Cabletron Systems SmartSwitch specs

Chapter 13: IP Policy-Based Forwarding Configuration Guide

To set the IP policy action with respect to dynamic or statically configured routes, enter one of the following commands in Configure mode:

Cause packets matching the	ip-policy <name> permit acl <profile> action
profile to use the IP policy route	policy-first
first. If the next-hop gateway is
not reachable, use the dynamic
route instead.

Route packets matching the	ip-policy <name> permit acl <profile> action
profile using dynamic routes	policy-last
first. If a dynamic route is not
available, then route packets
matching the profile using the IP
policy gateway.

Cause packets matching the	ip-policy <name> permit acl <profile> action
profile to use the IP policy route.	policy-only
If the next-hop gateway is not
reachable, then drop the packets.

Drop packets matching the	ip-policy <name> permit acl <profile> next-
profile.	hop-list null

Drop packets that do not match	ip-policy <name> permit everything-else
any profile.	next-hop-list null

Checking the Availability of Next-hop Gateways

The SSR can check the availability of next-hop gateways by querying them with ICMP_ECHO_REQUESTS. Only gateways that respond to these requests are used for forwarding packets. To configure the SSR to do this, enter the following command in Configure mode:

Periodically check the availability of next-hop gateways.

ip-policy <name> set pinger on

Note: Some hosts may have disabled responding to ICMP_ECHO packets. Make sure each next-hop gateway can respond to ICMP_ECHO packets before using this option.

Applying an IP Policy to an Interface

After you define the IP policy, it must be applied to an inbound IP interface. Once the IP policy is applied to the interface, packets start being forwarded according to the IP policy.

SmartSwitch Router User Reference Manual

213

Image 213

Cabletron Systems SmartSwitch manual Applying an IP Policy to an Interface, Checking the Availability of Next-hop Gateways

Contents

9032578-04 SmartSwitch Router User Reference Manual SmartSwitch Router User Reference Manual Vcci Notice Industry Canada Notice Cabletron SYSTEMS, INC Program License Agreement SmartSwitch Router User Reference Manual SmartSwitch Router User Reference Manual SmartSwitch Router User Reference Manual Cabletron Systems Limited Program License Agreement SmartSwitch Router User Reference Manual Laser Radiation and Connectors Safety Information EC Directive 73/23/EEC EC Directive 89/336/EEC SmartSwitch Router User Reference Manual Contents Hot Swapping Line Cards and Control Modules Creating a non-IP/non-IPX Vlan SmartTRUNK Configuration Guide Vrrp Configuration Guide 127 IP Multicast Overview 199 Multicast Routing Configuration Guide 199 209 Web Hosting Configuration Guide 233 255 QoS Configuration Guide 283 WAN Configuration Guide 315 Contents Preface How to Use This ManualAbout This Manual Who Should Read This Manual? Preface Managing the SSR using Cabletron’s Installing and setting up the SSRRelated Documentation For Information About See Preface SmartSwitch Router User Reference Manual SSR Hardware and software specifications Feature SpecificationChapter SSR Product Overview Multicast IGMP, Dvmrp IPX RIP, SAP Supported Routing Protocols Supported Media Encapsulation Type Configuring the SmartSwitch Router Understanding the Command Line InterfaceRouting Information Protocol RIP Version 1 Access Modes Basic Line Editing CommandsCommon CLI key commands Key Sequence Command User Mode Enable Mode Exit Configure Mode Pvst Boot Prom Mode Disabling a Function or Feature Loading System Images and Configuration FilesBoot and System Image Configuration Files Ssr# system show version Loading System Image Software Loading Boot Prom Software Activating the Configuration Commands in the ScratchpadEnter the system image list command to verify the change Copying the Configuration to the Startup Configuration File CLI displays the following messageEnter yes or y to activate the changes Managing the SSR Displaying Configuration Changes Setting the SSR Name Setting SSR Date and TimeConfiguring NTP Configuring the SSR CLI Configuring Snmp ServicesConfiguring DNS Configuring Logging Connecting Between the SSR and Other Systems Task Command Monitoring Configuration Show the type of Power-On Self Test Post Show the SSR login bannerShow the configuration changes Reboot Show the status of the switching fabric Chapter Hot Swapping Line Cards Control Modules Hot Swapping OverviewHot Swapping Line Cards Removing the Line Card Deactivating the Line Card Installing a New Line Card Hot Swapping a Secondary Control ModuleHot Swapping One Type of Line Card With Another Removing the Control Module Deactivating the Control Module Installing the Control Module Hot Swapping a Switching Fabric Module SSR 8600 only SSR-SF-16 Offline Switching Fabric Chapter Bridging Configuration Guide Bridging OverviewSpanning Tree Ieee 802.1d Bridging Modes Flow-Based and Address-Based Vlan Overview MAC-address-based VLANs Port-based VLANsProtocol-based VLANs Subnet-based VLANs Multicast-based VLANs SSR Vlan SupportPolicy-based VLANs VLANs and the SSR Ports, VLANs, and L3 Interfaces Access Ports and Trunk Ports 802.1Q support Configuring SSR Bridging Functions Configuring Address-based or Flow-based BridgingExplicit and Implicit VLANs Address-Based Bridge Table Flow-Based Bridge Table Configuring Spanning Tree Adjusting Spanning-Tree Parameters Setting the Bridge PriorityMore ports for a particular Vlan Setting a Port Priority Adjusting Bridge Protocol Data Unit Bpdu IntervalsAssigning Port Costs Adjusting the Interval between Hello Times Defining the Forward Delay IntervalDefining the Maximum Age Configuring Vlan Trunk Ports Configuring a Port or Protocol based VlanConfiguring VLANs for Bridging Creating a Port or Protocol Based Vlan Monitoring Bridging Configuring Layer-2 Filters Creating an IP or IPX Vlan Configuration ExamplesCreating a non-IP/non-IPX Vlan Show information on MACsPage Overview Chapter SmartTRUNK Configuration Guide Configuring SmartTRUNKs Creating a SmartTRUNKAdd Physical Ports to the SmartTRUNK Specify Traffic Distribution Policy Optional Monitoring SmartTRUNKs St.2 St.4 Router Switch Server Example Configurations SmartTRUNK Configuration Guide Page Configuration Guide ChapterDhcp Overview Configuring an IP Address Pool Configuring DhcpConfiguring Client Parameters Client Parameters Grouping Scopes with a Common Interface Configuring a Static IP Address Configuring Dhcp Server Parameters Updating the Lease DatabaseMonitoring the Dhcp Server Define Dhcp network parameters for the scope ‘scope1’ Dhcp Configuration ExamplesDefine an IP address pool for addresses 10.1.1.10 through Define a static IP address for Configuring Secondary Subnets Include ‘scope2’ in the superscope ‘super1’ Secondary Subnets and Directly-Connected Clients Interacting with Relay Agents Define the address pool for ‘scope1’ Page IP Routing Overview Chapter IP Routing Configuration Guide SSR supports standards-based TCP, UDP, and IP IP Routing ProtocolsUnicast Routing Protocols Multicast Routing Protocols Configuring IP Addresses to Ports Configuring IP Interfaces and ParametersConfiguring IP Interfaces for a Vlan Specifying Ethernet Encapsulation Method Configuring Address Resolution Protocol ARP Configuring ARP Cache EntriesConfiguring Proxy ARP Configuring Reverse Address Resolution Protocol Rarp Specifying IP Interfaces for RarpDefining MAC-to-IP Address Mappings Configuring IP Services Icmp Configuring DNS ParametersMonitoring Rarp Specify ping Configuring IP Helper Configuring Direct BroadcastConfiguring Denial of Service DOS Monitoring IP Parameters Configuring Router Discovery Assigning IP/IPX Interfaces IP Routing Configuration Guide Vrrp Overview Configuring Vrrp Backup Basic Vrrp ConfigurationConfiguration of Router R1 Following is the configuration file for Router R1 in Figure Symmetrical Configuration Configuration for Router R2Following is the configuration file for Router R2 in Figure Symmetrical Vrrp Configuration Master for VRID=1 Master for VRID=2 Backup for VRID=2 Configuration of Router R2 Multi-Backup Configuration Multi-Backup Vrrp Configuration SmartSwitch Router User Reference Manual 101 Virtual Router Default Priority Configured Priority Additional Configuration Configuration of Router R3Following is the configuration file for Router R3 in Figure Setting the Backup Priority Setting the Advertisement IntervalSetting Pre-empt Mode Setting an Authentication Key Monitoring VrrpIp-redundancy trace Ip-redundancy show Vrrp Configuration NotesVirtual routers Display information about all Specific virtual router SmartSwitch Router User Reference Manual 107 108 Chapter RIP Configuration Guide Configuring RIPRIP Overview Configuring RIP Interfaces Configuring RIP ParametersEnabling and Disabling RIP Characters Set the authentication method Set the authentication methodTo RIP Specify that RIP V2 packets Configuring RIP Route Preference Configuring RIP Route Default-MetricMonitoring RIP Configuration Example 114 Ospf Overview Ospf Enable Ospf Configuring OspfDisable Ospf Ospf Multipath Configuring Ospf Interface Parameters Ospf Parameter Default ValueOspf Interface Parameters Configuring an Ospf Area Create an Ospf areaAdd an interface to an Ospf area Creating Virtual Links Configuring Ospf Area ParametersAdd a stub host to an Ospf area Add a network to an Ospf area for Create a virtual Configuring Ospf over Non-Broadcast Multiple AccessLink Set virtual link Monitoring Ospf Ospf Configuration Examples Exporting All RIP, Interface & Static Routes to Ospf Exporting All Interface & Static Routes to Ospf Create a Ospf export destination for type-2 routes Create a Ospf export destination for type-1 routesCreate a RIP export source Create a Static export source Create a RIP export destination Create Ospf export sourceCreate OSPF-ASE export source R10 BGP Overview Chapter BGP Configuration Guide SSR BGP Implementation Basic BGP Tasks Setting the Router ID Setting the Autonomous System NumberConfiguring a BGP Peer Group Ip-router global set autonomous-system num1 loops num2 Autonomous-system number Where Using AS-Path Regular Expressions Adding and Removing a BGP PeerStarting BGP 132 Using the AS Path Prepend Feature AS-Path Regular Expression ExamplesTo import MCI routes with a preference Following is an example BGP Configuration Examples BGP Peering Session Example CLI configuration for router SSR1 is as follows AS-1 AS-2Physical Link Peering Relationship CLI configuration for router SSR2 is as follows Ibgp Configuration ExampleGated.conf file for router SSR1 is as follows Gated.conf file for router SSR2 is as follows Ibgp Routing Group Example AS-64801 Sample Ibgp Configuration Routing Group Type Following lines in the Cisco router configure Ospf Ibgp Internal Group Example Sample Ibgp Configuration Internal Group Type Illustrates a sample Ibgp Internal group configuration SmartSwitch Router User Reference Manual 143 Ebgp Multihop Configuration Example Configuration for router C1 a Cisco router is as followsConfiguration for router C2 a Cisco router is as follows Physical Link AS-64800 CLI configuration for router SSR3 is as follows Community Attribute Example CLI configuration for router SSR4 is as followsGated.conf file for router SSR3 is as follows Gated.conf file for router SSR4 is as follows Sample BGP Configuration Specific Community Sample BGP Configuration Well-Known Community , router SSR11 has the following configuration , router SSR13 has the following configuration , router SSR14 has the following configuration , router SSR10 has the following configuration SmartSwitch Router User Reference Manual 153 LocalPref Attribute Example Sample BGP Configuration LocalPref Attribute Multi-Exit Discriminator Attribute Example Router SSR6 has the following CLI configuration Sample BGP Configuration MED Attribute Ebgp Aggregation Example Router SSR8 has the following CLI configurationAS-64900 AS-64901 Route Reflection Example Router SSR9 has the following CLI configuration AS-64902 Shows a sample configuration that uses route reflection SmartSwitch Router User Reference Manual 161 162 Route Import and Export Policy Overview Chapter Routing Policy Configuration Guide Default Preference Values Preference Defined by CLI Command DefaultPreference Import-Source Import Policies Route-Filter Export PoliciesExport-Destination Export-Source Specifying a Route Filter Aggregates and Generates Aggregate-Source Aggregate-Destination Authentication Methods Authentication Authentication Keys and Key Management Configuring Simple Routing Policies Redistributing Directly Attached Networks Redistributing Static Routes Redistributing RIP into RIP Redistributing RIP into Ospf Redistributing Ospf to RIPRedistributing Aggregate Routes To redistribute aggregate Simple Route Redistribution ExamplesRoutes into Ospf Example 1 Redistribution into RIP Exporting a Given Static Route to All RIP Interfaces Exporting All Static Routes to All RIP InterfacesExample 2 Redistribution into Ospf 176 Configuring Advanced Routing Policies 178 Creating an Export Source Creating an Export Destination Creating a Route Filter Creating an Import SourceCreating an Aggregate Route Create a RIP import SmartSwitch Router User Reference Manual 181 Creating an Aggregate Source Creating an Aggregate DestinationExamples of Import Policies Example 1 Importing from RIP R41 184 Example 2 Importing from Ospf 186 R41 Importing a Selected Subset of OSPF-ASE Routes Example 1 Exporting to RIP Examples of Export Policies Ip-router policy create rip-export-source ripExpSrc Exporting a Given Static Route to a Specific RIP Interface Exporting Aggregate-Routes into RIP Ip-router policy create aggr-export-source aggrExpSrc Example 2 Exporting to Ospf SmartSwitch Router User Reference Manual 195 196 SmartSwitch Router User Reference Manual 197 198 Chapter Multicast Routing Configuration Guide IP Multicast OverviewIgmp Overview Dvmrp Overview Configuring Igmp on an IP Interface Configuring IgmpConfiguring Igmp Query Interval Configuring Igmp Response Wait Time Configuring Dvmrp Configuring Per-Interface Control of Igmp MembershipStarting and Stopping Dvmrp Configuring Dvmrp on an Interface Configuring Dvmrp ParametersConfiguring the Dvmrp Routing Metric Configuring a Dvmrp Tunnel Configuring Dvmrp TTL & Scope Monitoring Igmp & Dvmrp Show all interfaces running Multicast protocols IgmpShow all multicast routes Page 208 Chapter IP Policy-Based Forwarding Configuration Guide Configuring IP Policies Defining an ACL ProfileAssociating the Profile with an IP Policy Creating Multi-statement IP Policies Setting the IP Policy Action Setting Load Distribution for Next-hop Gateways Checking the Availability of Next-hop Gateways Applying an IP Policy to an Interface Routing Traffic to Different ISPs IP Policy Configuration ExamplesAn IP interface Apply a defined IP policy to All IP interfaces on the SSR Using an IP policy to route traffic to two different ISPs Using an IP policy to prioritize service to customers Prioritizing Service to Customers Using an IP policy to authenticate users through a firewall Authenticating Users through a Firewall Selecting Next Hop Gateway from IP Packet Information Firewall Load Balancing Display information about all Monitoring IP PoliciesIP policies Display statistics about a Ip-policy show interface interface SmartSwitch Router User Reference Manual 221 222 Chapter Network Address Translation Configuration Guide Setting Inside and Outside Interfaces Configuring NAT Managing Dynamic Bindings Setting NAT RulesStatic Dynamic Specify the FTP session timeout Static ConfigurationNAT and FTP Monitoring NAT First step is to create the interfaces Using Static NATNext, define the interfaces to be NAT inside or outside Then, define the NAT static rules Using Dynamic NAT Dynamic Configuration Dynamic NAT with IP Overload PAT Configuration Dynamic NAT with Outside Interface Redundancy Using Dynamic NAT with IP Overload Using Dynamic NAT with Matching Interface Redundancy 232 Chapter Web Hosting Configuration Guide Load Balancing Configuring Load BalancingCreating the Server Group Specifying Load Balancing Policy Optional Adding Servers to the Load Balancing Group Setting Server Status Allowing Access to Load Balancing Servers Setting Timeouts for Load Balancing MappingsLoad Balancing and FTP Displaying Load Balancing Information Configuration Examples 207.135.89.16 10.1.1.1 Ftp.quick..com 10.1.1.2 Ftp.quick.com Internet Router User Queries 207.135.89.16 207.135.89.17 207.135.89.18 Virtual IP Address Ranges Web Caching Configuring Web Caching Specifying the Clients for the Cache Group Optional Creating the Cache GroupRedirected to cache servers Not redirected to cache servers Configuration Example Other ConfigurationsBypassing Cache Servers Distributing Frequently-Accessed Sites Across Cache Servers Monitoring Web-CachingProxy Server Redundancy Show cache server information Show caching policy information Chapter IPX Routing Configuration Guide IPX Routing OverviewRIP Routing Information Protocol SAP Service Advertising Protocol Configuring IPX RIP & SAP Creating IPX InterfacesIPX Addresses Configuring IPX Addresses to Ports Configuring IPX Interfaces and ParametersConfiguring IPX Interfaces for a Vlan Specifying IPX Encapsulation Method Configuring Static Routes Configuring IPX RoutingEnabling IPX RIP Enabling SAP Configuring Static SAP Table Entries Controlling Access to IPX NetworksCreating an IPX Access Control List Creating an IPX Type 20 Access Control List Creating an IPX SAP Access Control ListCreating an IPX GNS Access Control List Monitoring an IPX Network Creating an IPX RIP Access Control List Adds a SAP access list Adds a GNS access list 254 Chapter Access Control List Configuration Guide Defining Selection Criteria in ACL Rules ACL Basics How ACL Rules are Evaluated Implicit Deny Rule Allowing External Responses to Established TCP Connections Following ACL illustrates this feature Creating and Modifying ACLsEditing ACLs Offline Maintaining ACLs Using the ACL Editor Using ACLs Applying ACLs to InterfacesThese uses of ACLs are described in the following sections Using ACLs as Profiles Applying ACLs to Services Following SSR features use ACL profiles SSR Feature ACL Profile UsageUsing Profile ACLs with the IP Policy Facility Using Profile ACLs with the Traffic Rate Limiting Facility Using Profile ACLs with the Port Mirroring Facility Using Profile ACLs with Dynamic NAT Redirecting Http Traffic to Cache Servers Using Profile ACLs with the Web Caching Facility Preventing Web Objects From Being Cached Enabling ACL Logging Monitoring ACLs 270 Security Overview Chapter Security Configuration Guide Configuring Radius Configuring SSR Access Security Configuring Tacacs Monitoring RadiusMonitoring Tacacs Monitoring Tacacs Plus Configuring Tacacs Plus Layer-2 Security Filters Configuring Passwords Configuring Layer-2 Port-to-Address Lock Filters Configuring Layer-2 Address Filters Configuring Layer-2 Secure Port Filters Configuring Layer-2 Static Entry FiltersConfigure a source static Configure a destination static Monitoring Layer-2 Security Filters Layer-2 Filter Examples Et.1.1 Et.1.2 Et.1.3 HubStatic Entries Example Example 2 Secure Ports Port-to-Address Lock Examples Layer-3 Access Control Lists ACLs 282 QoS & Layer-2/Layer-3/Layer-4 Flow Overview Chapter QoS Configuration Guide Precedence for Layer-3 Flows Layer-2 and Layer-3 & Layer-4 Flow Specification Configuring Layer-2 QoS Traffic Prioritization for Layer-2 FlowsSSR Queuing Policies Traffic Prioritization for Layer-3 & Layer-4 Flows Configuring IP QoS Policies Setting an IP QoS Policy Configuring IPX QoS PoliciesSetting an IPX QoS Policy Specifying Precedence for an IP QoS Policy Allocating Bandwidth for a Weighted-Fair Queuing Policy Configuring SSR Queueing PolicyToS Rewrite Specifying Precedence for an IPX QoS Policy MBZ Configuring ToS Rewrite for IP Packets Tos-rewrite Limiting Traffic Rate Monitoring QoSShow all IP QoS flows Show all IPX QoS flows Define a rate limit profile Example ConfigurationApply a rate limit profile to an Interface Interface interface Displaying Rate Limit Information 294 Performance Monitoring Overview Chapter Performance Monitoring Guide Show information about the master Show port error statisticsMAC table Show information about a Particular MAC address Show info about multicasts Configuring the SSR for Port Mirroring Monitoring Broadcast TrafficOnly IP ACLs can be specified for port mirroring 298 Rmon Overview Configuring and Enabling Rmon Example of Rmon Configuration Commands Lite Rmon Groups Rmon Groups Professional Rmon Groups Standard Rmon Groups Control Tables Using Rmon Configuring Rmon Groups Num status enabledisable EnabledisableString status enabledisable Size owner string status enabledisable Oid type absolutedelta status enabledisable Port port owner string status enabledisableRmon protocol-distribution index index-number Rmon user-history-control index index-number Displaying Rmon Information Rmon CLI Filters 01000CCCCCCC Following shows Host table output without a CLI filter Troubleshooting Rmon Using Rmon CLI FiltersCreating Rmon CLI Filters 312 Ssr# rmon show status Rmon Status Allocating Memory to Rmon Rmon set memory number WAN Overview WAN Primary and Secondary Addresses Configuring WAN InterfacesStatic, Mapped, and Dynamic Peer IP/IPX Addresses Static Addresses Following command line displays two examples for PPP Following command line displays an example for a VlanMapped Addresses Dynamic Addresses Following command line displays an example for PPP Forcing Bridged EncapsulationPacket Compression Average Packet Size Example ConfigurationsNature of the Data Link Integrity Packet Encryption WAN Quality of Service Source Filtering and ACLs Weighted-Fair QueueingCongestion Management Random Early Discard RED Frame Relay Overview Virtual CircuitsAdaptive Shaping Permanent Virtual Circuits PVCs Configuring Frame Relay Interfaces for the SSR Applying a Service Profile to an Active Frame Relay WAN Port Setting up a Frame Relay Service Profile Monitoring Frame Relay WAN Ports Frame Relay Port Configuration 326 Configuring PPP Interfaces Point-to-Point Protocol PPP OverviewUse of LCP Magic Numbers Defining the Type and Location of a PPP Interface Setting up a PPP Service Profile Applying a Service Profile to an Active PPP Port Configuring Multilink PPP BundlesCompression on MLP Bundles or Links Monitoring PPP WAN Ports PPP Port Configuration Ssrconfig# ppp apply service profile2 ports hs.5.1 Simple Configuration File WAN Configuration Examples Multi-router WAN configuration Multi-Router WAN Configuration Following configuration file applies to Router R1 Router R1 Configuration FileRouter R2 Configuration File Following configuration file applies to Router R2 Following configuration file applies to Router R3 Router R3 Configuration FileRouter R4 Configuration File Following configuration file applies to Router R4 Following configuration file applies to Router R5 Router R5 Configuration FileRouter R6 Configuration File Following configuration file applies to Router R6 SmartSwitch Router User Reference Manual 337 338