Instruction/ maintenance manual of the product AR3202 Foundry Networks
Go to page of 293
June 20 04 © 2004 F oundry N etworks, In c. Foundry AR-Series Router User Guide For AR12 02, AR1204, A R1208, AR1216 , AR3201-CH/ CL, and AR3 202-CH/CL Ro uters 2100 Gol d S treet P .O. Box 649100 San Jose, CA 95164-910 0 T el 408.5 86.170 0 Fax 408.
Copyri ght © 2004 F oundry N etworks, In c. All righ ts res erved. No p art of this work m ay be rep roduced i n any form or by any means – graphic, elect ronic or m echanic al, inclu ding photoco pying, re cording, t aping o r storage i n an info rmation ret rieval sy stem – wi thout pr ior written p ermissio n of the copyrig ht owne r .
June 20 04 © 2004 F oundry N etworks, In c. iii Content s C HAPTER 1 G ETTING S TAR TED ...... .... ..... ....... ..... ..... ....... ..... ..... ....... ..... ..... ....... ..... .... .... 1-1 I NTRODUCTION ............. .................... .......
Foundry AR-Se ries Rou ter User Gu ide iv © 2004 F oundry N etworks, In c. June 2004 CONFIGURE POLICY ....... ............. ............. .................... ............. ............ ............. .................... ............. .. ....... 3- 1 CONFIGURE POLICY AS _ PATH .
Content s June 20 04 © 2004 F oundry N etworks, In c. v C HAPTER 7 BGP4 C ONFI GURE C OM MANDS . ..... ..... ....... ..... .... ........ .... ..... ....... ..... ..... ...... 7- 1 CONFIGURE ROUTER BGP ........................ .................... ...
Foundry AR-Se ries Rou ter User Gu ide vi © 2004 F oundry N etworks, In c. June 2004 SHOW IP BGP REGEXP ................ ............. ............. .................... ............ ............. .................... ............. ...... .8- 10 SHOW IP BGP SUMMA RY .
Content s June 20 04 © 2004 F oundry N etworks, In c. vii CONFIGURE ROUTER OSPF RE DISTRIBUTE CONNECTED .............. ............ .................... ............. ............. ....... 9-3 7 CONFIGURE ROUTER OSPF RE DISTRIBUTE RIP .............. .
Foundry AR-Se ries Rou ter User Gu ide viii © 2004 F oundry N etworks, In c. June 2004 CONFIGURE ROUTER RIP INTERF AC E NEIGHBOR ............ ............. ................... ............. ............. .................. 11-1 0 CONFIGURE ROUTER RIP INTERF AC E PASSIV E .
Content s June 20 04 © 2004 F oundry Netw orks, In c. ix G ENER IC R OUTING E NCAP SULATION (GRE) ................ ................... ............. ............. ................... ............. . 14- 7 C HAPTER 15 S ECURITY F EATU RES .. ....... .
June 20 04 © 2004 F oundry N etworks, In c. 1 - 1 Chap ter 1 Getting St arted Introduction This gu ide desc ribes how to conf igure the Ac cessIron routers in typical scenari os using in formation presented in the con figurati ons and u ser guide s.
Foundry AR-Se ries Rou ter User Gu ide 1 - 2 © 20 04 Foundry Networks , Inc. June 2004 Related P ublic ations The f ollowing Fo undry N etworks doc ument s suppl ement the informati on in this guide. • Relea se Notes Printed re lease not es provid e the late st informa tion.
Getting S tarted June 20 04 © 2004 F oundry N etworks, In c. 1 - 3 PPP , P AP , Multil ink PPP , Frame Relay , Multilink Fra me Relay , (FRF .15, FRF .
Foundry AR-Se ries Rou ter User Gu ide 1 - 4 © 20 04 Foundry Networks , Inc. June 2004 ACLs DHCP TFTP PA P RADIUS T ACACS+ SSH v2 GRE T unneling IPSec VPN with i ntegrated IKE Site-to-sit e VPN Site-.
Getting S tarted June 20 04 © 2004 F oundry N etworks, In c. 1 - 5 How to Ge t Help Foundry Networks technic al suppor t will ensu re that the fast and easy acc ess tha t you hav e come to ex pect from your Fou ndry Net works pr oduct s will b e maint ained.
Foundry AR-Se ries Rou ter User Gu ide 1 - 6 © 20 04 Foundry Networks , Inc. June 2004.
June 20 04 © 2004 F oundry N etworks, In c. 2 - 1 Chap ter 2 Command Li ne Interface This ch apter intro duces th e Command Li ne Inter face (CLI) hi erarchy an d the con ventions us ed to des cribe it. It also in troduces the CLI n avigatio n keys and methods, as wel l as the a vailable help sc reens.
Foundry AR-Se ries Rou ter User Gu ide 2 - 2 © 20 04 Foundry Networks , Inc. June 2004 NOTE: Command strings that req uire ident ification of a spec ific inte rface are c ontext-s ensitive.
Command Line Inte rface June 20 04 © 2004 F oundry N etworks, In c. 2 - 3 Abbreviated Commands Y ou may ent er commands by typi ng the firs t few charac ters of ea ch word in a comma nd string. The Found ry system recogni zes the u nique abb reviated e ntry and e xecutes the comm and exa ctly as i f you had entered it fully .
Foundry AR-Se ries Rou ter User Gu ide 2 - 4 © 20 04 Foundry Networks , Inc. June 2004 CLI Navigation The Ta b , Esc , and Ctrl keybo ard keys may be used to: • Move b ackwards or fo rwards in the .
Command Line Inte rface June 20 04 © 2004 F oundry N etworks, In c. 2 - 5 Figure 2.2 Help Screen Tr e e Y ou may vi ew a tree that shows all CLI co mmands , or a tree th at shows o nly the c ommands associate d with t he current co mm an d mo de (or th e rout ing mode for ex am pl e).
Foundry AR-Se ries Rou ter User Gu ide 2 - 6 © 20 04 Foundry Networks , Inc. June 2004 Figure 2.4 ? Help Screen NOTE: The defa ult para meters fo r specifi c command s appear i n paren thesi s. Global Commands All show , ping , an d save com mands are a vailable from any level of the CLI.
Command Line Inte rface June 20 04 © 2004 F oundry N etworks, In c. 2 - 7 Figur e 2.5 Global show Command NOTE: The CLI commands show a nd display can be us ed interc hangeabl y . NOTE: The t ab compl etion feat ure is not current ly avail able for gl obal com mands.
Foundry AR-Se ries Rou ter User Gu ide 2 - 8 © 20 04 Foundry Networks , Inc. June 2004.
June 20 04 © 2004 F oundry N etworks, In c. 3 - 1 Chap ter 3 Policy Commands This ch apter pr ovides info rmatio n about rou ting poli cy comm ands tha t are supp orted by Fo undry . configure poli cy This co mmand p rovides a ccess to the nex t-level com mands.
Foundry AR-Se ries Rou ter User Gu ide 3 - 2 © 20 04 Foundry Networks , Inc. June 2004 configure policy as_p ath This co mmand c onfigures the auton omous s ystem pa th filt er for BGP . AS path ac ce ss li st s are used for ma tch ing th e AS p ath attribute i n a BGP route.
Pol icy Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 3 - 3 configure policy community_l ist This co mmand a ccesse s next-le vel comman ds for adding ex tended or standa rd comm unity lis ts. Communi ty list s are used for m atchin g the “com muni ty” attrib ute in a BGP rou te.
Foundry AR-Se ries Rou ter User Gu ide 3 - 4 © 20 04 Foundry Networks , Inc. June 2004 configure policy community_lis t extended_community This co mmand c onfigu res an ex tended co mmunity list as part of the pol icy .
Pol icy Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 3 - 5 configure policy community_lis t st andard_community This co mmand c onfigures a sta ndard com munity l ist as p art of th e routing p olicy .
Foundry AR-Se ries Rou ter User Gu ide 3 - 6 © 20 04 Foundry Networks , Inc. June 2004 configure policy ip_access _list This co mmand c onfigures the IP acc ess list fo r routes.
Pol icy Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 3 - 7 example : Foundry- AR1208/c onfigur e# policy i p_access_ list 1 1 per mit netwo rk 10.0.0.0 n etmask 0.255.255 .255 mask 255.0.0. 0 mask mask 0.255 .255.255 This ex ample rest ricts th e prefi xes to 10.
Foundry AR-Se ries Rou ter User Gu ide 3 - 8 © 20 04 Foundry Networks , Inc. June 2004 configure poli cy route_m ap This co mmand c onfigures the polic y for route r route maps. Route maps are used f or general-p urpose m atching of rou tes and s etting of route at tributes.
Pol icy Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 3 - 9 related commands: applicable sys tems: All mode ls. configu re poli cy route_ map com mit configu re poli cy route_ map matc h con.
Foundry AR-Se ries Rou ter User Gu ide 3 - 10 © 2004 F oundry N etworks, In c. June 2004 configure poli cy route_ma p match This co mmand a ccesses n ext-level comman ds for co nfiguring the polic y for matc hing p arameters of the rout es.
Pol icy Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 3 - 1 1 configure policy route_map match as_p ath This co mmand m atches a ny of the specifie d BGP AS p ath acce ss list s.
Foundry AR-Se ries Rou ter User Gu ide 3 - 12 © 2004 F oundry N etworks, In c. June 2004 configure poli cy route_ma p match comm unity This co mmand m atches a ny of the speci fied BGP com munity l ist s.
Pol icy Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 3 - 13 configure poli cy route_ma p match ip ip_address This co mmand d istributes routes m atching the prefix against a ny of the specifie d IP acces s list s.
Foundry AR-Se ries Rou ter User Gu ide 3 - 14 © 2004 F oundry N etworks, In c. June 2004 configure policy route_map set This co mmand p rovides a ccess to next-lev el comm ands to set pa rameter s for the ro utes.
Pol icy Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 3 - 15 configure policy route_map set as_p ath This co mmand c onfigures a character s tring for a BGP AS-pa th attribut e.
Foundry AR-Se ries Rou ter User Gu ide 3 - 16 © 2004 F oundry N etworks, In c. June 2004 configure policy route_map set communit y This co mmand c onfigur es the po licy for com munity attributes . Set the c ommunity a ttribute to the giv en value or list of values.
Pol icy Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 3 - 17 configure policy route_map set dist ance This co mmand s ets the BG P protocol preferenc e for the p ath attri bute.
Foundry AR-Se ries Rou ter User Gu ide 3 - 18 © 2004 F oundry N etworks, In c. June 2004 configure policy route_map set local_pr eference This co mmand c onfigures the BGP lo cal pr eference p ath att ribute.
Pol icy Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 3 - 19 configure policy route_map set metri c This co mmand c onfigures the metri c value for th e destin ation routi ng proto col.
Foundry AR-Se ries Rou ter User Gu ide 3 - 20 © 2004 F oundry N etworks, In c. June 2004 configure policy route_map set metri c_type This co mmand c onfigures the metri c type for a route.
Pol icy Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 3 - 21 config ure po licy rou te_m ap se t orig in This co mmand c onfigures the origi n value for th e BGP route.
Foundry AR-Se ries Rou ter User Gu ide 3 - 22 © 2004 F oundry N etworks, In c. June 2004.
June 20 04 © 2004 F oundry N etworks, In c. 4 - 1 Chap ter 4 Protocols Overview BGP4 Border Ga teway Pro tocol V ersion 4 (also refer red to as s imply BGP) is a n exterio r routing pro tocol us ed for the global Inte rnet .
Foundry AR-Se ries Rou ter User Gu ide 4 - 2 © 20 04 Foundry Networks , Inc. June 2004 RFC Compliance The f ollowing t able pro vides Fo undry N etwork’ s BGP RFC complia nce inform ation. OSPF Open Shorte st Path Firs t (OSPF), a l ink-st ate routing pro tocol, is used for rout ing IP p acket s.
Protocols Overvi ew June 20 04 © 2004 F oundry N etworks, In c. 4 - 3 RFC Compliance The f ollowing t able pro vides Fo undry N etwork’ s OSPF R FC compli ance info rmatio n. RIP Routin g Informat ion Protocol (R IP) is an interior ga teway p rotocol (IGP), i .
Multicasting T raditi onal mul ticast ro uting me chanism s such as Dist ance V ector Multic ast Ro uting Proto col (DVMRP ) and Mu lticast Open Shortest Pa th First (MOSPF) were intended for use with in regions where g roups are densel y popula ted or band wid th is universa ll y p lentif ul.
June 20 04 © 2004 F oundry N etworks, In c. 5 - 1 Chap ter 5 BGP4 Clear Commands Use BGP clear command s to c lear bgp c onfigurati on se ttings. clear ip bgp This co mmand p rovide s access to the foll owing ne xt-level comman ds. synt ax: clear ip bgp related commands: example : Foundry- AR1208# c lear ip bgp applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 5 - 2 © 20 04 Foundry Networks , Inc. June 2004 clear ip bgp all This co mmand re move s all BGP neighbor c onnectio ns. synt ax: clear i p bgp al l example : Foundry- AR1208# clear ip bgp al l related commands: applicable sys tems: All mode ls.
BGP4 Clear Comma nds June 20 04 © 2004 F oundry N etworks, In c. 5 - 3 clear ip bgp group This co mmand re moves a ll conne ctions fo r a BGP grou p. Parameter Description synt ax: clear ip bgp group.
Foundry AR-Se ries Rou ter User Gu ide 5 - 4 © 20 04 Foundry Networks , Inc. June 2004 clear ip bgp neighbor This co mmand re move s a spec ified BGP n eighbor c onnectio n. Parameter Description synt ax: clear i p bgp nei ghbor ip_ address < IP address > re mote_as < n > example : Foundry- AR1208# clear ip bgp neighb or 10.
June 20 04 © 2004 F oundry N etworks, In c. 6 - 1 Chap ter 6 Generic Routing Co mmands This ch apter con tains routing comman ds that are not protoc ol spec ific. Thes e command s can be used intercha ngeably with the thre e routing p rotocols supported by Found ry .
Foundry AR-Se ries Rou ter User Gu ide 6 - 2 © 20 04 Foundry Networks , Inc. June 2004 configure router routerid This co mmand c onfigures a route r for routing operation . synt ax: [ no ] rou ter router id < IP ad dress # example : Foundry- AR1208/c onfigur e# router router id 10.
Gener ic Ro utin g Comm ands June 20 04 © 2004 F oundry N etworks, In c. 6 - 3 show ip routes This co mmand d isplays IP ro uting info rmatio n for Etherne t ports .
Foundry AR-Se ries Rou ter User Gu ide 6 - 4 © 20 04 Foundry Networks , Inc. June 2004 example : T o display a ll routes , issue th e show ip routes comm and. example : T o display t he route for a spe cific net work and su bnet, iss ue the sho w ip routes netw ork 123 .
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry N etworks, In c. 7 - 1 Chap ter 7 BGP4 Configure Commands Use BGP c onfigure c ommands to c onfigure al l BGP4 par ameters. configure router bgp This co mmand c onfigures BGP routin g protocol on a route r and p rovides a ccess to th e next -level comm ands listed bel ow .
Foundry AR-Se ries Rou ter User Gu ide 7 - 2 © 20 04 Foundry Networks , Inc. June 2004 configure router bgp aggregate_address This co mmand i s used to aggregate routes.
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry N etworks, In c. 7 - 3 applicable sys tems: All mode ls. configu re route r bgp defau lt_metric configu re route r bgp group configu re route r b.
Foundry AR-Se ries Rou ter User Gu ide 7 - 4 © 20 04 Foundry Networks , Inc. June 2004 configure router bgp always_comp are_med This c om ma nd con fig ures a rou t er to a ll ow th e c om p a r is on of t he mu lti- exit d is cri mi nato r fo r p a t hs fro m neighb ors in dif feren t autonom ous system s.
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry N etworks, In c. 7 - 5 configure router bgp default_metric This co mmand c onfigur es the de fault met ric value for redistr ibuted BGP routes . This co mmand fo rces the routing pro tocol to use the same me tric value f or all re distribut ed routes.
Foundry AR-Se ries Rou ter User Gu ide 7 - 6 © 20 04 Foundry Networks , Inc. June 2004 configure router bgp dist ance This co mmand c hanges t he defa ult dist ance v alue on a router .
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry N etworks, In c. 7 - 7 configure router bgp group This co mmand c onfigures BGP group s. Neigh bors with th e same u pdate poli cies are more easily managed when th ey are in groups . Group or ganizatio n simpli fies con figuration and strea mlines t he update process.
Foundry AR-Se ries Rou ter User Gu ide 7 - 8 © 20 04 Foundry Networks , Inc. June 2004 configure router bgp group distribute_li st This co mmand c onfigures filter upd ates to th is group.
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry N etworks, In c. 7 - 9 configure router bgp group filter_list This co mmand c onfigures BGP filters fo r a spe cified gr oup.
Foundry AR-Se ries Rou ter User Gu ide 7 - 10 © 2004 F oundry N etworks, In c. June 2004 configure router bgp group next_hop_self This co mmand d isables the next h op calc ulation fo r all pe ers in the group.
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 1 1 configure router bgp group pa ssword This co mmand c onfigures the TCP MD 5 passw ord to en able MD5 a uthentica tion for a BGP group.
Foundry AR-Se ries Rou ter User Gu ide 7 - 12 © 2004 F oundry N etworks, In c. June 2004 configure router bgp group remove_private_A S This co mmand re moves th e priv ate AS numb er from upd ates that are se nt out.
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 13 configure router bgp group rou te_map This co mmand c onfigures a route map to a BGP group.
Foundry AR-Se ries Rou ter User Gu ide 7 - 14 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor This co mmand c onfigur es a BGP n eighbor . Parameter Description synt ax: [ no ] ne ighbor IP address < IP add res s > remote_as < n > example : Foundry- AR1208/c onfigure/ro uter/bg p 10# neigh bor 101.
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 15 applicable sys tems: All mode ls. configu re router bgp redist ribute.
Foundry AR-Se ries Rou ter User Gu ide 7 - 16 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor advertisement_interval This co mmand c onfigur es the mini mum t ime inter val for se nding BGP route upda tes.
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 17 configure router bgp neighbor allowbadi d This co mmand p ermits BGP sessio ns to be e stabl ished with routers tha t represen t their route r ID as 0.0.0 .0 or 255. 255. 255.
Foundry AR-Se ries Rou ter User Gu ide 7 - 18 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor default_orig inate This co mmand s ends the defaul t route to th e neighbo r .
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 19 configure router bgp neighbor description This co mmand d escribes or identi fies a neigh bor route r . Parameter Description synt ax: [ no ] descript ion neigh bor_desc ription < “ string ” > example : Foundry- AR1208/c onfigure/ro uter/bgp 10 /neighbor 101.
Foundry AR-Se ries Rou ter User Gu ide 7 - 20 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor distribute_list This co mmand c onfigures filter upd ates to or from this neighbor .
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 21 configure router bgp neighbor ebgp_mul tiho p This co mmand c onfigures multiho p EBGP on a nei ghbor . synt ax: [ no ] ebgp_mu ltihop example : Foundry- AR1208/c onfigure/ro uter/bgp 10 /neighbor 101.
Foundry AR-Se ries Rou ter User Gu ide 7 - 22 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor filter_li st This co mmand c onfigures BGP filters. Parameter Description synt ax: [ no ] filter_lis t access_ list < n > access _list_op tion < in > example : Foundry- AR1208/c onfigure/ro uter/bgp 10 /neighbor 101.
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 23 configure router bgp neighbor keep This co mmand c onfigur es neigh bor route s torage opti ons. Parameter Description synt ax: keep k eep_optio n < all | none > example : Foundry- AR1208/c onfigure/ro uter/bg p 10/neighbor 10.
Foundry AR-Se ries Rou ter User Gu ide 7 - 24 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor logupdown This co mmand c onfigu res loggi ng of est ablished st ate tran sition ch anges of a neighbo r . synt ax: [ no ] logupdown example : Foundry- AR1208/c onfigure/ro uter/bg p10/neigh bor 101.
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 25 configure router bgp neighbor maxim um_p refix This co mmand c onfigures the max imum numbe r of BGP routes to b e accept ed. If the ne ighbor sends more p refixes t han are co nfigured, t he con nection to th is neigh bor will be broken .
Foundry AR-Se ries Rou ter User Gu ide 7 - 26 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor neighbo r_gro up This co mmand c onfigures a neighb or to a spe cific gro up.
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 27 configure router bgp neighbor next_hop_self This co mmand d isables the next h op calc ulatio n for this nei ghbor . synt ax: next _hop_sel f example : Foundry- AR1208/c onfigure/ro uter/bg p 10/neighbor 10.
Foundry AR-Se ries Rou ter User Gu ide 7 - 28 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor p assword This co mmand c onfigures a pas sword fo r md5 auth enticatio n. Parameter Description synt ax: md5_pas swor d < str ing > example : Foundry- AR1208/c onfigure/ro uter/bg p 10/neighbor 10.
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 29 configure router bgp neighbor route_map This co mmand a pplies a route map to a ne ighbor . A simil ar command exists u nder the g roup tree fo r applying route_ma p to a g roup of ne ighbors in the outbo und dire ction .
Foundry AR-Se ries Rou ter User Gu ide 7 - 30 © 2004 F oundry N etworks, In c. June 2004 configure router bgp neighbor timers This co mmand c onfigure k eepal ive time rs for a ne ighbor (pee r). The hold time timer val ue is cal culated as three ti mes the v alue of th e keep alive ti mer .
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 31 configure router bgp neighbor update_sourc e This co mmand c onfigures the source o f BGP TCP connections for a spe cified neigh bor as the IP addre ss specif ied, inste ad of t he IP addres s of a ph ysical inte rface.
Foundry AR-Se ries Rou ter User Gu ide 7 - 32 © 2004 F oundry N etworks, In c. June 2004 configure router bgp redistribute This co mmand p rovide s access to the foll owing ne xt-level comman ds. Redistrib uti on c au ses rou tes from oth er p rotoc ol s to be e xp orte d vi a th e c urren t pro toc ol.
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 33 configure router bgp redistribute connected This co mmand re distribute s interfac e routes.
Foundry AR-Se ries Rou ter User Gu ide 7 - 34 © 2004 F oundry N etworks, In c. June 2004 configure router bgp redistribute osp f This co mmand c onfigures the router to redistri bute OSPF route s.
BGP4 Conf igur e Comm ands June 20 04 © 2004 F oundry Netw orks, In c. 7 - 35 configure router bgp redistribute rip This co mmand c onfigures a router to redist ribute RIP rou tes.
Foundry AR-Se ries Rou ter User Gu ide 7 - 36 © 2004 F oundry N etworks, In c. June 2004 configure router bgp redistribute st atic This co mmand c onfigures a route r to redist ribute st atic rou tes.
June 20 04 © 2004 F oundry N etworks, In c. 8 - 1 Chap ter 8 BGP4 show Commands Use BGP s how comm ands to d isplay a ll config ured BGP in formation . NOTE: The CL I commands “show” and “display ” can be u sed interc hangeabl y . show ip b gp This co mmand a ccesse s the foll owing next -level di splay (s how) comm ands.
Foundry AR-Se ries Rou ter User Gu ide 8 - 2 © 20 04 Foundry Networks , Inc. June 2004 show ip bgp aggregate_address This co mmand d isplays a list of configure d aggre gate addre sses.
BGP4 sh ow C omman ds June 20 04 © 2004 F oundry N etworks, In c. 8 - 3 show ip b gp communi ty This co mmand d isplays routes th at match BGP c ommunitie s.
Foundry AR-Se ries Rou ter User Gu ide 8 - 4 © 20 04 Foundry Networks , Inc. June 2004 applicable sys tems: All mode ls. T a ble 8.1: St atus and Ori gin Codes S tatus codes * ( val id ) The t able e ntry is va lid. # ( best ) The t able entry is the be st entry to use for th at netwo rk.
BGP4 sh ow C omman ds June 20 04 © 2004 F oundry N etworks, In c. 8 - 5 show ip b gp groups This co mmand p rovides i nformatio n about BG P groups . synt ax: show ip bg p grou ps [ < n ame > ] example : Foundry- AR1208# s how ip bgp group s north applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 8 - 6 © 20 04 Foundry Networks , Inc. June 2004 show ip b gp neighb ors This co mmand d isplays detai led inform ation and st atus on al l BGP neighb ors, incl .
BGP4 sh ow C omman ds June 20 04 © 2004 F oundry N etworks, In c. 8 - 7 T a ble 8.2: St atus and Ori gin Codes S tatus co des * ( val id ) The t able e ntry is va lid. # ( best ) The t able entry is the be st entry to use for th at netwo rk. i ( intern al ) The t able entry was learne d via an internal BGP s ession.
Foundry AR-Se ries Rou ter User Gu ide 8 - 8 © 20 04 Foundry Networks , Inc. June 2004 applicable sys tems: All mode ls. updates Numbe r of sent BG P updates Maxim um prefixes The max imum nu mber of pre fixes tha t can be r eceived from this neighbo r .
BGP4 sh ow C omman ds June 20 04 © 2004 F oundry N etworks, In c. 8 - 9 show ip bgp paths This co mmand s hows a ll BGP p aths in t he dat abase. synt ax: show ip bgp p aths example : Foundry- AR1208# s how ip bgp path s applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 8 - 10 © 2004 F oundry N etworks, In c. June 2004 show ip bgp r egexp This co mmand d isplays routes m atching th e regular e xpressi on. Parameter Description synt ax: show ip bgp re gexp reg_ exp < “stri ng” > example : Foundry- AR1208# s how ip bgp regexp “.
BGP4 sh ow C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 8 - 1 1 show ip b gp summary This co mm an d s how s th e BG P ro uter’s i den tify in g nu mb er , local AS numb er , and connecte d n eighbo rs. Neig hbor informa tion incl udes BGP v ersion (v), AS n umber , messag es receive d and trans mitted, a nd operatin g sta tus.
Foundry AR-Se ries Rou ter User Gu ide 8 - 12 © 2004 F oundry N etworks, In c. June 2004 show ip b gp t able This comm an d sho ws entri es in the BGP rout e table . synt ax: show ip bg p tabl e example : Foundry- AR1208# s how ip bgp tabl e applicable sys tems: All mode ls.
BGP4 sh ow C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 8 - 13 show poli cy This co mmand p rovide s access to the fo llowing ne xt-lev el polic y displ ay comm ands: related commands: show.
Foundry AR-Se ries Rou ter User Gu ide 8 - 14 © 2004 F oundry N etworks, In c. June 2004 show policy as_p ath This co mmand d ispla ys the AS path access lists . Parameter Description synt ax: show poli cy as _path [ acce ss_l ist < n > ] example : Foundry- AR1208# s how policy as_p ath related commands: applicable sys tems: All mode ls.
BGP4 sh ow C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 8 - 15 show poli cy commun ity_list This co mmand s hows c onfigur ed comm unity li sts. Parameter Description synt ax: show policy c ommunity_ list [ communi ty < n > ] example : Foundry- AR1208# s how policy community_ list related commands: applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 8 - 16 © 2004 F oundry N etworks, In c. June 2004 show policy ip_access_l ist This co mmand s how rout es that co mply w ith spec ific IP ac cess rul es.
BGP4 sh ow C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 8 - 17 show policy route_map This co mmand s hows ro ute map i nformation . Parameter Description synt ax: show policy ro ute_map [ < name > ] example : Foundry- AR1208# s how policy route_map related commands: applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 8 - 18 © 2004 F oundry N etworks, In c. June 2004.
June 20 04 © 2004 F oundry N etworks, In c. 9 - 1 Chap ter 9 OSPF Configure Commands Use OSPF confi gure command s to confi gure a ll OSPF rout ing pa rameters. NOTE: See the c ommand configure interfa ce loopb ack in the Comma nd Refer ence Guide: Domes tic Product s for im portant informati on about l oopback interfaces .
Foundry AR-Se ries Rou ter User Gu ide 9 - 2 © 20 04 Foundry Networks , Inc. June 2004 configure router osp f This co mmand c onfigures a router for OSPF routin g. synt ax: router os pf example : Foundry- AR1208/c onfigur e# rout er o sp f related commands: applicable sys tems: All mode ls.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry N etworks, In c. 9 - 3 configure router osp f 1583 Comp atibility This co mmand e stabl ishes the route sum mary ca lculatio n method t o be com patibl e with RFC 1583. Th e RFC comp atibili ty of a ll routers in an OSPF domain shou ld be configured the sam e.
Foundry AR-Se ries Rou ter User Gu ide 9 - 4 © 20 04 Foundry Networks , Inc. June 2004 configure router osp f area This co mmand c onfigures an OSPF are a. Parameter Description synt ax: area < area_id > example : Foundry- AR1208/c onfigure/ro uter/osp f# area 0 related commands: related commands: applicable sys tems: All mode ls.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry N etworks, In c. 9 - 5 configure router osp f area are a_type This co mmand a ccesse s the foll owing n ext-level comman ds for con figuring a n area type. related commands: related commands: applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 9 - 6 © 20 04 Foundry Networks , Inc. June 2004 configure router osp f area area_type normal This co mmand s pecifies an area a rea typ e as normal. synt ax: area _ty pe no r mal example : Foundry- AR1208/c onfigure/ro uter/osp f/area 0# area_typ e normal related commands: applicable sys tems: All mode ls.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry N etworks, In c. 9 - 7 configure router osp f area are a_type nssa This co mmand s pecifies an area type as (nss a) not-so-stubb y area .
Foundry AR-Se ries Rou ter User Gu ide 9 - 8 © 20 04 Foundry Networks , Inc. June 2004 configure router osp f area are a_type nssa no_sum mary This c omma nd pr e ven ts an ns sa are a bo un dar y rou ter f rom se ndi ng su mm ary link adver tis ements i nto an n ssa area.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry N etworks, In c. 9 - 9 configure router osp f area area_type stub This co mmand c onfigur es an are a as a st ub area. S tub areas are not floode d with AS ext ernal a dvertisemen ts. S tub area s reduce the amoun t of memory require d on stu b area rout ers.
Foundry AR-Se ries Rou ter User Gu ide 9 - 10 © 2004 F oundry N etworks, In c. June 2004 configure router osp f area are a_type stub no_summary This co mmand p revent s an a rea bounda ry router fro m sendin g summar y link adv ertisemen ts int o the stub area.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 1 1 configure router osp f area default_ cost This co mmand s pecifies a cost f or the defa ult su mmary rout e sent in to a stub area.
Foundry AR-Se ries Rou ter User Gu ide 9 - 12 © 2004 F oundry N etworks, In c. June 2004 configure router osp f area range This co mmand s ummariz es routes at the area boundari es, pro ducing a single ro ute that is advertis ed by are a bord er ro uter s.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 13 configure router osp f area virtual_link This co mmand d efines an OSPF virtual link f or an area. Estab lishes a virtual c onnection t o the b ackbone for an area border route r that is n ot physic ally conne cted t o the backbo ne.
Foundry AR-Se ries Rou ter User Gu ide 9 - 14 © 2004 F oundry N etworks, In c. June 2004 configure router osp f area virtual _link authentication This co mmand c onfigur es authe ntication for an area virtual l ink. Authentic ation gua rantees th at only tr usted routers se nd and rec eive traf fic within an a rea.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 15 configure router osp f area virtual _link dead_interval This co mmand s ets th e time, in second s that an O SPF neighb or will wait for a he llo pa cket. Once t he user-de fined tim e expires , the interf ace assu mes that the neigh bor is dow n.
Foundry AR-Se ries Rou ter User Gu ide 9 - 16 © 2004 F oundry N etworks, In c. June 2004 configure router osp f area virtual _link hello_interval This co mmand c onfigu res the ti me interv al betwe en transm ission o f hello p ackets.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 17 configure router osp f area virtual _link retransmit_ interval This co mmand c onfigur es the time between link st ate a dvertise ment retran smissions on an in terface.
Foundry AR-Se ries Rou ter User Gu ide 9 - 18 © 2004 F oundry N etworks, In c. June 2004 configure router osp f area virtual_link transmit _delay This co mmand c onfigur es the estim ated tim e to transm it a link state updat e pack et on an i nterface.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 19 configure router osp f dist ance This co mmand a ccesse s the foll owing n ext-level comman ds to con figure OSPF admi nistrativ e dist ances for routes. related commands: related commands: applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 9 - 20 © 2004 F oundry N etworks, In c. June 2004 configure router osp f dist ance osp f This c ommand accesses next-lev el comm ands th at config ure OSPF a dministr ative dis tanc es based on route type. related commands: applicable sys tems: All mode ls.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 21 configure router osp f dist ance osp f external This co mmand c onfigures the dist ance paramet er for ex ternal rou tes.
Foundry AR-Se ries Rou ter User Gu ide 9 - 22 © 2004 F oundry N etworks, In c. June 2004 configure router osp f dist ance osp f non_external This co mmand c onfigures the dist ance paramet er for inter- and intra-a rea route s.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 23 configure router osp f interface This c omm a nd co nfi g ure s an int er f ace f or O S PF ro utin g.
Foundry AR-Se ries Rou ter User Gu ide 9 - 24 © 2004 F oundry N etworks, In c. June 2004 configure router osp f interfa ce authentication This co mmand c onfigures the authe nticat ion type on a n inte rface.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 25 configure router osp f interface cost This co mmand c onfigures the OSPF m etric cost f or a spec ific interf ace.
Foundry AR-Se ries Rou ter User Gu ide 9 - 26 © 2004 F oundry N etworks, In c. June 2004 configure router osp f interfa ce dea d_ interval This co mmand s ets th e time, in second s, that an OSPF ne ighbor will wait for a hello p acket. Once t he user-de fined tim e expires , the interf ace assu mes that the neigh bor is dow n.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 27 configure router osp f interfa ce hell o_interval This co mmand s ets th e time in terval, in seconds , betwee n the hell o pac kets that are se nt on the i nterface.
Foundry AR-Se ries Rou ter User Gu ide 9 - 28 © 2004 F oundry N etworks, In c. June 2004 configure router osp f interface ne ighbor This co mmand s ets up an OSPF neig hbor router f or an interf ace that i s used on a non-broadc ast network .
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 29 configure router osp f interface networ k This co mmand c onfigures the OSPF n etwork type on an int erface.
Foundry AR-Se ries Rou ter User Gu ide 9 - 30 © 2004 F oundry N etworks, In c. June 2004 applicable sys tems: All mode ls..
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 31 configure router osp f interfa ce poll_interval This c ommand, used for nonbro adcas t inte rfaces o nly , specifi es ho w of ten the route r s ends hello pa cket s from the inter face before es tabli shing adj acency with a neig hbor .
Foundry AR-Se ries Rou ter User Gu ide 9 - 32 © 2004 F oundry N etworks, In c. June 2004 configure router osp f interface pri ority This co mmand c onfigures the priori ty (which i s used i n the electio n of de signated routes) to establ ish the design ated rou ter .
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 33 configure router osp f interfa ce retransmit_inter val This co mmand c onfigur es the ret ransmit ti me for the link st ate adv ertiseme nt retran smission for neig hbors belongi ng to t he interface.
Foundry AR-Se ries Rou ter User Gu ide 9 - 34 © 2004 F oundry N etworks, In c. June 2004 configure router osp f interfa ce transmit_delay This co mmand c onfigur es the ap proximat e time it takes to transm it a link state advertise ment u pdate p acket on the inte rface.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 35 configure router osp f redistribute This co mmand a ccesses n ext-level commands that are us ed to redi stribu te routes f rom other ro uters or rou ting prot oco ls.
Foundry AR-Se ries Rou ter User Gu ide 9 - 36 © 2004 F oundry N etworks, In c. June 2004 configure router osp f redistribute bgp This co mmand re distribute s BGP rout es.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 37 configure router osp f red istribute connec ted This co mmand re distribute s conne cted interf ace routes.
Foundry AR-Se ries Rou ter User Gu ide 9 - 38 © 2004 F oundry N etworks, In c. June 2004 configure router osp f redistribute ri p This co mmand re distribute s RIP routes .
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 39 configure router osp f redistribute st atic This co mmand re distribute s sta tic rou tes.
Foundry AR-Se ries Rou ter User Gu ide 9 - 40 © 2004 F oundry N etworks, In c. June 2004 configure router osp f ref_bw This co mmand c alculate s OSPF int erface cost a ccording to bandw idth usage. S pecifying a large num ber help s dif feren tiate cost on mult iple high bandwid th lin ks.
OSPF C onfig ure C omman ds June 20 04 © 2004 F oundry Netw orks, In c. 9 - 41 configure router osp f timers This co mmand c onfigu res and a djust s osp f sp f timers.
Foundry AR-Se ries Rou ter User Gu ide 9 - 42 © 2004 F oundry N etworks, In c. June 2004.
June 20 04 © 2004 F oundry N etworks, In c. 10 - 1 Chapter 10 OSPF Show Commands Use OSPF d isplay/ show co mmands to displ ay all co nfigured O SPF inf ormation. NOTE: The CL I commands “show” and “display ” can be u sed interc hangeabl y . show ip ospf area This co mmand d isplays configur ation i nformatio n about an OSPF are a.
Foundry AR-Se ries Rou ter User Gu ide 10 - 2 © 2004 F oundry Netw orks, In c. June 200 4 related commands: applicable sys tems: All mode ls. show ip osp f global show ip os pf databa se show ip ospf.
OSPF S how Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 10 - 3 show ip ospf dat abase This co mmand p rovides a ccess to c ommands that displa y info rmation a bout an O SPF datab ase. synt ax: data base example : Foundry- AR1208# s how ip osp f dat abase related commands: related commands: applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 10 - 4 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f dat abase all This co mmand d isplays informati on related to the OSPF datab ases of the route r .
OSPF S how Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 10 - 5 show ip osp f dat abase asbr_summary This co mmand d isplays informati on about AS BR summ ary link states .
Foundry AR-Se ries Rou ter User Gu ide 10 - 6 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f dat abase dat abase_summary This c omma nd di sp lay s OSPF databa se su mmary inf or mat i on.
OSPF S how Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 10 - 7 show ip osp f dat abase external This co mmand d isplays information about e xternal L SAs in the OSPF dat abase.
Foundry AR-Se ries Rou ter User Gu ide 10 - 8 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f dat abase network This co mmand d isplays datab ase inform ation abo ut the net work LSAs .
OSPF S how Co mman ds June 20 04 © 2004 F oundry N etworks, In c. 10 - 9 show ip osp f dat abase nssa_external This co mmand shows OSPF d atabas e informa tion about NSSA e xternal LSAs .
Foundry AR-Se ries Rou ter User Gu ide 10 - 10 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f dat abase router This co mmand s hows infor mation ab out rout er LSAs in t he OSPF dat abase.
OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 1 1 show ip osp f dat abase self_orig inate This co mmand d isplays OSPF datab ase info rmation ab out se lf-origina ted LSAs in the router .
Foundry AR-Se ries Rou ter User Gu ide 10 - 12 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f dat a base summary This co mmand d isplays in formation about sum mary LSAs in the OSPF da tabas e.
OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 13 show ip o sp f global This co mmand d isplays global O SPF informa tion. synt ax: global example : Foundry- AR1208# s how ip osp f global related commands: applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 10 - 14 © 2004 F oundry Netw orks, In c. June 200 4 show i p ospf interface This co mmand p rovides a ccess to c ommands th at displa y informa tion a bout configu red OSPF interfaces.
OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 15 show ip osp f interface all This co mmand d isplays configur ation i nformatio n about al l configu red OSPF interface s. synt ax: inter face all example : Foundry- AR1208# s how ip osp f interface all related commands: applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 10 - 16 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f interface bundle This co mmand d isplays configur ation i nformatio n about an OSPF bu ndle.
OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 17 show ip osp f interface ethernet This co mmand d isplays OSPF configu ration informatio n about an Ethernet interface .
Foundry AR-Se ries Rou ter User Gu ide 10 - 18 © 2004 F oundry Netw orks, In c. June 200 4 show ip o sp f neighbor This co mmand p rovides a ccess to next-lev el comm ands tha t display configu ration info rmation a bout OSPF neighbo rs.
OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 19 show ip o sp f neighbor det a il This co mmand d isplays detai led OSPF c onfigur ation info rmation a bout all n eighbors. synt ax: nei gh bor deta il example : Foundry- AR1208# s how ip osp f neighbor det ail related commands: applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 10 - 20 © 2004 F oundry Netw orks, In c. June 200 4 show ip o sp f neighbor id This co mmand d isplays OSPF conf iguration informa tion abou t a speci fic neig hbor . synt ax: neighbo r id < IP address > example : Foundry- AR1208# s how ip osp f neighbor id 10.
OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 21 show ip o sp f neighbor interface This co mmand p rovides a ccess to c ommands that dis play OSPF configura tion inform ation ab out all neighbors in an interf ace.
Foundry AR-Se ries Rou ter User Gu ide 10 - 22 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f neighbor interface bundle This co mmand d isplays informati on about a n OSPF nei ghbors on a b undle interface.
OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 23 show ip osp f neighbor interface ethernet This co mmand d isplays configur ation info rmatio n about a n eighbor on an Ethe rnet interfa ce.
Foundry AR-Se ries Rou ter User Gu ide 10 - 24 © 2004 F oundry Netw orks, In c. June 200 4 show ip o sp f neighbor list This co mmand d isplays a list of neighbors attac hed to thi s router . synt ax: neighbo r list example : Foundry- AR1208# s how ip osp f neighbor list related commands: applicable sys tems: All mode ls.
OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 25 show ip ospf request_list This co mmand d isplays the LSAs i n the reque st list o f the specifi ed neighb or . synt ax: request_ list < IP a ddress > example : Foundry- AR1208# s how ip osp f request_lis t 10.
Foundry AR-Se ries Rou ter User Gu ide 10 - 26 © 2004 F oundry Netw orks, In c. June 200 4 show ip osp f retransmission_li st This co mmand d isplays the LSAs i n the retran smissi on list of the spec ified nei ghbor . synt ax: retransm ission_ list < IP a ddress > example : Foundry- AR1208# s how ip osp f retransmissi on_list 1 0.
OSPF S how Co mman ds June 20 04 © 2004 F oundry Netw orks, In c. 10 - 27 show ip os p f virtual_ link s This co mmand d isplays informati on about c onfigured OSPF virtu al links. synt ax: virtual_ links [ < IP address > ] example : Foundry- AR1208# s how ip osp f virtual_link s related commands: applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 10 - 28 © 2004 F oundry Netw orks, In c. June 200 4.
June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 1 Chap te r 1 1 RIP Confi g ure Com man ds Use RIP config ure comm ands to c onfigure a ll RIP p aramete rs. NOTE: See t he command configure interface loop back in th e Command Reference Guide : Domestic Product s for im portant informati on about l oopback interfaces .
Foundry AR-Se ries Rou ter User Gu ide 1 1 - 2 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip This co mmand e nables th e Routing I nformation Protocol (RIP ). synt ax: [ no ] rou ter rip example : Foundry- AR1208/c onfigur e# rout er r ip related commands: applicable sys tems: All mode ls.
RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 3 configure router rip default_me tric This co mmand s ets th e global default m etric valu es for R IP .
Foundry AR-Se ries Rou ter User Gu ide 1 1 - 4 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip dist ance This co mmand c onfigures the dist ance value for R IP protoco l on a rou ter .
RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 5 configure router rip interface This co mmand e nables RIP f or an interf ace. The inte rface is identifie d by the interface name. Use ethernet0 for Ethernet 0 and et hernet1 for Ethernet 1.
Foundry AR-Se ries Rou ter User Gu ide 1 1 - 6 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip interface authenticatio n This co mmand c onfigures RIP-2 aut henticati on for an i nterface. The type of aut henticati on and the key val ue to be u sed can be s pecifie d, but this is only valid with RIP versio n 2 (mode 3) .
RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 7 configure router rip interface distri bute_list This co mmand c onfigures the acce ss list to be use d to filter either inc oming or outg oing route s for this interface . This co mmand i s used i n conjuncti on with t he redistri bute com mand.
Foundry AR-Se ries Rou ter User Gu ide 1 1 - 8 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip interface metri c This co mmand c onfigures the metri c value for R IP routes for this in terface.
RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 9 configure router rip interface mo de This co mmand c onfigures RIP mode fo r the spec ific interfac e. This co mmand i s similar to the globa l RIP mode com mand, but i t is on ly applica ble to the current interface.
Foundry AR-Se ries Rou ter User Gu ide 1 1 - 10 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip interface neigh bor This co mmand s pecifies a RIP neigh bor for a specific i nterface. Use th is comman d multipl e times to add multiple neighbors .
RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 1 1 configure router rip interface p assive This c omma nd co nfig ures R IP mo de for a sp ec ifi c inte rf ac e to passiv e (lis ten - onl y) mod e. Use th is comman d to overri de a glob al RIP mo de config ured for an interface .
Foundry AR-Se ries Rou ter User Gu ide 1 1 - 12 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip interface sp lit_horizon This co mmand c onfigur es the spli t-horizon mechanis m on an interface. By defau lt, split horizon is e nabled for all interfa ces for pois on-revers e.
RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 13 configure router rip mode This co mmand g lobally configure s RIP mo de for all i nterfaces .
Foundry AR-Se ries Rou ter User Gu ide 1 1 - 14 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip pacing This co mmand e nables RI P updates s ent from th is router t o be releas ed to the network in a cont rolled ma nner to avoid t raf fic bottle necks.
RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 15 configure router rip p assive This co mmand c onfigures RIP p assive (lis ten only ) mode. All conf igured interfaces will only listen to RIP (ve rsion 1 an d 2) update s, but will not s end any u pdates.
Foundry AR-Se ries Rou ter User Gu ide 1 1 - 16 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip redistrib ute This co mmand a ccesse s the foll owing next -level co mmands that confi gure th e system to use RIP update s to redistri bute routes learned f rom other ro uting proto cols.
RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 17 configure router rip red istribute bgp This co mmand c onfigures RIP to red istribute bgp routes.
Foundry AR-Se ries Rou ter User Gu ide 1 1 - 18 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip redistrib ute connected This c omma nd co nfig ure s RIP t o re di str i but e con n ect ed rou tes .
RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 19 configure router rip redistrib ute osp f This c omma nd co nfig ure s R IP t o redi stri but e O SPF r out e s.
Foundry AR-Se ries Rou ter User Gu ide 1 1 - 20 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip redistri bute st atic This co mmand c onfigures RIP to red istribute static routes.
RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 21 configure router rip time rs This co mmand a ccesses th e foll owing next -level co mmands that confi gure th e global RIP timers. related commands: applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 1 1 - 22 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip timers flush This co mmand c onfigu res the gl obal RIP flush tim er . This is the time interval in secon ds that must pa ss before the route i s removed fro m the rout ing t able.
RIP Configure Commands June 20 04 © 2004 F oundry Netw orks, In c. 1 1 - 23 configure router rip time rs holddow n This co mmand c onfigur es the gl obal RIP hold down t imers. Hold d own time i s the inte rval in sec onds duri ng which ro uting info rmation re garding be tter rout es is su ppressed.
Foundry AR-Se ries Rou ter User Gu ide 1 1 - 24 © 20 04 Foun dry Netwo rks, Inc. Ju ne 2004 configure router rip timers up date This co mmand c onfigu res the gl obal RIP update tim er . This t ime r spec ifies the inter val in seco nds for se nding per i odi c RIP up dat es.
June 20 04 © 2004 F oundry N etworks, In c. 12 - 1 Chapter 12 RIP show Commands Use RIP display/ show com mands to display all configu red RIP in formation.
Foundry AR-Se ries Rou ter User Gu ide 12 - 2 © 2004 F oundry Netw orks, In c. June 200 4 show ip r ip This co mmand a ccesse s the foll owing n ext-level comman ds that di splay m ore spec ific informat ion. related commands: applicable sys tems: All mode ls.
RIP s how Co mmands June 20 04 © 2004 F oundry N etworks, In c. 12 - 3 show ip rip global This co mmand d isplays global con figured informati on about m ode, dist ance, default metri c, and tim ers for RIP . synt ax: show ip rip glo bal example : Foundry- AR1208# s how ip rip g lobal related commands: applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 12 - 4 © 2004 F oundry Netw orks, In c. June 200 4 show ip rip interface This co mmand a ccesse s the foll owing n ext-level comman ds that di splay c onfigur ation info rmation a bout mode , metric, authentic ation, sp lit horizo n, and routers for the RIP interf ace.
RIP s how Co mmands June 20 04 © 2004 F oundry N etworks, In c. 12 - 5 show ip rip interface al l This co mmand d isplays informati on about a ll confi gured RIP inte rfaces. synt ax: show ip rip inte rface all example : Foundry- AR1208# s how ip rip in terface all related commands: applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 12 - 6 © 2004 F oundry Netw orks, In c. June 200 4 show ip rip interface bundle This co mmand d isplays RIP informa tion fo r a configu red bundl e.
RIP s how Co mmands June 20 04 © 2004 F oundry N etworks, In c. 12 - 7 show ip rip interface etherne t This c omm a nd di spl ays RI P inf orm atio n abo ut th e Eth ernet int erf ace.
Foundry AR-Se ries Rou ter User Gu ide 12 - 8 © 2004 F oundry Netw orks, In c. June 200 4 show ip rip interface st atistics This co mmand di splays g lobal RIP int erface st atistic s, such as th e number of pad p acket s receiv ed, the numbe r or bad r outes rece ived, an d the numb er of trigge red update s sent.
RIP s how Co mmands June 20 04 © 2004 F oundry N etworks, In c. 12 - 9 show ip rip st atistics This co mmand s hows glob al RIP st atistics, suc h as route changes and querie s. synt ax: show ip rip st atistic s example : Foundry- AR1208# s how ip rip s tatis tics related commands: applicable sys tems: All mode ls.
Foundry AR-Se ries Rou ter User Gu ide 12 - 10 © 2004 F oundry Netw orks, In c. June 200 4.
June 20 04 © 2004 F oundry N etworks, In c. 13 - 1 Chapter 13 AS Path Regular Expressions This app endix prov ides informa tion about how to use and config ure regular e xpressio ns for use wi th BGP4 routing proto col comman ds.
Foundry AR-Se ries Rou ter User Gu ide 13 - 2 © 2004 F oundry Netw orks, In c. June 200 4 !AS Matches any AS num ber excep t the giv en one. AS1 -AS2 Is a range of ASs. It match es all AS num bers betw een AS1 an d AS2 inclus ive. !AS1 - AS2 This matc hes all numbers e xcept th e given o ne.
June 20 04 © 2004 F oundry N etworks, In c. 14 - 1 Chapter 14 Multicasting Multicasting Over view T radit ional mu lticast ro uting mec hanisms s uch as Di stanc e V ector Multic ast Rout ing Protoco.
Foundry AR-Se ries Rou ter User Gu ide 14 - 2 © 2004 F oundry Netw orks, In c. June 200 4 Confi gure Join/ Prune Holdtime Foundry/c onfigur e/ip/pim# join-prune -holdt ime <tim e# Confi gure Join .
Multi cast ing June 20 04 © 2004 F oundry N etworks, In c. 14 - 3 The sho w and de bug PIM co mmands are : Confi gure as ca ndidate RP period Foundry/c onfigure/i p/pim/ crp#period <ti me# Confi g.
Foundry AR-Se ries Rou ter User Gu ide 14 - 4 © 2004 F oundry Netw orks, In c. June 200 4 Protocol Independent Mult icast - Source S pecific Multi cast (PIM-SSM) By runnin g PIM-SSM a nd IGMPv 3, you can im plement a Source S pecific Multica st (SSM) ser vice mod el in yo ur network.
Multi cast ing June 20 04 © 2004 F oundry N etworks, In c. 14 - 5 membe rship info rmation en ables th e router to f orward traf fic only from t hose sou rces from which r eceivers requeste d the t raffic . IGMPv3 support s appli cations that expli citly sign al source s from whi ch they wa nt to receive traffic .
Foundry AR-Se ries Rou ter User Gu ide 14 - 6 © 2004 F oundry Netw orks, In c. June 200 4 T raceroute Facilit y for IP Multicast With mu lticast di stri but ion tre es , tr aci ng fro m a sou rce to a mu lti ca st de sti nat ion is d if ficult, since the b ranch of the multic ast tree on w hich the de stinatio n lies is un known.
Multi cast ing June 20 04 © 2004 F oundry N etworks, In c. 14 - 7 Multic ast tracer oute use s any info rmation a vailable to it in the r outer to try to dete rmine a previous hop to f orward the trace tow a rds .
Foundry AR-Se ries Rou ter User Gu ide 14 - 8 © 2004 F oundry Netw orks, In c. June 200 4 When mu ltip ath is d isabled, Fou ndry sele ct s the next hop addre ss with lo west ip address. For e qual cos t routes the nex thop s are sto red in the increa sing (asc ending) o rder of I P address.
June 20 04 © 2004 F oundry N etworks, In c. 15 - 1 Chapter 15 Security Features Introduction to Security Foundry introdu ces a w ide range of robust i ndust ry-stan dard sec urity featu res inclu din.
Foundry AR-Se ries Rou ter User Gu ide 15 - 2 © 2004 F oundry Netw orks, In c. June 200 4 Securing Remote Access Using IPSec VPN The featu res allow a dminist rators to fo rm a secu rity tu nnel to join two p rivate net works over the Inte rnet.
Secu rity Fe atur es June 20 04 © 2004 F oundry N etworks, In c. 15 - 3 In tunne l mode, at each IKE en d point, th e IP traf fic to be protec ted is co mpletely encap sulated with anothe r IP pac ket . In thi s, the inn er IP hea der rem ai ns the sa me as seen in the or igi nal traf fic to be protected.
Step 2: Configu re the E thernet in terface w ith trust ed networ k type: Step 3: Display the cryp to interf aces: Step 4: Add the route to t he peer LAN: Step 5: Configur e IKE to t he peer gat eway: Router1/configure# interface ethernet 0 Configuring existing Ethernet interface Router1/configure interface/ethernet 0# ip a ddress 10.
Secu rity Fe atur es June 20 04 © 2004 F oundry N etworks, In c. 15 - 5 Step 6: Display the IKE po licies: Step 7: Display the IKE policies in detail: S tep 8 : Conf igur e th e IPSe c tun nel to the r emot e host : NOTE: For IPSec o nly – w hen you c reate an o utbound tu nnel, an i nbound tu nnel is a utomatic ally crea ted.
Foundry AR-Se ries Rou ter User Gu ide 15 - 6 © 2004 F oundry Netw orks, In c. June 200 4 Step 9: Display the IPSec policie s: Step 10: Display IPSec p olicies in detail: Router1# show crypto ipsec policy all Policy Peer Match Proto Transform ------ ---- ----- ----- --------- Router2 172.
Secu rity Fe atur es June 20 04 © 2004 F oundry N etworks, In c. 15 - 7 Step 1 1: Configure firewall policies to allow IKE negotiation through untrusted interf ace (applicable only i f firewall lice .
Foundry AR-Se ries Rou ter User Gu ide 15 - 8 © 2004 F oundry Netw orks, In c. June 200 4 Step 14: Display fire wall policies in the internet map in detail (applicable only if firewal l license is en.
Secu rity Fe atur es June 20 04 © 2004 F oundry N etworks, In c. 15 - 9 Step 15: Enable SNMP on the Router1 ro ute r: Step 16: Display SNMP co mmunities: Step 17: Repeat step s 1 - 16 with suit able modifications on Router2 prior to managing Router1 from Router2’ s LAN side.
Foundry AR-Se ries Rou ter User Gu ide 15 - 10 © 2004 F oundry Netw orks, In c. June 200 4 Example 2: Joining T wo Private Netw orks with an IP Security T unnel The foll owing e xample dem onstrates how to fo rm an IP s ecurity tunne l to jo in two priv ate net works: 10.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 1 1 Figure 1 Tunnel Mode Be tween T wo Foundry S ecurity G ateways - Sing le Pro posals Step 1 : Configur e a W AN bundle of netw.
Foundry AR-Se ries Rou ter User Gu ide 15 - 12 © 2004 F oundry Netw orks, In c. June 200 4 Step 5: Configu re IKE to the peer gateway: Step 6: Display the IKE po licies: Step 7: Display the IKE policies in detail: Router1/configure# crypto Router1/configure/crypto# ike polic y Router2 172.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 13 Step 8 : Configure IPSec tunnel to the remote host: NOTE: For IPSec o nly – w hen you c reate an o utbound tu nnel, an i nbound tu nnel is a utomatic ally crea ted.
Foundry AR-Se ries Rou ter User Gu ide 15 - 14 © 2004 F oundry Netw orks, In c. June 200 4 Step 10: Display IPSec p olicies de tail: Step 1 1: Configure firewall policies to allow IKE negotiation thr.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 15 Step 12: Display fire wall policies i n the intern et map (applicabl e only if firewall license is enabled ): Step 13: Display.
Foundry AR-Se ries Rou ter User Gu ide 15 - 16 © 2004 F oundry Netw orks, In c. June 200 4 Step 15: Display firewall policies in the corp map (a pplicable only if fi rewall licens e is enabled): Rout.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 17 Step 16: Display firewall p olicies i n the corp map in detail (applicable only if firewall li cense is enabled ): Route r1# s.
Foundry AR-Se ries Rou ter User Gu ide 15 - 18 © 2004 F oundry Netw orks, In c. June 200 4 Step17: Repeat steps 1 -16 with s uitable modification s on Rout er2 pr ior to passing traf fic. Step 1 8: T est the IPSec tunnel between Rout er1 and Router2 by p assing traffic from the 10.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 19 Example 3: Joining T wo Networks with an IPSec T unnel usi ng Multiple IPSec Proposals The foll owing e xample dem onstrates how a sec urity gate way can use multip le IPSec (ph ase2) prop osals to form an IP sec urity tun nel to joi n two private n etworks: 10 .
Foundry AR-Se ries Rou ter User Gu ide 15 - 20 © 2004 F oundry Netw orks, In c. June 200 4 Figure 2 Tunnel Mode Be tween T wo Foundry S ecurity G ateways - Multi ple Pr oposals Step 1 : Configur e a .
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 21 Step 5: Configu re IKE to the peer gateway: Step 6: Display the IKE po licies: Step 7: Display the IKE policies in detail: Router1/configure# crypto Router1/configure/crypto# ike polic y Router2 172.
Foundry AR-Se ries Rou ter User Gu ide 15 - 22 © 2004 F oundry Netw orks, In c. June 200 4 Step 8 : Configure IPSec tunnel to the remote host: NOTE: For IPSec o nly – w hen you c reate an o utbound tu nnel, an i nbound tu nnel is a utomatic ally crea ted.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 23 Step 10: Configure firew all policies to allow IKE negotiation t hrough untrusted interface (applicable only i f firewall lice nse is also enabled): Router1# show crypto ipsec policy all de tail Policy name Router2 is enabled, Directio n is outbound Peer Address is 172.
Foundry AR-Se ries Rou ter User Gu ide 15 - 24 © 2004 F oundry Netw orks, In c. June 200 4 Step 1 1: Displ ay firewall policies in th e inte rnet map ( applicable only if f irewall lic ense is enable.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 25 Step 14: Display firewall policies in the corp map (a pplicable only if fi rewall licens e is enabled): Router1# show firewall.
Foundry AR-Se ries Rou ter User Gu ide 15 - 26 © 2004 F oundry Netw orks, In c. June 200 4 Step 15: Display firewall p olicies i n the corp map in detail (applicable only if firewall li cense is enab.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 27 Step16: Repeat steps 1 -15 with s uitable modification s on Rout er2 pr ior to passing bi- directional traffic. Step 1 7: T est the IPSec tunnel between Rout er1 and Router2 by p assing traffic from the 10.
Foundry AR-Se ries Rou ter User Gu ide 15 - 28 © 2004 F oundry Netw orks, In c. June 200 4 Example 4: Supporting Remote User Access The foll owing e xample dem onstrates how to con figure a Fo undry ro uter to be an IPSec VPN s erver usin g user group method wi th extende d authenti cation (XAUTH) for remote VPN clien ts.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 29 Figur e 15.2 IPSec T unneling Using User Group Method Step 1 : Configur e a W AN bundle of network type untrust ed: Step 2 : C.
Foundry AR-Se ries Rou ter User Gu ide 15 - 30 © 2004 F oundry Netw orks, In c. June 200 4 Step 3: Display the cry pto inte rfaces: Step 4: Configur e dynamic IKE policy for a group of mobile users: .
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 31 Step 6: Display dynamic IKE policies in detail: Step 7: Configur e dynamic IPSec policy for a group of mobile users: Step 8: D.
Foundry AR-Se ries Rou ter User Gu ide 15 - 32 © 2004 F oundry Netw orks, In c. June 200 4 Step 9: Display dynamic IPSec policie s in detail: Step 10: Configu re rad ius serve r (applicab le on ly if.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 33 Step 1 1: Configure firewall policies to allow IKE negotiation through untrusted interf ace (applicable only i f firewall lice.
Foundry AR-Se ries Rou ter User Gu ide 15 - 34 © 2004 F oundry Netw orks, In c. June 200 4 Step 14: Conf igure firew all polic ies fo r a gr oup of mo bile user s to allo w acces s to the local L AN .
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 35 Step 16: Display firewall p olicies i n the corp map in detail (applicable only if firewall li cense is enabled ): Router1# sh.
Foundry AR-Se ries Rou ter User Gu ide 15 - 36 © 2004 F oundry Netw orks, In c. June 200 4 Step 17: T est t he IPSec tunnel b etween th e VPN clie nt and the serve r by passing tra ffic fro m the client to the 1 0.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 37 Example 5: Configuring IPSec Remote Access to Corporat e LAN with Mode- Configuration Method The foll owing e xample dem onstrates how to con figure a Fo undry ro uter to be an IPSec VPN s erver usin g mode- configu ration method.
Foundry AR-Se ries Rou ter User Gu ide 15 - 38 © 2004 F oundry Netw orks, In c. June 200 4 Figur e 15.3 IPSec T unneling Us ing Mode Configurat ion Met hod Step 1 : Configur e a W AN bundle of networ.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 39 Step 3: Display the cry pto inte rfaces: Step 4: Configur e dynamic IKE policy for a group of mobile users: Step 5: Display dy.
Foundry AR-Se ries Rou ter User Gu ide 15 - 40 © 2004 F oundry Netw orks, In c. June 200 4 Step 6: Display dynamic IKE policies in detail: Step 7: Configur e dynamic IPSec policy for a group of mobil.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 41 Step 9: Display dynamic IPSec policie s in detai:l Step 10: Configure firew all policies to allow IKE negotiation t hrough unt.
Foundry AR-Se ries Rou ter User Gu ide 15 - 42 © 2004 F oundry Netw orks, In c. June 200 4 Step 12: Display fire wall policies in the internet map in detail (applicable only if firewal l license is e.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 43 Step 15: Display firewall p olicies i n the corp map in detail (applicable only if firewall li cense is enabled ): Router1# sh.
Foundry AR-Se ries Rou ter User Gu ide 15 - 44 © 2004 F oundry Netw orks, In c. June 200 4 Step 16: T est t he IPSec tunnel b etween th e VPN clie nt and the serve r by passing tra ffic fro m the client to the 1 0.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 45 Configuring GR E Generic Routing En caps ulation (G RE) is a stand ards-base d (RFC1701 , RFC2784) tunneling protocol that can.
Foundry AR-Se ries Rou ter User Gu ide 15 - 46 © 2004 F oundry Netw orks, In c. June 200 4 GRE Configuration Examples This ex ample ex plains how to confi gure a bas ic GRE tun nel as show n in Fig ure 15.4. Figure 15.4 Sim ple GRE config uratio n Configuring Site to Site T unnel T o configure G RE in a si te to site tunnel co nfiguratio n: 1.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 47 NOTE: The peer of a lo cal W AN i nterface cann ot be use d as a tun nel desti nation. 4. V erify that th e tunnel is up and running. (I f it is not , check the Gatewa y and Sou rce Addr ess fie lds.
Foundry AR-Se ries Rou ter User Gu ide 15 - 48 © 2004 F oundry Netw orks, In c. June 200 4 5. C onfi gur e t he Ci sco s ide : With the tunn el pr ope rly con figu red and w orkin g, users on one sid e of the tunn el ca n pi ng us ers on the othe r sid e.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 49 3. C onfi gur e the r out e s: 4. D efin e th e poli cy: 5. Check th e st atus of th e tunnel by ent ering: Foundr y# sh ow i .
Foundry AR-Se ries Rou ter User Gu ide 15 - 50 © 2004 F oundry Netw orks, In c. June 200 4 NOTE: Using the redist ribute co nnected c ommand add s a recurs ive route to the tun nel de stination . This will cause the tunnel to shut do wn. T o prevent thi s, add a 32-bit st atic rou te for the tu nnel des tination.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 51 Step 1:Configu re the Et hernet interface s and the W AN interfaces with IP a ddresses: Step 2: Create the secur ity zones C O.
Foundry AR-Se ries Rou ter User Gu ide 15 - 52 © 2004 F oundry Netw orks, In c. June 200 4 Step 5: V er ify the firewall policy for Security Zone CORP: Step 6: V er ify that the HTTP filter object in.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 53 Step 8:V erify the firewall policy for Security Zone DMZ: Step 9: V erify that the FTP filter object s for Security Zone DMZ a.
Foundry AR-Se ries Rou ter User Gu ide 15 - 54 © 2004 F oundry Netw orks, In c. June 200 4 Step 1 1:V erify the system configurati on by displaying th e running configuration: Foundry/configure# show configuration running Please wait.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 55 qos exit qos vrrp_mode 0 aaa exit aaa crypto trusted exit ethernet interface ethernet 1 ip address 10.
Foundry AR-Se ries Rou ter User Gu ide 15 - 56 © 2004 F oundry Netw orks, In c. June 200 4 load_balance per_flow multicast exit multicast route 0.0.0.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 57 Packet Reassembly T o configure t he firewa ll to perfo rm IP reass embly of ov ersized packet s that ha ve been f ragmen ted,.
Foundry AR-Se ries Rou ter User Gu ide 15 - 58 © 2004 F oundry Netw orks, In c. June 200 4 NA T Configuration Examples Dynamic NA T (many to m any) In dyna mic (man y-to-many ) NA T type, multiple source IP addresse s in the corp orate netw ork will b e mapped to multipl e NA T IP add resses (not n ecessarily of equal number).
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 59 St atic NA T (one to one) Figure 15.7 St atic NA T In st atic (one- to-one) NA T type, fo r each IP ad dress in the corporate network, one NA T IP address will be u sed. For exam ple, for th e three IP addre sses from 1 0.
Foundry AR-Se ries Rou ter User Gu ide 15 - 60 © 2004 F oundry Netw orks, In c. June 200 4 Figure 15.8 Mapp ing Multiple NA T Addresses to One Public IP Address There are two method s to confi gure Port Add ress T ranslation (P A T) on the Foundry ga teway .
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 61 Security Pr otocol Default s This se ction pro vides in formation about IPSec supported protocol s and mod es, encry ption alg orithms and block sizes , and Foun dry IPSec an d IKE defaul t values .
Foundry AR-Se ries Rou ter User Gu ide 15 - 62 © 2004 F oundry Netw orks, In c. June 200 4 Foundry IKE and IPSec Default s T o minimize c onfigurati on required by the us er , default IKE and IPSec v alues have been imp lemented in Foundry’ s encryption scheme.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 63 IPSec Defaults T able 15.6: lis ts IPSec default s. When the user creat es an IPSec p olicy and provides the match add ress, an IPSe c propo sal wit h priority 1 is auto maticall y created .
Foundry AR-Se ries Rou ter User Gu ide 15 - 64 © 2004 F oundry Netw orks, In c. June 200 4 Direction No Default Action Permi t Tr a f f i c t y pe Tr an s it Source Por t Any Destination Port Any Sch.
Secu rity Fe atur es June 20 04 © 2004 F oundry Netw orks, In c. 15 - 65 T u nneling Defau lt V alues This se ction pro vides the IP-IP and G RE tunnel ing protoc ol defaul t values.
Foundry AR-Se ries Rou ter User Gu ide 15 - 66 © 2004 F oundry Netw orks, In c. June 200 4.
June 20 04 © 2004 F oundry N etworks, In c. Inde x - 1 A abbrevi ated comma nds 4-3 Audienc e 3-1 B bold ty pe 4-3 C comma nd lin e inte rfac e conven tions us ed 4-1 getting hel p 4-4 comma nd nav i.
Foundry AR-Se ries Rou ter User Gu ide Index - 2 © 2004 F oundry Netw orks, In c. June 200 4.
An important point after buying a device Foundry Networks AR3202 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Foundry Networks AR3202 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Foundry Networks AR3202 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Foundry Networks AR3202 you will learn all the available features of the product, as well as information on its operation. The information that you get Foundry Networks AR3202 will certainly help you make a decision on the purchase.
If you already are a holder of Foundry Networks AR3202, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Foundry Networks AR3202.
However, one of the most important roles played by the user manual is to help in solving problems with Foundry Networks AR3202. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Foundry Networks AR3202 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center