Canoga-perkins 9171 Configuration Guide User Manual

CanogaOS Configuration Guide Model 9170 Model 9171

CanogaOS Configuration Guide vi26.2 Set up LDP connection...26-1 26.3 Conf

CanogaOS Configuration Guide 17-117 Configuring OSPF 17.1 Overview OSPF is an Interior Gateway Protocol (IGP) designed expressly for IP networks, su

CanogaOS Configuration Guide17-2DUT# configure terminal Enter the Configure mode. associated with a specific OSPF area. The area ID can be a decimal

CanogaOS Configuration Guide 17-3R2 DUT# configure terminal Enter the Configure mode DUT (config)# router ospf 200 Configure the Routing proc

CanogaOS Configuration Guide 17-4DUT(config)# interface eth-0-1 Specify the interface (eth-0-1) to be configured. DUT (config-router)# network 10.10

CanogaOS Configuration Guide 17-5 Figure 17-3: OSPF Area Configurations R1 DUT# configure terminal Enter the Configure mode. DUT(config)# router o

CanogaOS Configuration Guide 17-6DUT# configure terminal Enter the Configure mode DUT (config)# router ospf 200 Configure the Routing process and

CanogaOS Configuration Guide 17-7DUT# configure terminal Enter the Configure mode. DUT(config)# router ospf 100 Configure the Routing process

CanogaOS Configuration Guide 17-8DUT# configure terminal Enter the Configure mode. DUT(config)# router ospf 100 Configure the Routing process and

CanogaOS Configuration Guide 17-9R3 has temporarily lost connection to Area 0 disconnecting Area 2 from the backbone area. The virtual link between A

CanogaOS Configuration Guide 17-10DUT(config)# interface loopback 20 Specify loopback as the interface you want to configure DUT(config-if)# ip addr

CanogaOS Configuration Guide vii30.3.3 Configurations on PE3 ...30-6 30.3.4 Configurat

CanogaOS Configuration Guide 17-11 Figure 17-7: OSPF Authentication Configurations R1 DUT# configure terminal Enter the Configure mode. DUT(config)#

CanogaOS Configuration Guide17-12DUT# configure terminal Enter the Configure mode. DUT(config-router)# network 10.10.10.0/24 area 0 DUT(config-r

CanogaOS Configuration Guide18-118 Configuring BGP 18.1 Overview The Border Gateway Protocol (BGP) is an inter-Autonomous System routing protocol. T

CanogaOS Configuration Guide18-2Figure 18-2: EBGP Topology Following is the BGP configurations on Router A and Router B: 18.2.1 Configuration steps 1

CanogaOS Configuration Guide18-318.2.3 Router B DUT#configure terminal Enter the Configure mode. DUT(config)#interface eth-0-13 Specify the interfa

CanogaOS Configuration Guide18-4Last Reset: 00:00:35, due to BGP Notification sent Notification Error Message: (CeaseUnspecified Error Subcode) DUT#

CanogaOS Configuration Guide18-5Total number of prefixes 4 DUT#show ip route Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP

CanogaOS Configuration Guide18-6DUT#configure terminal Enter the Configure mode. DUT(config-if) # no switchport Configure on physical port only, ch

CanogaOS Configuration Guide 18-718.3.3 Router B DUT#configure terminal Enter the Configure mode. DUT(config)#interface eth-0-13 Specify the interf

CanogaOS Configuration Guide18-8 For address family: IPv4 Unicast BGP table version 12, neighbor version 12 Index 1, Offset 0, Mask 0x2 Commun

CanogaOS Configuration Guide viii36.1 Configuration DHCP Relay...36-1 36.1.1 Ove

CanogaOS Configuration Guide18-9Nexthop global: :: Nexthop local: :: BGP connection: non shared network DUT#show ip bgp ipv4 unicast BGP table vers

CanogaOS Configuration Guide19-119 Configuring Route-map This chapter describes how to configure route-map. 19.1 Understanding Route-map Route-map i

CanogaOS Configuration Guide 19-2Command Description route-map abc redistribute command in OSPF. DUT(config-router)# end Exit the OSPF mode and ret

CanogaOS Configuration Guide19-3Command Description DUT1(config-router)# neighbor 1.1.1.2 route-map abc out Configure to apply the route-map abc to o

CanogaOS Configuration Guide20-120 Configuring VRRP 20.1 Overview This chapter provides an overview of Virtual Router Redundancy Protocol (VRRP) and

CanogaOS Configuration Guide 20-220.4 VRRP Process Typically, end hosts are connected to the enterprise network through a single router (first hop r

CanogaOS Configuration Guide20-320.5 Limitations The VRRP RFC specifies that the master-down-timer is a fraction that is always <1. The Linux oper

CanogaOS Configuration Guide 20-4DUT# configure terminal Enter the Configure mode. DUT(config)#router vrrp 1 Create a new VRRP session on the route

CanogaOS Configuration Guide 20-5 R2 DUT# configure terminal Enter the Configure mode. DUT(config)#router vrrp 1 Create a new VRRP session on the r

CanogaOS Configuration Guide20-620.6.3 Outputs The following outputs on R1and R2 display the complete configuration for each session on R1 and R2. In

CanogaOS Configuration Guideix43 Configuring System Time and Date...43-1 43.1 Setting th

CanogaOS Configuration Guide 20-720.6.5 Sample Configuration The following scenario explains this feature. To configure VRRP Circuit Failover, each

CanogaOS Configuration Guide20-8DUT# configure terminal Enter the Configure mode. eth-0-2 20 priority-delta value is subtracted from the current VR

CanogaOS Configuration Guide 21-121 Configuring VRRP Remote Tracking 21.1 Configuring IP SLA This chapter describes how to configure IP SLA. 21.1.1

CanogaOS Configuration Guide 21-2Command Description DUT(config)#exit Exit the Configure mode. Validation Commands To display the ICMP echo configu

CanogaOS Configuration Guide 21-3 Validation Commands To display the track interface linkstate configuration, use the show track privileged EXEC com

CanogaOS Configuration Guide 21-4 Command Description is down. DUT(config-track)# delay up 30 (Optional)Configure the track object parameters: speci

CanogaOS Configuration Guide21-5 Delta pri : 30 Master router ip : 172.16.10.1 Master priority : 70 Master advt ti

CanogaOS Configuration Guide 22-122 Configuring IGMP Snooping 22.1 Overview Layer 2 switches can use IGMP snooping to constrain the flooding of mul

CanogaOS Configuration Guide 22-2DUT>enable Enter Privilege Exec mode DUT#configure terminal Enter Configuration mode DUT(config)#ip igmp snoopi

CanogaOS Configuration Guide22-3DUT>enable Enter Privilege Exec mode DUT(config)# ip igmp snooping report-suppression Enable igmp snooping repor

CanogaOS Configuration Guide x48 Configuring SNMP...48-1 48.1

CanogaOS Configuration Guide 23-123 Configuring MVR 23.1 Overview Multicast VLAN Registration (MVR) is designed for applications using wide-scale de

CanogaOS Configuration Guide23-223.1.2 Topology Figure 23-1: MVR Topology 23.1.3 Configurations Purpose Enable IGMP&PIM-SM in the interface of e

CanogaOS Configuration Guide23-3DUT# configure terminal Enter the configure mode DUT(config-vlan) # vlan 111,10,30 Creat vlan 111,10,30 DUT(config-

CanogaOS Configuration Guide 24-124 Configuring IP Multicast-Routing 24.1 Multicast Overview Multicast protocols allow a group or channel to be acc

CanogaOS Configuration Guide 24-2might be destined to the group IP address rather than to the all-routers address. 24.2.1 References The IGMP module

CanogaOS Configuration Guide 24-3DUT>enable Enter Privilege Exec mode DUT(config)#interface eth-0-1 Enter interface eth-0-1 DUT(config-if)#ip

CanogaOS Configuration Guide 24-4conserve bandwidth, and reduces traffic by simultaneously delivering a single stream of information to multiple loca

CanogaOS Configuration Guide24-5Downstream Away from the root of the tree. The root of tree might be either the Source or the RP. Source-Based Trees

CanogaOS Configuration Guide24-6Determining the RP PIM-SM uses a BootStrap Router (BSR) to originate Bootstrap messages, and to disseminate RP inform

CanogaOS Configuration Guide24-7Source and Group lists of the group. Forwarding Multicast Packets PIM-SM routers forward multicast traffic onto all

CanogaOS Configuration Guide 1-11 Configuring Interface Ethernet interface operate in 10, 100, or 1000 Mbps speed and in full or half duplex mode. Th

CanogaOS Configuration Guide24-8 ip pim rp-address 10.10.1.5 ! Configure all the routers with the same ip pim rp-address 10.10.1.5 command as shown

CanogaOS Configuration Guide24-9 At Router_E, eth-0-2 is the incoming interface of the (*, G) entry, and eth-0-1 is on the outgoing interface list of

CanogaOS Configuration Guide 24-10interface eth-0-1 ip pim sparse-mode ! interface eth-0-2 ip pim sparse-mode ! ip pim rp-candidate eth-0-1 The high

CanogaOS Configuration Guide24-11 For all senders to reach all receivers, all routers in the domain use the same mappings of group addresses to RP ad

CanogaOS Configuration Guide 24-12DUT2>enable Enter Privilege Exec mode DUT2(config)# ip pim bsr-candidate eth-0-1 10 25 Configure eth-0-1 of rt

CanogaOS Configuration Guide 24-13Info source: 20.0.1.11, via bootstrap, priority 0 Uptime: 00:00:30, expires: 00:02:04 Verify RP-set informatio

CanogaOS Configuration Guide 25-125 Configuring VRF lite 25.1 VRF and VRF Lite Overview In the MPLS-VPN model a VPN is defined as a collection of

CanogaOS Configuration Guide 25-225.2 Customer to Customer Edge 25.2.1 Topology Switch B(C2)Switch A(C1)Switch C(C3)1.1.1.01.1.1.02.2.2.0eth-0-13et

CanogaOS Configuration Guide 25-3DUT1(config)#interface eth-0-13 DUT1(config-if)#no switchport DUT1(config-if)#no shutdown DUT1(config-if)#ip addre

CanogaOS Configuration Guide 25-4On Switch D, enable RIP and configure VRF DUT1>enable DUT1#configure terminal Enter configuration commands, on

CanogaOS Configuration Guide 1-2 1.2.2 Configurations Bridge 1 DUT#configure terminal Enter the Configure mode. DUT(config)#interface eth-0-1 En

CanogaOS Configuration Guide 25-564 bytes from 4.4.4.1: icmp_seq=1 ttl=63 time=240 ms 64 bytes from 4.4.4.1: icmp_seq=2 ttl=63 time=261 ms 64 bytes

CanogaOS Configuration Guide25-6Check the route on Switch D in different VRFs DUT1#show ip route vrf vpn1 Codes: K - kernel, C - connected, S - stati

CanogaOS Configuration Guide 25-7rtt min/avg/max/mdev = 115.059/131.204/144.576/12.363 ms, pipe 2 DUT1#ping vrf vpn2 4.4.4.1 connect: Network is unr

CanogaOS Configuration Guide 25-8DUT1(config)#ip vrf vpn1 DUT1(config-vrf)#exit DUT1(config)#ip vrf vpn2 DUT1(config-vrf)#exit DUT1(config)#interf

CanogaOS Configuration Guide 25-9DUT1(config-if)#no shutdown DUT1(config-if)#ip vrf forwarding vpn3 DUT1(config-if)#ip address 1.1.1.1/24 DUT1(confi

CanogaOS Configuration Guide25-10DUT1(config-if)#ip address 3.3.3.2/24 DUT1(config-if)#exit DUT1(config)#router rip DUT1(config-router)#address-fami

CanogaOS Configuration Guide25-11Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSP

CanogaOS Configuration Guide 25-12 [*] - [AD/Metric] * - candidate default R 1.1.1.0/24 [120/2] via 2.2.2.1, vlan3, 00:25:58 C

CanogaOS Configuration Guide26-126 Configuring LDP 26.1 Overview This chapter describes how to configure LDP. A fundamental concept in MPLS is that

CanogaOS Configuration Guide26-2Command Description DUT1#configure terminal Enter the Configure mode. DUT1(config)# interface eth-0-17 Enter the In

CanogaOS Configuration Guide 1-3 DUT#configure terminal Enter the Configure mode. DUT#show interface status Display interface duplex. 1.3.3 Validat

CanogaOS Configuration Guide 26-3 Command Description DUT1(config-router)#network 11.11.1.1/16 Associate networks with the RIP process. Validation

CanogaOS Configuration Guide 26-4 Show result on lsr-b DUT1# show mpls ilm-forwarding FEC I/O Label Nexthop Out-I

CanogaOS Configuration Guide27-127 Configuring BGP/MPLS VPN 27.1 Topology Figure 27-1: BGP/MPLS VPN 27.2 Configuration steps 27.2.1 CE1 (DUT1) D

CanogaOS Configuration Guide27-2DUT#configure terminal Enter the Configure mode. DUT(config)# ip route 9.9.9.0/24 2.2.2.2 Add a static route 9.9.9.

CanogaOS Configuration Guide27-3DUT#configure terminal Enter the Configure mode. DUT(config-if) # ip address 10.10.10.10/32 Configure IP address to

CanogaOS Configuration Guide27-4DUT#configure terminal Enter the Configure mode. DUT(config-router)# address-family vpnv4 unicast Enter vpnv4 addres

CanogaOS Configuration Guide27-5DUT#configure terminal Enter the Configure mode. DUT(config)#interface eth-0-9 Specify the interface (eth-0-9)to be

CanogaOS Configuration Guide27-627.2.5 C DUT#configure terminal Enter the Configure mode. DUT(config)#interface eth-0-1 Specify the interface (eth-

CanogaOS Configuration Guide27-7 Owner: BGP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 5, owner: BGP, out intf: et

CanogaOS Configuration Guide27-8 K> 400 -1 N/A 0.0.0.0 0.0.0.0/0 1

CanogaOS Configuration Guide 2-1 2 Configuring Static Link Aggregation 2.1 Overview This chapter contains a complete sample static Link Aggregatio

CanogaOS Configuration Guide28-128 Configuring VPWS 28.1 Overview This chapter describes how to configure VPWS. The MPLS Layer-2 Virtual Circuit is

CanogaOS Configuration Guide28-228.2.2 Configuring the VPWS on PE2 Command Description DUT1#configure terminal Enter the Configure mode. DUT1(confi

CanogaOS Configuration Guide28-3 DUT1#show mpls vc-table VC-ID In Intf Out Intf In Label Out Label EndPoint Status Manual 200 eth-

CanogaOS Configuration Guide 28-4Command Description DUT1(config-if)# exit Exit the Interface mode. DUT1(config)# interface loopback 0 Enter the In

CanogaOS Configuration Guide 29-129 Configuring VPLS 29.1 Overview This chapter describes how to configure VPLS. Virtual Private LAN Service (V

CanogaOS Configuration Guide29-2Command Description DUT1(config)#router rip Enter the router-rip mode DUT1(config-router)#network 11.11.1.1/16 Asso

CanogaOS Configuration Guide29-3Command Description DUT1(config)# router ldp Enter the router-ldp mode. DUT1(config-router)#transport-address 11.1

CanogaOS Configuration Guide29-4Command Description DUT1#configure terminal Enter the Configure mode. DUT1(config)#interface eth-0-17 Enter the Int

CanogaOS Configuration Guide29-5Command Description DUT1(config-if)#mpls-vpls v3 Bind an interface to a VPLS instance. DUT1(config-if)#exit Exit th

CanogaOS Configuration Guide29-629.2.5 Validation Commands Use the show ldp session and the show mpls vpls mesh commands respectively to display comp

CanogaOS Configuration Guide 2-2 DUT1#configure terminal Enter the Configure mode. DUT1(config-if)#static-channel-group 1 Add this interface to

CanogaOS Configuration Guide 29-7Command Description DUT1#configure terminal Enter the Configure mode. DUT1(config)#interface eth-0-2 Enter the Int

CanogaOS Configuration Guide29-829.3.2 Configuring the VPLS on PE2 Command Description DUT1#configure terminal Enter the Configure mode. DUT1(confi

CanogaOS Configuration Guide29-929.3.3 Configuring the VPLS on PE3 Command Description DUT1#configure terminal Enter the Configure mode. DUT1(confi

CanogaOS Configuration Guide29-10Command Description DUT1(config)#no switchport Configure the port to layer 3 port. DUT1(config-if)#ip address 12.12

CanogaOS Configuration Guide30-130 Configuring MPLS OAM 30.1 Overview This chapter contains configuration for MPLS Operations, Administration and Man

CanogaOS Configuration Guide30-230.2.2 Configurations on PE2 Command Description DUT1#configure terminal Enter the Configure mode. DUT1(config)#int

CanogaOS Configuration Guide30-3Command Description DUT1(config-if)#ip address 4.4.4.1/24 Create IP address on the port. DUT1(config-if)#exit Exit

CanogaOS Configuration Guide 30-4mpls ipv4 and traceroute mpls ipv4 on PE1. DUT1# show ldp session Peer IP Address IF Name My Role State

CanogaOS Configuration Guide30-5Command Description • loopback0—Specify the loopback interface name. DUT1(config-if)#ip address 10.10.10.10/32 Crea

CanogaOS Configuration Guide30-6Command Description DUT1(config-if)#exit Exit the Interface mode. DUT1(config)# router ldp Enter the router-ldp m

CanogaOS Configuration Guide 2-3 DUT2#configure terminal Enter the Configure mode. DUT2(config-if)#static-channel-group 1 Add this interface to

CanogaOS Configuration Guide30-7Command Description DUT1(config)#interface eth-0-9 Enter the Interface mode. • eth-0-9—Specify the interface DUT1(c

CanogaOS Configuration Guide 30-8DUT1# ping mpls l2-circuit 100 source 10.10.10.10 Sending 5 MPLS Echos to VC Id : 100, timeout is 5 seconds Codes:

CanogaOS Configuration Guide 30-9Command Description routing table DUT1(config-vrf)#rd 1:100 Assign a route distinguisher (RD) for the VRF. DUT1(con

CanogaOS Configuration Guide 30-10 Command Description DUT1(config-router-af)#neighbor 11.11.11.11 send-community both Specify that a community attri

CanogaOS Configuration Guide30-11Command Description • eth-0-17—Specify the interface DUT1(config-if)#no switchport Configure the port to layer 3

CanogaOS Configuration Guide 30-12Command Description DUT1(config-router)# transport-address 11.11.11.11 Configure Transport Address in LDP. DUT1(co

CanogaOS Configuration Guide 30-13Command Description activate a neighboring router. DUT1(config-router-af)# neighbor 10.10.10.10 send-community

CanogaOS Configuration Guide31-131 Configuring QoS 31.1 Overview Quality of Service (QoS) can be used to give certain traffic priority over other tr

CanogaOS Configuration Guide 31-2Other frame types cannot carry Layer-2 CoS values. CoS values range from 0 to 7 and 7 is the highest priority. DSCP

CanogaOS Configuration Guide 31-3The policer limits the bandwidth consumed by a traffic flow. The result is given to the marker. There are two types

CanogaOS Configuration Guide 3-13 Configuring LACP 3.1 Overview This chapter contains a complete sample Link Aggregation Control Protocol (LACP) conf

CanogaOS Configuration Guide 31-4drops more packets from large users than small. Therefore, sources that generate the most traffic are more likely to

CanogaOS Configuration Guide 31-5Mapping Tables During QoS processing, the switch represents the priority of all traffic (including non-IP traffic) w

CanogaOS Configuration Guide 31-6Tail drop is the default congestion-avoidance technique on every egress queue. With tail drop, packets are queued

CanogaOS Configuration Guide 31-7 The following shows mapping queue to different class and configuring bandwidth. Follow these steps from Privil

CanogaOS Configuration Guide 31-8 Queue shaping All the traffic in the egress queue can be shaped, and all the exceeding traffic will be buffered. If

CanogaOS Configuration Guide 31-9configuration Guide • class-map (match-any|match-all) NAME to create a class map. match-any = Use the match

CanogaOS Configuration Guide 31-10Note: There can be only one policy map per interface per direction. Note: The no policy-map command deletes an exis

CanogaOS Configuration Guide 31-11ingress interface. DUT(config)# ip access-list ip-acl1 DUT(config-ip-acl)# permit any 10.1.0.0 0.0.255.255 any DUT

CanogaOS Configuration Guide 31-12DUT(config)# qos map ip-prec-pri-color ip-prec 1 to 63 green DUT(config)# interface eth-0-1 DUT(config-if)# trust c

CanogaOS Configuration Guide 31-13a new DSCP from the internal priority color value in egress; This map is used if two domains have different DSCP de

CanogaOS Configuration Guide 3-2 DUT1#configure terminal Enter the Configure mode. DUT1(config-if)#exit Exit the Interface mode and enter the Conf

CanogaOS Configuration Guide 31-14 The number of class on interface: 4 Strict priority class ID: 3 2 1 0 The number of egress queue: 8

CanogaOS Configuration Guide 31-15 DSCP : 40 41 42 43 44 45 46 47 priority: 40 41 42 43 44

CanogaOS Configuration Guide 31-16 32 | 4 4 4 4 33 | 4 4 4 4 34 | 4

CanogaOS Configuration Guide 31-17 25 | 25 25 25 25 26 | 26 26 26 26 27 | 27

CanogaOS Configuration Guide 32-132 Configuring Hierarchical QoS 32.1 Overview The switch supports a hierarchical QoS configuration that is applied

CanogaOS Configuration Guide 32-2The queue-rate command in both SAP egress policy and network egress policy controls the class-level bandwidth limit

CanogaOS Configuration Guide 32-3In this example, we show how to configure hierarchical QoS. As shown in the following figure, two customers, EVC-A

CanogaOS Configuration Guide 32-4Command Description DUT(config-sap-egress)#total-rate 8000 Configure aggregate downlink bandwidth for EVC-B. DUT(co

CanogaOS Configuration Guide 32-532.4 Validation Commands QoS SAP egress policy & QoS network egress policy information The show qos sap-egress

CanogaOS Configuration Guide 32-6 Transmit 0 packets, 0 bytes Drop 0 packets, 0 bytes Queue 2 Tail drop mode Tail drop thre

CanogaOS Configuration Guide 3-3 DUT2#configure terminal Enter the Configure mode. DUT2(config-if)#no shutdown Enable the interface. DUT2(config-

CanogaOS Configuration Guide 33-133 Configuring ACL 33.1 Overview Access control lists (ACLs) classify traffic with the same characteristics. The A

CanogaOS Configuration Guide 33-2 Figure 33-1: ACL ACL details DUT#configure terminal Enter configuration mode DUT (config)#mac access-list mac

CanogaOS Configuration Guide 33-3DUT#configure terminal Enter configuration mode DUT(config-if)#ipv6 access-group ipv6 in Apply IPv6 ACL ipv6 on in

CanogaOS Configuration Guide 34-1 34 Configuring Port Security 34.1 Overview Port security feature is used to limit the number of “secure” MAC add

CanogaOS Configuration Guide 34-2 eth-0-1 3 2 discard-silence DUT1#show port-security address-table

CanogaOS Configuration Guide 35-135 Configuring Storm Control 35.1 Overview Storm control prevents traffic on a LAN from being disrupted by a broad

CanogaOS Configuration Guide 35-235.4 Configuring Packets per second Storm control 35.4.1 Topology Figure 35-2: PPS Storm Control 35.4.2 Configurat

CanogaOS Configuration Guide 3

CanogaOSS Configuration Guide36-136 Configuring DHCP 36.1 Configuration DHCP Relay 36.1.1 Overview DHCP relay agent is any host that forwards DHCP

CanogaOS Configuration Guide 36-2 Linux boxes and one Switch to construct the test bed. Computer A is used as DHCP server. Computer B is used as DH

CanogaOS Configuration Guide4-14 Configuring VLAN CLASSIFICATION 4.1 Overview VLAN classification is used to define specific rules for directing pack

CanogaOS Configuration Guide 36-3 ip address 5.5.5.2/24 ! Check the dhcp service status DUT#show services Networking services configuration: Servi

CanogaOS Configuration Guide 36-436.2.2 Topology Figure 36-2: DHCP Snooping This figure is the networking topology for testing DHCP snooping functio

CanogaOS Configuration Guide 36-5DUT(config)#dhcp snooping information option Enable DHCP option-82 data insertion. DUT(config)#dhcp snoo

CanogaOS Configuration Guide37-137 Configuring ARP Inspection 37.1 Overview ARP inspection is a security feature that validates ARP packets in a ne

CanogaOS Configuration Guide 37-2 Figure 37-1: ARP Inspection This figure is the networking topology for testing ARP Inspection functions. 37.4 Conf

CanogaOS Configuration Guide 37-3DUT(config)#interface eth-0-1 Enter the Interface Configure mode and begin to configure port eth-0-1. DUT(conf

CanogaOS Configuration Guide 38-138 Configuring IP Source Guard 38.1 Overview IP source guard prevents IP spoofing by allowing only the IP ad

CanogaOS Configuration Guide 38-238.3 Topology Figure 38-1: IP Source Guard This figure is the networking topology for testing IP source guard

CanogaOS Configuration Guide 38-3 Check the config of interface eth-0-16 DUT#show running-config interface eth-0-16 ! interface eth-0-16 i

CanogaOS Configuration Guide 4

CanogaOS Configuration Guide4-2“show vlan classifier group” command displays all vlan classification groups, “show vlan classifier rule” command disp

CanogaOS Configuration Guide39-139 Configuring IEEE 802.1x 39.1 Overview The IEEE 802.1x standard defines a client-server-based access control and

CanogaOS Configuration Guide 39-2and the authentication server must support EAP within the native frame format. When the switch receives frames from

CanogaOS Configuration Guide 39-3RADIUS serverEAPOLClientEAPOREAPOL-StartEAP-Request/identityEAP-Response/identityRADIUS Aceess-RequestRADIUS A

CanogaOS Configuration Guide 39-4 • force-authorized: disables IEEE 802.1x authentication and causes the port to transition to the authoriz

CanogaOS Configuration Guide 39-5authorized state or 802.1x disabled on this port. Default 802.1x Configuration Feature Default setting RADIUS ser

CanogaOS Configuration Guide 39-6 Figure 39-2: 802.1X Authentication In this example, the Radius Server keeps the Client information, validating the

CanogaOS Configuration Guide 39-7address. If two different host entries on the same RADIUS server are configured for the same service—for example, a

CanogaOS Configuration Guide 40-140 Configuring Radius Authentication 40.1 Overview Authentication verifies users before they are allowed access

CanogaOS Configuration Guide 40-2For Centec Switch Step 1: login into the Centec Switch system and enter into configuration mode DUT1#configure termi

CanogaOS Configuration Guide 40-3Step 4: you can use command show rsa keys in SSH server. DUT1#show aaa method-lists authentication authen

CanogaOS Configuration Guide 4-3 DUT#configure terminal Enter configuration mode port. DUT(config-if)#interface eth-0-3 Enter the interface mode. D

CanogaOS Configuration Guide 41-141 Configuring Secure Shell 41.1 Overview The Secure Shell (SSH) is a protocol that provides a secure, remote co

CanogaOS Configuration Guide 41-2DUT#configure terminal Enter the Configure mode. • Specify the number of times that a client can re-authenti

CanogaOS Configuration Guide 42-142 Configuring STM Switch Table Management (STM) is used to configure system resources in the switch to optimize

CanogaOS Configuration Guide 43-143 Configuring System Time and Date If no other source of time is available, you can manually configur

CanogaOS Configuration Guide 43-2To set the time to UTC, use the no clock set timezone global configuration command. 43.4 Validation Comman

CanogaOS Configuration Guide 44-144 Configuring System Image This section describes how to archive (download and upload) software

CanogaOS Configuration Guide 44-2DUT#copy tftp://10.10.10.163/uImage.bin flash:/boot/uImage.bin Get a system image file from remote TFTP server. DU

CanogaOS Configuration Guide 44-3DUT#configure terminal Enter global configuration mode. DUT#copy ftp://test:[email protected]/uImage.bin flash:/b

CanogaOS Configuration Guide 45-145 Configuring User Management User management increases the security of the system by keeping the unauthorized us

CanogaOS Configuration Guide 45-2This is a sample output from the command displaying how to set high level of cipher detect on the switch: DUT(conf

CanogaOS Configuration Guide 5-15 Configuring VLAN 5.1 Overview VLAN (Virtual Local Area Network) is a switched network that is logically segmented t

CanogaOS Configuration Guide45-345.3 Configuring the enable password The enable password controls access to the privileged EXEC mode. To set the ena

CanogaOS Configuration Guide 45-4DUT#show users Line User Host(s) Idle Location 0 con 0 ccc idle 18:41:28

CanogaOS Configuration Guide 46-146 Configuring File Management Creating configuration files can aid in your switch configuration. Configuration file

CanogaOS Configuration Guide Page 46-2Beginning in privileged EXEC mode, follow these steps to upload a configuration file to a TFTP server: DUT#co

CanogaOS Configuration Guide 46-346.3.3 Uploading a configuration file by using FTP You can upload a configuration file from the switch to an FTP ser

CanogaOS Configuration Guide 47-147 Configuring Mirror This chapter describes how to configure mirror on your switch. 47.1 Terminology The followi

CanogaOS Configuration Guide 47-2packets. Source Port A source port (also called a monitored port) is a switched or routed port that you monitor f

CanogaOS Configuration Guide 47-3 Figure 47-1: Mirror Only traffic that enters or leaves source ports or traffic that enters source VLANs can be mo

CanogaOS Configuration Guide 5-2 Figure 5-1: VLAN Tagged Frame Trunk Link Both tagged and untagged frames can be transmitted on this link. Trunk link

CANOGA PERKINS CORPORATION 20600 Prairie Street Chatsworth, California 91311-6008 USA Phone: (818) 718-6300 FAX: (818) 718-6312 Web Site: www.canog

CanogaOS Configuration Guide 5-3DUT#configure terminal Enter the Configure mode. DUT#show vlan brief Display vlan’s configurations. DUT#show interf

NOTICE Canoga Perkins has prepared this manual for use by customers and Canoga Perkins personnel as a guide for the proper installation, operation an

CanogaOS Configuration Guide 5-4DUT#configure terminal Enter the Configure mode. DUT(config-vlan)#vlan 10,20 Create VLAN 10,20 DUT(config-vlan)#exi

CanogaOS Configuration Guide 5-55.5.3 Validation Commands Bridge 1 DUT#show interface switchport Interface name : eth-0-1 Switchport mode

CanogaOS Configuration Guide5-6 eth-0-22(u) eth-0-23(u) 10 VLAN0010 ACTIVE 0 Di

CanogaOS Configuration Guide6-16 Configuring MAC Address Table 6.1 Overview MAC address table contains address information for the switch to forward

CanogaOS Configuration Guide 6-2 DUT#configure terminal Enter the Configure mode. DUT#show mac address-table ageing-time Display address aging time

CanogaOS Configuration Guide6-36.6.2 Configurations Bridge 1 DUT#configure terminal Enter the Configure mode. DUT(config)#mac-address-table 0100.000

CanogaOS Configuration Guide6-4

CanogaOS Configuration Guide7-1 7 Configuring RSTP/STP 7.1 Overview Spanning Tree Protocol (STP, IEEE 802.1D-1998) is a Layer 2 link-management proto

CanogaOS Configuration Guide 7-2 7.4 Configurations Bridge1 DUT# configure terminal Enter the Configure mode. DUT(config)# spanning-tree mode rstp

CanogaOS Configuration Guide7-3DUT# configure terminal Enter the Configure mode. is 32768. DUT(config)# interface eth-0-1 Specify the interface (et

CanogaOS Configuration Guide7-4 Aging Time 300 sec Interface Role State Cost Priority.Number Type ------------

CanogaOS Configuration Guide8-18 Configuring MSTP 8.1 Overview The MSTP (Multiple Spanning Tree Algorithm and Protocol (IEEE 802.1Q-2005)) enables mu

CanogaOS Configuration Guide8-2DUT# configure terminal Enter the Configure mode. DUT(config)# spanning-tree mode mstp Configure a spanning-tree mod

CanogaOS Configuration Guide8-3DUT# configure terminal Enter the Configure mode. DUT(config-if)# switchport trunk allowed vlan all Configure vlans

CanogaOS Configuration Guide8-4 Aging Time 300 sec Interface Role State Cost Priority.Number Type -----

CanogaOS Configuration Guide8-5 Interface Role State Cost Priority.Number Type --------------------------------------

CanogaOS Configuration Guide 8-6 ------------------------------------- eth-0-9 Designated Forwarding 20000 128.9 P2p e

CanogaOS Configuration Guide 9-1 9 Configuring ERPS 9.1 Overview ERPS technology increases the availability and robustness of Ethernet rings. In the

CanogaOS Configuration Guide9-2• Native VLAN of a port accessing an ERPS ring must not be set as the primary control VLAN or the secondary control V

CanogaOS Configuration Guide9-3DUT(config) # interface eth-0-9 Enter the Interface mode. DUT(config-if) # static-channel-group 11 Add this interfac

CanogaOS Configuration Guidei Table of Content 1 Configuring Interface...

CanogaOS Configuration Guide9-4 DUT(config) # interface eth-0-9 Enter the Interface mode. DUT(config-vlan) # exit Exit the interface mode and enter

CanogaOS Configuration Guide9-5 DUT(config) # interface eth-0-17 Enter the Interface mode. DUT(config-if)#switchport mode trunk Set the switching c

CanogaOS Configuration Guide 9-6ERPS domain sub control VLAN ID: 0 ERPS domain hello timer interval: 1 second(s) ERPS domain fail timer interval: 3 s

CanogaOS Configuration Guide 9-79.4.1 Topology eth-0-9Switch 1(M)Switch 2(E)Switch 3(A-E)Switch 4(M)eth-0-9eth-0-13eth-0-13eth-0-20 eth-0-20eth-0-13e

CanogaOS Configuration Guide 9-8 DUT(config) # interface eth-0-13 Enter the Interface mode. DUT(config-if)#switchport mode trunk Set the switching

CanogaOS Configuration Guide 9-9 DUT(config) # interface eth-0-20 Enter the Interface mode. 11,12 DUT(config-vlan) # exit Exit the interface mode

CanogaOS Configuration Guide 9-10 DUT(config) # interface eth-0-9 Enter the Interface mode. DUT(config-if)#switchport mode trunk Set the switchin

CanogaOS Configuration Guide 9-11 Switch 4 Create VLANs for transferring ERPS control packets DUT# configure terminal Enter the configure mode. DUT

CanogaOS Configuration Guide 9-12 ERPS domain fail timer interval: 3 second(s) ERPS ring ID: 1 ERPS ring level: primary ERPS ring 1 node mode: master

CanogaOS Configuration Guide 9-13 ERPS ring ID: 2 ERPS ring level: sub ERPS ring 2 node mode: master ERPS ring 2 node state: complete ERPS ring 2 pri

CanogaOS Configuration Guide ii6.4.2 Configurations ...6-1 6.4.3

CanogaOS Configuration Guide 9-14 9.5.2 Configurations Switch 1 Create VLANs for transferring ERPS control packets DUT# configure terminal Enter th

CanogaOS Configuration Guide 9-15 DUT# configure terminal Enter the configure mode. DUT(config-vlan) # exit Exit the vlan mode and enter the Confi

CanogaOS Configuration Guide 9-16DUT(config) # erps 1 Create erps domain with id 1. DUT(config) # erps 2 ring 1 mode transit Set node as transit of

CanogaOS Configuration Guide 9-17DUT(config) # erps 1 Create erps domain with id 1. DUT(config) # erps 1 primary control vlan 11 Set vlan 11 as the

CanogaOS Configuration Guide 9-18 DUT(config) # interface eth-0-13 Enter the Interface mode. DUT(config-vlan) # exit Exit the interface mode and

CanogaOS Configuration Guide 9-19 ERPS domain fail timer interval: 3 second(s) ERPS ring ID: 1 ERPS ring level: primary ERPS ring 1 node mode: transi

CanogaOS Configuration Guide 10-1 10 Configuring 802.1q tunneling and Layer2 protocol Tunneling Tunneling is a feature designed for service provid

CanogaOS Configuration Guide 10-2 Figure 10-1: 802.1q Topology When the packet enters the trunk port of the service-provider egress switch,

CanogaOS Configuration Guide10-3Two types of 802.1q tunneling are supported: basic 802.1Q tunneling and selective 802.1Q tunneling. 10.2 Basic 802.1

CanogaOS Configuration Guide10-4DUT1#configure terminal Enter the Configure mode. DUT1(config)# vlan mapping table vm Create vlan mapping table vm

CanogaOS Configuration Guideiii10.5 Understanding layer2 protocol tunneling ...10-5 10.6 Layer2 proto

CanogaOS Configuration Guide 10-510.5 Understanding layer2 protocol tunneling Customers at different sites connected across a service-provider netwo

CanogaOS Configuration Guide11-111 Configuring CFM This chapter contains a complete sample Connectivity Fault Management (CFM) Protocol configurat

CanogaOS Configuration Guide 11-211.3 Topology Figure 11-1: CFM Topology 11.4 Configurations Bridge1 DUT# configure terminal Enter the Configure mo

CanogaOS Configuration Guide11-3DUT# configure terminal Enter the Configure mode. DUT (config)#ethernet cfm enable Enable CFM globally. DUT (config

CanogaOS Configuration Guide 11-4DUT# configure terminal Enter the Configure mode. DUT(config-if)# switchport mode trunk Set the switching characte

CanogaOS Configuration Guide 11-5DUT# configure terminal Enter the Configure mode. (MEP). DUT (config-if)# no shutdown Bring up the interface. DUT

CanogaOS Configuration Guide11-6DUT# configure terminal Enter the Configure mode. DUT (config-if)#exit Exit the Interface mode DUT (config)#etherne

CanogaOS Configuration Guide11-7------------------------------- TTL : 61 Fowarded : False Terminal MEP : True Re

CanogaOS Configuration Guide12-112 Configuring EFM OAM This chapter contains a complete sample EFM OAM configuration. To see details on the command

CanogaOS Configuration Guide 12-2 DUT# configure terminal Enter the Configure mode. DUT(config)#interface eth-0-9 Specify the interface (eth-0-9)to

CanogaOS Configuration Guideiv17.3 Basic OSPF Parameters Configuration ...17-1 17.4 Enabling OSPF o

CanogaOS Configuration Guide12-3normal operating state for OAM on fully operational links. FAULT If OAM is reset, disabled, or the link timer expire

CanogaOS Configuration Guide 12-412.5 Remote Loopback Configuration We must enable Ethernet OAM remote loopback on an interface for the local OAM c

CanogaOS Configuration Guide13-2 ICMP error messages limited to one every 1000 milliseconds ICMP redirects are always sent ARP timeout 01:00:00,

CanogaOS Configuration Guide 12-6 12.7 Remote Failure Detection Configuration An error-disable action can be configured to occur on an interface so

CanogaOS Configuration Guide 13-113 Configuring Layer3 Interfaces 13.1 Overview 3 types of Layer3 interface are supported: • VLAN interfaces: You s

CanogaOS Configuration Guide13-2 ICMP error messages limited to one every 1000 milliseconds ICMP redirects are always sent ARP timeout 01:00:00,

CanogaOS Configuration Guide 13-3 ICMP error messages limited to one every 1000 milliseconds ICMP redirects are always sent ARP timeout 01:00:00

CanogaOS Configuration Guide14-114 Configuring ARP 14.1 Overview The Address Resolution Protocol (ARP) is a protocol used to dynamically map between

CanogaOS Configuration Guide 14-2 14.3 Validation commands Verify the arp entries DUT#show ip arp Protocol Address Age (min) Hardware Ad

CanogaOS Configuration Guide 15-115 Configuring IP Unicast-Routing This chapter contains basic IPUC configuration examples. To see details on the c

CanogaOS Configuration Guide v21.3 Configuring VRRP TRACK...21-4 22 Configuring

CanogaOS Configuration Guide 15-2DUT# configure terminal Enter the Configure mode 32-bit mask, making it a host address. DUT(config-if) # exit Exit

CanogaOS Configuration Guide 16-116 Configuring RIP 16.1 Overview Routing Information Protocol (RIP) is an IP route exchange protocol that uses a di

CanogaOS Configuration Guide 16-2 DUT# configure terminal Enter the Configure mode. DUT(config-router)#network 10.10.11.0/24 Associate networks with

CanogaOS Configuration Guide 16-3 Names of Commands Used ip rip send version, ip rip receive version Validation Commands show ip rip, show running

CanogaOS Configuration Guide 16-416.5 Changing the Administrative Distance By default, RIP assigns the default RIP administrative distance (120) to

CanogaOS Configuration Guide 16-516.7 Configuring Split-horizon Parameters Normally, routers that are connected to broadcast-type IP networks and th

CanogaOS Configuration Guide 16-616.9 Configuring RIP Route Distribute Filters A RIP distribute list allows you to permit or deny learning or advert

CanogaOS Configuration Guide 16-7 DUT# configure terminal Enter the Configure mode. DUT(config-if)# ip rip authentication mode md5 Specify the aut

CanogaOS Configuration Guide 16-8Figure 16-5: RIPv2 MD5 authentication R1 DUT# configure terminal Enter the Configure mode.

CanogaOS Configuration Guide 16-9DUT# configure terminal Enter the Configure mode. DUT(config-router)# exit Quit the Router mode and return to the