Foundry Networks AR3201-CL manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones Foundry Networks AR3201-CL. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica Foundry Networks AR3201-CL o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual Foundry Networks AR3201-CL se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales Foundry Networks AR3201-CL, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones Foundry Networks AR3201-CL debe contener:
- información acerca de las especificaciones técnicas del dispositivo Foundry Networks AR3201-CL
- nombre de fabricante y año de fabricación del dispositivo Foundry Networks AR3201-CL
- condiciones de uso, configuración y mantenimiento del dispositivo Foundry Networks AR3201-CL
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de Foundry Networks AR3201-CL no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de Foundry Networks AR3201-CL y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico Foundry Networks en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de Foundry Networks AR3201-CL, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo Foundry Networks AR3201-CL, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual Foundry Networks AR3201-CL. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    June 20 04 © 2004 F oundry N etworks, In c. Foundry AR-Series Router User Guide For AR12 02, AR1204, A R1208, AR1216 , AR3201-CH/ CL, and AR3 202-CH/CL Ro uters 2100 Gol d S treet P .O. Box 649100 San Jose, CA 95164-910 0 T el 408.5 86.170 0 Fax 408.5 86.1900 June 200 4[...]

  • Página 2

    Copyri ght © 2004 F oundry N etworks, In c. All righ ts res erved. No p art of this work m ay be rep roduced i n any form or by any means – graphic, elect ronic or m echanic al, inclu ding photoco pying, re cording, t aping o r storage i n an info rmation ret rieval sy stem – wi thout pr ior written p ermissio n of the copyrig ht owne r . The [...]

  • Página 3

    June 20 04 © 2004 F oundry N etworks, In c. iii Content s C HAPTER 1 G ETTING S TAR TED ...... .... ..... ....... ..... ..... ....... ..... ..... ....... ..... ..... ....... ..... .... .... 1-1 I NTRODUCTION ............. .................... ............. ............. ................... ............. ............. ................... ... ......[...]

  • Página 4

    Foundry AR-Se ries Rou ter User Gu ide iv © 2004 F oundry N etworks, In c. June 2004 CONFIGURE POLICY ....... ............. ............. .................... ............. ............ ............. .................... ............. .. ....... 3- 1 CONFIGURE POLICY AS _ PATH ..... ............. .................... ............. ............ ...[...]

  • Página 5

    Content s June 20 04 © 2004 F oundry N etworks, In c. v C HAPTER 7 BGP4 C ONFI GURE C OM MANDS . ..... ..... ....... ..... .... ........ .... ..... ....... ..... ..... ...... 7- 1 CONFIGURE ROUTER BGP ........................ .................... ............. ............ .................... ............. ............. ......... 7- 1 CONFIGURE R[...]

  • Página 6

    Foundry AR-Se ries Rou ter User Gu ide vi © 2004 F oundry N etworks, In c. June 2004 SHOW IP BGP REGEXP ................ ............. ............. .................... ............ ............. .................... ............. ...... .8- 10 SHOW IP BGP SUMMA RY .................... ............. ................... ............. .............[...]

  • Página 7

    Content s June 20 04 © 2004 F oundry N etworks, In c. vii CONFIGURE ROUTER OSPF RE DISTRIBUTE CONNECTED .............. ............ .................... ............. ............. ....... 9-3 7 CONFIGURE ROUTER OSPF RE DISTRIBUTE RIP .............. ............. ................... ............. ............. ................... . 9-38 CONFIGURE [...]

  • Página 8

    Foundry AR-Se ries Rou ter User Gu ide viii © 2004 F oundry N etworks, In c. June 2004 CONFIGURE ROUTER RIP INTERF AC E NEIGHBOR ............ ............. ................... ............. ............. .................. 11-1 0 CONFIGURE ROUTER RIP INTERF AC E PASSIV E ........ .................... ................................ ..............[...]

  • Página 9

    Content s June 20 04 © 2004 F oundry Netw orks, In c. ix G ENER IC R OUTING E NCAP SULATION (GRE) ................ ................... ............. ............. ................... ............. . 14- 7 C HAPTER 15 S ECURITY F EATU RES .. ....... ..... .... ..... ....... ..... ..... ....... ..... ..... ....... ..... ..... .... .. 15-1 I NTRODUCT[...]

  • Página 10

    June 20 04 © 2004 F oundry N etworks, In c. 1 - 1 Chap ter 1 Getting St arted Introduction This gu ide desc ribes how to conf igure the Ac cessIron routers in typical scenari os using in formation presented in the con figurati ons and u ser guide s. Audience This ma nual is d esigned f or system adminis trators with a working knowledg e of Layer 2[...]

  • Página 11

    Foundry AR-Se ries Rou ter User Gu ide 1 - 2 © 20 04 Foundry Networks , Inc. June 2004 Related P ublic ations The f ollowing Fo undry N etworks doc ument s suppl ement the informati on in this guide. • Relea se Notes Printed re lease not es provid e the late st informa tion. If rel ease note s are prov ided with y our produc t, follow th e instr[...]

  • Página 12

    Getting S tarted June 20 04 © 2004 F oundry N etworks, In c. 1 - 3 PPP , P AP , Multil ink PPP , Frame Relay , Multilink Fra me Relay , (FRF .15, FRF .16.1) BCP , HDLC Layer 2 Feature s 802.1Q VL AN taggi ng and forwa rding ove r WLAN Vi rtual LAN D omain (VLD) V LAN Double T agging T ransp arent Bri dging Jumbo F rames (4072 byte s) IP Multip lex[...]

  • Página 13

    Foundry AR-Se ries Rou ter User Gu ide 1 - 4 © 20 04 Foundry Networks , Inc. June 2004 ACLs DHCP TFTP PA P RADIUS T ACACS+ SSH v2 GRE T unneling IPSec VPN with i ntegrated IKE Site-to-sit e VPN Site-to-rem ote VPN MD5 & SHA-1 au thenticati on Hardware acc el erat ed enc ryp tio n 3DES (168 bi t), DES (56 bit), AES (256 bit ) encry pti on VPN o[...]

  • Página 14

    Getting S tarted June 20 04 © 2004 F oundry N etworks, In c. 1 - 5 How to Ge t Help Foundry Networks technic al suppor t will ensu re that the fast and easy acc ess tha t you hav e come to ex pect from your Fou ndry Net works pr oduct s will b e maint ained. W eb Access • http://www .foundrynetworks. com Email Access T echnical re quests can als[...]

  • Página 15

    Foundry AR-Se ries Rou ter User Gu ide 1 - 6 © 20 04 Foundry Networks , Inc. June 2004[...]

  • Página 16

    June 20 04 © 2004 F oundry N etworks, In c. 2 - 1 Chap ter 2 Command Li ne Interface This ch apter intro duces th e Command Li ne Inter face (CLI) hi erarchy an d the con ventions us ed to des cribe it. It also in troduces the CLI n avigatio n keys and methods, as wel l as the a vailable help sc reens. Comma nd T ypes This gu ide cont ains two typ[...]

  • Página 17

    Foundry AR-Se ries Rou ter User Gu ide 2 - 2 © 20 04 Foundry Networks , Inc. June 2004 NOTE: Command strings that req uire ident ification of a spec ific inte rface are c ontext-s ensitive. Command Co nventions Each co mmand is brief ly descri bed and t hen follow ed by th e complete synt ax, whic h is essen tially a map of the comma nd that sh ow[...]

  • Página 18

    Command Line Inte rface June 20 04 © 2004 F oundry N etworks, In c. 2 - 3 Abbreviated Commands Y ou may ent er commands by typi ng the firs t few charac ters of ea ch word in a comma nd string. The Found ry system recogni zes the u nique abb reviated e ntry and e xecutes the comm and exa ctly as i f you had entered it fully . For exam ple, to v ie[...]

  • Página 19

    Foundry AR-Se ries Rou ter User Gu ide 2 - 4 © 20 04 Foundry Networks , Inc. June 2004 CLI Navigation The Ta b , Esc , and Ctrl keybo ard keys may be used to: • Move b ackwards or fo rwards in the CLI • Edit e ntered comm and st rings • Or ac cel erat e the c omm a nd en try p roces s Navigation Keys Y ou may us e the Ta b key t o quickl y e[...]

  • Página 20

    Command Line Inte rface June 20 04 © 2004 F oundry N etworks, In c. 2 - 5 Figure 2.2 Help Screen Tr e e Y ou may vi ew a tree that shows all CLI co mmands , or a tree th at shows o nly the c ommands associate d with t he current co mm an d mo de (or th e rout ing mode for ex am pl e). Fig ure 2.3 sh ow s two com mand tree ex am ple s. If y ou type[...]

  • Página 21

    Foundry AR-Se ries Rou ter User Gu ide 2 - 6 © 20 04 Foundry Networks , Inc. June 2004 Figure 2.4 ? Help Screen NOTE: The defa ult para meters fo r specifi c command s appear i n paren thesi s. Global Commands All show , ping , an d save com mands are a vailable from any level of the CLI. F or example, the global show comma nds allo w the user to [...]

  • Página 22

    Command Line Inte rface June 20 04 © 2004 F oundry N etworks, In c. 2 - 7 Figur e 2.5 Global show Command NOTE: The CLI commands show a nd display can be us ed interc hangeabl y . NOTE: The t ab compl etion feat ure is not current ly avail able for gl obal com mands. # show configuration : Select type of 'configuration' ( Hit Ta b ) # di[...]

  • Página 23

    Foundry AR-Se ries Rou ter User Gu ide 2 - 8 © 20 04 Foundry Networks , Inc. June 2004[...]

  • Página 24

    June 20 04 © 2004 F oundry N etworks, In c. 3 - 1 Chap ter 3 Policy Commands This ch apter pr ovides info rmatio n about rou ting poli cy comm ands tha t are supp orted by Fo undry . configure poli cy This co mmand p rovides a ccess to the nex t-level com mands. related commands: configu re poli cy as_p ath confi gure polic y comm uni ty_li st con[...]

  • Página 25

    Foundry AR-Se ries Rou ter User Gu ide 3 - 2 © 20 04 Foundry Networks , Inc. June 2004 configure policy as_p ath This co mmand c onfigures the auton omous s ystem pa th filt er for BGP . AS path ac ce ss li st s are used for ma tch ing th e AS p ath attribute i n a BGP route. An AS p ath acc es s list s uc ce eds if any “p ermit” line in the l[...]

  • Página 26

    Pol icy Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 3 - 3 configure policy community_l ist This co mmand a ccesse s next-le vel comman ds for adding ex tended or standa rd comm unity lis ts. Communi ty list s are used for m atchin g the “com muni ty” attrib ute in a BGP rou te. A comm unity list su cceed s if any “permit” l ine [...]

  • Página 27

    Foundry AR-Se ries Rou ter User Gu ide 3 - 4 © 20 04 Foundry Networks , Inc. June 2004 configure policy community_lis t extended_community This co mmand c onfigu res an ex tended co mmunity list as part of the pol icy . Parameter Description synt ax: [ no ] policy community _list ext ended_ commun ity comm unity_l ist < n > c ommunit y_index[...]

  • Página 28

    Pol icy Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 3 - 5 configure policy community_lis t st andard_community This co mmand c onfigures a sta ndard com munity l ist as p art of th e routing p olicy . Parameter Description synt ax: [ no ] policy community _list st anda rd_communi ty comm unity_li st < n > c ommunity _index < n [...]

  • Página 29

    Foundry AR-Se ries Rou ter User Gu ide 3 - 6 © 20 04 Foundry Networks , Inc. June 2004 configure policy ip_access _list This co mmand c onfigures the IP acc ess list fo r routes. Ip acce ss list s are used for ma tchin g any typ e of route p refix. An IP access list is sai d to succ eed if an y “permit” line in the list m atches, or fail s, if[...]

  • Página 30

    Pol icy Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 3 - 7 example : Foundry- AR1208/c onfigur e# policy i p_access_ list 1 1 per mit netwo rk 10.0.0.0 n etmask 0.255.255 .255 mask 255.0.0. 0 mask mask 0.255 .255.255 This ex ample rest ricts th e prefi xes to 10.0.0 .0/8 only . applicable sys tems: All mode ls.[...]

  • Página 31

    Foundry AR-Se ries Rou ter User Gu ide 3 - 8 © 20 04 Foundry Networks , Inc. June 2004 configure poli cy route_m ap This co mmand c onfigures the polic y for route r route maps. Route maps are used f or general-p urpose m atching of rou tes and s etting of route at tributes. Ea ch route_ map is compri sed of one or mor e route_ma p clause s, of th[...]

  • Página 32

    Pol icy Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 3 - 9 related commands: applicable sys tems: All mode ls. configu re poli cy route_ map com mit configu re poli cy route_ map matc h configu re poli cy route_ map set[...]

  • Página 33

    Foundry AR-Se ries Rou ter User Gu ide 3 - 10 © 2004 F oundry N etworks, In c. June 2004 configure poli cy route_ma p match This co mmand a ccesses n ext-level comman ds for co nfiguring the polic y for matc hing p arameters of the rout es. related commands: confi gure pol icy r ou te _map ma tch as_pat h configu re poli cy route_ map match c ommu[...]

  • Página 34

    Pol icy Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 3 - 1 1 configure policy route_map match as_p ath This co mmand m atches a ny of the specifie d BGP AS p ath acce ss list s. Parameter Description synt ax: [ no ] policy match as _path path_l ist < n > example : Foundry- AR1208/c onf igu re#/pol ic y/ro ute _m ap Bloc k1 00 1 # m[...]

  • Página 35

    Foundry AR-Se ries Rou ter User Gu ide 3 - 12 © 2004 F oundry N etworks, In c. June 2004 configure poli cy route_ma p match comm unity This co mmand m atches a ny of the speci fied BGP com munity l ist s. synt ax: [ no ] policy match co mmunity example : Foundry- AR1208/c onfigure/p olicy/rou te_map Bl ock100 1 # mat c h co mmu nity related comman[...]

  • Página 36

    Pol icy Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 3 - 13 configure poli cy route_ma p match ip ip_address This co mmand d istributes routes m atching the prefix against a ny of the specifie d IP acces s list s. Parameter Description synt ax: [ no ] match ip ip_addre ss ip_list < n > example : Foundry- AR1208/c onfigure/p olicy/r[...]

  • Página 37

    Foundry AR-Se ries Rou ter User Gu ide 3 - 14 © 2004 F oundry N etworks, In c. June 2004 configure policy route_map set This co mmand p rovides a ccess to next-lev el comm ands to set pa rameter s for the ro utes. related commands: confi gure pol icy r ou te _map se t as _path configu re poli cy route_ map set communi ty configu re poli cy route_ [...]

  • Página 38

    Pol icy Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 3 - 15 configure policy route_map set as_p ath This co mmand c onfigures a character s tring for a BGP AS-pa th attribut e. Parameter Description synt ax: [ no ] se t as_p ath [ pr epend < n > ] [ tag < n > ] example : Foundry- AR1208/c onfigure/p olicy/rou te_map Bl ock100[...]

  • Página 39

    Foundry AR-Se ries Rou ter User Gu ide 3 - 16 © 2004 F oundry N etworks, In c. June 2004 configure policy route_map set communit y This co mmand c onfigur es the po licy for com munity attributes . Set the c ommunity a ttribute to the giv en value or list of values. If the addi tive keyw ord is sp ecified, the list of values augment s any commun i[...]

  • Página 40

    Pol icy Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 3 - 17 configure policy route_map set dist ance This co mmand s ets the BG P protocol preferenc e for the p ath attri bute. Parameter Description synt ax: [ no ] set dist ance d istan ce < n > example : Foundry- AR1208/c onfigure/p olicy/rou te_map Bl ock100 1 # set distan ce 20 [...]

  • Página 41

    Foundry AR-Se ries Rou ter User Gu ide 3 - 18 © 2004 F oundry N etworks, In c. June 2004 configure policy route_map set local_pr eference This co mmand c onfigures the BGP lo cal pr eference p ath att ribute. Parameter Description synt ax: [ no ] set loca l_preferen ce local _prefere nce < n > example : Foundry- 1450c onfigure/po licy/rou te[...]

  • Página 42

    Pol icy Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 3 - 19 configure policy route_map set metri c This co mmand c onfigures the metri c value for th e destin ation routi ng proto col. Parameter Description synt ax: [ no ] set metric m etric < n > example : Foundry- AR1208/c onfigure/p olicy/rou te_map Bl ock100 1 # set metric 120 [...]

  • Página 43

    Foundry AR-Se ries Rou ter User Gu ide 3 - 20 © 2004 F oundry N etworks, In c. June 2004 configure policy route_map set metri c_type This co mmand c onfigures the metri c type for a route. Parameter Description synt ax: [ no ] set metric_ type type < internal > example : Foundry- AR1208/c onfigure/p olicy/rou te_map Bl ock100 1 # set me tri [...]

  • Página 44

    Pol icy Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 3 - 21 config ure po licy rou te_m ap se t orig in This co mmand c onfigures the origi n value for th e BGP route. Parameter Description synt ax: [ no ] set origi n origi n < egp | igp | inc omplete > example : Foundry- AR1208/c onfigure/p olicy/rou te_map Bl ock100 1 # set origi[...]

  • Página 45

    Foundry AR-Se ries Rou ter User Gu ide 3 - 22 © 2004 F oundry N etworks, In c. June 2004[...]

  • Página 46

    June 20 04 © 2004 F oundry N etworks, In c. 4 - 1 Chap ter 4 Protocols Overview BGP4 Border Ga teway Pro tocol V ersion 4 (also refer red to as s imply BGP) is a n exterio r routing pro tocol us ed for the global Inte rnet . Once con f ig ured , BG P pe ers fir st e xcha nge comple te copies of the ir routing t ables (includi ng BGP versio n, rout[...]

  • Página 47

    Foundry AR-Se ries Rou ter User Gu ide 4 - 2 © 20 04 Foundry Networks , Inc. June 2004 RFC Compliance The f ollowing t able pro vides Fo undry N etwork’ s BGP RFC complia nce inform ation. OSPF Open Shorte st Path Firs t (OSPF), a l ink-st ate routing pro tocol, is used for rout ing IP p acket s. OSPF of fers th e follow ing adva nta ges: • Sc[...]

  • Página 48

    Protocols Overvi ew June 20 04 © 2004 F oundry N etworks, In c. 4 - 3 RFC Compliance The f ollowing t able pro vides Fo undry N etwork’ s OSPF R FC compli ance info rmatio n. RIP Routin g Informat ion Protocol (R IP) is an interior ga teway p rotocol (IGP), i .e., it routes traf fic within a sin gle autonom ous system (AS). RIP uses a dist ance-[...]

  • Página 49

    Multicasting T raditi onal mul ticast ro uting me chanism s such as Dist ance V ector Multic ast Ro uting Proto col (DVMRP ) and Mu lticast Open Shortest Pa th First (MOSPF) were intended for use with in regions where g roups are densel y popula ted or band wid th is universa ll y p lentif ul. Whe n g r ou p s , an d s en ders to th es e g r oup s,[...]

  • Página 50

    June 20 04 © 2004 F oundry N etworks, In c. 5 - 1 Chap ter 5 BGP4 Clear Commands Use BGP clear command s to c lear bgp c onfigurati on se ttings. clear ip bgp This co mmand p rovide s access to the foll owing ne xt-level comman ds. synt ax: clear ip bgp related commands: example : Foundry- AR1208# c lear ip bgp applicable sys tems: All mode ls. cl[...]

  • Página 51

    Foundry AR-Se ries Rou ter User Gu ide 5 - 2 © 20 04 Foundry Networks , Inc. June 2004 clear ip bgp all This co mmand re move s all BGP neighbor c onnectio ns. synt ax: clear i p bgp al l example : Foundry- AR1208# clear ip bgp al l related commands: applicable sys tems: All mode ls. clear ip bgp group clear ip bgp neig hbor[...]

  • Página 52

    BGP4 Clear Comma nds June 20 04 © 2004 F oundry N etworks, In c. 5 - 3 clear ip bgp group This co mmand re moves a ll conne ctions fo r a BGP grou p. Parameter Description synt ax: clear ip bgp group group_ name < na me > example : Foundry- AR1208# c lear ip bgp gro up north In this example , all BGP conn ections that belon g to neigh bor gr[...]

  • Página 53

    Foundry AR-Se ries Rou ter User Gu ide 5 - 4 © 20 04 Foundry Networks , Inc. June 2004 clear ip bgp neighbor This co mmand re move s a spec ified BGP n eighbor c onnectio n. Parameter Description synt ax: clear i p bgp nei ghbor ip_ address < IP address > re mote_as < n > example : Foundry- AR1208# clear ip bgp neighb or 10.1.1.1 200 r[...]

  • Página 54

    June 20 04 © 2004 F oundry N etworks, In c. 6 - 1 Chap ter 6 Generic Routing Co mmands This ch apter con tains routing comman ds that are not protoc ol spec ific. Thes e command s can be used intercha ngeably with the thre e routing p rotocols supported by Found ry . configure router This co mmand p rovide s access to next -level co mmands . relat[...]

  • Página 55

    Foundry AR-Se ries Rou ter User Gu ide 6 - 2 © 20 04 Foundry Networks , Inc. June 2004 configure router routerid This co mmand c onfigures a route r for routing operation . synt ax: [ no ] rou ter router id < IP ad dress # example : Foundry- AR1208/c onfigur e# router router id 10.10.1 0.10 applicable sys tems: All mode ls.[...]

  • Página 56

    Gener ic Ro utin g Comm ands June 20 04 © 2004 F oundry N etworks, In c. 6 - 3 show ip routes This co mmand d isplays IP ro uting info rmatio n for Etherne t ports . Parameter Description synt ax: show ip routes [ network < IP address > ] [ m ask < ne tmask > ] [ proto col < al l | bgp | co nnected | osp f | rip | sta tic > ] [ d[...]

  • Página 57

    Foundry AR-Se ries Rou ter User Gu ide 6 - 4 © 20 04 Foundry Networks , Inc. June 2004 example : T o display a ll routes , issue th e show ip routes comm and. example : T o display t he route for a spe cific net work and su bnet, iss ue the sho w ip routes netw ork 123 .1.2.0 mask 255.255 .255.0 c ommand. example : T o display t he connec ted ip r[...]

  • Página 58

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry N etworks, In c. 7 - 1 Chap ter 7 BGP4 Configure Commands Use BGP c onfigure c ommands to c onfigure al l BGP4 par ameters. configure router bgp This co mmand c onfigures BGP routin g protocol on a route r and p rovides a ccess to th e next -level comm ands listed bel ow . Parameter Description[...]

  • Página 59

    Foundry AR-Se ries Rou ter User Gu ide 7 - 2 © 20 04 Foundry Networks , Inc. June 2004 configure router bgp aggregate_address This co mmand i s used to aggregate routes. Parameter Description synt ax: [ no ] aggregate _address net work < IP addre ss > mask < subnet mask > [ genera te_as_se t < as_set > ] [ generate_ summ ary_on l[...]

  • Página 60

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry N etworks, In c. 7 - 3 applicable sys tems: All mode ls. configu re route r bgp defau lt_metric configu re route r bgp group configu re route r bgp neig hbor configu re router bgp redist ribute[...]

  • Página 61

    Foundry AR-Se ries Rou ter User Gu ide 7 - 4 © 20 04 Foundry Networks , Inc. June 2004 configure router bgp always_comp are_med This c om ma nd con fig ures a rou t er to a ll ow th e c om p a r is on of t he mu lti- exit d is cri mi nato r fo r p a t hs fro m neighb ors in dif feren t autonom ous system s. Norma lly , MED c ompa rison is done on [...]

  • Página 62

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry N etworks, In c. 7 - 5 configure router bgp default_metric This co mmand c onfigur es the de fault met ric value for redistr ibuted BGP routes . This co mmand fo rces the routing pro tocol to use the same me tric value f or all re distribut ed routes. Parameter Description synt ax: [ no ] defau[...]

  • Página 63

    Foundry AR-Se ries Rou ter User Gu ide 7 - 6 © 20 04 Foundry Networks , Inc. June 2004 configure router bgp dist ance This co mmand c hanges t he defa ult dist ance v alue on a router . Highe r values are p referred . Parameter Description synt ax: [ no ] dista nce dist ance < n > example : Foundry- AR1208/c onfigure/ro uter/bg p 10# dist an[...]

  • Página 64

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry N etworks, In c. 7 - 7 configure router bgp group This co mmand c onfigures BGP group s. Neigh bors with th e same u pdate poli cies are more easily managed when th ey are in groups . Group or ganizatio n simpli fies con figuration and strea mlines t he update process. Neighbo r group me mbers [...]

  • Página 65

    Foundry AR-Se ries Rou ter User Gu ide 7 - 8 © 20 04 Foundry Networks , Inc. June 2004 configure router bgp group distribute_li st This co mmand c onfigures filter upd ates to th is group. Parameter Description synt ax: [ no ] distribut e_list ac cess_lis t < n > filte r_optio n < out > example : Foundry- AR1208/c onf igu re/ro ute r/b[...]

  • Página 66

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry N etworks, In c. 7 - 9 configure router bgp group filter_list This co mmand c onfigures BGP filters fo r a spe cified gr oup. Parameter Description synt ax: [ no ] filter_list a ccess lis t < n > filt er_opti on < out > example : Foundry- AR1208/c onf igu re/ro ute r/bgp 10/gro up t[...]

  • Página 67

    Foundry AR-Se ries Rou ter User Gu ide 7 - 10 © 2004 F oundry N etworks, In c. June 2004 configure router bgp group next_hop_self This co mmand d isables the next h op calc ulation fo r all pe ers in the group. synt ax: next _hop_sel f example : Foundry- AR1208/c onfigure/ro uter/bgp 10 /group blue external # next_hop_ self related commands: appli[...]

  • Página 68

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 1 1 configure router bgp group pa ssword This co mmand c onfigures the TCP MD 5 passw ord to en able MD5 a uthentica tion for a BGP group. Parameter Description synt ax: [ no ] passw ord md5_p assword < string > example : Foundry- AR1208/c onf igu re/ro ute r/bgp 10/g[...]

  • Página 69

    Foundry AR-Se ries Rou ter User Gu ide 7 - 12 © 2004 F oundry N etworks, In c. June 2004 configure router bgp group remove_private_A S This co mmand re moves th e priv ate AS numb er from upd ates that are se nt out. synt ax: [ no ] rem ove_priv ate_AS example : Foundry- AR1208/c onf igu re/ro ute r/bgp 10/gro up toro nto int erna l# remov e_p r i[...]

  • Página 70

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 13 configure router bgp group rou te_map This co mmand c onfigures a route map to a BGP group. This co mmand c an only be app lied in th e outbound directio n. Parameter Description synt ax: [ no ] route_map route_ma p < name > route_ma p_options < out > example[...]

  • Página 71

    Foundry AR-Se ries Rou ter User Gu ide 7 - 14 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor This co mmand c onfigur es a BGP n eighbor . Parameter Description synt ax: [ no ] ne ighbor IP address < IP add res s > remote_as < n > example : Foundry- AR1208/c onfigure/ro uter/bg p 10# neigh bor 101.101. 1.2 4 re[...]

  • Página 72

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 15 applicable sys tems: All mode ls. configu re router bgp redist ribute[...]

  • Página 73

    Foundry AR-Se ries Rou ter User Gu ide 7 - 16 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor advertisement_interval This co mmand c onfigur es the mini mum t ime inter val for se nding BGP route upda tes. Parameter Description synt ax: [ no ] advertis ement_in terval adv ertiseme nt_int erval < n > example : Foundry[...]

  • Página 74

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 17 configure router bgp neighbor allowbadi d This co mmand p ermits BGP sessio ns to be e stabl ished with routers tha t represen t their route r ID as 0.0.0 .0 or 255. 255. 255. 255 . synt ax: [ no ] allowbadi d example : Foundry- AR1208/c onfigure/ro uter/bgp 10 /neighbor[...]

  • Página 75

    Foundry AR-Se ries Rou ter User Gu ide 7 - 18 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor default_orig inate This co mmand s ends the defaul t route to th e neighbo r . Parameter Description synt ax: [ no ] default_o riginate [ route_map < name > ] example : Foundry- AR1208/c onfigure/ro uter/bgp 10 /neighbor 101[...]

  • Página 76

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 19 configure router bgp neighbor description This co mmand d escribes or identi fies a neigh bor route r . Parameter Description synt ax: [ no ] descript ion neigh bor_desc ription < “ string ” > example : Foundry- AR1208/c onfigure/ro uter/bgp 10 /neighbor 101.10[...]

  • Página 77

    Foundry AR-Se ries Rou ter User Gu ide 7 - 20 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor distribute_list This co mmand c onfigures filter upd ates to or from this neighbor . Parameter Description synt ax: [ no ] distribut e_list ac cess_lis t < n > filte r_optio n < in > example : Foundry- AR1208/c onfigur[...]

  • Página 78

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 21 configure router bgp neighbor ebgp_mul tiho p This co mmand c onfigures multiho p EBGP on a nei ghbor . synt ax: [ no ] ebgp_mu ltihop example : Foundry- AR1208/c onfigure/ro uter/bgp 10 /neighbor 101.101.1 .2 4# ebgp_ multihop applicable sys tems: All mode ls.[...]

  • Página 79

    Foundry AR-Se ries Rou ter User Gu ide 7 - 22 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor filter_li st This co mmand c onfigures BGP filters. Parameter Description synt ax: [ no ] filter_lis t access_ list < n > access _list_op tion < in > example : Foundry- AR1208/c onfigure/ro uter/bgp 10 /neighbor 101.10[...]

  • Página 80

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 23 configure router bgp neighbor keep This co mmand c onfigur es neigh bor route s torage opti ons. Parameter Description synt ax: keep k eep_optio n < all | none > example : Foundry- AR1208/c onfigure/ro uter/bg p 10/neighbor 10.10.2 0.1 2# kee p all applicable sys t[...]

  • Página 81

    Foundry AR-Se ries Rou ter User Gu ide 7 - 24 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor logupdown This co mmand c onfigu res loggi ng of est ablished st ate tran sition ch anges of a neighbo r . synt ax: [ no ] logupdown example : Foundry- AR1208/c onfigure/ro uter/bg p10/neigh bor 101.101 .1.2 4# logupdow n applicab[...]

  • Página 82

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 25 configure router bgp neighbor maxim um_p refix This co mmand c onfigures the max imum numbe r of BGP routes to b e accept ed. If the ne ighbor sends more p refixes t han are co nfigured, t he con nection to th is neigh bor will be broken . Parameter Description synt ax: [...]

  • Página 83

    Foundry AR-Se ries Rou ter User Gu ide 7 - 26 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor neighbo r_gro up This co mmand c onfigures a neighb or to a spe cific gro up. Parameter Description synt ax: [ no ] ne ighbor_ group neighb or_group < n ame > example : Foundry- AR1208/c onfigure/ro uter/bgp 10 /neighbor 101[...]

  • Página 84

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 27 configure router bgp neighbor next_hop_self This co mmand d isables the next h op calc ulatio n for this nei ghbor . synt ax: next _hop_sel f example : Foundry- AR1208/c onfigure/ro uter/bg p 10/neighbor 10.10.2 0.1 2# nex t_hop_self applicable sys tems: All mode ls.[...]

  • Página 85

    Foundry AR-Se ries Rou ter User Gu ide 7 - 28 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor p assword This co mmand c onfigures a pas sword fo r md5 auth enticatio n. Parameter Description synt ax: md5_pas swor d < str ing > example : Foundry- AR1208/c onfigure/ro uter/bg p 10/neighbor 10.10.2 0.1 2# md5 _pa sswo r[...]

  • Página 86

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 29 configure router bgp neighbor route_map This co mmand a pplies a route map to a ne ighbor . A simil ar command exists u nder the g roup tree fo r applying route_ma p to a g roup of ne ighbors in the outbo und dire ction . Parameter Description synt ax: [ no ] route_map r[...]

  • Página 87

    Foundry AR-Se ries Rou ter User Gu ide 7 - 30 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor timers This co mmand c onfigure k eepal ive time rs for a ne ighbor (pee r). The hold time timer val ue is cal culated as three ti mes the v alue of th e keep alive ti mer . Parameter Description synt ax: [ no ] timers keep alive [...]

  • Página 88

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 31 configure router bgp neighbor update_sourc e This co mmand c onfigures the source o f BGP TCP connections for a spe cified neigh bor as the IP addre ss specif ied, inste ad of t he IP addres s of a ph ysical inte rface. This ad dress will be used as the source addre ss f[...]

  • Página 89

    Foundry AR-Se ries Rou ter User Gu ide 7 - 32 © 2004 F oundry N etworks, In c. June 2004 configure router bgp redistribute This co mmand p rovide s access to the foll owing ne xt-level comman ds. Redistrib uti on c au ses rou tes from oth er p rotoc ol s to be e xp orte d vi a th e c urren t pro toc ol. Route s fro m t he c urre nt proto col a re [...]

  • Página 90

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 33 configure router bgp redistribute connected This co mmand re distribute s interfac e routes. Parameter Description synt ax: [ no ] redistribute conne cted [ met ric < n > ] [ route_ma p < name > ] example : Foundry- AR1208/c onfigure/ro uter/bg p 10# redis tr[...]

  • Página 91

    Foundry AR-Se ries Rou ter User Gu ide 7 - 34 © 2004 F oundry N etworks, In c. June 2004 configure router bgp redistribute osp f This co mmand c onfigures the router to redistri bute OSPF route s. Parameter Description synt ax: [ no ] redistribute osp f [ metric < n > ] [ rou te_map < name > ] example : Foundry- AR1208/c onfigure/ro ut[...]

  • Página 92

    BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 35 configure router bgp redistribute rip This co mmand c onfigures a router to redist ribute RIP rou tes. Parameter Description synt ax: [ no ] redistribute rip [ me tric < n > ] [ route_map < name > ] example : Foundry- AR1208/c onfigure/ro uter/bg p 10# redist[...]

  • Página 93

    Foundry AR-Se ries Rou ter User Gu ide 7 - 36 © 2004 F oundry N etworks, In c. June 2004 configure router bgp redistribute st atic This co mmand c onfigures a route r to redist ribute st atic rou tes. Parameter Description synt ax: [ no ] redistribute sta tic [ metr ic < n > ] [ route_map < name > ] example : Foundry- AR1208/c onfigure[...]

  • Página 94

    June 20 04 © 2004 F oundry N etworks, In c. 8 - 1 Chap ter 8 BGP4 show Commands Use BGP s how comm ands to d isplay a ll config ured BGP in formation . NOTE: The CL I commands “show” and “display ” can be u sed interc hangeabl y . show ip b gp This co mmand a ccesse s the foll owing next -level di splay (s how) comm ands. related commands:[...]

  • Página 95

    Foundry AR-Se ries Rou ter User Gu ide 8 - 2 © 20 04 Foundry Networks , Inc. June 2004 show ip bgp aggregate_address This co mmand d isplays a list of configure d aggre gate addre sses. Parameter Description synt ax: show ip bgp agg regate_addres s [ addres s < IP address > [ mask < subnet m ask > ] ] example : Foundry- AR1208# s how i[...]

  • Página 96

    BGP4 sh ow C omman ds June 20 04 © 2004 F oundry N etworks, In c. 8 - 3 show ip b gp communi ty This co mmand d isplays routes th at match BGP c ommunitie s. Parameter Description synt ax: show ip bgp co mmunity [ number < n > ] [ aa: nn < n > ] [ match _local_a s < local _as > ] [ match _no_ad vertise < no_adver tise > ] [[...]

  • Página 97

    Foundry AR-Se ries Rou ter User Gu ide 8 - 4 © 20 04 Foundry Networks , Inc. June 2004 applicable sys tems: All mode ls. T a ble 8.1: St atus and Ori gin Codes S tatus codes * ( val id ) The t able e ntry is va lid. # ( best ) The t able entry is the be st entry to use for th at netwo rk. i ( intern al ) The t able entry was learne d via an intern[...]

  • Página 98

    BGP4 sh ow C omman ds June 20 04 © 2004 F oundry N etworks, In c. 8 - 5 show ip b gp groups This co mmand p rovides i nformatio n about BG P groups . synt ax: show ip bg p grou ps [ < n ame > ] example : Foundry- AR1208# s how ip bgp group s north applicable sys tems: All mode ls.[...]

  • Página 99

    Foundry AR-Se ries Rou ter User Gu ide 8 - 6 © 20 04 Foundry Networks , Inc. June 2004 show ip b gp neighb ors This co mmand d isplays detai led inform ation and st atus on al l BGP neighb ors, incl uding: • peer grou p and AS affil iations • configu red and negotiate d timers • minim um times between ad vertisem ents • receive and trans m[...]

  • Página 100

    BGP4 sh ow C omman ds June 20 04 © 2004 F oundry N etworks, In c. 8 - 7 T a ble 8.2: St atus and Ori gin Codes S tatus co des * ( val id ) The t able e ntry is va lid. # ( best ) The t able entry is the be st entry to use for th at netwo rk. i ( intern al ) The t able entry was learne d via an internal BGP s ession. Orig in co des i ( IGP) Interna[...]

  • Página 101

    Foundry AR-Se ries Rou ter User Gu ide 8 - 8 © 20 04 Foundry Networks , Inc. June 2004 applicable sys tems: All mode ls. updates Numbe r of sent BG P updates Maxim um prefixes The max imum nu mber of pre fixes tha t can be r eceived from this neighbo r . T able 8.3: O ther BGP show Des criptions (Continued)[...]

  • Página 102

    BGP4 sh ow C omman ds June 20 04 © 2004 F oundry N etworks, In c. 8 - 9 show ip bgp paths This co mmand s hows a ll BGP p aths in t he dat abase. synt ax: show ip bgp p aths example : Foundry- AR1208# s how ip bgp path s applicable sys tems: All mode ls. T able 2 Inte rpreting BGP Paths term hash An area where p ath I P addresse s are sto red refc[...]

  • Página 103

    Foundry AR-Se ries Rou ter User Gu ide 8 - 10 © 2004 F oundry N etworks, In c. June 2004 show ip bgp r egexp This co mmand d isplays routes m atching th e regular e xpressi on. Parameter Description synt ax: show ip bgp re gexp reg_ exp < “stri ng” > example : Foundry- AR1208# s how ip bgp regexp “.* 600 .*“ applicable sys tems: All [...]

  • Página 104

    BGP4 sh ow C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 8 - 1 1 show ip b gp summary This co mm an d s how s th e BG P ro uter’s i den tify in g nu mb er , local AS numb er , and connecte d n eighbo rs. Neig hbor informa tion incl udes BGP v ersion (v), AS n umber , messag es receive d and trans mitted, a nd operatin g sta tus. synt ax[...]

  • Página 105

    Foundry AR-Se ries Rou ter User Gu ide 8 - 12 © 2004 F oundry N etworks, In c. June 2004 show ip b gp t able This comm an d sho ws entri es in the BGP rout e table . synt ax: show ip bg p tabl e example : Foundry- AR1208# s how ip bgp tabl e applicable sys tems: All mode ls. T a ble 8.5: St atus and Ori gin Codes S tatus co des * ( val id ) The t [...]

  • Página 106

    BGP4 sh ow C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 8 - 13 show poli cy This co mmand p rovide s access to the fo llowing ne xt-lev el polic y displ ay comm ands: related commands: show pol ic y as_ p at h show pol ic y com mu ni t y_ lis t show pol ic y ip_a cc es s_ list show pol ic y route _m ap[...]

  • Página 107

    Foundry AR-Se ries Rou ter User Gu ide 8 - 14 © 2004 F oundry N etworks, In c. June 2004 show policy as_p ath This co mmand d ispla ys the AS path access lists . Parameter Description synt ax: show poli cy as _path [ acce ss_l ist < n > ] example : Foundry- AR1208# s how policy as_p ath related commands: applicable sys tems: All mode ls. acc[...]

  • Página 108

    BGP4 sh ow C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 8 - 15 show poli cy commun ity_list This co mmand s hows c onfigur ed comm unity li sts. Parameter Description synt ax: show policy c ommunity_ list [ communi ty < n > ] example : Foundry- AR1208# s how policy community_ list related commands: applicable sys tems: All mode ls.[...]

  • Página 109

    Foundry AR-Se ries Rou ter User Gu ide 8 - 16 © 2004 F oundry N etworks, In c. June 2004 show policy ip_access_l ist This co mmand s how rout es that co mply w ith spec ific IP ac cess rul es. Parameter Description synt ax: show policy i p_acces s_list [ number < n > ] example : Foundry- 1450/s how# pol icy ip_a cce ss _lis t related command[...]

  • Página 110

    BGP4 sh ow C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 8 - 17 show policy route_map This co mmand s hows ro ute map i nformation . Parameter Description synt ax: show policy ro ute_map [ < name > ] example : Foundry- AR1208# s how policy route_map related commands: applicable sys tems: All mode ls. name The name of th e r oute map[...]

  • Página 111

    Foundry AR-Se ries Rou ter User Gu ide 8 - 18 © 2004 F oundry N etworks, In c. June 2004[...]

  • Página 112

    June 20 04 © 2004 F oundry N etworks, In c. 9 - 1 Chap ter 9 OSPF Configure Commands Use OSPF confi gure command s to confi gure a ll OSPF rout ing pa rameters. NOTE: See the c ommand configure interfa ce loopb ack in the Comma nd Refer ence Guide: Domes tic Product s for im portant informati on about l oopback interfaces . When co nfiguring OSPF [...]

  • Página 113

    Foundry AR-Se ries Rou ter User Gu ide 9 - 2 © 20 04 Foundry Networks , Inc. June 2004 configure router osp f This co mmand c onfigures a router for OSPF routin g. synt ax: router os pf example : Foundry- AR1208/c onfigur e# rout er o sp f related commands: applicable sys tems: All mode ls. configu re route r ospf 1583Comp at ability configu re ro[...]

  • Página 114

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry N etworks, In c. 9 - 3 configure router osp f 1583 Comp atibility This co mmand e stabl ishes the route sum mary ca lculatio n method t o be com patibl e with RFC 1583. Th e RFC comp atibili ty of a ll routers in an OSPF domain shou ld be configured the sam e. The defa ult is 158 3Comp atibil [...]

  • Página 115

    Foundry AR-Se ries Rou ter User Gu ide 9 - 4 © 20 04 Foundry Networks , Inc. June 2004 configure router osp f area This co mmand c onfigures an OSPF are a. Parameter Description synt ax: area < area_id > example : Foundry- AR1208/c onfigure/ro uter/osp f# area 0 related commands: related commands: applicable sys tems: All mode ls. area_ id O[...]

  • Página 116

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry N etworks, In c. 9 - 5 configure router osp f area are a_type This co mmand a ccesse s the foll owing n ext-level comman ds for con figuring a n area type. related commands: related commands: applicable sys tems: All mode ls. configu re route r ospf area area_t ype norma l configu re route r o[...]

  • Página 117

    Foundry AR-Se ries Rou ter User Gu ide 9 - 6 © 20 04 Foundry Networks , Inc. June 2004 configure router osp f area area_type normal This co mmand s pecifies an area a rea typ e as normal. synt ax: area _ty pe no r mal example : Foundry- AR1208/c onfigure/ro uter/osp f/area 0# area_typ e normal related commands: applicable sys tems: All mode ls. co[...]

  • Página 118

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry N etworks, In c. 9 - 7 configure router osp f area are a_type nssa This co mmand s pecifies an area type as (nss a) not-so-stubb y area . synt ax: area _ty pe nssa example : Foundry- AR1208/c onfigure/ro uter/osp f/area 1# area_typ e nssa related commands: related commands: applicable sys tems[...]

  • Página 119

    Foundry AR-Se ries Rou ter User Gu ide 9 - 8 © 20 04 Foundry Networks , Inc. June 2004 configure router osp f area are a_type nssa no_sum mary This c omma nd pr e ven ts an ns sa are a bo un dar y rou ter f rom se ndi ng su mm ary link adver tis ements i nto an n ssa area. synt ax: no_sum mary example : Foundry- AR1208/c onfigure/ro uter/osp f/are[...]

  • Página 120

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry N etworks, In c. 9 - 9 configure router osp f area area_type stub This co mmand c onfigur es an are a as a st ub area. S tub areas are not floode d with AS ext ernal a dvertisemen ts. S tub area s reduce the amoun t of memory require d on stu b area rout ers. synt ax: [ no ] area_type st ub ex[...]

  • Página 121

    Foundry AR-Se ries Rou ter User Gu ide 9 - 10 © 2004 F oundry N etworks, In c. June 2004 configure router osp f area are a_type stub no_summary This co mmand p revent s an a rea bounda ry router fro m sendin g summar y link adv ertisemen ts int o the stub area. synt ax: no_sum mary example : Foundry- AR1208/c onfigure/ro uter/osp f/area 1/a rea_ty[...]

  • Página 122

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 1 1 configure router osp f area default_ cost This co mmand s pecifies a cost f or the defa ult su mmary rout e sent in to a stub area. Parameter Description synt ax: defa ult _cos t < n > example : Foundry- AR1208/c onfigure/ro uter/osp f/area 1# default_cost 10 rel[...]

  • Página 123

    Foundry AR-Se ries Rou ter User Gu ide 9 - 12 © 2004 F oundry N etworks, In c. June 2004 configure router osp f area range This co mmand s ummariz es routes at the area boundari es, pro ducing a single ro ute that is advertis ed by are a bord er ro uter s. Parameter Description synt ax: [ no ] range netwo rknumber < IP addr ess > ma sk < [...]

  • Página 124

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 13 configure router osp f area virtual_link This co mmand d efines an OSPF virtual link f or an area. Estab lishes a virtual c onnection t o the b ackbone for an area border route r that is n ot physic ally conne cted t o the backbo ne. A virtual link req uires that ea ch [...]

  • Página 125

    Foundry AR-Se ries Rou ter User Gu ide 9 - 14 © 2004 F oundry N etworks, In c. June 2004 configure router osp f area virtual _link authentication This co mmand c onfigur es authe ntication for an area virtual l ink. Authentic ation gua rantees th at only tr usted routers se nd and rec eive traf fic within an a rea. Each i nterface m ust use the sa[...]

  • Página 126

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 15 configure router osp f area virtual _link dead_interval This co mmand s ets th e time, in second s that an O SPF neighb or will wait for a he llo pa cket. Once t he user-de fined tim e expires , the interf ace assu mes that the neigh bor is dow n. The v alue ente red sh[...]

  • Página 127

    Foundry AR-Se ries Rou ter User Gu ide 9 - 16 © 2004 F oundry N etworks, In c. June 2004 configure router osp f area virtual _link hello_interval This co mmand c onfigu res the ti me interv al betwe en transm ission o f hello p ackets. Parameter Description synt ax: [ no ] hello_in terval < n > example : Foundry- AR1208/c onfigure/ro uter/os[...]

  • Página 128

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 17 configure router osp f area virtual _link retransmit_ interval This co mmand c onfigur es the time between link st ate a dvertise ment retran smissions on an in terface. Parameter Description synt ax: [ no ] retra nsmit_i nterval < n > example : Foundry- AR1208/c [...]

  • Página 129

    Foundry AR-Se ries Rou ter User Gu ide 9 - 18 © 2004 F oundry N etworks, In c. June 2004 configure router osp f area virtual_link transmit _delay This co mmand c onfigur es the estim ated tim e to transm it a link state updat e pack et on an i nterface. Parameter Description synt ax: [ no ] transmit_de lay < n > example : Foundry- AR1208/c o[...]

  • Página 130

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 19 configure router osp f dist ance This co mmand a ccesse s the foll owing n ext-level comman ds to con figure OSPF admi nistrativ e dist ances for routes. related commands: related commands: applicable sys tems: All mode ls. configu re route r ospf distan ce osp f config[...]

  • Página 131

    Foundry AR-Se ries Rou ter User Gu ide 9 - 20 © 2004 F oundry N etworks, In c. June 2004 configure router osp f dist ance osp f This c ommand accesses next-lev el comm ands th at config ure OSPF a dministr ative dis tanc es based on route type. related commands: applicable sys tems: All mode ls. configu re route r ospf distan ce osp f ext ernal co[...]

  • Página 132

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 21 configure router osp f dist ance osp f external This co mmand c onfigures the dist ance paramet er for ex ternal rou tes. Parameter Description synt ax: [ no ] dista nce ospf external < n > example : Foundry- AR1208/c onfigure/ro uter/osp f# distance ospf ext erna[...]

  • Página 133

    Foundry AR-Se ries Rou ter User Gu ide 9 - 22 © 2004 F oundry N etworks, In c. June 2004 configure router osp f dist ance osp f non_external This co mmand c onfigures the dist ance paramet er for inter- and intra-a rea route s. Parameter Description synt ax: [ no ] dista nce osp f non_e xternal < n > example : Foundry- AR1208/c onfigure/ro u[...]

  • Página 134

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 23 configure router osp f interface This c omm a nd co nfi g ure s an int er f ace f or O S PF ro utin g. Parameter Description synt ax: [ no ] interface < n ame > [ dl ci < n > ] [ < area _id > ] NOTE: When the “ospf” interface is create d for the fi[...]

  • Página 135

    Foundry AR-Se ries Rou ter User Gu ide 9 - 24 © 2004 F oundry N etworks, In c. June 2004 configure router osp f interfa ce authentication This co mmand c onfigures the authe nticat ion type on a n inte rface. Parameter Description synt ax: [ no ] authenticati on < type > < line > example : Foundry- AR1208/c onfigure/ro uter/osp f/inter[...]

  • Página 136

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 25 configure router osp f interface cost This co mmand c onfigures the OSPF m etric cost f or a spec ific interf ace. Parameter Description synt ax: [ no ] cost < n > example : Foundry- AR1208/c onfigure/ro uter/osp f/interfac e toBoston # cos t 10 related commands: [...]

  • Página 137

    Foundry AR-Se ries Rou ter User Gu ide 9 - 26 © 2004 F oundry N etworks, In c. June 2004 configure router osp f interfa ce dea d_ interval This co mmand s ets th e time, in second s, that an OSPF ne ighbor will wait for a hello p acket. Once t he user-de fined tim e expires , the interf ace assu mes that the neigh bor is dow n. The v alue ente red[...]

  • Página 138

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 27 configure router osp f interfa ce hell o_interval This co mmand s ets th e time in terval, in seconds , betwee n the hell o pac kets that are se nt on the i nterface. Parameter Description synt ax: [ no ] hello_in terval < n > example : Foundry- AR1208/c onfigure/[...]

  • Página 139

    Foundry AR-Se ries Rou ter User Gu ide 9 - 28 © 2004 F oundry N etworks, In c. June 2004 configure router osp f interface ne ighbor This co mmand s ets up an OSPF neig hbor router f or an interf ace that i s used on a non-broadc ast network . Parameter Description synt ax: [ no ] neighbor < IP address > [ priori ty < n > ] example : Fo[...]

  • Página 140

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 29 configure router osp f interface networ k This co mmand c onfigures the OSPF n etwork type on an int erface. Parameter Description synt ax: [ no ] network < b roadcast | non_ broadcast | point_ to_multip oint | po int_to_po int > NOTE: If the in terface typ e is p[...]

  • Página 141

    Foundry AR-Se ries Rou ter User Gu ide 9 - 30 © 2004 F oundry N etworks, In c. June 2004 applicable sys tems: All mode ls.[...]

  • Página 142

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 31 configure router osp f interfa ce poll_interval This c ommand, used for nonbro adcas t inte rfaces o nly , specifi es ho w of ten the route r s ends hello pa cket s from the inter face before es tabli shing adj acency with a neig hbor . Parameter Description synt ax: [ [...]

  • Página 143

    Foundry AR-Se ries Rou ter User Gu ide 9 - 32 © 2004 F oundry N etworks, In c. June 2004 configure router osp f interface pri ority This co mmand c onfigures the priori ty (which i s used i n the electio n of de signated routes) to establ ish the design ated rou ter . Parameter Description synt ax: [ no ] pri ority < n > example : Foundry- A[...]

  • Página 144

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 33 configure router osp f interfa ce retransmit_inter val This co mmand c onfigur es the ret ransmit ti me for the link st ate adv ertiseme nt retran smission for neig hbors belongi ng to t he interface. When a ro uter se nds a lin k sta te adverti sement to its n eighbor [...]

  • Página 145

    Foundry AR-Se ries Rou ter User Gu ide 9 - 34 © 2004 F oundry N etworks, In c. June 2004 configure router osp f interfa ce transmit_delay This co mmand c onfigur es the ap proximat e time it takes to transm it a link state advertise ment u pdate p acket on the inte rface. Parameter Description synt ax: [ no ] transmit_de lay < n > example : [...]

  • Página 146

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 35 configure router osp f redistribute This co mmand a ccesses n ext-level commands that are us ed to redi stribu te routes f rom other ro uters or rou ting prot oco ls. synt ax: redistri bute example : Foundry- AR1208/c onfigure/ro uter/osp f# redistribute related command[...]

  • Página 147

    Foundry AR-Se ries Rou ter User Gu ide 9 - 36 © 2004 F oundry N etworks, In c. June 2004 configure router osp f redistribute bgp This co mmand re distribute s BGP rout es. Parameter Description NOTE: See the Po licy co mmands chapter , specificall y “config ure polic y route_map” on p age 3-8 for more infor mation ab out confi guring rout e ma[...]

  • Página 148

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 37 configure router osp f red istribute connec ted This co mmand re distribute s conne cted interf ace routes. Parameter Description NOTE: See the Po licy co mmands chapter , specificall y “config ure polic y route_map” on p age 3-8 for more infor mation ab out confi g[...]

  • Página 149

    Foundry AR-Se ries Rou ter User Gu ide 9 - 38 © 2004 F oundry N etworks, In c. June 2004 configure router osp f redistribute ri p This co mmand re distribute s RIP routes . Parameter Description NOTE: See the Po licy co mmands chapter , specificall y “config ure polic y route_map” on p age 3-8 for more infor mation ab out confi guring rout e m[...]

  • Página 150

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 39 configure router osp f redistribute st atic This co mmand re distribute s sta tic rou tes. Parameter Description NOTE: See the Po licy co mmands chapter , specificall y “config ure polic y route_map” on p age 3-8 for more infor mation ab out confi guring rout e maps[...]

  • Página 151

    Foundry AR-Se ries Rou ter User Gu ide 9 - 40 © 2004 F oundry N etworks, In c. June 2004 configure router osp f ref_bw This co mmand c alculate s OSPF int erface cost a ccording to bandw idth usage. S pecifying a large num ber help s dif feren tiate cost on mult iple high bandwid th lin ks. Parameter Description synt ax: ref_bw < n > example[...]

  • Página 152

    OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 41 configure router osp f timers This co mmand c onfigu res and a djust s osp f sp f timers. Parameter Description synt ax: timers [ sp f_delay < n > | sp f_holdtim e < n > ] example : Foundry- AR1208/c onfigure/ro uter/osp f# timers s pf_d elay 20 related comm[...]

  • Página 153

    Foundry AR-Se ries Rou ter User Gu ide 9 - 42 © 2004 F oundry N etworks, In c. June 2004[...]

  • Página 154

    June 20 04 © 2004 F oundry N etworks, In c. 10 - 1 Chapter 10 OSPF Show Commands Use OSPF d isplay/ show co mmands to displ ay all co nfigured O SPF inf ormation. NOTE: The CL I commands “show” and “display ” can be u sed interc hangeabl y . show ip ospf area This co mmand d isplays configur ation i nformatio n about an OSPF are a. Paramet[...]

  • Página 155

    Foundry AR-Se ries Rou ter User Gu ide 10 - 2 © 2004 F oundry Netw orks, In c. June 200 4 related commands: applicable sys tems: All mode ls. show ip osp f global show ip os pf databa se show ip ospf i nterface show ip osp f neighbo r show ip osp f retransm ission_ list show ip osp f request_ list show ip osp f virtual_ links[...]

  • Página 156

    OSPF S how Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 10 - 3 show ip ospf dat abase This co mmand p rovides a ccess to c ommands that displa y info rmation a bout an O SPF datab ase. synt ax: data base example : Foundry- AR1208# s how ip osp f dat abase related commands: related commands: applicable sys tems: All mode ls. show ip os pf[...]

  • Página 157

    Foundry AR-Se ries Rou ter User Gu ide 10 - 4 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f dat abase all This co mmand d isplays informati on related to the OSPF datab ases of the route r . Parameter Description synt ax: show ip ospf d atabas e all [ are a_id < n > ] [ advt_rtr < IP addres s > ] [ link_id < IP address &[...]

  • Página 158

    OSPF S how Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 10 - 5 show ip osp f dat abase asbr_summary This co mmand d isplays informati on about AS BR summ ary link states . Parameter Description synt ax: data base asb r_summar y [ area_id < decimal form or IP ad dress > ] [ advt_rtr < IP ad dress > ] [ link_id < IP address [...]

  • Página 159

    Foundry AR-Se ries Rou ter User Gu ide 10 - 6 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f dat abase dat abase_summary This c omma nd di sp lay s OSPF databa se su mmary inf or mat i on. synt ax: data base dat abas e_summary example : Foundry- AR1208# s how ip osp f dat abase dat abase_summary related commands: applicable sys tems: Al[...]

  • Página 160

    OSPF S how Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 10 - 7 show ip osp f dat abase external This co mmand d isplays information about e xternal L SAs in the OSPF dat abase. Parameter Description synt ax: data base exte rnal [area_ id < deci mal form or IP addres s > ] [ adv t_rtr < IP addres s > ] [ link_id < IP addres[...]

  • Página 161

    Foundry AR-Se ries Rou ter User Gu ide 10 - 8 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f dat abase network This co mmand d isplays datab ase inform ation abo ut the net work LSAs . Parameter Description synt ax: data base netw ork [area _id < dec imal form or I P address > ] [ advt_ rtr < IP addres s > ] [ link_id < I[...]

  • Página 162

    OSPF S how Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 10 - 9 show ip osp f dat abase nssa_external This co mmand shows OSPF d atabas e informa tion about NSSA e xternal LSAs . Parameter Description synt ax: data base nss a_externa l [area _id < dec imal value or IP addres s > ] [ advt_rt r < IP address > ] [ link_id < IP[...]

  • Página 163

    Foundry AR-Se ries Rou ter User Gu ide 10 - 10 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f dat abase router This co mmand s hows infor mation ab out rout er LSAs in t he OSPF dat abase. Parameter Description synt ax: data base route r [area_id < decimal form or IP address > ] [ advt_rtr < IP addr ess > ] [ link_id < IP[...]

  • Página 164

    OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 1 1 show ip osp f dat abase self_orig inate This co mmand d isplays OSPF datab ase info rmation ab out se lf-origina ted LSAs in the router . Parameter Description synt ax: data base sel f_origi nate [area_ id < n > ] example : Foundry- AR1208# s how ip osp f dat abase se[...]

  • Página 165

    Foundry AR-Se ries Rou ter User Gu ide 10 - 12 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f dat a base summary This co mmand d isplays in formation about sum mary LSAs in the OSPF da tabas e. Parameter Description synt ax: data base sum mary [are a_id < decim al form or IP address > ] [ advt_ rtr < IP a ddress > ] [ link_i[...]

  • Página 166

    OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 13 show ip o sp f global This co mmand d isplays global O SPF informa tion. synt ax: global example : Foundry- AR1208# s how ip osp f global related commands: applicable sys tems: All mode ls. show ip osp f area show ip os pf databa se show ip ospf i nterface show ip osp f neig[...]

  • Página 167

    Foundry AR-Se ries Rou ter User Gu ide 10 - 14 © 2004 F oundry Netw orks, In c. June 200 4 show i p ospf interface This co mmand p rovides a ccess to c ommands th at displa y informa tion a bout configu red OSPF interfaces. synt ax: inter face example : Foundry- AR1208# s how ip osp f interface related commands: related commands: applicable sys te[...]

  • Página 168

    OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 15 show ip osp f interface all This co mmand d isplays configur ation i nformatio n about al l configu red OSPF interface s. synt ax: inter face all example : Foundry- AR1208# s how ip osp f interface all related commands: applicable sys tems: All mode ls. show ip osp f interfa[...]

  • Página 169

    Foundry AR-Se ries Rou ter User Gu ide 10 - 16 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f interface bundle This co mmand d isplays configur ation i nformatio n about an OSPF bu ndle. synt ax: inter face bund le < name > [ pvc < n > ] example : Foundry- AR1208# s how ip osp f interface bundle Boise related commands: appli[...]

  • Página 170

    OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 17 show ip osp f interface ethernet This co mmand d isplays OSPF configu ration informatio n about an Ethernet interface . synt ax: interf ace ethern et < n > example : Foundry- AR1208# s how ip osp f interface ethernet 1 related commands: applicable sys tems: All mode ls[...]

  • Página 171

    Foundry AR-Se ries Rou ter User Gu ide 10 - 18 © 2004 F oundry Netw orks, In c. June 200 4 show ip o sp f neighbor This co mmand p rovides a ccess to next-lev el comm ands tha t display configu ration info rmation a bout OSPF neighbo rs. synt ax: neighbo r example : Foundry- AR1208# s how ip osp f neighbor related commands: related commands: appli[...]

  • Página 172

    OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 19 show ip o sp f neighbor det a il This co mmand d isplays detai led OSPF c onfigur ation info rmation a bout all n eighbors. synt ax: nei gh bor deta il example : Foundry- AR1208# s how ip osp f neighbor det ail related commands: applicable sys tems: All mode ls. show ip osp [...]

  • Página 173

    Foundry AR-Se ries Rou ter User Gu ide 10 - 20 © 2004 F oundry Netw orks, In c. June 200 4 show ip o sp f neighbor id This co mmand d isplays OSPF conf iguration informa tion abou t a speci fic neig hbor . synt ax: neighbo r id < IP address > example : Foundry- AR1208# s how ip osp f neighbor id 10.3 .1.2 related commands: applicable sys tem[...]

  • Página 174

    OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 21 show ip o sp f neighbor interface This co mmand p rovides a ccess to c ommands that dis play OSPF configura tion inform ation ab out all neighbors in an interf ace. synt ax: neighbo r interface ethernet < n > | b undle < n ame > [ pv c < n > ] example : Fou[...]

  • Página 175

    Foundry AR-Se ries Rou ter User Gu ide 10 - 22 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f neighbor interface bundle This co mmand d isplays informati on about a n OSPF nei ghbors on a b undle interface. synt ax: neighbo r interface bundle < name > [ p vc < n > ] example : Foundry- AR1208# s how ip osp f neighbor interfac[...]

  • Página 176

    OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 23 show ip osp f neighbor interface ethernet This co mmand d isplays configur ation info rmatio n about a n eighbor on an Ethe rnet interfa ce. synt ax: neighbo r interface ethernet < n > example : Foundry- AR1208# s how ip osp f neighbor interface ethernet 1 related comm[...]

  • Página 177

    Foundry AR-Se ries Rou ter User Gu ide 10 - 24 © 2004 F oundry Netw orks, In c. June 200 4 show ip o sp f neighbor list This co mmand d isplays a list of neighbors attac hed to thi s router . synt ax: neighbo r list example : Foundry- AR1208# s how ip osp f neighbor list related commands: applicable sys tems: All mode ls. show ip ospf neighbo r de[...]

  • Página 178

    OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 25 show ip ospf request_list This co mmand d isplays the LSAs i n the reque st list o f the specifi ed neighb or . synt ax: request_ list < IP a ddress > example : Foundry- AR1208# s how ip osp f request_lis t 10.10.10.1 related commands: applicable sys tems: All mode ls.[...]

  • Página 179

    Foundry AR-Se ries Rou ter User Gu ide 10 - 26 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f retransmission_li st This co mmand d isplays the LSAs i n the retran smissi on list of the spec ified nei ghbor . synt ax: retransm ission_ list < IP a ddress > example : Foundry- AR1208# s how ip osp f retransmissi on_list 1 0.10.10.1 re[...]

  • Página 180

    OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 27 show ip os p f virtual_ link s This co mmand d isplays informati on about c onfigured OSPF virtu al links. synt ax: virtual_ links [ < IP address > ] example : Foundry- AR1208# s how ip osp f virtual_link s related commands: applicable sys tems: All mode ls. show ip os[...]

  • Página 181

    Foundry AR-Se ries Rou ter User Gu ide 10 - 28 © 2004 F oundry Netw orks, In c. June 200 4[...]

  • Página 182

    June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 1 Chap te r 1 1 RIP Confi g ure Com man ds Use RIP config ure comm ands to c onfigure a ll RIP p aramete rs. NOTE: See t he command configure interface loop back in th e Command Reference Guide : Domestic Product s for im portant informati on about l oopback interfaces .[...]

  • Página 183

    Foundry AR-Se ries Rou ter User Gu ide 1 1 - 2 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip This co mmand e nables th e Routing I nformation Protocol (RIP ). synt ax: [ no ] rou ter rip example : Foundry- AR1208/c onfigur e# rout er r ip related commands: applicable sys tems: All mode ls. configu re route r rip defaul t_metric [...]

  • Página 184

    RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 3 configure router rip default_me tric This co mmand s ets th e global default m etric valu es for R IP . Parameter Description synt ax: [ no ] default_metr ic < n > example : Foundry- AR1208/c onfigure/ro uter/rip# default_me tric 4 This ex ample confi gures the defaul[...]

  • Página 185

    Foundry AR-Se ries Rou ter User Gu ide 1 1 - 4 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip dist ance This co mmand c onfigures the dist ance value for R IP protoco l on a rou ter . Parameter Description synt ax: dist ance < n > example : Foundry- AR1208/c onfigure/ro uter/rip# dist an ce 25 related commands: applicable s[...]

  • Página 186

    RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 5 configure router rip interface This co mmand e nables RIP f or an interf ace. The inte rface is identifie d by the interface name. Use ethernet0 for Ethernet 0 and et hernet1 for Ethernet 1. W AN interf aces are ide ntified by bundle names. If no other RIP i nterface c omma[...]

  • Página 187

    Foundry AR-Se ries Rou ter User Gu ide 1 1 - 6 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip interface authenticatio n This co mmand c onfigures RIP-2 aut henticati on for an i nterface. The type of aut henticati on and the key val ue to be u sed can be s pecifie d, but this is only valid with RIP versio n 2 (mode 3) . When auth[...]

  • Página 188

    RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 7 configure router rip interface distri bute_list This co mmand c onfigures the acce ss list to be use d to filter either inc oming or outg oing route s for this interface . This co mmand i s used i n conjuncti on with t he redistri bute com mand. Parameter Description synt a[...]

  • Página 189

    Foundry AR-Se ries Rou ter User Gu ide 1 1 - 8 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip interface metri c This co mmand c onfigures the metri c value for R IP routes for this in terface. Parameter Description synt ax: [ no ] metric < n > example : Foundry- AR1208/c onfigure/ro uter/rip /interface ethernet0# metric 3 T[...]

  • Página 190

    RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 9 configure router rip interface mo de This co mmand c onfigures RIP mode fo r the spec ific interfac e. This co mmand i s similar to the globa l RIP mode com mand, but i t is on ly applica ble to the current interface. Use this co mmand to override the global RIP mode s etti[...]

  • Página 191

    Foundry AR-Se ries Rou ter User Gu ide 1 1 - 10 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip interface neigh bor This co mmand s pecifies a RIP neigh bor for a specific i nterface. Use th is comman d multipl e times to add multiple neighbors . When nei ghbors are specifi ed, RIP u pdates are unicas t to those neighbors (a nd no[...]

  • Página 192

    RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 1 1 configure router rip interface p assive This c omma nd co nfig ures R IP mo de for a sp ec ifi c inte rf ac e to passiv e (lis ten - onl y) mod e. Use th is comman d to overri de a glob al RIP mo de config ured for an interface . synt ax: [ no ] pas sive example : Foundry[...]

  • Página 193

    Foundry AR-Se ries Rou ter User Gu ide 1 1 - 12 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip interface sp lit_horizon This co mmand c onfigur es the spli t-horizon mechanis m on an interface. By defau lt, split horizon is e nabled for all interfa ces for pois on-revers e. Parameter Description synt ax: [ no ] split_ho rizon <[...]

  • Página 194

    RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 13 configure router rip mode This co mmand g lobally configure s RIP mo de for all i nterfaces . Use th is comman d to overri de the global mode setti ng. Parameter Description synt ax: [ no ] mode < n > example : Foundry- AR1208/c onfigure/ro uter/rip# mode 3 related c[...]

  • Página 195

    Foundry AR-Se ries Rou ter User Gu ide 1 1 - 14 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip pacing This co mmand e nables RI P updates s ent from th is router t o be releas ed to the network in a cont rolled ma nner to avoid t raf fic bottle necks. When ena bled, RIP updates from this router wi ll be sen t in seve ral smal l i[...]

  • Página 196

    RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 15 configure router rip p assive This co mmand c onfigures RIP p assive (lis ten only ) mode. All conf igured interfaces will only listen to RIP (ve rsion 1 an d 2) update s, but will not s end any u pdates. Y ou can override the mode on a spec ific int erface by configuri ng[...]

  • Página 197

    Foundry AR-Se ries Rou ter User Gu ide 1 1 - 16 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip redistrib ute This co mmand a ccesse s the foll owing next -level co mmands that confi gure th e system to use RIP update s to redistri bute routes learned f rom other ro uting proto cols. related commands: applicable sys tems: All mode[...]

  • Página 198

    RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 17 configure router rip red istribute bgp This co mmand c onfigures RIP to red istribute bgp routes. Parameter Description synt ax: redistri bute bgp a s_number [ metric < n > ] example : Foundry- AR1208/c onfigure/ro uter/rip# redistribute b gp 1 related commands: appl[...]

  • Página 199

    Foundry AR-Se ries Rou ter User Gu ide 1 1 - 18 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip redistrib ute connected This c omma nd co nfig ure s RIP t o re di str i but e con n ect ed rou tes . Parameter Description synt ax: [ no ] redistribute connecte d [ metr ic < n > ] example : Foundry- AR1208/c onfigure/ro uter/rip[...]

  • Página 200

    RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 19 configure router rip redistrib ute osp f This c omma nd co nfig ure s R IP t o redi stri but e O SPF r out e s. Parameter Description synt ax: [ no ] redistribute osp f [ metric < n > ] example : Foundry- AR1208/c onfigure/ro uter/rip# redistribute osp f related comm[...]

  • Página 201

    Foundry AR-Se ries Rou ter User Gu ide 1 1 - 20 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip redistri bute st atic This co mmand c onfigures RIP to red istribute static routes. Parameter Description synt ax: [ no ] redistribute sta tic [ metr ic < n > ] example : Foundry- AR1208/c onfigure/ro uter/rip# redistribute st ati[...]

  • Página 202

    RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 21 configure router rip time rs This co mmand a ccesses th e foll owing next -level co mmands that confi gure th e global RIP timers. related commands: applicable sys tems: All mode ls. configu re router rip timers fl ush configu re router rip timers h olddown configu re rout[...]

  • Página 203

    Foundry AR-Se ries Rou ter User Gu ide 1 1 - 22 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip timers flush This co mmand c onfigu res the gl obal RIP flush tim er . This is the time interval in secon ds that must pa ss before the route i s removed fro m the rout ing t able. Thi s value should be config ured to be greater than th[...]

  • Página 204

    RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 23 configure router rip time rs holddow n This co mmand c onfigur es the gl obal RIP hold down t imers. Hold d own time i s the inte rval in sec onds duri ng which ro uting info rmation re garding be tter rout es is su ppressed. This sh ould be c onfigured to be at l east twi[...]

  • Página 205

    Foundry AR-Se ries Rou ter User Gu ide 1 1 - 24 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip timers up date This co mmand c onfigu res the gl obal RIP update tim er . This t ime r spec ifies the inter val in seco nds for se nding per i odi c RIP up dat es. Parameter Description synt ax: [ no ] update ti me < n > example :[...]

  • Página 206

    June 20 04 © 2004 F oundry N etworks, In c. 12 - 1 Chapter 12 RIP show Commands Use RIP display/ show com mands to display all configu red RIP in formation. NOTE: The CL I commands “show” and “display ” can be u sed interc hangeabl y .[...]

  • Página 207

    Foundry AR-Se ries Rou ter User Gu ide 12 - 2 © 2004 F oundry Netw orks, In c. June 200 4 show ip r ip This co mmand a ccesse s the foll owing n ext-level comman ds that di splay m ore spec ific informat ion. related commands: applicable sys tems: All mode ls. show ip rip glo bal show ip rip inte rface show ip rip st atistic s[...]

  • Página 208

    RIP s how Co mmands June 20 04 © 2004 F oundry N etworks, In c. 12 - 3 show ip rip global This co mmand d isplays global con figured informati on about m ode, dist ance, default metri c, and tim ers for RIP . synt ax: show ip rip glo bal example : Foundry- AR1208# s how ip rip g lobal related commands: applicable sys tems: All mode ls. show ip rip[...]

  • Página 209

    Foundry AR-Se ries Rou ter User Gu ide 12 - 4 © 2004 F oundry Netw orks, In c. June 200 4 show ip rip interface This co mmand a ccesse s the foll owing n ext-level comman ds that di splay c onfigur ation info rmation a bout mode , metric, authentic ation, sp lit horizo n, and routers for the RIP interf ace. related commands: applicable sys tems: A[...]

  • Página 210

    RIP s how Co mmands June 20 04 © 2004 F oundry N etworks, In c. 12 - 5 show ip rip interface al l This co mmand d isplays informati on about a ll confi gured RIP inte rfaces. synt ax: show ip rip inte rface all example : Foundry- AR1208# s how ip rip in terface all related commands: applicable sys tems: All mode ls. show ip rip inte rface bund le [...]

  • Página 211

    Foundry AR-Se ries Rou ter User Gu ide 12 - 6 © 2004 F oundry Netw orks, In c. June 200 4 show ip rip interface bundle This co mmand d isplays RIP informa tion fo r a configu red bundl e. Parameter Description synt ax: show ip rip inte rface bund le < name > example : Foundry- AR1208# s how ip rip in terface bundle Dallas related commands: a[...]

  • Página 212

    RIP s how Co mmands June 20 04 © 2004 F oundry N etworks, In c. 12 - 7 show ip rip interface etherne t This c omm a nd di spl ays RI P inf orm atio n abo ut th e Eth ernet int erf ace. synt ax: show ip rip inte rface ethe rnet < 0 | 1 > example : Foundry- AR1208# s how ip rip in terface ethe rnet 0 related commands: applicable sys tems: All [...]

  • Página 213

    Foundry AR-Se ries Rou ter User Gu ide 12 - 8 © 2004 F oundry Netw orks, In c. June 200 4 show ip rip interface st atistics This co mmand di splays g lobal RIP int erface st atistic s, such as th e number of pad p acket s receiv ed, the numbe r or bad r outes rece ived, an d the numb er of trigge red update s sent. synt ax: show ip rip inte rface [...]

  • Página 214

    RIP s how Co mmands June 20 04 © 2004 F oundry N etworks, In c. 12 - 9 show ip rip st atistics This co mmand s hows glob al RIP st atistics, suc h as route changes and querie s. synt ax: show ip rip st atistic s example : Foundry- AR1208# s how ip rip s tatis tics related commands: applicable sys tems: All mode ls. show ip rip glo bal show ip rip [...]

  • Página 215

    Foundry AR-Se ries Rou ter User Gu ide 12 - 10 © 2004 F oundry Netw orks, In c. June 200 4[...]

  • Página 216

    June 20 04 © 2004 F oundry N etworks, In c. 13 - 1 Chapter 13 AS Path Regular Expressions This app endix prov ides informa tion about how to use and config ure regular e xpressio ns for use wi th BGP4 routing proto col comman ds. Matching AS Paths An AS pat h regula r expres sion is a regu lar exp ressi on with th e alpha bet us ed as th e set of [...]

  • Página 217

    Foundry AR-Se ries Rou ter User Gu ide 13 - 2 © 2004 F oundry Netw orks, In c. June 200 4 !AS Matches any AS num ber excep t the giv en one. AS1 -AS2 Is a range of ASs. It match es all AS num bers betw een AS1 an d AS2 inclus ive. !AS1 - AS2 This matc hes all numbers e xcept th e given o ne. . Match es any numb er . null Matches an em pty (0 leng [...]

  • Página 218

    June 20 04 © 2004 F oundry N etworks, In c. 14 - 1 Chapter 14 Multicasting Multicasting Over view T radit ional mu lticast ro uting mec hanisms s uch as Di stanc e V ector Multic ast Rout ing Protoco l (DVMRP) a nd Multic ast Open Sho rtest Path F irst (MOSPF ) were int ended for u se within r egions w here group s are densely populat ed or ba ndw[...]

  • Página 219

    Foundry AR-Se ries Rou ter User Gu ide 14 - 2 © 2004 F oundry Netw orks, In c. June 200 4 Confi gure Join/ Prune Holdtime Foundry/c onfigur e/ip/pim# join-prune -holdt ime <tim e# Confi gure Join /Prune Int erv al Foundry/conf igure/ip/p im#join-p rune-in terval <time# Confi gure MR T Period Foundry/configu re/ip/p im#mrt-per iod <time # [...]

  • Página 220

    Multi cast ing June 20 04 © 2004 F oundry N etworks, In c. 14 - 3 The sho w and de bug PIM co mmands are : Confi gure as ca ndidate RP period Foundry/c onfigure/i p/pim/ crp#period <ti me# Confi gure as ca ndidate RP priority Foundry/c onfigure/i p/pim/crp #priority < value# Confi gure a st atic RP address Fou ndry/conf igure/ip/p im/# rp &l[...]

  • Página 221

    Foundry AR-Se ries Rou ter User Gu ide 14 - 4 © 2004 F oundry Netw orks, In c. June 200 4 Protocol Independent Mult icast - Source S pecific Multi cast (PIM-SSM) By runnin g PIM-SSM a nd IGMPv 3, you can im plement a Source S pecific Multica st (SSM) ser vice mod el in yo ur network. PIM-SSM fu nction ality is the subse t of PIM-SM fu nction ality[...]

  • Página 222

    Multi cast ing June 20 04 © 2004 F oundry N etworks, In c. 14 - 5 membe rship info rmation en ables th e router to f orward traf fic only from t hose sou rces from which r eceivers requeste d the t raffic . IGMPv3 support s appli cations that expli citly sign al source s from whi ch they wa nt to receive traffic . With IG MPv3, receive rs si gnal [...]

  • Página 223

    Foundry AR-Se ries Rou ter User Gu ide 14 - 6 © 2004 F oundry Netw orks, In c. June 200 4 T raceroute Facilit y for IP Multicast With mu lticast di stri but ion tre es , tr aci ng fro m a sou rce to a mu lti ca st de sti nat ion is d if ficult, since the b ranch of the multic ast tree on w hich the de stinatio n lies is un known. Th e techniq ue u[...]

  • Página 224

    Multi cast ing June 20 04 © 2004 F oundry N etworks, In c. 14 - 7 Multic ast tracer oute use s any info rmation a vailable to it in the r outer to try to dete rmine a previous hop to f orward the trace tow a rds . Mult icas t rout ing proto col s vary in the ty pe an d am oun t of st ate they keep; multic as t trac ero ute tries to work with all o[...]

  • Página 225

    Foundry AR-Se ries Rou ter User Gu ide 14 - 8 © 2004 F oundry Netw orks, In c. June 200 4 When mu ltip ath is d isabled, Fou ndry sele ct s the next hop addre ss with lo west ip address. For e qual cos t routes the nex thop s are sto red in the increa sing (asc ending) o rder of I P address. show ip rp f command display s the select ed path , base[...]

  • Página 226

    June 20 04 © 2004 F oundry N etworks, In c. 15 - 1 Chapter 15 Security Features Introduction to Security Foundry introdu ces a w ide range of robust i ndust ry-stan dard sec urity featu res inclu ding: • V irtual Priv ate Network ing • IPSec enc ryptio n and tunn eling • General iz ed Route r Encry ptio n • Firewa ll with p rivate ne twork[...]

  • Página 227

    Foundry AR-Se ries Rou ter User Gu ide 15 - 2 © 2004 F oundry Netw orks, In c. June 200 4 Securing Remote Access Using IPSec VPN The featu res allow a dminist rators to fo rm a secu rity tu nnel to join two p rivate net works over the Inte rnet. The follow ing exampl es show how to se t up an end -to-end tunnel with a single proposal and pre-sh ar[...]

  • Página 228

    Secu rity Fe atur es June 20 04 © 2004 F oundry N etworks, In c. 15 - 3 In tunne l mode, at each IKE en d point, th e IP traf fic to be protec ted is co mpletely encap sulated with anothe r IP pac ket . In thi s, the inn er IP hea der rem ai ns the sa me as seen in the or igi nal traf fic to be protected. In the outer IP header , the source an d d[...]

  • Página 229

    Step 2: Configu re the E thernet in terface w ith trust ed networ k type: Step 3: Display the cryp to interf aces: Step 4: Add the route to t he peer LAN: Step 5: Configur e IKE to t he peer gat eway: Router1/configure# interface ethernet 0 Configuring existing Ethernet interface Router1/configure interface/ethernet 0# ip a ddress 10.0.1.1 24 Route[...]

  • Página 230

    Secu rity Fe atur es June 20 04 © 2004 F oundry N etworks, In c. 15 - 5 Step 6: Display the IKE po licies: Step 7: Display the IKE policies in detail: S tep 8 : Conf igur e th e IPSe c tun nel to the r emot e host : NOTE: For IPSec o nly – w hen you c reate an o utbound tu nnel, an i nbound tu nnel is a utomatic ally crea ted. The inbound tunnel[...]

  • Página 231

    Foundry AR-Se ries Rou ter User Gu ide 15 - 6 © 2004 F oundry Netw orks, In c. June 200 4 Step 9: Display the IPSec policie s: Step 10: Display IPSec p olicies in detail: Router1# show crypto ipsec policy all Policy Peer Match Proto Transform ------ ---- ----- ----- --------- Router2 172.16 .0.2 S 172.16.0.1/32/any Any P1 esp-aes- sha1-tunl D 10.0[...]

  • Página 232

    Secu rity Fe atur es June 20 04 © 2004 F oundry N etworks, In c. 15 - 7 Step 1 1: Configure firewall policies to allow IKE negotiation through untrusted interf ace (applicable only i f firewall lice nse is also enabled): Step 12: Configu re fire wall polic ies to allo w desired servi ces throu gh untrus ted inte rface to manage the router (applica[...]

  • Página 233

    Foundry AR-Se ries Rou ter User Gu ide 15 - 8 © 2004 F oundry Netw orks, In c. June 200 4 Step 14: Display fire wall policies in the internet map in detail (applicable only if firewal l license is enabled): Router1# show firewall policy internet detai l Policy wit h Pr iority 1000 is e nabl ed, Dir ecti on i s inbou nd Action per mit, Traffi c is [...]

  • Página 234

    Secu rity Fe atur es June 20 04 © 2004 F oundry N etworks, In c. 15 - 9 Step 15: Enable SNMP on the Router1 ro ute r: Step 16: Display SNMP co mmunities: Step 17: Repeat step s 1 - 16 with suit able modifications on Router2 prior to managing Router1 from Router2’ s LAN side. Step 1 8: T est the IPSec tunnel for managing the Router1 router from a[...]

  • Página 235

    Foundry AR-Se ries Rou ter User Gu ide 15 - 10 © 2004 F oundry Netw orks, In c. June 200 4 Example 2: Joining T wo Private Netw orks with an IP Security T unnel The foll owing e xample dem onstrates how to fo rm an IP s ecurity tunne l to jo in two priv ate net works: 10.0 .1.0/24 and 10.0 .2.0/24. Th e securit y requiremen ts are as follow s: •[...]

  • Página 236

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 1 1 Figure 1 Tunnel Mode Be tween T wo Foundry S ecurity G ateways - Sing le Pro posals Step 1 : Configur e a W AN bundle of network type untrust ed: Step 2 : Configure the Ethernet interface with truste d network type: Step 3: Display the cry pto inte rfaces: Step 4: Add route [...]

  • Página 237

    Foundry AR-Se ries Rou ter User Gu ide 15 - 12 © 2004 F oundry Netw orks, In c. June 200 4 Step 5: Configu re IKE to the peer gateway: Step 6: Display the IKE po licies: Step 7: Display the IKE policies in detail: Router1/configure# crypto Router1/configure/crypto# ike polic y Router2 172.16.0.2 Router1/configure/crypto/ike/policy Router2 172.16.0[...]

  • Página 238

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 13 Step 8 : Configure IPSec tunnel to the remote host: NOTE: For IPSec o nly – w hen you c reate an o utbound tu nnel, an i nbound tu nnel is a utomatic ally crea ted. The inbound tunnel ap plies th e name tha t you prov ide for the outbound tunnel an d adds th e prefix “IN [...]

  • Página 239

    Foundry AR-Se ries Rou ter User Gu ide 15 - 14 © 2004 F oundry Netw orks, In c. June 200 4 Step 10: Display IPSec p olicies de tail: Step 1 1: Configure firewall policies to allow IKE negotiation through untrusted interf ace (applicable only i f firewall lice nse is also enabled): Router1# show crypto ipsec policy all detail Policy name Router2 is[...]

  • Página 240

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 15 Step 12: Display fire wall policies i n the intern et map (applicabl e only if firewall license is enabled ): Step 13: Display fire wall policies in the internet map in detail (applicable only if firewal l license is enabled): Step 14: Configure firewa ll policies to a llow t[...]

  • Página 241

    Foundry AR-Se ries Rou ter User Gu ide 15 - 16 © 2004 F oundry Netw orks, In c. June 200 4 Step 15: Display firewall policies in the corp map (a pplicable only if fi rewall licens e is enabled): Router1# show firewall policy corp Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter, R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging, E - Poli[...]

  • Página 242

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 17 Step 16: Display firewall p olicies i n the corp map in detail (applicable only if firewall li cense is enabled ): Route r1# s how firewal l po licy corp detai l Polic y with Pr iori ty 1000 is ena bled , Dire ction is inbound Actio n permi t, Tra ffic is tra nsit Loggin g is[...]

  • Página 243

    Foundry AR-Se ries Rou ter User Gu ide 15 - 18 © 2004 F oundry Netw orks, In c. June 200 4 Step17: Repeat steps 1 -16 with s uitable modification s on Rout er2 pr ior to passing traf fic. Step 1 8: T est the IPSec tunnel between Rout er1 and Router2 by p assing traffic from the 10.0.1 .0 to the 10.0.2.0 netw ork. Step 19: Af ter transit traffic is[...]

  • Página 244

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 19 Example 3: Joining T wo Networks with an IPSec T unnel usi ng Multiple IPSec Proposals The foll owing e xample dem onstrates how a sec urity gate way can use multip le IPSec (ph ase2) prop osals to form an IP sec urity tun nel to joi n two private n etworks: 10 .0.1.0/24 a nd[...]

  • Página 245

    Foundry AR-Se ries Rou ter User Gu ide 15 - 20 © 2004 F oundry Netw orks, In c. June 200 4 Figure 2 Tunnel Mode Be tween T wo Foundry S ecurity G ateways - Multi ple Pr oposals Step 1 : Configur e a W AN bundle of network type untrust ed: Step 2 : Configure the Ethernet interface with truste d network type: Step 3: Display the cry pto inte rfaces:[...]

  • Página 246

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 21 Step 5: Configu re IKE to the peer gateway: Step 6: Display the IKE po licies: Step 7: Display the IKE policies in detail: Router1/configure# crypto Router1/configure/crypto# ike polic y Router2 172.16.0.2 Router1/configure/crypto/ike/policy Router2 172.16.0.2# local- address[...]

  • Página 247

    Foundry AR-Se ries Rou ter User Gu ide 15 - 22 © 2004 F oundry Netw orks, In c. June 200 4 Step 8 : Configure IPSec tunnel to the remote host: NOTE: For IPSec o nly – w hen you c reate an o utbound tu nnel, an i nbound tu nnel is a utomatic ally crea ted. The inbound tunnel ap plies th e name tha t you prov ide for the outbound tunnel an d adds [...]

  • Página 248

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 23 Step 10: Configure firew all policies to allow IKE negotiation t hrough untrusted interface (applicable only i f firewall lice nse is also enabled): Router1# show crypto ipsec policy all de tail Policy name Router2 is enabled, Directio n is outbound Peer Address is 172.16.0.2[...]

  • Página 249

    Foundry AR-Se ries Rou ter User Gu ide 15 - 24 © 2004 F oundry Netw orks, In c. June 200 4 Step 1 1: Displ ay firewall policies in th e inte rnet map ( applicable only if f irewall lic ense is enabled ): Step 12: Display fire wall policies in the internet map in detail (applicable only if firewal l license is enabled): Step 13: Configure firewa ll[...]

  • Página 250

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 25 Step 14: Display firewall policies in the corp map (a pplicable only if fi rewall licens e is enabled): Router1# show firewall policy corp Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter, R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging, E - Policy Enabled, M - Sm[...]

  • Página 251

    Foundry AR-Se ries Rou ter User Gu ide 15 - 26 © 2004 F oundry Netw orks, In c. June 200 4 Step 15: Display firewall p olicies i n the corp map in detail (applicable only if firewall li cense is enabled ): Router1# show firewall policy corp detail Policy with Priority 1000 is enabled, Direction is inbound Action permit, Traffic is transit Logging [...]

  • Página 252

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 27 Step16: Repeat steps 1 -15 with s uitable modification s on Rout er2 pr ior to passing bi- directional traffic. Step 1 7: T est the IPSec tunnel between Rout er1 and Router2 by p assing traffic from the 10.0.1 .0 network to t he 10.0.2.0 ne twork. Step 18: Af ter traffic is p[...]

  • Página 253

    Foundry AR-Se ries Rou ter User Gu ide 15 - 28 © 2004 F oundry Netw orks, In c. June 200 4 Example 4: Supporting Remote User Access The foll owing e xample dem onstrates how to con figure a Fo undry ro uter to be an IPSec VPN s erver usin g user group method wi th extende d authenti cation (XAUTH) for remote VPN clien ts. The client c ould be a ny[...]

  • Página 254

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 29 Figur e 15.2 IPSec T unneling Using User Group Method Step 1 : Configur e a W AN bundle of network type untrust ed: Step 2 : Configure the Ethernet interface with truste d network type: Router1/configure# interface bundle wan1 Configuring new bundle Router1/configure/interfac[...]

  • Página 255

    Foundry AR-Se ries Rou ter User Gu ide 15 - 30 © 2004 F oundry Netw orks, In c. June 200 4 Step 3: Display the cry pto inte rfaces: Step 4: Configur e dynamic IKE policy for a group of mobile users: Step 5: Display dynamic IKE policies: Router1# show crypto interfaces Interface Network Name Type --------- ------- ethernet0 trusted wan1 untrusted R[...]

  • Página 256

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 31 Step 6: Display dynamic IKE policies in detail: Step 7: Configur e dynamic IPSec policy for a group of mobile users: Step 8: Display dynamic IPS ec policie s: Router1# show crypto dynamic ike policy all deta il Policy name sales, User group name sales Aggressive mode, Respons[...]

  • Página 257

    Foundry AR-Se ries Rou ter User Gu ide 15 - 32 © 2004 F oundry Netw orks, In c. June 200 4 Step 9: Display dynamic IPSec policie s in detail: Step 10: Configu re rad ius serve r (applicab le on ly if cli ent authentication is configured in dynamic IKE policy): Router1# show crypto dynamic ipsec policy all de tail Policy sales is enabled, User grou[...]

  • Página 258

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 33 Step 1 1: Configure firewall policies to allow IKE negotiation through untrusted interf ace (applicable only i f firewall lice nse is also enabled): Step 12: Display fire wall policies i n the intern et map (applicabl e only if firewall license is enabled ): Step 13: Display [...]

  • Página 259

    Foundry AR-Se ries Rou ter User Gu ide 15 - 34 © 2004 F oundry Netw orks, In c. June 200 4 Step 14: Conf igure firew all polic ies fo r a gr oup of mo bile user s to allo w acces s to the local L AN (applicable only if fir ewall license is enabled): NOTE: Be sure to match the user group nam e in the po licy c ommand with the na me used i n S tep 4[...]

  • Página 260

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 35 Step 16: Display firewall p olicies i n the corp map in detail (applicable only if firewall li cense is enabled ): Router1# show firewall policy corp detai l Policy with Priority 1000 is enabled, Di rection is inbound Action permit, Traffic is transit User Group is sales, Log[...]

  • Página 261

    Foundry AR-Se ries Rou ter User Gu ide 15 - 36 © 2004 F oundry Netw orks, In c. June 200 4 Step 17: T est t he IPSec tunnel b etween th e VPN clie nt and the serve r by passing tra ffic fro m the client to the 1 0.0.1.0 ne twork. Step 18: Af ter passing traffic through the tunnel, display the list of client s logged onto the VPN server an d the IK[...]

  • Página 262

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 37 Example 5: Configuring IPSec Remote Access to Corporat e LAN with Mode- Configuration Method The foll owing e xample dem onstrates how to con figure a Fo undry ro uter to be an IPSec VPN s erver usin g mode- configu ration method. Th e client could be any st andard m ode conf[...]

  • Página 263

    Foundry AR-Se ries Rou ter User Gu ide 15 - 38 © 2004 F oundry Netw orks, In c. June 200 4 Figur e 15.3 IPSec T unneling Us ing Mode Configurat ion Met hod Step 1 : Configur e a W AN bundle of network type untrust ed: Step 2 : Configure the Ethernet interface with truste d network type: Router1/configure# interface bundle wan1 Configuring new bund[...]

  • Página 264

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 39 Step 3: Display the cry pto inte rfaces: Step 4: Configur e dynamic IKE policy for a group of mobile users: Step 5: Display dynamic IKE policies: Router1# show crypto interfaces Interface Network Name Type --------- ------- ethernet0 trusted wan1 untrusted Router1/configure# [...]

  • Página 265

    Foundry AR-Se ries Rou ter User Gu ide 15 - 40 © 2004 F oundry Netw orks, In c. June 200 4 Step 6: Display dynamic IKE policies in detail: Step 7: Configur e dynamic IPSec policy for a group of mobile users: Step 8: Display dynamic IPS ec policie s: Router1# show crypto dynamic ike policy all detail Policy name sales, Modeconfig group Aggressive m[...]

  • Página 266

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 41 Step 9: Display dynamic IPSec policie s in detai:l Step 10: Configure firew all policies to allow IKE negotiation t hrough untrusted interface (applicable only i f firewall lice nse is also enabled): Step 1 1: Displ ay firewall policies in th e inte rnet map ( applicable only[...]

  • Página 267

    Foundry AR-Se ries Rou ter User Gu ide 15 - 42 © 2004 F oundry Netw orks, In c. June 200 4 Step 12: Display fire wall policies in the internet map in detail (applicable only if firewal l license is enabled): Step 13: Conf igure firew all polic ies fo r a gr oup of mo bile user s to allo w acces s to the local L AN (applicable only if fir ewall lic[...]

  • Página 268

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 43 Step 15: Display firewall p olicies i n the corp map in detail (applicable only if firewall li cense is enabled ): Router1# show firewall policy corp detail Policy with Priority 1000 is enabled, Direction is inbound Action permit, Traffic is transit Logging is disable Source [...]

  • Página 269

    Foundry AR-Se ries Rou ter User Gu ide 15 - 44 © 2004 F oundry Netw orks, In c. June 200 4 Step 16: T est t he IPSec tunnel b etween th e VPN clie nt and the serve r by passing tra ffic fro m the client to the 1 0.0.1.0 ne twork. Step 17: Af ter passing traffic through the tunnel, display the list of client s logged onto the VPN server an d the IK[...]

  • Página 270

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 45 Configuring GR E Generic Routing En caps ulation (G RE) is a stand ards-base d (RFC1701 , RFC2784) tunneling protocol that can encap s ul ate a wide va riet y of p roto co l p acket types i nside IP tunnels, crea tin g a v irtu al poi nt-t o-point li nk be tw een router s at [...]

  • Página 271

    Foundry AR-Se ries Rou ter User Gu ide 15 - 46 © 2004 F oundry Netw orks, In c. June 200 4 GRE Configuration Examples This ex ample ex plains how to confi gure a bas ic GRE tun nel as show n in Fig ure 15.4. Figure 15.4 Sim ple GRE config uratio n Configuring Site to Site T unnel T o configure G RE in a si te to site tunnel co nfiguratio n: 1. Con[...]

  • Página 272

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 47 NOTE: The peer of a lo cal W AN i nterface cann ot be use d as a tun nel desti nation. 4. V erify that th e tunnel is up and running. (I f it is not , check the Gatewa y and Sou rce Addr ess fie lds.) For more information e nter: Foundry/configure# ip route 0.0.0.0 0.0.0.0 19[...]

  • Página 273

    Foundry AR-Se ries Rou ter User Gu ide 15 - 48 © 2004 F oundry Netw orks, In c. June 200 4 5. C onfi gur e t he Ci sco s ide : With the tunn el pr ope rly con figu red and w orkin g, users on one sid e of the tunn el ca n pi ng us ers on the othe r sid e. Configuring GRE Site to Site with IPS ec This ex ample ex tends the fi rst exa mple by add in[...]

  • Página 274

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 49 3. C onfi gur e the r out e s: 4. D efin e th e poli cy: 5. Check th e st atus of th e tunnel by ent ering: Foundr y# sh ow i p inter face tunn el t 0 S tep 6:V alid ate the tun nel confi guration b y entering : Foundr y# sh ow c rypto i psec poli cy a ll Or enter: Foundr y# [...]

  • Página 275

    Foundry AR-Se ries Rou ter User Gu ide 15 - 50 © 2004 F oundry Netw orks, In c. June 200 4 NOTE: Using the redist ribute co nnected c ommand add s a recurs ive route to the tun nel de stination . This will cause the tunnel to shut do wn. T o prevent thi s, add a 32-bit st atic rou te for the tu nnel des tination. With the tunn el pr ope rly con fi[...]

  • Página 276

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 51 Step 1:Configu re the Et hernet interface s and the W AN interfaces with IP a ddresses: Step 2: Create the secur ity zones C ORP a nd DMZ and attach interface s: Step 3: V er ify that the inter faces ar e attached to th e securi ty zones : Step 4: Create policie s for Securit[...]

  • Página 277

    Foundry AR-Se ries Rou ter User Gu ide 15 - 52 © 2004 F oundry Netw orks, In c. June 200 4 Step 5: V er ify the firewall policy for Security Zone CORP: Step 6: V er ify that the HTTP filter object in Security Zone CORP is created as conf igu red: Step 7: Create policies for Securit y Zone DMZ that: • Create an obj ec t of type nat-pool w ith pri[...]

  • Página 278

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 53 Step 8:V erify the firewall policy for Security Zone DMZ: Step 9: V erify that the FTP filter object s for Security Zone DMZ are created as configured: Step 10: Create a defaul t route o ut of the W AN: Foundry/configure# firewall dmz Foundry/configure/firewall dmz# object Fo[...]

  • Página 279

    Foundry AR-Se ries Rou ter User Gu ide 15 - 54 © 2004 F oundry Netw orks, In c. June 200 4 Step 1 1:V erify the system configurati on by displaying th e running configuration: Foundry/configure# show configuration running Please wait... (up to a minute) terminal exit terminal qos exit qos module t1 1 alarms thresholds exit thresholds exit alarms l[...]

  • Página 280

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 55 qos exit qos vrrp_mode 0 aaa exit aaa crypto trusted exit ethernet interface ethernet 1 ip address 10.3.1.1 255.255.255.0 ip multicast mode ospfrip2 exit multicast mtu 4000 icmp exit icmp qos exit qos vrrp_mode 0 aaa exit aaa crypto trusted exit ethernet interface bundle wan [...]

  • Página 281

    Foundry AR-Se ries Rou ter User Gu ide 15 - 56 © 2004 F oundry Netw orks, In c. June 200 4 load_balance per_flow multicast exit multicast route 0.0.0.0 0.0.0.0 wan 1 exit ip policy community_list exit community_list crypto exit crypto firewall global exit firewall firewall internet interface wan policy 1024 out self exit policy exit firewall firew[...]

  • Página 282

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 57 Packet Reassembly T o configure t he firewa ll to perfo rm IP reass embly of ov ersized packet s that ha ve been f ragmen ted, enter: NA T Configurations Network Address T ranslation (N A T) was def ined to serve two purp oses: • Allowe d LAN admin istrators to crea te secu[...]

  • Página 283

    Foundry AR-Se ries Rou ter User Gu ide 15 - 58 © 2004 F oundry Netw orks, In c. June 200 4 NA T Configuration Examples Dynamic NA T (many to m any) In dyna mic (man y-to-many ) NA T type, multiple source IP addresse s in the corp orate netw ork will b e mapped to multipl e NA T IP add resses (not n ecessarily of equal number). F or a set of local [...]

  • Página 284

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 59 St atic NA T (one to one) Figure 15.7 St atic NA T In st atic (one- to-one) NA T type, fo r each IP ad dress in the corporate network, one NA T IP address will be u sed. For exam ple, for th e three IP addre sses from 1 0.1.1.1 to 1 0.1.1.3, th ere is a s et of three NA T IP [...]

  • Página 285

    Foundry AR-Se ries Rou ter User Gu ide 15 - 60 © 2004 F oundry Netw orks, In c. June 200 4 Figure 15.8 Mapp ing Multiple NA T Addresses to One Public IP Address There are two method s to confi gure Port Add ress T ranslation (P A T) on the Foundry ga teway . In the first meth od, specif y the IP a ddres s to the nat- ip p aramete r in the poli cy [...]

  • Página 286

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 61 Security Pr otocol Default s This se ction pro vides in formation about IPSec supported protocol s and mod es, encry ption alg orithms and block sizes , and Foun dry IPSec an d IKE defaul t values . IPSec Supported Protoc ols and Algori thms The f ollowing t ables provide s u[...]

  • Página 287

    Foundry AR-Se ries Rou ter User Gu ide 15 - 62 © 2004 F oundry Netw orks, In c. June 200 4 Foundry IKE and IPSec Default s T o minimize c onfigurati on required by the us er , default IKE and IPSec v alues have been imp lemented in Foundry’ s encryption scheme. Foundry s upport s a ma ximum o f 100 IPSec tunnels. IKE Defaults T able 15.5: li sts[...]

  • Página 288

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 63 IPSec Defaults T able 15.6: lis ts IPSec default s. When the user creat es an IPSec p olicy and provides the match add ress, an IPSe c propo sal wit h priority 1 is auto maticall y created . When an outboun d policy is spec ified, an inbou nd polic y is auto mati ca lly creat[...]

  • Página 289

    Foundry AR-Se ries Rou ter User Gu ide 15 - 64 © 2004 F oundry Netw orks, In c. June 200 4 Direction No Default Action Permi t Tr a f f i c t y pe Tr an s it Source Por t Any Destination Port Any Schedul e Disabled FTP Filter Disabled SMTP Filt er Di sabl ed HTTP Filter Disa bled RPC Filter Disabled NA T Disabled Maximu m Conne ction s 1024 Conn e[...]

  • Página 290

    Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 65 T u nneling Defau lt V alues This se ction pro vides the IP-IP and G RE tunnel ing protoc ol defaul t values. Win Nuke Attac k Chec k Disable d IP Unali gned T ime st amp check D isable d TCP Seque nce Numbe r Pre dict i on C hec k Disabled TCP Seque nce Numbe r Range Check D[...]

  • Página 291

    Foundry AR-Se ries Rou ter User Gu ide 15 - 66 © 2004 F oundry Netw orks, In c. June 200 4[...]

  • Página 292

    June 20 04 © 2004 F oundry N etworks, In c. Inde x - 1 A abbrevi ated comma nds 4-3 Audienc e 3-1 B bold ty pe 4-3 C comma nd lin e inte rfac e conven tions us ed 4-1 getting hel p 4-4 comma nd nav ig ati on 4-4 comma nd sh ortc uts 4-3 command tree 4-5 contex t-se nsiti ve co mmand s 4-1 control ke y combinati ons 4-4 conven tions manual 3-1 D di[...]

  • Página 293

    Foundry AR-Se ries Rou ter User Gu ide Index - 2 © 2004 F oundry Netw orks, In c. June 200 4[...]