Manuale d’uso / di manutenzione del prodotto 7750 SR OS del fabbricante Alcatel-Lucent
Vai alla pagina of 482
7750 SR OS R outer Configur a tion Guide Software V ersion: 7750 SR OS 5.0 February 2007 Document Part Number: 93-0073-03-01 *93-0073-03-01*.
This document is protected by copyright. Ex cept as specifically perm itted herein, no portion of th e provided information can be reproduced in any form, or by any means, without prior written permissi on from Alcatel-Lucent.
7750 SR OS R outer Conf igur a tion Guide Page 3 T able of Contents Getting Started Alcatel-Lucent 7750 SR- Series Router Configur ation Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 4 7750 SR OS Qo S Configur ation Guide T able of Contents Configuring an Autonomous System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Service Management Tasks . . . . . . . . . . . . .
7750 SR OS QoS Confi gur a t ion Guide Pag e 5 T able o f Contents Non-Owner Acce ss Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Non-Owner Access SSH . . . . . . . . . .
Page 6 7750 SR OS Qo S Configur ation Guide T able of Contents Web Redirection (Captive Portal) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280 Creating Redirect Policies . . . . . . . . . . . . .
7750 SR OS QoS Confi gur a t ion Guide Pag e 7 T able o f Contents Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 57 Generic Commands . . . . . . . . . . . . .
Page 8 7750 SR OS Qo S Configur ation Guide T able of Contents Cflowd Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465 Global Commands . . . . . . . . . . . . . . . . . .
7750 SR OS R outer Conf igur a tion Guide Page 9 List of T a bles Getting Started Table 1: Configuration Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 IP Router Configuration Table 2: IPv6 Header Field Descriptions .
Page 10 7750 SR OS R out er Configur a tion Guide List of T ables.
7750 SR OS R outer Conf igur a tion Guide Page 11 L IST OF F IGURES IP Router Configuration Figure 1: Confederation Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25 Figure 2: IPv6 Header Format .
Page 12 7750 SR OS R out er Configur a tion Guide List of Figures.
7750 SR OS R outer Conf igur a tion Guide Page 13 Pr ef ace About This Guide This guide describes logical IP ro uting interfaces, virtual routers, IP and MAC-based filtering, and cflowd support provided by the 7750 SR OS and presents configuration and implementation examples.
Preface Page 14 7750 S R OS R out er Configuration Guide List of T echnical Publications The 7750 SR documen tation set is composed of the following books: • 7750 SR OS Basic System Configuration Guide This guide describes basic system configurations and operations.
Preface 7750 SR OS R outer Conf igur a tion Guide Page 1 5 T echnical Support If you purchased a service agreeme n t for your 7750 SR-Series rout er and related products from a distributor or authorized reseller , contac t the tec hnical support staff for that distributor or reseller for assistance.
Preface Page 16 7750 S R OS R out er Configuration Guide.
7750 SR OS R outer Conf igur a tion Guide Page 17 Getting Star ted In This Chapter This chapter provides process flow information to configure routing entities, virtual rout ers, IP and MAC filters, and Cflo wd.
Getting S tarted Page 18 7750 SR OS R out er Configur a tion Guide.
7750 SR OS R outer Conf iguration Guide P age 19 IP R outer Configur a tion In This Chapter This chapter provides informatio n about commands required to configure bas ic router parameters.
Configuring IP Router Parameters Page 20 7750 SR OS R out er Configuration Guide Configuring IP Router Parameters In order to provisi on services on a 7750 SR-Seri es router , logical IP rou ting interfaces must be configured to associate attributes such as an IP address, port or the system with the IP interface.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 21 System Interface The system interface is associated with the networ k entity (such as a specific router or sw itch), not a specific interface. The system interface is also referred to as the loopb ack address.
Configuring IP Router Parameters Page 22 7750 SR OS R out er Configuration Guide IP Addresses Creating an IP Address Range An IP address range can be reserved for ex clusive use for services by defining the config>router>service-prefix command. When the service is configured, the IP address must be in the range specified as a service prefix.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 23 Autonomous Systems (AS) Networks can be grouped into areas. An area is a co llection of network segmen ts within an AS that have been administratively assigned to the same group.
Configuring IP Router Parameters Page 24 7750 SR OS R out er Configuration Guide Confederations Configuring confederation s is op tional and should only be implem ented to reduce the IBGP mesh inside an AS.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 25 There are no default confederations. Router confederations must be explicitly created.
Configuring IP Router Parameters Page 26 7750 SR OS R out er Configuration Guide Proxy ARP Proxy ARP is the technique in which a router an swers ARP requests intended for another node.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 27 Internet Protocol V ersions The 7750 SR OS implements IP routing functio nality , providing support for IP version 4 (IPv4) and IP version 6 (IPv6).
Configuring IP Router Parameters Page 28 7750 SR OS R out er Configuration Guide Table 2: IPv6 Header Field Descriptions Field Descrip tion Version 4-bit Internet Protocol version number = 6. Prio. 4-bit priority value. Flow Label 24-bit flow label. Payload Length 16-bit unsigned integer.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 29 IPv6 Applications Examples of the IPv6 applications su pported by the 7750 SR OS inclu de: • IPv6 Internet exchange peering — Figure 3 shows an IPv6 Internet exch ange where multiple ISPs peer over native IPv6.
Configuring IP Router Parameters Page 30 7750 SR OS R out er Configuration Guide • IPv6 services to enterprise customers and home users — Figure 5 sh ows IPv6 connectivity to enterprise and home br oadband users.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 31 IPv6 Provider Edge Router over MPLS (6PE) 6PE allows IPv6 domains to communicate with each other over an IPv4 MPLS core network.
Configuring IP Router Parameters Page 32 7750 SR OS R out er Configuration Guide • LDP is used to create the MPLS full mesh between the 6PE routers and the IPv4 addresses that are embedded in the next-hop field are reachable by LDP LSPs. The ingress 6PE router uses the LDP LSPs to reach remote 6PE routers.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 33 Bidirectional Forwarding Detection Bidirectional Forwarding Detection (BFD) is a light-weight, low-overhead, sho rt-duration detection of failures in the path between two systems.
Configuring IP Router Parameters Page 34 7750 SR OS R out er Configuration Guide If multiple BFD sessions exist betw een two nodes, the BFD discrimin ator is used to de-multiplex the BFD control packet to the appropriate BFD session.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 35 D Bit The “demand mode” bit. If set, the transm itting system wishes to operate in demand mode. P Bit The poll bit. If set, the transmittin g system is reques ting verificati on of connectivity, or of a p arameter change.
Router Configurati on Process Overview Page 36 7750 SR OS R out er Configuration Guide Router Configuration Process Overview Figure 9 displays the process to configure basic router parame ters.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 37 Router Configuration Process Overview Figure 9 displays the process to configure basic router parame ters.
Router Configurati on Process Overview Page 38 7750 SR OS R out er Configuration Guide Router Configuration Process Overview Figure 10 displays the process to configure basic router parameters.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 39 Configuration Notes The following information describ es router configuration caveats. • A system interface and associated IP address should be specified. • Boot options file (BOF) parameters must be configured prio r to configuring ro uter parameters.
Configuration Notes Page 40 7750 SR OS R out er Configuration Guide.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 41 Configuring an IP Router with CLI This section provides informatio n to configure an IP router.
Router Configuration Overview Page 42 7750 SR OS R out er Configuration Guide Router Configuration Overview In a 7750 SR, an interface is a logical named entity. An interface is created by specifying an interface name under the configure>router context.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 43 CLI Command S tructure Figure 1 1 displays the CLI command structure to conf igure router parameters.
List of Commands Page 44 7750 SR OS R out er Configuration Guide List of Commands Ta b l e 4 lists all the configuration co mmands to configure a 7750 SR -Series router, indicating the configuration level at which each command is implemented with a short command description.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 45 autonomous-system Assigns an autonomous system (AS) number to the router . 87 confederation Creates a confederation within an AS. 87 ecmp Enables ECMP and configures the num ber of routes for path sharing.
List of Commands Page 46 7750 SR OS R out er Configuration Guide static-arp Configures a static ARP entry associating an IP address with a MAC address for the core router instance. 104 tos-marking-state Specifies the TOS marking state. 104 unnumbered Sets an IP interface as an unnumbered interface and the IP address to be used for the interface.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 47 managed- configuration Sets the managed address co nfiguration flag. This flag indicates that DHCPv6 is available for address config uration in addition to any address autoconfigured using stateless address autoconfiguration.
Basic Configuration Page 48 7750 SR OS R out er Configuration Guide Basic Configuration NOTE: Refer to each specific chapter for specifi c routing protocol inform ation and command syntax to configure protocols such as OSPF and BGP.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 49 Common Configuration T asks The following sections desc ribe basic system tasks.
Common Configuration T asks Page 50 7750 SR OS R out er Configuration Guide The following example displays the system name output. A#ALA-A>config>system# info #------------------------------------------ # System Configuration #------------------------------------------ name "ALA-A" location "Mt.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 51 Configuring Interfaces The following command sequences crea te a system an d a logical IP interface. The system interface assigns an IP address to the inte rface, and then associates the IP in terface with a physical port.
Common Configuration T asks Page 52 7750 SR OS R out er Configuration Guide config>router>if>egress# filter ip 10 config>router>if>egress# exit config>router>if# cflowd acl config>router>if# exit The following displays the IP configuratio n output showing the interface information.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 53 Configuring IPv6 Parameters To configure IPv6 parameters, you must first: • The chassis mode must be set to c in the config>system>chassis-mode context. Use the force keyword to upgrade to c mode with cards provisioned as i om-20g or iom-20g-b.
Common Configuration T asks Page 54 7750 SR OS R out er Configuration Guide The following example displa ys IPv6 interface configuration co mmand usage. These commands are configured in the config>router context. Example : config>router# interface gemini_5_21 config>router>if# address 10.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 55 Configuring IPv6 Over IPv4 Parameters This section provi des several examples of the feat ures that must be configured in order to implement IPv6 over IPv4 relay services.
Common Configuration T asks Page 56 7750 SR OS R out er Configuration Guide Both the IPv4 and IPv6 system addresses must to configured CLI Syntax: config>router interface ip-int-name address { ip-a.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 57 Learning the T unnel End poi nt IPv4 System Address This configuration di splays the OSPF configuration to learn the IPv4 system address of the tunnel endpoint.
Common Configuration T asks Page 58 7750 SR OS R out er Configuration Guide Configuring an IPv4 BGP Peer This configuration d isplay the commands to configure an IP v4 BGP peer with (IPv4 an d) IPv6 protocol families. CLI Syntax: config>router bgp export policy-name [ policy-name .
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 59 An Example of a IPv6 Over IPv4 T unnel Configuration The IPv6 address is the next-hop as it is received through BGP. The IPv4 address is the system address of the tunnel's endpo int static-route ::C8C8:C802/128 indirect 200.
Common Configuration T asks Page 60 7750 SR OS R out er Configuration Guide protocol ospf3 exit to protocol bgp exit action accept exit exit exit exit .
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 61 T u nnel Egress Node This configuration shows how the interface through which the IP v6 over IPv4 traffic leaves the node. It must be configured on a network interfa ce. Both the IPv4 and IP v6 system addresses must be configured.
Common Configuration T asks Page 62 7750 SR OS R out er Configuration Guide Learning the T unnel End poi nt IPv4 System Address This configuration displa ys the OSPF configuration to learn the IPv4 system address of the tunnel endpoint.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 63 Configuring an IPv4 BGP Peer This configuration d isplay the commands to configure an IP v4 BGP peer with (IPv4 an d) IPv6 protocol families. CLI Syntax: config>router bgp export policy-name [ policy-name .
Common Configuration T asks Page 64 7750 SR OS R out er Configuration Guide An Example of a IPv6 Over IPv4 T unnel Configuration The IPv6 address is the next-hop as it is received through BGP. The IPv4 address is the system address of the tunnel's endpo int static-route ::C8C8:C802/128 indirect 200.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 65 protocol ospf3 exit to protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:AL.
Common Configuration T asks Page 66 7750 SR OS R out er Configuration Guide Router Advertisement To configure the router to originat e router advertisement messages, the router-advertisement command must be enabled. All other router adve rtisement configuration pa rameters are optional.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 67 The following example displays router adver tisement command usage . These commands are configured in the config>router context.
Common Configuration T asks Page 68 7750 SR OS R out er Configuration Guide Configuring Proxy ARP To configure prox y ARP, you can configure: • A prefix list in the config>router>policy-options>prefix-list conte xt .
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 69 Use the following CLI syntax to configure the policy st atement specified in the proxy-arp- policy policy-statement command.
Common Configuration T asks Page 70 7750 SR OS R out er Configuration Guide exit exit ... ---------------------------------------------- A:ALA-49>config>router>policy-options# Use the following CLI to configure proxy ARP: CLI Syntax: config>router>interface interface-name local-proxy-arp proxy-arp-policy policy-name [ policy-name .
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 71 Creating an IP Address Range An IP address range can be reserved for ex clusive use for services by defining the config>router>service-prefix command. When the service is configured, the IP address must be in the range specified a s a service prefix .
Common Configuration T asks Page 72 7750 SR OS R out er Configuration Guide Deriving the Router ID The router ID defaults to the address specified in the system interface command. If the system interface is not configured with an IP address, then the router ID in herits the last four bytes of the MAC address.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 73 Configuring a Confederation Configuring a confederation is optional. The AS and confederation topology design should be carefully planned. Autonomous system (AS), confederation, and BGP connection and p eering parameters must be explicitly created on each participating SR.
Common Configuration T asks Page 74 7750 SR OS R out er Configuration Guide NOTES : • Confederations can b e preconfigured prio r to configuring BGP connections and p eering. • Each confederation can have up to 15 members. The following example displa ys the confederation output.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 75 Configuring an Autonomous System Configuring an autonomous system is optional.
Service Management T asks Page 76 7750 SR OS R out er Configuration Guide Service Management T asks This section discusses the following service mana gement tasks: • Changing the System Name on page.
IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 77 Modifying Interface Parameters Starting at the config>router level, navigate down to the router interface context.
Service Management T asks Page 78 7750 SR OS R out er Configuration Guide Deleting a Logical IP Interface The no form of the interface command typically removes the en try, but all entity associations must be shut down and/ or de leted before an interface can be deleted.
IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 79 IP Router Command Reference Command Hierarchies Configuration Commands • Router Commands • Router Interface Command s • .
IP Router Command Reference Page 80 7750 S R OS R out er Configuration Guide Router Interface Commands config —r o u t e r [ r outer -name ] — [ no ] interface ip-int-name — address { ip-addr es.
IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 81 For router interface VRRP commands, see “VRRP Comman d Reference” on page 223.
IP Router Command Reference Page 82 7750 S R OS R out er Configuration Guide —n o retransmit-time — router -life time seconds —n o router -lifetime — [ no ] shutdown.
IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 83 Show Commands show —r o u t e r r outer-instance — aggregate [ family ] [ active ] — arp [ ip-int-name | ip-addr ess/mas.
IP Router Command Reference Page 84 7750 S R OS R out er Configuration Guide Clear Commands clear — router — arp { all | ip-addr | interface { ip-int-na me | ip-addr }} — bfd — session src-ip .
IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 85 Configuration Commands Generic Commands shutdown Synt ax [ no ] shut down Context config>rou ter>interface ip- int-name Description The s hutdown command administratively disables th e en tity .
Configuration Co mmands Page 86 7750 SR OS R out er Configur a tion Guide Router Global Commands router Synt ax router ro uter-n ame Context conf ig Description This command enables the context to configure router parameters, interfaces, route policies, and protocols.
IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 87 d: [0 — 255]D ipv6-prefix-length 0 — 128 Va l u e s ma sk The mask associated with the network address expressed as a mask length. Va l u e s 0 — 32 summary-only — This optional parameter suppresses advertisement of more specific component routes for the aggregate.
Configuration Co mmands Page 88 7750 SR OS R out er Configur a tion Guide Synt ax confederation confed-as- num members as-n umber [ as-number ... up to 15 max] no confederation [ co nfed-as-num members as-number ... up to 15 max] Context conf ig>rout er Description This command creates co nfederation autonomous systems within an AS.
IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 89 ignore-icmp-redirect Synt ax [ no ] ignore-icmp-red ir ect Context config>router Description This command drops or accepts ICMP redir ects receive d on the ma nagement interfa ce.
Configuration Co mmands Page 90 7750 SR OS R out er Configur a tion Guide T o force the new router ID to be used, issue the shutdown and no shutdown commands for each protocol that uses the router ID, or restart the entire router . The no form of the command to reverts to the default value .
IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 91 d: [0 — 255]D ipv6-prefix-length: 0 — 128 Va l u e s exclusive When this option is specified, the addresses conf igured are exclusively used for services and cannot be assigned to network ports.
Configuration Co mmands Page 92 7750 SR OS R out er Configur a tion Guide x:x:x:x:x:x:d.d.d.d x [0 — FFFF]H d [0 — 255]D ipv6-prefix-length 0 — 128 ip-addr ess — The IP address of the IP interface. The ip-addr portion of the address command specifies the IP host address that will be used by the IP interface within the subnet.
IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 93 The next-hop keyword and the indirect or black-hole keywords are mutually exclusive.
Configuration Co mmands Page 94 7750 SR OS R out er Configur a tion Guide Default 5 Va l u e s 1 — 255 enable — Static routes can be administrati vely enabled or disabled.
IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 95 Router Interface Commands interface Synt ax [ no ] interface ip-i nt-name Context config>router Description This command creates a logical IP routing interface. Once created, attr ibutes like IP address, port, or system can be associated with the IP interface.
Configuration Co mmands Page 96 7750 SR OS R out er Configur a tion Guide address Synt ax address { ip-addre ss / mask | ip-address netmask } [ broadcas t { all-ones | host-one s }] no address Context config>router>interface ip-int-name Description This command assigns an IP address, IP subnet, and broadcast address format to an IP interface.
IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 97 addr , the “ / ” and the mask-length parameter . If a forward slash does not immediately follow the ip-addr , a dotted decimal mask must follow the prefix. mask-length — The subnet mask length when the IP prefix is specified in CIDR notation.
Configuration Co mmands Page 98 7750 SR OS R out er Configur a tion Guide allow-directed-broadcasts Synt ax [ no ] allow-directed-b roadcast s Context config>router>interface ip-int-name Description This command enables the forwarding of di rected broadcasts out of the IP interface.
IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 99 The multiplier specifies t he number of consecutive BF D messages that must be missed from the peer before the BFD session state is changed to down and the upper level protocols (OSPF , IS-IS or PIM) is notified of the fault.
Configuration Co mmands Page 100 7750 SR OS R out er Configuration Guide loopback Synt ax [ no ] loopback Context config>router>interface ip-int-name Description This command configur es the interface as a loopback interface.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 101 Synt ax port port-nam e no port Context config>rou ter>interface ip- int-name Description This command creates an association with a logical IP interface and a phys ical port.
Configuration Co mmands Page 102 7750 SR OS R out er Configuration Guide Synt ax [ no ] proxy- arp-policy policy-name [ policy-name ...(up to 5 max)] Context config>router>interface ip-int-name .
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 103 secondary Synt ax secondary {[ ip-address / mask | ip-address netmask ]} [ broadcast { all-ones | host-one s }] [ igp-inhi bit .
Configuration Co mmands Page 104 7750 SR OS R out er Configuration Guide mask with all the host bits set to binary 1. This is the default broadcast address used by an IP interface. The broadcast parameter within the address command does not have a negat e featur e, wh ich is usually used t o revert a parameter to the default value.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 105 Synt ax tos-marking-s t ate { trusted | untrus ted } no tos-marking-st ate Context config>router>interface Description This comma nd is used on a network IP interface to alter the default trusted state to a non-trusted state.
Configuration Co mmands Page 106 7750 SR OS R out er Configuration Guide Parameters ip-addr | ip-int-nam e — Optional. The IP address or IP in terface name to associate with the unnumbered IP interface in dotted d ecimal notation. The configured IP address must exist on this node.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 107 Router Interface Filter Commands egress Syntax egress Context config>rou ter>interface ip- int-name Description This command enables access to th e context to configure egress netw ork filter policies for the IP interface.
Configuration Co mmands Page 108 7750 SR OS R out er Configuration Guide ipv6 ipv6-filter -id — The filter name acts as the ID for the IPv6 filter pol icy expressed as a decimal integer . The fi lter policy must already exist within the config >filter>ipv6 context.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 109 Router Interface ICMP Commands icmp Synt ax icmp Context config>rou ter>interface ip- int-name Description This command enables access to th e context to configure Internet Control Message Protocol (ICMP) parameters on a network IP interface.
Configuration Co mmands Page 110 7750 SR OS R out er Configuration Guide Parameters number — The maximum number of ICMP redirect message s to send, exp ressed as a decimal integer .
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 111 The no form of the command disables th e generation of ICMP destinati on unreachables on the router interface.
Configuration Co mmands Page 112 7750 SR OS R out er Configuration Guide Router Interface IPv6 Commands ipv6 Synt ax [ no ] ipv6 Context config>router>interface Description This command conf igures IPv6 for a router interface. The no form of the command disa bles IPv6 on the interface.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 113 Syntax p acket-too-big [ number seconds ] no p acket- too-big Context config>router>if>ipv6>icmp6 Description This command configures the rate for ICMPv6 packet-too-big messages.
Configuration Co mmands Page 114 7750 SR OS R out er Configuration Guide seconds — Determines the time frame, in s econds, that is used to limit the number of redirects issued per time frame.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 115 Synt ax [ no ] local-proxy-nd Context config>router>if>ipv6 Description This command enables local proxy ne ighbor discovery on the interface. The no form of the command disables local proxy neigh bor discovery .
Configuration Co mmands Page 116 7750 SR OS R out er Configuration Guide Router Advertisement Commands router-advertisement Synt ax [ no ] router-advertisement Context conf ig>rout er Description This command config ur es router advertisement properties.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 117 Synt ax [ no ] managed-configuration Context config>rou ter>router-adver t>if Description This command sets the managed address configura tion flag.
Configuration Co mmands Page 118 7750 SR OS R out er Configuration Guide Parameters mtu-bytes — Specify the MTU for the nodes to use to send packets on the link. Va l u e s 1280 — 9212 other-stateful-confi guration Synt ax [ no ] other -st ateful-co nfiguration Description This command sets the "Other configuration" flag.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 119 on-link Synt ax [ no ] on-link Context config>rou ter>router-advert>if>pr efix Description This command specifies whet her the prefix can be used for onlink determination.
Configuration Co mmands Page 120 7750 SR OS R out er Configuration Guide Synt ax reachable-time milli-seconds no reachable-time Context config>router>ro uter-advert>if Description This command configures how long this router should be considered reachable by other nodes on the link after receiving a r eachability confirmation.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 121 Default no shutdown.
Configuration Co mmands Page 122 7750 SR OS R out er Configuration Guide.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 123 Show Commands aggregate Synt ax aggregate [ family ][ active ] Context show>router Description Thi s command di splays aggregate routes. Parameters family — Specifies to displ ay IP v4 or IPv6 aggregate routes.
Show Command s Page 124 7750 SR OS R out er Configuration Guide Sample Output A:ALA-A# show router ARP =============================================================================== ARP Table =======.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 125 authentication Syntax authenticati on Context show>router>authentication Description This command enables th e command to display au thentication statistics.
Show Command s Page 126 7750 SR OS R out er Configuration Guide bfd Synt ax bfd Context show>r outer Description This command enables the context to display bi-directional fo rwardin g detection (BFD) information. interface Synt ax interfac e Context show>r outer>bfd Description This command displays interface information.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 127 net25_1_2 100 100 3 net2_1_2 100 100 3 net3_1_2 100 100 3 net4_1_2 100 100 3 net5_1_2 100 100 3 net6_1_2 100 100 3 net7_1_2 100 100 3 net8_1_2 100 100 3 net9_1_2 100 100 3 ------------------------------------------------------------------------------- No.
Show Command s Page 128 7750 SR OS R out er Configuration Guide Remote Address Protocol Tx Pkts Rx Pkts ------------------------------------------------------------------------------- net1_1_2 Up (3) 100 100 3 12.1.2.1 ospf2 isis 5029 5029 net1_2_3 Up (3) 100 100 3 12.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 129 Sample Output A:ALA-1# show router dhcp statistics ========================================================================== D.
Show Command s Page 130 7750 SR OS R out er Configuration Guide -------------------------------------------------------------------------- Dhcp6 Drop Reason Counters : --------------------------------.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 131 Sample Output A:ALA-1# show router dhcp summary ===============================================================================.
Show Command s Page 132 7750 SR OS R out er Configuration Guide Sample Output A:ALA-A# show router ecmp =============================================================================== Router ECMP ====.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 133 Output icmp6 Output — The followi ng tabl e describes the show router icmp6 output fields: Sample Output A:SR-3>show>ro.
Show Command s Page 134 7750 SR OS R out er Configuration Guide interface Synt ax interfac e [ interface-na me ] Context show>r outer>icmpv6 Description This command displays in terface ICMPv6 statistics. Parameters interface-name — Only displays entries associated wi th the specified IP interface name.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 135 Echo Request : 0 Echo Reply : 0 Router Solicits : 0 Router Advertisements : 0 Neighbor Solicits : 20 Neighbor Advertisements : .
Show Command s Page 136 7750 SR OS R out er Configuration Guide Sample Output A:ALA-A# show router interface =============================================================================== Interface T.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 137 FE80::200:FF:FE00:4/64 PREFERRED ip-12.2.4.4 Up/Up Down/Down Network 3/1/2 12.2.4.4/24 n/a 3FFE::C02:404/120 ip-13.2.4.4 Up/Up Down/Down Network 3/1/3 13.2.4.4/24 n/a 3FFE::D02:404/120 ip-14.
Show Command s Page 138 7750 SR OS R out er Configuration Guide =============================================================================== Interface Table ========================================.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 139 A:ALA# show router interface ip-11.2.4.4 detail ===============================================================================.
Show Command s Page 140 7750 SR OS R out er Configuration Guide TOS Marking : Untrusted If Type : IES SNTP B.Cast : False IES ID : 1 MAC Address : 00:00:00:00:01:01 Arp Timeout : 14400 IP MTU : 1500 I.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 141 Sample Output A:ALA-A# show router interface summary ==========================================================================.
Show Command s Page 142 7750 SR OS R out er Configuration Guide Sample Output B:CORE2# show router neighbor =============================================================================== Neighbor Tab.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 143 =============================================================================== Policy Description ----------------------------.
Show Command s Page 144 7750 SR OS R out er Configuration Guide Sample Output A:ALA# show router route-table =============================================================================== Route Table.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 145 =============================================================================== B:ALA-B# A:ALA-A# show router route-table 10.
Show Command s Page 146 7750 SR OS R out er Configuration Guide ------------------------------------------------------------------------------- Static 1 1 Direct 6 6 BGP 0 0 OSPF 9 9 ISIS 0 0 RIP 0 0 .
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 147 Sample Output A:Dut-A# show router rtr-advertisement ======================================================================= Ro.
Show Command s Page 148 7750 SR OS R out er Configuration Guide Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m Prefix: 231::/120 Autonomous Flag : FALSE On-link flag : FALSE Preferred Lifet.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 149 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m Prefix: 25::/120 Autonomou.
Show Command s Page 150 7750 SR OS R out er Configuration Guide Prefix: 231::/120 Autonomous Flag : FALSE On-link flag : FALSE Preferred Lifetime : 49710d06h Valid Lifetime : 49710d06h Prefix not pres.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 151 static-arp Syntax static-arp [ ip-addr | ip-int-nam e | mac ieee-mac-addr ] Context show>router Description This command displays the router st atic ARP table sorted by IP address.
Show Command s Page 152 7750 SR OS R out er Configuration Guide =============================================================================== A:ALA-A# A:ALA-A# show router static-arp to-ser1 =======.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 153 next-h op ip-addr ess — Onl y displays static routes with the sp ecified next hop IP address. Va l u e s ipv4-address: a.b.c.d (host bits must be 0) ipv6-address: x:x:x:x:x:x:x: x (eight 16-bit pieces) x:x:x:x:x:x:d.
Show Command s Page 154 7750 SR OS R out er Configuration Guide 192.168.252.0/24 5 1 NH 10.10.0.254 n/a N 192.168.253.0/24 5 1 NH to-ser1 n/a N 192.168.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 155 Sample Output A:ALA-A# show router service-prefix ================================================= Address Ranges reserved for Services ================================================= IP Prefix Mask Exclusive ------------------------------------------------- 172.
Show Command s Page 156 7750 SR OS R out er Configuration Guide Sample Output Note that there are multiple instances of OSPF . OSPF-0 is persistent. OSPF-1 through OSPF- 31 are present when that particular OSPF instance is configured.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 157 OSPFv2-9 Down Down OSPFv2-10 Down Down OSPFv2-11 Down Down OSPFv2-12 Down Down OSPFv2-13 Down Down OSPFv2-14 Down Down OSPFv2-1.
Show Command s Page 158 7750 SR OS R out er Configuration Guide tunnel-table Synt ax tunnel-t able [ ip-address [/ mask ]] [ protocol protocol | sdp sd p-id ] [ summary ] Context show>r outer Description This command displays tunnel tabl e info rmation.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 159 A:ALA-A>config>service# show router tunnel-table summary ================================================================.
Clear Commands Page 160 7750 SR OS R out er Configuration Guide Clear Commands arp Synt ax arp { all | ip-addr | interface { ip-int-name | ip-a ddr }} Context clear>router Description This command clears all or specific ARP entries. The scope of ARP cache entries cleared depends on the command line option(s) specified.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 161 statistics Syntax statistics src-ip ip-address dst-ip ip-address st atistics all Context clear>router>b fd Description This command clears BFD statistics. Parameters src-ip ip-addr ess — Specifies the address of the local endpoint of this BFD session.
Clear Commands Page 162 7750 SR OS R out er Configuration Guide icmp-redirect-route Synt ax icmp-re direct-route { all | ip-address } Context clear>router Description This command deletes routes creat ed as a result of ICMP redirects received on the management interface.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 163 statistics Syntax st a tistics [ ip-address | ip-int-name ] Context clear>router >dhcp clear>router>dhcp6 Description This command clear statistics for DHCP and DHCP6 relay and snooping statistics.
Debug Commands Page 164 7750 SR OS R out er Configuration Guide Debug Commands destination Synt ax destination trace-destination Context debug>tra ce Description This command specifies the des tination to send trace messages. Parameters trace-destina tion — The destination to send trace messages.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 165 ip Synt ax ip Context debug>ro uter Description This command configures debugging for IP . arp Syntax arp Context debug>ro uter>ip Description This command configures route table debugging.
Debug Commands Page 166 7750 SR OS R out er Configuration Guide x:x:x:x:x:x:d.d.d.d x: [0 — FFFF]H d: [0 — 255]D ip-int-name — Only displays the interface in formation associated with th e specified IP interface name.
IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 167 d: [0 — 255 ]D ipv6-prefix-length 0 — 128 longer — Specifies the prefix list entry matche s any route that matches the specified ip-pr efix and pre- fix mask length values greater than the specified mask .
Debug Commands Page 168 7750 SR OS R out er Configuration Guide.
7750 SR OS R outer Conf iguration Guide P age 169 VRRP In This Chapter This chapter provides in formation about configuring V irtual Router Redundancy Protocol (VRRP) parameters.
VRRP Ov erview Page 170 7750 SR OS R out er Configur a tion Guide VRRP Overview The V irtual Router Redundancy Protocol (VRRP) is defined in the IETF RFC 2338, V irtual Router Redundancy Pr otocol, and further described in draft-ietf-vrrp-spec-v2-06.txt .
VRRP 7750 SR OS R outer Conf iguration Guide Page 171 VRRP Component s VRRP consists of th e following components: • V irtual Router on page 171 • IP Address Owner on page 171 • Primary and Seco.
VRRP Components Page 172 7750 SR OS R out er Configur a tion Guide Primary and Second ary IP Addresses A primary address is an IP address selected from the set of real interface address. VRRP advertisements are always sent using the primar y IP address as the source of the IP packet.
VRRP 7750 SR OS R outer Conf iguration Guide Page 173 V irtual Router Backup A new virtual router master is selected from the set of VRRP routers available to assume forwarding responsibility for a virtual r outer should the cu rrent master fail.
VRRP Components Page 174 7750 SR OS R out er Configur a tion Guide Configurable Parameters In addition to backup IP addres ses, to facilitate configuration of a virtual router on 7750 SR routers, the .
VRRP 7750 SR OS R outer Conf iguration Guide Page 175 When the IP address on the IP interface matches the virtual router IP address (owner mode), the priority value is fixed at 2 55, the highest value p o ssible. This v irtual router member is co nsidered the owner of the virtual router IP address.
VRRP Components Page 176 7750 SR OS R out er Configur a tion Guide Message Interval and Master Inherit ance Each virtual router is configured with a message interval per VRID within which it participates. This parameter must be the same fo r every virtual router on the VRID.
VRRP 7750 SR OS R outer Conf iguration Guide Page 177 Master Down Interval The master down interv al is a ca lc ulat e d value used to load the master down timer .
VRRP Components Page 178 7750 SR OS R out er Configur a tion Guide VRRP Message Authentication The authentication type parameter de fines the type of authentication used by the virtual router in VRRP advertisement message authentication.
VRRP 7750 SR OS R outer Conf iguration Guide Page 179 • VRRP message chec ks → V ersion field – Must be set to the v alue 2 → T ype field – Must be set to the valu e of 1 (advertisement) →.
VRRP Components Page 180 7750 SR OS R out er Configur a tion Guide Authentication Failure Any received VRRP advertisement message that fa ils authe ntication must be silently discarded with an invalid authentication counter incremented for the ingr ess virtual router instance.
VRRP 7750 SR OS R outer Conf iguration Guide Page 181 have the supported IP addresses explicitly de fi ned, making mismatched supported IP address within the interconnected virtual ro uter instances a provisioning issue.
VRRP Priority Control Policies Page 182 7750 SR OS R out er Configur a tion Guide VRRP Priority Control Policies This implementation of VRRP sup ports control policies to manipula te virtual router participation in the VRRP master election process and master se lf-deprecation.
VRRP 7750 SR OS R outer Conf iguration Guide Page 183 VRRP Priority Control Policy Delt a In-Use Priority Limit A VRRP priority control policy en forces an overall minimum value that the policy can inflict on the VRRP virtual router instance base priority .
VRRP Priority Control Policies Page 184 7750 SR OS R out er Configur a tion Guide Each event generates a VRRP priority event messa ge indicating the policy-id, the event type, the priority type (delta or explicit) and the event priority value.
VRRP 7750 SR OS R outer Conf iguration Guide Page 185 The following example illustrates a LAG priority event and it’ s interaction with the hold set timer in changing the in-use priority .
VRRP Priority Control Policies Page 186 7750 SR OS R out er Configur a tion Guide 104 T wo ports dow n Event State Set - 5 ports down Event Threshold 4 ports down Hold Set T imer 1 seco nd Current thr.
VRRP 7750 SR OS R outer Conf iguration Guide Page 187 Host Unreachable Priority Event The host unreachable priority even t creates a continuous ping task th at is used to test connectivity to a remote host.
VRRP Non-Owner Accessibility Page 188 7750 SR OS R out er Configur a tion Guide VRRP Non-Owner Accessibility Although RFC 2338 and draft-ietf-vrrp-spec-v2-06.
VRRP 7750 SR OS R outer Conf iguration Guide Page 189 Non-Owner Access SSH When non-owner access SSH is enabled on a virtual router insta nce, authorized SSH sessions may be established that are destined to the virtual rout er instance IP addresses when operating in master mode.
VRRP Configuration Process Overview Page 190 7750 SR OS R out er Configur a tion Guide VRRP Configuration Process Overview Figure 14 displays the process to provision VRRP parameters.
VRRP 7750 SR OS R outer Conf iguration Guide Page 191 VRRP Configuration Component s Figure 15 displays the majo r components to config ure a VRRP priority cont rol policy .
VRRP Configuration Process Overview Page 192 7750 SR OS R out er Configur a tion Guide Figure 16: Interfac e VRRP Configuratio n Component s • Interface — A logical IP routing interface. • Address — Assigns the primary IP address for the interface.
VRRP 7750 SR OS R outer Conf iguration Guide Page 193 Figure 17 displays the major componen ts to configure a VRRP instance in an IES service. Figure 17: IES VRRP Configurat ion Component s • IES — The context to creates or modify an IES service. • Interface — A logical IP routing interface.
Configuration Notes Page 194 7750 SR OS R out er Configur a tion Guide Configuration Notes This section describes VRRP configuration caveats. General • Creating and applying VRRP pol icies are optional. • Backup c om mand: → Y ou can configure up to 16 backup IP ad dresses in the non-owner mode.
VRRP 7750 SR OS R outer Conf iguration Guide Page 195 Configuring VRRP with CLI This section provides informa tion to configure VRRP using the command line interface.
VRRP Configuration Overview Page 196 7750 SR OS R out er Configur a tion Guide VRRP Configuration Overview Configuring VRRP policies and configuring VRRP instances on IES or VPRN interfaces and router interfaces is optional.
VRRP 7750 SR OS R outer Conf iguration Guide Page 197 VRRP CLI Command S tructure The 7750 SR OS VRRP comman d structure is displayed in Figure 18 . VRRP policy commands are located under the config>vrrp context. VRRP service configuration commands are located under the config>service>ies> interface context.
VRRP CLI Command S tructure Page 198 7750 SR OS R out er Configur a tion Guide ROOT CONFIG SHOW VRRP SERVI CE IES/VPRN INTERFACE VRRP HOST UNREACHABLE LAG PORT DOWN PORT DOWN ROUTE UNKNOWN VRRP DELTA-.
VRRP 7750 SR OS R outer Conf iguration Guide Page 199 List of Commands Ta b l e 7 l ists the commands to co nfigure VRRP po licy parameters, indica ting t he configuration level at which each command is implem ented with a short command de scription.
List of Commands Page 200 7750 SR OS R out er Configur a tion Guide hold-set Configures the amount of ti me before the set state for a VRRP priority control event transitions to the clear ed state to dampen flapping events. 245 number-down Creates a context for configuring an ev ent set threshold within a lag-port- down priority control event.
VRRP 7750 SR OS R outer Conf iguration Guide Page 201 Table 8: CLI Commands to Configure IES or VPRN Service VRRP Parameters Command Description Page VRRP IES service and network interface par ameters.
List of Commands Page 202 7750 SR OS R out er Configur a tion Guide backup ip-address Assigns virtual router IP addresses associated with the parental IP interface IP addresses .
VRRP 7750 SR OS R outer Conf iguration Guide Page 203 backup ip-address Assigns virtual router IP addresses associated with the parental IP interface IP addresses . Non-owner instances create a routable IP interface address that is operationally dependent on the vi rtual router instance mode (master or backup).
Basic VRRP C onfigurations Page 204 7750 SR OS R out er Configur a tion Guide Basic VRRP Configurations Configure VRRP parameters in the following contexts: • VRRP Policy on page 204 • VRRP IES Service Parameters on page 205 • VRRP Router Interface Parameters on page 206 VRRP Policy Configuring and applyin g VRRP policies are op tional.
VRRP 7750 SR OS R outer Conf iguration Guide Page 205 exit exit ---------------------------------------------- A:SR2>config>vrrp>policy# VRRP IES Service Parameters VRRP parameters are configured within an IES service with two contexts, owner or non- owner.
Basic VRRP C onfigurations Page 206 7750 SR OS R out er Configur a tion Guide VRRP Router Interface Parameters VRRP parameters are configured on a router in terface with two contexts, ow ner or non-owner. The status is specified when the VRRP config uration is created.
VRRP 7750 SR OS R outer Conf iguration Guide Page 207 Common Configuration T asks This section provides a brief overview of the ta sk s that must be performed to configure VRRP and provides the CLI commands. VRRP parameters are defined un der a service interface or a rout er interface context.
Common Configuration T asks Page 208 7750 SR OS R out er Configur a tion Guide Creating Interface Parameters You can configure u p to 4 virtual routers IDs on an IP interface. Each virtual router instance can manage up to 16 backup IP addresses, incl uding up to 16 secondary IP addresses.
VRRP 7750 SR OS R outer Conf iguration Guide Page 209 Configuring VRRP Policy Component s Use the CLI syntax displayed be low to configure a VRRP policy: CLI Syntax: config>vrrp policy policy-id [context service-id ] description string delta-in-use-limit in-use-priority-limit priority-event port-down port-id [.
Configuring VRRP Policy Components Page 210 7750 SR OS R out er Configur a tion Guide The following displays the VRRP policy configuration: A:SR1>config>vrrp# info ---------------------------------------------- policy 1 delta-in-use-limit 50 priority-event port-down 1/1/2 hold-set 43200 priority 100 delta exit route-unknown 0.
VRRP 7750 SR OS R outer Conf iguration Guide Page 211 Configuring IES or VPRN Service VRRP Parameters VRRP parameters can be configured on an inte rface in an IES or VP RN service to provide virtual default router su pport which allows tr a ffic to be routed withou t relying on a single router in case of failure.
Configuring VRRP Policy Components Page 212 7750 SR OS R out er Configur a tion Guide Non-Owner IES or VPRN VRRP Example Use the CLI syntax displayed below to conf igure IES or VPRN service non-owner .
VRRP 7750 SR OS R outer Conf iguration Guide Page 213 The following example d isplays the basic non-owner VRRP configuration: A:SR2>config>service>ies# info ---------------------------------------------- interface "mertz" create address 10.
Configuring VRRP Policy Components Page 214 7750 SR OS R out er Configur a tion Guide Owner IES or VPRN VRRP Use the CLI syntax displayed below to co nfigure IES or VPRN service owner VRRP parameters:.
VRRP 7750 SR OS R outer Conf iguration Guide Page 215 Configuring Router Interface VRRP Parameters VRRP parameters can be configured on an interfa ce in an i nterface to provide virtual default router support which allows traffic to be rout ed without relying on a sing le router in case of failure.
Configuring VRRP Policy Components Page 216 7750 SR OS R out er Configur a tion Guide Router Interface VRRP Non-Owner Use the CLI syntax displayed below to co nfigure non-own er rout er interface VRRP.
VRRP 7750 SR OS R outer Conf iguration Guide Page 217 The following example displays the no n-owner interface VRRP configuration: A:SR2>config># info #------------------------------------------ interface "lucy" address 10.20.30.40/24 secondary 10.
Configuring VRRP Policy Components Page 218 7750 SR OS R out er Configur a tion Guide Router Interface VRRP Owner Use the CLI syntax displayed below to config ure owner router interface VRRP parameter.
VRRP 7750 SR OS R outer Conf iguration Guide Page 219 VRRP Configuration Management T asks This section discusses th e following VRRP configur ation management tasks: • Modifying a VRRP Policy on pa.
VRRP Configuratio n Management T asks Page 220 7750 SR OS R out er Configur a tion Guide Deleting a VRRP Policy Policies are only applied to non-owner VRRP in stances. A VRRP policy cannot be deleted if it is applied to an interface or to an IES service.
VRRP 7750 SR OS R outer Conf iguration Guide Page 221 Modifying Service and In terface VRRP Parameters Modifying Non-Owner Parameters Once a VRRP instance is created as non-ow ner, it cannot be modified to the own er state. The vrid must be deleted and then recreated with the owner keyword to in voke IP address ownership.
VRRP Configuratio n Management T asks Page 222 7750 SR OS R out er Configur a tion Guide.
VRRP 7750 SR OS R outer Conf igur ation Guide Page 223 VRRP Command Reference Command Hierarchies Configuration Commands • VRRP Network Interface Commands on page 223 • VRRP Priority Control Event.
VRRP Command Reference Page 224 7750 SR OS R out er Configuration Guide — [ no ] pree mpt — priority priority —n o priority — [ no ] ssh-r eply — [ no ] standby-forwarding — [ no ] telnet-.
VRRP 7750 SR OS R outer Conf igur ation Guide Page 225 VRRP Priority Control Event Policy Commands config —v r r p — [ no ] policy polic y-id [ contex t service-id ] — delta-in-use-limit limit .
VRRP Command Reference Page 226 7750 SR OS R out er Configuration Guide Show Commands show —r o u t e r —v r r p — instance [ interface interface-name [ vrid virtual-r outer -id ]] — statistic.
VRRP 7750 SR OS R outer Conf iguration Guide Page 227 Configuration Commands Interface Configuration Commands authentication-key Syntax authenti cation-key [ authentication-key | hash-key ] [ hash | h.
Configuration Co mmands Page 228 7750 SR OS R out er Configuration Guide Parameters authentication-key — The authentication key . Allowed values are any string up to 8 characters long composed of printable, 7-bit AS CII characters. If the string contains special characters (#, $, spaces, etc.
VRRP 7750 SR OS R outer Conf iguration Guide Page 229 Parameters password — Specifies VRRP Authentic a tion T ype 1 is used. T yp e 1 requires the definition of an ei ght octet long string.
Configuration Co mmands Page 230 7750 SR OS R out er Configuration Guide error generated. At least one successful backup ip-addr command must be executed before the virtual router instance can enter the operational state.
VRRP 7750 SR OS R outer Conf iguration Guide Page 231 Example - Owner Virtual Router In stance Non-Owner Vi rtual Router IP Address Parent al Association — When an IP address is assigned to a no n-owner virtual router instance, it mu st be associated with one of the parental IP interface assigned IP addresses.
Configuration Co mmands Page 232 7750 SR OS R out er Configuration Guide Parent Primary IP Addres s Changed — When a virtual router IP address is set and the associated parent IP interface IP addres.
VRRP 7750 SR OS R outer Conf iguration Guide Page 233 The mac command sets the MAC address used in ARP resp onses when the virtual router instance is master .
Configuration Co mmands Page 234 7750 SR OS R out er Configuration Guide message-interval Synt ax message -interval {[ seconds ] [ milliseconds milliseconds ]} no message-interval Context config>ro.
VRRP 7750 SR OS R outer Conf iguration Guide Page 235 policy Synt ax policy vrrp-policy-id no policy Context config>router>if>vrrp Description This command adds a VRRP priority control polic y association with the virtual router instance.
Configuration Co mmands Page 236 7750 SR OS R out er Configuration Guide Non-owner virtual router instan ces on ly preempt when pr eempt is set and the current master has an in-use message priorit y value less than the virtual router instances in-use priority .
VRRP 7750 SR OS R outer Conf iguration Guide Page 237 ping-reply Synt ax [ no ] ping-reply Context config>router>if>vrrp Description This command enables the non-owner master to reply to ICMP echo requests directed at the vritual router instances IP addresses.
Configuration Co mmands Page 238 7750 SR OS R out er Configuration Guide If the shutdown command is executed, no VRRP advertis ement messages are generated and all received VRRP advertisement messages are silently discarded with no processing. By default, virtual router instances are created in the no shutdown state.
VRRP 7750 SR OS R outer Conf iguration Guide Page 239 standby-forwarding Synt ax [ no ] st andby-forwarding Context config>router>if>vrrp Description This command specifies whether th is VRRP instance allows forwardi ng packets to a stand by router .
Configuration Co mmands Page 240 7750 SR OS R out er Configuration Guide traceroute-reply Synt ax [ no ] traceroute- reply Context config>router>if>vrrp Description This command is valid only if the VRRP virtual rout er instance associated with this entry is a non- owner .
VRRP 7750 SR OS R outer Conf iguration Guide Page 241 VRRP Owner Command Exclusions — By specifying the VRRP vrid as owner , The follow ing commands are no longer available: • vrrp mismatch-discard — Owner virtual router instances do not accept VRRP advertisement messages; IP address mismatches are not checked or logged.
Configuration Co mmands Page 242 7750 SR OS R out er Configuration Guide Priority Policy Commands delta-in-use-limit Synt ax delt a-in-use-limit in-use-priority-limit no delt a-in-use-limit Context co.
VRRP 7750 SR OS R outer Conf iguration Guide Page 243 description Synt ax description string no description Context config>vrrp>po licy vrrp-policy-id Description This command creates a text descri ption stored in the configuration file for a configuration context.
Configuration Co mmands Page 244 7750 SR OS R out er Configuration Guide Parameters vrrp-policy-id — The VRRP priority control ID expressed as a decimal integer that uniquely identifies this policy from any other VRRP priority control po licy defined on the system.
VRRP 7750 SR OS R outer Conf iguration Guide Page 245 Priority Policy Event Commands hold-clear Synt ax hold-clear se conds no hold-c lear Context config>vrrp>po licy vrrp-policy-id >priority.
Configuration Co mmands Page 246 7750 SR OS R out er Configuration Guide lag-port-down events, this may be a decreas e in the set effect if the clearing amounts to a lower set threshold.
VRRP 7750 SR OS R outer Conf iguration Guide Page 247 Parameters priority-level — The priority level adjustment value expressed as a decimal integer . Va l u e s 0 — 254 delta | explicit — Configures what ef fec t the priority-level will have on the base priority value.
Configuration Co mmands Page 248 7750 SR OS R out er Configuration Guide Priority Policy Port Down Event Commands port-down Synt ax [ no ] port-down port-id Context config>vr rp>policy>priority-event Description This command configures a port down priority control event that monitors the operational state of a port or SONET/SDH channel.
VRRP 7750 SR OS R outer Conf iguration Guide Page 249 to be separate entities. A port and a channel on the port can be monitored by separate events in the same policy . Va l u e s port-id slot / mda / port [. channel ] aps-id aps- gr oup-id [. channel ] aps keyword group-id 1 — 64 bundle-type-slot/mda.
Configuration Co mmands Page 250 7750 SR OS R out er Configuration Guide Priority Policy LAG Event s Commands lag-port-down Synt ax [ no ] lag-port-down lag-id Context config>vrr p>policy vrrp-p.
VRRP 7750 SR OS R outer Conf iguration Guide Page 251 configured threshold is crossed, any higher thre sholds are considered further event sets and are processed immediately wit h the hold set tim er reset to the configured value of the hold-set command.
Configuration Co mmands Page 252 7750 SR OS R out er Configuration Guide Parameters number-of-lag-ports-down — The number of LAG ports down to cr eate a set event threshold.
VRRP 7750 SR OS R outer Conf iguration Guide Page 253 Priority Policy Host Unreachable Event Commands drop-count Synt ax drop-count co nsecutive-failures no drop-coun t Context config>vrrp vrrp-pol.
Configuration Co mmands Page 254 7750 SR OS R out er Configuration Guide The host-unr eachable command can reference any valid local or remote IP address. The ability to ARP a local IP address or find a remote IP address within a route prefix in the route table is considered part of the m onitoring procedure.
VRRP 7750 SR OS R outer Conf iguration Guide Page 255 The no form of the command deletes the specific IP ho s t monitoring event. The event may be deleted at anytime. When the event is dele ted, the in-use priority of all a ssociated virtual router instances must be reevaluated.
Configuration Co mmands Page 256 7750 SR OS R out er Configuration Guide W ith each consecutive attempt to send an ICMP echo request message, the timeout timer is loaded with the time out value. The timer decrements until: • An internal error occurs preventing mes sage sending (request unsuccessful).
VRRP 7750 SR OS R outer Conf iguration Guide Page 257 Priority Policy Route Unknown Event Commands less-specific Synt ax [ no ] less-specific [ allow-default ] Context config>vrrp>po licy vrrp-p.
Configuration Co mmands Page 258 7750 SR OS R out er Configuration Guide When more than one next ho p IP ad dresses are eligible for matching, a next-hop command must be executed for each IP address. Defining the same IP address multip le times has no effect after the first instance.
VRRP 7750 SR OS R outer Conf iguration Guide Page 259 is-is — This param eter defines IS-IS as an eligible ro ute source for a returned route prefix from the R TM when looking up th e route-unknown route prefix. The is-is parameter is not exclusive from the other available protocol parameters.
Configuration Co mmands Page 260 7750 SR OS R out er Configuration Guide An existing route prefix in the R T M must be acti ve (used by the IP forwardi ng engi ne) to clear the event operational state.
VRRP 7750 SR OS R outer Conf iguration Guide Page 261 Show Commands global-statistics Synt ax global-st atistics Context show>vrrp Description Thi s command di splays global VRRP statistics. Output VRRP Global St atist ics Output — The following table describes the global st atistics command output fields for VRRP.
Show Command s Page 262 7750 SR OS R out er Configuration Guide vrid vrid — Displays detailed information for the speci fied VRRP instance on the IP interface. Default All VRIDs for the IP interface. Va l u e s 1 — 255 Output VRRP Instan ce Output — The following table describes the instance comman d out put fields fo r VRRP.
VRRP 7750 SR OS R outer Conf iguration Guide Page 263 Inh Int Yes — When the VRRP instance is a non-owner and is operat- ing as a backup and the master -int-inherit command is enabled, the master down timer is indirectly derived from the value in the advertisement interval field of the VRRP message received from the current master .
Show Command s Page 264 7750 SR OS R out er Configuration Guide Output Sample Output A:ALA-A# show vrrp instance =============================================================================== VRRP In.
VRRP 7750 SR OS R outer Conf iguration Guide Page 265 A:ALA-A# A:ALA-A# show vrrp instance d2hub =============================================================================== VRRP Instances for inte.
Show Command s Page 266 7750 SR OS R out er Configuration Guide policy Synt ax policy [ vrrp-policy-id [ event event-type specific-qualifier ]] Context show >vrrp Description This command disp lays VRRP priority control poli cy information.
VRRP 7750 SR OS R outer Conf iguration Guide Page 267 Delta Limit The delta-in-use-limit for a VRRP policy . Once the total sum of all delta events has been calcu lated and subtracted from the base-priority of the v irtual router , the result is compared to the delta-in-use-limit v alue.
Show Command s Page 268 7750 SR OS R out er Configuration Guide Output Sample Output A:ALA-A# show vrrp policy =============================================================================== VRRP Poli.
VRRP 7750 SR OS R outer Conf iguration Guide Page 269 ------------------------------------------------------------------------------- Priority Control Events ------------------------------------------.
Show Command s Page 270 7750 SR OS R out er Configuration Guide Applied to Interface Name The interface name the VRRP policy is applied to. VR ID The virtual router ID for the IP interface Opr Up — Indicates that the operationa l state of the VRRP instance is up.
VRRP 7750 SR OS R outer Conf iguration Guide Page 271 Sample Output A:ALA-A#show vrrp policy event port-down =============================================================================== VRRP Policy.
Show Command s Page 272 7750 SR OS R out er Configuration Guide ------------------------------------------------------------------------------- Priority Control Event Port Down 1/1/1 -----------------.
VRRP 7750 SR OS R outer Conf iguration Guide Page 273 Protocol(s) : None Hold Set Config : 0 sec Hold Set Remaining: Expired Value In Use : No Current State : n/a # trans to Set : 0 Previous State : n.
Clear Commands Page 274 7750 SR OS R out er Configuration Guide Clear Commands instance Synt ax interface ip-int-name [ vrid vrid ] Context clear>vrrp Description This command resets VRRP protoc ol instances on an IP interface. Parameters ip-int-name — The IP interface to reset th e VRRP protocol instances.
7750 SR OS R outer Conf iguration Guide P age 275 Filter P olicies In This Chapter This chapter provides information about filter policie s and management.
Filter Policy Conf iguration Overview Page 276 7750 SR OS R out er Configur a tion Guide Filter Policy Configuration Overview Filter policies, also referred to as Access Control Lists (ACLs), are temp.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 277 Filter Policy Entities A filter policy compares the match criteria specified within a filter entry to packets coming through the system, in the order the entries are nu mber ed in the p olicy .
Filter Policy Conf iguration Overview Page 278 7750 SR OS R out er Configur a tion Guide Filter policies can be applied to specific service types: • Epipe — Both MAC and IP filters are su pported on an Epipe SAP and sp o ke SDPs. • VPLS — Both MAC and IP filters are supported on a VP LS SAP .
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 279 Redirection policies can contain mu ltiple destinat ions. Each destin ation is assigned an initial or base priority describing its relative importance wi thin the policy . The des tination with the highest priority value is selected.
Filter Policy Conf iguration Overview Page 280 7750 SR OS R out er Configur a tion Guide Web Redirection (Captive Port al) The 7xx0 Series introdu ce s a new type of redirection policy .
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 281 Figure 19: Web Redirec t Traffic Flow Starred entries (*) are items the router performs m asquerading as the destination, regardless of the destination IP address or type of service.
Creating Redirect Policies Page 282 7750 SR OS R out er Configur a tion Guide Creating Redirect Policies Figure 20 displays the process to create redirect policies and apply them to a service SAP or router interface.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 283 Figure 20 displays the process to create filter policies and apply them to a service or network port.
Creating Redirect Policies Page 284 7750 SR OS R out er Configur a tion Guide Policy Component s Figure 22 displays the majo r componen ts of a redirec t policy . Figure 22: Redirect Policy Components • Redirect policy — This is the va lue which identifies t he filter .
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 285 Figure 23 displays the major components of a fi lter policy . Figure 23: Filter Policy Components • Filter (mandatory) — This is the value which identifies the filter . • Description (optional) — The description prov ides a brief overview of the filter ’ s features.
Creating Redirect Policies Page 286 7750 SR OS R out er Configur a tion Guide Packet Matching Criteria Up to 65535 IP and 65 535 MAC filter IDs (uniq ue filter policies) can be d efined. A maximum of 16384 filter entries can be defined in one filter at the same ti me.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 287 • Option value — Entering an option value enables the first filter to sear ch for a specific IP option. See Ta b l e 1 6 . • TCP-ACK/SYN flags - Entering a TCP-SYN/TCP- ACK flag allows the filter to search for the TCP flags specified in these fields.
Creating Redirect Policies Page 288 7750 SR OS R out er Configur a tion Guide DSCP V alues Table 15: DSCP Nam e to DSCP V a lue T able DSCP Name Decimal DSCP V alue Hexadecimal DSCP V alue Binary DSCP.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 289 cp21 31 cs4 32 * cp33 33 af41 34 * cp35 35 af42 36 * cp37 37 af43 38 * cp39 39 cs5 40 * cp41 41 cp42 42 cp43 43 cp44 44 cp45 45 ef 46 *.
Creating Redirect Policies Page 290 7750 SR OS R out er Configur a tion Guide IP Option V alues Table 16: IP Option Values Copy Class Number V alue Name Description 0 0 0 0 EOOL End of options list 0 .
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 291 Ordering Filter Entries When entries are created, they should be arranged sequentially from the most explicit entry to the least explicit. Filter matching ceases when a pack et matches an entry .
Creating Redirect Policies Page 292 7750 SR OS R out er Configur a tion Guide Figure 24 displays an example of several packets fo rwarded upon matching the filter criteria and several packets traversi ng through the filter entries and then dropped. Figure 24: Filtering Proc ess Example INGRESSING PACKETS: #1: SA: 10.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 293 Applying Filters After filters are created, they can be applied to the foll owing entities: • Applying a Filter to a SAP on page 2 93.
Configuration Notes Page 294 7750 SR OS R out er Configur a tion Guide Configuration Notes The following information describ es filter implementation caveats: • Creating a filter policy is optional. • Associating a service with a filter policy is optional.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 295 IP Filters • Define filter entry packet matching criteria — If a filter policy is created with an entry and entry action specified but the packet matching criteria is not defined, then all packets processed through this filter policy entry will pass and take the action specified.
Configuration Notes Page 296 7750 SR OS R out er Configur a tion Guide • In case the mini-table has no more free en tries, only T otal counter is incremented. • At expiry of the summarizatio n interval, the mini-table for each type is flushed to the syslog destination.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 297 Reference Sources For information on supported IETF drafts and standards, as well as standard and proprietary MIBS, refer to Standards and Pro tocol Support on page 715 .
Configuration Notes Page 298 7750 SR OS R out er Configur a tion Guide.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 299 Configuring Filter Policies with CLI This section provides informatio n to configure filter policies us ing the command line interface.
Filter CLI Command S tructure Page 300 7750 SR OS R out er Configuration Guide Filter CLI Command Structure Figure 25 displays the 7750 SR OS filter command st ructure. The filter c onfi guration commands are located under the config>filter context and the show commands are under show>filter ip and show>filter mac .
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 301 Figure 26 displays the 7750 SR OS filter redirect po licy command structure. The redirect policy configuration commands are located under the config>filter context and the show co mmands are under show>filter>redirect-policy context.
List of Commands Page 302 7750 SR OS R out er Configuration Guide List of Commands Ta b l e 1 8 lists all the filter configuration commands indicating the configur ation level at which each command is implemented with a short command descrip tion.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 303 filter-sample Specifies that traffic matching the associated IP filter entry is sampled if the IP interface is set to cflowd ip-filter mode.
List of Commands Page 304 7750 SR OS R out er Configuration Guide Configure an IPv6 filter policy config>filter ipv6-filter Creates an IPv6 filter policy.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 305 icmp-type Configures matching on ICMP type field in the ICMP h ead er of an IP packet as an IP filter match criterion. 377 src-ip Configures a source IP address rang e to be used as an IP filter match criterion.
List of Commands Page 306 7750 SR OS R out er Configuration Guide dot1p Configures an IEEE 802.1p value or range to be used as a MAC filter match criterion. 383 etype Configures an Ethernet type II Ethert ype value to be used as a MAC filter match criterion.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 307 configure a filter log policy config>filter log Enables the context to create a filter log policy. 360 destination memory Specifies the destination for filte r log entries be sent to memory.
Basic Configuration Page 308 7750 SR OS R out er Configuration Guide Basic Configuration The most basic IP, IPv6, and MAC filte r policies must have the following: • A filter ID • T emplat e scope.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 309 Common Configuration T asks This section provides a brief overview of the task s that must be performed for both IP and MAC filter configurations and provides the CLI commands.
Common Configuration T asks Page 310 7750 SR OS R out er Configuration Guide Creating an IP Filter Policy Configuring and applying filter policies is optiona l. Each filter policy mu st have the following: • The filter type specified (IP) • A filter policy ID • A default action, either drop or forward.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 311 The following displays the command usage to create an exclusive IP filter policy: Example : config>filter# ip-filter 11 create confi.
Common Configuration T asks Page 312 7750 SR OS R out er Configuration Guide IP Filter Entry Within a filter policy, configure filter entries which contain criteri a agai nst which ingress, egress, or network traffic is matched. The action specifi ed in the entry determine how the packets are handled, either d ropped or forwarded.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 313 Configuring the HTTP-Redirect Option If http-redirect is specified as an action, a corresponding forward entry must be specified before the redirect.
Common Configuration T asks Page 314 7750 SR OS R out er Configuration Guide exit entry 30 create match protocol tcp dst-ip 10.10.10.91/24 dst-port eq 80 exit action http-redirect "http://100.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 315 Filter Sampling Within a filter entry, you can specify that traffic ma tching the associated IP filter entry is sampl ed. if the IP interface is set to cflowd ip-filter m ode. Enabling filter-sample en ables the cflowd tool.
Common Configuration T asks Page 316 7750 SR OS R out er Configuration Guide IP Entry Matching Criteria Use the following CLI syntax to configure IP filter matching criteria: CLI Syntax: config>fil.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 317 Creating an IPv6 Filter Policy Configuring and applying IPv6 filter policies is optional. Each filter policy must have the following: • The IPv6 filter type specified • An IPv6 filter policy ID • A default action, either drop or forward.
Common Configuration T asks Page 318 7750 SR OS R out er Configuration Guide IPv6 Filter Entry Within an IPv6 filter policy, configure filter entries which contain criteria against which ingress, egress, or network traffic is matched. The action specified in the entry de termine how the packets are handled, either dropped or forwarded.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 319 The following example displays th e IPv6 filter entry configuration. A:ALA-49>config>filter>ipv6-filter# info ----------------.
Common Configuration T asks Page 320 7750 SR OS R out er Configuration Guide Creating a MAC Filter Policy Configuring and applying filter policies is optiona l. Each filter policy mu st have the following: • The filter type specified (MAC). • A filter policy ID.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 321 MAC Filter Entry Within a filter policy, configure filter entries which contain criteri a agai nst which ingress, egress, or network traffic is matched. The action specifi ed in the entry determine how the packets are handled, either d ropped or forwarded.
Common Configuration T asks Page 322 7750 SR OS R out er Configuration Guide MAC Entry Matching Criteria Use the following CLI syntax to co nfigure MAC filter matching criteria: CLI Syntax: config>.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 323 Creating Filter Log Policies Use the following CLI syntax to configure filter log policy: CLI Syntax: config>filter>log log-id de.
Common Configuration T asks Page 324 7750 SR OS R out er Configuration Guide Applying Filter Policies Filter policies can be associated with the following entities: Apply IP and MAC Filter Policies Th.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 325 config>service>epipe# spoke-sdp 8:8 create config>service>epipe>spoke-sdp$ egress config>service>epipe>spoke-sd.
Common Configuration T asks Page 326 7750 SR OS R out er Configuration Guide Apply an IPv6 Filter Policy to an IES SAP Use the following CLI syntax to apply an IPv6 filter policy to an ingress or egre.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 327 Apply Filter Policies to Network Port IP filter policies can be applied to network IP inte rfaces.
Common Configuration T asks Page 328 7750 SR OS R out er Configuration Guide Apply an IPv6 Interface Use the following CLI syntax to apply an IPv6 filter policy to a network IP interface: CLI Syntax: .
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 329 Creating a Redirect Policy Configuring and applying redirect policies is optional. Each redirect policy must have the following: • A .
Common Configuration T asks Page 330 7750 SR OS R out er Configuration Guide The following displays the command usage to cr eate a redirect policy: Example : config>filter# redirect-policy redirect1 config>filter>redirect-policy# destination 10.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 331 exit no shutdown exit destination 10.10.10.106 create priority 90 url-test " URL_to_106 " url " http://aww.alcatel.com/ipd /" interval 60 return-code 2323 4567 raise-priority 96 exit no shutdown exit .
Common Configuration T asks Page 332 7750 SR OS R out er Configuration Guide Configuring Policy-Based Forward ing for Deep Packet Inspection in VPLS The purpose policy-based forwarding is to capt ure traffic from a customer and perform a dee p packet inspection (DPI) and forward traffic, if allowed, by the DPI.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 333 Configuring the VPLS service: Example : config>service# vpls 10 customer 1 create config>service>vpls$ service-mtu 1400 config.
Common Configuration T asks Page 334 7750 SR OS R out er Configuration Guide Configuring the MAC filter policy: Example : config>filter# mac-filter 100 create config>filter>mac-filter$ defaul.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 335 Adding the MAC filter to the VPLS service: Example : config>service# config>service# vpls 10 config>service>vpls# sap 1/1/5.
Filter Management T asks Page 336 7750 SR OS R out er Configuration Guide Filter Management T asks This section discusses the following filte r policy management tasks: • Renumbering Filter Policy E.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 337 The following displays the original filter entry orde r on the left side and th e reordered filter entries on the right side: A:ALA-7>config>filter# info ---------------------------------------------- .
Filter Management T asks Page 338 7750 SR OS R out er Configuration Guide Modifying an IP Filter Policy To access a specific IP filter, you mu st specify the filte r ID. Use the no form of the command to remove the command parameters or return the para meter to the default setting.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 339 exit .. ---------------------------------------------- A:ALA-7>config>filter#.
Filter Management T asks Page 340 7750 SR OS R out er Configuration Guide Modifying an IPv6 Filter Policy To access a specific IPv6 filter, you must specify the filter ID. Use the no form of the command to remove the command parameters or return the para meter to the default setting.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 341 Modifying a MAC Filter Policy To access a specific MAC filter, you mu st specify the filter ID. Use the no form of the command to remove the command parameters or return the para meter to the default setting.
Filter Management T asks Page 342 7750 SR OS R out er Configuration Guide Deleting a Filter Policy Before you can delete a filter, you must remove the filter associat ion from the applied ingress and egress SAPs and network interfaces.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 343 From a Network Interface To delete a filter from a network interfa ce, enter the following CLI commands: CLI Syntax: config>router# .
Filter Management T asks Page 344 7750 SR OS R out er Configuration Guide CLI Syntax: config>router>if# egress no filter ip 2 A:ALA-49>config>router>if# info ---------------------------.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 345 CLI Syntax: config>router>if# ingress no filter A:ALA-49>config>router>if# ---------------------------------------------.
Filter Management T asks Page 346 7750 SR OS R out er Configuration Guide From the Filter Configuration After you have removed the filter from the SAP, use the following CL I syntax to delete the filter.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 347 Modifying a Redirect Policy To access a specific redirect policy, you must specify the policy name. Use the no form of the command to remove the command parameters or return th e parameter to the default setting.
Filter Management T asks Page 348 7750 SR OS R out er Configuration Guide Deleting a Redirect Policy Before you can delete a redirect policy from the filter configuration, you must remove the policy association from the IP filter.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 349 Copying Filter Policies When changes are made to an ex isting filter policy, they are app lied immediately to all services where the policy is applied.
Filter Management T asks Page 350 7750 SR OS R out er Configuration Guide.
Filter Policies 7750 SR OS R outer Conf igur ation Guide Page 351 Filter Command Reference Command Hierarchies • Log Commands on page 351 • IP Filter Policy Com mands on page 351 • IPv6 Filter P.
Filter Command Reference Page 352 7750 SR OS R out er Configuration Guide — action [ dr op ] — action forward [ next-hop { ip-addr e ss | indirect ip- addr ess | interface ip-int-name }] — actio.
Filter Policies 7750 SR OS R outer Conf igur ation Guide Page 353 IPv6 Filter Policy Commands config —f i l t e r — ipv6-filter ipv6-filter -id [ create ] — default-action { dr op | forward } .
Filter Command Reference Page 354 7750 SR OS R out er Configuration Guide — default-action { dr op | forward } — ren um old-entry-id new-entry-id — scope { exclusi ve | template } —n o scope .
Filter Policies 7750 SR OS R outer Conf igur ation Guide Page 355 Redirect Policy Conf iguration Commands —Redirect policy co mmands — red irec t-p oli cy redir ect-policy-name [create] —n o re .
Filter Command Reference Page 356 7750 SR OS R out er Configuration Guide Generic Filter Commands config —f i l t e r — copy ip-filter | i pv6-filter | mac-fi lter sr c-filter-id [ sr c-entry sr c.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 357 Configuration Commands Generic Commands description Synt ax description string no description Context config>filter>ip-filter con.
Page 358 7750 SR OS R out er Configuration Guide Global Filter Commands ip-filter Synt ax [ no ] ip-filter filter-id [ creat e ] Context config>filter Description This command creates a configurati on context for an IP filter policy . IP-filter policies specify either a forward or a drop action for packets based on the specified match criteria.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 359 Context config>filter Description This command enables the cont ext for a MAC filter policy . The mac-filter policy specifies e ither a forward or a drop action fo r packets based on the specified match criteria.
Page 360 7750 SR OS R out er Configuration Guide Filter Log Destination Commands destination Synt ax destination memory num-entries destination syslog syslog-id no destination Context config>filter> log Description This command configures the destination for filter log en tries for the filter log ID.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 361 shutdown Synt ax [ no ] shut down Context config>filter>log config>filter>log>summary config>filter>redirect-policy config>filter>redirect-policy>destination Administratively enables/disabled (Admin Up/A dminDown) an entity .
Page 362 7750 SR OS R out er Configuration Guide Parameters dst-addr — Specifies that received log packets are summarized based on the destination IP , IPv6 or MAC address. src-addr — Specifies that rece ived log packets are summarized based on the source IP , IPv6 or MAC address.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 363 Filter Policy Commands default-action Synt ax default-action { drop | forward } Context config>filter>ip-filter config>filter&.
Page 364 7750 SR OS R out er Configuration Guide General Filter Entry Commands entry Synt ax entry entry-id [ time-range tim e-range-name ] no entry entry-id Context config>filter> ip-filter config>filter>ipv6-filter config>filter>mac-filter Description This command creates or edits an IP , IPv6, or MAC filter entry .
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 365 The filter log ID must exist before a filter entry can be enabled to use the filter log ID.
Page 366 7750 SR OS R out er Configuration Guide IP Filter Entry Commands action Synt ax action [ drop ] action forwar d [ next-hop { ip-address | indirect ip-addr ess | interface ip-in t-name }] acti.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 367 frame [ port-id | bundle-id ]: dlci cisco-hdlc slot/mda/port.ch annel ima-grp bundle - id [: vpi/vci | vpi | vpi1 . vpi2 ] port-id slot/mda/port [. channel ] aps-id aps- gr oup-id [. channel ] aps keyword gr oup-id 1 — 16 bundle- type - slot/mda .
Page 368 7750 SR OS R out er Configuration Guide qtag1, qtag2 — Specifies the encapsulation value used to iden tify the SAP on the port or sub-port. If this parameter is not specificially defined, the default value is 0. Va l u e s qtag1: 0 — 409 4 qtag2 : * | 0 — 4094 sdp-id — The SDP identifier .
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 369 Default no filter -sample interface-disable-sample Synt ax [ no ] interface-disa ble-sample Context config>filter>ip-filter>entry Description Specifies that traf fic matchi ng the associated IP filter entry is not sampled if the IP interface is set to cflowd interface mode.
Page 370 7750 SR OS R out er Configuration Guide igmp 2 Internet Group Managemen t ip 4 IP in IP (encapsulation) tcp 6 T ransmis sion Control egp 8 Exterior Gat eway Protoc ol igp 9 any private interi.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 371 match Synt ax match [ next-header next-header ] no match Context config>filter>ipv6-filter >entry Description This command enables the context to enter match criteria for the filter entry .
Page 372 7750 SR OS R out er Configuration Guide MAC Filter Entry Commands action Synt ax action [d rop] action forwar d [ sap sap-id | sd p sd p-id ] action ht tp-redirect url no action Context config>filter> mac-filter>entry Description This command configures no action, drop or forward fo r a MAC filter entry .
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 373 id 1 — 8 path-id a, b cc-type .sap-net, .net-sap] cc-id 0 — 4094 lag-id la g- id lag keyword id 1 — 200 q tag1 0 — 4094 qtag2 *.
Page 374 7750 SR OS R out er Configuration Guide http-redir ect url — Specifies the HTTP web ad dr ess that will b e sent to the user’ s browser . Va l u e s 255 characters maximum match Synt ax m.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 375 IP Filter Match Criteria dscp Synt ax dscp dscp-name no dscp Context config>filter>ip-filter>entry > match config>filter.
Page 376 7750 SR OS R out er Configuration Guide Synt ax dst-ip [ ipv6-address / prefix-length ] no dst-ip Context config>filter>ipv6-f ilter>entry>match Description This command matches a destination IPv6 address. T o match on the destination IPv6 address, specify the address and prefix length, for example, 1 1::12/ 128.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 377 fragment Synt ax fragment { true | false } no fragment Context config>filter>ip-filter>entry > match Description Configures fragmented or non-fragmented IP packets as an IP filter match criterion.
Page 378 7750 SR OS R out er Configuration Guide The no form of the command removes th e criterion from the match entry . Default no icmp-type — no match criterion for the ICMP type Parameters icmp-type — The ICMP type values that must be present to match.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 379 multiple-option Synt ax multiple-option { true | false } no multiple -option Context config>filter>ip-filter>entry > match .
Page 380 7750 SR OS R out er Configuration Guide Default no src-ip — no source IP match criterion Parameters ip-addr ess — The IP prefix for the IP match criterion in dotted decimal notation. Va l u e s 0.0.0.0 — 255.255.255.255 mask — The subnet mask length express ed as a decimal integer .
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 381 Parameters lt | gt | eq — Specifies the operator to use relative to sr c-port-number for specifying the port number match criteria. lt specifies all port numbers less th an sr c-port-number match.
Page 382 7750 SR OS R out er Configuration Guide Default No match criterion for the SYN bit Description no tcp-syn Use the no form of this command to remove this as a criterion from the match entry . Default none Parameters true — Specifies matching on IP packets that have th e SYN bit set in the control bits of the TCP header .
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 383 MAC Filter Match Criteria dot1p Synt ax dot1p p-value [ mask ] no dot1p Context config>filter>mac-filter>entry Description Configur es an IEEE 802.1p value or r ange to be used as a MAC filter match criterion.
Page 384 7750 SR OS R out er Configuration Guide Description Configures an Ethernet 8 02.2 LLC DSAP valu e or range for a MAC filter match criterion. This is a one-byte field that is part of the 802 .
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 385 This 48-bit mask can b e configured using the following fo rmats: T o configure so that all packets with a sour ce MAC OUI value of 00-.
Page 386 7750 SR OS R out er Configuration Guide The no form of the command removes the criterion from the match criteria. Default none Parameters zero — Specifies to match packets wi th the three-byte OUI field in the SNAP-ID set to zero. non-zer o — Specifies to match packets with the three-byte OUI field in the SNAP-ID not set to zero.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 387 ieee-addr ess-mask — This 48-bit mask can b e configured using: T o configure so that all packets with a sour ce MAC OUI value of 00-.
Page 388 7750 SR OS R out er Configuration Guide Policy and Entry Maintenance Commands copy Synt ax copy { ip-filter | ipv6-f ilter | mac-filter } source-filter -id dest-filter-id dest-filter-id [ overwrite ] Context config>filter Description Copies existing filter list entries for a specific filter ID to another filter ID.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 389 Parameters old-entry-id — Enter the entry number of an existing entry . Va l u e s 1 — 65535 new-entry-id — Enter the new entry-numb er to be assigned to the old entry .
Page 390 7750 SR OS R out er Configuration Guide Redirect Policy Commands destination Synt ax [ no ] destination ip-address Context config>filter>redirect-policy Description This command defines a cache server destination in a redirect policy . More than one destination can be configured.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 391 hold-down seconds — The amount of time, in seconds, that the system should be held dow n if any of the test has marked it unreachable.
Page 392 7750 SR OS R out er Configuration Guide Description Redirect policies can contain multiple destinations. Each destination is assi gned an initial or base priority which describes its relative importance within the policy . If more than one destination is specified, the destination with the highest effective prio rity value is selected.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 393 within the specified range, the priority can be disabled, lowered or raised. Default none Parameters r eturn-value — Specifies the SNMP valu e against which the test result is matched.
Page 394 7750 SR OS R out er Configuration Guide Parameters r eturn- code-1, r eturn-code-2 — Specifies a range of return codes. When the URL test return-code falls within the specifi ed rang e, the corresponding action is performed.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 395 Show Commands anti-spoof Synt ax anti-spoof [ sap-id ] Context show>filter Description Displays anti-spoofing filter information. Parameters sap-id — When the sap-id is specified, it specifies th e physical port identifi er portion of the SAP definition.
Show Command s Page 396 7750 SR OS R out er Configuration Guide Va l u e s null [port-id | bundle-id | lag-id | aps-id] dot1q [port-id | bundle-id | lag-id | aps-id]:qtag1 qinq [port-id | bundle-id | lag-id]:qtag1.qtag2 atm [port-id | aps-id][:vp i/vci|vpi|vpi1.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 397 The values depends on the encapsulation type co nfigured for the interf ace. The following table describes the allowed values for the port and encapsulation types.. Output Anti-spoofing Output — The following table describes the output for the command.
Show Command s Page 398 7750 SR OS R out er Configuration Guide download-failed Synt ax download-failed Context show>filter Description This command shows all filter entries for which the download has fail ed. Output download-failed Output — The following table describes the filter download-failed output.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 399 Output Show Filter (no filter-id specified) — The following table describes th e command output for the command when no filter ID is specified.
Show Command s Page 400 7750 SR OS R out er Configuration Guide Def. Action Forward — The default action for the filter ID for packets that do not match the filter entries is to forward. Drop — The default action for the filter ID for packets that do not match the filter entries is to drop.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 401 Sample Output A:ALA-49>config>filter# show filter ip 3 =============================================================================== IP Filter =============================================================================== Filter Id : 3 Applied : Yes Scope : Template Def.
Show Command s Page 402 7750 SR OS R out er Configuration Guide Output Show Filter (with time-range spec ified) — If a time-range is specified for a filter entry , it is displayed.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 403 Applied No — The filter policy ID has not been applied. Yes — The filter policy ID is applied. Def. Action Forward — The default action for the filter ID for packets t hat do not match the f ilter entr ies is to for ward.
Show Command s Page 404 7750 SR OS R out er Configuration Guide Sample Output A:ALA-49# show filter ip 1 associations =============================================================================== IP.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 405 Filter Id : 1 Applied : Yes Scope : Template Def. Action : Drop Entries : 1 -----------------------------------------------------------.
Show Command s Page 406 7750 SR OS R out er Configuration Guide Sample Output A:ALA-49# show filter ip 3 counters =============================================================================== IP Filter : 100 =============================================================================== Filter Id : 3 Applied : Yes Scope : Template Def.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 407 entry entry-id — Displays information on the specified IPv6 filter entry ID for the specified filter ID. Va l u e s 1 — 9999 associations — Appends information as to where the IPv6 filter policy ID is applied to the detailed filter policy ID out put.
Show Command s Page 408 7750 SR OS R out er Configuration Guide Applied No — The filter policy ID has not been applied. Yes — The filter policy ID is applied. Def. Action Forward — The default action for the filter ID for packets that do not match the filter entries is to forward.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 409 Sample Output A:ALA-48# show filter ipv6 100 =============================================================================== Match action Default — The filter does not have an explicit forward or drop match action specified.
Show Command s Page 410 7750 SR OS R out er Configuration Guide IPv6 Filter =============================================================================== Filter Id : 100 Applied : Yes Scope : Template Def.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 411 Entry The filter ID filt er entry ID. If the filter entr y ID indicates th e entry is (Inactive) , then the filter entry is inco mplete as no action has been specified. Log Id The filter log ID.
Show Command s Page 412 7750 SR OS R out er Configuration Guide Sample Output A:ALA-48# show filter ipv6 1 associations =============================================================================== IPv6 Filter =============================================================================== Filter Id : 1 Applied : Yes Scope : Template Def.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 413 A:ALA-48# Output Show Filter Counters — The following table describes th e output fields when the counters keyword is specified.
Show Command s Page 414 7750 SR OS R out er Configuration Guide log Syntax log log-id [ match string ] [ bindings ] Context show>filter Description Displays the contents of a memory-b ased or a file-based filter log.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 415 If the packet being logged does not have a source or destination MAC addre ss (i.e. , POS) then the MAC information output line is omitt ed from th e log entry .
Show Command s Page 416 7750 SR OS R out er Configuration Guide Sample Filter Log Output 2005/11/24 16:23:09 Filter: 100:100 Desc: Entry-100 Interface: to-ser1 Action: Forward Src MAC: 04-5b-01-01-00-02 Dst MAC: 04-5d-01-01-00-02 EtherType: 0800 Src IP: 10.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 417 Mac 8 06-06-06-06-06-06 Mac 8 06-06-06-06-06-05 Mac 8 06-06-06-06-06-04 Mac 8 06-06-06-06-06-03 Mac 8 06-06-06-06-06-02 Ip 16 6.6.6.1 Ip 16 6.6.6.2 Ip 16 6.6.6.3 Ip 16 6.6.6.4 Ip 8 6.6.6.
Show Command s Page 418 7750 SR OS R out er Configuration Guide Sample Output =============================================================================== Mac Filters ==============================.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 419 Sample Det ailed Output =============================================================================== Mac Filter : 200 =============================================================================== Filter Id : 200 Applied : No Scope : Exclusive D.
Show Command s Page 420 7750 SR OS R out er Configuration Guide DSAP : Undefined SSAP : Undefined Snap-pid : Undefined ESnap-oui-zero : Undefined Match action: Forward Ing.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 421 Filter Entry Counters Ou tput — When the counters keyword is specified, the filter entry output displays the filter matches/hit info rmation. The following table describes the command output for the command.
Show Command s Page 422 7750 SR OS R out er Configuration Guide Entry : 200 FrameType : 802.2SNAP Ing. Matches: 0 Egr. Matches : 0 Entry : 300 (Inactive) FrameType : Ethernet Ing.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 423 Sample Output A:ALA-A>config>filter# show filter redirect-policy ================================================================.
Show Command s Page 424 7750 SR OS R out er Configuration Guide Destination : 10.10.10.105 ------------------------------------------------------------------------------- Description : another test Ad.
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 425 Clear Commands ip Synt ax ip ip-filter-id [ entry entry-id ] [ ingress | egress ] Context clear>filter Description Clears the counters associated with the IP fi lt er policy . By default, all counters associated with the filter policy entries are reset.
Clear Commands Page 426 7750 SR OS R out er Configuration Guide log Syntax log log-id Context cle ar Description Clears the contents of a memory or file based filter log. This command has no effect on a syslog based filter log. Parameters log-id — The filter log ID destination expressed as a decimal integer .
Filter Policies 7750 SR OS R outer Conf iguration Guide Page 427 Monitor Commands filter Synt ax filter ip ip-filter -id ent ry en try-id [ interval seconds ] [ repeat repeat ] [ absolute | rate ] Context monitor Description This command monitors the counters as sociated with the IP filter policy .
Monitor Commands Page 428 7750 SR OS R out er Configuration Guide Default 5 seconds Va l u e s 3 — 60 rep ea t re pe a t — Co nfigures how many times the command is repeated. Default 10 Va l u e s 1 — 999 absolute — When the absolute keyword is specified, the raw stat istics are displayed, without pro- cessing.
7750 SR OS R outer Conf iguration Guide P age 429 Cflo wd In This Chapter This chapter provides inform ation to configure Cflowd. T opics in this chapter include: • Cflowd Overview on page 430 → O.
Cflowd Overview Page 430 7750 SR OS Rout er Configur a tion Guide Cflowd Overview Cflowd is a tool used to sample IP traff ic data flows through a router .
Cflowd 7750 SR OS R outer Conf iguration Guide Page 431 Operation Figure 29 depicts the basic operat ion of the cflowd fe ature. This sample flow is only used to describe the basic steps that are performed. It is not intended to specify implementation.
Cflowd Overview Page 432 7750 SR OS Rout er Configur a tion Guide When a flow is exported from the cache, the collect ed data is sent to an external collector which maintains an accumulation of historical data flows that network operators can use to a nalyze traf fic patterns.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 433 Figure 30 depicts V5 and V8 flow processing. Figure 30: V5 and V8 Flow Proces sing 1. As flows are exported from the active flow cache , the export format must be determined, either V5 or V8.
Cflowd Configurati on Process Overview Page 434 7750 SR OS Rout er Configur a tion Guide Cflowd Configuration Process Overview Figure 31 displays the process to co nfigure Cflowd parameters.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 435 Cflowd Configuration Component s Figure 32 displays the major co mponents to configur e Cflowd parameters. Figure 32: Cflo wd Configurat ion Comp onent s • Active timeout — Specifies the time, in minu tes, before an active flow is removed from the active cache.
Cflowd Configur ation Components Page 436 7750 SR OS Rout er Configur a tion Guide Figure 33 displays the co mponents to specify router inte rface cflowd parameters. Figure 33: Router Interface Cflowd Configuration Component s • Interface — A specific logical IP routing in terface in which cflowd parameters can be configured.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 437 Configuration Notes This section describes cflowd caveats. • Cflowd is enabled globally . • At least one collector must be configured and enabled. • A cflowd option must be specified and enabled on a router interface.
Configuration Notes Page 438 7750 SR OS Rout er Configur a tion Guide Reference Sources For information on supported IETF drafts and sta ndards, as well as standard and proprietary MIBS, refer to Standard s an d Proto col Support on page 715 .
Cflowd 7750 SR OS R outer Conf iguration Guide Page 439 Configuring Cflowd with CLI This section provides informa tion to configure cflowd usi ng the command line interface.
Page 440 7750 SR OS Rout er Configur a tion Guide Cflowd Configuration Overview The 7750 SR OS implementation of cflowd suppor ts the option to analyze traf fic flow . The imple - mentation also supports the use of traffic/access l ist (ACL) filters to limit the type of traffic that i s analyzed.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 441 W ithin the active flow cache, the following charac teristics are used to identify an individual flow: • Ingress interface • Source IP addre.
Page 442 7750 SR OS Rout er Configur a tion Guide • Source-destin ation prefix — Flows are aggr egated based on source prefix and mask, destination prefix and mask, source and de stination AS, ingress interface and egress interface.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 443 Cflowd CLI Command S tructure The 7750 SR OS cflowd command structure is displayed in Figure 35 . Cflowd configuration commands are located under the config>cflowd context and the show commands are under show>cflowd.
Page 444 7750 SR OS Rout er Configur a tion Guide List of Commands Ta b l e 2 0 lists all the cflowd configuration commands indicating the configuration level at which each command is implemented with a short comm and description.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 445 protocol-port Specifies that flows be aggregated based on the IP protocol, source port number, and destination port number. 467 raw Configures raw flow data to be sent in versio n 5. 467 source-destination- prefix Configures cflowd aggre gation based on source and destination prefixes.
Page 446 7750 SR OS Rout er Configur a tion Guide Basic Cflowd Configuration This section provides informatio n to configure cflowd and configura tion examples of common configuration tasks. In order to sample traffic, the minimal cflowd parameters that need to be configured are: • Cflowd must be enabled.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 447 Common Configuration T asks This section provides a brief overvi ew of the tasks that must be performed to configure cflowd and provides the CLI commands. In orde r to begin tra ffic flow sampling, cflowd must be enabled and at least one collector must be configured.
Page 448 7750 SR OS Rout er Configur a tion Guide Configuring Cflowd Use the CLI syntax displayed belo w to perform the following tasks: • Enabling Cflowd on page 449 • Configuring Global Cflowd P.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 449 Enabling Cflowd Cflowd is disabled by defa ult. You must enter the no shutdown command to administratively enable traffic sampling.
Page 450 7750 SR OS Rout er Configur a tion Guide Configuring Global Cflowd Parameters The following cflowd parameters apply to all instances where cflowd (traffic sampling) is enabled.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 451 Configuring Cflowd Collectors To configure cflowd collector parame ters, enter the fo llowing commands: CLI Syntax: config>cflowd# collector .
Page 452 7750 SR OS Rout er Configur a tion Guide The following example displa ys the basic cflowd configuration: ALA-1>config>cflowd# info ----------------------------------------- active-timeout 20 inactive-timeout 10 overflow 10 rate 100 collector 10.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 453 Enabling Cflowd on Interfaces and Filters This section discusses the following cf low d configuration management tasks: • Dependencies on page.
Page 454 7750 SR OS Rout er Configur a tion Guide Table 21: Cflowd Conf iguration Dependen cies Interface Setting router>interface cflowd [ acl | interface ] Setting Command ip-filter entry Expected Result s IP-filter mode ACL filter-sampled Traffic matching is sampled at specified rate.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 455 S pecifying Cflowd Options on an IP Interface When cflowd is enabled on an interface, all p ackets forwarded by the interface are subject to analysis according to the global cflowd config uration and sorted according to the collector configuration(s).
Page 456 7750 SR OS Rout er Configur a tion Guide Service Interfaces CLI Syntax: config>service>vpls service-id # interface ip-int-name cflowd {acl|interface} When enabled on a service interface, cflowd collect s routed traffic flow samples through a router for analysis.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 457 S pecifying Sampling Options in Filter Entries Packets are matched against filter entries to dete rmine acceptability. With cflowd, only the first packet of a flow is compared. If the first packet ma tches the filter criteria, then an entry is added to the cflowd cache.
Page 458 7750 SR OS Rout er Configur a tion Guide Cflowd Configuration Management T asks This section discusses the following cf low d configuration management tasks: • Modifying Global Cflowd Components on page 459 • Modifying Cflowd Collector Parameters on p age 460 Use the following CLI syntax to modify cflowd parameters.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 459 Modifying Global Cflowd Component s Cflowd parameter modifications apply to all instan ces where cflowd or tra ffic sampling is enabled.
Page 460 7750 SR OS Rout er Configur a tion Guide Modifying Cflowd Collector Parameters Use the following commands to modify cflowd collector and aggregation parameters: CLI Syntax: config>cflowd# .
Cflowd 7750 SR OS R outer Conf iguration Guide Page 461 The following example displa ys the basic cflowd modifications: ALA-1>config>cflowd# info ----------------------------------------- active-timeout 60 overflow 2 rate 10 collector 10.10.10.1:2000 description "AS info collector" exit collector 10.
Page 462 7750 SR OS Rout er Configur a tion Guide.
Cflowd 7750 SR OS R outer Conf igur ation Guide Page 463 Cflowd Command Reference Command Hierarchies Configuration Commands config — [ no ] cflowd — active-timeout minutes —n o active-timeout .
Cflowd Command Reference Page 464 7750 SR OS R o ut er Configuration Guide.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 465 Cflowd Configuration Commands Global Commands cflowd Synt ax [ no ] cflowd Context config>cflowd Description This command creates the context to configure cflowd.
Cflowd Configuration Commands Page 466 7750 SR OS R out er Configuration Guide cache-size Synt ax cache-size num-e ntries no cache-size Context conf ig>cflo wd Description This command specifies th e maximum number of acti ve flows to maintain in the flow cache table.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 467 as-matrix Synt ax [ no ] as-matrix Context config>cflowd>collector>agg regation Description This command specifies that the aggregation data should be based on autonomous system (AS) information.
Cflowd Configuration Commands Page 468 7750 SR OS R out er Configuration Guide source-destination-prefix Synt ax [ no ] source-d estination-pref ix Context config>cflo wd>collector>aggrega tion Description This command configures cflo wd aggregation based on source and destination prefixes.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 469 Default No description is associated with the configuration context. Parameters description-string — The description character string. Allo wed values are any string up to 80 charac- ters long composed of printable, 7-bit ASCII char acters.
Cflowd Configuration Commands Page 470 7750 SR OS R out er Configuration Guide overflow Synt ax overflow percent no overflow Context conf ig>cflo wd Description This command specifies the per centage of the flow cache entr ies removed when the maximum number of entries is exceeded.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 471 Show Commands collector Syntax co llector [ ip-addr [ : po rt ]] [ det ail ] Context show>cflowd Description This command displays administra tive and operational status of data collector configuration.
Show Command s Page 472 7750 SR OS R o ut er Configuration Guide Sample Output ALA-1# show cflowd collector 10.10.10.103:5 ========================================================================= Cfl.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 473 ALA-1# show cflowd collector 10.10.10.103:5 detail =============================================================== Cflowd Collectors =============================================================== Address : 10.
Show Command s Page 474 7750 SR OS R o ut er Configuration Guide Output cflowd Interface Ou tput — The following table describes th e show cflowd interface output fields.
Cflowd 7750 SR OS R outer Conf iguration Guide Page 475 Sample Output ALA-1>show>cflowd# status ==================================================== Cflowd Status ===============================.
Clear Commands Page 476 7750 SR OS R o ut er Configuration Guide Clear Commands cflowd Syntax cflowd Context clear Description Clears the active and aggregation flow caches which are sending flow data to the configured collec- tors. This action will trigger all the flows to be exported to the collector(s).
Standar ds and Protocols Page 715 Standar ds and Pr otocol Suppor t St andards Compliance IEEE 802.1d Bridging IEEE 802.1p/Q VLAN T a gging IEEE 802.1s Multiple Spanning T ree IEEE 802.1w Rapid Spanning T ree Protocol IEEE 802.1x Port Based Network Access Control IEEE 802.
S tandards and Protocols Page 716 Standard s and Pr otocols RFC 4644 T ransmission of IPv6 Packets over Ethernet Networks RFC 2529 T ransmission of IPv6 over IPv4 Domains wit hout Explicit T unnels RF.
S tandards and Protocols Standar ds and Protocols Page 717 VPLS draft-ietf-l2vpn-vpls-ldp-08.txtVirtual Private LAN Services Usi ng LDP PSEUDO-WIRE RFC 3985 Pseudo Wire Emulation Edge-to-Edge (PWE3) R.
S tandards and Protocols Page 718 Standard s and Pr otocols TIMETRA-VRTR-MIB.mib.
7750 SR OS R outer Conf igur ation Guide Page 481 Inde x C Cflowd overview 430 collectors 430 filter matching 432 operation 431 V5 and V8 flow processing 43 3 configuring basic 446 collectors 441 , 45.
Index Page 482 7750 SR OS R out er Configuration Guide V VRRP overview 170 components 171 IP address owner 171 IP addresses 17 2 owner and non-owner 173 virtual router 171 virtual router backup 173 vi.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il Alcatel-Lucent 7750 SR OS è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del Alcatel-Lucent 7750 SR OS - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso Alcatel-Lucent 7750 SR OS imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul Alcatel-Lucent 7750 SR OS ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il Alcatel-Lucent 7750 SR OS, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del Alcatel-Lucent 7750 SR OS.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il Alcatel-Lucent 7750 SR OS. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo Alcatel-Lucent 7750 SR OS insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.