Cisco Systems 15327 Configuring Security for the ML-Series Card

CHAPTER

19-1

Ethernet Card Software Feature and Configuration Guide, R7.2

January 2009

Configuring Security for the ML-Series Card

This chapter describes the security features of the ML-Series card.

This chapter includes the following major sections:

• Understanding Security, page 19-1

• Disabling the Console Port on the ML-Series Card, page 19-2

• Secure Login on the ML-Series Card, page 19-2

• Secure Shell on the ML-Series Card, page 19-2

• RADIUS on the ML-Series Card, page 19-6

• RADIUS Relay Mode, page 19-6

• RADIUS Stand Alone Mode, page 19-7

Understanding Security

The ML-Series card includes several security features. Some of thes e features operate independently

from the ONS node where the ML-Series card is installed. Others are configured using the Cisco

Transport Controller (CTC) or Transaction Language One (TL1).

Security features configured with Cisco IOS include:

• Cisco IOS login enhancements

• Secure Shell ( SSH) connection

• authentication, authorization, and accounting/Remote Authentication Dial-In User Service

(AAA/RADIUS) stand alone mode

• Cisco IOS basic password (For information on basic Cisco IOS password configuration, see the

“Passwords” section on page 3-8)

Security features configured with CTC or TL1 include:

• disabled console port

• AAA/RADIUS relay mode

Contents

Main Ethernet Card Software Feature and Configuration Guide Page CONTENTS Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page About this Guide Revision History Document Objectives Audience Document Organization Page Related Documentation Document Conventions xxxii xxxiii Page xxxv Page Where to Find Safety and Warning Information Cisco Optical Networking Product Documentation CD-ROM Obtaining Documentation and Submitting a Service Request Page ML-Series Card Overview ML-Series Card Description ML-Series Feature List Page Page Page Page CTC Operations Displaying ML-Series POS And Ethernet Statistics on CTC Displaying ML-Series Ethernet Ports Provisioning Information on CTC Displaying ML-Series POS Ports Provisioning Information on CTC Provisioning Card Mode Managing SONET/SDH Alarms Displaying the FPGA Information Provisioning SONET/SDH Circuits J1 Path Trace Page Initial Configuration Hardware Installation Cisco IOS on the ML-Series Card Opening a Cisco IOS Session Using CTC Telnetting to the Node IP Address and Slot Number Telnetting to a Management Port ML-Series IOS CLI Console Port RJ-11 to RJ-45 Console Cable Adapter Connecting a PC or Terminal to the Console Port Page Startup Configuration File Manually Creating a Startup Configuration File Through the Serial Console Port Passwords Configuring the Management Port Configuring the Hostname CTC and the Startup Configuration File Loading a Cisco IOS Startup Configuration File Through CTC Database Restore of the Startup Configuration File Multiple Microcode Images Changing the Working Microcode Image Cisco IOS Command Modes Page Using the Command Modes Exit Getting Help Page Configuring Interfaces General Interface Guidelines MAC Addresses Interface Port ID Basic Interface Configuration Basic Fast Ethernet, Gigabit Ethernet, and POS Interface Configuration Configuring the Fast Ethernet Interfaces for the ML100T-12 Configuring the Fast Ethernet Interfaces for the ML100X-8 Configuring the Gigabit Ethernet Interface for the ML1000-2 Configuring Gigabit Ethernet Remote Failure Indication (RFI) Monitoring and Verifying Gigabit Ethernet Remote Failure Indication (RFI) 4-9 Example 4-5 show controller Command Output for RFI on near-end card with no faults detected 4-10 Example 4-6 show controller Command Output for RFI on Near-end Card with Near-end Fault Example 4-7 show controller Command Output for RFI on Far-end Card with Near-end Fault Configuring the POS Interfaces (ML100T-12, ML100X-8 and ML1000-2) CRC Threshold Configuration Monitoring Operations on the Fast Ethernet and Gigabit Ethernet Interfaces Page Page Configuring POS POS on the ML-Series Card ML-Series SONET and SDH Circuit Sizes VCAT SW-LCAS Framing Mode, Encapsulation, and CRC Support Configuring POS Interface Framing Mode Configuring POS Interface Encapsulation Type Configuring POS Interface CRC Size in HDLC Framing Setting the MTU Size Configuring Keep Alive Messages SONET/SDH Alarms Configuring SONET/SDH Alarms Configuring SONET/SDH Delay Triggers Configuring SONET/SDH Alarms C2 Byte and Scrambling Third-Party POS Interfaces C2 Byte and Scrambling Values Configuring SPE Scrambling Monitoring and Verifying POS 5-10 The show interface pos {0 | 1} command (Example 5-2) shows scrambling. Example 5-2 show interface pos [0 | 1] Command 5-11 POS Configuration Examples ML-Series Card to ML-Series Card Figure 5-1 illustrates a POS configuration between two ONS 15454 or ONS 15454 SDH ML-Series cards. Figure 5-1 ML-Series Card to ML-Series Card POS Configuration Example 5-3 shows the commands associated with the configura tion of ML-Series card A. ML-Series Card to Cisco 12000 GSR-Series Router Example 5-5 shows the commands associated with configuratio n of ML-Series card A. ML_Series_A ML-Series Card to G-Series Card 5-14 Figure 5-3 ML-Series Card to G-Series Card POS Configuration 192.168.2.1 pos 0 ML-Series Card to ONS 15310 ML-100T-8 Card Figure 5-4 ML-Series Card to ONS 15310 CE-100T-8 Card Configuration ML_Series_A SONET/SDH 192.168.1.1 with G-Series 5-15 Example 5-8 shows the commands associated with the configura tion of ML-Series card A. Example 5-8 ML-Series Card A Configuration Page Configuring Bridges Understanding Basic Bridging Configuring Basic Bridging 6-3 Figure 6-1 Bridging Example Example 6-1 Router A Configuration Example 6-2 Router B Configuration Monitoring and Verifying Basic Bridging ML_Series_A ML_Series_B Page Transparent Bridging Modes of Operation IP Routing Mode No IP Routing Mode Bridge CRB Mode Bridge IRB Mode 6-9 Example 6-9 Bridge irb with Routing and Bridging Enabled members are not configured with IP addresses. Example 6-10 IP Addresses and Multiple Bridge Group Page Configuring STP and RSTP STP Features STP Overview Supported STP Instances Bridge Protocol Data Units Election of the Root Switch Bridge ID, Switch Priority, and Extended System ID Spanning-Tree Timers Creating the Spanning-Tree Topology Spanning-Tree Interface States Blocking State Listening State Learning State Forwarding State Disabled State Spanning-Tree Address Management STP and IEEE 802.1Q Trunks Spanning Tree and Redundant Connectivity Accelerated Aging to Retain Connectivity RSTP Supported RSTP Instances Port Roles and the Active Topology Rapid Convergence Page 7-12 Synchronization of Port Roles Bridge Protocol Data Unit Format and Processing Processing Superior BPDU Information Processing Inferior BPDU Information Topology Changes Interoperability with IEEE 802.1D STP Configuring STP and RSTP Features Default STP and RSTP Configuration Disabling STP and RSTP Configuring the Root Switch Configuring the Port Priority Configuring the Path Cost Configuring the Switch Priority of a Bridge Group Configuring the Hello Time Configuring the Forwarding-Delay Time for a Bridge Group Configuring the Maximum-Aging Time for a Bridge Group Verifying and Monitoring STP and RSTP Status 7-21 interface-id the STP or RSTP state section. Example 7-1 show spanning-tree Commands Displays STP or RSTP information for the specified interface. 7-22 Configuring VLANs Understanding VLANs Configuring IEEE 802.1Q VLAN Encapsulation IEEE 802.1Q VLAN Configuration 8-4 Router_A Router_B 8-5 Monitoring and Verifying VLAN Operation Example 8-2 show vlans Commands Page Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling Understanding IEEE 802.1Q Tunneling Page Page Configuring IEEE 802.1Q Tunneling IEEE 802.1Q Tunneling and Compatibility with Other Features Configuring an IEEE 802.1Q Tunneling Port IEEE 802.1Q Example Understanding VLAN-Transparent and VLAN-Specific Services VLAN-Transparent and VLAN-Specific Services Configuration Example 9-8 Example 9-4 applies to ML-Series card B. Example 9-4 ML-Series Card B Configuration Understanding Layer 2 Protocol Tunneling Configuring Layer 2 Protocol Tunneling Default Layer 2 Protocol Tunneling Configuration Layer 2 Protocol Tunneling Configuration Guidelines Configuring Layer 2 Tunneling on a Port Configuring Layer 2 Tunneling Per-VLAN Monitoring and Verifying Tunneling Status Page Page Configuring Link Aggregation Understanding Link Aggregation Configuring EtherChannel EtherChannel Configuration Example 10-4 Example 10-2 Switch B Configuration Note POS channel is only supported with LEX encapsulation. Configuring POS Channel POS Channel Configuration Example 10-6 Figure 10-2 POS Channel Example ML_Series A ML_Series B SONET STS-N bridge-group 1 bridge-group 1 Understanding Encapsulation over EtherChannel or POS Channel Configuring Encapsulation over EtherChannel or POS Channel Encapsulation over EtherChannel Example 10-8 Figure 10-3 Encapsulation over EtherChannel Example SONET STS-1 Example 10-5 Switch A Configuration Switch_A Monitoring and Verifying EtherChannel and POS Example 10-7 show interfaces port-channel Command 10-10 Configuring Networking Protocols Basic IP Routing Protocol Configuration RIP EIGRP OSPF BGP Enabling IP Routing Configuring IP Routing Configuring RIP Page Page RIP Authentication Summary Addresses and Split Horizon Configuring OSPF Page ONS 15454 with ML100T-12 ML_Series_A 192.168.2.1/24 ML_Series_B 192.168.2.2/24 Page OSPF Interface Parameters OSPF Area Parameters Page Other OSPF Behavior Parameters Page Change LSA Group Pacing Loopback Interface Monitoring OSPF Configuring EIGRP Page EIGRP Router Mode Commands EIGRP Interface Mode Commands Page Configure EIGRP Route Authentication Monitoring and Maintaining EIGRP Border Gateway Protocol and Classless Interdomain Routing Configuring BGP Verifying the BGP Configuration 11-29 Configuring IS-IS Verifying the IS-IS Configuration Configuring Static Routes Monitoring Static Routes Monitoring and Maintaining the IP Network Understanding IP Multicast Routing Configuring IP Multicast Routing Monitoring and Verifying IP Multicast Operation Page Configuring IRB Understanding Integrated Routing and Bridging Configuring IRB IRB Configuration Example 12-4 Example 12-2 Configuring Router B Table 12-1 shows the privileged EXEC commands for monitoring and verifying IRB. Monitoring and Verifying IRB 12-5 The following is sample output from the show interfaces bvi and show interfaces irb commands: Example 12-3 Monitoring and Verifying IRB Table 12-1 Commands for Monitoring and Verifying IRB Protocols that this bridged interface bridges Page Configuring VRF Lite Understanding VRF Lite Configuring VRF Lite 13-3 VRF Lite Configuration Example Router_A Router_B 13-4 Example 13-3 Router_B Configuration 13-5 13-6 Example 13-4 Router_A Global Routing Table Example 13-5 Router_A customer_a VRF Routing Table Example 13-6 Router_A customer_b VRF Routing Table Example 13-7 Router_B Global Routing Table Monitoring and Verifying VRF Lite Table 13-1 shows the privileged EXEC commands for monitoring and verifying VRF Lite. Table 13-1 Commands for Monitoring and Verifying VRF Lite vrf-name Displays the IP routing table for a VRF. Page Configuring Quality of Service Understanding QoS Priority Mechanism in IP and Ethernet IP Precedence and Differentiated Services Code Point 14-3 Ethernet CoS ML-Series QoS Classification Policing Marking and Discarding with a Policer Queuing Scheduling Page Control Packets and L2 Tunneled Protocols Egress Priority Marking Ingress Priority Marking QinQ Implementation Flow Control Pause and QoS QoS on Cisco Proprietary RPR 14-11 Example 14-1 Class and Policy-map Definition Configuration Overcoming the DSCP Limitation Configuring QoS Creating a Traffic Class Creating a Traffic Policy Page Page Attaching a Traffic Policy to an Interface Configuring CoS-Based QoS Monitoring and Verifying QoS Configuration QoS Configuration Examples Traffic Classes Defined Example Traffic Policy Created Example class-map match-any and class-map match-all Commands Example match spr1 Interface Example 14-21 ML-Series VoIP Example Figure 14-7 ML-Series VoIP Example Example 14-12ML-Series VoIP Commands ML-Series Policing Example Router_A ML-Series CoS-Based QoS Example 14-23 Example 14-14 shows the code used to configure ML-Series card A in Figure 14-9. Example 14-15 shows the code used to configure ML-Series card B in Figure 14-9. Example 14-16 shows the code used to configure ML-Series card C in Figure 14-9. Understanding Multicast QoS and Priority Multicast Queuing Default Multicast QoS Multicast Priority Queuing QoS Restrictions Configuring Multicast Priority Queuing QoS Page QoS not Configured on Egress ML-Series Egress Bandwidth Example Case 1: QoS with Priority and Bandwidth Configured Without Priority Multicast Case 2: QoS with Priority and Bandwidth Configured with Priority Multicast Understanding CoS-Based Packet Statistics Configuring CoS-Based Packet Statistics Page 14-31 Understanding IP SLA IP SLA on the ML-Series IP SLA Restrictions on the ML-Series Page Page Configuring the Switching Database Manager Understanding the SDM Understanding SDM Regions Configuring SDM Configuring SDM Regions Configuring Access Control List Size in TCAM Monitoring and Verifying SDM Page Configuring Access Control Lists Understanding ACLs ML-Series ACL Support IP ACLs Named IP ACLs User Guidelines Creating IP ACLs Creating Numbered Standard and Extended IP ACLs Creating Named Standard IP ACLs Creating Named Extended IP ACLs (Control Plane Only) Applying the ACL to an Interface Modifying ACL TCAM Size Page Configuring Cisco Proprietary Resilient Packet Ring Understanding Cisco Proprietary RPR Role of SONET/SDH Circuits Packet Handling Operations Ring Wrapping Page Cisco Proprietary RPR Framing Process MAC Address and VLAN Support Cisco Proprietary RPR QoS CTM and Cisco Proprietary RPR Configuring Cisco Proprietary RPR Connecting the ML-Series Cards with Point-to-Point STS/STM Circuits Configuring CTC Circuits for Cisco Proprietary RPR CTC Circuit Configuration Example for Cisco Proprietary RPR Page Page Page Configuring Cisco Proprietary RPR Characteristics and the SPR Interface on the ML-Series Card Page Assigning the ML-Series Card POS Ports to the SPR Interface Creating the Bridge Group and Assigning the Ethernet and SPR Interfaces Cisco Proprietary RPR Cisco IOS Configuration Example 17-17 Example 17-2 SPR Station-ID 2 Configuration Example 17-3 SPR Station-ID 3 Configuration Verifying Ethernet Connectivity Between Cisco Proprietary RPR Ethernet Access Ports CRC threshold configuration and detection Monitoring and Verifying Cisco Proprietary RPR 17-19 Example 17-5 Example of show run interface spr 1 Output Add an ML-Series Card into a Cisco Proprietary RPR Page Page Adding an ML-Series Card into a Cisco Proprietary RPR To Page Delete an ML-Series Card from a Cisco Proprietary RPR 17-25 Deleting an ML-Series Card from a Cisco Proprietary RPR To Page Understanding Cisco Proprietary RPR Link Fault Propagation LFP Sequence Propagation Delays Configuring LFP LFP Configuration Requirements Monitoring and Verifying LFP Cisco Proprietary RPR Keep Alive Configuring Cisco Proprietary RPR Keep Alive Monitoring and Verifying Cisco Proprietary RPR Keep Alives 17-34 Example 17-8 Show ons spr keepalive-info pos Cisco Proprietary RPR Shortest Path Page Configuring Shortest Path and Topology Discovery Monitoring and Verifying Topology Discovery and Shortest Path Load Balancing Understanding Redundant Interconnect Characteristics of RI on the ML-Series Card RI for SW RPR Configuration Example 17-39 Example 17-13Secondary ML-Series Card Configuration with Connection to Switch Example 17-14> Status of Redundant Interconnect can be found using Page Configuring Ethernet over MPLS Understanding EoMPLS Page EoMPLS Support EoMPLS Restrictions EoMPLS Quality of Service Configuring EoMPLS EoMPLS Configuration Guidelines VC Type 4 Configuration on PE-CLE Port VC Type 5 Configuration on PE-CLE Port Page EoMPLS Configuration on PE-CLE SPR Interface Bridge Group Configuration on MPLS Cloud-facing Port Setting the Priority of Packets with the EXP EoMPLS Configuration Example 18-10 GigE 1 VC Type 5 GigE 1 VC Type 5 18-11 Example 18-2 ML-Series Card B Configuration Example 18-3 ML-Series Card C Configuration Monitoring and Verifying EoMPLS Understanding MPLS-TE RSVP on the ML-Series Card Ethernet FCS Preservation Configuring MPLS-TE Configuring an ML-Series Card for Tunnels Support Configuring an Interface to Support RSVP-Based Tunnel Signalling and IGP Flooding Configuring OSPF and Refresh Reduction for MPLS-TE Configuring an MPLS-TE Tunnel MPLS-TE Configuration Example 18-17 Monitoring and Verifying MPLS-TE and IP RSVP RPRW Alarm Page Configuring Security for the ML-Series Card Understanding Security Disabling the Console Port on the ML-Series Card Secure Login on the ML-Series Card Secure Shell on the ML-Series Card Understanding SSH Configuring SSH Configuration Guidelines Setting Up the ML-Series Card to Run SSH Configuring the SSH Server Displaying the SSH Configuration and Status RADIUS on the ML-Series Card RADIUS Relay Mode Configuring RADIUS Relay Mode RADIUS Stand Alone Mode Understanding RADIUS Configuring RADIUS Default RADIUS Configuration Identifying the RADIUS Server Host Page Configuring AAA Login Authentication Page Defining AAA Server Groups Page Configuring RADIUS Authorization for User Privileged Access and Network Services Starting RADIUS Accounting Configuring a nas-ip-address in the RADIUS Packet Configuring Settings for All RADIUS Servers Configuring the ML-Series Card to Use Vendor-Specific RADIUS Attributes Configuring the ML-Series Card for Vendor-Proprietary RADIUS Server Communication Displaying the RADIUS Configuration POS on ONS Ethernet Cards POS Overview POS Interoperability Page POS Encapsulation Types IEEE 802.17b 20-5 LEX 4 n 4 PPP/BCP Cisco HDLC E-Series Proprietary POS Framing Modes HDLC Framing GFP-F Framing POS Characteristics of Specific ONS Ethernet Cards ONS 15327 E-10/100-4 Framing and Encapsulation Options ONS 15454 and ONS 15454 SDH E-Series Framing and Encapsulation Options 20-9 G-Series Encapsulation and Framing ONS 15310 ML-100T-8 Encapsulation and Framing ONS 15454 and ONS 15454 SDH ML-Series Protocol Encapsulation and Framing Ethernet Clocking Versus SONET/SDH Clocking Page Configuring RMON Understanding RMON Configuring RMON Default RMON Configuration Configuring RMON Alarms and Events Page Page Collecting Group History Statistics on an Interface Collecting Group Ethernet Statistics on an Interface Understanding ML-Series Card CRC Error Threshold Threshold and Triggered Actions SONET/GFP Suppression of CRC-ALARM Clearing of CRC-ALARM Unwrap Synchronization Unidirectional Errors Page Bidirectional Errors Page Page Configuring the ML-Series Card CRC Error Threshold Clearing the CRC-ALARM Wrap with the Clear CRC Error Command Configuring ML-Series Card RMON for CRC Errors Configuration Guidelines for CRC Thresholds on the ML-Series Card Accessing CRC Errors Through SNMP Configuring an SNMP Trap for the CRC Error Threshold Using Cisco IOS Page Determining the ifIndex Number for an ML-Series Card Manually Checking CRC Errors on the ML-Series Card Displaying RMON Status 21-21 Page Configuring SNMP Understanding SNMP SNMP on the ML-Series Card SNMP Versions SNMP Manager Functions SNMP Agent Functions SNMP Community Strings Using SNMP to Access MIB Variables Supported MIBs SNMP Notifications Configuring SNMP Default SNMP Configuration SNMP Configuration Guidelines Disabling the SNMP Agent Configuring Community Strings Page Configuring SNMP Groups and Users Configuring SNMP Notifications Page Setting the Agent Contact and Location Information Limiting TFTP Servers Used Through SNMP SNMP Examples Displaying SNMP Status E-Series and G-Series Ethernet Operation G-Series Application G1K-4 and G1000-4 Comparison G-Series Example IEEE 802.3z Flow Control and Frame Buffering Gigabit EtherChannel/IEEE 802.3ad Link Aggregation Page Administrative and Service States with Soak Time for Ethernet and SONET/SDH G-Series Circuit Configurations G-Series Point-to-Point Ethernet Circuits G-Series Manual Cross-Connects 23-8 G-Series Gigabit Ethernet Transponder Mode Page Two-Port Bidirectional Transponder Mode One-Port Bidirectional Transponder Mode Two-Port Unidirectional Transponder Mode G-Series Transponder Mode Characteristics E-Series Application E-Series Modes E-Series Multicard EtherSwitch Group E-Series Single-Card EtherSwitch Port-Mapped (Linear Mapper) Available Circuit Sizes For E-Series Modes Available Total Bandwidth For E-Series Modes E-Series IEEE 802.3z Flow Control E-Series VLAN Support E-Series Q-Tagging (IEEE 802.1Q) Data Flow E-Series Priority Queuing (IEEE 802.1Q) Data Flow E-Series Spanning Tree (IEEE 802.1D) E-Series Multi-Instance Spanning Tree and VLANs Spanning Tree on a Circuit-by-Circuit Basis E-Series Spanning Tree Parameters E-Series Spanning Tree Configuration E-Series Circuit Configurations E-Series Circuit Protection E-Series Point-to-Point Ethernet Circuits E-Series Shared Packet Ring Ethernet Circuits E-Series Hub-and-Spoke Ethernet Circuit Provisioning E-Series Ethernet Manual Cross-Connects Remote Monitoring Specification Alarm Thresholds Page Page CE-100T-8 Ethernet Operation CE-100T-8 Overview CE-100T-8 Ethernet Features Autonegotiation, Flow Control, and Frame Buffering Page Page IEEE 802.1Q CoS and IP ToS Queuing RMON and SNMP Support Statistics and Counters CE-100T-8 SONET/SDH Circuits and Features Available Circuit Sizes and Combinations Page Page Page CE-100T-8 Pools Displaying CE-100T-8 Pool Information with the STS/VT Allocation or VC4/VC LO Allocation Tab Page CE-100T-8 Pool Allocation Example CE-100T-8 Pool Provisioning Rules CE-100T-8 VCAT Characteristics CE-100T-8 POS Encapsulation, Framing, and CRC CE-100T-8 Loopback, J1 Path Trace, and SONET/SDH Alarms Page CE-1000-4 Ethernet Operation CE-1000-4 Overview CE-1000-4 Ethernet Features Autonegotiation and Frame Buffering Flow Control Flow Control Threshold Provisioning Administrative and Service States with Soak Time for Ethernet and SONET/SDH RMON and SNMP Support Statistics and Counters CE-1000-4 SONET/SDH Circuits and Features CE-1000-4 VCAT Characteristics CE-1000-4 POS Encapsulation, Framing, and CRC CE-1000-4 Loopback, J1 Path Trace, and SONET/SDH Alarms Configuring IEEE 802.17b Resilient Packet Ring Understanding RPR-IEEE RPR-IEEE Features on the ML-Series Card Advantages of RPR-IEEE Role of SONET/SDH Circuits RPR-IEEE Framing Process Page Page CTM and RPR-IEEE Configuring RPR-IEEE Characteristics Configuring the Attribute Discovery Timer Configuring the Reporting of SONET Alarms Configuring BER Threshold Values Configuring RPR-IEEE Protection Configuring the Hold-off Timer Configuring Jumbo Frames Configuring Forced or Manual Switching Configuring Protection Timers Configuring the Wait-to-Restore Timer Configuring a Span Shutdown Configuring Keepalive Events Configuring Triggers for CRC Errors Page Configuring QoS on RPR-IEEE Class A ClassB ClassC MQC -IEEE RPR CLI Characteristics Configuring Traffic Rates for Transmission Configuring Fairness Weights Configuring RPR-IEEE Service Classes Using the Modular QoS CLI Page Configuration Example for RPR-IEEE QoS Configuration Example Using MQC to Configure Simple RPR-IEEE QoS Configuration Example Using MQC to Configure Complex RPR-IEEE QoS 26-22 Verifying and Monitoring RPR-IEEE Page 26-24 Example 26-4 show rpr-ieee fairness detail Output 26-25 Example 26-5 show rpr-ieee protection Output 26-26 26-27 26-28 26-29 26-30 Configuring RPR-IEEE End-to-End Provisioning Card Mode Connecting the ML-Series Cards with Point-to-Point STS/STM Circuits Guidelines for Connecting the ML-Series Cards with Point-to-Point STS/STM Circuits Example of Connecting the ML-Series Cards with Point-to-Point STS/STM Circuits Creating the RPR-IEEE Interface and Bridge Group Understanding the RPR-IEEE Interface Understanding the RPR-IEEE Bridge Group Page 26-35 Configuration Examples for Cisco IOS CLI Portion of End-to-End RPR-IEEE Example 26-7 Configuration Example for Simple RPR-IEEE 26-36 Example 26-8 Configuration Example for a Complex RPR-IEEE Verifying RPR-IEEE End-to-End Ethernet Connectivity Understanding Redundant Interconnect Characteristics of RI on the ML-Series Card RI Configuration Example Page 26-41 Page A Command Reference [no] bridge bridge-group-number protocol {drpri-rstp | ieee | rstp} [no] clock auto interface spr 1 [no] ip radius nas-ip-address {hostname | ip-address} microcode fail system-reload [no] pos pdi holdoff time [no] pos report alarm [no] pos trigger defects condition [no] pos scramble-spe rpr-ieee atd-timer value rpr-ieee fairness weight value [no] rpr-ieee ri foreign rpr-ieee keepalive-timer interval [east | west] [no] rpr-ieee protection pref jumbo [no] rpr-ieee protection request forced-switch {east | west} [no] rpr-ieee protection request manual-switch {east | west} rpr-ieee protection sonet holdoff-timer interval {east | west} rpr-ieee protection timer fast rate {east | west} rpr-ieee protection timer slow rate {east | west} rpr-ieee protection wtr-timer {interval | never} rpr-ieee flag c2 value rpr-ieee pdi holdoff time interval [no] rpr-ieee report alarm [no] rpr-ieee ri {primary | secondary} peer peer-MAC-address [no] rpr-ieee ri {primary | secondary} delay interval [no] rpr-ieee shutdown {east | west} rpr-ieee tx-traffic rate-limit high rate [east | west] rpr-ieee tx-traffic rate-limit medium rate [east | west] rpr-ieee tx-traffic rate-limit reserved rate [east | west] [no] rpr-ieee tx-traffic strict show controller pos interface-number [detail] A-33 The following is an example of POS virtual concatenation (VCAT) show controller output. A-34 Related Commands show interface pos clear counters show controller rpr-ieee interface-number [detail] A-36 A-37 A-38 A-39 A-40 Page show interface pos interface-number Page show interface rpr-ieee interface-number Page A-46 show ons alarm Page show ons alarm defect eqpt show ons alarm defect port show ons alarm defect pos interface-number show ons alarm defect rpr [interface-number] show ons alarm failure eqpt show ons alarm failure port show ons alarm failure pos interface-number show ons alarm failure rpr [interface-number] show rpr-ieee counters A-57 A-58 Page show rpr-ieee failure rpr-ieee interface-number show rpr-ieee fairness detail A-62 Related Commands show rpr-ieee fairness history show rpr-ieee fairness history A-64 A-65 A-66 A-67 A-68 A-69 Related Commands show rpr-ieee fairnes s show rpr-ieee protection show rpr-ieee rate detail A-72 show rpr-ieee topology detail A-73 A-74 A-75 A-76 Page [no] shutdown spr-intf-id shared-packet-ring-number [no] spr load-balance {auto | port-based} spr station-id station-id-number spr wrap {immediate | delayed} [no] xconnect [destination] [vc-id] [encapsulation mpls] Page B Unsupported CLI Commands Unsupported Privileged Exec Commands Unsupported Global Configuration Commands Page Unsupported POS Interface Configuration Commands Unsupported POS Interface Configuration Commands (Cisco Proprietary RPR Virtual Interface) Unsupported IEEE 802.17 RPR Interface Configuration Commands Unsupported FastEthernet or GigabitEthernet Interface Configuration Commands Unsupported Port-Channel Interface Configuration Commands Unsupported BVI Interface Configuration Commands Page C Using Technical Support Gathering Information About Your Internetwork Getting the Data from Your ML-Series Card Providing Data to Your Technical Support Representative Page INDEX Numerics A B C Page Page D E F G H I J K L M N O P Q R S Page T U V