XSR-1805User’s GuideVersion 5.09033723-07 X-Pedition™ Security Router
66 XSR User’s GuideGeneral IP Features Chapter 5Configuring IPNOTEThe XSR supports a total of 516 dynamic ARP entries, 128 ARP requests pending, and 2
XSR User’s Guide 67Chapter 5 General IP FeaturesConfiguring IPThe XSR supports directed broadcast using the ip directed-broadcast command. For securit
68 XSR User’s GuideGeneral IP Features Chapter 5Configuring IPIRDP allows hosts to locate routers and can also infer router locations by checking RIP
XSR User’s Guide 69Chapter 5 General IP FeaturesConfiguring IPSSHThe Secure Shell (SSH) protocol provides for safe remote login and other network serv
70 XSR User’s GuideGeneral IP Features Chapter 5Configuring IPTrivial File Transfer Protocol (TFTP)TFTP is a bare bones file transfer protocol, as def
XSR User’s Guide 71Chapter 5 General IP FeaturesConfiguring IPSecondary IP can be used when there are insufficient host addresses on a particular netw
72 XSR User’s GuideGeneral IP Features Chapter 5Configuring IP If any router on a network segment uses a secondary address, all other devices on the
XSR User’s Guide 73Chapter 5 General IP FeaturesConfiguring IPWhen ICMP Mask request packets are received, the destination IP address will be matched
74 XSR User’s GuideGeneral IP Features Chapter 5Configuring IPUnnumbered Interface & Secondary IPIf an unnumbered interface attempts to borrow an
XSR User’s Guide 75Chapter 5 General IP FeaturesConfiguring IP The XSR supports 11 IP addresses per VR (1 primary + 10 secondary) With four VR'
Table of ContentsXSR-1805 User’s Guide xiAbout This GuideContents of the Guide ...
76 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IPIP Routing ProtocolsRouting is one of the most important functions of IP. Routing infor
XSR User’s Guide 77Chapter 5 IP Routing ProtocolsConfiguring IP Redistribute static routes into RIP with the redistribute command. Split horizon wit
78 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IP IP split horizon must be enabled (default). Whether poison is enabled or not, trigger
XSR User’s Guide 79Chapter 5 IP Routing ProtocolsConfiguring IP The latest changes are sent when:– The routing database is modified by new data. The
80 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IP An update packet with the flush flag set is received; all routes learned from that ne
XSR User’s Guide 81Chapter 5 IP Routing ProtocolsConfiguring IPOSPF is superior to RIP because as a link-state protocol, it converges faster than RIP,
82 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IP Cost for default route sent into a stub area with the area default cost command Stub
XSR User’s Guide 83Chapter 5 IP Routing ProtocolsConfiguring IP LOCAL 10 STATIC 9 OSPF INTRA 7 OSPF_INTER 6 OSPF_EXT 4 PREF_RIP 4Default Network
84 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IPCIDR addressing also enables route aggregation in which a single high level route entry
XSR User’s Guide 85Chapter 5 IP Routing ProtocolsConfiguring IP Port and Address Translation (NAPT) Standard Access Control Lists (1-99) only suppor
Table of Contentsxii XSR-1805 User’s GuideSupported Physical Interfaces...
86 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IPFigure 9 Simple VRRP TopologyBecause the VR uses the IP address of the physical Ether
XSR User’s Guide 87Chapter 5 IP Routing ProtocolsConfiguring IPFigure 10 Load Balanced, Redundant VRRP TopologyVRRP DefinitionsThe XSR defines VRRP
88 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IPHow the VRRP WorksMultiple IP routers on a single broadcast LAN comprise a single virtu
XSR User’s Guide 89Chapter 5 IP Routing ProtocolsConfiguring IPIn the backup state, a VRRP router monitors the VR master to confirm it is alive, does
90 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IPVRRP FeaturesMultiple Virtual IP Addresses per VRThe XSR permits specifying multiple vi
XSR User’s Guide 91Chapter 5 IP Routing ProtocolsConfiguring IPARP Process on a VRRP RouterThree types of ARP requests can be employed on a VRRP route
92 XSR User’s GuideIP Routing Protocols Chapter 5Configuring IP The master VR must receive packets with a virtual MAC address as the destination MAC
XSR User’s Guide 93Chapter 5 IETF MIBs SupportedConfiguring IPWhen the actual IP address owner of the Virtual IP address releases the master state of
94 XSR User’s GuideConfiguring RIP Examples Chapter 5Configuring IP SNMPv3 MIBs including:– RFC-3411 Framework– RFC-3412 MPD– RFC-3414 USM– RFC-3415
XSR User’s Guide 95Chapter 5 Configuring RIP ExamplesConfiguring IPXSR(config)#interface FastEthernet 1XSR(config-if<F1>#no shutdownXSR(config-i
Table of ContentsXSR-1805 User’s Guide xiiiUsing the Default Button...
96 XSR User’s GuideConfiguring Unnumbered IP Serial Interface Example Chapter 5Configuring IPXSR(config-if<S2/0:0>)#encapsulate pppXSR(config-if
XSR User’s Guide 97Chapter 5 Configuring NAT ExamplesConfiguring IPXSR(config-if<S1/0>)#ip address 154.68.1.47 255.255.255.0XSR(config-if<S1/
98 XSR User’s GuideConfiguring NAT Examples Chapter 5Configuring IP2 The first packet the XSR receives from host 10.1.1.1 causes the router to check i
XSR User’s Guide 99Chapter 5 Configuring NAT ExamplesConfiguring IPFigure 12 NAT Inside Source Translation with Overload (NAPT)Inside source address
100 XSR User’s GuideConfiguring VRRP Example Chapter 5Configuring IPthe inside local address 10.1.1.1 and destination port 1789, then forwards it to 1
XSR User’s Guide 101Chapter 5 Configuring VRRP ExampleConfiguring IPXSRa(config-if<F1>)#vrrp 1 track serial 2/0XSRa(config-if<F1>)#vrrp 1
XSR User’s Guide 1036Configuring PPPOverviewThe Point-to-Point Protocol (PPP), referenced in RFC-1616, is a standard method for transporting multi-pro
104 XSR User’s GuidePPP Features Chapter 6Configuring PPP Authentication of peer entities through:– Password Authentication Protocol (PAP)– Challenge
XSR User’s Guide 105Chapter 6 PPP FeaturesConfiguring PPPNetwork Control Protocol (NCP)The Network Control Protocol (NCP) handles transmission and rec
Table of Contentsxiv XSR-1805 User’s GuideStatistics...
106 XSR User’s GuidePPP Features Chapter 6Configuring PPPPAP is most appropriate where a plaintext password must be available to simulate a login at a
XSR User’s Guide 107Chapter 6 PPP FeaturesConfiguring PPPIt also defines a new packet called Change Password Packet, which enables a client to send a
108 XSR User’s GuidePPP Features Chapter 6Configuring PPP The XSR can receive upper layer protocol data units (PDU) fragmented using the multilink he
XSR User’s Guide 109Chapter 6 PPP FeaturesConfiguring PPPIP Address Assignment In PPP, IPCP configuration option type 3 corresponds to IP address nego
110 XSR User’s GuideConfiguring PPP with a Dialed Backup Line Chapter 6Configuring PPPThe BACP protocol must reach the Opened state using the standard
XSR User’s Guide 111Chapter 6 Configuring a Synchronous Serial InterfaceConfiguring PPPFigure 13 XSR Configuration with One Backup Dial Line to Diff
112 XSR User’s GuideConfiguring a Dialed Backup Line Chapter 6Configuring PPP4 Set the local IP address of this interface.XSR(config-if<S1/0>)#i
XSR User’s Guide 113Chapter 6 Configuring a Dialed Backup LineConfiguring PPP3 Enter media-type {RS232 | RS422 | RS449 | RS530A | V35 | X21} for the c
114 XSR User’s GuideConfiguring BAP Chapter 6Configuring PPPXSR(config-if<D1>)#dialer pool 5XSR(config-if<D1>)#no shutdownConfigure interf
XSR User’s Guide 115Chapter 6 Configuring BAPConfiguring PPPOne function central to DoD is the XSR’s ability to perform LAN route spoofing, a means of
Table of ContentsXSR-1805 User’s Guide xvT1/E1 Error Events Analysis ...
116 XSR User’s GuideConfiguring BAP Chapter 6Configuring PPPXSR1(config-if<BRI-2/0>)#no shutdownXSR1(config-if<BRI-2/0>)#dialer pool-membe
XSR User’s Guide 117Chapter 6 Configuring BAPConfiguring PPPXSR2(config-if<BRI-2/0>)#isdn switch-type basic-ni1XSR2(config-if<BRI-2/0>)#is
118 XSR User’s GuideConfiguring BAP Chapter 6Configuring PPPXSR1(config-if<D1>)#encapsulation pppXSR1(config-if<D1>)#multilink load-thresh
XSR User’s Guide 1197Configuring Frame RelayOverviewFrame Relay is a simple, bit-oriented protocol that offers fast-packet switching for wide-area net
120 XSR User’s GuideOverview Chapter 7Configuring Frame RelayRelay switch are processed by the DLCI in three ways: frames are checked for integrity, t
XSR User’s Guide 121Chapter 7 Frame Relay FeaturesConfiguring Frame RelayDTEsA DTE is a network end station, either the ultimate source or destination
122 XSR User’s GuideMulti-Protocol Encapsulation Chapter 7Configuring Frame Relay Multi-protocol interconnect over Frame Relay - RFC-2427. Only IP is
XSR User’s Guide 123Chapter 7 Controlling Congestion in Frame Relay NetworksConfiguring Frame RelayControlling Congestion in Frame Relay NetworksWhile
124 XSR User’s GuideControlling Congestion in Frame Relay Networks Chapter 7Configuring Frame RelayCIR is the minimum rate of service that a public Fr
XSR User’s Guide 125Chapter 7 Controlling Congestion in Frame Relay NetworksConfiguring Frame RelayBackward Explicit Congestion Notification (BECN)Bac
Table of Contentsxvi XSR-1805 User’s GuideUnnumbered Interface & Secondary IP... 74NAT
126 XSR User’s GuideControlling Congestion in Frame Relay Networks Chapter 7Configuring Frame RelayXSR(config-if<S1/0>)#no shutdownXSR(config-if
XSR User’s Guide 127Chapter 7 Link Management Information (LMI)Configuring Frame RelayLink Management Information (LMI)A Frame Relay switch communicat
128 XSR User’s GuideSub-interface Support Chapter 7Configuring Frame RelayNOTEBe sure the same version of the management protocol resides at each end
XSR User’s Guide 129Chapter 7 Displaying StatisticsConfiguring Frame RelayMap-Class ConfigurationThe Map Class configures a common profile (characteri
130 XSR User’s GuideInterconnecting via Frame Relay Network Chapter 7Configuring Frame RelayInterconnecting via Frame Relay NetworkThe following typic
XSR User’s Guide 131Chapter 7 Configuring Frame RelayConfiguring Frame RelayConfiguring Frame RelayMulti-point to Point-to-Point ExampleThe following
132 XSR User’s GuideConfiguring Frame Relay Chapter 7Configuring Frame RelayA point-to-point network with a 64 Kbps connection is also configured from
XSR User’s Guide 133Chapter 7 Configuring Frame RelayConfiguring Frame RelayOn the Charlotte XSR, enter:XSR(config)#interface serial 1/0XSR(config-if&
XSR User’s Guide 1358Configuring Dialer ServicesThis chapter details information about the XSR’s suite of dialer functionality: Dial Ethernet Failov
Table of ContentsXSR-1805 User’s Guide xviiMultiple VRs Per Router...
136 XSR User’s GuideAsynchronous and Synchronous Support Chapter 8Configuring Dialer Services Addressing using numbered or unnumbered interfaces Out
XSR User’s Guide 137Chapter 8 Asynchronous and Synchronous SupportConfiguring Dialer ServicesAT Commands on Asynchronous PortsOn asynchronous ports, A
138 XSR User’s GuideAsynchronous and Synchronous Support Chapter 8Configuring Dialer ServicesDTR Dialing for Synchronous InterfacesDialer interfaces a
XSR User’s Guide 139Chapter 8 Implementing Dial ServicesConfiguring Dialer ServicesImplementing Dial ServicesDial services are provided by dialer inte
140 XSR User’s GuideImplementing Dial Services Chapter 8Configuring Dialer ServicesDialer ProfilesDialer profiles are comprised of virtual and physica
XSR User’s Guide 141Chapter 8 Implementing Dial ServicesConfiguring Dialer ServicesDialer StringsSetting dialer strings is straightforward but their c
142 XSR User’s GuideImplementing Dial Services Chapter 8Configuring Dialer ServicesPPP is the encapsulation method of choice for Dialer Services becau
XSR User’s Guide 143Chapter 8 Implementing Dial ServicesConfiguring Dialer ServicesFigure 20 Logical View of Dialer ProfilesFigure 20 illustrates ho
144 XSR User’s GuideImplementing Dial Services Chapter 8Configuring Dialer ServicesFigure 21 Sample Dialer TopologyFigure 21 illustrates three Diale
XSR User’s Guide 145Chapter 8 Implementing Dial ServicesConfiguring Dialer ServicesFigure 22 Dialer Profile of Destination (416) 123-4456As illustra
Table of Contentsxviii XSR-1805 User’s GuideLink Control Protocol (LCP)...
146 XSR User’s GuideImplementing Dial Services Chapter 8Configuring Dialer ServicesFigure 23 Dialer Profile of Destination (987) 231-2345Configuring
XSR User’s Guide 147Chapter 8 Implementing Dial ServicesConfiguring Dialer ServicesCreating and Configuring the Dialer Interface1 Enter interface dial
148 XSR User’s GuideImplementing Dial Services Chapter 8Configuring Dialer ServicesXSR(config-if<D0>)#ip address 10.1.1.1 255.0.0.0XSR(config-if
XSR User’s Guide 149Chapter 8 Implementing Dial ServicesConfiguring Dialer ServicesXSR(config-if<D1>)#ip address 10.10.10.1 255.255.255.0XSR(con
150 XSR User’s GuideOverview of Dial Backup Chapter 8Configuring Dialer ServicesXSR(config-if<D1>)#dialer map ip 10.10.10.3 9053617363XSR(config
XSR User’s Guide 151Chapter 8 Sequence of Backup EventsConfiguring Dialer Services4 With the interface down, all routes reachable through that interfa
152 XSR User’s GuideLink Failure Backup Example Chapter 8Configuring Dialer ServicesLink Failure Backup ExampleFigure 24 illustrates a local link fail
XSR User’s Guide 153Chapter 8 Configuring a Dialed Backup LineConfiguring Dialer ServicesConfiguring the Physical Interface for the Dialer InterfacePe
154 XSR User’s GuideConfiguring a Dialed Backup Line Chapter 8Configuring Dialer ServicesXSR(config)#interface serial 1/0XSR(config-if<S1/0)#dialer
XSR User’s Guide 155Chapter 8 Configuring a Dialed Backup LineConfiguring Dialer ServicesFigure 25 Backup Dial ExampleDialerPPPSerial InterfaceBacku
Table of ContentsXSR-1805 User’s Guide xixVirtual Circuits...
156 XSR User’s GuideConfiguring a Dialed Backup Line Chapter 8Configuring Dialer ServicesThe CLI commands shown below are those used to configure the
XSR User’s Guide 157Chapter 8 Overview of Dial on Demand/Bandwidth on DemandConfiguring Dialer ServicesOverview of Dial on Demand/Bandwidth on DemandT
158 XSR User’s GuideAnswering Incoming ISDN Calls Chapter 8Configuring Dialer ServicesAnswering Incoming ISDN CallsThe XSR handles incoming ISDN calls
XSR User’s Guide 159Chapter 8 Answering Incoming ISDN CallsConfiguring Dialer ServicesIncoming Call Mapping ExampleThis example, as shown in Figure 26
160 XSR User’s GuideAnswering Incoming ISDN Calls Chapter 8Configuring Dialer ServicesXSR(config-if<D1>)dialer pool 25XSR(config-if<D1>)en
XSR User’s Guide 161Chapter 8 Answering Incoming ISDN CallsConfiguring Dialer ServicesXSR(config)#interface dialer 1XSR(config-if<D1>)#no shutdo
162 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesXSR(config)#interface dialer 1XSR(config-if<D1>)#no shutdownXSR(conf
XSR User’s Guide 163Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesFigure 27 Dial on Demand TopologyNOTEConfiguration commands preceded by
164 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesXSR(config)#interface bri 1/0XSR(config-if<BRI-1/0>)#isdn switch-typ
XSR User’s Guide 165Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesThe following commands add a dial pool and map BRI interface 1/0 to Dialer
ii XSR User’s GuideNoticeEnterasys Networks reserves the right to make changes in specifications and other information contained in this document and
Table of Contentsxx XSR-1805 User’s GuideAsynchronous and Synchronous Support... 1
166 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesXSR(config-if<D1>)#encapsulation pppXSR(config-if<D1>)#dialer
XSR User’s Guide 167Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesThe following command maps ACL 105 to dialer group 7:XSR(config)#dialer-li
168 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesXSR(config-if<D1>)#dialer remote-name XSR-andoverXSR(config-if<D1
XSR User’s Guide 169Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesThe following command defines interesting packets for the dial out trigger
170 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesXSR(config-if<D1>)#ip address 172.22.85.1XSR(config-if<D1>)#pp
XSR User’s Guide 171Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesThe following commands add a dial pool and specifies the PPP authenticated
172 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesThe following commands define a dialer group, add a dialer pool, enable ML
XSR User’s Guide 173Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesMLPPP Point-to-Point ConfigurationsThe following MLPPP point-to-point topo
174 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesThe following commands add a dialer pool member and specify the primary-ni
XSR User’s Guide 175Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesMLPPP Point-to-Multipoint ConfigurationsThe following MLPPP point-to-multi
Table of ContentsXSR-1805 User’s Guide xxiDial Backup Features...
176 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesXSR(config-if<D1>)#ip address 172.22.85.1XSR(config-if<D1>)#pp
XSR User’s Guide 177Chapter 8 Configuring DoD/BoDConfiguring Dialer ServicesXSR(config-controller<T1-2/3>)#dialer pool-member 1XSR(config-contro
178 XSR User’s GuideConfiguring DoD/BoD Chapter 8Configuring Dialer ServicesNode B ConfigurationThe following commands add a dialer pool member and se
XSR User’s Guide 179Chapter 8 Switched PPP Multilink ConfigurationConfiguring Dialer ServicesSwitched PPP Multilink ConfigurationBandwidth-on-DemandTh
180 XSR User’s GuideSwitched PPP Multilink Configuration Chapter 8Configuring Dialer ServicesXSR(config-if<D1>)#ppp multilinkXSR(config-if<D1
XSR User’s Guide 181Chapter 8 Backup ConfigurationConfiguring Dialer ServicesBackup ConfigurationBackup Using ISDNThis example configures ISDN NIM car
182 XSR User’s GuideBackup Configuration Chapter 8Configuring Dialer ServicesThe following commands add a dialer pool, set Node C’s dialer number to c
XSR User’s Guide 183Chapter 8 Backup ConfigurationConfiguring Dialer ServicesThe following commands configure two channel groups with a total of three
184 XSR User’s GuideBackup Configuration Chapter 8Configuring Dialer ServicesXSR(config-if<S2/0:0>)#no shutdownXSR(config-if<S2/0:0>)#enca
XSR User’s Guide 185Chapter 8 Backup ConfigurationConfiguring Dialer ServicesXSR(config-if<D1>)#ppp multilinkXSR(config-if<D1>)#multilink
Table of Contentsxxii XSR-1805 User’s GuideDial-in Router Example ...
186 XSR User’s GuideBackup Configuration Chapter 8Configuring Dialer ServicesConfiguration for Ethernet FailoverThis example provides DSL backup (PPPo
XSR User’s Guide 1879Configuring Integrated ServicesDigital Network (ISDN)This chapter outlines how to configure the Integrated Services Digital Netwo
188 XSR User’s GuideISDN Features Chapter 9Configuring Integrated Services Digital Network (ISDN) 1 or 2 port BRI-S/T NIM card. 1 or 2 port BRI U NI
XSR User’s Guide 189Chapter 9 Understanding ISDNConfiguring Integrated Services Digital Network (ISDN)Understanding ISDNPhysically, an ISDN line is pr
190 XSR User’s GuideUnderstanding ISDN Chapter 9Configuring Integrated Services Digital Network (ISDN)The number of B-channels is limited by the size
XSR User’s Guide 191Chapter 9 Understanding ISDNConfiguring Integrated Services Digital Network (ISDN)Unlike the B-channel, which functions as a simpl
192 XSR User’s GuideUnderstanding ISDN Chapter 9Configuring Integrated Services Digital Network (ISDN)This explains the 56 in switched-56 services, wh
XSR User’s Guide 193Chapter 9 Understanding ISDNConfiguring Integrated Services Digital Network (ISDN)Bandwidth OptimizationThe XSR offers features wh
194 XSR User’s GuideUnderstanding ISDN Chapter 9Configuring Integrated Services Digital Network (ISDN)SecuritySecurity is another important element of
XSR User’s Guide 195Chapter 9 ISDN ConfigurationConfiguring Integrated Services Digital Network (ISDN)ISDN ConfigurationPRI interfaces share the T1/E1
Table of ContentsXSR-1805 User’s Guide xxiiiChapter 9 – Configuring Integrated Services Digital Network (ISDN)ISDN Features...
196 XSR User’s GuideISDN Configuration Chapter 9Configuring Integrated Services Digital Network (ISDN)BRI (Switched) Configuration ModelFigure 34, sho
XSR User’s Guide 197Chapter 9 ISDN ConfigurationConfiguring Integrated Services Digital Network (ISDN)The following example adds a dialer pool and gro
198 XSR User’s GuideISDN Configuration Chapter 9Configuring Integrated Services Digital Network (ISDN)XSR(config)#interface bri 1/2XSR(config-if<BR
XSR User’s Guide 199Chapter 9 ISDN ConfigurationConfiguring Integrated Services Digital Network (ISDN)The following T1 example adds a dialer pool and
200 XSR User’s GuideISDN Configuration Chapter 9Configuring Integrated Services Digital Network (ISDN)Leased-Line Configuration ModelThe BRI Leased Li
XSR User’s Guide 201Chapter 9 More Configuration ExamplesConfiguring Integrated Services Digital Network (ISDN)The following commands, as shown in Fig
202 XSR User’s GuideMore Configuration Examples Chapter 9Configuring Integrated Services Digital Network (ISDN)XSR(config-controller<T1-2/3>)#is
XSR User’s Guide 203Chapter 9 ISDN (ITU Standard Q.931) Call Status Cause CodesConfiguring Integrated Services Digital Network (ISDN)BRI Leased Frame
204 XSR User’s GuideISDN (ITU Standard Q.931) Call Status Cause Codes Chapter 9Configuring Integrated Services Digital Network (ISDN)11 More digits re
XSR User’s Guide 205Chapter 9 ISDN (ITU Standard Q.931) Call Status Cause CodesConfiguring Integrated Services Digital Network (ISDN)41 Temporary fail
Table of Contentsxxiv XSR-1805 User’s GuideISDN (ITU Standard Q.931) Call Status Cause Codes ... 207Ch
206 XSR User’s GuideISDN (ITU Standard Q.931) Call Status Cause Codes Chapter 9Configuring Integrated Services Digital Network (ISDN)79 Service or opt
XSR User’s Guide 207Chapter 9 ISDN (ITU Standard Q.931) Call Status Cause CodesConfiguring Integrated Services Digital Network (ISDN)127 Internetworki
XSR User’s Guide 20910Configuring Quality of ServiceOverviewIn a typical network, there are often many users and applications competing for limited sy
210 XSR User’s GuideFeatures Chapter 10Configuring Quality of ServiceFeaturesThe XSR’s support of QoS module allows you to: Classify traffic in diffe
XSR User’s Guide 211Chapter 10 Mechanisms to Provide QoSConfiguring Quality of ServiceThe following table describes typical traffic classification:The
212 XSR User’s GuideMechanisms to Provide QoS Chapter 10Configuring Quality of ServiceYou must perform three steps to configure a class-based classifi
XSR User’s Guide 213Chapter 10 Mechanisms to Provide QoSConfiguring Quality of ServiceDescribing the Policy MapThe policy statement in a QoS policy-ma
214 XSR User’s GuideMechanisms to Provide QoS Chapter 10Configuring Quality of Servicedefault comprises whatever remains after all other classes are s
XSR User’s Guide 215Chapter 10 Mechanisms to Provide QoSConfiguring Quality of ServiceConfiguring CBWFQCBWFQ is configured using the bandwidth command
Table of ContentsXSR-1805 User’s Guide xxvHow a Virtual Private Network Works ...233
216 XSR User’s GuideMechanisms to Provide QoS Chapter 10Configuring Quality of ServiceConfiguring Priority QueuesThe priority command configures prior
XSR User’s Guide 217Chapter 10 Mechanisms to Provide QoSConfiguring Quality of ServiceAssign the class frost to the priority queue:XSR(config)#policy-
218 XSR User’s GuideMechanisms to Provide QoS Chapter 10Configuring Quality of ServiceThe bucket for holding tokens for normal burst is refilled first
XSR User’s Guide 219Chapter 10 Mechanisms to Provide QoSConfiguring Quality of ServiceCongestion Control & AvoidanceDescribing Queue Size Control
220 XSR User’s GuideMechanisms to Provide QoS Chapter 10Configuring Quality of ServiceAfter a short delay, all sessions try to ramp up using slow-star
XSR User’s Guide 221Chapter 10 Mechanisms to Provide QoSConfiguring Quality of ServiceIn the following example, class bus has a minimum threshold of 4
222 XSR User’s GuideConfiguring QoS on an Interface Chapter 10Configuring Quality of ServiceSuggestions for Using QoS on the XSRThe XSR supports QoS o
XSR User’s Guide 223Chapter 10 Configuring QoS for Frame RelayConfiguring Quality of ServiceXSR(config-cmap<class2>)#match ip precedence 2Create
224 XSR User’s GuideConfiguring QoS for Frame Relay Chapter 10Configuring Quality of ServiceWhen there is no congestion each traffic class can use as
XSR User’s Guide 225Chapter 10 Configuring QoS for Frame RelayConfiguring Quality of ServiceConfigure map class parameters and apply the policy to the
Table of Contentsxxvi XSR-1805 User’s GuideClient...
XSR User’s Guide 22711Configuring the Virtual PrivateNetworkVPN OverviewAs it is most commonly defined, a Virtual Private Network (VPN) allows two or
228 XSR User’s GuideVPN Overview Chapter 11Configuring the Virtual Private Network Impersonation - Information passes to a person who poses as the in
XSR User’s Guide 229Chapter 11 VPN OverviewConfiguring the Virtual Private NetworkHow a Virtual Private Network WorksVPNs provide an advanced combinat
230 XSR User’s GuideEnsuring VPN Security with IPSec/IKE Chapter 11Configuring the Virtual Private NetworkEnsuring VPN Security with IPSec/IKEThe key
XSR User’s Guide 231Chapter 11 Ensuring VPN Security with IPSec/IKEConfiguring the Virtual Private NetworkThe IP Encapsulating Security Payload (ESP),
232 XSR User’s GuideEnsuring VPN Security with IPSec/IKE Chapter 11Configuring the Virtual Private NetworkUsing IPSec along with Network Address Trans
XSR User’s Guide 233Chapter 11 Describing Public-Key Infrastructure (PKI)Configuring the Virtual Private NetworkAs a general rule, longer encryption k
234 XSR User’s GuideDescribing Public-Key Infrastructure (PKI) Chapter 11Configuring the Virtual Private NetworkIt is possible to use your private key
XSR User’s Guide 235Chapter 11 Describing Public-Key Infrastructure (PKI)Configuring the Virtual Private NetworkMachine Certificates for the XSRCertif
Table of ContentsXSR-1805 User’s Guide xxviiEZ-IPSec Configuration ...
236 XSR User’s GuideDescribing Public-Key Infrastructure (PKI) Chapter 11Configuring the Virtual Private NetworkIt is also possible to delegate certif
XSR User’s Guide 237Chapter 11 Describing Public-Key Infrastructure (PKI)Configuring the Virtual Private NetworkFigure 41 Certificate Chain ExampleA
238 XSR User’s GuideDescribing Public-Key Infrastructure (PKI) Chapter 11Configuring the Virtual Private NetworkThe XSR will automatically verify the
XSR User’s Guide 239Chapter 11 DF Bit FunctionalityConfiguring the Virtual Private NetworkOnce retries are exhausted, the enrollment becomes invalid a
240 XSR User’s GuideVPN Applications Chapter 11Configuring the Virtual Private NetworkThis feature specifies whether the router can clear, set, or cop
XSR User’s Guide 241Chapter 11 VPN ApplicationsConfiguring the Virtual Private Network– Tunnels are more easily scalable in multiple router topologies
242 XSR User’s GuideVPN Applications Chapter 11Configuring the Virtual Private NetworkFigure 42 VPN Site-to-Site TopologyIt is important to note tha
XSR User’s Guide 243Chapter 11 VPN ApplicationsConfiguring the Virtual Private NetworkSite-to-Central-Site NetworksIn a Site-to-Central-Site applicati
244 XSR User’s GuideVPN Applications Chapter 11Configuring the Virtual Private NetworkClient ModeIn the Client scenario, a private LAN residing behind
XSR User’s Guide 245Chapter 11 VPN ApplicationsConfiguring the Virtual Private Networkon the corporate network. In this application the XSR must suppo
Table of Contentsxxviii XSR-1805 User’s GuideConfiguring DHCP Address Pools...
246 XSR User’s GuideVPN Applications Chapter 11Configuring the Virtual Private NetworkDepending on the protocol, the remote access scenario may requir
XSR User’s Guide 247Chapter 11 VPN ApplicationsConfiguring the Virtual Private NetworkOSPF CommandsThe same OSPF commands available for configuration
248 XSR User’s GuideVPN Applications Chapter 11Configuring the Virtual Private NetworkFigure 45 Site-to-Site Client Mode TopologyIn this scenario, y
XSR User’s Guide 249Chapter 11 VPN ApplicationsConfiguring the Virtual Private NetworkServer FastEthernet 1 interface: This is the trusted side of th
250 XSR User’s GuideVPN Applications Chapter 11Configuring the Virtual Private NetworkThe commands to configure this scenario are illustrated on page
XSR User’s Guide 251Chapter 11 VPN ApplicationsConfiguring the Virtual Private NetworkServerApply the same settings as in the site-to-site scenario us
252 XSR User’s GuideVPN Applications Chapter 11Configuring the Virtual Private NetworkConfiguring OSPF with Fail OverIn this scenario, the client init
XSR User’s Guide 253Chapter 11 VPN ApplicationsConfiguring the Virtual Private NetworkFigure 47 OSPF Used with FailoverTo test this configuration, a
254 XSR User’s GuideXSR VPN Features Chapter 11Configuring the Virtual Private NetworkAs mentioned earlier, OSPF may advertise a network’s reachabilit
XSR User’s Guide 255Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private Network Data integrity– MD5 and SHA-1 algorithms Internet P
Table of ContentsXSR-1805 User’s Guide xxixFragmented ICMP Traffic...
256 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private NetworkNext, perform the following: Generate a master key on
XSR User’s Guide 257Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private NetworkACL Configuration RulesConsider a few general rules wh
258 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private NetworkXSR(config)#interface FastEthernet2XSR(config-if<F2
XSR User’s Guide 259Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private NetworkXSR(config)#access-list 102 permit gre any anyXSR(conf
260 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private NetworkSecurity Policy ConsiderationsYou should be aware of t
XSR User’s Guide 261Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private NetworkCreating Crypto MapsCrypto maps filter and classify pa
262 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private NetworkXSR(config-crypto-m)#set transform-set esp-3des-shaXSR
XSR User’s Guide 263Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private Network– ip address and group set the IP address and usergrou
264 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private NetworkXSR(aaa-group)#wins server primary 112.16.1.16XSR(aaa-
XSR User’s Guide 265Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private Network Remove individual certificates using the following c
XSR User’s Guide iiiA plug and jack used to connect the XSR to the premises wiring and telephone network must comply with the applicable FCC Part 68
Table of Contentsxxx XSR-1805 User’s GuideAppendix A – Alarms/Events and System LimitsSystem Limits...
266 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private Network1 Begin by asking your CA administrator for your CA na
XSR User’s Guide 267Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private Network Fingerprint: D423E129 81904CE0 1E6D0FE0 A123A30
268 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private NetworkRemember that if you create a password, save it so it
XSR User’s Guide 269Chapter 11 VPN Configuration OverviewConfiguring the Virtual Private Network Valid To: 2003 Aug 29th, 16:01:58 GMT Subjec
270 XSR User’s GuideVPN Configuration Overview Chapter 11Configuring the Virtual Private Network Subject: MAILTO=SCEP, C=US, ST=MA, L=Andove
XSR User’s Guide 271Chapter 11 Configuring a Simple VPN Site-to-Site ApplicationConfiguring the Virtual Private Networktunnel + Names a site-to-site V
272 XSR User’s GuideConfiguring a Simple VPN Site-to-Site Application Chapter 11Configuring the Virtual Private Networkthe VPN. In the context of VPN
XSR User’s Guide 273Chapter 11 Configuring a Simple VPN Site-to-Site ApplicationConfiguring the Virtual Private Networklifetime. You can specify an SA
274 XSR User’s GuideConfiguring the VPN Using EZ-IPSec Chapter 11Configuring the Virtual Private NetworkXSR(config-crypto-m)#match address 130 + Appli
XSR User’s Guide 275Chapter 11 Configuring the VPN Using EZ-IPSecConfiguring the Virtual Private Network Supporting RIPv2 and OSPF through the tunnel
XSR User’s Guide xxxiAbout This GuideThis guide provides a general overview of the XSR hardware and software features. It describes how to configure
276 XSR User’s GuideConfiguring the VPN Using EZ-IPSec Chapter 11Configuring the Virtual Private NetworkXSR(config)#interface vpn 1 point-to-point+ Se
XSR User’s Guide 277Chapter 11 Configuration ExamplesConfiguring the Virtual Private NetworkConfiguration ExamplesXSR with VPN - Central GatewayIn thi
278 XSR User’s GuideConfiguration Examples Chapter 11Configuring the Virtual Private NetworkBegin by setting the XSR system time via SNTP. This config
XSR User’s Guide 279Chapter 11 Configuration ExamplesConfiguring the Virtual Private NetworkXSR(cfg-crypto-tran)set security-association lifetime kilo
280 XSR User’s GuideConfiguration Examples Chapter 11Configuring the Virtual Private NetworkXSR(config-int-vpn)#firewall disableXSR(config-int-vpn)#ip
XSR User’s Guide 281Chapter 11 Configuration ExamplesConfiguring the Virtual Private NetworkXSR(aaa-group)#dns server secondary 0.0.0.0XSR(aaa-group)#
282 XSR User’s GuideConfiguration Examples Chapter 11Configuring the Virtual Private NetworkConfigure the Network Extension Mode tunnel, site-to-site
XSR User’s Guide 283Chapter 11 Configuration ExamplesConfiguring the Virtual Private Networkservice timestamps log uptimeno service password-encryptio
284 XSR User’s GuideConfiguration Examples Chapter 11Configuring the Virtual Private Networkinterface FastEthernet0/0ip address 192.168.3.5 255.255.25
XSR User’s Guide 285Chapter 11 Configuration ExamplesConfiguring the Virtual Private NetworkXSR ConfigurationXSR(config)#access-list 120 permit ip 192
xxxii XSR User’s Guide Contents of the Guide About This Guide Chapter 10, Configuring Quality of Service, describes XSR support for QoS, including R
286 XSR User’s GuideInteroperability Profile for the XSR Chapter 11Configuring the Virtual Private NetworkInteroperability Profile for the XSRScenario
XSR User’s Guide 287Chapter 11 Interoperability Profile for the XSRConfiguring the Virtual Private Network SHA-1 ESP tunnel mode MODP group 2 (1024
288 XSR User’s GuideInteroperability Profile for the XSR Chapter 11Configuring the Virtual Private Network6 Configure IKE policy Safe for the Gateway
XSR User’s Guide 289Chapter 11 Interoperability Profile for the XSRConfiguring the Virtual Private NetworkReply from 172.23.9.5: 10msReply from 172.23
290 XSR User’s GuideInteroperability Profile for the XSR Chapter 11Configuring the Virtual Private NetworkGateway B connects the internal LAN 172.23.9
XSR User’s Guide 291Chapter 11 Interoperability Profile for the XSRConfiguring the Virtual Private Network2 Be sure that the XSR time setting is corre
292 XSR User’s GuideInteroperability Profile for the XSR Chapter 11Configuring the Virtual Private Network State: CA-AUTHENTICATED Version
XSR User’s Guide 293Chapter 11 Interoperability Profile for the XSRConfiguring the Virtual Private NetworkFor security reasons your password will not
294 XSR User’s GuideInteroperability Profile for the XSR Chapter 11Configuring the Virtual Private NetworkCA Certificate - PKItestca1 State:
XSR User’s Guide 29512Configuring DHCPOverview of DHCPThe Dynamic Host Configuration Protocol (DHCP) allocates and delivers configuration values, incl
XSR User’s Guide xxxiii About This Guide Conventions Used in This GuideConventions Used in This GuideThe following conventions are used in this guide
296 XSR User’s GuideFeatures Chapter 12Configuring DHCPFeaturesThe XSR offers the DHCP features: Persistent storage/database of network values for ne
XSR User’s Guide 297Chapter 12 How DHCP WorksConfiguring DHCPHow DHCP WorksDHCP’s client-server model defines a set of messages exchanged between two
298 XSR User’s GuideDHCP Services Chapter 12Configuring DHCPDHCP ServicesThe DHCP services comprising the Bindings Database, leases, network options,
XSR User’s Guide 299Chapter 12 DHCP ServicesConfiguring DHCPFor example, the server may choose the least recently assigned address. As a consistency c
300 XSR User’s GuideDHCP Services Chapter 12Configuring DHCPNested Scopes: IP Pool SubsetsAs mentioned earlier, one of the main functions of the DHCP
XSR User’s Guide 301Chapter 12 DHCP ServicesConfiguring DHCPScope CaveatKeep the following caveat in mind when configuring scopes: IP address pools ma
302 XSR User’s GuideDHCP CLI Commands Chapter 12Configuring DHCP2 Enter host address [mask | prefix-length] to specify the IP address and subnet mask
XSR User’s Guide 303Chapter 12 DHCP CLI CommandsConfiguring DHCP Create manual bindings of IP addresses and client hardware addresses - Manual bindin
304 XSR User’s GuideDHCP Set Up Overview Chapter 12Configuring DHCP Use ip dhcp ping timeout to specify the period the server must wait before timing
XSR User’s Guide 305Chapter 12 Configuration StepsConfiguring DHCPConfiguration StepsOnly four steps are required to minimally configure DHCP. They ar
xxxiv XSR User’s Guide Getting Help About This GuideGetting HelpFor additional support related to the XSR, contact Enterasys Networks using one of th
306 XSR User’s GuideConfiguration Steps Chapter 12Configuring DHCPXSR(config-dhcp-pool)#domain-name ets.enterasys.comNOTESome values can also be confi
XSR User’s Guide 307Chapter 12 DHCP Server Configuration ExamplesConfiguring DHCPDHCP Server Configuration ExamplesThe following examples configure DH
308 XSR User’s GuideDHCP Server Configuration Examples Chapter 12Configuring DHCPManual Binding with Class ExampleIn the following example, the single
XSR User’s Guide 309Chapter 12 DHCP Server Configuration ExamplesConfiguring DHCPDHCP Option ExamplesThe following sample DHCP option configurations i
XSR User’s Guide 31113Configuring Security on the XSRThis chapter describes the security options available on the XSR including the firewall feature s
312 XSR User’s GuideFeatures Chapter 13Configuring Security on the XSRAccess Control ListsAccess Control Lists (ACL) impose selection criteria for spe
XSR User’s Guide 313Chapter 13 FeaturesConfiguring Security on the XSRSmurf AttackA “smurf” attack involves an attacker sending ICMP echo requests fro
314 XSR User’s GuideFeatures Chapter 13Configuring Security on the XSRThis feature is always enabled, and the maximum number of TCP sessions allowed i
XSR User’s Guide 315Chapter 13 General Security PrecautionsConfiguring Security on the XSRThe attacker does not send any other packet, and the state m
XSR User’s Guide 11OverviewThis chapter briefly describes the functionality of the XSR. Refer to the following chapters in this manual for details on
316 XSR User’s GuideAAA Services Chapter 13Configuring Security on the XSR Create ACLs to direct services to appropriate servers only Enable packet
XSR User’s Guide 317Chapter 13 AAA ServicesConfiguring Security on the XSR Deleting the only privilege-15 user with Telnet or SSH policy is disallowe
318 XSR User’s GuideAAA Services Chapter 13Configuring Security on the XSRWhile most of these parameters are self-explanatory, the policy value is imp
XSR User’s Guide 319Chapter 13 AAA ServicesConfiguring Security on the XSR5 Install a freeware program such as PuTTY on your client device. If you loa
320 XSR User’s GuideAAA Services Chapter 13Configuring Security on the XSR8 Enter aaa user <name> to create an authenticated user and acquire AA
XSR User’s Guide 321Chapter 13 Firewall Feature Set OverviewConfiguring Security on the XSRFirewall Feature Set OverviewA firewall is defined generall
322 XSR User’s GuideFirewall Feature Set Overview Chapter 13Configuring Security on the XSRFigure 54 XSR Firewall TopologyThere are many possible ne
XSR User’s Guide 323Chapter 13 Firewall Feature Set OverviewConfiguring Security on the XSRWhile this flexibility is useful, it emphasizes the fact th
324 XSR User’s GuideFirewall Feature Set Overview Chapter 13Configuring Security on the XSR Filter bad packets and bad contents to protect internal h
XSR User’s Guide 325Chapter 13 XSR Firewall Feature Set FunctionalityConfiguring Security on the XSRAdditionally, a stateful inspection firewall provi
2 XSR User’s GuideChapter 1Overview Serial Interface - The XSR’s NIM serial interface typically supports protocols such as PPP. The serial interface
326 XSR User’s GuideXSR Firewall Feature Set Functionality Chapter 13Configuring Security on the XSRFiltering non TCP/UDP packets - Non TCP and UDP IP
XSR User’s Guide 327Chapter 13 XSR Firewall Feature Set FunctionalityConfiguring Security on the XSRApplication Level Gateway - Support for FTP and H.
328 XSR User’s GuideXSR Firewall Feature Set Functionality Chapter 13Configuring Security on the XSRAlarm Logging - The XSR supports Console and Syslo
XSR User’s Guide 329Chapter 13 XSR Firewall Feature Set FunctionalityConfiguring Security on the XSR– If no syslog server is configured, alarms will c
330 XSR User’s GuideFirewall CLI Commands Chapter 13Configuring Security on the XSR2 The XSR’s AAA functionality talks to an authentication server or
XSR User’s Guide 331Chapter 13 Firewall CLI CommandsConfiguring Security on the XSRCAUTIONUse care not to overlap internal and external address ranges
332 XSR User’s GuideFirewall CLI Commands Chapter 13Configuring Security on the XSR– You should set a rule at the end of your configuration to handle
XSR User’s Guide 333Chapter 13 Firewall CLI CommandsConfiguring Security on the XSR Load - Installs the completed firewall configuration in the XSR’s
334 XSR User’s GuideFirewall CLI Commands Chapter 13Configuring Security on the XSR– Level 3: Error - abnormal and deny alarms are logged if system lo
XSR User’s Guide 335Chapter 13 Firewall LimitationsConfiguring Security on the XSRFirewall LimitationsConsider the following caveats regarding firewal
XSR User’s Guide 3Chapter 1Overview Quality of Service - The XSR provides traffic classification using IP Precedence and DSCP bits, bandwidth control
336 XSR User’s GuideFirewall Limitations Chapter 13Configuring Security on the XSR Session Timeouts - Idle timeout defaults for the three firewall se
XSR User’s Guide 337Chapter 13 Firewall LimitationsConfiguring Security on the XSRpackets, NAT is performed before firewall inspection. Firewall rules
338 XSR User’s GuidePre-configuring the Firewall Chapter 13Configuring Security on the XSRPre-configuring the FirewallWe recommend you consider the fo
XSR User’s Guide 339Chapter 13 Configuration ExamplesConfiguring Security on the XSR Load the configuration in the firewall engine Enable or disable
340 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRFigure 57 XSR with Firewall TopologyBegin by configuring network
XSR User’s Guide 341Chapter 13 Configuration ExamplesConfiguring Security on the XSRXSR(config)#ip firewall policy exttodmzsmtp ANY_EXTERNAL dmz SMTP
342 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRXSR with Firewall, PPPoE and DHCPIn this scenario, shown in Figure
XSR User’s Guide 343Chapter 13 Configuration ExamplesConfiguring Security on the XSRXSR(config-if)#ip address negotiatedXSR(config-if)#ip mtu 1492XSR(
344 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRTrial load the completed configuration into the firewall engine, a
XSR User’s Guide 345Chapter 13 Configuration ExamplesConfiguring Security on the XSRFigure 59 XSR Firewall, VPN and OSPF TopologyBegin by setting th
346 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRXSR(config-isakmp-peer)#proposal xp soho p2pXSR(config-isakmp-peer
XSR User’s Guide 347Chapter 13 Configuration ExamplesConfiguring Security on the XSRXSR(config-ifF2>)#crypto map testXSR(config-ifF2>)#ip addres
348 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRXSR(aaa-group)#pptp compressionXSR(aaa-group)#pptp encrypt mppe 12
XSR User’s Guide 349Chapter 13 Configuration ExamplesConfiguring Security on the XSRXSR(aaa-method-radius)#enableXSR(aaa-method-radius)#group DEFAULTX
350 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRXSR(config)#ip firewall network ospf 224.0.0.5 224.0.0.6 internalX
XSR User’s Guide 351Chapter 13 Configuration ExamplesConfiguring Security on the XSRWrite policies permitting RADIUS and all TCp and UDP traffic from
352 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRGlobally enable the firewall. Even though you have configured and
XSR User’s Guide 353Chapter 13 Configuration ExamplesConfiguring Security on the XSRXSR(aaa-method-radius)#address ip-address 10.10.10.1XSR(aaa-method
354 XSR User’s GuideConfiguration Examples Chapter 13Configuring Security on the XSRXSR(config)#access-list 1 permit 192.168.10.0 0.0.0.255XSR(config)
XSR User’s Guide 359AAlarms/Events and System LimitsThis appendix describes the configuration and memory limits of the XSR as well as system High, Med
XSR User’s Guide 52Managing the XSRThe XSR can be managed via three interfaces with varying levels of control: the Command Line Interface (CLI) for fu
360 XSR User’s GuideSystem Limits Appendix AAlarms/Events and System LimitsOSPF LSA type 4 500 3500 100OSPF LSA type 5 750 3500 750OSPF LSA type 7 250
XSR User’s Guide 361Appendix A System LimitsAlarms/Events and System LimitsDialer map classes 192 192 64 with Routing & VPN or Routing & Firew
362 XSR User’s GuideAlarms and Events Appendix AAlarms/Events and System LimitsAlarms and EventsThe XSR exhibits the following alarm logging behavior:
XSR User’s Guide 363Appendix A Alarms and EventsAlarms/Events and System LimitsT1E1 LOF alarm on receiver cleared. Indicates that T1/E1 physical port
364 XSR User’s GuideAlarms and Events Appendix AAlarms/Events and System LimitsISDN %s Layer 2 Terminal %d is DOWN %s Layer 2 Terminal %d
XSR User’s Guide 365Appendix A Alarms and EventsAlarms/Events and System LimitsFrame Relay Serial a/b:d.e, station DOWN, DLCI nnnnThe network reports
366 XSR User’s GuideAlarms and Events Appendix AAlarms/Events and System LimitsETH1_DRIV Device not found This alarm most likely occurs because of a h
XSR User’s Guide 367Appendix A Alarms and EventsAlarms/Events and System LimitsCLI CLI Config mode released by user <username>When a user (unkno
368 XSR User’s GuideAlarms and Events Appendix AAlarms/Events and System LimitsRefer to the table below for all Medium severity alarms and events repo
XSR User’s Guide 369Appendix A Alarms and EventsAlarms/Events and System LimitsT1E1 PCI device failure (Device/Port: card number/port number).Error in
iv XSR User’s GuideIndustry Canada NoticesThis digital apparatus does not exceed the class A limits for radio noise emissions from digital apparatus s
6 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRCAUTIONWhen you enable the Console port as a WAN port, you can no long
370 XSR User’s GuideAlarms and Events Appendix AAlarms/Events and System LimitsT1 ERROR: Shared memory allocation failed for Receive Free Queue.Error
XSR User’s Guide 371Appendix A Alarms and EventsAlarms/Events and System LimitsPPP PPP MS-CHAP authentication failed while authenticating remote peer&
372 XSR User’s GuideAlarms and Events Appendix AAlarms/Events and System LimitsISDN Call <BRI | Serial card/port:channel> Disconnected from <
XSR User’s Guide 373Appendix A Alarms and EventsAlarms/Events and System LimitsRefer to the table below for all Low severity alarms and events reporte
374 XSR User’s GuideAlarms and Events Appendix AAlarms/Events and System LimitsT1E1 Receive AIS cleared. Indicates that T1/E1 physical port is not det
XSR User’s Guide 375Appendix A Alarms and EventsAlarms/Events and System LimitsT1 Stop controller failed for slot/card/port. Stop command sent to driv
376 XSR User’s GuideFirewall and NAT Alarms and Reports Appendix AAlarms/Events and System LimitsFirewall and NAT Alarms and ReportsThe XSR reports lo
XSR User’s Guide 377Appendix A Firewall and NAT Alarms and ReportsAlarms/Events and System Limits2 - CRIT Init: Error reading NAT Mapper table3 - ERRO
378 XSR User’s GuideFirewall and NAT Alarms and Reports Appendix AAlarms/Events and System Limits1 - ALERT IP fragment offset plus length exceeds the
XSR User’s Guide 379Appendix A Firewall and NAT Alarms and ReportsAlarms/Events and System Limits2 - CRIT Init: Failed to allocate memory for CLS Cont
XSR User’s Guide 7Chapter 2 Utilizing the Command Line InterfaceManaging the XSRThat is, if the first four sessions are regular users, the fifth sessi
380 XSR User’s GuideFirewall and NAT Alarms and Reports Appendix AAlarms/Events and System Limits3 - ERROR Deny: No filter for %s, %IP_23 - ERROR Deny
XSR User’s Guide 381Appendix A Firewall and NAT Alarms and ReportsAlarms/Events and System Limits3 - ERROR Internal error3 - ERROR IP fragment cache e
382 XSR User’s GuideFirewall and NAT Alarms and Reports Appendix AAlarms/Events and System Limits4 - WARNING CLS blocked FTP request, command: %CMD %I
XSR User’s Guide 383Appendix A Firewall and NAT Alarms and ReportsAlarms/Events and System Limits4 - WARNING Permit: TCP Con_Req, %IP_P24 - WARNING Pe
8 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRAccessing the Initial PromptThe CLI is protected by security. Before y
XSR User’s Guide 9Chapter 2 Utilizing the Command Line InterfaceManaging the XSR Command Abbreviation: You can abbreviate commands and keywords to th
10 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSR CLI Terminal Editing Command Keys: Refer to the following table for
XSR User’s Guide 11Chapter 2 Utilizing the Command Line InterfaceManaging the XSRSetting CLI Configuration ModesThe CLI provides modes of operation pe
12 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRFigure 1 Sample Configuration Mode TreeThe footnotes below refer to
XSR User’s Guide 13Chapter 2 Utilizing the Command Line InterfaceManaging the XSRUser EXEC ModeYou enter User EXEC (or simply EXEC) mode after logging
14 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRExiting From the Current ModeEach of these commands exits from your m
XSR User’s Guide 15Chapter 2 Utilizing the Command Line InterfaceManaging the XSRIn the following example:show interface [dialer | fastEthernet/gigabi
XSR User’s Guide vVCCI NoticeThis is a class A product based on the standard of the Voluntary Control Council for Interference by Information Technolo
16 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRDescribing Ports and InterfacesThis section describes ports and inter
XSR User’s Guide 17Chapter 2 Utilizing the Command Line InterfaceManaging the XSRX.25 PVC/SVCs forming a sub-interface and one or more VCs of ATM form
18 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRSetting Port Configuration ModeThe configuration mode setting for por
XSR User’s Guide 19Chapter 2 Utilizing the Command Line InterfaceManaging the XSR T1-PRI (ISDN) Examplecontroller t1 1/0/0 + Begins configuring PRI N
20 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRchannel-group 0 timeslots 1-10 speed 64channel-group 1 timeslots 11-2
XSR User’s Guide 21Chapter 2 Utilizing the Command Line InterfaceManaging the XSRSwitched: When configuring a switched BRI connection, three serialsub
22 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRwhere arp is the command and type of table to be filled or modified,
XSR User’s Guide 23Chapter 2 Utilizing the Command Line InterfaceManaging the XSRfirst creates an arp entry of 1.1.1.1 associated with MAC address e45
24 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRDisabling an InterfaceAn interface can be administratively disabled w
XSR User’s Guide 25Chapter 2 Utilizing the Command Line InterfaceManaging the XSRManaging Message LogsMessages produced by the XSR, whether alarms or
vi XSR User’s GuideAustralian TelecomWARNING: Do not install phone line connections during an electrical storm.WARNING: Do not connect phone line unti
26 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRPerforming Fault ManagementWhen a software problem causes the XSR’s p
XSR User’s Guide 27Chapter 2 Utilizing the Command Line InterfaceManaging the XSRManaging the System ConfigurationThe XSR’s system configuration consi
28 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRUsing the Default ButtonYou can also boot up from the factory default
XSR User’s Guide 29Chapter 2 Utilizing the Command Line InterfaceManaging the XSR If you want to convert your startup configuration into the running
30 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRDownloading the ConfigurationDownloading transfers a script file remo
XSR User’s Guide 31Chapter 2 Utilizing the Command Line InterfaceManaging the XSRCreating Alternate Configuration FilesThe XSR permits you to create m
32 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRBootRom Upgrade ChoicesThere are two methods available to upgrade you
XSR User’s Guide 33Chapter 2 Utilizing the Command Line InterfaceManaging the XSRUsing the Bootrom Update UtilityThe Bootrom update utility upgrades t
34 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRCopy 'tftpDir/bootrom2_01.fls' from server as 'bootrom
XSR User’s Guide 35Chapter 2 Utilizing the Command Line InterfaceManaging the XSRXSR-1805#more boot-configupdateBootrom.flsXSR-1805#more restore-boot-
XSR User’s Guide vii(i) Reverse engineer, decompile, disassemble or modify the Program, in whole or in part, including for reasons of error correction
36 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRIn summary, when upgrading 1.x to 2.x Bootrom versions only, you must
XSR User’s Guide 37Chapter 2 Utilizing the Command Line InterfaceManaging the XSR6 Verify the network boot values using the sn command. For example:XS
38 XSR User’s GuideUtilizing the Command Line Interface Chapter 2Managing the XSRProgramming 131072(0x20000) bytes at address 0xfff20000Programming 13
XSR User’s Guide 39Chapter 2 Utilizing the Command Line InterfaceManaging the XSRwithout valid software in flash: and should not be reloaded or powere
40 XSR User’s GuideNetwork Management through SNMP Chapter 2Managing the XSRNetwork Management through SNMPXSR system monitoring provides for the SNMP
XSR User’s Guide 41Chapter 2 Network Management through SNMPManaging the XSRVariables to be configured include: community name, traps, and host. SNMP
42 XSR User’s GuideAccessing the XSR Through the Web Chapter 2Managing the XSRAccessing the XSR Through the WebThe XSR via a browser but provide a cur
XSR User’s Guide 43Chapter 2 Network Management ToolsManaging the XSRUsing SNMP for DownloadsYou can use an SNMP manager to download or upload firmwar
44 XSR User’s GuideNetwork Management Tools Chapter 2Managing the XSRSoftware Image DownloadThe NetSight Remote Administrator application can download
XSR User’s Guide 453Managing LAN/WAN InterfacesOverview of LAN InterfacesThe XSR supports two 10/100 Base-T FastEthernet ports on the XSR 1800 Series
viii XSR User’s Guide6) DISCLAIMER OF WARRANTY. EXCEPT FOR THOSE WARRANTIES EXPRESSLY PROVIDED TO YOU IN WRITING BY ENTERASYS, ENTERASYS DISCLAIMS ALL
46 XSR User’s GuideConfiguring the LAN Chapter 3Managing LAN/WAN Interfaces Packet filtering - the interface will receive:– All broadcast packets– Al
XSR User’s Guide 47Chapter 3 MIB StatisticsManaging LAN/WAN InterfacesMIB StatisticsThe following table reflects MIB-II (RFC-1213) port statistics col
48 XSR User’s GuideOverview of WAN Interfaces Chapter 3Managing LAN/WAN InterfacesOverview of WAN InterfacesThe XSR supports as many as six serial car
XSR User’s Guide 49Chapter 3 Configuring the WANManaging LAN/WAN Interfaces– 7200 Kbps– 9600 Kbps (default)– 14400 Kbps– 19200 Kbps– 28800 Kbps– 38400
50 XSR User’s GuideConfiguring the WAN Chapter 3Managing LAN/WAN InterfacesXSR(config-if<S1/0:1>)#no shutdownThe following example configures th
XSR User’s Guide 514Configuring T1/E1 InterfacesOverviewThe XSR provides a T1/E1 subsystem on a single NIM-based I/O card with a maximum of two instal
52 XSR User’s GuideConfiguring Channelized T1/E1 Interfaces Chapter 4Configuring T1/E1 Interfaces Line encoding - T1: AMI, B8ZS; E1: AMI, HDB3 Data
XSR User’s Guide 53Chapter 4 Configuring Channelized T1/E1 InterfacesConfiguring T1/E1 Interfaces4 Specify the controller's line encoding type:XS
54 XSR User’s GuideTroubleshooting T1/E1 Links Chapter 4Configuring T1/E1 InterfacesTroubleshooting T1/E1 LinksThis section describes general procedur
XSR User’s Guide 55Chapter 4 Troubleshooting T1/E1 LinksConfiguring T1/E1 InterfacesAs shown in Figure 4, three troubleshooting actions are defined:
XSR User’s Guide ix12) WAIVER. A waiver by Enterasys of a breach of any of the terms and conditions of this Agreement must be in writing and will not
56 XSR User’s GuideTroubleshooting T1/E1 Links Chapter 4Configuring T1/E1 InterfacesWhen a T1/E1 controller (port) is created with an associated chann
XSR User’s Guide 57Chapter 4 Troubleshooting T1/E1 LinksConfiguring T1/E1 InterfacesComplete the following steps if the receiver has a loss of signal:
58 XSR User’s GuideTroubleshooting T1/E1 Links Chapter 4Configuring T1/E1 InterfacesReceive Remote Alarm Indication (RAI - Yellow Alarm)1 Insert an ex
XSR User’s Guide 59Chapter 4 Troubleshooting T1/E1 LinksConfiguring T1/E1 InterfacesFigure 7 T1/E1 Alarm Analysis Troubleshooting Actions Flow (cont
60 XSR User’s GuideTroubleshooting T1/E1 Links Chapter 4Configuring T1/E1 InterfacesT1/E1 Error Events AnalysisThis section describes various error ev
XSR User’s Guide 61Chapter 4 Troubleshooting T1/E1 LinksConfiguring T1/E1 InterfacesNOTEStatistics displayed with the show controllers command are res
XSR User’s Guide 635Configuring IPOverviewThis document describes the IP protocol suite functionality offered by the XSR including: General IP featur
64 XSR User’s GuideGeneral IP Features Chapter 5Configuring IP Ethernet 802.3 support of SNAP and DIX frame format Internet Standard Subnetting Proc
XSR User’s Guide 65Chapter 5 General IP FeaturesConfiguring IP IP Interface– Numbered interfaces– Un-numbered interfaces on point to point links– NBM
Kommentare zu diesen Handbüchern