Dynamic Configuration | Cabletron Systems SmartSwitch specs

Chapter 14: Network Address Translation Configuration Guide

Dynamic Configuration

The following example configures a dynamic address binding for inside addresses 10.1.1.0/24 to outside address 192.50.20.0/24:

Outbound: Translate source pool 10.1.1.0/24 to global pool 192.50.20.0/24

10.1.1.4

Router

IP network 10.1.1.0/24

Global Internet

et.2.1

et.2.2

10.1.1.3

10.1.1.2

interface 10-net

interface 192-net

(10.1.1.1/24)

(192.50.20.1/24)

The first step is to create the interfaces:

interface create ip 10-net address-netmask 10.1.1.1/24 port et.2.1 interface create ip 192-net address-netmask 192.50.20.1/24 port et.2.2

Next, define the interfaces to be NAT “inside” or “outside”:

nat set interface 10-net inside nat set interface 192-net outside

Then, define the NAT dynamic rules by first creating the source ACL pool and then configuring the dynamic bindings:

acl lcl permit ip 10.1.1.0/24

nat create dynamic local-acl-pool lcl global-pool 192.50.20.0/24

Using Dynamic NAT

Dynamic NAT can be used when the local network (inside network) is going to initialize the connections. It creates a binding at run time when a packet is sent from a local network, as defined by the NAT dynamic local ACl pool. The network administrator does not have to worry about the way in which the bindings are created; the network administrator just sets the pools and the SSR automatically chooses a free global IP from the global pool for the local IP.

228	SmartSwitch Router User Reference Manual

Image 228

Cabletron Systems SmartSwitch manual Dynamic Configuration, Using Dynamic NAT

Contents

SmartSwitch Router User Reference Manual 9032578-04 SmartSwitch Router User Reference Manual Industry Canada Notice Vcci Notice Cabletron SYSTEMS, INC Program License Agreement SmartSwitch Router User Reference Manual SmartSwitch Router User Reference Manual SmartSwitch Router User Reference Manual Cabletron Systems Limited Program License Agreement SmartSwitch Router User Reference Manual Safety Information Laser Radiation and Connectors EC Directive 89/336/EEC EC Directive 73/23/EEC SmartSwitch Router User Reference Manual Contents Hot Swapping Line Cards and Control Modules SmartTRUNK Configuration Guide Creating a non-IP/non-IPX Vlan Vrrp Configuration Guide 127 Multicast Routing Configuration Guide 199 IP Multicast Overview 199 209 Web Hosting Configuration Guide 233 255 QoS Configuration Guide 283 WAN Configuration Guide 315 Contents How to Use This Manual PrefaceAbout This Manual Who Should Read This Manual? Preface Installing and setting up the SSR Managing the SSR using Cabletron’sRelated Documentation For Information About See Preface SmartSwitch Router User Reference Manual SSR Hardware and software specifications Feature SpecificationChapter SSR Product Overview IPX RIP, SAP Multicast IGMP, Dvmrp Supported Media Encapsulation Type Supported Routing Protocols Configuring the SmartSwitch Router Understanding the Command Line InterfaceRouting Information Protocol RIP Version 1 Basic Line Editing Commands Access ModesCommon CLI key commands Key Sequence Command User Mode Enable Mode Exit Configure Mode Boot Prom Mode Pvst Loading System Images and Configuration Files Disabling a Function or FeatureBoot and System Image Configuration Files Loading System Image Software Ssr# system show version Loading Boot Prom Software Activating the Configuration Commands in the ScratchpadEnter the system image list command to verify the change Copying the Configuration to the Startup Configuration File CLI displays the following messageEnter yes or y to activate the changes Displaying Configuration Changes Managing the SSR Setting the SSR Name Setting SSR Date and TimeConfiguring NTP Configuring the SSR CLI Configuring Snmp ServicesConfiguring DNS Connecting Between the SSR and Other Systems Configuring Logging Monitoring Configuration Task Command Show the SSR login banner Show the type of Power-On Self Test PostShow the configuration changes Reboot Show the status of the switching fabric Chapter Hot Swapping Line Cards Control Modules Hot Swapping OverviewHot Swapping Line Cards Deactivating the Line Card Removing the Line Card Installing a New Line Card Hot Swapping a Secondary Control ModuleHot Swapping One Type of Line Card With Another Deactivating the Control Module Removing the Control Module Hot Swapping a Switching Fabric Module SSR 8600 only Installing the Control Module SSR-SF-16 Offline Switching Fabric Chapter Bridging Configuration Guide Bridging OverviewSpanning Tree Ieee 802.1d Vlan Overview Bridging Modes Flow-Based and Address-Based Port-based VLANs MAC-address-based VLANsProtocol-based VLANs Subnet-based VLANs SSR Vlan Support Multicast-based VLANsPolicy-based VLANs VLANs and the SSR Access Ports and Trunk Ports 802.1Q support Ports, VLANs, and L3 Interfaces Configuring SSR Bridging Functions Configuring Address-based or Flow-based BridgingExplicit and Implicit VLANs Configuring Spanning Tree Address-Based Bridge Table Flow-Based Bridge Table Adjusting Spanning-Tree Parameters Setting the Bridge PriorityMore ports for a particular Vlan Setting a Port Priority Adjusting Bridge Protocol Data Unit Bpdu IntervalsAssigning Port Costs Adjusting the Interval between Hello Times Defining the Forward Delay IntervalDefining the Maximum Age Configuring a Port or Protocol based Vlan Configuring Vlan Trunk PortsConfiguring VLANs for Bridging Creating a Port or Protocol Based Vlan Configuring Layer-2 Filters Monitoring Bridging Configuration Examples Creating an IP or IPX VlanCreating a non-IP/non-IPX Vlan Show information on MACsPage Chapter SmartTRUNK Configuration Guide Overview Configuring SmartTRUNKs Creating a SmartTRUNKAdd Physical Ports to the SmartTRUNK Monitoring SmartTRUNKs Specify Traffic Distribution Policy Optional Example Configurations St.2 St.4 Router Switch Server SmartTRUNK Configuration Guide Page Configuration Guide ChapterDhcp Overview Configuring Dhcp Configuring an IP Address PoolConfiguring Client Parameters Client Parameters Configuring a Static IP Address Grouping Scopes with a Common Interface Configuring Dhcp Server Parameters Updating the Lease DatabaseMonitoring the Dhcp Server Dhcp Configuration Examples Define Dhcp network parameters for the scope ‘scope1’Define an IP address pool for addresses 10.1.1.10 through Define a static IP address for Configuring Secondary Subnets Secondary Subnets and Directly-Connected Clients Include ‘scope2’ in the superscope ‘super1’ Interacting with Relay Agents Define the address pool for ‘scope1’ Page Chapter IP Routing Configuration Guide IP Routing Overview IP Routing Protocols SSR supports standards-based TCP, UDP, and IPUnicast Routing Protocols Multicast Routing Protocols Configuring IP Interfaces and Parameters Configuring IP Addresses to PortsConfiguring IP Interfaces for a Vlan Specifying Ethernet Encapsulation Method Configuring Address Resolution Protocol ARP Configuring ARP Cache EntriesConfiguring Proxy ARP Configuring Reverse Address Resolution Protocol Rarp Specifying IP Interfaces for RarpDefining MAC-to-IP Address Mappings Configuring DNS Parameters Configuring IP Services IcmpMonitoring Rarp Specify ping Configuring IP Helper Configuring Direct BroadcastConfiguring Denial of Service DOS Configuring Router Discovery Monitoring IP Parameters Assigning IP/IPX Interfaces IP Routing Configuration Guide Configuring Vrrp Vrrp Overview Basic Vrrp Configuration BackupConfiguration of Router R1 Following is the configuration file for Router R1 in Figure Symmetrical Configuration Configuration for Router R2Following is the configuration file for Router R2 in Figure Master for VRID=1 Master for VRID=2 Backup for VRID=2 Symmetrical Vrrp Configuration Multi-Backup Configuration Configuration of Router R2 Multi-Backup Vrrp Configuration SmartSwitch Router User Reference Manual 101 Virtual Router Default Priority Configured Priority Additional Configuration Configuration of Router R3Following is the configuration file for Router R3 in Figure Setting the Backup Priority Setting the Advertisement IntervalSetting Pre-empt Mode Setting an Authentication Key Monitoring VrrpIp-redundancy trace Vrrp Configuration Notes Ip-redundancy showVirtual routers Display information about all Specific virtual router SmartSwitch Router User Reference Manual 107 108 Chapter RIP Configuration Guide Configuring RIPRIP Overview Configuring RIP Interfaces Configuring RIP ParametersEnabling and Disabling RIP Set the authentication method Characters Set the authentication methodTo RIP Specify that RIP V2 packets Configuring RIP Route Preference Configuring RIP Route Default-MetricMonitoring RIP Configuration Example 114 Ospf Ospf Overview Configuring Ospf Enable OspfDisable Ospf Ospf Multipath Configuring Ospf Interface Parameters Ospf Parameter Default ValueOspf Interface Parameters Configuring an Ospf Area Create an Ospf areaAdd an interface to an Ospf area Configuring Ospf Area Parameters Creating Virtual LinksAdd a stub host to an Ospf area Add a network to an Ospf area for Configuring Ospf over Non-Broadcast Multiple Access Create a virtualLink Set virtual link Monitoring Ospf Ospf Configuration Examples Exporting All Interface & Static Routes to Ospf Exporting All RIP, Interface & Static Routes to Ospf Create a Ospf export destination for type-1 routes Create a Ospf export destination for type-2 routesCreate a RIP export source Create a Static export source Create a RIP export destination Create Ospf export sourceCreate OSPF-ASE export source R10 Chapter BGP Configuration Guide BGP Overview Basic BGP Tasks SSR BGP Implementation Setting the Autonomous System Number Setting the Router IDConfiguring a BGP Peer Group Ip-router global set autonomous-system num1 loops num2 Where Autonomous-system number Using AS-Path Regular Expressions Adding and Removing a BGP PeerStarting BGP 132 Using the AS Path Prepend Feature AS-Path Regular Expression ExamplesTo import MCI routes with a preference BGP Configuration Examples Following is an example BGP Peering Session Example CLI configuration for router SSR1 is as follows AS-1 AS-2Physical Link Peering Relationship Ibgp Configuration Example CLI configuration for router SSR2 is as followsGated.conf file for router SSR1 is as follows Gated.conf file for router SSR2 is as follows Ibgp Routing Group Example Sample Ibgp Configuration Routing Group Type AS-64801 Following lines in the Cisco router configure Ospf Ibgp Internal Group Example Illustrates a sample Ibgp Internal group configuration Sample Ibgp Configuration Internal Group Type SmartSwitch Router User Reference Manual 143 Ebgp Multihop Configuration Example Configuration for router C1 a Cisco router is as followsConfiguration for router C2 a Cisco router is as follows AS-64800 Physical Link CLI configuration for router SSR3 is as follows CLI configuration for router SSR4 is as follows Community Attribute ExampleGated.conf file for router SSR3 is as follows Gated.conf file for router SSR4 is as follows Sample BGP Configuration Specific Community Sample BGP Configuration Well-Known Community , router SSR11 has the following configuration , router SSR13 has the following configuration , router SSR10 has the following configuration , router SSR14 has the following configuration SmartSwitch Router User Reference Manual 153 LocalPref Attribute Example Sample BGP Configuration LocalPref Attribute Multi-Exit Discriminator Attribute Example Sample BGP Configuration MED Attribute Router SSR6 has the following CLI configuration Router SSR8 has the following CLI configuration Ebgp Aggregation ExampleAS-64900 AS-64901 Router SSR9 has the following CLI configuration Route Reflection Example Shows a sample configuration that uses route reflection AS-64902 SmartSwitch Router User Reference Manual 161 162 Chapter Routing Policy Configuration Guide Route Import and Export Policy Overview Default Preference Values Preference Defined by CLI Command DefaultPreference Import Policies Import-Source Export Policies Route-FilterExport-Destination Export-Source Specifying a Route Filter Aggregates and Generates Aggregate-Destination Aggregate-Source Authentication Authentication Methods Configuring Simple Routing Policies Authentication Keys and Key Management Redistributing Static Routes Redistributing Directly Attached Networks Redistributing RIP into RIP Redistributing RIP into Ospf Redistributing Ospf to RIPRedistributing Aggregate Routes Simple Route Redistribution Examples To redistribute aggregateRoutes into Ospf Example 1 Redistribution into RIP Exporting a Given Static Route to All RIP Interfaces Exporting All Static Routes to All RIP InterfacesExample 2 Redistribution into Ospf 176 Configuring Advanced Routing Policies 178 Creating an Export Destination Creating an Export Source Creating an Import Source Creating a Route FilterCreating an Aggregate Route Create a RIP import SmartSwitch Router User Reference Manual 181 Creating an Aggregate Destination Creating an Aggregate SourceExamples of Import Policies Example 1 Importing from RIP R41 184 Example 2 Importing from Ospf 186 R41 Importing a Selected Subset of OSPF-ASE Routes Examples of Export Policies Example 1 Exporting to RIP Ip-router policy create rip-export-source ripExpSrc Exporting a Given Static Route to a Specific RIP Interface Exporting Aggregate-Routes into RIP Ip-router policy create aggr-export-source aggrExpSrc Example 2 Exporting to Ospf SmartSwitch Router User Reference Manual 195 196 SmartSwitch Router User Reference Manual 197 198 Chapter Multicast Routing Configuration Guide IP Multicast OverviewIgmp Overview Dvmrp Overview Configuring Igmp Configuring Igmp on an IP InterfaceConfiguring Igmp Query Interval Configuring Igmp Response Wait Time Configuring Dvmrp Configuring Per-Interface Control of Igmp MembershipStarting and Stopping Dvmrp Configuring Dvmrp on an Interface Configuring Dvmrp ParametersConfiguring the Dvmrp Routing Metric Configuring Dvmrp TTL & Scope Configuring a Dvmrp Tunnel Monitoring Igmp & Dvmrp Show all interfaces running Multicast protocols IgmpShow all multicast routes Page 208 Chapter IP Policy-Based Forwarding Configuration Guide Configuring IP Policies Defining an ACL ProfileAssociating the Profile with an IP Policy Creating Multi-statement IP Policies Setting Load Distribution for Next-hop Gateways Setting the IP Policy Action Applying an IP Policy to an Interface Checking the Availability of Next-hop Gateways IP Policy Configuration Examples Routing Traffic to Different ISPsAn IP interface Apply a defined IP policy to All IP interfaces on the SSR Using an IP policy to route traffic to two different ISPs Prioritizing Service to Customers Using an IP policy to prioritize service to customers Authenticating Users through a Firewall Using an IP policy to authenticate users through a firewall Firewall Load Balancing Selecting Next Hop Gateway from IP Packet Information Monitoring IP Policies Display information about allIP policies Display statistics about a Ip-policy show interface interface SmartSwitch Router User Reference Manual 221 222 Chapter Network Address Translation Configuration Guide Configuring NAT Setting Inside and Outside Interfaces Setting NAT Rules Managing Dynamic BindingsStatic Dynamic Static Configuration Specify the FTP session timeoutNAT and FTP Monitoring NAT Using Static NAT First step is to create the interfacesNext, define the interfaces to be NAT inside or outside Then, define the NAT static rules Dynamic Configuration Using Dynamic NAT Dynamic NAT with IP Overload PAT Configuration Using Dynamic NAT with IP Overload Dynamic NAT with Outside Interface Redundancy Using Dynamic NAT with Matching Interface Redundancy 232 Chapter Web Hosting Configuration Guide Configuring Load Balancing Load BalancingCreating the Server Group Specifying Load Balancing Policy Optional Setting Server Status Adding Servers to the Load Balancing Group Allowing Access to Load Balancing Servers Setting Timeouts for Load Balancing MappingsLoad Balancing and FTP Configuration Examples Displaying Load Balancing Information Ftp.quick.com Internet Router User Queries 207.135.89.16 10.1.1.1 Ftp.quick..com 10.1.1.2 Virtual IP Address Ranges 207.135.89.16 207.135.89.17 207.135.89.18 Configuring Web Caching Web Caching Creating the Cache Group Specifying the Clients for the Cache Group OptionalRedirected to cache servers Not redirected to cache servers Configuration Example Other ConfigurationsBypassing Cache Servers Distributing Frequently-Accessed Sites Across Cache Servers Monitoring Web-CachingProxy Server Redundancy Show caching policy information Show cache server information Chapter IPX Routing Configuration Guide IPX Routing OverviewRIP Routing Information Protocol SAP Service Advertising Protocol Configuring IPX RIP & SAP Creating IPX InterfacesIPX Addresses Configuring IPX Interfaces and Parameters Configuring IPX Addresses to PortsConfiguring IPX Interfaces for a Vlan Specifying IPX Encapsulation Method Configuring IPX Routing Configuring Static RoutesEnabling IPX RIP Enabling SAP Configuring Static SAP Table Entries Controlling Access to IPX NetworksCreating an IPX Access Control List Creating an IPX Type 20 Access Control List Creating an IPX SAP Access Control ListCreating an IPX GNS Access Control List Creating an IPX RIP Access Control List Monitoring an IPX Network Adds a SAP access list Adds a GNS access list 254 Chapter Access Control List Configuration Guide ACL Basics Defining Selection Criteria in ACL Rules How ACL Rules are Evaluated Implicit Deny Rule Allowing External Responses to Established TCP Connections Following ACL illustrates this feature Creating and Modifying ACLsEditing ACLs Offline Maintaining ACLs Using the ACL Editor Using ACLs Applying ACLs to InterfacesThese uses of ACLs are described in the following sections Applying ACLs to Services Using ACLs as Profiles Following SSR features use ACL profiles SSR Feature ACL Profile UsageUsing Profile ACLs with the IP Policy Facility Using Profile ACLs with the Traffic Rate Limiting Facility Using Profile ACLs with Dynamic NAT Using Profile ACLs with the Port Mirroring Facility Using Profile ACLs with the Web Caching Facility Redirecting Http Traffic to Cache Servers Enabling ACL Logging Preventing Web Objects From Being Cached Monitoring ACLs 270 Chapter Security Configuration Guide Security Overview Configuring SSR Access Security Configuring Radius Configuring Tacacs Monitoring RadiusMonitoring Tacacs Configuring Tacacs Plus Monitoring Tacacs Plus Configuring Passwords Layer-2 Security Filters Configuring Layer-2 Address Filters Configuring Layer-2 Port-to-Address Lock Filters Configuring Layer-2 Static Entry Filters Configuring Layer-2 Secure Port FiltersConfigure a source static Configure a destination static Monitoring Layer-2 Security Filters Layer-2 Filter Examples Et.1.1 Et.1.2 Et.1.3 HubStatic Entries Example Port-to-Address Lock Examples Example 2 Secure Ports Layer-3 Access Control Lists ACLs 282 Chapter QoS Configuration Guide QoS & Layer-2/Layer-3/Layer-4 Flow Overview Layer-2 and Layer-3 & Layer-4 Flow Specification Precedence for Layer-3 Flows Configuring Layer-2 QoS Traffic Prioritization for Layer-2 FlowsSSR Queuing Policies Configuring IP QoS Policies Traffic Prioritization for Layer-3 & Layer-4 Flows Configuring IPX QoS Policies Setting an IP QoS PolicySetting an IPX QoS Policy Specifying Precedence for an IP QoS Policy Configuring SSR Queueing Policy Allocating Bandwidth for a Weighted-Fair Queuing PolicyToS Rewrite Specifying Precedence for an IPX QoS Policy Configuring ToS Rewrite for IP Packets MBZ Tos-rewrite Monitoring QoS Limiting Traffic RateShow all IP QoS flows Show all IPX QoS flows Example Configuration Define a rate limit profileApply a rate limit profile to an Interface Displaying Rate Limit Information Interface interface 294 Chapter Performance Monitoring Guide Performance Monitoring Overview Show port error statistics Show information about the masterMAC table Show information about a Particular MAC address Show info about multicasts Configuring the SSR for Port Mirroring Monitoring Broadcast TrafficOnly IP ACLs can be specified for port mirroring 298 Configuring and Enabling Rmon Rmon Overview Example of Rmon Configuration Commands Rmon Groups Lite Rmon Groups Standard Rmon Groups Professional Rmon Groups Control Tables Using Rmon Configuring Rmon Groups Enabledisable Num status enabledisableString status enabledisable Size owner string status enabledisable Port port owner string status enabledisable Oid type absolutedelta status enabledisableRmon protocol-distribution index index-number Rmon user-history-control index index-number Displaying Rmon Information Rmon CLI Filters Following shows Host table output without a CLI filter 01000CCCCCCC Troubleshooting Rmon Using Rmon CLI FiltersCreating Rmon CLI Filters 312 Allocating Memory to Rmon Ssr# rmon show status Rmon Status Rmon set memory number WAN WAN Overview Configuring WAN Interfaces Primary and Secondary AddressesStatic, Mapped, and Dynamic Peer IP/IPX Addresses Static Addresses Following command line displays an example for a Vlan Following command line displays two examples for PPPMapped Addresses Dynamic Addresses Following command line displays an example for PPP Forcing Bridged EncapsulationPacket Compression Example Configurations Average Packet SizeNature of the Data Link Integrity WAN Quality of Service Packet Encryption Weighted-Fair Queueing Source Filtering and ACLsCongestion Management Random Early Discard RED Frame Relay Overview Virtual CircuitsAdaptive Shaping Configuring Frame Relay Interfaces for the SSR Permanent Virtual Circuits PVCs Setting up a Frame Relay Service Profile Applying a Service Profile to an Active Frame Relay WAN Port Frame Relay Port Configuration Monitoring Frame Relay WAN Ports 326 Configuring PPP Interfaces Point-to-Point Protocol PPP OverviewUse of LCP Magic Numbers Setting up a PPP Service Profile Defining the Type and Location of a PPP Interface Applying a Service Profile to an Active PPP Port Configuring Multilink PPP BundlesCompression on MLP Bundles or Links PPP Port Configuration Monitoring PPP WAN Ports Ssrconfig# ppp apply service profile2 ports hs.5.1 WAN Configuration Examples Simple Configuration File Multi-Router WAN Configuration Multi-router WAN configuration Router R1 Configuration File Following configuration file applies to Router R1Router R2 Configuration File Following configuration file applies to Router R2 Router R3 Configuration File Following configuration file applies to Router R3Router R4 Configuration File Following configuration file applies to Router R4 Router R5 Configuration File Following configuration file applies to Router R5Router R6 Configuration File Following configuration file applies to Router R6 SmartSwitch Router User Reference Manual 337 338