Cabletron Systems 9032578-02 - Manuals

SmartSwitch Router User Reference Manual 7 Contents Preface ..................................................................................................... 15 About This Manual .............................................................................................................. ..15Wh...

SmartSwitch Router User Reference Manual 13 Contents Configure ACL ..............................................................................................................176 Defining an IP ACL ...............................................................................................176De...

SmartSwitch Router User Reference Manual 15 Preface About This Manual This manual provides detailed information and procedures for configuring the SmartSwitch Router SSR software. If you have not yet installed the SSR, use the instructions in the SmartSwitch Router Getting Started Guide to install t...

Preface 16 SmartSwitch Router User Reference Manual How to Use This Manual Related Documentation The Cabletron Systems documentation set includes the following items. Refer to these other documents to learn more about your product. If You Want To See Read overview information Chapter 1 on page 17 Co...

SmartSwitch Router User Reference Manual 17 Chapter 1 SmartSwitch Router Product Overview The SmartSwitch Router (SSR) provides non-blocking, wire-speed Layer-2 (switching), Layer-3 (routing) and Layer-4 (application) switching. The hardware provides wire-speed performance regardless of the performa...

SmartSwitch Router User Reference Manual 19 Chapter 1: SmartSwitch Router Product Overview Supported Media (Encapsulation Type) The SSR supports the following industry-standard networking media: • IP: IEEE 802.3 SNAP and Ethernet Type II • IPX: IEEE 802.3 SNAP, Ethernet Type II, IPX 802.3, 802.2 • 8...

Chapter 1: SmartSwitch Router Product Overview 20 SmartSwitch Router User Reference Manual – Service Advertising Protocol (SAP) Chapter 9: “IPX Routing Configuration Guide” on page 151 describes these protocols in detail. Configuring the Cabletron SmartSwitch Router The SSR provides a command line i...

SmartSwitch Router User Reference Manual 21 Chapter 1: SmartSwitch Router Product Overview Access Modes The SSR CLI has four access modes. • User – Allows you to display basic information and use basic utilities such as ping but does not allow you to display SNMP, filter and access control list info...

Chapter 1: SmartSwitch Router Product Overview 22 SmartSwitch Router User Reference Manual User Mode After you log in to the SSR, you are automatically in User mode. The User commands available are a subset of those available in Enable mode. In general, the User commands allow you to display basic i...

Chapter 1: SmartSwitch Router Product Overview 24 SmartSwitch Router User Reference Manual To exit Enable mode and return to User mode, use one of the following commands: Configure Mode Configure mode provides the capabilities to configure all features and functions on the SSR. You can configure fea...

SmartSwitch Router User Reference Manual 25 Chapter 1: SmartSwitch Router Product Overview To exit Configure mode and return to Enable mode, use one of the following commands: Boot PROM Mode If your SSR does not find a valid system image on the external PCMCIA flash, the system might enter programma...

Chapter 1: SmartSwitch Router Product Overview 26 SmartSwitch Router User Reference Manual SSR boots, the boot image is executed first, followed by the system image and finishing with a configuration file. Boot and System Image Only one boot image exists on the internal flash of the SSR Control Modu...

SmartSwitch Router User Reference Manual 27 Chapter 1: SmartSwitch Router Product Overview Note: In this example, the location “pc-flash” indicates that the SSR is set to use the factory-installed software on the flash card. 2. Copy the software upgrade you want to install onto a TFTP server that th...

Chapter 1: SmartSwitch Router Product Overview 28 SmartSwitch Router User Reference Manual Here is an example: In this example, the location “pc-flash” indicates that the SSR is set to use the factory-installed software on the flash card. 2. Copy the software upgrade you want to install onto a TFTP ...

SmartSwitch Router User Reference Manual 29 Chapter 1: SmartSwitch Router Product Overview 4. The CLI displays the following message: 5. Enter yes or y to activate the changes. Note: If you exit Configure mode (by entering the exit command or pressing Ctrl+Z), the CLI will ask you whether you want t...

Chapter 1: SmartSwitch Router Product Overview 30 SmartSwitch Router User Reference Manual Set SSR Name The SSR name is set to ssr by default. You may customize the name for the SSR by entering the following command in Configure mode:. Set SSR Date and Time The SSR system time can keep track of time...

SmartSwitch Router User Reference Manual 31 Chapter 1: SmartSwitch Router Product Overview Configure SNMP Services The SSR accepts SNMP sets and gets from an SNMP manager. You can configure SSR SNMP parameters including community strings and trap server target addresses. To configure the SSR SNMP co...

SmartSwitch Router User Reference Manual 33 Chapter 2 Bridging Configuration Guide Bridging Overview The SmartSwitch Router provides the following bridging functions: • Complies with the IEEE 802.1d standard • Complies with the IGMP multicast bridging standard • Provides wire-speed address-based bri...

Chapter 2: Bridging Configuration Guide 34 SmartSwitch Router User Reference Manual Note: WAN interfaces on the SSR do not currently support Spanning Tree operations. However, future implementations of WAN for the SSR family of routers will support Spanning Tree. Bridging Modes (Flow-Based and Addre...

Chapter 2: Bridging Configuration Guide 36 SmartSwitch Router User Reference Manual Multicast-based VLANs Multicast-based VLANs are created dynamically for multicast groups. Typically, each multicast group corresponds to a different VLAN. This ensures that multicast frames are received only by those...

Chapter 2: Bridging Configuration Guide 38 SmartSwitch Router User Reference Manual For example, if port 1 belongs to VLAN IPX_VLAN for IPX, VLAN IP_VLAN for IP and VLAN OTHER_VLAN for any other protocol, then an IP frame received by port 1 is classified as belonging to VLAN IP_VLAN . Trunk ports (8...

SmartSwitch Router User Reference Manual 39 Chapter 2: Bridging Configuration Guide The corresponding bridge tables for address-based and flow-based bridging are shown below. As shown, the bridge table contains more information on the traffic patterns when flow-based bridging enabled compared to add...

Chapter 2: Bridging Configuration Guide 40 SmartSwitch Router User Reference Manual Note: If you are running spanning tree on one or more VLANs, you must enable spanning tree on all ports belonging to each VLAN. Adjust Spanning-Tree Parameters You may need to adjust certain spanning-tree parameters ...

Chapter 2: Bridging Configuration Guide 42 SmartSwitch Router User Reference Manual Define the Maximum Age If a bridge does not hear BPDUs from the root bridge within a specified interval, it assumes that the network has changed and recomputes the spanning-tree topology. To change the default interv...

SmartSwitch Router User Reference Manual 43 Chapter 2: Bridging Configuration Guide Configure Bridging for Non-IP/IPX Protocols By default, all non-routable protocols (AppleTalk and DECnet) are bridged within the SSR. All physical ports containing non-routable protocols should be assigned to the sam...

Chapter 2: Bridging Configuration Guide 44 SmartSwitch Router User Reference Manual Configuration Examples Creating an IP or IPX VLAN VLANs are used to associate physical ports on the SSR with connected hosts that may be physically separated but need to participate in the same broadcast domain. To a...

SmartSwitch Router User Reference Manual 45 Chapter 3 IP Routing Configuration Guide This chapter describes how to configure IP interfaces and general non-protocol-specific routing parameters. IP Routing Overview Internet Protocol (IP) is a packet-based protocol used to exchange data over computer n...

Chapter 3: IP Routing Configuration Guide 46 SmartSwitch Router User Reference Manual The SSR supports standards based TCP, UDP, and IP. IP Routing Protocols The SSR supports standards based unicast and multicast routing. Unicast routing protocol support include Interior Gateway Protocols and Exteri...

SmartSwitch Router User Reference Manual 47 Chapter 3: IP Routing Configuration Guide Configuring IP Interfaces and Parameters This section provides an overview of configuring various IP parameters and setting up IP interfaces. Configure IP Addresses to Ports You can configure one IP interface direc...

Chapter 3: IP Routing Configuration Guide 48 SmartSwitch Router User Reference Manual • 802.3 SNAP: SNAP IEEE 802.3 encapsulation, in which the type code becomes the frame length for the IEEE 802.2 LLC encapsulation (destination and source Service Access Points, and a control byte) To configure IP e...

SmartSwitch Router User Reference Manual 49 Chapter 3: IP Routing Configuration Guide Configure DNS Parameters The SSR can be configured to specify DNS servers which supply name services for DNS requests. You can specify up to three DNS servers. To configure DNS servers, enter the following command ...

Chapter 3: IP Routing Configuration Guide 50 SmartSwitch Router User Reference Manual • NetBIOS Datagram Server (port 138) • TACACS Server (port 49) • Time Service (port 37) To configure a destination to which UDP packets will be forwarded, enter the following command in Configure mode: Configure Di...

SmartSwitch Router User Reference Manual 51 Chapter 3: IP Routing Configuration Guide Configuration Examples Assigning IP/IPX Interfaces To enable routing on the SSR, you must assign an IP or IPX interface to a VLAN. To assign an IP or IPX interface named ‘RED’ to the ‘BLUE’ VLAN, enter the followin...

SmartSwitch Router User Reference Manual 53 Chapter 4 RIP Configuration Guide RIP Overview This chapter describes how to configure Routing Information Protocol (RIP) in the SmartSwitch Router. RIP is a distance-vector routing protocol for use in small networks. RIP is described in RFC 1723. A router...

Chapter 4: RIP Configuration Guide 54 SmartSwitch Router User Reference Manual Enabling and Disabling RIP To enable or disable RIP, enter one of the following commands in Configure mode. Configuring RIP Interfaces To configure RIP in the SSR, you must first add interfaces to inform RIP about attache...

SmartSwitch Router User Reference Manual 55 Chapter 4: RIP Configuration Guide To change RIP parameters, enter the following commands in Configure mode. Configure RIP Route Preference You can set the preference of routes learned from RIP. To configure RIP route preference, enter the following comman...

Chapter 4: RIP Configuration Guide 56 SmartSwitch Router User Reference Manual Configure RIP Route Default-Metric You can define the metric used when advertising routes via RIP that were learned from other protocols. The default value for this parameter is 16 (unreachable). To export routes from oth...

SmartSwitch Router User Reference Manual 57 Chapter 4: RIP Configuration Guide Configuration Example Show detailed information of response packets sent by the router. rip trace response send Show detailed information of request packets sent by the router. rip trace send request Show RIP timer inform...

SmartSwitch Router User Reference Manual 59 Chapter 5 OSPF Configuration Guide OSPF Overview Open Shortest Path First (OSPF) is a link-state routing protocol that supports IP subnetting and authentication. The SSR supports OSPF Version 2.0 as defined in RFC 1583. Each link-state message contains all...

Chapter 5: OSPF Configuration Guide 60 SmartSwitch Router User Reference Manual OSPF Multipath The SSR also supports OSPF and static Multi-path. If multiple equal-cost OSPF or static routes have been defined for any destination, then the SSR “discovers” and uses all of them. The SSR will automatical...

SmartSwitch Router User Reference Manual 61 Chapter 5: OSPF Configuration Guide Configure OSPF Interface Parameters You can configure the OSPF interface parameters shown in the table below. To configure OSPF interface parameters, enter one of the following commands in Configure mode: Table 3. OSPF I...

Chapter 5: OSPF Configuration Guide 62 SmartSwitch Router User Reference Manual Configure an OSPF Area OSPF areas are a collection of subnets that are grouped in a logical fashion. These areas communicate with other areas via the backbone area. Once OSPF areas are created, you can add interfaces, st...

SmartSwitch Router User Reference Manual 63 Chapter 5: OSPF Configuration Guide Configure OSPF Area Parameters The SSR allows configuration of various OSPF area parameters, including stub areas, stub cost and authentication method. Stub areas are areas into which information on external routes is no...

Chapter 5: OSPF Configuration Guide 64 SmartSwitch Router User Reference Manual To configure virtual links, enter the following commands in the Configure mode. Configure Autonomous System External (ASE) Link Advertisements These parameters specify the defaults used when importing OSPF AS External (A...

SmartSwitch Router User Reference Manual 65 Chapter 5: OSPF Configuration Guide Monitoring OSPF The SSR provides display of OSPF statistics and configurations contained in the routing table. Information displayed provides routing and performance information. To display OSPF information, enter the fo...

Chapter 5: OSPF Configuration Guide 66 SmartSwitch Router User Reference Manual OSPF Configuration Examples For all examples in this section, refer to the configuration shown in Figure 1 on page 70 . The following configuration commands for router R1: • Determine the IP address for each interface • ...

SmartSwitch Router User Reference Manual 71 Chapter 6 BGP Configuration Guide BGP Overview The Border Gateway Protocol (BGP) is an exterior gateway protocol that allows IP routers to exchange network reachability information. BGP became an internet standard in 1989 (RFC 1105) and the current version...

Chapter 6: BGP Configuration Guide 72 SmartSwitch Router User Reference Manual The SSR BGP Implementation The SSR routing protocol implementation is based on GateD 4.0.3 code ( http://www.gated.org ). GateD is a modular software program consisting of core services, a routing database, and protocol m...

SmartSwitch Router User Reference Manual 73 Chapter 6: BGP Configuration Guide Setting the Autonomous System Number An autonomous system number identifies your autonomous system to other routers. To set the SSR’s autonomous system number, enter the following command in Configure mode. The a utonomou...

SmartSwitch Router User Reference Manual 75 Chapter 6: BGP Configuration Guide Adding a BGP Peer There are two ways to add BGP peers to peer groups. You can explicitly add a peer host, or you can add a network. Adding a network allows for peer connections from any addresses in the range of network a...

SmartSwitch Router User Reference Manual 77 Chapter 6: BGP Configuration Guide To import all routes (.* matches all AS paths) with the default preference: To export all active routes from 284 or 813 or 814 or 815 or 816 or 3369 or 3561 to autonomous system 64800. Using the AS Path Prepend Feature Wh...

Chapter 6: BGP Configuration Guide 78 SmartSwitch Router User Reference Manual Notes on Using the AS Path Prepend Feature • Use the as-count option for external peer-hosts only. • If the as-count option is entered for an active BGP session, routes will not be resent to reflect the new setting. To ha...

SmartSwitch Router User Reference Manual 81 Chapter 6: BGP Configuration Guide The gated.conf file for router SSR2 is as follows: IBGP Configuration Example Connections between BGP speakers within the same AS are referred to as internal links. A peer in the same AS is an internal peer. Internal BGP ...

SmartSwitch Router User Reference Manual 87 Chapter 6: BGP Configuration Guide The configuration for router C1 (a Cisco router) is as follows: The configuration for router C2 (a Cisco router) is as follows: EBGP Multihop Configuration Example EBGP Multihop refers to a configuration where external BG...

Chapter 6: BGP Configuration Guide 90 SmartSwitch Router User Reference Manual The gated.conf file for router SSR3 is as follows: The CLI configuration for router SSR4 is as follows: The gated.conf file for router SSR4 is as follows: Community Attribute Example The following configuration illustrate...

SmartSwitch Router User Reference Manual 97 Chapter 6: BGP Configuration Guide Notes on Using Communities When originating BGP communities, the set of communities that is actually sent is the union of the communities received with the route (if any), those specified in group policy (if any), and tho...

SmartSwitch Router User Reference Manual 99 Chapter 6: BGP Configuration Guide In router SSR12’s CLI configuration file, the import preference is set to 160: Using the formula for local preference [Local_Pref = 254 - (global protocol preference for this route) + metric], the Local_Pref value put out...

SmartSwitch Router User Reference Manual 101 Chapter 6: BGP Configuration Guide EBGP Aggregation Example Figure 9 shows a simple EBGP configuration in which one peer is exporting an aggregated route to its upstream peer and restricting the advertisement of contributing routes to the same peer. The a...

Chapter 6: BGP Configuration Guide 102 SmartSwitch Router User Reference Manual Router SSR9 has the following CLI configuration: Route Reflection Example In some ISP networks, the internal BGP mesh becomes quite large and the IBGP full mesh does not scale well. For such situations, route reflection ...

SmartSwitch Router User Reference Manual 107 Chapter 7 Routing Policy Configuration Guide Route Import and Export Policy Overview The SSR family of routers supports extremely flexible routing policies. The SSR allows the network administrator to control import and export of routing information based...

Chapter 7: Routing Policy Configuration Guide 108 SmartSwitch Router User Reference Manual Preference Preference is the value the SSR routing process uses to order preference of routes from one protocol or peer over another. Preference can be set using several different configuration commands. Prefe...

SmartSwitch Router User Reference Manual 109 Chapter 7: Routing Policy Configuration Guide Import Policies Import policies control the importation of routes from routing protocols and their installation in the routing databases (Routing Information Base and Forwarding Information Base). Import Polic...

Chapter 7: Routing Policy Configuration Guide 110 SmartSwitch Router User Reference Manual It is only possible to restrict the importation of OSPF ASE routes when functioning as an AS border router. Like the other interior protocols, preference cannot be used to choose between OSPF ASE routes. That ...

SmartSwitch Router User Reference Manual 111 Chapter 7: Routing Policy Configuration Guide The routes to be exported can be identified by their associated attributes: • Their protocol type (RIP, OSPF, BGP, Static, Direct, Aggregate). • Interface or the gateway from which the route was received. • Au...

Chapter 7: Routing Policy Configuration Guide 112 SmartSwitch Router User Reference Manual A route will match the most specific filter that applies. Specifying more than one filter with the same destination, mask and modifiers generates an error. There are three possible formats for a route filter. ...

Chapter 7: Routing Policy Configuration Guide 114 SmartSwitch Router User Reference Manual Route-Filter This component specifies the individual routes that are to be aggregated or summarized. The preference to be associated with these routes can also be explicitly specified using this component. The...

SmartSwitch Router User Reference Manual 115 Chapter 7: Routing Policy Configuration Guide Many protocols allow the specification of two authentication keys per interface. Packets are always sent using the primary keys, but received packets are checked with both the primary and secondary keys before...

Chapter 7: Routing Policy Configuration Guide 116 SmartSwitch Router User Reference Manual The from-proto parameter specifies the protocol of the source routes. The values for the from-proto parameter are rip, ospf, bgp, direct, static, aggregate and ospf-ase. The to-proto parameter specifies the de...

SmartSwitch Router User Reference Manual 117 Chapter 7: Routing Policy Configuration Guide Redistributing RIP into RIP The SSR routing process requires RIP redistribution into RIP if a protocol is redistributed into RIP. To redistribute RIP into RIP, enter the following command in Configure mode: Re...

Chapter 7: Routing Policy Configuration Guide 118 SmartSwitch Router User Reference Manual To redistribute aggregate routes, enter one of the following commands in Configure mode: Simple Route Redistribution Examples Example 1: Redistribution into RIP For all examples given in this section, refer to...

SmartSwitch Router User Reference Manual 121 Chapter 7: Routing Policy Configuration Guide In the configuration shown in Figure 12 on page 131, suppose if we decide to run RIP Version 2 on network 120.190.0.0/16, connecting routers R1 and R2. Router R1 would like to export all RIP, interface, and st...

SmartSwitch Router User Reference Manual 123 Chapter 7: Routing Policy Configuration Guide Creating an Export Destination To create an export destination, enter one the following commands in Configure mode: Creating an Export Source To create an export source, enter one of the following commands in ...

Chapter 7: Routing Policy Configuration Guide 124 SmartSwitch Router User Reference Manual To create route import policies, enter the following command in Configure mode: The <imp-src-id> is the identifier of the import-source that determines the source of the imported routes. If no routes fro...

Chapter 7: Routing Policy Configuration Guide 126 SmartSwitch Router User Reference Manual Creating an Aggregate Destination To create an aggregate destination, enter the following command in Configure mode: Creating an Aggregate Source To create an aggregate source, enter the following command in C...

SmartSwitch Router User Reference Manual 127 Chapter 7: Routing Policy Configuration Guide The following configuration commands for router R1 • Determine the IP address for each interface. • Specify the static routes configured on the router. • Determine its RIP configuration. F igure 11. Expor ti n...

SmartSwitch Router User Reference Manual 133 Chapter 7: Routing Policy Configuration Guide Examples of Export Policies Example 1: Exporting to RIP Exporting to RIP is controlled by any of protocol, interface or gateway. If more than one is specified, they are processed from most general (protocol) t...

SmartSwitch Router User Reference Manual 143 Chapter 8 Multicast Routing Configuration Guide IP Multicast Overview Multicast routing on the SSR is supported through DVMRP and IGMP. IGMP is used to determine host membership on directly attached subnets. DVMRP is used to determine forwarding of multic...

Chapter 8: Multicast Routing Configuration Guide 144 SmartSwitch Router User Reference Manual The SSR allows per-interface control of the host query interval and response time. Query interval defines the time between IGMP queries. Response time defines the time the SSR will wait for host responses t...

SmartSwitch Router User Reference Manual 145 Chapter 8: Multicast Routing Configuration Guide Configure IGMP You configure IGMP on the SSR by performing the following configuration tasks. • Creating IP interfaces • Setting global parameters that will be used for all the interfaces on which DVMRP is ...

Chapter 8: Multicast Routing Configuration Guide 146 SmartSwitch Router User Reference Manual To configure the host response wait time, enter the following command in Configure mode: Configure Per-Interface Control of IGMP Membership You can configure the SSR to control IGMP membership on a per-inte...

SmartSwitch Router User Reference Manual 147 Chapter 8: Multicast Routing Configuration Guide To start or stop DVMRP, enter one of the following commands in Configure mode: Configure DVMRP on an Interface DVMRP can be controlled/configured on per-interface basis. An interface does not have to run bo...

Chapter 8: Multicast Routing Configuration Guide 148 SmartSwitch Router User Reference Manual Configure DVMRP TTL & Scope For control over internet traffic, per-interface control is allowed through Scopes and TTL thresholds. The TTL value controls whether packets are forwarded from an interface....

SmartSwitch Router User Reference Manual 151 Chapter 9 IPX Routing Configuration Guide IPX Routing Overview The Internetwork Packet Exchange (IPX) is a datagram connectionless protocol for the Novell NetWare environment. You can configure the SSR for IPX routing and SAP. Routers interconnect differe...

SmartSwitch Router User Reference Manual 153 Chapter 9: IPX Routing Configuration Guide Configuring IPX RIP & SAP This section provides an overview of configuring various IPX parameters and setting up IPX interfaces. IPX RIP On the SSR, RIP automatically runs on all IPX interfaces. The SSR will ...

Chapter 9: IPX Routing Configuration Guide 154 SmartSwitch Router User Reference Manual Configuring IPX Interfaces and Parameters This section provides an overview of configuring various IPX parameters and setting up IPX interfaces. Configure IPX Addresses to Ports You can configure one IPX interfac...

SmartSwitch Router User Reference Manual 155 Chapter 9: IPX Routing Configuration Guide • 802.2: 802.2 encapsulation method used within Novell IPX environments Configure IPX Routing By default, IPX routing is enabled on the SSR. Enable IPX RIP IPX RIP is enabled by default on the SSR. You must first...

Chapter 9: IPX Routing Configuration Guide 156 SmartSwitch Router User Reference Manual Configure Static SAP Table Entries Servers in an IPX network use SAP to advertise services via broadcast packets. Services from servers are stored in the Server Information Table. If you want to have a service ex...

Chapter 9: IPX Routing Configuration Guide 158 SmartSwitch Router User Reference Manual Create an IPX RIP Access Control List IPX RIP access control lists control which RIP updates are allowed. To create an IPX RIP access control list, perform the following task in the Configure mode: Once an IPX RI...

SmartSwitch Router User Reference Manual 161 Chapter 10 Security Configuration Guide Security Overview The SSR provides security features that help control access to the SSR and filter traffic going through the SSR. Access to the SSR can be controlled by: • Enabling RADIUS • Enabling TACACS • Enabli...

Chapter 10: Security Configuration Guide 162 SmartSwitch Router User Reference Manual Configuring SSR Access Security Configure RADIUS You can secure login or Enable mode access to the SSR by enabling a Remote Authentication Dial-In Service (RADIUS) client. A RADIUS server responds to the SSR RADIUS...

SmartSwitch Router User Reference Manual 163 Chapter 10: Security Configuration Guide To configure TACACS security, enter the following commands in the Configure mode: Monitor TACACS You can monitor TACACS configuration and statistics within the SSR. To monitor TACACS, enter the following commands i...

Chapter 10: Security Configuration Guide 164 SmartSwitch Router User Reference Manual To monitor TACACS Plus, enter the following commands in Enable mode: Configure Passwords The SSR provides password authentication for accessing the User and Enable modes. If TACACS is not enabled on the SSR, only l...

SmartSwitch Router User Reference Manual 165 Chapter 10: Security Configuration Guide Configuring Layer-2 Address Filters If you want to control access to a source or destination on a per-MAC address basis, you can configure an address filter. Address filters are always configured and applied to the...

Chapter 10: Security Configuration Guide 166 SmartSwitch Router User Reference Manual Configuring Layer-2 Static Entry Filters Static entry filters allow or force traffic to go to a set of destination ports based on a frame's source MAC address, destination MAC address, or both source and destinatio...

SmartSwitch Router User Reference Manual 167 Chapter 10: Security Configuration Guide • Combine a destination secure port filter with a flow static entry to drop all received traffic but allow any frame coming from specific source MAC address that is destined to specific destination MAC address to g...

Chapter 10: Security Configuration Guide 168 SmartSwitch Router User Reference Manual Layer-2 Filter Examples Figure 13. Source Filter Example Example 1: Address Filters Source filter: The consultant is not allowed to access any file servers. The consultant is only allowed to interact with the engin...

Chapter 10: Security Configuration Guide 170 SmartSwitch Router User Reference Manual Destination secure port: To block access to all file servers on all ports from port et.1.1 use the following command: To allow all engineers access to the engineering servers, you must "punch" a hole throug...

SmartSwitch Router User Reference Manual 171 Chapter 10: Security Configuration Guide • Type of Service (TOS) For IPX ACLs, the following fields can be specified: • Source network address • Destination network address • Source IPX socket • Destination IPX socket When defining an ACL rule, each field...

Chapter 10: Security Configuration Guide 172 SmartSwitch Router User Reference Manual ahead of rules that are less specific. For example, the following ACL permits all TCP traffic except those from subnet 10.2.0.0/16: When a TCP packet comes from subnet 10.2.0.0/16, it finds a match with the first r...

SmartSwitch Router User Reference Manual 173 Chapter 10: Security Configuration Guide If a packet comes in and doesn't match the first two rules, the packet will be dropped. This is because the third rule (implicit deny) will match all packets. Although the implicit deny rule seems obvious in the ab...

Chapter 10: Security Configuration Guide 174 SmartSwitch Router User Reference Manual When a packet comes into a router at an interface where an inbound ACL is applied, the router compares the packet with the rules specified by that ACL. If it is permitted, the packet is allowed into the router. If ...

SmartSwitch Router User Reference Manual 175 Chapter 10: Security Configuration Guide creating additional delay. Therefore, one should consider the potential performance impact before turning on ACL Logging. Maintaining ACLs Offline Using TFTP or RCP The SSR provides two mechanisms to maintain and m...

Chapter 10: Security Configuration Guide 176 SmartSwitch Router User Reference Manual Maintaining ACLs Using the ACL Editor In addition to the traditional method of maintaining ACLs using TFTP or RCP, the SSR provides a simpler and more user-friendly mechanism to maintain ACL: the ACL Editor. The AC...

SmartSwitch Router User Reference Manual 177 Chapter 10: Security Configuration Guide Defining an IPX ACL To define an IPX ACL, perform the following in the Configure mode: Applying an ACL to an Interface To apply an ACL to an interface, perform the following in the Configure mode: Applying an ACL t...

SmartSwitch Router User Reference Manual 179 Chapter 11 QoS Configuration Guide QoS & Layer-2/Layer-3/Layer-4 Flow Overview The SSR allows network managers to identify traffic and set Quality of Service (QoS) policies without compromising wire speed performance. The SSR can guarantee bandwidth o...

Chapter 11: QoS Configuration Guide 180 SmartSwitch Router User Reference Manual For Layer-3 (IP and IPX) traffic, you can define “flows”, blueprints or templates of IP and IPX packet headers. • The IP fields are source IP address, destination IP address, UDP/TCP source port, UDP/TCP destination por...

SmartSwitch Router User Reference Manual 181 Chapter 11: QoS Configuration Guide Configure Layer-2 QoS QoS policies applied to layer-2 flows allow you to assign priorities based on source and destination MAC addresses. A QoS policy set for a layer-2 flow allows you to classify the priority of traffi...

Chapter 11: QoS Configuration Guide 182 SmartSwitch Router User Reference Manual • Layer-3 source-destination flows • Layer-4 source-destination flows • Layer-4 application flows Configuring IP QoS Policies To configure an IP QoS policy, perform the following tasks: 1. Identify the Layer-3 or 4 flow...

SmartSwitch Router User Reference Manual 183 Chapter 11: QoS Configuration Guide Setting an IPX QoS Policy To set a QoS policy on an IPX traffic flow, enter the following command in Configure mode: Specifying Precedence for an IPX QoS Policy To specify the precedence for an IPX QoS policy, enter the...

Chapter 11: QoS Configuration Guide 184 SmartSwitch Router User Reference Manual Monitoring QoS The SSR provides display of QoS statistics and configurations contained in the SSR. To display QoS information, enter the following command in Enable mode: Show all IP QoS flows qos show ip Show all IPX Q...

SmartSwitch Router User Reference Manual 185 Chapter 12 Performance Monitoring Guide Performance Monitoring Overview The SSR is a full wire-speed layer-2, 3 and 4 switching router. As packets enter the SSR, layer-2, 3, and 4 flow tables are populated on each line card. The flow tables contain inform...

SmartSwitch Router User Reference Manual 187 Chapter 12: Performance Monitoring Guide Configuring the SSR for Port Mirroring The SSR allows you to monitor port activity with Port Mirroring. Port Mirroring allows you to monitor the performance and activities of one or more ports on the SSR through ju...

SmartSwitch Router User Reference Manual 189 Chapter 13 Hot Swapping Line Cards and Control Modules Hot Swapping Overview This chapter describes the hot swapping functionality of the SSR. Hot swapping is the ability to replace a line card or Control Module while the SSR is operating. Hot swapping al...

Chapter 13: Hot Swapping Line Cards and Control Modules 190 SmartSwitch Router User Reference Manual Deactivating the Line Card To deactivate the line card, do one of the following: • Press the Hot Swap button on the line card. The Hot Swap button is recessed in the line card's front panel. Use a pe...

SmartSwitch Router User Reference Manual 191 Chapter 13: Hot Swapping Line Cards and Control Modules Warning : Do not remove the line card unless the Offline LED is lit. Doing so can cause the SSR to crash. 2. Loosen the captive screws on each side of the line card. 3. Carefully remove the line card...

Chapter 13: Hot Swapping Line Cards and Control Modules 192 SmartSwitch Router User Reference Manual The procedure for hot swapping a control module is similar to the procedure for hot swapping a line card. You must deactivate the Control Module, remove it from the SSR, and insert another Control Mo...

SmartSwitch Router User Reference Manual 193 Chapter 13: Hot Swapping Line Cards and Control Modules Installing the Control Module To install a new Control Module or line card into the slot: Note: You can install either a line card or a Control Module in slot CM/1, but you can install only a Control...

SmartSwitch Router User Reference Manual 195 Chapter 14 VRRP Configuration Guide VRRP Overview This chapter explains how to set up and monitor the Virtual Router Redundancy Protocol (VRRP) on the SSR. VRRP is defined in RFC 2338. End host systems on a LAN are often configured to send packets to a st...

Chapter 14: VRRP Configuration Guide 196 SmartSwitch Router User Reference Manual Basic VRRP Configuration Figure 17 shows a basic VRRP configuration with a single virtual router. Routers R1 and R2 are both configured with one virtual router ( VRID=1 ). Router R1 serves as the Master and Router R2 s...

SmartSwitch Router User Reference Manual 197 Chapter 14: VRRP Configuration Guide In VRRP, the router that owns the IP address associated with the virtual router is the Master. Any other routers that participate in this virtual router are Backups. In this configuration, Router R1 is the Master for v...

SmartSwitch Router User Reference Manual 199 Chapter 14: VRRP Configuration Guide On line 5, Router R1 associates IP address 10.0.0.2/16 with virtual router VRID=2 . However, since Router R1 does not own IP address 10.0.0.2/16, it is not the default Master for virtual router VRID=2 . Configuration o...

SmartSwitch Router User Reference Manual 203 Chapter 14: VRRP Configuration Guide Note: Since 100 is the default priority, line 9, which sets the priority to 100, is actually unnecessary. It is included for illustration purposes only. Configuration of Router R3 The following is the configuration fil...

SmartSwitch Router User Reference Manual 205 Chapter 14: VRRP Configuration Guide Setting an Authentication Key By default, no authentication of VRRP packets is performed on the SSR. You can specify a clear-text password to be used to authenticate VRRP exchanges. To enable authentication, enter the ...

Chapter 14: VRRP Configuration Guide 206 SmartSwitch Router User Reference Manual ip-redundancy show The ip-redundancy show command reports information about a VRRP configuration. To display VRRP information, enter the following commands in Enable mode. VRRP Configuration Notes • The Master router s...