only Installing a Switching Fabric Module Removing the Switching Fabric ModulePage Spanning Tree Ieee 802.1d Chapter Bridging Configuration GuideBridging Overview Bridging Modes Flow-Based and Address-Based Vlan Overview Subnet-based VLANs Port-based VLANsMAC-address-based VLANs Protocol-based VLANs VLANs and the SSR SSR Vlan SupportMulticast-based VLANs Policy-based VLANs Ports, VLANs, and L3 Interfaces Access Ports and Trunk Ports 802.1Q support Explicit and Implicit VLANs Configuring SSR Bridging FunctionsConfiguring Address-based or Flow-based Bridging Address-Based Bridge Table Flow-Based Bridge Table SSR More ports for a particular Vlan Configuring Spanning TreeAdjusting Spanning-Tree Parameters Assigning Port Costs Setting the Bridge PrioritySetting a Port Priority Defining the Maximum Age Adjusting Bridge Protocol Data Unit Bpdu IntervalsAdjusting the Interval between Hello Times Defining the Forward Delay Interval Adding Ports to a Vlan Configuring a Port- or Protocol-Based VlanConfiguring Vlan Trunk Ports Creating a Port or Protocol Based Vlan Configuring Layer-2 Filters Configuring VLANs for Bridging Creating an IP or IPX Vlan Configuration ExamplesMonitoring Bridging Next, assign ports to the ‘RED’ Vlan Creating a non-IP/non-IPX Vlan Overview Chapter SmartTRUNK Configuration Guide Add Physical Ports to the SmartTRUNK Configuring SmartTRUNKsCreating a SmartTRUNK Specify Traffic Distribution Policy Optional Monitoring SmartTRUNKs St.2 St.4 Router Switch Server Example Configurations SmartTRUNK Configuration Guide Page Virtual Channels Chapter ATM Configuration GuideATM Overview Atm create vcl port port list Service Class DefinitionCreating a Virtual Channel Creating a Service Class Definition Applying a Service Class Definition Atm set port port list pdh-cell-scramble on off Cell ScramblingEnabling Cell Scrambling Atm set port port list cell-mapping direct plcp Cell MappingSelecting the Cell Mapping Format Pdh-cell-scramble onoff Atm set port port list vpi-bits num Setting the Bit Allocation for VPICreating a Non-Zero VPI Atm show vpl port port list all-ports Displaying ATM Port Information Atm show serviceall B3ZS Atm show port-settings port list all-ports G751 is used for E3 framing Esf indicates extended super frame and is usedFor T1 framing G832 is used for E3 framing Consider the following network configuration ATM Sample Configuration Defining an ATM Service Class Configuring an Interface on an Ethernet Port Configuring an IP Route Applying an ATM Service ClassConfiguring an Interface on an ATM Port Ssr1config# ip add route 11.1.2.0/24 gateway ATM Sample Configuration Chapter Packet-over-SONET Configuration Guide Configuring IP Interfaces for PoS Links Configuring Packet-over-SONET Links Configuring Automatic Protection Switching Configuring Working and Protecting Ports Specifying Bit Error Rate Thresholds Threshold Specify signal degrade BERThreshold Specify signal failure BER Monitoring PoS Ports APS PoS Links Between SSRs This section shows example configurations for PoS linksFollowing is the configuration for router a Following is the configuration for router B Router So.6.1 So-1 40.1.1.1/16 PoS Link Between the SSR and a Cisco Router Router So.6.1 Bridging and Routing Traffic Over a PoS LinkPage Dhcp Overview Configuration GuideChapter Client Parameters Configuring DhcpConfiguring an IP Address Pool Configuring Client Parameters Grouping Scopes with a Common Interface Configuring a Static IP Address Monitoring the Dhcp Server Configuring Dhcp Server ParametersUpdating the Lease Database Define a static IP address for Dhcp Configuration ExamplesDefine Dhcp network parameters for the scope ‘scope1’ Define an IP address pool for addresses 10.1.1.10 through Configuring Secondary Subnets Include ‘scope2’ in the superscope ‘super1’ Secondary Subnets and Directly-Connected Clients Interacting with Relay Agents Define the address pool for ‘scope1’ Page Unicast Routing Protocols Chapter IP Routing Configuration GuideIP Routing Protocols Multicast Routing Protocols Configuring IP Interfaces and Parameters Specifying Ethernet Encapsulation Method Configuring IP Interfaces to PortsConfiguring IP Interfaces for a Vlan Configuring Jumbo Frames Unresolved MAC Addresses for ARP Entries Configuring Address Resolution Protocol ARPConfiguring ARP Cache Entries To clear the entire ARP table Configuring Proxy ARP Configuring Reverse Address Resolution Protocol Rarp Defining MAC-to-IP Address Mappings Specifying IP Interfaces for Rarp Monitoring Rarp Configuring DNS ParametersConfiguring IP Services Icmp Configuring IP Helper Configuring Direct Broadcast Monitoring IP Parameters Configuring Denial of Service DOS System show dns Configuring Router DiscoveryArp show all Interface show ip Ssrconfig# rdisc add address Ssr# rdisc show all To display router discovery information Assigning IP/IPX Interfaces Vrrp Overview Configuring Vrrp Following is the configuration file for Router R1 in Figure Basic Vrrp ConfigurationBackup Configuration of Router R1 Following is the configuration file for Router R2 in Figure Symmetrical ConfigurationConfiguration for Router R2 Symmetrical Vrrp Configuration Master for VRID=1 Master for VRID=2 Backup for VRID=2 Configuration of Router R2 Multi-Backup Configuration Multi-Backup Vrrp Configuration Configuration of Router R1 Virtual Router Default Priority Configured Priority Following is the configuration file for Router R3 in Figure Additional ConfigurationConfiguration of Router R3 Setting Pre-empt Mode Setting the Backup PrioritySetting the Advertisement Interval Ip-redundancy trace Setting an Authentication KeyMonitoring Vrrp Ssr# ip-redundancy show vrrp interface int1 Ip-redundancy show Ssr# ip-redundancy show vrrp 1 interface int1 verbose Vrrp Configuration Notes 104 RIP Overview Chapter RIP Configuration GuideConfiguring RIP Enabling and Disabling RIP Configuring RIP InterfacesConfiguring RIP Parameters Specify that RIP V2 packets Set the authentication methodCharacters Set the authentication method To RIP Monitoring RIP Configuring RIP Route PreferenceConfiguring RIP Route Default-Metric Configuration Example 110 Ospf Overview Ospf Ospf Multipath Configuring Ospf Ospf Interface Parameters Configuring Ospf Interface ParametersEnabling Ospf Port Media Type Speed Ospf Default Cost Default Cost of an Ospf InterfaceOspf Default Cost Per Port Type Add an interface to an Ospf area Configuring an Ospf AreaCreate an Ospf area Add a network to an Ospf area for Configuring Ospf Area ParametersCreating Virtual Links Add a stub host to an Ospf area Set virtual link Configuring Ospf for Different Types of InterfacesCreate a virtual Link Monitoring Ospf Show information about all interfaces Monitor Ospf error conditionsConfigured for Ospf Show Ospf errors Shows information about Ospf Border Ospf Configuration ExamplesRoutes Show Ospf timers Shows information about all valid next Exporting All RIP, Interface & Static Routes to Ospf Exporting All Interface & Static Routes to Ospf Create a Static export source Create a Ospf export destination for type-1 routesCreate a Ospf export destination for type-2 routes Create a RIP export source Create OSPF-ASE export source Create a RIP export destinationCreate Ospf export source R10 BGP Overview Chapter BGP Configuration Guide SSR BGP Implementation Basic BGP Tasks Ip-router global set autonomous-system num1 loops num2 Setting the Autonomous System NumberSetting the Router ID Configuring a BGP Peer Group Autonomous-system number Where Starting BGP Using AS-Path Regular ExpressionsAdding and Removing a BGP Peer 130 To import MCI routes with a preference Using the AS Path Prepend FeatureAS-Path Regular Expression Examples Following is an example BGP Configuration Examples BGP Peering Session Example Physical Link Peering Relationship CLI configuration for router SSR1 is as followsAS-1 AS-2 Gated.conf file for router SSR2 is as follows Ibgp Configuration ExampleCLI configuration for router SSR2 is as follows Gated.conf file for router SSR1 is as follows Ibgp Routing Group Example AS-64801 Sample Ibgp Configuration Routing Group Type Following lines in the Cisco router configure Ospf Ibgp Internal Group Example Sample Ibgp Configuration Internal Group Type Illustrates a sample Ibgp Internal group configuration SmartSwitch Router User Reference Manual 141 Configuration for router C2 a Cisco router is as follows Ebgp Multihop Configuration ExampleConfiguration for router C1 a Cisco router is as follows Physical Link AS-64800 CLI configuration for router SSR3 is as follows Gated.conf file for router SSR4 is as follows CLI configuration for router SSR4 is as followsCommunity Attribute Example Gated.conf file for router SSR3 is as follows Sample BGP Configuration Specific Community Sample BGP Configuration Well-Known Community , router SSR11 has the following configuration , router SSR13 has the following configuration , router SSR14 has the following configuration , router SSR10 has the following configuration SmartSwitch Router User Reference Manual 151 Local Preference Examples Sample BGP Configuration Local Preference For router SSR13, local-prefis set to Using the local-pref OptionUsing the set-pref Option Multi-Exit Discriminator Attribute Example Sample BGP Configuration MED Attribute AS-64901 Router SSR6 has the following CLI configurationEbgp Aggregation Example AS-64900 Route Reflection Example Router SSR8 has the following CLI configurationRouter SSR9 has the following CLI configuration AS-64902 Shows a sample configuration that uses route reflection SmartSwitch Router User Reference Manual 159 160 Route Import and Export Policy Overview Chapter Routing Policy Configuration Guide Preference Default Preference ValuesPreference Defined by CLI Command Default Import-Source Import Policies Export-Source Export PoliciesRoute-Filter Export-Destination Specifying a Route Filter Aggregates and Generates Aggregate-Source Aggregate-Destination Authentication Methods Authentication Authentication Keys and Key Management Configuring Simple Routing Policies Redistributing Directly Attached Networks Redistributing Static Routes Redistributing Aggregate Routes Redistributing RIP into RIPRedistributing RIP into Ospf Redistributing Ospf to RIP Example 1 Redistribution into RIP Simple Route Redistribution ExamplesTo redistribute aggregate Routes into Ospf Example 2 Redistribution into Ospf Exporting a Given Static Route to All RIP InterfacesExporting All Static Routes to All RIP Interfaces 174 Configuring Advanced Routing Policies 176 Creating an Export Source Creating an Export Destination Destination Create an Ospf import Creating an Import SourceCreating a Route Filter Create a RIP import Creating an Aggregate Route Example 1 Importing from RIP Creating an Aggregate DestinationCreating an Aggregate Source Examples of Import Policies R41 182 Rip add source-gateways 140.1.1.41 rip add trusted-gateways Example 2 Importing from Ospf 185 Routing Policy Configuration Importing a Selected Subset of OSPF-ASE Routes Example 1 Exporting to RIP Examples of Export Policies 188 Exporting a Given Static Route to a Specific RIP Interface 190 Exporting Aggregate-Routes into RIP Example 2 Exporting to Ospf SmartSwitch Router User Reference Manual 193 194 SmartSwitch Router User Reference Manual 195 196 Igmp Overview Chapter Multicast Routing Configuration GuideIP Multicast Overview Dvmrp Overview Configuring Igmp Response Wait Time Configuring IgmpConfiguring Igmp on an IP Interface Configuring Igmp Query Interval Ship to a specific group Configuring DvmrpConfiguring Per-Interface Control of Igmp Membership Configuring Static Igmp Groups Starting and Stopping Dvmrp Configuring Dvmrp on an InterfaceConfiguring Dvmrp Parameters Configuring Dvmrp TTL & Scope Configuring the Dvmrp Routing Metric Membership details running Igmp Configuring a Dvmrp TunnelMonitoring Igmp & Dvmrp Shows all the interfaces Registered by Igmp Show Igmp status on a Vlan Memberships on a port basis Show all Igmp timersShows all Igmp group Show information about multicasts SmartSwitch Router User Reference Manual 205 206 Chapter IP Policy-Based Forwarding Configuration Guide Associating the Profile with an IP Policy Configuring IP PoliciesDefining an ACL Profile Creating Multi-Statement IP Policies Setting the IP Policy Action Applying an IP Policy to Locally Generated Packets Setting Load Distribution for Next-Hop GatewaysApplying an IP Policy to an Interface Routing Traffic to Different ISPs IP Policy Configuration Examples Using an IP Policy to Prioritize Service to Customers Prioritizing Service to Customers Using an IP Policy to Authenticate Users Through a Firewall Authenticating Users through a Firewall Selecting Next Hop Gateway from IP Packet Information Firewall Load Balancing Monitoring IP Policies Following is the configuration for Policy Router 1 in Figure Ssr# ip-policy show policy-name p1 SmartSwitch Router User Reference Manual 217 218 Chapter Network Address Translation Configuration Guide Setting Inside and Outside Interfaces Configuring NAT Dynamic Setting NAT RulesForcing Flows through NAT Static NAT and DNS Managing Dynamic Bindings Specify the FTP control port Specify the FTP session timeoutNAT and Icmp Packets NAT and FTP Next, define the interfaces to be NAT inside or outside Static ConfigurationThis section shows examples of NAT configurations Monitoring NAT Using Static NAT Dynamic Configuration Using Dynamic NAT Using Dynamic NAT with IP Overload Dynamic NAT with IP Overload PAT Configuration DNS Dynamic NAT with DNS Dynamic NAT with Outside Interface Redundancy Using Dynamic NAT with DNS Using Dynamic NAT with Matching Interface Redundancy Chapter Web Hosting Configuration Guide Adding Servers to the Load Balancing Group Configuring Load BalancingLoad Balancing Creating the Server Group Session Persistence Sticky Minutes Persistence Default Binding Level Timeout Specifying a Connection Threshold Optional Group or Server Operating ParametersSpecifying Load Balancing Policy Verifying Servers and Applications Specify application verification Setting Server StatusVerifying Extended Content Load Balancing and FTP Allowing Access to Load Balancing ServersSetting Timeouts for Load Balancing Mappings Displaying Load Balancing Information Configuration Examples 10.1.1.4 Internet Web requests Web requests forwarded to One of the servers Router Domain Name Virtual IP TCP Port Real Server 207.135.89.16 207.135.89.17 207.135.89.18 207.135.89.50 Virtual IP Address Ranges Session and Netmask Persistence Creating the Cache Group Configuring Web CachingWeb Caching Redirecting Http Traffic on an Interface Specifying the Clients for the Cache Group OptionalRedirected to cache servers Not redirected to cache servers Bypassing Cache Servers Configuration ExampleOther Configurations Proxy Server Redundancy Distributing Frequently-Accessed Sites Across Cache ServersMonitoring Web-Caching Show cache server information Show caching policy information RIP Routing Information Protocol Chapter IPX Routing Configuration GuideIPX Routing Overview SAP Service Advertising Protocol IPX Addresses Configuring IPX RIP & SAPCreating IPX Interfaces Configuring IPX Interfaces for a Vlan Configuring IPX Interfaces and ParametersConfiguring IPX Addresses to Ports Configuring Secondary Addresses on an IPX Interface Enabling SAP Configuring IPX RoutingSpecifying IPX Encapsulation Method Enabling IPX RIP Creating an IPX Access Control List Configuring Static RoutesConfiguring Static SAP Table Entries Controlling Access to IPX Networks Creating an IPX SAP Access Control List Creating an IPX Type 20 Access Control List Creating an IPX RIP Access Control List Creating an IPX GNS Access Control List Monitoring an IPX Network 258 Chapter Access Control List Configuration Guide Defining Selection Criteria in ACL Rules ACL Basics SmartSwitch Router User Reference Manual 261 Implicit Deny Rule How ACL Rules are Evaluated Allowing External Responses to Established TCP Connections Editing ACLs Offline Following ACL illustrates this featureCreating and Modifying ACLs Maintaining ACLs Using the ACL Editor These uses of ACLs are described in the following sections Using ACLsApplying ACLs to Interfaces Applying ACLs to Layer-4 Bridging Ports Applying ACLs to Services SSR Feature ACL Profile Usage Using ACLs as Profiles Using Profile ACLs with the Traffic Rate Limiting Facility Using Profile ACLs with the IP Policy Facility Using Profile ACLs with Dynamic NAT Using Profile ACLs with the Web Caching Facility Using Profile ACLs with the Port Mirroring Facility Preventing Web Objects From Being Cached Redirecting Http Traffic to Cache Servers Enabling ACL Logging Monitoring ACLs Security Overview Chapter Security Configuration Guide Configuring Radius Configuring SSR Access Security Monitoring Tacacs Configuring TacacsMonitoring Radius Configuring Tacacs Plus Monitoring Tacacs Plus Configuring PasswordsLayer-2 Security Filters Configuring Layer-2 Address Filters Configure a destination static Configuring Layer-2 Port-to-Address Lock FiltersConfiguring Layer-2 Static Entry Filters Configure a source static Port filter Configuring Layer-2 Secure Port FiltersConfigure a source secure port Configure a destination secure Layer-2 Filter Examples Monitoring Layer-2 Security Filters Port-to-Address Lock Examples Static Entries Example Example 2 Secure Ports Layer-3 Access Control Lists ACLs Sample Vlan for Layer-4 bridging Layer-4 Bridging and Filtering Enabling Layer-4 Bridging on the Vlan For example, to enable Layer-4 Bridging on the blue VlanCreating a Port-Based Vlan for Layer-4 Bridging Placing the Ports on the Same Vlan Applying a Layer-4 Bridging ACL to a Port SmartSwitch Router User Reference Manual 289 290 QoS & Layer-2/Layer-3/Layer-4 Flow Overview Chapter QoS Configuration Guide Layer-2 and Layer-3 & Layer-4 Flow Specification SSR Queuing Policies Traffic Prioritization for Layer-2 FlowsPrecedence for Layer-3 Flows Control Configuring Layer-2 QoS802.1p Priority Mapping Removing or Disabling Per-Port Priority Map Creating and Applying a New Priority Map Displaying Priority Map Information Configuring IP QoS PoliciesTraffic Prioritization for Layer-3 & Layer-4 Flows Specifying Precedence for an IP QoS Policy Configuring IPX QoS PoliciesSetting an IP QoS Policy Setting an IPX QoS Policy Specifying Precedence for an IPX QoS Policy Configuring SSR Queueing PolicyAllocating Bandwidth for a Weighted-Fair Queuing Policy ToS Rewrite Weighted Random Early Detection Wred Tos-rewrite Configuring ToS Rewrite for IP Packets Tos-precedence-rewrite = 5 tos-rewrite = Monitoring QoS Rate Limiting Modes Limiting Traffic Rate Apply a per-flow rate limit Per-Flow Rate LimitingPort Rate Limiting Policy Limit outgoing traffic on a port Aggregate Rate LimitingDefine a port rate limit policy to Limit incoming traffic on a port Per-Flow Rate Limiting Example Configurations Aggregate Rate Limiting Displaying Rate Limit Information Performance Monitoring Overview Chapter Performance Monitoring Guide Particular MAC address Show info about multicasts Show port error statisticsShow information about the master MAC table Show information about a Only IP ACLs can be specified for port mirroring Configuring the SSR for Port MirroringMonitoring Broadcast Traffic 312 Rmon Overview Rmon Example of Rmon Configuration Commands Configuring and Enabling Rmon Lite Rmon Groups Rmon Groups Professional Rmon Groups Standard Rmon Groups Control Tables Using Rmon Configuring Rmon Groups Size owner string status enabledisable EnabledisableNum status enabledisable String status enabledisable Rmon user-history-control index index-number Port port owner string status enabledisableOid type absolutedelta status enabledisable Rmon protocol-distribution index index-number Displaying Rmon Information Rmon CLI Filters 01000CCCCCCC Following shows Host table output without a CLI filter Creating Rmon CLI Filters Troubleshooting RmonUsing Rmon CLI Filters 326 Ssr# rmon show status Allocating Memory to Rmon Rmon set memory number Lfap Configuring the Lfap Agent on the SSR Cabletron’s Traffic Accounting Services Allow external ACL policy control Start the Lfap protocol on the SSR Monitoring the Lfap Agent on the SSR Command Displays WAN Overview WAN Static Addresses Configuring WAN InterfacesPrimary and Secondary Addresses Static, Mapped, and Dynamic Peer IP/IPX Addresses Dynamic Addresses Following command line displays an example for a VlanFollowing command line displays two examples for PPP Mapped Addresses Packet Compression Following command line displays an example for PPPForcing Bridged Encapsulation Link Integrity Example ConfigurationsAverage Packet Size Nature of the Data Packet Encryption WAN Quality of Service Random Early Discard RED Weighted-Fair QueueingSource Filtering and ACLs Congestion Management Adaptive Shaping Frame Relay OverviewVirtual Circuits Permanent Virtual Circuits PVCs Configuring Frame Relay Interfaces for the SSR Applying a Service Profile to an Active Frame Relay WAN Port Setting up a Frame Relay Service Profile Monitoring Frame Relay WAN Ports Frame Relay Port Configuration 344 Use of LCP Magic Numbers Configuring PPP InterfacesPoint-to-Point Protocol PPP Overview Defining the Type and Location of a PPP Interface Setting up a PPP Service Profile Compression on MLP Bundles or Links Applying a Service Profile to an Active PPP PortConfiguring Multilink PPP Bundles Monitoring PPP WAN Ports PPP Port Configuration Ssrconfig# ppp apply service profile2 ports hs.5.1 Simple Configuration File WAN Configuration Examples Multi-router WAN configuration Multi-Router WAN Configuration Following configuration file applies to Router R2 Router R1 Configuration FileFollowing configuration file applies to Router R1 Router R2 Configuration File Following configuration file applies to Router R4 Router R3 Configuration FileFollowing configuration file applies to Router R3 Router R4 Configuration File Following configuration file applies to Router R6 Router R5 Configuration FileFollowing configuration file applies to Router R5 Router R6 Configuration File SmartSwitch Router User Reference Manual 355 356 Line Cards Available Prior to the 3.0 Firmware Release Appendix a New Features Supported on Line CardsIntroduction SSR 8000/8600 Line Cards WFQ Pre-3.0 SSR Firmware Line Card Part Number Features Pre-3.0 Line Card Part Firmware Number FeaturesListed 3.0 Features Line Cards Introduced at the 3.1 Firmware Release T-Series POS OC-12cSMF SSR-ATM29-02 ATM OC-3c SSR-ATM31-02 ATM OC-12c Routing Table on Pre-3.0 Line card AAs Line Cards SSR 2000 Line CardsSSR-2-LX70 AAs -- Chassis SSR-2-LX70-AA New Features that Require Specific Line CardsNetwork Address Translation Page Load Balancing Lsnat Layer 4 Bridging Per-Protocol Vlan Port Rate Limiting QoS Rate Limiting Multiple IPX Encapsulation ToS RewriteEstablished Bit ACL Jumbo Frames Weighted Random Early Detection WredPort Interface Ingress Port Egress Port Features Base Summary Example Identifying a Line CardMultiple IPX Encapsulation Interface AA/T-series Non -AA Line Card 372