D-Link DI-3660 [334/506] Tacacs

For example when deleting a configured static route please select the u option at prompt after inputting the ip command and then select route option finally input the parameter values of the route that you are about to delete 1 7 savi ng conf i gurat i on 13

Configure system monitor status 14

Fi l e syst em command 14

Fi l e syst em commands 14

Zmodem successfully receive 36 blocks 18370 bytes monitor 15

Conf i gure et hernet i p address 16

Conf i gure the def aul t rout e 16

Manual l y boot from a fi l e 16

Test net work connect i on by pi ng 16

Interface configuration 17

Overview 17

I nt roduct i on of i nt erf ace conf i gurat i on 18

Configure public configuration of interface 19

Introduction of sub interface 19

Close and restart interface 22

Initialize and delete interface 22

Configuring interface 23

U undo d default q quit 00 full force full duplex operation 01 half force half duplex operation please input the code of command to be excute 0 1 input 1 choose the item half can set it into half duplex mode input 0 choose the item full can set it into full duplex mode input d or d it will come back to default settings 25

Configuring e1 interface 28

Clock external configure operation mode of e1 interface as dte that use synchronous signal of line 30

Clock internal configure operation mode of e1 interface as dce that use internal synchronous signal of chip 30

Command function 30

Configure line code decode format of e1 interface as hdb3 30

Configuring line clock of e1 interface if e1 interface is operated as synchronous interface two operation modes available for e1 that is of dte and dce it is need to choose line clock while two routers straight connected with e1 interfaces the two ports must be operated with dte and dce separately while router connects with exchange through e1 interface dce for exchange and dte for e1 interface of router default operation mode of e1 interface is dte 30

Configuring line code decode format of e1 interface there are two formats of line code decode supported by e1 interface ami and hdb3 default setting is hdb3 30

Configuring loopback transmission mode of e1 interface while in the mode of remot loop back transmission the message that received through the port will be return by e1 through the sending channel 30

Line code ami configure line code decode format of e1 interface as ami 30

Line code undo or line code hdb3 30

Loop undo cancel the setting of remote loop back 30

Loopback local configure the operation mode of e1 as remote loop back 30

Bri is a kind of isdn interface which consists of a single d channel plus 2 b channels the d channel is used to set up b channels and signal alternation channel of the interface b channels are used to transfer data 33

Command function 33

Conf i gur at i on of bri i nt er f ace 33

Configure dtu interface 33

Configure the bri interface 33

Configure the dtu interface 33

Desi gnat i ng dtu i nt er f ace 33

Enter the isdn bri interface 33

I nt r oduct i on of bri i nt er f ace 33

Slot is the slot number of bri controller group is the link number bri controller 33

This command is used to set up a main workgroup and assign timeslots for the main workgroup all the timeslots can be assigned to b channel except 0 and 16 each timeslot is a correspondence of a b channel while each b channel is also a correspondence of a virtual 64k connection according to the protocol encapsulated by d channel you can t configure the d channel until you have set up a main workgroup and assigned timeslots for b channels the configurative method of entering the d channel is int serial slot port 15 after you enter the d channel 33

This section describes how to configure the dtu interface 1750 2620 and 2630 series router support dtu interface detailed configurative steps are given below 33

To configure the bri interface you must under the isdn bri configurative mode firstly 33

You can encapsulate protocol set dial up group and set the dial up mapping of peer 33

You can input the following command in global configurative mode to enter the dtu interface configurative mode 33

128000 64000 default 34

Choose the item 26 of the interface paramter prompt it will display 34

Command function 34

Conf i gur i ng dtu i nt er f ace s l i nemode 34

Conf i gur i ng speed of t he dtu i nt er f ace 34

Configuring the modem interface 34

Linemode lt set the dtu interface working in lt mode 34

Linemode nt set the dtu interface working in nt mode 34

Physical layer speed speed designate the interface speed 34

Speed specification 34

This section describes how to configure the modem interface it includes desi gnat i ng modem i nt er f ace 34

You can input the following command in the global configurative mode to enter the modem interface configurative mode 34

How t o connect wi t h v 92 modem or t hose t hat doesn t suppor t v 42bi s 35

Input the command interface it will prompt 36

Command 1 37

Conf i gur i ng vi r t ual t empl at e and vi r t ual access i nt er f ace 37

Conf i gur e t he tunnel i nt er f ace 38

Example of interface configuring 39

Configuring snmp list 40

Exampl e of bri i nt er f ace conf i gur i ng 40

Exampl e of pri i nt er f ace conf i gur i ng 40

Change the parameter of trap running 43

Cdp def aul t conf i gurat i on 45

Configuring the cdp 45

Set the cdp message interval and holdtime 46

23 pdp pdp configuration commands 24 physical layer configure physical layer parameters please input the code of command to be excute 0 32 23 key word u undo d default q quit 00 enable enable pdp on interface please input the code of command to be excute 0 0 0 47

Enable cdp function 47

Exampl e 1 47

Exampl e of cdp conf i gur at i on 47

Moni t or i ng and managi ng cdp 47

Pl ease i nput t he code of command t o be excut e 0 1 0 wi l l you excut e i t y n y 47

Show all the neighbor detected by cdp 47

Show the traffic of cdp packet transmitted or received by router 47

Directory of vty configuration 48

In this configuration the straight back to back cable connected with s1 0 port if the connection is remote access through modem line dial should be configured before the command config async mode interactive example of vty configuration all the limitation of vty screen output lines will be canceled by following configuration prompt more will disappear 50

Number of l i nes on screen 0 f or no pausi ng pl ease i nput t he code of command t o be excut e 0 0 0 pl ease i nput a di gi t al number 40 input number of l i nes wi l l you excut e i t y n y 50

Cd config enter the global configurative mode 51

Configuring rmon this chapter describes how to configure the rmon monitoring function on the d link router configure rmon alarm function user can configure the rmon alarm function through the command line or snmp network management application if you configure it through the snmp network management application you should also configure the snmp of router after enabling the alarm function the device can monitoring some statistics of the system the steps of configuring rmon alarm function is listed below 51

F unct i on 51

Step command 51

Absolute is used to monitor the value of mib object directly delta is used to monitor the change of mib object value between two sample 52

Add a rmon alarm item 52

Cd back to management mode 52

Eventnumber falling threshold value 52

Eventnumber owner 52

Index is the index of the items range from 1 to 65535 52

Interval absolute delta rising threshold value 52

Interval is the time interval of sample count in seconds its range is 1 4294967295 52

Owner string can be used to describe some descriptive message of the alarm 52

Rmon alarm index variable 52

String 52

Value is used to remark the limitation of creating an alarm the corresponding eventnumber represent the index of events which will occur when the limitation is meet 52

Variable the object under monitoring of the mib it must be a useful mib object of the system and only those objects with the types of integer counter gauge or timeticks can be detected 52

Write save the configuration 52

After configuring an item of alarm device will get the oid value designated by variable every interval seconds and compare the value with former one according to the alarm type absolute or delta if the current value is larger and exceed the limitation designated by the rising threshold the event whose index is eventnumber will be induced if the eventnumber is 0 or the event table doesn t has an event whose index is eventnumber the event will not be induced vice versa if the oid designated by variable can not be get the alarm table status of this line will be set as invalid when the command rmon alarm is used many times to configure the same index of alarm item only the parameters of last time is available you can use the command no rmon alarm index to delete the alarm table whose index is index 53

Cd config enter the global configurative mode 53

Conf i gur i ng t he rmon event f unct i on 53

Step command function 53

The steps of configuring the rmon event are listed below 53

Add a rmon event table 54

Cd back to management mode 54

Community is the group name 54

Description is the descriptive information of the event 54

Description string log 54

Index is the index of the items its range is 1 65535 54

Log means that a log message will be added to the log table whenever the event is induced 54

Of the event 54

Owner string 54

Owner string can be used to describe some descriptive message 54

Rmon event index 54

Trap community 54

Trap means that a trap is generated when the event is induced 54

Write save the configuration 54

After your configuring the rmon event when the rmon alarm is induced the evenlasttimesent region of the event item will be updated as the current sysuptime firstly if the event is configured with log attribute a message will be added into the log table if the event is configured with trap attribute then a trap will be send while the group name is community when the command rmon event is used many times to configure the same index of event item only the parameters of last time is available you can use the command no rmon event index to delete the event table whose index is index 55

Cd back to global configurative mode 55

Cd back to management mode 55

Cd config enter the global configurative mode 55

Conf i gur i ng col l ect i on f unct i on of t he rmon 55

Enabl e t he col l ect i on f unct i on of t he i nt erf ace 55

Ifid is id of the interface 55

Iftype is the type of the interface 55

Index is index of the collection items 55

Interface iftype ifid enter the interface configurative mode 55

Owner string is used to describe some descriptive message of the collection items 55

Rmon collection group is used to monitoring the statistic information of each port the configuration steps of rmon collection function are given below 55

Rmon collection stat index owner string 55

Step command function 55

Write save the configuration 55

Configuring the rmon history function 56

After being added a history table the device will get a collection from the designated interface every second seconds and add the result as an item to the ethernet history record table when the command rmon collection history index is used 58

Alarm means that it will show the alarm items 58

Command function 58

Di spl ay t he rmon conf i gur at i on 58

Event means that it will show the event items and items included in the log table which is created because of the event being induced 58

History means that it will show the history items and the statistics acquired from the interface during some given time intervals 58

Many times to configure an item with the same index only the parameters of last time is available you can use the command no rmon history index to delete the history item whose index is index note that it will occupy system resources if the bucket number is too large or the interval second is two small 58

Show rmon alarm event statistics history display the configurative information of rmon 58

Statistics means that it will show the statistic items and the statistics acquired from the interface 58

You can use the command show to display the rmon configuration of the router 58

Wans configuration 59

Configuration task list 61

Enable frame relay encapsulation on interface 62

Encapsulation method command no is use for delete ports which include configuration of subinterface frame relay encapsulating protocol 62

Encapsulation undo frame relay enable frame relay and specify the 62

Frame relay configuration task 62

Interface type number specify the interface and enter interface configuration mode 62

Setp command task 62

There are required basic steps you must follow to enable frame relay for your network in addition you can customize frame relay for your particular network needs and monitor frame relay connections the following sections outline these tasks required configuration encapsulate frame relay on interface configure dynamic or static address mapping following are optional configurations these configurations can be modified by the requirement of application configure lmi customerize configuration of network monitor and maintain the frame relay connection see the frame relay configuration example section at the end of this chapter for ideas of how to configure frame relay see the wan commands chapter for information about the frame relay commands 62

To set frame relay encapsulation perform the following tasks beginning in interface configuration mode 62

A static map links a specified next hop protocol address to a specified dlci static mapping removes the need for inverse arp requests when you supply a static map inverse arp is automatically disabled for the specified protocol on the specified dlci 63

Command task 63

Configure dynamic mapping 63

Configure static mapping 63

Configuring dynamic or static address mapping 63

Delete specify 63

Dynamic address mapping uses frame relay inverse arp to request the next hop protocol address for a specific connection given its known dlci responses to inverse arp requests are entered in an address to dlci mapping table on the router the table is then used to supply the next hop protocol address or the dlci for outgoing traffic 63

Frame relay undo map ip address pvc dlci broadcast 63

Inverse arp is enabled by default for all protocols it supports you can explicitly enable inverse arp if the protocol is supported on the other end of the connection see the disable or reenable frame relay inverse arp section later in this chapter for more information 63

Inverse arp is opened to all protocols of all enabled network interfaces by default certainly if the physical interface is disabled the data packet cannot be transmitted and all inverse arp are unavailable because inverse arp is enabled by default for all protocols that it supports no additional command is required to configure dynamic mapping on an interface 63

Note there is two kinds of encapsulation of cisco router the default cisco mode and the ietf rfc 1490 mode d link router is able to automatic identify and dynamic adapt these two kinds of encapsulations 63

Will you excute it y n y 63

You must configure static mapping if the router at the other end does not support inverse arp of frame relay to configure static mapping perform the following map command in interface configuration mode 63

Exit quit the configuration mode 64

Frame relay undo lmi type ansi bcisco q933a 64

If the router is attached to a public data network pdn the lmi type must match the type used on the public network otherwise you can select an lmi type to suit the needs of your private frame relay network 64

See the static frame relay configuration example at the end of this chapter for more information about examples of static frame relay configuration 64

Set the lmi type 64

Set the lmi type command no is use for restore the default configuration of lmi type 64

Setp command task 64

Straight configure the lmi 64

The frame relay software supports the industry accepted standards of the local management interface lmi to configure the lmi complete the steps in the following sections the step in the first is required 64

Write write the configuration 64

You can be greatly simplifying the configuration for the open shortest path first ospf protocol by adding the optional broadcast keyword when doing this task 64

You can set following three types of lmis on router ansi t1 17 annex d group of four rev 1 and itu t q 33 annex a of couse the lmi can be setted as none to do so perform the following command in interface configuration mode 64

After the frame relay encapsulating completed the default lmi type is autosense this type is lmi of former 3000 series 65

Command task 65

For an example of how to set the lmi type see the pure frame relay dce example section later in this chapter 65

Frame relay n391 number set a full status polling interval timer 65

Frame relay n392 number set the error threshold counter 65

Frame relay n393 number set the monitored event counter 65

Frame relay t391 seconds 65

Frame relay t392 seconds 65

Set the polling intervals and timer 65

Will you excute it y n y 65

You can set various optional counters intervals and thresholds to fine tune the operation of your lmi dte and dce devices by performing the following commands 65

Command task 66

Configure a frame relay supported dte device dce switch or nni interface 66

Configure frame relay switching 66

Figure 2 frame relay switched network in figure 2 routers a b and c are frame relay dtes connected to each other via a frame relay network our implementation of frame relay switching allows our routers to be used as depicted in this frame relay network configure frame relay switching by following steps configure a frame relay supported dte device dce switch or nni interfacet configure the static route 66

Frame relay intf type dce dte nni configure an interface type that supported by frame relay switch 66

Frame relay switching is a means of switching packets based upon the dlci which can be looked upon as the frame relay equivalent of a mac address the switching is performed by configuring your router as a frame relay network there are two parts to a frame relay network a frame relay dte the router and a frame relay dce switch figure 2 illustrates this concept 66

See the correlative contents in wan commands reference chapter for details about commands used to set the polling and timing intervals 66

You can configure the dte device dce or nni interface dte is the default that supported by frame relay switch to do so perform the following command in global configuration mode 66

Command task 67

For an example of how to configure a dte device or dce switch see the section hybrid dte dce pvc switching example later in this chapter for an example of how to configure nni support see the section example of configuration about dce interface supported frame relay switch later in this chapter 67

Frswitch undo in port in dlci out port out dlci delete configurestatic route of pvc 67

Perform the following command in interface configuration mode to specify the route for pvc switching 67

Specify the static route 67

Will you excute it y n y 67

Command task 68

Configure frame relay subinterfaces 68

Disable or reenable frame relay inverse arp 68

For an example of how to specify a static route see the section example of configure frame relay switch later in this chapter 68

Frame relay inverse arp enable inverse arp of frame relay 68

Frame relay inverse arp is a method of searching dlci protocol address in frame relay networks inverse arp creates dynamic address mappings as contrasted with the frame relay map command which build static mappings see the section configure dynamic or static address mapping earlier in this chapter for more information inverse arp is enabled by default disable or reenable inverse arp in the following conditions disable inverse arp for a selected protocol and dlci pair when you know that the protocol is not supported on the other end of the connection reenable inverse arp for a protocol and dlci pair if equipment change and the protocol is then supported on the other end of the connection to enable or disable inverse arp perform the following command in interface configuration mode 68

Frame relay undo inverse arp disable inverse arp of frame relay 68

Please see the connect the frame relay subinterface for connect and define the frame relay subinterface perform the following configuring for difine the frame relay subinterface define frame relay subinterface specify the subinterface address please see the subinterface configuration example at the end of this chapter for examples of define the subinterface configuration 68

Sub interface supports multiple logic interface or network interconnection on a physical interface that is it can associated multiple logic interfaces with a physical interface the logic ones share the parameters of physical interface though each has its parameters of data link layer and network layer of the iso 7 layered architecture frame relay subinterfaces provide a mechanism for supporting partially meshed frame relay networks most 68

Understand frame relay subinterfaces 68

Will you excute it y n y 68

Define frame relay subinterfaces 69

Encapsulation frame relay configure frame relay encapsulation on the serial interface 69

Interface type number specify an interface 69

Interface type number subinterface number multipoint point to point specify a subinterface 69

Protocols assume transitivity on a logical network that is if station a can talk to station b and station b can talk to station c then station a should be able to talk to station c directly transitivity is true on lans but not on frame relay networks unless a is directly connected to c configuring frame relay subinterfaces ensures that a single physical interface is treated as multiple virtual interfaces this capability allows us to overcome split horizon rules packets received on one virtual interface can now be forwarded out another virtual interface even if they are configured on the same physical interface sub interfaces address the limitations of frame relay networks by providing a way to subdivide a partially meshed frame relay network into a number of smaller fully meshed or point to point sub networks each sub network is assigned its own network number and appears to the protocols as if it is reachable through a separate interface user can configure the following items on the w 69

Setp command task 69

To configure subinterfaces on a frame relay network perform the following command in global configuration mode 69

Command purpose 70

Configure dlci 70

For frame relay subinterface the particular subinterface dlci value can be configured by set frame relay local dlci command if the main interface work in the dce mode the target end can be dynamic resolve through reverse arp or static mapping by map command 70

Frame relay undo local dlci dlci cir speed delete specifydlci of subinterface 70

Specify subinterface address 70

Subinterfaces can be configured for multipoint or point to point communication there is no default 70

Use following command to configure dlci value of subinterface 70

Encapsulation examples 72

Frame relay configuration examples 72

Frame relay switching examples 72

If you want to show the message of frame relay mapping or switching 72

Static address mapping examples 72

The first example that follows sets frame relay encapsulation at the interface encapsulation frame relay frame relay map 131 08 23 pvc 48 frame relay map 131 08 23 pvc 49 broadcast 72

The following sections provide examples of how to configure static mapping router 1 interface s1 0 ip address 131 08 4 255 55 55 encapsulation frame relay frame relay intf type dce frame relay local_dlci 43 frame relay map 131 08 4 pvc 43 router 2 interface s1 0 ip address 131 08 4 255 55 55 encapsulation frame relay frame relay map 131 08 4 pvc 43 72

The following sections provide several examples of configuring one or more routers as frame relay switches pvc switching configuration example in this example one router has two interfaces configured as dces the router switches frames from the incoming 72

This section provides examples of frame relay configurations it includes the following sections 72

Command function lapb parameter values or ranges default 77

Lapb modulo and lapb k the lapb modulo determines the operating mode modulo 8 basic mode is widely available because it is required for all standard lapb implementations and is sufficient for most links modulo 128 extended mode can achieve greater throughput on high speed links that have a low error rate some satellite links for example by increasing the number of frames that can be transmitted before waiting for acknowledgment as configured by the lapb window parameter k by its design lapb s k parameter can be at most one less than the operating modulo modulo 8 links can typically send seven frames before an acknowledgment must be received modulo 128 links can set k to a value as large as 127 by default lapb links use the basic mode with a window whose size is 7 77

Lapb n1 when connecting to an x 5 network use the n1 parameter value set by the network administrator this value is the maximum number of bits in a lapb frame which determines the maximum size of an x 5 packet when you are using lapb over leased lines the n1 parameter should be eight times the hardware maximum transmission unit mtu size plus any protocol overhead default value is highly recommended 77

Minus 1 frames 7 77

Table 1 lapb parameters 77

X25 k window size set the window size k 2 modulo 77

X25 mod modulus set the modulo 8 or 128 8 77

X25 n1 bytes set the maximum bits per frame n1 137 1512 1500 77

X25 n2 tries set the counter for sending frame n2 1 255 times 16 77

X25 t1 seconds set the retransmittion timer t1 1 64 sec 3 77

X25 t2 seconds set the hardware outage period t2 1 32 sec 0 77

Command 78

Configure an x 5 interface to configure an x 5 interface perform the tasks in the following sections 78

Encapsulate the x 5 78

Encapsulating the x 5 protocol 78

Encapsulation x25 encapsulate x 5 78

Lapb t2 the value of t2 of dte can be different from that of dce however they should inform each other if the t2 timer is expired the dte or dce must send a confirmation frame to the dte or dce of the partner before the partner s t1 timer expired for leased line circuits the t1 timer setting is critical because the design of lapb assumes that a frame has been lost if it is not acknowledged within period t1 the timer setting must be large enough to permit a maximum sized frame to complete one round trip on the link if the timer setting is too small the software will poll before the acknowledgment frame can return which may result in duplicated frames and severe protocol problems if the timer setting is too large the software waits longer than necessary before requesting an acknowledgment which reduces bandwidth for the examples of configuring the lapb t1 timer refer to typical lapb configuration examples 78

Set the default flow control values 78

Set the virtual circuit ranges 78

Set the x 21 address 78

Set the x 5 mode 78

These tasks describe the parameters that are essential for correct x 5 behavior the first task is required the others might be required or optional depending on what the router is expected to do and on the x 5 network 78

To configure x 5 complete the tasks in one or more of the following sections depending upon the x 5 application or task required for your network the interface datagram transport and routing tasks are divided into sections based generally on how common the feature is and how often it is used those features and parameters that are relatively uncommon are found in the additional sections lapb frame parameters can be modified to optimize x 5 operation as described earlier in this chapter default parameters are provided for x 5 operation however you can change the settings to meet the needs of your x 5 network or as defined by your x 5 service supplier d link also provides additional configuration settings to optimize your x 5 usage note if you connect a router to an x 5 network use the parameters set by your network administrator for the connection these parameters will typically be those described in the configure an x 5 interface and modify lapb protocol parameters sections also note th 78

User must encapsulate the x 5 protocol in the interface configuration mode before configuring the x 5 78

X 5 configuration task list 78

A router using x 5 level 3 encapsulation can act as a dte or dce protocol device according to the needs of your x 5 service supplier to configure the mode of operation and one of these encapsulation types for a specified interface perform the following task in interface configuration mode 79

Command function 79

For an example of configuring x 5 dte operation see the section typical x 5 configuration example later in this chapter 79

Set the virtual circuit ranges 79

The x 5 protocol maintains multiple connections over one physical link between a dte and a dce these connections are called virtual circuits or logical channels lcs x 5 can maintain up to 4095 virtual circuits numbered 1 through 4095 you identify an individual virtual circuit by giving its logical channel identifier lci or virtual circuit number vcn many documents use the terms virtual circuit and lc vcn lcn and lci interchangeably each of these terms refers to the virtual circuit number an important part of x 5 operation is the range of virtual circuit numbers virtual circuit numbers are broken into two ranges listed here in numerically increasing order 1 permanent virtual circuits pvc 2 switched virtual circuits svc the switched virtual circuit svc can be established by the placement of an x 5 call much like a telephone network establishes a switched voice circuit when a call is placed note the itu t recommendation x 5 defines incoming and outgoing in relation to the dte or dce inter 79

Wi l l you excut e i t y n y set the x 5 mode 79

X25 interface dte dce set the x 5 mode 79

1024 0 80

4095 1024 80

Command function range default 80

Command task 80

If your router does not originate or terminate calls but only participates in x 5 switching this task is optional however if the router is attached to a pdn you must set the interface x 21 address assigned by the x 5 network service provider to set the x 21 address perform the following task in interface configuration mode 80

Note that the values for these parameters must be the same on both ends of an x 5 link for connection to a public data network pdn these values must be set to the values assigned by the network an svc range is unused if its lower and upper limits are set to 0 other than this use for marking unused ranges virtual circuit 0 is not available for an example of configuring virtual circuit ranges see the section virtual circuit ranges example later in this chapter 80

Number 80

Packet service 80

Set t he x 121 addr ess 80

Will you excute it y n y 80

X25 address x121 address set the x 21 address 80

X25 htc circuit number 80

X25 pvc circuit number set the highest permanent virtual circuit 80

Command 81

Configure additional x 5 interface parameters 81

Note because the x 5 protocol requires the dte and dce to have identical default maximum packet sizes and default window sizes changes made to the window and packet sizes when the interface is up are held until the x 5 protocol restarts the packet service 81

Range default 81

Set default flow control values 81

Set default packet size to configure x 5 flow control values perform the following commands in interface configuration mode 81

Set default window size 81

Setting correct default flow control parameters of window size and packet size is essential for correct operation of the link because x 5 is a strongly flow controlled protocol however it is easy to overlook this task because many networks use standard default values mismatched default flow control values will cause x 5 local procedure errors evidenced by clear and reset events to configure flow control parameters complete the tasks in the following sections 81

Will you excute it y n y 81

X25 psize size set the packet size byte 128 256 512 1024 128 81

X25 wsize packets set the window size 2 modulo 1 2 81

An x 5 interface s x 21 address is used when it is the source or destination of an x 5 call the x 5 call setup procedure identifies both the calling source and the called destination x 21 addresses when an interface is the source of a call it encodes the interface x 21 address as the source address an interface determines that it is the destination of a received call if the destination address matches the interface s address d link s x 5 software can also route x 5 calls which involves placing and accepting calls but the router is neither the source nor the destination for these calls routing x 5 does not modify the source or destination addresses 82

Command task 82

Configure an interface alias address under st and nor mal x 25 addr ess 82

Set the x 5 address 82

Set the x 5 level 3 timers 82

Set the x 5 level three timers 82

Some x 5 applications have less common or special needs several x 5 parameters are available to modify the x 5 protocol behavior for these applications to configure less common x 5 interface parameters for these special needs perform the tasks in the following sections as needed 82

To set the retransmission timers perform any of the following tasks in interface configuration mode 82

Understand the normal x 5 address 82

When establishing svcs x 5 uses addresses in the form defined by the itu t recommendation x 21 or simply an x 21 address an x 21 address has from zero to 15 digits because of the importance of addressing to call setup several interface addressing features are available for x 5 to configure the x 5 address perform the following tasks 82

Will you excute it y n y for an example of setting the retransmission timers see the section ddn x 5 configuration example later in this chapter 82

X25 t20 seconds set dte t20 reset request default value 180sec 82

X25 t23 seconds set dte t23 clear request default value 180sec 82

Mapping protocol addresses to x 21 addresses 83

Set t he i nt er f ace al i as addr ess 83

This section describes the x 5 single protocol and multiprotocol encapsulation options that are available and describes how to map protocol addresses to an x 21 address for a remote host this section also includes reference information about how protocols are identified encapsulation is a cooperative process between the router and another x 5 host because x 5 hosts are reached with an x 21 address the router must have a means to map a host s protocols and addresses to its x 21 address each encapsulating x 5 interface must be configured with the relevant datagram parameters for example an interface that encapsulates ip will typically have an ip address you must also establish the x 21 address of an encapsulating x 5 interface using the x25 address interface configuration command this x 21 address is the address that encapsulation calls are directed to this is also the source 83

Thus preserving the addresses specified by the source host routed switched x 5 simply connects the logical x 5 channels to complete the x 5 virtual circuits which are switched between zero or more routed x 5 links 83

Wi l l you excut e i t y n y set x 5 transport 83

X 5 support is most commonly configured as a transport for datagrams across an x 5 network datagram transport or encapsulation is a cooperative effort between two hosts communicating across an x 5 network you configure datagram transport by establishing a mapping on the encapsulating interface between the far host s protocol address for example ip address and its x 21 address perform the tasks in the following sections as necessary to complete the x 5 configuration for your network needs 83

You can supply alias x 21 addresses for an interface this allows the interface to act as the destination host for calls having a destination address that is neither the interface s address nor the null address local processing for example ip encapsulation can be performed only for incoming calls whose destination x 21 address matches the serial interface or alias of the interface to configure an alias perform the following task in global configuration mode 83

Add delete a x 21 address mapping to virtue circuit 85

Command task 85

Conf i gur e addi t i onal x 25 r out i ng f eat ur es 85

Ebackup means the address mapping is an enhance backup type note multi protocol mapping especially configured with broadcast can cause particularly large communication load which need more queues windows and virtue circuits user can configure the ospf through the command broadcast refer to the chapter x 5 and lapb commands for the description of command map 85

Mappi ng t he dest i nat i on x 121 addr ess t o l ogi c vi r t ue i nt er f ace 85

Set the encapsulation for virtue circuit idle time 85

Set thex 5 negotiation parameters 85

The software of d link router has the capability of configuring additional x 5 routing features to configure the x 5 routing features perform the tasks in the following sections 85

This chapter illustrates how to make a remote pc access the local network through the x 5 network by configuring the router firstly the remote computer access the pstn or directly access x 5 network through normal dialing mode the network supplier transfer the call to x 5 network through pad packet assembler disassembler if the local router is configured to map the destination x 21 address to the logic virtue interface it will response the call and transfer the call to the ppp which will perform the authentication registration authorization and so on the remote computer can access the local network if it pass the authenticaiton use the following command in the configuration mode 85

Translate undo x25 x121 address virtual template 85

Virtual template interface number 85

Wi l l you excut e i t y n y 85

Command 86

Configure the x 5 negotiation parameters 86

Key word u undo d default q quit 29 snmp modify snmp interface parameters 30 x25 set parameters for x 5 please input the code of command to be excute 0 30 30 02 cwla call with without local address 03 dbit use dbit mode or not 86

Set the encapsulation for virtue circuit idle time 86

The router will clear its switching virtue circuit after a idle period of time to set the idle time use the following command in the interface configuration mode 86

X 5 software provides commands which support configuration of x 5 negotiation parameters and allow d bit settings to set supported x 5 negotiation parameters use the command given below in interface configuration mode 86

X25 idle seconds set the idle time for clearing the virtue circuit range 0 2147483647 default 100 sec 86

X25 undo cwla x 5 call request packet with a host address 86

X25 undo dbit set to use the d bit setting whether or not 86

X25 undo nps enable disable packet length negotiation 86

X25 undo nws enable disable packet window size negotiation 86

15 nps enable disable packet size negotiation 16 nui set network user identity 17 nws enable disable window size negotiation please input the code of command to be excute 0 26 03 choose 03 15 17 02 respectively to implement the configuration 87

Configure the x 5 tcp switching parameters 87

Rfc1006 transparent user set the switching packet format 87

User can configure the x 5 tcp switching parameters with the following command in interface configuration mode this function is not in the formal version but only provided in some probational version 87

Will you excute it y n y 87

X25 undo tcp iso address line set the iso extension address used by x25 tcp in the interface 87

X25 undo tcp pkt format 87

X25 undo tcp user data line set the user data utilized by x25 tcp in the interface 87

Command t ask 88

Configure pvc switching between x 5 interfaces 88

Configure svc switching between x 5 interface 88

D link router can be used as x 5 switch it includes pvc switching and svc switching the two interfaces used for pvc switching must has untapped pvc in configuration mode user can use the following commands to set the local pvc switching 88

Set a svc interface addressing 88

The two connected interface must have valid pvc permanent virtue circuit if user want to configure the switching table 88

Will you excute it y n y 88

X25switch undo connect port1 port1_pvc_no port2 port2_pvc_no set the pvc switching 88

X25switch undo default destination x121addr default port 88

Configuring a pvc xot interface addressing 89

Configuring the xot switching between x 5 interfaces 89

Set a pvc xot interface addressing 89

Set a svc xot interface addressing 89

X25switch undo xot pvc local interface local pvc remote interface remote pvc remote ip address source interface 89

X25switch undo xot svc x 21 address remote ip address source interface 89

Configuring a svc xot interface addressing 90

Configuring the x 5 tcp switching gateway 91

D link router can implement the datagram switching between x 5 and tcp ip user the following command in configuration mode 91

Set a mapping between the source ip address and destination pvc address configure the local and remote tcp monitor interface 91

Set a mapping between the source ip address and destination x 21 address configure the local and remote tcp monitor interface 91

Translate undo tcp ip ip address pvc intr1 pvc 1 lport locport rport remport backup intr2 pvc 2 91

Translate undo tcp ip ip address svc intr1 x121address1 lport locport rport remport backup intr2 x121address2 91

Clear x25 port vc number clear svc 92

Debug undo lapb 92

Debug undo x25 events normal raw xot serial debug the x25 internal events and datagram 92

Debug undo x25 tcp data event list debug the events data receiving and transmitting link status of x25 tcp 92

Debug x25 undo xot debug the setup of xot 92

Iframes sframes uframes raw serial debug the lapb frames 92

Show interface serial number display the operation statistic of interfaces 92

Show x25 display the x 5 interface address mapping 92

Show x25switch display the x 5 switching table 92

The specifications are given below 1 clear svc 92

To monitor and maintain the x 5 and lapb use the following commands in configuration mode 92

Wi l l you excut e i t y n y monitoring and maintaining the lapb and x 5 92

Display the x 5 switching table 93

Show the address mapping of an x 5 interface 93

Debug the lapb frames 94

Debug the setup process of xot 94

Debug the x25 internal events and datagram 94

1 network requirements 95

2 figure 95

3 configuration steps 95

Debug the events data receiving and transmitting link status of x25 tcp 95

Link two router through the back to back serial interface directly 95

The following sections provide examples to help you understand how to configure lapb and x 5 for your network 95

This chapter will introduce some typical x 5 configuration examples to make you understand more about the tasks and contents related with x 5 of d link router note that the content after the is not a part of the command but only a remark 95

Typical lapb configuration example in the following example the frame size n1 window size k and maximum retransmission n2 parameters retain their default values the encapsulation interface configuration command sets dce operation to carry a single protocol ip by default the lapb t1 interface configuration command sets the retransmission timer to 4 seconds for a link with a long delay or slow connecting dte device 95

Typical x 5 configuration example 95

X 5 and lapb configuration examples 95

1 network requirement 96

2 figure 96

3 configuration steps 96

Configuring router a c onf i guri ng t he i nt erf ace i p address 96

Connecting the router to x 5 public packet network 96

Router a b c are connected to the same x 5 network to communicate with each other as the following figure the configurations are the ip address of these routers are 168 73 4 168 73 4 and 168 73 4 routers x 21 address assigned by the network are 30561001 30561002 30561003 the standard receiving and transmitting window size supported by the packet network are both 5 96

Set the interface as x 5 interface and set it operates in dce mode 96

Set the interface as x 5 interface and set it operates in dte mode 96

Conf i guri ng rout er b1 97

Conf i gur i ng x 25 tcp swi t chi ng exampl es 98

Conf i gure rout er c1 98

Conf i guri ng rout er b1 98

Conf i guri ng rout er b2 98

Conf i guri ng rout er c2 98

After you connect to a remote x 5 device you can clear the connection by using the following commands 102

Clear a call 102

Clr clear the virtual call 102

Ctrl p from the remote host escape back to the local router pad mode 102

Ctrl p from x 8 mode escape back to pad mode 102

Customerize local x parameter 102

Pad address enter x 8 mode 102

Par display the current x pad parameters 102

Par verify that the new pad parameter was set correctly 102

Set parameter number new value change the value of a parameter 102

Step command purpose 102

To set an x pad parameter from a local terminal use the following commands beginning in exec mode or user mode 102

Command function 103

Command purpose 103

Input the following commands in the interface configurative mode 103

Monitor x 5 pad connection 103

Show x25 to display currently opened x 5 connecting information 103

The router 103

This configuration can limit the source x121 address accessing the router 103

This information includes current status of virtual circuit 4 x 5 pad access limitation 103

To display currently opened connecting information use the following exe mode command 103

Will you excute it y n y 103

X25 map pad x121addr configuring the source x121 address for the static useful pad to access 103

X25 pad access enable the pad access limitation the configuration will be checked by using the item configured by the upper command if it has not been configured all the pad access will be forbidden 103

Pad signal examples 104

The following example configures parameter 9 from 0 to 1 which adds one byte after the carriage return this setting is performed from a local terminal using the set parameter number new value pad command signal 104

The following examples is to clear a connection with a remote x 5 host router a disconnecting from router b using the x 8 mode clr command 104

The following examples show two ways to make a call to a remote x 5 host over a serial line the remote host s interface address is 123456 router a calls router b using the pad 123456 exec command 104

X customization examples 104

Configuring ppp task list 105

Command purpose 108

Defines the authentication methods supported and the order in which they are used 108

Encapsulation ppp enables ppp encapsulation on an interface 108

Ppp authentication chap ms chap pap word default callin 108

To enable chap or pap authentication on an interface configured for ppp encapsulation use the following command in to enable chap or pap authentication on an interface configured for ppp encapsulation use the following command in interface configuration mode 108

To specify the password to be used in chap or pap caller identification use the following command in global configuration mode 108

To use chap or pap you must perform the following tasks 1 enable ppp encapsulation 2 enable chap or pap on the interface 3 for chap configure host name authentication and the secret or password for each remote system with which authentication is required to enable ppp encapsulation use the following command in interface configuration mode 108

Will you excute it y n y 108

Command purpose 109

In cbcp the side that launching the dial is caller the side that receiving the dial is answerer during the lcp negotiation if both sides aggree to apply the cbcp thus the cbcp will be run after the authentication period during the callback period answerer sends callback request and list the callback options that can be received by caller while caller responsing by callback response the request options will be listed if callback response that returns from caller is legality and can be received by answerer then answerer will respons by callback ack caller will enter the period of link termination and prepare to receive the call after received callback ack if you need to use cbcp caller need to be configured with config ppp callback request cbcp if the telephone number is specified by caller you should configure set dialer caller xx except configure config ppp callback accept if the need no callback the telephone number of callback need not to be configured by answerer if the telephone nu 109

Make sure this password does not include spaces or underscores 109

Start callback control protoccol cbcp 109

Username name password secret configures identification 109

Will you excute it y n y 109

Answerer set dialer called xx xx xx should be configured to use cbcp protocol you must perform the following tasks step 1 enalbe ppp encapsulation 110

Command purpose 110

Dialer caller xx configure the callback telephone number that specified by caller 110

Encapsulation ppp enalbe ppp on interface 110

Ppp callback accept configure to start the receiving of cbcp negotiation on answerer 110

Ppp callback request cbcp configure to start cbcp negotiation on caller 110

Step 2 step 2 configure cbcp on this interface 110

Step 3 configure callback telephone number 110

Configure the telephone number on answerer that the number is specified by caller or specified by answerer or select one from answerer provided numbers by caller 111

Configuring the callback dialstring designated by caller on the caller called 111

User xx password xx callback dialstring xx dialer called xx xx xx 111

Interface type number specifies the interface and enters interface configuration mode 113

Peer default config ip addrpool pool name specifies the address pool for the interface to use 113

Command purpose 114

Creates one or more local ip address pools 114

Interface type number specifies the interface and enters interface configuration mode 114

Ip local pool poolname begin ip address ip address number 114

Peer default config ip addr ip address specifies the specified address 114

To define an ip address for a specified interface use the following commands 114

Command purpose 115

Configuring multilink ppp 115

Disabling or reenabling peer host routes 115

Peer neighbor route reenables creation of neighbor routes 115

Peer undo neighbor route disables creation of neighbor routes 115

The d link router automatically creates neighbor routes by default that is it automatically sets up a route to the peer address on a point to point interface when the ppp ipcp negotiation is completed to disable this default behavior or to reenable it once it has been disabled use the following commands in interface configuration mode 115

The multilink ppp feature provides load balancing functionality over multiple wan links the d link implementation of the multilink ppp supports the fragmentation and packet sequencing specifications in rfc 1717 the multilink ppp allows packets to be fragmented and the fragments to be sent at the same time over multiple point to point links to the same remote address the multiple links come up in response to a defined dialer load threshold the load can be calculated on inbound traffic outbound traffic or on either as needed for the traffic between the specific sites the multilink ppp provides bandwidth on demand and reduces transmission latency across wan links the multilink ppp is designed to work over the following types of single or multiple interfaces 115

Will you excute it y n y 115

Config encap ppp enables ppp encapsulation 116

Configuring multilink ppp on dialing line 116

Dialer rotary group number includes the interface in a specific dialer group 116

For example to configure multilink ppp on synchronous interfaces firstly your interface msut supports dialer and ppp encapsulation and then you configure a dialer interfaces to support ppp encapsulation and multilink ppp to configure a synchronous interface use the following commands beginning in global configuration mode 116

Interface async number specifies an asynchronous interface 116

Ip undo address specifies no ip address for the interface 116

Line dial enables dialing on the interface 116

Step command purpose 116

Synchronous or asynchronous serial interfaces 2 bri interfaces 3 pri interfaces 116

Dialer load threshold load specifies the dialer load threshold for bringing up additional wan links 118

For example 118

Interface dialer number define a dialer rotary group 118

Ip undo address specifies no ip address for the interface 118

Ppp multi link enable multilink ppp 118

Repeat these steps for additional synchronous interfaces if it s needed note to configure set dialer rotary group interface the ppp configuration will automatic synchronize with corresponding dialer interface to configure a dialer interface use the following commands beginning in global configuration mode 118

Step command purpose 118

Configuring mlp on a single isdn bri interface 119

Encapsulation ppp enable ppp encapsulation 119

Interface bri number define an interface 119

Ip addr ip address mask secondary specify an appropriate protocol address 119

Step command purpose 119

To enable mlp on a single isdn bri interface you are not required to define a dialer rotary group separately because isdn interfaces are dialer rotary groups by default to configure an isdn bri interface use the following commands beginning in global configuration mode 119

Configure dialer map 120

Dialer group group number controls access to this interface by adding it to a dialer access group 120

Dialer idle timeout seconds optional specifies a dialer idle timeout 120

Dialer load threshold load specifies the dialer load threshold for bringing up additional wan links 120

Dialer map protocol next hop address name hostname broadcast dial string isdn subaddress 120

For example 120

Ppp authentication pap chap ms chap optional enables ppp authentication 120

Ppp multi link enable multilink ppp 120

Configure dialer map 123

Configuring mlp on multiple isdn bri interfaces 123

Dialer group group number controls access to this interface by adding it to a dialer access group 123

Dialer idle timeout seconds optional specifies the dialer idle timeout period 123

Dialer load threshold load configure the maximum load threshold specified by the dialer 123

Dialer map protocol next hop address name hostname broadcast dial string isdn subaddress 123

Encapsulation ppp enable ppp encapsulation 123

Interface dialer number define an interface 123

Ip address ip address mask specify an appropriate ip address 123

Ppp authentication pap chap ms chap optional enables ppp authentication 123

Ppp multilink enable multilink ppp 123

Step command purpose 123

To enable mlp on multiple isdn bri interfaces set up a dialer rotary interface and configure it for multilink ppp then configure the bri interfaces separately and add them to the same rotary group to set up the dialer rotary interface use the following commands 123

Dialer idle timeout seconds optional sets the dialer idle timeout period 127

Dialer load threshold load configure the maximum load threshold of dialer 127

Dialer rotary group number adds the interface to the dialer rotary group 127

Encapsulation ppp enable ppp encapsulation 127

Interface bri number specifies an interfaces 127

Ip undo addr do not configure ip address 127

Step command purpose 127

To configure the bri interfaces to belong to the dialer rotary group use the following commands beginning in global configuration mode 127

Repeat steps 1 through 6 for configure other bri interfaces 128

Configure multilink ppp on dsl 129

Define multilink group interface 129

Enable multilink ppp 129

Note to configure set dialer rotary group interface the ppp configuration will automatic synchronize with corresponding dialer interface 129

Optional designate enddisc type 129

Optional enable ppp authentication 129

Specify appropriate ip address 129

To configure mutlilink ppp on multiple dsl interfaces you must establish a multilink group interface with default configuration that is of multilink ppp then independently configure each dsl interface and associate into the same multilink group configuration of establishing multilink group interface as below 129

19 ip ip configuration commands 20 mtu set the interface mtu 131

Add the interface to multilink group 131

Configure the dsl interface belong to multilink group as below 131

Default router config interface 00 fastethernet fastethernet interface 01 serial serial interface 131

Define an interface 131

Do not configure ip address 131

Enable ppp encapsulation 131

Please input the code of command to be excute 0 18 u 131

Please input the code of command to be excute 0 32 19 key word u undo d default q quit 00 access group specify access control for packets 131

Please input the code of command to be excute 0 9 1 please input a interface name s0 1 input the interface name will you excute it y n y key word u undo d default q quit 131

Multilink ppp on dsl interface example 134

Use virtual template to configure multilink 134

Command purpose 137

Configuring hdlc task list 137

Enable hdlc encapsulation 137

Enable slip encapsulation 137

Encapsulation hdlc enable hdlc encapsulation 137

Encapsulation slip enable slip encapsulation 137

Hdlc confiureation task list 137

Hdlc protocol provides the method that encapsulate the network layer protocol information on point to point connection this protocol can be configured on the following types of physical interface isdn synchronous serial interface 137

Implementation information 137

Implementing the following configuration in the interface configurative mode 137

To configure the hdlc on serial interface include isdn perform the following task in interface configuration mode enable hdlc encapsulation 137

To encapsulate the ip packet encapsulate the slip protocol on serial line 137

Conf i gur i ng wan per f or mance implementation information 145

Configuring the enable of global fast switch 145

Fast swi t ch conf i gur at i ve t ask l i st 145

I p overvi ew 146

I p sect i on of net wor k pr ot ocol conf i gur at i on 146

Interior gateway protocols 146

Ip routing protocol 146

Select a routing protocol 146

Assign an ip addresses to a network interface 147

Conf i gure i p addressi ng 147

Exterior gateway protocols 147

Ip addressing task list 147

A mask identifies the network section in an ip address 148

Assign multiple ip addresses to a network interface 148

Ip address ip address mask configure master ip address of the interface 148

Not e not e i f any rout er on a net work segment uses a secondary address al l ot her rout ers on t hat same segment 148

Not e not e we onl y support net work masks ordered by net work oct et and cont i nuousl y set begi nni ng f rom t he t i pt op bi t 148

Other additional and optional tasks will be introduced in the following sections other additional and optional tasks will be introduced in the following sections assign multiple ip addresses to a network interface enable ip processing on a serial interface 148

Command task 149

Enable ip processing on a serial interface 149

Ip unnumbered type number enable ip process function on a serial or tunnel interface without configuring any ip address 149

Must al so conf i gure secondary addresses of t he same net work segment 149

Not e ip routing protocols sometimes treat secondary addresses differently when sending routing updates 149

Note note using an unnumbered serial line between different major networks requires special care any routing protocol running on the link should be configured to advertise none information about subnets 149

To assign multiple ip addresses to a network interface you should select to assign multiple ip addresses to a network interface you should select ip option in configuring prompt and it will list all arguments 149

To enable ip processing on an unnumbered serial interface perform the following command in interface configuration to enable ip processing on an unnumbered serial interface perform the following command in interface configuration mode 149

An example of how to configure serial interfaces can be found in the serial interface configuration example section at the end of the chapter 150

Configure address resolution 150

The ip implementation allows you to control ip address resolution and some other functions the following sections describe how to configure address resolution establish address resolution map host names to ip addresses establish address resolution an ip device can have both a local address which uniquely identifies the device on its local segment or lan and a network address which identifies the network the device belongs to the local address is more properly known as a data link address because it is contained in the data link layer part of the packet header and is read by data link devices the more technically inclined will refer to local addresses as mac addresses because the media access control mac sublayer within the data link layer processes addresses for the layer to communicate with a device on ethernet for example the router first must determine the 48 bit mac or local data link address of that device the process of determining the local data link address from an ip address i 150

To enable ip process function on an unnumbered interface you should select ip option in the configuring prompt and it will list all arguments 150

Arp and other address resolution protocols provide a dynamic mapping between ip addresses and media addresses because most hosts support dynamic address resolution you generally do not need to specify static arp cache entries if you do need to define them you can do so globally doing this task installs a permanent entry in the arp cache the router uses this entry to translate 32 bit ip addresses into 48 bit hardware addresses in addition you can also specify the router to reply to arp requests instead of other hosts maybe you do not wish the arp table live permanently here you can configure the live time of arp table the following two tables list the tasks to provide static mapping between ip addresses and media address 151

Arp ip address hardware address globally associate an ip address with a media hardware address in the arp cache 151

Arp ip address hardware address set alias 151

Arp timeout seconds set the length of time an arp cache entry will stay in the cache 151

Command task 151

Def i ne a st at i c arp cache 151

Enable proxy arp 151

Specify that the router respond to arp requests as if it were the owner of the specified ip address 151

Use the following command to configure timeout of the arp item in arp buffer 151

Command task 152

Conf i gur e a rout e pr ocess as far as you have got before here you can configure one or more route protocol according to your request route protocol provides topology information in internet configuration of ip route protocol such as bgp rip and ospf will 152

Enabl e pr oxy arp 152

Ip host name address statically associate a host name with an ip address 152

Ip proxy arp enable arp on the proxy interface 152

Map a host name to an ip addresse map a host name to an ip addresse each unique ip address can have a host name associated with it the router maintains a cache of host name to address mappings for use by the command telnet ping etc to assign host names to addresses perform the following command in global configuration mode 152

The router uses proxy arp as defined in rfc 1027 to help hosts with no knowledge of routing determine the media addresses of hosts on other networks or subnets for example if the router receives an arp request for a host that is not on the same interface as the arp request sender and if the router has all of its routes to that host through other interfaces then it generates a proxy arp reply packet giving its own local data link address the host that sent the arp request then sends its packets to the router which forwards them to the intended host proxy arp is enabled by default to enable proxy arp select ip option in configuring prompt then select option proxy arp 152

To display the arp timeout value being used on a particular interface use the show interfaces command use the show arp command to examine the contents of the arp cache to remove all nonstatic entries from the arp cache use the privileged command clear arp cache 152

Be introduced in latter documents configure broadcasting message processing a broadcast message destined for all hosts on a particular physical network network hosts recognize broadcasts by special addresses broadcasts are heavily used by some protocols including several important internet protocols control of broadcast messages is an essential part of the ip network administrator s job the system supports directed broadcast i e broadcast destined for a special network broadcast to all the subnets of a network dose not supported by the system several early ip implementations do not use the current broadcast address standard instead they use the old standard which calls for all 0 instead of all 1 to indicate broadcast address our system can identify and accept messages in both forms allow translation from directed broadcast to physical broadcast forward udp broadcast packets and protocols allow translation from directed broadcast to physical broadcast by default ip directed broadcast pa 153

Command task 153

Forward udp broadcast packets network hosts occasionally use udp broadcasts to determine address configuration and name information if such a host is on a network segment that does not include a server udp broadcasts are normally not forwarded you can remedy this situation by configuring the interface of your router to forward certain classes of broadcasts to a helper address you can have more than one helper address per interface 153

Ip directed broadcast access list name enable translation from directed broadcast to physical broadcast on an interface 153

Command task 154

Detect and maintain ip addressing perform the following tasks to detect and maintain the network clear caches tables and databases display system and network statistics 154

Ip forward protocol udp port specify which protocols will be forwarded over which ports 154

Ip help address address enable forwarding and specify the destination address for forwarding udp broadcast packets 154

To specify which protocols will be forwarded perform the following command in global configuration mode 154

You can specify a udp destination port to control which udp services are forwarded current default forward destination port is the udp packets of netbios name service port 137 to enable forwarding and to specify the destination address perform the following command in interface configuration mode 154

Conf i guri ng net work address transl at i on nat task li st 156

Input value of the amount of translation items 180

Please input the code of command to be excute 0 1 0 input 0 prompt is as below please input a digital number please input a string input timeout value there are mostly three methods to restrict the amount of nat connections you can implement these three methods through executing following commands in global configure mode 180

Timeout in seconds 01 never never timeout 180

Configure dhcp client 184

An exampl e of obt ai ni ng an i p f or an et her net i nt er f ace 187

Enable dhcp server service disable dhcp server service configure icmp inspect parameters configure saving database parameters configure dhcp server address pool configure dhcp server address pool parameters monitor dhcp server clean dhcp server information 187

Assigned for client 191

Configure the client id used for 191

Configure the dns server address assigned for client 191

Configure the domain name 191

Configure the hardware address used for matching client 191

Configure the host address of address pool for manual allocation 191

Configure the host name used for manual allocating to client 191

Configure the lease time of address assigned for client 191

Configure the netbios name server address assigned for client 191

In the prompt select 17 option prompt is as below 00 a b c d network number 191

Matching client 191

Please input the code of command to be excute 0 0 0 input 0 selecta b c d option prompt is as below please input a ip address input ip 191

You can use t hi s command t o conf i gure t he dns server address assi gned f or cl i ent 191

You can use t hi s command t o conf i gure t he domai n name assi gned f or cl i ent 191

You can use t hi s command t o conf i gure t he host address of address pool f or manual al l ocat i on 191

You can use t hi s command t o conf i gure t he host name used f or manual al l ocat i ng t o cl i ent 191

You can use t hi s command t o conf i gure t he l ease t i me of address assi gned f or cl i ent 191

You can use t hi s command t o conf i gure t he net bi os name server address assi gned f or cl i ent 191

You can use this command to configure the client id used for matching client 191

You can use this command to configure the hardware address used for matching client 191

00 al i as al i as f or command 192

06 dhcpd dhcp server i nf ormat i on 192

18 i p i p i nf ormat i on 192

Allocating information 192

Clean current packet statistics of the dhcp server 192

Clean dhcp server information to cl ean current address al l ocat i ng i nf ormat i on of t he dhcp server pl ease execut e t he f ol l owi ng command i n management di rect ory 192

Clean the specified address 192

Monitor dhcp server to exami ne t he i nf ormat i on of current address al l ocat i ng i nf ormat i on of t he dhcp server pl ease execut e t he f ol l owi ng commands i n management di rect ory 192

Pl ease i nput t he code of command t o be excut e 0 20 6 i nput 6 sel ect dhcpd opt i on prompt i s as bel ow 00 bi ndi ng dhcp address bi ndi ngs 01 st at i st i c dhcp server st at i st i cs pl ease i nput t he code of command t o be excut e 0 1 192

Pl ease i nput t he code of command t o be excut e 0 45 18 i nput 18 sel ect i p opt i on prompt i s as bel ow 00 access l i st s li st i p access l i st s 192

To cl ean current packet st at i st i cs of t he dhcp server pl ease execut e t he f ol l owi ng command i n management di rect ory 192

To exami ne current packet st at i st i cs of t he dhcp server pl ease execut e t he f ol l owi ng command i n management di rect ory 192

Configure ip service task list 193

Fi l t er i p packet s task li st 203

Filter ip packets 203

Packet filtering helps control packet movement through the network such control can help limit network traffic and restrict network use by certain users or devices to permit or deny packets from crossing specified interfaces d link provides access lists you can use access lists in the following ways 203

To control the transmission of packets on an interface 203

To control virtual terminal line access 203

To restrict contents of routing updates this section summarizes how to create ip access lists and how to apply them an ip access list is a sequential collection of permission and forbiddance conditions that apply to ip addresses the d link ios software tests addresses against the conditions in an access list one by one the first match determines whether the software accepts or rejects the address because the software stops testing conditions after the first match the order of the conditions is critical if no conditions match the software rejects the address the two main tasks involved in using access lists are as follows 1 create an access list by specifying an access list number or name and access conditions 2 apply the access list to interfaces follwing chapters describe the handling of the two tasks in detail 203

Configure ri p task li st 208

Configure beigrp dynamic route protocol 217

Rip configuration examples 217

Adj ust t he bei grp 218

Appl y of f set l i st t o adj ust rout i ng met ri cs 218

Met ri cs 218

Met ri c 222

Met ri cs 222

Select select 222

In the directory of configuring beigrp routing select 223

Configuring ospf 235

Configuring ospf task list 235

Ospf configuration task list 235

Ospf over demand circuit rfc 1793 235

The d link router ospf implementation 235

Enabling ospf 236

Configuring ospf interface parameters 237

Configuring ospf over different physical networks 238

Configuring your ospf network type 238

Ospf classifies different media into the following three types of networks by default 1 broadcast networks ethernet token ring and fddi 2 nonbroadcast multiaccess nbma networks switched multimegabit data service smds frame relay and x 5 3 point to point networks high level data link control hdlc ppp you can configure your network as either a broadcast or an nbma network x 5 and frame relay provide an optional broadcast capability that can be configured in the map to allow ospf to run as a broadcast network refer to the x25 map and frame relay map command descriptions in the wide area networking command reference publication for more detail 238

You have the choice of configuring your ospf network type as either broadcast or nbma regardless of the default media type using this feature you can configure broadcast networks as nbma networks when for example you have routers in your network that do not support multicast addressing you also can configure nbma networks such as x 5 frame relay and smds as broadcast networks this feature saves you from needing to configure neighbors as described in the section configuring ospf for nonbroadcast networks later in this chapter configuring nbma multiaccess networks as either broadcast or nonbroadcast assumes that there are virtual circuits vcs from every router to every router or fully meshed network this is not true for some cases for example because of cost constraints or when you have only a partially meshed network in these cases you can configure the ospf network type as a point to multipoint network routing between two routers not directly connected will go through the router that h 238

Configuring point to multipoint broadcast networks 239

Step command purpose 240

Because there might be many routers attached to an ospf network a designated router is select ed for the network it is necessary to use special configuration parameters in the designated router select ion if broadcast capability is not configured these parameters need only be configured in those devices that are themselves eligible to become the designated router or backup designated router in other words routers with a nonzero router priority value to configure routers that interconnect to nonbroadcast networks use the following command in router configuration mode 241

Command purpose 241

Configure a router interconnecting to nonbroadcast networks 241

Configuring ospf for nonbroadcast networks 241

Neighbor ip address priority number poll interval seconds 241

You can specify the following neighbor parameters as required 1 priority for a neighboring router 2 nonbroadcast poll interval 3 reachable neighbor interface on point to multipoint nonbroadcast networks you now use the config neighbor command to identify neighbors assigning a cost to a neighbor is optional in the previous versions some customers were using point to multipoint on nonbroadcast media such as classic ip over atm so their routers could not dynamically discover their neighbors this feature allows the config neighbor command to be used on point to multipoint interfaces on any point to multipoint interface broadcast or not the router assumed the cost to each neighbor was equal the cost was configured with the config ip ospf cost command in reality the bandwidth to each neighbor is different so the cost should differ with this feature you can configure a separate cost to each neighbor this feature applies to point to multipoint interfaces only to treat the interface as point to 242

Configure an interface as point to multipoint for nonbroadcast media 243

Exit enter global configuration mode 243

Ip ospf network point to multipoint non broadcast 243

Neighbor ip address cost number 243

Repeat step 4 for each neighbor 243

Router ospf process id configure an ospf routing process and enter router configuration mode 243

Specify an ospf neighbor and optionally assign a cost to the neighbor 243

Step command purpose 243

Configuring ospf area parameters 244

03 range summari ze ls_sum_net border rout ers onl y 245

Area area id range address mask specify an address range for route of summarization 245

Command purpose 245

Configuring route summarization in ospf area 245

This feature causes a single summary route to be advertised to other areas by an abr in ospf an abr will advertise networks in one area into another area if the network numbers in an area are assigned in a way such that they are contiguous you can configure the abr to advertise a summary route that covers all the individual networks within the area that fall into the specified range to specify an address range use the following command in router configuration mode 245

An administrative distance is a rating of the trustworthiness of a routing information source such as an individual router or a group of routers numerically an administrative distance is an integer between 0 and 255 in general the higher the value is the lower the trust rating is an administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored ospf uses three different administrative distances intra area inter area and external routes within an area are intra area routes to another area are inter area and routes from another routing domain learned via redistribution are external the default distance for each type of route is 110 to change any of the ospf distance values use the following command in router configuration mode 248

Change the ospf distance values of intra area inter area and external route 248

Command purpose 248

Configure the ospf administrative distances 248

Distance ospf intra area dist1 inter area dist2 external dist3 248

Chongqing configuration 251

Guangzhou configuration 251

Ospf point to multipoint nonbroadcast example 251

Basic ospf configuration example for internal router abr and asbrs the following example illustrates the assignment of four area ids to four ip address ranges in the example ospf routing process 109 is initialized and four ospf areas are defined 10 0 2 3 and 0 areas 10 0 2 and 3 mask specific address ranges while area 0 enables ospf for all other networks 253

The following example illustrates a simple ospf configuration that enables ospf routing process 9000 attaches ethernet 0 to area 0 and redistributes rip into ospf and ospf into rip 253

Complex ospf configuration for abr examples the following example configuration accomplishes several tasks in setting up an abr these tasks can be split into two general categories 1 basic ospf configuration 2 route redistribution the specific tasks outlined in this configuration are detailed briefly in the following descriptions figure 25 illustrates the network address ranges and area assignments for the interfaces 255

Router b 255

Router c 255

Bgp overview 257

Configure bgp task li st 257

D link bgp implementation 257

In bgp each route consists of a reachable destination network or prefix a list of autonomous systems that information has passed through called the autonomous system path and a list of other path attributes d link supports rfc1771 defined bgp versions 4 the primary function of a bgp system is to exchange network reachability information with other bgp systems including information about the list of autonomous system paths this information can be used to construct a graph of autonomous system connectivity from which routing loops can be pruned and with which autonomous system level policy decisions can be enforced bgp version 4 supports classless interdomain routing cidr which lets you reduce the size of your routing tables by creating aggregate routes resulting in supernets cidr eliminates the concept of network classes within bgp and supports the advertising of ip prefixes cidr routes can be carried by open shortest path first ospf enhanced igrp eigrp and intermediate system to interm 257

Rip on netwrok 192 68 0 257

This chapter describes how to configure border gateway protocol bgp for a complete description of the bgp commands in this chapter refer to the bgp commands chapter the border gateway protocol as defined in rfcs 1163 1267 and 1771 is an exterior gateway protocol egp it allows you to set up an interdomain routing system that provides the loop free exchange of routing information between autonomous systems this section will describe following contents 257

Adjusting bgp timers 259

Compare the meds from different autonomous systems route for information on configuring features that apply to multiple ip routing protocols such as redistributing routing information see the chapter configuring ip routing protocol independent features configuring basic bgp features the tasks described in this section are for configuring basic bgp features 259

Configure bgp interactions with igps 259

Configure bgp neighbors 259

Configure bgp route filtering base on port 259

Configure bgp route filtering by neighbor 259

Configure bgp soft reconfiguration 259

Configure multi hop exterior peer groups 259

Configuring a route reflector 259

Configuring bgp weights 259

Configuring self administration system confederation 259

Disable next hop processing on bgp updates enable bgp routing select ion to enable bgp routing select ion using the following commands beginning in global configuration mode 259

Disabling peer group 259

Enable a bgp routing process which places you in router configuration mode flag a network as local to this autonomous system and enter it to the bgp table 259

Enabling bgp routing select ion 259

Reset bgp connections 259

Router bgp autonomous system network network number masklen route map route map name 259

Setting bgp route administrative distance 259

Step command purpose 259

Configure bgp neighbors 260

Configure bgp soft reconfiguration 261

Reset bgp connections 261

Between bgp and igps 262

Clear ip bgp clear ip bgp address 262

Command purpose 262

Commands in exec mode to reset bgp connections 262

Configure 262

If your autonomous system will be passing traffic through it from another autonomous system to a third autonomous system it is very important that your autonomous system be consistent about the routes that it advertises for example if your bgp were to advertise a route before all routers in your network had learned about the route through your igp your autonomous system could receive traffic that some routers cannot yet route to prevent this from happening bgp must wait until the igp has propagated routing information across your autonomous system this causes bgp to be synchronized with the igp synchronization is enabled by default in some cases you do not need synchronization if you will not be passing traffic from a different autonomous system through your autonomous system or if all routers in your autonomous system will be running bgp you can disable synchronization disabling this feature can allow you to carry fewer routes in your igp and allow bgp to converge more quickly to disa 262

Reset all bgp connections reset a particular bgp connection 262

Synchronizatio 262

Synchronization undo disable synchronization between bgp and an igp 262

Configuring bgp weights 263

Configure the bgp route filtering based on neighbor 264

Configure the bgp route filtering based on port 268

Prompt i s as bel ow 271

Apply route mapping 272

Neighbor ip address peer group name route map access list name in out 272

St ep2 272

Prompt i s as bel ow 273

Bgp configuration example 283

In the following example route map freddy marks all paths originating from autonomous system 690 with a multi exit discriminator med metric attribute of 127 the second permit clause is required so that routes not matching autonomous system path list 1 will still be sent to neighbor 1 283

Sections below supply examples of bgp configuration examples of bgp route map the following example shows how you can use route maps to modify incoming data from a neighbor any route received from 140 22 that matches the filter parameters set in autonomous system access list 200 will have its weight set to 200 and its local preference set to 250 and it will be accepted 283

The following example shows how you can use route maps to modify incoming data from the ip forwarding table 283

Bgp neighbor configuration examples in the following example a bgp router is assigned to autonomous system 109 and two networks are listed as originating in the autonomous system then the addresses of three remote routers and their autonomous systems are listed the first router listed is in a different autonomous system the second neighbor command specifies an internal neighbor with the same autonomous system number and the third neighbor command specifies a neighbor on a different autonomous system 284

Bgp route filtering base on port example the following is an example of bgp path filtering by neighbor the routes from port e1 o will be filtered by access list ac1 284

Examples of bgp route filtering by neighbor the following is an example of bgp path filtering by neighbor the routes that pass as path access list 1 will get weight 100 only the routes that pass as path access list 2 will be sent to 193 2 0 similarly only routes passing access list 3 will be accepted from 193 2 0 284

Examples of route filtering through prefix list following example denies default route 0 0 284

Following example allows routes matching prefix 35 8 284

Following example filters routes from all ports through using prefix list filter prefix to filter network number as well as using access list filter gateway to filter gateway address 284

Following example filters routes from port s1 0 through using access list filter network to filter network number as well as using access list filter gateway to filter gateway address 284

Bgp aggregate route examples the following examples show how you can use aggregate routes in bgp either by redistributing an aggregate route into bgp or by using the conditional aggregate routing feature in the following example the redistribute static command is used to redistribute aggregate route 193 285

Following example allows all routes 285

Following example allows route whose prefix length larger than 8 and less than 24 in the whole address space 285

Following example denies all routes of net 10 8 if the mask of a class net 10 8 is less than or equal to 32 bits it will deny all routes 285

Following example denies route whose mask length larger than 25 in net 204 0 24 285

Following example denies route whose prefix length larger than 25 in net 192 8 285

Following example denies route whose prefix length larger than 25 in the whole address space 285

In following configuration router will filter routes from all ports except of route whose prefix is in the range of 8 24 285

In following example bgp process will only accept prefix length from 8 to 24 285

The following are examples of other prefix list configurations following example allows route whose prefix length not larger than 24 in net 192 8 285

Examples of bgp route reflector configuration the following is an example of route reflector rta rtb rtc and rte belong to the same autonomous system as200 rta acts as route reflector rtb and rtc are route reflector clients rte is a common ibgp neighbor rtd belongs to as100 and sets up a ebgp connection with rta configuration is as following 1 rta configuration 286

Rtb configuration 286

The following configuration creates an aggregate entry in the bgp routing table when there is at least one specific route that falls into the specified range the aggregate route will be advertised as coming from your autonomous system and has the atomic aggregate attribute set to show that information might be missing 286

The following example not only creates the aggregate route for 193 but will also suppress advertisements of more specific routes to all neighbors 286

Bgp as confederation example the following is a configuration of autonomous system confederation rta rtb and rtc are in ibgp connections and belong to private as 65010 rte belongs to private as 65020 rte builds interior ebgp connection with rta in as confederation as65010 and as65020 buildup an as confederation whose number is as200 rtd belongs to autonomous system as100 rtd builds ebgp connection with as200 through rta 287

Rta configuration 287

Rtc configuration 287

Rtd configuration 287

Rte configuration 287

Rtb configuration 288

Rtc configuration 288

Rtd configuration 288

Rte conf i gurat i on 288

Examples of bgp community route map this section includes three examples of using route maps of bgp community in the first example route map set community is used for outbound updates getting to neighbor 171 9 32 0 special community attribute no export is set on routes passing access list aaa other routes will be advertised normally this special community attribute will automatically forbid bgp session parts in as200 to advertise this route to as outside 289

In the second example route map set community is used for outbound updates getting to 171 9 32 0 all routing configurations generated by as 70 will add the community attribute value 200 into current values other routes will be advertised normally 289

In the third example we will set med of a route from neighbor 171 9l 32 5 and set local priority according to community attribute value of this route those meds of routes matching community list com1 will be configured to be 8000 these routes maybe have other attributes the local priorities of routes transmitting community list com2 are configured to be 500 the local priorities of other routes are cofigured to be 50 therefore local priorities of the left routes of neighbor 171 9 32 5 are 50 289

Configure rsvp 290

How to enable rsvp in ip phone module 291

Use rsvp assistant configuration commands 291

How to configure tos and precedence for rsvp flow 292

Command purpose 293

How to use access list in rsvp module 293

If this command is configured only the rsvp request of host conforming to access list will be accepted otherwise it will be denied 293

Ip rsvp neighbor access list name 293

Ip rsvp precedence conform exceed precedence value 293

Ip rsvp tos conform exceed tos value this command can be used to configure tos of reservation flow 293

This command can be used to configure precedence of reservation flow 293

When user configures rsvp on router he is entitled to use access list to allow or deny some hosts or routers to communicate with local router use command below in interface configuration state to complete this function 293

St art mul t i cast group rout e 296

St art mul t i cast group f unct i on on t he port 297

St art pi m dm 297

Exampl e of change i gmp versi on 298

Configure igmp querier interval 299

Example of configure igmp query interval 299

Choose the 17th option in the parameter clew notify 300

Conf i gure i gmp max response t i me 300

Exampl e of conf i guri ng i gmp queri er i nt erval 300

For igmp router port protocol version 2 other querier existance interval could be configured by the following command 300

Igmp static configuration 302

Last member query interva 302

00 access group speci f y access cont rol f or packet s 9 mrout e cache forward mul t i cast packet usi ng mrout e cache pl ease i nput t he code of command t o be excut e 0 22 9 sel ect 9 opt i on conf i rm i t 306

Disable multicast fast forwarding you can use to configure the port enabling multicast fast forwarding and use to disable this function 306

I p pi m dm hel l o i nt erval 306

I p pi m dm st at e ref resh ori gi nat i on i nt erval 306

I p pi m dm st at e ref resh ori gi nat i on i nt erval 307

I p pi m dm versi on 307

I p undo pi m dm st at e ref resh di sabl e 307

Versi on 307

I p mul t i cast boundary 308

I p pi m dm nei ghor f i l t er 308

Cl ear i p mrout e pi m dm group source 309

Cl ear i p pi m dm i nt erf ace 309

Command function 310

Configure ip multicast flow control 312

I p mul t i cast r at e l i mi t i n gr oup l i st access l i st 1 sour ce l i st access l i st 2 nkbps 312

Conf i gur e i p mul t i cast hel per 313

I p mul t i cast r at e l i mi t out gr oup l i st access l i st 1 sour ce l i st access l i st 2 kbps 313

Command function 318

Aaa overview 323

Aaa security service 323

Benefits of using aaa 323

Conf i gure aaa 323

Basic theories of aaa 324

List of methods 324

Configuration process 325

Examples of methods list 325

List of aaa authentification methods 325

Default routera config aaa 326

Figure 1 suppose the system administrator has determined that all ports authenticate the ppp based connection with the same authentication method in the security scheme firstly connect r1 to learn the ralating authentication information if r1 doesn t respond then connect r2 if r2 doesn t respond then t1 then t2 if all designated server don t respond the authentication will be focused on the local user name database of the access server itself 326

In order to realize this the system admin needs to input the following command aaa default authentication ppp radius local 326

In this example default is the name of the method list the protocols included in this method list are listed after the name in the order they are to be queried the default list is automatically applied to all interfaces when a remote user is attempting to access the network by dial up the network server will demand the relative authentication info on r1 if the user is authenticated to be legal it will send a pass reply to network access server to enable the user to access the server if r1 answers fail message the user will be turned down the session terminated if there s no response from r1 the network server will view it as a error and try to find the authentication info on r2 this model will last in the rest of the time until the user is accepted or rejected or the termination of this session it is important to remember that a fail response completely differs from an error response fail indicates that the user has not met the criteria of a sucessful authentication that contained in t 326

Aaa authenticatio 328

Aaa authentication methods description 328

Apply the methods list to a specific port or line if necessary apply the methods list to a specific port or line if necessary 328

Command 328

Command must match that in the 328

Define the authentication methods list with aaa authentication command 328

General configuration process of aaa authentification 328

In this example 328

Is the name of the method list and the protocols included in this method list are listed after the name in the order in which they are to be performed after the creation of method list the list will be applied on the appropriate port note that the method list name in a 328

Ppp authenticatio 328

To configure aaa authentication you need to finish the following configuration process if you are using a security server please configure the security protocol parameters like 328

Aaa authenticatio 329

Aaa authentication logi 329

Aaa default authentication login list name method1 method2 create a global authentication list 329

Command used in login these lists are applied with the circuit configuration command 329

Command using whatever login method creat one or more lists of authentication methods in 329

Enter the config mode of a certain line 329

Line aux console tty vty line number ending line number 329

Login authenticatio 329

Login default authentication list name apply the authentication list to one or more lines 329

Step command purpose 329

Use aaaconfiguration login authentication the aaa security service facilitates a variety of login authentication methods you will have to start aaa authentication with 329

When configuring please use the commands below starting from the global configuration directory 329

Aaa default authentication login radius note since the keyword none enables any uesr that has logged in to successfully pass the authentication you shall have to keep this keyword as the backup method following table lists the currently supported login authentication methods 330

Aaa default authentication login tacacs none 330

Aaa default authentication login enable 331

Aaa default authentication login line 331

Aaa default authentication login local 331

Aaa default authentication login radius 331

2 3 2 use aaa to pr oceed ppp aut hent i f i cat i on 332

Aaa default authentication login tacacs 332

Aaa default authentication ppp list name method1 method2 332

Before you can use tacacs as the login authentication method you need to configure tacacs service for more information refer to the configuring tacacs chapter 332

Enter interface configuration mode for the interface to which you want to apply the authentication list 332

Interface interface type number 332

Login authentication using tacacs use the aaa authentication login command with the tacacs method keyword to specify tacacs as the login authentication method for example to specify tacacs as the method of user authentication at login when no other method list has been defined enter the following command 332

Many users access network access servers through dialup via async or isdn the aaa security services facilitate a variety of authentication methods for use on serial interfaces running ppp use the config aaa authentication ppp command to start aaa authentication no matter which of the supported ppp authentication methods you decide to use to configure aaa authentication methods for serial lines using ppp use the following commands in global configuration directory 332

Ppp default authentication chap pap chap pap pap chap list name 332

Step command purpose 332

Aaa default authentication ppp local 333

With aaa authentication ppp command you can create one or more lists of authentication methods that are used when a user begins to run ppp these lists are applied using the ppp authentication line configuration command to create a default list use the default parameter followed by the methods you want used in default situations for example to specify the local username database as the default method for user authentication enter the following 333

Aaa authentication ppp command the keyword local is used to designate to authenticate with a local username database for instance if you want to designate the local username databse as the authentication method on a ppp line without using other methods you can input the following conmmand line aaa default authentication ppp local 334

Aaa authentication ppp command the keyword radius is used to designate radius to authenticate for instance if you want to designate the local username databse as the authentication method on a ppp line without using other methods you can input the following conmmand line aaa default authentication ppp radius 334

Aaa default authentication ppp local keyword list name is to name any string in a created 334

Aaa default authentication ppp tacacs none 334

Tacacs 334

Aaa default authentication enable method1 method2 335

Aaa default authentication ppp tacacs 335

Before use tacacs as the authentication method you need to enable communication with the tacacs service for more information refer to the configure tacacs chapter 6 335

Command purpose 335

Initiate password authentication when a user is enterring the priority level 335

Initiate password protection when enter a priority level 335

Tacacs 335

The keyword method refers to the actual list of methods the authentication algorithm tries in the sequence entered 335

To specify tacacs as the authentication method for use on interfaces running ppp for example to specify tacacs as the method of user authentication when no other method list has been defined enter the following 335

Use the config aaa authentication enable default command to create a series of authentication methods that are used to determine whether a user can access the privileged exec command level you can specify up to four authentication methods the additional methods of authentication are used only if the previous method returns an error not if it fails to specify that the authentication succeed even if all methods return an error specify none as the final method in the command line use the following command in global configuration mode 335

While use radius as the authentication method you need to configure the radius service for more information refer to the configure radius chapter ppp authentication using tacacs use the config aaa authentication ppp command with the keyword 335

Change the string to prompt inputting the password 336

Password 336

When configured enable authentication method as the remote authentication i e configured group group restrict radius or tacacs as the keywords the usernames that respectively use radius and tacacs to authenticate are different the following is the introduction for each type 336

A local authentication system based on the username can be created for the following situations to provide a tacacs like username and encrypted password authentication system for networks that cannot support tacacs to provide special case logins such as access list verification no password verification autocommand execution at login to establish the local authentication database perform the following command in the global configuration mode 337

Establish a database of local user name authentification 337

Example 337

Examples of aaa authentificationconfiguration 337

Examples of radius authentification 337

Aaa authentication login radius login radius loca 338

The following example creates the same authentication algorithm for pap but calls the method list test list instead of default 338

Conf i gure radi us 339

Radius overview 339

Radius configuration steps 340

Radius protocol operation 340

Example 341

Radius deadtime minutes 341

Radius retransmit retries 341

Radius timeout seconds specify the number of seconds a router waits for a reply to a radius request before retransmitting the request 341

Specify the number of minutes that marked a radius server as dead which is not responding to authentication requests 341

Specify the number of times the router transmits each radius request to the server before giving up default is 2 341

Step command purpose 341

To customize communication between the router and the radius server use the following optional radius global configuration commands 341

Command purpose 342

Configure router to use vendor specific radius attributes the internet engineering task force ietf draft standard specifies a method for communicating vendor specific information between the network access server and the radius server by using the vendor specific attribute attribute 26 vendor specific attributes vsas allow vendors to support their own extended attributes not suitable for general use for more information about vendor ids and vsas refer to rfc 2138 remote authentication dial in user service radius to configure the network access server to recognize and use vsas use the following command in global configuration mode 342

Example example 342

Radius vsa send authentication enable the network access server to recognize and use vsas as defined by radius ietf attribute 26 342

3 3 conf i gur e radi us aut ent i cat i on 343

3 4 conf i gur e radi us aut hor i z at i on 343

3 5 conf i gur e radi us account i ng 343

Radius authentication examples 343

Radius configuration examples 343

Radius examples in aaa application 343

Configuretacacs directory 344

Command purpose 346

Preferred servers to specify a tacacs host use the following command in global configuration mode 346

Specify the ip address and correlative attribute of tacacs server 346

Tacacs server ip address single connection multi connection port integer timeout integer key string 346

After you have identified the tacacs daemon and defined an associated tacacs encryption key you need to define 347

Command purpose 347

Not e you must conf i gur e t he s ame key on t he tacacs ser ver f or encr ypt i on t o be successf ul 6 3 3 3 speci f y tacacs aut hent i cat i on 347

Tacacs key keystring set the encryption key to match that used on the tacacs server 347

Use the key string argument to specify an encryption key for encrypting and decrypting all traffic note specifying the encryption key with the tacacs server command overrides the default key set by the global configuration config tacacs server key command specifying the timeout value with the tacacs server command overrides the global timeout value set with the config tacacs server timeout command you can use this command to enhance security on your network by uniquely configuring individual tacacs connections 6 set tacacs encryption key to set the tacacs authentication key and encryption key use the following command in global configuration mode 347

Use the port integer argument to specify the tcp port number to be used when making connections to the tacacs server the default port number is 49 347

Use the single connection keyword to specify single connection this is more efficient because it allows the server to handle a higher number of tacacs operations the multi connection keword means multiple tcp connection 347

Use the timeout integer argument to specify the period of time in seconds the router will wait for a response from the server 347

Using the tacacs server command you can also configure the following options 347

Configure i psec 350

Command purpose 353

Determine whether or not to accept requests for ipsec security associations on behalf of the requested data flows when processing ike negotiation from the ipsec peer if you want certain traffic to receive one combination of ipsec protection for example authentication only and other traffic to receive a different combination of ipsec protection for example both authentication and encryption you need to create two different crypto access lists to define the two different types of traffic these different access lists are then used in different crypto map entries which specify different ipsec policies later you will associate the crypto access lists to particular interfaces when you configure and apply crypto map sets to the interfaces to create crypto access lists use the following command in global configuration mode 353

Ensuring that access lists are compatible with ipsec ike uses udp port 500 the ipsec esp and ah protocols use protocol numbers 50 and 51 ensure that your access lists are configured so that protocol 50 51 and udp port 500 traffic is not blocked at interfaces used by ipsec 6 creat crypto access lists crypto access lists are used to define which ip traffic will be protected by crypto and which traffic will not be protected by crypto these access lists are not the same as regular access lists which determine what traffic to forward or block at an interface crypto access lists associated with ipsec crypto map entries have four primary functions 353

Indicate the data flow to be protected by the new security associations specified by a single permit entry when initiating negotiations for ipsec security associations 353

Ip access list extended name 然后使用 permit 和 deny 命令设置访问规则 permit protocol source source mask destination destination mask 353

Process inbound traffic in order to filter out and discard traffic that should have been protected by ipsec 353

Select outbound traffic to be protected by ipsec permit protect 353

Specifies which ip packets will be encrypting protected 353

Crypto access list tips using the permit keyword causes all ip traffic that matches the specified conditions to be protected by crypto using the policy described by the corresponding crypto map entry using the deny keyword prevents traffic from being protected by crypto in the context of that particular crypto map entry in other words it does not allow the policy as specified in this crypto map entry to be applied to this traffic if this traffic is denied in all of the crypto map entries for that interface then the traffic is not protected by crypto the crypto access list you define will be applied to an interface after you define the corresponding crypto map entry and apply the crypto map set to the interface different access lists must be used in different entries of the same crypto map set these two tasks are described in following sections however both inbound and outbound traffic will be evaluated against the same outbound ipsec access list therefore the access list s criteria is 354

Using the any keyword in crypto access lists when you create crypto access lists using the any keyword could cause problems d link discourages the use of the any keyword to specify source or destination addresses the any keyword in a permit statement is discouraged when you have multicast traffic flowing through the ipsec interface the any keyword can cause multicast traffic to fail the permit any any statement is strongly discouraged as this will cause all outbound traffic to be protected and all protected traffic sent to the peer specified in the corresponding crypto map entry and will require protection for all inbound traffic 354

Crypto ipsec transform set 355

Define transform sets a transform set represents a certain combination of security protocols and algorithms during the ipsec security association negotiation the peers agree to use a particular transform set for protecting a particular data flow you can specify multiple transform sets and then specify one or more of these transform sets in a crypto map entry during ipsec security association negotiations with ike the peers search for a transform set that is the same at both peers when such a transform set is found it is selected and will be applied to the protected traffic as part of both peers ipsec security associations with manually established security associations there is no negotiation with the peer so both sides must specify the same transform set if you change a transform set definition the change is only applied to crypto map entries that reference the transform set the change will not be applied to existing security associations but will be used in subsequent negotiations to 355

Defines a transform set and perform this command into the crypto transform configuration mode 355

Exit exits the crypto transform configuration mode 355

Mode tunnel transport 355

Optional changes the mode associated with the transform set the mode setting is only applicable to traffic whose source and destination addresses are the ipsec peer addresses it is ignored for all other traffic all other traffic is in tunnel mode only 355

Step command purpose 355

Transform set name 355

Transform type transform1 355

Transform2transform3 configure transform type 355

Ah md5 hmac ah with the md5 esp des esp with the des esp md5 hmac esp with the md5 356

Ah transform esp encryption transform esp authentication transorm 356

Following table shows allowed transform combinations 356

Select transform for transform set allowed transform combinations 356

Transform description transform description transform description 356

Configure an ipsec access list this access list determines which traffic should be protected by ipsec and which traffic should not be protected by ipsec security in the context of this crypto map entry 361

Crypto map map name seq num 361

Ipsec isakmp 361

Match address access list name 361

Repeat these steps to create additional crypto map entries as required creat crypto map entries that used ike to create crypto map entries that will use ike to establish the security associations use the following commands starting in global configuration mode 361

Set peer ip address specifies the address of ipsec peer this is the address to which ipsec protected traffic should be forwarded 361

Set transform set transform set name1 configure transform sets no more than six crypto map 361

Specifies the crypto map entry to create or modify perform this command into the crypto map configuration mode 361

Step command purpose 361

Exit exits crypto map configuration mode and return to global configuration mode 362

Optional specifies a security association lifetime for the crypto map entry 362

Optional specifies that ipsec should ask for perfect forward secrecy when requesting new security associations for this crypto map entry or should demand pfs in requests received from the ipsec peer 362

Set pfs group1 group2 362

Set security association lifetime seconds seconds 或 set security association lifetime kilobytes kilobytes 362

Transform set name2 transform set name6 entries can be specified highest priority first 362

Apply the same crypto map set to more than one interface 6 ipsec configuration example the following example shows a minimal ipsec configuration where the security associations will be established via ike for more information about ike see the configure ike chapter define an ipsec access list config ip access list extended aaa config permit ip 130 30 255 55 131 31 255 55 define transform set crypto ipsec transform set one config transform type esp des esp sha hmac a crypto map specifies the ipsec access list and transform set and specifies where the protected traffic is sent the ipsec 365

Command purpose 365

Crypto map map name applies a crypto map set to an interface 365

Repeat these steps to create additional crypto map entries as required 6 apply crypto map sets to interfaces you need to apply a crypto map set to each interface through which ipsec traffic will flow applying the crypto map set to an interface instructs the router to evaluate all the interface s traffic against the crypto map set and to use the specified policy during connection or security association negotiation on behalf of traffic to be protected by crypto to apply a crypto map set to an interface use the following command in interface configuration mode 365

About ike 366

Configuring internet key exchange security protocol 366

Overview 366

Ike configuration steps 367

Additional configuration required for ike policies additional configuration required for ike policies pre shared keys authentication method if you specify pre shared keys as the authentication method in a policy you must configure these pre shared keys configure pre shared keys to specify the shared keys at ipsec each peer note that a given pre shared key is shared between two peers at each peer you could specify the same key to specify pre shared keys at a peer use the following commands in global configuration mode 372

Crypto isakmp key keystring peer address at the local peer specify the shared key to be used with a particular remote peer 372

Crypto isakmp key keystring peer address at the remote peer specify the shared key to be 372

If you do not specify a value for a parameter the default value is assigned not e the def aul t pol i cy and t he def aul t val ues f or conf i gured pol i ci es do not show up i n t he conf i gurat i on when you i ssue a show runni ng command i nst ead t o see t he def aul t pol i cy and any def aul t val ues wi t hi n conf i gur ed pol i ci es use t he show cr ypt o i sakmp pol i cy command 372

Step command purpose 372

Used with the local peer 372

Clear ike connection optional if you want you can clear existing ike connections to clear ike connections use the following commands in exec mode 373

Clear isakmp connection 373

Show crypto isakmp sa view existing isakmp sa 373

Step command purpose 373

After ike configuration is complete you can configure ipsec ipsec configuration is described in the configuring ipsec chapter 374

Command purpose 374

Debug crypto isakmp display debug messages about ike events 374

Ike configuration examples 374

Show crypto isakmp policy view the parameters for each configured ike policy 374

Show crypto isakmp sa view all current ike security associations 374

This example creates two ike policies with policy 10 as the highest priority policy 20 as the next priority and the existing default priority as the lowest priority it also creates a pre shared key to be used with the remote policies whose ip address is 192 68 374

Troubleshoot ike optional to assist in ike troubleshooting use the following commands in exec mode 374

What to do next 374

In the above example encryption des of policy 10 would not appear in the written configuration because this is the default value for the encryption algorithm parameter if the show crypto isakmp policy command is issued with this configuration the output would be as follows 375

Lifetime 86400 seconds 375

End to end qos models 376

Qos overvi ew 376

What is qos 376

Qos queueing algorithms 377

Configure qos 379

Default router config interface key word u undo d default q quit 00 fastethernet fastethernet interface 01 ethernet ethernet interface 02 serial serial interface 03 async asynchronous interface 04 null null interface 05 loopback loopback interface 06 tunnel tunnel interface 07 dialer dialer interface 379

Qos link efficiency mechanisms 379

Qos queueing configuration 379

Qos signalling 379

08 multilink multilink group interface 09 virtual template virtual template interface 10 virtual tunnel virtual tunnel interface please input the code of command to be excute 0 10 0 380

Default router config policy map key word u undo d default q quit 00 word policy map name please input the code of command to be excute 0 0 0 381

Key word u undo d default q quit 00 word policy map name please input the code of command to be excute 0 0 0 381

Please input a string name 381

Service policy 381

Will you excute it y n y 381

Class key word u undo d default q quit 00 word class map name please input the code of command to be excute 0 0 0 please input a string name 382

Kilo bits per second please input the code of command to be excute 0 0 0 please input a string 100 382

Will you excute it y n y 382

Random det ec 385

Displaying the information of the interface queue 395

Qos display 395

Displaying the customed queueing configuratio 396

Display the priority queueing configuratio 397

Display the class map configuration 398

Configure rtp header compression protocol 401

Specify the total bytes that must be sent for every queue 401

The need to save bandwidth 401

Command description 402

Enable crtp on a serial interface 402

Frames every time in g 29 call then the payload is 20 bytes adding 4 bytes ppp link layer encapsulation the payload ratio is only 31 5 percents using rtp header compression crtp and ignoring the udp check sum these headers can be compressed to 2 bytes adding 4 bytes ppp link layer encapsulation the payload ratio is 76 2 percents there is a very big gap between them note crtp should not be used on links greater than 2 mbps 402

Ip rtp header compression cisco format iphc format passive enable crtp 402

The optional parameter cisco format which specifies ipcp to adopt packets with d link format when crtp is applied to ppp links is a default value if you include the passive keyword which specifies ipcp to adopt packets with d link format when crtp is applied to ppp links the software compresses outgoing rtp packets only if incoming rtp packets on the same interface are compressed the key word iphc format specifies ipcp to adopt packets with rfc2509 format when crtp is applied to ppp links 402

To enable crtp header for serial encapsulations ppp use the following command in interface configuration mode you to enable crtp header for serial encapsulations ppp use the following command in interface configuration mode you must enable compression on both ends of a serial connection 402

Change the maximum number of crtp connections 404

Command description 404

Crtp will locally keep the structure storage connecting information for each specified transmitting address if the specified connecting number is not enough these structures can not provide correspondence for simultaneously running multi rtp conversations and affect the quality of compression 404

Ip rtp compression connections number specify the maxumun number of local crtp connections 404

4 di spl ay crtp compressi on i nf ormat i on 405

Command description 405

Show ip rtp header compression type number detail display crtp compression imformation 405

5 crtp debuggi ng 406

Command description 406

You must use the command in global configuraion mode 406

Debug config ip rtp header compression display the information of the received and transformed crtp packets information 407

1 ctcp conf i gurat i on st eps there are a f ew st eps t o conf i gure ctcp 408

2 about ctcp 408

Configure ctcp tcp i p header compressi on prot ocol 408

Command description 409

Crtp is applied to ppp links however if the opposite terminal ppp implementation support only ctcp of rfc1144 ipcp of rfc1144 can be used in the same but if you apply ctcp on fr and hdlc link cisco format will adopt ctcp of rfc1144 iphc format will adopt ctcp of rfc2507 and passive show our ctcp is determinded by ctcp message format that sent by opposite terminal 409

Enable ctcp on a serial line 409

Ip tcp header compression cisco format iphc format passive enable ctcp 409

The optional parameter the optional parameter cisco format is a default value which specifies ipcp to adopt packets with cisco format when the i phc f ormat crtp is applied to ppp links else the ipcp packet format is rfc1144 if you include the passive keyword the software compresses outgoing rtp packets only if incoming rtp packets on the same interface are compressed when the crtp is applied to ppp links ipcp will adopt the cisco format packet if crtp is i phc f ormat else the ipcp will adopt rfc1144 f ormat packet the key word iphc format specifies ipcp to adopt packets with rfc2509 format when 409

To enable ctcp header for serial encapsulations ppp use the following command in interface configuration mode you must enable compression on both ends of a serial connection 409

4 change the maxi mum number of ctcp connect i ons 411

Command description 411

Ctcp will locally keep the structure storage connecting information for each specified transmitting address if the ctcp will locally keep the structure storage connecting information for each specified transmitting address if the specified connecting number is not enough these structures can not provide correspondence for simultaneously running multi tcp conversations and affect the quality of compression 411

Ip tcp compression connections number specify the maximum number of ctcp connections supported on local interface 411

5 di spl ay ctcp compressi on i nf ormat i on 412

Command description 412

Show ip tcp header compression type number detail display ctcp information 412

You must use the command in interface configuration mode 413

6 ctcp debuggi ng 414

Command description 414

Debug ip tcp header compression display the information of the received and transformed ctcp packets information 414

About dialer 415

Configuring ddr 415

Ddr conf i gurat i on command l i st global configuration command interface dialer number 415

Dialer configuration tasks 415

Sof t ware conf i gurat i on of di al er 415

Configuring an interface to send and receive calling 416

Configuring the dialer method line dial 416

Dialer group number dialer rotary group number dialer string dialer string dialer load threshold enable_threshold disable_threshold dialer enable timeout seconds dialer idle timeout seconds dialer fast idle seconds dialer priority number dialer dtr 416

Enter physical interface configuration mode 416

Send call to an interface and accept call from the one in command to send call to an interface and accept call from the one you can perform the configuration tasks below with ppp encapsulation 416

Configuring ip address ip address ip address net mask 417

Configuring dialer map dialer map next hop address name hostname broadcast dialer string 418

Configuring dialer map dialer map next hop address name hostname broadcast dialer string 420

Configuring dialer with dialer interface 420

Configuring ip address ip address ip address net mask 420

Configuring ip address to the dialer rotary group 420

Configuring several dialer maps list 420

Configuring the dialer method line dial 420

Define dialer interface corresponding to the dialer the command is interface dialer number 420

Enter physical interface configuration mod 420

Send calls to several interfaces and accept calls from them in command to send calls to several interfaces and accept calls from them you can perform the configuration tasks below 420

Configuring dialer map dialer map next hop address name hostname broadcast dialer string 421

Attach the physical interface to dialer rotary group enter the physical interface dialer rotary group dialer interface parameter dialer interface is the dialer interface bound by the physical interface 423

The physical interface in the dialer rotary group will use the ip address of the dialer interface 423

Cust omi ze t he ddr net work 424

Set line idle time to specify the amount of time a line will stay idle before it is disconnected by ddr set the line idle time dialer idle timeout seconds 424

Set idle time for busy interfaces when an interface has set up a link another interface is need to set up a new link with it that s called competition if the line idle time exceeds the specified amount of time the current call is disconnected by ddr 425

Set dialer timeout to set the minimum length of time an interface stays down before it is available to dial again after a line is disconnected or fails set line down time dialer enable timeout seconds 426

Set wait time of carrying interface data set wait time of carrying interface data dialer wait for carrier time seconds 426

Access control to a ddr interface you can specify the packet filtering function of the ddr interface the user can divide the packet through the ddr interface into two kinds by access control valid packet valid packet is the packet has passed the access control when the ddr interface receives a valid packet ddr sends the packet out through the line and clears the idle timeout if the corresponding line is connected otherwise ddr sends call out invalid packet the packet hasn t passed the access control when the ddr interface receives an invalid packet ddr sends the packet out through the line and doesn t clear the idle timeout if the corresponding line is connected otherwise ddr discards the packet without sending call out 6 set the physical interface priority of dialer rotary group the using sequense of the interfaces is determined by the priority of itself the lowest 255 the highest the default value is 0 specify the priority of the physical interface in the dialer rotary group dialer p 427

Specify the threshold value of the dialer rotary group after the threshold value is specified ddr will monitor the flow of the interface when the flow exceeds the threshold and there is an usable interface in the dialer group the interface will be turned on to add the bandwidth of the dialer group when the flow under the threshold the redundant interfaces will be disconnected automatically if the physical interface is configured priority the interface turned on or disconnected is determined according to the priority the highest priority interface will be chosen when the interface is active and lowest priority interface will be chosen when the interface is inactive specify the threshold value of the dialer rotary group dialer load threshold enable threshold disable threshold 427

Create a dialer hold queue to the dialer interface the packets destined for ddr interface are discarded if no connection exists after creating hold queue the packets 428

Dialer dtr 428

Specify the dtr method as the dialer method you can directly activate the dialer when the dtr signal is valid in the dte specify the dtr as the dialer method 428

Display the ddr interface information show dialer interface type number 429

Monitoring and maintaining the dialer connection 429

Won t be discarded before the connection is created specify the dialer hold queue to the dialer interface dialer hold queue packet number 429

Configuring dialer rotary groups example 430

Dai l er conf i gurat i on exampl e 430

The example below defines the dialer interface and attaches the serial1 1 and serial1 2 to dialer interface 430

The example of dialing to multiple points 430

Script configuration example 431

I nt er f ace backup conf i gur at i on 433

I nt er f ace backup conf i gur at i on t ask l i st 433

L aunch backup f unct i on and sel ect t he backup i nt er f ace 433

R eal i z at i on i nf or mat i on 433

L aunch i nt er f ace backup dal ay 434

Pl ease i nput a i nt erf ace name f 0 0 434

Launch flow equilibrium backup when t he act ual f l ow of pri mary i nt erf ace exceeds t he percent t hreshol d t he backup i nt erf ace wi l l be act i vat ed ent eri ng worki ng st at us however when t he rat i o of t he pri mary and backup i nt erf ace act ual f l ow wi t h pri mary i nt erf ace bandwi dt h i s l ower t han set t i ng t hreshol d t he backup i nt erf ace wi l l be di sact i vat ed and ent er backup st at us 436

Pl ease i nput a i nt erf ace name f 0 0 436

Interface backup configuration example 438

Pl ease i nput a i nt erf ace name f 0 0 439

About voice 441

About voice application 441

Dial peers 441

Numbering scheme the st andard pstn i s basi cal l y a l arge ci rcui t swi t ched net work i t uses a speci f i c numberi ng scheme whi ch compl i es t o t he i tu t e 164 recommendat i ons i n d li nk s voi ce i mpl ement at i ons numberi ng schemes are conf i gured usi ng t he conf i g dest i nat i on pat t ern command for numberi ng d li nk provi des t he concret e suggest i on pl ease ref er t o t he descri pt i on of command conf i g dest i nat i on pat t ern 9 analog versus digital 442

Voice port 442

Voice primer 442

Codecs 443

Mean opinion score 443

End to end delay 444

Jitter 444

About qos 445

Qos signalling 445

About dsp sensi ng swi t ch si gnal l i ng t one 446

Configure 446

Out of band rsvp signalling is used to indicate that a particular qos service is desired for a particular traffic classification d linkip telephone equipment provides ip precedence and rsvp each voice packet will be marked corresponding identifier please see the correlative documents for complete information of qos signalling 446

Dial peer terminato 448

Configure the replace of voip dial peer 452

Configure voice port 452

Troubleshooting tips 452

Validation tips 452

E m port special configure 453

Fxo port special configure 453

通用配置 command 453

Pstn gateway access using fxo connection 455

Use ip connection to connect two fxo 456

Configuration in using e m connection 458

Bypass fax 459

Configure dialing replacer 459

T38 fax 459

Rtp fax 460

Configure voice gateway configure voice gatekeeper 461

Configure gatekeeper 462

Configure gateway 462

Examine ip address and gatekeeper of the gateway use the command show getekway to confirm the voice gateway on the devices have been properly configured use these debug commands debug voip event asn debug voip event ras debug voip event gw configure voice over ip gatekeeper 462

Examine tips 462

Example of voice gateway and gatekeeper configuration configure voice over ip gateway 462

Troubleshooting tips 462

Examine gatekeeper ip and information use command show gatekeeper to examine that the gatekeeper have been properly configured on these devices use debug command debug voip event asn debug voip event ras debug voip event gw example of voip gateway and gatekeeper configure 463

Examine tips 463

Troubleshooting tips 463

Directly dial the called number first dial access service number and then dial the called number 464

Conf i gur e access number 465

Conf i gur e di al f l ow as wel l as concer ned par amet er s 9 8 configure dial flow 465

Conf i gur e i vr car d phone 465

First dial access service number then input number password peer and finally input called number 465

Conf i gur e i vr di r ect aut hent i cat i on mode 467

Conf i gur e i vr one di al mode 467

Conf i gur e i vr r ecor d mode 467

Conf i gure t he pl ayi ng posi t i on of t he f i l e 468

Enabl e radi us aut hent i cat i on 469

Enabl e radi us cost i ng 469

Examine tips 469

Troubl eshoot i ng ti ps 469

Examples of ivr costing authentication 470

Before configuring dlsw you should first get some knowledge of dlsw which is helpful data link switching is a new protocol of channel or encapsulation it can encapsulate the frames from logical link control type1 or type2 of sna and netbios system and make it get across non sna network dlsw resolved the limitation that llc2 designed based on lan can t transmit in wan dlsw offers a series of solutions for the transition of sna networks to tcp ip 474

Command purpose 474

Configure dlsw 474

Configure dlsw task list 474

How to use dlsw configuration commands 474

I bm net wor ki ng conf i gur at i on 474

Networks dlsw is designed to replace the former various channel protocol that established by multiple network developers while developing the dlsw module the developers considered the ibm large computer and its proprietary sna network structure system that widely applied by bank system dlsw module will follow the international standard of dlsw and compatible with cisco router dlsw 474

This command is used to configure the dlsw local peer to appoint the local ip address the no argument is used to cancel the configuration 474

This command is used to configure the port list applying the list number in dlsw remote peer command can filter the dlsw message the no argument is used to cancel the configuration 474

This command is used to configure the remote peer to set up tcp passage a router can be configured with multiple remote peers the no argument is used to cancel the configuration 474

You can process dlsw debug with the offered configuration commands including dlsw local configuration dlsw remote configuration dlsw reachable and unreachable resource configuration static mac address configuration and the dlsw bridge group configuration this will function largely to your dlsw testing configure the following commands in global configuration state 474

By implement this command it ll display 475

By implement this command it ll display the information of dlsw buffer including the local buffer and remote buffer 475

Cancel the configuration 475

Command purpose 475

How to use the function of showing dlsw 475

The no argument is used to 475

The various information about remote dlsw 475

This command is used to configure the dlsw bridge group the no argument is used to cancel the configuration 475

Use commands below in management state and local configuration state 475

User can have more understanding about various status which happen during the dlsw capability exchange by displaying the information of dlsw capability 475

User will know the current status information of all the circuit by displaying dlsw virtue circuit 475

Configuring llc2 476

Llc2 conf i gurat i on task li st 476

Ret urn t o def aul t val ue 477

Cancel t he conf i gurat i on 479

Cancel t he conf i gurat i on 480

Cancel t he conf i gurat i on 481

L l c2 ack del ay t i me seconds 482

Ack frame sent by router can t be received during 800 ms the delay timer will be active and then ack will be sent out select the iic2 commands from the interface commands of the global configuration list all iic2 selection as fellow 484

Select the iic2 commands from the interface commands of the global configuration list all iic2 selection as fellow 484

You can configure the number of llc2 frames received before the ack in this example at the time 0 two information frames are received it doesn t reach the max number 3 so the ack frames are not sent if set the 484

After the router being set as sdlc station user can use the following commands in interface configuration mode to set the dlsw feature 485

Configure the router as sdlc primary or secondary station 485

Establishing an sdlc station for dlsw support 485

Input 10 item display 485

Pl ease i nput t he code of command t o be excut e 0 4 3 i nput 3 sel ect sdl c i t em st ep2 sel ect 28 i t em f rom l i st i ng di spl ay 485

Sdlc configuration task list 485

Sdlc defines two types of network nodes primary and secondary primary nodes poll secondary nodes in a predetermined order secondaries then send if they have outgoing data when configured as primary and secondary nodes our devices are established as sdlc stations 485

Set the encapsulation of the serial interface as sdlc 485

Set the interface role 485

Set the mac address of the serial interface 485

Specify the destination address to set up a inter connection between sdlc and llc 485

Step 1 step 1 enter the configuration ports select 11 item display 485

The sdlc tasks described in this section configure the router as an sdlc station this is in contrast to a router configured for sdlc transport where the device is not an sdlc station but passes sdlc frames between two sdlc stations across a mixed media multiprotocol environment the first task is required you accomplish it with the appropriate set of commands for your network needs the remaining tasks are optional you can perform them as necessary to enhance sdlc performance 485

Enable the primary station to send data to and receive data from the polled secondary station 486

Sdlc two way simultaneous mode allows a primary sdlc link station to achieve more efficient use of a full duplex serial line with two way simultaneous mode the primary link station can send data to one secondary link station while there is a poll outstanding two way simultaneous mode works on the sdlc primary side only on a secondary link station it responds to a poll from the primary station sdlc two way simultaneous mode operates in either a multidrop link environment or point to point link environment in a multidrop link environment a two way simultaneous primary station is able to poll a secondary station and receive data from the station and send data i frames to other secondary stations in a point to point link environment a two way simultaneous primary station can send data i frames to the secondary station although there is a poll outstanding as long as the window limit is not reached to configure two way simultaneous mode use either of the following commands in interface confi 486

Set the sdlc as two way simultaneous mode 486

The default sdlc role is primary when you want to configure a sdlc multipoint link the type of physical units which don t has the xid in the sdlc command is pu 21 which is also a default value refer to the chapter dlsw configuration for more dlsw configuration commands 486

Configure sdlc timer and retry counts 487

Configure the amount of sdlc frames and information frames 487

Control the amount of time the software waits for a reply 487

Prohibit the primary stations from sending data to the polled secondary station 487

Set the number of times the software will retry an operation that has timed out 487

When an sdlc station sends a frame it waits for an acknowledgment from the receiver indicating that this frame has been received you can modify the time the router allows for an acknowledgment before resending the frame you can also determine the number of times that a software resends a frame before terminating the sdlc session by controlling these values you can reduce network overhead while continuing to check transmission of frames to set the sdlc timer and retry counts use one or both of the following commands in interface configuration mode 487

You can set the maximum size of an incoming frame and set the maximum number of information frames or window size the router will receive before sending an acknowledgment to the sender by using higher values you can reduce network overhead to set the amount of sdlc frame and information frame use any of the following commands in interface configuration mode 487

Control the buffer size 488

Select 28 item from listing display 488

Set how many times a primary station will poll a secondary station 488

Set the local window size of the router 488

Set the maximum number of packets held in queue before transmitting 488

Set the maximum size of an incoming frame 488

You can control the buffer size on the router the buffer holds data that is pending transmission to a remote sdlc station this command is particularly useful in the case of the sdllc media translator which allows an llc2 speaking sna station on a token ring to communicate with an sdlc speaking sna station on a serial link the frame sizes and window sizes on token rings are often much larger than those acceptable for serial links and serial links are often slower than token rings to control backlogs that can occur during periods of high data transfer from the token ring to the serial line use the following command in interface configuration mode on a per address basis 488

By default sdlc interfaces operate in full duplex mode to configure an sdlc interface for half duplex mode use the following command in interface configuration mode 489

Configure an sdlc interface for half duplex mode 489

Control polling of secondary stations 489

Half duplex mode 489

Sdlc poll limit value count set how many times a primary station will poll a secondary station 489

Sdlc poll pause timer milliseconds set the length of time the router pauses between sending each poll frame to secondary stations on a single serial interface 489

Select 28 item from listing display 489

To retrieve default polling values for these operations use the def forms of these commands 489

You can control the intervals at which the router polls secondary stations the length of time a primary station can send data to a secondary station and how often the software polls one secondary station before moving on to the next station keep the following points in mind when using these commands secondary stations cannot transmit data until they are polled by a primary station increasing the poll pause timer increases the response time of the secondary stations decreasing the timer can flood the serial link with unneeded polls requiring secondary stations to spend wasted cpu time processing them increasing the value of the poll limit allows for smoother transactions between a primary station and a single secondary station but can delay polling of other secondary stations to control polling of secondary stations use one or more of the following commands in interface configuration mode 489

Select 28 item from listing display 490

Select 28 item from listing display select 28 item from listing display 490

Set the largest i frame size that can be sent or received by the designated sdlc station 490

Set the largest sdlc information frame size generally the router and the sdlc device with which it communicates should support the same maximum sdlc i frame size the larger this value the more efficient the line usage thus increasing performance after the sdlc device has been configured to send the largest possible i frame you must configure the router to support the same maximum i frame size the default is 265 bytes the maximum value the software can support must be less than the value of the llc2 largest frame value defined when setting the largest llc2 i frame size to set the largest sdlc i frame size use the following command in interface configuration mode 490

Specify the xid value the exchange of identification xid value you define on the router must match that of the idblk and idnum system generation parameters defined in vtam on the token ring host to which the sdlc device will be communicating note configuring the xid value will affect the attribute of the interface if the xid value is configured it means that the device connected with the interface is pu 2 the configuration of xid value must be performed after the interface has been shundown to specify the xid value use the following command in interface configuration mode 490

Specify the xid value to be associated with the sdlc station 490

Configuration examples the following sections provide sdlc configuration examples sdlc two way simultaneous mode configuration example sdlc configuration for dlsw example half duplex configuration example sdlc configuration example 1 1 sdlc configuration example 1 2 sdlc two way simultaneous mode configuration example the following configuration defines serial interface 0 as the primary sdlc station with two sdlc secondary stations c1 and c2 attached to it through a modem sharing device two way simultaneous mode is enabled config interface serial 0 config encap sdlc primary config sdlc address c1 config sdlc address c2 sdlc simultaneous full datamode the network for this configuration is shown in figure 126 figure 126 two sdlc secondary stations attached to a single serial interface through a modem sharing device 491

Display sdlc station configuration information 491

Input show command display 491

Monitor sdlc stations to monitor the configuration of sdlc stations to determine which sdlc parameters need adjustment use the following command in exec mode 491

Accept dialin set vpdn group as lns di al mode 494

Command function 494

Create vpdn group 494

Key word key word q quit 00 accept_dialin vpdn accept dialin group configuration 01 chinese help message in chinese 02 chmem change memory of system 03 connect open a outgoing connection 04 default restore default configuration 05 disconnect discoonect an existing outgoing network connect ion 06 domain initiate a tunnel based on domain name 07 english help message in english 08 exit exit quit 09 force local chap force a chap challenge to be instigated locally 10 help description of the interactive help system 494

Set vpdn group as lns dial mode 494

Vpdn configuration task list 494

Vpdn group group_number create vpdn group 494

Vpdn module encapsulation 494

Pr ot ocol bi ndi ng 495

Set vpdn gr oup as lac di al mode 495

Set vpdn group as lac di al mode 495

Set lac domain name 496

Set remote lns connected with lac ip address 496

Will you excute it y n y key word u undo d default q quit 00 l2tp use l2tp protocol please input the code of command to be excute 0 0 0 select l2tp protocol please input a string l2tp will you excute it y n y 496

Set remote lac tunnel name connected with lns 497

Set vpdn group l ocal t unnel name 497

Set vpdn group local tunnel name 497

Lcp renegotiate lns and client 498

Reconfirm lns and client 498

Clone configured source interface on lns workgroup 499

Set vpdn group source ip address 499

Tunnel authentication 499

Set tunnel password 500

Set time interval of sending hello diagram 501

Set tunnel accepting window size 501

Display vpdn group 502

Set l2tp property hidden 502

Display l2tp event information 503

Display l2tp packet information 504

Display the mistake during l2tp transferring 504

Configuration example 505

D-Link DI-3660 [334/506] Tacacs

Содержание

Похожие устройства