ProCurve Secure Router 7000dl Series December 2005 J04_01 Basic Management and Configuration Guide...
Page 2
5991-3785 December 2005 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an Applicable Products additional warranty.
Page 7
Configuring AAA for Authentication ......2-16 Creating a Named List for the Enable Mode Authentication ......... 2-16 Creating a Named List for User Authentication .
Page 14
Defining the ATM Encapsulation ......7-20 Assigning the ATM Subinterface an IP Address ....7-20 OAM Settings .
Page 15
Clear a PPPoE Connection ....... 7-52 debug pppoe client Command ......7-52 Troubleshooting the PPP Link Establishment Process .
Page 16
Associating a Resource Pool with the Demand Interface ..8-30 Defining the Connect Sequence ......8-30 Specify the Order in Which Connect Sequences Are Used .
Page 30
Overview Contents Managing Configuration Files Using a Text Editor ....1-73 Creating and Transferring Configuration Files ....1-75 Configuration File Transfer Using the Console Port .
Overview Using This Guide Using This Guide The ProCurve Secure Router Management and Configuration Guide describes how to use the ProCurve Secure Router 7000 series in a network environment. Specifically, it focuses on two models: ProCurve Secure Router 7102dl ProCurve Secure Router 7203dl This guide describes how to use the command line interface (CLI) and the Web browser interface to configure, manage, monitor, and troubleshoot basic router operation.
Overview Using This Guide Square brackets ( [ ] ) are used in two ways: • They enclose a set of options. When entering the command, you select one option from the set. For example, in the second command shown above, you would enter any or host ...
Overview Using This Guide IP Address Notation Convention You must sometimes enter an IP address or addresses as part of a command. For example, you might need to assign an IP address to a logical interface on the ProCurve Secure Router, or you might need to enter an IP address to be filtered by an ACL.
Overview Using This Guide When the document file opens, click the disk icon in the Acrobat® toolbar and save a copy of the file. Click Product Manuals Figure 1-1. The ProCurve Technical Support Web Page Downloading Software Updates ProCurve Networking periodically updates the router software to include new features.
Overview Using This Guide Step 2 Step 3 Figure 1-2. Downloading Software Updates Release notes are included with the software updates and provide information about: new features and how to configure and use them software management, including downloading the new software to the router software fixes addressed in current and previous releases...
Overview Interface Management Options Interface Management Options The ProCurve Secure Router includes two management interfaces: the com- mand line interface (CLI) and the Web browser interface. To initially access the CLI, connect the COM port on your workstation to the console port on the front panel of the router.
Overview Interface Management Options Figure 1-3. Configuring ACPs Using the Web Browser Interface Accessing the Web Browser Interface To access the Web browser interface, you must first establish a CLI session and configure at least one interface through which you can establish an HTTP session with the router.
Overview Interface Management Options Using the ProCurve Web Browser Interface The ProCurve Web browser interface is organized into the following sections: System Router/Bridge Firewall Utilities The System section of the interface contains general router functions. In this section, you can: configure WAN and LAN connections configure IP services enable the Dynamic Host Configuration Protocol (DHCP) and Domain...
Overview Hardware Overview router’s current OS and upload any necessary upgrades. You can click Reboot and restart the router, and you can also set up a Telnet session by clicking Telnet to Unit. N o t e In the CLI, boot and configuration files are referred to as software. In the Web browser interface, the boot and configuration files are called firmware.
Overview Hardware Overview Console Port Figure 1-4. Connecting to the Console Port Ethernet Ports Because the two Ethernet ports are not modular, they are assigned a fixed slot and port number. For interface notation purposes, these ports are labeled Eth 0/1 and Eth 0/2.
Page 41
Overview Hardware Overview Slot 2 Slot 1 Figure 1-6. Two Narrow Slots Each slot can house one of the ten narrow modules available for WAN connections. (See Table 1-1.) Table 1-1. Narrow Slot Modules Module Type of Module Explanation E1 modules: E1 module with integrated DSU supports E1-carrier lines when the service provider does not provide an external DSU...
Overview Hardware Overview N o t e For information on these or additional modules, please check the ProCurve Web site at www.procurve.com. Click on Products & Solutions in the left bar, then click on Secure Router 7000dl series under WAN. E1 and T1 Modules E-carrier lines are used in Europe, Asia, Australia, and South America.
Page 43
Overview Hardware Overview Figure 1-7. E1 Modules T1 Modules. If you are leasing a T1-carrier line and the public carrier does not provide a CSU/DSU, you will need to purchase one of the three narrow slot T1 modules, which include a built-in CSU/DSU. (See Figure 1-8.) Select: a one-port T1 module, which supports a full T1-carrier line (24 channels or 1.544 Mbps) a two-port T1 module, which provides 1.544 Mbps on each interface (3.088...
Overview Hardware Overview Figure 1-9. Serial Module ADSL2+ Annex A or Annex B Module. The ADSL2+ modules provide bandwidth up to 25 Mbps downstream and 1.544 Mbps upstream. Because ADSL also supports analog voice on the local loop, existing telephone equip- ment and fax machines can continue to carry traffic on the same line.
Overview Hardware Overview Figure 1-11. ISDN BRI Modules Backup Modules A backup connection protects a company’s WAN operations against system failure. Three types of backup modules are available for the ProCurve Secure Router: ISDN BRI S/T backup module for use outside of North America—supports a 64 Kbps backup call or a bonded 128 Kbps call ISDN BRI U backup module for use in the US and Canada—supports a 64 Kbps backup call or a bonded 128 Kbps call...
Overview Hardware Overview Figure 1-12. Installing a Backup Module on Top of a Narrow Slot Module Each backup module can be used to back up any WAN connection on the router, no matter where the backup module is housed. Wide-Slot Option Modules The ProCurve Secure Router 7203dl includes a third, wide-module slot.
Page 47
Overview Hardware Overview E1/T1 Toggle Switch Figure 1-13. E1/T1 Toggle Switch N o t e Although the ProCurve Secure Router 7203dl can support up to 12 E1 or T1 lines, the router only supports enough throughput for up to 8 E1 or T1 lines. You can configure each of the eight ports independently with separate clock sources, frame formats, and other specifications.
Overview Hardware Overview Figure 1-15. The Eight-port T1/E1 Serial Module Interface Numbering Conventions When configuring a WAN connection, you will need to specify the slot and port of the physical interface that is providing the connection. The syntax for specifying a physical interface is /. Replace ...
Overview Hardware Overview Status LEDs ProCurve Secure Routers feature LEDs on the front panel to provide informa- tion about the condition of the router itself and of the modules you have installed. This section describes how to interpret these LEDs. Power LED The power LED indicates the router’s power status.
Overview Hardware Overview LEDs for Slots 1 and 2 Both the ProCurve Secure Router 7102dl and 7203dl have two columns of LEDs that report information about the modules installed in the narrow slots. As you would expect, column 1 reports information about the module in slot 1, and column 2 reports information about the module in slot 2.
Overview Hardware Overview Backup LEDs The second LED in each column reports the status of the backup module, if a backup module is installed. The LED in the first column corresponds to the backup module in slot one, and the LED in the second column corresponds to the module in slot two.
Overview Hardware Overview Slot 3 LEDs Figure 1-18. On the ProCurve Secure Router 7203dl, the Third Column LEDs Report on the Wide Module. Status LED The first LED reports on the status of the wide module, indicating whether the wide module is installed and functional. No light—The module has not been installed or none of the interface ports have been activated.
Overview Hardware Overview Link LED Activity LED Figure 1-19. LEDs for Ethernet Interfaces Activity LEDs Activity LEDs signal data transfer between the LAN and the router. No light—The Ethernet connection is inactive. Flashing yellow—The link is currently transmitting or receiving data. Link LEDs Link LEDs signal whether or not the router recognizes a valid connection to a LAN.
Overview Hardware Overview Slot for the IPSec VPN module Figure 1-20. IPSec VPN Module To protect your network from security breaches through the Internet, the ProCurve Secure Router establishes secure VPN tunnels using the industry- standard IP Security (IPSec) protocol. The IPSec VPN module enables the software that supports the IPSec protocols and relieves the CPU of the overhead associated with processing the encryption algorithms.
Overview Hardware Overview Redundant Power Source The RPS outlet on the back panel of the ProCurve Secure Router 7203dl provides increased router reliability for mission-critical applications. (See Figure 1-22.) The RPS slot can be used with the ProCurve 600 Redundant External Power Supply.
Overview Software Overview Software Overview To manage your ProCurve Secure Router, you must understand basic router operations, including how the router uses: Secure Router OS (SROS) boot code SROS software the startup-config the running-config Further, you must understand how the Secure Router OS is organized so that you can properly configure the router and enable safeguards to protect the router from unauthorized access.
Page 57
Overview Software Overview The boot process begins when you power up the ProCurve Secure Router or manually reload it. It proceeds as follows: The router first loads the SROS boot software (which has been set through the copy boot command). The router then searches compact flash for the SROS.BIZ file, which contains the Secure Router OS software.
Overview Software Overview Setting Up a Compact Flash Card From Which to Boot the Router Newly shipped ProCurve Secure routers have an internal flash that contains two SROS software files: J0X_0X.biz SROS.BIZ The SROS.BIZ and J0X_0X.biz files are identical. The J0X_0X.biz file reflects the version number of the software, such as J04_01.biz.
Overview Software Overview When the command is entered, the ProCurve Secure Router first tries to save these changes to a startup-config file on compact flash. If no compact flash card is inserted into the slot on the back panel, the router saves the changes to the startup-config file that is stored in internal flash.
Overview Software Overview This section introduces the different mode contexts and describes the types of commands you can enter in each one. (See Figure 1-24.) Session now available Press to get started Return Return Basic mode context ProCurve> enable Security modes ProCurve# Enable mode context configure terminal...
Overview Software Overview Basic Mode The basic mode allows restricted access to the router, providing only a limited number of commands. From this mode, you can view basic system informa- tion, verify some processes, and enter traceroute and ping commands. You do not have access to any of the options that allow you to configure the router.
Overview Software Overview Global Configuration Mode From the global configuration mode, you can make configuration changes that apply to the entire router and all interfaces. You can configure the system’s global parameters, such as the hostname, passwords, and banners. You can also set parameters for IP services such as DHCP and DNS.
Page 64
Overview Software Overview Router. You can configure dynamic routing protocols from the router con- figuration mode contexts. There are four router configuration modes: BGP, RIP, PIM-Sparse, and OSPF. To configure these protocols, move to the global configuration mode context and use this command: Syntax: router [bgp | ospf | pim-sparse | rip] For example, to configure RIP, enter: ProCurve(config)# router rip...
Overview Software Overview Commands Available in the Basic, Enable, or Global Configuration Mode Contexts The ProCurve Secure Router OS permits you to use certain commands only in specific modes. When you are managing the ProCurve Secure Router and you try to use a command that is not supported from the current mode context, you will receive an error message.
Overview Software Overview Logout Exit the current CLI session and return to the login screen. Syntax: logout Ping Send an ICMP echo to a specified destination. To send a default ping of 5 echoes, enter: Syntax: ping [ | ] When you begin sending ICMP echoes, the router displays a legend to describe the types of responses the router receives.
Overview Software Overview If you enter for the verbose option in the extended commands, the output reports the result of each ping with a description of the datagram size and the echo’s round-trip time. For example: Reply from 1.1.1.1: bytes = 100 time = 4 ms If you need to halt a ping operation, press Ctrl+C N o t e...
Overview Software Overview Option Result show isdn-group [] lists the ISDN group configurations and member interfaces show lldp [ | device | interface | displays LLDP settings and information, including ] information on specific neighbors show memory heap [realtime] displays statistics for the router memory, including how much has been used and how much is available show modules...
Overview Software Overview Similar to the ping command, you can set extended options for tracing a route by entering traceroute and pressing without specifying the destination Enter address. Options include the source address at which the trace begins and the maximum number of hops.
Overview Software Overview Clear The enable mode context expands the options for the clear command. To view these options, enter: Syntax: clear ? Table 1-4 lists the clear command options available in the enable mode context. Table 1-4. Enable Mode Context clear Commands Option Result clear access-list...
Overview Software Overview Some examples of clear commands include the following: Syntax: clear ip policy-sessions This command clears all sessions established using the ACPs applied to router interfaces. Syntax: clear ip route [** | ] The ** option clears all routes learned through a routing protocol. Static routes are not affected.
Overview Software Overview Configure There are four options to this command: memory, network, overwrite- network, and terminal. The configure memory, configure network, and configure overwrite-network commands allow you to retrieve and apply a configuration file by saving the file as the router’s running-config. Using this command causes your router to immediately begin using the specified config- uration without rebooting the router.
Page 73
Overview Software Overview To save configuration changes while using the CLI, enter: Syntax: copy running-config [ | ] ProCurve# copy running-config startup-config Verify that the Done. Success! message is displayed, indicating that the copy process is complete. Table 1-5.
Page 74
Overview Software Overview Verify that the Percent Complete 100% message is displayed, indicating that the download is complete. The current configuration is now saved in compact flash with the specified filename. To save a configuration as a file on internal flash, enter the following from the enable mode context: ProCurve# copy ...
Overview Software Overview Debug Entering debug will display debug messages as packets arrive on the router. Debugging is useful when troubleshooting or testing your router’s operation. The Secure Router OS provides many debug commands, including options for most protocols and processes run on the router. For a list of debug commands, go to the enable mode context and enter: ProCurve# debug ? For example, you could debug the establishment of a PPP connection:...
Overview Software Overview Disable To leave the enable mode context, type disable. The Secure Router OS will return you to basic mode context. Erase The erase command is a file management command. Table 1-6 shows the erase command options. Syntax: erase [{cflash | flash} | startup-config | file-system cflash] Table 1-6.
Overview Software Overview Events The events command enables the Secure Router OS to display a notice to the CLI whenever an event occurs. This command is useful for troubleshooting, because it lets you immediately determine whether a connection is up and working properly.
Page 78
Overview Software Overview Option Result show configuration shows the startup configuration show connections lists all logical interface binds show crypto [ca | ike | ipsec | map] shows certificates and VPN configurations, such as IKE policies, transform sets, and crypto maps show debugging displays the active debugging switches show demand...
Page 79
Overview Software Overview Option Result show modules gives information on the router’s modules, including the type of module in each slot and the number of ports in each module show output-startup lists the startup-config error log show port-auth supplicant [interface | displays port authentication information summary] show pppoe...
Page 80
Overview Software Overview The verbose option is available for many show commands. This option displays all aspects of the item you are displaying. For example, the show running-config verbose command displays all the configurations currently running on your router, including default settings that have not been altered. The show interfaces command will display information on any of the router’s physical or logical interfaces.
Overview Software Overview -------------------------------------------------------------------- t1 1/1 is UP Receiver has no alarms T1 coding is B8ZS, framing is ESF Clock source is through t1 1/2, FDL type is ANSI Line build-out is 0dB No remote loopbacks, No network loopbacks Acceptance of remote loopback requests enabled Tx Alarm Enable: rai Last clearing of counters never loss of frame...
Overview Software Overview to the compact flash card, if present, as startup-config. Otherwise the running-config will be saved as startup-config on the router’s internal flash. write erase. This command erases the startup-config. If you have a compact flash card, the startup-config is erased from cflash. If you are running the AutoSynch feature, this command erases startup-config from both flash and compact flash.
Page 84
Overview Software Overview show dial-backup interfaces show dialin show frame-relay lmi show frame-relay pvc show ip bgp neighbors show ip bgp neighbor summary show ip ospf neighbor show ip ospf neighbor summary-add show ip route show bridge show spanning-tree show ip interfaces show connections show arp show ip traffic...
Overview Software Overview Updating the Boot Code When applying a new boot configuration file, enter boot as the destination of a copy command. This command copies a file to the boot sector. For example, if you are upgrading from J03_01.biz to J04_01.biz, you might enter: ProCurve# copy flash J04_01-boot.biz boot The resulting text explains that other router tasks will be halted while the boot code is upgraded.
Overview Software Overview Global Configuration Mode Commands From enable mode, access the global configuration mode context by entering configure terminal. It is from this mode context that you enter the commands to configure the router; most of the commands in the global configuration mode context are discussed in the various chapters included in this guide.
SNMP traps on individual interfaces. MIBs for the ProCurve SR 7000dl series routers are available at the ProCurve Web site. To download the MIBs, go to http://www.hp.com/rnd/software/ securerouters.htm and click the latest version of the SR 7000dl Router MIB File.
Page 88
Overview Software Overview After you enable SafeMode and set the time limit, a reload timer is activated for the Telnet and SSH access lines and begins to count down. You also set a threshold timer, which is shorter than the reload timer. When the threshold timer expires, a warning message is displayed in the CLI that allows you to reset the timer.
Page 89
Overview Software Overview After the countdown for the reload timer has begun, it continues until you either reset it by pressing , you disable it by entering no safe-mode, or Ctrl+R you exit out of the global configuration mode context. Use the no form of the command to disable SafeMode and the countdown timer: ProCurve(safe-config)# no safe-mode...
Overview Help Tools Help Tools The Secure Router OS features help tools, editing functions, and global commands to help you navigate through the Secure Router OS and configure and maintain your WAN. CLI Help Commands You can enter the character to display the available command syntax for any command in the CLI.
Page 91
Overview Help Tools Table 1-8. Keystrokes for Moving Around the CLI Editing Command Action Ctrl+P or up arrow recall the most recent command Ctrl+A move to the beginning of the line (Home) Ctrl+E move to the end of the line (End) Ctrl+F or right arrow move forward one character Ctrl+B or left arrow...
Overview Help Tools In the enable and configuration mode contexts, typing the word no before a command negates that command. For example, if you want to stop event notices from displaying to the CLI screen, enter no events. If you need to execute an enable mode command from a configuration mode context, type do before you enter the command.
Page 93
Overview Help Tools The ProCurve Secure Router automatically enters the bootstrap mode context if it cannot locate valid SROS software or if the SROS software has been corrupted. You can also access the bootstrap mode by pressing during the first five seconds of the startup process. During the startup process, the screen will display a countdown, alerting you to how much time you have left to access the bootstrap mode context.
Page 94
Overview Help Tools After you configure the boot software settings, enter reload or boot to reboot the server. Use the boot [cflash | flash] option to immediately boot the router using the specified file. To set the backup boot code, replace ...
Page 95
Overview Help Tools You can also copy the Secure Router OS software from a compact flash card. bootstrap# copy cflash flash [] If your router uses the standard boot process, you should copy the new software as SROS.BIZ to both the compact flash memory (if your router uses a compact flash card) and the internal flash.
Overview Troubleshooting Troubleshooting Compact Flash Compact flash performance can vary greatly between vendors. If there seems to be a delay when the ProCurve Secure Router saves changes to the compact flash card, the Secure Router OS is still functioning, though at times it may seem to be in a suspended state.
Page 97
Overview Troubleshooting Table 1-9. AutoSynch™ Error Messages Error Message Action compact flash removed Make sure the compact flash card is firmly mounted in the compact flash slot CFLASH startup-config From the enable mode context, enter write memory. Then begin does not exist synchronization by entering autosynch.
Overview Troubleshooting C a u t i o n Be very careful doing any kind of file management with the startup-config and SROS.BIZ files while the autosynch command is enabled. If you erase either the startup-config file or SROS.BIZ file from compact flash, the file will also be erased from the internal flash.
Overview Managing Configuration Files Using a Text Editor The CLI will prompt you to save the system configuration. If you have already made the configurations that you want to test, reply no. If you are getting ready to make the configurations to be tested and want to save previous configura- tions, reply yes.
Page 100
Overview Managing Configuration Files Using a Text Editor Figure 1-30. Boot Error Messages The error messages in Figure 1-30 were displayed during bootup. In this particular case, the startup-config file has VPNs configured, and the router that is booting does not have the IPSec VPN module that enables these commands.
Overview Managing Configuration Files Using a Text Editor Error location Resulting message Figure 1-31. Using Boot Error Messages to Target a Configuration Problem The line number given in the error message is the line number in the running- config. You can use this information to locate and repair any configuration problems.
Overview Managing Configuration Files Using a Text Editor If you do not want the base router to use the base configuration, you should save the base configuration as a .cfg or .txt file. From the enable mode context, enter: ProCurve# copy flash running-config If you entered write memory and are running the AutoSynch function, the configuration is saved as the startup-config file on the flash and compact flash memories.
Page 103
Overview Managing Configuration Files Using a Text Editor Copy the edited text. Highlight the edited configuration in the text editor. Copy the highlighted text either by pressing , right-clicking the mouse and clicking Copy, Ctrl+C or clicking Edit > Copy in the window. Save the edited configuration on the router.
Overview Managing Configuration Files Using a Text Editor Install the configuration. Copy the edited configuration file to startup-config. Syntax: copy ProCurve# copy flash configuration.txt flash startup-config The router will create the startup-config file and save the edited configu- ration to the file.
Page 105
Overview Managing Configuration Files Using a Text Editor Upload the file to the TFTP server. Syntax: copy tftp ProCurve# copy flash tftp Address of remote host? 192.168.100.2 Source filename? routerB.txt Destination filename? [routerB.txt] After you enter copy tftp from the enable mode context, the router will prompt you for the information it needs to suc- cessfully complete the TFTP file transfer.
Page 106
Overview Managing Configuration Files Using a Text Editor ProCurve# erase flash startup-config.bak Deleted NONVOL:/startup-config.bak ProCurve# erase cflash startup-config.bak Deleted CFLASH:/startup-config.bak To be sure that old configurations do not interfere with the new configu- ration, erase any startup-config files. This will reset the router to its factory defaults.
Overview Managing Configuration Files Using a Text Editor Configuration File Transfer Using a Compact Flash Card Copy and rename the base configuration. Syntax: copy For example, if your base configuration were the router’s startup-config, you would enter: ProCurve# copy cflash startup-config cflash routerB.txt Replace ...
Page 108
Overview Managing Configuration Files Using a Text Editor Open a session with the destination router and erase files that may conflict with the new configuration. Make sure there are no startup-configuration files on the router’s internal flash or compact flash. Backup files for the startup-config can also inter- fere with the installation of the new configuration.
Overview Quick Start Quick Start This section provides the instructions you need to quickly access the ProCurve Secure Router CLI and establish a console session. Only minimal explanation is provided. It is strongly recommended that you read the entire chapter so that you understand how the Secure Router oper- ating system (OS) is organized and how to manage the OS.
Page 111
Controlling Management Access to the ProCurve Secure Router Contents Securing Management Access to the ProCurve Secure Router ..2-4 Restricting Access to the Enable Mode Context ....2-4 Configuring a Password for Console Access .
Page 112
Controlling Management Access to the ProCurve Secure Router Contents Configuring Authorization ........2-23 Define a Named List for Authorization .
Page 113
Controlling Management Access to the ProCurve Secure Router Contents Configuring AAA ......... . . 2-45 Configuring Authentication with AAA .
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router The ProCurve Secure Router supports both local and remote management. For local management, you can use a serial cable to attach your PC to the ProCurve Secure Router and establish a console terminal session.
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router Because you did not include the md5 option, the password you entered is stored as clear text and is displayed when you enter the show running-config command, as shown below.
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router From the global configuration mode context, enter: ProCurve(config)# line console 0 The ProCurve Secure Router prompt will show that you are in the console line configuration mode context: ProCurve(config-con0)# Enter:...
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router Configuring an Ethernet Interface This section provides the minimum steps required to configure an Ethernet interface. For more detailed information about configuring an Ethernet inter- face, see Chapter 3: Configuring Ethernet Interfaces.) Use a 10Base-T or 100Base-T cable to connect the Ethernet port to a device (such as a switch) on your LAN.
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router Configuring Telnet Access By default, the ProCurve Secure Router requires a login password for Telnet sessions. Unless you configure a password for a Telnet line or disable the login option, no one can establish a Telnet session with the ProCurve Secure Router.
Page 119
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router For example, if you want to create the password as procurve, enter ProCurve(config-telnet0)# password md5 procurve N o t e You can also configure an access control list (ACL) to block or limit Telnet access.
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router Configuring an Enable Mode Password. To provide access to the enable mode context through a Telnet session, you must configure an enable mode password. If you do not configure an enable mode password, users will receive a message, telling them that no enable mode password is configured, and they will be denied access to the enable mode context.
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router Both the username and password can be an alphanumerical string up to 30 characters in length. You can add multiple usernames and passwords to the local user list, and these usernames and passwords can be used for HTTP, SSH, and FTP access.
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router When prompted, enter a username and password that you configured in the local user list. Managing SSH Communications With Telnet, communications between the server and your PC are sent over the wire in clear text.
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router N o t e If you want to use an ACL to restrict SSH access, you apply this ACL at the SSH line configuration mode context. For more information, see the Advanced Management and Configuration Guide, Chapter 5: Applying Access Control to Router Interfaces.
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access To disable the SCP server, enter: Syntax: no ip scp server Viewing Information about Users At any time, you can view information about the users who are accessing the ProCurve Secure Router through the console, Telnet, SSH, FTP, and Web browser interface.
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Advantages of Using the AAA Subsystem The AAA subsystem provides more flexibility than simple password-based authentication. If you enable the AAA subsystem, you can configure a list of authentication methods for the enable mode and for each access method.
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access After you enable the AAA subsystem, the complete set of AAA commands becomes available in the ProCurve Secure Router OS. For example, you can then configure AAA-based authentication, authorization, and accounting for SSH lines.
Page 127
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access The options you can select for the enable mode context are listed in Table 2-1: Table 2-1. Authentication Options for the Enable Named List Option Meaning none...
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access N o t e If you enable the AAA subsystem but do not configure a named list for the enable mode, the Secure Router OS uses the enable mode password by default. Creating a Named List for User Authentication To create a named list for user authentication, you must determine the authentication methods you want to use and the order in which you want the...
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access For example, when you configure a named list for user authentication, you may want to call this list UserLogin. You may also decide to use the following authentication methods: enable password line password...
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Assign the Named List After you configure a named list, you must assign the list to the specific access method. To assign a list to the console, Telnet, or SSH lines, move to the appropriate line configuration mode context and enter: Syntax: login authentication ...
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Table 2-3. Default Action if No Named List Is Configured Access Authentication Method console access no password required Telnet access Telnet password FTP access local user list HTTP access local user list...
Page 132
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access To end the banner, you must enter the same character that you used to signal the beginning of the banner. Configuring a Fail Message. A fail message is displayed if the user’s attempts to log in to the router and fails.
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Configuring Authorization After you enable the AAA subsystem, you can use a TACACS+ server to control not only who can access the Secure Router OS but also who can actually enter unprivileged or privileged commands.
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Include the if-authenticated option to authorize authenticated users. Use the none option to grant access immediately. You may want to enter none as a second option. That way, if the ProCurve Secure Router cannot contact the TACACS+ server, you will still be able to configure the router.
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access N o t e Take care when you configure authorization for the console line. If you are not careful, you may prohibit yourself from entering commands from the console.
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Specify the level of commands for which you want to generate accounting: 1 is unprivileged access, which is the basic mode, and 15 is privileged access, which is the enable mode.
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Include newinfo if you want all new records sent immediately, or include periodic if you want the records sent at specific intervals. If you specify periodic, replace ...
Page 138
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Edge switch Edge switch ProCurve Secure Core switch Router RADIUS server Figure 2-2. Using a RADIUS Server for Authenticating Users Who Want to Manage the ProCurve Secure Router To set up this communication, you must specify the IP address of the RADIUS server.
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Table 2-4. Customizing Settings for Individual RADIUS Servers Option Meaning Default Value acct-port configures the router to send accounting requests to the port acct-port 1813 you specify auth-port ...
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access From this context, use the following command to add RADIUS servers to the group: Syntax: server Either replace with the RADIUS server’s hostname or replace ...
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Table 2-5. Global Settings for RADIUS Servers Option Meaning Default Value challenge-noecho disables echoing of user challenge-entry; users will see the text of the challenge as they type responses (enabling this option hides the text as it is being entered) deadtime ...
Page 142
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Edge switch Edge switch ProCurve Secure Core switch Router TACACS+ server Figure 2-3. Using a TACACS+ Server for Authenticating Users Who Want to Manage the ProCurve Secure Router To enable this communication, you must configure the IP address or host name of the TACACS+ server.
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access You can use the complete tacacs-server command to configure other settings for a TACACS+ server, as shown below: Syntax: tacacs-server host [port | timeout ...
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access For example, the following command creates a group called tacacs and enters the TACACS+ group configuration mode context: ProCurve(config)# aaa group server tacacs+ tacacs ProCurve(config-sg-tacacs+)# Use the following command to add TACACS+ servers to the group: Syntax: server ...
Controlling Management Access to the ProCurve Secure Router Troubleshooting AAA Table 2-7. Global Settings for TACACS+ Servers Option Meaning Default Value tacacs-server key Specifies the shared key to use with TACACS+ servers. Any none keys you configure for a particular TACACS+ server supersede the global key.
Controlling Management Access to the ProCurve Secure Router Troubleshooting AAA AAA: New Session on portal 'TELNET 0 (172.22.12.60:4867)'. No named list for Telnet line 0; AAA: No list mapped to 'TELNET 0'. Using 'default'. default aaa Default for configuration used AAA: Attempting authentication (username/password).
Controlling Management Access to the ProCurve Secure Router Troubleshooting AAA Auth. Acct. Number of packets sent: Number of invalid responses: Number of timeouts: Average delay: 2 ms 0 ms Maximum delay: 3 ms 0 ms Figure 2-5. show radius statistics debug radius Command You can view debug messages about RADIUS servers in real time.
Controlling Management Access to the ProCurve Secure Router Port Authentication Port Authentication Allowing mobile devices unlimited access to a network poses a severe security risk. While it is beneficial to allow employees to plug in and gain access to a company’s LAN, there is the potential that unauthorized users may similarly gain access to your network.
Controlling Management Access to the ProCurve Secure Router Port Authentication Troubleshooting Supplicant Functionality If the ProCurve Secure Router is unable to access the 802.1X-secured network, begin troubleshooting by checking the physical connection. Ensure that the 10Base-T or 100Base-T cable is connected and in the proper ports. Check the supplicant status and make sure that it is enabled and that you have entered the correct username and password.
Controlling Management Access to the ProCurve Secure Router Quick Start Quick Start This section provides the commands you must enter to quickly configure passwords to protect management access to the ProCurve Secure Router. Only a minimal explanation is provided. If you need additional information about any of these options, see “Contents” on page 2-1 to locate the section and page number that contains the explanation you need.
Controlling Management Access to the ProCurve Secure Router Quick Start Configuring Remote Access to the ProCurve Secure Router You can access the ProCurve Secure Router through: Telnet HTTP Secure Copy (SCP) server Configuring an Ethernet Interface Before you can access the router through a remote location, you must enable at least one interface and provide a physical connection to either a LAN or WAN.
Controlling Management Access to the ProCurve Secure Router Quick Start From the global configuration mode context, enter the Ethernet interface configuration mode context: ProCurve(config)# interface ethernet 0/ Assign the Ethernet interface an IP address. Syntax: ip address [ | /] For example, if you want to assign the Ethernet interface an IP address of 192.168.1.1 with a subnet mask of 255.255.255.0, enter ProCurve(config-eth 0/1)# ip address 192.168.1.1 /24...
Controlling Management Access to the ProCurve Secure Router Quick Start N o t e You can configure an access control list (ACL) to block Telnet access. For instructions on configuring this ACL, see Chapter 5: Applying Access Control to Router Interfaces in the Advanced Management and Configuration Guide. Configuring Local User Lists You can configure multiple usernames and passwords to be used for FTP, HTTP, and SSH access to the router.
Controlling Management Access to the ProCurve Secure Router Quick Start Configuring Authentication with AAA Create a list of authentication methods, called a named list, for the enable mode. Syntax: aaa authentication enable default {none | line | enable | [group ...
Controlling Management Access to the ProCurve Secure Router Quick Start Use the group tacacs+ option to specify the default group of TACACS+ servers. Use the group if you have created a group of TACACS+ servers. Include the if-authenticated option to authorize authenticated users. Use the none option if authorization is not required.
Controlling Management Access to the ProCurve Secure Router Quick Start Assign the named list to a console, Telnet, or SSH line. From the appro- priate line configuration mode context, enter: Syntax: accounting commands [1 | 15] [default | ] Defining a RADIUS Server Define the IP address of the RADIUS server and the key that the ProCurve Secure Router must use to authenticate to the server (if a key is required).
Configuring Ethernet Interfaces Ethernet Interfaces Ethernet Interfaces The ProCurve Secure Router includes two Ethernet ports on the front panel, allowing you to connect two LAN segments to your WAN. You can also use the Ethernet ports to connect to a cable or Digital Subscriber Line (DSL) modem.
Configuring Ethernet Interfaces Ethernet Interfaces and Configuration Guide, Chapter 4: ProCurve Secure Router OS Firewall— Protecting the Internal, Trusted Network; for more information about access controls, see the Advanced Management and Configuration Guide, Chapter 5: Applying Access Control to Router Interfaces.) Configuring the Ethernet Interface The Ethernet interface is the only interface on the ProCurve Secure Router that you configure to control both the Physical and the Data Link Layers of a...
Configuring Ethernet Interfaces Ethernet Interfaces You can also use a truncated reference for both interface and Ethernet, as shown below: ProCurve(config)# int eth 0/1 When you truncate a command, you only need to enter enough of the com- mand to distinguish it from other commands. After you enter the int eth 0/1 command, the prompt will show that you are in the Ethernet 0/1 interface configuration mode context: ProCurve(config-eth 0/1)#...
Configuring Ethernet Interfaces Ethernet Interfaces Configuring an IP Address To assign the Ethernet interface an IP address, you must be at the Ethernet interface configuration mode context: ProCurve(config-eth 0/1)# You then have several options for assigning an IP address to an Ethernet interface: You can assign the Ethernet interface a static IP address.
Page 164
Configuring Ethernet Interfaces Ethernet Interfaces In addition to enabling the DHCP client, this command allows you to configure the settings shown in Table 3-1. Table 3-1. DHCP Client Settings Option Meaning Default Setting client-id configures the client id displayed in the DHCP media type and interface’s MAC address server’s table hostname...
Page 165
Configuring Ethernet Interfaces Ethernet Interfaces You should ensure that the DHCP client receives an IP address so that these requests do not consume router resources or bandwidth on your Ethernet link. To determine if the Ethernet interface has been assigned an IP address, enter: ProCurve(config-eth 0/1)# do show int eth 0/1 N o t e The do command allows you to enter enable mode commands from any...
Page 166
Configuring Ethernet Interfaces Ethernet Interfaces Overriding Settings Received from the DHCP Server. If the DHCP server is configured to provide a default-route, a domain name, or a domain name server (DNS), the DHCP client for the Ethernet interface will accept and use these settings.
Configuring Ethernet Interfaces Ethernet Interfaces Configuring the Ethernet Interface as an Unnumbered Interface To conserve IP addresses on your network, you may want to create the Ethernet interface as an unnumbered interface. When you assign the Ethernet interface an IP address, that IP address cannot overlap with the IP addresses assigned to other interfaces on the router.
Configuring Ethernet Interfaces Ethernet Interfaces If you configure the Ethernet interface to support virtual LANs (VLANs), you can specify an Ethernet subinterface. For example, you would enter the following commands to configure a loop- back interface and then configure the Ethernet 0/1 interface to use the IP address assigned to that loopback interface: ProCurve(config)# interface loopback 1 ProCurve(config-loop 1)# ip address 10.1.1.1 /24...
Configuring Ethernet Interfaces Ethernet Interfaces For example, you might enter: ProCurve(config-eth 0/1)# speed 100 N o t e If you configure a default setting for speed, the Ethernet interfaces still negotiate the duplex setting—either full-duplex or half-duplex. Some Ethernet devices cannot negotiate duplex if the speed is manually set. To avoid possible problems, you may want to manually configure the duplex setting if the speed is manually set.
Configuring Ethernet Interfaces Ethernet Interfaces adjacent if their MTU sizes do not match. You should ensure that the MTU on the device at the far end of the Ethernet connection is using the same MTU as the interface you are configuring. If routers and switches have different MTU sizes in a TCP/IP network, trans- missions and routing may be affected.
Configuring Ethernet Interfaces Ethernet Interfaces interface eth 0/1 description Attached to building 1 ip address 192.168.1.1 255.255.255.0 no shutdown You can also view the description by entering: ProCurve# show running-config interface eth 0/1 This command displays the running-config settings for only the Ethernet 0/1 interface.
Page 172
Configuring Ethernet Interfaces Ethernet Interfaces In addition to configuring these settings, you can: assign access control policies (ACPs) or access control lists (ACLs) to the interface enable bridging assign crypto maps to enable virtual private networks (VPNs) configure settings for routing protocols configure quality of service (QoS) settings These settings are discussed in other chapters, as shown in Table 3-3.
Configuring Ethernet Interfaces Configure VLAN Support Configure VLAN Support VLANs enable you to group users by logical function rather than physical location. Creating VLANs on your network provides several advantages: VLANs allow you to segment your network into smaller broadcast domains.
Page 174
Configuring Ethernet Interfaces Configure VLAN Support Destination Source 802.1Q Tag Type field Data field Ethernet II with address address 802.1Q tag 6 bytes 6 bytes 4 bytes 2 bytes Up to 1500 bytes 4 bytes Destination Source 802.1Q Tag Length Data field IEEE 802.3 with address...
Configuring Ethernet Interfaces Configure VLAN Support Server Layer 2 switch Server Switch ProCurve Secure Router Routing between VLANs Switch Layer 2 switch Figure 3-4. Routing VLAN Traffic Between Layer 2 Switches If your company is using Layer 2 switches, you may want to enable VLAN support on the ProCurve Secure Router and configure it to route the VLAN traffic on your internal network.
Page 176
Configuring Ethernet Interfaces Configure VLAN Support Enabling VLAN Support. To configure the ProCurve Secure Router to rec- ognize the IEEE 802.1Q tag and route traffic accordingly, enter the following command from the Ethernet interface configuration mode context: ProCurve(config-eth 0/1)# encapsulation 802.1Q After you enter this command, the ProCurve Secure Router immediately recognizes that it must route traffic through this Ethernet interface to multiple VLANs with separate IP addresses.
Configuring Ethernet Interfaces Viewing the Status of Ethernet Interfaces or Subinterfaces Assigning an IP Address You must assign the Ethernet subinterfaces a static IP address. From the Ethernet subinterface configuration mode context, enter: Syntax: ip address For example, if you are configuring a subinterface for VLAN 2 and VLAN 2 encompasses the subnet 192.168.115.0 255.255.255.0, you might enter: ProCurve(config-eth 0/1.1)# ip address 192.168.115.5 /24...
Page 178
Configuring Ethernet Interfaces Viewing the Status of Ethernet Interfaces or Subinterfaces eth 0/1 is UP Physical Layer and Data eth 0/1 is UP, line protocol is UP Link Layer are up Hardware address is 00:15:55:05:35:D4 Ip address is 192.168.1.1, netmask is 255.255.255.0 MTU is 1500 bytes, BW is 100000 Kbit 100Mb/s, negotiated full-duplex, configured full-duplex ARP type: ARPA;...
Configuring Ethernet Interfaces Viewing the Status of Ethernet Interfaces or Subinterfaces ------------------------------------------------------------------- eth 0/1 is UP, line protocol is UP Hardware address is 00:12:79:05:25:B0 Ip address is 192.168.1.1, netmask is 255.255.255.0 MTU is 1500 bytes, BW is 100000 Kbit 100Mb/s, negotiated full-duplex, configured full-duplex ARP type: ARPA;...
Configuring Ethernet Interfaces Viewing the Status of Ethernet Interfaces or Subinterfaces Viewing the Configurations That Have Been Entered To view the settings that have been entered manually and are currently being used by the ProCurve Secure Router, move to the enable mode context and enter: ProCurve# show running-config This command displays the current configurations for the router.
Page 181
Configuring Ethernet Interfaces Viewing the Status of Ethernet Interfaces or Subinterfaces The display shows the current running-config file, including any default set- tings. Again, you will need to browse for the information relating to the Ethernet interface or subinterface you are checking. Alternately, you can enter the following command to display only information about a particular Ethernet interface or subinterface: Syntax: show running-config interface eth 0/...
Configuring Ethernet Interfaces Troubleshooting an Ethernet Interface To understand the difference between the show running-config command and the show running-config verbose command, compare Figure 3-7 to Figure 3-8. For example, if you entered the IP address, a description, and the no shut command to configure the Ethernet interface, only those settings are listed when you enter the show running-config command.
Configuring Ethernet Interfaces Troubleshooting an Ethernet Interface Depending on the error messages displayed, you should check the cabling or the configuration settings for the Ethernet interface. If the “eth 0/1 is DOWN” message is displayed, substitute a different 10Base-T or 100Base-T cable and make sure the connectors are securely seated in the Ethernet port on both the router and the far-end device.
Configuring Ethernet Interfaces Quick Start 2005.08.27 15:31:53 ETHERNET_INTERFACE.eth 0/1 auto-negotiation in progress 2005.08.27 15:31:55 ETHERNET_INTERFACE.eth 0/1 auto-negotiation complete 2005.08.27 15:31:56 ETHERNET_INTERFACE.eth 0/1 link up 2005.08.27 15:31:56 ETHERNET_INTERFACE.eth 0/1 speed is 100Mbps, full duplex 2005.08.27 15:31:56 INTERFACE_STATUS.eth 0/1 changed state to up Figure 3-9.
Page 185
Configuring Ethernet Interfaces Quick Start Move to the global configuration mode context. ProCurve# configure terminal Access the Ethernet configuration mode context: Syntax: interface ethernet 0/ For example, if you want to configure the bottom Ethernet port, enter: ProCurve(config)# interface ethernet 0/1 Assign the Ethernet interface an IP address.
Configuring E1 and T1 Interfaces Overview of E1 and T1 WAN Connections Overview of E1 and T1 WAN Connections Public carriers offer E1- and T1-carrier lines for customers who need dedicated, secure, point-to-point wide area network (WAN) connections. The connection is always active, so data can be immediately transmitted at any time, with no wait for a dial-up process.
Configuring E1 and T1 Interfaces Overview of E1 and T1 WAN Connections Physical transmission media and electrical specifications are part of the Physical Layer (Layer 1) of the Open Systems Interconnection (OSI) model, and Data Link Layer protocols are part of the Data Link Layer (Layer 2). (See Figure 4-1.) Application layer Presentation layer...
Page 191
Configuring E1 and T1 Interfaces Overview of E1 and T1 WAN Connections Wire span Network CSU/ Interface Unit Repeater Router (DTE) Public (Smart Jack) Carrier’s CO Office Channel Unit (PTT’s CSU) Demarc Figure 4-2. Local Loop All carrier lines require the same basic components on the local loop, although the components may differ slightly in form and design.
Configuring E1 and T1 Interfaces Overview of E1 and T1 WAN Connections Repeater—A repeater receives, amplifies, and retransmits the digital signal so that the signal is always strong enough to be read. The distance between repeaters depends on the type of connection, including the transmission media used.
Page 193
Configuring E1 and T1 Interfaces Overview of E1 and T1 WAN Connections Wire span Network CSU/ Interface Unit Repeater Router (DTE) Public (Smart Jack) Carrier’s CO Office Channel Unit (public carrier’s CSU) Demarc Figure 4-3. Router Connects Directly to an External CSU/DSU. If your public carrier does not provide the DSU, the router must include a built- in DSU.
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules UTP cable with Wire span RJ-48C connectors Network Router w/ internal Interface Unit Repeater Public CSU/DSU (Smart Jack) Carrier’s CO Office Channel Unit (public carrier’s CSU) Demarc Figure 4-5. Router with a Built-in CSU/DSU ProCurve Secure Router Modules ProCurve Networking provides several E1 and T1 modules, which are described in the next sections.
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Table 4-1. Standards Supported by E1 Modules Type of Standard Port E-carrier line • International Telecommunications Union (ITU) G.703 • ITU-T G.704 (CRC-4) • ITU-T G.823 • ITU-T G.797 Electrical/power • Norme Europeenne (EN) 60950 (EN is also referred to as European Standards.) •...
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Table 4-2. Standards Supported by T1 Modules Type of Standard Port T-carrier line • AT&T TR194 • AT&T TR54016 • American National Standards Institute (ANSI) T1.403 Electrical/power • AT&T Pub 62411 (jitter tolerance) •...
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules The rest of this section describes these options in more detail and explains how to configure them from the command line interface (CLI). If you want to configure the E1 or T1 connection from the Web browser interface, see Chapter 14: Using the Web Browser Interface for Basic Configuration Tasks.
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules The settings that you must configure in order to establish an E1 or T1 WAN connection are explained in the following sections. Channels As mentioned earlier, E1- and T1-carrier lines provide different transmission speeds.
Page 199
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules T1 Channels. When you configure a T1 module with a built-in CSU/DSU, you must configure the number of channels that the T1 WAN connection uses. If you lease an entire T1 line, you configure channels 1-24. If you lease a fractional T1 line, your public carrier will tell you which channels to configure for that connection.
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Line Coding In addition to configuring the number of channels for the E1 or T1 connection, you must configure the interface to use the same line coding that your public carrier is using. Line coding defines how digital signals are configured for transport through a physical transmission medium.
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Like HDB3, B8ZS was designed to overcome the deficiencies of AMI. To prevent synchronization loss, B8ZS replaces a string of eight zeros with a string that includes two logical ones of the same polarity as a timing mark. Because B8ZS has become the standard line coding used on T1-carrier lines, it is the default setting on the ProCurve Secure Router.
Page 202
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Although E1 interfaces, including those for the G.703 port, support two frame formats, only one option is listed if you enter the following command from the E1 interface configuration mode context: ProCurve(config-e1 1/1)# framing ? Only the crc4 option is listed.
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Clock Source, or Timing, for the E1- or T1-Carrier Line Because data transmission requires hosts to be synchronized, you must configure the clock source, or timing, for the E1 or T1 interface. You can configure the E1 or T1 interface with one of the following clock sources: Line—Use the line setting if the E1 or T1 interface will take the clock source from the public carrier.
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules To configure the clock source, enter the following command from the E1 or T1 interface configuration mode context: Syntax: clock source [internal | line | through] For example, to configure the clock source as line, enter: ProCurve(config-e1 2/1)# clock source line N o t e You cannot connect two interfaces on one module to different service providers...
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Replace with one of the following numbers, which are in decibels (db): -22.5 -7.5 You should set the LBO to avoid overloading a receiver’s circuits. For sensitive interfaces or for interfaces that are connected with a long cable but separated by a short distance, use the more negative values to prevent the line from becoming too hot.
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules If used on a T1-carrier line, the FDL channel must conform to one of the following standards: ANSI T1.403 standard ATT TR 54016 standard By default, the T1 interfaces on the ProCurve Secure Router use the ANSI standard.
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules If you have connected the interface to either to the wall jack or the external CSU, the interface will try to establish the Physical Layer of the WAN connec- tion. If the E1 or T1 interface successfully establishes that Physical Layer, another message should be displayed: INTERFACE_STATUS.e1 1/1 changed state to up INTERFACE_STATUS.t1 1/1 changed state to up...
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Table 4-4 lists the default settings for line error thresholds. Table 4-4. Threshold Commands Setting Description 15-Minute 24-Hour Default Default Bursty Errored Seconds Controlled Slip Seconds Degraded Minutes Errored Seconds Line Code Violations 13340 133400 Line Errored Seconds...
Page 209
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Table 4-5. Events That Trigger Line Errors Error Type Triggers 1-320 Path Coding Violations (PCV) Controlled Slip Seconds (CSS) Bit Error Rate (BER) between .000001 and .001 ESF and CRC4: – PCV –...
Page 210
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Error Type Triggers • D4 errors: – Framing error – OOF – 1544+ LCVs • 10+ SESs • Line failure + SES The following is a list of the line errors and a brief description of each. BES.
Page 211
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules same polarity without an intervening pulse of the opposite polarity. An EXZ is the occurrence of any zero string length equal to or greater than three for B3ZS or greater than four for HDB3. LCVs usually signal a mismatch in line coding type.
Configuring E1 and T1 Interfaces Viewing Information about E1 and T1 Interfaces To return a threshold to its default setting, enter this command from the global configuration mode context: Syntax: no thresholds [BES | CSS | DM | ES | LCV | LES | PCV | SEFS | SES | UAS] [15Min | 24Hr] For example, to return the 15-minute SES threshold to its default setting of 10, enter:...
Configuring E1 and T1 Interfaces Viewing Information about E1 and T1 Interfaces show interfaces Command You can use the show interfaces / command to view detailed information about the status of the E1 or T1 interface. For example, if you want to view the status of the E1 1/1 interface, enter the following command from the enable mode context: ProCurve# show interfaces e1 1/1 Figure 4-7 shows the results of this command for an E1 interface.
Configuring E1 and T1 Interfaces Viewing Information about E1 and T1 Interfaces The first line indicates whether the interface is up or down. The second line lists alarms, if there are any. The next two lines show current configurations for line coding, framing, and clock source. For T1 interfaces, the FDL type and the line build out settings are also listed.
Configuring E1 and T1 Interfaces Viewing Information about E1 and T1 Interfaces This command displays the configuration that you have entered for the entire router. You must then scroll through the running-config until you locate the appropriate E1 or T1 interface. To save time, you can enter the following command from the enable mode context: Syntax: show running-config interface ...
Configuring E1 and T1 Interfaces Troubleshooting E1 and T1 WAN Connections interface e1 1/1 description This is the default setting; the no framing crc4 E1-carrier line is using the E1 clock source internal frame format. coding hdb3 lbo long 0 remote-loopback sa4tx-bit 0 loop-alarm-detect...
Page 217
Configuring E1 and T1 Interfaces Troubleshooting E1 and T1 WAN Connections You should start by troubleshooting the physical interface because it must be up before the logical connection can be established. You can quickly check the LEDs on the front of the ProCurve Secure Router to determine the status of a physical interface.
Configuring E1 and T1 Interfaces Troubleshooting E1 and T1 WAN Connections The color of the lights and a more detailed explanation are provided below. No Light If no light appears, ensure that you are checking the LED that corresponds to the slot in which the E1 or T1 module is installed, as shown in Figure 4-10.
Page 219
Configuring E1 and T1 Interfaces Troubleshooting E1 and T1 WAN Connections e1 1/1 is DOWN If the interface is Encapsulation is not set down, look for Transmitter is sending remote alarm reported alarms Receiver has loss of signal, loss of frame E1 coding is HDB3, framing is E1 Check configuration Clock source is internal...
Configuring E1 and T1 Interfaces Troubleshooting E1 and T1 WAN Connections Table 4-8. Alarms and Their Possible Causes Alarm Possible Cause Possible Solutions LOS—loss of • You may be using a different type of • Check all the settings, including the setting for line signal line coding than that used by the coding.
Configuring E1 and T1 Interfaces Troubleshooting E1 and T1 WAN Connections If the loopback was not initiated on the ProCurve Secure Router, your public carrier is testing the line. Call your public carrier to have the loopback canceled or to determine the reason for the loopback test. Green Light If the stat LED for the physical interface is green but the WAN connection is down, you should still check the configuration for the E1 or T1 interface.
Page 222
Configuring E1 and T1 Interfaces Troubleshooting E1 and T1 WAN Connections For example, to view performance statistics accumulated on the T1 1/1 interface over all 15-minute intervals in the past 24 hours, enter: ProCurve# show interfaces t1 1/1 performance-statistics To view only certain 15-minute intervals, replace with numbers between 1 and 96.
Configuring E1 and T1 Interfaces Quick Start -------------------------------------------------------------------- t1 1/1 is UP Receiver has no alarms T1 coding is B8ZS, framing is ESF Clock source is through t1 1/2, FDL type is ANSI Line build-out is 0dB No remote loopbacks, No network loopbacks Acceptance of remote loopback requests enabled Tx Alarm Enable: rai Last clearing of counters never...
Configuring E1 and T1 Interfaces Quick Start Configuring an E1 or T1 Interface Before you begin to configure an E1 or T1 interface, you should know the settings that you must enter for the following: number of channels used line coding frame format clock source Your public carrier should provide you with this information.
Page 225
Configuring E1 and T1 Interfaces Quick Start For example, to assign the E1 or T1 interface all the channels, enter: ProCurve(config-e1 1/1)# tdm-group 1 timeslots 1-31 ProCurve(config-t1 1/1)# tdm-group 1 timeslots 1-24 Configure the line coding. For E1 interfaces, use the following syntax: Syntax: coding [ami | hdb3] ProCurve(config-e1 1/1)# coding ami HDB3 is the default setting for E1 interfaces.
Page 226
Configuring E1 and T1 Interfaces Quick Start Table 4-9 shows the default settings for the clock source on each type of E1 or T1 module. Table 4-9. Default clock source settings for E1 and T1 modules Module Port Default Clock Source One-port E1 or T1 module line Two-port E1 or T1 module...
Page 227
Configuring E1 and T1 Interfaces Quick Start 12. View the status of the E1 or T1 interface. ProCurve(config-e1 1/1)# do show interface e1 1/1 ProCurve(config-t1 1/1)# do show interface t1 1/1 N o t e The do command enables you to enter enable mode commands (such as show commands) from any context.
Page 228
Configuring E1 and T1 Interfaces Quick Start 4-42...
Page 229
Configuring Serial Interfaces for E1- and T1-Carrier Lines Contents Using the Serial Module for E1- or T1-Carrier Lines ....5-3 Elements of an E1- or T1-Carrier Line ......5-3 Connecting Your Premises to the Public Carrier’s Central Office: the Local Loop .
Configuring Serial Interfaces for E1- and T1-Carrier Lines Contents Troubleshooting a Serial Connection ......5-17 Checking the LED for the Serial Module .
Configuring Serial Interfaces for E1- and T1-Carrier Lines Using the Serial Module for E1- or T1-Carrier Lines Using the Serial Module for E1- or T1-Carrier Lines When companies require dedicated, secure point-to-point wide area network (WAN) connections, one of the available solutions is a leased E1- or T1-carrier line.
Page 232
Configuring Serial Interfaces for E1- and T1-Carrier Lines Using the Serial Module for E1- or T1-Carrier Lines Application Layer Presentation Layer Session Layer Transport Layer Network Layer Frame Relay Data Link Layer HDLC Physical Layer E1- and T1-carrier lines Figure 5-1. Physical and Data Link Layers of the OSI Model When you configure the ProCurve Secure Router to support an E1 or T1 WAN connection, you must configure: the Physical Layer...
Page 233
Configuring Serial Interfaces for E1- and T1-Carrier Lines Using the Serial Module for E1- or T1-Carrier Lines Wire span Public Carrier’s CO Network CSU/ Interface Unit Repeater Router (DTE) (Smart Jack) Office Channel Unit (PTT’s CSU) Demarc Figure 5-2. Local Loop All carrier lines require the same basic components on the local loop, although the components may differ slightly in form and design.
Configuring Serial Interfaces for E1- and T1-Carrier Lines Using the Serial Module for E1- or T1-Carrier Lines Repeater—A repeater receives, amplifies, and retransmits the digital signal so that the signal is always strong enough to be read. The distance between repeaters depends on the type of connection, including the transmission media used.
Configuring Serial Interfaces for E1- and T1-Carrier Lines Using the Serial Module for E1- or T1-Carrier Lines Serial Module for the ProCurve Secure Router The ProCurve Secure WAN serial modules are used when the public carrier provides an external CSU/DSU for an E1- or T1-carrier line. (See Figure 5-2 on page 5-5.) ProCurve Networking offers two serial modules: one-port narrow module eight-port, or octal, wide module...
Configuring Serial Interfaces for E1- and T1-Carrier Lines Serial Interface: Configuring the Physical Layer Serial Interface: Configuring the Physical Layer Because the external CSU/DSU manages timing, framing, and signaling for the E1- or T1-carrier line, the serial interface does not have to perform these functions.
Page 237
Configuring Serial Interfaces for E1- and T1-Carrier Lines Serial Interface: Configuring the Physical Layer If you are not sure which type of cable you have, this chapter provides illustrations of the three cable connectors. For example, Figure 5-4 shows the pinouts for ProCurve Networking’s implementation of the V.35 cable connec- tor and lists how each pin is used.
Page 238
Configuring Serial Interfaces for E1- and T1-Carrier Lines Serial Interface: Configuring the Physical Layer Figure 5-5 shows the pinouts for ProCurve Networking’s implementation of the X.21 cable connector and lists how each pin is used. X.21 DB-15 (DA-15) X.27-compatible connector pinout Signal/Circuit Name Unused TD_A, Transmit A...
Page 239
Configuring Serial Interfaces for E1- and T1-Carrier Lines Serial Interface: Configuring the Physical Layer If you have an EIA 530 cable that you purchased from another vendor, the ProCurve Secure Router supports it. You can also use Figure 5-6, which shows the pinouts for EIA 530, to create this type of connector.
Configuring Serial Interfaces for E1- and T1-Carrier Lines Serial Interface: Configuring the Physical Layer Serial Interface Configuration Mode Context To begin configuring the serial interface for the E1 or T1 connection, you must access the appropriate configuration mode context. In the ProCurve Secure Router command line interface (CLI), move to the global configuration mode context and enter: Syntax: interface serial /...
Configuring Serial Interfaces for E1- and T1-Carrier Lines Serial Interface: Configuring the Physical Layer Configuring the Clock Source The serial interface must have a clock source to synchronize the transmission of data. The clock source for the serial interface is called the external transmit reference clock (et-clock).
Configuring Serial Interfaces for E1- and T1-Carrier Lines Serial Interface: Configuring the Physical Layer If you enter the invert txclock command, the serial interface will invert the transmit clock that is taken from the data stream. The serial interface inverts the transmit clock before it transmits a signal.
Configuring Serial Interfaces for E1- and T1-Carrier Lines Viewing Information about the Serial Interface Viewing Information about the Serial Interface You can view information about the E1- and T1-carrier line associated with the serial interface, and you can view the configuration settings that have been entered for the serial interface.
Configuring Serial Interfaces for E1- and T1-Carrier Lines Viewing Information about the Serial Interface If the interface is administratively down, you must enter no shutdown from the serial interface configuration mode context to activate it. If the interface is down, you should begin troubleshooting the problem, as explained in “Troubleshooting a Serial Connection”...
Configuring Serial Interfaces for E1- and T1-Carrier Lines Troubleshooting a Serial Connection View All the WAN Connections Configured on the Router If your ProCurve Secure Router is providing several WAN connections for your company, you may want to view a list of these connections. The show connections command provides a quick view of all the connections on the router.
Configuring Serial Interfaces for E1- and T1-Carrier Lines Troubleshooting a Serial Connection Check the logical layer. Check to ensure that a Data Link Layer protocol has been defined and is bound to the serial interface. b. Check the configurations to ensure that you are using the correct settings.
Configuring Serial Interfaces for E1- and T1-Carrier Lines Troubleshooting a Serial Connection No Light Ensure that you are checking the LED that corresponds to the slot where the serial module is installed. Next, view the status of the serial interface by entering: ProCurve# show interfaces serial /...
Configuring Serial Interfaces for E1- and T1-Carrier Lines Troubleshooting a Serial Connection • If you have an extra X.21, V.35, or EIA 530 cable, try using that cable to connect the serial module to the CSU/DSU. • Check the LEDs on the CSU/DSU and ensure that it is up. The CSU/ DSU may be turned off, or it may have experienced a hardware failure.
Configuring Serial Interfaces for E1- and T1-Carrier Lines Troubleshooting a Serial Connection Green Light If the serial interface is up, you should begin troubleshooting the logical interface. See Chapter 6: Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces. Solving a Specific Problem: the Line Between the Serial Module and the CSU/DSU Keeps Going Down If the line between the serial module and the CSU/DSU keeps going down, you...
Configuring Serial Interfaces for E1- and T1-Carrier Lines Quick Start To return the interface to the default setting, enter: ProCurve(config-ser 1/1)# no ignore dcd Quick Start This section provides the commands you must enter to quickly configure a serial module on the ProCurve Secure Router. Only a minimal explanation is provided.
Page 251
Configuring Serial Interfaces for E1- and T1-Carrier Lines Quick Start Configure the interface for the cable that you used to connect the serial module to the CSU/DSU. The default setting is V35. Syntax: serial-mode [EIA530 | V35 | X21] For example, to configure the serial interface to use an X.21 cable, enter: ProCurve(config-ser 1/1)# serial-mode X21 Activate the serial interface.
Page 252
Configuring Serial Interfaces for E1- and T1-Carrier Lines Quick Start 5-24...
Page 253
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Contents Configuring the Logical Interface ........6-3 PPP Overview .
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Contents Configuring HDLC as the Data Link Layer Protocol ....6-39 Create the HDLC Interface ....... 6-39 Activate the HDLC Interface .
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Configuring the Logical Interface As outlined in Chapter 4: Configuring E1 and T1 Interfaces, all WAN connections—including E1- and T1-carrier lines—require both a Physical Layer and a Data Link Layer.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface PPP Overview PPP is a suite of protocols, rather than just a single protocol. (See Figure 6-2.) The PPP suite includes several types of protocols: link control protocol (LCP) authentication protocols network control protocols (NCPs)
Page 257
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Exchanging an authentication protocol is optional. Understanding how a PPP session is established can help you troubleshoot problems if they occur. (See Figure 6-3.) 1.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface NCP. PPP uses an NCP to enable the exchange of Network Layer protocols— such as IP—across a WAN link. As Figure 6-2 shows, there is a specific NCP for each support Network Layer protocol.
Page 259
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Table 6-1 shows the main settings that you must configure for an E1, T1, or serial interface connection that uses PPP. Table 6-1. Options for Configuring an E1, T1, or Serial Interface with PPP Interface Command Explanation...
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface The PPP settings are described in the sections that follow. (For information about E1 and T1 interface settings, see Chapter 4: Configuring E1 and T1 Interfaces.
Page 261
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Configure the PPP Interface as an Unnumbered Interface. To con- serve IP addresses on your network, you may want to create the PPP interface as an unnumbered interface.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface For example, you would enter the following commands to configure a loop- back interface and then configure the PPP 1 interface to use the IP address assigned to that loopback interface: ProCurve(config)# interface loopback 1 ProCurve(config-loop 1)# ip address 10.1.2.2 /30...
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Replace with the type of WAN connection, such as E1, T1, or serial. Replace and with the correct numbers to identify this interface’s location on the ProCurve Secure Router.
Page 264
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface returns an authentication acknowledge. The two peers can then send NCPs to negotiate the Network Layer protocols. If this negotiation is successful, the PPP session is established. With PAP, the two peers authenticate only once, and the username and password are sent in clear text across the connecting private circuit.
Page 265
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Authenticator Peer Challenge Calculate Calculate hash hash Compares Hash hash values Acknowledge Figure 6-4. CHAP Process When you configure CHAP on the ProCurve Secure Router, you only need to set the password.
Page 266
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface You must add the password you have agreed upon for the peer to the PPP database. The PPP database for each connection is separate and distinct from the global username and password database and the databases of other PPP connections.
Page 267
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface For example, you might enter: ProCurve(config-ppp 1)# ppp pap sent-username SiteA password procurve N o t e PAP will be used only to authenticate this WAN connection. You do not have to actually enable the PAP protocol.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Option Your Setting peer password Are you authenticating to the peer? Yes/No local router’s username local router’s password This worksheet will help you enter the PPP authentication command for your router.
Page 269
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Set the MTU. The maximum transmission unit (MTU) defines the largest size that a PPP frame can be. If a frame exceeds this size, it must be fragmented.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Replace with a phrase up to 80 characters. For example, you might enter: ProCurve(config-ppp 1)# description WAN link to Denver office This description is displayed only when you enter the show running-config command.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Table 6-3. Additional Configuration Settings for the PPP Interface Settings Configuration Page Number Guide access controls to filter incoming and outgoing traffic Advanced 5-18, 5-37 bridging Basic 10-6...
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Subscriber 1 Transmitting an average of 640 Kbps with bursts to 832 Kbps Router Frame Relay Public Carrier’s CO switch Frame Relay over T1 Frame Relay switch Frame Relay...
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Subscriber 1 PVC between Subscriber 1 and Subscriber 2 Router Frame Relay Public Carrier’s CO switch Frame Relay over T1 Frame Relay switch Frame Relay over T1 Frame Relay switch...
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Frame Relay Router (DTE) Switch (DCE) Frame Relay Router (DTE) Switch (DCE) Frame Relay Router (DTE) Switch (DCE) UNI: DTE to DCE NNI: DCE to DCE Figure 6-7.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface The 10-bit field enables 1024 possible DLCI numbers, but some are reserved for special purposes: 0 signals Annex A and D 1-15 and 1008-1022 are reserved 1023 signals the Link Management Interface (LMI) The remaining 976 DLCI numbers between 16 and 1007 are available to users.
Page 276
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface From this configuration mode context, you can enter the help command to display the commands available from this configuration mode context. ProCurve(config-fr 1)# ? Table 6-4 shows the main settings that you must configure for an E1, T1, or serial interface that uses Frame Relay.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Interface Command Description Page Configuration Mode Context frame-relay • frame-relay interface-dlci • defines the DLCI for the PVC 6-28 subinterface • ip address
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface To configure the signaling role, enter the following command from the Frame Relay interface configuration mode context: Syntax: frame-relay intf-type [dte | dce | nni] Define the Frame Relay Signaling Type You must configure the Frame Relay interface to use the same signaling type that your Frame Relay service provider uses.
Page 279
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Table 6-6 lists the Frame Relay counters, the possible settings, and the polls that each one controls. Table 6-6. Frame Relay Counters Frame Relay Counter Possible Default Description...
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Create the Frame Relay Subinterface You must create a Frame Relay subinterface for each PVC that you want to establish through this Frame Relay interface. To create a Frame Relay sub- interface, enter the following command from the global configuration context or from the Frame Relay interface configuration mode context: Syntax: interface frame-relay ...
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface For example, if the Frame Relay service provider assigned your company a DLCI of 16, enter: ProCurve(config-fr 1.16)# frame-relay interface-dlci 16 Configure the IP Address for the WAN Connection You configure the IP address for the WAN connection on the Frame Relay subinterface, rather than on the physical interface or the Frame Relay inter- face.
Page 282
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Table 6-7. Default Settings for the DHCP Client Option Default Setting client-id configures the client identifier displayed in the DHCP media type and interface’s MAC address server’s table hostname configures the hostname displayed in the DHCP...
Page 283
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Configuring a Client Identifier. By default, the Secure Router OS popu- lates the client identifier with the media type and the interface’s media access control (MAC) address.
Page 284
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface For example, if you do not want the DHCP client to use the default route and name server settings that it receives from the DHCP server, enter: ProCurve(config-fr 1.1)# ip address dhcp no-default-route no-nameservers Changing a Setting for the DHCP Client.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface unnumbered interface that takes its IP address from the Ethernet 0/1 interface. If the Ethernet 0/1 interface goes down, the Frame Relay 1.16 subinterface will be unavailable as well.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface The CIR is calculated from the B , which is the maximum number of bits that the Frame Relay carrier guarantees to forward during a certain interval of time (T).
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Replace with a burst rate, expressed in bits. You can set a B between 0 and 4,294,967,294 bps. For example, you might enter: ProCurve(config-fr 1.1)# frame-relay be 64000 Discard Eligible (DE) Bit.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface For example, if you want to bind the E1 1/1 interface to the Frame Relay 1 interface, enter: ProCurve(config)# bind 1 e1 1/1 1 fr 1 N o t e You bind the physical interface to the Frame Relay interface (not to the subinterface).
Page 289
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Set the MTU. The MTU defines the largest size that a frame can be before it must be fragmented. The MTU size on the Frame Relay subinterface should match the MTU used by the remote router and the intervening network devices.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface This command displays the running-config settings for only the Frame Relay 1.16 subinterface, as shown below: interface fr 1.16 frame-relay interface-dlci 16 description WAN link to London office ip address 192.168.1.1 255.255.255.0 no shutdown Settings Explained in Other Chapters...
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Configuring HDLC as the Data Link Layer Protocol One of the oldest Data Link Layer protocols for a WAN, HDLC actually predates the PC. Although it was developed for a mainframe environment, which includes primary and secondary devices, HDLC has been updated for use in the PC environment.
Page 292
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface The router prompt indicates that you have entered the appropriate interface configuration mode context: ProCurve(config-hdlc 1)# From this configuration mode context, you can enter the help command to display the commands available from this configuration mode context.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Interface Command Explanation Page Configuration Mode Context hdlc • no shutdown • activates the interface 6-41 • ip address
Page 294
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface You can replace with the complete subnet mask, or you can replace with the CIDR notation. For example, you might enter: ProCurve(config-hdlc 1)# ip address 10.1.1.1 /24 Configure the HDLC Interface as an Unnumbered Interface.
Page 295
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface For example, you would enter the following commands to configure a loop- back interface and then configure the HDLC 1 interface to use the IP address assigned to that loopback interface: ProCurve(config)# interface loopback 1 ProCurve(config-loop 1)# ip address 192.168.5.1 /24...
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface For example, if you want to bind the T1 2/1 interface to the HDLC 1 interface, enter: ProCurve(config)# bind 1 t1 2/1 hdlc 1 If you want to bind the serial interface to the HDLC interface, enter: ProCurve(config)# bind 1 serial 1/1 hdlc 1 N o t e...
Page 297
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface N o t e If you have enabled Open Shortest Path First (OSPF) routing on the ProCurve Secure Router, you should take special care when setting the MTU. OSPF routers cannot become adjacent if their MTU sizes do not match.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Example Networks Settings Explained in Other Chapters In addition to configuring these settings for an HDLC interface, you can: assign ACPs or ACLs to control access to the HDLC interface enable bridging assign crypto maps to enable VPNs configure settings for routing protocols...
Page 299
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Example Networks Finally, the company set up an Asymmetric Digital Subscriber (ADSL) line to a local Internet Service Provider (ISP). Through this connection, the com- pany’s employees can access the Internet. (For information about ADSL, see Chapter 7: ADSL WAN Connections.) Paris E1 with...
Page 300
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Example Networks interface e1 1/1 tdm-group 1 timeslots 1-31 speed 64 no shutdown interface e1 1/2 clock source through tdm-group 1 timeslots 1-31 speed 64 no shutdown interface fr 1 point-to-point frame-relay intf-type dte frame-relay lmi-type q933a no shutdown...
Page 301
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Example Networks To connect the Atlanta office to the London office, the company chose Frame Relay, which allows them to cross country borders at a more affordable cost than dedicated T1-and E1-carrier lines.
Page 302
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Example Networks interface t1 1/1 lbo short 550 tdm-group 1 timeslots 1-24 speed 64 no shutdown interface t1 1/2 clock source through lbo short 550 tdm-group 1 timeslots 1-24 speed 64 no shutdown interface fr 1 point-to-point frame-relay intf-type dte...
Page 303
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Example Networks You would configure Local as follows: Access the PPP interface configuration mode context: Local(config)# interface ppp 1 Configure the router to authenticate Remote with PAP: Local(config-ppp 1)# ppp authentication pap Set Remote’s username and password: Local(config-ppp 1)# username Remote password YYY Set the router’s own PAP username and password:...
Page 304
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Example Networks Remote would be configured as follows: Remote(config)# interface ppp 1 Remote(config-ppp 1)# ppp chap password YYY Example 5: CHAP Authentication to an ISP. In this example, the ISP has provided an ID (ID-GIVEN-BY-ISP) and password (PWD-GIVEN-BY-ISP) to be used when authenticating through CHAP.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Checking the Status of Logical Interfaces Checking the Status of Logical Interfaces After you configure the physical and logical interfaces and bind them together, the ProCurve Secure Router should be able to exchange data with the device at the other end of the WAN connection.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Checking the Status of Logical Interfaces ppp 1 is UP Status of interface Configuration: Keep-alive is set (10 sec.) No multilink No authentication is configured MTU = 1492 No authentication IP is configured IP address...
Page 307
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Checking the Status of Logical Interfaces Viewing the Status of Frame Relay Interfaces and Subinterfaces For Frame Relay, you can view the status of both the interface and the subinterface.
Page 308
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Checking the Status of Logical Interfaces ------------------------------------------------------------------- fr 1 is UP Configuration: Signaling type is ANSI, signaling role is USER Multilink disabled Polling interval is 10 seconds, full inquiry interval is 6 polling intervals Link information: 5 minute input rate 24 bits/sec, 0 packets/sec 5 minute output rate 8 bits/sec, 0 packets/sec...
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Checking the Status of Logical Interfaces Viewing the Status of HDLC Interfaces To view information about the HDLC interface, enter the following command from the enable mode context: Syntax: show interface hdlc ...
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces Troubleshooting Logical Interfaces If the physical interface is up but the logical interface is not, the steps you take to troubleshoot the problem vary, depending on the Data Link Layer protocol you are using.
Page 311
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces ppp 2 is DOWN Configuration: Keep-alive is set (10 sec.) No multilink MTU = 1500 No authentication IP is configured 15.1.1.1 255.0.0.0 Link thru ser 2/1 is DOWN; LCP state is INITIAL Receive: bytes=0, pkts=0, errors=0 Transmit: bytes=0, pkts=0, errors=0 5 minute input rate 0 bits/sec, 0 packets/sec...
Page 312
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces If the LCP status is not opened, you may need to double-check your configu- ration settings with your public carrier. For example, the carrier may have allocated a different number of DS0 channels to the physical line.
Page 313
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces N o t e Debug commands are processor intensive. Table 6-12 lists the debug commands you can use to monitor PPP interfaces. Table 6-12. Debug commands for PPP Interfaces Command Explanation debug ppp verbose...
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces 2005.08.12 17:51:01 PPP.NEGOTIATION PPPrx[e1 1/1] LCP: Conf-Ack ID=33 Len=16 ACCM(00000000) MAGIC(d418e92e) 2005.08.12 17:51:02 PPP.NEGOTIATION PPPrx[e1 1/1] LCP: Conf-Req ID=188 Len=16 ACCM(00000000) MAGIC(2656e0ba) 2005.08.12 17:51:02 PPP.NEGOTIATION PPPtx[e1 1/1] LCP: Conf-Ack ID=188 Len=16 ACCM(00000000) MAGIC(2656e0ba) 2005.08.12 17:51:02 PPP.NEGOTIATION PPPFSM: layer up, Protocol=c021...
Page 315
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces ProCurve# debug ppp authentication The local router is 2005.07.08 09:03:44 PPP.AUTHENTICATION PPPtx[t1 1/1] PAP: Authen-Req attempting to ID=1 Len=10 PeerID(Local) Password() authenticate 2005.07.08 09:03:44 PPP.AUTHENTICATION PPPrx[t1 1/1] PAP: Authen-Nak itself.
Page 316
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces When a peer successfully authenticates itself, the authenticator returns an Authen-Ack: 2005.07.08 09:05:08 PPP.AUTHENTICATION PPPtx[t1 1/1] PAP: Authen-Ack ID=1 Len=10 Message(Hello) N o t e Usernames and passwords are case-sensitive.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces Incompatible Authentication Protocols. If you do not receive any PPP authentication debug messages at all, the local and remote routers may be requesting different authentication protocols. In this case, the LCP state will not come up because the peers cannot negotiate the authentication option.
Page 318
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces If the interface is administratively down, you need to activate it. From the Frame Relay interface configuration mode context, enter no shutdown. If the interface is down, check your configuration and ensure that you are using the same Frame Relay signaling type as your Frame Relay carrier.
Page 319
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces “Num Update Status Rcvd” indicates the number of full status reports the interface has received. By default, the interface receives one full status report every six polls, or one every 60 seconds. “Num Status Timeouts”...
Page 320
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces Table 6-14. Status of the PVC Status of the PVC Explanation active The PVC is functional, end-to-end, from the local router to the switch and then to the far-end router inactive The PVC is functional from the router to the Frame Relay switch.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces The CLI displays events dealing with the establishment and negotiation of connec- tion as they occur. You can then determine when and why problems occur. LMI statistics report on the LMI messages that are exchanged between the Frame Relay DTE and the DCE.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Quick Start To disable the hdlc debug messages, enter one of the following commands from the enable mode context: ProCurve# no debug hdlc [errors | verbose] ProCurve# undebug all Quick Start After you configure the physical connection—the E1, T1, or serial interface—...
Page 323
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Quick Start Set a static IP address. Syntax: ip address For example, you might enter: ProCurve(config-ppp 1)# ip address 10.1.1.1 /24 Activate the PPP interface ProCurve(config-ppp 1)# no shutdown Bind the physical interface to the logical interface.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Quick Start Parameter Your Setting Are you authenticating to the peer? Yes/No local router’s username local router’s password Requiring the Peer to Authenticate Itself Move to the PPP interface for the connection whose endpoint you want to authenticate.
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Quick Start For CHAP, enter a username only if it is different from the router’s hostname: Syntax: ppp chap hostname For example, you might enter: ProCurve(config-ppp 1)# ppp chap hostname ProCurveA Frame Relay Before you begin to configure the Frame Relay interface, you should know the settings that you must enter for the following:...
Page 326
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Quick Start Define the signaling role for the Frame Relay interface. The default setting is dte, or user. Syntax: frame-relay intf-type [dce | dte | nni] ProCurve(config-fr 1)# frame-relay intf-type dte Define the signaling type (the LMI).
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Quick Start N o t e Together, the frame-relay bc command and the frame-relay be command define the amount of bandwidth you can use on the Frame Relay link. The sum of the values you specify for these two settings should be greater than 8000.
Page 328
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Quick Start Bind the physical interface—the E1, T1, or serial interface—to the logical interface. Syntax: bind / [] For example, to bind the E1 1/1 interface to the HDLC 1 interface, enter: ProCurve(config-hdlc 1)# bind 1 e1 1/1 1 hdlc 1 To bind the serial 1/1 interface to the HDLC 1 interface, enter: ProCurve(config-hdlc 1)# bind 1 ser 1/1 hdlc 1...
ADSL WAN Connections ADSL Overview ADSL Overview Digital Subscriber Line (DSL) technologies provide high-speed wide area network (WAN) connections—typically for a lower cost than older WAN technologies such as E1- or T1-carrier lines. A variety of DSL technologies have been developed, and these technologies are sometimes collectively referred to as x-type DSL, or xDSL.
ADSL WAN Connections ADSL Overview With asymmetric DSL technologies, the transmission speed for downstream is higher than the transmission speed for upstream. This makes asymmetric DSL technologies ideal for Internet use because users typically download more data from the Internet than they upload. Asymmetric DSL technologies are also well-suited for video-on-demand or high-definition television (HDTV).
ADSL WAN Connections ADSL Overview READSL: Supporting Greater Distances To make ADSL available to more customers, reach extended ADSL2 (READSL) was developed to support greater distances between a customer’s premises and the public carrier’s CO. (READSL is an ADSL2 or ADSL2+ technology, which is sometimes called READSL and sometimes called READSL2.) According to CommsDesign.com, READSL extends the reach of ADSL “up to 2500 ft., allowing ADSL systems to reach as far as 20,000 ft.”...
ADSL WAN Connections ADSL Overview When you configure an ADSL connection, you must configure both the Phys- ical Layer and the Data Link Layer (which is also called the Logical Layer). The Physical Layer is, of course, ADSL. The Data Link Layer protocol is Asynchronous Transfer Mode (ATM).
ADSL WAN Connections ADSL Overview Customer’s Premises Central Office Regional broadband network Other Local DSLAMs loop DSLAM Broadband WAN router switch (ATM) Broadband access server Internet Internet core router Figure 7-4. ADSL Connection to the Internet Moving high-speed WAN connections onto a separate network infrastructure alleviates a serious problem for most public carriers: congestion in the tradi- tional public carrier network.
ADSL WAN Connections ADSL Overview Customers who have ISDN equipment such as telephones and fax machines can continue using this equipment while moving their Internet or WAN con- nection to ADSL. Support for ISDN is called ADSL over ISDN, or ADSL Annex B, and is common in countries such as Germany where ISDN is popular.
ADSL WAN Connections ADSL Overview To separate the ISDN data from the ADSL data, an ISDN splitter is installed at both the customer’s premises and the CO. This splitter ensures that each type of traffic is transmitted to the appropriate device at each location. (See Figure 7-6.) Customer’s Premises Central Office...
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router ADSL Modules for the ProCurve Secure Router ProCurve Networking offers two ADSL modules: ADSL2+ Annex A module for ADSL over POTS ADSL2+ Annex B module for ADSL over ISDN ADSL2+ Annex A modules are used primarily in the United States and Canada. ADSL2+ Annex B modules are used in Europe, South America, Asia (except Japan), and Australia.
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Configuring the ADSL Interface: the Physical Layer To connect the ADSL interface on the front panel of the ProCurve Secure Router to the wall jack provided by your service provider, you use unshielded twisted pair (UTP) ribbon cable with RJ-11 connectors.
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Activating the ADSL Interface By default, all interfaces on the ProCurve Secure Router are shutdown. You must activate the ADSL interface. From the ADSL interface configuration mode context, enter: ProCurve(config-adsl 1/1)# no shutdown A message is displayed at the CLI, indicating that the interface is now admin- istratively up.
Page 342
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Table 7-3. Training Modes Supported by the ProCurve Secure Router Command Option Standard Description training-mode ADSL2 ITU G.922.3 ADSL2 Trains the interface for the ADSL2 (G.dmt.bis) transmission rate. This mode requires a splitter at both the user’s and the public carrier’s premises to divide traffic between voice and...
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Table 7-4. Training Modes Supported by the ProCurve Secure Router Command Option ADSL2+ Annex A ADSL2+ Annex B training-mode ADSL2 training-mode ADSL2+ training-mode G.DMT training-mode G.LITE training-mode Multi-Mode training-mode READSL2 training-mode T1.413 To define the training mode, enter the following command from the ADSL interface configuration mode context.
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Determining the minimum SNR margin is a compromise: the higher the SNR margin, the slower the transmission rate. However, if you set the SNR margin too low, the line may go down, or your data may be garbled. To set the SNR margin, enter the following command from the ADSL config- uration mode context: Syntax: snr-margin ...
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Configuring the Data Link Layer for the ADSL Connection You can configure the ADSL line with ATM as the Data Link Layer, or you can configure ADSL with either PPPoE or PPPoA. No matter which option you use, however, your configuration will include ATM, and you will need to configure both an ATM interface and an ATM subinterface.
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Configuring a Subinterface for each PVC You must configure an ATM subinterface to define the endpoint of the ADSL connection. By default, each ATM interface supports up to 16 permanent virtual circuits (PVCs), so you can create a maximum of 16 subinterfaces on each ATM interface.
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Activating the ATM Subinterface By default, all subinterfaces on the ProCurve Secure Router are shut down. You must activate the ATM subinterface. From the ATM interface configura- tion mode context, enter: ProCurve(config-atm 1.1)# no shutdown Configuring the VPI/VCI ATM networks are fundamentally connection-oriented, which means that a...
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router For example, to assign the ATM subinterface a VPI/VCI of 0/33, enter: ProCurve(config-atm 1.1)# pvc 0/33 Defining the ATM Encapsulation The ATM Data Link Layer for the ADSL connection includes these sublayers: the ATM adaptation layer (AAL), which is called Layer 2-1 the point-to-point layer, which is referred to as Layer 2-2 You must configure the adaptation layer by specifying an encapsulation type.
Page 349
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router If you are configuring the IP address on the ATM subinterface, you can configure: a static IP address the ATM subinterface as a DHCP client the ATM subinterface as an unnumbered interface Configuring a Static Address.
Page 350
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Table 7-5. Default Settings for the DHCP Client Option Meaning Default Setting client-id configures the client identifier displayed for this media type and interface’s MAC address interface in the DHCP server’s table hostname configures the hostname displayed for this interface router hostname...
Page 351
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router N o t e The do command allows you to enter enable mode commands from any context (except the basic mode context). Configuring a Client Identifier. By default, the Secure Router OS populates the client identifier with the media type and the interface’s media access control (MAC) address.
Page 352
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Overriding Settings Received from the DHCP Server. If the DHCP server is configured to provide a default route, a domain name, or the IP address of a domain name system (DNS) server, the DHCP client for the ATM subinterface will accept and use these settings.
Page 353
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router You can configure the ATM subinterface as an unnumbered interface. The ATM subinterface will then use the IP address of the interface you specify. The Secure Router OS uses the IP address of the specified interface when sending routing updates over the unnumbered interface.
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router N o t e You do not have to enter no shutdown to activate a loopback interface. The status of a loopback interface automatically changes to up after you enter the interface loopback ...
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router For example, to configure the Secure Router OS to wait 4 seconds between transmitting OAM loopback cells, enter: ProCurve(config-atm 1.1)# oam-pvc managed 4 Bind the ADSL Interface to the ATM Interface When you configure WAN connections on the ProCurve Secure Router, you must bind the physical interface to the logical interface.
ADSL WAN Connections PPPoE Overview Customer’s Premises Central Office Regional broadband network Other Local DSLAMs loop DSLAM Broadband Router Splitter Splitter switch (ATM) Negotiates PPPoE session Access with access concentrator concentrator Negotiates PPPoE session with router Figure 7-8. Access Concentrator for PPPoE Access Two Phases for Establishing a PPPoE Session To establish a PPPoE session, the client and the access concentrator must successfully complete two phases:...
Page 358
ADSL WAN Connections PPPoE Overview Discovery Stage Goal: Learn session ID and peer’s Ethernet MAC address 1. PPPoE client broadcasts a PADI (initiation) frame 2. Access concentrator sends a PADO (offer) frame Access concentrator Router 3. PPPoE client sends a PADR (request) frame 4.
Page 359
ADSL WAN Connections PPPoE Overview Step 4. When the access concentrator receives the PADR frame, it checks the service name tag. If it accepts the service name tag, the access concentrator generates a unique session ID. It includes this ID and the service name tag in a PPPoE Active Discovery Session-confirmation (PADS) frame and sends this frame to the PPPoE client.
ADSL WAN Connections PPPoE Overview Step 3. The devices use network control protocol (NCP) frames to enable the exchange of Network Layer protocols, such as IP, across the link. Step 4. The devices use PPP frames to transmit the actual data. (For more information about establishing a PPP session, see Chapter 6: Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces.) During the process of establishing a PPP session, the devices will also nego-...
ADSL WAN Connections PPPoE Overview Assigning an IP Address Because you are configuring a PPP interface on top of the ATM subinterface, the PPP interface handles the IP address. Rather than configuring an IP address on the ATM subinterface, you configure the IP address on the PPP interface.
ADSL WAN Connections PPPoE Overview You can enter the show running-config command from the enable mode context to ensure that you have entered the two bind commands that are required for an ADSL connection that uses PPPoE. Figure 7-11 shows a sample running-config for an ADSL interface, ATM interface, ATM subinterface, and PPP interface.
ADSL WAN Connections PPPoA Overview If you do not include this field, any access concentrator is acceptable. By default, no access concentrator is specified. Identifying PPPoE Services You can also control which PPPoE session offer the Secure Router OS accepts by specifying the PPPoE services that are required.
Page 364
ADSL WAN Connections PPPoA Overview 1. Link establishment Access 2. Authentication (optional) concentrator PAP, CHAP, or EAP Router 3. Negotiation of network layer protocols NCP: IPCP, BCP, IPXCP, and so on 4. Session established Figure 7-12. Establishing a PPP Session Step One.
ADSL WAN Connections PPPoA Overview Creating the PPP Interface To configure PPPoA, you configure the ADSL interface, the ATM interface, and the ATM subinterface. (These instructions begin with “Configuring the ADSL Interface: the Physical Layer” on page 7-12.) When configuring the ATM subinterface, you must set the encapsulation to aal5snap or aal5mux ppp, as shown below: Syntax: encapsulation aal5snap...
Page 366
ADSL WAN Connections PPPoA Overview If you need to configure authentication protocols for the connection, see “PPP Authentication” on page 6-71 in Chapter 6: Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces. Binding the ATM Subinterface to the PPP Interface To finish defining the point-to-point layer for the ADSL connection, you must bind the ATM subinterface to the PPP interface.
ADSL WAN Connections Routed Bridged Encapsulation Routed Bridged Encapsulation Some DSLAMs use routed bridged encapsulation (RBE) to route IP over bridged Ethernet traffic. RBE is sometimes referred to as “half bridging,” because it provides some of the advantages of bridging combined with some of the advantages of routing.
Page 368
ADSL WAN Connections Routed Bridged Encapsulation Central Office Customer’s Premises Regional broadband network Other Local DSLAMs loop DSLAM Broadband Router Splitter Splitter switch (ATM) Aggregation device Establishes Ethernet bridge with ProCurve Secure Router Figure 7-14. RBE Environment To configure RBE, complete the steps for configuring the ADSL interfaces as explained in “Configuring the ADSL Interface: the Physical Layer”...
ADSL WAN Connections Viewing the Status and Configuration of Interfaces Viewing the Status and Configuration of Interfaces You can view information about all of the interfaces that are used to create the ADSL connection. Viewing the Status of the ADSL Interface To view the status of the ADSL interface, enter: Syntax: show interfaces adsl /...
Page 370
ADSL WAN Connections Viewing the Status and Configuration of Interfaces !adsl 2/1 is UP, line protocol is UP Status of physical and logical Link Status Up G.DMT interface Line Type Fast Training mode used Line Length 933 ft Actual downstream Downstream Upstream and upstream rates...
Page 371
ADSL WAN Connections Viewing the Status and Configuration of Interfaces Next, the output from the show interfaces adsl command displays the downstream and upstream transmission rates for the connection. This section of the output also reports the attenuation on the line and any framing, signaling, and power losses, as well as error seconds.
ADSL WAN Connections Viewing the Status and Configuration of Interfaces interface adsl 2/1 Displays all the settings for the description "" interface, including defaults alias "" snr-margin 5 training-mode Multi-Mode no shutdown Figure 7-18. show running-config interface adsl verbose Command Viewing the Status of the ATM Interface and Subinterface To view the status of the ATM interface, enter the following command from the enable mode context:...
Page 373
ADSL WAN Connections Viewing the Status and Configuration of Interfaces Replace with the unique number and subinterface number that you assigned the ATM interface. For the ATM 1.1 subinterface, enter: ProCurve# show interfaces atm 1.1 Figure 7-20 shows the output from this command for a sample network. As you can see, this command displays the status of the interface and settings such as the ATM encapsulation, the IP address, and the MTU size.
ADSL WAN Connections Troubleshooting the ADSL Connection Troubleshooting the ADSL Connection When troubleshooting WAN connections, you should try to isolate the prob- lem and determine if the problem is occurring on the physical interface or the logical interface. With an ADSL WAN connection, you should begin trouble- shooting the ADSL interface.
ADSL WAN Connections Troubleshooting the ADSL Connection adsl 2/1 is DOWN, line protocol is DOWN Link Status Training UNKNOWN Line Type The training mode does not Line Length 0 ft match the training mode used by the DSLAM Downstream Upstream Line Rate 0 kbps 0 kbps...
ADSL WAN Connections Troubleshooting the ADSL Connection Figure 7-22 shows the debug commands for a connection that was established successfully. 2005.08.09 19:02:40 ADSL.EVENTS Current DSL state: ATU_RIDLE 2005.08.09 19:02:40 INTERFACE_STATUS.adsl 2/1 changed state to down 2005.08.09 19:02:54 ADSL.EVENTS Current DSL state: GDMT_NEGO Negotiating to use the 2005.08.09 19:02:54 ADSL.EVENTS Current DSL state:...
ADSL WAN Connections Troubleshooting the ADSL Connection The output from this command shows the status of the logical interface as well as the information shown in Table 7-7. Table 7-7. Information Displayed by the show interfaces atm Command Information Meaning ...
ADSL WAN Connections Troubleshooting the ADSL Connection Syntax: debug atm oam [loopback {end-to- end | segment} {}] Replace with the subinterface ID for the PVC. This command displays the OAM frames for a specific PVC. Include the loopback option to configure an OAM loopback.
ADSL WAN Connections Troubleshooting the ADSL Connection For example, if the PPPoE client keeps sending PADI frames but does not receive any PADO frames, you know that for some reason the access concen- trator is not responding. If the ADSL interface, the ATM interface, and the ATM subinterface are up, you should call your service provider and report the problem.
ADSL WAN Connections Troubleshooting the ADSL Connection Figure 7-24 shows the output from this command. ppp 1 Outgoing Interface: eth 0/1 Outgoing Interface MAC Address: 00:A0:C8:00:85:20 Access-Concentrator Name Requested: FIRST VALID Access-Concentrator Name Received: 13021109813703-LRVLGSROS20W_IFITL Access-Concentrator MAC Address: 00:10:67:00:1D:B8 Session Id: 64508 Service Name Requested: ANY Service Name Available: PPPoE Client State: Bound (3)
Page 381
ADSL WAN Connections Troubleshooting the ADSL Connection When you view the status of the PPP interface, you must ensure that both the interface and the Network Layer protocol are up. For example, Figure 7-25 shows a PPP interface that is up. However, the user cannot send traffic over the link.
ADSL WAN Connections Quick Start Quick Start This section provides the commands you will need to quickly configure an Asymmetric Digital Subscriber Line (ADSL) WAN connection on the ProCurve Secure Router. Only a minimal explanation is provided. If you need additional information about any of these options, see “Contents” on page 7-1 to locate the section and page number that contains the explana- tion you need.
Page 383
ADSL WAN Connections Quick Start Access the ADSL interface configuration mode context. Syntax: interface adsl /1 For example, if the ADSL module is in slot two, enter: ProCurve(config)# interface adsl 2/1 Activate the interface. ProCurve(config-adsl 2/1)# no shutdown Set the SNR margin. Syntax: snr-margin ...
ADSL WAN Connections Quick Start Table 7-9. Training Modes Supported by the ProCurve Secure Router Command Option ADSL2+ Annex A ADSL2+ Annex B training-mode ADSL2 training-mode ADSL2+ training-mode G.DMT training-mode G.LITE training-mode Multi-Mode training-mode READSL2 training-mode T1.413 Configure the Data Link Layer: the ATM Interface and Subinterface Before you configure the Data Link Layer for the ADSL connection, you must know the settings that you should enter for the following:...
Page 385
ADSL WAN Connections Quick Start Replace with atm, and replace with a unique number for this ADSL connection. For example, to create ATM 1 interface, enter: ProCurve(config)# interface atm 1 Activate the interface. ProCurve(config-atm 1)# no shutdown Create a subinterface for each permanent virtual circuit (PVC). ATM interfaces on the ProCurve Secure Router can support up to 16 PVCs.
ADSL WAN Connections Quick Start N o t e The do command allows you to enter enable mode commands (such as show commands) from any context (except the basic mode context). Configure RBE Your ADSL service provider may ask you to configure the ATM subinterface to use routed RBE, which routes IP over bridged Ethernet traffic.
ADSL WAN Connections Quick Start Configure PPPoE If your service provider wants you to configure PPPoE for your ADSL connec- tion, complete these steps: Create the ATM interface. Syntax: interface atm ProCurve(config)# interface atm 1 Activate the interface. ProCurve(config-atm 1)# no shutdown Create a subinterface for each PVC.
Page 388
ADSL WAN Connections Quick Start N o t e The do command allows you to enter enable mode commands (such as show commands) from any context (except the basic mode context). Create the PPP interface. Syntax: interface ppp ProCurve(config)# interface ppp 1 Configure a static IP address or configure the interface to negotiate the IP address with the service provider’s router.
ADSL WAN Connections Quick Start interface adsl 2/1 snr-margin 6 no shutdown interface atm 1 point-to-point no shutdown bind 3 adsl 2/1 atm 1 Bind the ADSL interface to the ATM interface interface atm 1.1 point-to-point no shutdown pvc 0/35 interface ppp 3 ip address 10.1.1.1...
Page 390
ADSL WAN Connections Quick Start Define the ATM encapsulation. For PPPoA, you must set the encapsula- tion at aal5snap or aal5mux ppp. The default setting is aal5snap. Syntax: encapsulation aal5snap Syntax: encapsulation aal5mux [ip | ppp] For example, to use aal5snap, enter: ProCurve(config-atm 1.1)# encapsulation aal5snap Bind the physical interface—the ADSL interface—to the logical interface.
Page 391
ADSL WAN Connections Quick Start View the running-config to ensure that you have entered two bind com- mands: one to bind the ADSL interface to the ATM interface and one to bind the ATM subinterface to the PPP interface. (See Figure 7-28.) Enter: ProCurve(config-ppp 1)# do show running-config interface adsl 2/1 snr-margin 5...
Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections Overview of ISDN Connections Integrated Services Digital Network (ISDN) connections are point-to-point dial-up connections that can handle both voice and data over a single line. ISDN provides WAN connections at a lower cost than dedicated WAN connec- tions such as E1- or T1-carrier lines.
Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections Elements of an ISDN Connection All WAN connections, including ISDN lines, consist of three basic elements: the physical transmission media, such as the cabling, switches, routers, and other infrastructure required to create and maintain the connection electrical signaling specifications for generating, transmitting, and receiv- ing signals through the various transmission media Data Link Layer protocols, which provide logical flow control for trans-...
Page 398
Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections Because public carrier networks were originally designed to carry analog voice calls, copper wire is the most common physical transmission medium used on the local loop. Copper wire has a limited signal-carrying capacity, making local loops that use copper wire the slowest, least capable component of a WAN connection.
Page 399
Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections In addition to wire and the demarc, the local loop for an ISDN connection includes: ISDN switch—At the public carrier’s CO, the ISDN switch multiplexes and de-multiplexes channels on the twisted pair wiring of the local loop. It provides the physical and electrical termination for the ISDN line and then forwards the data onto the public carrier’s network.
Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections ISDN Interfaces: Connecting Equipment to the ISDN Network ISDN supports both RJ-11 and RJ-45 connectors. Public carriers typically install an RJ-45 jack to connect the subscriber’s premises to the local loop. You can add equipment at four interface points on the subscriber’s side of an ISDN network: U interface...
Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections R Interface. The R interface is used to connect a TE2 device to the TA. Because there are no standards for the R interface, the vendor providing the TA determines how the TA connects to and interacts with the TE2. Line Coding for ISDN BRI Connections To provide higher transmission rates on ordinary telephone wire, ISDN BRI uses a compressed encoding scheme called 2B1Q.
Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections ISDN also supports the following B-channel Data Link Layer protocols: Point-to-Point (PPP) High-Level Data Link Control (HDLC) Frame Relay LAPD LAPD establishes the ISDN connection between two endpoints. Exchanged over the D channel, LAPD frames provide the addressing for the dial-up connection, including the service access point identifier (SAPI) and the ter- minal endpoint identifier (TEI).
Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections In the second octet, the first seven bits designate the connection’s TEI. TEIs can be assigned statically or dynamically. A statically assigned TEI will have a value between 0 to 63; dynamically assigned TEI range from 64 to 126. A value of 127 designates a broadcast connection meant for all TEs.
Page 404
Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections Caller ISDN Receiver Switch Setup pick up and dial Call Process Setup Alerting Phone rings Alerting Connect pick up the phone Connect Connect_ack Connect_ack Connected Figure 8-4. ISDN Call Setup Process Placing a Call.
Configuring Demand Routing for Primary ISDN Modules ProCurve Secure Router ISDN Modules The receiver gets the SETUP. If the receiver is available and ready, it rings the phone and sends an ALERTING message to the switch. The switch forwards the ALERTING to the caller. The receiving ISDN modem sends a CONNECT message to the switch.
Page 406
Configuring Demand Routing for Primary ISDN Modules ProCurve Secure Router ISDN Modules Table 8-2. Differences Between Primary and Backup ISDN Modules ISDN Module Hardware Applications Activation Method Increasing Bandwidth Requirements primary uses one narrow primary or backup WAN established only when supports Multilink PPP slot on the connection between two...
Configuring Demand Routing for Primary ISDN Modules ProCurve Secure Router ISDN Modules Primary ISDN Modules For primary WAN connections, ProCurve Networking currently offers two types of modules: ISDN BRI U module—used in the United States and Canada ISDN BRI S/T module—used in all other countries Both of these ISDN modules support the following standards: National ISDN-1—Defined in the mid 1990s by the National Institute of Standards and Technology (NIS) and Bellcore (now called Telcordia),...
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections To configure demand routing for a primary ISDN module, you must complete the following steps: Create an extended access control list (ACL) to define the traffic that will trigger the dial-up connection.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections To define the interesting traffic, you create an extended ACL. The ProCurve Secure Router will use this ACL to identify and select traffic that triggers a dial-up connection. From the global configuration mode context, enter: Syntax: ip access-list extended ...
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections For demand routing, you might want to create an ACL that selects all of the traffic to a particular subnet. In this case, you should specify ip as the protocol. Defining the Source and Destination Addresses When you create an extended ACL, you must configure both a source and a destination address for each entry.
Page 413
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Router OS should match the corresponding bit in the IP address. You use a 1 to indicate that the Secure Router OS should ignore the corresponding bit in the IP address.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Exit the ACL. After you have finished creating the ACL, enter exit to return to the global configuration mode context, as shown below: ProCurve(config-ext-nacl)# exit ProCurve(config)# After you create the ACL, you must apply it to the demand interface. In fact, the ACL will have no effect until you apply it to the demand interface.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections When the ProCurve Secure Router detects traffic that must be routed through a demand interface, it processes the extended ACL applied to the demand interface to define the interesting traffic. If the traffic matches that ACL, the router attempts to establish the ISDN connection.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Like loopback interfaces, demand interfaces do not have to be activated. That is, you do not have to enter no shutdown. After you create the demand interface, its status automatically changes to administratively up. The demand interface will begin spoofing an up status after you configure an IP address for it.
Page 417
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Configure the Demand Interface as an Unnumbered Interface. To conserve IP addresses on your network, you may want to create the demand interface as an unnumbered interface. When you assign a logical interface on the router an IP address, that IP address cannot overlap with the IP addresses assigned to other logical interfaces.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections To view the routing table, enter: ProCurve(config-demand 1)# do show ip route Figure 8-8 shows a routing table that includes demand interface 1, a directly connected interface. 10.2.2.0/30 is directly connected, ppp 1 10.3.3.0/30 is directly connected, demand 1 192.168.20.0/24 is directly connected, eth 0/1...
Page 419
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections If you include the in option when you enter the match-interesting command, the ProCurve Secure Router will check only the traffic received on the demand interface. If you include the out option, the router will check only the traffic transmitted from the interface.
Page 420
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections You can apply an access control policy (ACP) to the demand interface. ACPs control incoming traffic and can contain multiple ACLs. You use the ip access-group command to apply ACLs directly to the demand interface, or you use the access-policy command to apply an ACP to the demand interface.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections the packet. However, the router will reset the dial-up connection’s idle timer only if the packet also matches the ACL specified with the match-interesting reverse list command. Specifying the connect-mode Option You can control whether the demand interface can be used to originate a call, answer a call, or both.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections N o t e Currently, it is not possible to have outbound traffic that will originate a call but not keep the link up. Because the match-interesting command controls both the traffic that triggers a connection and the traffic that resets the idle timer, any outbound interesting traffic that initiates a connection also keep the link up.
Page 423
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections You can configure more than one connect sequence for a demand interface. For example, you may want to configure more than one connect sequence if the main office has more than on ISDN line. Then, if one ISDN line is in use, the ProCurve Secure Router can dial another line to establish a connection.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Specifying the busyout-threshold is optional. Include a value to specify the maximum number of times the ProCurve Secure Router will try this connect sequence in a single call attempt. If you specify 0, the ProCurve Secure Router will make an unlimited number of attempts.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Returning to the Default Connect Sequence Processing Order. To return the connect-order command to its default setting of sequential, enter: ProCurve(config-demand 1)# no connect-order Configure the Number of Connect Sequence Attempts You can limit the number of times that the ProCurve Secure Router processes the connect sequences configured for a demand interface if it is unable to establish a connection.
Page 426
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections available. If a BRI interface becomes available, the ProCurve Secure Router uses that interface to dial a connect-sequence. At the same time, the router cancels the fast-idle mode for the resource pool. (For more information about fast-idle mode, see “Configuring the fast-idle Option”...
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Replace with the number of seconds you want the demand interface to wait between connect sequence attempts. You can specify a number between 1 and 65535. The default setting is 120 seconds. Replace ...
Page 428
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Processing connect-sequences 1. Check connect-order. 2. Process connect-sequence 2, based on connect-order. connect-order sequential connect-sequence 10 dial-string 5551212 forced-ISDN-64k busyout-threshold 3 connect-sequence 20 dial-string 5552222 forced-ISDN-64k busyout-threshold 1 3.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections If the ProCurve Secure Router processes all of the connect sequences and cannot establish a dial-up connection, the connect sequence attempt fails. For the configuration shown in Figure 8-10, the ProCurve Secure Router will cycle through the connect sequences three times.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Configuring the fast-idle Option You can assign BRI interfaces to more than one resource pool. For example, you might want to assign backup interfaces to more than one resource pool because it would be unlikely that two primary interfaces would go down at the same time.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Replace with the calling party’s telephone number. By default, the caller-number list does not include any numbers so all calls are accepted. Defining the called-number Option You can also configure the Dialed Number Identification Service (DNIS) that the demand interface provides when answering a call.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Configuring the BRI Interface To configure the BRI interface, you need the following information from your service provider: ISDN signaling (switch) type assigned telephone numbers (LDNs) service profile IDs (SPIDs), if you are located in the United States or Canada You should have this information available before you begin configuring the BRI interface.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections For example, if the ISDN module is located in slot 1 and you are configuring the interface for port 2, enter. ProCurve(config)# interface bri 1/2 The prompt should indicate that you have entered the appropriate interface configuration mode context: ProCurve(config-bri 1/2)# Configuring the ISDN Signaling (Switch) Type...
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections If your public carrier is using the default signaling type, you do not have to enter the isdn switch-type command. You can simply accept the default setting. Configuring a SPID and LDN for ISDN BRI U Modules In North America, some ISDN switches require a SPID to identify each TE on the subscriber’s premises and to determine the types of services that the TE...
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections N o t e You can set LDNs using the isdn ldn1, isdn ldn2, isdn spid1, or isdn spid2 commands. The router uses whatever LDN1 or LDN2 value that was most recently entered using one of these commands.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Configuring the ISDN Group When you configure demand routing for a primary ISDN connection, you must configure an ISDN group by completing the following steps: Create an ISDN group. Assign BRI interfaces to the group.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Assigning the ISDN Group to a Resource Pool To use the ISDN group for demand routing, you must make the group a member of a resource pool. The resource pool must be associated with at least one demand interface.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Table 8-10. Examples of Using Wildcard Characters to Specify incoming-accept- number Types of incoming-accept-numbers Pattern calls for a particular U.S. or Canadian area code 916$ calls for two numbers—such as 555-1111 and 555-1112 555-111[1,2] calls for a group of numbers—such as the numbers between 555-1000 555-[1,2]XXX...
Page 439
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections N o t e ProCurve Networking recommends that you use static routes for ISDN con- nections, rather than a dynamic routing protocol. Because routing protocols regularly exchange updates, these updates frequently initiate the ISDN con- nection, resulting in higher cost for your company’s ISDN line.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections For more information about configuring static routes, see “Static Routing” on page 11-9 of Chapter 11: IP Routing—Configuring Static Routes. After you have configured the static route, you should test your configuration to ensure that the ISDN connection is triggered by the appropriate traffic.
Page 441
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections To: 192.168.1.29 Demand Interface Resource Available? Resource Pool Pool 1 Router ACL Match? ISDN group 1 bri 2/1 permit ip any 192.168.2.0 0.0.0.255 bri 2/2 permit ip any 192.168.1.0 0.0.0.255 int bri 2/1 Fast-cache Table...
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections After the packet has been sent to the demand interface, the router checks the fields in the packet’s IP header (such as source and destination address) against the match-interesting list ACL. If the packet does not match the list, the router drops it.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Configuring MLPPP for Demand Interfaces To enable MLPPP, enter the following command from the demand interface configuration mode context: ProCurve(config-demand 1)# ppp multilink By default, MLPPP is not enabled. Configuring the Maximum Number of Interfaces.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Configuring MLPPP Fragmentation. When a packet is to be transmitted across an MLPPP connection, the demand interface divides the packet into fragments of equal length. If possible, the number of fragments equals the number of active links in the MLPPP and are transmitted simultaneously over each link.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Enabling PPP Authentication for All Demand Interfaces You must configure the PPP authentication protocol that the router uses for inbound calls. To configure the authentication protocol that the demand interfaces expect to receive for inbound calls, enter the following command from the global configuration mode context: Syntax: data-call authentication protocol [chap | pap]...
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections When you replace , ensure that you are using the same settings that are configured on the far-end router. The username that is sent is the hostname of the router. If necessary, you can override this username with this demand interface configuration command: Syntax: ppp chap hostname ...
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections data-call authentication protocol pap data-call commands to data-call sent authentication protocol pap enable PAP authentication interface bri 2/1 isdn ldn1 968483940096 no shutdown interface bri 2/2 isdn ldn1 978484540055 no shutdown interface demand 1 idle-timeout 240...
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections or decrease the value of the MRU, a PPP peer sets the MRU configuration option in the Link Control Protocol (LCP). (LCP is one of the protocols in the PPP suite.
Page 450
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections a prefix, you can enter unlimited-length strings of 0s and 1s. For example, for international calls made from within the United States, you might enter a prefix of 011. Specify a call type by entering one of the options listed in Table 8-11.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Table 8-12. Characters for Call Patterns Valid Characters Explanation Match exact digit only Match any single digit between 0 and 9 Match any single digit between 2 and 9 Match any single digit between 1 and 8 Match any number Match any digit in the list.
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections When the called party information element (IE) is created for this call, the router removes the prefix and places the N$ digits in the Number Digits field. National.
Configuring Demand Routing for Primary ISDN Modules Viewing Information about Demand Routing Viewing Information about Demand Routing You can use show commands to view different aspects of your demand routing configuration. For example, you can view the status of a demand interface and any dial-up connections that are established through a demand interface.
Page 454
Configuring Demand Routing for Primary ISDN Modules Viewing Information about Demand Routing Figure 8-16 shows the results of this command if demand interface 1 is spoofing its up status and a dial-up connection has not been established. In addition to showing the status of the interface, this command displays settings for the following commands: connect-mode resource pool...
Configuring Demand Routing for Primary ISDN Modules Viewing Information about Demand Routing Figure 8-17 provides the results of the show interfaces demand 1 command when an ISDN connection has been established. Demand 1 is UP (connected) A dial-up connection has Configuration: been established Keep-alive is set (10 sec.)
Configuring Demand Routing for Primary ISDN Modules Viewing Information about Demand Routing As Figure 8-18 shows, this command also lists multiple channels if MLPPP is configured for the ISDN connection. demand 1 Idle timer (120 secs), Fast idle timer (20) Dialer state is data link layer up Dial reason: ip (s=192.168.1.23, d=192.168.2.23) Link thru 1_0(bri 2/1.1) is up...
Page 457
Configuring Demand Routing for Primary ISDN Modules Viewing Information about Demand Routing bri 1/1 is UP Interface activated Line status: ready but not providing Caller ID will be used to route incoming calls connection Caller ID normal Switch protocol: Net3 Euro ISDN Number at which SPID 1 n/a, LDN 1 9631111 the local router can...
Configuring Demand Routing for Primary ISDN Modules Viewing Information about Demand Routing bri 1/2 is UP Line status: connected Caller ID will be used to route incoming calls Caller ID normal Switch protocol: Net3 Euro ISDN SPID 1 n/a, LDN 1 9631111 SPID 2 n/a, LDN 2 n/a 5 minute input rate 112 bits/sec, 0 packets/sec 5 minute output rate 112 bits/sec, 0 packets/sec...
Configuring Demand Routing for Primary ISDN Modules Viewing Information about Demand Routing Session 1 Interface demand 1 Local IP address = 10.1.1.1 Remote IP address = 10.2.2.1 Remote Username = Dial reason: ip (s=192.168.1.23, d=192.168.2.23) Link 1 Dialed number = Resource interface = 1_0(bri 2/1.1), Multilink Connection is through Connect time: 0:1:28...
Configuring Demand Routing for Primary ISDN Modules Troubleshooting Demand Routing Figure 8-23 shows the running-config for a demand interface that is configured to use MLPPP and PPP authentication. interface demand 1 idle-timeout 240 resource pool Pool match-interesting list Call out match-interesting reverse list Call in connect-sequence 1 dial-string 9633333 forced-isdn-64k busyout-threshold 3 connect-sequence 2 dial-string 9634444 forced-isdn-64k busyout-threshold 3...
Configuring Demand Routing for Primary ISDN Modules Troubleshooting Demand Routing If the demand interface went down because it could not establish a connection during the recovery mode, its status will be down (recovery failed). In this case, you must identify the problem causing the failure and then you must clear the connection so that the status of the demand interface returns to up (spoofing).
Page 462
Configuring Demand Routing for Primary ISDN Modules Troubleshooting Demand Routing bri 1/2 is DOWN The switch at the Line status: getting TEI #1 CO cannot identify Caller ID will be used to route incoming calls the interface. Caller ID normal Switch protocol: AT&T 5ESS Check the SPID and SPID 1 25655522220101, LDN 1 5552222...
Configuring Demand Routing for Primary ISDN Modules Troubleshooting Demand Routing Status Meaning Next Best Step getting TEI #2 The switch cannot identify the BRI • Check for a miskeyed SPID2 and/or LDN. interface (second B channel). • If you should not have to enter a second SPID, the interface may be configured for the wrong signaling type.
Configuring Demand Routing for Primary ISDN Modules Troubleshooting Demand Routing If you can troubleshoot the problem after business hours (when you will not inadvertently interrupt the flow of traffic to other interfaces), you may want to change the ACL to select all traffic from any source to any destination. The ACL should then trigger the ISDN connection.
Page 466
Configuring Demand Routing for Primary ISDN Modules Troubleshooting Demand Routing To set up a test call, enter the following from the BRI interface configuration mode context: Syntax: test-call [dial | answer | hangup] To enter test call mode, enter: ProCurve(config- bri 2/1)# test-call answer This command configures the router to receive test calls.
Configuring Demand Routing for Primary ISDN Modules Troubleshooting Demand Routing Line Maintenance You can also perform some basic maintenance on your ISDN line. Enter: Syntax: maintenance [restart-d | reset] Use the restart-d option to reset and restart the D channel. This may help in cases where there is a problem in the call process and one of the channels becomes hung.
Page 468
Configuring Demand Routing for Primary ISDN Modules Quick Start Table 8-17. debug Commands for PPP Interfaces Command Explanation debug ppp verbose displays detailed information about all PPP frames as they arrive on the PPP interface debug ppp errors displays error messages relating to PPP debug ppp negotiations displays events relating to link negotiation;...
Page 469
Configuring Demand Routing for Primary ISDN Modules Quick Start Setting Description Your Setting isdn spid1 specifies the telephone number and isdn spid2 identifiers for each TE on the line; used for ISDN BRI U modules connect-sequence specifies: dial-string ...
Page 470
Configuring Demand Routing for Primary ISDN Modules Quick Start To specify the source and destination address, use the following: Syntax: [any | host | ] For example, you might want to specify that the interesting traffic is the IP traffic from any source to network 192.168.115.0 /24.
Page 471
Configuring Demand Routing for Primary ISDN Modules Quick Start Including in or out is optional. By default, the ProCurve Secure Router uses the ACL you specify to check both incoming and outgoing traffic. If you do not specify a direction, outbound traffic is matched to the specified ACL, and inbound traffic is matched to the reverse of the ACL.
Page 472
Configuring Demand Routing for Primary ISDN Modules Quick Start Table 8-19. Defining a Resource Type for a Connect Sequence Option Description isdn-64k Any dial resource can be used, but if ISDN is used, the call must be placed using a 64-Kbps channel. isdn-56k Any dial resource can be used, but if ISDN is used, the call must be placed using a 56-Kbps channel.
Page 473
Configuring Demand Routing for Primary ISDN Modules Quick Start Set the LDN. (If your public carrier has assigned you a SPID, skip this step and go to the next step.) Otherwise, enter: Syntax: isdn ldn1 Replace with the LDN phone number assigned to the ISDN line you are configuring.
Page 474
Configuring Demand Routing for Primary ISDN Modules Quick Start d. To control which calls the BRI interfaces in the ISDN group accept, enter the following command from the ISDN group configuration mode context: Syntax: incoming-accept-number For example, you might enter: ProCurve(config-isdn-group 1)# incoming-accept-number 5551212 You can use the wildcard characters listed in Table 8-9 to specify a range of numbers.
Configuring the E1 + G.703 and T1 + DSX-1 Modules Contents Using an E1- or T1-Carrier Line for Data and Voice ....9-3 Drop-and-Insert Modules .
Page 476
Configuring the E1 + G.703 and T1 + DSX-1 Modules Contents Accessing the T1 Interface for the DSX-1 Port ....9-16 Configuring Line Coding ........9-16 Configuring Frame Format .
Configuring the E1 + G.703 and T1 + DSX-1 Modules Using an E1- or T1-Carrier Line for Data and Voice Using an E1- or T1-Carrier Line for Data and Voice You may be able to lower your data communications and telephone costs by leasing an E1 or T1-carrier line and using some of the bandwidth for data and some of the bandwidth for TDM (or traditional) voice.
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module You connect the G.703 port to the PBX using crossover UTP cabling with RJ-48C connectors. Configuring the E1 Interface for Data Communications The first step in configuring the E1 + G.703 module is to configure the E1 interface that will handle data.
Page 480
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module N o t e If you have not yet entered a bind command to join the physical interface to the logical interface, the channel assignment will not be displayed correctly. e1 1/1 is UP Receiver has no alarms E1 coding is HDB3, framing is E1...
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module Setting the Clock Source The other setting that directly affects the G.703 interface is the clock source. Each narrow ProCurve Secure Router module can have only one clock source. For E1 + G.703 modules, you set the clock source on the E1 interface that is used for data.
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module AMI uses alternating positive and negative voltage (referred to as alternating polarity, or bipolarity) to represent logical ones, and zero voltage to represent logical zeros. Because AMI uses zero voltage for logical zeros, it can cause synchronization loss between peers at each end of a WAN connection when a data stream contains a long string of logical zeros.
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module Although E1 interfaces, including those for the G.703 port, support two frame formats, only one option is listed if you enter the following command from the E1 interface configuration mode context: ProCurve(config-e1 1/2)# framing ? Only CRC4 is listed.
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module Activating the Interface All interfaces on the ProCurve Secure Router are administratively down by default and must be activated. From the E1 interface configuration mode context, enter: ProCurve(config-e1 1/2)# no shut Checking the Status of the G.703 Interface...
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module Figure 9-2 shows the output when you enter this command. The first line reports whether the interface is up or down. The first block of text indicates the current configurations for the interface, such as line coding and framing.
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module Yellow Alarm A yellow alarm indicates that the G.703 interface is receiving signals from a PBX that is in red alarm. The PBX may not be capable of handling the signal that the interface is sending to it.
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module other public carrier equipment used in a T1 connection, see Chapter 4: Configuring E1 and T1 Interfaces.) You connect the DSX-1 interface to the PBX, using a crossover cable with an RJ-48C connector.
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module t1 2/1 is UP Receiver has no alarms T1 coding is B8ZS, framing is ESF Clock source is through t1 2/2, FDL type is ANSI Line build-out is 0dB Clock source is set to through No remote loopbacks, No network loopbacks...
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module You may want the T1 + DSX-1 module to take its timing from the PBX rather than from the public carrier’s equipment. To change the clock source for the T1 interface to through, enter: ProCurve(config-t1 1/1)# clock source through For detailed information about configuring T1 interfaces, see Chapter 4:...
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module In AMI, zero voltage represents logical zeros, and alternating positive and negative voltage represent logical ones, thus maintaining a net zero voltage across the line. AMI has at least one drawback: a long string of logical zeros can result in hosts losing synchronization.
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module Setting the Line Length The ProCurve Secure Router uses transmission line length to determine which voltage to use for data transfer. The greater the distance between equipment, the stronger the signal must be to counteract attenuation.
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module Activating the DSX-1 Interface By default, all interfaces on the ProCurve Secure Router are administratively down. To activate the interface, enter: ProCurve(config-t1 1/2)# no shutdown Checking the Status of the DSX-1 Interface To check the status of the DSX-1 interface, enter the following command from the enable mode context:...
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module Viewing Configuration Information To view the settings that have been entered on the ProCurve Secure Router, enter: ProCurve# show running-config You must then browse through the output to find the DSX-1 interface. To view only the running-config for the DSX-1 interface, enter: ProCurve# show running-config interface t1 /2 Figure 9-6 shows the running-config for both the T1 and DSX-1 interfaces.
Configuring the E1 + G.703 and T1 + DSX-1 Modules Quick Start If the unit stays in alarm, change the cable. If the router now goes out of alarm, again, you know that the cable, and not the interface, is the problem. Troubleshoot connections between the T1 interface and the wall jack in the same way.
Configuring the E1 + G.703 and T1 + DSX-1 Modules Quick Start Configuring the E1 + G.703 Module Making the Physical Connection Use unshielded twisted pair (UTP) cabling with RJ-48C connectors to connect the E1 interface to the CSU provided by your Public Telephone and Telegraph (PTT) authority.
Configuring the E1 + G.703 and T1 + DSX-1 Modules Quick Start If you want the E1 + G.703 module to take its clock source from the PBX, enter: ProCurve(config-e1 1/1)# clock source through This chapter includes only the steps for configuring the E1 interface that directly affects the G.703 interface.
Configuring the E1 + G.703 and T1 + DSX-1 Modules Quick Start Configuring the T1 + DSX-1 Module Making the Physical Connection Use UTP cabling with RJ-48C connectors to connect the T1 interface to the wall jack provided by your public carrier. Use crossover UTP cabling with RJ-48C connectors to connect the DSX- 1 interface to the PBX.
Configuring the E1 + G.703 and T1 + DSX-1 Modules Quick Start This chapter includes only the T1 configuration steps that directly affect the DSX-1 interface. You must configure the other settings for the T1-carrier line, configure the Data Link Layer protocol, and bind the physical interface to the logical interface.
Page 500
Configuring the E1 + G.703 and T1 + DSX-1 Modules Quick Start 9-26...
Page 501
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Contents Overview ........... . . 10-3 Transmitting Non-IP Traffic .
Page 502
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Contents Troubleshooting Spanning Tree ....... . . 10-24 Testing Spanning Tree .
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Overview Overview The ProCurve Secure Router can function as a bridge as well as a router. A bridge, like a switch, is a Layer 2 device that operates at the Data Link Layer of the Open Systems Interconnection (OSI) model.
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Overview The ProCurve Secure Router supports bridging using the IEEE 802.2 stan- dards. You would configure a ProCurve Secure Router to act as a remote bridge to allow it to: transmit non-IP traffic merge two remote networks Transmitting Non-IP Traffic The ProCurve Secure Router only routes IP traffic.
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Bridging Configuring Bridging You configure the ProCurve Secure Router to function as a bridge by assigning logical interfaces to be part of a bridge group. For example, you could assign the Ethernet interface and the Point-to-Point Protocol (PPP) interface to a bridge group, or you could assign the Ethernet interface and the Frame Relay subinterface to a bridge group.
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Bridging To configure bridging, you must: configure a bridge group assign interfaces to the bridge group N o t e The router can both route and bridge traffic. It can even route and bridge traffic on the same Frame Relay or ATM interface.
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Bridging You can also assign only WAN interfaces to a bridge, although you probably would not use this application. In this case, the router would simply act as a corridor between remote sites. To assign an interface to a bridge group: Move to the logical interface configuration mode context: ProCurve(config)# int ppp 1...
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Bridging Site A Site B 192.168.1.0 /25 192.168.1.128 /25 Router B Router A 192.168.1.1 - 192.168.1.128 - 192.168.1.127 192.168.1.254 Figure 10-3. Variable-Length Subnetting Viewing the Bridge Table The ProCurve Secure Router stores information about how to forward bridged packets in a bridge table.
Page 509
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Bridging ProCurveSR7102dl# show bridge 1 Bridge Group 1: Total of 1024 station blocks, 1024 free Code: P - permanent Address Action Interface RX count TX count 00:10:4B:A0:DF:8F forward fr 1.16 00:D0:59:24:43:B5 forward eth 0/1 Packets received from and Host can be reached...
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Troubleshooting Bridging Troubleshooting Bridging When traffic is not able to reach its destination, follow this standard trouble- shooting process: Check the Physical Layer: If the Stat LED for the carrier line’s module slot is green, the physical line is up.
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree Verify that all hosts participating in a bridge group are on the same subnet. You can also try viewing the bridge table. If the table does not show entries for an interface, this is a good hint that the devices on the other end of that connection are on a different subnet.
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree The overview provides a brief background in STP and RSTP for those who want to learn more about how the protocols function. Overview Network devices in a Data Link Layer network, such as bridges and switches, run STP or RSTP.
Page 513
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree A device then marks the following ports for activation (forwarding frames): the root port designated ports—which connect to devices that consider the local device as their designated switch (and ports that connect to end users) All other ports become inactive.
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree When a change in network topology makes STP determine that a new port must become active, the port first passes through the listening and learning states. (When STP is initially enabled and devices exchange configuration BPDUs, all ports move through the listening and learning states until STP determines whether they should become blocked or forwarding ports.) In the listening state, the port processes BPDUs to determine whether it is...
Page 515
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree (although this is not a typical application for the router). Important configu- rations for edge ports are BPDU guards and filters which keep the router from receiving BPDUs from user software or rogue devices. Blocking ports are divided into backup and alternate ports.
Page 516
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree Designated Designated Root Root Root bridge Root bridge Bridge A Bridge A Designated Designated 1. The network is stable. 1. The network is stable. Root Root Bridge B Bridge B Designated Designated Root...
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree For example, in Figure 10-5, a connection is added between Bridge B and the root. The root bridge first asserts sync with Bridge B. Bridge B blocks its connection to Bridge A. Bridge B attempts to assert sync with Bridge A, but Bridge A rejects the offer because it has a better connection to the root.
Page 518
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree Determining Which Device Becomes Root: Setting the Router’s Priority Spanning tree bridges elect the device with the lowest ID as the root. A bridge’s ID consists of its priority value plus its MAC address. By default, all interfaces on the router have a priority of 32,768 (the standard default setting).
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree Another way to force the router to choose one connection over another is to set the port priority. The router only uses this value to choose between two interfaces that have equal cost connections to the root. To set a logical interface’s port priority, enter: Syntax: spanning-tree port-priority ...
Page 520
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree Table 10-2. Defining Edge Ports Function Command Syntax CLI Context define all spanning tree interfaces on the spanning-tree edgeport default global configuration mode router as edge ports define all spanning tree interfaces on the no spanning-tree edgeport default global configuration mode router as non-edge ports (default...
Page 521
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree To enable Frame Relay and ATM subinterfaces to act as edge ports, move to the logical interface configuration mode context and enter: Syntax: spanning-tree edgeport When the global setting defines all interfaces as edge ports by default, use the no form of the command to disable the edgeport setting on the individual subinterface.
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree By default, the ProCurve Secure Router uses the auto option to determine the connection type. RSTP assumes that full-duplex interfaces are point-to-point and half-duplex interfaces are shared. If, for whatever reason, you must override this setting, move to the logical interface’s configuration mode context and enter this command: Syntax: spanning-tree link-type [auto | point-to-point | shared] For example, the Ethernet interface 0/1 connects to a hub.
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree Maximum Age Timer. BPDUs include a maximum age timer. Devices dis- card information received from a BPDU when this timer expires. With STP, the timer determines how long a device will wait to receive information about a connection from the root before assuming the connection is down.
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Troubleshooting Spanning Tree In a test environment, the filter keeps all connections up so that you can test them. C a u t i o n You should not use the global BPDU filter on a live network. When you enable the filter from the global configuration mode context, the filter applies to all interfaces on the router.
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Troubleshooting Spanning Tree Table 10-4. Spanning Tree debug Commands View Command Syntax general messages debug spanning-tree general messages when configuration changes occur debug spanning-tree config periodic hellos and messages when a change in debug spanning-tree events topology occurs all BPDUs received...
Page 526
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Troubleshooting Spanning Tree You enter the command without any options to view the following spanning tree information for all bridge groups: root ID timers bridge ID interfaces: • role • status For example, Figure 10-6 displays the spanning tree instance for bridge group 1.
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Troubleshooting Spanning Tree You can enter the command with the realtime option to view periodic updates of the spanning tree information without re-entering the command. The CLI displays the information in a new screen. You can exit the screen by pressing You can also pause and restart the display of the updates.
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Troubleshooting Spanning Tree You can force the entire router to return to RSTP by simply entering clear spanning-tree detected-protocol. Or you can force the single interface that connects to the updated device. For example: ProCurve# clear spanning-tree detected-protocol interface eth 0/1 Relatively slow convergence with RSTP may be caused by incorrectly config- ured point-to-point interfaces.
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Quick Start Quick Start This section provides the commands you must enter to quickly configure the router to bridge traffic. Only a minimal explanation is provided. If you need additional information about any of these options, see “Contents” on page 10-1 to locate the section that contains the explanation you need.
Page 530
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Quick Start If so desired, change the router’s priority for becoming the root of the spanning tree. Syntax: spanning-tree priority The value can be from 0 to 63535. If so desired, configure the cost of the connections on the router from the logical interface for the connection.
Page 531
IP Routing—Configuring Static Routes Contents Overview ........... . . 11-3 IP Addressing .
Page 532
IP Routing—Configuring Static Routes Contents Troubleshooting Static Routing ....... . . 11-23 Monitoring the Routing Table .
IP Routing—Configuring Static Routes Overview Overview Unlike a simple switch, a router can route a packet from one network to another. When the ProCurve Secure Router receives a packet, it matches the packet’s destination address to a route in its routing table. This route specifies the interface through which the router must forward the packet in order for the packet to reach its destination.
IP Routing—Configuring Static Routes Overview Unlike MAC addresses, IP addresses are not permanent or hardware specific. A host can change its address, and it can receive a temporary address from a server. However, public IP addresses must be unique and globally significant. (Otherwise, hosts could never be certain that data would arrive at the desti- nation they intended.) Certain IP addresses are reserved for private networks;...
IP Routing—Configuring Static Routes Overview 172.16.132.99 255.255.0.0 Host Address 10101100 00010000 10000100 01100011 Subnet Mask 11111111 11111111 00000000 00000000 Network Address 10101100 00010000 00000000 00000000 172.16.0.0 Figure 11-1. Subnet Masks Classful Networks In the early days of IP addressing, routing protocols did not always use subnet masks.
IP Routing—Configuring Static Routes Overview CIDR Classful networks condense more information into fewer bits: a router can resolve an address into its network and host bits without a 32-bit subnet mask. However, classful networks do not use IP addresses efficiently. Class C networks only provide addresses for 254 hosts, while Class B networks provide addresses for 65,534.
IP Routing—Configuring Static Routes Overview When you use prefix lengths in this way, the bit length becomes, in a sense, part of the address. 172.16.0.0 /20 is a different network than 172.16.0.0 /16. The second is the network address for the entire class B network, while the first is a network that includes only hosts from 172.16.0.1 to 172.16.15.254.
IP Routing—Configuring Static Routes Overview Next-Hop Address and Forwarding Interface A route’s next-hop address and forwarding interface instruct the router how to forward packets that match the destination address for the route. The next-hop address is the address of the next directly-connected device en route to the destination address.
IP Routing—Configuring Static Routes Overview A route’s metric is the cost of sending traffic on that route and can be based on various criteria: number of hops to the destination link conditions: • bandwidth • delay • reliability organization policies •...
IP Routing—Configuring Static Routes Overview Dynamic Routing Protocols Routers can also construct their routing tables using dynamic routing proto- cols. The ProCurve Secure Router supports three routing protocols, each of which it can use alone or in conjunction with the others: RIP versions 1 and 2 Open Shortest Path First (OSPF) version 2 Border Gateway Protocol (BGP) version 4...
IP Routing—Configuring Static Routes Overview You should not implement a dynamic routing protocol on a demand interface that is used with a dial-up connection because the routing updates may keep the line up longer than is necessary, costing your organization money. Instead, configure a static route that uses the demand interface as the forwarding interface.
IP Routing—Configuring Static Routes Overview The router can share traffic over the routes based on destination, assigning traffic destined to some hosts to one route and traffic destined to other hosts to another route. In this case, the traffic may not be exactly balanced over the multiple connections, but the more sessions the router supports, the more evenly balanced the traffic will be.
IP Routing—Configuring Static Routes Configuring Static Routes Process switching Router Internet Queue Fast caching Router Internet Fast-cache table Figure 11-2. Fast Caching Versus Process Switching Configuring Static Routes Overview A static route is a route that you add manually to a routing table. You can construct a router’s entire table manually.
IP Routing—Configuring Static Routes Configuring Static Routes You can use static routing with dynamic routing. In this case, you supplement routes discovered through various protocols with manually added routes. You can configure the router to advertise these routes using a routing protocol, or you can keep the routes private.
Page 545
IP Routing—Configuring Static Routes Configuring Static Routes Router C 10.1.1.2 10.1.20.2 10.1.2.0/24 Router B Router A Routing table Routing table 10.2.8.0/24 Router D 10.1.0.0/16 B 10.1.2.0/24 C 10.1.30.2 10.1.3.0/24 D 10.1.3.0/24 Figure 11-4. Prefix Lengths with Static Routing You add routes to the routing table from the global configuration mode context.
IP Routing—Configuring Static Routes Configuring Static Routes ProCurve# show ip route 10.2.2.0/30 is directly connected, ppp 1 10.3.3.0/30 is directly connected, ppp 2 192.168.20.0/24 is directly connected, eth 0/1 192.168.30.0/24 [1/0] via 10.2.2.2, ppp 1 0.0.0.0/0 [1/0] via 0.0.0.0, ppp 2 Forwarding interface Administrative Metric...
IP Routing—Configuring Static Routes Configuring Static Routes Because OSPF routes have an administrative distance of 110, specify 120 for the floating static route’s administrative distance. (Refer to Table 11-1 on page 11-11 for the administrative distance of various routing protocols.) Configuring a Default Route A default route is a special static route that applies to all traffic.
IP Routing—Configuring Static Routes Configuring Static Routes For example, to configure Router A shown in Figure 11-6, you would enter: ProCurve(config)# ip route 192.168.10.0 /24 192.168.12.2 ProCurve(config)# ip route 0.0.0.0 /0 ppp 1 192.168.10.0 /24 Router B 192.168.12.2 PPP 1 Router A Internet 192.168.1.0 /24...
Page 549
IP Routing—Configuring Static Routes Configuring Static Routes For example, an organization has allocated the address space 192.168.20.0 /24 to a remote site. However, currently the site is only using half of the addresses. Network management have divided the network into two /25 subnets and left the second subnet (192.168.20.128 /25) unused.
IP Routing—Configuring Static Routes Configuring Load Sharing Configuring Load Sharing Your ProCurve Secure Router may have more than one connection to the same remote site or to the Internet. However, a router can typically select a single best route for a destination; without further configuration, traffic destined to the site will travel over only one of the connections.
Page 551
IP Routing—Configuring Static Routes Configuring Load Sharing When the router balances traffic per packet, it sends each new packet over each route in turn. Although this option balances traffic more exactly, it is not generally recommended. Because each successive packet takes a different route, packets may arrive at the destination out of order.
IP Routing—Configuring Static Routes Enabling Fast Caching Enabling Fast Caching The ProCurve Secure Router can route incoming packets using either: process switching fast caching A router using process switching: places packets in a queue to await processing looks up routes in the routing table, which contains all routes A router using fast caching: interrupts other processes to serve packets immediately looks up routes in the fast-cache table, which contains only recently-used...
IP Routing—Configuring Static Routes Troubleshooting Static Routing For example: ProCurve(config)# int eth 0/1 ProCurve(config-eth 0/1)# no ip route-cache N o t e Fast caching is forcibly disabled when you use the following processes: the ProCurve Secure Router OS firewall any firewall processes, such as ACLs and ACPs policy based routing (PBR) If you enable the firewall, the ProCurve Secure Router must use process switching because firewall features require the router to make more-extensive...
Page 554
IP Routing—Configuring Static Routes Troubleshooting Static Routing The screen displays the destinations to which the router can route traffic. (See Figure 11-8.) For each destination, the routing table also records: the method the router used to discover the route • B—BGP •...
IP Routing—Configuring Static Routes Troubleshooting Static Routing Table 11-2. Viewing the Routing Table Table Section Command Syntax directly connected routes show ip route connected statically entered routes show ip route static show ip route bgp show ip route rip OSPF show ip route ospf routes displayed in table format show ip route table...
IP Routing—Configuring Static Routes Troubleshooting Static Routing If a static route will not appear in the routing table, verify that the associated forwarding interface is up. If necessary, troubleshoot that interface. If you have configured a next hop address for the static route, you should check the routing table to ensure that it includes a route to that next hop.
IP Routing—Configuring Static Routes Troubleshooting Static Routing ProCurveSR7102dl#traceroute 192.168.100.2 Type CTRL+C to abort. Tracing route to 192.168.100.2 over a maximum of 30 hops Next hop— 10.1.1.2 directly 10.2.2.1 connected 192.168.100.2 neighbor Destination Figure 11-9. Traceroute Command Tracing routes allows you to monitor actual traffic flow (although in a neces- sarily limited fashion).
Page 558
IP Routing—Configuring Static Routes Troubleshooting Static Routing N o t e Clearing a route is not necessarily enough to solve a problem. Unless you address the reason that the router learned the inaccurate route, the router may only learn the inaccurate route again. If your router should not be receiving dynamic routes at all, then you should enter these commands: ProCurve(config)# no router rip...
Page 559
IP Routing—Configuring Static Routes Troubleshooting Static Routing ProCurve#show ip route Codes: C - connected, S - static, R - RIP, O - OSPF, B - BGP IA - OSPF inter area, N1 - OSPF NSSA external type 1 N2 - OSPF NSSA external type 2, E1 - OSPF external type 1 E2 - OSPF external type 2 Gateway of last resort 192.168.128.1 10.1.1.0/30 is directly connected, ppp 1...
IP Routing—Configuring Static Routes Quick Start Quick Start This section provides the commands you must enter to quickly configure static routes. Only a minimal explanation is provided. If you need additional information about any of these options, check “Contents” on page 11-1 to locate the section that contains the explanation you need.
IP Routing—Configuring Static Routes Quick Start Routing Traffic to an ISP Configure a default route to the ISP router: ProCurve(config)# ip route 0.0.0.0 /0 ppp 1 Syntax: ip route 0.0.0.0 /0 ...
Page 562
IP Routing—Configuring Static Routes Quick Start 11-32...
Page 563
Domain Name System (DNS) Services Contents Overview ........... . . 12-3 Host and Domain Names .
Page 564
Domain Name System (DNS) Services Contents Quick Start ........... 12-19 Configuring the ProCurve Secure Router as a DNS Client .
Domain Name System (DNS) is the Internet protocol for translating domain names or hostnames into IP addresses. The hostname is the familiar, alpha- numeric name for a host on the Internet (for example, www.hp.com), and the IP address is the 32-bit address that machines use to reach each other. DNS allows users to enter more readily memorable and intuitive hostnames rather than IP addresses.
Domain Name System (DNS) Services Overview This system diffuses domain records throughout the Internet. Hosts anywhere on the Internet can still reach each other because name servers can query each other for the hostnames they cannot translate. Authoritative and Caching Name Servers Most name servers function as an authoritative server for one or several zones and as a caching server for all other zones.
Domain Name System (DNS) Services Overview Organization B server Organization A Request for .com Root Top- server level server server Organization C Request for C.com server Request for www.C.com Figure 12-1. DNS Queries Similarly, when a client accesses several hosts in the same first-level domain, the DNS server caches the IP address for the first-level domain server.
Domain Name System (DNS) Services Overview Dynamic DNS Your device’s IP address may change, and such changes are not always under your control. For example, your router may receive a dynamic address from your Internet service provider (ISP). When a device’s address changes, DNS servers will no longer be able to resolve its hostname, and customers will not be able to access the device.
Domain Name System (DNS) Services Overview Static DNS You can use Static DNS to register a device with a free hostname in one of the domains used with Dynamic DNS. Static DNS provides many of the same services as Dynamic DNS, but it is tailored for devices whose IP addresses rarely change.
Domain Name System (DNS) Services Configuring DNS Configuring DNS The extent to which you enable DNS functions on the ProCurve Secure Router depends on whether you want the router to simply be able to run the DNS client or to act as a name server for your organization. If you only want the router to act as a DNS client, you must: enable DNS (which is enabled by default) specify at least one external DNS server...
Domain Name System (DNS) Services Configuring DNS Adding an Entry to the Router’s Host Table DNS distributes the now overwhelmingly vast host table throughout many name servers. Network administrators maintain entries for their own domains, which keeps the table accurate and under control. You manage only the small section of the table on which you are an expert.
Domain Name System (DNS) Services Configuring DNS Specifying DNS Server Addresses No single DNS server contains the entire host table for every host on the Internet. In order for the Internet to do its job—to allow a host in one location to access a host in any other location—name servers must be able to query each other about the many hosts not in their own tables.
Domain Name System (DNS) Services Troubleshooting DNS Troubleshooting DNS When the ProCurve Secure Router cannot correctly resolve domain names, you can monitor DNS error messages to pinpoint the source of the problem. You should be able to interpret DNS messages well enough to track the DNS process and determine where problems arise.
Page 574
Domain Name System (DNS) Services Troubleshooting DNS N o t e You can also start displaying the debug messages from any mode context with the do command. Then, have the DNS client again attempt to access the host. Track the router’s activity.
Page 575
Domain Name System (DNS) Services Troubleshooting DNS Host Table Does Not Include a Hostname. If necessary, add an entry to the host table. You can view the current entries in the running-config. Look for a miskeyed entry. Delete the faulty entry from the host table before adding the correct entry.
Domain Name System (DNS) Services Troubleshooting DNS Debugging DNS Client Activity DNS client activity deals only with the DNS requests the router makes on its own behalf. (The router always checks its own host table first. If it finds a match, no debug messages appear.) To monitor DNS client messages, move to the enable mode context and enter: ProCurve# debug ip dns-client...
Domain Name System (DNS) Services Configuring Dynamic DNS If the interface can reach the server, but the server consistently fails to translate hostnames, you should remove the server. If necessary, specify a new one. You can specify up to six DNS servers. Configuring Dynamic DNS When an interface has a dynamic IP address—for example, when your ISP provides its address—you should register its hostname with a dynamic DNS...
Domain Name System (DNS) Services Configuring Dynamic DNS You must complete three steps to configure a DynDNS service for a router interface: Open an account with DynDNS. Configure the logical interface’s IP address. Activate the dynamic DNS client. Opening an Account with DynDNS You should first register with DynDNS for a hostname.
Domain Name System (DNS) Services Configuring Dynamic DNS DynDNS. You would then enter that hostname for the hostname option. See Chapter 13: Dynamic Host Configuration Protocol (DHCP) for more infor- mation on configuring a DHCP client. You can configure a PPP interface to take a dynamic address from a service provider with this interface configuration mode command: Syntax: ip address negotiated [no-default] See Chapter 6: Configuring the Data Link Layer Protocol for E1, T1, and...
Domain Name System (DNS) Services Configuring Dynamic DNS Special Considerations for Configuring Custom DNS Custom DNS expands the services provided by Dynamic and Static DNS. For example: You control your own domain name, which you may already possess or which you may purchase from DynDNS. You can turn your hostname into a subdomain, which is handled by your own DNS servers.
Domain Name System (DNS) Services Quick Start Quick Start This section provides the commands you must enter to quickly configure the ProCurve Secure Router to act as: a DNS client a proxy name server It also shows you how to configure a router interface to run a client that updates a dynamic DNS service when the interface’s IP address changes.
Domain Name System (DNS) Services Quick Start Configuring the ProCurve Secure Router as a Name Server Enable DNS proxy from the global configuration mode context: Syntax: ip domain-proxy Add entries for static devices on the network to the local host table. Syntax: ip host ...
Page 583
Domain Name System (DNS) Services Quick Start If you have not already done so, configure the interface’s IP address: To configure a dynamic IP address for an Ethernet interface, Frame Relay subinterface, or ATM subinterface, enter: Syntax: ip address dhcp [hostname | no-default-route | no-domain- name | no-nameservers] b.
Page 584
Domain Name System (DNS) Services Quick Start 12-22...
Dynamic Host Configuration Protocol (DHCP) Contents Configuring a Router Interface as a DHCP Client ....13-21 Configuring a Dynamic Address ......13-22 Setting an Interface’s Client ID .
Dynamic Host Configuration Protocol (DHCP) Overview Overview Every computer or device that connects to the Internet or to an IP network needs an IP address. Most users do not have the expertise to configure an IP address, subnet mask, and gateway. In addition, whenever a computer changes its location in the network, it must receive a new address.
Dynamic Host Configuration Protocol (DHCP) Overview The server responds with a DHCPACK, which includes: • the agreed-upon network address • a default gateway • a lease time • the address of one or more DNS servers (optional) • the address of one or more WINS servers (optional) ProCurve Secure Router DHCP clients...
Dynamic Host Configuration Protocol (DHCP) Overview Eth 0/1 Switch Router Eth 0/2 Switch LAN 1 192.168.1.0 /24 LAN 2 192.168.2.0 /24 Figure 13-2. ProCurve Secure Router DHCP Server You should configure one DHCP pool for each subnet. For the default gateway, you would specify the IP address of the Ethernet interface through which the router connects to the subnet.
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server Ethernet interfaces can also be DHCP clients on the connected subnet. Usually, however, it is a good idea to assign network nodes a static address. Interfaces on the ProCurve Secure Router that can take a dynamic address are: Ethernet interfaces Frame Relay subinterfaces Asynchronous Transfer Mode (ATM) subinterfaces...
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server You can also: • configure a parent pool from which child pools import global settings • assign a fixed DHCP address to a single client • configure ping settings for the DHCP server Excluding Static Addresses Certain IP addresses in your network may be statically assigned to specific hosts: for example, the router itself, the Ethernet interface, DNS and Web...
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server The command line interface (CLI) displays Configuring New Pool “” and moves you into the DHCP server pool configuration mode context. You can also edit a pool with the same command. The CLI displays Configuring Existing Pool “”.
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server See the overview in Chapter 11: IP Routing—Configuring Static Routes for more information on network addresses, subnet masks, and prefix lengths. N o t e If you do not specify a subnet mask or prefix length, the server will use the class A, B, or C natural mask associated with the network address.
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server Changing a Pool’s Lease Time Whenever a DHCP server sends a DCHPACK message to a client with its committed IP address and other network configurations, the server includes a lease time. This time puts a limit on how long the client can reserve the address.
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server Specifying DNS, WINS, and Other Servers DHCP clients often need other configurations besides an IP address. The DHCP server can also issue addresses to clients for the devices that provide various services for the subnet.
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server Enter these commands: Syntax: tftp-server Syntax: ntp-server Syntax: timezone-offset <-12 to 12> Specifying a Domain Name for the Subnet If your organization wants users to have the organization’s domain name, you should configure the DHCP server to issue this name with the IP address.
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server Configuring Parent and Child Pools If your ProCurve Secure Router supports contiguous subnets, you can config- ure a single parent pool for the range of subnets. In this pool, you would specify settings that apply to all of the subnets, such as domain name, DNS servers, WINS servers, and lease time.
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server You do not specify a default router for a parent pool. You configure the child pools just as you do any DHCP pool, but you only have to configure the subnet address and default router. If you alter a setting, such as the lease time, the configuration in the child pool overrides that in the parent pool.
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server Also, when you want to assign a particular host a permanent address, some- times it is better to configure this address through a server, rather than through whatever application is on the host. DHCP automatically tracks addresses so that two devices are not inadvertently given the same address.
Page 600
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server After you enable 802.1Q encapsulation (for VLAN tagging) on the Ethernet interface, you can configure Ethernet subinterfaces. You assign the subinter- faces a VLAN ID and an IP address. To configure the DHCP scope, you simply specify that IP address as the default router of the DHCP pool configured for the VLAN.
Dynamic Host Configuration Protocol (DHCP) Managing and Troubleshooting the DHCP Server To change the timeout setting, enter: Syntax: ip dhcp-server ping timeout The valid range is from 10 to 1000 ms. To change the ping packet count, enter: Syntax: ip dhcp-server ping packets The count can be from 0 to 100.
Dynamic Host Configuration Protocol (DHCP) Managing and Troubleshooting the DHCP Server Viewing DHCP Client Bindings The ProCurve Secure Router stores a table of DHCP bindings. In this table, you can view the IP addresses for all active DHCP clients served by the router. This can be helpful for troubleshooting.
Dynamic Host Configuration Protocol (DHCP) Managing and Troubleshooting the DHCP Server C a u t i o n Debug messages can tie up the router’s processor. Therefore, you should be very cautious about using them in a live network. You should begin by troubleshooting the host experiencing the problem and rule out a connectivity problem.
Dynamic Host Configuration Protocol (DHCP) Configuring a Router Interface as a DHCP Client A router interface must have its primary address on the subnet specified in the pool in order to respond to requests. You should also check that the DHCP network matches the address for the connecting router interface.
Dynamic Host Configuration Protocol (DHCP) Configuring a Router Interface as a DHCP Client You can also: set the interface’s client ID set the interface’s hostname enable the interface to take configurations other than the IP address Configuring a Dynamic Address You enable the DHCP client on an individual interface.
Dynamic Host Configuration Protocol (DHCP) Configuring a Router Interface as a DHCP Client Setting an Interface’s Client ID DHCP servers use client identifiers to index their database of address bind- ings. This database maps clients to their temporary IP addresses and other configurations.
Dynamic Host Configuration Protocol (DHCP) Configuring a Router Interface as a DHCP Client Setting the Interface’s Hostna If necessary, you can change the hostname for the single interface only. For example, you could register for a hostname with a dynamic DNS service. (See Chapter 12: Domain Name System (DNS) Services.) You could then ask your ISP to advertise this hostname, which you specify with the following command: Syntax: ip address dhcp hostname “”...
Page 609
Dynamic Host Configuration Protocol (DHCP) Configuring a Router Interface as a DHCP Client Move to the interface configuration mode context. Then enter the ip address dhcp command with the keyword for the configuration that you do not want the router to accept: Syntax: ip address dhcp [no-default-route | no-domain-name | no-name-servers] To disable more than one configuration, string the keywords together in the same command.
Dynamic Host Configuration Protocol (DHCP) Managing and Troubleshooting the DHCP Client Managing and Troubleshooting the DHCP Client You should carefully monitor interfaces with dynamic addresses to ensure that they have an address and are using the proper configurations. Viewing the Interface’s Lease To view the active DHCP client leases on the router, enter: ProCurve# show ip dhcp-client lease The CLI displays all interfaces with dynamic addresses.
Dynamic Host Configuration Protocol (DHCP) Managing and Troubleshooting the DHCP Client Turn off the DHCP client: ProCurve(config)# no ip address dhcp This command disables the DHCP client on the interface, which then immediately sends a message to release its DHCP-assigned address. Re-enter the ip address dhcp command with the keywords for preventing the interface from taking optional configurations.
Page 612
Dynamic Host Configuration Protocol (DHCP) Managing and Troubleshooting the DHCP Client C a u t i o n Debug messages can tie up the router’s processor and compromise the net- work’s functions. Therefore, you should take care when using them with active networks.
Page 613
Dynamic Host Configuration Protocol (DHCP) Managing and Troubleshooting the DHCP Client An individual interface does not have to be up with an active network link for the router to run the DHCP client. Before looking for problems with the DHCP client configuration, make sure that the interface is up with the show inter- faces command.
Dynamic Host Configuration Protocol (DHCP) Configuring DHCP Relay Configuring DHCP Relay DHCP relies on clients being able to reach a server by broadcasting a request. The DHCP request is limited by being broadcast to the application port for DHCP (the BOOTPS port, 67). Limited broadcasts propagate only throughout the local subnet.
Page 615
Dynamic Host Configuration Protocol (DHCP) Configuring DHCP Relay You can set different helper addresses for different interfaces. For example, if your LAN uses different servers for different subnets, you could configure the router to forward DHCP requests received on one Ethernet (or VLAN) interface to one address and requests received on another interface to a different address.
Page 616
Dynamic Host Configuration Protocol (DHCP) Quick Start Quick Start This section provides the commands you must enter to quickly configure: the router to act as a DHCP server for a subnet the router to assign a fixed DHCP address to a single host a router interface to act as a DHCP client Only a minimal explanation is provided.
Dynamic Host Configuration Protocol (DHCP) Quick Start Configurations Parameters Your Setting other configurations lease in days, hours, and minutes domain name timezone offset LAN 1 Router 192.168.32.0 /19 LAN 2 192.168.64.0 /19 Figure 13-8. Example DHCP Network Configuring a DHCP Server for a Network If you so choose, you can print and fill out Table 13-2 and refer to it while configuring the DHCP server on your router.
Dynamic Host Configuration Protocol (DHCP) Quick Start Specify the range of subnets for the parent pool. Syntax: network For example: ProCurve(config-dhcp)# network 192.168.0.0 /16 Specify optional global settings such as DNS servers, WINS servers, and lease time.
Page 619
Dynamic Host Configuration Protocol (DHCP) Quick Start Table 13-3. Settings for Assigning a Host a Fixed Address Configuration Parameter Your Setting host DHCP Pool pool name host MAC address fixed IP address default gateway IP address servers primary DNS server secondary DNS server primary WINS (NetBIOS) server...
Dynamic Host Configuration Protocol (DHCP) Quick Start Configure other necessary settings such as servers and a domain name. You can also assign the client a name. Syntax: dns-server Syntax: netbios-name-server ...
Page 621
Dynamic Host Configuration Protocol (DHCP) Quick Start Configure the router to take a dynamic address from a server. Syntax: ip address dhcp For a default configuration, simply enter the command without any options. For example: ProCurve(config-fr 1.101)# ip address dhcp b.
Page 623
Using the Web Browser Interface for Basic Configuration Tasks Contents Configuring Access to the Web Browser Interface ....14-4 Enabling Access to the Web Browser Interface ....14-4 Managing Files, Firmware, Boot Software, and the AutoSynch™...
Page 624
Using the Web Browser Interface for Basic Configuration Tasks Contents Configuring Ethernet Interfaces ....... . . 14-31 IP Settings .
Page 625
Using the Web Browser Interface for Basic Configuration Tasks Contents Configuring ADSL Interfaces ........14-61 Configure an ATM Interface .
Using the Web Browser Interface for Basic Configuration Tasks Configuring Access to the Web Browser Interface Configuring Access to the Web Browser Interface You can use the Web browser interface to configure interfaces on your router. To access the Web browser interface, you must first use the command line interface (CLI) to enable the HTTP server on the ProCurve Secure Router and to configure a username and password for HTTP access.
Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function Managing Files, Firmware, Boot Software, and the AutoSynch™ Function In the Utilities section of the Web browser interface, you can do basic file management tasks, manage the AutoSynch function, and set the router’s firmware and boot software using the Web browser interface.
Page 628
Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function N o t e The AutoSynch function is a feature that allows the router to maintain exact, up-to-date copies of the boot code and startup-config files on the router’s internal flash and a mounted compact flash card.
Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function The AutoSynch Status window displays AutoSynch messages, such as the current synchronization status of the software (SROS.BIZ) file and startup- config file and any AutoSynch error messages. For a list of AutoSynch error messages and troubleshooting methods, see Chapter 1: Overview.
Page 630
Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function To set the secondary startup config file, click the desired configuration file from the pull-down menu. To save these changes to the running-config file, click Apply. N o t e If the AutoSynch function is enabled, the primary and backup startup-config files and locations are automatically set and cannot be changed.
Page 631
Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function Click Save. The Save As dialog box is displayed. Locate the folder where you want to save the file and click Save. After you have downloaded the configuration file onto your PC, you can open and edit it in a text editor program such as Notepad.
Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function Figure 14-6. Delete Config File In the Delete Config File section, use the pull-down menu to display all the files on flash and cflash and select the file you want to delete. Click the Delete button to erase the file.
Page 633
Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function Figure 14-7. Set Primary/Backup Firmware Use the pull-down menu for the Primary Firmware box to select the file you want for your primary firmware. This file should be cflash SROS.BIZ. To set the backup firmware, use the pull-down menu for the Backup Firmware box to select the file you want for your backup software.
Page 634
Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function Upload Firmware. This section allows you to upload boot code and OS updates to your router. To get these updates, go to www.procurve.com and download the new firmware files to your PC.
Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function Figure 14-9. Delete Firmware Use the pull-down menu for the Delete Firmware box to select the file that you want to delete. Click the Delete button.
Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function Click the Save and Reboot button to save a copy of the current configura- tion to a startup-config file. If you are running the AutoSynch feature, a copy is saved to both internal flash and compact flash.
Using the Web Browser Interface for Basic Configuration Tasks Enabling IP Services on the Router Enabling IP Services on the Router In the IP Services section, you can enable or disable the following servers on the router: Simple Network Management Protocol (SNMP) TFTP HTTP HTTPS...
Page 638
Using the Web Browser Interface for Basic Configuration Tasks Enabling IP Services on the Router Figure 14-11. IP Services Enable/Disable To enable the router as an SNMP Server, click the box. To enable the router as an FTP Server, click the box. To enable the router as a TFTP server, click the box.
Using the Web Browser Interface for Basic Configuration Tasks Enabling IP Services on the Router To change the HTTPS Server Port, enter the desired port number in the box. The default is 443. To enable the router’s Secure Copy Server, click the box. 10.
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring Passwords to Control Management Access to the Router The ProCurve Secure Router uses usernames and passwords to control man- agement access to the router. In addition to configuring usernames and passwords for each access method, you can enable the Authentication, Autho- rization, and Accounting (AAA) subsystem, which allows you to configure multiple access methods in case an access method fails.
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Figure 14-13. Add/Modify/Delete Users Window Configuring a Local User List: Passwords for Web, SSH, and FTP Access When you configured the router for HTTP or HTTPS access, you entered a username and password.
Page 642
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router To view the local user list from the Web browser interface, select Pass- words in the left navigation bar. The Add/Modify/Delete Users window is displayed, and the usernames that have been configured are listed under the Modify/Delete User heading.
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring an Enable Mode Password To configure an enable mode password, complete these steps: Select Passwords in the left navigation bar and scroll to the bottom of the Add/Modify/Delete Users window.
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring a Password for Telnet Access To configure a password for Telnet access, complete these steps: Select Passwords in the left navigation bar and scroll to the bottom of the Add/Modify/Delete Users window.
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring a Password for Console Access To configure a password for console access, complete these steps: Select Passwords in the left navigation bar and scroll to the bottom of the Add/Modify/Delete Users window.
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring a Password for SSH Access To configure a password for SSH access, complete these steps: Select Passwords in the left navigation bar and scroll to the bottom of the Add/Modify/Delete Users window.
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring a Password for HTTP Access To configure a password for Web access, complete these steps: Select Passwords in the left navigation bar and scroll to the bottom of the Add/Modify/Delete Users window.
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring a Password for FTP Access To configure a password for FTP access, complete these steps: Select Passwords in the left navigation bar and scroll to the bottom of the Add/Modify/Delete Users window.
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Using the AAA Subsystem to Control Management Access Authentication, authorization, and accounting (AAA) is an industry standard for controlling: which users can access a system (authentication) what they can do once they are granted access (authorization) what is recorded about their activities (accounting) The AAA subsystem on the ProCurve Secure Router currently supports...
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring Authentication Using a RADIUS Server If you want to use a RADIUS server to authenticate users who access the router, you must enable the AAA subsystem. Select Passwords in the left navigation bar and scroll to the bottom of the Add/Modify/Delete Users window.
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router For TCP Port, accept the default port unless the RADIUS server is operating on a different port. For Retries, configure the number of attempts that the ProCurve Secure Router will make to contact the RADIUS server.
Page 652
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Figure 14-22. Configure the Settings for a TACACS+ Server b. For Address, enter the IP address of the TACACS+ server. For Shared Key, enter the shared key. Re-enter the key to confirm it. d.
Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces Configuring Ethernet Interfaces To configure an Ethernet interface from the Web browser interface, complete the following steps. If you need more information about any of the options, see Chapter 3: Configuring Ethernet Interfaces. Click Physical Interfaces in the left navigation bar.
Page 654
Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces Use the pull-down menu to configure the Speed/Duplex setting: To select an automatically negotiated connection, select Auto. b. To specify a 10 Mbps connection with half-or full-duplex, select 10Mbps/half or 10Mbps/full.
Page 655
Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces Figure 14-24.IP Settings Section 10. Use the pull-down menu to configure the Address Type: • None—Select this setting if you intend to set up a bridge group with the Ethernet interface.
Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces b. For Dynamic DNS Hostname, enter the hostname you are registering for the interface. For Dynamic DNS Username, enter the username for your company’s account with DynDNS.org. d. For Dynamic DNS Password, enter the password for your company’s account with DynDNS.org.
Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces Figure 14-25.Status for Ethernet Interface Configuring PPPoE for the Ethernet Interface To configure PPPoE, complete the following steps: Access the Configuration for Ethernet window, select PPPoE for the Interface Mode, and click Apply.
Page 658
Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces Figure 14-26.PPPoE for the Ethernet Interface If you want to configure PPP authentication, see “PPP Authentication” on page 14-50. Configure IP settings. For Address Type select one of the following. •...
Page 659
Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces Figure 14-27.Configure IP Settings Dynamic DNS Configure dynamic DNS, if needed. For more information about dynamic DNS, see “Configuring Dynamic DNS” on page 14-91. For Dynamic DNS, use the pull-down menu to select DynDNS.org, DynDNS.org Static, or DynDNS.org Custom.
Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces View Statistics for the PPP Interface Status information is displayed at the bottom of the Configuration PPPoE window. After you apply your changes, the PPP Link State will be “starting,” indicating that the ProCurve Secure Router OS is trying to establish a PPP connection with its peer.
Using the Web Browser Interface for Basic Configuration Tasks Configuring E1 and T1 Interfaces Configuring E1 and T1 Interfaces When you set up an E1- or T1-carrier line, you must configure the Physical Layer and the Data Link Layer. This section explains how to configure the Physical Layer—the E1 or T1 interface—if you have purchased: an E1 module that includes a built-in Digital Service Unit (DSU) a T1 module that includes a built-in Channel Service Unit (CSU)/DSU...
Page 662
Using the Web Browser Interface for Basic Configuration Tasks Configuring E1 and T1 Interfaces Figure 14-30. Configuration for E1 Interface Window Enter a description in the Description box if you want to document information about the E1 or T1 interface. This information will be dis- played in the running-config under the appropriate interface heading.
Page 663
Using the Web Browser Interface for Basic Configuration Tasks Configuring E1 and T1 Interfaces Configure the clock source for the interface in the Clocking pull-down menu. • Select line if you want the interface to take its timing from the public carrier’s equipment.
Using the Web Browser Interface for Basic Configuration Tasks Configuring E1 and T1 Interfaces 11. Accept the default setting of 64 Kbps for the DS0 speed unless your public carrier tells you to change this setting. Typically, you will change the setting only if you are leasing a T1-carrier line and are using the D4 frame format.
Page 665
Using the Web Browser Interface for Basic Configuration Tasks Configuring E1 and T1 Interfaces Figure 14-31. Status for E1 Interface C a u t i o n Clicking the Continuous Refresh button requires the router to send continuous updates, consuming bandwidth and router resources. 14-43...
Using the Web Browser Interface for Basic Configuration Tasks Configuring a Serial Interface for an E1- or T1-Carrier Line Configuring a Serial Interface for an E1- or T1-Carrier Line If your public carrier provided you with an external CSU/DSU, you purchased a serial module for the ProCurve Secure Router.
Page 667
Using the Web Browser Interface for Basic Configuration Tasks Configuring a Serial Interface for an E1- or T1-Carrier Line Enter a string of up to 80 characters in the Description field if you want to document information about this interface. Select the Enable box to activate the interface.
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Status Information Status information is displayed at the bottom of the Configuration for Serial window. This readout is not in real-time. To update the readout to the current statistics, click the Continuous Refresh button.
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configure PPP as the Data Link Layer Protocol The following steps explain the initial configuration of PPP as the Data Link Layer protocol.
Page 670
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces If you have not set a QoS Policy, None is displayed for its QoS policy. To create a QoS policy, see “Configuring Quality of Service” on page 14-44 in the Advanced Management and Configuration Guide.
Page 671
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Figure 14-35. IP Settings Dynamic DNS 10. Configure dynamic DNS, if needed. For more information about dynamic DNS, see “Configuring Dynamic DNS” on page 14-91. For Dynamic DNS, use the pull-down menu to select DynDNS.org, DynDNS.org Static, or DynDNS.org Custom.
Page 672
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Status Information Status information is displayed at the bottom of the Configuration PPP window. After you apply your changes, the PPP Link State will be “starting,” indicating that the ProCurve Secure Router OS is trying to establish a PPP connection with its peer.
Page 673
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Figure 14-36. Configuring Two-Way PAP Authentication In the pull-down menu for Peer Authentication Type, select PAP or CHAP. Enter the remote endpoint’s username and password in the Peer Username and Peer Password fields.
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Figure 14-37. Configuring the Local Router to Authenticate Itself In the pull-down menu for Sent Authentication Type, select PAP or CHAP. The protocol must match that requested by the peer.
Page 675
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Figure 14-38. Frame Relay Configuration Window From the Frame Relay Configuration window, enter a string of text up to 80 characters in the Description box if you want to record information about the WAN connection.
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Use the pull-down menu to select the Frame Relay’s signaling role: • If this interface is acting as Data Terminal Equipment, select Connect to a switch (DTE).
Page 677
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Figure 14-40.Configuration for Frame Relay Subinterface Window Enter a string of text up to 80 characters in the Description box if you want to record information about the Frame Relay subinterface.
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configure IP Settings Configure the IP settings for the Frame Relay subinterface. • None—Select this setting if you intend to set up a bridge group with the Frame Relay subinterface.
Page 679
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Figure 14-41. Statistics for Frame Relay Subinterface 11. Reset statistics by clicking the Clear Statistics button. 12. Get continuous updates by clicking the Continuous Refresh button. To stop the continuous updates, click the Stop Refreshing button.
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configure HDLC as the Data Link Layer Protocol The following steps explain the initial configuration of HDLC as the Data Link Layer protocol.
Page 681
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Verify that the HDLC is bound to the proper physical interface by checking the Physical Interface field. If you have not set a QoS Policy, this HDLC interface will display None for its QoS policy.
Page 682
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Status Information You can also check the HDLC interface statistics in the Status for “hdlc ” section. To reset the statistics, click the Clear Statistics button. To get real-time updates, click Continuous Refresh.
Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces Configuring ADSL Interfaces To configure the ProCurve Secure Router to support an Asymmetric Digital Subscriber Line (ADSL), complete the following steps. If you need more information about any of the ADSL or Asynchronous Transfer Mode (ATM) options, see Chapter 7: ADSL WAN Connections.
Page 684
Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces Figure 14-46.Configuration for ADSL Window Enter a description for the interface if you want to document information about the ADSL connection. The description is displayed when you view the running-config file.
Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces Configure an ATM Interface Figure 14-47.Configuration for ATM Interface Window 12. Enter a description if you want to document information about the ATM interface. 13. Click the Enabled box to activate the ATM interface. 14.
Page 686
Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces Figure 14-48. Configuration for ATM Subinterface Window 16. Click the Enabled box to activate the subinterface. 17. For PVC, enter the virtual path identifier (VPI) in the first box, and enter the virtual channel identifier (VCI) in the second box.
Page 687
Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces Figure 14-49. Advanced Configuration Section 21. Configure Fair-Queue, Fair-Queue Threshold, and Hold-Queue settings if you want to configure QoS on this interface. For more information about QoS, see“Configuring Quality of Service” on page 14-44 in the Advanced Management and Configuration Guide.
Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces • OAM PVC Frequency—determines the time delay between OAM loopback cells. This setting is used unless the router is verifying a PVC state change (in which case it uses the OAM retry frequency setting). Specify a number between 0 to 600 seconds.
Page 689
Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces 26. For Address Type, use the pull-down menu to select: • None—Select None if you want this interface to be part of a bridge. Static—Select Static if you want to configure a fixed IP address for •...
Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces Status Information You can view information about both the ATM interface and subinterface. To view information about the ATM interface, move to the Configuration for “atm ” window and scroll to the bottom of the window. Likewise, you can view the status of the ATM subinterface by scrolling to the bottom of the Configuration for “atm ”...
Page 691
Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces Figure 14-52.PPPoE Configuration Window Configure IP settings. For Address Type select one of the following. • None—Select this setting if you intend to set up a bridge group with the PPP interface.
Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces • Unnumbered—To set up the PPP interface with the same IP address as another interface, click the Unnumbered option. The Interface box is displayed. Use the pull-down menu for the Interface box to select the appropri- ate interface.
Using the Web Browser Interface for Basic Configuration Tasks ISDN Modules ISDN Modules The two-port ISDN modules provide basic rate interface (BRI) ISDN for a primary WAN connection. Each ISDN line can provide up to two 64 Kbps channels. You can aggregate multiple channels for a single ISDN connection. (However, you must configure the aggregation from the CLI.) The ISDN BRI S/T module provides an interface to connect the router to Network Termination 2 (NT2) or NT1 equipment.
Page 694
Using the Web Browser Interface for Basic Configuration Tasks ISDN Modules Figure 14-53. Configuration for a BRI Interface Enter a description in the Description box if you want to document information about the BRI interface. This information will be displayed in the running-config under the appropriate interface heading.
Page 695
Using the Web Browser Interface for Basic Configuration Tasks ISDN Modules After you activate the BRI interface, you can view its status. Scroll to the Status for BRI window. The Line Status indicates whether the interface is up or down and whether it currently active. You can view the B1 State, B2 State, and D-Channel State to determine which channels are currently active.
Page 696
Using the Web Browser Interface for Basic Configuration Tasks E1 + G.703 and T1 + DSX-1 Modules You can restart the D-channel by selecting the Restart-d option and clicking Apply. For example, you might need to restart the D-channel if a problem occurs during the call process.
Page 697
Using the Web Browser Interface for Basic Configuration Tasks E1 + G.703 and T1 + DSX-1 Modules When you configure the G.703 or DSX-1 interface, the settings you enter should match those used by your private branch exchange (PBX). To configure the G.703 or DSX-1 interface from the Web browser interface, complete the following steps: From the left navigation bar, click Physical Interfaces.
Page 698
Using the Web Browser Interface for Basic Configuration Tasks E1 + G.703 and T1 + DSX-1 Modules To activate the interface, select the Enable box. Ignore the clock source because you set the clock source for this module on the E1 or T1 interface. Set the frame format: •...
Using the Web Browser Interface for Basic Configuration Tasks Bridging Bridging You can configure the router to act as a remote bridge so that it can: bridge non-IP protocols bridge two sites using addresses on the same subnet The ProCurve Secure Router automatically implements Rapid Spanning Tree Protocol (RSTP), or IEEE 802.1w on all bridged interfaces.
Page 700
Using the Web Browser Interface for Basic Configuration Tasks Bridging Figure 14-56. Disabling Routing In the left navigation bar, select Bridging under Router/Bridge. Enter a number between 1 and 255 in the Bridge Number box in the Add/ Modify/Delete Bridge window. Click Add.
Page 701
Using the Web Browser Interface for Basic Configuration Tasks Bridging Figure 14-57. Configuring a Bridge The Assign Interfaces to a Bridge window displays all Ethernet and logical interfaces on the router. (For Frame Relay and ATM, it displays subinterfaces.) For each interface that should participate in the bridge, select the bridge group from the pull-down menu.
Using the Web Browser Interface for Basic Configuration Tasks Bridging Figure 14-58. Viewing the Bridge Table A bridge group on ProCurve Secure Router listens for frames from connected hosts. It stores the frame’s source MAC address with the interface on which the frame arrived in a bridge table.
Using the Web Browser Interface for Basic Configuration Tasks Bridging Viewing a Spanning Tree RSTP and STP prune connections in a looped topology. All nodes participating in the same bridge group generate a shared, loopless topology. You can view information about this topology, called a spanning tree instance. Follow these steps: In the left navigation bar, select Spanning Tree under Router/Bridge.
Using the Web Browser Interface for Basic Configuration Tasks Bridging Figure 14-59.Viewing a Spanning Tree Setting Global Spanning Tree Parameters You set the spanning tree protocol version, router’s bridge priority, and spanning tree timers in the Spanning Tree window. Select Spanning Tree under Router/Bridge in the left navigation bar. RSTP is fully backwards compatible with STP.
Page 705
Using the Web Browser Interface for Basic Configuration Tasks Bridging Figure 14-60. Configuring Spanning Tree Properties Bridges elect the device with the lowest bridge ID (priority plus MAC address) root. You can manipulate which device becomes root by chang- ing devices’ priorities. Enter a number between 0 and 65535 in the Bridge Priority field.
Page 706
Using the Web Browser Interface for Basic Configuration Tasks Bridging Table 14-1. Spanning Tree Timers Timer Function Default Range hello time Each forwarding interface periodically 2 seconds 0 to 1,000,000 transmits BPDU hellos. If neighbors miss three hellos from an interface, they assume the connection is down and send out TC BPDU to this effect.
Page 707
Using the Web Browser Interface for Basic Configuration Tasks Bridging If necessary, you can override this setting and manually set the connection type. Select Forced Point-to-Point or Forced Shared from the Link Type Configuration pull-down menu. If you leave this setting at the default Automatically determined, then the Link Type displays the setting used on the interface.
Using the Web Browser Interface for Basic Configuration Tasks Routing Routing The ProCurve Secure Router stores routes in a route table, which it uses to route traffic from one network to another. Each route includes: destination IP address and subnet mask administrative distance—the reliability of the route metric—the cost of reaching the destination next hop address or forwarding interface...
Page 709
Using the Web Browser Interface for Basic Configuration Tasks Routing b. You can alternatively specify the local interface through the router will forward traffic destined to the destination network. Select Interface and choose the forwarding interface from the pull-down menu. This option has several advantages, particularly when you are connecting to an ISP router: –...
Using the Web Browser Interface for Basic Configuration Tasks Routing the same destination (for example, one through a primary connection and one through a backup connection), you should assign the route with lower priority a higher administrative distance. The router will only add the second route if the first route becomes unavailable.
Using the Web Browser Interface for Basic Configuration Tasks DNS Services Figure 14-63. Configuring a Default Route DNS Services The ProCurve Secure Router automatically acts as a DNS client. You must, however, specify the address for its DNS server or servers. You can also: add entries to the router’s host table for any local hosts whose addresses the router should be able to resolve on its own enable DNS proxy so that the router can act as a name server for clients...
Page 712
Using the Web Browser Interface for Basic Configuration Tasks DNS Services Enter your network’s domain name in the Domain field. The Enable DNS Lookup box should be checked. If it is not, select it. This allows the router to act as a DNS client, look up its own requests in the local host table, and sent its own DNS requests to an external server.
Using the Web Browser Interface for Basic Configuration Tasks DNS Services Figure 14-65. Configuring the Local Host Table Configure the router’s local host table: In the Add/Modify/Delete DNS Host Entries window, enter a host- name and the corresponding IP address. The host should be in the router’s default domain, so you do not need to include the domain name.
Page 714
Using the Web Browser Interface for Basic Configuration Tasks DNS Services Your customers may need to access devices on your network, such as Web servers, whose addresses are linked to the dynamic public address. However, if this address changes, the hostname stored in DNS servers throughout the Internet will no longer match the device’s actual IP address.
Page 715
Using the Web Browser Interface for Basic Configuration Tasks DNS Services Figure 14-66.Configuring Dynamic DNS in the Configuration Window for an IP Interface Return to the Web browser interface. Click IP Interfaces under Router/Bridge in the left navigation bar. (If you have not yet configured the logical interface for the connection to the Internet, you must do so.
Using the Web Browser Interface for Basic Configuration Tasks Dynamic Host Configuration Protocol Enter the hostname for the device in the Dynamic DNS Hostname box. Enter the username and password you created for your DynDNS account in the Dynamic DNS Username and Dynamic DNS Password boxes. Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) allows hosts, acting as DHCP clients, to receive temporary configurations (such as an IP address, default...
Using the Web Browser Interface for Basic Configuration Tasks Dynamic Host Configuration Protocol Configuring a DHCP Pool for a Subnet Complete these steps: Under System in the left navigation bar, select DHCP Server. You should exclude all IP addresses permanently assigned to devices (such as routers, switches, and servers).
Page 718
Using the Web Browser Interface for Basic Configuration Tasks Dynamic Host Configuration Protocol Figure 14-68.Required Configurations for a DHCP Pool Click the Required Configuration tab: Under IP Addresses, select Assign IP addresses to all DHCP clients on a subnet and complete the Subnet Address and Subnet Mask fields. b.
Using the Web Browser Interface for Basic Configuration Tasks Dynamic Host Configuration Protocol Figure 14-69. Optional Configurations for a DHCP Pool Click the Optional Configuration tab to specify optional configurations that the router should send to clients, including: • domain name •...
Using the Web Browser Interface for Basic Configuration Tasks Dynamic Host Configuration Protocol Figure 14-70. Assigning a Fixed Address to a Single Host Follow the process outlined in “Configuring a DHCP Pool for a Subnet” on page 14-95. However, in step 7a, select Reserve a fixed address for a single host.
Page 721
Using the Web Browser Interface for Basic Configuration Tasks Dynamic Host Configuration Protocol You can configure the following router interfaces to receive a dynamic address from a service provider or other DHCP server: Ethernet interfaces Frame Relay subinterfaces ATM subinterfaces bridged PPP interfaces You can prevent the router from receiving a default route, DNS server address, or domain name from the external DHCP server, but you must do so from the...
Using the Web Browser Interface for Basic Configuration Tasks Configuring UDP Relay Configuring UDP Relay You can configure the ProCurve Secure Router to forward packets destined to certain UDP ports to a helper address. For example, your LAN may include a DHCP server in only one of its VLANs.
Page 723
Using the Web Browser Interface for Basic Configuration Tasks Configuring UDP Relay Select the protocol for the packets that you want the router to forward from the UDP Protocol pull-down menu. For example, you could select bootps (67) to configure the router to forward DHCP requests. Click Add.
Page 724
Using the Web Browser Interface for Basic Configuration Tasks Configuring UDP Relay 14-102...
Appendix A: Configuring the Router to Boot from Compact Flash Updating the Boot Process If your router was shipped before July 2005, your router can be updated to boot, by default, from compact flash. Follow these steps: Update the router Boot ROM to version J02_02A.biz or later. Load and boot from the updated Boot ROM file (J02_02A.biz or later).
Page 726
Appendix A: Configuring the Router to Boot from Compact Flash Updating the Boot Process...
Page 727
Appendix B: Glossary Numeric 2B+D 2 Bearer + 1 Data. A method for describing channel designations in ISDN lines. Bearer channels transmit data and voice. Data channels are reserved for signaling information and call control. See also ISDN. 2B1Q 2 Bits 1 Quaternary. A compressed encoding scheme used by BRI ISDN that provides for two bits to be encoded into one quaternary signal.
Page 728
Appendix B: Glossary AAL Asynchronous Transfer Mode (ATM) Adaptation Layer. The AAL is the interface between the higher layer protocols and the ATM layer. When relaying information it receives from the higher layer protocols, the AAL segments the data into ATM cells. When relaying information it receives from the ATM layer, the AAL reassembles the payload into a format the higher layers can understand.
Page 729
Appendix B: Glossary ACP Access Control Policy. An ACP filters the traffic that arrives on an interface, either dropping the traffic selected by an ACL or allowing that traffic to pass. Address and An LCP option that allows peers to compress the address and control fields Control Field in PPP frames and thus minimize overhead.
Page 730
Appendix B: Glossary AH Authentication Header. One of the IPSec protocols that can encapsulate packets sent over a VPN tunnel. AH uses authentication algorithms to ensure the integrity of the packet contents. AH authenticates the entire IPSec packet, including the delivery IP header. See also IPSec. ALG Application Level Gateway.
Page 731
Appendix B: Glossary The host on the network that has this IP address replies with its physical hardware address. Most often used in Ethernet networks using IPv4. For more information about ARP, see RFC 826 (at http://www.ietf.org/rfc/rfc0826.txt). ARPANET Advanced Research Projects Agency NETwork. The world’s first operational packet-switching network composed of mostly educational entities.
Page 732
Appendix B: Glossary BACP Bandwidth Allocation Control Protocol. An NCP in the PPP protocol suite that manages the BAP config option. BACP frames determine which peer will be favored in the event of a simultaneous submission. Because it is an NCP used in establishing a PPP connection, BACP frames must be exchanged before any BAP (LCP) frames are exchanged.
Page 733
Appendix B: Glossary BNC Connectors Bayonet Neill Concelman connectors. Also called British Naval Connector, or Bayonet Nut Connector. A type of connector used with coaxial cables such as the RG-58 A/U cable that is used in 10Base-2 Ethernet systems. The basic BNC connector is a male connector, which is placed at each end of a cable.
Page 734
Appendix B: Glossary CA Certificate Authority. A trusted third-party that verifies the identity of two parties that want to communicate with one another. CAs are responsible for generating, distributing, and revoking digital authentication certificates. Veri- Sign is an example of a CA. CAP Carrierless Amplitude/Phase.
Page 735
Appendix B: Glossary CEPT Conference of European Postal and Telecommunications. A standardizing body. For more information about CEPT, see the CEPT website at http:// www.cept.org. CEPT Hierarchy The signal hierarchy used with E-carrier lines. See also E1-carrier line and E-3 carrier line.
Page 736
Appendix B: Glossary Cipher Text Encrypted data. CIR Committed Information Rate. For Frame Relay networks, the CIR is the bandwidth that the carrier guarantees to be available for a particular PVC under normal circumstances. Typically, the CIR is specified in the Frame Relay SLA.
Page 737
Appendix B: Glossary CPE Customer Premises Equipment. The public carrier access equipment that a customer must purchase and maintain. This equipment is not maintained or owned by the Local Exchange Carrier. Some examples of this equipment are CSU/DSUs, modems and telephones. CRC Cyclic Redundancy Checking.
Page 738
Appendix B: Glossary D4 A superframe format used on T1-carrier lines. The D4 frames consists of 12 193-bit frames combined into a single superframe. DACS Digital Access and Cross-connect System (US). In the United States, a DACS is a telecommunications device used to route T1-carrier lines. A DACS uses D3/D4 framing to cross-connect any T1 DS0 channel (or a complete T1-carrier line) in the system with any other T1 DS0 channel or line also in the system.
Page 739
Appendix B: Glossary D-sub 9 female D-sub 9 male D-sub 9 connector DB-25 A 25-pin D-shaped serial connector. This connector is often used with printer serial cables and serial connections. DB-25 male DB-25 female DB-25 connector DCE Data Communications Equipment. A device that communicates with a DTE device.
Page 740
Appendix B: Glossary Demarc Point of demarcation. The point at which the public carrier’s network ends and the subscriber’s local network begins. DES Data Encryption Standard. DES is a published encryption algorithm that uses a 56-bit symmetric key to encrypt data in 64-bit blocks. IPSec, the industry standard for VPNs, supports 3DES.
Page 741
Appendix B: Glossary DLCI Data Link Connection Identifier. In a Frame Relay network, the DLCI is a 10- bit field within the address field that specifies the PVC path that a particular frame takes. DLCIs have only local significance; the value is changed at each switch.
Page 742
Appendix B: Glossary DSCP Differentiated Services Code Point. Six bits in the DiffServ header that can be set with values that define up to 63 traffic classes. For more information about DSCP values and usage, see RFC 2983 (at http://www.ietf.org/rfc/rfc2983.txt). See also DiffServ.
Page 743
Appendix B: Glossary Table 2-2. Digital Signal X (DSX) hierarchy Physical DSX interface DSO multiple T1 multiple Transmission carrier rate — — — 64 Kbps DSX-1 — 1.544 Mbps DSX-2 6.312 Mbps DSX-3 44.736 Mbps DSX-4 4032 274.176 Mbps DSX-5 8064 560.160 Mbps DSX-1 Digital Signal X-1.
Page 744
Appendix B: Glossary DWDM is also sometimes called Wave Division Multiplexing (WDM). For information about IP over optical networks, see RFC 3717 (at http:// www.ietf.org/rfc/rfc3717.txt). E0 The base bandwidth multiple of E-carrier systems. E0 channels can transmit at up to 64 Kbps. E1-carrier line Provides a dedicated WAN connection.
Page 745
Appendix B: Glossary to send WAN traffic, BGP replaced it as the routing protocol for the Internet. For more information about EGP, see RFC 827 (at http://www.ietf.org/rfc/ rfc0827.txt). See also BGP. EIR Excess Information Rate. In a Frame Relay network, the EIR is the bandwidth, in excess of the CIR, that the carrier attempts to deliver when the virtual circuit is not congested.
Page 746
Appendix B: Glossary FECN Forward Explicit Congestion Notification. The DTE sending data can set this bit to indicate that the network is experiencing congestion and the destination DTE should stop sending so many requests for data. See also Frame Relay and BECN.
Page 747
Appendix B: Glossary Frame A packet of information that has been encapsulated by a Data Link Layer protocol. Each Data Link Layer protocol defines a frame header, which includes the information that the receiver needs to process the frame and recover the data in the encapsulated packet.
Page 748
Appendix B: Glossary FTTC Fiber-To-The-Curb. Refers to the installation of fiber optic cable directly to the curbs near homes or businesses. Fiber optic cable, which provides much greater transmission speeds than copper wiring, is already used for much of the POTS long-distance infrastructure. By decreasing the time it takes data to travel from a customer to the customer’s provider, FTTC would greatly increase individual users’...
Page 749
Appendix B: Glossary eliminating bottlenecks in topologies with data rate mismatches. GTS is supported by Data Link Layer protocols like Ethernet, SMDS, and Frame Relay. GTS uses WFQ as the method for shaping the traffic. See also WFQ and QoS. GUI Graphical User Interface.
Page 750
Appendix B: Glossary HFC Hybrid Fiber Coax. A telecommunication technology in which fiber optic cable and coaxial cable are used in different portions of a network to carry broadband content (such as video, data, and voice). The service provider installs fiber optic cable from their distribution center to serving nodes located close to business and residential users.
Page 751
Appendix B: Glossary IDEA International Data Encryption Algorithm. A symmetric encryption algorithm supported by IPSec. IDEA, which is a block cipher, is a fast 3DES equivalent. IDSL ISDN DSL. A ISDN DSL service that uses 2B1Q but unlike traditional ISDN is always on.
Page 752
Appendix B: Glossary IP Internet Protocol. A Network Layer (Layer 3) protocol that controls how packets of data are addressed and routed from one device to another. IP is the network protocol used on the Internet, as well as in many private networks. Each host on the Internet has at least one IP address that uniquely identifies it.
Page 753
Appendix B: Glossary IPX Internetwork Packet eXchange. A Layer 3 networking protocol used in Novell NetWare operating system environments. Like UDP/IP, IPX is a datagram protocol used for routing packets in connectionless communications. For more information on IPX use in Ethernet networks, see RFC 1132 (at http:// www.ietf.org/rfc/rfc1132.txt).
Page 754
Appendix B: Glossary Japanese A digital signal hierarchy used in Japan for voice transmission. A J0 line is Hierarchy defines a one channel. The Japanese hierarchy closely matches the T-carrier system. Table 2-3. Japanese digital signal hierarchy Physical J0 multiple J1 multiple Transmission carrier...
Page 755
Appendix B: Glossary LAN Local Area Network. A group of computers and associated devices within a small geographic area that share a common communications line. The com- puters also often the resources of a single server or set of servers. LAPD Link Access Procedure for D-channel.
Page 756
Appendix B: Glossary Line The hardware that connects two devices. Materials for lines include fiber optic, coaxial, and phone-grade twisted pair cables. LLC/SNAP Logical Link Control/Subnetwork Access Protocol. An 8-byte packet encap- sulation header added by the WAN router to outgoing Ethernet or ATM traffic. The LLC/SNAP header enables devices in a connectionless network to send frames to the devices that can switch them to their destination.
Page 757
Appendix B: Glossary LSA Link-state advertisement (LSA). Packet sent by an OSPF router advertising its connections to a network or to another router. OSPF routers use LSAs to generate an OSPF database with the topology of the entire OSPF network. See also OSPF.
Page 758
Appendix B: Glossary MD5 Message Digest 5. A hash algorithm used to create digital signatures. MD5 is a one-way hash function, which transforms and condenses data into a fixed string of digits called a message digest. A variety of protocols, including AH and ESP, use MD5 to check a message’s data integrity as well as authenticate the sender.
Page 759
Appendix B: Glossary MPLS Multiprotocol Label Switching. A process that allows packets to be routed according to their pre-defined labels instead of according to their IP addresses and routing protocol table entries. Incoming packets are assigned a label by a label edge router (LER). Packets are forwarded along a label switch path (LSP), on which each label switch router (LSR) makes forwarding decisions based solely on the contents of the label.
Page 760
Appendix B: Glossary Multiplexing Combining and transmitting multiple signals over a single channel. Also known as “muxing.” The most important type of multiplexing for data transfer is time-division multiplexing (TDM), which is used with digital signals. See also TDM. Multiplexer Also known as a MUX. A communications device that multiplexes (combines) signals from multiple sources for transmission over a single medium.
Page 761
Appendix B: Glossary testing is required for vendors who wish to sell equipment to the Regional Bell Operating Companies (RBOCs) and the Competitive Local Exchange Carriers (CLECs). Level 3 testing is the most stringent level of testing. Network A generic term describing computers that are interconnected and can com- municate with each other.
Page 762
Appendix B: Glossary NT1 Network Termination 1. A device at the physical and electrical termination of the ISDN line. The NT1 monitors the line, maintains timing, and provides power to the ISDN line. This device is purchased and maintained by the subscriber.
Page 763
Appendix B: Glossary large systems, the operating system ensures that different programs and users running at the same time do not interfere with each other. The operating system is also responsible for security, ensuring that unauthorized users do not access the system. OSI Open Systems Interconnection.
Page 764
Appendix B: Glossary Packet A block of data encapsulated within one or more protocol headers. These headers provide information about the packet’s application and about how the packet is to be handled and routed as it travels through the network. A packet that has been encapsulated within a Data Link Layer protocol is called a frame or a cell (ATM).
Page 765
Appendix B: Glossary PDP Policy Decision Point. In QoS-managed systems, a PDP is a server that makes policy decisions. This server has global knowledge of network policies and is consulted by the network devices (like routers) that enforce the policies. PEM Format Privacy-Enhanced Mail Format.
Page 766
Appendix B: Glossary PON Passive Optical Network. A system that brings optical fiber cabling and signals all or most of the way to the end user using passive equipment, which saves power and cost. Depending on where the PON terminates, the system can be described as Fiber-To-The-Curb (FTTC), Fiber-To-The-Building (FTTB), or Fiber-To-The-Home (FTTH).
Page 767
Appendix B: Glossary Presentation Layer 6 of the OSI model. This layer is responsible for the delivery and Layer formatting of information to the Application Layer for further processing or display. This layer deals with issues such as how strings are represented. It also formats and encrypts data to be sent across a network, providing freedom from compatibility problems.
Page 768
Appendix B: Glossary QoS Quality of Service. The “quality” of the packet forwarding service provided to a packet. A value set in the packet’s ToS field can request a specific level of QoS. QoS mechanisms regulate and manage traffic across a WAN link to lower latency for high-priority packets and to increase the quality and speed of data transmissions.
Page 769
Appendix B: Glossary companies owned at least two Bell operating companies. The BOCs were given the right to provide local phone service while AT&T was allowed to retain its long distance service. The RBOCs and their constituent BOCs are LECs. RBS Robbed-Bit Signaling.
Page 770
Appendix B: Glossary RIP Routing Information Protocol. A routing protocol that manages routing infor- mation within a self-contained network such as a LAN or an interconnected group of LANs. RIP is an older routing protocol, best suited for smaller networks, that selects best routes based on lowest hop count. For more information on RIP, see RFC 2453 (at http://www.ietf.org/rfc/rfc2453.txt).
Page 771
Appendix B: Glossary RJ-45 connector—uses two twisted pairs T=tip, R=ring, P=pair TX1, transmit positive TX2, transmit negative RX1, receive positive — — RX2, receive negative — — WAN/LAN connector RJ-48C Registered Jack 48C. A miniature 8-position keyed jack/connector used with cable having four twisted-pairs.
Page 772
Appendix B: Glossary Router A device that forwards data packets from one network to another. A router connects at least two different networks. A WAN router often connects LANs to WANs or to an ISP. A router uses a packet’s Layer 3 header to determine the route over which it should send it.
Page 773
Appendix B: Glossary Figure 2-2. SC connector SCEP Simple Certificate Enrollment Protocol. A Cisco protocol that, used with LDAP, streamlines the process of acquiring a certificate from a CA. SCEP allows network devices to be issued certificates automatically in a scalable manner.
Page 774
Appendix B: Glossary SHDSL Symmetric High Bit Rate DSL. SHDSL provides a guaranteed level of high symmetric bandwidth and low interference with other telecommunications services. SHDSL is a single-wire HDSL and is also called G.SHDSL. SHDSL provides a higher transmission speed than HDSL2 or SDSL over longer dis- tances.
Page 775
Appendix B: Glossary SNACP SNA Control Protocol. An NCP in the PPP protocol suite that is used to establish a point-to-point connection between hosts sending SNA packets. For more information on SNACP, see RFC 2043 (at http://www.ietf.org/rfc/rfc2043.txt). SNMP Simple Network Management Protocol. An Application Layer protocol that supports the exchange of management information between network devices.
Page 776
Appendix B: Glossary SPID Service Profile IDentifications. A unique identifier used to identify a particular ISDN line and the service and features that line provides. The SPID is generally a 10+ digit number that includes the LDN. Splitter A splitter electronically isolates the lower frequencies of the telephone signal from the higher frequencies of the DSL signals.
Page 777
Appendix B: Glossary to detect suspicious activity and to drop packets prohibited by an organization’s policies. Many network security experts recommend stateful- inspection as the most trusted firewall technology. S/T Interface A common way of referring to either S or T Interfaces, which are often combined in ISDN connections.
Page 778
Appendix B: Glossary T-interface Connects the NT1 to the NT2 in an ISDN network. The T-interface is a four- wire/two twisted pair connection. Outside North America, the T-interface is the first interface at the subscriber’s premises. T1-carrier line A carrier-line that carries speech or data at the DS-1 rate. T1 lines operate with 24 DS0 channels of 64 Kbps each for a total of 1.544 Mbps bandwidth.
Page 779
Appendix B: Glossary Telnet TELephone NETwork. A TCP/IP protocol/program. The purpose of the Telnet Protocol is to provide a fairly general, bi-directional, 8-bit byte-oriented com- munications facility. It is typically used to provide user-oriented command line login sessions between hosts on the Internet. The name “Telnet” came about because the protocol was designed to emulate a single terminal attached to the other computer.
Page 780
Appendix B: Glossary UBR Unspecified Bit Rate. An ATM bandwidth-allocation service that does not guarantee any throughput levels and uses only available bandwidth. UBR is often used when transmitting data that can tolerate delays. U-interface In an ISDN connection, the U-interface is the connection between the local loop and NT1.
Page 781
Appendix B: Glossary VCI Virtual Channel Identifier. A 16-bit field in an ATM cell’s header that identifies the cell’s next destination. The VCI is similar to the DLCI in a Frame Relay network. VDSL Very high bit rate DSL. VDSL runs on fiber optic, providing extremely high- speed WAN connections.
Page 782
Appendix B: Glossary WFQ Weighted Fair Queue. A queuing mechanism where the administrator is able to create multiple queues for different traffic classes and assign a “weight” value to each queue in proportion to its traffic priority level. See also QoS. Wildcard Bits Wildcard bits use reverse logic to allow the user to specify bits within an IP address that must match (0) and that do not need to match (1).
Page 783
Appendix B: Glossary Fastforward Networks. Multimedia Terms (Handbook for MultiMediaCom 2000) IETF RFCs at http://www.ietf.org/ Inclusive.com at http://www.inclusive.com/mmr/prodtypes/pbx.htm/ Intelligent Network 2000: Comprehensive Report International Engineering Consortium. Digital Subscriber Line 2000: Compre- hensive Report. Iona.com at http://www.iona.com/support/docs/manuals/orbix/ 33/html/ orbixsslcxx33_pguide/Validating_Certificates_C++.html/ Javvin.com at http://www.javvin.com/protocolAAL.html/ mpirical.com at http://www.mpirical.com/ The MPLS Resource Center at http://mplsrc.com/ msdn.microsoft.com/...
Page 789
multiple carrier lines to Frame Relay LDN for BRI S/T module … B:8-43 interface … A:2-10 line maintenance … B:8-75 multiple carrier lines to PPP interface … A:2-6 See also BRI backup interface physical interface to Frame Relay signaling (switch) type … B:8-41 interface …...
Page 790
UTP ribbon … B:7-12 CIDR V.35 … B:5-9 DHCP pool … B:13-8, B:13-9 X.21 … B:5-10 IP address for ATM subinterface … B:7-21 call IP address for Frame Relay subinterface … B:6-29 ISDN, setup process … B:8-12 IP address for HDLC interface … B:6-42 caller ID IP address for PPP interface …...
Page 791
commands console basic mode … B:1-39 configuring password through Web browser clear commands … B:1-39, B:1-44 interface … B:14-23 clear event-history … A:4-25 establishing a terminal session with … A:1-9 clock … B:1-45 file transfer with … B:1-76 configure … B:1-46 password for …...
Page 792
default route configuring … B:11-17 D channel receiving from a DHCP server … B:13-24 ISDN … B:8-4 with dynamic routing … B:11-18 LAPD transmitted over … B:8-10 with OSPF … B:13-35, B:13-51 D4 frame format … B:4-16 demand interface data communications equipment … B:6-21 ACL for interesting traffic …...
Page 805
LSA … B:13-30, B:13-34 intervals for … B:13-58 types … B:13-33, B:13-34, B:13-35 debug commands for … B:7-49 multicast routing, with … A:11-28 settings … B:7-26 network backbone or area 0 … B:13-33, B:13-43 office channel unit overview … B:13-29 carrier line …...
Page 806
Password Authentication Protocol join/prunes … A:11-18, A:11-19, A:11-61 See PAP periodic … A:11-24, A:11-38 triggered … A:11-22, A:11-23 monitoring … A:11-48, A:11-54, A:11-55, A:11-56, with NAT … A:6-3 A:11-61 PBR … B:13-123 multi-access networks, special considerations applying route map to router traffic … B:13-142 with …...
Page 807
port translation … A:6-14 PPPoA … B:7-11 port-mapping table … A:6-3 binding ATM subinterface to PPP POTS interface … B:7-38 and ADSL … B:7-9 configuring … B:7-37 power source, redundant … B:1-29 IP address … B:7-37 PPP interface for … B:7-37 authentication for demand interface …...
Page 808
match command … A:7-70 dscp … A:7-45, A:7-61 Q.931 … B:8-11 ip rtp … A:7-38, A:7-47, A:7-61 list … A:7-40, A:7-46, A:7-63, A:7-70 CBWFQ … A:7-11, A:7-18 precedence … A:7-45 configuration wizard … A:14-47 protocol bridge … A:7-25, A:7-41, A:7-48, configuring with Web browser interface …...
Page 809
reload command … A:5-37 deleting communities from … B:13-103 reload in command … B:1-72 entry in … B:13-87 rendezvous point filtering inbound routes … B:13-100 See RP filtering routes repeater … B:5-6 AS path … B:13-93 carrier line … B:4-6 community …...
Page 810
OSPF … B:13-157 SAPI … B:8-10 viewing … B:11-23, B:11-24, B:13-146, B:13-147 saving changes … B:1-56 with routing protocols … B:13-7 SCEP … A:8-56, A:8-57 routing, dynamic routing secure copy server See RIP, OSPF, and BGP enabling … B:2-13 RP … A:11-3, A:11-6 secure router operating system RP set …...
Page 811
troubleshooting … B:5-17 LLDP neighbors … A:12-6, A:12-7 problem with line going down … B:5-21 LLDP neighbors, real time … A:12-7 solutions to problems … B:5-19 LLDP timers … A:12-11 txclock, inverting … B:5-13 logical interfaces … B:6-53 viewing configuration of … B:5-16 persistent backup …...
Page 812
for E1 interfaces … B:4-11 for Ethernet interfaces … B:3-3 configuring password through Web browser for serial interface … B:5-12 interface … B:14-19, B:14-24 for T1 interfaces … B:4-11 lines … B:2-12 smart jack … B:4-5 local user list … B:2-10 for ISDN …...
Page 813
TACACS+ server accounting … B:2-25 T interface … B:8-8, A:3-9 authentication … B:2-18 T1 + DSX-1 authorization … B:2-23 See DSX-1 interface and drop-and-insert clear statistics … B:2-38 module … B:9-13 defining … B:2-31 T1 interface global settings … B:2-34 activating …...
