Manuals
/
Brands
/
Computer Equipment
/
Network Router
/
Foundry Networks
/
Computer Equipment
/
Network Router
Foundry Networks
- page 23
Models:
AR1204
AR1208
AR1216
AR3201
AR3201-CL
AR3202
AR3202-CL
1
23
293
293
Download
293 pages, 1.93 Mb
Foundry AR-Series Router User Guide
2 - 8
© 2004 Foundry Networks, Inc.
June 2004
Contents
Main
Foundry AR-Series Router User Guide
Page
Contents
CHAPTER 5 BGP4 C
CHAPTER 7 BGP4 C
CHAPTER 9 OSPF C
CHAPTER 10 OSPF S
CHAPTER 11 RIP C
CHAPTER 13 AS P
Page
Chapter 1 Getting Started
Introduction
Audience
Nomenclature
Related Publications
List of Features
Page
Page
How to Get Help
Web Access
Email Access
Telephone Access
Warranty Coverage
Page
Chapter 2 Command Line Interface
Command Types
Context-Sensitive Commands
Command Conventions
Abbreviated Commands
CLI Navigation
Navigation Keys
Command Help
Help
Tree
Question Mark Help Screen
Global Commands
Page
Page
Page
configure policy as_path
configure policy community_list
configure policy community_list extended_community
configure policy community_list standard_community
configure policy ip_access_list
Page
configure policy route_map
Page
Page
configure policy route_map match as_path
configure policy route_map match community
configure policy route_map match ip ip_address
configure policy route_map set
configure policy route_map set as_path
configure policy route_map set community
Parameter Descriptiongenerate_
related commands:
applicable systems:
configure policy route_map set distance
configure policy route_map set local_preference
configure policy route_map set metric
configure policy route_map set metric_type
configure policy route_map set origin
Page
Chapter 4 Protocols Overview
BGP4
OSPF
(
RIP
Multicasting
Protocol Independent Multicast (PIM)
Securing Remote Access Using IPSec VPN
Chapter 5 BGP4 Clear Commands
clear ip bgp
clear ip bgp all
clear ip bgp group
clear ip bgp neighbor
Page
configure router routerid
show ip routes
Page
Chapter 7 BGP4 Configure Commands
configure router bgp
configure router bgp aggregate_address
Page
configure router bgp always_compare_med
configure router bgp default_metric
configure router bgp distance
configure router bgp group
configure router bgp group distribute_list
configure router bgp group filter_list
configure router bgp group next_hop_self
configure router bgp group password
configure router bgp group remove_private_AS
configure router bgp group route_map
configure router bgp neighbor
Page
configure router bgp neighbor advertisement_interval
configure router bgp neighbor allowbadid
configure router bgp neighbor default_originate
configure router bgp neighbor description
configure router bgp neighbor distribute_list
configure router bgp neighbor ebgp_multihop
configure router bgp neighbor filter_list
configure router bgp neighbor keep
configure router bgp neighbor logupdown
configure router bgp neighbor maximum_prefix
configure router bgp neighbor neighbor_group
configure router bgp neighbor next_hop_self
configure router bgp neighbor password
configure router bgp neighbor route_map
configure router bgp neighbor timers
configure router bgp neighbor update_source
configure router bgp redistribute
configure router bgp redistribute connected
configure router bgp redistribute ospf
configure router bgp redistribute rip
configure router bgp redistribute static
Chapter 8 BGP4 show Commands
show ip bgp
show ip bgp aggregate_address
show ip bgp community
Page
show ip bgp groups
show ip bgp neighbors
Page
Page
show ip bgp paths
show ip bgp regexp
show ip bgp summary
show ip bgp table
Page
show policy as_path
show policy community_list
show policy ip_access_list
show policy route_map
Page
Chapter 9 OSPF Configure Commands
configure router ospf
configure router ospf 1583 Compatibility
configure router ospf area
configure router ospf area area_type
configure router ospf area area_type normal
configure router ospf area area_type nssa
configure router ospf area area_type nssa no_summary
configure router ospf area area_type stub
configure router ospf area area_type stub no_summary
configure router ospf area default_cost
configure router ospf area range
configure router ospf area virtual_link
configure router ospf area virtual_link authentication
configure router ospf area virtual_link dead_interval
configure router ospf area virtual_link hello_interval
configure router ospf area virtual_link retransmit_interval
configure router ospf area virtual_link transmit_delay
configure router ospf distance
Page
configure router ospf distance ospf external
configure router ospf distance ospf non_external
configure router ospf interface
configure router ospf interface authentication
configure router ospf interface cost
configure router ospf interface dead_interval
configure router ospf interface hello_interval
configure router ospf interface neighbor
configure router ospf interface network
Page
configure router ospf interface poll_interval
configure router ospf interface priority
configure router ospf interface retransmit_interval
configure router ospf interface transmit_delay
configure router ospf redistribute
configure router ospf redistribute bgp
configure router ospf redistribute connected
configure router ospf redistribute rip
configure router ospf redistribute static
configure router ospf ref_bw
configure router ospf timers
Page
Chapter 10 OSPF Show Commands
show ip ospf area
Page
show ip ospf database
show ip ospf database all
show ip ospf database asbr_summary
show ip ospf database database_summary
show ip ospf database external
show ip ospf database network
show ip ospf database nssa_external
show ip ospf database router
show ip ospf database self_originate
show ip ospf database summary
show ip ospf global
show ip ospf interface
show ip ospf interface all
show ip ospf interface bundle
show ip ospf interface ethernet
show ip ospf neighbor
show ip ospf neighbor detail
show ip ospf neighbor id
show ip ospf neighbor interface
show ip ospf neighbor interface bundle
show ip ospf neighbor interface ethernet
show ip ospf neighbor list
show ip ospf request_list
show ip ospf retransmission_list
show ip ospf virtual_links
Page
Page
configure router rip
configure router rip default_metric
configure router rip distance
configure router rip interface
configure router rip interface authentication
configure router rip interface distribute_list
configure router rip interface metric
configure router rip interface mode
configure router rip interface neighbor
configure router rip interface passive
configure router rip interface split_horizon
configure router rip mode
configure router rip pacing
configure router rip passive
configure router rip redistribute
configure router rip redistribute bgp
configure router rip redistribute connected
configure router rip redistribute ospf
configure router rip redistribute static
configure router rip timers
configure router rip timers flush
configure router rip timers holddown
configure router rip timers update
Page
show ip rip
show ip rip global
show ip rip interface
show ip rip interface all
show ip rip interface bundle
show ip rip interface ethernet
show ip rip interface statistics
show ip rip statistics
Page
Chapter 13 AS Path Regular Expressions
Matching AS Paths
AS Path Regular Expressions (regex)
AS Path Terms
Page
Chapter 14 Multicasting
Multicasting Overview
Protocol Independent Multicast (PIM)
PIM Commands
Page
Page
Protocol Independent Multicast - Source Specific Multicast (PIM-SSM)
Internet Group Management Protocol (IGMP)
IGMP Commands
Traceroute Facility for IP Multicast
Multicast Multipath
Multipath Commands
Generic Routing Encapsulation (GRE)
Chapter 15 Security Features
Introduction to Security
Enabling Security Features
Securing Remote Access Using IPSec VPN
Access Methods
Remote Access: User Group
Remote Access: Mode Configuration
Example 1: Securely Managing the Foundry AR1204 Over an IPSec Tunnel
Step 4: Add the route to the peer LAN:
Step 8: Configure the IPSec tunnel to the remote host:
Step 9: Display the IPSec policies:
Step 10: Display IPSec policies in detail:
Page
Page
Page
Example 2: Joining Two Private Networks with an IP Security Tunnel
Page
Page
Step 8: Configure IPSec tunnel to the remote host:
Step 9: Display IPSec policies:
Step 10: Display IPSec policies detail:
Step 11: Configure firewall policies to allow IKE negotiation through untrusted interface
Step 12: Display firewall policies in the internet map (applicable only if firewall license is
Step 14: Configure firewall policies to allow transit traffic from remote LAN to the local LAN
Step 15: Display firewall policies in the corp map (applicable only if firewall license is enabled):
Page
Page
Example 3: Joining Two Networks with an IPSec Tunnel using Multiple IPSec Proposals
Page
Page
Step 8: Configure IPSec tunnel to the remote host:
Step 9: Display the IPSec policies:
Step 10: Configure firewall policies to allow IKE negotiation through untrusted interface
Step 11: Display firewall policies in the internet map (applicable only if firewall license is
Step 13: Configure firewall policies to allow transit traffic from remote LAN to the local LAN
Step 14: Display firewall policies in the corp map (applicable only if firewall license is enabled):
Page
Page
Example 4: Supporting Remote User Access
Page
Step 4: Configure dynamic IKE policy for a group of mobile users:
Step 5: Display dynamic IKE policies:
Step 6: Display dynamic IKE policies in detail:
Step 7: Configure dynamic IPSec policy for a group of mobile users:
Step 8: Display dynamic IPSec policies:
Step 9: Display dynamic IPSec policies in detail:
Step 11: Configure firewall policies to allow IKE negotiation through untrusted interface
Step 12: Display firewall policies in the internet map (applicable only if firewall license is
Page
Page
Page
Example 5: Configuring IPSec Remote Access to Corporate LAN with Mode- Configuration Method
Page
Step 4: Configure dynamic IKE policy for a group of mobile users:
Step 5: Display dynamic IKE policies:
Step 6: Display dynamic IKE policies in detail:
Step 7: Configure dynamic IPSec policy for a group of mobile users:
Step 8: Display dynamic IPSec policies:
Step 9: Display dynamic IPSec policies in detai:l
Step 10: Configure firewall policies to allow IKE negotiation through untrusted interface
Step 11: Display firewall policies in the internet map (applicable only if firewall license is
Page
Page
Page
Configuring GRE
GRE Configuration Examples
Configuring Site to Site Tunnel
Page
Configuring GRE Site to Site with IPSec
Foundry# show ip interface tunnel t0
Foundry# show crypto ipsec policy all
Foundry# show crypto ike policy all
Configuring GRE Site to Site with IPSec and OSPF
Foundry# show ip ospf interface all
Firewalls
Firewall Configuration Examples
CORP
DMZ
Basic Firewall Configuration
Step 1:Configure the Ethernet interfaces and the WAN interfaces with IP addresses:
Step 2: Create the security zones CORP and DMZ and attach interfaces:
Step 3: Verify that the interfaces are attached to the security zones:
Step 4: Create policies for Security Zone CORP that:
Step 5: Verify the firewall policy for Security Zone CORP:
Step 6: Verify that the HTTP filter object in Security Zone CORP is created as configured:
Step 7: Create policies for Security Zone DMZ that:
Step 8:Verify the firewall policy for Security Zone DMZ:
Step 9: Verify that the FTP filter objects for Security Zone DMZ are created as configured:
Step 10: Create a default route out of the WAN:
Step 11:Verify the system configuration by displaying the running configuration:
Page
Stopping DoS Attacks
Packet Reassembly
NAT Configurations
NAT Configuration Examples
Dynamic NAT (many to many)
To
Static NAT (one to one)
Port Address Translation (Many to one)
Method:1 Specifying NAT address with the policy command
Method:2 Attaching nat pool to the policy
Security Protocol Defaults
IPSec Supported Protocols and Algorithms
Foundry IKE and IPSec Defaults
IKE Defaults
IPSec Defaults
Firewall Default Values
Page
Tunneling Default Values
Page
Index