Alcatel-Lucent 7750 SR OS manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482

Ir para a página of

Bom manual de uso

As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto Alcatel-Lucent 7750 SR OS. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoAlcatel-Lucent 7750 SR OS vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.

O que é a instrução?

A palavra vem do latim "Instructio" ou instruir. Portanto, no manual Alcatel-Lucent 7750 SR OS você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.

Infelizmente, pequenos usuários tomam o tempo para ler o manual Alcatel-Lucent 7750 SR OS, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.

Então, o que deve conter o manual perfeito?

Primeiro, o manual Alcatel-Lucent 7750 SR OS deve conte:
- dados técnicos do dispositivo Alcatel-Lucent 7750 SR OS
- nome do fabricante e ano de fabricação do dispositivo Alcatel-Lucent 7750 SR OS
- instruções de utilização, regulação e manutenção do dispositivo Alcatel-Lucent 7750 SR OS
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes

Por que você não ler manuais?

Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque Alcatel-Lucent 7750 SR OS não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos Alcatel-Lucent 7750 SR OS e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço Alcatel-Lucent na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas Alcatel-Lucent 7750 SR OS, como para a versão papel.

Por que ler manuais?

Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo Alcatel-Lucent 7750 SR OS, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.

Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual Alcatel-Lucent 7750 SR OS. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação

Índice do manual

  • Página 1

    7750 SR OS R outer Configur a tion Guide Software V ersion: 7750 SR OS 5.0 February 2007 Document Part Number: 93-0073-03-01 *93-0073-03-01*[...]

  • Página 2

    This document is protected by copyright. Ex cept as specifically perm itted herein, no portion of th e provided information can be reproduced in any form, or by any means, without prior written permissi on from Alcatel-Lucent.[...]

  • Página 3

    7750 SR OS R outer Conf igur a tion Guide Page 3 T able of Contents Getting Started Alcatel-Lucent 7750 SR- Series Router Configur ation Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 IP Router Configuration Configuring IP Router Para[...]

  • Página 4

    Page 4 7750 SR OS Qo S Configur ation Guide T able of Contents Configuring an Autonomous System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Service Management Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 C[...]

  • Página 5

    7750 SR OS QoS Confi gur a t ion Guide Pag e 5 T able o f Contents Non-Owner Acce ss Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Non-Owner Access SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Página 6

    Page 6 7750 SR OS Qo S Configur ation Guide T able of Contents Web Redirection (Captive Portal) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280 Creating Redirect Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 [...]

  • Página 7

    7750 SR OS QoS Confi gur a t ion Guide Pag e 7 T able o f Contents Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 57 Generic Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 5[...]

  • Página 8

    Page 8 7750 SR OS Qo S Configur ation Guide T able of Contents Cflowd Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465 Global Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465 Show Co[...]

  • Página 9

    7750 SR OS R outer Conf igur a tion Guide Page 9 List of T a bles Getting Started Table 1: Configuration Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 IP Router Configuration Table 2: IPv6 Header Field Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Página 10

    Page 10 7750 SR OS R out er Configur a tion Guide List of T ables[...]

  • Página 11

    7750 SR OS R outer Conf igur a tion Guide Page 11 L IST OF F IGURES IP Router Configuration Figure 1: Confederation Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25 Figure 2: IPv6 Header Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Página 12

    Page 12 7750 SR OS R out er Configur a tion Guide List of Figures[...]

  • Página 13

    7750 SR OS R outer Conf igur a tion Guide Page 13 Pr ef ace About This Guide This guide describes logical IP ro uting interfaces, virtual routers, IP and MAC-based filtering, and cflowd support provided by the 7750 SR OS and presents configuration and implementation examples. This document is organized into functional chapte rs an d provides concep[...]

  • Página 14

    Preface Page 14 7750 S R OS R out er Configuration Guide List of T echnical Publications The 7750 SR documen tation set is composed of the following books: • 7750 SR OS Basic System Configuration Guide This guide describes basic system configurations and operations. • 7750 SR OS System Ma nagement Guide This guide describes system security and [...]

  • Página 15

    Preface 7750 SR OS R outer Conf igur a tion Guide Page 1 5 T echnical Support If you purchased a service agreeme n t for your 7750 SR-Series rout er and related products from a distributor or authorized reseller , contac t the tec hnical support staff for that distributor or reseller for assistance. If you purchased an Alcatel-Lucen t service agree[...]

  • Página 16

    Preface Page 16 7750 S R OS R out er Configuration Guide[...]

  • Página 17

    7750 SR OS R outer Conf igur a tion Guide Page 17 Getting Star ted In This Chapter This chapter provides process flow information to configure routing entities, virtual rout ers, IP and MAC filters, and Cflo wd. Alcatel-Lucent 7750 SR-Series Router Configuration Process Ta b l e 1 lists the ta sks necessary to configure logical IP routing interface[...]

  • Página 18

    Getting S tarted Page 18 7750 SR OS R out er Configur a tion Guide[...]

  • Página 19

    7750 SR OS R outer Conf iguration Guide P age 19 IP R outer Configur a tion In This Chapter This chapter provides informatio n about commands required to configure bas ic router parameters. T opics in this chapter include: • Configuring IP Router Parameters on page 20 → Interfaces on page 20 → Router ID on page 22 → Autonomous Systems (AS) [...]

  • Página 20

    Configuring IP Router Parameters Page 20 7750 SR OS R out er Configuration Guide Configuring IP Router Parameters In order to provisi on services on a 7750 SR-Seri es router , logical IP rou ting interfaces must be configured to associate attributes such as an IP address, port or the system with the IP interface. A special type of IP interface is t[...]

  • Página 21

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 21 System Interface The system interface is associated with the networ k entity (such as a specific router or sw itch), not a specific interface. The system interface is also referred to as the loopb ack address. The system interface is associated during the configuration of the[...]

  • Página 22

    Configuring IP Router Parameters Page 22 7750 SR OS R out er Configuration Guide IP Addresses Creating an IP Address Range An IP address range can be reserved for ex clusive use for services by defining the config>router>service-prefix command. When the service is configured, the IP address must be in the range specified as a service prefix. [...]

  • Página 23

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 23 Autonomous Systems (AS) Networks can be grouped into areas. An area is a co llection of network segmen ts within an AS that have been administratively assigned to the same group. An area ’ s topology is concealed from the rest of the AS, which results in a sign ificant redu[...]

  • Página 24

    Configuring IP Router Parameters Page 24 7750 SR OS R out er Configuration Guide Confederations Configuring confederation s is op tional and should only be implem ented to reduce the IBGP mesh inside an AS. An AS can be logically divided in to smaller groupings called sub-confederations and then assigned a confederation ID (similar to an autonomous[...]

  • Página 25

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 25 There are no default confederations. Router confederations must be explicitly created. Figure 1 depicts a confederation configuration example. Figure 1: Confederation Configura tion SRSG005 Confederation Member 1 Confederation Member 2 ALA-D ALA-B ALA-C ALA-A AS 100 AS 200 Co[...]

  • Página 26

    Configuring IP Router Parameters Page 26 7750 SR OS R out er Configuration Guide Proxy ARP Proxy ARP is the technique in which a router an swers ARP requests intended for another node. The router appears to be present on the same networ k as the “real” node that is the tar get of t he ARP and takes responsibility for ro uting packets to the “[...]

  • Página 27

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 27 Internet Protocol V ersions The 7750 SR OS implements IP routing functio nality , providing support for IP version 4 (IPv4) and IP version 6 (IPv6). IP version 6 (IPv6) (RFC 1883, Internet Pr otocol, V er sion 6 (IPv6) ) is a newer version of the Internet Protocol d esigned a[...]

  • Página 28

    Configuring IP Router Parameters Page 28 7750 SR OS R out er Configuration Guide Table 2: IPv6 Header Field Descriptions Field Descrip tion Version 4-bit Internet Protocol version number = 6. Prio. 4-bit priority value. Flow Label 24-bit flow label. Payload Length 16-bit unsigned integer. The length of payload, for example, the rest of the packet f[...]

  • Página 29

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 29 IPv6 Applications Examples of the IPv6 applications su pported by the 7750 SR OS inclu de: • IPv6 Internet exchange peering — Figure 3 shows an IPv6 Internet exch ange where multiple ISPs peer over native IPv6. Figure 3: IPv6 Internet Exchange • IPv6 transit services ?[...]

  • Página 30

    Configuring IP Router Parameters Page 30 7750 SR OS R out er Configuration Guide • IPv6 services to enterprise customers and home users — Figure 5 sh ows IPv6 connectivity to enterprise and home br oadband users. Figure 5: I Pv6 Services to Enterpris e Customers and Home Us ers • IPv6 over IPv4 relay services — IPv6 over IP v4 tunnels are o[...]

  • Página 31

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 31 IPv6 Provider Edge Router over MPLS (6PE) 6PE allows IPv6 domains to communicate with each other over an IPv4 MPLS core network. This architecture requires no ba ckbone infrastru cture upgrades and no reconfig uration of core routers, because forwarding is purely based on MPL[...]

  • Página 32

    Configuring IP Router Parameters Page 32 7750 SR OS R out er Configuration Guide • LDP is used to create the MPLS full mesh between the 6PE routers and the IPv4 addresses that are embedded in the next-hop field are reachable by LDP LSPs. The ingress 6PE router uses the LDP LSPs to reach remote 6PE routers. 6PE Dat a Plane Support The ingress 6PE [...]

  • Página 33

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 33 Bidirectional Forwarding Detection Bidirectional Forwarding Detection (BFD) is a light-weight, low-overhead, sho rt-duration detection of failures in the path between two systems. If a system stops receiving BFD messages for a long enough period (base d o n configuration) it [...]

  • Página 34

    Configuring IP Router Parameters Page 34 7750 SR OS R out er Configuration Guide If multiple BFD sessions exist betw een two nodes, the BFD discrimin ator is used to de-multiplex the BFD control packet to the appropriate BFD session. Control Packet Format The BFD control packet has 2 se ctions, a mandator y section and an optiona l authentication s[...]

  • Página 35

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 35 D Bit The “demand mode” bit. If set, the transm itting system wishes to operate in demand mode. P Bit The poll bit. If set, the transmittin g system is reques ting verificati on of connectivity, or of a p arameter change. F Bit The final bit. If set, the transmitti ng sys[...]

  • Página 36

    Router Configurati on Process Overview Page 36 7750 SR OS R out er Configuration Guide Router Configuration Process Overview Figure 9 displays the process to configure basic router parame ters. Figure 9: IP Rout er Configuration Flow ENABL E START SET THE SYSTEM NAME CONFIGURE SYSTEM IP ADDRESS CONFIGURE CONFEDERATIONS (optional) CONFIGURE ROUTER I[...]

  • Página 37

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 37 Router Configuration Process Overview Figure 9 displays the process to configure basic router parame ters. Figure 10: Router Configuration Component s ROUTER ROUTER ID (optional) INTERFACE AUTONOMOUS SYSTEM (optional) CONFEDERATION (optional) IPV6 ADDRESS NEIGHBOR ADDRESS[...]

  • Página 38

    Router Configurati on Process Overview Page 38 7750 SR OS R out er Configuration Guide Router Configuration Process Overview Figure 10 displays the process to configure basic router parameters. • Interface — A logical IP routing interface. O nce created, attributes like an IP address, port, link aggregation grou p or th e system can be associat[...]

  • Página 39

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 39 Configuration Notes The following information describ es router configuration caveats. • A system interface and associated IP address should be specified. • Boot options file (BOF) parameters must be configured prio r to configuring ro uter parameters. • Confederations [...]

  • Página 40

    Configuration Notes Page 40 7750 SR OS R out er Configuration Guide[...]

  • Página 41

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 41 Configuring an IP Router with CLI This section provides informatio n to configure an IP router. Topics in this section include: • Router Configuration Ov erview on page 42 • CLI Command S tructure on page 43 • List of Commands on page 44 • Basic Configuration on page [...]

  • Página 42

    Router Configuration Overview Page 42 7750 SR OS R out er Configuration Guide Router Configuration Overview In a 7750 SR, an interface is a logical named entity. An interface is created by specifying an interface name under the configure>router context. This is the global router configuration context where objects like static routes are defi ned[...]

  • Página 43

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 43 CLI Command S tructure Figure 1 1 displays the CLI command structure to conf igure router parameters. The commands are located under the config>router context. Figure 11: CLI Co nfiguration Contex t Figure 12 displays the brief CLI command structure to configure the system[...]

  • Página 44

    List of Commands Page 44 7750 SR OS R out er Configuration Guide List of Commands Ta b l e 4 lists all the configuration co mmands to configure a 7750 SR -Series router, indicating the configuration level at which each command is implemented with a short command description. Refer to each specific chapter for specific routi ng protocol information [...]

  • Página 45

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 45 autonomous-system Assigns an autonomous system (AS) number to the router . 87 confederation Creates a confederation within an AS. 87 ecmp Enables ECMP and configures the num ber of routes for path sharing. 88 ignore-icmp- redirect Drops or accepts ICMP redirects received on t[...]

  • Página 46

    List of Commands Page 46 7750 SR OS R out er Configuration Guide static-arp Configures a static ARP entry associating an IP address with a MAC address for the core router instance. 104 tos-marking-state Specifies the TOS marking state. 104 unnumbered Sets an IP interface as an unnumbered interface and the IP address to be used for the interface. 10[...]

  • Página 47

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 47 managed- configuration Sets the managed address co nfiguration flag. This flag indicates that DHCPv6 is available for address config uration in addition to any address autoconfigured using stateless address autoconfiguration. 11 6 max-advertisement- interval Configures the ma[...]

  • Página 48

    Basic Configuration Page 48 7750 SR OS R out er Configuration Guide Basic Configuration NOTE: Refer to each specific chapter for specifi c routing protocol inform ation and command syntax to configure protocols such as OSPF and BGP. The most basic router configur ation must have the following: • System name • System address The following exampl[...]

  • Página 49

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 49 Common Configuration T asks The following sections desc ribe basic system tasks. • Configuring a System Name o n page 49 • Configuring Interfaces on pag e 51 → Configuring a System Interface on pag e 51 → Configuring a Network Interfa ce o n page 51 → Configuring IP[...]

  • Página 50

    Common Configuration T asks Page 50 7750 SR OS R out er Configuration Guide The following example displays the system name output. A#ALA-A>config>system# info #------------------------------------------ # System Configuration #------------------------------------------ name "ALA-A" location "Mt.View, CA, NE corner of FERG 1 Bui[...]

  • Página 51

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 51 Configuring Interfaces The following command sequences crea te a system an d a logical IP interface. The system interface assigns an IP address to the inte rface, and then associates the IP in terface with a physical port. The logical interface can associate attrib utes like [...]

  • Página 52

    Common Configuration T asks Page 52 7750 SR OS R out er Configuration Guide config>router>if>egress# filter ip 10 config>router>if>egress# exit config>router>if# cflowd acl config>router>if# exit The following displays the IP configuratio n output showing the interface information. A:ALA-A>config>router# info #--[...]

  • Página 53

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 53 Configuring IPv6 Parameters To configure IPv6 parameters, you must first: • The chassis mode must be set to c in the config>system>chassis-mode context. Use the force keyword to upgrade to c mode with cards provisioned as i om-20g or iom-20g-b. The following displays [...]

  • Página 54

    Common Configuration T asks Page 54 7750 SR OS R out er Configuration Guide The following example displa ys IPv6 interface configuration co mmand usage. These commands are configured in the config>router context. Example : config>router# interface gemini_5_21 config>router>if# address 10.11.10.1/24 config>router>if# port 1/2/37 co[...]

  • Página 55

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 55 Configuring IPv6 Over IPv4 Parameters This section provi des several examples of the feat ures that must be configured in order to implement IPv6 over IPv4 relay services. • T unnel Ingress Node on page 55 → Learning the T unnel Endpoint IPv4 System Address on page 57 →[...]

  • Página 56

    Common Configuration T asks Page 56 7750 SR OS R out er Configuration Guide Both the IPv4 and IPv6 system addresses must to configured CLI Syntax: config>router interface ip-int-name address { ip-address/mask >| ip-address netmask } [broad- cast all-ones|host-ones] ipv6 address ipv6-address/prefix-length [eui-64] Example : config>router# i[...]

  • Página 57

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 57 Learning the T unnel End poi nt IPv4 System Address This configuration di splays the OSPF configuration to learn the IPv4 system address of the tunnel endpoint. CLI Syntax: config>router ospf area area-id interface ip-int-name Example : config>router# ospf config>rou[...]

  • Página 58

    Common Configuration T asks Page 58 7750 SR OS R out er Configuration Guide Configuring an IPv4 BGP Peer This configuration d isplay the commands to configure an IP v4 BGP peer with (IPv4 an d) IPv6 protocol families. CLI Syntax: config>router bgp export policy-name [ policy-name ...(upto 5 max)] router-id ip-address group name family [ipv4] [vp[...]

  • Página 59

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 59 An Example of a IPv6 Over IPv4 T unnel Configuration The IPv6 address is the next-hop as it is received through BGP. The IPv4 address is the system address of the tunnel's endpo int static-route ::C8C8:C802/128 indirect 200.200.20 0.2. This configuration displays an exam[...]

  • Página 60

    Common Configuration T asks Page 60 7750 SR OS R out er Configuration Guide protocol ospf3 exit to protocol bgp exit action accept exit exit exit exit ... ---------------------------------------------- A:ALA-49>configure>router#[...]

  • Página 61

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 61 T u nnel Egress Node This configuration shows how the interface through which the IP v6 over IPv4 traffic leaves the node. It must be configured on a network interfa ce. Both the IPv4 and IP v6 system addresses must be configured. CLI Syntax: config>router configure router[...]

  • Página 62

    Common Configuration T asks Page 62 7750 SR OS R out er Configuration Guide Learning the T unnel End poi nt IPv4 System Address This configuration displa ys the OSPF configuration to learn the IPv4 system address of the tunnel endpoint. CLI Syntax: config>router ospf area area-id interface ip-int-name Example : config>router# ospf config>r[...]

  • Página 63

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 63 Configuring an IPv4 BGP Peer This configuration d isplay the commands to configure an IP v4 BGP peer with (IPv4 an d) IPv6 protocol families. CLI Syntax: config>router bgp export policy-name [ policy-name ...(upto 5 max)] router-id ip-address group name family [ipv4] [vpn-[...]

  • Página 64

    Common Configuration T asks Page 64 7750 SR OS R out er Configuration Guide An Example of a IPv6 Over IPv4 T unnel Configuration The IPv6 address is the next-hop as it is received through BGP. The IPv4 address is the system address of the tunnel's endpo int static-route ::C8C8:C802/128 indirect 200.200.20 0.2 This configuration displays an exa[...]

  • Página 65

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 65 protocol ospf3 exit to protocol bgp exit action accept exit exit exit exit ---------------------------------------------- A:ALA-49>configure>router#[...]

  • Página 66

    Common Configuration T asks Page 66 7750 SR OS R out er Configuration Guide Router Advertisement To configure the router to originat e router advertisement messages, the router-advertisement command must be enabled. All other router adve rtisement configuration pa rameters are optional. Router advertisement on all IPv6-e nabled interfaces will be e[...]

  • Página 67

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 67 The following example displays router adver tisement command usage . These commands are configured in the config>router context. Example : config>router# router-advertisement config>router>router-advert# interf ace gemini_5_21 config>router>router-advert>[...]

  • Página 68

    Common Configuration T asks Page 68 7750 SR OS R out er Configuration Guide Configuring Proxy ARP To configure prox y ARP, you can configure: • A prefix list in the config>router>policy-options>prefix-list conte xt . • A route policy statement in the config>router>policy-options>policy- statement context and apply the specifie[...]

  • Página 69

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 69 Use the following CLI syntax to configure the policy st atement specified in the proxy-arp- policy policy-statement command. CLI Syntax: config>router# policy-options begin commit policy-statement name default-action {accept|next-entry|next-policy|reject} entry entry-id ac[...]

  • Página 70

    Common Configuration T asks Page 70 7750 SR OS R out er Configuration Guide exit exit ... ---------------------------------------------- A:ALA-49>config>router>policy-options# Use the following CLI to configure proxy ARP: CLI Syntax: config>router>interface interface-name local-proxy-arp proxy-arp-policy policy-name [ policy-name ...[...]

  • Página 71

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 71 Creating an IP Address Range An IP address range can be reserved for ex clusive use for services by defining the config>router>service-prefix command. When the service is configured, the IP address must be in the range specified a s a service prefix . If no service pref[...]

  • Página 72

    Common Configuration T asks Page 72 7750 SR OS R out er Configuration Guide Deriving the Router ID The router ID defaults to the address specified in the system interface command. If the system interface is not configured with an IP address, then the router ID in herits the last four bytes of the MAC address. The router ID can also be manually conf[...]

  • Página 73

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 73 Configuring a Confederation Configuring a confederation is optional. The AS and confederation topology design should be carefully planned. Autonomous system (AS), confederation, and BGP connection and p eering parameters must be explicitly created on each participating SR. Id[...]

  • Página 74

    Common Configuration T asks Page 74 7750 SR OS R out er Configuration Guide NOTES : • Confederations can b e preconfigured prio r to configuring BGP connections and p eering. • Each confederation can have up to 15 members. The following example displa ys the confederation output. A:ALA-B>config>router# info #------------------------------[...]

  • Página 75

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 75 Configuring an Autonomous System Configuring an autonomous system is optional. Use the following CLI sy ntax to configure an autonomous system: CLI Syntax: config>router autonomous-system as-number The following example displa ys the autonomous system configuration command[...]

  • Página 76

    Service Management T asks Page 76 7750 SR OS R out er Configuration Guide Service Management T asks This section discusses the following service mana gement tasks: • Changing the System Name on page 76 • Modifying Interface Pa rameters on pa ge 77 • Deleting a Logi cal IP Interface on page 78 Changing the System Name The syst em command sets [...]

  • Página 77

    IP Router C onfiguration 7750 SR OS R outer Conf iguration Guide P age 77 Modifying Interface Parameters Starting at the config>router level, navigate down to the router interface context. To modify an IP address, perform the following steps: Example :A : ALA-A>config>router# interface “ to-sr1 ” A: ALA-A>config>router>if# shu[...]

  • Página 78

    Service Management T asks Page 78 7750 SR OS R out er Configuration Guide Deleting a Logical IP Interface The no form of the interface command typically removes the en try, but all entity associations must be shut down and/ or de leted before an interface can be deleted. 1. Before an IP interface can be deleted, i t mu st first be administratively [...]

  • Página 79

    IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 79 IP Router Command Reference Command Hierarchies Configuration Commands • Router Commands • Router Interface Command s • Router Interface IPv6 Command s • Router Advertisement Commands • Show Commands • Clear Commands • Debug Commands Router Commands config — r[...]

  • Página 80

    IP Router Command Reference Page 80 7750 S R OS R out er Configuration Guide Router Interface Commands config —r o u t e r [ r outer -name ] — [ no ] interface ip-int-name — address { ip-addr ess / mask | ip-address netmask } [ br oadcast { all-ones | host- ones }] —n o address — [ no ] allow-directed-br oadcasts — arp-timeout seconds ?[...]

  • Página 81

    IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 81 For router interface VRRP commands, see “VRRP Comman d Reference” on page 223. Router Interfac e IPv6 Commands config —r o u t e r [ r outer -name ] — [ no ] interface ip-int-name —[ no ] ipv6 — address (ipv6) ipv6-addr ess / pr efix-length [ eu i-64 ] —n o addr[...]

  • Página 82

    IP Router Command Reference Page 82 7750 S R OS R out er Configuration Guide —n o retransmit-time — router -life time seconds —n o router -lifetime — [ no ] shutdown[...]

  • Página 83

    IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 83 Show Commands show —r o u t e r r outer-instance — aggregate [ family ] [ active ] — arp [ ip-int-name | ip-addr ess/mask | mac ieee-mac-addr ess | sum mary ] [ local | dynamic | static | mana ged ] — authentication — statistics — statistics interface [ ip-int-nam[...]

  • Página 84

    IP Router Command Reference Page 84 7750 S R OS R out er Configuration Guide Clear Commands clear — router — arp { all | ip-addr | interface { ip-int-na me | ip-addr }} — bfd — session src-ip ip-addr e ss dst-ip ip-addr ess — session all — statistics src-ip ip-add r ess dst-ip ip-addr ess — statistics all — dhcp — statistics [ ip-[...]

  • Página 85

    IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 85 Configuration Commands Generic Commands shutdown Synt ax [ no ] shut down Context config>rou ter>interface ip- int-name Description The s hutdown command administratively disables th e en tity . When disabled, an entity does not change, reset, or remove any configuratio[...]

  • Página 86

    Configuration Co mmands Page 86 7750 SR OS R out er Configur a tion Guide Router Global Commands router Synt ax router ro uter-n ame Context conf ig Description This command enables the context to configure router parameters, interfaces, route policies, and protocols. Parameters r outer -name — Specify the router-name. Va l u e s router-name: Bas[...]

  • Página 87

    IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 87 d: [0 — 255]D ipv6-prefix-length 0 — 128 Va l u e s ma sk The mask associated with the network address expressed as a mask length. Va l u e s 0 — 32 summary-only — This optional parameter suppresses advertisement of more specific component routes for the aggregate. To[...]

  • Página 88

    Configuration Co mmands Page 88 7750 SR OS R out er Configur a tion Guide Synt ax confederation confed-as- num members as-n umber [ as-number ... up to 15 max] no confederation [ co nfed-as-num members as-number ... up to 15 max] Context conf ig>rout er Description This command creates co nfederation autonomous systems within an AS. This techniq[...]

  • Página 89

    IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 89 ignore-icmp-redirect Synt ax [ no ] ignore-icmp-red ir ect Context config>router Description This command drops or accepts ICMP redir ects receive d on the ma nagement interfa ce. mc-maximum-routes Synt ax mc-maximum-routes number [ log-only ] [ threshold threshold ] no mc[...]

  • Página 90

    Configuration Co mmands Page 90 7750 SR OS R out er Configur a tion Guide T o force the new router ID to be used, issue the shutdown and no shutdown commands for each protocol that uses the router ID, or restart the entire router . The no form of the command to reverts to the default value . Default The system uses the system interface addre ss (wh[...]

  • Página 91

    IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 91 d: [0 — 255]D ipv6-prefix-length: 0 — 128 Va l u e s exclusive When this option is specified, the addresses conf igured are exclusively used for services and cannot be assigned to network ports. triggered-policy Synt ax triggered-policy no triggered-policy Context config&[...]

  • Página 92

    Configuration Co mmands Page 92 7750 SR OS R out er Configur a tion Guide x:x:x:x:x:x:d.d.d.d x [0 — FFFF]H d [0 — 255]D ipv6-prefix-length 0 — 128 ip-addr ess — The IP address of the IP interface. The ip-addr portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address m[...]

  • Página 93

    IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 93 The next-hop keyword and the indirect or black-hole keywords are mutually exclusive. If an identical command is entered (wit h the exception of either the indir ect or black-hole parameters), then this static route will be re placed with the newly entered command, and unless [...]

  • Página 94

    Configuration Co mmands Page 94 7750 SR OS R out er Configur a tion Guide Default 5 Va l u e s 1 — 255 enable — Static routes can be administrati vely enabled or disabled. Use the enable parameter to re- enable a disabled static rou te. In order to enab le a static route, it must be uniquely identified by the IP address, mask, and any other par[...]

  • Página 95

    IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 95 Router Interface Commands interface Synt ax [ no ] interface ip-i nt-name Context config>router Description This command creates a logical IP routing interface. Once created, attr ibutes like IP address, port, or system can be associated with the IP interface. Interface na[...]

  • Página 96

    Configuration Co mmands Page 96 7750 SR OS R out er Configur a tion Guide address Synt ax address { ip-addre ss / mask | ip-address netmask } [ broadcas t { all-ones | host-one s }] no address Context config>router>interface ip-int-name Description This command assigns an IP address, IP subnet, and broadcast address format to an IP interface.[...]

  • Página 97

    IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 97 addr , the “ / ” and the mask-length parameter . If a forward slash does not immediately follow the ip-addr , a dotted decimal mask must follow the prefix. mask-length — The subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is speci[...]

  • Página 98

    Configuration Co mmands Page 98 7750 SR OS R out er Configur a tion Guide allow-directed-broadcasts Synt ax [ no ] allow-directed-b roadcast s Context config>router>interface ip-int-name Description This command enables the forwarding of di rected broadcasts out of the IP interface. A directed broadcast is a packet received on a local router [...]

  • Página 99

    IP Router Configuration 7750 SR OS R outer Conf igur a tion Guide Page 99 The multiplier specifies t he number of consecutive BF D messages that must be missed from the peer before the BFD session state is changed to down and the upper level protocols (OSPF , IS-IS or PIM) is notified of the fault. The no form of the command remove s BFD from the r[...]

  • Página 100

    Configuration Co mmands Page 100 7750 SR OS R out er Configuration Guide loopback Synt ax [ no ] loopback Context config>router>interface ip-int-name Description This command configur es the interface as a loopback interface. Default Not enabled mac Synt ax mac ieee-mac-addr no mac Context config>router>interface ip-int-name Description[...]

  • Página 101

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 101 Synt ax port port-nam e no port Context config>rou ter>interface ip- int-name Description This command creates an association with a logical IP interface and a phys ical port. An interface can also be associated with the syst em (loopback address). The command returns an[...]

  • Página 102

    Configuration Co mmands Page 102 7750 SR OS R out er Configuration Guide Synt ax [ no ] proxy- arp-policy policy-name [ policy-name ...(up to 5 max)] Context config>router>interface ip-int-name Description This command enables and confi gure proxy ARP on the interface and specifies an existing policy- statement to analyze match and acti on cr[...]

  • Página 103

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 103 secondary Synt ax secondary {[ ip-address / mask | ip-address netmask ]} [ broadcast { all-ones | host-one s }] [ igp-inhi bit ] no secondar y ip-addr Context config>rou ter>interface ip- int-name Description Use this command to ass ign up to 16 secondary IP addresses to[...]

  • Página 104

    Configuration Co mmands Page 104 7750 SR OS R out er Configuration Guide mask with all the host bits set to binary 1. This is the default broadcast address used by an IP interface. The broadcast parameter within the address command does not have a negat e featur e, wh ich is usually used t o revert a parameter to the default value. T o change the b[...]

  • Página 105

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 105 Synt ax tos-marking-s t ate { trusted | untrus ted } no tos-marking-st ate Context config>router>interface Description This comma nd is used on a network IP interface to alter the default trusted state to a non-trusted state. When unset or reverted to the trusted default[...]

  • Página 106

    Configuration Co mmands Page 106 7750 SR OS R out er Configuration Guide Parameters ip-addr | ip-int-nam e — Optional. The IP address or IP in terface name to associate with the unnumbered IP interface in dotted d ecimal notation. The configured IP address must exist on this node. It is recommended to use the system IP addr ess as it is not assoc[...]

  • Página 107

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 107 Router Interface Filter Commands egress Syntax egress Context config>rou ter>interface ip- int-name Description This command enables access to th e context to configure egress netw ork filter policies for the IP interface. If an egress filter is not defi ned, no filterin[...]

  • Página 108

    Configuration Co mmands Page 108 7750 SR OS R out er Configuration Guide ipv6 ipv6-filter -id — The filter name acts as the ID for the IPv6 filter pol icy expressed as a decimal integer . The fi lter policy must already exist within the config >filter>ipv6 context. Va l u e s 1— 65535[...]

  • Página 109

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 109 Router Interface ICMP Commands icmp Synt ax icmp Context config>rou ter>interface ip- int-name Description This command enables access to th e context to configure Internet Control Message Protocol (ICMP) parameters on a network IP interface. ICMP is a message control an[...]

  • Página 110

    Configuration Co mmands Page 110 7750 SR OS R out er Configuration Guide Parameters number — The maximum number of ICMP redirect message s to send, exp ressed as a decimal integer . This parameter must be sp ecifi ed with the time parameter . Va l u e s 10 — 1000 seconds — The time frame, in second s, used to lim it the number of ICMP redirec[...]

  • Página 111

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 111 The no form of the command disables th e generation of ICMP destinati on unreachables on the router interface. Default unr eachables 100 10 — maximum of 100 unr eachable messages in 10 seconds Parameters number — The maximum number of ICMP unreachable messages to send, exp[...]

  • Página 112

    Configuration Co mmands Page 112 7750 SR OS R out er Configuration Guide Router Interface IPv6 Commands ipv6 Synt ax [ no ] ipv6 Context config>router>interface Description This command conf igures IPv6 for a router interface. The no form of the command disa bles IPv6 on the interface. Default not enabled address (ipv6) Synt ax address { ipv6[...]

  • Página 113

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 113 Syntax p acket-too-big [ number seconds ] no p acket- too-big Context config>router>if>ipv6>icmp6 Description This command configures the rate for ICMPv6 packet-too-big messages. Parameters number — Limits the nu mber of packet -too-big mess ages issued per the t[...]

  • Página 114

    Configuration Co mmands Page 114 7750 SR OS R out er Configuration Guide seconds — Determines the time frame, in s econds, that is used to limit the number of redirects issued per time frame. Va l u e s 1 — 60 time-exceeded Synt ax time-exceeded [ number seco nds ] no time-exceeded Context config>router >if>ipv6>icmp6 Description Th[...]

  • Página 115

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 115 Synt ax [ no ] local-proxy-nd Context config>router>if>ipv6 Description This command enables local proxy ne ighbor discovery on the interface. The no form of the command disables local proxy neigh bor discovery . proxy-nd-policy Synt ax proxy-nd-policy policy-name [ p[...]

  • Página 116

    Configuration Co mmands Page 116 7750 SR OS R out er Configuration Guide Router Advertisement Commands router-advertisement Synt ax [ no ] router-advertisement Context conf ig>rout er Description This command config ur es router advertisement properties. By default, it is disabled for all IPv6 enabled interfaces. The no form of the command disab[...]

  • Página 117

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 117 Synt ax [ no ] managed-configuration Context config>rou ter>router-adver t>if Description This command sets the managed address configura tion flag. This flag indicat es that DHCPv6 is available for address configuration in addition to any address autoc onfigured usin[...]

  • Página 118

    Configuration Co mmands Page 118 7750 SR OS R out er Configuration Guide Parameters mtu-bytes — Specify the MTU for the nodes to use to send packets on the link. Va l u e s 1280 — 9212 other-stateful-confi guration Synt ax [ no ] other -st ateful-co nfiguration Description This command sets the "Other configuration" flag. This flag in[...]

  • Página 119

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 119 on-link Synt ax [ no ] on-link Context config>rou ter>router-advert>if>pr efix Description This command specifies whet her the prefix can be used for onlink determination. Default enabled preferred-lifetime Synt ax [ no ] preferred-lifet ime { seconds | infinite } [...]

  • Página 120

    Configuration Co mmands Page 120 7750 SR OS R out er Configuration Guide Synt ax reachable-time milli-seconds no reachable-time Context config>router>ro uter-advert>if Description This command configures how long this router should be considered reachable by other nodes on the link after receiving a r eachability confirmation. Default no r[...]

  • Página 121

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 121 Default no shutdown[...]

  • Página 122

    Configuration Co mmands Page 122 7750 SR OS R out er Configuration Guide[...]

  • Página 123

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 123 Show Commands aggregate Synt ax aggregate [ family ][ active ] Context show>router Description Thi s command di splays aggregate routes. Parameters family — Specifies to displ ay IP v4 or IPv6 aggregate routes. Va l u e s ipv4, ipv6 active — When the active keyword is s[...]

  • Página 124

    Show Command s Page 124 7750 SR OS R out er Configuration Guide Sample Output A:ALA-A# show router ARP =============================================================================== ARP Table =============================================================================== IP Address MAC Address Expiry Type Interface --------------------------------[...]

  • Página 125

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 125 authentication Syntax authenticati on Context show>router>authentication Description This command enables th e command to display au thentication statistics. statistics Syntax st a tistics st atistics int erface [ ip-int-name | ip-address ] st atistics policy nam e Conte[...]

  • Página 126

    Show Command s Page 126 7750 SR OS R out er Configuration Guide bfd Synt ax bfd Context show>r outer Description This command enables the context to display bi-directional fo rwardin g detection (BFD) information. interface Synt ax interfac e Context show>r outer>bfd Description This command displays interface information. Output BFD inter[...]

  • Página 127

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 127 net25_1_2 100 100 3 net2_1_2 100 100 3 net3_1_2 100 100 3 net4_1_2 100 100 3 net5_1_2 100 100 3 net6_1_2 100 100 3 net7_1_2 100 100 3 net8_1_2 100 100 3 net9_1_2 100 100 3 ------------------------------------------------------------------------------- No. of BFD Interfaces: 26[...]

  • Página 128

    Show Command s Page 128 7750 SR OS R out er Configuration Guide Remote Address Protocol Tx Pkts Rx Pkts ------------------------------------------------------------------------------- net1_1_2 Up (3) 100 100 3 12.1.2.1 ospf2 isis 5029 5029 net1_2_3 Up (3) 100 100 3 12.2.3.2 ospf2 isis 156367 156365 --------------------------------------------------[...]

  • Página 129

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 129 Sample Output A:ALA-1# show router dhcp statistics ========================================================================== DHCP6 statistics (Router: Base) ========================================================================== Msg-type Rx Tx Dropped ---------------------[...]

  • Página 130

    Show Command s Page 130 7750 SR OS R out er Configuration Guide -------------------------------------------------------------------------- Dhcp6 Drop Reason Counters : -------------------------------------------------------------------------- 1 Dhcp6 oper state is not Up on src itf 0 2 Dhcp6 oper state is not Up on dst itf 0 3 Relay Reply Msg on Cl[...]

  • Página 131

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 131 Sample Output A:ALA-1# show router dhcp summary =============================================================================== DHCP6 Summary (Router: Base) =============================================================================== Interface Name Nbr Used/Max Relay Admin [...]

  • Página 132

    Show Command s Page 132 7750 SR OS R out er Configuration Guide Sample Output A:ALA-A# show router ecmp =============================================================================== Router ECMP =============================================================================== Instance Router Name ECMP Configured-ECMP-Routes -------------------------[...]

  • Página 133

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 133 Output icmp6 Output — The followi ng tabl e describes the show router icmp6 output fields: Sample Output A:SR-3>show>router>auth# show router icmp6 =============================================================================== Global ICMPv6 Stats ==================[...]

  • Página 134

    Show Command s Page 134 7750 SR OS R out er Configuration Guide interface Synt ax interfac e [ interface-na me ] Context show>r outer>icmpv6 Description This command displays in terface ICMPv6 statistics. Parameters interface-name — Only displays entries associated wi th the specified IP interface name. Output icmp6 interfa ce Output — Th[...]

  • Página 135

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 135 Echo Request : 0 Echo Reply : 0 Router Solicits : 0 Router Advertisements : 0 Neighbor Solicits : 20 Neighbor Advertisements : 21 ------------------------------------------------------------------------------- Sent Total : 47 Errors : 0 Destination Unreachable : 0 Redirects : [...]

  • Página 136

    Show Command s Page 136 7750 SR OS R out er Configuration Guide Sample Output A:ALA-A# show router interface =============================================================================== Interface Table (Router: Base) =============================================================================== Interface-Name Adm(v4/v6) Opr(v4/v6) Mode Port/Sap[...]

  • Página 137

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 137 FE80::200:FF:FE00:4/64 PREFERRED ip-12.2.4.4 Up/Up Down/Down Network 3/1/2 12.2.4.4/24 n/a 3FFE::C02:404/120 ip-13.2.4.4 Up/Up Down/Down Network 3/1/3 13.2.4.4/24 n/a 3FFE::D02:404/120 ip-14.2.4.4 Up/Up Down/Down Network 3/1/4 14.2.4.4/24 n/a 3FFE::E02:404/120 ip-15.2.4.4 Up/U[...]

  • Página 138

    Show Command s Page 138 7750 SR OS R out er Configuration Guide =============================================================================== Interface Table =============================================================================== Interface-Name Type IP-Address Adm Opr Mode ------------------------------------------------------------------[...]

  • Página 139

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 139 A:ALA# show router interface ip-11.2.4.4 detail =============================================================================== Interface Table (Router: Base) =============================================================================== --------------------------------------[...]

  • Página 140

    Show Command s Page 140 7750 SR OS R out er Configuration Guide TOS Marking : Untrusted If Type : IES SNTP B.Cast : False IES ID : 1 MAC Address : 00:00:00:00:01:01 Arp Timeout : 14400 IP MTU : 1500 ICMP Mask Reply : True Arp Populate : Disabled Host Conn Verify : Disabled Cflowd : None Proxy ARP Details Rem Proxy ARP: Disabled Local Proxy ARP : Di[...]

  • Página 141

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 141 Sample Output A:ALA-A# show router interface summary =============================================================================== Router Summary (Interfaces) =============================================================================== Instance Router Name Interfaces Admi[...]

  • Página 142

    Show Command s Page 142 7750 SR OS R out er Configuration Guide Sample Output B:CORE2# show router neighbor =============================================================================== Neighbor Table (Router: Base) =============================================================================== IPv6 Address Interface IPv6 Address Interface MAC Ad[...]

  • Página 143

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 143 =============================================================================== Policy Description ------------------------------------------------------------------------------- fromStatic ------------------------------------------------------------------------------- Policie[...]

  • Página 144

    Show Command s Page 144 7750 SR OS R out er Configuration Guide Sample Output A:ALA# show router route-table =============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix Type Proto Age Pref Next Hop[Interface Nam[...]

  • Página 145

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 145 =============================================================================== B:ALA-B# A:ALA-A# show router route-table 10.10.0.4 =============================================================================== Route Table =====================================================[...]

  • Página 146

    Show Command s Page 146 7750 SR OS R out er Configuration Guide ------------------------------------------------------------------------------- Static 1 1 Direct 6 6 BGP 0 0 OSPF 9 9 ISIS 0 0 RIP 0 0 Aggregate 0 0 ------------------------------------------------------------------------------- Total 15 15 ============================================[...]

  • Página 147

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 147 Sample Output A:Dut-A# show router rtr-advertisement ======================================================================= Router Advertisement ======================================================================= -----------------------------------------------------------[...]

  • Página 148

    Show Command s Page 148 7750 SR OS R out er Configuration Guide Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m Prefix: 231::/120 Autonomous Flag : FALSE On-link flag : FALSE Preferred Lifetime : 49710d06h Valid Lifetime : 49710d06h Prefix: 241::/120 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 00h00m00s Valid Lifetime [...]

  • Página 149

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 149 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : 30d00h00m Prefix: 25::/120 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 07d00h00m Valid Lifetime : infinite Prefix: 231::/120 Autonomous Flag : TRUE On-link flag : TRU[...]

  • Página 150

    Show Command s Page 150 7750 SR OS R out er Configuration Guide Prefix: 231::/120 Autonomous Flag : FALSE On-link flag : FALSE Preferred Lifetime : 49710d06h Valid Lifetime : 49710d06h Prefix not present in neighbor router advertisement Prefix: 241::/120 Autonomous Flag : TRUE On-link flag : TRUE Preferred Lifetime : 00h00m00s Valid Lifetime : 00h0[...]

  • Página 151

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 151 static-arp Syntax static-arp [ ip-addr | ip-int-nam e | mac ieee-mac-addr ] Context show>router Description This command displays the router st atic ARP table sorted by IP address. If no options are present, all ARP entries are displayed. Parameters ip-addr — Only display[...]

  • Página 152

    Show Command s Page 152 7750 SR OS R out er Configuration Guide =============================================================================== A:ALA-A# A:ALA-A# show router static-arp to-ser1 =============================================================================== ARP Table ===================================================================[...]

  • Página 153

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 153 next-h op ip-addr ess — Onl y displays static routes with the sp ecified next hop IP address. Va l u e s ipv4-address: a.b.c.d (host bits must be 0) ipv6-address: x:x:x:x:x:x:x: x (eight 16-bit pieces) x:x:x:x:x:x:d.d .d.d x: [0 — FFFF] H d: [0 — 255]D tag tag — Displa[...]

  • Página 154

    Show Command s Page 154 7750 SR OS R out er Configuration Guide 192.168.252.0/24 5 1 NH 10.10.0.254 n/a N 192.168.253.0/24 5 1 NH to-ser1 n/a N 192.168.253.0/24 5 1 NH 10.10.0.254 n/a N 192.168.254.0/24 4 1 BH black-hole n/a Y =============================================================================== A:ALA-A# A:ALA-A# show router static-route [...]

  • Página 155

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 155 Sample Output A:ALA-A# show router service-prefix ================================================= Address Ranges reserved for Services ================================================= IP Prefix Mask Exclusive ------------------------------------------------- 172.16.1.0 24 t[...]

  • Página 156

    Show Command s Page 156 7750 SR OS R out er Configuration Guide Sample Output Note that there are multiple instances of OSPF . OSPF-0 is persistent. OSPF-1 through OSPF- 31 are present when that particular OSPF instance is configured. *A:Performance# show router status ================================================================ Router Status ([...]

  • Página 157

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 157 OSPFv2-9 Down Down OSPFv2-10 Down Down OSPFv2-11 Down Down OSPFv2-12 Down Down OSPFv2-13 Down Down OSPFv2-14 Down Down OSPFv2-15 Down Down OSPFv2-16 Down Down OSPFv2-17 Down Down OSPFv2-18 Down Down OSPFv2-19 Down Down OSPFv2-20 Down Down OSPFv2-21 Down Down OSPFv2-22 Down Dow[...]

  • Página 158

    Show Command s Page 158 7750 SR OS R out er Configuration Guide tunnel-table Synt ax tunnel-t able [ ip-address [/ mask ]] [ protocol protocol | sdp sd p-id ] [ summary ] Context show>r outer Description This command displays tunnel tabl e info rmation. Note that au to-bind GRE tunnels are not displayed in show command out p ut. GR E tunnels are[...]

  • Página 159

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 159 A:ALA-A>config>service# show router tunnel-table summary =============================================================================== Tunnel Table Summary (Router: Base) =============================================================================== Active Available -[...]

  • Página 160

    Clear Commands Page 160 7750 SR OS R out er Configuration Guide Clear Commands arp Synt ax arp { all | ip-addr | interface { ip-int-name | ip-a ddr }} Context clear>router Description This command clears all or specific ARP entries. The scope of ARP cache entries cleared depends on the command line option(s) specified. Parameters all — Clears [...]

  • Página 161

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 161 statistics Syntax statistics src-ip ip-address dst-ip ip-address st atistics all Context clear>router>b fd Description This command clears BFD statistics. Parameters src-ip ip-addr ess — Specifies the address of the local endpoint of this BFD session. dst-ip ip-addr es[...]

  • Página 162

    Clear Commands Page 162 7750 SR OS R out er Configuration Guide icmp-redirect-route Synt ax icmp-re direct-route { all | ip-address } Context clear>router Description This command deletes routes creat ed as a result of ICMP redirects received on the management interface. Parameters all — Clears all routes. ip-addr ess — Clears the routes ass[...]

  • Página 163

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 163 statistics Syntax st a tistics [ ip-address | ip-int-name ] Context clear>router >dhcp clear>router>dhcp6 Description This command clear statistics for DHCP and DHCP6 relay and snooping statistics. If no IP address or interface name is specified, then statistics ar[...]

  • Página 164

    Debug Commands Page 164 7750 SR OS R out er Configuration Guide Debug Commands destination Synt ax destination trace-destination Context debug>tra ce Description This command specifies the des tination to send trace messages. Parameters trace-destina tion — The destination to send trace messages. Va l u e s stdout, console, logger, |memory ena[...]

  • Página 165

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 165 ip Synt ax ip Context debug>ro uter Description This command configures debugging for IP . arp Syntax arp Context debug>ro uter>ip Description This command configures route table debugging. icmp Synt ax [ no ] icmp Context debug>ro uter>ip Description This comma[...]

  • Página 166

    Debug Commands Page 166 7750 SR OS R out er Configuration Guide x:x:x:x:x:x:d.d.d.d x: [0 — FFFF]H d: [0 — 255]D ip-int-name — Only displays the interface in formation associated with th e specified IP interface name. Va l u e s 32 characters maximum packet Synt ax pa cket [ ip- int-name | ip-address ] [ headers ] [ protocol-id ] no p acket [[...]

  • Página 167

    IP Router Configuration 7750 SR OS R outer Conf iguration Guide Page 167 d: [0 — 255 ]D ipv6-prefix-length 0 — 128 longer — Specifies the prefix list entry matche s any route that matches the specified ip-pr efix and pre- fix mask length values greater than the specified mask . mtrace Synt ax [ no ] mtrace Context debug>ro uter Description[...]

  • Página 168

    Debug Commands Page 168 7750 SR OS R out er Configuration Guide[...]

  • Página 169

    7750 SR OS R outer Conf iguration Guide P age 169 VRRP In This Chapter This chapter provides in formation about configuring V irtual Router Redundancy Protocol (VRRP) parameters. T opics in this chapter include: • VRRP Overview on page 170 → V irtual Router on page 171 → IP Address Owner on page 171 → Primary and Secondary IP Addresses on p[...]

  • Página 170

    VRRP Ov erview Page 170 7750 SR OS R out er Configur a tion Guide VRRP Overview The V irtual Router Redundancy Protocol (VRRP) is defined in the IETF RFC 2338, V irtual Router Redundancy Pr otocol, and further described in draft-ietf-vrrp-spec-v2-06.txt . VRRP describes a method of implementing a redu nd ant IP interface shared betwee n two or more[...]

  • Página 171

    VRRP 7750 SR OS R outer Conf iguration Guide Page 171 VRRP Component s VRRP consists of th e following components: • V irtual Router on page 171 • IP Address Owner on page 171 • Primary and Secondary IP Addresses on page 172 • V irtual Router Master on page 172 • V irtual Router Backup on p age 173 • Owner and Non-Owner VRRP on page 173[...]

  • Página 172

    VRRP Components Page 172 7750 SR OS R out er Configur a tion Guide Primary and Second ary IP Addresses A primary address is an IP address selected from the set of real interface address. VRRP advertisements are always sent using the primar y IP address as the source of the IP packet. A 7750 SR IP interface must always have a primar y IP address ass[...]

  • Página 173

    VRRP 7750 SR OS R outer Conf iguration Guide Page 173 V irtual Router Backup A new virtual router master is selected from the set of VRRP routers available to assume forwarding responsibility for a virtual r outer should the cu rrent master fail. Owner and Non-Owner VRRP The owner controls the IP address of the virtual router and is responsibl e fo[...]

  • Página 174

    VRRP Components Page 174 7750 SR OS R out er Configur a tion Guide Configurable Parameters In addition to backup IP addres ses, to facilitate configuration of a virtual router on 7750 SR routers, the following paramete rs can be defined in owner configurations: • V irtual Router ID (VRID) on page 174 • Message Interval and Master Inherita nce o[...]

  • Página 175

    VRRP 7750 SR OS R outer Conf iguration Guide Page 175 When the IP address on the IP interface matches the virtual router IP address (owner mode), the priority value is fixed at 2 55, the highest value p o ssible. This v irtual router member is co nsidered the owner of the virtual router IP address. There can only be one owner of the virtual router [...]

  • Página 176

    VRRP Components Page 176 7750 SR OS R out er Configur a tion Guide Message Interval and Master Inherit ance Each virtual router is configured with a message interval per VRID within which it participates. This parameter must be the same fo r every virtual router on the VRID. The default advertisement interval is 1 second an d can be co nfigured bet[...]

  • Página 177

    VRRP 7750 SR OS R outer Conf iguration Guide Page 177 Master Down Interval The master down interv al is a ca lc ulat e d value used to load the master down timer . When the master down timer expires, the virtual router enters the master state. T o ca lculate the master down interval, the virtual router ev aluates the following formula: Master Down [...]

  • Página 178

    VRRP Components Page 178 7750 SR OS R out er Configur a tion Guide VRRP Message Authentication The authentication type parameter de fines the type of authentication used by the virtual router in VRRP advertisement message authentication. The current master u ses the configure d authentication type to indicate a ny egress messag e manipulation that [...]

  • Página 179

    VRRP 7750 SR OS R outer Conf iguration Guide Page 179 • VRRP message chec ks → V ersion field – Must be set to the v alue 2 → T ype field – Must be set to the valu e of 1 (advertisement) → V irtual router ID field – Must match one of the configured VRID on the ingress IP interface (All other fields are dependent on matching the virtua[...]

  • Página 180

    VRRP Components Page 180 7750 SR OS R out er Configur a tion Guide Authentication Failure Any received VRRP advertisement message that fa ils authe ntication must be silently discarded with an invalid authentication counter incremented for the ingr ess virtual router instance. Authentication Dat a This feature is dif ferent than the VRRP advertisem[...]

  • Página 181

    VRRP 7750 SR OS R outer Conf iguration Guide Page 181 have the supported IP addresses explicitly de fi ned, making mismatched supported IP address within the interconnected virtual ro uter instances a provisioning issue. Inherit Master VRRP Router ’ s Advertisement Interval Timer The virtual router instance can inherit the mast er VRRP router ’[...]

  • Página 182

    VRRP Priority Control Policies Page 182 7750 SR OS R out er Configur a tion Guide VRRP Priority Control Policies This implementation of VRRP sup ports control policies to manipula te virtual router participation in the VRRP master election process and master se lf-deprecation. The local priority value for the virtual router instance is used to cont[...]

  • Página 183

    VRRP 7750 SR OS R outer Conf iguration Guide Page 183 VRRP Priority Control Policy Delt a In-Use Priority Limit A VRRP priority control policy en forces an overall minimum value that the policy can inflict on the VRRP virtual router instance base priority . This value provides a lo wer limit to the delta priority events manipulation of the base pri[...]

  • Página 184

    VRRP Priority Control Policies Page 184 7750 SR OS R out er Configur a tion Guide Each event generates a VRRP priority event messa ge indicating the policy-id, the event type, the priority type (delta or explicit) and the event priority value. Another log messag e is gen erated when the event is no lo nger true, indicati ng th at it has been cleare[...]

  • Página 185

    VRRP 7750 SR OS R outer Conf iguration Guide Page 185 The following example illustrates a LAG priority event and it’ s interaction with the hold set timer in changing the in-use priority . The following state and timer settings are used for the LAG ev ents displayed in Ta b l e 6 : • User-defined thresholds: 2 ports down 4 ports down 6 ports do[...]

  • Página 186

    VRRP Priority Control Policies Page 186 7750 SR OS R out er Configur a tion Guide 104 T wo ports dow n Event State Set - 5 ports down Event Threshold 4 ports down Hold Set T imer 1 seco nd Current threshold is 5, so 2 down has no effect 105 T wo ports dow n Event State Set - 2 ports down Event Threshold 2 ports down Hold Set Timer Expired 200 Four [...]

  • Página 187

    VRRP 7750 SR OS R outer Conf iguration Guide Page 187 Host Unreachable Priority Event The host unreachable priority even t creates a continuous ping task th at is used to test connectivity to a remote host. The path to the remote host and the remote host itself must be capable and configured to accept ICMP echo request and replies for the ping to b[...]

  • Página 188

    VRRP Non-Owner Accessibility Page 188 7750 SR OS R out er Configur a tion Guide VRRP Non-Owner Accessibility Although RFC 2338 and draft-ietf-vrrp-spec-v2-06.txt states that only VRRP o wners can re spond to ping and other management-oriented protocols di rected to the VRID IP addresses, 7750 SR OS allows an override of this restraint on a per VRRP[...]

  • Página 189

    VRRP 7750 SR OS R outer Conf iguration Guide Page 189 Non-Owner Access SSH When non-owner access SSH is enabled on a virtual router insta nce, authorized SSH sessions may be established that are destined to the virtual rout er instance IP addresses when operating in master mode. SSH sessions are always discarded at the IP interface when destined to[...]

  • Página 190

    VRRP Configuration Process Overview Page 190 7750 SR OS R out er Configur a tion Guide VRRP Configuration Process Overview Figure 14 displays the process to provision VRRP parameters. Figure 14: VRRP Configur at ion and Implement ation Flow TURN UP START CONFIGURE VRRP PRIORITY CONTROL POLICI ES (optional) CONFIGURE IES SERVICE CONFIGURE ROUTER INT[...]

  • Página 191

    VRRP 7750 SR OS R outer Conf iguration Guide Page 191 VRRP Configuration Component s Figure 15 displays the majo r components to config ure a VRRP priority cont rol policy . Figure 15: VRRP Policy Configur ation Component s • Policy — A VRRP priority control po licy can be us ed to modify the VRRP in-use priorit y based on priority cont rol eve[...]

  • Página 192

    VRRP Configuration Process Overview Page 192 7750 SR OS R out er Configur a tion Guide Figure 16: Interfac e VRRP Configuratio n Component s • Interface — A logical IP routing interface. • Address — Assigns the primary IP address for the interface. A primary IP address must be assigned to each IP interface. • Secondary — Assigns a secon[...]

  • Página 193

    VRRP 7750 SR OS R outer Conf iguration Guide Page 193 Figure 17 displays the major componen ts to configure a VRRP instance in an IES service. Figure 17: IES VRRP Configurat ion Component s • IES — The context to creates or modify an IES service. • Interface — A logical IP routing interface. • Address — Assigns the primary IP address fo[...]

  • Página 194

    Configuration Notes Page 194 7750 SR OS R out er Configur a tion Guide Configuration Notes This section describes VRRP configuration caveats. General • Creating and applying VRRP pol icies are optional. • Backup c om mand: → Y ou can configure up to 16 backup IP ad dresses in the non-owner mode. The backup IP address(es) must be on the same s[...]

  • Página 195

    VRRP 7750 SR OS R outer Conf iguration Guide Page 195 Configuring VRRP with CLI This section provides informa tion to configure VRRP using the command line interface. Topics in this section include: • VRRP Configurati on Overview on page 196 • VRRP CLI Command S tructure on page 1 97 • List of Commands on page 19 9 • Basic VRRP Configuratio[...]

  • Página 196

    VRRP Configuration Overview Page 196 7750 SR OS R out er Configur a tion Guide VRRP Configuration Overview Configuring VRRP policies and configuring VRRP instances on IES or VPRN interfaces and router interfaces is optional. The basic owner an d non-owner VRRP configurations on an IES or router interface must s pecify the backup ip-address paramete[...]

  • Página 197

    VRRP 7750 SR OS R outer Conf iguration Guide Page 197 VRRP CLI Command S tructure The 7750 SR OS VRRP comman d structure is displayed in Figure 18 . VRRP policy commands are located under the config>vrrp context. VRRP service configuration commands are located under the config>service>ies> interface context. VRRP interface configuration[...]

  • Página 198

    VRRP CLI Command S tructure Page 198 7750 SR OS R out er Configur a tion Guide ROOT CONFIG SHOW VRRP SERVI CE IES/VPRN INTERFACE VRRP HOST UNREACHABLE LAG PORT DOWN PORT DOWN ROUTE UNKNOWN VRRP DELTA-IN-USE LIMIT PRIORITY EVENT ROUTER OWNER NON-OWNER BACKUP BACKUP INTERFACE VRRP OWNER NON-OWNER BACKUP BACKUP INSTANCE POLICY POLICY[...]

  • Página 199

    VRRP 7750 SR OS R outer Conf iguration Guide Page 199 List of Commands Ta b l e 7 l ists the commands to co nfigure VRRP po licy parameters, indica ting t he configuration level at which each command is implem ented with a short command de scription. Ta b l e 8 lists the commands to configure VRRP para meters on an interface and in an IES or VPRN s[...]

  • Página 200

    List of Commands Page 200 7750 SR OS R out er Configur a tion Guide hold-set Configures the amount of ti me before the set state for a VRRP priority control event transitions to the clear ed state to dampen flapping events. 245 number-down Creates a context for configuring an ev ent set threshold within a lag-port- down priority control event. 251 [...]

  • Página 201

    VRRP 7750 SR OS R outer Conf iguration Guide Page 201 Table 8: CLI Commands to Configure IES or VPRN Service VRRP Parameters Command Description Page VRRP IES service and network interface par ameters are configured in the following contexts: config>service>ies>interface>vrrp 21 1 config>service>vprn>interface>vrrp 21 1 conf[...]

  • Página 202

    List of Commands Page 202 7750 SR OS R out er Configur a tion Guide backup ip-address Assigns virtual router IP addresses associated with the parental IP interface IP addresses . Owner instances do not create a routable IP interface address; it defines the existing parental IP in terface IP addre sses that will be advertised by the virtual router i[...]

  • Página 203

    VRRP 7750 SR OS R outer Conf iguration Guide Page 203 backup ip-address Assigns virtual router IP addresses associated with the parental IP interface IP addresses . Non-owner instances create a routable IP interface address that is operationally dependent on the vi rtual router instance mode (master or backup). 229 init-delay Configures a VRRP init[...]

  • Página 204

    Basic VRRP C onfigurations Page 204 7750 SR OS R out er Configur a tion Guide Basic VRRP Configurations Configure VRRP parameters in the following contexts: • VRRP Policy on page 204 • VRRP IES Service Parameters on page 205 • VRRP Router Interface Parameters on page 206 VRRP Policy Configuring and applyin g VRRP policies are op tional. There[...]

  • Página 205

    VRRP 7750 SR OS R outer Conf iguration Guide Page 205 exit exit ---------------------------------------------- A:SR2>config>vrrp>policy# VRRP IES Service Parameters VRRP parameters are configured within an IES service with two contexts, owner or non- owner. The status is specified when the VRRP configuration is created. When configured as [...]

  • Página 206

    Basic VRRP C onfigurations Page 206 7750 SR OS R out er Configur a tion Guide VRRP Router Interface Parameters VRRP parameters are configured on a router in terface with two contexts, ow ner or non-owner. The status is specified when the VRRP config uration is created. When configured as owner, the virtual router instance owns the backed up IP addr[...]

  • Página 207

    VRRP 7750 SR OS R outer Conf iguration Guide Page 207 Common Configuration T asks This section provides a brief overview of the ta sk s that must be performed to configure VRRP and provides the CLI commands. VRRP parameters are defined un der a service interface or a rout er interface context. An IP address must be assigned to each IP interface. On[...]

  • Página 208

    Common Configuration T asks Page 208 7750 SR OS R out er Configur a tion Guide Creating Interface Parameters You can configure u p to 4 virtual routers IDs on an IP interface. Each virtual router instance can manage up to 16 backup IP addresses, incl uding up to 16 secondary IP addresses. If you have multiple subnets configur ed on an Ethernet inte[...]

  • Página 209

    VRRP 7750 SR OS R outer Conf iguration Guide Page 209 Configuring VRRP Policy Component s Use the CLI syntax displayed be low to configure a VRRP policy: CLI Syntax: config>vrrp policy policy-id [context service-id ] description string delta-in-use-limit in-use-priority-limit priority-event port-down port-id [. channel-id ] hold-set seconds prio[...]

  • Página 210

    Configuring VRRP Policy Components Page 210 7750 SR OS R out er Configur a tion Guide The following displays the VRRP policy configuration: A:SR1>config>vrrp# info ---------------------------------------------- policy 1 delta-in-use-limit 50 priority-event port-down 1/1/2 hold-set 43200 priority 100 delta exit route-unknown 0.0.0.0/0 protocol[...]

  • Página 211

    VRRP 7750 SR OS R outer Conf iguration Guide Page 211 Configuring IES or VPRN Service VRRP Parameters VRRP parameters can be configured on an inte rface in an IES or VP RN service to provide virtual default router su pport which allows tr a ffic to be routed withou t relying on a single router in case of failure. VRRP can be configured the followin[...]

  • Página 212

    Configuring VRRP Policy Components Page 212 7750 SR OS R out er Configur a tion Guide Non-Owner IES or VPRN VRRP Example Use the CLI syntax displayed below to conf igure IES or VPRN service non-owner VRRP parameters: CLI Syntax: config>service# ies service-id [{customer customer-id }] config>service# vprn service-id [customer customer-id ]in-[...]

  • Página 213

    VRRP 7750 SR OS R outer Conf iguration Guide Page 213 The following example d isplays the basic non-owner VRRP configuration: A:SR2>config>service>ies# info ---------------------------------------------- interface "mertz" create address 10.10.65.4/24 backup 10.10.0.4/32 vrrp 1 priority 254 policy 1 authentication-type password au[...]

  • Página 214

    Configuring VRRP Policy Components Page 214 7750 SR OS R out er Configur a tion Guide Owner IES or VPRN VRRP Use the CLI syntax displayed below to co nfigure IES or VPRN service owner VRRP parameters: CLI Syntax: config>service# ies service-id [{customer customer-id }] config>service# vprn service-id [customer customer-id ] interface ip-int-n[...]

  • Página 215

    VRRP 7750 SR OS R outer Conf iguration Guide Page 215 Configuring Router Interface VRRP Parameters VRRP parameters can be configured on an interfa ce in an i nterface to provide virtual default router support which allows traffic to be rout ed without relying on a sing le router in case of failure. VRRP can be configured the following ways: • Rou[...]

  • Página 216

    Configuring VRRP Policy Components Page 216 7750 SR OS R out er Configur a tion Guide Router Interface VRRP Non-Owner Use the CLI syntax displayed below to co nfigure non-own er rout er interface VRRP parameters: CLI Syntax: config>router interface ip-int-name address ip-addr/mask-length no shutdown vrrp vrid authentication-type {password} authe[...]

  • Página 217

    VRRP 7750 SR OS R outer Conf iguration Guide Page 217 The following example displays the no n-owner interface VRRP configuration: A:SR2>config># info #------------------------------------------ interface "lucy" address 10.20.30.40/24 secondary 10.10.50.1/24 secondary 10.10.60.1/24 secondary 10.10.70.1/24 vrrp 1 backup 10.10.50.2 bac[...]

  • Página 218

    Configuring VRRP Policy Components Page 218 7750 SR OS R out er Configur a tion Guide Router Interface VRRP Owner Use the CLI syntax displayed below to config ure owner router interface VRRP parameters: CLI Syntax: config>router interface ip-int-name address ip-addr/mask-length no shutdown vrrp vrid owner authentication-type {password} authentic[...]

  • Página 219

    VRRP 7750 SR OS R outer Conf iguration Guide Page 219 VRRP Configuration Management T asks This section discusses th e following VRRP configur ation management tasks: • Modifying a VRRP Policy on page 21 9 • Deleting a VRRP Policy on page 220 • Modifying Service and Interface VRRP Parameters on page 221 → Modifying Non-Own er Pa rameters on[...]

  • Página 220

    VRRP Configuratio n Management T asks Page 220 7750 SR OS R out er Configur a tion Guide Deleting a VRRP Policy Policies are only applied to non-owner VRRP in stances. A VRRP policy cannot be deleted if it is applied to an interface or to an IES service. Each instance in which the policy is applied must be deleted. The following example displays th[...]

  • Página 221

    VRRP 7750 SR OS R outer Conf iguration Guide Page 221 Modifying Service and In terface VRRP Parameters Modifying Non-Owner Parameters Once a VRRP instance is created as non-ow ner, it cannot be modified to the own er state. The vrid must be deleted and then recreated with the owner keyword to in voke IP address ownership. Modifying Owner Parameters[...]

  • Página 222

    VRRP Configuratio n Management T asks Page 222 7750 SR OS R out er Configur a tion Guide[...]

  • Página 223

    VRRP 7750 SR OS R outer Conf igur ation Guide Page 223 VRRP Command Reference Command Hierarchies Configuration Commands • VRRP Network Interface Commands on page 223 • VRRP Priority Control Event Policy Commands on page 225 • Show Commands on page 226 • Clear Commands on page 226 VRRP Network Interface Commands config — router — [ no ][...]

  • Página 224

    VRRP Command Reference Page 224 7750 SR OS R out er Configuration Guide — [ no ] pree mpt — priority priority —n o priority — [ no ] ssh-r eply — [ no ] standby-forwarding — [ no ] telnet-reply — [ no ] shutdown — [ no ] tracerout e-reply[...]

  • Página 225

    VRRP 7750 SR OS R outer Conf igur ation Guide Page 225 VRRP Priority Control Event Policy Commands config —v r r p — [ no ] policy polic y-id [ contex t service-id ] — delta-in-use-limit limit —n o delta-in-use-limit — description descripti on string —n o description — [ no ] priority-event — [ no ] host-unreachable ip-addr — drop[...]

  • Página 226

    VRRP Command Reference Page 226 7750 SR OS R out er Configuration Guide Show Commands show —r o u t e r —v r r p — instance [ interface interface-name [ vrid virtual-r outer -id ]] — statistics Clear Commands clear — router —v r r p — instance interface-name [ vrid virtual-r outer -id ] — statistics [ interface interface-name [ vrid[...]

  • Página 227

    VRRP 7750 SR OS R outer Conf iguration Guide Page 227 Configuration Commands Interface Configuration Commands authentication-key Syntax authenti cation-key [ authentication-key | hash-key ] [ hash | hash2 ] no authen ti ca ti on-key Context config>router>if>vrrp Description This command sets the simple text authentication key used to gener[...]

  • Página 228

    Configuration Co mmands Page 228 7750 SR OS R out er Configuration Guide Parameters authentication-key — The authentication key . Allowed values are any string up to 8 characters long composed of printable, 7-bit AS CII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quo[...]

  • Página 229

    VRRP 7750 SR OS R outer Conf iguration Guide Page 229 Parameters password — Specifies VRRP Authentic a tion T ype 1 is used. T yp e 1 requires the definition of an ei ght octet long string. All transmitted VRRP advertisem ent messages must have the authenticat ion type fiel d set to 1 and the authentication data fields must contain the authentica[...]

  • Página 230

    Configuration Co mmands Page 230 7750 SR OS R out er Configuration Guide error generated. At least one successful backup ip-addr command must be executed before the virtual router instance can enter the operational state. When operating as (non-owner) master , th e default functionalit y associated with ip-addr is ARP response to ARP requests to ip[...]

  • Página 231

    VRRP 7750 SR OS R outer Conf iguration Guide Page 231 Example - Owner Virtual Router In stance Non-Owner Vi rtual Router IP Address Parent al Association — When an IP address is assigned to a no n-owner virtual router instance, it mu st be associated with one of the parental IP interface assigned IP addresses. The virtual router IP address must b[...]

  • Página 232

    Configuration Co mmands Page 232 7750 SR OS R out er Configuration Guide Parent Primary IP Addres s Changed — When a virtual router IP address is set and the associated parent IP interface IP address is cha nged, the new parent IP interface IP address is evaluated to ensure it meets th e association rules defined in Owner V irtual Router IP Addre[...]

  • Página 233

    VRRP 7750 SR OS R outer Conf iguration Guide Page 233 The mac command sets the MAC address used in ARP resp onses when the virtual router instance is master . Rou tin g of IP packets with ieee-mac-addr as the destination MAC is also enabled. The mac setting must b e the same for all virtual routers pa rticipating as a virtual router or indeterminat[...]

  • Página 234

    Configuration Co mmands Page 234 7750 SR OS R out er Configuration Guide message-interval Synt ax message -interval {[ seconds ] [ milliseconds milliseconds ]} no message-interval Context config>router>if>vrrp Descri ption This command configures the admi nistrative advertisemen t message timer used by the master virtual router instance to[...]

  • Página 235

    VRRP 7750 SR OS R outer Conf iguration Guide Page 235 policy Synt ax policy vrrp-policy-id no policy Context config>router>if>vrrp Description This command adds a VRRP priority control polic y association with the virtual router instance. T o further augment the virt ual ro ut er instance base priority , VRRP priority con trol policies can[...]

  • Página 236

    Configuration Co mmands Page 236 7750 SR OS R out er Configuration Guide Non-owner virtual router instan ces on ly preempt when pr eempt is set and the current master has an in-use message priorit y value less than the virtual router instances in-use priority . A master non-owner virtual router only allows it self to be preempted wh en the incoming[...]

  • Página 237

    VRRP 7750 SR OS R outer Conf iguration Guide Page 237 ping-reply Synt ax [ no ] ping-reply Context config>router>if>vrrp Description This command enables the non-owner master to reply to ICMP echo requests directed at the vritual router instances IP addresses. Non-owner virtual rou ter instances are limited by the VRRP specifications to re[...]

  • Página 238

    Configuration Co mmands Page 238 7750 SR OS R out er Configuration Guide If the shutdown command is executed, no VRRP advertis ement messages are generated and all received VRRP advertisement messages are silently discarded with no processing. By default, virtual router instances are created in the no shutdown state. Whenever the administrative sta[...]

  • Página 239

    VRRP 7750 SR OS R outer Conf iguration Guide Page 239 standby-forwarding Synt ax [ no ] st andby-forwarding Context config>router>if>vrrp Description This command specifies whether th is VRRP instance allows forwardi ng packets to a stand by router . When disabled, a st andby router should not forw ard traf fic sent to virtual router'[...]

  • Página 240

    Configuration Co mmands Page 240 7750 SR OS R out er Configuration Guide traceroute-reply Synt ax [ no ] traceroute- reply Context config>router>if>vrrp Description This command is valid only if the VRRP virtual rout er instance associated with this entry is a non- owner . When this command is enabled, a non-owner master can reply to trace[...]

  • Página 241

    VRRP 7750 SR OS R outer Conf iguration Guide Page 241 VRRP Owner Command Exclusions — By specifying the VRRP vrid as owner , The follow ing commands are no longer available: • vrrp mismatch-discard — Owner virtual router instances do not accept VRRP advertisement messages; IP address mismatches are not checked or logged. • vrrp priority —[...]

  • Página 242

    Configuration Co mmands Page 242 7750 SR OS R out er Configuration Guide Priority Policy Commands delta-in-use-limit Synt ax delt a-in-use-limit in-use-priority-limit no delt a-in-use-limit Context config>vrr p>policy vrrp-policy-id Description This command sets a lower limit on the virtu a l rou ter in-use priority that can be derived from t[...]

  • Página 243

    VRRP 7750 SR OS R outer Conf iguration Guide Page 243 description Synt ax description string no description Context config>vrrp>po licy vrrp-policy-id Description This command creates a text descri ption stored in the configuration file for a configuration context. The description command associates a text string with a co nfiguration context[...]

  • Página 244

    Configuration Co mmands Page 244 7750 SR OS R out er Configuration Guide Parameters vrrp-policy-id — The VRRP priority control ID expressed as a decimal integer that uniquely identifies this policy from any other VRRP priority control po licy defined on the system. Up to 1000 policies can be defined. Va l u e s 1 — 999 9 context service-id — [...]

  • Página 245

    VRRP 7750 SR OS R outer Conf iguration Guide Page 245 Priority Policy Event Commands hold-clear Synt ax hold-clear se conds no hold-c lear Context config>vrrp>po licy vrrp-policy-id >priority-event>port-down config>vrrp> policy vrrp-policy-id >priority-event>lag-port-down config>vrrp> policy vrrp-policy-id >priority[...]

  • Página 246

    Configuration Co mmands Page 246 7750 SR OS R out er Configuration Guide lag-port-down events, this may be a decreas e in the set effect if the clearing amounts to a lower set threshold. The hold-set command can be executed at anyt ime. If the hold-set timer value is configured larger than the new seconds setting, the timer is loaded with the new h[...]

  • Página 247

    VRRP 7750 SR OS R outer Conf iguration Guide Page 247 Parameters priority-level — The priority level adjustment value expressed as a decimal integer . Va l u e s 0 — 254 delta | explicit — Configures what ef fec t the priority-level will have on the base priority value. When delta is specified, the priority-level value is subtracted from th e[...]

  • Página 248

    Configuration Co mmands Page 248 7750 SR OS R out er Configuration Guide Priority Policy Port Down Event Commands port-down Synt ax [ no ] port-down port-id Context config>vr rp>policy>priority-event Description This command configures a port down priority control event that monitors the operational state of a port or SONET/SDH channel. Wh[...]

  • Página 249

    VRRP 7750 SR OS R outer Conf iguration Guide Page 249 to be separate entities. A port and a channel on the port can be monitored by separate events in the same policy . Va l u e s port-id slot / mda / port [. channel ] aps-id aps- gr oup-id [. channel ] aps keyword group-id 1 — 64 bundle-type-slot/mda.<bun dle-num> bundle keyword type ima, [...]

  • Página 250

    Configuration Co mmands Page 250 7750 SR OS R out er Configuration Guide Priority Policy LAG Event s Commands lag-port-down Synt ax [ no ] lag-port-down lag-id Context config>vrr p>policy vrrp-policy-id >priority-event Description This command creates th e context to configure Link Aggregation Group (LAG) priority cont rol events that moni[...]

  • Página 251

    VRRP 7750 SR OS R outer Conf iguration Guide Page 251 configured threshold is crossed, any higher thre sholds are considered further event sets and are processed immediately wit h the hold set tim er reset to the configured value of the hold-set command. As the thresholds are crossed in the opposite dir ection (fewer ports down then previously), th[...]

  • Página 252

    Configuration Co mmands Page 252 7750 SR OS R out er Configuration Guide Parameters number-of-lag-ports-down — The number of LAG ports down to cr eate a set event threshold. This is the active threshold when the number of down ports in the LA G equals or exceeds number-of- lag-ports-down , but does not equal or exceed the next highest configured [...]

  • Página 253

    VRRP 7750 SR OS R outer Conf iguration Guide Page 253 Priority Policy Host Unreachable Event Commands drop-count Synt ax drop-count co nsecutive-failures no drop-coun t Context config>vrrp vrrp-polic y-id >priority- event>host-unreachable ip-addr Description This command configures the numb er of consecutively sent ICMP echo request messag[...]

  • Página 254

    Configuration Co mmands Page 254 7750 SR OS R out er Configuration Guide The host-unr eachable command can reference any valid local or remote IP address. The ability to ARP a local IP address or find a remote IP address within a route prefix in the route table is considered part of the m onitoring procedure. The host-unreachable priority event ope[...]

  • Página 255

    VRRP 7750 SR OS R outer Conf iguration Guide Page 255 The no form of the command deletes the specific IP ho s t monitoring event. The event may be deleted at anytime. When the event is dele ted, the in-use priority of all a ssociated virtual router instances must be reevaluated. The event’ s hold-set timer has no effect on the removal procedure. [...]

  • Página 256

    Configuration Co mmands Page 256 7750 SR OS R out er Configuration Guide W ith each consecutive attempt to send an ICMP echo request message, the timeout timer is loaded with the time out value. The timer decrements until: • An internal error occurs preventing mes sage sending (request unsuccessful). • An internal error occurs preventing mes s [...]

  • Página 257

    VRRP 7750 SR OS R outer Conf iguration Guide Page 257 Priority Policy Route Unknown Event Commands less-specific Synt ax [ no ] less-specific [ allow-default ] Context config>vrrp>po licy vrrp-policy-id >priority-event>route-unknown pr efix/mask-length Description This command allows a CIDR shorte st match hit on a route prefix th at co[...]

  • Página 258

    Configuration Co mmands Page 258 7750 SR OS R out er Configuration Guide When more than one next ho p IP ad dresses are eligible for matching, a next-hop command must be executed for each IP address. Defining the same IP address multip le times has no effect after the first instance. The no form of the command removes the ip-addr from the list of a[...]

  • Página 259

    VRRP 7750 SR OS R outer Conf iguration Guide Page 259 is-is — This param eter defines IS-IS as an eligible ro ute source for a returned route prefix from the R TM when looking up th e route-unknown route prefix. The is-is parameter is not exclusive from the other available protocol parameters. If pr otocol is executed without the is-is parameter [...]

  • Página 260

    Configuration Co mmands Page 260 7750 SR OS R out er Configuration Guide An existing route prefix in the R T M must be acti ve (used by the IP forwardi ng engi ne) to clear the event operational state. It may be less specific (the defined prefix may b e contained in a larger prefix according to Classless Inter -Domain Routing (CIDR) techniques) if [...]

  • Página 261

    VRRP 7750 SR OS R outer Conf iguration Guide Page 261 Show Commands global-statistics Synt ax global-st atistics Context show>vrrp Description Thi s command di splays global VRRP statistics. Output VRRP Global St atist ics Output — The following table describes the global st atistics command output fields for VRRP. Output Sample Output A:ALA-A[...]

  • Página 262

    Show Command s Page 262 7750 SR OS R out er Configuration Guide vrid vrid — Displays detailed information for the speci fied VRRP instance on the IP interface. Default All VRIDs for the IP interface. Va l u e s 1 — 255 Output VRRP Instan ce Output — The following table describes the instance comman d out put fields fo r VRRP. T able 10: Show [...]

  • Página 263

    VRRP 7750 SR OS R outer Conf iguration Guide Page 263 Inh Int Yes — When the VRRP instance is a non-owner and is operat- ing as a backup and the master -int-inherit command is enabled, the master down timer is indirectly derived from the value in the advertisement interval field of the VRRP message received from the current master . No — When t[...]

  • Página 264

    Show Command s Page 264 7750 SR OS R out er Configuration Guide Output Sample Output A:ALA-A# show vrrp instance =============================================================================== VRRP Instances =============================================================================== Interface Name VR Own Adm Opr State Pol Base InUse Msg Inh Id [...]

  • Página 265

    VRRP 7750 SR OS R outer Conf iguration Guide Page 265 A:ALA-A# A:ALA-A# show vrrp instance d2hub =============================================================================== VRRP Instances for interface "d2hub" =============================================================================== ----------------------------------------------[...]

  • Página 266

    Show Command s Page 266 7750 SR OS R out er Configuration Guide policy Synt ax policy [ vrrp-policy-id [ event event-type specific-qualifier ]] Context show >vrrp Description This command disp lays VRRP priority control poli cy information. If no command line options are sp ec ified , a su mmary o f th e VRRP pr iority control event policies dis[...]

  • Página 267

    VRRP 7750 SR OS R outer Conf iguration Guide Page 267 Delta Limit The delta-in-use-limit for a VRRP policy . Once the total sum of all delta events has been calcu lated and subtracted from the base-priority of the v irtual router , the result is compared to the delta-in-use-limit v alue. If the result is less than thi s value, the delta-in-use-limi[...]

  • Página 268

    Show Command s Page 268 7750 SR OS R out er Configuration Guide Output Sample Output A:ALA-A# show vrrp policy =============================================================================== VRRP Policies =============================================================================== Policy Current Current Current Delta Applied Id Priority & Ef[...]

  • Página 269

    VRRP 7750 SR OS R outer Conf iguration Guide Page 269 ------------------------------------------------------------------------------- Priority Control Events ------------------------------------------------------------------------------- Event Type & ID Event Oper State Hold Set Priority In Remaining &Effect Use ----------------------------[...]

  • Página 270

    Show Command s Page 270 7750 SR OS R out er Configuration Guide Applied to Interface Name The interface name the VRRP policy is applied to. VR ID The virtual router ID for the IP interface Opr Up — Indicates that the operationa l state of the VRRP instance is up. Down — Indicates that the operatio nal state of the VRRP instance is down. Base Pr[...]

  • Página 271

    VRRP 7750 SR OS R outer Conf iguration Guide Page 271 Sample Output A:ALA-A#show vrrp policy event port-down =============================================================================== VRRP Policy 1, Event Port Down 1/1/1 =============================================================================== Description : Current Priority: None Applied[...]

  • Página 272

    Show Command s Page 272 7750 SR OS R out er Configuration Guide ------------------------------------------------------------------------------- Priority Control Event Port Down 1/1/1 ------------------------------------------------------------------------------- Priority : 30 Priority Effect : Delta Hold Set Config : 0 sec Hold Set Remaining: Expir[...]

  • Página 273

    VRRP 7750 SR OS R outer Conf iguration Guide Page 273 Protocol(s) : None Hold Set Config : 0 sec Hold Set Remaining: Expired Value In Use : No Current State : n/a # trans to Set : 0 Previous State : n/a Last Transition : 12/13/2005 23:10:24 =============================================================================== A:ALA-A# statistics Syntax st[...]

  • Página 274

    Clear Commands Page 274 7750 SR OS R out er Configuration Guide Clear Commands instance Synt ax interface ip-int-name [ vrid vrid ] Context clear>vrrp Description This command resets VRRP protoc ol instances on an IP interface. Parameters ip-int-name — The IP interface to reset th e VRRP protocol instances. vrid vrid — Resets the VRRP protoc[...]

  • Página 275

    7750 SR OS R outer Conf iguration Guide P age 275 Filter P olicies In This Chapter This chapter provides information about filter policie s and management. T opics in this chapter include: • Filter Policy Configuratio n Overview on page 276 → Service and Network Port-based Filtering on page 276 → Filter Policy Entities on page 277 → Redirec[...]

  • Página 276

    Filter Policy Conf iguration Overview Page 276 7750 SR OS R out er Configur a tion Guide Filter Policy Configuration Overview Filter policies, also referred to as Access Control Lists (ACLs), are templates applied to services or network ports to control network traffic into (ingre ss) or out of (egress) a service access port (SAP) or network port b[...]

  • Página 277

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 277 Filter Policy Entities A filter policy compares the match criteria specified within a filter entry to packets coming through the system, in the order the entries are nu mber ed in the p olicy . When a pa ck e t m atc h es all the parameters specified in the entr y , the system takes t[...]

  • Página 278

    Filter Policy Conf iguration Overview Page 278 7750 SR OS R out er Configur a tion Guide Filter policies can be applied to specific service types: • Epipe — Both MAC and IP filters are su pported on an Epipe SAP and sp o ke SDPs. • VPLS — Both MAC and IP filters are supported on a VP LS SAP . • IES — Only IP and IPv6 filters are suppor [...]

  • Página 279

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 279 Redirection policies can contain mu ltiple destinat ions. Each destin ation is assigned an initial or base priority describing its relative importance wi thin the policy . The des tination with the highest priority value is selected. There are no default redirect policies. Each re dir[...]

  • Página 280

    Filter Policy Conf iguration Overview Page 280 7750 SR OS R out er Configur a tion Guide Web Redirection (Captive Port al) The 7xx0 Series introdu ce s a new type of redirection policy . Redirection polic ies were designed for testing purposes. The new redirection policy can now block a customer ’ s reques t from an intended recipient and fo rce [...]

  • Página 281

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 281 Figure 19: Web Redirec t Traffic Flow Starred entries (*) are items the router performs m asquerading as the destination, regardless of the destination IP address or type of service. Information needed by the filter that may be sent to the portal: • Customer ’ s IP address • Cus[...]

  • Página 282

    Creating Redirect Policies Page 282 7750 SR OS R out er Configur a tion Guide Creating Redirect Policies Figure 20 displays the process to create redirect policies and apply them to a service SAP or router interface. Figure 20: Filter Creation and Implemen tation Flow CREATE A REDIRECT POLICY CREATE IP FILTER SPECIFY DESTINATION, PRIORITY, TEST TYP[...]

  • Página 283

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 283 Figure 20 displays the process to create filter policies and apply them to a service or network port. Figure 21: Filter Creation and Implemen tation Flow CREATE AN IP OR MAC FILTER (FILTER ID) CREATE FILTER ENTRIES (ENTRY ID) SPECIFY SCOPE, DEFAULT ACTION, DESCRIPTION SPECIFY ACTION, [...]

  • Página 284

    Creating Redirect Policies Page 284 7750 SR OS R out er Configur a tion Guide Policy Component s Figure 22 displays the majo r componen ts of a redirec t policy . Figure 22: Redirect Policy Components • Redirect policy — This is the va lue which identifies t he filter . • Destination — An IP address that serves as a cache server destination[...]

  • Página 285

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 285 Figure 23 displays the major components of a fi lter policy . Figure 23: Filter Policy Components • Filter (mandatory) — This is the value which identifies the filter . • Description (optional) — The description prov ides a brief overview of the filter ’ s features. • Scop[...]

  • Página 286

    Creating Redirect Policies Page 286 7750 SR OS R out er Configur a tion Guide Packet Matching Criteria Up to 65535 IP and 65 535 MAC filter IDs (uniq ue filter policies) can be d efined. A maximum of 16384 filter entries can be defined in one filter at the same ti me. E ach filter ID can contain up to 65535 filter entries. A ma ximum of 16384 filte[...]

  • Página 287

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 287 • Option value — Entering an option value enables the first filter to sear ch for a specific IP option. See Ta b l e 1 6 . • TCP-ACK/SYN flags - Entering a TCP-SYN/TCP- ACK flag allows the filter to search for the TCP flags specified in these fields. MAC filter policies match cr[...]

  • Página 288

    Creating Redirect Policies Page 288 7750 SR OS R out er Configur a tion Guide DSCP V alues Table 15: DSCP Nam e to DSCP V a lue T able DSCP Name Decimal DSCP V alue Hexadecimal DSCP V alue Binary DSCP V alue default 0 * cp1 1 cp2 2 cp3 3 cp4 4 cp5 5 cp6 6 cp7 7 * cs1 8 cp9 9 af10 10 * a f 11 11 * af12 12 * cp13 13 cp14 14 cp15 15 cs2 16 * cp17 17 a[...]

  • Página 289

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 289 cp21 31 cs4 32 * cp33 33 af41 34 * cp35 35 af42 36 * cp37 37 af43 38 * cp39 39 cs5 40 * cp41 41 cp42 42 cp43 43 cp44 44 cp45 45 ef 46 * cp47 47 nc1 48 * (cs6) cp49 49 cp50 50 cp51 51 cp52 52 cp53 53 cp54 54 cp55 55 cp56 56 cp57 57 nc2 58 * (cs7) cp60 60 cp61 61 cp62 62 Table 15: DSCP [...]

  • Página 290

    Creating Redirect Policies Page 290 7750 SR OS R out er Configur a tion Guide IP Option V alues Table 16: IP Option Values Copy Class Number V alue Name Description 0 0 0 0 EOOL End of options list 0 011 N O P N o o p e r a t i o n 0 0 7 7 RR Record route 0 0 10 10 ZSU Experimental mea sure ment 0 0 11 11 M T U P M T U p r o b e 0 0 12 12 MTUR MTU [...]

  • Página 291

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 291 Ordering Filter Entries When entries are created, they should be arranged sequentially from the most explicit entry to the least explicit. Filter matching ceases when a pack et matches an entry . The entry action is performed on the packet, either drop or forward. T o be considered a [...]

  • Página 292

    Creating Redirect Policies Page 292 7750 SR OS R out er Configur a tion Guide Figure 24 displays an example of several packets fo rwarded upon matching the filter criteria and several packets traversi ng through the filter entries and then dropped. Figure 24: Filtering Proc ess Example INGRESSING PACKETS: #1: SA: 10.10.10.103, DA: 10.10.10. 104 #2:[...]

  • Página 293

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 293 Applying Filters After filters are created, they can be applied to the foll owing entities: • Applying a Filter to a SAP on page 2 93 • Applying a Filter to a Network Port o n page 293 Applying a Filter to a SAP During the SAP creation process, ingr ess and egress filters are sele[...]

  • Página 294

    Configuration Notes Page 294 7750 SR OS R out er Configur a tion Guide Configuration Notes The following information describ es filter implementation caveats: • Creating a filter policy is optional. • Associating a service with a filter policy is optional. • When a filter policy is configured, it mu st be defined as having either an exclusive[...]

  • Página 295

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 295 IP Filters • Define filter entry packet matching criteria — If a filter policy is created with an entry and entry action specified but the packet matching criteria is not defined, then all packets processed through this filter policy entry will pass and take the action specified. [...]

  • Página 296

    Configuration Notes Page 296 7750 SR OS R out er Configur a tion Guide • In case the mini-table has no more free en tries, only T otal counter is incremented. • At expiry of the summarizatio n interval, the mini-table for each type is flushed to the syslog destination.[...]

  • Página 297

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 297 Reference Sources For information on supported IETF drafts and standards, as well as standard and proprietary MIBS, refer to Standards and Pro tocol Support on page 715 .[...]

  • Página 298

    Configuration Notes Page 298 7750 SR OS R out er Configur a tion Guide[...]

  • Página 299

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 299 Configuring Filter Policies with CLI This section provides informatio n to configure filter policies us ing the command line interface. Topics in this section include: • Filter CLI Command Struct ure on page 300 • List of Commands on page 30 2 • Basic Configuration on page 30 8 [...]

  • Página 300

    Filter CLI Command S tructure Page 300 7750 SR OS R out er Configuration Guide Filter CLI Command Structure Figure 25 displays the 7750 SR OS filter command st ructure. The filter c onfi guration commands are located under the config>filter context and the show commands are under show>filter ip and show>filter mac . Figure 25: Filter Comma[...]

  • Página 301

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 301 Figure 26 displays the 7750 SR OS filter redirect po licy command structure. The redirect policy configuration commands are located under the config>filter context and the show co mmands are under show>filter>redirect-policy context. Figure 26: Redirect Po licy Command S t ru[...]

  • Página 302

    List of Commands Page 302 7750 SR OS R out er Configuration Guide List of Commands Ta b l e 1 8 lists all the filter configuration commands indicating the configur ation level at which each command is implemented with a short command descrip tion. The filter policy command list is organized in the followi ng task-oriented manner: • Configure an I[...]

  • Página 303

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 303 filter-sample Specifies that traffic matching the associated IP filter entry is sampled if the IP interface is set to cflowd ip-filter mode. 368 interface-disable- sample Specifies that traffic matching the asso ciated IP filter entry is not sampled if the IP interface is set to c flo[...]

  • Página 304

    List of Commands Page 304 7750 SR OS R out er Configuration Guide Configure an IPv6 filter policy config>filter ipv6-filter Creates an IPv6 filter policy. 358 default-action The default action spec ifies the action to b e ap plie d to pa ck et s when the packets do not match the specified criter ia in any of the IPv6 filter entries of the filter[...]

  • Página 305

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 305 icmp-type Configures matching on ICMP type field in the ICMP h ead er of an IP packet as an IP filter match criterion. 377 src-ip Configures a source IP address rang e to be used as an IP filter match criterion. 380 src-port Configures a source TCP or UDP port nu mber or port range fo[...]

  • Página 306

    List of Commands Page 306 7750 SR OS R out er Configuration Guide dot1p Configures an IEEE 802.1p value or range to be used as a MAC filter match criterion. 383 etype Configures an Ethernet type II Ethert ype value to be used as a MAC filter match criterion. 385 dsap Configures an Ethernet 802.2 LLC DSAP value or range for a MAC filter match criter[...]

  • Página 307

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 307 configure a filter log policy config>filter log Enables the context to create a filter log policy. 360 destination memory Specifies the destination for filte r log entries be sent to memory. destination syslog Specifies the destination for filter log entries be sent to an existing [...]

  • Página 308

    Basic Configuration Page 308 7750 SR OS R out er Configuration Guide Basic Configuration The most basic IP, IPv6, and MAC filte r policies must have the following: • A filter ID • T emplat e scope , either exclusive or template • Default action, either drop or forward • At least one filter entry → Specified action, either drop or forward [...]

  • Página 309

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 309 Common Configuration T asks This section provides a brief overview of the task s that must be performed for both IP and MAC filter configurations and provides the CLI commands. To configure a filter policy, perform the following tasks: • Creating an IP Filter Policy on page 310 • [...]

  • Página 310

    Common Configuration T asks Page 310 7750 SR OS R out er Configuration Guide Creating an IP Filter Policy Configuring and applying filter policies is optiona l. Each filter policy mu st have the following: • The filter type specified (IP) • A filter policy ID • A default action, either drop or forward. • T emplate scope specified, either ex[...]

  • Página 311

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 311 The following displays the command usage to create an exclusive IP filter policy: Example : config>filter# ip-filter 11 create config>filter# description "filter-main" config>filter# scope exclusive The following example displays the exclusive filter policy configur[...]

  • Página 312

    Common Configuration T asks Page 312 7750 SR OS R out er Configuration Guide IP Filter Entry Within a filter policy, configure filter entries which contain criteri a agai nst which ingress, egress, or network traffic is matched. The action specifi ed in the entry determine how the packets are handled, either d ropped or forwarded. • Enter a filte[...]

  • Página 313

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 313 Configuring the HTTP-Redirect Option If http-redirect is specified as an action, a corresponding forward entry must be specified before the redirect. For example: CLI Syntax: config>filter# ip-filter filter-id entry entry-id [time-range time-range-name ] action [drop] action forwar[...]

  • Página 314

    Common Configuration T asks Page 314 7750 SR OS R out er Configuration Guide exit entry 30 create match protocol tcp dst-ip 10.10.10.91/24 dst-port eq 80 exit action http-redirect "http://100.0.0.2/login.cgi?mac=$MAC$sap=$S AP&ip=$IP&orig_url=$URL" exit ---------------------------------------------- A:ALA-48>config>filter>[...]

  • Página 315

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 315 Filter Sampling Within a filter entry, you can specify that traffic ma tching the associated IP filter entry is sampl ed. if the IP interface is set to cflowd ip-filter m ode. Enabling filter-sample en ables the cflowd tool. Use the following CLI syntax to enable filter sampling: CLI [...]

  • Página 316

    Common Configuration T asks Page 316 7750 SR OS R out er Configuration Guide IP Entry Matching Criteria Use the following CLI syntax to configure IP filter matching criteria: CLI Syntax: config>filter>ip-filter>entry# match dscp dscp-name dst-ip { ip-address/mask|ip-address netmask } dst-port {{lt|gt|eq} dst-port-number } | {range start en[...]

  • Página 317

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 317 Creating an IPv6 Filter Policy Configuring and applying IPv6 filter policies is optional. Each filter policy must have the following: • The IPv6 filter type specified • An IPv6 filter policy ID • A default action, either drop or forward. • T emplate scope specified, either exc[...]

  • Página 318

    Common Configuration T asks Page 318 7750 SR OS R out er Configuration Guide IPv6 Filter Entry Within an IPv6 filter policy, configure filter entries which contain criteria against which ingress, egress, or network traffic is matched. The action specified in the entry de termine how the packets are handled, either dropped or forwarded. • Enter an[...]

  • Página 319

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 319 The following example displays th e IPv6 filter entry configuration. A:ALA-49>config>filter>ipv6-filter# info ---------------------------------------------- description "New IPv6 filter info" scope exclusive entry 1 create match dst-ip 11::12/128 src-ip 13::14/128 e[...]

  • Página 320

    Common Configuration T asks Page 320 7750 SR OS R out er Configuration Guide Creating a MAC Filter Policy Configuring and applying filter policies is optiona l. Each filter policy mu st have the following: • The filter type specified (MAC). • A filter policy ID. • A default action, either drop or forward. • T emplat e scope , either exclusi[...]

  • Página 321

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 321 MAC Filter Entry Within a filter policy, configure filter entries which contain criteri a agai nst which ingress, egress, or network traffic is matched. The action specifi ed in the entry determine how the packets are handled, either d ropped or forwarded. • Enter a filter entry ID.[...]

  • Página 322

    Common Configuration T asks Page 322 7750 SR OS R out er Configuration Guide MAC Entry Matching Criteria Use the following CLI syntax to co nfigure MAC filter matching criteria: CLI Syntax: config>filter>mac-filter># entry entry-id match [frame-type {802dot3|802dot2-llc|802dot2- snap|ethernet_II}] dot1p dot1p-value [ dot1p-mask ] dsap dsap[...]

  • Página 323

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 323 Creating Filter Log Policies Use the following CLI syntax to configure filter log policy: CLI Syntax: config>filter>log log-id description description-string destination memory num-entries destination syslog syslog-id no shutdown summary no shutdown summary-crit dst-addr summary[...]

  • Página 324

    Common Configuration T asks Page 324 7750 SR OS R out er Configuration Guide Applying Filter Policies Filter policies can be associated with the following entities: Apply IP and MAC Filter Policies The following example shows an example of applying an IP and a MAC filter po licy to an E pipe service: CLI Syntax: config>service# epipe service-id [...]

  • Página 325

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 325 config>service>epipe# spoke-sdp 8:8 create config>service>epipe>spoke-sdp$ egress config>service>epipe>spoke-sdp>egress$ filter mac 91 config>service>epipe>spoke-sdp>egress$ exit config>service>epipe>spoke-sdp# ingress config>service&[...]

  • Página 326

    Common Configuration T asks Page 326 7750 SR OS R out er Configuration Guide Apply an IPv6 Filter Policy to an IES SAP Use the following CLI syntax to apply an IPv6 filter policy to an ingress or egress SAP: CLI Syntax: config>service# ies service-id interface interface-name sap sap-id ingress filter ipv6 ipv6-filter-id egress filter ipv6 ipv6-f[...]

  • Página 327

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 327 Apply Filter Policies to Network Port IP filter policies can be applied to network IP inte rfaces. MAC filters cannot be applied to network IP interfaces or to routable IES services. IPv6 fi lter policies can be applied to network IP interfaces in the IPv6 context within the interface[...]

  • Página 328

    Common Configuration T asks Page 328 7750 SR OS R out er Configuration Guide Apply an IPv6 Interface Use the following CLI syntax to apply an IPv6 filter policy to a network IP interface: CLI Syntax: config>router# interface ip-int-name egress filter ipv6 ipv6-filter-id ingress filter ipv6 ipv6-filter-id Example : config>router# interface ipv[...]

  • Página 329

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 329 Creating a Redirect Policy Configuring and applying redirect policies is optional. Each redirect policy must have the following: • A destination IP address • A priority (default is 100) • At least one of the following tests must be enabled: → Ping test → SNMP test → URL te[...]

  • Página 330

    Common Configuration T asks Page 330 7750 SR OS R out er Configuration Guide The following displays the command usage to cr eate a redirect policy: Example : config>filter# redirect-policy redirect1 config>filter>redirect-policy# destination 10.10.10.104 config>filter>redirect-policy>dest# description "SNMP_to_104" confi[...]

  • Página 331

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 331 exit no shutdown exit destination 10.10.10.106 create priority 90 url-test " URL_to_106 " url " http://aww.alcatel.com/ipd /" interval 60 return-code 2323 4567 raise-priority 96 exit no shutdown exit ... ---------------------------------------------- A:ALA-7>con[...]

  • Página 332

    Common Configuration T asks Page 332 7750 SR OS R out er Configuration Guide Configuring Policy-Based Forward ing for Deep Packet Inspection in VPLS The purpose policy-based forwarding is to capt ure traffic from a customer and perform a dee p packet inspection (DPI) and forward traffic, if allowed, by the DPI. In the following example, the split h[...]

  • Página 333

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 333 Configuring the VPLS service: Example : config>service# vpls 10 customer 1 create config>service>vpls$ service-mtu 1400 config>service>vpls$ split-horizon-group "dpi" residential-group create config>service>vpls>split-horizon-group$ exit config>ser[...]

  • Página 334

    Common Configuration T asks Page 334 7750 SR OS R out er Configuration Guide Configuring the MAC filter policy: Example : config>filter# mac-filter 100 create config>filter>mac-filter$ default-action forward config>filter>mac-filter$ entry 10 create config>filter>mac-filter>entry$ match config>filter>mac-filter>entr[...]

  • Página 335

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 335 Adding the MAC filter to the VPLS service: Example : config>service# config>service# vpls 10 config>service>vpls# sap 1/1/5:5 split-horizon-group "split" create config>service>vpls>sap$ ingress config>service>vpls>sap>ingress$ filter mac 100 [...]

  • Página 336

    Filter Management T asks Page 336 7750 SR OS R out er Configuration Guide Filter Management T asks This section discusses the following filte r policy management tasks: • Renumbering Filter Policy Entries on page 336 • Modifying an IP Filter Policy on page 338 • Modifying a MAC Filter Policy on page 341 • Deleting a Filter Policy on page 34[...]

  • Página 337

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 337 The following displays the original filter entry orde r on the left side and th e reordered filter entries on the right side: A:ALA-7>config>filter# info ---------------------------------------------- ... ip-filter 11 create description "filter-main" scope exclusive en[...]

  • Página 338

    Filter Management T asks Page 338 7750 SR OS R out er Configuration Guide Modifying an IP Filter Policy To access a specific IP filter, you mu st specify the filte r ID. Use the no form of the command to remove the command parameters or return the para meter to the default setting. Example : config>filter>ip-filter# description " New IP [...]

  • Página 339

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 339 exit .. ---------------------------------------------- A:ALA-7>config>filter#[...]

  • Página 340

    Filter Management T asks Page 340 7750 SR OS R out er Configuration Guide Modifying an IPv6 Filter Policy To access a specific IPv6 filter, you must specify the filter ID. Use the no form of the command to remove the command parameters or return the para meter to the default setting. Example : config>filter# ipv6-filter 11 config>filter>ip[...]

  • Página 341

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 341 Modifying a MAC Filter Policy To access a specific MAC filter, you mu st specify the filter ID. Use the no form of the command to remove the command parameters or return the para meter to the default setting. Example : config>filter# mac-filter 90 config>filter>mac-filter# de[...]

  • Página 342

    Filter Management T asks Page 342 7750 SR OS R out er Configuration Guide Deleting a Filter Policy Before you can delete a filter, you must remove the filter associat ion from the applied ingress and egress SAPs and network interfaces. • From an Ingress SAP on page 342 • From an Egress SAP on page 342 • From a Network Interface on pag e 3 43 [...]

  • Página 343

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 343 From a Network Interface To delete a filter from a network interfa ce, enter the following CLI commands: CLI Syntax: config>router# interface ip-int-name ingress no filter Example : config>router# interface 11 config>router>if# shutdown config>filter>if# exit config&[...]

  • Página 344

    Filter Management T asks Page 344 7750 SR OS R out er Configuration Guide CLI Syntax: config>router>if# egress no filter ip 2 A:ALA-49>config>router>if# info ---------------------------------------------- port 1/1/1 ipv6 address 3FFE::101:101/120 exit egress filter ipv6 1 exit ---------------------------------------------- A:ALA-49&g[...]

  • Página 345

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 345 CLI Syntax: config>router>if# ingress no filter A:ALA-49>config>router>if# ---------------------------------------------- port 1/1/1 ipv6 address 3FFE::101:101/120 exit egress filter ipv6 1 exit ---------------------------------------------- A:ALA-49>config>router[...]

  • Página 346

    Filter Management T asks Page 346 7750 SR OS R out er Configuration Guide From the Filter Configuration After you have removed the filter from the SAP, use the following CL I syntax to delete the filter. CLI Syntax: config>filter# no ip-filter filter-id CLI Syntax: config>filter# no mac-filter filter-id CLI Syntax: config>filter# no ipv6-f[...]

  • Página 347

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 347 Modifying a Redirect Policy To access a specific redirect policy, you must specify the policy name. Use the no form of the command to remove the command parameters or return th e parameter to the default setting. Example : config>filter# redirect-policy redirect1 config>filter&g[...]

  • Página 348

    Filter Management T asks Page 348 7750 SR OS R out er Configuration Guide Deleting a Redirect Policy Before you can delete a redirect policy from the filter configuration, you must remove the policy association from the IP filter. The following example shows the command usage to replace the configured redire ct policy ( redirect1 ) with a different[...]

  • Página 349

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 349 Copying Filter Policies When changes are made to an ex isting filter policy, they are app lied immediately to all services where the policy is applied. If numerous changes are required, the policy ca n be copied so you can edit the “work in progress” versio n without affecting the[...]

  • Página 350

    Filter Management T asks Page 350 7750 SR OS R out er Configuration Guide[...]

  • Página 351

    Filter Policies 7750 SR OS R outer Conf igur ation Guide Page 351 Filter Command Reference Command Hierarchies • Log Commands on page 351 • IP Filter Policy Com mands on page 351 • IPv6 Filter Policy Commands on pag e 353 • MAC Filter Policy Commands on page 353 • Redirect Policy Confi guration Commands on page 355 • Generic Filter Comm[...]

  • Página 352

    Filter Command Reference Page 352 7750 SR OS R out er Configuration Guide — action [ dr op ] — action forward [ next-hop { ip-addr e ss | indirect ip- addr ess | interface ip-int-name }] — action forward [ red irect -po lic y policy-name ] — action forward [ sap sap-id | sdp s dp-id ] — action http-redir ect url —n o acti on — descrip[...]

  • Página 353

    Filter Policies 7750 SR OS R outer Conf igur ation Guide Page 353 IPv6 Filter Policy Commands config —f i l t e r — ipv6-filter ipv6-filter -id [ create ] — default-action { dr op | forward } — description description-string —n o description — entry entry-id [ time-range time-rang e-nam e] —n o entry entry-id — action { dr op | forw[...]

  • Página 354

    Filter Command Reference Page 354 7750 SR OS R out er Configuration Guide — default-action { dr op | forward } — ren um old-entry-id new-entry-id — scope { exclusi ve | template } —n o scope — entry entry-id [ time-range time-range-name ] —n o entry entry-id [ cr eate ] — description description-string —n o description — action [ [...]

  • Página 355

    Filter Policies 7750 SR OS R outer Conf igur ation Guide Page 355 Redirect Policy Conf iguration Commands —Redirect policy co mmands — red irec t-p oli cy redir ect-policy-name [create] —n o re direc t-p oli cy r edir ect-policy-name — description description-string —n o description — [ no ] shutdown — destination ip-address [create] [...]

  • Página 356

    Filter Command Reference Page 356 7750 SR OS R out er Configuration Guide Generic Filter Commands config —f i l t e r — copy ip-filter | i pv6-filter | mac-fi lter sr c-filter-id [ sr c-entry sr c-entry- id ] to dst-filt er-id [ dst-entry dst-entr y-id ] [ overwrite ] Show Commands show —f i l t e r — anti-spoof [ sap-id ] — download-fail[...]

  • Página 357

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 357 Configuration Commands Generic Commands description Synt ax description string no description Context config>filter>ip-filter config>filter>ip-filter>entry config>filter>ipv6-filter config>filter>log config>filter>mac-filter config>filter>mac-fil[...]

  • Página 358

    Page 358 7750 SR OS R out er Configuration Guide Global Filter Commands ip-filter Synt ax [ no ] ip-filter filter-id [ creat e ] Context config>filter Description This command creates a configurati on context for an IP filter policy . IP-filter policies specify either a forward or a drop action for packets based on the specified match criteria. [...]

  • Página 359

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 359 Context config>filter Description This command enables the cont ext for a MAC filter policy . The mac-filter policy specifies e ither a forward or a drop action fo r packets based on the specified match criteria. The mac-filter policy , sometimes referred to as an access control li[...]

  • Página 360

    Page 360 7750 SR OS R out er Configuration Guide Filter Log Destination Commands destination Synt ax destination memory num-entries destination syslog syslog-id no destination Context config>filter> log Description This command configures the destination for filter log en tries for the filter log ID. F il t e r l o g s c a n be s e nt t o e i[...]

  • Página 361

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 361 shutdown Synt ax [ no ] shut down Context config>filter>log config>filter>log>summary config>filter>redirect-policy config>filter>redirect-policy>destination Administratively enables/disabled (Admin Up/A dminDown) an entity . Downi ng an entity does not c[...]

  • Página 362

    Page 362 7750 SR OS R out er Configuration Guide Parameters dst-addr — Specifies that received log packets are summarized based on the destination IP , IPv6 or MAC address. src-addr — Specifies that rece ived log packets are summarized based on the source IP , IPv6 or MAC address. wrap-around Synt ax [ no ] wrap-around Context config>filter&[...]

  • Página 363

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 363 Filter Policy Commands default-action Synt ax default-action { drop | forward } Context config>filter>ip-filter config>filter>ipv6-filter config>filter>mac-filter Description This command specifies the action to be applied to packets when the p ackets do not match th[...]

  • Página 364

    Page 364 7750 SR OS R out er Configuration Guide General Filter Entry Commands entry Synt ax entry entry-id [ time-range tim e-range-name ] no entry entry-id Context config>filter> ip-filter config>filter>ipv6-filter config>filter>mac-filter Description This command creates or edits an IP , IPv6, or MAC filter entry . Mu ltiple en[...]

  • Página 365

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 365 The filter log ID must exist before a filter entry can be enabled to use the filter log ID. The no form of the command disables loggi ng fo r the filter entry . Default no log — no destination filter log ID specified Parameters log-id — The filter log ID destination expressed as a[...]

  • Página 366

    Page 366 7750 SR OS R out er Configuration Guide IP Filter Entry Commands action Synt ax action [ drop ] action forwar d [ next-hop { ip-address | indirect ip-addr ess | interface ip-in t-name }] action forwar d [ redirect-policy policy- name ] action forwar d [ sap sap-id | sdp s dp- id ] action ht tp-redirect url no action Context config>filte[...]

  • Página 367

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 367 frame [ port-id | bundle-id ]: dlci cisco-hdlc slot/mda/port.ch annel ima-grp bundle - id [: vpi/vci | vpi | vpi1 . vpi2 ] port-id slot/mda/port [. channel ] aps-id aps- gr oup-id [. channel ] aps keyword gr oup-id 1 — 16 bundle- type - slot/mda . bundle-num bundle keyword type ima,[...]

  • Página 368

    Page 368 7750 SR OS R out er Configuration Guide qtag1, qtag2 — Specifies the encapsulation value used to iden tify the SAP on the port or sub-port. If this parameter is not specificially defined, the default value is 0. Va l u e s qtag1: 0 — 409 4 qtag2 : * | 0 — 4094 sdp-id — The SDP identifier . Va l u e s 1 — 174 07 vc-id — The virt[...]

  • Página 369

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 369 Default no filter -sample interface-disable-sample Synt ax [ no ] interface-disa ble-sample Context config>filter>ip-filter>entry Description Specifies that traf fic matchi ng the associated IP filter entry is not sampled if the IP interface is set to cflowd interface mode. I[...]

  • Página 370

    Page 370 7750 SR OS R out er Configuration Guide igmp 2 Internet Group Managemen t ip 4 IP in IP (encapsulation) tcp 6 T ransmis sion Control egp 8 Exterior Gat eway Protoc ol igp 9 any private interior gateway (used by Cisco for their IGRP) udp 17 User Datagram rdp 27 Reliable Data Protocol ipv6 41 Ipv6 ipv6-route 4 3 Routing Header for IPv6 ipv6-[...]

  • Página 371

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 371 match Synt ax match [ next-header next-header ] no match Context config>filter>ipv6-filter >entry Description This command enables the context to enter match criteria for the filter entry . When the match criteria have been satisfied the action associated with the match crite[...]

  • Página 372

    Page 372 7750 SR OS R out er Configuration Guide MAC Filter Entry Commands action Synt ax action [d rop] action forwar d [ sap sap-id | sd p sd p-id ] action ht tp-redirect url no action Context config>filter> mac-filter>entry Description This command configures no action, drop or forward fo r a MAC filter entry . The action keyword must b[...]

  • Página 373

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 373 id 1 — 8 path-id a, b cc-type .sap-net, .net-sap] cc-id 0 — 4094 lag-id la g- id lag keyword id 1 — 200 q tag1 0 — 4094 qtag2 *, 0 — 4094 vpi NNI 0 — 4095 UNI 0 — 255 vci 1, 2, 5 — 65535 dlci 16 — 1022 port-id — Specifies the physical port ID in the slot/mda/port f[...]

  • Página 374

    Page 374 7750 SR OS R out er Configuration Guide http-redir ect url — Specifies the HTTP web ad dr ess that will b e sent to the user’ s browser . Va l u e s 255 characters maximum match Synt ax match [ frame-ty pe 80 2d o t3 | 802dot2-llc | 802dot2-snap | ethernet_II ] no match Context config>filter> mac-filter>entry Description This [...]

  • Página 375

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 375 IP Filter Match Criteria dscp Synt ax dscp dscp-name no dscp Context config>filter>ip-filter>entry > match config>filter>ipv6-filter>entry > ma tch Description This command configures a Diff Se rv Code Point (DSCP) name to be used as an IP filter match criterio[...]

  • Página 376

    Page 376 7750 SR OS R out er Configuration Guide Synt ax dst-ip [ ipv6-address / prefix-length ] no dst-ip Context config>filter>ipv6-f ilter>entry>match Description This command matches a destination IPv6 address. T o match on the destination IPv6 address, specify the address and prefix length, for example, 1 1::12/ 128. The no form of[...]

  • Página 377

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 377 fragment Synt ax fragment { true | false } no fragment Context config>filter>ip-filter>entry > match Description Configures fragmented or non-fragmented IP packets as an IP filter match criterion. The no form of the command removes the m a tch cri teri on. Default false Pa[...]

  • Página 378

    Page 378 7750 SR OS R out er Configuration Guide The no form of the command removes th e criterion from the match entry . Default no icmp-type — no match criterion for the ICMP type Parameters icmp-type — The ICMP type values that must be present to match. Va l u e s 0 — 255 ip-option Synt ax ip-option ip-option-value ip-option-mask no ip-opt[...]

  • Página 379

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 379 multiple-option Synt ax multiple-option { true | false } no multiple -option Context config>filter>ip-filter>entry > match Description This command configures matching p ackets that contain one or more th an one option fields in the IP header as an IP filter match criterio[...]

  • Página 380

    Page 380 7750 SR OS R out er Configuration Guide Default no src-ip — no source IP match criterion Parameters ip-addr ess — The IP prefix for the IP match criterion in dotted decimal notation. Va l u e s 0.0.0.0 — 255.255.255.255 mask — The subnet mask length express ed as a decimal integer . Va l u e s 0 — 32 netmask — Any mask epressed[...]

  • Página 381

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 381 Parameters lt | gt | eq — Specifies the operator to use relative to sr c-port-number for specifying the port number match criteria. lt specifies all port numbers less th an sr c-port-number match. gt specifies all port numbers greater than sr c-port-number match. eq specifies that s[...]

  • Página 382

    Page 382 7750 SR OS R out er Configuration Guide Default No match criterion for the SYN bit Description no tcp-syn Use the no form of this command to remove this as a criterion from the match entry . Default none Parameters true — Specifies matching on IP packets that have th e SYN bit set in the control bits of the TCP header . false — Specifi[...]

  • Página 383

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 383 MAC Filter Match Criteria dot1p Synt ax dot1p p-value [ mask ] no dot1p Context config>filter>mac-filter>entry Description Configur es an IEEE 802.1p value or r ange to be used as a MAC filter match criterion. When a frame is missing the 802.1p bits, specifying an dot1p match[...]

  • Página 384

    Page 384 7750 SR OS R out er Configuration Guide Description Configures an Ethernet 8 02.2 LLC DSAP valu e or range for a MAC filter match criterion. This is a one-byte field that is part of the 802 .2 LLC header of the IEEE 802.3 Ethernet Frame. The snap-pid field, etype field, ssa p and dsap fields are mutually excl usive and may not be part of t[...]

  • Página 385

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 385 This 48-bit mask can b e configured using the following fo rmats: T o configure so that all packets with a sour ce MAC OUI value of 00-0 3-F A are subject to a match condition then the entry should be specified as: 0003F A000000 0x0FFFFF000000 Default 0xFFFFFFFFFFFF (exact m atch) Va [...]

  • Página 386

    Page 386 7750 SR OS R out er Configuration Guide The no form of the command removes the criterion from the match criteria. Default none Parameters zero — Specifies to match packets wi th the three-byte OUI field in the SNAP-ID set to zero. non-zer o — Specifies to match packets with the three-byte OUI field in the SNAP-ID not set to zero. snap-[...]

  • Página 387

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 387 ieee-addr ess-mask — This 48-bit mask can b e configured using: T o configure so that all packets with a sour ce MAC OUI value of 00-0 3-F A are subject to a match condition then the entry should be specified as: 003F A00000 0 0xFFFFFF00 0000 Default 0xFFFFFFFFFFFF (exact m atch) Va[...]

  • Página 388

    Page 388 7750 SR OS R out er Configuration Guide Policy and Entry Maintenance Commands copy Synt ax copy { ip-filter | ipv6-f ilter | mac-filter } source-filter -id dest-filter-id dest-filter-id [ overwrite ] Context config>filter Description Copies existing filter list entries for a specific filter ID to another filter ID. The copy comman d is [...]

  • Página 389

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 389 Parameters old-entry-id — Enter the entry number of an existing entry . Va l u e s 1 — 65535 new-entry-id — Enter the new entry-numb er to be assigned to the old entry . Va l u e s 1 — 65535[...]

  • Página 390

    Page 390 7750 SR OS R out er Configuration Guide Redirect Policy Commands destination Synt ax [ no ] destination ip-address Context config>filter>redirect-policy Description This command defines a cache server destination in a redirect policy . More than one destination can be configured. Whether a destin ation IP address will receive redirec[...]

  • Página 391

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 391 hold-down seconds — The amount of time, in seconds, that the system should be held dow n if any of the test has marked it unreachable. Va l u e s 0 — 86400 interval Synt ax interval seconds no interval Context config>filter>destination >ping-test config>filter>desti[...]

  • Página 392

    Page 392 7750 SR OS R out er Configuration Guide Description Redirect policies can contain multiple destinations. Each destination is assi gned an initial or base priority which describes its relative importance within the policy . If more than one destination is specified, the destination with the highest effective prio rity value is selected. Def[...]

  • Página 393

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 393 within the specified range, the priority can be disabled, lowered or raised. Default none Parameters r eturn-value — Specifies the SNMP valu e against which the test result is matched. Va l u e s A maximum of 256 characters r eturn-type — Speci fies the SNMP object ty pe against w[...]

  • Página 394

    Page 394 7750 SR OS R out er Configuration Guide Parameters r eturn- code-1, r eturn-code-2 — Specifies a range of return codes. When the URL test return-code falls within the specifi ed rang e, the corresponding action is performed. Va l u e s re t u r n -c o d e - 1 : 1 — 4294967294 re t u r n- c o d e - 2 : 2 — 4294967295 disable — Speci[...]

  • Página 395

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 395 Show Commands anti-spoof Synt ax anti-spoof [ sap-id ] Context show>filter Description Displays anti-spoofing filter information. Parameters sap-id — When the sap-id is specified, it specifies th e physical port identifi er portion of the SAP definition. If not specified, all ant[...]

  • Página 396

    Show Command s Page 396 7750 SR OS R out er Configuration Guide Va l u e s null [port-id | bundle-id | lag-id | aps-id] dot1q [port-id | bundle-id | lag-id | aps-id]:qtag1 qinq [port-id | bundle-id | lag-id]:qtag1.qtag2 atm [port-id | aps-id][:vp i/vci|vpi|vpi1.vpi2] frame [ por t- id | aps-id]:dlci cisco-hdlc slot/mda/port .channel ima-grp [bundle[...]

  • Página 397

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 397 The values depends on the encapsulation type co nfigured for the interf ace. The following table describes the allowed values for the port and encapsulation types.. Output Anti-spoofing Output — The following table describes the output for the command. Sample Output A:ALA-48# show f[...]

  • Página 398

    Show Command s Page 398 7750 SR OS R out er Configuration Guide download-failed Synt ax download-failed Context show>filter Description This command shows all filter entries for which the download has fail ed. Output download-failed Output — The following table describes the filter download-failed output. Sample Output A:ALA-48# show filter do[...]

  • Página 399

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 399 Output Show Filter (no filter-id specified) — The following table describes th e command output for the command when no filter ID is specified. Sample Output A:ALA-49# show filter ip =============================================================================== IP Filters =========[...]

  • Página 400

    Show Command s Page 400 7750 SR OS R out er Configuration Guide Def. Action Forward — The default action for the filter ID for packets that do not match the filter entries is to forward. Drop — The default action for the filter ID for packets that do not match the filter entries is to drop. Filter Match Criteria IP — Indicates the filter is a[...]

  • Página 401

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 401 Sample Output A:ALA-49>config>filter# show filter ip 3 =============================================================================== IP Filter =============================================================================== Filter Id : 3 Applied : Yes Scope : Template Def. Acti[...]

  • Página 402

    Show Command s Page 402 7750 SR OS R out er Configuration Guide Output Show Filter (with time-range spec ified) — If a time-range is specified for a filter entry , it is displayed. A:ALA-49# show filter ip 10 =============================================================================== IP Filter =================================================[...]

  • Página 403

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 403 Applied No — The filter policy ID has not been applied. Yes — The filter policy ID is applied. Def. Action Forward — The default action for the filter ID for packets t hat do not match the f ilter entr ies is to for ward. Drop — The default action for the filter ID for packets[...]

  • Página 404

    Show Command s Page 404 7750 SR OS R out er Configuration Guide Sample Output A:ALA-49# show filter ip 1 associations =============================================================================== IP Filter =============================================================================== Match action Default — The filter does not have an explicit [...]

  • Página 405

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 405 Filter Id : 1 Applied : Yes Scope : Template Def. Action : Drop Entries : 1 ------------------------------------------------------------------------------- Filter Association : IP ------------------------------------------------------------------------------- Service Id : 1001 Type : [...]

  • Página 406

    Show Command s Page 406 7750 SR OS R out er Configuration Guide Sample Output A:ALA-49# show filter ip 3 counters =============================================================================== IP Filter : 100 =============================================================================== Filter Id : 3 Applied : Yes Scope : Template Def. Action : F[...]

  • Página 407

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 407 entry entry-id — Displays information on the specified IPv6 filter entry ID for the specified filter ID. Va l u e s 1 — 9999 associations — Appends information as to where the IPv6 filter policy ID is applied to the detailed filter policy ID out put. counters — Displays counte[...]

  • Página 408

    Show Command s Page 408 7750 SR OS R out er Configuration Guide Applied No — The filter policy ID has not been applied. Yes — The filter policy ID is applied. Def. Action Forward — The default action for the filter ID for packets that do not match the filter entries is to forward. Drop — The default action for the filter ID for packets that[...]

  • Página 409

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 409 Sample Output A:ALA-48# show filter ipv6 100 =============================================================================== Match action Default — The filter does not have an explicit forward or drop match action specified. If the filter entry ID indicates the entry is (Inactive) ,[...]

  • Página 410

    Show Command s Page 410 7750 SR OS R out er Configuration Guide IPv6 Filter =============================================================================== Filter Id : 100 Applied : Yes Scope : Template Def. Action : Forward Entries : 1 Description : test ------------------------------------------------------------------------------- Filter Match C[...]

  • Página 411

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 411 Entry The filter ID filt er entry ID. If the filter entr y ID indicates th e entry is (Inactive) , then the filter entry is inco mplete as no action has been specified. Log Id The filter log ID. Src. IP The source IP address and mask match criterion. 0.0.0.0/0 indicates no criterion s[...]

  • Página 412

    Show Command s Page 412 7750 SR OS R out er Configuration Guide Sample Output A:ALA-48# show filter ipv6 1 associations =============================================================================== IPv6 Filter =============================================================================== Filter Id : 1 Applied : Yes Scope : Template Def. Action :[...]

  • Página 413

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 413 A:ALA-48# Output Show Filter Counters — The following table describes th e output fields when the counters keyword is specified.. Sample Output A:ALA-48# show filter ipv6 100 counters =============================================================================== IPv6 Filter =======[...]

  • Página 414

    Show Command s Page 414 7750 SR OS R out er Configuration Guide log Syntax log log-id [ match string ] [ bindings ] Context show>filter Description Displays the contents of a memory-b ased or a file-based filter log. If the optional keyword match and string parameter are given, the comm and displays the given filter log from the first occurence [...]

  • Página 415

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 415 If the packet being logged does not have a source or destination MAC addre ss (i.e. , POS) then the MAC information output line is omitt ed from th e log entry . In case log summary is active, the filter log mini-tables contain the following information: Protocol The IP protocol of th[...]

  • Página 416

    Show Command s Page 416 7750 SR OS R out er Configuration Guide Sample Filter Log Output 2005/11/24 16:23:09 Filter: 100:100 Desc: Entry-100 Interface: to-ser1 Action: Forward Src MAC: 04-5b-01-01-00-02 Dst MAC: 04-5d-01-01-00-02 EtherType: 0800 Src IP: 10.10.0.1:646 Dst IP: 10.10.0.4:49509 Flags: TOS: c0 Protocol: TCP Flags: ACK 2005/11/24 16:23:1[...]

  • Página 417

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 417 Mac 8 06-06-06-06-06-06 Mac 8 06-06-06-06-06-05 Mac 8 06-06-06-06-06-04 Mac 8 06-06-06-06-06-03 Mac 8 06-06-06-06-06-02 Ip 16 6.6.6.1 Ip 16 6.6.6.2 Ip 16 6.6.6.3 Ip 16 6.6.6.4 Ip 8 6.6.6.5 Ipv6 8 3FE:1616:1616:1616:1616:1616:: Ipv6 8 3FE:1616:1616:1616:1616:1616:FFFF:FFFF Ipv6 8 3FE:1[...]

  • Página 418

    Show Command s Page 418 7750 SR OS R out er Configuration Guide Sample Output =============================================================================== Mac Filters =============================================================================== Filter-Id Scope Applied Description ----------------------------------------------------------------[...]

  • Página 419

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 419 Sample Det ailed Output =============================================================================== Mac Filter : 200 =============================================================================== Filter Id : 200 Applied : No Scope : Exclusive D. Action : Drop Description : Forwar[...]

  • Página 420

    Show Command s Page 420 7750 SR OS R out er Configuration Guide DSAP : Undefined SSAP : Undefined Snap-pid : Undefined ESnap-oui-zero : Undefined Match action: Forward Ing. Matches: 0 Egr. Matches : 0 Entry : 300 (Inactive) FrameType : Ethernet Description : Not Available Src Mac : 00:00:00:00:00:00 00:00:00:00:00:00 Dest Mac : 00:00:00:00:00:00 00[...]

  • Página 421

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 421 Filter Entry Counters Ou tput — When the counters keyword is specified, the filter entry output displays the filter matches/hit info rmation. The following table describes the command output for the command. Sample Output =============================================================[...]

  • Página 422

    Show Command s Page 422 7750 SR OS R out er Configuration Guide Entry : 200 FrameType : 802.2SNAP Ing. Matches: 0 Egr. Matches : 0 Entry : 300 (Inactive) FrameType : Ethernet Ing. Matches: 0 Egr. Matches : 0 =============================================================================== redirect-policy Synt ax redirect-policy { redire ct-policy-nam[...]

  • Página 423

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 423 Sample Output A:ALA-A>config>filter# show filter redirect-policy =============================================================================== Redirect Policies =============================================================================== Redirect Policy Applied Description [...]

  • Página 424

    Show Command s Page 424 7750 SR OS R out er Configuration Guide Destination : 10.10.10.105 ------------------------------------------------------------------------------- Description : another test Admin Priority : 95 Oper Priority: 105 Admin State : Up Oper State : Down Ping Test Interval : 1 Timeout : 30 Drop Count : 5 Hold Down : 0 Hold Remain :[...]

  • Página 425

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 425 Clear Commands ip Synt ax ip ip-filter-id [ entry entry-id ] [ ingress | egress ] Context clear>filter Description Clears the counters associated with the IP fi lt er policy . By default, all counters associated with the filter policy entries are reset. The scope of which coun ters[...]

  • Página 426

    Clear Commands Page 426 7750 SR OS R out er Configuration Guide log Syntax log log-id Context cle ar Description Clears the contents of a memory or file based filter log. This command has no effect on a syslog based filter log. Parameters log-id — The filter log ID destination expressed as a decimal integer . Va l u e s 101 — 199 mac Synt ax ma[...]

  • Página 427

    Filter Policies 7750 SR OS R outer Conf iguration Guide Page 427 Monitor Commands filter Synt ax filter ip ip-filter -id ent ry en try-id [ interval seconds ] [ repeat repeat ] [ absolute | rate ] Context monitor Description This command monitors the counters as sociated with the IP filter policy . Parameters ip-filter-id — The IP filter policy I[...]

  • Página 428

    Monitor Commands Page 428 7750 SR OS R out er Configuration Guide Default 5 seconds Va l u e s 3 — 60 rep ea t re pe a t — Co nfigures how many times the command is repeated. Default 10 Va l u e s 1 — 999 absolute — When the absolute keyword is specified, the raw stat istics are displayed, without pro- cessing. No calculations are performed[...]

  • Página 429

    7750 SR OS R outer Conf iguration Guide P age 429 Cflo wd In This Chapter This chapter provides inform ation to configure Cflowd. T opics in this chapter include: • Cflowd Overview on page 430 → Operation on page 431 → Cflowd Filter Matching on page 432 • Cflowd Configuration Process Overview on page 434 • Cflowd Configuration Co mpon ent[...]

  • Página 430

    Cflowd Overview Page 430 7750 SR OS Rout er Configur a tion Guide Cflowd Overview Cflowd is a tool used to sample IP traff ic data flows through a router . Cflowd enables traffic sampling and analysis by ISPs and network engineer s to support capacity planning, trends analysis, and characterization of workloads in a network service provider environ[...]

  • Página 431

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 431 Operation Figure 29 depicts the basic operat ion of the cflowd fe ature. This sample flow is only used to describe the basic steps that are performed. It is not intended to specify implementation. Figure 29: Ba sic Cflowd Steps 1. As a packet ingresses a port, a de cision is made to forward or[...]

  • Página 432

    Cflowd Overview Page 432 7750 SR OS Rout er Configur a tion Guide When a flow is exported from the cache, the collect ed data is sent to an external collector which maintains an accumulation of historical data flows that network operators can use to a nalyze traf fic patterns. Data is expo rted in one of tw o formats: • V ersion 5 (V5) — V5 gen[...]

  • Página 433

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 433 Figure 30 depicts V5 and V8 flow processing. Figure 30: V5 and V8 Flow Proces sing 1. As flows are exported from the active flow cache , the export format must be determined, either V5 or V8. 2. If the export format is V5, no further pr ocessing is performed a nd the flow data is accumulated t[...]

  • Página 434

    Cflowd Configurati on Process Overview Page 434 7750 SR OS Rout er Configur a tion Guide Cflowd Configuration Process Overview Figure 31 displays the process to co nfigure Cflowd parameters. Figure 31: Cflowd Configurat ion and Implement ation Flow TURN UP START CONFIGURE COLLECTOR(S) SPECIFY ROUTER INTE RFACE FOR COLLECTION ACL OR INTERFACE ENABLE[...]

  • Página 435

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 435 Cflowd Configuration Component s Figure 32 displays the major co mponents to configur e Cflowd parameters. Figure 32: Cflo wd Configurat ion Comp onent s • Active timeout — Specifies the time, in minu tes, before an active flow is removed from the active cache. • Inactive timeout — Spe[...]

  • Página 436

    Cflowd Configur ation Components Page 436 7750 SR OS Rout er Configur a tion Guide Figure 33 displays the co mponents to specify router inte rface cflowd parameters. Figure 33: Router Interface Cflowd Configuration Component s • Interface — A specific logical IP routing in terface in which cflowd parameters can be configured. • Cflowd ACL —[...]

  • Página 437

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 437 Configuration Notes This section describes cflowd caveats. • Cflowd is enabled globally . • At least one collector must be configured and enabled. • A cflowd option must be specified and enabled on a router interface. • Sampling can only b e enabled on either: → An IP filter which is[...]

  • Página 438

    Configuration Notes Page 438 7750 SR OS Rout er Configur a tion Guide Reference Sources For information on supported IETF drafts and sta ndards, as well as standard and proprietary MIBS, refer to Standard s an d Proto col Support on page 715 .[...]

  • Página 439

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 439 Configuring Cflowd with CLI This section provides informa tion to configure cflowd usi ng the command line interface. Topics in this section include: • Cflowd Configuration Overview on page 440 → T raf fic Sampling on page 440 → Collectors on page 441 → Aggregation on page 441 • Basi[...]

  • Página 440

    Page 440 7750 SR OS Rout er Configur a tion Guide Cflowd Configuration Overview The 7750 SR OS implementation of cflowd suppor ts the option to analyze traf fic flow . The imple - mentation also supports the use of traffic/access l ist (ACL) filters to limit the type of traffic that i s analyzed. T raffic blocked (dropped) by ACL f ilters is not se[...]

  • Página 441

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 441 W ithin the active flow cache, the following charac teristics are used to identify an individual flow: • Ingress interface • Source IP address • Destination IP address • Source transport port number • Destination transport port number • IP protocol type • IP TO S byte The 7750 SR[...]

  • Página 442

    Page 442 7750 SR OS Rout er Configur a tion Guide • Source-destin ation prefix — Flows are aggr egated based on source prefix and mask, destination prefix and mask, source and de stination AS, ingress interface and egress interface.[...]

  • Página 443

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 443 Cflowd CLI Command S tructure The 7750 SR OS cflowd command structure is displayed in Figure 35 . Cflowd configuration commands are located under the config>cflowd context and the show commands are under show>cflowd. Figure 35: Cflowd Command Structure CFLOWD CONFIG SHOW CFLOWD ACTIVE-TI[...]

  • Página 444

    Page 444 7750 SR OS Rout er Configur a tion Guide List of Commands Ta b l e 2 0 lists all the cflowd configuration commands indicating the configuration level at which each command is implemented with a short comm and description. The cflowd command list is or ganized in the following task -oriented manner: • Configure cflowd parameters • Confi[...]

  • Página 445

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 445 protocol-port Specifies that flows be aggregated based on the IP protocol, source port number, and destination port number. 467 raw Configures raw flow data to be sent in versio n 5. 467 source-destination- prefix Configures cflowd aggre gation based on source and destination prefixes. 468 sou[...]

  • Página 446

    Page 446 7750 SR OS Rout er Configur a tion Guide Basic Cflowd Configuration This section provides informatio n to configure cflowd and configura tion examples of common configuration tasks. In order to sample traffic, the minimal cflowd parameters that need to be configured are: • Cflowd must be enabled. • At least one collector must be config[...]

  • Página 447

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 447 Common Configuration T asks This section provides a brief overvi ew of the tasks that must be performed to configure cflowd and provides the CLI commands. In orde r to begin tra ffic flow sampling, cflowd must be enabled and at least one collector must be configured. Global Cflowd Component s [...]

  • Página 448

    Page 448 7750 SR OS Rout er Configur a tion Guide Configuring Cflowd Use the CLI syntax displayed belo w to perform the following tasks: • Enabling Cflowd on page 449 • Configuring Global Cflowd Parame ters on page 450 • Configuring Cflowd Collectors on pa ge 451 • Enabling Cflowd on Interfaces and Filters on page 453 CLI Syntax: config>[...]

  • Página 449

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 449 Enabling Cflowd Cflowd is disabled by defa ult. You must enter the no shutdown command to administratively enable traffic sampling. Use the following CLI synt ax to enable cflowd: CLI Syntax: config# cflowd no shutdown The following exam pl e displays the default valu es when cflowd is initial[...]

  • Página 450

    Page 450 7750 SR OS Rout er Configur a tion Guide Configuring Global Cflowd Parameters The following cflowd parameters apply to all instances where cflowd (traffic sampling) is enabled. Use the following CLI commands to configure cflowd parameters: CLI Syntax: config>cflowd# active-timeout minutes cache-size num-entries inactive-timeout seconds [...]

  • Página 451

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 451 Configuring Cflowd Collectors To configure cflowd collector parame ters, enter the fo llowing commands: CLI Syntax: config>cflowd# collector ip-address [: port ] aggregation as-matrix destination-prefix protocol-port raw source-destination-prefix source-prefix autonomous-system-type [ origi[...]

  • Página 452

    Page 452 7750 SR OS Rout er Configur a tion Guide The following example displa ys the basic cflowd configuration: ALA-1>config>cflowd# info ----------------------------------------- active-timeout 20 inactive-timeout 10 overflow 10 rate 100 collector 10.10.10.1:2000 aggregation as-matrix raw exit description " AS info collector " ex[...]

  • Página 453

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 453 Enabling Cflowd on Interfaces and Filters This section discusses the following cf low d configuration management tasks: • Dependencies on page 453 • Specifying Cflowd Op tions on an IP Interface on page 455 → Interface Configurations on p age 455 → Service Interfaces on page 456 • Sp[...]

  • Página 454

    Page 454 7750 SR OS Rout er Configur a tion Guide Table 21: Cflowd Conf iguration Dependen cies Interface Setting router>interface cflowd [ acl | interface ] Setting Command ip-filter entry Expected Result s IP-filter mode ACL filter-sampled Traffic matching is sampled at specified rate. IP-filter mode ACL no filter-sampled No traffic is sampled[...]

  • Página 455

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 455 S pecifying Cflowd Options on an IP Interface When cflowd is enabled on an interface, all p ackets forwarded by the interface are subject to analysis according to the global cflowd config uration and sorted according to the collector configuration(s). Refer to T able 21, Cflowd Configuration D[...]

  • Página 456

    Page 456 7750 SR OS Rout er Configur a tion Guide Service Interfaces CLI Syntax: config>service>vpls service-id # interface ip-int-name cflowd {acl|interface} When enabled on a service interface, cflowd collect s routed traffic flow samples through a router for analysis. Cflowd is supported on IES and VPRN services interfaces only. Layer 2 tr[...]

  • Página 457

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 457 S pecifying Sampling Options in Filter Entries Packets are matched against filter entries to dete rmine acceptability. With cflowd, only the first packet of a flow is compared. If the first packet ma tches the filter criteria, then an entry is added to the cflowd cache. Subseq uent packets in [...]

  • Página 458

    Page 458 7750 SR OS Rout er Configur a tion Guide Cflowd Configuration Management T asks This section discusses the following cf low d configuration management tasks: • Modifying Global Cflowd Components on page 459 • Modifying Cflowd Collector Parameters on p age 460 Use the following CLI syntax to modify cflowd parameters. CLI Syntax: config&[...]

  • Página 459

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 459 Modifying Global Cflowd Component s Cflowd parameter modifications apply to all instan ces where cflowd or tra ffic sampling is enabled. Changes are applied imm ediately. Use the following cflowd commands to modify global cflowd parameters: CLI Syntax: config>cflowd# active-timeout minutes [...]

  • Página 460

    Page 460 7750 SR OS Rout er Configur a tion Guide Modifying Cflowd Collector Parameters Use the following commands to modify cflowd collector and aggregation parameters: CLI Syntax: config>cflowd# [no] collector ip-address [: port ] [no] aggregation [no] as-matrix [no] destination-prefix [no] protocol-port [no] raw [no] source-destination-prefix[...]

  • Página 461

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 461 The following example displa ys the basic cflowd modifications: ALA-1>config>cflowd# info ----------------------------------------- active-timeout 60 overflow 2 rate 10 collector 10.10.10.1:2000 description "AS info collector" exit collector 10.10.10.2:5000 aggregation source-p[...]

  • Página 462

    Page 462 7750 SR OS Rout er Configur a tion Guide[...]

  • Página 463

    Cflowd 7750 SR OS R outer Conf igur ation Guide Page 463 Cflowd Command Reference Command Hierarchies Configuration Commands config — [ no ] cflowd — active-timeout minutes —n o active-timeout — cache-si ze num-entries —n o cache-si ze — [ no ] collector ip-addr ess [: port ] — [ no ] aggregation — [ no ] as-matrix — [ no ] destin[...]

  • Página 464

    Cflowd Command Reference Page 464 7750 SR OS R o ut er Configuration Guide[...]

  • Página 465

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 465 Cflowd Configuration Commands Global Commands cflowd Synt ax [ no ] cflowd Context config>cflowd Description This command creates the context to configure cflowd. The interface can be s et to either sample all packets (interface mode) or sample only packets matching an IP filter with an act[...]

  • Página 466

    Cflowd Configuration Commands Page 466 7750 SR OS R out er Configuration Guide cache-size Synt ax cache-size num-e ntries no cache-size Context conf ig>cflo wd Description This command specifies th e maximum number of acti ve flows to maintain in the flow cache table. The no form of this command resets the number of active entrie s back to the d[...]

  • Página 467

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 467 as-matrix Synt ax [ no ] as-matrix Context config>cflowd>collector>agg regation Description This command specifies that the aggregation data should be based on autonomous system (AS) information. An AS matrix contains packet an d byte counters for traf fic from either source- destinat[...]

  • Página 468

    Cflowd Configuration Commands Page 468 7750 SR OS R out er Configuration Guide source-destination-prefix Synt ax [ no ] source-d estination-pref ix Context config>cflo wd>collector>aggrega tion Description This command configures cflo wd aggregation based on source and destination prefixes. The no form of this command removes this type of [...]

  • Página 469

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 469 Default No description is associated with the configuration context. Parameters description-string — The description character string. Allo wed values are any string up to 80 charac- ters long composed of printable, 7-bit ASCII char acters. If the string co ntains special characters (#, $, s[...]

  • Página 470

    Cflowd Configuration Commands Page 470 7750 SR OS R out er Configuration Guide overflow Synt ax overflow percent no overflow Context conf ig>cflo wd Description This command specifies the per centage of the flow cache entr ies removed when the maximum number of entries is exceeded. The entries removed ar e the entries that have not been updated [...]

  • Página 471

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 471 Show Commands collector Syntax co llector [ ip-addr [ : po rt ]] [ det ail ] Context show>cflowd Description This command displays administra tive and operational status of data collector configuration. Parameters ip-addr — Display only inform ation about the specified collector IP addres[...]

  • Página 472

    Show Command s Page 472 7750 SR OS R o ut er Configuration Guide Sample Output ALA-1# show cflowd collector 10.10.10.103:5 ========================================================================= Cflowd Collectors ========================================================================= Host Address Port AS Type Admin Oper Recs Sent --------------[...]

  • Página 473

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 473 ALA-1# show cflowd collector 10.10.10.103:5 detail =============================================================== Cflowd Collectors =============================================================== Address : 10.10.10.103 Port : 5 Description : Not Available AS Type : origin Admin State : up Ope[...]

  • Página 474

    Show Command s Page 474 7750 SR OS R o ut er Configuration Guide Output cflowd Interface Ou tput — The following table describes th e show cflowd interface output fields. Sample Output B:sr-002# show cflowd interface =============================================================================== Cflowd Interfaces =================================[...]

  • Página 475

    Cflowd 7750 SR OS R outer Conf iguration Guide Page 475 Sample Output ALA-1>show>cflowd# status ==================================================== Cflowd Status ==================================================== Cflowd Admin Status : Enabled Cflowd Oper Status : Disabled Active Timeout : 30 minutes Inactive Timeout : 15 seconds Cache Size[...]

  • Página 476

    Clear Commands Page 476 7750 SR OS R o ut er Configuration Guide Clear Commands cflowd Syntax cflowd Context clear Description Clears the active and aggregation flow caches which are sending flow data to the configured collec- tors. This action will trigger all the flows to be exported to the collector(s). The caches restart flow data collection fr[...]

  • Página 477

    Standar ds and Protocols Page 715 Standar ds and Pr otocol Suppor t St andards Compliance IEEE 802.1d Bridging IEEE 802.1p/Q VLAN T a gging IEEE 802.1s Multiple Spanning T ree IEEE 802.1w Rapid Spanning T ree Protocol IEEE 802.1x Port Based Network Access Control IEEE 802.3 10BaseT IEEE 802.3ad Link Aggregation IEEE 802.3ae 10Gbps Ethernet IEEE 802[...]

  • Página 478

    S tandards and Protocols Page 716 Standard s and Pr otocols RFC 4644 T ransmission of IPv6 Packets over Ethernet Networks RFC 2529 T ransmission of IPv6 over IPv4 Domains wit hout Explicit T unnels RFC 2545 Use of BGP-4 Multi- protocol Extension for IPv6 Inter-Domain Routing RFC 2740 OSPF for IPv6 RFC 3587 IPv6 Global Unicast Address Format RFC 400[...]

  • Página 479

    S tandards and Protocols Standar ds and Protocols Page 717 VPLS draft-ietf-l2vpn-vpls-ldp-08.txtVirtual Private LAN Services Usi ng LDP PSEUDO-WIRE RFC 3985 Pseudo Wire Emulation Edge-to-Edge (PWE3) RFC 4385 Pseudo Wire Emulation Edge-to-Edge (PWE3) Control W ord for Use over an MPLS PSN RFC 3916 Requirements for Pseudo- W ire Emulation Edge-to-Edg[...]

  • Página 480

    S tandards and Protocols Page 718 Standard s and Pr otocols TIMETRA-VRTR-MIB.mib[...]

  • Página 481

    7750 SR OS R outer Conf igur ation Guide Page 481 Inde x C Cflowd overview 430 collectors 430 filter matching 432 operation 431 V5 and V8 flow processing 43 3 configuring basic 446 collectors 441 , 451 enabling 449 global parameters 450 interfaces and filters 453 IP interfaces 455 overview 440 sampling options 45 7 traffic sampling 440 management t[...]

  • Página 482

    Index Page 482 7750 SR OS R out er Configuration Guide V VRRP overview 170 components 171 IP address owner 171 IP addresses 17 2 owner and non-owner 173 virtual router 171 virtual router backup 173 virtual router master 172 VRID 174 configuring basic 204 command reference 223 IES parameters 21 1 non-owner 212 owner 214 management tasks 219 overview[...]