Instruction/ maintenance manual of the product XSR-Series Enterasys Networks
Go to page of 55
Enterasys Networks XSR-XPEDITION Security Routers XSR-Series IP-Function and Advanced Se rvices May 2004 Confi g uration Guide.
Configuration Guide Page 2 of 55 Table of Contents Table of Contents Table of Contents Table of Contents p p p pag e age age age 1.0 IP-Address and Se condary Addresses con figuration .............................................. 4 1.1 IP-Static- routing .
Configuration Guide Page 3 of 55 9.0r1 VPN IPSEC site-t o-site tun nel via pre-shared key .............................................. 31 9.0r2 VPN IPSEC site-t o-site tun nel via pre-shared key .............................................. 32 9.1 VPN IPSEC site-to- site tunnel ce rtific ation PKI.
Configuration Guide Page 4 of 55 1.0 IP-Address and Secondary Addresses configu ration XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.
Configuration Guide Page 5 of 55 1.3 IP-OSPF-rou ting XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.
Configuration Guide Page 6 of 55 1.4 IP-RIPv1,v 2-ro uting XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.
Configuration Guide Page 7 of 55 1.5 DHC P server, s tatic / dynamic-p ool 1.6 DHC P/Bootp re lay argent / ip -help er XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.
Configuration Guide Page 8 of 55 1.7 SNTP Sim ple Netw ork Time Pr otocol XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! sntp-client server 51.51.51.88 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.
Configuration Guide Page 9 of 55 2.0 Interfa ce descrip tion 2.1 Duplex c onfigu ration on Fast Ether net full/ half 2.2 Speed co nfigurati on on Fast E thernet 10/100M Bit/s XSR-1805#show running-config !! ! Version 4.
Configuration Guide Page 10 of 55 3.0 Access contr ol lis t incomin g outgoi ng 3.1 Access control list 1-99 (s tandard ) 3.2 Access control list 100- 199 (extended ) XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! access-list 2 permit 20.
Configuration Guide Page 11 of 55 3.3 Access control lis t moving onl ine ed it ing XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! access-list 110 deny ip 10.10.10.100 0.0.0.0 any access-list 110 deny ip 10.
Configuration Guide Page 12 of 55 4.0 Virt ual Router Redund ancy Protoco l (RFC 233 8) Router-1-Master XSR-1805_1#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805_1 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.
Configuration Guide Page 13 of 55 4.1 VRRP mon itor inte rface func tion, interface tracking Router-1-Master XSR-1805_1#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805_1 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.
Configuration Guide Page 14 of 55 4.2 NAT s tatic bind ings XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.
Configuration Guide Page 15 of 55 5.0 Dialer Inte rface XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface bri 1/0 isdn switch-type basic-ne.
Configuration Guide Page 16 of 55 5.1 Dialer Backup inte rf ace functi on XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! controller e1 0/2/0 clock.
Configuration Guide Page 17 of 55 5.2 PAP for authentica tion PPP XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 username remote privilege 0 "p.
Configuration Guide Page 18 of 55 5.3 CHAP fo r authentic ation PPP XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 username remote privilege 0 clear.
Configuration Guide Page 19 of 55 5.4.1 VPN via Diale r Interface rtr1 XSR-1805-1#show running-config !! ! Version 6.0.0.9, Built Dec 12 2003, 14:56:30 ! hostname XSR-1805-1 ! interface bri 0/1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 101 permit ip 20.
Configuration Guide Page 20 of 55 5.4.2 VPN via Diale r Interface rtr2 XSR-1805-2#show running-config !! ! Version 6.0.0.9, Built Dec 12 2003, 14:56:30 ! hostname XSR-1805-2 ! interface bri 0/2/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 102 permit ip 10.
Configuration Guide Page 21 of 55 5.5.1 Diale r Int. PRI to BRI with D-chann el-call back central-si te XSR-central#show running-config !! ! Version 6.
Configuration Guide Page 22 of 55 5.5.2 Diale r Int. PRI to BRI with D-chann el-call back remote 1-site remote1#show running-config !! ! Version 6.0.0.
Configuration Guide Page 23 of 55 5.5.3 Diale r Int. PRI to BRI with D-chann el-call back remote 2-site remote1#show running-config !! ! Version 6.0.0.
Configuration Guide Page 24 of 55 6.0 ISDN c onfig f or BRI x/ x 6.1 ISDN sw itch typ e chang ing XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! i.
Configuration Guide Page 25 of 55 6.2 ISDN ca llback XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface bri 1/0 isdn switch-type basic-net3 .
Configuration Guide Page 26 of 55 6.3 ISDN m ultil ink / ISN D channel b undling XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface bri 1/0 .
Configuration Guide Page 27 of 55 7.0 PPPoE on Fast Ethernet interf aces 7.1 IP-address negotiat ion for PPPoE XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 ip address 10.10.
Configuration Guide Page 28 of 55 8.0 AAA Authent ication Auth orization Accounting Radius XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.
Configuration Guide Page 29 of 55 8.1 SSH / Te lnet SSH an d Teln et are en ab led b y defau lt SSH an d Teln et are en ab led b y defau lt SSH an d Teln et are en ab led b y defau lt SSH an d Teln et are en ab led b y defau lt XSR-1805#show running-config !! ! Version 4.
Configuration Guide Page 30 of 55 8.3 SNMP con figura tion / contact/ location/ param eter XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 logging 10.
Configuration Guide Page 31 of 55 9.0r1 VPN I PSEC site-to-site tunnel v ia pre-shared key Router-1 XSR-1805_1#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805_1 ! crypto isakmp proposal prop-map1 authentication pre-share group 5 lifetime 10800 ! access-list 101 permit ip 10.
Configuration Guide Page 32 of 55 9.0r2 VPN I PSEC site-to-site tunnel v ia pre-shared key Router-2 XSR-1805_2#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805_2 ! crypto isakmp proposal prop-map1 authentication pre-share group 5 lifetime 10800 ! access-list 101 permit ip 80.
Configuration Guide Page 33 of 55 9.1 VPN IPSEC site-to- site tunne l certific ation PKI XSR-1805_1#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805_1 ! crypto isakmp proposal prop-map1 authentication rsa-sig group 5 lifetime 10800 ! access-list 101 permit ip 10.
Configuration Guide Page 34 of 55 Issu e C ertificate vi a SCEP protocol to XS R Issu e C ertificate vi a SCEP protocol to XS R Issu e C ertificate vi a SCEP protocol to XS R Issu e C ertific ate vi a SCEP protoc ol to XS R from from from from Wi Wi Wi Win n n ndows dows dows dows 2000 2000 2000 2000 CA CA CA CA : : : : 1.
Configuration Guide Page 35 of 55 9.1.1 Cert ificat ion contr ol / ce rtificates / CRLS / CA id entity XSR-1805_1#show crypto ca certificates Certificate - issued by Enterasys-Networks-CA State: ENTITY-ACTIVE Version: V3 Serial Number: 458876448087542442491910 Issuer: MAILTO=support@enterasys.
Configuration Guide Page 36 of 55 9.3 VPN PPTP User term ination XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 ip address 134.141.130.12 255.255.255.0 no shutdown ! interface FastEthernet2 ip address 192.
Configuration Guide Page 37 of 55 9.4r1 GRE e ncapsulate d in IPSEC site-t o-site tunnel via pre-shared key Router-1 XSR-1805_1#show running-config !! ! Version 6.
Configuration Guide Page 38 of 55 9.4r2 GRE e ncapsulate d in IPSEC site-t o-site tunnel via pre-shared key Router-2 XSR-1805_2#show running-config !! ! Version 6.
Configuration Guide Page 39 of 55 9.5r1 GRE n ative s ite-to-site tunnel Router-1 XSR-1805_1#show running-config !! ! Version 6.0.0.0, Built Sep 14 2003, 11:09:28 ! hostname XSR-1805_1 ! access-list 101 permit gre any any access-list 101 deny ip any any ! interface FastEthernet 1 description "LAN-Interface1" ip address 10.
Configuration Guide Page 40 of 55 9.5r2 GRE n ative s ite-to-site tunnel Router-2 XSR-1805_2#show running-config !! ! Version 6.0.0.0, Built Sep 14 2003, 11:09:28 ! hostname XSR-1805_2 ! access-list 101 permit gre any any access-list 101 deny ip any any ! interface FastEthernet 1 description "LAN-Interface1" ip address 80.
Configuration Guide Page 41 of 55 10.1 D IFFS ERV DSCP fiel d addressing XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! class-map DSCP_EF match access-group 2 match ip dscp EF ! policy-map DSCP_EF class DSCP_EF priority high 12000 ! access-list 2 permit 10.
Configuration Guide Page 42 of 55 11.1 Firewal l configu ration XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "Interal_network_Private" ip address 10.
Configuration Guide Page 43 of 55 12.1 Vlan c onfigu ration 802.1q tagged r outing XSR-1805#show running-config !! ! Version 6.0.0.0, Built Sep 14 2003, 11:09:28 ! hostname XSR-1805 ! interface FastEthernet 1 description "UnTagged-Native-Interface" ip address 11.
Configuration Guide Page 44 of 55 Appen dix Appen dix Appen dix Appen dix: : : : Import an t commands for us ing the XSR plat form: A1.1 show vers ion - So ftware, Bo otrom, RAM, Flash, System Uptime XSR-1805#show version Enterasys Networks Operating Software Copyright 2002 by Enterasys Networks Inc.
Configuration Guide Page 45 of 55 A1.3 show inte rface - IP address, speed, duplex, stat istics, errors XSR-1805#show interface FastEthernet1 is Admin Up Description: LAN-Interface1 Internet address is 10.10.10.1, subnet mask is 255.255.255.0 The name of this device is Eth1.
Configuration Guide Page 46 of 55 A1.5 flash:/ cflash:/ - d ir, re name, copy command s XSR-1805# dir Listing Directory flash:/ size date time name -------- ------ ------ -------- 4000669 JUN-26-2003 11:00:12 xsr1800.
Configuration Guide Page 47 of 55 B1.0 show ip route XSR-1805#show ip route Codes: C-connected, S-static, R-RIP, O-OSPF, IA-OSPF interarea N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - 0SPF external type 1, E2 - 0SPF external type 2 * - candidate default, D - default route originated from default net C 192.
Configuration Guide Page 48 of 55 C1.0 show tun nels XSR-1805_2#show tunnels Tunnel MIB: ID Creation Time Proto Username Peer IP Packets In/Out 40000001 12/02/03, 13:21 IPSEC (Unknown) 0.
Configuration Guide Page 49 of 55 C1.4 sho w tunnels / GRE via IPSEC XSR-1805_2#show tunnels Tunnel MIB: ID Creation Time Proto Username Peer IP Packets In/Out 40000001 12/02/2003, 16:14 GRE 20.20.20.1 0000003528/0000002552 XSR-1805_2# C1.5 sho w inter face vpn / GRE via IPSEC XSR-1805_2#show interface vpn Vpn1 is Admin Up Internet address is 192.
Configuration Guide Page 50 of 55 D1.1 show ip in terface atm 1/0.1 XSR1805-ADSL#show ip interface atm 1/0.1 ATM 1/0.1 is Admin Up Internet address is 212.184.161.76, subnet mask is 255.255.255.255 Rcvd: 766 octets, 6 unicast packets, 0 discards, 0 errors, 0 unknown protocol.
Configuration Guide Page 51 of 55 D1.3 show con troll ers atm 1/0.1 XSR1805-ADSL#show controllers atm 1/0.1 ********** ATM Sub-Interface Stats ********** ATM 1/0.
Configuration Guide Page 52 of 55 D1.4 show in terface at m 1/0 XSR1805-ADSL #show interface atm 1/0 ********** ATM Interface Stats ********** ATM 1/0 is Admin Up / Oper Up Description: "ADSL-connection" The name of this device is adsl. Administrative State is ENABLED Operational State is UP.
Configuration Guide Page 53 of 55 D1.5 show in terface at m 1/0.1 XSR1805-ADSL #show interface atm 1/0.1 ********** ATM Sub-Interface Stats ********** ATM 1/0.
Configuration Guide Page 54 of 55 D1.6 sho w ppp i nterface atm 1 /0.1 XSR1805-ADSL#show ppp interface atm 1/0.1 ********** PPP Stats ********** ATM 1/0.
Configuration Guide Page 55 of 55 Gett ing Help Gett ing Help Gett ing Help Gett ing Help For a ddition al sup port r elat ed to the XSR, c on tact E nter asys Networ ks us ing one of the follo wing methods: World Wide Web World Wide Web World Wide Web World Wide Web http:// www.
An important point after buying a device Enterasys Networks XSR-Series (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Enterasys Networks XSR-Series yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Enterasys Networks XSR-Series - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Enterasys Networks XSR-Series you will learn all the available features of the product, as well as information on its operation. The information that you get Enterasys Networks XSR-Series will certainly help you make a decision on the purchase.
If you already are a holder of Enterasys Networks XSR-Series, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Enterasys Networks XSR-Series.
However, one of the most important roles played by the user manual is to help in solving problems with Enterasys Networks XSR-Series. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Enterasys Networks XSR-Series along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center