Enterasys ANG-3000 Betriebsanweisung

XSR-1805User’s GuideVersion 5.09033723-07 X-Pedition™ Security Router

66 XSR User’s GuideGeneral IP Features Chapter 5Configuring IPNOTEThe XSR supports a total of 516 dynamic ARP entries, 128 ARP requests pending, and 2

XSR User’s Guide 67Chapter 5 General IP FeaturesConfiguring IPThe XSR supports directed broadcast using the ip directed-broadcast command. For securit

68 XSR User’s GuideGeneral IP Features Chapter 5Configuring IPIRDP allows hosts to locate routers and can also infer router locations by checking RIP

XSR User’s Guide 69Chapter 5 General IP FeaturesConfiguring IPSSHThe Secure Shell (SSH) protocol provides for safe remote login and other network serv

70 XSR User’s GuideGeneral IP Features Chapter 5Configuring IPTrivial File Transfer Protocol (TFTP)TFTP is a bare bones file transfer protocol, as def

XSR User’s Guide 71Chapter 5 General IP FeaturesConfiguring IPSecondary IP can be used when there are insufficient host addresses on a particular netw

72 XSR User’s GuideGeneral IP Features Chapter 5Configuring IP If any router on a network segment uses a secondary address, all other devices on the

XSR User’s Guide 73Chapter 5 General IP FeaturesConfiguring IPWhen ICMP Mask request packets are received, the destination IP address will be matched

74 XSR User’s GuideGeneral IP Features Chapter 5Configuring IPUnnumbered Interface & Secondary IPIf an unnumbered interface attempts to borrow an

XSR User’s Guide 75Chapter 5 General IP FeaturesConfiguring IP The XSR supports 11 IP addresses per VR (1 primary + 10 secondary) With four VR'

Table of ContentsXSR-1805 User’s Guide xiAbout This GuideContents of the Guide ...

76 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IPIP Routing ProtocolsRouting is one of the most important functions of IP. Routing infor

XSR User’s Guide 77Chapter 5 IP Routing ProtocolsConfiguring IP Redistribute static routes into RIP with the redistribute command. Split horizon wit

78 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IP IP split horizon must be enabled (default). Whether poison is enabled or not, trigger

XSR User’s Guide 79Chapter 5 IP Routing ProtocolsConfiguring IP The latest changes are sent when:– The routing database is modified by new data. The

80 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IP An update packet with the flush flag set is received; all routes learned from that ne

XSR User’s Guide 81Chapter 5 IP Routing ProtocolsConfiguring IPOSPF is superior to RIP because as a link-state protocol, it converges faster than RIP,

82 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IP Cost for default route sent into a stub area with the area default cost command Stub

XSR User’s Guide 83Chapter 5 IP Routing ProtocolsConfiguring IP LOCAL 10 STATIC 9 OSPF INTRA 7 OSPF_INTER 6 OSPF_EXT 4 PREF_RIP 4Default Network

84 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IPCIDR addressing also enables route aggregation in which a single high level route entry

XSR User’s Guide 85Chapter 5 IP Routing ProtocolsConfiguring IP Port and Address Translation (NAPT) Standard Access Control Lists (1-99) only suppor

Table of Contentsxii XSR-1805 User’s GuideSupported Physical Interfaces...

86 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IPFigure 9 Simple VRRP TopologyBecause the VR uses the IP address of the physical Ether

XSR User’s Guide 87Chapter 5 IP Routing ProtocolsConfiguring IPFigure 10 Load Balanced, Redundant VRRP TopologyVRRP DefinitionsThe XSR defines VRRP

88 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IPHow the VRRP WorksMultiple IP routers on a single broadcast LAN comprise a single virtu

XSR User’s Guide 89Chapter 5 IP Routing ProtocolsConfiguring IPIn the backup state, a VRRP router monitors the VR master to confirm it is alive, does

90 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IPVRRP FeaturesMultiple Virtual IP Addresses per VRThe XSR permits specifying multiple vi

XSR User’s Guide 91Chapter 5 IP Routing ProtocolsConfiguring IPARP Process on a VRRP RouterThree types of ARP requests can be employed on a VRRP route

92 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IP The master VR must receive packets with a virtual MAC address as the destination MAC

XSR User’s Guide 93Chapter 5 IETF MIBs SupportedConfiguring IPWhen the actual IP address owner of the Virtual IP address releases the master state of

94 XSR User’s GuideConfiguring RIP Examples Chapter 5Configuring IP SNMPv3 MIBs including:– RFC-3411 Framework– RFC-3412 MPD– RFC-3414 USM– RFC-3415

XSR User’s Guide 95Chapter 5 Configuring RIP ExamplesConfiguring IPXSR(config)#interface FastEthernet 1XSR(config-if<F1>#no shutdownXSR(config-i

Table of ContentsXSR-1805 User’s Guide xiiiUsing the Default Button...

96 XSR User’s GuideConfiguring Unnumbered IP Serial Interface Example Chapter 5Configuring IPXSR(config-if<S2/0:0>)#encapsulate pppXSR(config-if

XSR User’s Guide 97Chapter 5 Configuring NAT ExamplesConfiguring IPXSR(config-if<S1/0>)#ip address 154.68.1.47 255.255.255.0XSR(config-if<S1/

98 XSR User’s GuideConfiguring NAT Examples Chapter 5Configuring IP2 The first packet the XSR receives from host 10.1.1.1 causes the router to check i

XSR User’s Guide 99Chapter 5 Configuring NAT ExamplesConfiguring IPFigure 12 NAT Inside Source Translation with Overload (NAPT)Inside source address

100 XSR User’s GuideConfiguring VRRP Example Chapter 5Configuring IPthe inside local address 10.1.1.1 and destination port 1789, then forwards it to 1

XSR User’s Guide 101Chapter 5 Configuring VRRP ExampleConfiguring IPXSRa(config-if<F1>)#vrrp 1 track serial 2/0XSRa(config-if<F1>)#vrrp 1

XSR User’s Guide 1036Configuring PPPOverviewThe Point-to-Point Protocol (PPP), referenced in RFC-1616, is a standard method for transporting multi-pro

104 XSR User’s GuidePPP Features Chapter 6Configuring PPP Authentication of peer entities through:– Password Authentication Protocol (PAP)– Challenge

XSR User’s Guide 105Chapter 6 PPP FeaturesConfiguring PPPNetwork Control Protocol (NCP)The Network Control Protocol (NCP) handles transmission and rec

Table of Contentsxiv XSR-1805 User’s GuideStatistics...

106 XSR User’s GuidePPP Features Chapter 6Configuring PPPPAP is most appropriate where a plaintext password must be available to simulate a login at a

XSR User’s Guide 107Chapter 6 PPP FeaturesConfiguring PPPIt also defines a new packet called Change Password Packet, which enables a client to send a

108 XSR User’s GuidePPP Features Chapter 6Configuring PPP The XSR can receive upper layer protocol data units (PDU) fragmented using the multilink he

XSR User’s Guide 109Chapter 6 PPP FeaturesConfiguring PPPIP Address Assignment In PPP, IPCP configuration option type 3 corresponds to IP address nego

110 XSR User’s GuideConfiguring PPP with a Dialed Backup Line Chapter 6Configuring PPPThe BACP protocol must reach the Opened state using the standard

XSR User’s Guide 111Chapter 6 Configuring a Synchronous Serial InterfaceConfiguring PPPFigure 13 XSR Configuration with One Backup Dial Line to Diff

112 XSR User’s GuideConfiguring a Dialed Backup Line Chapter 6Configuring PPP4 Set the local IP address of this interface.XSR(config-if<S1/0>)#i

XSR User’s Guide 113Chapter 6 Configuring a Dialed Backup LineConfiguring PPP3 Enter media-type {RS232 | RS422 | RS449 | RS530A | V35 | X21} for the c

114 XSR User’s GuideConfiguring BAP Chapter 6Configuring PPPXSR(config-if<D1>)#dialer pool 5XSR(config-if<D1>)#no shutdownConfigure interf

XSR User’s Guide 115Chapter 6 Configuring BAPConfiguring PPPOne function central to DoD is the XSR’s ability to perform LAN route spoofing, a means of

Table of ContentsXSR-1805 User’s Guide xvT1/E1 Error Events Analysis ...

116 XSR User’s GuideConfiguring BAP Chapter 6Configuring PPPXSR1(config-if<BRI-2/0>)#no shutdownXSR1(config-if<BRI-2/0>)#dialer pool-membe

XSR User’s Guide 117Chapter 6 Configuring BAPConfiguring PPPXSR2(config-if<BRI-2/0>)#isdn switch-type basic-ni1XSR2(config-if<BRI-2/0>)#is

118 XSR User’s GuideConfiguring BAP Chapter 6Configuring PPPXSR1(config-if<D1>)#encapsulation pppXSR1(config-if<D1>)#multilink load-thresh

XSR User’s Guide 1197Configuring Frame RelayOverviewFrame Relay is a simple, bit-oriented protocol that offers fast-packet switching for wide-area net

120 XSR User’s GuideOverview Chapter 7Configuring Frame RelayRelay switch are processed by the DLCI in three ways: frames are checked for integrity, t

XSR User’s Guide 121Chapter 7 Frame Relay FeaturesConfiguring Frame RelayDTEsA DTE is a network end station, either the ultimate source or destination

122 XSR User’s GuideMulti-Protocol Encapsulation Chapter 7Configuring Frame Relay Multi-protocol interconnect over Frame Relay - RFC-2427. Only IP is

XSR User’s Guide 123Chapter 7 Controlling Congestion in Frame Relay NetworksConfiguring Frame RelayControlling Congestion in Frame Relay NetworksWhile

124 XSR User’s GuideControlling Congestion in Frame Relay Networks Chapter 7Configuring Frame RelayCIR is the minimum rate of service that a public Fr

XSR User’s Guide 125Chapter 7 Controlling Congestion in Frame Relay NetworksConfiguring Frame RelayBackward Explicit Congestion Notification (BECN)Bac

Table of Contentsxvi XSR-1805 User’s GuideUnnumbered Interface & Secondary IP... 74NAT

126 XSR User’s GuideControlling Congestion in Frame Relay Networks Chapter 7Configuring Frame RelayXSR(config-if<S1/0>)#no shutdownXSR(config-if

XSR User’s Guide 127Chapter 7 Link Management Information (LMI)Configuring Frame RelayLink Management Information (LMI)A Frame Relay switch communicat

128 XSR User’s GuideSub-interface Support Chapter 7Configuring Frame RelayNOTEBe sure the same version of the management protocol resides at each end

XSR User’s Guide 129Chapter 7 Displaying StatisticsConfiguring Frame RelayMap-Class ConfigurationThe Map Class configures a common profile (characteri

130 XSR User’s GuideInterconnecting via Frame Relay Network Chapter 7Configuring Frame RelayInterconnecting via Frame Relay NetworkThe following typic

XSR User’s Guide 131Chapter 7 Configuring Frame RelayConfiguring Frame RelayConfiguring Frame RelayMulti-point to Point-to-Point ExampleThe following

132 XSR User’s GuideConfiguring Frame Relay Chapter 7Configuring Frame RelayA point-to-point network with a 64 Kbps connection is also configured from

XSR User’s Guide 133Chapter 7 Configuring Frame RelayConfiguring Frame RelayOn the Charlotte XSR, enter:XSR(config)#interface serial 1/0XSR(config-if&

XSR User’s Guide 1358Configuring Dialer ServicesThis chapter details information about the XSR’s suite of dialer functionality: Dial Ethernet Failov

Table of ContentsXSR-1805 User’s Guide xviiMultiple VRs Per Router...

136 XSR User’s GuideAsynchronous and Synchronous Support Chapter 8Configuring Dialer Services Addressing using numbered or unnumbered interfaces Out

XSR User’s Guide 137Chapter 8 Asynchronous and Synchronous SupportConfiguring Dialer ServicesAT Commands on Asynchronous PortsOn asynchronous ports, A

138 XSR User’s GuideAsynchronous and Synchronous Support Chapter 8Configuring Dialer ServicesDTR Dialing for Synchronous InterfacesDialer interfaces a

XSR User’s Guide 139Chapter 8 Implementing Dial ServicesConfiguring Dialer ServicesImplementing Dial ServicesDial services are provided by dialer inte

140 XSR User’s GuideImplementing Dial Services Chapter 8Configuring Dialer ServicesDialer ProfilesDialer profiles are comprised of virtual and physica

XSR User’s Guide 141Chapter 8 Implementing Dial ServicesConfiguring Dialer ServicesDialer StringsSetting dialer strings is straightforward but their c

142 XSR User’s GuideImplementing Dial Services Chapter 8Configuring Dialer ServicesPPP is the encapsulation method of choice for Dialer Services becau

XSR User’s Guide 143Chapter 8 Implementing Dial ServicesConfiguring Dialer ServicesFigure 20 Logical View of Dialer ProfilesFigure 20 illustrates ho

144 XSR User’s GuideImplementing Dial Services Chapter 8Configuring Dialer ServicesFigure 21 Sample Dialer TopologyFigure 21 illustrates three Diale

XSR User’s Guide 145Chapter 8 Implementing Dial ServicesConfiguring Dialer ServicesFigure 22 Dialer Profile of Destination (416) 123-4456As illustra

Table of Contentsxviii XSR-1805 User’s GuideLink Control Protocol (LCP)...

146 XSR User’s GuideImplementing Dial Services Chapter 8Configuring Dialer ServicesFigure 23 Dialer Profile of Destination (987) 231-2345Configuring

XSR User’s Guide 147Chapter 8 Implementing Dial ServicesConfiguring Dialer ServicesCreating and Configuring the Dialer Interface1 Enter interface dial

148 XSR User’s GuideImplementing Dial Services Chapter 8Configuring Dialer ServicesXSR(config-if<D0>)#ip address 10.1.1.1 255.0.0.0XSR(config-if

XSR User’s Guide 149Chapter 8 Implementing Dial ServicesConfiguring Dialer ServicesXSR(config-if<D1>)#ip address 10.10.10.1 255.255.255.0XSR(con

150 XSR User’s GuideOverview of Dial Backup Chapter 8Configuring Dialer ServicesXSR(config-if<D1>)#dialer map ip 10.10.10.3 9053617363XSR(config

XSR User’s Guide 151Chapter 8 Sequence of Backup EventsConfiguring Dialer Services4 With the interface down, all routes reachable through that interfa

152 XSR User’s GuideLink Failure Backup Example Chapter 8Configuring Dialer ServicesLink Failure Backup ExampleFigure 24 illustrates a local link fail

XSR User’s Guide 153Chapter 8 Configuring a Dialed Backup LineConfiguring Dialer ServicesConfiguring the Physical Interface for the Dialer InterfacePe

154 XSR User’s GuideConfiguring a Dialed Backup Line Chapter 8Configuring Dialer ServicesXSR(config)#interface serial 1/0XSR(config-if<S1/0)#dialer

XSR User’s Guide 155Chapter 8 Configuring a Dialed Backup LineConfiguring Dialer ServicesFigure 25 Backup Dial ExampleDialerPPPSerial InterfaceBacku

Table of ContentsXSR-1805 User’s Guide xixVirtual Circuits...

156 XSR User’s GuideConfiguring a Dialed Backup Line Chapter 8Configuring Dialer ServicesThe CLI commands shown below are those used to configure the

XSR User’s Guide 157Chapter 8 Overview of Dial on Demand/Bandwidth on DemandConfiguring Dialer ServicesOverview of Dial on Demand/Bandwidth on DemandT

158 XSR User’s GuideAnswering Incoming ISDN Calls Chapter 8Configuring Dialer ServicesAnswering Incoming ISDN CallsThe XSR handles incoming ISDN calls

XSR User’s Guide 159Chapter 8 Answering Incoming ISDN CallsConfiguring Dialer ServicesIncoming Call Mapping ExampleThis example, as shown in Figure 26

160 XSR User’s GuideAnswering Incoming ISDN Calls Chapter 8Configuring Dialer ServicesXSR(config-if<D1>)dialer pool 25XSR(config-if<D1>)en

XSR User’s Guide 161Chapter 8 Answering Incoming ISDN CallsConfiguring Dialer ServicesXSR(config)#interface dialer 1XSR(config-if<D1>)#no shutdo

162 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesXSR(config)#interface dialer 1XSR(config-if<D1>)#no shutdownXSR(conf

XSR User’s Guide 163Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesFigure 27 Dial on Demand TopologyNOTEConfiguration commands preceded by

164 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesXSR(config)#interface bri 1/0XSR(config-if<BRI-1/0>)#isdn switch-typ

XSR User’s Guide 165Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesThe following commands add a dial pool and map BRI interface 1/0 to Dialer

ii XSR User’s GuideNoticeEnterasys Networks reserves the right to make changes in specifications and other information contained in this document and

Table of Contentsxx XSR-1805 User’s GuideAsynchronous and Synchronous Support... 1

166 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesXSR(config-if<D1>)#encapsulation pppXSR(config-if<D1>)#dialer

XSR User’s Guide 167Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesThe following command maps ACL 105 to dialer group 7:XSR(config)#dialer-li

168 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesXSR(config-if<D1>)#dialer remote-name XSR-andoverXSR(config-if<D1

XSR User’s Guide 169Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesThe following command defines interesting packets for the dial out trigger

170 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesXSR(config-if<D1>)#ip address 172.22.85.1XSR(config-if<D1>)#pp

XSR User’s Guide 171Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesThe following commands add a dial pool and specifies the PPP authenticated

172 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesThe following commands define a dialer group, add a dialer pool, enable ML

XSR User’s Guide 173Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesMLPPP Point-to-Point ConfigurationsThe following MLPPP point-to-point topo

174 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesThe following commands add a dialer pool member and specify the primary-ni

XSR User’s Guide 175Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesMLPPP Point-to-Multipoint ConfigurationsThe following MLPPP point-to-multi

Table of ContentsXSR-1805 User’s Guide xxiDial Backup Features...

176 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesXSR(config-if<D1>)#ip address 172.22.85.1XSR(config-if<D1>)#pp

XSR User’s Guide 177Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesXSR(config-controller<T1-2/3>)#dialer pool-member 1XSR(config-contro

178 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesNode B ConfigurationThe following commands add a dialer pool member and se

XSR User’s Guide 179Chapter 8 Switched PPP Multilink ConfigurationConfiguring Dialer ServicesSwitched PPP Multilink ConfigurationBandwidth-on-DemandTh

180 XSR User’s GuideSwitched PPP Multilink Configuration Chapter 8Configuring Dialer ServicesXSR(config-if<D1>)#ppp multilinkXSR(config-if<D1

XSR User’s Guide 181Chapter 8 Backup ConfigurationConfiguring Dialer ServicesBackup ConfigurationBackup Using ISDNThis example configures ISDN NIM car

182 XSR User’s GuideBackup Configuration Chapter 8Configuring Dialer ServicesThe following commands add a dialer pool, set Node C’s dialer number to c

XSR User’s Guide 183Chapter 8 Backup ConfigurationConfiguring Dialer ServicesThe following commands configure two channel groups with a total of three

184 XSR User’s GuideBackup Configuration Chapter 8Configuring Dialer ServicesXSR(config-if<S2/0:0>)#no shutdownXSR(config-if<S2/0:0>)#enca

XSR User’s Guide 185Chapter 8 Backup ConfigurationConfiguring Dialer ServicesXSR(config-if<D1>)#ppp multilinkXSR(config-if<D1>)#multilink

Table of Contentsxxii XSR-1805 User’s GuideDial-in Router Example ...

186 XSR User’s GuideBackup Configuration Chapter 8Configuring Dialer ServicesConfiguration for Ethernet FailoverThis example provides DSL backup (PPPo

XSR User’s Guide 1879Configuring Integrated ServicesDigital Network (ISDN)This chapter outlines how to configure the Integrated Services Digital Netwo

188 XSR User’s GuideISDN Features Chapter 9Configuring Integrated Services Digital Network (ISDN) 1 or 2 port BRI-S/T NIM card. 1 or 2 port BRI U NI

XSR User’s Guide 189Chapter 9 Understanding ISDNConfiguring Integrated Services Digital Network (ISDN)Understanding ISDNPhysically, an ISDN line is pr

190 XSR User’s GuideUnderstanding ISDN Chapter 9Configuring Integrated Services Digital Network (ISDN)The number of B-channels is limited by the size

XSR User’s Guide 191Chapter 9 Understanding ISDNConfiguring Integrated Services Digital Network (ISDN)Unlike the B-channel, which functions as a simpl

192 XSR User’s GuideUnderstanding ISDN Chapter 9Configuring Integrated Services Digital Network (ISDN)This explains the 56 in switched-56 services, wh

XSR User’s Guide 193Chapter 9 Understanding ISDNConfiguring Integrated Services Digital Network (ISDN)Bandwidth OptimizationThe XSR offers features wh

194 XSR User’s GuideUnderstanding ISDN Chapter 9Configuring Integrated Services Digital Network (ISDN)SecuritySecurity is another important element of

XSR User’s Guide 195Chapter 9 ISDN ConfigurationConfiguring Integrated Services Digital Network (ISDN)ISDN ConfigurationPRI interfaces share the T1/E1

Table of ContentsXSR-1805 User’s Guide xxiiiChapter 9 – Configuring Integrated Services Digital Network (ISDN)ISDN Features...

196 XSR User’s GuideISDN Configuration Chapter 9Configuring Integrated Services Digital Network (ISDN)BRI (Switched) Configuration ModelFigure 34, sho

XSR User’s Guide 197Chapter 9 ISDN ConfigurationConfiguring Integrated Services Digital Network (ISDN)The following example adds a dialer pool and gro

198 XSR User’s GuideISDN Configuration Chapter 9Configuring Integrated Services Digital Network (ISDN)XSR(config)#interface bri 1/2XSR(config-if<BR

XSR User’s Guide 199Chapter 9 ISDN ConfigurationConfiguring Integrated Services Digital Network (ISDN)The following T1 example adds a dialer pool and

200 XSR User’s GuideISDN Configuration Chapter 9Configuring Integrated Services Digital Network (ISDN)Leased-Line Configuration ModelThe BRI Leased Li

XSR User’s Guide 201Chapter 9 More Configuration ExamplesConfiguring Integrated Services Digital Network (ISDN)The following commands, as shown in Fig

202 XSR User’s GuideMore Configuration Examples Chapter 9Configuring Integrated Services Digital Network (ISDN)XSR(config-controller<T1-2/3>)#is

XSR User’s Guide 203Chapter 9 ISDN (ITU Standard Q.931) Call Status Cause CodesConfiguring Integrated Services Digital Network (ISDN)BRI Leased Frame

204 XSR User’s GuideISDN (ITU Standard Q.931) Call Status Cause Codes Chapter 9Configuring Integrated Services Digital Network (ISDN)11 More digits re

XSR User’s Guide 205Chapter 9 ISDN (ITU Standard Q.931) Call Status Cause CodesConfiguring Integrated Services Digital Network (ISDN)41 Temporary fail

Table of Contentsxxiv XSR-1805 User’s GuideISDN (ITU Standard Q.931) Call Status Cause Codes ... 207Ch

206 XSR User’s GuideISDN (ITU Standard Q.931) Call Status Cause Codes Chapter 9Configuring Integrated Services Digital Network (ISDN)79 Service or opt

XSR User’s Guide 207Chapter 9 ISDN (ITU Standard Q.931) Call Status Cause CodesConfiguring Integrated Services Digital Network (ISDN)127 Internetworki

XSR User’s Guide 20910Configuring Quality of ServiceOverviewIn a typical network, there are often many users and applications competing for limited sy

210 XSR User’s GuideFeatures Chapter 10Configuring Quality of ServiceFeaturesThe XSR’s support of QoS module allows you to: Classify traffic in diffe

XSR User’s Guide 211Chapter 10 Mechanisms to Provide QoSConfiguring Quality of ServiceThe following table describes typical traffic classification:The

212 XSR User’s GuideMechanisms to Provide QoS Chapter 10Configuring Quality of ServiceYou must perform three steps to configure a class-based classifi

XSR User’s Guide 213Chapter 10 Mechanisms to Provide QoSConfiguring Quality of ServiceDescribing the Policy MapThe policy statement in a QoS policy-ma

214 XSR User’s GuideMechanisms to Provide QoS Chapter 10Configuring Quality of Servicedefault comprises whatever remains after all other classes are s

XSR User’s Guide 215Chapter 10 Mechanisms to Provide QoSConfiguring Quality of ServiceConfiguring CBWFQCBWFQ is configured using the bandwidth command

Table of ContentsXSR-1805 User’s Guide xxvHow a Virtual Private Network Works ...233

216 XSR User’s GuideMechanisms to Provide QoS Chapter 10Configuring Quality of ServiceConfiguring Priority QueuesThe priority command configures prior

XSR User’s Guide 217Chapter 10 Mechanisms to Provide QoSConfiguring Quality of ServiceAssign the class frost to the priority queue:XSR(config)#policy-

218 XSR User’s GuideMechanisms to Provide QoS Chapter 10Configuring Quality of ServiceThe bucket for holding tokens for normal burst is refilled first

XSR User’s Guide 219Chapter 10 Mechanisms to Provide QoSConfiguring Quality of ServiceCongestion Control & AvoidanceDescribing Queue Size Control

220 XSR User’s GuideMechanisms to Provide QoS Chapter 10Configuring Quality of ServiceAfter a short delay, all sessions try to ramp up using slow-star

XSR User’s Guide 221Chapter 10 Mechanisms to Provide QoSConfiguring Quality of ServiceIn the following example, class bus has a minimum threshold of 4

222 XSR User’s GuideConfiguring QoS on an Interface Chapter 10Configuring Quality of ServiceSuggestions for Using QoS on the XSRThe XSR supports QoS o

XSR User’s Guide 223Chapter 10 Configuring QoS for Frame RelayConfiguring Quality of ServiceXSR(config-cmap<class2>)#match ip precedence 2Create

224 XSR User’s GuideConfiguring QoS for Frame Relay Chapter 10Configuring Quality of ServiceWhen there is no congestion each traffic class can use as

XSR User’s Guide 225Chapter 10 Configuring QoS for Frame RelayConfiguring Quality of ServiceConfigure map class parameters and apply the policy to the

Table of Contentsxxvi XSR-1805 User’s GuideClient...

XSR User’s Guide 22711Configuring the Virtual PrivateNetworkVPN OverviewAs it is most commonly defined, a Virtual Private Network (VPN) allows two or

228 XSR User’s GuideVPN Overview Chapter 11Configuring the Virtual Private Network Impersonation - Information passes to a person who poses as the in

XSR User’s Guide 229Chapter 11 VPN OverviewConfiguring the Virtual Private NetworkHow a Virtual Private Network WorksVPNs provide an advanced combinat

230 XSR User’s GuideEnsuring VPN Security with IPSec/IKE Chapter 11Configuring the Virtual Private NetworkEnsuring VPN Security with IPSec/IKEThe key

XSR User’s Guide 231Chapter 11 Ensuring VPN Security with IPSec/IKEConfiguring the Virtual Private NetworkThe IP Encapsulating Security Payload (ESP),

232 XSR User’s GuideEnsuring VPN Security with IPSec/IKE Chapter 11Configuring the Virtual Private NetworkUsing IPSec along with Network Address Trans

XSR User’s Guide 233Chapter 11 Describing Public-Key Infrastructure (PKI)Configuring the Virtual Private NetworkAs a general rule, longer encryption k

234 XSR User’s GuideDescribing Public-Key Infrastructure (PKI) Chapter 11Configuring the Virtual Private NetworkIt is possible to use your private key

XSR User’s Guide 235Chapter 11 Describing Public-Key Infrastructure (PKI)Configuring the Virtual Private NetworkMachine Certificates for the XSRCertif

Table of ContentsXSR-1805 User’s Guide xxviiEZ-IPSec Configuration ...

236 XSR User’s GuideDescribing Public-Key Infrastructure (PKI) Chapter 11Configuring the Virtual Private NetworkIt is also possible to delegate certif

XSR User’s Guide 237Chapter 11 Describing Public-Key Infrastructure (PKI)Configuring the Virtual Private NetworkFigure 41 Certificate Chain ExampleA

238 XSR User’s GuideDescribing Public-Key Infrastructure (PKI) Chapter 11Configuring the Virtual Private NetworkThe XSR will automatically verify the

XSR User’s Guide 239Chapter 11 DF Bit FunctionalityConfiguring the Virtual Private NetworkOnce retries are exhausted, the enrollment becomes invalid a

240 XSR User’s GuideVPN Applications Chapter 11Configuring the Virtual Private NetworkThis feature specifies whether the router can clear, set, or cop

XSR User’s Guide 241Chapter 11 VPN ApplicationsConfiguring the Virtual Private Network– Tunnels are more easily scalable in multiple router topologies

242 XSR User’s GuideVPN Applications Chapter 11Configuring the Virtual Private NetworkFigure 42 VPN Site-to-Site TopologyIt is important to note tha

XSR User’s Guide 243Chapter 11 VPN ApplicationsConfiguring the Virtual Private NetworkSite-to-Central-Site NetworksIn a Site-to-Central-Site applicati

244 XSR User’s GuideVPN Applications Chapter 11Configuring the Virtual Private NetworkClient ModeIn the Client scenario, a private LAN residing behind

XSR User’s Guide 245Chapter 11 VPN ApplicationsConfiguring the Virtual Private Networkon the corporate network. In this application the XSR must suppo

Table of Contentsxxviii XSR-1805 User’s GuideConfiguring DHCP Address Pools...

246 XSR User’s GuideVPN Applications Chapter 11Configuring the Virtual Private NetworkDepending on the protocol, the remote access scenario may requir

XSR User’s Guide 247Chapter 11 VPN ApplicationsConfiguring the Virtual Private NetworkOSPF CommandsThe same OSPF commands available for configuration

248 XSR User’s GuideVPN Applications Chapter 11Configuring the Virtual Private NetworkFigure 45 Site-to-Site Client Mode TopologyIn this scenario, y

XSR User’s Guide 249Chapter 11 VPN ApplicationsConfiguring the Virtual Private NetworkServer FastEthernet 1 interface: This is the trusted side of th

250 XSR User’s GuideVPN Applications Chapter 11Configuring the Virtual Private NetworkThe commands to configure this scenario are illustrated on page

XSR User’s Guide 251Chapter 11 VPN ApplicationsConfiguring the Virtual Private NetworkServerApply the same settings as in the site-to-site scenario us

252 XSR User’s GuideVPN Applications Chapter 11Configuring the Virtual Private NetworkConfiguring OSPF with Fail OverIn this scenario, the client init

XSR User’s Guide 253Chapter 11 VPN ApplicationsConfiguring the Virtual Private NetworkFigure 47 OSPF Used with FailoverTo test this configuration, a

254 XSR User’s GuideXSR VPN Features Chapter 11Configuring the Virtual Private NetworkAs mentioned earlier, OSPF may advertise a network’s reachabilit

XSR User’s Guide 255Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private Network Data integrity– MD5 and SHA-1 algorithms Internet P

Table of ContentsXSR-1805 User’s Guide xxixFragmented ICMP Traffic...

256 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private NetworkNext, perform the following: Generate a master key on

XSR User’s Guide 257Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private NetworkACL Configuration RulesConsider a few general rules wh

258 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private NetworkXSR(config)#interface FastEthernet2XSR(config-if<F2

XSR User’s Guide 259Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private NetworkXSR(config)#access-list 102 permit gre any anyXSR(conf

260 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private NetworkSecurity Policy ConsiderationsYou should be aware of t

XSR User’s Guide 261Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private NetworkCreating Crypto MapsCrypto maps filter and classify pa

262 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private NetworkXSR(config-crypto-m)#set transform-set esp-3des-shaXSR

XSR User’s Guide 263Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private Network– ip address and group set the IP address and usergrou

264 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private NetworkXSR(aaa-group)#wins server primary 112.16.1.16XSR(aaa-

XSR User’s Guide 265Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private Network Remove individual certificates using the following c

XSR User’s Guide iiiA plug and jack used to connect the XSR to the premises wiring and telephone network must comply with the applicable FCC Part 68

Table of Contentsxxx XSR-1805 User’s GuideAppendix A – Alarms/Events and System LimitsSystem Limits...

266 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private Network1 Begin by asking your CA administrator for your CA na

XSR User’s Guide 267Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private Network Fingerprint: D423E129 81904CE0 1E6D0FE0 A123A30

268 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private NetworkRemember that if you create a password, save it so it

XSR User’s Guide 269Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private Network Valid To: 2003 Aug 29th, 16:01:58 GMT Subjec

270 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private Network Subject: MAILTO=SCEP, C=US, ST=MA, L=Andove

XSR User’s Guide 271Chapter 11 Configuring a Simple VPN Site-to-Site ApplicationConfiguring the Virtual Private Networktunnel + Names a site-to-site V

272 XSR User’s GuideConfiguring a Simple VPN Site-to-Site Application Chapter 11Configuring the Virtual Private Networkthe VPN. In the context of VPN

XSR User’s Guide 273Chapter 11 Configuring a Simple VPN Site-to-Site ApplicationConfiguring the Virtual Private Networklifetime. You can specify an SA

274 XSR User’s GuideConfiguring the VPN Using EZ-IPSec Chapter 11Configuring the Virtual Private NetworkXSR(config-crypto-m)#match address 130 + Appli

XSR User’s Guide 275Chapter 11 Configuring the VPN Using EZ-IPSecConfiguring the Virtual Private Network Supporting RIPv2 and OSPF through the tunnel

XSR User’s Guide xxxiAbout This GuideThis guide provides a general overview of the XSR hardware and software features. It describes how to configure

276 XSR User’s GuideConfiguring the VPN Using EZ-IPSec Chapter 11Configuring the Virtual Private NetworkXSR(config)#interface vpn 1 point-to-point+ Se

XSR User’s Guide 277Chapter 11 Configuration ExamplesConfiguring the Virtual Private NetworkConfiguration ExamplesXSR with VPN - Central GatewayIn thi

278 XSR User’s GuideConfiguration Examples Chapter 11Configuring the Virtual Private NetworkBegin by setting the XSR system time via SNTP. This config

XSR User’s Guide 279Chapter 11 Configuration ExamplesConfiguring the Virtual Private NetworkXSR(cfg-crypto-tran)set security-association lifetime kilo

280 XSR User’s GuideConfiguration Examples Chapter 11Configuring the Virtual Private NetworkXSR(config-int-vpn)#firewall disableXSR(config-int-vpn)#ip

XSR User’s Guide 281Chapter 11 Configuration ExamplesConfiguring the Virtual Private NetworkXSR(aaa-group)#dns server secondary 0.0.0.0XSR(aaa-group)#

282 XSR User’s GuideConfiguration Examples Chapter 11Configuring the Virtual Private NetworkConfigure the Network Extension Mode tunnel, site-to-site

XSR User’s Guide 283Chapter 11 Configuration ExamplesConfiguring the Virtual Private Networkservice timestamps log uptimeno service password-encryptio

284 XSR User’s GuideConfiguration Examples Chapter 11Configuring the Virtual Private Networkinterface FastEthernet0/0ip address 192.168.3.5 255.255.25

XSR User’s Guide 285Chapter 11 Configuration ExamplesConfiguring the Virtual Private NetworkXSR ConfigurationXSR(config)#access-list 120 permit ip 192

xxxii XSR User’s Guide Contents of the Guide About This Guide Chapter 10, Configuring Quality of Service, describes XSR support for QoS, including R

286 XSR User’s GuideInteroperability Profile for the XSR Chapter 11Configuring the Virtual Private NetworkInteroperability Profile for the XSRScenario

XSR User’s Guide 287Chapter 11 Interoperability Profile for the XSRConfiguring the Virtual Private Network SHA-1 ESP tunnel mode MODP group 2 (1024

288 XSR User’s GuideInteroperability Profile for the XSR Chapter 11Configuring the Virtual Private Network6 Configure IKE policy Safe for the Gateway

XSR User’s Guide 289Chapter 11 Interoperability Profile for the XSRConfiguring the Virtual Private NetworkReply from 172.23.9.5: 10msReply from 172.23

290 XSR User’s GuideInteroperability Profile for the XSR Chapter 11Configuring the Virtual Private NetworkGateway B connects the internal LAN 172.23.9

XSR User’s Guide 291Chapter 11 Interoperability Profile for the XSRConfiguring the Virtual Private Network2 Be sure that the XSR time setting is corre

292 XSR User’s GuideInteroperability Profile for the XSR Chapter 11Configuring the Virtual Private Network State: CA-AUTHENTICATED Version

XSR User’s Guide 293Chapter 11 Interoperability Profile for the XSRConfiguring the Virtual Private NetworkFor security reasons your password will not

294 XSR User’s GuideInteroperability Profile for the XSR Chapter 11Configuring the Virtual Private NetworkCA Certificate - PKItestca1 State:

XSR User’s Guide 29512Configuring DHCPOverview of DHCPThe Dynamic Host Configuration Protocol (DHCP) allocates and delivers configuration values, incl

XSR User’s Guide xxxiii About This Guide Conventions Used in This GuideConventions Used in This GuideThe following conventions are used in this guide

296 XSR User’s GuideFeatures Chapter 12Configuring DHCPFeaturesThe XSR offers the DHCP features: Persistent storage/database of network values for ne

XSR User’s Guide 297Chapter 12 How DHCP WorksConfiguring DHCPHow DHCP WorksDHCP’s client-server model defines a set of messages exchanged between two

298 XSR User’s GuideDHCP Services Chapter 12Configuring DHCPDHCP ServicesThe DHCP services comprising the Bindings Database, leases, network options,

XSR User’s Guide 299Chapter 12 DHCP ServicesConfiguring DHCPFor example, the server may choose the least recently assigned address. As a consistency c

300 XSR User’s GuideDHCP Services Chapter 12Configuring DHCPNested Scopes: IP Pool SubsetsAs mentioned earlier, one of the main functions of the DHCP

XSR User’s Guide 301Chapter 12 DHCP ServicesConfiguring DHCPScope CaveatKeep the following caveat in mind when configuring scopes: IP address pools ma

302 XSR User’s GuideDHCP CLI Commands Chapter 12Configuring DHCP2 Enter host address [mask | prefix-length] to specify the IP address and subnet mask

XSR User’s Guide 303Chapter 12 DHCP CLI CommandsConfiguring DHCP Create manual bindings of IP addresses and client hardware addresses - Manual bindin

304 XSR User’s GuideDHCP Set Up Overview Chapter 12Configuring DHCP Use ip dhcp ping timeout to specify the period the server must wait before timing

XSR User’s Guide 305Chapter 12 Configuration StepsConfiguring DHCPConfiguration StepsOnly four steps are required to minimally configure DHCP. They ar

xxxiv XSR User’s Guide Getting Help About This GuideGetting HelpFor additional support related to the XSR, contact Enterasys Networks using one of th

306 XSR User’s GuideConfiguration Steps Chapter 12Configuring DHCPXSR(config-dhcp-pool)#domain-name ets.enterasys.comNOTESome values can also be confi

XSR User’s Guide 307Chapter 12 DHCP Server Configuration ExamplesConfiguring DHCPDHCP Server Configuration ExamplesThe following examples configure DH

308 XSR User’s GuideDHCP Server Configuration Examples Chapter 12Configuring DHCPManual Binding with Class ExampleIn the following example, the single

XSR User’s Guide 309Chapter 12 DHCP Server Configuration ExamplesConfiguring DHCPDHCP Option ExamplesThe following sample DHCP option configurations i

XSR User’s Guide 31113Configuring Security on the XSRThis chapter describes the security options available on the XSR including the firewall feature s

312 XSR User’s GuideFeatures Chapter 13Configuring Security on the XSRAccess Control ListsAccess Control Lists (ACL) impose selection criteria for spe

XSR User’s Guide 313Chapter 13 FeaturesConfiguring Security on the XSRSmurf AttackA “smurf” attack involves an attacker sending ICMP echo requests fro

314 XSR User’s GuideFeatures Chapter 13Configuring Security on the XSRThis feature is always enabled, and the maximum number of TCP sessions allowed i

XSR User’s Guide 315Chapter 13 General Security PrecautionsConfiguring Security on the XSRThe attacker does not send any other packet, and the state m

XSR User’s Guide 11OverviewThis chapter briefly describes the functionality of the XSR. Refer to the following chapters in this manual for details on

316 XSR User’s GuideAAA Services Chapter 13Configuring Security on the XSR Create ACLs to direct services to appropriate servers only Enable packet

XSR User’s Guide 317Chapter 13 AAA ServicesConfiguring Security on the XSR Deleting the only privilege-15 user with Telnet or SSH policy is disallowe

318 XSR User’s GuideAAA Services Chapter 13Configuring Security on the XSRWhile most of these parameters are self-explanatory, the policy value is imp

XSR User’s Guide 319Chapter 13 AAA ServicesConfiguring Security on the XSR5 Install a freeware program such as PuTTY on your client device. If you loa

320 XSR User’s GuideAAA Services Chapter 13Configuring Security on the XSR8 Enter aaa user <name> to create an authenticated user and acquire AA

XSR User’s Guide 321Chapter 13 Firewall Feature Set OverviewConfiguring Security on the XSRFirewall Feature Set OverviewA firewall is defined generall

322 XSR User’s GuideFirewall Feature Set Overview Chapter 13Configuring Security on the XSRFigure 54 XSR Firewall TopologyThere are many possible ne

XSR User’s Guide 323Chapter 13 Firewall Feature Set OverviewConfiguring Security on the XSRWhile this flexibility is useful, it emphasizes the fact th

324 XSR User’s GuideFirewall Feature Set Overview Chapter 13Configuring Security on the XSR Filter bad packets and bad contents to protect internal h

XSR User’s Guide 325Chapter 13 XSR Firewall Feature Set FunctionalityConfiguring Security on the XSRAdditionally, a stateful inspection firewall provi

2 XSR User’s GuideChapter 1Overview Serial Interface - The XSR’s NIM serial interface typically supports protocols such as PPP. The serial interface

326 XSR User’s GuideXSR Firewall Feature Set Functionality Chapter 13Configuring Security on the XSRFiltering non TCP/UDP packets - Non TCP and UDP IP

XSR User’s Guide 327Chapter 13 XSR Firewall Feature Set FunctionalityConfiguring Security on the XSRApplication Level Gateway - Support for FTP and H.

328 XSR User’s GuideXSR Firewall Feature Set Functionality Chapter 13Configuring Security on the XSRAlarm Logging - The XSR supports Console and Syslo

XSR User’s Guide 329Chapter 13 XSR Firewall Feature Set FunctionalityConfiguring Security on the XSR– If no syslog server is configured, alarms will c

330 XSR User’s GuideFirewall CLI Commands Chapter 13Configuring Security on the XSR2 The XSR’s AAA functionality talks to an authentication server or

XSR User’s Guide 331Chapter 13 Firewall CLI CommandsConfiguring Security on the XSRCAUTIONUse care not to overlap internal and external address ranges

332 XSR User’s GuideFirewall CLI Commands Chapter 13Configuring Security on the XSR– You should set a rule at the end of your configuration to handle

XSR User’s Guide 333Chapter 13 Firewall CLI CommandsConfiguring Security on the XSR Load - Installs the completed firewall configuration in the XSR’s

334 XSR User’s GuideFirewall CLI Commands Chapter 13Configuring Security on the XSR– Level 3: Error - abnormal and deny alarms are logged if system lo

XSR User’s Guide 335Chapter 13 Firewall LimitationsConfiguring Security on the XSRFirewall LimitationsConsider the following caveats regarding firewal

XSR User’s Guide 3Chapter 1Overview Quality of Service - The XSR provides traffic classification using IP Precedence and DSCP bits, bandwidth control

336 XSR User’s GuideFirewall Limitations Chapter 13Configuring Security on the XSR Session Timeouts - Idle timeout defaults for the three firewall se

XSR User’s Guide 337Chapter 13 Firewall LimitationsConfiguring Security on the XSRpackets, NAT is performed before firewall inspection. Firewall rules

338 XSR User’s GuidePre-configuring the Firewall Chapter 13Configuring Security on the XSRPre-configuring the FirewallWe recommend you consider the fo

XSR User’s Guide 339Chapter 13 Configuration ExamplesConfiguring Security on the XSR Load the configuration in the firewall engine Enable or disable

340 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRFigure 57 XSR with Firewall TopologyBegin by configuring network

XSR User’s Guide 341Chapter 13 Configuration ExamplesConfiguring Security on the XSRXSR(config)#ip firewall policy exttodmzsmtp ANY_EXTERNAL dmz SMTP

342 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRXSR with Firewall, PPPoE and DHCPIn this scenario, shown in Figure

XSR User’s Guide 343Chapter 13 Configuration ExamplesConfiguring Security on the XSRXSR(config-if)#ip address negotiatedXSR(config-if)#ip mtu 1492XSR(

344 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRTrial load the completed configuration into the firewall engine, a

XSR User’s Guide 345Chapter 13 Configuration ExamplesConfiguring Security on the XSRFigure 59 XSR Firewall, VPN and OSPF TopologyBegin by setting th

346 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRXSR(config-isakmp-peer)#proposal xp soho p2pXSR(config-isakmp-peer

XSR User’s Guide 347Chapter 13 Configuration ExamplesConfiguring Security on the XSRXSR(config-ifF2>)#crypto map testXSR(config-ifF2>)#ip addres

348 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRXSR(aaa-group)#pptp compressionXSR(aaa-group)#pptp encrypt mppe 12

XSR User’s Guide 349Chapter 13 Configuration ExamplesConfiguring Security on the XSRXSR(aaa-method-radius)#enableXSR(aaa-method-radius)#group DEFAULTX

350 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRXSR(config)#ip firewall network ospf 224.0.0.5 224.0.0.6 internalX

XSR User’s Guide 351Chapter 13 Configuration ExamplesConfiguring Security on the XSRWrite policies permitting RADIUS and all TCp and UDP traffic from

352 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRGlobally enable the firewall. Even though you have configured and

XSR User’s Guide 353Chapter 13 Configuration ExamplesConfiguring Security on the XSRXSR(aaa-method-radius)#address ip-address 10.10.10.1XSR(aaa-method

354 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRXSR(config)#access-list 1 permit 192.168.10.0 0.0.0.255XSR(config)

XSR User’s Guide 359AAlarms/Events and System LimitsThis appendix describes the configuration and memory limits of the XSR as well as system High, Med

XSR User’s Guide 52Managing the XSRThe XSR can be managed via three interfaces with varying levels of control: the Command Line Interface (CLI) for fu

360 XSR User’s GuideSystem Limits Appendix AAlarms/Events and System LimitsOSPF LSA type 4 500 3500 100OSPF LSA type 5 750 3500 750OSPF LSA type 7 250

XSR User’s Guide 361Appendix A System LimitsAlarms/Events and System LimitsDialer map classes 192 192 64 with Routing & VPN or Routing & Firew

362 XSR User’s GuideAlarms and Events Appendix AAlarms/Events and System LimitsAlarms and EventsThe XSR exhibits the following alarm logging behavior:

XSR User’s Guide 363Appendix A Alarms and EventsAlarms/Events and System LimitsT1E1 LOF alarm on receiver cleared. Indicates that T1/E1 physical port

364 XSR User’s GuideAlarms and Events Appendix AAlarms/Events and System LimitsISDN %s Layer 2 Terminal %d is DOWN %s Layer 2 Terminal %d

XSR User’s Guide 365Appendix A Alarms and EventsAlarms/Events and System LimitsFrame Relay Serial a/b:d.e, station DOWN, DLCI nnnnThe network reports

366 XSR User’s GuideAlarms and Events Appendix AAlarms/Events and System LimitsETH1_DRIV Device not found This alarm most likely occurs because of a h

XSR User’s Guide 367Appendix A Alarms and EventsAlarms/Events and System LimitsCLI CLI Config mode released by user <username>When a user (unkno

368 XSR User’s GuideAlarms and Events Appendix AAlarms/Events and System LimitsRefer to the table below for all Medium severity alarms and events repo

XSR User’s Guide 369Appendix A Alarms and EventsAlarms/Events and System LimitsT1E1 PCI device failure (Device/Port: card number/port number).Error in

iv XSR User’s GuideIndustry Canada NoticesThis digital apparatus does not exceed the class A limits for radio noise emissions from digital apparatus s

6 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRCAUTIONWhen you enable the Console port as a WAN port, you can no long

370 XSR User’s GuideAlarms and Events Appendix AAlarms/Events and System LimitsT1 ERROR: Shared memory allocation failed for Receive Free Queue.Error

XSR User’s Guide 371Appendix A Alarms and EventsAlarms/Events and System LimitsPPP PPP MS-CHAP authentication failed while authenticating remote peer&

372 XSR User’s GuideAlarms and Events Appendix AAlarms/Events and System LimitsISDN Call <BRI | Serial card/port:channel> Disconnected from <

XSR User’s Guide 373Appendix A Alarms and EventsAlarms/Events and System LimitsRefer to the table below for all Low severity alarms and events reporte

374 XSR User’s GuideAlarms and Events Appendix AAlarms/Events and System LimitsT1E1 Receive AIS cleared. Indicates that T1/E1 physical port is not det

XSR User’s Guide 375Appendix A Alarms and EventsAlarms/Events and System LimitsT1 Stop controller failed for slot/card/port. Stop command sent to driv

376 XSR User’s GuideFirewall and NAT Alarms and Reports Appendix AAlarms/Events and System LimitsFirewall and NAT Alarms and ReportsThe XSR reports lo

XSR User’s Guide 377Appendix A Firewall and NAT Alarms and ReportsAlarms/Events and System Limits2 - CRIT Init: Error reading NAT Mapper table3 - ERRO

378 XSR User’s GuideFirewall and NAT Alarms and Reports Appendix AAlarms/Events and System Limits1 - ALERT IP fragment offset plus length exceeds the

XSR User’s Guide 379Appendix A Firewall and NAT Alarms and ReportsAlarms/Events and System Limits2 - CRIT Init: Failed to allocate memory for CLS Cont

XSR User’s Guide 7Chapter 2 Utilizing the Command Line InterfaceManaging the XSRThat is, if the first four sessions are regular users, the fifth sessi

380 XSR User’s GuideFirewall and NAT Alarms and Reports Appendix AAlarms/Events and System Limits3 - ERROR Deny: No filter for %s, %IP_23 - ERROR Deny

XSR User’s Guide 381Appendix A Firewall and NAT Alarms and ReportsAlarms/Events and System Limits3 - ERROR Internal error3 - ERROR IP fragment cache e

382 XSR User’s GuideFirewall and NAT Alarms and Reports Appendix AAlarms/Events and System Limits4 - WARNING CLS blocked FTP request, command: %CMD %I

XSR User’s Guide 383Appendix A Firewall and NAT Alarms and ReportsAlarms/Events and System Limits4 - WARNING Permit: TCP Con_Req, %IP_P24 - WARNING Pe

8 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRAccessing the Initial PromptThe CLI is protected by security. Before y

XSR User’s Guide 9Chapter 2 Utilizing the Command Line InterfaceManaging the XSR Command Abbreviation: You can abbreviate commands and keywords to th

10 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSR CLI Terminal Editing Command Keys: Refer to the following table for

XSR User’s Guide 11Chapter 2 Utilizing the Command Line InterfaceManaging the XSRSetting CLI Configuration ModesThe CLI provides modes of operation pe

12 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRFigure 1 Sample Configuration Mode TreeThe footnotes below refer to

XSR User’s Guide 13Chapter 2 Utilizing the Command Line InterfaceManaging the XSRUser EXEC ModeYou enter User EXEC (or simply EXEC) mode after logging

14 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRExiting From the Current ModeEach of these commands exits from your m

XSR User’s Guide 15Chapter 2 Utilizing the Command Line InterfaceManaging the XSRIn the following example:show interface [dialer | fastEthernet/gigabi

XSR User’s Guide vVCCI NoticeThis is a class A product based on the standard of the Voluntary Control Council for Interference by Information Technolo

16 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRDescribing Ports and InterfacesThis section describes ports and inter

XSR User’s Guide 17Chapter 2 Utilizing the Command Line InterfaceManaging the XSRX.25 PVC/SVCs forming a sub-interface and one or more VCs of ATM form

18 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRSetting Port Configuration ModeThe configuration mode setting for por

XSR User’s Guide 19Chapter 2 Utilizing the Command Line InterfaceManaging the XSR T1-PRI (ISDN) Examplecontroller t1 1/0/0 + Begins configuring PRI N

20 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRchannel-group 0 timeslots 1-10 speed 64channel-group 1 timeslots 11-2

XSR User’s Guide 21Chapter 2 Utilizing the Command Line InterfaceManaging the XSRSwitched: When configuring a switched BRI connection, three serialsub

22 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRwhere arp is the command and type of table to be filled or modified,

XSR User’s Guide 23Chapter 2 Utilizing the Command Line InterfaceManaging the XSRfirst creates an arp entry of 1.1.1.1 associated with MAC address e45

24 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRDisabling an InterfaceAn interface can be administratively disabled w

XSR User’s Guide 25Chapter 2 Utilizing the Command Line InterfaceManaging the XSRManaging Message LogsMessages produced by the XSR, whether alarms or

vi XSR User’s GuideAustralian TelecomWARNING: Do not install phone line connections during an electrical storm.WARNING: Do not connect phone line unti

26 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRPerforming Fault ManagementWhen a software problem causes the XSR’s p

XSR User’s Guide 27Chapter 2 Utilizing the Command Line InterfaceManaging the XSRManaging the System ConfigurationThe XSR’s system configuration consi

28 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRUsing the Default ButtonYou can also boot up from the factory default

XSR User’s Guide 29Chapter 2 Utilizing the Command Line InterfaceManaging the XSR If you want to convert your startup configuration into the running

30 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRDownloading the ConfigurationDownloading transfers a script file remo

XSR User’s Guide 31Chapter 2 Utilizing the Command Line InterfaceManaging the XSRCreating Alternate Configuration FilesThe XSR permits you to create m

32 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRBootRom Upgrade ChoicesThere are two methods available to upgrade you

XSR User’s Guide 33Chapter 2 Utilizing the Command Line InterfaceManaging the XSRUsing the Bootrom Update UtilityThe Bootrom update utility upgrades t

34 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRCopy 'tftpDir/bootrom2_01.fls' from server as 'bootrom

XSR User’s Guide 35Chapter 2 Utilizing the Command Line InterfaceManaging the XSRXSR-1805#more boot-configupdateBootrom.flsXSR-1805#more restore-boot-

XSR User’s Guide vii(i) Reverse engineer, decompile, disassemble or modify the Program, in whole or in part, including for reasons of error correction

36 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRIn summary, when upgrading 1.x to 2.x Bootrom versions only, you must

XSR User’s Guide 37Chapter 2 Utilizing the Command Line InterfaceManaging the XSR6 Verify the network boot values using the sn command. For example:XS

38 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRProgramming 131072(0x20000) bytes at address 0xfff20000Programming 13

XSR User’s Guide 39Chapter 2 Utilizing the Command Line InterfaceManaging the XSRwithout valid software in flash: and should not be reloaded or powere

40 XSR User’s GuideNetwork Management through SNMP Chapter 2Managing the XSRNetwork Management through SNMPXSR system monitoring provides for the SNMP

XSR User’s Guide 41Chapter 2 Network Management through SNMPManaging the XSRVariables to be configured include: community name, traps, and host. SNMP

42 XSR User’s GuideAccessing the XSR Through the Web Chapter 2Managing the XSRAccessing the XSR Through the WebThe XSR via a browser but provide a cur

XSR User’s Guide 43Chapter 2 Network Management ToolsManaging the XSRUsing SNMP for DownloadsYou can use an SNMP manager to download or upload firmwar

44 XSR User’s GuideNetwork Management Tools Chapter 2Managing the XSRSoftware Image DownloadThe NetSight Remote Administrator application can download

XSR User’s Guide 453Managing LAN/WAN InterfacesOverview of LAN InterfacesThe XSR supports two 10/100 Base-T FastEthernet ports on the XSR 1800 Series

viii XSR User’s Guide6) DISCLAIMER OF WARRANTY. EXCEPT FOR THOSE WARRANTIES EXPRESSLY PROVIDED TO YOU IN WRITING BY ENTERASYS, ENTERASYS DISCLAIMS ALL

46 XSR User’s GuideConfiguring the LAN Chapter 3Managing LAN/WAN Interfaces Packet filtering - the interface will receive:– All broadcast packets– Al

XSR User’s Guide 47Chapter 3 MIB StatisticsManaging LAN/WAN InterfacesMIB StatisticsThe following table reflects MIB-II (RFC-1213) port statistics col

48 XSR User’s GuideOverview of WAN Interfaces Chapter 3Managing LAN/WAN InterfacesOverview of WAN InterfacesThe XSR supports as many as six serial car

XSR User’s Guide 49Chapter 3 Configuring the WANManaging LAN/WAN Interfaces– 7200 Kbps– 9600 Kbps (default)– 14400 Kbps– 19200 Kbps– 28800 Kbps– 38400

50 XSR User’s GuideConfiguring the WAN Chapter 3Managing LAN/WAN InterfacesXSR(config-if<S1/0:1>)#no shutdownThe following example configures th

XSR User’s Guide 514Configuring T1/E1 InterfacesOverviewThe XSR provides a T1/E1 subsystem on a single NIM-based I/O card with a maximum of two instal

52 XSR User’s GuideConfiguring Channelized T1/E1 Interfaces Chapter 4Configuring T1/E1 Interfaces Line encoding - T1: AMI, B8ZS; E1: AMI, HDB3 Data

XSR User’s Guide 53Chapter 4 Configuring Channelized T1/E1 InterfacesConfiguring T1/E1 Interfaces4 Specify the controller's line encoding type:XS

54 XSR User’s GuideTroubleshooting T1/E1 Links Chapter 4Configuring T1/E1 InterfacesTroubleshooting T1/E1 LinksThis section describes general procedur

XSR User’s Guide 55Chapter 4 Troubleshooting T1/E1 LinksConfiguring T1/E1 InterfacesAs shown in Figure 4, three troubleshooting actions are defined:

XSR User’s Guide ix12) WAIVER. A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and will not

56 XSR User’s GuideTroubleshooting T1/E1 Links Chapter 4Configuring T1/E1 InterfacesWhen a T1/E1 controller (port) is created with an associated chann

XSR User’s Guide 57Chapter 4 Troubleshooting T1/E1 LinksConfiguring T1/E1 InterfacesComplete the following steps if the receiver has a loss of signal:

58 XSR User’s GuideTroubleshooting T1/E1 Links Chapter 4Configuring T1/E1 InterfacesReceive Remote Alarm Indication (RAI - Yellow Alarm)1 Insert an ex

XSR User’s Guide 59Chapter 4 Troubleshooting T1/E1 LinksConfiguring T1/E1 InterfacesFigure 7 T1/E1 Alarm Analysis Troubleshooting Actions Flow (cont

60 XSR User’s GuideTroubleshooting T1/E1 Links Chapter 4Configuring T1/E1 InterfacesT1/E1 Error Events AnalysisThis section describes various error ev

XSR User’s Guide 61Chapter 4 Troubleshooting T1/E1 LinksConfiguring T1/E1 InterfacesNOTEStatistics displayed with the show controllers command are res

XSR User’s Guide 635Configuring IPOverviewThis document describes the IP protocol suite functionality offered by the XSR including: General IP featur

64 XSR User’s GuideGeneral IP Features Chapter 5Configuring IP Ethernet 802.3 support of SNAP and DIX frame format Internet Standard Subnetting Proc

XSR User’s Guide 65Chapter 5 General IP FeaturesConfiguring IP IP Interface– Numbered interfaces– Un-numbered interfaces on point to point links– NBM