Security Features

Chapter 1 Cisco ASR 901 Router Overview

Features

monitoring, remote fault detection, and remote loopback, and IEEE 802.3ah Ethernet OAM discovery, link monitoring, remote fault detection, and remote loopback (requires the metro IP access or metro access image)

•Configuration replacement and rollback to replace the running configuration on a router with any saved Cisco IOS configuration file

•CPU utilization threshold logs.

•Password-protected access (read-only and read-write access) to management interfaces for protection against unauthorized configuration changes

•Configuration file security so that only authenticated and authorized users have access to the configuration file, preventing users from accessing the configuration file by using the password recovery process

•Multilevel security for a choice of security level, notification, and resulting actions

•Automatic control-plane protection to protect the CPU from accidental or malicious overload due to Layer 2 control traffic on UNIs or ENIs

•TACACS+, a proprietary feature for managing network security through a TACACS server

•RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users through authentication, authorization, and accounting (AAA) services

•Extended IP access control lists for defining security policies in the inbound direction on physical ports.

•Extended IP access control lists for defining security policies in the inbound and outbound direction on SVIs.

Quality of Service and Class of Service Features

•Configurable control-plane queue assignment to assign control plane traffic for CPU-generated traffic to a specific egress queue.

•Cisco modular quality of service (QoS) command-line (MQC) implementation

•Classification based on IP precedence, Differentiated Services Code Point (DSCP), and IEEE 802.1p class of service (CoS) packet fields, or assigning a QoS label for output classification

•Policing

–One-rate policing based on average rate and burst rate for a policer

–Two-color policing that allows different actions for packets that conform to or exceed the rate

–Aggregate policing for policers shared by multiple traffic classes

•Table maps for mapping CoS, and IP precedence values

•Queuing and Scheduling

–Class-based traffic shaping to specify a maximum permitted average rate for a traffic class

–Port shaping to specify the maximum permitted average rate for a port

–Class-based weighted queuing (CBWFQ) to control bandwidth to a traffic class

–Low-latency priority queuing to allow preferential treatment to certain traffic

Cisco ASR 901 Series Aggregation Services Router Software Configuration Guide

1-4	OL-23826-09

Page 56

Image 56

Cisco Systems A9014CFD manual Security Features, Quality of Service and Class of Service Features

Contents

Americas Headquarters Text Part Number OL-23826-09 Copyright 2011-2013, Cisco Systems, Inc N T E N T S Iii Related Documents Standards MIBs Standards MIBs Searching and Filtering Output of show and more Commands Split-Horizon8-6 Vii Restrictions Viii Manually Configuring an IP SLA CFM Probe or Jitter Operation Restrictions Overview Setting up Manual Preemption for Vlan Load Balancing Xii Configuring Mpls VPNs Xiii Xiv 19-6 Verifying Local Switching Verifying the Synchronous Ethernet configuration Xvi Cisco IOS IP SLA Xvii Marking Xviii Xix Technical Assistance Configuring Hsrp Xxi Configuring Link Layer Discovery Protocol Xxii How to Configure Bert Xxiii Xxiv 32-2 Configuring IPv6 Duplicate Address Detection Xxv Troubleshooting Tips BFD Xxvii Verifying Layer 2 Tunneling Xxviii Configuring Unspecified Bit Rate Xxix Creating IPv6 VRFs on PE Routers Xxx Technical Assistance Xxxi Finding Feature Information Xxxii Igmp Xxxiii IPv6 Multicast Groups Xxxiv Span Traffic Xxxv Xxxvi Document Number Date Change Summary About This GuideDocument Revision History Xxxviii Xxxix OL-23826-09 Xli Xlii Xliii Xliv Xlv Xlvi Objectives AudienceOrganization Xlvii Mpls OAM Xlviii SLA Xlix Conventions Chapter DescriptionConvention Description Boldface font Release Notes To access the related documentation on Cisco.com, go toRelated Documentation Lii Cisco ASR 901 Router Overview Features Performance FeaturesIntroduction This section contains the following topics Manageability Features Management Options Security Features Quality of Service and Class of Service Features Monitoring Features Layer 3 FeaturesLayer 3 VPN Services OL-23826-09 Licensing Finding Feature InformationContents Feature Overview Licenses Supported on Cisco ASR 901 RouterFollowing licenses are supported License Sl.No Chassis PID License PID Description Licensing Licenses Supported on Cisco ASR 901 Router Feature Based License Features SupportedLicense Features License Types Port or Interface Behavior Port Based/Mode License1588BC License Port Number Port Type Chassis PID License Required Example When Port Based License is not Installed Example When Port Based License is InstalledPort Based License Router# show ip interface brief 10gigUpgrade License Example When 10gigUpgrade License is not InstalledRouterconfig# interface gig 0/0 Router# show interface Ten0/1 Example When 10gigUpgrade License is Installed Example When Flexi License is not InstalledFollowing is a sample output from the show license command Flexi License Example When Flexi License is Installed Example When 1588BC License is not InstalledExample When 1588BC License is Installed Following example shows how to install the 1588BC license Use the license clear command to remove the 1588BC license Routerconfig-ptp-clk#no ptp clock boundary domainRemoving the 1588BC License Router# license clear 1588BC Installing the License Enable License install Copy tftp flash Show flashLicense install license-file-name Generating the License Example Command PurposeChanging the License Return Materials Authorization License Process Router# license install ?Example RMA Process Router# copy tftp flash Where to Go Next To verify the new license, use the show license command Standards MIBsRFCs Standard Technical Assistance Description Link Feature Information for Licensing Feature Name Releases Feature Information OL-23826-09 Before Starting Your Router First-Time ConfigurationSetup Mode Using Setup Mode Configuring Global Parameters Enter a hostname for the router this example uses Completing the Configuration Verifying the Cisco IOS Software Version Configuring the Hostname and PasswordPassword prompt appears. Enter your password Verifying the Hostname and Password Exit back to global configuration modeRouter# configure terminal Router# show config Managing and Monitoring Network Management Features Network Management Features for the ASR This section contains the following procedures Configuring Snmp Support Enables privileged Exec modeEnter your password if prompted Enters global configuration mode Form of this command removes the specified community string String-Community string is the password to access the SnmpProtocol View view-name-Optional Previously defined view. The view Command Notification-type -snmp authentication -Enables RFCEnvmon voltage shutdown supply fan temperature -When Temperature Snmp-server host command Command Purpose Configuring Remote Network Management Exits global configuration modeEnable Configure terminal Interface loopback number Command or Action Purpose Zero-Touch Deployment Image Download Zero-touch Deployment Configuring a Dhcp Server Network ip-address subnet-maskSpecifies to exclude IP address of the Dhcp server Ip dhcp Configuring a Tftp Server Creating a Bootstrap Configuration Configuring the Cisco Configuration Engine Enabling a Tftp Server on the Edge Router Configuration Examples Example Configuring Snmp SupportExample Configuring Remote Network Management Example Configuring a Dhcp Server Additional References Example Zero-touch DeploymentRelated Documents Related Topic Document Title MIBs Network Management Features for the ASR Using the Command-Line Interface Understanding Command Modes Entered. Use a password User Exec LogExit, or logout Use the interface Understanding the Help System Line consoleCtrl-Z or enter end Help Understanding Abbreviated Commands Understanding no and default Forms of CommandsUnderstanding CLI Error Messages Router# show conf Using Command History Changing the Command History Buffer SizeError Message Meaning How to Get Help Range is from 0 to Using Editing Features Recalling CommandsDisabling the Command History Feature Enabling and Disabling Editing Features Editing Commands through Keystrokes Capability Keystroke1 PurposePress Ctrl-Y Backspace key Editing Command Lines that Wrap Press Ctrl-V or Esc QReturn and Space bar Press Ctrl-L or Ctrl-R Router# show interfaces include protocol Accessing the CLICommand begin include exclude regular-expression Saving Configuration Changes Upgrading the Cisco IOS image Software UpgradeSelecting a Cisco IOS Image Router# show file system Copy the IOS Image from the Tftp serverIf the right steps are not followed properly Save the configuration and reload the router Verify the Cisco IOS upgradeVerify the Cisco IOS image in the file system Router# verify flashasr901-universalk9-mz.151-2.SNG Auto Upgrading the MCU Router# show version Manually Upgrading the Rommon Router# upgrade rom-monitor internal Auto Upgrade of RommonRommon AUTOUPGRADEROMMON=TRUE False Configuring Gigabit Ethernet Interfaces Configuring the InterfaceTo configure the GE interface, complete the following steps Enters enable mode Gigabitethernet 0/1 Setting the Speed and Duplex ModeCdp enable Mtu bytes Enabling the InterfaceModifying MTU Size on the Interface No mtu or default mtu command Verifying the MTU Size Configuring MAC FLap Control Complete the following steps to configure MAC Flap controlMAC Flap Control Restrictions and Limitations Configuring a Combo Port RestrictionsMac-flap-ctrl on per-mac mac-movement Time-interval Configures the media type Exits interface configuration mode and entersAuto-select-Specifies dynamic selection Physical connection Router# show interface gigabitethernet 0/7 Verifying the Media TypeRouter# show interface gigabitethernet 0/1 Configuring Ethernet Virtual Connections Supported EVC Features Ethernet Virtual Connections Understanding EVC FeaturesService Instances and EFPs Encapsulation To the appropriate EFP Configures default encapsulationBridge Domains Rewrite Operations Dhcp Client on Switch Virtual InterfaceSplit-Horizon Configuration Guidelines Configuring EFPsDefault EVC Configuration Creating Service Instances Service instance number ethernet name DefaultShow ethernet service instance Copy running-config startup-config Configuration Examples of Supported Features Example Configuring a Service InstanceExample Encapsulation Using a Vlan Range Example Bridge Domains and Vlan Encapsulation Router config-if-srv#rewrite ingress tag pop 1 symmetric Router config-if-srv#rewrite ingress pop 1 symmetricExample Rewrite Example Split Horizon Example Overlapping Encapsulation Configuration Examples of Unsupported FeaturesExample Filtering Interface type number How to Configure EVC Default EncapsulationConfiguring EVC Default Encapsulation with Bridge-Domain An identifier Configuring EVC Default Encapsulation with XconnectConfigures the default service instance Verifying EVC Default Encapsulation with Bridge-Domain Configuring Other Features on EFPs Verifying EVC Default Encapsulation with XconnectConfiguration Examples for EVC Default Encapsulation Example Configuring EVC Default Encapsulation with Xconnect EFPs and EtherChannels MAC Address Forwarding, Learning and Aging on EFPs No mac-address-table learning vlan vlan-id Interface type slot/port End Return to privileged Exec mode Routerconfig# no mac-address-table learning vlanAddresses learned on a particular VLAN/BD Router# show mac-address-table Configuring Ieee 802.1Q Tunneling using EFPs 802.1Q Tunneling QinQRouter# show mac-address-table interface 0/9 Router# show mac-address-table interface port-channel 1shows the tag structures of the double-tagged packets Configuration Examples You can use EFPs to configure 802.1Q tunneling in two ways Routed QinQ Configuration ExampleCisco ASR 901 router supports pop 2 configuration Example Configuring Bridge-Domain Routing Bridge Domain Routing How to Configure Dhcp Client on SVI Configuring Dhcp Client on SVIConfigures the Vlan interface and enters interface Interface type-number Configuration Example for Dhcp Client on SVI Verifying Dhcp Client on SVI EFPs and Switchport MAC Addresses EFPs and Mstp Command Description Monitoring EVC Sample Configuration with Switchport to EVC Mapping Configuration Example Line vty 0 4 login Additional References Supported EVC Features OL-23826-09 Understanding How EtherChannels Work Configuring EtherChannelsEtherChannel Feature Overview Understanding How EtherChannels Are Configured EtherChannel Configuration OverviewUnderstanding Manual EtherChannel Configuration Understanding Ieee 802.3ad Lacp EtherChannel Configuration Passive mode Passive mode Active modeActive mode Passive mode Router a Router B Result Understanding Load Balancing EtherChannel Configuration Guidelines and RestrictionsUnderstanding Port-Channel Interfaces Configuring Etherchannels Configuring Channel Groups Configuring the Lacp System Priority and System ID Configuration examples for Lacp system priority Configuring the Lacp Transmit Rate Lacp rate fast normal End Verifying the Lacp Transmit Rate Configuring EtherChannel Load BalancingConfiguration Examples Verifying the MTU Size on Port-Channel Enable Configure terminal Interface port-channel numberModifying MTU Size on Port-Channel EVC On Port-Channel Restrictions for EVC EtherChannel Configuring EVC on Port-Channel Verifying the ConfigurationRouter# show ethernet service evc id evc-idinterface Router# show ethernet service instance interface Troubleshooting Problem Solution Configuring Ethernet OAM Contents Configuring Ethernet CFM Understanding Ethernet CFMIP SLA Support for CFM 10-2 Default Ethernet CFM Configuration Ethernet CFM Configuration Restrictions and GuidelinesConfiguring the CFM Domain Configure terminal Enter global configuration mode 10-4 Second, 10 seconds, 1 minute and 10 minutes. The default We do not recommend configuring a large numberIs 2 to 255 the default is Optional Configure the maximum number of MEPs Example for Basic CFM configuration 10-6 Configuring Multi-UNI CFM MEPs in the Same VPN RestrictionsExit 10-7 Cfm mep domain domain-name mpid identifier 10-8 10-9 Alias alias-short-ma-name icc icc-code meg-idNumber ma-number vlan-id vlan-id vpn-id vpn-id 10-10 10-11 Configuring Ethernet CFM Crosscheck 10-12 Configuring Static Remote MEP Continuity-check static rmepStatic 10-13 10-14 Configuring a Port MEPService ma-name ma-number vpn-id port Configuring Snmp Traps 10-15 Configuring IP SLA CFM Operation Ethernet echo mpid identifier domain domain-nameEthernet jitter mpid identifier domain domain-name 10-16 Repeats. The range is from 1 to 604800 seconds the default Allowed by the protocol being used the default is 66 bytesSeconds to keep the operation in memory when it is not Seconds. The default is 0 seconds 10-18 10-19 Configuring CFM over EFP with Cross ConnectShow the configured IP SLA operation Configuring CFM over EFP Interface with Cross Connect 10-20 Example for untagged Encapsulation 10-21 Example for single tag Encapsulation 10-22 10-23 10-24 Configuring CFM with EVC Default EncapsulationCfm mep domain domain-name mpid mpid-value Verifying CFM with EVC Default Encapsulation 10-25 Configuring Y.1731 Fault Management Example Configuring CFM with EVC Default EncapsulationDefault Y.1731 Configuration 10-26 Configuring ETH-AIS 10-27 Configuring ETH-LCK Show ethernet cfm errorShow ethernet cfm smep interface interface-id Ethernet cfm lck link-status global 10-29 Managing and Displaying Ethernet CFM Information 10-31 Understanding the Ethernet OAM Protocol 10-32 OAM Features Following OAM features are defined by Ieee 802.3ahBenefits of Ethernet OAM 10-33 Link Monitoring 10-34 10-35 Setting Up and Configuring Ethernet OAMThis section includes the following topics Default Ethernet OAM Configuration Restrictions and GuidelinesEnabling Ethernet OAM on an Interface Ethernet oam Ms mode active passive timeout seconds Ethernet oam max-rate oampdus min-rate secondsShow ethernet oam status interface interface-id 10-37 10-38 Configuring Ethernet OAM Link MonitoringEnabling Ethernet OAM Remote Loopback 10-39 Ethernet oam link-monitor frame-period Threshold high high-frames none lowEthernet oam link-monitor frame-seconds 10-40 Configuring Ethernet OAM Remote Failure Indications Ethernet oam link-monitor receive-crc thresholdNo ethernet link-monitor on 10-41 Configuring Ethernet OAM Templates Dying-gasp link-fault actionError-disable-interface Ethernet oam remote-failure critical-event 10-43 Threshold high high-seconds none low Low-seconds window millisecondsEthernet oam link-monitor high threshold action Source-template template-name Displaying Ethernet OAM Protocol Information Show ethernet oam discovery interface interface-idShow ethernet oam statistics interface interface-id Show ethernet oam summary Verifying Ethernet OAM Configuration Verifying Information Oampdu and Fault StatisticsVerifying an OAM Session Verifying OAM Discovery Status Verifying Link Monitoring Configuration and Status 10-47 Understanding E-LMI Verifying Status of the Remote OAM Client10-48 Active Configuring E-LMI Default E-LMI ConfigurationRestrictions 10-49 Enabling E-LMI 10-50 Configuring Ethernet Loopback Understanding Ethernet LoopbackDisplaying E-LMI Information 10-51 Enabling Ethernet Loopback 10-52 10-53 10-54 10-55 Configuring Y.1564 to Generate Ethernet Traffic 10-56 Internal Mode 10-57 Configuring IP SLA for Traffic Generation Routerconfig# ip slaSpecify the SLA ID to start the IP SLA session 10-58 Measurement-type direction -Specifies the statistics 10-59 10-60 Example Two-Way Measurement 10-61 10-62 11-1 ITU-T Y.1731 Performance MonitoringPrerequisites for ITU-T Y.1731 Performance Monitoring 11-2 Restrictions for ITU-T Y.1731 Performance MonitoringInformation About ITU-T Y.1731 Performance Monitoring 11-3 Frame Delay and Frame-Delay VariationTwo-way Delay Measurement Frame Loss Ratio On-Demand and Concurrent OperationsSingle-ended ETH-SLM 11-4 How to Configure ITU-T Y.1731 Performance Monitoring Benefits of ITU-T Y.1731 Performance MonitoringSupported interfaces 11-5 11-6 Configuring Two-Way Delay MeasurementMax-delaymilliseconds Owner owner-id 11-7 Mac-address target-address -SpecifiesMac-address source-address -Specifies Boundary ,...,boundary -Lists upper 11-8 11-9 Configuring Single-Ended Synthetic Loss MeasurementEnable Configure terminal Asr901-platf-multi-nni-cfm 11-10 11-11 Mac-addresstarget-address-SpecifiesMac-addresssource-address-Specifies Exits IP SLA Y.1731 loss configuration mode Enters IP SLA configuration modeExits IP SLA configuration mode and enters global Owner-id-Specified the name of the Snmp Threshold-type average Number-of-measurements -Optional WhenNumber-of-measurements argument. The range is Threshold-type consecutive Threshold-type immediate -Optional When a Scheduling IP SLAs OperationsPrerequisites Threshold-value upper-threshold Individual IP SLAs operation Specifies an IP SLAs operation group numberRange of operation numbers to be scheduled for a Multi-operation scheduler Router-1#show running interface gigabitethernet0/0 Router# show ip sla configuration11-16 Example Verifying Ethernet CFM Performance Monitoring 11-17Router# show ethernet cfm pm session summary Router# show ethernet cfm pm session detail Router# show ip sla history interval-statistics Example Verifying History for IP SLAs Operations11-18 Configuring Direct On-Demand Operation on a Sender MEP 11-19 Configuring Referenced On-Demand Operation on a Sender MEP 11-20 Example On-Demand Operation in Direct Mode 11-21 Router# ip sla on-demand ethernet slm 2002 duration Example On-Demand Operation in Referenced Mode11-22 Releases, and feature sets, use Cisco MIB Locator found at Ieee 802.1ag ITU-T Y.1731 MEFFollowing URL 11-23 11-24 Feature Name Releases Feature Information 11-25 11-26 Configuring Resilient Ethernet Protocol Understanding Resilient Ethernet Protocol REPOverview 12-1 12-2 REP Open Segments 12-3 No-neighbor Topology Link Integrity Fast ConvergenceVlan Load Balancing VLB 12-4 12-5 Neighbor Offset Numbers in a Segment REP Ports 12-6 Configuring Resilient Ethernet Protocol REP Default REP ConfigurationREP Configuration Guidelines 12-7 12-8 Configuring the REP Administrative Vlan 12-9 Configuring REP Interfaces 12-10 Routerconfig# interface Gigabitethernet0/1 Service instance instance-idEnter the physical Layer 2 interface or port channel ID. Port-channel range is 1 to 12-12 12-13 12-14 Verifies the REP interface configurationFile Configuring REP as Dual Edge No-Neighbor Port 12-15 12-16 12-17 Rep segment segment-id edge no-neighborPrimary preferred 12-18 Cisco ASR 901 Dual Rep Edge No-Neighbor Topology Example76001 76002 12-19 Setting up Manual Preemption for Vlan Load Balancing 12-20 Configuring Snmp Traps for REP 12-21 12-22 Trap-rate commandMonitoring REP 12-23 Configuration Examples for REP Configuring the REP Administrative Vlan ExampleConfiguring a REP Interface Example This section contains the following examples Setting up the Preemption for Vlan Load Balancing Example Configuring Snmp Traps for REP ExampleMonitoring the REP Configuration Example 12-25 Cisco ASR 901 Topology Example 12-26 ASR2 12-27 12-28 12-29 12-30 13-1 Configuring MST on EVC Bridge DomainOverview of MST and STP 13-2 Overview of MST on EVC Bridge DomainRestrictions and Guidelines 13-3 MST0 Configuring MST on EVC Bridge Domain 13-4 13-5 Specifies the gigabit ethernet interface to configureSlot/port-Specifies the location of the interface 13-6 Configuration Example for MST on EVC Bridge DomainVerification 13-7 Router# show spanning-tree vlan Router# show spanning-tree mst This example shows MST on port channels13-8 Troubleshooting Tips 13-9 13-10 Configuring Multiprotocol Label Switching 14-1 14-2 15-1 Configuring EoMPLSUnderstanding EoMPLS Configuring EoMPLS 15-2 EoMPLS Configuration Example 15-3 Configuring Pseudowire Redundancy Configuration CommandsSpecifies an interface to configure Configures encapsulation type for the service instance Configure terminal Enters global configuration mode Example Port Based EoMPLSShow mpls l2t vc id 15-5 Routerconfig# xconnect Encapsulation mpls 15-6 16-1 Configuring Mpls VPNsUnderstanding Mpls VPNs Configuring Mpls VPNs Configuration Examples for Mpls VPNPE1 Configuration 16-2 Configuring Mpls VPNs Configuration Examples for Mpls VPN 16-3 16-4 Provider Configuration 16-5 16-6 PE2 ConfigurationInterface details Ospf and BGP details 16-7 Loop Back details 16-8 16-9 16-10 Configuring Mpls OAM Understanding Mpls OAMLSP Ping 17-1 Configuring Mpls OAM LSP Ping over PseudowireLSP Traceroute 17-2 Using LSP Ping for LDP IPv4 FEC Using LSP Traceroute for LDP IPv4 FECUsing LSP Ping for Pseudowire Ping mpls ipv4 Using LSP Traceroute over Pseudowire Displaying AToM Vccv capabilitiesShow mpls l2transport binding vcid Vc-id-value Configuring Routing Protocols Changing Default Hashing Algorithm for EcmpAsr901-ecmp-hash-config global-type 18-1 18-2 19-1 Configuring BFDUnderstanding BFD BFD Configuration Guidelines and Restrictions Configuring BFD for OspfConfiguring BFD for Ospf on One of More Interfaces Enables BFD for Ospf on the interface Configuring BFD for Ospf on All Interfaces Creates a configuration for an Ospf processSpecifies the BFD session parameters Process Configuring BFD for BGP Configuring BFD for IS-ISConfiguring BFD for IS-IS on a Single Interface 19-4 Configuring BFD for IS-IS for All Interfaces 19-5 Configuring BFD for Static Routes 19-6 Configuration Examples for BFD BFD with Ospf on All InterfacesBFD with Ospf on Individual Interfaces 19-7 BFD with BGP BFD with IS-IS on All InterfacesBFD with IS-IS on Individual Interfaces 19-8 BFD with Static Routes 19-9 19-10 20-1 Configuring T1/E1 ControllersConfiguring the Card Type 20-2 Configuring E1 ControllersSubslot Channel-group channel-no timeslots timeslot-list 64 command 20-3 Configuring T1 Controllers 20-4 20-5 Troubleshooting ControllersTroubleshooting E1 Controllers Troubleshooting T1 Controllers Payload loopback mode of the framer. The framer re-clocksReceiver Incoming traffic Local line Path to the receiver path20-7 20-8 Configuring Pseudowire 21-1 21-2 Understanding PseudowiresStructure-Agnostic TDM over Packet Hot Standby Pseudowire Support for ATM/IMA Transportation of Service Using Ethernet over MplsLimitations 21-3 Configuring Pseudowire Configuring Pseudowire ClassesXconnect ip pw-class pseudowire-class Cem group-number 21-5 Configuring CEM Classes Class cem cem-class-nameCem group-number Cem class cem-class-name Xconnect ip-addressencapsulation mpls 21-7 Configuring a Backup Peer Enable Configure terminal Interface cemslot/portSpecifies the CEM class name Xconnect peer-loopback-ip-addressencapsulation mpls 21-9 Configuring Structure-Agnostic TDM over PacketXconnect ip-addressencapsulation mpls Exit 30.30.30.2 255.255.255.255 21-10 Configuring a SAToP Pseudowire with UDP Encapsulation Pseudowire-classpseudowire-class-nameXconnect peer-router-id vcid pseudowire-class name Udp port local-udp-port remote remote-udp-port 21-12 Values for SAToP pseudowires using UDP are from Exits the configuration modeRemote peer Exits the CEM interface Enable Configure terminal Controller e1 t1 slot/port Cem-groupgroup-number timeslots timeslotExit Interface CEMslot/port Xconnect ip-addressencapsulation mpls Exit End Configuring a CESoPSN Pseudowire with UDP Encapsulation Exits configuration modeDefines a CEM channel Recommend that you build a route from the xconnect address 21-16 Exits pseudowire-class configuration modeUdp port local localudpport remote remoteudpport 21-17 QoS for CESoPSN over UDP and SAToP over UDP 21-18 Service instance instance-number Although the symmetric keyword appears to be optional, you21-19 Xconnect ip-addressencapsulation Configuring L2VPN Pseudowire Redundancy Selects an E1 or T1 controllerCreates a CEM interface and assigns it a CEM group number 21-20 21-21 Configuring ATM/IMA Pseudowire Redundancy in PVC Mode Example Pseudowire RedundancyBackup peer peer-router-ip-addr vcid Interface interface-name 21-23 Configuring ATM/IMA Pseudowire Redundancy in PVP Mode Or more virtual circuits VCsVpi-ATM network virtual path identifier VPI of the VC to Multiplex on the permanent virtual path 21-25 Configuring ATM/IMA Pseudowire Redundancy in Port ModeTransport over Mpls AToM static pseudowire Verifying Hot Standby Pseudowire Support for ATM/IMA Peer-router-ip-addr-IP address of the remote peer router21-26 Router# show mpls l2transport vc TDM Local Switching 21-27 Configuring TDM Local Switching on a T1/E1 Mode 21-28 21-29 Configuration Example for Local SwitchingVerifying Local Switching ATM/IMA 21-30 21-31 Configuration Examples for PseudowireExample TDM over Mpls Configuration-Example 21-32 Asrb 21-33 21-34 Following configuration uses CESoSPN with UDP encapsulationExample CESoPSN with UDP Example Ethernet over Mpls 21-35 21-36 Feature Information for Configuring Pseudowire 21-37 21-38 22-1 Configuring ClockingRestrictions Configuring Network Clock for Cisco ASR 901 Router 22-2 Configuring Network Clock in Global Configuration Mode 22-3 22-4 Example for GPS interface 22-5 Configuring Network Clock in Interface Configuration Mode 22-6 Understanding SSM and Esmc Synchronization Status MessageEthernet Synchronization Messaging Channel Clock Selection Algorithm Configuring Esmc in Global Configuration Mode QL-disabled modeEsmc behavior for Port Channels Esmc behavior for STP Blocked Ports Configuring Esmc in Interface Configuration Mode 22-9 22-10 Verifying Esmc ConfigurationShow esmc Managing Synchronization Show network-clock synchronization22-11 Router#show esmc interface gigabitEthernet 0/10 Synchronization Example 22-12 Configuring Synchronous Ethernet for Copper Ports Verifying the Synchronous Ethernet configurationConfigures synchronous ethernet copper port as slave Configures synchronous ethernet copper port as master 22-14 22-15 Troubleshooting Tips Synchronization detail RP command to confirmShown in this example 22-16 Troubleshooting Esmc Configuration 22-17 Configuring PTP for the Cisco ASR 901 Router 22-18 Setting System Time to Current Time Configuring PTP Ordinary ClockConfiguring Master Ordinary Clock 22-19 Priority1 priority-value Priority2 priority-value 22-20 Configuring Slave Ordinary Clock 22-21 Clock source source-address 22-22 22-23 22-24 Configuring PTP in Unicast Mode Configuring PTP in Unicast Negotiation ModePort Name Port Role Configures Cisco ASR 901 router on unicast Configured with this commandPTP Boundary Clock Negotiation mode. The following options can be 22-27 Configuring PTP Boundary ClockClock-port port-namemaster 22-28 Exits clock port configuration mode Verifying PTP modesOrdinary Clock 22-29 Router# show ptp clock dataset default Boundary Clock22-30 Router# show ptp clock dataset time-properties domain Router# show ptp clock runn dom Verifying PTP Configuration on the 1588V2 Slave22-31 Verifying PTP Configuration on the 1588V2 Master Typical configuration on a 1588V2 master is22-32 Router# show ptp clock running domain 22-33 22-34 Configuring a Hybrid Ordinary ClockPTP Hybrid Clock Hybrid-Optional Enables the PTP boundary clock To work in hybrid mode. Enables the hybrid clock suchThat the output of the clock is transmitted to the remote Slaves 22-36 Configuring a Hybrid Boundary Clock 22-37 22-38 Router# show running-config section ptpVerifying Hybrid modes Router#show platform ptp channelstatus SSM and PTP Interaction22-39 ClockClass Mapping PTP RedundancyTelecom Profiles 22-40 Configuring Telecom Profile in Slave Ordinary Clock Clock source source-address priorityEnd 22-41 22-42 Configuring Telecom Profile in Master Ordinary Clock 22-43 Verifying Telecom profile Timing packets with a PTP slave devices22-44 Router#show ptp port running detail 22-45 Router#show ptp clock running domain Setting the TimeProperties Static Unicast ModeASR901 Negotiation Mechanism 22-46 Configuring ToD on 1588V2 Slave 22-47 22-48 23-1 Configuring Ipsla Path DiscoveryCisco IOS IP SLA Configuration Parameters 23-2 Example for Ipsla Path Discovery 23-3 Router#show ip sla mpls-lsp-monitor neighbors This example shows the LPD parameter values configured23-4 Two-Way Active Measurement Protocol 23-5 Configuring Twamp 23-6 Configuring the Twamp Server Enable Configure terminal Ip sla server twampPort port-number 23-7 Configuring the Twamp Reflector Configuration Examples for TwampConfigures the switch as a Twamp responder, and enter Twamp 23-8 Example Configuring the Router as an IP SLA Twamp server Example Configuring the Router as an IP SLA Twamp ReflectorRouterconfig# ip sla server twamp Routerconfig# ip sla responder twamp 23-10 Configuring QoS 24-1 Understanding QoS 24-2 24-3 Default QoS for Traffic from External Ethernet PortsDefault QoS for Traffic from Internal Ports Modular QoS CLI 24-4 24-5 Input and Output PoliciesInput Policy Maps 24-6 Access Control ListsOutput Policy Maps Classification 24-7 24-8 Match CommandClass Maps Classification Based on Layer 2 CoS Classification Based on IP PrecedenceClassification Based on IP Dscp 24-9 Classification Comparisons This display shows the available classification optionsPer-hop Decimal Precedence CoS 24-10 24-11 Classification Based on QoS GroupsTraffic Type Per-hop Decimal Precedence CoS Classification Based on Vlan IDs 24-12 Table Maps 24-13 Policing 24-14 24-15 Individual PolicingGigabitethernet port Unconditional Priority Policing 24-16 Configuration Example Routerconfig# policy-map policy1Egress Policing 24-17 24-18 Routerconfig# policy-map ExampleMarking 24-19 Congestion Management and SchedulingTraffic Shaping Routerconfig# policy-map out-policy Routerconfig# policy-map out-policy-parentRouterconfig-pmap-c#service-policy out-policy 24-20 Class-Based Weighted Fair Queuing This is an example of a parent-child configurationRouterconfig# policy-map parent 24-21 Routerconfig-pmap-c#bandwidth remaining percent 24-22 Priority Queuing 24-23 Routerconfig# policy-map pmapbckbone Ingress and Egress QoS FunctionsIngress QoS Functions 24-24 Configuring Quality of Service QoS QoS LimitationsEgress QoS Functions 24-25 24-26 General QoS LimitationsStatistics Limitations Propagation Limitations Classification LimitationsGigabitEthernet Value Marking Limitations 24-28 Congestion Management Limitations Precedence Prec-transmit Qos-groupQueuing Limitations Rate Limiting Limitations ACL-based QoS Restrictions Policing withShaping Limitations 24-30 Improving Feature Scalability QoS for MPLS/IP over MlpppTcam with QoS QoS for CPU Generated Traffic QoS Configuration Guidelines 24-32 Sample QoS Configuration 24-33 Configuring Classification Enter the passwordCreating a Class Map for Classifying Network Traffic 24-34 24-35 Attaching the Policy Map to an Interface 24-36 Attaching Policy Map to Cross Connect EVC 24-37 Configuring Marking 24-38 Creating a Class Map for Marking Network Traffic 24-39 Traffic Attributes Network Layer Protocol Set cosSet dscp Set qos-group Configuring Mpls Exp Bit Marking using a Pseudowire Specify an EVCSpecify an encapsulation type for the EVC 24-41 Configuring Congestion Management Configuring Low Latency Queueing LLQUse the policy-mapcommand to define a policy map 24-42 24-43 Configuring Multiple Priority QueueingPolicy-map interface commands to verify your configuration 24-44 Configuring Class-Based Weighted Fair Queuing Cbfq Use the exit command to exit class map configurationUse the exit command to exit the policy map configuration 24-45 Weighted Random Early Detection Wred Amount of bandwidthThis step is optional 24-46 Configuring Shaping No random-detect discard-class-basedNo random-detect discard-class value 24-47 Configuring the Secondary-Level Child Policy Map 24-48 24-49 Configuring Ethernet Trusted ModeCreating IP Extended ACLs Using Class Maps to Define a Traffic Class Class-map match-all match-anyClass-map-name 24-50 Match cos cos-list ip dscp dscp-list Ip precedence ip-precedence-listQos-group value vlan vlan-list Show class-map Creating a Named Access List Match access-group name access-group-namePermit source source-wildcard any log Class-mapclass-map-name What to do Next 24-53 Router# show ip access-lists tcam1 Tcam with ACL24-54 Router# show run int gig 0/1 Verifying Named Access List Router# show access-lists tes45624-55 Router# show policy-map interface gigabitethernet 0/0 24-56 Configuration Example for Named Access ListRouter# show running-config 24-57 Class-map match-any test 24-58 24-59 24-60 24-61 QoS Treatment for Performance-Monitoring Protocols Cisco IP-SLAsQoS Treatment for IP-SLA Probes QoS Marking for CPU-Generated Traffic QoS Queuing for CPU-Generated Traffic 24-63 Configuring Class-map for Matching Mpls EXP Bits To enter QoS class-map configuration modeExtending QoS for Mlppp Class in the policy map 24-65 Configuring Class-map for Matching IP Dscp ValueMatch ip dscp dscp-value...dscp-value This configuration packets with IP Dscp of value af11 are Dscp-value-The Dscp value used to identify a Dscp value24-66 Match ip dscp Configuring a Policy-map 24-67 Class class-default Bandwidth percent bandwidth-percent ExitExampleclass 24-68 Value in the type of service ToS byte Bits defined by the policy mapDscp-value-The Dscp value used to identify a Dscp 24-69 Enable Configure terminal Interface multilink group-number Attaching the Policy-map to Mlppp InterfaceIp address address subnet mask 24-70 24-71 Re-marking IP Dscp Values of CPU Generated Traffic 24-72 Re-marking Mpls EXP Values of CPU Generated Traffic Generated trafficAre 0 to 24-73 Configuring a Policy-map to Match on CS5 and EXP4 Class and enters QoS class-map configuration modeBandwidth percent bandwidth-percent Set ip dscp dscp-value Class-map-name-The name used for class map Value in the type of service ToS byte As a match criterionCs-value-The Class SelectorCS value Class-map-name-Name of the class for the class map 24-76 Configuring Class-map for Matching Mpls EXP BitsExits QoS policy-map class configuration mode Configuring Class-map for Matching IP Dscp Value Configuring a Policy-mapFollowing example shows a configuration of a policy-map 24-77 24-78 Configuring a Policy-map to Match on CS5 and EXPAttaching the Policy-map to Mlppp Interface Verifying Mpls over Mlppp Configuration 24-79 24-80 Troubleshooting Tips 24-81 24-82 Example Tcam troubleshooting related error 24-83 Entries used 256/256 no free entries available Routerconfig-if-srv#service-policy input policy224-84 We now have enough free entries to configure policy2 Routerconfig-if-srv#no service-policy input policy1Entries used 195/256 after unconfiguring policy1 24-85 Entries used 220/256 after configuring policy2 24-86 Related Topic Document Title 24-87 Feature Information for Configuring QoS 24-88 Configuring Mlppp 25-1 Mlppp Optimization Features PrerequisitesDistributed Multilink Point-to-Point Protocol Offload Mpls label protocol ldp 25-3 Multiclass MlpppMpls over Mlppp Mpls Label imposition LER Mpls Label switching LSR 25-4 25-5 Mpls over Mlppp on Core LinksMpls over Mlppp on CE to PE Links Configuring Mlppp Backhaul Configuring the Card Type, E1 and T1 ControllersConfiguring a Multilink Backhaul Interface Creating a Multilink Bundle Configuring Mrru Example configures an IP address and subnet maskExample creates a multilink bundle 25-7 25-8 Configuring PFC and AcfcRemote apply, pfc local request, and pfc remote apply 25-9 Configuration requests Requests. The syntax is as followsAcfc option are not accepted 25-10 25-11 Enabling Multilink and Identifying the Multilink InterfaceKeepalive period retries Ppp multilink group group-number 25-12 25-13 Mlppp OffloadPpp multilink idle-link Ppp multilink queue depth Configuring Mpls over the Mlppp on a Serial Interface Configuring Additional Mlppp SettingsPpp multilink Ppp multilink group group-number Exit 25-14 25-15 Configuring Mpls over Mlppp for Ospf Number, and enters the interface configuration mode25-16 Interface multilink group-number 25-17 Configuration Examples for Mpls over Mlppp 25-18 Verifying Mpls over Mlppp Configuration 25-19Router# ping mpls ipv4 6.6.6.6/32 Router# show mpls ldp bindings 6.6.6.6 25-20 25-21 Feature Information for Mlppp 25-22 Onboard Failure Logging Understanding ObflRetrieval of the Obfl message Recording Obfl Messages 26-2 Configuring ObflVerifying Obfl Configuration 26-3 Clilog summary 26-4 27-1 Text Authentication Information About Hsrp and VrrpOverview of Hsrp and Vrrp Preemption How to Configure Hsrp Configuring HsrpComplete the following steps to configure Hsrp Standby group-numberauthentication text string 27-4 Configuration Examples for Hsrp Example Configuring Hsrp Active RouterExample Configuring Hsrp Backup Router 27-5 How to Configure Vrrp Example Hsrp Text AuthenticationConfiguring Vrrp Interface type number Ip ip-address mask 27-7 Vrrp group-numberauthentication text stringVrrp group-numberpriority level Configuration Examples for Vrrp Example Configuring a Vrrp Master RouterExample Configuring a Vrrp Backup Router 27-8 Example Vrrp Text Authentication 27-9 27-10 Feature Information for Hsrp and Vrrp 27-11 27-12 Configuring Link Layer Discovery Protocol 28-1 How to Configure Lldp Configuring LldpRestrictions for Lldp Overview of Lldp 28-3 Configuration Example for Lldp Example Configuring Hold TimeVerifying Lldp Example Enabling Lldp Globally 28-5 Example Configuring Delay TimeExample Configuring Intervals 28-6 28-7 Feature Information for Lldp 28-8 Configuring Multihop Bidirectional Forwarding Detection 29-1 How to Configure Multihop BFD Configuring Multihop BFD TemplateRestrictions for Multihop BFD Information About Multihop BFD 29-3 Configuration Examples for Multihop BFD Configuring a Multihop BFD MapExample Configuring Multihop BFD Configuration for Router a Configuration for Router B 29-5Interface Fast Ethernet 0/1 Interface Fast Ethernet 6/0 29-6 Feature Information for Multihop BFD 29-7 29-8 30-1 Bit Error Rate TestingPrerequisites 30-2 How to Configure BertBert Pattern Description Enable Configure terminal Controller t1 e1 slot/port Performing Bert on a T1/E1 LineTerminating Bert on a T1/E1 Controller 30-3 Routerconfig-controller# no bert pattern Verifying Bert on a T1/E1 ControllerNo bert pattern pattern interval time 30-4 Following is a sample configuration of the Bert feature 30-5 Feature Information for Bit Error Rate Testing 30-6 30-7 30-8 Microwave ACM Signaling and EEM Integration 31-1 31-2 QoS Policy Adjustment IGP Metric AdjustmentBenefits Link Removal 31-4 Configuring Connectivity Fault ManagementBridge-domainbridge-domain-id 31-5 31-6 Configuring EEP Applet Using CLIs 31-7 31-8 Configuring Event Handler Exits applet configuration modeAn EEM applet is triggered 31-9 31-10 Example Configuring CFM Example Configuring EEP AppletFollowing is a sample configuration of CFM 31-11 31-12 Action 104 set n $ringnodes 31-13 Action 442 cli command isis metric $dlc 31-14 31-15 Example Configuring Event HandlerFollowing is a sample configuration of Event Handler Cisco ASR 901 Router Commands CFM Support for Microwave AdaptiveBandwidth Transport Integration with Microwave ACM 31-16 31-17 31-18 IPv6 Support on the Cisco ASR 901 Router 32-1 Prerequisites for IPv6 Support on the Cisco ASR 901 Router 32-2 Benefits Overview of IPv6IPv6 Address Formats 32-3 Static Configuration IPv6 Addressing and DiscoveryIPv6 Address Type Preferred Format Compressed Format 32-4 32-5 Stateless AutoconfigurationICMPv6 IPv6 Duplicate Address Detection IPv6 Neighbor DiscoveryIPv4 and IPv6 Dual-Stack on an Interface 32-6 Routing Protocols Bidirectional Forwarding Detection for IPv6IS-IS Enhancements for IPv6 OSPFv3 for IPv6 32-8 Configuring IPv6 Addressing and Enabling IPv6 RoutingQoS for IPv6 32-9 Configuring a Static IPv6 Route Global configuration modeEnables the forwarding of IPv6 unicast datagrams Enables Cisco Express Forwarding CEF globally on Enabling Stateless Auto-Configuration Administrative-multicast-distance -OptionalIpv6 address autoconfig 32-11 32-12 Ipv6 enable orImplementing IPv6 on Vlan Interfaces Implementing IPv6 Addressing on Loopback Interfaces 32-13 32-14 Configuring ICMPv6 Rate LimitingEnable Configure terminal Ipv6 icmp error-interval interval 32-15 Configuring IPv6 Duplicate Address DetectionIpv6 nd dad attempts value Configuring IPv6 Neighbor Discovery 32-16 Configuring IPv6 and IPv4 Dual-Stack on the Same Vlan 32-17 Configuring OSPFv3 for IPv6 Configures an IPv4 address on the interfaceConfigures IPv6 address on the interface Enables IPv6 address on the interface Configuring IS-IS for IPv6 Enable Configure terminal Router isis area-tagNet network-entity-tag Ipv6 router isis area-name 32-20 Configuring Multiprotocol-BGP for IPv6 32-21 32-22 Configuring BFD for IPv6Specifying a Static BFDv6 Neighbor 32-23 Associating an IPv6 Static Route with a BFDv6 NeighborInterface-number -SVI name 32-24 Configuring BFDv6 and OSPFv3 32-25 Configuring BFDv6 for BGP 32-26 Exits global configuration mode and enters privileged Exec modeImplementing QoS for IPv6 Verifying IPv6 Addressing Routing Router# show ipv6 route Verifying a Static IPv6 Route32-28 Verifying a Stateless Auto-Configuration Verifying IPv6 Implementation on Vlan Interfaces32-29 Router# show ipv6 interface loopback Verifying ICMPv6 Configuration Verifying IPv6 Implementation on Loopback Interfaces32-30 Router# show ipv6 interface loopback0 32-31 Router# show ipv6 traffic Verifying IPv6 Duplicate Address Detection Configuration 32-32 Verifying IPv6 Neighbor Discovery Configuration Verifying IPv6 and IPv4 Dual-Stack Configuration32-33 Router# show ipv6 neighbors detail Verifying OSPFv3 for IPv6 Configuration As shown in the example32-34 Router# show ipv6 ospf Verifying IS-IS for IPv6 Configuration Verifying Multiprotocol-BGP for IPv6 Configuration32-35 Router# show isis ipv6 rib 32-36 BGP Router# show bfd neighbors Verifying BFD for IPv6 Configuration32-37 Verifying BFDv6 and OSPFv3 Configuration 32-38 Verifying BFDv6 for BGP Configuration 32-39 Example Configuring IPv6 Duplicate Address Detection Example IPv6 Addressing on Vlan InterfacesExample IPv6 Addressing on Loopback Interfaces Example Customizing ICMPv6 Example Configuring IPv6 Neighborhood Discovery Example Enabling IPv6 Stateless Address AutoconfigurationExample Configuring the IPv4 and IPv6 Dual-Stack Example Configuring IPv6 Static Routing Example Configuring BFD and Static Routing for IPv6 Example Configuring OSPFv3 for IPv6Example Configuring BFD and OSPFv3 for IPv6 Following is a sample configuration of OSPFv3 for IPv6 32-43 Example Configuring IS-IS for IPv6Following is a sample configuration of IS-IS for IPv6 Example Configuring Multiprotocol-BGP for IPv6 32-44 Example Configuring BFD and Multiprotocol-BGP for IPv6 32-45 No ipv6 nd suppress-ra command to enable Debug Commands Show Commands Platform Hardware CommandsRoute advertisement messages. Also, define a Valid prefix pool for IPv6 32-47 32-48 32-49 Chapter of the IPv6 Configuration Guide provide 32-50 32-51 BGP for IPv6 chapter of the IPv6 Configuration GuideAggregation Services Router Software Configuration Guide 32-52 Labeled BGP Support 33-1 How to Configure Labeled BGP Support Overview of Labeled BGP SupportVPN/VRF over RFC 33-2 33-3 Configuration Example for Labeled SupportSend-label option Verifying Labeled BGP Support 33-4Router# show bgp ipv4 unicast labels Labels 33-5 Vpnv4 all labelVpnv4 vrf LTE12 label Router# show ip cef vrf LTE12 113.22.12.0 internal 33-6 33-7 RFC-3107Carrying Label Information in BGP-4 Feature Information for Labeled BGP Support 33-8 Mpls Traffic Engineering Fast Reroute Link Protection 34-1 34-2 34-3 BFD-triggered Fast RerouteR2 R3 34-4 Fast RerouteLink Protection Enables Mpls TE tunnel signaling on the specified interface Enabling Mpls TE-FRR on an SVI InterfaceEnabling Mpls TE-FRR for EoMPLS on a Global Interface Mpls traffic-eng tunnels Pseudowire-class pw-class-name 34-6 34-7 Enabling Mpls TE-FRR for EoMPLS on an InterfaceXconnect peer-ip-address vc-id pw-classpw-class-name 34-8 Enabling Mpls TE-FRR for IS-IS 34-9 34-10 Configuring Primary One-hop Auto-Tunnels 34-11 34-12 Configuring Backup Auto-Tunnels 34-13 Mpls ldp discovery targeted-hello accept command 34-14 Ip rsvp signalling hello bfd Enabling BFD Triggered FRR on an SVI InterfaceMessages from all neighbors 34-15 Configuration mode Enable Configure terminal Ip rsvp signalling hello bfdEnabling BFD Triggered FRR on a Router 34-16 Verifying Mpls TE-FRR Configuration Verification Examples34-17 Router# show mpls traffic-eng tunnels brief Use the following command to verify the reservation detail Router# show mpls traffic-eng tunnels backup34-18 Router# show mpls traffic-eng fast-reroute database Verifying Backup Auto-Tunnels Verifying Primary One-hop Auto-Tunnels34-19 Router# show ip rsvp fast-reroute Verifying BFD Triggered FRR Configuration 34-20 34-21 Database 34-22 Router# show ip rsvp hello 34-23 Router# show ip rsvp interface detailRouter# show ip rsvp hello bfd nbr Router# show ip rsvp hello bfd nbr detail Example Configuring Mpls TE-FRR Example Configuring Primary One-hop Auto-TunnelsExample Configuring Backup Auto-Tunnels Example Configuring BFD Triggered FRR Mpls TE FRR 34-25 34-26 34-27 34-28 Layer 2 Control Protocol Peering, Forwarding, and Tunneling 35-1 35-2 Layer 2 Control Protocol ForwardingLayer 2 Control Protocol Tunneling 35-3 Configuring Layer 2 Peering Default Action Configuration OptionL2protocol peer protocol 35-4 Configuring Layer 2 Forwarding 35-5 Routerconfig-if# l2proto-forward tagged Cdp Routerconfig-if# service instance EthernetProtocol-Specifies the protocol to be forwarded 35-6 Configuring Layer 2 Tunneling 35-7 L2protocol tunnel protocol Bridge-domain bridge-id 35-8 Verifying Layer 2 Peering Verifying Layer 2 ForwardingVerifying Layer 2 Tunneling 35-9 Example Configuring Layer 2 Peering Example Configuring Layer 2 ForwardingFollowing is a sample configuration of layer 2 peering 35-10 Example Configuring Layer 2 Tunneling 35-11 Router 35-12 35-13 Commands Cisco IOS LAN Switching Commands 35-14 Following command was introduced l2proto-forward 35-15 35-16 Configuring Inverse Muliplexing over ATM 36-1 How to Configure IMA 36-2 Configuring ATM IMA on T1/E1 Interface Ima-groupima-group-numberInterface ATMslot-number/IMAima-group-number No ip address Atm bandwidth dynamic No atm ilmi-keepalive 36-4 Configuring ATM IMA over MplsConfiguring the T1/E1 Controller Configuring an ATM IMA Interface Clock source internalIma-groupgroup-number 36-5 Configuring ATM over Mpls Pseudowire Interface Disables the Ilmi keepalive parametersYou can configure ATM over Mpls in the following modes 36-6 Configuring a Port Mode Pseudowire Configuring an N-to-1 VCC Cell ModeConfigures the ATM interface 36-7 Configuring an N-to-1 vPC Cell Mode Enable Configure terminal Interface ATMslot/IMAgroup-numberXconnect ip-addressport-numberencapsulation mpls one-to-one 36-8 ATM AAL5 SDU VCC Transport 36-9 Verifying IMA Configurations Sets the encapsulation type to AAL5. AAL5 is the defaultL2transport encapsulation for the VCC mode 36-10 How to Configure ATM Class of Service Configuring Constant Bit RateEnters the global configuration mode 36-11 36-12 Configuring Unspecified Bit RateMode Configuring Unspecified Bit Rate Plus ATM class of service with the rate equal to the bandwidthIMA links and the bandwidth of each link Ubr+ pcr-rate mcr-rate Configures the UBR+ QoS class for an ATM permanent virtual Circuit and specifies the bandwidthPcr-rate-Peak cell rate in Kbps Mcr-rate-Peak cell rate in Mbps Configuration Examples Example Configuring a Port Mode PseudowireExample Creating an IMA Interface 36-15 Example Configuring an N-to-1 VCC Cell Mode Example Configuring an N-to-1 VPC Cell ModeExample Configuring CBR Example Configuring UBR Configuring Marking Mpls Experimental Bits Example Configuring UBR PlusExample Configuring VBR for Real Time Traffic Example Configuring VBR for Non-Real Time Traffic 36-18 Applying the Policy-mapApplying a Policy map on PVC and PVP Disables the Ilmi trap parameters Sets the PVC encapsulation type to AAL0Attaches a policy map to the input interface 36-19 Applying a Policy map on ATM IMA Interface 36-20 Creating a Table-map Table-maptable-map-name36-21 Interface ATM slot/IMA group-number Default copy Creating a Policy-map for SVI InterfaceMap from from-value to to-value 36-22 36-23 Applying a Service Policy on SVI InterfaceMpls ip Service-policy output policy-map-name 36-24 36-25 Feature Information for Inverse Multiplexing over ATM 36-26 IPv6 over Mpls 6PE and 6VPE 37-1 37-2 37-3 Benefits of 6PE and 6VPEIPv6 on Provider Edge Routers IPv6 on VPN Provider Edge Routers Components of MPLS-based 6VPE NetworkIPv6 router on the customer PE equipment, connected to CEs and entry Supported Features 37-5 How to Configure IPv6 over Mpls 6PE and 6VPE Configuring 6PEScalability Numbers Interface Numbers 37-7 Address-family ipv6Exit-address-family 37-8 37-9 Configuring 6VPESetting up IPv6 Connectivity from PE to CE Routers Setting up MP-BGP Peering to the Neighboring PE VRF table for an IPv6 addressVrf-name-Optional a specific VRF table for an IPv6 37-10 Places the router in address family configuration mode for Enable the exchange of information with a BGP neighborAddress prefixes Extended-Specifies that only extended communities will be Setting up MPLS/IPv4 Connectivity with LDP 37-12 Creating IPv6 VRFs on PE Routers 37-13 To configure dual-stack VRF, complete the following steps Sessions that use standard IPv4 address prefixes37-14 Address-family ipv4 Verifying IPv6 over Mpls 6PE and 6VPE Configuration 37-15Router# show bgp vpnv6 unicast all Router# show ipv6 protocols vrf vpe1 37-16 Router# show ipv6 cef vrf cisco1 Router# show mpls forwarding-table vrf vpe1 37-17Router# show ipv6 route vrf Example Configuring 6PE Following is a sample configuration of 6PE37-18 Router# show bgp ipv6 200133/64 37-19 Example Configuring 6VPEFollowing is a sample configuration of 6VPE 37-20 Feature Information for IPv6 over Mpls 6PE and 6VPE 37-21 37-22 Storm Control 38-1 Configuring Storm Control 38-2 38-3 Verifying Storm Control 38-4 Configuring Error Disable Recovery Errdisable recovery cause38-5 Storm-control Monitoring Error Disable Recovery Seconds-Specifies the time to recover from a specifiedError-disable cause Cause Router# debug platform hardware ether SC Configuration Example for Storm Control38-7 38-8 Feature Information for Storm Control 38-9 38-10 Remote Loop-Free Alternate Fast Reroute 39-1 39-2 39-3 Remote LFA-FRR Link Protection Pseudowire Redundancy over FRR Benefits of Remote LFA-FRRAvoiding Traffic Drops 39-4 39-5 Conditions for SwitchoverCESoPSN, SAToP, and ATM/IMA Configuring Remote LFA-FRR for IS-IS 39-6 Switch Virtual Interface SVI Specifies an IP address for the specified interface39-7 Ip router isis 39-8 Configuring Remote LFA-FRR for Ospf 39-9 Router ospf Enables the Ospf routing protocol and enters the router39-10 39-11 Configuring Remote LFA-FRR for Ethernet and TDM PseudowiresEnables Mpls LDP synchronization on interfaces for an Ospf Configuring Remote LFA-FRR on a Global Interface Accept-Configures the router to respond to requests forTargeted hello messages from all neighbors 39-12 Configuring Remote LFA-FRR on a GigabitEthernet Interface 39-13 Configuring Remote LFA-FRR on an SVI Interface 39-14 Configuring Remote LFA-FRR on IS-IS 39-15 Passive-interfaceinterface-type interface-number 39-16 39-17 39-18 Configuring LFA-FRR for EoMPLS Disables sending routing updates on an interfaceBackup peer peer-ip-address vc-id 39-19 Removes an IP address or disables IP processing Enables automatic negotiation39-20 Negotiation auto Configuring LFA-FRR for ATM/IMA 39-21 39-22 Configuring LFA-FRR for CESoPSN Backup peer peer-ip-addressExit Interface CEM slot/port No ip address 39-23 39-24 39-25 Configuring LFA-FRR for SAToPExit Interface CEM slot/port 39-26 Verification Examples for Remote LFA-FRR 39-27 Verifying Remote LFA-FRR Configuration 39-28Router# show ip ospf fast-reroute remote-lfa tunnels Router# show ip cef 171.1.1.0 internal Router# show isis fast-reroute remote-lfa tunnels 39-29Router# show ip ospf rib Router# show mpls l2transport vc 1 detail 39-30Router# show isis rib 39-31 39-32 Router# show mpls l2transport vc 3001 detail Verifying Remote LFA-FRR Configuration on IS-IS Verifying Remote LFA-FRR Configuration on ATM/IMA39-33 Router# show mpls l2 vc 90 detail Router# show mpls l2 vc 111 detail Verifying Remote LFA-FRR Configuration on CESoPSN39-34 39-35 Configuration Examples for Remote LFA-FRRVerifying Remote LFA-FRR Configuration on SAToP Example Configuring Remote LFA-FRR for IS-IS Example Configuring Remote LFA-FRR for OspfExample Configuring Remote LFA-FRR Globally 39-36 Example Configuring Remote LFA-FRR on an SVI Interface Example Configuring EoMPLS Pseudowire Redundancy over FRRExample Configuring LFA-FRR on ATM/IMA 39-37 39-38 Example Configuring LFA-FRR on CESoPSNExample Configuring LFA-FRR on SAToP 39-39 Reroute, 39-40 Digital Optical Monitoring 40-1 How to Enable Transceiver Monitoring Enters transceiver type configuration modeRouterconfig# transceiver type all 40-2 Show interfaces transceiver command ExamplesExample Displaying Transceiver Information 40-3 Router# show interfaces transceiver detail Example Displaying Detailed Transceiver Information40-4 Example Displaying List of Supported Transceivers 40-5 Example Displaying Threshold Tables 40-6 40-7 40-8 Example When Transceiver Monitoring is Disabled Example Displaying Threshold Violations40-9 Router# show interfaces transceiver threshold violations Example Displaying SPF Details 40-10 40-11 SCP6G44-C1-BMH SFF-8472 40-12 Feature Information for Digital Optical Monitoring 40-13 40-14 IPv4 Multicast 41-1 41-2 Supported Protocols PIM SSM for IPv4Source Specific Multicast Protocol Independent Multicast IGMPv1 IGMPv2IGMPv3 41-4 Ip igmp static ssm-map command PIM SSM MappingReverse Path Forwarding Static SSM Mapping Configuring IPv4 Multicast Enables multicast routingEnabling IPv4 Multicast Routing Ip pim sparse-mode Asr901-multicast source Configuring PIM SSM Enable Configure terminal Ip pim ssm defaultIp pim sparse-mode Ip igmp version 41-7 41-8 Configuring PIM SSM MappingIp igmp ssm-map static access-list source-address 41-9 Verifying IPv4 Multicast RoutingVerifying PIM SSM Verifying PIM SSM Mapping 41-10Router# show ip mroute Router# show ip igmp ssm-mapping Configuration Examples for IPv4 Multicast Show ip igmp groups group-addressShow ip igmp groups interface-type interface-number Show ip igmp groups interface-type detail Example Configuring PIM SSM Example Configuring PIM SSM MappingExample IPv4 Multicast Routing 41-12 Router# debug ip igmp Example Configuring Rendezvous Point41-13 41-14 41-15 Feature Information for IPv4 Multicast 41-16 IGMPv2, 41-17 41-18 IPv6 Multicast 42-1 42-2 IPv6 Multicast Groups IPv6 Multicast Routing ImplementationMulticast Listener Discovery Protocol for IPv6 42-3 Protocol Independent Multicast 42-4 PIM-Sparse Mode PIM Source Specific MulticastSource Specific Multicast Mapping for IPv6 42-5 Configuring IPv6 Multicast Enabling IPv6 Multicast RoutingRendezvous Point 42-6 42-7 Enable Configure terminal No ipv6 mfibDisabling IPv6 Multicast Forwarding Disables IPv6 multicast forwarding on the router Disabling MLD Device-Side ProcessingNo ipv6 mld router 42-8 No ipv6 mld router Configuring MLD Protocol on an Interface42-9 Configuring a Rendezvous Point 42-10 42-11 Configuring PIM SSM OptionsEnable Configure terminal Ipv6 pim Configuring IPv6 SSM Mapping Disables PIM on the specified interfaceDisabling PIM SSM Multicast on an Interface No ipv6 pim Configure terminal Ipv6 mld vrf vrf-namessm-map enable Verifying IPv6 MulticastNo ipv6 mld vrf vrf-namessm-map query dns 42-13 42-14 Router# show ipv6 mld interface gigabitethernet 0/1Router# show ipv6 mld traffic Router# show ipv6 pim interface Router# show ipv6 pim neighbor count 42-15Router# show ipv6 mld groups summary 42-16 Router# show ipv6 pim neighborRouter# show ipv6 mroute Router# show ipv6 pim topology 42-17 Router# show ipv6 pim topology route-countRouter# show ipv6 pim group-map FF0EE0111 Router# show ipv6 pim range-list Router# show ipv6 pim join-prune statistic 42-18Router# show ipv6 pim traffic Following example 42-19 42-20 Router# show ipv6 mfib statusRouter# show ipv6 mfib summary Router# show ipv6 mfib interface Configuration Examples for IPv6 Multicast Example Configuring IPv6 SSM MappingExample Enabling IPv6 Multicast Routing 42-21 Command Name Description 42-22 42-23 42-24 Feature Information for IPv6 MulticastChapter of the IP Multicast PIM Configuration Guide Chapter of the IP Multicast LSM Configuration Guide 42-25 42-26 43-1 Configuring Switched Port AnalyzerSpan Limitations and Configuration Guidelines 43-2 Understanding SpanFollowing sections describe Span 43-3 Span SessionSource Interface Configuring Span Destination InterfaceTraffic Types Span Traffic Removing Sources or Destination from a Span Session 43-5 Configuration Examples for Span Enable Configure terminal No monitor session sessionnumberClears existing Span configuration for a session Verifying Local Span 43-7 Rspan Vlan 43-8 Feature Information for Switched Port Analyzer 43-9 43-10 See BSC IN-1 IN-2 IN-3 IN-4 IN-5 See MSC IN-6 IN-7 IN-8 IN-9 IN-10