Page 1: Procurve Secure Router
ProCurve Secure Router 7000dl Series December 2005 J04_01 Basic Management and Configuration Guide...
Page 2 5991-3785 December 2005 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an Applicable Products additional warranty.
Page 3: Table Of Contents
Contents 1 Overview Contents ............1-1 Using This Guide .
Page 4 LEDs for Slots 1 and 2 ........1-24 Status LEDs .
Page 5 Telnet ..........1-42 Traceroute .
Page 6 Troubleshooting ..........1-70 Compact Flash .
Page 7 Configuring AAA for Authentication ......2-16 Creating a Named List for the Enable Mode Authentication ......... 2-16 Creating a Named List for User Authentication .
Page 8 Quick Start ........... . 2-42 Configure the Enable Mode Password .
Page 9: Viewing All The Configuration Settings
Viewing the Status of Ethernet Interfaces or Subinterfaces ... 3-19 show interfaces Command ........3-19 show running-config Commands .
Page 10: Connecting Your Premises To The Public Carrier's
Viewing Information about E1 and T1 Interfaces ....4-26 show interfaces Command ........4-27 show running-config Command .
Page 11 Viewing Information about the Serial Interface ..... 5-15 show interfaces serial Command ......5-15 show running-config interface Command .
Page 12 Define the Frame Relay Signaling Type ....6-26 Configure Frame-Relay Counters ......6-26 Create the Frame Relay Subinterface .
Page 13 Quick Start ........... . 6-70 PPP .
Page 14 Defining the ATM Encapsulation ......7-20 Assigning the ATM Subinterface an IP Address ....7-20 OAM Settings .
Page 15 Clear a PPPoE Connection ....... 7-52 debug pppoe client Command ......7-52 Troubleshooting the PPP Link Establishment Process .
Page 16 Associating a Resource Pool with the Demand Interface ..8-30 Defining the Connect Sequence ......8-30 Specify the Order in Which Connect Sequences Are Used .
Page 17: Configuring Chap Authentication For
Configuring CHAP Authentication for a Demand Interface ........8-54 Configuring the Username and Password That the Router Expects to Receive .
Page 18 Configuring the E1 + G.703 Module ....... . 9- 4 Making the Physical Connection .
Page 19 Quick Start ........... . 9-21 Configuring the E1 + G.703 Module .
Page 20: Determining Which Device Becomes Root
Configuring RSTP ......... 10-17 Determining Which Device Becomes Root: Setting the Router’s Priority .
Page 21 Configuring Static Routes ........11-13 Overview .
Page 22 Configuring DNS ..........12-8 Enabling DNS .
Page 23 Changing a Pool’s Lease Time ......13-10 Specifying DNS, WINS, and Other Servers ....13-11 Specifying a Domain Name for the Subnet .
Page 24 14 Using the Web Browser Interface for Basic Configuration Tasks Contents ............14-1 Configuring Access to the Web Browser Interface .
Page 25 Configuring PPPoE for the Ethernet Interface ....14-35 Dynamic DNS ......... 14-37 Secondary IP Settings .
Page 26 Configuring PPPoE or PPPoA for the ADSL Connection ..14-68 Dynamic DNS ......... 14-70 Secondary IP Settings .
Page 27: Overview
Overview Contents Using This Guide ..........1-5 Understanding Command Syntax Statements .
Page 28 Overview Contents LEDs for Slots 1 and 2 ........1-24 Status LEDs .
Page 29 Overview Contents Terminal ..........1-43 Wall .
Page 30 Overview Contents Managing Configuration Files Using a Text Editor ....1-73 Creating and Transferring Configuration Files ....1-75 Configuration File Transfer Using the Console Port .
Page 31: Using This Guide
Overview Using This Guide Using This Guide The ProCurve Secure Router Management and Configuration Guide describes how to use the ProCurve Secure Router 7000 series in a network environment. Specifically, it focuses on two models: ProCurve Secure Router 7102dl ProCurve Secure Router 7203dl This guide describes how to use the command line interface (CLI) and the Web browser interface to configure, manage, monitor, and troubleshoot basic router operation.
Page 32: Cli Prompt
Overview Using This Guide Square brackets ( [ ] ) are used in two ways: • They enclose a set of options. When entering the command, you select one option from the set. For example, in the second command shown above, you would enter any or host <A.B.C.D>...
Page 33: Ip Address Notation Convention
Overview Using This Guide IP Address Notation Convention You must sometimes enter an IP address or addresses as part of a command. For example, you might need to assign an IP address to a logical interface on the ProCurve Secure Router, or you might need to enter an IP address to be filtered by an ACL.
Page 34: Downloading Software Updates
Overview Using This Guide When the document file opens, click the disk icon in the Acrobat® toolbar and save a copy of the file. Click Product Manuals Figure 1-1. The ProCurve Technical Support Web Page Downloading Software Updates ProCurve Networking periodically updates the router software to include new features.
Page 35: Downloading Software Updates
Overview Using This Guide Step 2 Step 3 Figure 1-2. Downloading Software Updates Release notes are included with the software updates and provide information about: new features and how to configure and use them software management, including downloading the new software to the router software fixes addressed in current and previous releases...
Page 36: Interface Management Options
Overview Interface Management Options Interface Management Options The ProCurve Secure Router includes two management interfaces: the com- mand line interface (CLI) and the Web browser interface. To initially access the CLI, connect the COM port on your workstation to the console port on the front panel of the router.
Page 37: Accessing The Web Browser Interface
Overview Interface Management Options Figure 1-3. Configuring ACPs Using the Web Browser Interface Accessing the Web Browser Interface To access the Web browser interface, you must first establish a CLI session and configure at least one interface through which you can establish an HTTP session with the router.
Page 38: Using The Procurve Web Browser Interface
Overview Interface Management Options Using the ProCurve Web Browser Interface The ProCurve Web browser interface is organized into the following sections: System Router/Bridge Firewall Utilities The System section of the interface contains general router functions. In this section, you can: configure WAN and LAN connections configure IP services enable the Dynamic Host Configuration Protocol (DHCP) and Domain...
Page 39: Hardware Overview
Overview Hardware Overview router’s current OS and upload any necessary upgrades. You can click Reboot and restart the router, and you can also set up a Telnet session by clicking Telnet to Unit. N o t e In the CLI, boot and configuration files are referred to as software. In the Web browser interface, the boot and configuration files are called firmware.
Page 40: Ethernet Ports
Overview Hardware Overview Console Port Figure 1-4. Connecting to the Console Port Ethernet Ports Because the two Ethernet ports are not modular, they are assigned a fixed slot and port number. For interface notation purposes, these ports are labeled Eth 0/1 and Eth 0/2.
Page 41 Overview Hardware Overview Slot 2 Slot 1 Figure 1-6. Two Narrow Slots Each slot can house one of the ten narrow modules available for WAN connections. (See Table 1-1.) Table 1-1. Narrow Slot Modules Module Type of Module Explanation E1 modules: E1 module with integrated DSU supports E1-carrier lines when the service provider does not provide an external DSU...
Page 42: E1 And T1 Modules
Overview Hardware Overview N o t e For information on these or additional modules, please check the ProCurve Web site at www.procurve.com. Click on Products & Solutions in the left bar, then click on Secure Router 7000dl series under WAN. E1 and T1 Modules E-carrier lines are used in Europe, Asia, Australia, and South America.
Page 43 Overview Hardware Overview Figure 1-7. E1 Modules T1 Modules. If you are leasing a T1-carrier line and the public carrier does not provide a CSU/DSU, you will need to purchase one of the three narrow slot T1 modules, which include a built-in CSU/DSU. (See Figure 1-8.) Select: a one-port T1 module, which supports a full T1-carrier line (24 channels or 1.544 Mbps) a two-port T1 module, which provides 1.544 Mbps on each interface (3.088...
Page 44: Isdn Module
Overview Hardware Overview Figure 1-9. Serial Module ADSL2+ Annex A or Annex B Module. The ADSL2+ modules provide bandwidth up to 25 Mbps downstream and 1.544 Mbps upstream. Because ADSL also supports analog voice on the local loop, existing telephone equip- ment and fax machines can continue to carry traffic on the same line.
Page 45: Backup Modules
Overview Hardware Overview Figure 1-11. ISDN BRI Modules Backup Modules A backup connection protects a company’s WAN operations against system failure. Three types of backup modules are available for the ProCurve Secure Router: ISDN BRI S/T backup module for use outside of North America—supports a 64 Kbps backup call or a bonded 128 Kbps call ISDN BRI U backup module for use in the US and Canada—supports a 64 Kbps backup call or a bonded 128 Kbps call...
Page 46: Wide-Slot Option Modules
Overview Hardware Overview Figure 1-12. Installing a Backup Module on Top of a Narrow Slot Module Each backup module can be used to back up any WAN connection on the router, no matter where the backup module is housed. Wide-Slot Option Modules The ProCurve Secure Router 7203dl includes a third, wide-module slot.
Page 47 Overview Hardware Overview E1/T1 Toggle Switch Figure 1-13. E1/T1 Toggle Switch N o t e Although the ProCurve Secure Router 7203dl can support up to 12 E1 or T1 lines, the router only supports enough throughput for up to 8 E1 or T1 lines. You can configure each of the eight ports independently with separate clock sources, frame formats, and other specifications.
Page 48: Interface Numbering Conventions
Overview Hardware Overview Figure 1-15. The Eight-port T1/E1 Serial Module Interface Numbering Conventions When configuring a WAN connection, you will need to specify the slot and port of the physical interface that is providing the connection. The syntax for specifying a physical interface is <interface> <slot>/<port>. Replace <interface>...
Page 49: Status Leds
Overview Hardware Overview Status LEDs ProCurve Secure Routers feature LEDs on the front panel to provide informa- tion about the condition of the router itself and of the modules you have installed. This section describes how to interpret these LEDs. Power LED The power LED indicates the router’s power status.
Page 50: Status Leds
Overview Hardware Overview LEDs for Slots 1 and 2 Both the ProCurve Secure Router 7102dl and 7203dl have two columns of LEDs that report information about the modules installed in the narrow slots. As you would expect, column 1 reports information about the module in slot 1, and column 2 reports information about the module in slot 2.
Page 51: Backup Leds
Overview Hardware Overview Backup LEDs The second LED in each column reports the status of the backup module, if a backup module is installed. The LED in the first column corresponds to the backup module in slot one, and the LED in the second column corresponds to the module in slot two.
Page 52: Status Led
Overview Hardware Overview Slot 3 LEDs Figure 1-18. On the ProCurve Secure Router 7203dl, the Third Column LEDs Report on the Wide Module. Status LED The first LED reports on the status of the wide module, indicating whether the wide module is installed and functional. No light—The module has not been installed or none of the interface ports have been activated.
Page 53: Activity Leds
Overview Hardware Overview Link LED Activity LED Figure 1-19. LEDs for Ethernet Interfaces Activity LEDs Activity LEDs signal data transfer between the LAN and the router. No light—The Ethernet connection is inactive. Flashing yellow—The link is currently transmitting or receiving data. Link LEDs Link LEDs signal whether or not the router recognizes a valid connection to a LAN.
Page 54: Compact Flash Card
Overview Hardware Overview Slot for the IPSec VPN module Figure 1-20. IPSec VPN Module To protect your network from security breaches through the Internet, the ProCurve Secure Router establishes secure VPN tunnels using the industry- standard IP Security (IPSec) protocol. The IPSec VPN module enables the software that supports the IPSec protocols and relieves the CPU of the overhead associated with processing the encryption algorithms.
Page 55: Redundant Power Source
Overview Hardware Overview Redundant Power Source The RPS outlet on the back panel of the ProCurve Secure Router 7203dl provides increased router reliability for mission-critical applications. (See Figure 1-22.) The RPS slot can be used with the ProCurve 600 Redundant External Power Supply.
Page 56: Software Overview
Overview Software Overview Software Overview To manage your ProCurve Secure Router, you must understand basic router operations, including how the router uses: Secure Router OS (SROS) boot code SROS software the startup-config the running-config Further, you must understand how the Secure Router OS is organized so that you can properly configure the router and enable safeguards to protect the router from unauthorized access.
Page 57 Overview Software Overview The boot process begins when you power up the ProCurve Secure Router or manually reload it. It proceeds as follows: The router first loads the SROS boot software (which has been set through the copy <source> <filename> boot command). The router then searches compact flash for the SROS.BIZ file, which contains the Secure Router OS software.
Page 58: Advantages Of Booting From Compact Flash
Overview Software Overview Figure 1-23 summarizes the boot process. ProCurve Secure Router Router loads the boot software (J0X_0X-boot.biz) from internal flash Checks compact flash (cflash) for SROS.BIZ compact flash internal flash Router boots in SROS.BIZ SROS.BIZ bootstrap mode Router boots using startup-config startup-config default settings...
Page 59: Setting Up A Compact Flash Card From Which To Boot The Router
Overview Software Overview Setting Up a Compact Flash Card From Which to Boot the Router Newly shipped ProCurve Secure routers have an internal flash that contains two SROS software files: J0X_0X.biz SROS.BIZ The SROS.BIZ and J0X_0X.biz files are identical. The J0X_0X.biz file reflects the version number of the software, such as J04_01.biz.
Page 60: Autosynch™ Technology
Overview Software Overview When the command is entered, the ProCurve Secure Router first tries to save these changes to a startup-config file on compact flash. If no compact flash card is inserted into the slot on the back panel, the router saves the changes to the startup-config file that is stored in internal flash.
Page 61: Basic Mode
Overview Software Overview This section introduces the different mode contexts and describes the types of commands you can enter in each one. (See Figure 1-24.) Session now available Press to get started Return Return Basic mode context ProCurve> enable Security modes ProCurve# Enable mode context configure terminal...
Page 62: Basic Mode
Overview Software Overview Basic Mode The basic mode allows restricted access to the router, providing only a limited number of commands. From this mode, you can view basic system informa- tion, verify some processes, and enter traceroute and ping commands. You do not have access to any of the options that allow you to configure the router.
Page 63: Global Configuration Mode
Overview Software Overview Global Configuration Mode From the global configuration mode, you can make configuration changes that apply to the entire router and all interfaces. You can configure the system’s global parameters, such as the hostname, passwords, and banners. You can also set parameters for IP services such as DHCP and DNS.
Page 64 Overview Software Overview Router. You can configure dynamic routing protocols from the router con- figuration mode contexts. There are four router configuration modes: BGP, RIP, PIM-Sparse, and OSPF. To configure these protocols, move to the global configuration mode context and use this command: Syntax: router [bgp | ospf | pim-sparse | rip] For example, to configure RIP, enter: ProCurve(config)# router rip...
Page 65: Commands Available In The Basic, Enable, Or Global Configuration Mode Contexts
Overview Software Overview Commands Available in the Basic, Enable, or Global Configuration Mode Contexts The ProCurve Secure Router OS permits you to use certain commands only in specific modes. When you are managing the ProCurve Secure Router and you try to use a command that is not supported from the current mode context, you will receive an error message.
Page 66: Logout
Overview Software Overview Logout Exit the current CLI session and return to the login screen. Syntax: logout Ping Send an ICMP echo to a specified destination. To send a default ping of 5 echoes, enter: Syntax: ping [<A.B.C.D > | <domain name>] When you begin sending ICMP echoes, the router displays a legend to describe the types of responses the router receives.
Page 67: Show
Overview Software Overview If you enter for the verbose option in the extended commands, the output reports the result of each ping with a description of the datagram size and the echo’s round-trip time. For example: Reply from 1.1.1.1: bytes = 100 time = 4 ms If you need to halt a ping operation, press Ctrl+C N o t e...
Page 68: Telnet
Overview Software Overview Option Result show isdn-group [<interface number>] lists the ISDN group configurations and member interfaces show lldp [<cr> | device <name> | interface <interface ID> | displays LLDP settings and information, including <neighbors>] information on specific neighbors show memory heap [realtime] displays statistics for the router memory, including how much has been used and how much is available show modules...
Page 69: Terminal
Overview Software Overview Similar to the ping command, you can set extended options for tracing a route by entering traceroute and pressing without specifying the destination Enter address. Options include the source address at which the trace begins and the maximum number of hops.
Page 70: Clear
Overview Software Overview Clear The enable mode context expands the options for the clear command. To view these options, enter: Syntax: clear ? Table 1-4 lists the clear command options available in the enable mode context. Table 1-4. Enable Mode Context clear Commands Option Result clear access-list...
Page 71: Clock
Overview Software Overview Some examples of clear commands include the following: Syntax: clear ip policy-sessions This command clears all sessions established using the ACPs applied to router interfaces. Syntax: clear ip route [** | <A.B.C.D>] The ** option clears all routes learned through a routing protocol. Static routes are not affected.
Page 72: Configure
Overview Software Overview Configure There are four options to this command: memory, network, overwrite- network, and terminal. The configure memory, configure network, and configure overwrite-network commands allow you to retrieve and apply a configuration file by saving the file as the router’s running-config. Using this command causes your router to immediately begin using the specified config- uration without rebooting the router.
Page 73 Overview Software Overview To save configuration changes while using the CLI, enter: Syntax: copy running-config [<destination location> <destination filename> | <config-file>] ProCurve# copy running-config startup-config Verify that the Done. Success! message is displayed, indicating that the copy process is complete. Table 1-5.
Page 74 Overview Software Overview Verify that the Percent Complete 100% message is displayed, indicating that the download is complete. The current configuration is now saved in compact flash with the specified filename. To save a configuration as a file on internal flash, enter the following from the enable mode context: ProCurve# copy <source file location>...
Page 75: Debug
Overview Software Overview Debug Entering debug will display debug messages as packets arrive on the router. Debugging is useful when troubleshooting or testing your router’s operation. The Secure Router OS provides many debug commands, including options for most protocols and processes run on the router. For a list of debug commands, go to the enable mode context and enter: ProCurve# debug ? For example, you could debug the establishment of a PPP connection:...
Page 76: Disable
Overview Software Overview Disable To leave the enable mode context, type disable. The Secure Router OS will return you to basic mode context. Erase The erase command is a file management command. Table 1-6 shows the erase command options. Syntax: erase [{cflash | flash} <filename> | startup-config | file-system cflash] Table 1-6.
Page 77: Events
Overview Software Overview Events The events command enables the Secure Router OS to display a notice to the CLI whenever an event occurs. This command is useful for troubleshooting, because it lets you immediately determine whether a connection is up and working properly.
Page 78 Overview Software Overview Option Result show configuration shows the startup configuration show connections lists all logical interface binds show crypto [ca | ike | ipsec | map] shows certificates and VPN configurations, such as IKE policies, transform sets, and crypto maps show debugging displays the active debugging switches show demand...
Page 79 Overview Software Overview Option Result show modules gives information on the router’s modules, including the type of module in each slot and the number of ports in each module show output-startup lists the startup-config error log show port-auth supplicant [interface <interface ID> | displays port authentication information summary] show pppoe...
Page 80 Overview Software Overview The verbose option is available for many show commands. This option displays all aspects of the item you are displaying. For example, the show running-config verbose command displays all the configurations currently running on your router, including default settings that have not been altered. The show interfaces command will display information on any of the router’s physical or logical interfaces.
Page 81 Overview Software Overview Interval 74 Performance Statistics: 0 Errored Seconds, 0 Bursty Errored Seconds 0 Severely Errored Seconds, 0 Severely Errored Frame Seconds 0 Unavailable Seconds, 0 Path Code Violations 0 Line Code Violations, 0 Controlled Slip Seconds 0 Line Errored Seconds, 0 Degraded Minutes Interval 75 Performance Statistics: 0 Errored Seconds, 0 Bursty Errored Seconds 0 Severely Errored Seconds, 0 Severely Errored Frame Seconds...
Page 82: Undebug
Overview Software Overview -------------------------------------------------------------------- t1 1/1 is UP Receiver has no alarms T1 coding is B8ZS, framing is ESF Clock source is through t1 1/2, FDL type is ANSI Line build-out is 0dB No remote loopbacks, No network loopbacks Acceptance of remote loopback requests enabled Tx Alarm Enable: rai Last clearing of counters never loss of frame...
Page 83: Show Tech
Overview Software Overview to the compact flash card, if present, as startup-config. Otherwise the running-config will be saved as startup-config on the router’s internal flash. write erase. This command erases the startup-config. If you have a compact flash card, the startup-config is erased from cflash. If you are running the AutoSynch feature, this command erases startup-config from both flash and compact flash.
Page 84 Overview Software Overview show dial-backup interfaces show dialin show frame-relay lmi show frame-relay pvc show ip bgp neighbors show ip bgp neighbor summary show ip ospf neighbor show ip ospf neighbor summary-add show ip route show bridge show spanning-tree show ip interfaces show connections show arp show ip traffic...
Page 85: Updating The Boot Code
Overview Software Overview Updating the Boot Code When applying a new boot configuration file, enter boot as the destination of a copy command. This command copies a file to the boot sector. For example, if you are upgrading from J03_01.biz to J04_01.biz, you might enter: ProCurve# copy flash J04_01-boot.biz boot The resulting text explains that other router tasks will be halted while the boot code is upgraded.
Page 86: Global Configuration Mode Commands
Overview Software Overview Global Configuration Mode Commands From enable mode, access the global configuration mode context by entering configure terminal. It is from this mode context that you enter the commands to configure the router; most of the commands in the global configuration mode context are discussed in the various chapters included in this guide.
Page 87: Support For Snmp
SNMP traps on individual interfaces. MIBs for the ProCurve SR 7000dl series routers are available at the ProCurve Web site. To download the MIBs, go to http://www.hp.com/rnd/software/ securerouters.htm and click the latest version of the SR 7000dl Router MIB File.
Page 88 Overview Software Overview After you enable SafeMode and set the time limit, a reload timer is activated for the Telnet and SSH access lines and begins to count down. You also set a threshold timer, which is shorter than the reload timer. When the threshold timer expires, a warning message is displayed in the CLI that allows you to reset the timer.
Page 89 Overview Software Overview After the countdown for the reload timer has begun, it continues until you either reset it by pressing , you disable it by entering no safe-mode, or Ctrl+R you exit out of the global configuration mode context. Use the no form of the command to disable SafeMode and the countdown timer: ProCurve(safe-config)# no safe-mode...
Page 90: Help Tools
Overview Help Tools Help Tools The Secure Router OS features help tools, editing functions, and global commands to help you navigate through the Secure Router OS and configure and maintain your WAN. CLI Help Commands You can enter the character to display the available command syntax for any command in the CLI.
Page 91 Overview Help Tools Table 1-8. Keystrokes for Moving Around the CLI Editing Command Action Ctrl+P or up arrow recall the most recent command Ctrl+A move to the beginning of the line (Home) Ctrl+E move to the end of the line (End) Ctrl+F or right arrow move forward one character Ctrl+B or left arrow...
Page 92: Exit
Overview Help Tools In the enable and configuration mode contexts, typing the word no before a command negates that command. For example, if you want to stop event notices from displaying to the CLI screen, enter no events. If you need to execute an enable mode command from a configuration mode context, type do before you enter the command.
Page 93 Overview Help Tools The ProCurve Secure Router automatically enters the bootstrap mode context if it cannot locate valid SROS software or if the SROS software has been corrupted. You can also access the bootstrap mode by pressing during the first five seconds of the startup process. During the startup process, the screen will display a countdown, alerting you to how much time you have left to access the bootstrap mode context.
Page 94 Overview Help Tools After you configure the boot software settings, enter reload or boot to reboot the server. Use the boot [cflash | flash] <filename> option to immediately boot the router using the specified file. To set the backup boot code, replace <backup filename>...
Page 95 Overview Help Tools You can also copy the Secure Router OS software from a compact flash card. bootstrap# copy cflash <filename> flash [<filename>] If your router uses the standard boot process, you should copy the new software as SROS.BIZ to both the compact flash memory (if your router uses a compact flash card) and the internal flash.
Page 96: Troubleshooting
Overview Troubleshooting Troubleshooting Compact Flash Compact flash performance can vary greatly between vendors. If there seems to be a delay when the ProCurve Secure Router saves changes to the compact flash card, the Secure Router OS is still functioning, though at times it may seem to be in a suspended state.
Page 97 Overview Troubleshooting Table 1-9. AutoSynch™ Error Messages Error Message Action compact flash removed Make sure the compact flash card is firmly mounted in the compact flash slot CFLASH startup-config From the enable mode context, enter write memory. Then begin does not exist synchronization by entering autosynch.
Page 98: Using The Reload In Command
Overview Troubleshooting C a u t i o n Be very careful doing any kind of file management with the startup-config and SROS.BIZ files while the autosynch command is enabled. If you erase either the startup-config file or SROS.BIZ file from compact flash, the file will also be erased from the internal flash.
Page 99: Managing Configuration Files Using A Text Editor
Overview Managing Configuration Files Using a Text Editor The CLI will prompt you to save the system configuration. If you have already made the configurations that you want to test, reply no. If you are getting ready to make the configurations to be tested and want to save previous configura- tions, reply yes.
Page 100 Overview Managing Configuration Files Using a Text Editor Figure 1-30. Boot Error Messages The error messages in Figure 1-30 were displayed during bootup. In this particular case, the startup-config file has VPNs configured, and the router that is booting does not have the IPSec VPN module that enables these commands.
Page 101: Creating And Transferring Configuration Files
Overview Managing Configuration Files Using a Text Editor Error location Resulting message Figure 1-31. Using Boot Error Messages to Target a Configuration Problem The line number given in the error message is the line number in the running- config. You can use this information to locate and repair any configuration problems.
Page 102: Configuration File Transfer Using The Console Port
Overview Managing Configuration Files Using a Text Editor If you do not want the base router to use the base configuration, you should save the base configuration as a .cfg or .txt file. From the enable mode context, enter: ProCurve# copy flash running-config <destination location> <destination filename> If you entered write memory and are running the AutoSynch function, the configuration is saved as the startup-config file on the flash and compact flash memories.
Page 103 Overview Managing Configuration Files Using a Text Editor Copy the edited text. Highlight the edited configuration in the text editor. Copy the highlighted text either by pressing , right-clicking the mouse and clicking Copy, Ctrl+C or clicking Edit > Copy in the window. Save the edited configuration on the router.
Page 104: Configuration File Transfer Using A Tftp Server
Overview Managing Configuration Files Using a Text Editor Install the configuration. Copy the edited configuration file to startup-config. Syntax: copy <source location> <source filename> <destination location> <destination filename> ProCurve# copy flash configuration.txt flash startup-config The router will create the startup-config file and save the edited configu- ration to the file.
Page 105 Overview Managing Configuration Files Using a Text Editor Upload the file to the TFTP server. Syntax: copy <source location> tftp ProCurve# copy flash tftp Address of remote host? 192.168.100.2 Source filename? routerB.txt Destination filename? [routerB.txt] After you enter copy <source location> tftp from the enable mode context, the router will prompt you for the information it needs to suc- cessfully complete the TFTP file transfer.
Page 106 Overview Managing Configuration Files Using a Text Editor ProCurve# erase flash startup-config.bak Deleted NONVOL:/startup-config.bak ProCurve# erase cflash startup-config.bak Deleted CFLASH:/startup-config.bak To be sure that old configurations do not interfere with the new configu- ration, erase any startup-config files. This will reset the router to its factory defaults.
Page 107: Configuration File Transfer Using A Compact Flash Card
Overview Managing Configuration Files Using a Text Editor Configuration File Transfer Using a Compact Flash Card Copy and rename the base configuration. Syntax: copy <source> <base configuration name> <destination> <destination filename.txt> For example, if your base configuration were the router’s startup-config, you would enter: ProCurve# copy cflash startup-config cflash routerB.txt Replace <source>...
Page 108 Overview Managing Configuration Files Using a Text Editor Open a session with the destination router and erase files that may conflict with the new configuration. Make sure there are no startup-configuration files on the router’s internal flash or compact flash. Backup files for the startup-config can also inter- fere with the installation of the new configuration.
Page 109: Quick Start
Overview Quick Start Quick Start This section provides the instructions you need to quickly access the ProCurve Secure Router CLI and establish a console session. Only minimal explanation is provided. It is strongly recommended that you read the entire chapter so that you understand how the Secure Router oper- ating system (OS) is organized and how to manage the OS.
Page 110 Overview Quick Start 1-84...
Page 111 Controlling Management Access to the ProCurve Secure Router Contents Securing Management Access to the ProCurve Secure Router ..2-4 Restricting Access to the Enable Mode Context ....2-4 Configuring a Password for Console Access .
Page 112 Controlling Management Access to the ProCurve Secure Router Contents Configuring Authorization ........2-23 Define a Named List for Authorization .
Page 113 Controlling Management Access to the ProCurve Secure Router Contents Configuring AAA ......... . . 2-45 Configuring Authentication with AAA .
Page 114: Securing Management Access To The Procurve Secure Router
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router The ProCurve Secure Router supports both local and remote management. For local management, you can use a serial cable to attach your PC to the ProCurve Secure Router and establish a console terminal session.
Page 115: Configuring A Password For Console Access
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router Because you did not include the md5 option, the password you entered is stored as clear text and is displayed when you enter the show running-config command, as shown below.
Page 116: Enabling Remote Access To The Procurve Secure Router
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router From the global configuration mode context, enter: ProCurve(config)# line console 0 The ProCurve Secure Router prompt will show that you are in the console line configuration mode context: ProCurve(config-con0)# Enter:...
Page 117: Configuring An Ethernet Interface
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router Configuring an Ethernet Interface This section provides the minimum steps required to configure an Ethernet interface. For more detailed information about configuring an Ethernet inter- face, see Chapter 3: Configuring Ethernet Interfaces.) Use a 10Base-T or 100Base-T cable to connect the Ethernet port to a device (such as a switch) on your LAN.
Page 118: Configuring Telnet Access
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router Configuring Telnet Access By default, the ProCurve Secure Router requires a login password for Telnet sessions. Unless you configure a password for a Telnet line or disable the login option, no one can establish a Telnet session with the ProCurve Secure Router.
Page 119 Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router For example, if you want to create the password as procurve, enter ProCurve(config-telnet0)# password md5 procurve N o t e You can also configure an access control list (ACL) to block or limit Telnet access.
Page 120: Configuring Local User Lists
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router Configuring an Enable Mode Password. To provide access to the enable mode context through a Telnet session, you must configure an enable mode password. If you do not configure an enable mode password, users will receive a message, telling them that no enable mode password is configured, and they will be denied access to the enable mode context.
Page 121: Encrypting All The Passwords Configured On The Router
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router Both the username and password can be an alphanumerical string up to 30 characters in length. You can add multiple usernames and passwords to the local user list, and these usernames and passwords can be used for HTTP, SSH, and FTP access.
Page 122: Managing Ssh Communications
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router When prompted, enter a username and password that you configured in the local user list. Managing SSH Communications With Telnet, communications between the server and your PC are sent over the wire in clear text.
Page 123: Using Ftp To Access The Router
Controlling Management Access to the ProCurve Secure Router Securing Management Access to the ProCurve Secure Router N o t e If you want to use an ACL to restrict SSH access, you apply this ACL at the SSH line configuration mode context. For more information, see the Advanced Management and Configuration Guide, Chapter 5: Applying Access Control to Router Interfaces.
Page 124: Viewing Information About Users
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access To disable the SCP server, enter: Syntax: no ip scp server Viewing Information about Users At any time, you can view information about the users who are accessing the ProCurve Secure Router through the console, Telnet, SSH, FTP, and Web browser interface.
Page 125: Advantages Of Using The Aaa Subsystem
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Advantages of Using the AAA Subsystem The AAA subsystem provides more flexibility than simple password-based authentication. If you enable the AAA subsystem, you can configure a list of authentication methods for the enable mode and for each access method.
Page 126: Configuring Aaa For Authentication
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access After you enable the AAA subsystem, the complete set of AAA commands becomes available in the ProCurve Secure Router OS. For example, you can then configure AAA-based authentication, authorization, and accounting for SSH lines.
Page 127 Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access The options you can select for the enable mode context are listed in Table 2-1: Table 2-1. Authentication Options for the Enable Named List Option Meaning none...
Page 128: Creating A Named List For User Authentication
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access N o t e If you enable the AAA subsystem but do not configure a named list for the enable mode, the Secure Router OS uses the enable mode password by default. Creating a Named List for User Authentication To create a named list for user authentication, you must determine the authentication methods you want to use and the order in which you want the...
Page 129: Criteria For Failure Of Authentication Methods
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access For example, when you configure a named list for user authentication, you may want to call this list UserLogin. You may also decide to use the following authentication methods: enable password line password...
Page 130: Assign The Named List
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Assign the Named List After you configure a named list, you must assign the list to the specific access method. To assign a list to the console, Telnet, or SSH lines, move to the appropriate line configuration mode context and enter: Syntax: login authentication <named list>...
Page 131: Options For Aaa Authentication: Configuring Banners
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Table 2-3. Default Action if No Named List Is Configured Access Authentication Method console access no password required Telnet access Telnet password FTP access local user list HTTP access local user list...
Page 132 Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access To end the banner, you must enter the same character that you used to signal the beginning of the banner. Configuring a Fail Message. A fail message is displayed if the user’s attempts to log in to the router and fails.
Page 133: Configuring Authorization
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Configuring Authorization After you enable the AAA subsystem, you can use a TACACS+ server to control not only who can access the Secure Router OS but also who can actually enter unprivileged or privileged commands.
Page 134: Assign The Named List
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Include the if-authenticated option to authorize authenticated users. Use the none option to grant access immediately. You may want to enter none as a second option. That way, if the ProCurve Secure Router cannot contact the TACACS+ server, you will still be able to configure the router.
Page 135: Configuring The Tacacs+ Server For Accounting
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access N o t e Take care when you configure authorization for the console line. If you are not careful, you may prohibit yourself from entering commands from the console.
Page 136: Assign The Named List
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Specify the level of commands for which you want to generate accounting: 1 is unprivileged access, which is the basic mode, and 15 is privileged access, which is the enable mode.
Page 137: Do Not Send Records For Null Users
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Include newinfo if you want all new records sent immediately, or include periodic if you want the records sent at specific intervals. If you specify periodic, replace <minutes>...
Page 138 Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Edge switch Edge switch ProCurve Secure Core switch Router RADIUS server Figure 2-2. Using a RADIUS Server for Authenticating Users Who Want to Manage the ProCurve Secure Router To set up this communication, you must specify the IP address of the RADIUS server.
Page 139: Define A Group Of Radius Servers
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Table 2-4. Customizing Settings for Individual RADIUS Servers Option Meaning Default Value acct-port <port number> configures the router to send accounting requests to the port acct-port 1813 you specify auth-port <port number>...
Page 140: Configure Global Settings For Radius Servers
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access From this context, use the following command to add RADIUS servers to the group: Syntax: server <hostname | A.B.C.D> Either replace <hostname> with the RADIUS server’s hostname or replace <A.B.C.D>...
Page 141: Configuring The Tacacs+ Server
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Table 2-5. Global Settings for RADIUS Servers Option Meaning Default Value challenge-noecho disables echoing of user challenge-entry; users will see the text of the challenge as they type responses (enabling this option hides the text as it is being entered) deadtime <minutes>...
Page 142 Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access Edge switch Edge switch ProCurve Secure Core switch Router TACACS+ server Figure 2-3. Using a TACACS+ Server for Authenticating Users Who Want to Manage the ProCurve Secure Router To enable this communication, you must configure the IP address or host name of the TACACS+ server.
Page 143: Creating A Tacacs+ Group
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access You can use the complete tacacs-server command to configure other settings for a TACACS+ server, as shown below: Syntax: tacacs-server host <A.B.C.D | hostname> [port <number> | timeout <seconds>...
Page 144: Configure Global Settings For Tacacs+ Servers
Controlling Management Access to the ProCurve Secure Router Using the AAA Subsystem to Control Management Access For example, the following command creates a group called tacacs and enters the TACACS+ group configuration mode context: ProCurve(config)# aaa group server tacacs+ tacacs ProCurve(config-sg-tacacs+)# Use the following command to add TACACS+ servers to the group: Syntax: server <hostname | A.B.C.D>...
Page 145: Troubleshooting Aaa
Controlling Management Access to the ProCurve Secure Router Troubleshooting AAA Table 2-7. Global Settings for TACACS+ Servers Option Meaning Default Value tacacs-server key <key> Specifies the shared key to use with TACACS+ servers. Any none keys you configure for a particular TACACS+ server supersede the global key.
Page 146: Troubleshooting The Radius Server
Controlling Management Access to the ProCurve Secure Router Troubleshooting AAA AAA: New Session on portal 'TELNET 0 (172.22.12.60:4867)'. No named list for Telnet line 0; AAA: No list mapped to 'TELNET 0'. Using 'default'. default aaa Default for configuration used AAA: Attempting authentication (username/password).
Page 147: Debug Radius Command
Controlling Management Access to the ProCurve Secure Router Troubleshooting AAA Auth. Acct. Number of packets sent: Number of invalid responses: Number of timeouts: Average delay: 2 ms 0 ms Maximum delay: 3 ms 0 ms Figure 2-5. show radius statistics debug radius Command You can view debug messages about RADIUS servers in real time.
Page 148 Controlling Management Access to the ProCurve Secure Router Troubleshooting AAA Authentication Authorization Accounting Packets sent: Invalid responses: Timeouts: Average delay: Maximum delay: Socket Opens: Socket Closes: Socket Aborts: Socket Errors: Socket Timeouts: Socket Failed Connections: Socket Packets Sent: Socket Packets Received: Figure 2-6.
Page 149 Controlling Management Access to the ProCurve Secure Router Troubleshooting AAA TAC+ TX: Sending Authentication START pkt TAC+ TX: version=0xc0, type=Authentication, seq_no=1, flags=00 TAC+ TX: action=Login TAC+ TX: level=1 TAC+ TX: authen type=ASCII TAC+ TX: requested service=Login IP address of the TAC+ TX: username= device trying to TAC+ TX: port=TELNET 0 (192.168.7.23:1072)
Page 150: Port Authentication
Controlling Management Access to the ProCurve Secure Router Port Authentication Port Authentication Allowing mobile devices unlimited access to a network poses a severe security risk. While it is beneficial to allow employees to plug in and gain access to a company’s LAN, there is the potential that unauthorized users may similarly gain access to your network.
Page 151: Troubleshooting Supplicant Functionality
Controlling Management Access to the ProCurve Secure Router Port Authentication Troubleshooting Supplicant Functionality If the ProCurve Secure Router is unable to access the 802.1X-secured network, begin troubleshooting by checking the physical connection. Ensure that the 10Base-T or 100Base-T cable is connected and in the proper ports. Check the supplicant status and make sure that it is enabled and that you have entered the correct username and password.
Page 152: Quick Start
Controlling Management Access to the ProCurve Secure Router Quick Start Quick Start This section provides the commands you must enter to quickly configure passwords to protect management access to the ProCurve Secure Router. Only a minimal explanation is provided. If you need additional information about any of these options, see “Contents” on page 2-1 to locate the section and page number that contains the explanation you need.
Page 153: Configuring Remote Access To The Procurve Secure Router
Controlling Management Access to the ProCurve Secure Router Quick Start Configuring Remote Access to the ProCurve Secure Router You can access the ProCurve Secure Router through: Telnet HTTP Secure Copy (SCP) server Configuring an Ethernet Interface Before you can access the router through a remote location, you must enable at least one interface and provide a physical connection to either a LAN or WAN.
Page 154: Configuring A Password For Telnet Access
Controlling Management Access to the ProCurve Secure Router Quick Start From the global configuration mode context, enter the Ethernet interface configuration mode context: ProCurve(config)# interface ethernet 0/<port> Assign the Ethernet interface an IP address. Syntax: ip address <A.B.C.D> [<subnet mask> | /<prefix-length>] For example, if you want to assign the Ethernet interface an IP address of 192.168.1.1 with a subnet mask of 255.255.255.0, enter ProCurve(config-eth 0/1)# ip address 192.168.1.1 /24...
Page 155: Configuring Local User Lists
Controlling Management Access to the ProCurve Secure Router Quick Start N o t e You can configure an access control list (ACL) to block Telnet access. For instructions on configuring this ACL, see Chapter 5: Applying Access Control to Router Interfaces in the Advanced Management and Configuration Guide. Configuring Local User Lists You can configure multiple usernames and passwords to be used for FTP, HTTP, and SSH access to the router.
Page 156: Configuring Authentication With Aaa
Controlling Management Access to the ProCurve Secure Router Quick Start Configuring Authentication with AAA Create a list of authentication methods, called a named list, for the enable mode. Syntax: aaa authentication enable default {none | line | enable | [group <group- name>...
Page 157: Configuring The Tacacs+ Server For Accounting
Controlling Management Access to the ProCurve Secure Router Quick Start Use the group tacacs+ option to specify the default group of TACACS+ servers. Use the group <group name> if you have created a group of TACACS+ servers. Include the if-authenticated option to authorize authenticated users. Use the none option if authorization is not required.
Page 158: Defining A Radius Server
Controlling Management Access to the ProCurve Secure Router Quick Start Assign the named list to a console, Telnet, or SSH line. From the appro- priate line configuration mode context, enter: Syntax: accounting commands [1 | 15] [default | <named list>] Defining a RADIUS Server Define the IP address of the RADIUS server and the key that the ProCurve Secure Router must use to authenticate to the server (if a key is required).
Page 159 Configuring Ethernet Interfaces Contents Ethernet Interfaces ..........3-2 Configuring the Ethernet Interface .
Page 160: Ethernet Interfaces
Configuring Ethernet Interfaces Ethernet Interfaces Ethernet Interfaces The ProCurve Secure Router includes two Ethernet ports on the front panel, allowing you to connect two LAN segments to your WAN. You can also use the Ethernet ports to connect to a cable or Digital Subscriber Line (DSL) modem.
Page 161: Configuring The Ethernet Interface
Configuring Ethernet Interfaces Ethernet Interfaces and Configuration Guide, Chapter 4: ProCurve Secure Router OS Firewall— Protecting the Internal, Trusted Network; for more information about access controls, see the Advanced Management and Configuration Guide, Chapter 5: Applying Access Control to Router Interfaces.) Configuring the Ethernet Interface The Ethernet interface is the only interface on the ProCurve Secure Router that you configure to control both the Physical and the Data Link Layers of a...
Page 162: Enabling The Ethernet Interface
Configuring Ethernet Interfaces Ethernet Interfaces You can also use a truncated reference for both interface and Ethernet, as shown below: ProCurve(config)# int eth 0/1 When you truncate a command, you only need to enter enough of the com- mand to distinguish it from other commands. After you enter the int eth 0/1 command, the prompt will show that you are in the Ethernet 0/1 interface configuration mode context: ProCurve(config-eth 0/1)#...
Page 163: Configuring An Ip Address
Configuring Ethernet Interfaces Ethernet Interfaces Configuring an IP Address To assign the Ethernet interface an IP address, you must be at the Ethernet interface configuration mode context: ProCurve(config-eth 0/1)# You then have several options for assigning an IP address to an Ethernet interface: You can assign the Ethernet interface a static IP address.
Page 164 Configuring Ethernet Interfaces Ethernet Interfaces In addition to enabling the DHCP client, this command allows you to configure the settings shown in Table 3-1. Table 3-1. DHCP Client Settings Option Meaning Default Setting client-id configures the client id displayed in the DHCP media type and interface’s MAC address server’s table hostname...
Page 165 Configuring Ethernet Interfaces Ethernet Interfaces You should ensure that the DHCP client receives an IP address so that these requests do not consume router resources or bandwidth on your Ethernet link. To determine if the Ethernet interface has been assigned an IP address, enter: ProCurve(config-eth 0/1)# do show int eth 0/1 N o t e The do command allows you to enter enable mode commands from any...
Page 166 Configuring Ethernet Interfaces Ethernet Interfaces Overriding Settings Received from the DHCP Server. If the DHCP server is configured to provide a default-route, a domain name, or a domain name server (DNS), the DHCP client for the Ethernet interface will accept and use these settings.
Page 167: Configuring The Ethernet Interface As An
Configuring Ethernet Interfaces Ethernet Interfaces Configuring the Ethernet Interface as an Unnumbered Interface To conserve IP addresses on your network, you may want to create the Ethernet interface as an unnumbered interface. When you assign the Ethernet interface an IP address, that IP address cannot overlap with the IP addresses assigned to other interfaces on the router.
Page 168: Setting The Speed And The Duplex Settings
Configuring Ethernet Interfaces Ethernet Interfaces If you configure the Ethernet interface to support virtual LANs (VLANs), you can specify an Ethernet subinterface. For example, you would enter the following commands to configure a loop- back interface and then configure the Ethernet 0/1 interface to use the IP address assigned to that loopback interface: ProCurve(config)# interface loopback 1 ProCurve(config-loop 1)# ip address 10.1.1.1 /24...
Page 169: Configuring The Line For Half-Duplex Or Full-Duplex
Configuring Ethernet Interfaces Ethernet Interfaces For example, you might enter: ProCurve(config-eth 0/1)# speed 100 N o t e If you configure a default setting for speed, the Ethernet interfaces still negotiate the duplex setting—either full-duplex or half-duplex. Some Ethernet devices cannot negotiate duplex if the speed is manually set. To avoid possible problems, you may want to manually configure the duplex setting if the speed is manually set.
Page 170: Adding A Description
Configuring Ethernet Interfaces Ethernet Interfaces adjacent if their MTU sizes do not match. You should ensure that the MTU on the device at the far end of the Ethernet connection is using the same MTU as the interface you are configuring. If routers and switches have different MTU sizes in a TCP/IP network, trans- missions and routing may be affected.
Page 171: Summary Of Ethernet Configuration Settings
Configuring Ethernet Interfaces Ethernet Interfaces interface eth 0/1 description Attached to building 1 ip address 192.168.1.1 255.255.255.0 no shutdown You can also view the description by entering: ProCurve# show running-config interface eth 0/1 This command displays the running-config settings for only the Ethernet 0/1 interface.
Page 172 Configuring Ethernet Interfaces Ethernet Interfaces In addition to configuring these settings, you can: assign access control policies (ACPs) or access control lists (ACLs) to the interface enable bridging assign crypto maps to enable virtual private networks (VPNs) configure settings for routing protocols configure quality of service (QoS) settings These settings are discussed in other chapters, as shown in Table 3-3.
Page 173: Configure Vlan Support
Configuring Ethernet Interfaces Configure VLAN Support Configure VLAN Support VLANs enable you to group users by logical function rather than physical location. Creating VLANs on your network provides several advantages: VLANs allow you to segment your network into smaller broadcast domains.
Page 174 Configuring Ethernet Interfaces Configure VLAN Support Destination Source 802.1Q Tag Type field Data field Ethernet II with address address 802.1Q tag 6 bytes 6 bytes 4 bytes 2 bytes Up to 1500 bytes 4 bytes Destination Source 802.1Q Tag Length Data field IEEE 802.3 with address...
Page 175: Configuring Vlan Support
Configuring Ethernet Interfaces Configure VLAN Support Server Layer 2 switch Server Switch ProCurve Secure Router Routing between VLANs Switch Layer 2 switch Figure 3-4. Routing VLAN Traffic Between Layer 2 Switches If your company is using Layer 2 switches, you may want to enable VLAN support on the ProCurve Secure Router and configure it to route the VLAN traffic on your internal network.
Page 176 Configuring Ethernet Interfaces Configure VLAN Support Enabling VLAN Support. To configure the ProCurve Secure Router to rec- ognize the IEEE 802.1Q tag and route traffic accordingly, enter the following command from the Ethernet interface configuration mode context: ProCurve(config-eth 0/1)# encapsulation 802.1Q After you enter this command, the ProCurve Secure Router immediately recognizes that it must route traffic through this Ethernet interface to multiple VLANs with separate IP addresses.
Page 177: Assigning An Ip Address
Configuring Ethernet Interfaces Viewing the Status of Ethernet Interfaces or Subinterfaces Assigning an IP Address You must assign the Ethernet subinterfaces a static IP address. From the Ethernet subinterface configuration mode context, enter: Syntax: ip address <A.B.C.D> <subnet mask | /<prefix length> For example, if you are configuring a subinterface for VLAN 2 and VLAN 2 encompasses the subnet 192.168.115.0 255.255.255.0, you might enter: ProCurve(config-eth 0/1.1)# ip address 192.168.115.5 /24...
Page 178 Configuring Ethernet Interfaces Viewing the Status of Ethernet Interfaces or Subinterfaces eth 0/1 is UP Physical Layer and Data eth 0/1 is UP, line protocol is UP Link Layer are up Hardware address is 00:15:55:05:35:D4 Ip address is 192.168.1.1, netmask is 255.255.255.0 MTU is 1500 bytes, BW is 100000 Kbit 100Mb/s, negotiated full-duplex, configured full-duplex ARP type: ARPA;...
Page 179: Show Running-Config Commands
Configuring Ethernet Interfaces Viewing the Status of Ethernet Interfaces or Subinterfaces ------------------------------------------------------------------- eth 0/1 is UP, line protocol is UP Hardware address is 00:12:79:05:25:B0 Ip address is 192.168.1.1, netmask is 255.255.255.0 MTU is 1500 bytes, BW is 100000 Kbit 100Mb/s, negotiated full-duplex, configured full-duplex ARP type: ARPA;...
Page 180: Viewing The Configurations That Have Been Entered
Configuring Ethernet Interfaces Viewing the Status of Ethernet Interfaces or Subinterfaces Viewing the Configurations That Have Been Entered To view the settings that have been entered manually and are currently being used by the ProCurve Secure Router, move to the enable mode context and enter: ProCurve# show running-config This command displays the current configurations for the router.
Page 181 Configuring Ethernet Interfaces Viewing the Status of Ethernet Interfaces or Subinterfaces The display shows the current running-config file, including any default set- tings. Again, you will need to browse for the information relating to the Ethernet interface or subinterface you are checking. Alternately, you can enter the following command to display only information about a particular Ethernet interface or subinterface: Syntax: show running-config interface eth 0/<port number.subinterface number>...
Page 182: Troubleshooting An Ethernet Interface
Configuring Ethernet Interfaces Troubleshooting an Ethernet Interface To understand the difference between the show running-config command and the show running-config verbose command, compare Figure 3-7 to Figure 3-8. For example, if you entered the IP address, a description, and the no shut command to configure the Ethernet interface, only those settings are listed when you enter the show running-config command.
Page 183: Show Event-History Command
Configuring Ethernet Interfaces Troubleshooting an Ethernet Interface Depending on the error messages displayed, you should check the cabling or the configuration settings for the Ethernet interface. If the “eth 0/1 is DOWN” message is displayed, substitute a different 10Base-T or 100Base-T cable and make sure the connectors are securely seated in the Ethernet port on both the router and the far-end device.
Page 184: Quick Start
Configuring Ethernet Interfaces Quick Start 2005.08.27 15:31:53 ETHERNET_INTERFACE.eth 0/1 auto-negotiation in progress 2005.08.27 15:31:55 ETHERNET_INTERFACE.eth 0/1 auto-negotiation complete 2005.08.27 15:31:56 ETHERNET_INTERFACE.eth 0/1 link up 2005.08.27 15:31:56 ETHERNET_INTERFACE.eth 0/1 speed is 100Mbps, full duplex 2005.08.27 15:31:56 INTERFACE_STATUS.eth 0/1 changed state to up Figure 3-9.
Page 185 Configuring Ethernet Interfaces Quick Start Move to the global configuration mode context. ProCurve# configure terminal Access the Ethernet configuration mode context: Syntax: interface ethernet 0/<port> For example, if you want to configure the bottom Ethernet port, enter: ProCurve(config)# interface ethernet 0/1 Assign the Ethernet interface an IP address.
Page 186 Configuring Ethernet Interfaces Quick Start 3-28...
Page 187 Configuring E1 and T1 Interfaces Contents Overview of E1 and T1 WAN Connections ......4-3 Elements of an E1- or T1-Carrier Line .
Page 188 Configuring E1 and T1 Interfaces Contents Troubleshooting E1 and T1 WAN Connections ..... 4-30 No Light ..........4-32 Red Light .
Page 189: Overview Of E1 And T1 Wan Connections
Configuring E1 and T1 Interfaces Overview of E1 and T1 WAN Connections Overview of E1 and T1 WAN Connections Public carriers offer E1- and T1-carrier lines for customers who need dedicated, secure, point-to-point wide area network (WAN) connections. The connection is always active, so data can be immediately transmitted at any time, with no wait for a dial-up process.
Page 190: Connecting Your Premises To The Public Carrier: The Local Loop
Configuring E1 and T1 Interfaces Overview of E1 and T1 WAN Connections Physical transmission media and electrical specifications are part of the Physical Layer (Layer 1) of the Open Systems Interconnection (OSI) model, and Data Link Layer protocols are part of the Data Link Layer (Layer 2). (See Figure 4-1.) Application layer Presentation layer...
Page 191 Configuring E1 and T1 Interfaces Overview of E1 and T1 WAN Connections Wire span Network CSU/ Interface Unit Repeater Router (DTE) Public (Smart Jack) Carrier’s CO Office Channel Unit (PTT’s CSU) Demarc Figure 4-2. Local Loop All carrier lines require the same basic components on the local loop, although the components may differ slightly in form and design.
Page 192: External Or Built-In Csu/Dsu
Configuring E1 and T1 Interfaces Overview of E1 and T1 WAN Connections Repeater—A repeater receives, amplifies, and retransmits the digital signal so that the signal is always strong enough to be read. The distance between repeaters depends on the type of connection, including the transmission media used.
Page 193 Configuring E1 and T1 Interfaces Overview of E1 and T1 WAN Connections Wire span Network CSU/ Interface Unit Repeater Router (DTE) Public (Smart Jack) Carrier’s CO Office Channel Unit (public carrier’s CSU) Demarc Figure 4-3. Router Connects Directly to an External CSU/DSU. If your public carrier does not provide the DSU, the router must include a built- in DSU.
Page 194: Procurve Secure Router Modules
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules UTP cable with Wire span RJ-48C connectors Network Router w/ internal Interface Unit Repeater Public CSU/DSU (Smart Jack) Carrier’s CO Office Channel Unit (public carrier’s CSU) Demarc Figure 4-5. Router with a Built-in CSU/DSU ProCurve Secure Router Modules ProCurve Networking provides several E1 and T1 modules, which are described in the next sections.
Page 195: T1 Modules With A Built-In Csu/Dsu
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Table 4-1. Standards Supported by E1 Modules Type of Standard Port E-carrier line • International Telecommunications Union (ITU) G.703 • ITU-T G.704 (CRC-4) • ITU-T G.823 • ITU-T G.797 Electrical/power • Norme Europeenne (EN) 60950 (EN is also referred to as European Standards.) •...
Page 196: E1 Or T1 Interfaces: Configuring The Physical Layer
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Table 4-2. Standards Supported by T1 Modules Type of Standard Port T-carrier line • AT&T TR194 • AT&T TR54016 • American National Standards Institute (ANSI) T1.403 Electrical/power • AT&T Pub 62411 (jitter tolerance) •...
Page 197: E1 Or T1 Interface Configuration Mode Context
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules The rest of this section describes these options in more detail and explains how to configure them from the command line interface (CLI). If you want to configure the E1 or T1 connection from the Web browser interface, see Chapter 14: Using the Web Browser Interface for Basic Configuration Tasks.
Page 198: Channels
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules The settings that you must configure in order to establish an E1 or T1 WAN connection are explained in the following sections. Channels As mentioned earlier, E1- and T1-carrier lines provide different transmission speeds.
Page 199 Configuring E1 and T1 Interfaces ProCurve Secure Router Modules T1 Channels. When you configure a T1 module with a built-in CSU/DSU, you must configure the number of channels that the T1 WAN connection uses. If you lease an entire T1 line, you configure channels 1-24. If you lease a fractional T1 line, your public carrier will tell you which channels to configure for that connection.
Page 200: Line Coding
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Line Coding In addition to configuring the number of channels for the E1 or T1 connection, you must configure the interface to use the same line coding that your public carrier is using. Line coding defines how digital signals are configured for transport through a physical transmission medium.
Page 201: Frame Format
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Like HDB3, B8ZS was designed to overcome the deficiencies of AMI. To prevent synchronization loss, B8ZS replaces a string of eight zeros with a string that includes two logical ones of the same polarity as a timing mark. Because B8ZS has become the standard line coding used on T1-carrier lines, it is the default setting on the ProCurve Secure Router.
Page 202 Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Although E1 interfaces, including those for the G.703 port, support two frame formats, only one option is listed if you enter the following command from the E1 interface configuration mode context: ProCurve(config-e1 1/1)# framing ? Only the crc4 option is listed.
Page 203: Clock Source, Or Timing, For The E1- Or T1-Carrier Line
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Clock Source, or Timing, for the E1- or T1-Carrier Line Because data transmission requires hosts to be synchronized, you must configure the clock source, or timing, for the E1 or T1 interface. You can configure the E1 or T1 interface with one of the following clock sources: Line—Use the line setting if the E1 or T1 interface will take the clock source from the public carrier.
Page 204: Transmit Signal Level (T1 Interfaces Only)
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules To configure the clock source, enter the following command from the E1 or T1 interface configuration mode context: Syntax: clock source [internal | line | through] For example, to configure the clock source as line, enter: ProCurve(config-e1 2/1)# clock source line N o t e You cannot connect two interfaces on one module to different service providers...
Page 205: Set The Fdl (T1 Interfaces Only)
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Replace <value> with one of the following numbers, which are in decibels (db): -22.5 -7.5 You should set the LBO to avoid overloading a receiver’s circuits. For sensitive interfaces or for interfaces that are connected with a long cable but separated by a short distance, use the more negative values to prevent the line from becoming too hot.
Page 206: Activate The E1 Or T1 Interface
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules If used on a T1-carrier line, the FDL channel must conform to one of the following standards: ANSI T1.403 standard ATT TR 54016 standard By default, the T1 interfaces on the ProCurve Secure Router use the ANSI standard.
Page 207: Threshold Commands
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules If you have connected the interface to either to the wall jack or the external CSU, the interface will try to establish the Physical Layer of the WAN connec- tion. If the E1 or T1 interface successfully establishes that Physical Layer, another message should be displayed: INTERFACE_STATUS.e1 1/1 changed state to up INTERFACE_STATUS.t1 1/1 changed state to up...
Page 208: Types Of Line Errors
Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Table 4-4 lists the default settings for line error thresholds. Table 4-4. Threshold Commands Setting Description 15-Minute 24-Hour Default Default Bursty Errored Seconds Controlled Slip Seconds Degraded Minutes Errored Seconds Line Code Violations 13340 133400 Line Errored Seconds...
Page 209 Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Table 4-5. Events That Trigger Line Errors Error Type Triggers 1-320 Path Coding Violations (PCV) Controlled Slip Seconds (CSS) Bit Error Rate (BER) between .000001 and .001 ESF and CRC4: – PCV –...
Page 210 Configuring E1 and T1 Interfaces ProCurve Secure Router Modules Error Type Triggers • D4 errors: – Framing error – OOF – 1544+ LCVs • 10+ SESs • Line failure + SES The following is a list of the line errors and a brief description of each. BES.
Page 211 Configuring E1 and T1 Interfaces ProCurve Secure Router Modules same polarity without an intervening pulse of the opposite polarity. An EXZ is the occurrence of any zero string length equal to or greater than three for B3ZS or greater than four for HDB3. LCVs usually signal a mismatch in line coding type.
Page 212: Viewing Information About E1 And T1 Interfaces
Configuring E1 and T1 Interfaces Viewing Information about E1 and T1 Interfaces To return a threshold to its default setting, enter this command from the global configuration mode context: Syntax: no thresholds [BES | CSS | DM | ES | LCV | LES | PCV | SEFS | SES | UAS] [15Min | 24Hr] For example, to return the 15-minute SES threshold to its default setting of 10, enter:...
Page 213: Show Interfaces Command
Configuring E1 and T1 Interfaces Viewing Information about E1 and T1 Interfaces show interfaces Command You can use the show interfaces <interface> <slot>/<port> command to view detailed information about the status of the E1 or T1 interface. For example, if you want to view the status of the E1 1/1 interface, enter the following command from the enable mode context: ProCurve# show interfaces e1 1/1 Figure 4-7 shows the results of this command for an E1 interface.
Page 214: Show Running-Config Command
Configuring E1 and T1 Interfaces Viewing Information about E1 and T1 Interfaces The first line indicates whether the interface is up or down. The second line lists alarms, if there are any. The next two lines show current configurations for line coding, framing, and clock source. For T1 interfaces, the FDL type and the line build out settings are also listed.
Page 215: Show Running-Config Verbose Command
Configuring E1 and T1 Interfaces Viewing Information about E1 and T1 Interfaces This command displays the configuration that you have entered for the entire router. You must then scroll through the running-config until you locate the appropriate E1 or T1 interface. To save time, you can enter the following command from the enable mode context: Syntax: show running-config interface <interface>...
Page 216: Troubleshooting E1 And T1 Wan Connections
Configuring E1 and T1 Interfaces Troubleshooting E1 and T1 WAN Connections interface e1 1/1 description This is the default setting; the no framing crc4 E1-carrier line is using the E1 clock source internal frame format. coding hdb3 lbo long 0 remote-loopback sa4tx-bit 0 loop-alarm-detect...
Page 217 Configuring E1 and T1 Interfaces Troubleshooting E1 and T1 WAN Connections You should start by troubleshooting the physical interface because it must be up before the logical connection can be established. You can quickly check the LEDs on the front of the ProCurve Secure Router to determine the status of a physical interface.
Page 218: No Light
Configuring E1 and T1 Interfaces Troubleshooting E1 and T1 WAN Connections The color of the lights and a more detailed explanation are provided below. No Light If no light appears, ensure that you are checking the LED that corresponds to the slot in which the E1 or T1 module is installed, as shown in Figure 4-10.
Page 219 Configuring E1 and T1 Interfaces Troubleshooting E1 and T1 WAN Connections e1 1/1 is DOWN If the interface is Encapsulation is not set down, look for Transmitter is sending remote alarm reported alarms Receiver has loss of signal, loss of frame E1 coding is HDB3, framing is E1 Check configuration Clock source is internal...
Page 220: Yellow Light
Configuring E1 and T1 Interfaces Troubleshooting E1 and T1 WAN Connections Table 4-8. Alarms and Their Possible Causes Alarm Possible Cause Possible Solutions LOS—loss of • You may be using a different type of • Check all the settings, including the setting for line signal line coding than that used by the coding.
Page 221: Green Light
Configuring E1 and T1 Interfaces Troubleshooting E1 and T1 WAN Connections If the loopback was not initiated on the ProCurve Secure Router, your public carrier is testing the line. Call your public carrier to have the loopback canceled or to determine the reason for the loopback test. Green Light If the stat LED for the physical interface is green but the WAN connection is down, you should still check the configuration for the E1 or T1 interface.
Page 222 Configuring E1 and T1 Interfaces Troubleshooting E1 and T1 WAN Connections For example, to view performance statistics accumulated on the T1 1/1 interface over all 15-minute intervals in the past 24 hours, enter: ProCurve# show interfaces t1 1/1 performance-statistics To view only certain 15-minute intervals, replace <range of intervals> with numbers between 1 and 96.
Page 223: Quick Start
Configuring E1 and T1 Interfaces Quick Start -------------------------------------------------------------------- t1 1/1 is UP Receiver has no alarms T1 coding is B8ZS, framing is ESF Clock source is through t1 1/2, FDL type is ANSI Line build-out is 0dB No remote loopbacks, No network loopbacks Acceptance of remote loopback requests enabled Tx Alarm Enable: rai Last clearing of counters never...
Page 224: Configuring An E1 Or T1 Interface
Configuring E1 and T1 Interfaces Quick Start Configuring an E1 or T1 Interface Before you begin to configure an E1 or T1 interface, you should know the settings that you must enter for the following: number of channels used line coding frame format clock source Your public carrier should provide you with this information.
Page 225 Configuring E1 and T1 Interfaces Quick Start For example, to assign the E1 or T1 interface all the channels, enter: ProCurve(config-e1 1/1)# tdm-group 1 timeslots 1-31 ProCurve(config-t1 1/1)# tdm-group 1 timeslots 1-24 Configure the line coding. For E1 interfaces, use the following syntax: Syntax: coding [ami | hdb3] ProCurve(config-e1 1/1)# coding ami HDB3 is the default setting for E1 interfaces.
Page 226 Configuring E1 and T1 Interfaces Quick Start Table 4-9 shows the default settings for the clock source on each type of E1 or T1 module. Table 4-9. Default clock source settings for E1 and T1 modules Module Port Default Clock Source One-port E1 or T1 module line Two-port E1 or T1 module...
Page 227 Configuring E1 and T1 Interfaces Quick Start 12. View the status of the E1 or T1 interface. ProCurve(config-e1 1/1)# do show interface e1 1/1 ProCurve(config-t1 1/1)# do show interface t1 1/1 N o t e The do command enables you to enter enable mode commands (such as show commands) from any context.
Page 228 Configuring E1 and T1 Interfaces Quick Start 4-42...
Page 229 Configuring Serial Interfaces for E1- and T1-Carrier Lines Contents Using the Serial Module for E1- or T1-Carrier Lines ....5-3 Elements of an E1- or T1-Carrier Line ......5-3 Connecting Your Premises to the Public Carrier’s Central Office: the Local Loop .
Page 230: Solving A Specific Problem: The Line Between The Serial Module
Configuring Serial Interfaces for E1- and T1-Carrier Lines Contents Troubleshooting a Serial Connection ......5-17 Checking the LED for the Serial Module .
Page 231: Using The Serial Module For E1- Or T1-Carrier Lines
Configuring Serial Interfaces for E1- and T1-Carrier Lines Using the Serial Module for E1- or T1-Carrier Lines Using the Serial Module for E1- or T1-Carrier Lines When companies require dedicated, secure point-to-point wide area network (WAN) connections, one of the available solutions is a leased E1- or T1-carrier line.
Page 232 Configuring Serial Interfaces for E1- and T1-Carrier Lines Using the Serial Module for E1- or T1-Carrier Lines Application Layer Presentation Layer Session Layer Transport Layer Network Layer Frame Relay Data Link Layer HDLC Physical Layer E1- and T1-carrier lines Figure 5-1. Physical and Data Link Layers of the OSI Model When you configure the ProCurve Secure Router to support an E1 or T1 WAN connection, you must configure: the Physical Layer...
Page 233 Configuring Serial Interfaces for E1- and T1-Carrier Lines Using the Serial Module for E1- or T1-Carrier Lines Wire span Public Carrier’s CO Network CSU/ Interface Unit Repeater Router (DTE) (Smart Jack) Office Channel Unit (PTT’s CSU) Demarc Figure 5-2. Local Loop All carrier lines require the same basic components on the local loop, although the components may differ slightly in form and design.
Page 234: External Or Built-In Csu/Dsu
Configuring Serial Interfaces for E1- and T1-Carrier Lines Using the Serial Module for E1- or T1-Carrier Lines Repeater—A repeater receives, amplifies, and retransmits the digital signal so that the signal is always strong enough to be read. The distance between repeaters depends on the type of connection, including the transmission media used.
Page 235: Serial Module For The Procurve Secure Router
Configuring Serial Interfaces for E1- and T1-Carrier Lines Using the Serial Module for E1- or T1-Carrier Lines Serial Module for the ProCurve Secure Router The ProCurve Secure WAN serial modules are used when the public carrier provides an external CSU/DSU for an E1- or T1-carrier line. (See Figure 5-2 on page 5-5.) ProCurve Networking offers two serial modules: one-port narrow module eight-port, or octal, wide module...
Page 236: Serial Interface: Configuring The Physical Layer
Configuring Serial Interfaces for E1- and T1-Carrier Lines Serial Interface: Configuring the Physical Layer Serial Interface: Configuring the Physical Layer Because the external CSU/DSU manages timing, framing, and signaling for the E1- or T1-carrier line, the serial interface does not have to perform these functions.
Page 237 Configuring Serial Interfaces for E1- and T1-Carrier Lines Serial Interface: Configuring the Physical Layer If you are not sure which type of cable you have, this chapter provides illustrations of the three cable connectors. For example, Figure 5-4 shows the pinouts for ProCurve Networking’s implementation of the V.35 cable connec- tor and lists how each pin is used.
Page 238 Configuring Serial Interfaces for E1- and T1-Carrier Lines Serial Interface: Configuring the Physical Layer Figure 5-5 shows the pinouts for ProCurve Networking’s implementation of the X.21 cable connector and lists how each pin is used. X.21 DB-15 (DA-15) X.27-compatible connector pinout Signal/Circuit Name Unused TD_A, Transmit A...
Page 239 Configuring Serial Interfaces for E1- and T1-Carrier Lines Serial Interface: Configuring the Physical Layer If you have an EIA 530 cable that you purchased from another vendor, the ProCurve Secure Router supports it. You can also use Figure 5-6, which shows the pinouts for EIA 530, to create this type of connector.
Page 240: Serial Interface Configuration Mode Context
Configuring Serial Interfaces for E1- and T1-Carrier Lines Serial Interface: Configuring the Physical Layer Serial Interface Configuration Mode Context To begin configuring the serial interface for the E1 or T1 connection, you must access the appropriate configuration mode context. In the ProCurve Secure Router command line interface (CLI), move to the global configuration mode context and enter: Syntax: interface serial <slot>/<port>...
Page 241: Configuring The Clock Source
Configuring Serial Interfaces for E1- and T1-Carrier Lines Serial Interface: Configuring the Physical Layer Configuring the Clock Source The serial interface must have a clock source to synchronize the transmission of data. The clock source for the serial interface is called the external transmit reference clock (et-clock).
Page 242: Activating The Serial Interface
Configuring Serial Interfaces for E1- and T1-Carrier Lines Serial Interface: Configuring the Physical Layer If you enter the invert txclock command, the serial interface will invert the transmit clock that is taken from the data stream. The serial interface inverts the transmit clock before it transmits a signal.
Page 243: Viewing Information About The Serial Interface
Configuring Serial Interfaces for E1- and T1-Carrier Lines Viewing Information about the Serial Interface Viewing Information about the Serial Interface You can view information about the E1- and T1-carrier line associated with the serial interface, and you can view the configuration settings that have been entered for the serial interface.
Page 244: Show Running-Config Interface Command
Configuring Serial Interfaces for E1- and T1-Carrier Lines Viewing Information about the Serial Interface If the interface is administratively down, you must enter no shutdown from the serial interface configuration mode context to activate it. If the interface is down, you should begin troubleshooting the problem, as explained in “Troubleshooting a Serial Connection”...
Page 245: View All The Wan Connections Configured On The Router
Configuring Serial Interfaces for E1- and T1-Carrier Lines Troubleshooting a Serial Connection View All the WAN Connections Configured on the Router If your ProCurve Secure Router is providing several WAN connections for your company, you may want to view a list of these connections. The show connections command provides a quick view of all the connections on the router.
Page 246: Checking The Led For The Serial Module
Configuring Serial Interfaces for E1- and T1-Carrier Lines Troubleshooting a Serial Connection Check the logical layer. Check to ensure that a Data Link Layer protocol has been defined and is bound to the serial interface. b. Check the configurations to ensure that you are using the correct settings.
Page 247: No Light
Configuring Serial Interfaces for E1- and T1-Carrier Lines Troubleshooting a Serial Connection No Light Ensure that you are checking the LED that corresponds to the slot where the serial module is installed. Next, view the status of the serial interface by entering: ProCurve# show interfaces serial <slot>/<port>...
Page 248: Yellow Light
Configuring Serial Interfaces for E1- and T1-Carrier Lines Troubleshooting a Serial Connection • If you have an extra X.21, V.35, or EIA 530 cable, try using that cable to connect the serial module to the CSU/DSU. • Check the LEDs on the CSU/DSU and ensure that it is up. The CSU/ DSU may be turned off, or it may have experienced a hardware failure.
Page 249: Green Light
Configuring Serial Interfaces for E1- and T1-Carrier Lines Troubleshooting a Serial Connection Green Light If the serial interface is up, you should begin troubleshooting the logical interface. See Chapter 6: Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces. Solving a Specific Problem: the Line Between the Serial Module and the CSU/DSU Keeps Going Down If the line between the serial module and the CSU/DSU keeps going down, you...
Page 250: Quick Start
Configuring Serial Interfaces for E1- and T1-Carrier Lines Quick Start To return the interface to the default setting, enter: ProCurve(config-ser 1/1)# no ignore dcd Quick Start This section provides the commands you must enter to quickly configure a serial module on the ProCurve Secure Router. Only a minimal explanation is provided.
Page 251 Configuring Serial Interfaces for E1- and T1-Carrier Lines Quick Start Configure the interface for the cable that you used to connect the serial module to the CSU/DSU. The default setting is V35. Syntax: serial-mode [EIA530 | V35 | X21] For example, to configure the serial interface to use an X.21 cable, enter: ProCurve(config-ser 1/1)# serial-mode X21 Activate the serial interface.
Page 252 Configuring Serial Interfaces for E1- and T1-Carrier Lines Quick Start 5-24...
Page 253 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Contents Configuring the Logical Interface ........6-3 PPP Overview .
Page 254: Viewing The Status Of Frame Relay Interfaces
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Contents Configuring HDLC as the Data Link Layer Protocol ....6-39 Create the HDLC Interface ....... 6-39 Activate the HDLC Interface .
Page 255: Configuring The Logical Interface
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Configuring the Logical Interface As outlined in Chapter 4: Configuring E1 and T1 Interfaces, all WAN connections—including E1- and T1-carrier lines—require both a Physical Layer and a Data Link Layer.
Page 256: Ppp Overview
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface PPP Overview PPP is a suite of protocols, rather than just a single protocol. (See Figure 6-2.) The PPP suite includes several types of protocols: link control protocol (LCP) authentication protocols network control protocols (NCPs)
Page 257 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Exchanging an authentication protocol is optional. Understanding how a PPP session is established can help you troubleshoot problems if they occur. (See Figure 6-3.) 1.
Page 258: Creating A Ppp Interface On The Procurve Secure Router
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface NCP. PPP uses an NCP to enable the exchange of Network Layer protocols— such as IP—across a WAN link. As Figure 6-2 shows, there is a specific NCP for each support Network Layer protocol.
Page 259 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Table 6-1 shows the main settings that you must configure for an E1, T1, or serial interface connection that uses PPP. Table 6-1. Options for Configuring an E1, T1, or Serial Interface with PPP Interface Command Explanation...
Page 260: Configuring An Ip Address For The Wan Connection
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface The PPP settings are described in the sections that follow. (For information about E1 and T1 interface settings, see Chapter 4: Configuring E1 and T1 Interfaces.
Page 261 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Configure the PPP Interface as an Unnumbered Interface. To con- serve IP addresses on your network, you may want to create the PPP interface as an unnumbered interface.
Page 262: Activating The Ppp Interface
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface For example, you would enter the following commands to configure a loop- back interface and then configure the PPP 1 interface to use the IP address assigned to that loopback interface: ProCurve(config)# interface loopback 1 ProCurve(config-loop 1)# ip address 10.1.2.2 /30...
Page 263: Ppp Authentication
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Replace <physical interface> with the type of WAN connection, such as E1, T1, or serial. Replace <slot> and <port> with the correct numbers to identify this interface’s location on the ProCurve Secure Router.
Page 264 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface returns an authentication acknowledge. The two peers can then send NCPs to negotiate the Network Layer protocols. If this negotiation is successful, the PPP session is established. With PAP, the two peers authenticate only once, and the username and password are sent in clear text across the connecting private circuit.
Page 265 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Authenticator Peer Challenge Calculate Calculate hash hash Compares Hash hash values Acknowledge Figure 6-4. CHAP Process When you configure CHAP on the ProCurve Secure Router, you only need to set the password.
Page 266 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface You must add the password you have agreed upon for the peer to the PPP database. The PPP database for each connection is separate and distinct from the global username and password database and the databases of other PPP connections.
Page 267 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface For example, you might enter: ProCurve(config-ppp 1)# ppp pap sent-username SiteA password procurve N o t e PAP will be used only to authenticate this WAN connection. You do not have to actually enable the PAP protocol.
Page 268: Additional Settings
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Option Your Setting peer password Are you authenticating to the peer? Yes/No local router’s username local router’s password This worksheet will help you enter the PPP authentication command for your router.
Page 269 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Set the MTU. The maximum transmission unit (MTU) defines the largest size that a PPP frame can be. If a frame exceeds this size, it must be fragmented.
Page 270: Settings Explained In Other Chapters
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Replace <line> with a phrase up to 80 characters. For example, you might enter: ProCurve(config-ppp 1)# description WAN link to Denver office This description is displayed only when you enter the show running-config command.
Page 271: Frame Relay Overview
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Table 6-3. Additional Configuration Settings for the PPP Interface Settings Configuration Page Number Guide access controls to filter incoming and outgoing traffic Advanced 5-18, 5-37 bridging Basic 10-6...
Page 272: Packet-Switching Network
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Subscriber 1 Transmitting an average of 640 Kbps with bursts to 832 Kbps Router Frame Relay Public Carrier’s CO switch Frame Relay over T1 Frame Relay switch Frame Relay...
Page 273: Components Of A Frame Relay Network
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Subscriber 1 PVC between Subscriber 1 and Subscriber 2 Router Frame Relay Public Carrier’s CO switch Frame Relay over T1 Frame Relay switch Frame Relay over T1 Frame Relay switch...
Page 274: Dlci
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Frame Relay Router (DTE) Switch (DCE) Frame Relay Router (DTE) Switch (DCE) Frame Relay Router (DTE) Switch (DCE) UNI: DTE to DCE NNI: DCE to DCE Figure 6-7.
Page 275: Create The Frame Relay Interface
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface The 10-bit field enables 1024 possible DLCI numbers, but some are reserved for special purposes: 0 signals Annex A and D 1-15 and 1008-1022 are reserved 1023 signals the Link Management Interface (LMI) The remaining 976 DLCI numbers between 16 and 1007 are available to users.
Page 276 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface From this configuration mode context, you can enter the help command to display the commands available from this configuration mode context. ProCurve(config-fr 1)# ? Table 6-4 shows the main settings that you must configure for an E1, T1, or serial interface that uses Frame Relay.
Page 277: Activate The Frame Relay Interface
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Interface Command Description Page Configuration Mode Context frame-relay • frame-relay interface-dlci <dlci> • defines the DLCI for the PVC 6-28 subinterface • ip address <A.B.C.D> <subnet mask | /prefix •...
Page 278: Define The Frame Relay Signaling Type
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface To configure the signaling role, enter the following command from the Frame Relay interface configuration mode context: Syntax: frame-relay intf-type [dte | dce | nni] Define the Frame Relay Signaling Type You must configure the Frame Relay interface to use the same signaling type that your Frame Relay service provider uses.
Page 279 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Table 6-6 lists the Frame Relay counters, the possible settings, and the polls that each one controls. Table 6-6. Frame Relay Counters Frame Relay Counter Possible Default Description...
Page 280: Create The Frame Relay Subinterface
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Create the Frame Relay Subinterface You must create a Frame Relay subinterface for each PVC that you want to establish through this Frame Relay interface. To create a Frame Relay sub- interface, enter the following command from the global configuration context or from the Frame Relay interface configuration mode context: Syntax: interface frame-relay <number.subinterface number>...
Page 281: Configure The Ip Address For The Wan Connection
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface For example, if the Frame Relay service provider assigned your company a DLCI of 16, enter: ProCurve(config-fr 1.16)# frame-relay interface-dlci 16 Configure the IP Address for the WAN Connection You configure the IP address for the WAN connection on the Frame Relay subinterface, rather than on the physical interface or the Frame Relay inter- face.
Page 282 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Table 6-7. Default Settings for the DHCP Client Option Default Setting client-id configures the client identifier displayed in the DHCP media type and interface’s MAC address server’s table hostname configures the hostname displayed in the DHCP...
Page 283 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Configuring a Client Identifier. By default, the Secure Router OS popu- lates the client identifier with the media type and the interface’s media access control (MAC) address.
Page 284 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface For example, if you do not want the DHCP client to use the default route and name server settings that it receives from the DHCP server, enter: ProCurve(config-fr 1.1)# ip address dhcp no-default-route no-nameservers Changing a Setting for the DHCP Client.
Page 285: Set The Cir
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface unnumbered interface that takes its IP address from the Ethernet 0/1 interface. If the Ethernet 0/1 interface goes down, the Frame Relay 1.16 subinterface will be unavailable as well.
Page 286: Set The Eir
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface The CIR is calculated from the B , which is the maximum number of bits that the Frame Relay carrier guarantees to forward during a certain interval of time (T).
Page 287: Bind The Physical Interface To The Logical Interface
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Replace <excessive burst value> with a burst rate, expressed in bits. You can set a B between 0 and 4,294,967,294 bps. For example, you might enter: ProCurve(config-fr 1.1)# frame-relay be 64000 Discard Eligible (DE) Bit.
Page 288: Additional Settings
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface For example, if you want to bind the E1 1/1 interface to the Frame Relay 1 interface, enter: ProCurve(config)# bind 1 e1 1/1 1 fr 1 N o t e You bind the physical interface to the Frame Relay interface (not to the subinterface).
Page 289 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Set the MTU. The MTU defines the largest size that a frame can be before it must be fragmented. The MTU size on the Frame Relay subinterface should match the MTU used by the remote router and the intervening network devices.
Page 290: Settings Explained In Other Chapters
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface This command displays the running-config settings for only the Frame Relay 1.16 subinterface, as shown below: interface fr 1.16 frame-relay interface-dlci 16 description WAN link to London office ip address 192.168.1.1 255.255.255.0 no shutdown Settings Explained in Other Chapters...
Page 291: Configuring Hdlc As The Data Link Layer Protocol
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Configuring HDLC as the Data Link Layer Protocol One of the oldest Data Link Layer protocols for a WAN, HDLC actually predates the PC. Although it was developed for a mainframe environment, which includes primary and secondary devices, HDLC has been updated for use in the PC environment.
Page 292 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface The router prompt indicates that you have entered the appropriate interface configuration mode context: ProCurve(config-hdlc 1)# From this configuration mode context, you can enter the help command to display the commands available from this configuration mode context.
Page 293: Activate The Hdlc Interface
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface Interface Command Explanation Page Configuration Mode Context hdlc • no shutdown • activates the interface 6-41 • ip address <A.B.C.D> <subnet mask | / •...
Page 294 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface You can replace <subnet mask> with the complete subnet mask, or you can replace </prefix length> with the CIDR notation. For example, you might enter: ProCurve(config-hdlc 1)# ip address 10.1.1.1 /24 Configure the HDLC Interface as an Unnumbered Interface.
Page 295 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface For example, you would enter the following commands to configure a loop- back interface and then configure the HDLC 1 interface to use the IP address assigned to that loopback interface: ProCurve(config)# interface loopback 1 ProCurve(config-loop 1)# ip address 192.168.5.1 /24...
Page 296: Additional Settings
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface For example, if you want to bind the T1 2/1 interface to the HDLC 1 interface, enter: ProCurve(config)# bind 1 t1 2/1 hdlc 1 If you want to bind the serial interface to the HDLC interface, enter: ProCurve(config)# bind 1 serial 1/1 hdlc 1 N o t e...
Page 297 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configuring the Logical Interface N o t e If you have enabled Open Shortest Path First (OSPF) routing on the ProCurve Secure Router, you should take special care when setting the MTU. OSPF routers cannot become adjacent if their MTU sizes do not match.
Page 298: Example Networks
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Example Networks Settings Explained in Other Chapters In addition to configuring these settings for an HDLC interface, you can: assign ACPs or ACLs to control access to the HDLC interface enable bridging assign crypto maps to enable VPNs configure settings for routing protocols...
Page 299 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Example Networks Finally, the company set up an Asymmetric Digital Subscriber (ADSL) line to a local Internet Service Provider (ISP). Through this connection, the com- pany’s employees can access the Internet. (For information about ADSL, see Chapter 7: ADSL WAN Connections.) Paris E1 with...
Page 300 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Example Networks interface e1 1/1 tdm-group 1 timeslots 1-31 speed 64 no shutdown interface e1 1/2 clock source through tdm-group 1 timeslots 1-31 speed 64 no shutdown interface fr 1 point-to-point frame-relay intf-type dte frame-relay lmi-type q933a no shutdown...
Page 301 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Example Networks To connect the Atlanta office to the London office, the company chose Frame Relay, which allows them to cross country borders at a more affordable cost than dedicated T1-and E1-carrier lines.
Page 302 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Example Networks interface t1 1/1 lbo short 550 tdm-group 1 timeslots 1-24 speed 64 no shutdown interface t1 1/2 clock source through lbo short 550 tdm-group 1 timeslots 1-24 speed 64 no shutdown interface fr 1 point-to-point frame-relay intf-type dte...
Page 303 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Example Networks You would configure Local as follows: Access the PPP interface configuration mode context: Local(config)# interface ppp 1 Configure the router to authenticate Remote with PAP: Local(config-ppp 1)# ppp authentication pap Set Remote’s username and password: Local(config-ppp 1)# username Remote password YYY Set the router’s own PAP username and password:...
Page 304 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Example Networks Remote would be configured as follows: Remote(config)# interface ppp 1 Remote(config-ppp 1)# ppp chap password YYY Example 5: CHAP Authentication to an ISP. In this example, the ISP has provided an ID (ID-GIVEN-BY-ISP) and password (PWD-GIVEN-BY-ISP) to be used when authenticating through CHAP.
Page 305: Checking The Status Of Logical Interfaces
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Checking the Status of Logical Interfaces Checking the Status of Logical Interfaces After you configure the physical and logical interfaces and bind them together, the ProCurve Secure Router should be able to exchange data with the device at the other end of the WAN connection.
Page 306: Queuing Method
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Checking the Status of Logical Interfaces ppp 1 is UP Status of interface Configuration: Keep-alive is set (10 sec.) No multilink No authentication is configured MTU = 1492 No authentication IP is configured IP address...
Page 307 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Checking the Status of Logical Interfaces Viewing the Status of Frame Relay Interfaces and Subinterfaces For Frame Relay, you can view the status of both the interface and the subinterface.
Page 308 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Checking the Status of Logical Interfaces ------------------------------------------------------------------- fr 1 is UP Configuration: Signaling type is ANSI, signaling role is USER Multilink disabled Polling interval is 10 seconds, full inquiry interval is 6 polling intervals Link information: 5 minute input rate 24 bits/sec, 0 packets/sec 5 minute output rate 8 bits/sec, 0 packets/sec...
Page 309: Viewing The Status Of Hdlc Interfaces
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Checking the Status of Logical Interfaces Viewing the Status of HDLC Interfaces To view information about the HDLC interface, enter the following command from the enable mode context: Syntax: show interface hdlc <number>...
Page 310: Troubleshooting Logical Interfaces
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces Troubleshooting Logical Interfaces If the physical interface is up but the logical interface is not, the steps you take to troubleshoot the problem vary, depending on the Data Link Layer protocol you are using.
Page 311 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces ppp 2 is DOWN Configuration: Keep-alive is set (10 sec.) No multilink MTU = 1500 No authentication IP is configured 15.1.1.1 255.0.0.0 Link thru ser 2/1 is DOWN; LCP state is INITIAL Receive: bytes=0, pkts=0, errors=0 Transmit: bytes=0, pkts=0, errors=0 5 minute input rate 0 bits/sec, 0 packets/sec...
Page 312 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces If the LCP status is not opened, you may need to double-check your configu- ration settings with your public carrier. For example, the carrier may have allocated a different number of DS0 channels to the physical line.
Page 313 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces N o t e Debug commands are processor intensive. Table 6-12 lists the debug commands you can use to monitor PPP interfaces. Table 6-12. Debug commands for PPP Interfaces Command Explanation debug ppp verbose...
Page 314: Troubleshooting Ppp Authentication
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces 2005.08.12 17:51:01 PPP.NEGOTIATION PPPrx[e1 1/1] LCP: Conf-Ack ID=33 Len=16 ACCM(00000000) MAGIC(d418e92e) 2005.08.12 17:51:02 PPP.NEGOTIATION PPPrx[e1 1/1] LCP: Conf-Req ID=188 Len=16 ACCM(00000000) MAGIC(2656e0ba) 2005.08.12 17:51:02 PPP.NEGOTIATION PPPtx[e1 1/1] LCP: Conf-Ack ID=188 Len=16 ACCM(00000000) MAGIC(2656e0ba) 2005.08.12 17:51:02 PPP.NEGOTIATION PPPFSM: layer up, Protocol=c021...
Page 315 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces ProCurve# debug ppp authentication The local router is 2005.07.08 09:03:44 PPP.AUTHENTICATION PPPtx[t1 1/1] PAP: Authen-Req attempting to ID=1 Len=10 PeerID(Local) Password() authenticate 2005.07.08 09:03:44 PPP.AUTHENTICATION PPPrx[t1 1/1] PAP: Authen-Nak itself.
Page 316 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces When a peer successfully authenticates itself, the authenticator returns an Authen-Ack: 2005.07.08 09:05:08 PPP.AUTHENTICATION PPPtx[t1 1/1] PAP: Authen-Ack ID=1 Len=10 Message(Hello) N o t e Usernames and passwords are case-sensitive.
Page 317: Troubleshooting The Frame Relay Interface
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces Incompatible Authentication Protocols. If you do not receive any PPP authentication debug messages at all, the local and remote routers may be requesting different authentication protocols. In this case, the LCP state will not come up because the peers cannot negotiate the authentication option.
Page 318 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces If the interface is administratively down, you need to activate it. From the Frame Relay interface configuration mode context, enter no shutdown. If the interface is down, check your configuration and ensure that you are using the same Frame Relay signaling type as your Frame Relay carrier.
Page 319 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces “Num Update Status Rcvd” indicates the number of full status reports the interface has received. By default, the interface receives one full status report every six polls, or one every 60 seconds. “Num Status Timeouts”...
Page 320 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces Table 6-14. Status of the PVC Status of the PVC Explanation active The PVC is functional, end-to-end, from the local router to the switch and then to the far-end router inactive The PVC is functional from the router to the Frame Relay switch.
Page 321: Troubleshooting Hdlc
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Troubleshooting Logical Interfaces The CLI displays events dealing with the establishment and negotiation of connec- tion as they occur. You can then determine when and why problems occur. LMI statistics report on the LMI messages that are exchanged between the Frame Relay DTE and the DCE.
Page 322: Quick Start
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Quick Start To disable the hdlc debug messages, enter one of the following commands from the enable mode context: ProCurve# no debug hdlc [errors | verbose] ProCurve# undebug all Quick Start After you configure the physical connection—the E1, T1, or serial interface—...
Page 323 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Quick Start Set a static IP address. Syntax: ip address <A.B.C.D> <subnet mask | /prefix length> For example, you might enter: ProCurve(config-ppp 1)# ip address 10.1.1.1 /24 Activate the PPP interface ProCurve(config-ppp 1)# no shutdown Bind the physical interface to the logical interface.
Page 324: Requiring The Peer To Authenticate Itself
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Quick Start Parameter Your Setting Are you authenticating to the peer? Yes/No local router’s username local router’s password Requiring the Peer to Authenticate Itself Move to the PPP interface for the connection whose endpoint you want to authenticate.
Page 325: Frame Relay
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Quick Start For CHAP, enter a username only if it is different from the router’s hostname: Syntax: ppp chap hostname <username> For example, you might enter: ProCurve(config-ppp 1)# ppp chap hostname ProCurveA Frame Relay Before you begin to configure the Frame Relay interface, you should know the settings that you must enter for the following:...
Page 326 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Quick Start Define the signaling role for the Frame Relay interface. The default setting is dte, or user. Syntax: frame-relay intf-type [dce | dte | nni] ProCurve(config-fr 1)# frame-relay intf-type dte Define the signaling type (the LMI).
Page 327: Hdlc
Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Quick Start N o t e Together, the frame-relay bc command and the frame-relay be command define the amount of bandwidth you can use on the Frame Relay link. The sum of the values you specify for these two settings should be greater than 8000.
Page 328 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Quick Start Bind the physical interface—the E1, T1, or serial interface—to the logical interface. Syntax: bind <number> <physical interface> <slot>/<port> [<tdm-group number>] <logical interface> <logical interface number> For example, to bind the E1 1/1 interface to the HDLC 1 interface, enter: ProCurve(config-hdlc 1)# bind 1 e1 1/1 1 hdlc 1 To bind the serial 1/1 interface to the HDLC 1 interface, enter: ProCurve(config-hdlc 1)# bind 1 ser 1/1 hdlc 1...
Page 329 ADSL WAN Connections Contents ADSL Overview ..........7-4 ADSL Technologies .
Page 330 ADSL WAN Connections Contents Defining the ATM Encapsulation ......7-20 Assigning the ATM Subinterface an IP Address ....7-20 OAM Settings .
Page 331 ADSL WAN Connections Contents Quick Start ........... . 7-54 Configure the Physical Layer: the ADSL Interface .
Page 332: Adsl Overview
ADSL WAN Connections ADSL Overview ADSL Overview Digital Subscriber Line (DSL) technologies provide high-speed wide area network (WAN) connections—typically for a lower cost than older WAN technologies such as E1- or T1-carrier lines. A variety of DSL technologies have been developed, and these technologies are sometimes collectively referred to as x-type DSL, or xDSL.
Page 333: Adsl Technologies
ADSL WAN Connections ADSL Overview With asymmetric DSL technologies, the transmission speed for downstream is higher than the transmission speed for upstream. This makes asymmetric DSL technologies ideal for Internet use because users typically download more data from the Internet than they upload. Asymmetric DSL technologies are also well-suited for video-on-demand or high-definition television (HDTV).
Page 334: Readsl: Supporting Greater Distances
ADSL WAN Connections ADSL Overview READSL: Supporting Greater Distances To make ADSL available to more customers, reach extended ADSL2 (READSL) was developed to support greater distances between a customer’s premises and the public carrier’s CO. (READSL is an ADSL2 or ADSL2+ technology, which is sometimes called READSL and sometimes called READSL2.) According to CommsDesign.com, READSL extends the reach of ADSL “up to 2500 ft., allowing ADSL systems to reach as far as 20,000 ft.”...
Page 335: Adsl Infrastructure
ADSL WAN Connections ADSL Overview When you configure an ADSL connection, you must configure both the Phys- ical Layer and the Data Link Layer (which is also called the Logical Layer). The Physical Layer is, of course, ADSL. The Data Link Layer protocol is Asynchronous Transfer Mode (ATM).
Page 336: Adsl Annex A And Annex B: Sharing The Line With Analog Or Isdn Voice Traffic
ADSL WAN Connections ADSL Overview Customer’s Premises Central Office Regional broadband network Other Local DSLAMs loop DSLAM Broadband WAN router switch (ATM) Broadband access server Internet Internet core router Figure 7-4. ADSL Connection to the Internet Moving high-speed WAN connections onto a separate network infrastructure alleviates a serious problem for most public carriers: congestion in the tradi- tional public carrier network.
Page 337: Adsl Splitters
ADSL WAN Connections ADSL Overview Customers who have ISDN equipment such as telephones and fax machines can continue using this equipment while moving their Internet or WAN con- nection to ADSL. Support for ISDN is called ADSL over ISDN, or ADSL Annex B, and is common in countries such as Germany where ISDN is popular.
Page 338: Adsl Without Splitters
ADSL WAN Connections ADSL Overview To separate the ISDN data from the ADSL data, an ISDN splitter is installed at both the customer’s premises and the CO. This splitter ensures that each type of traffic is transmitted to the appropriate device at each location. (See Figure 7-6.) Customer’s Premises Central Office...
Page 339: Adsl Modules For The Procurve Secure Router
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router ADSL Modules for the ProCurve Secure Router ProCurve Networking offers two ADSL modules: ADSL2+ Annex A module for ADSL over POTS ADSL2+ Annex B module for ADSL over ISDN ADSL2+ Annex A modules are used primarily in the United States and Canada. ADSL2+ Annex B modules are used in Europe, South America, Asia (except Japan), and Australia.
Page 340: Configuring The Adsl Interface: The Physical Layer
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Configuring the ADSL Interface: the Physical Layer To connect the ADSL interface on the front panel of the ProCurve Secure Router to the wall jack provided by your service provider, you use unshielded twisted pair (UTP) ribbon cable with RJ-11 connectors.
Page 341: Activating The Adsl Interface
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Activating the ADSL Interface By default, all interfaces on the ProCurve Secure Router are shutdown. You must activate the ADSL interface. From the ADSL interface configuration mode context, enter: ProCurve(config-adsl 1/1)# no shutdown A message is displayed at the CLI, indicating that the interface is now admin- istratively up.
Page 342 ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Table 7-3. Training Modes Supported by the ProCurve Secure Router Command Option Standard Description training-mode ADSL2 ITU G.922.3 ADSL2 Trains the interface for the ADSL2 (G.dmt.bis) transmission rate. This mode requires a splitter at both the user’s and the public carrier’s premises to divide traffic between voice and...
Page 343: Setting The Snr-Margin
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Table 7-4. Training Modes Supported by the ProCurve Secure Router Command Option ADSL2+ Annex A ADSL2+ Annex B training-mode ADSL2 training-mode ADSL2+ training-mode G.DMT training-mode G.LITE training-mode Multi-Mode training-mode READSL2 training-mode T1.413 To define the training mode, enter the following command from the ADSL interface configuration mode context.
Page 344: Monitoring The Snr-Margin
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Determining the minimum SNR margin is a compromise: the higher the SNR margin, the slower the transmission rate. However, if you set the SNR margin too low, the line may go down, or your data may be garbled. To set the SNR margin, enter the following command from the ADSL config- uration mode context: Syntax: snr-margin <margin>...
Page 345: Configuring The Data Link Layer For The Adsl Connection
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Configuring the Data Link Layer for the ADSL Connection You can configure the ADSL line with ATM as the Data Link Layer, or you can configure ADSL with either PPPoE or PPPoA. No matter which option you use, however, your configuration will include ATM, and you will need to configure both an ATM interface and an ATM subinterface.
Page 346: Configuring A Subinterface For Each Pvc
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Configuring a Subinterface for each PVC You must configure an ATM subinterface to define the endpoint of the ADSL connection. By default, each ATM interface supports up to 16 permanent virtual circuits (PVCs), so you can create a maximum of 16 subinterfaces on each ATM interface.
Page 347: Activating The Atm Subinterface
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Activating the ATM Subinterface By default, all subinterfaces on the ProCurve Secure Router are shut down. You must activate the ATM subinterface. From the ATM interface configura- tion mode context, enter: ProCurve(config-atm 1.1)# no shutdown Configuring the VPI/VCI ATM networks are fundamentally connection-oriented, which means that a...
Page 348: Defining The Atm Encapsulation
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router For example, to assign the ATM subinterface a VPI/VCI of 0/33, enter: ProCurve(config-atm 1.1)# pvc 0/33 Defining the ATM Encapsulation The ATM Data Link Layer for the ADSL connection includes these sublayers: the ATM adaptation layer (AAL), which is called Layer 2-1 the point-to-point layer, which is referred to as Layer 2-2 You must configure the adaptation layer by specifying an encapsulation type.
Page 349 ADSL WAN Connections ADSL Modules for the ProCurve Secure Router If you are configuring the IP address on the ATM subinterface, you can configure: a static IP address the ATM subinterface as a DHCP client the ATM subinterface as an unnumbered interface Configuring a Static Address.
Page 350 ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Table 7-5. Default Settings for the DHCP Client Option Meaning Default Setting client-id configures the client identifier displayed for this media type and interface’s MAC address interface in the DHCP server’s table hostname configures the hostname displayed for this interface router hostname...
Page 351 ADSL WAN Connections ADSL Modules for the ProCurve Secure Router N o t e The do command allows you to enter enable mode commands from any context (except the basic mode context). Configuring a Client Identifier. By default, the Secure Router OS populates the client identifier with the media type and the interface’s media access control (MAC) address.
Page 352 ADSL WAN Connections ADSL Modules for the ProCurve Secure Router Overriding Settings Received from the DHCP Server. If the DHCP server is configured to provide a default route, a domain name, or the IP address of a domain name system (DNS) server, the DHCP client for the ATM subinterface will accept and use these settings.
Page 353 ADSL WAN Connections ADSL Modules for the ProCurve Secure Router You can configure the ATM subinterface as an unnumbered interface. The ATM subinterface will then use the IP address of the interface you specify. The Secure Router OS uses the IP address of the specified interface when sending routing updates over the unnumbered interface.
Page 354: Oam Settings
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router N o t e You do not have to enter no shutdown to activate a loopback interface. The status of a loopback interface automatically changes to up after you enter the interface loopback <number>...
Page 355: Bind The Adsl Interface To The Atm Interface
ADSL WAN Connections ADSL Modules for the ProCurve Secure Router For example, to configure the Secure Router OS to wait 4 seconds between transmitting OAM loopback cells, enter: ProCurve(config-atm 1.1)# oam-pvc managed 4 Bind the ADSL Interface to the ATM Interface When you configure WAN connections on the ProCurve Secure Router, you must bind the physical interface to the logical interface.
Page 356: Pppoe Overview
ADSL WAN Connections PPPoE Overview Table 7-6. Additional Configurations for the ATM Interface or Subinterface Settings Apply to ATM Interface or Configuration Guide Page Subinterface access controls to filter incoming and outgoing ATM subinterface Advanced 5-18, 5-37 traffic bridging ATM subinterface Basic 10-6 VPNs...
Page 357: Two Phases For Establishing A Pppoe Session
ADSL WAN Connections PPPoE Overview Customer’s Premises Central Office Regional broadband network Other Local DSLAMs loop DSLAM Broadband Router Splitter Splitter switch (ATM) Negotiates PPPoE session Access with access concentrator concentrator Negotiates PPPoE session with router Figure 7-8. Access Concentrator for PPPoE Access Two Phases for Establishing a PPPoE Session To establish a PPPoE session, the client and the access concentrator must successfully complete two phases:...
Page 358 ADSL WAN Connections PPPoE Overview Discovery Stage Goal: Learn session ID and peer’s Ethernet MAC address 1. PPPoE client broadcasts a PADI (initiation) frame 2. Access concentrator sends a PADO (offer) frame Access concentrator Router 3. PPPoE client sends a PADR (request) frame 4.
Page 359 ADSL WAN Connections PPPoE Overview Step 4. When the access concentrator receives the PADR frame, it checks the service name tag. If it accepts the service name tag, the access concentrator generates a unique session ID. It includes this ID and the service name tag in a PPPoE Active Discovery Session-confirmation (PADS) frame and sends this frame to the PPPoE client.
Page 360: Creating The Ppp Interface
ADSL WAN Connections PPPoE Overview Step 3. The devices use network control protocol (NCP) frames to enable the exchange of Network Layer protocols, such as IP, across the link. Step 4. The devices use PPP frames to transmit the actual data. (For more information about establishing a PPP session, see Chapter 6: Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces.) During the process of establishing a PPP session, the devices will also nego-...
Page 361: Assigning An Ip Address
ADSL WAN Connections PPPoE Overview Assigning an IP Address Because you are configuring a PPP interface on top of the ATM subinterface, the PPP interface handles the IP address. Rather than configuring an IP address on the ATM subinterface, you configure the IP address on the PPP interface.
Page 362: Identifying The Access Concentrator
ADSL WAN Connections PPPoE Overview You can enter the show running-config command from the enable mode context to ensure that you have entered the two bind commands that are required for an ADSL connection that uses PPPoE. Figure 7-11 shows a sample running-config for an ADSL interface, ATM interface, ATM subinterface, and PPP interface.
Page 363: Identifying Pppoe Services
ADSL WAN Connections PPPoA Overview If you do not include this field, any access concentrator is acceptable. By default, no access concentrator is specified. Identifying PPPoE Services You can also control which PPPoE session offer the Secure Router OS accepts by specifying the PPPoE services that are required.
Page 364 ADSL WAN Connections PPPoA Overview 1. Link establishment Access 2. Authentication (optional) concentrator PAP, CHAP, or EAP Router 3. Negotiation of network layer protocols NCP: IPCP, BCP, IPXCP, and so on 4. Session established Figure 7-12. Establishing a PPP Session Step One.
Page 365: Creating The Ppp Interface
ADSL WAN Connections PPPoA Overview Creating the PPP Interface To configure PPPoA, you configure the ADSL interface, the ATM interface, and the ATM subinterface. (These instructions begin with “Configuring the ADSL Interface: the Physical Layer” on page 7-12.) When configuring the ATM subinterface, you must set the encapsulation to aal5snap or aal5mux ppp, as shown below: Syntax: encapsulation aal5snap...
Page 366 ADSL WAN Connections PPPoA Overview If you need to configure authentication protocols for the connection, see “PPP Authentication” on page 6-71 in Chapter 6: Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces. Binding the ATM Subinterface to the PPP Interface To finish defining the point-to-point layer for the ADSL connection, you must bind the ATM subinterface to the PPP interface.
Page 367: Routed Bridged Encapsulation
ADSL WAN Connections Routed Bridged Encapsulation Routed Bridged Encapsulation Some DSLAMs use routed bridged encapsulation (RBE) to route IP over bridged Ethernet traffic. RBE is sometimes referred to as “half bridging,” because it provides some of the advantages of bridging combined with some of the advantages of routing.
Page 368 ADSL WAN Connections Routed Bridged Encapsulation Central Office Customer’s Premises Regional broadband network Other Local DSLAMs loop DSLAM Broadband Router Splitter Splitter switch (ATM) Aggregation device Establishes Ethernet bridge with ProCurve Secure Router Figure 7-14. RBE Environment To configure RBE, complete the steps for configuring the ADSL interfaces as explained in “Configuring the ADSL Interface: the Physical Layer”...
Page 369: Viewing The Status And Configuration Of Interfaces
ADSL WAN Connections Viewing the Status and Configuration of Interfaces Viewing the Status and Configuration of Interfaces You can view information about all of the interfaces that are used to create the ADSL connection. Viewing the Status of the ADSL Interface To view the status of the ADSL interface, enter: Syntax: show interfaces adsl <slot>/<port>...
Page 370 ADSL WAN Connections Viewing the Status and Configuration of Interfaces !adsl 2/1 is UP, line protocol is UP Status of physical and logical Link Status Up G.DMT interface Line Type Fast Training mode used Line Length 933 ft Actual downstream Downstream Upstream and upstream rates...
Page 371 ADSL WAN Connections Viewing the Status and Configuration of Interfaces Next, the output from the show interfaces adsl command displays the downstream and upstream transmission rates for the connection. This section of the output also reports the attenuation on the line and any framing, signaling, and power losses, as well as error seconds.
Page 372: Viewing The Status Of The Atm Interface And Subinterface
ADSL WAN Connections Viewing the Status and Configuration of Interfaces interface adsl 2/1 Displays all the settings for the description "" interface, including defaults alias "" snr-margin 5 training-mode Multi-Mode no shutdown Figure 7-18. show running-config interface adsl verbose Command Viewing the Status of the ATM Interface and Subinterface To view the status of the ATM interface, enter the following command from the enable mode context:...
Page 373 ADSL WAN Connections Viewing the Status and Configuration of Interfaces Replace <number.subinterface number> with the unique number and subinterface number that you assigned the ATM interface. For the ATM 1.1 subinterface, enter: ProCurve# show interfaces atm 1.1 Figure 7-20 shows the output from this command for a sample network. As you can see, this command displays the status of the interface and settings such as the ATM encapsulation, the IP address, and the MTU size.
Page 374: Troubleshooting The Adsl Connection
ADSL WAN Connections Troubleshooting the ADSL Connection Troubleshooting the ADSL Connection When troubleshooting WAN connections, you should try to isolate the prob- lem and determine if the problem is occurring on the physical interface or the logical interface. With an ADSL WAN connection, you should begin trouble- shooting the ADSL interface.
Page 375: Debug Interface Adsl Events Command
ADSL WAN Connections Troubleshooting the ADSL Connection adsl 2/1 is DOWN, line protocol is DOWN Link Status Training UNKNOWN Line Type The training mode does not Line Length 0 ft match the training mode used by the DSLAM Downstream Upstream Line Rate 0 kbps 0 kbps...
Page 376: Troubleshooting The Atm Interface
ADSL WAN Connections Troubleshooting the ADSL Connection Figure 7-22 shows the debug commands for a connection that was established successfully. 2005.08.09 19:02:40 ADSL.EVENTS Current DSL state: ATU_RIDLE 2005.08.09 19:02:40 INTERFACE_STATUS.adsl 2/1 changed state to down 2005.08.09 19:02:54 ADSL.EVENTS Current DSL state: GDMT_NEGO Negotiating to use the 2005.08.09 19:02:54 ADSL.EVENTS Current DSL state:...
Page 377: Troubleshooting The Atm Subinterface
ADSL WAN Connections Troubleshooting the ADSL Connection The output from this command shows the status of the logical interface as well as the information shown in Table 7-7. Table 7-7. Information Displayed by the show interfaces atm Command Information Meaning <number>...
Page 378: Troubleshooting Pppoe
ADSL WAN Connections Troubleshooting the ADSL Connection Syntax: debug atm oam <interface number.subinterface number> [loopback {end-to- end | segment} {<LLID>}] Replace <interface number.subinterface number> with the subinterface ID for the PVC. This command displays the OAM frames for a specific PVC. Include the loopback option to configure an OAM loopback.
Page 379: Show Pppoe Command
ADSL WAN Connections Troubleshooting the ADSL Connection For example, if the PPPoE client keeps sending PADI frames but does not receive any PADO frames, you know that for some reason the access concen- trator is not responding. If the ADSL interface, the ATM interface, and the ATM subinterface are up, you should call your service provider and report the problem.
Page 380: Clear A Pppoe Connection
ADSL WAN Connections Troubleshooting the ADSL Connection Figure 7-24 shows the output from this command. ppp 1 Outgoing Interface: eth 0/1 Outgoing Interface MAC Address: 00:A0:C8:00:85:20 Access-Concentrator Name Requested: FIRST VALID Access-Concentrator Name Received: 13021109813703-LRVLGSROS20W_IFITL Access-Concentrator MAC Address: 00:10:67:00:1D:B8 Session Id: 64508 Service Name Requested: ANY Service Name Available: PPPoE Client State: Bound (3)
Page 381 ADSL WAN Connections Troubleshooting the ADSL Connection When you view the status of the PPP interface, you must ensure that both the interface and the Network Layer protocol are up. For example, Figure 7-25 shows a PPP interface that is up. However, the user cannot send traffic over the link.
Page 382: Quick Start
ADSL WAN Connections Quick Start Quick Start This section provides the commands you will need to quickly configure an Asymmetric Digital Subscriber Line (ADSL) WAN connection on the ProCurve Secure Router. Only a minimal explanation is provided. If you need additional information about any of these options, see “Contents” on page 7-1 to locate the section and page number that contains the explana- tion you need.
Page 383 ADSL WAN Connections Quick Start Access the ADSL interface configuration mode context. Syntax: interface adsl <slot>/1 For example, if the ADSL module is in slot two, enter: ProCurve(config)# interface adsl 2/1 Activate the interface. ProCurve(config-adsl 2/1)# no shutdown Set the SNR margin. Syntax: snr-margin <margin>...
Page 384: Configure The Data Link Layer: The Atm Interface And Subinterface
ADSL WAN Connections Quick Start Table 7-9. Training Modes Supported by the ProCurve Secure Router Command Option ADSL2+ Annex A ADSL2+ Annex B training-mode ADSL2 training-mode ADSL2+ training-mode G.DMT training-mode G.LITE training-mode Multi-Mode training-mode READSL2 training-mode T1.413 Configure the Data Link Layer: the ATM Interface and Subinterface Before you configure the Data Link Layer for the ADSL connection, you must know the settings that you should enter for the following:...
Page 385 ADSL WAN Connections Quick Start Replace <interface> with atm, and replace <number> with a unique number for this ADSL connection. For example, to create ATM 1 interface, enter: ProCurve(config)# interface atm 1 Activate the interface. ProCurve(config-atm 1)# no shutdown Create a subinterface for each permanent virtual circuit (PVC). ATM interfaces on the ProCurve Secure Router can support up to 16 PVCs.
Page 386: Configure Rbe
ADSL WAN Connections Quick Start N o t e The do command allows you to enter enable mode commands (such as show commands) from any context (except the basic mode context). Configure RBE Your ADSL service provider may ask you to configure the ATM subinterface to use routed RBE, which routes IP over bridged Ethernet traffic.
Page 387: Configure Pppoe
ADSL WAN Connections Quick Start Configure PPPoE If your service provider wants you to configure PPPoE for your ADSL connec- tion, complete these steps: Create the ATM interface. Syntax: interface atm <number> ProCurve(config)# interface atm 1 Activate the interface. ProCurve(config-atm 1)# no shutdown Create a subinterface for each PVC.
Page 388 ADSL WAN Connections Quick Start N o t e The do command allows you to enter enable mode commands (such as show commands) from any context (except the basic mode context). Create the PPP interface. Syntax: interface ppp <number> ProCurve(config)# interface ppp 1 Configure a static IP address or configure the interface to negotiate the IP address with the service provider’s router.
Page 389: Configure Pppoa
ADSL WAN Connections Quick Start interface adsl 2/1 snr-margin 6 no shutdown interface atm 1 point-to-point no shutdown bind 3 adsl 2/1 atm 1 Bind the ADSL interface to the ATM interface interface atm 1.1 point-to-point no shutdown pvc 0/35 interface ppp 3 ip address 10.1.1.1...
Page 390 ADSL WAN Connections Quick Start Define the ATM encapsulation. For PPPoA, you must set the encapsula- tion at aal5snap or aal5mux ppp. The default setting is aal5snap. Syntax: encapsulation aal5snap Syntax: encapsulation aal5mux [ip | ppp] For example, to use aal5snap, enter: ProCurve(config-atm 1.1)# encapsulation aal5snap Bind the physical interface—the ADSL interface—to the logical interface.
Page 391 ADSL WAN Connections Quick Start View the running-config to ensure that you have entered two bind com- mands: one to bind the ADSL interface to the ATM interface and one to bind the ATM subinterface to the PPP interface. (See Figure 7-28.) Enter: ProCurve(config-ppp 1)# do show running-config interface adsl 2/1 snr-margin 5...
Page 392 ADSL WAN Connections Quick Start 7-64...
Page 393 Configuring Demand Routing for Primary ISDN Modules Contents Overview of ISDN Connections ........8-4 Elements of an ISDN Connection .
Page 394 Configuring Demand Routing for Primary ISDN Modules Contents Understanding How the connect-sequence Commands Work . . 8-35 Configuring the idle-timeout Option ..... . . 8-37 Configuring the fast-idle Option .
Page 395: Viewing A Summary Of Information About
Configuring Demand Routing for Primary ISDN Modules Contents Configuring an ISDN Template ....... 8-57 Using Call Types and Patterns .
Page 396: Overview Of Isdn Connections
Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections Overview of ISDN Connections Integrated Services Digital Network (ISDN) connections are point-to-point dial-up connections that can handle both voice and data over a single line. ISDN provides WAN connections at a lower cost than dedicated WAN connec- tions such as E1- or T1-carrier lines.
Page 397: Elements Of An Isdn Connection
Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections Elements of an ISDN Connection All WAN connections, including ISDN lines, consist of three basic elements: the physical transmission media, such as the cabling, switches, routers, and other infrastructure required to create and maintain the connection electrical signaling specifications for generating, transmitting, and receiv- ing signals through the various transmission media Data Link Layer protocols, which provide logical flow control for trans-...
Page 398 Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections Because public carrier networks were originally designed to carry analog voice calls, copper wire is the most common physical transmission medium used on the local loop. Copper wire has a limited signal-carrying capacity, making local loops that use copper wire the slowest, least capable component of a WAN connection.
Page 399 Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections In addition to wire and the demarc, the local loop for an ISDN connection includes: ISDN switch—At the public carrier’s CO, the ISDN switch multiplexes and de-multiplexes channels on the twisted pair wiring of the local loop. It provides the physical and electrical termination for the ISDN line and then forwards the data onto the public carrier’s network.
Page 400: Isdn Interfaces: Connecting Equipment To The Isdn Network
Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections ISDN Interfaces: Connecting Equipment to the ISDN Network ISDN supports both RJ-11 and RJ-45 connectors. Public carriers typically install an RJ-45 jack to connect the subscriber’s premises to the local loop. You can add equipment at four interface points on the subscriber’s side of an ISDN network: U interface...
Page 401: Line Coding For Isdn Bri Connections
Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections R Interface. The R interface is used to connect a TE2 device to the TA. Because there are no standards for the R interface, the vendor providing the TA determines how the TA connects to and interacts with the TE2. Line Coding for ISDN BRI Connections To provide higher transmission rates on ordinary telephone wire, ISDN BRI uses a compressed encoding scheme called 2B1Q.
Page 402: Lapd
Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections ISDN also supports the following B-channel Data Link Layer protocols: Point-to-Point (PPP) High-Level Data Link Control (HDLC) Frame Relay LAPD LAPD establishes the ISDN connection between two endpoints. Exchanged over the D channel, LAPD frames provide the addressing for the dial-up connection, including the service access point identifier (SAPI) and the ter- minal endpoint identifier (TEI).
Page 403: Call Process
Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections In the second octet, the first seven bits designate the connection’s TEI. TEIs can be assigned statically or dynamically. A statically assigned TEI will have a value between 0 to 63; dynamically assigned TEI range from 64 to 126. A value of 127 designates a broadcast connection meant for all TEs.
Page 404 Configuring Demand Routing for Primary ISDN Modules Overview of ISDN Connections Caller ISDN Receiver Switch Setup pick up and dial Call Process Setup Alerting Phone rings Alerting Connect pick up the phone Connect Connect_ack Connect_ack Connected Figure 8-4. ISDN Call Setup Process Placing a Call.
Page 405: Procurve Secure Router Isdn Modules
Configuring Demand Routing for Primary ISDN Modules ProCurve Secure Router ISDN Modules The receiver gets the SETUP. If the receiver is available and ready, it rings the phone and sends an ALERTING message to the switch. The switch forwards the ALERTING to the caller. The receiving ISDN modem sends a CONNECT message to the switch.
Page 406 Configuring Demand Routing for Primary ISDN Modules ProCurve Secure Router ISDN Modules Table 8-2. Differences Between Primary and Backup ISDN Modules ISDN Module Hardware Applications Activation Method Increasing Bandwidth Requirements primary uses one narrow primary or backup WAN established only when supports Multilink PPP slot on the connection between two...
Page 407: Primary Isdn Modules
Configuring Demand Routing for Primary ISDN Modules ProCurve Secure Router ISDN Modules Primary ISDN Modules For primary WAN connections, ProCurve Networking currently offers two types of modules: ISDN BRI U module—used in the United States and Canada ISDN BRI S/T module—used in all other countries Both of these ISDN modules support the following standards: National ISDN-1—Defined in the mid 1990s by the National Institute of Standards and Technology (NIS) and Bellcore (now called Telcordia),...
Page 408: Using Demand Routing For Isdn Connections
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Table 8-3. Supported ISDN Standards Type Switch Types Classifications Electrical ISDN BRI S/T module • National ISDN-1 • ACIF S031 • FCC Part 15 Class A • Northern Telecom DMS- •...
Page 409 Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Branch Office A Switch 192.168.4.0 Router A Edge Switch Edge Switch ISDN connection to Branch Office A triggered by traffic with destination address 192.168.4.0 /24 ISDN Edge Switch connection Core Switch Branch Office B...
Page 410: Define The Traffic That Triggers The Connection
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections To configure demand routing for a primary ISDN module, you must complete the following steps: Create an extended access control list (ACL) to define the traffic that will trigger the dial-up connection.
Page 411: Specifying A Protocol
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections To define the interesting traffic, you create an extended ACL. The ProCurve Secure Router will use this ACL to identify and select traffic that triggers a dial-up connection. From the global configuration mode context, enter: Syntax: ip access-list extended <listname>...
Page 412: Defining The Source And Destination Addresses
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections For demand routing, you might want to create an ACL that selects all of the traffic to a particular subnet. In this case, you should specify ip as the protocol. Defining the Source and Destination Addresses When you create an extended ACL, you must configure both a source and a destination address for each entry.
Page 413 Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Router OS should match the corresponding bit in the IP address. You use a 1 to indicate that the Secure Router OS should ignore the corresponding bit in the IP address.
Page 414: Configuring The Demand Interface
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Exit the ACL. After you have finished creating the ACL, enter exit to return to the global configuration mode context, as shown below: ProCurve(config-ext-nacl)# exit ProCurve(config)# After you create the ACL, you must apply it to the demand interface. In fact, the ACL will have no effect until you apply it to the demand interface.
Page 415: Creating The Demand Interface
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections When the ProCurve Secure Router detects traffic that must be routed through a demand interface, it processes the extended ACL applied to the demand interface to define the interesting traffic. If the traffic matches that ACL, the router attempts to establish the ISDN connection.
Page 416: Configuring An Ip Address
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Like loopback interfaces, demand interfaces do not have to be activated. That is, you do not have to enter no shutdown. After you create the demand interface, its status automatically changes to administratively up. The demand interface will begin spoofing an up status after you configure an IP address for it.
Page 417 Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Configure the Demand Interface as an Unnumbered Interface. To conserve IP addresses on your network, you may want to create the demand interface as an unnumbered interface. When you assign a logical interface on the router an IP address, that IP address cannot overlap with the IP addresses assigned to other logical interfaces.
Page 418: Matching The Interesting Traffic
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections To view the routing table, enter: ProCurve(config-demand 1)# do show ip route Figure 8-8 shows a routing table that includes demand interface 1, a directly connected interface. 10.2.2.0/30 is directly connected, ppp 1 10.3.3.0/30 is directly connected, demand 1 192.168.20.0/24 is directly connected, eth 0/1...
Page 419 Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections If you include the in option when you enter the match-interesting command, the ProCurve Secure Router will check only the traffic received on the demand interface. If you include the out option, the router will check only the traffic transmitted from the interface.
Page 420 Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections You can apply an access control policy (ACP) to the demand interface. ACPs control incoming traffic and can contain multiple ACLs. You use the ip access-group command to apply ACLs directly to the demand interface, or you use the access-policy command to apply an ACP to the demand interface.
Page 421: Specifying The Connect-Mode Option
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections the packet. However, the router will reset the dial-up connection’s idle timer only if the packet also matches the ACL specified with the match-interesting reverse list command. Specifying the connect-mode Option You can control whether the demand interface can be used to originate a call, answer a call, or both.
Page 422: Associating A Resource Pool With The Demand Interface
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections N o t e Currently, it is not possible to have outbound traffic that will originate a call but not keep the link up. Because the match-interesting command controls both the traffic that triggers a connection and the traffic that resets the idle timer, any outbound interesting traffic that initiates a connection also keep the link up.
Page 423 Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections You can configure more than one connect sequence for a demand interface. For example, you may want to configure more than one connect sequence if the main office has more than on ISDN line. Then, if one ISDN line is in use, the ProCurve Secure Router can dial another line to establish a connection.
Page 424: Specify The Order In Which Connect Sequences Are Used
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Specifying the busyout-threshold <value> is optional. Include a value to specify the maximum number of times the ProCurve Secure Router will try this connect sequence in a single call attempt. If you specify 0, the ProCurve Secure Router will make an unlimited number of attempts.
Page 425: Configure The Number Of Connect Sequence Attempts
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Returning to the Default Connect Sequence Processing Order. To return the connect-order command to its default setting of sequential, enter: ProCurve(config-demand 1)# no connect-order Configure the Number of Connect Sequence Attempts You can limit the number of times that the ProCurve Secure Router processes the connect sequences configured for a demand interface if it is unable to establish a connection.
Page 426 Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections available. If a BRI interface becomes available, the ProCurve Secure Router uses that interface to dial a connect-sequence. At the same time, the router cancels the fast-idle mode for the resource pool. (For more information about fast-idle mode, see “Configuring the fast-idle Option”...
Page 427: Understanding How The Connect-Sequence Commands Work
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Replace <seconds> with the number of seconds you want the demand interface to wait between connect sequence attempts. You can specify a number between 1 and 65535. The default setting is 120 seconds. Replace <number>...
Page 428 Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Processing connect-sequences 1. Check connect-order. 2. Process connect-sequence 2, based on connect-order. connect-order sequential connect-sequence 10 dial-string 5551212 forced-ISDN-64k busyout-threshold 3 connect-sequence 20 dial-string 5552222 forced-ISDN-64k busyout-threshold 1 3.
Page 429: Configuring The Idle-Timeout Option
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections If the ProCurve Secure Router processes all of the connect sequences and cannot establish a dial-up connection, the connect sequence attempt fails. For the configuration shown in Figure 8-10, the ProCurve Secure Router will cycle through the connect sequences three times.
Page 430: Configuring The Fast-Idle Option
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Configuring the fast-idle Option You can assign BRI interfaces to more than one resource pool. For example, you might want to assign backup interfaces to more than one resource pool because it would be unlikely that two primary interfaces would go down at the same time.
Page 431: Defining The Called-Number Option
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Replace <CLID> with the calling party’s telephone number. By default, the caller-number list does not include any numbers so all calls are accepted. Defining the called-number Option You can also configure the Dialed Number Identification Service (DNIS) that the demand interface provides when answering a call.
Page 432: Configuring The Bri Interface
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Configuring the BRI Interface To configure the BRI interface, you need the following information from your service provider: ISDN signaling (switch) type assigned telephone numbers (LDNs) service profile IDs (SPIDs), if you are located in the United States or Canada You should have this information available before you begin configuring the BRI interface.
Page 433: Configuring The Isdn Signaling (Switch) Type
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections For example, if the ISDN module is located in slot 1 and you are configuring the interface for port 2, enter. ProCurve(config)# interface bri 1/2 The prompt should indicate that you have entered the appropriate interface configuration mode context: ProCurve(config-bri 1/2)# Configuring the ISDN Signaling (Switch) Type...
Page 434: Configuring A Spid And Ldn For Isdn Bri U Modules
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections If your public carrier is using the default signaling type, you do not have to enter the isdn switch-type command. You can simply accept the default setting. Configuring a SPID and LDN for ISDN BRI U Modules In North America, some ISDN switches require a SPID to identify each TE on the subscriber’s premises and to determine the types of services that the TE...
Page 435: Configuring An Ldn For Bri S/T Modules
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections N o t e You can set LDNs using the isdn ldn1, isdn ldn2, isdn spid1, or isdn spid2 commands. The router uses whatever LDN1 or LDN2 value that was most recently entered using one of these commands.
Page 436: Configuring The Isdn Group
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Configuring the ISDN Group When you configure demand routing for a primary ISDN connection, you must configure an ISDN group by completing the following steps: Create an ISDN group. Assign BRI interfaces to the group.
Page 437: Assigning The Isdn Group To A Resource Pool
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Assigning the ISDN Group to a Resource Pool To use the ISDN group for demand routing, you must make the group a member of a resource pool. The resource pool must be associated with at least one demand interface.
Page 438: Configuring A Static Route For The Demand Interface
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Table 8-10. Examples of Using Wildcard Characters to Specify incoming-accept- number Types of incoming-accept-numbers Pattern calls for a particular U.S. or Canadian area code 916$ calls for two numbers—such as 555-1111 and 555-1112 555-111[1,2] calls for a group of numbers—such as the numbers between 555-1000 555-[1,2]XXX...
Page 439 Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections N o t e ProCurve Networking recommends that you use static routes for ISDN con- nections, rather than a dynamic routing protocol. Because routing protocols regularly exchange updates, these updates frequently initiate the ISDN con- nection, resulting in higher cost for your company’s ISDN line.
Page 440: Example Of A Successful Demand Interface Call
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections For more information about configuring static routes, see “Static Routing” on page 11-9 of Chapter 11: IP Routing—Configuring Static Routes. After you have configured the static route, you should test your configuration to ensure that the ISDN connection is triggered by the appropriate traffic.
Page 441 Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections To: 192.168.1.29 Demand Interface Resource Available? Resource Pool Pool 1 Router ACL Match? ISDN group 1 bri 2/1 permit ip any 192.168.2.0 0.0.0.255 bri 2/2 permit ip any 192.168.1.0 0.0.0.255 int bri 2/1 Fast-cache Table...
Page 442: Mlppp: Increasing Bandwidth
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections After the packet has been sent to the demand interface, the router checks the fields in the packet’s IP header (such as source and destination address) against the match-interesting list ACL. If the packet does not match the list, the router drops it.
Page 443: Configuring Mlppp For Demand Interfaces
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Configuring MLPPP for Demand Interfaces To enable MLPPP, enter the following command from the demand interface configuration mode context: ProCurve(config-demand 1)# ppp multilink By default, MLPPP is not enabled. Configuring the Maximum Number of Interfaces.
Page 444: Example Of Mlppp With Demand Routing
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Configuring MLPPP Fragmentation. When a packet is to be transmitted across an MLPPP connection, the demand interface divides the packet into fragments of equal length. If possible, the number of fragments equals the number of active links in the MLPPP and are transmitted simultaneously over each link.
Page 445: Configuring Ppp Authentication For An Isdn Connection
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections interface bri 2/1 isdn ldn1 968483940096 no shutdown interface bri 2/2 isdn ldn1 978484540055 no shutdown interface demand 1 idle-timeout 240 resource pool Pool match-interesting list Call out match-interesting reverse list Call in connect-sequence 1 dial-string 9633333 forced-isdn-64k busyout-threshold 3 connect-sequence 2 dial-string 9634444 forced-isdn-64k busyout-threshold 3...
Page 446: Enabling Ppp Authentication For All Demand Interfaces
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Enabling PPP Authentication for All Demand Interfaces You must configure the PPP authentication protocol that the router uses for inbound calls. To configure the authentication protocol that the demand interfaces expect to receive for inbound calls, enter the following command from the global configuration mode context: Syntax: data-call authentication protocol [chap | pap]...
Page 447: Configuring The Username And Password That The Router Expects To Receive
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections When you replace <password>, ensure that you are using the same settings that are configured on the far-end router. The username that is sent is the hostname of the router. If necessary, you can override this username with this demand interface configuration command: Syntax: ppp chap hostname <hostname>...
Page 448: Setting The Mtu For Demand Interfaces
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections data-call authentication protocol pap data-call commands to data-call sent authentication protocol pap enable PAP authentication interface bri 2/1 isdn ldn1 968483940096 no shutdown interface bri 2/2 isdn ldn1 978484540055 no shutdown interface demand 1 idle-timeout 240...
Page 449: Configuring An Isdn Template
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections or decrease the value of the MRU, a PPP peer sets the MRU configuration option in the Link Control Protocol (LCP). (LCP is one of the protocols in the PPP suite.
Page 450 Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections a prefix, you can enter unlimited-length strings of 0s and 1s. For example, for international calls made from within the United States, you might enter a prefix of 011. Specify a call type by entering one of the options listed in Table 8-11.
Page 451: Using Call Types And Patterns
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections Table 8-12. Characters for Call Patterns Valid Characters Explanation Match exact digit only Match any single digit between 0 and 9 Match any single digit between 2 and 9 Match any single digit between 1 and 8 Match any number Match any digit in the list.
Page 452: Default Isdn Template
Configuring Demand Routing for Primary ISDN Modules Using Demand Routing for ISDN Connections When the called party information element (IE) is created for this call, the router removes the prefix and places the N$ digits in the Number Digits field. National.
Page 453: Viewing Information About Demand Routing
Configuring Demand Routing for Primary ISDN Modules Viewing Information about Demand Routing Viewing Information about Demand Routing You can use show commands to view different aspects of your demand routing configuration. For example, you can view the status of a demand interface and any dial-up connections that are established through a demand interface.
Page 454 Configuring Demand Routing for Primary ISDN Modules Viewing Information about Demand Routing Figure 8-16 shows the results of this command if demand interface 1 is spoofing its up status and a dial-up connection has not been established. In addition to showing the status of the interface, this command displays settings for the following commands: connect-mode resource pool...
Page 455: Viewing A Summary Of Information About The Demand Interface
Configuring Demand Routing for Primary ISDN Modules Viewing Information about Demand Routing Figure 8-17 provides the results of the show interfaces demand 1 command when an ISDN connection has been established. Demand 1 is UP (connected) A dial-up connection has Configuration: been established Keep-alive is set (10 sec.)
Page 456: Viewing The Status Of The Bri Interface
Configuring Demand Routing for Primary ISDN Modules Viewing Information about Demand Routing As Figure 8-18 shows, this command also lists multiple channels if MLPPP is configured for the ISDN connection. demand 1 Idle timer (120 secs), Fast idle timer (20) Dialer state is data link layer up Dial reason: ip (s=192.168.1.23, d=192.168.2.23) Link thru 1_0(bri 2/1.1) is up...
Page 457 Configuring Demand Routing for Primary ISDN Modules Viewing Information about Demand Routing bri 1/1 is UP Interface activated Line status: ready but not providing Caller ID will be used to route incoming calls connection Caller ID normal Switch protocol: Net3 Euro ISDN Number at which SPID 1 n/a, LDN 1 9631111 the local router can...
Page 458: Viewing Demand Sessions
Configuring Demand Routing for Primary ISDN Modules Viewing Information about Demand Routing bri 1/2 is UP Line status: connected Caller ID will be used to route incoming calls Caller ID normal Switch protocol: Net3 Euro ISDN SPID 1 n/a, LDN 1 9631111 SPID 2 n/a, LDN 2 n/a 5 minute input rate 112 bits/sec, 0 packets/sec 5 minute output rate 112 bits/sec, 0 packets/sec...
Page 459: Viewing The Resource Pool
Configuring Demand Routing for Primary ISDN Modules Viewing Information about Demand Routing Session 1 Interface demand 1 Local IP address = 10.1.1.1 Remote IP address = 10.2.2.1 Remote Username = Dial reason: ip (s=192.168.1.23, d=192.168.2.23) Link 1 Dialed number = Resource interface = 1_0(bri 2/1.1), Multilink Connection is through Connect time: 0:1:28...
Page 460: Troubleshooting Demand Routing
Configuring Demand Routing for Primary ISDN Modules Troubleshooting Demand Routing Figure 8-23 shows the running-config for a demand interface that is configured to use MLPPP and PPP authentication. interface demand 1 idle-timeout 240 resource pool Pool match-interesting list Call out match-interesting reverse list Call in connect-sequence 1 dial-string 9633333 forced-isdn-64k busyout-threshold 3 connect-sequence 2 dial-string 9634444 forced-isdn-64k busyout-threshold 3...
Page 461: Checking The Bri Interface
Configuring Demand Routing for Primary ISDN Modules Troubleshooting Demand Routing If the demand interface went down because it could not establish a connection during the recovery mode, its status will be down (recovery failed). In this case, you must identify the problem causing the failure and then you must clear the connection so that the status of the demand interface returns to up (spoofing).
Page 462 Configuring Demand Routing for Primary ISDN Modules Troubleshooting Demand Routing bri 1/2 is DOWN The switch at the Line status: getting TEI #1 CO cannot identify Caller ID will be used to route incoming calls the interface. Caller ID normal Switch protocol: AT&T 5ESS Check the SPID and SPID 1 25655522220101, LDN 1 5552222...
Page 463: Checking The Acl That Defines The Interesting Traffic
Configuring Demand Routing for Primary ISDN Modules Troubleshooting Demand Routing Status Meaning Next Best Step getting TEI #2 The switch cannot identify the BRI • Check for a miskeyed SPID2 and/or LDN. interface (second B channel). • If you should not have to enter a second SPID, the interface may be configured for the wrong signaling type.
Page 464: Troubleshooting The Isdn Connection
Configuring Demand Routing for Primary ISDN Modules Troubleshooting Demand Routing If you can troubleshoot the problem after business hours (when you will not inadvertently interrupt the flow of traffic to other interfaces), you may want to change the ACL to select all traffic from any source to any destination. The ACL should then trigger the ISDN connection.
Page 465: Test Calls
Configuring Demand Routing for Primary ISDN Modules Troubleshooting Demand Routing 2005.10.08 11:23:09 L2_MSG BRI 2/1 Recd = 02 FF 03 08 01 01 05 A1 04 02 88 90 18 01 89 6C 2005.10.08 11:23:09 L2_MSG BRI 2/1 0C 21 80 30 30 30 39 36 33 31 31 31 31 70 08 C1 2005.10.08 11:23:09 L2_MSG BRI 2/1 39 36 33 33 33 33 33 2005.10.08 11:23:09 L2_FMT BRI 2/1 =============================================...
Page 466 Configuring Demand Routing for Primary ISDN Modules Troubleshooting Demand Routing To set up a test call, enter the following from the BRI interface configuration mode context: Syntax: test-call [dial <number> | answer | hangup] To enter test call mode, enter: ProCurve(config- bri 2/1)# test-call answer This command configures the router to receive test calls.
Page 467: Line Maintenance
Configuring Demand Routing for Primary ISDN Modules Troubleshooting Demand Routing Line Maintenance You can also perform some basic maintenance on your ISDN line. Enter: Syntax: maintenance [restart-d | reset] Use the restart-d option to reset and restart the D channel. This may help in cases where there is a problem in the call process and one of the channels becomes hung.
Page 468 Configuring Demand Routing for Primary ISDN Modules Quick Start Table 8-17. debug Commands for PPP Interfaces Command Explanation debug ppp verbose displays detailed information about all PPP frames as they arrive on the PPP interface debug ppp errors displays error messages relating to PPP debug ppp negotiations displays events relating to link negotiation;...
Page 469 Configuring Demand Routing for Primary ISDN Modules Quick Start Setting Description Your Setting isdn spid1 <number> <ldn1> specifies the telephone number and isdn spid2 <number> <ldn2> identifiers for each TE on the line; used for ISDN BRI U modules connect-sequence <sequence-number> specifies: dial-string <string>...
Page 470 Configuring Demand Routing for Primary ISDN Modules Quick Start To specify the source and destination address, use the following: Syntax: [any | host <A.B.C.D> | <A.B.C.D> <wildcard bits>] For example, you might want to specify that the interesting traffic is the IP traffic from any source to network 192.168.115.0 /24.
Page 471 Configuring Demand Routing for Primary ISDN Modules Quick Start Including in or out is optional. By default, the ProCurve Secure Router uses the ACL you specify to check both incoming and outgoing traffic. If you do not specify a direction, outbound traffic is matched to the specified ACL, and inbound traffic is matched to the reverse of the ACL.
Page 472 Configuring Demand Routing for Primary ISDN Modules Quick Start Table 8-19. Defining a Resource Type for a Connect Sequence Option Description isdn-64k Any dial resource can be used, but if ISDN is used, the call must be placed using a 64-Kbps channel. isdn-56k Any dial resource can be used, but if ISDN is used, the call must be placed using a 56-Kbps channel.
Page 473 Configuring Demand Routing for Primary ISDN Modules Quick Start Set the LDN. (If your public carrier has assigned you a SPID, skip this step and go to the next step.) Otherwise, enter: Syntax: isdn ldn1 <number> Replace <number> with the LDN phone number assigned to the ISDN line you are configuring.
Page 474 Configuring Demand Routing for Primary ISDN Modules Quick Start d. To control which calls the BRI interfaces in the ISDN group accept, enter the following command from the ISDN group configuration mode context: Syntax: incoming-accept-number <number> For example, you might enter: ProCurve(config-isdn-group 1)# incoming-accept-number 5551212 You can use the wildcard characters listed in Table 8-9 to specify a range of numbers.
Page 475: Configuring The E1 + G.703 And T1 + Dsx-1 Modules
Configuring the E1 + G.703 and T1 + DSX-1 Modules Contents Using an E1- or T1-Carrier Line for Data and Voice ....9-3 Drop-and-Insert Modules .
Page 476 Configuring the E1 + G.703 and T1 + DSX-1 Modules Contents Accessing the T1 Interface for the DSX-1 Port ....9-16 Configuring Line Coding ........9-16 Configuring Frame Format .
Page 477: Using An E1- Or T1-Carrier Line For Data And Voice
Configuring the E1 + G.703 and T1 + DSX-1 Modules Using an E1- or T1-Carrier Line for Data and Voice Using an E1- or T1-Carrier Line for Data and Voice You may be able to lower your data communications and telephone costs by leasing an E1 or T1-carrier line and using some of the bandwidth for data and some of the bandwidth for TDM (or traditional) voice.
Page 478: Making The Physical Connection
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module Table 9-1. Standards Supported by ProCurve Drop-and-Insert Modules Module Standard E1 + G.703 • International Telecommunications Union (ITU) G.703, ITU-T G.704 (CRC-4), ITU-T G.823, and ITU-T G.797 •...
Page 479: Configuring The E1 Interface For Data Communications
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module You connect the G.703 port to the PBX using crossover UTP cabling with RJ-48C connectors. Configuring the E1 Interface for Data Communications The first step in configuring the E1 + G.703 module is to configure the E1 interface that will handle data.
Page 480 Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module N o t e If you have not yet entered a bind command to join the physical interface to the logical interface, the channel assignment will not be displayed correctly. e1 1/1 is UP Receiver has no alarms E1 coding is HDB3, framing is E1...
Page 481: Setting The Clock Source
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module Setting the Clock Source The other setting that directly affects the G.703 interface is the clock source. Each narrow ProCurve Secure Router module can have only one clock source. For E1 + G.703 modules, you set the clock source on the E1 interface that is used for data.
Page 482: Configuring Frame Format
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module AMI uses alternating positive and negative voltage (referred to as alternating polarity, or bipolarity) to represent logical ones, and zero voltage to represent logical zeros. Because AMI uses zero voltage for logical zeros, it can cause synchronization loss between peers at each end of a WAN connection when a data stream contains a long string of logical zeros.
Page 483: Enabling Ts
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module Although E1 interfaces, including those for the G.703 port, support two frame formats, only one option is listed if you enter the following command from the E1 interface configuration mode context: ProCurve(config-e1 1/2)# framing ? Only CRC4 is listed.
Page 484: Activating The Interface
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module Activating the Interface All interfaces on the ProCurve Secure Router are administratively down by default and must be activated. From the E1 interface configuration mode context, enter: ProCurve(config-e1 1/2)# no shut Checking the Status of the G.703 Interface...
Page 485: Viewing Configuration Information
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module Figure 9-2 shows the output when you enter this command. The first line reports whether the interface is up or down. The first block of text indicates the current configurations for the interface, such as line coding and framing.
Page 486: Troubleshooting The G.703 Interface
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the E1 + G.703 Module ProCurveSR7102dl# show running-config interface e1 1/1 interface e1 1/1 Channel assignments are tdm-group 1 timeslots 1-15 speed 64 listed under the E1 <slot>/1 no shutdown interface ProCurveSR7102dl#show running-config interface e1 1/2 interface e1 1/2...
Page 487: Configuring The T1 + Dsx-1 Module
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module Yellow Alarm A yellow alarm indicates that the G.703 interface is receiving signals from a PBX that is in red alarm. The PBX may not be capable of handling the signal that the interface is sending to it.
Page 488: Configuring The T1 Interface For Data Communications
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module other public carrier equipment used in a T1 connection, see Chapter 4: Configuring E1 and T1 Interfaces.) You connect the DSX-1 interface to the PBX, using a crossover cable with an RJ-48C connector.
Page 489: Setting The Clock Source
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module t1 2/1 is UP Receiver has no alarms T1 coding is B8ZS, framing is ESF Clock source is through t1 2/2, FDL type is ANSI Line build-out is 0dB Clock source is set to through No remote loopbacks, No network loopbacks...
Page 490: Accessing The T1 Interface For The Dsx-1 Port
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module You may want the T1 + DSX-1 module to take its timing from the PBX rather than from the public carrier’s equipment. To change the clock source for the T1 interface to through, enter: ProCurve(config-t1 1/1)# clock source through For detailed information about configuring T1 interfaces, see Chapter 4:...
Page 491: Configuring Frame Format
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module In AMI, zero voltage represents logical zeros, and alternating positive and negative voltage represent logical ones, thus maintaining a net zero voltage across the line. AMI has at least one drawback: a long string of logical zeros can result in hosts losing synchronization.
Page 492: Setting The Line Length
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module Setting the Line Length The ProCurve Secure Router uses transmission line length to determine which voltage to use for data transfer. The greater the distance between equipment, the stronger the signal must be to counteract attenuation.
Page 493: Activating The Dsx-1 Interface
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module Activating the DSX-1 Interface By default, all interfaces on the ProCurve Secure Router are administratively down. To activate the interface, enter: ProCurve(config-t1 1/2)# no shutdown Checking the Status of the DSX-1 Interface To check the status of the DSX-1 interface, enter the following command from the enable mode context:...
Page 494: Troubleshooting The Dsx-1 Interface
Configuring the E1 + G.703 and T1 + DSX-1 Modules Configuring the T1 + DSX-1 Module Viewing Configuration Information To view the settings that have been entered on the ProCurve Secure Router, enter: ProCurve# show running-config You must then browse through the output to find the DSX-1 interface. To view only the running-config for the DSX-1 interface, enter: ProCurve# show running-config interface t1 <slot>/2 Figure 9-6 shows the running-config for both the T1 and DSX-1 interfaces.
Page 495: Quick Start
Configuring the E1 + G.703 and T1 + DSX-1 Modules Quick Start If the unit stays in alarm, change the cable. If the router now goes out of alarm, again, you know that the cable, and not the interface, is the problem. Troubleshoot connections between the T1 interface and the wall jack in the same way.
Page 496: Configuring The E1 Interface
Configuring the E1 + G.703 and T1 + DSX-1 Modules Quick Start Configuring the E1 + G.703 Module Making the Physical Connection Use unshielded twisted pair (UTP) cabling with RJ-48C connectors to connect the E1 interface to the CSU provided by your Public Telephone and Telegraph (PTT) authority.
Page 497: Configuring The G.703 Interface
Configuring the E1 + G.703 and T1 + DSX-1 Modules Quick Start If you want the E1 + G.703 module to take its clock source from the PBX, enter: ProCurve(config-e1 1/1)# clock source through This chapter includes only the steps for configuring the E1 interface that directly affects the G.703 interface.
Page 498: Configuring The T1 + Dsx-1 Module
Configuring the E1 + G.703 and T1 + DSX-1 Modules Quick Start Configuring the T1 + DSX-1 Module Making the Physical Connection Use UTP cabling with RJ-48C connectors to connect the T1 interface to the wall jack provided by your public carrier. Use crossover UTP cabling with RJ-48C connectors to connect the DSX- 1 interface to the PBX.
Page 499: Configuring The Dsx-1 Interface
Configuring the E1 + G.703 and T1 + DSX-1 Modules Quick Start This chapter includes only the T1 configuration steps that directly affect the DSX-1 interface. You must configure the other settings for the T1-carrier line, configure the Data Link Layer protocol, and bind the physical interface to the logical interface.
Page 500 Configuring the E1 + G.703 and T1 + DSX-1 Modules Quick Start 9-26...
Page 501 Bridging—Transmitting Non-IP Traffic or Merging Two Networks Contents Overview ........... . . 10-3 Transmitting Non-IP Traffic .
Page 502 Bridging—Transmitting Non-IP Traffic or Merging Two Networks Contents Troubleshooting Spanning Tree ....... . . 10-24 Testing Spanning Tree .
Page 503: Overview
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Overview Overview The ProCurve Secure Router can function as a bridge as well as a router. A bridge, like a switch, is a Layer 2 device that operates at the Data Link Layer of the Open Systems Interconnection (OSI) model.
Page 504: Transmitting Non-Ip Traffic
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Overview The ProCurve Secure Router supports bridging using the IEEE 802.2 stan- dards. You would configure a ProCurve Secure Router to act as a remote bridge to allow it to: transmit non-IP traffic merge two remote networks Transmitting Non-IP Traffic The ProCurve Secure Router only routes IP traffic.
Page 505: Configuring Bridging
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Bridging Configuring Bridging You configure the ProCurve Secure Router to function as a bridge by assigning logical interfaces to be part of a bridge group. For example, you could assign the Ethernet interface and the Point-to-Point Protocol (PPP) interface to a bridge group, or you could assign the Ethernet interface and the Frame Relay subinterface to a bridge group.
Page 506: Configuring A Bridge Group
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Bridging To configure bridging, you must: configure a bridge group assign interfaces to the bridge group N o t e The router can both route and bridge traffic. It can even route and bridge traffic on the same Frame Relay or ATM interface.
Page 507: Disabling Ip Routing
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Bridging You can also assign only WAN interfaces to a bridge, although you probably would not use this application. In this case, the router would simply act as a corridor between remote sites. To assign an interface to a bridge group: Move to the logical interface configuration mode context: ProCurve(config)# int ppp 1...
Page 508: Viewing The Bridge Table
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Bridging Site A Site B 192.168.1.0 /25 192.168.1.128 /25 Router B Router A 192.168.1.1 - 192.168.1.128 - 192.168.1.127 192.168.1.254 Figure 10-3. Variable-Length Subnetting Viewing the Bridge Table The ProCurve Secure Router stores information about how to forward bridged packets in a bridge table.
Page 509 Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Bridging ProCurveSR7102dl# show bridge 1 Bridge Group 1: Total of 1024 station blocks, 1024 free Code: P - permanent Address Action Interface RX count TX count 00:10:4B:A0:DF:8F forward fr 1.16 00:D0:59:24:43:B5 forward eth 0/1 Packets received from and Host can be reached...
Page 510: Troubleshooting Bridging
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Troubleshooting Bridging Troubleshooting Bridging When traffic is not able to reach its destination, follow this standard trouble- shooting process: Check the Physical Layer: If the Stat LED for the carrier line’s module slot is green, the physical line is up.
Page 511: Configuring Spanning Tree
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree Verify that all hosts participating in a bridge group are on the same subnet. You can also try viewing the bridge table. If the table does not show entries for an interface, this is a good hint that the devices on the other end of that connection are on a different subnet.
Page 512: Overview
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree The overview provides a brief background in STP and RSTP for those who want to learn more about how the protocols function. Overview Network devices in a Data Link Layer network, such as bridges and switches, run STP or RSTP.
Page 513 Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree A device then marks the following ports for activation (forwarding frames): the root port designated ports—which connect to devices that consider the local device as their designated switch (and ports that connect to end users) All other ports become inactive.
Page 514: Rstp Improvements
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree When a change in network topology makes STP determine that a new port must become active, the port first passes through the listening and learning states. (When STP is initially enabled and devices exchange configuration BPDUs, all ports move through the listening and learning states until STP determines whether they should become blocked or forwarding ports.) In the listening state, the port processes BPDUs to determine whether it is...
Page 515 Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree (although this is not a typical application for the router). Important configu- rations for edge ports are BPDU guards and filters which keep the router from receiving BPDUs from user software or rogue devices. Blocking ports are divided into backup and alternate ports.
Page 516 Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree Designated Designated Root Root Root bridge Root bridge Bridge A Bridge A Designated Designated 1. The network is stable. 1. The network is stable. Root Root Bridge B Bridge B Designated Designated Root...
Page 517: Configuring Rstp
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree For example, in Figure 10-5, a connection is added between Bridge B and the root. The root bridge first asserts sync with Bridge B. Bridge B blocks its connection to Bridge A. Bridge B attempts to assert sync with Bridge A, but Bridge A rejects the offer because it has a better connection to the root.
Page 518 Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree Determining Which Device Becomes Root: Setting the Router’s Priority Spanning tree bridges elect the device with the lowest ID as the root. A bridge’s ID consists of its priority value plus its MAC address. By default, all interfaces on the router have a priority of 32,768 (the standard default setting).
Page 519: Setting Interface Roles
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree Another way to force the router to choose one connection over another is to set the port priority. The router only uses this value to choose between two interfaces that have equal cost connections to the root. To set a logical interface’s port priority, enter: Syntax: spanning-tree port-priority <value>...
Page 520 Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree Table 10-2. Defining Edge Ports Function Command Syntax CLI Context define all spanning tree interfaces on the spanning-tree edgeport default global configuration mode router as edge ports define all spanning tree interfaces on the no spanning-tree edgeport default global configuration mode router as non-edge ports (default...
Page 521 Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree To enable Frame Relay and ATM subinterfaces to act as edge ports, move to the logical interface configuration mode context and enter: Syntax: spanning-tree edgeport When the global setting defines all interfaces as edge ports by default, use the no form of the command to disable the edgeport setting on the individual subinterface.
Page 522: Altering Timers
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree By default, the ProCurve Secure Router uses the auto option to determine the connection type. RSTP assumes that full-duplex interfaces are point-to-point and half-duplex interfaces are shared. If, for whatever reason, you must override this setting, move to the logical interface’s configuration mode context and enter this command: Syntax: spanning-tree link-type [auto | point-to-point | shared] For example, the Ethernet interface 0/1 connects to a hub.
Page 523: Configuring Stp
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Configuring Spanning Tree Maximum Age Timer. BPDUs include a maximum age timer. Devices dis- card information received from a BPDU when this timer expires. With STP, the timer determines how long a device will wait to receive information about a connection from the root before assuming the connection is down.
Page 524: Troubleshooting Spanning Tree
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Troubleshooting Spanning Tree In a test environment, the filter keeps all connections up so that you can test them. C a u t i o n You should not use the global BPDU filter on a live network. When you enable the filter from the global configuration mode context, the filter applies to all interfaces on the router.
Page 525: Addressing Common Spanning Tree Problems
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Troubleshooting Spanning Tree Table 10-4. Spanning Tree debug Commands View Command Syntax general messages debug spanning-tree general messages when configuration changes occur debug spanning-tree config periodic hellos and messages when a change in debug spanning-tree events topology occurs all BPDUs received...
Page 526 Bridging—Transmitting Non-IP Traffic or Merging Two Networks Troubleshooting Spanning Tree You enter the command without any options to view the following spanning tree information for all bridge groups: root ID timers bridge ID interfaces: • role • status For example, Figure 10-6 displays the spanning tree instance for bridge group 1.
Page 527: Slow Convergence
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Troubleshooting Spanning Tree You can enter the command with the realtime option to view periodic updates of the spanning tree information without re-entering the command. The CLI displays the information in a new screen. You can exit the screen by pressing You can also pause and restart the display of the updates.
Page 528: Incorrect Path Selection
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Troubleshooting Spanning Tree You can force the entire router to return to RSTP by simply entering clear spanning-tree detected-protocol. Or you can force the single interface that connects to the updated device. For example: ProCurve# clear spanning-tree detected-protocol interface eth 0/1 Relatively slow convergence with RSTP may be caused by incorrectly config- ured point-to-point interfaces.
Page 529: Quick Start
Bridging—Transmitting Non-IP Traffic or Merging Two Networks Quick Start Quick Start This section provides the commands you must enter to quickly configure the router to bridge traffic. Only a minimal explanation is provided. If you need additional information about any of these options, see “Contents” on page 10-1 to locate the section that contains the explanation you need.
Page 530 Bridging—Transmitting Non-IP Traffic or Merging Two Networks Quick Start If so desired, change the router’s priority for becoming the root of the spanning tree. Syntax: spanning-tree priority <value> The value can be from 0 to 63535. If so desired, configure the cost of the connections on the router from the logical interface for the connection.
Page 531 IP Routing—Configuring Static Routes Contents Overview ........... . . 11-3 IP Addressing .
Page 532 IP Routing—Configuring Static Routes Contents Troubleshooting Static Routing ....... . . 11-23 Monitoring the Routing Table .
Page 533: Overview
IP Routing—Configuring Static Routes Overview Overview Unlike a simple switch, a router can route a packet from one network to another. When the ProCurve Secure Router receives a packet, it matches the packet’s destination address to a route in its routing table. This route specifies the interface through which the router must forward the packet in order for the packet to reach its destination.
Page 534: Networks
IP Routing—Configuring Static Routes Overview Unlike MAC addresses, IP addresses are not permanent or hardware specific. A host can change its address, and it can receive a temporary address from a server. However, public IP addresses must be unique and globally significant. (Otherwise, hosts could never be certain that data would arrive at the desti- nation they intended.) Certain IP addresses are reserved for private networks;...
Page 535: Classful Networks
IP Routing—Configuring Static Routes Overview 172.16.132.99 255.255.0.0 Host Address 10101100 00010000 10000100 01100011 Subnet Mask 11111111 11111111 00000000 00000000 Network Address 10101100 00010000 00000000 00000000 172.16.0.0 Figure 11-1. Subnet Masks Classful Networks In the early days of IP addressing, routing protocols did not always use subnet masks.
Page 536: Cidr
IP Routing—Configuring Static Routes Overview CIDR Classful networks condense more information into fewer bits: a router can resolve an address into its network and host bits without a 32-bit subnet mask. However, classful networks do not use IP addresses efficiently. Class C networks only provide addresses for 254 hosts, while Class B networks provide addresses for 65,534.
Page 537: Routing Table
IP Routing—Configuring Static Routes Overview When you use prefix lengths in this way, the bit length becomes, in a sense, part of the address. 172.16.0.0 /20 is a different network than 172.16.0.0 /16. The second is the network address for the entire class B network, while the first is a network that includes only hosts from 172.16.0.1 to 172.16.15.254.
Page 538: Next-Hop Address And Forwarding Interface
IP Routing—Configuring Static Routes Overview Next-Hop Address and Forwarding Interface A route’s next-hop address and forwarding interface instruct the router how to forward packets that match the destination address for the route. The next-hop address is the address of the next directly-connected device en route to the destination address.
Page 539: Other Information Stored In A Route
IP Routing—Configuring Static Routes Overview A route’s metric is the cost of sending traffic on that route and can be based on various criteria: number of hops to the destination link conditions: • bandwidth • delay • reliability organization policies •...
Page 540: Dynamic Routing Protocols
IP Routing—Configuring Static Routes Overview Dynamic Routing Protocols Routers can also construct their routing tables using dynamic routing proto- cols. The ProCurve Secure Router supports three routing protocols, each of which it can use alone or in conjunction with the others: RIP versions 1 and 2 Open Shortest Path First (OSPF) version 2 Border Gateway Protocol (BGP) version 4...
Page 541: Load Sharing
IP Routing—Configuring Static Routes Overview You should not implement a dynamic routing protocol on a demand interface that is used with a dial-up connection because the routing updates may keep the line up longer than is necessary, costing your organization money. Instead, configure a static route that uses the demand interface as the forwarding interface.
Page 542: Fast Caching
IP Routing—Configuring Static Routes Overview The router can share traffic over the routes based on destination, assigning traffic destined to some hosts to one route and traffic destined to other hosts to another route. In this case, the traffic may not be exactly balanced over the multiple connections, but the more sessions the router supports, the more evenly balanced the traffic will be.
Page 543: Configuring Static Routes
IP Routing—Configuring Static Routes Configuring Static Routes Process switching Router Internet Queue Fast caching Router Internet Fast-cache table Figure 11-2. Fast Caching Versus Process Switching Configuring Static Routes Overview A static route is a route that you add manually to a routing table. You can construct a router’s entire table manually.
Page 544: Configuring A Static Route
IP Routing—Configuring Static Routes Configuring Static Routes You can use static routing with dynamic routing. In this case, you supplement routes discovered through various protocols with manually added routes. You can configure the router to advertise these routes using a routing protocol, or you can keep the routes private.
Page 545 IP Routing—Configuring Static Routes Configuring Static Routes Router C 10.1.1.2 10.1.20.2 10.1.2.0/24 Router B Router A Routing table Routing table 10.2.8.0/24 Router D 10.1.0.0/16 B 10.1.2.0/24 C 10.1.30.2 10.1.3.0/24 D 10.1.3.0/24 Figure 11-4. Prefix Lengths with Static Routing You add routes to the routing table from the global configuration mode context.
Page 546: Configuring A Floating Static Route
IP Routing—Configuring Static Routes Configuring Static Routes ProCurve# show ip route 10.2.2.0/30 is directly connected, ppp 1 10.3.3.0/30 is directly connected, ppp 2 192.168.20.0/24 is directly connected, eth 0/1 192.168.30.0/24 [1/0] via 10.2.2.2, ppp 1 0.0.0.0/0 [1/0] via 0.0.0.0, ppp 2 Forwarding interface Administrative Metric...
Page 547: Configuring A Default Route
IP Routing—Configuring Static Routes Configuring Static Routes Because OSPF routes have an administrative distance of 110, specify 120 for the floating static route’s administrative distance. (Refer to Table 11-1 on page 11-11 for the administrative distance of various routing protocols.) Configuring a Default Route A default route is a special static route that applies to all traffic.
Page 548: Configuring A Route Through The Null Interface
IP Routing—Configuring Static Routes Configuring Static Routes For example, to configure Router A shown in Figure 11-6, you would enter: ProCurve(config)# ip route 192.168.10.0 /24 192.168.12.2 ProCurve(config)# ip route 0.0.0.0 /0 ppp 1 192.168.10.0 /24 Router B 192.168.12.2 PPP 1 Router A Internet 192.168.1.0 /24...
Page 549 IP Routing—Configuring Static Routes Configuring Static Routes For example, an organization has allocated the address space 192.168.20.0 /24 to a remote site. However, currently the site is only using half of the addresses. Network management have divided the network into two /25 subnets and left the second subnet (192.168.20.128 /25) unused.
Page 550: Configuring Load Sharing
IP Routing—Configuring Static Routes Configuring Load Sharing Configuring Load Sharing Your ProCurve Secure Router may have more than one connection to the same remote site or to the Internet. However, a router can typically select a single best route for a destination; without further configuration, traffic destined to the site will travel over only one of the connections.
Page 551 IP Routing—Configuring Static Routes Configuring Load Sharing When the router balances traffic per packet, it sends each new packet over each route in turn. Although this option balances traffic more exactly, it is not generally recommended. Because each successive packet takes a different route, packets may arrive at the destination out of order.
Page 552: Enabling Fast Caching
IP Routing—Configuring Static Routes Enabling Fast Caching Enabling Fast Caching The ProCurve Secure Router can route incoming packets using either: process switching fast caching A router using process switching: places packets in a queue to await processing looks up routes in the routing table, which contains all routes A router using fast caching: interrupts other processes to serve packets immediately looks up routes in the fast-cache table, which contains only recently-used...
Page 553: Troubleshooting Static Routing
IP Routing—Configuring Static Routes Troubleshooting Static Routing For example: ProCurve(config)# int eth 0/1 ProCurve(config-eth 0/1)# no ip route-cache N o t e Fast caching is forcibly disabled when you use the following processes: the ProCurve Secure Router OS firewall any firewall processes, such as ACLs and ACPs policy based routing (PBR) If you enable the firewall, the ProCurve Secure Router must use process switching because firewall features require the router to make more-extensive...
Page 554 IP Routing—Configuring Static Routes Troubleshooting Static Routing The screen displays the destinations to which the router can route traffic. (See Figure 11-8.) For each destination, the routing table also records: the method the router used to discover the route • B—BGP •...
Page 555: Using The Routing Table To Troubleshoot Static Routing
IP Routing—Configuring Static Routes Troubleshooting Static Routing Table 11-2. Viewing the Routing Table Table Section Command Syntax directly connected routes show ip route connected statically entered routes show ip route static show ip route bgp show ip route rip OSPF show ip route ospf routes displayed in table format show ip route table...
Page 556: Monitoring Routes
IP Routing—Configuring Static Routes Troubleshooting Static Routing If a static route will not appear in the routing table, verify that the associated forwarding interface is up. If necessary, troubleshoot that interface. If you have configured a next hop address for the static route, you should check the routing table to ensure that it includes a route to that next hop.
Page 557: Clearing Routes
IP Routing—Configuring Static Routes Troubleshooting Static Routing ProCurveSR7102dl#traceroute 192.168.100.2 Type CTRL+C to abort. Tracing route to 192.168.100.2 over a maximum of 30 hops Next hop— 10.1.1.2 directly 10.2.2.1 connected 192.168.100.2 neighbor Destination Figure 11-9. Traceroute Command Tracing routes allows you to monitor actual traffic flow (although in a neces- sarily limited fashion).
Page 558 IP Routing—Configuring Static Routes Troubleshooting Static Routing N o t e Clearing a route is not necessarily enough to solve a problem. Unless you address the reason that the router learned the inaccurate route, the router may only learn the inaccurate route again. If your router should not be receiving dynamic routes at all, then you should enter these commands: ProCurve(config)# no router rip...
Page 559 IP Routing—Configuring Static Routes Troubleshooting Static Routing ProCurve#show ip route Codes: C - connected, S - static, R - RIP, O - OSPF, B - BGP IA - OSPF inter area, N1 - OSPF NSSA external type 1 N2 - OSPF NSSA external type 2, E1 - OSPF external type 1 E2 - OSPF external type 2 Gateway of last resort 192.168.128.1 10.1.1.0/30 is directly connected, ppp 1...
Page 560: Connecting Simple Remote Sites
IP Routing—Configuring Static Routes Quick Start Quick Start This section provides the commands you must enter to quickly configure static routes. Only a minimal explanation is provided. If you need additional information about any of these options, check “Contents” on page 11-1 to locate the section that contains the explanation you need.
Page 561: Routing Traffic To An Isp
IP Routing—Configuring Static Routes Quick Start Routing Traffic to an ISP Configure a default route to the ISP router: ProCurve(config)# ip route 0.0.0.0 /0 ppp 1 Syntax: ip route 0.0.0.0 /0 <subnet mask | /prefix length> <next hop A.B.C.D | forward- ing interface ID>...
Page 562 IP Routing—Configuring Static Routes Quick Start 11-32...
Page 563 Domain Name System (DNS) Services Contents Overview ........... . . 12-3 Host and Domain Names .
Page 564 Domain Name System (DNS) Services Contents Quick Start ........... 12-19 Configuring the ProCurve Secure Router as a DNS Client .
Page 565: Overview
Domain Name System (DNS) is the Internet protocol for translating domain names or hostnames into IP addresses. The hostname is the familiar, alpha- numeric name for a host on the Internet (for example, www.hp.com), and the IP address is the 32-bit address that machines use to reach each other. DNS allows users to enter more readily memorable and intuitive hostnames rather than IP addresses.
Page 566: Authoritative And Caching Name Servers
Domain Name System (DNS) Services Overview This system diffuses domain records throughout the Internet. Hosts anywhere on the Internet can still reach each other because name servers can query each other for the hostnames they cannot translate. Authoritative and Caching Name Servers Most name servers function as an authoritative server for one or several zones and as a caching server for all other zones.
Page 567: Procurve Secure Router Dns Support
Domain Name System (DNS) Services Overview Organization B server Organization A Request for .com Root Top- server level server server Organization C Request for C.com server Request for www.C.com Figure 12-1. DNS Queries Similarly, when a client accesses several hosts in the same first-level domain, the DNS server caches the IP address for the first-level domain server.
Page 568: Dynamic Dns
Domain Name System (DNS) Services Overview Dynamic DNS Your device’s IP address may change, and such changes are not always under your control. For example, your router may receive a dynamic address from your Internet service provider (ISP). When a device’s address changes, DNS servers will no longer be able to resolve its hostname, and customers will not be able to access the device.
Page 569: Custom Dns
Domain Name System (DNS) Services Overview Static DNS You can use Static DNS to register a device with a free hostname in one of the domains used with Dynamic DNS. Static DNS provides many of the same services as Dynamic DNS, but it is tailored for devices whose IP addresses rarely change.
Page 570: Configuring Dns
Domain Name System (DNS) Services Configuring DNS Configuring DNS The extent to which you enable DNS functions on the ProCurve Secure Router depends on whether you want the router to simply be able to run the DNS client or to act as a name server for your organization. If you only want the router to act as a DNS client, you must: enable DNS (which is enabled by default) specify at least one external DNS server...
Page 571: Adding An Entry To The Router's Host Table
Domain Name System (DNS) Services Configuring DNS Adding an Entry to the Router’s Host Table DNS distributes the now overwhelmingly vast host table throughout many name servers. Network administrators maintain entries for their own domains, which keeps the table accurate and under control. You manage only the small section of the table on which you are an expert.
Page 572: Specifying Dns Server Addresses
Domain Name System (DNS) Services Configuring DNS Specifying DNS Server Addresses No single DNS server contains the entire host table for every host on the Internet. In order for the Internet to do its job—to allow a host in one location to access a host in any other location—name servers must be able to query each other about the many hosts not in their own tables.
Page 573: Process
Domain Name System (DNS) Services Troubleshooting DNS Troubleshooting DNS When the ProCurve Secure Router cannot correctly resolve domain names, you can monitor DNS error messages to pinpoint the source of the problem. You should be able to interpret DNS messages well enough to track the DNS process and determine where problems arise.
Page 574 Domain Name System (DNS) Services Troubleshooting DNS N o t e You can also start displaying the debug messages from any mode context with the do command. Then, have the DNS client again attempt to access the host. Track the router’s activity.
Page 575 Domain Name System (DNS) Services Troubleshooting DNS Host Table Does Not Include a Hostname. If necessary, add an entry to the host table. You can view the current entries in the running-config. Look for a miskeyed entry. Delete the faulty entry from the host table before adding the correct entry.
Page 576: Debugging Dns Client Activity
Domain Name System (DNS) Services Troubleshooting DNS Debugging DNS Client Activity DNS client activity deals only with the DNS requests the router makes on its own behalf. (The router always checks its own host table first. If it finds a match, no debug messages appear.) To monitor DNS client messages, move to the enable mode context and enter: ProCurve# debug ip dns-client...
Page 577: Configuring Dynamic Dns
Domain Name System (DNS) Services Configuring Dynamic DNS If the interface can reach the server, but the server consistently fails to translate hostnames, you should remove the server. If necessary, specify a new one. You can specify up to six DNS servers. Configuring Dynamic DNS When an interface has a dynamic IP address—for example, when your ISP provides its address—you should register its hostname with a dynamic DNS...
Page 578: Opening An Account With Dyndns
Domain Name System (DNS) Services Configuring Dynamic DNS You must complete three steps to configure a DynDNS service for a router interface: Open an account with DynDNS. Configure the logical interface’s IP address. Activate the dynamic DNS client. Opening an Account with DynDNS You should first register with DynDNS for a hostname.
Page 579: Specifying A Static Address
Domain Name System (DNS) Services Configuring Dynamic DNS DynDNS. You would then enter that hostname for the hostname option. See Chapter 13: Dynamic Host Configuration Protocol (DHCP) for more infor- mation on configuring a DHCP client. You can configure a PPP interface to take a dynamic address from a service provider with this interface configuration mode command: Syntax: ip address negotiated [no-default] See Chapter 6: Configuring the Data Link Layer Protocol for E1, T1, and...
Page 580: Special Considerations For Configuring Custom Dns
Domain Name System (DNS) Services Configuring Dynamic DNS Special Considerations for Configuring Custom DNS Custom DNS expands the services provided by Dynamic and Static DNS. For example: You control your own domain name, which you may already possess or which you may purchase from DynDNS. You can turn your hostname into a subdomain, which is handled by your own DNS servers.
Page 581: Configuring The Procurve Secure Router As A Dns Client
Domain Name System (DNS) Services Quick Start Quick Start This section provides the commands you must enter to quickly configure the ProCurve Secure Router to act as: a DNS client a proxy name server It also shows you how to configure a router interface to run a client that updates a dynamic DNS service when the interface’s IP address changes.
Page 582: Configuring The Procurve Secure Router As A Name Server
Domain Name System (DNS) Services Quick Start Configuring the ProCurve Secure Router as a Name Server Enable DNS proxy from the global configuration mode context: Syntax: ip domain-proxy Add entries for static devices on the network to the local host table. Syntax: ip host <hostname>...
Page 583 Domain Name System (DNS) Services Quick Start If you have not already done so, configure the interface’s IP address: To configure a dynamic IP address for an Ethernet interface, Frame Relay subinterface, or ATM subinterface, enter: Syntax: ip address dhcp [hostname <word> | no-default-route | no-domain- name | no-nameservers] b.
Page 584 Domain Name System (DNS) Services Quick Start 12-22...
Page 585 Dynamic Host Configuration Protocol (DHCP) Contents Overview ........... . . 13-3 DHCP Request Process .
Page 586: Configuring A Static Hostname For An Interface
Dynamic Host Configuration Protocol (DHCP) Contents Configuring a Router Interface as a DHCP Client ....13-21 Configuring a Dynamic Address ......13-22 Setting an Interface’s Client ID .
Page 587: Overview
Dynamic Host Configuration Protocol (DHCP) Overview Overview Every computer or device that connects to the Internet or to an IP network needs an IP address. Most users do not have the expertise to configure an IP address, subnet mask, and gateway. In addition, whenever a computer changes its location in the network, it must receive a new address.
Page 588: The Procurve Secure Router As A Dhcp Server
Dynamic Host Configuration Protocol (DHCP) Overview The server responds with a DHCPACK, which includes: • the agreed-upon network address • a default gateway • a lease time • the address of one or more DNS servers (optional) • the address of one or more WINS servers (optional) ProCurve Secure Router DHCP clients...
Page 589: The Procurve Secure Router As A Dhcp Client
Dynamic Host Configuration Protocol (DHCP) Overview Eth 0/1 Switch Router Eth 0/2 Switch LAN 1 192.168.1.0 /24 LAN 2 192.168.2.0 /24 Figure 13-2. ProCurve Secure Router DHCP Server You should configure one DHCP pool for each subnet. For the default gateway, you would specify the IP address of the Ethernet interface through which the router connects to the subnet.
Page 590: Configuring A Dhcp Server
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server Ethernet interfaces can also be DHCP clients on the connected subnet. Usually, however, it is a good idea to assign network nodes a static address. Interfaces on the ProCurve Secure Router that can take a dynamic address are: Ethernet interfaces Frame Relay subinterfaces Asynchronous Transfer Mode (ATM) subinterfaces...
Page 591: Excluding Static Addresses
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server You can also: • configure a parent pool from which child pools import global settings • assign a fixed DHCP address to a single client • configure ping settings for the DHCP server Excluding Static Addresses Certain IP addresses in your network may be statically assigned to specific hosts: for example, the router itself, the Ethernet interface, DNS and Web...
Page 592: Specifying The Network Address And Subnet Mask
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server The command line interface (CLI) displays Configuring New Pool “<pool- name>” and moves you into the DHCP server pool configuration mode context. You can also edit a pool with the same command. The CLI displays Configuring Existing Pool “<poolname>”.
Page 593: Specifying The Default Gateway
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server See the overview in Chapter 11: IP Routing—Configuring Static Routes for more information on network addresses, subnet masks, and prefix lengths. N o t e If you do not specify a subnet mask or prefix length, the server will use the class A, B, or C natural mask associated with the network address.
Page 594: Changing A Pool's Lease Time
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server Changing a Pool’s Lease Time Whenever a DHCP server sends a DCHPACK message to a client with its committed IP address and other network configurations, the server includes a lease time. This time puts a limit on how long the client can reserve the address.
Page 595: Specifying Dns, Wins, And Other Servers
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server Specifying DNS, WINS, and Other Servers DHCP clients often need other configurations besides an IP address. The DHCP server can also issue addresses to clients for the devices that provide various services for the subnet.
Page 596: Specifying A Domain Name For The Subnet
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server Enter these commands: Syntax: tftp-server <A.B.C.D> Syntax: ntp-server <A.B.C.D> Syntax: timezone-offset <-12 to 12> Specifying a Domain Name for the Subnet If your organization wants users to have the organization’s domain name, you should configure the DHCP server to issue this name with the IP address.
Page 597: Configuring Parent And Child Pools
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server Configuring Parent and Child Pools If your ProCurve Secure Router supports contiguous subnets, you can config- ure a single parent pool for the range of subnets. In this pool, you would specify settings that apply to all of the subnets, such as domain name, DNS servers, WINS servers, and lease time.
Page 598: Example Dhcp Pool Configuration
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server You do not specify a default router for a parent pool. You configure the child pools just as you do any DHCP pool, but you only have to configure the subnet address and default router. If you alter a setting, such as the lease time, the configuration in the child pool overrides that in the parent pool.
Page 599: Configuring Dhcp Scopes
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server Also, when you want to assign a particular host a permanent address, some- times it is better to configure this address through a server, rather than through whatever application is on the host. DHCP automatically tracks addresses so that two devices are not inadvertently given the same address.
Page 600 Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server After you enable 802.1Q encapsulation (for VLAN tagging) on the Ethernet interface, you can configure Ethernet subinterfaces. You assign the subinter- faces a VLAN ID and an IP address. To configure the DHCP scope, you simply specify that IP address as the default router of the DHCP pool configured for the VLAN.
Page 601: Configuring The Dhcp Server's Ping Settings
Dynamic Host Configuration Protocol (DHCP) Configuring a DHCP Server Configure the VLAN interfaces: ProCurve(config-eth 0/1)# interface eth 0/1.1 ProCurve(config-eth 0/1.1)# description Scope 1 interface ProCurve(config-eth 0/1.1)# vlan-id 101 ProCurve(config-eth 0/1.1)# ip address 10.2.1.1 255.255.255.0 ProCurve(config-eth 0/1.1)# no shutdown ProCurve(config-eth 0/1.1)# interface eth 0/1.2 ProCurve(config-eth 0/1.2)# description Scope 2 interface ProCurve(config-eth 0/1.2)# vlan-id 102 ProCurve(config-eth 0/1.2)# ip address 10.3.1.1 255.255.255.0...
Page 602: Managing And Troubleshooting The Dhcp Server
Dynamic Host Configuration Protocol (DHCP) Managing and Troubleshooting the DHCP Server To change the timeout setting, enter: Syntax: ip dhcp-server ping timeout <milliseconds> The valid range is from 10 to 1000 ms. To change the ping packet count, enter: Syntax: ip dhcp-server ping packets <count> The count can be from 0 to 100.
Page 603: Viewing Dhcp Client Bindings
Dynamic Host Configuration Protocol (DHCP) Managing and Troubleshooting the DHCP Server Viewing DHCP Client Bindings The ProCurve Secure Router stores a table of DHCP bindings. In this table, you can view the IP addresses for all active DHCP clients served by the router. This can be helpful for troubleshooting.
Page 604: Clients Unable To Receive A Dhcp Address
Dynamic Host Configuration Protocol (DHCP) Managing and Troubleshooting the DHCP Server C a u t i o n Debug messages can tie up the router’s processor. Therefore, you should be very cautious about using them in a live network. You should begin by troubleshooting the host experiencing the problem and rule out a connectivity problem.
Page 605: Configuring A Router Interface As A Dhcp Client
Dynamic Host Configuration Protocol (DHCP) Configuring a Router Interface as a DHCP Client A router interface must have its primary address on the subnet specified in the pool in order to respond to requests. You should also check that the DHCP network matches the address for the connecting router interface.
Page 606: Configuring A Dynamic Address
Dynamic Host Configuration Protocol (DHCP) Configuring a Router Interface as a DHCP Client You can also: set the interface’s client ID set the interface’s hostname enable the interface to take configurations other than the IP address Configuring a Dynamic Address You enable the DHCP client on an individual interface.
Page 607: Setting An Interface's Client Id
Dynamic Host Configuration Protocol (DHCP) Configuring a Router Interface as a DHCP Client Setting an Interface’s Client ID DHCP servers use client identifiers to index their database of address bind- ings. This database maps clients to their temporary IP addresses and other configurations.
Page 608: Preventing The Interface From Taking Other Configurations
Dynamic Host Configuration Protocol (DHCP) Configuring a Router Interface as a DHCP Client Setting the Interface’s Hostna If necessary, you can change the hostname for the single interface only. For example, you could register for a hostname with a dynamic DNS service. (See Chapter 12: Domain Name System (DNS) Services.) You could then ask your ISP to advertise this hostname, which you specify with the following command: Syntax: ip address dhcp hostname “<name>”...
Page 609 Dynamic Host Configuration Protocol (DHCP) Configuring a Router Interface as a DHCP Client Move to the interface configuration mode context. Then enter the ip address dhcp command with the keyword for the configuration that you do not want the router to accept: Syntax: ip address dhcp [no-default-route | no-domain-name | no-name-servers] To disable more than one configuration, string the keywords together in the same command.
Page 610: Managing And Troubleshooting The Dhcp Client
Dynamic Host Configuration Protocol (DHCP) Managing and Troubleshooting the DHCP Client Managing and Troubleshooting the DHCP Client You should carefully monitor interfaces with dynamic addresses to ensure that they have an address and are using the proper configurations. Viewing the Interface’s Lease To view the active DHCP client leases on the router, enter: ProCurve# show ip dhcp-client lease The CLI displays all interfaces with dynamic addresses.
Page 611: Releasing And Renewing Dynamic Addresses
Dynamic Host Configuration Protocol (DHCP) Managing and Troubleshooting the DHCP Client Turn off the DHCP client: ProCurve(config)# no ip address dhcp This command disables the DHCP client on the interface, which then immediately sends a message to release its DHCP-assigned address. Re-enter the ip address dhcp command with the keywords for preventing the interface from taking optional configurations.
Page 612 Dynamic Host Configuration Protocol (DHCP) Managing and Troubleshooting the DHCP Client C a u t i o n Debug messages can tie up the router’s processor and compromise the net- work’s functions. Therefore, you should take care when using them with active networks.
Page 613 Dynamic Host Configuration Protocol (DHCP) Managing and Troubleshooting the DHCP Client An individual interface does not have to be up with an active network link for the router to run the DHCP client. Before looking for problems with the DHCP client configuration, make sure that the interface is up with the show inter- faces command.
Page 614: Configuring Dhcp Relay
Dynamic Host Configuration Protocol (DHCP) Configuring DHCP Relay Configuring DHCP Relay DHCP relies on clients being able to reach a server by broadcasting a request. The DHCP request is limited by being broadcast to the application port for DHCP (the BOOTPS port, 67). Limited broadcasts propagate only throughout the local subnet.
Page 615 Dynamic Host Configuration Protocol (DHCP) Configuring DHCP Relay You can set different helper addresses for different interfaces. For example, if your LAN uses different servers for different subnets, you could configure the router to forward DHCP requests received on one Ethernet (or VLAN) interface to one address and requests received on another interface to a different address.
Page 616 Dynamic Host Configuration Protocol (DHCP) Quick Start Quick Start This section provides the commands you must enter to quickly configure: the router to act as a DHCP server for a subnet the router to assign a fixed DHCP address to a single host a router interface to act as a DHCP client Only a minimal explanation is provided.
Page 617: Configuring A Dhcp Server For A Network
Dynamic Host Configuration Protocol (DHCP) Quick Start Configurations Parameters Your Setting other configurations lease in days, hours, and minutes domain name timezone offset LAN 1 Router 192.168.32.0 /19 LAN 2 192.168.64.0 /19 Figure 13-8. Example DHCP Network Configuring a DHCP Server for a Network If you so choose, you can print and fill out Table 13-2 and refer to it while configuring the DHCP server on your router.
Page 618: Assigning A Fixed Dhcp Address To A Single Host
Dynamic Host Configuration Protocol (DHCP) Quick Start Specify the range of subnets for the parent pool. Syntax: network <network A.B.C.D> <subnet mask | /prefix length> For example: ProCurve(config-dhcp)# network 192.168.0.0 /16 Specify optional global settings such as DNS servers, WINS servers, and lease time.
Page 619 Dynamic Host Configuration Protocol (DHCP) Quick Start Table 13-3. Settings for Assigning a Host a Fixed Address Configuration Parameter Your Setting host DHCP Pool pool name host MAC address fixed IP address default gateway IP address servers primary DNS server secondary DNS server primary WINS (NetBIOS) server...
Page 620: Configuring A Router Interface As A Dhcp Client
Dynamic Host Configuration Protocol (DHCP) Quick Start Configure other necessary settings such as servers and a domain name. You can also assign the client a name. Syntax: dns-server <DNS server A.B.C.D> <secondary DNS server A.B.C.D> Syntax: netbios-name-server <WINS server A.B.C.D> <secondary WINS server A.B.C.D>...
Page 621 Dynamic Host Configuration Protocol (DHCP) Quick Start Configure the router to take a dynamic address from a server. Syntax: ip address dhcp For a default configuration, simply enter the command without any options. For example: ProCurve(config-fr 1.101)# ip address dhcp b.
Page 622 Dynamic Host Configuration Protocol (DHCP) Quick Start 13-38...
Page 623 Using the Web Browser Interface for Basic Configuration Tasks Contents Configuring Access to the Web Browser Interface ....14-4 Enabling Access to the Web Browser Interface ....14-4 Managing Files, Firmware, Boot Software, and the AutoSynch™...
Page 624 Using the Web Browser Interface for Basic Configuration Tasks Contents Configuring Ethernet Interfaces ....... . . 14-31 IP Settings .
Page 625 Using the Web Browser Interface for Basic Configuration Tasks Contents Configuring ADSL Interfaces ........14-61 Configure an ATM Interface .
Page 626: Configuring Access To The Web Browser Interface
Using the Web Browser Interface for Basic Configuration Tasks Configuring Access to the Web Browser Interface Configuring Access to the Web Browser Interface You can use the Web browser interface to configure interfaces on your router. To access the Web browser interface, you must first use the command line interface (CLI) to enable the HTTP server on the ProCurve Secure Router and to configure a username and password for HTTP access.
Page 627: Managing Files, Firmware, Boot Software
Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function Managing Files, Firmware, Boot Software, and the AutoSynch™ Function In the Utilities section of the Web browser interface, you can do basic file management tasks, manage the AutoSynch function, and set the router’s firmware and boot software using the Web browser interface.
Page 628 Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function N o t e The AutoSynch function is a feature that allows the router to maintain exact, up-to-date copies of the boot code and startup-config files on the router’s internal flash and a mounted compact flash card.
Page 629: Configuration
Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function The AutoSynch Status window displays AutoSynch messages, such as the current synchronization status of the software (SROS.BIZ) file and startup- config file and any AutoSynch error messages. For a list of AutoSynch error messages and troubleshooting methods, see Chapter 1: Overview.
Page 630 Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function To set the secondary startup config file, click the desired configuration file from the pull-down menu. To save these changes to the running-config file, click Apply. N o t e If the AutoSynch function is enabled, the primary and backup startup-config files and locations are automatically set and cannot be changed.
Page 631 Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function Click Save. The Save As dialog box is displayed. Locate the folder where you want to save the file and click Save. After you have downloaded the configuration file onto your PC, you can open and edit it in a text editor program such as Notepad.
Page 632: Firmware
Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function Figure 14-6. Delete Config File In the Delete Config File section, use the pull-down menu to display all the files on flash and cflash and select the file you want to delete. Click the Delete button to erase the file.
Page 633 Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function Figure 14-7. Set Primary/Backup Firmware Use the pull-down menu for the Primary Firmware box to select the file you want for your primary firmware. This file should be cflash SROS.BIZ. To set the backup firmware, use the pull-down menu for the Backup Firmware box to select the file you want for your backup software.
Page 634 Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function Upload Firmware. This section allows you to upload boot code and OS updates to your router. To get these updates, go to www.procurve.com and download the new firmware files to your PC.
Page 635: Reboot Unit
Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function Figure 14-9. Delete Firmware Use the pull-down menu for the Delete Firmware box to select the file that you want to delete. Click the Delete button.
Page 636: Telnet To Unit
Using the Web Browser Interface for Basic Configuration Tasks Managing Files, Firmware, Boot Software, and the AutoSynch™ Function Click the Save and Reboot button to save a copy of the current configura- tion to a startup-config file. If you are running the AutoSynch feature, a copy is saved to both internal flash and compact flash.
Page 637: Enabling Ip Services On The Router
Using the Web Browser Interface for Basic Configuration Tasks Enabling IP Services on the Router Enabling IP Services on the Router In the IP Services section, you can enable or disable the following servers on the router: Simple Network Management Protocol (SNMP) TFTP HTTP HTTPS...
Page 638 Using the Web Browser Interface for Basic Configuration Tasks Enabling IP Services on the Router Figure 14-11. IP Services Enable/Disable To enable the router as an SNMP Server, click the box. To enable the router as an FTP Server, click the box. To enable the router as a TFTP server, click the box.
Page 639: Web Access Configuration
Using the Web Browser Interface for Basic Configuration Tasks Enabling IP Services on the Router To change the HTTPS Server Port, enter the desired port number in the box. The default is 443. To enable the router’s Secure Copy Server, click the box. 10.
Page 640: Configuring Passwords To Control Management Access
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring Passwords to Control Management Access to the Router The ProCurve Secure Router uses usernames and passwords to control man- agement access to the router. In addition to configuring usernames and passwords for each access method, you can enable the Authentication, Autho- rization, and Accounting (AAA) subsystem, which allows you to configure multiple access methods in case an access method fails.
Page 641: Configuring A Local User List: Passwords For Web
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Figure 14-13. Add/Modify/Delete Users Window Configuring a Local User List: Passwords for Web, SSH, and FTP Access When you configured the router for HTTP or HTTPS access, you entered a username and password.
Page 642 Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router To view the local user list from the Web browser interface, select Pass- words in the left navigation bar. The Add/Modify/Delete Users window is displayed, and the usernames that have been configured are listed under the Modify/Delete User heading.
Page 643: Configuring An Enable Mode Password
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring an Enable Mode Password To configure an enable mode password, complete these steps: Select Passwords in the left navigation bar and scroll to the bottom of the Add/Modify/Delete Users window.
Page 644: Configuring A Password For Telnet Access
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring a Password for Telnet Access To configure a password for Telnet access, complete these steps: Select Passwords in the left navigation bar and scroll to the bottom of the Add/Modify/Delete Users window.
Page 645: Configuring A Password For Console Access
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring a Password for Console Access To configure a password for console access, complete these steps: Select Passwords in the left navigation bar and scroll to the bottom of the Add/Modify/Delete Users window.
Page 646: Configuring A Password For Ssh Access
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring a Password for SSH Access To configure a password for SSH access, complete these steps: Select Passwords in the left navigation bar and scroll to the bottom of the Add/Modify/Delete Users window.
Page 647: Configuring A Password For Http Access
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring a Password for HTTP Access To configure a password for Web access, complete these steps: Select Passwords in the left navigation bar and scroll to the bottom of the Add/Modify/Delete Users window.
Page 648: Configuring A Password For Ftp Access
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring a Password for FTP Access To configure a password for FTP access, complete these steps: Select Passwords in the left navigation bar and scroll to the bottom of the Add/Modify/Delete Users window.
Page 649: Using The Aaa Subsystem To Control Management Access
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Using the AAA Subsystem to Control Management Access Authentication, authorization, and accounting (AAA) is an industry standard for controlling: which users can access a system (authentication) what they can do once they are granted access (authorization) what is recorded about their activities (accounting) The AAA subsystem on the ProCurve Secure Router currently supports...
Page 650: Configuring Authentication Using A Radius Server
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Configuring Authentication Using a RADIUS Server If you want to use a RADIUS server to authenticate users who access the router, you must enable the AAA subsystem. Select Passwords in the left navigation bar and scroll to the bottom of the Add/Modify/Delete Users window.
Page 651: Configuring Authentication Using A Tacacs+ Server
Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router For TCP Port, accept the default port unless the RADIUS server is operating on a different port. For Retries, configure the number of attempts that the ProCurve Secure Router will make to contact the RADIUS server.
Page 652 Using the Web Browser Interface for Basic Configuration Tasks Configuring Passwords to Control Management Access to the Router Figure 14-22. Configure the Settings for a TACACS+ Server b. For Address, enter the IP address of the TACACS+ server. For Shared Key, enter the shared key. Re-enter the key to confirm it. d.
Page 653: Configuring Ethernet Interfaces
Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces Configuring Ethernet Interfaces To configure an Ethernet interface from the Web browser interface, complete the following steps. If you need more information about any of the options, see Chapter 3: Configuring Ethernet Interfaces. Click Physical Interfaces in the left navigation bar.
Page 654 Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces Use the pull-down menu to configure the Speed/Duplex setting: To select an automatically negotiated connection, select Auto. b. To specify a 10 Mbps connection with half-or full-duplex, select 10Mbps/half or 10Mbps/full.
Page 655 Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces Figure 14-24.IP Settings Section 10. Use the pull-down menu to configure the Address Type: • None—Select this setting if you intend to set up a bridge group with the Ethernet interface.
Page 656: Secondary Ip Settings
Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces b. For Dynamic DNS Hostname, enter the hostname you are registering for the interface. For Dynamic DNS Username, enter the username for your company’s account with DynDNS.org. d. For Dynamic DNS Password, enter the password for your company’s account with DynDNS.org.
Page 657: Configuring Pppoe For The Ethernet Interface
Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces Figure 14-25.Status for Ethernet Interface Configuring PPPoE for the Ethernet Interface To configure PPPoE, complete the following steps: Access the Configuration for Ethernet window, select PPPoE for the Interface Mode, and click Apply.
Page 658 Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces Figure 14-26.PPPoE for the Ethernet Interface If you want to configure PPP authentication, see “PPP Authentication” on page 14-50. Configure IP settings. For Address Type select one of the following. •...
Page 659 Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces Figure 14-27.Configure IP Settings Dynamic DNS Configure dynamic DNS, if needed. For more information about dynamic DNS, see “Configuring Dynamic DNS” on page 14-91. For Dynamic DNS, use the pull-down menu to select DynDNS.org, DynDNS.org Static, or DynDNS.org Custom.
Page 660: View Statistics For The Ppp Interface
Using the Web Browser Interface for Basic Configuration Tasks Configuring Ethernet Interfaces View Statistics for the PPP Interface Status information is displayed at the bottom of the Configuration PPPoE window. After you apply your changes, the PPP Link State will be “starting,” indicating that the ProCurve Secure Router OS is trying to establish a PPP connection with its peer.
Page 661: Configuring E1 And T1 Interfaces
Using the Web Browser Interface for Basic Configuration Tasks Configuring E1 and T1 Interfaces Configuring E1 and T1 Interfaces When you set up an E1- or T1-carrier line, you must configure the Physical Layer and the Data Link Layer. This section explains how to configure the Physical Layer—the E1 or T1 interface—if you have purchased: an E1 module that includes a built-in Digital Service Unit (DSU) a T1 module that includes a built-in Channel Service Unit (CSU)/DSU...
Page 662 Using the Web Browser Interface for Basic Configuration Tasks Configuring E1 and T1 Interfaces Figure 14-30. Configuration for E1 Interface Window Enter a description in the Description box if you want to document information about the E1 or T1 interface. This information will be dis- played in the running-config under the appropriate interface heading.
Page 663 Using the Web Browser Interface for Basic Configuration Tasks Configuring E1 and T1 Interfaces Configure the clock source for the interface in the Clocking pull-down menu. • Select line if you want the interface to take its timing from the public carrier’s equipment.
Page 664: Status Information
Using the Web Browser Interface for Basic Configuration Tasks Configuring E1 and T1 Interfaces 11. Accept the default setting of 64 Kbps for the DS0 speed unless your public carrier tells you to change this setting. Typically, you will change the setting only if you are leasing a T1-carrier line and are using the D4 frame format.
Page 665 Using the Web Browser Interface for Basic Configuration Tasks Configuring E1 and T1 Interfaces Figure 14-31. Status for E1 Interface C a u t i o n Clicking the Continuous Refresh button requires the router to send continuous updates, consuming bandwidth and router resources. 14-43...
Page 666: Configuring A Serial Interface For An E1- Or T1-Carrier Line
Using the Web Browser Interface for Basic Configuration Tasks Configuring a Serial Interface for an E1- or T1-Carrier Line Configuring a Serial Interface for an E1- or T1-Carrier Line If your public carrier provided you with an external CSU/DSU, you purchased a serial module for the ProCurve Secure Router.
Page 667 Using the Web Browser Interface for Basic Configuration Tasks Configuring a Serial Interface for an E1- or T1-Carrier Line Enter a string of up to 80 characters in the Description field if you want to document information about this interface. Select the Enable box to activate the interface.
Page 668: Configuring The Data Link Layer Protocol For
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Status Information Status information is displayed at the bottom of the Configuration for Serial window. This readout is not in real-time. To update the readout to the current statistics, click the Continuous Refresh button.
Page 669: Configure Ppp As The Data Link Layer Protocol
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configure PPP as the Data Link Layer Protocol The following steps explain the initial configuration of PPP as the Data Link Layer protocol.
Page 670 Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces If you have not set a QoS Policy, None is displayed for its QoS policy. To create a QoS policy, see “Configuring Quality of Service” on page 14-44 in the Advanced Management and Configuration Guide.
Page 671 Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Figure 14-35. IP Settings Dynamic DNS 10. Configure dynamic DNS, if needed. For more information about dynamic DNS, see “Configuring Dynamic DNS” on page 14-91. For Dynamic DNS, use the pull-down menu to select DynDNS.org, DynDNS.org Static, or DynDNS.org Custom.
Page 672 Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Status Information Status information is displayed at the bottom of the Configuration PPP window. After you apply your changes, the PPP Link State will be “starting,” indicating that the ProCurve Secure Router OS is trying to establish a PPP connection with its peer.
Page 673 Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Figure 14-36. Configuring Two-Way PAP Authentication In the pull-down menu for Peer Authentication Type, select PAP or CHAP. Enter the remote endpoint’s username and password in the Peer Username and Peer Password fields.
Page 674: Configure Frame Relay As The Data Link Layer Protocol
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Figure 14-37. Configuring the Local Router to Authenticate Itself In the pull-down menu for Sent Authentication Type, select PAP or CHAP. The protocol must match that requested by the peer.
Page 675 Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Figure 14-38. Frame Relay Configuration Window From the Frame Relay Configuration window, enter a string of text up to 80 characters in the Description box if you want to record information about the WAN connection.
Page 676: Configure A Permanent Virtual Circuit (Pvc)
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Use the pull-down menu to select the Frame Relay’s signaling role: • If this interface is acting as Data Terminal Equipment, select Connect to a switch (DTE).
Page 677 Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Figure 14-40.Configuration for Frame Relay Subinterface Window Enter a string of text up to 80 characters in the Description box if you want to record information about the Frame Relay subinterface.
Page 678: Configure Ip Settings
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configure IP Settings Configure the IP settings for the Frame Relay subinterface. • None—Select this setting if you intend to set up a bridge group with the Frame Relay subinterface.
Page 679 Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Figure 14-41. Statistics for Frame Relay Subinterface 11. Reset statistics by clicking the Clear Statistics button. 12. Get continuous updates by clicking the Continuous Refresh button. To stop the continuous updates, click the Stop Refreshing button.
Page 680: Configure Hdlc As The Data Link Layer Protocol
Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Configure HDLC as the Data Link Layer Protocol The following steps explain the initial configuration of HDLC as the Data Link Layer protocol.
Page 681 Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Verify that the HDLC is bound to the proper physical interface by checking the Physical Interface field. If you have not set a QoS Policy, this HDLC interface will display None for its QoS policy.
Page 682 Using the Web Browser Interface for Basic Configuration Tasks Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces Status Information You can also check the HDLC interface statistics in the Status for “hdlc <interface>” section. To reset the statistics, click the Clear Statistics button. To get real-time updates, click Continuous Refresh.
Page 683: Configuring Adsl Interfaces
Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces Configuring ADSL Interfaces To configure the ProCurve Secure Router to support an Asymmetric Digital Subscriber Line (ADSL), complete the following steps. If you need more information about any of the ADSL or Asynchronous Transfer Mode (ATM) options, see Chapter 7: ADSL WAN Connections.
Page 684 Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces Figure 14-46.Configuration for ADSL Window Enter a description for the interface if you want to document information about the ADSL connection. The description is displayed when you view the running-config file.
Page 685: Configure An Atm Interface
Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces Configure an ATM Interface Figure 14-47.Configuration for ATM Interface Window 12. Enter a description if you want to document information about the ATM interface. 13. Click the Enabled box to activate the ATM interface. 14.
Page 686 Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces Figure 14-48. Configuration for ATM Subinterface Window 16. Click the Enabled box to activate the subinterface. 17. For PVC, enter the virtual path identifier (VPI) in the first box, and enter the virtual channel identifier (VCI) in the second box.
Page 687 Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces Figure 14-49. Advanced Configuration Section 21. Configure Fair-Queue, Fair-Queue Threshold, and Hold-Queue settings if you want to configure QoS on this interface. For more information about QoS, see“Configuring Quality of Service” on page 14-44 in the Advanced Management and Configuration Guide.
Page 688: Configuring Atm Only
Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces • OAM PVC Frequency—determines the time delay between OAM loopback cells. This setting is used unless the router is verifying a PVC state change (in which case it uses the OAM retry frequency setting). Specify a number between 0 to 600 seconds.
Page 689 Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces 26. For Address Type, use the pull-down menu to select: • None—Select None if you want this interface to be part of a bridge. Static—Select Static if you want to configure a fixed IP address for •...
Page 690: Configuring Pppoe Or Pppoa For The Adsl Connection
Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces Status Information You can view information about both the ATM interface and subinterface. To view information about the ATM interface, move to the Configuration for “atm <interface>” window and scroll to the bottom of the window. Likewise, you can view the status of the ATM subinterface by scrolling to the bottom of the Configuration for “atm <subinterface>”...
Page 691 Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces Figure 14-52.PPPoE Configuration Window Configure IP settings. For Address Type select one of the following. • None—Select this setting if you intend to set up a bridge group with the PPP interface.
Page 692: View Statistics For The Ppp Interface
Using the Web Browser Interface for Basic Configuration Tasks Configuring ADSL Interfaces • Unnumbered—To set up the PPP interface with the same IP address as another interface, click the Unnumbered option. The Interface box is displayed. Use the pull-down menu for the Interface box to select the appropri- ate interface.
Page 693: Isdn Modules
Using the Web Browser Interface for Basic Configuration Tasks ISDN Modules ISDN Modules The two-port ISDN modules provide basic rate interface (BRI) ISDN for a primary WAN connection. Each ISDN line can provide up to two 64 Kbps channels. You can aggregate multiple channels for a single ISDN connection. (However, you must configure the aggregation from the CLI.) The ISDN BRI S/T module provides an interface to connect the router to Network Termination 2 (NT2) or NT1 equipment.
Page 694 Using the Web Browser Interface for Basic Configuration Tasks ISDN Modules Figure 14-53. Configuration for a BRI Interface Enter a description in the Description box if you want to document information about the BRI interface. This information will be displayed in the running-config under the appropriate interface heading.
Page 695 Using the Web Browser Interface for Basic Configuration Tasks ISDN Modules After you activate the BRI interface, you can view its status. Scroll to the Status for BRI window. The Line Status indicates whether the interface is up or down and whether it currently active. You can view the B1 State, B2 State, and D-Channel State to determine which channels are currently active.
Page 696 Using the Web Browser Interface for Basic Configuration Tasks E1 + G.703 and T1 + DSX-1 Modules You can restart the D-channel by selecting the Restart-d option and clicking Apply. For example, you might need to restart the D-channel if a problem occurs during the call process.
Page 697 Using the Web Browser Interface for Basic Configuration Tasks E1 + G.703 and T1 + DSX-1 Modules When you configure the G.703 or DSX-1 interface, the settings you enter should match those used by your private branch exchange (PBX). To configure the G.703 or DSX-1 interface from the Web browser interface, complete the following steps: From the left navigation bar, click Physical Interfaces.
Page 698 Using the Web Browser Interface for Basic Configuration Tasks E1 + G.703 and T1 + DSX-1 Modules To activate the interface, select the Enable box. Ignore the clock source because you set the clock source for this module on the E1 or T1 interface. Set the frame format: •...
Page 699: Bridging
Using the Web Browser Interface for Basic Configuration Tasks Bridging Bridging You can configure the router to act as a remote bridge so that it can: bridge non-IP protocols bridge two sites using addresses on the same subnet The ProCurve Secure Router automatically implements Rapid Spanning Tree Protocol (RSTP), or IEEE 802.1w on all bridged interfaces.
Page 700 Using the Web Browser Interface for Basic Configuration Tasks Bridging Figure 14-56. Disabling Routing In the left navigation bar, select Bridging under Router/Bridge. Enter a number between 1 and 255 in the Bridge Number box in the Add/ Modify/Delete Bridge window. Click Add.
Page 701 Using the Web Browser Interface for Basic Configuration Tasks Bridging Figure 14-57. Configuring a Bridge The Assign Interfaces to a Bridge window displays all Ethernet and logical interfaces on the router. (For Frame Relay and ATM, it displays subinterfaces.) For each interface that should participate in the bridge, select the bridge group from the pull-down menu.
Page 702: Configuring The Spanning Tree Protocol
Using the Web Browser Interface for Basic Configuration Tasks Bridging Figure 14-58. Viewing the Bridge Table A bridge group on ProCurve Secure Router listens for frames from connected hosts. It stores the frame’s source MAC address with the interface on which the frame arrived in a bridge table.
Page 703: Viewing A Spanning Tree
Using the Web Browser Interface for Basic Configuration Tasks Bridging Viewing a Spanning Tree RSTP and STP prune connections in a looped topology. All nodes participating in the same bridge group generate a shared, loopless topology. You can view information about this topology, called a spanning tree instance. Follow these steps: In the left navigation bar, select Spanning Tree under Router/Bridge.
Page 704: Setting Global Spanning Tree Parameters
Using the Web Browser Interface for Basic Configuration Tasks Bridging Figure 14-59.Viewing a Spanning Tree Setting Global Spanning Tree Parameters You set the spanning tree protocol version, router’s bridge priority, and spanning tree timers in the Spanning Tree window. Select Spanning Tree under Router/Bridge in the left navigation bar. RSTP is fully backwards compatible with STP.
Page 705 Using the Web Browser Interface for Basic Configuration Tasks Bridging Figure 14-60. Configuring Spanning Tree Properties Bridges elect the device with the lowest bridge ID (priority plus MAC address) root. You can manipulate which device becomes root by chang- ing devices’ priorities. Enter a number between 0 and 65535 in the Bridge Priority field.
Page 706 Using the Web Browser Interface for Basic Configuration Tasks Bridging Table 14-1. Spanning Tree Timers Timer Function Default Range hello time Each forwarding interface periodically 2 seconds 0 to 1,000,000 transmits BPDU hellos. If neighbors miss three hellos from an interface, they assume the connection is down and send out TC BPDU to this effect.
Page 707 Using the Web Browser Interface for Basic Configuration Tasks Bridging If necessary, you can override this setting and manually set the connection type. Select Forced Point-to-Point or Forced Shared from the Link Type Configuration pull-down menu. If you leave this setting at the default Automatically determined, then the Link Type displays the setting used on the interface.
Page 708: Routing
Using the Web Browser Interface for Basic Configuration Tasks Routing Routing The ProCurve Secure Router stores routes in a route table, which it uses to route traffic from one network to another. Each route includes: destination IP address and subnet mask administrative distance—the reliability of the route metric—the cost of reaching the destination next hop address or forwarding interface...
Page 709 Using the Web Browser Interface for Basic Configuration Tasks Routing b. You can alternatively specify the local interface through the router will forward traffic destined to the destination network. Select Interface and choose the forwarding interface from the pull-down menu. This option has several advantages, particularly when you are connecting to an ISP router: –...
Page 710: Configuring A Default Route
Using the Web Browser Interface for Basic Configuration Tasks Routing the same destination (for example, one through a primary connection and one through a backup connection), you should assign the route with lower priority a higher administrative distance. The router will only add the second route if the first route becomes unavailable.
Page 711: Dns Services
Using the Web Browser Interface for Basic Configuration Tasks DNS Services Figure 14-63. Configuring a Default Route DNS Services The ProCurve Secure Router automatically acts as a DNS client. You must, however, specify the address for its DNS server or servers. You can also: add entries to the router’s host table for any local hosts whose addresses the router should be able to resolve on its own enable DNS proxy so that the router can act as a name server for clients...
Page 712 Using the Web Browser Interface for Basic Configuration Tasks DNS Services Enter your network’s domain name in the Domain field. The Enable DNS Lookup box should be checked. If it is not, select it. This allows the router to act as a DNS client, look up its own requests in the local host table, and sent its own DNS requests to an external server.
Page 713: Configuring Dynamic Dns
Using the Web Browser Interface for Basic Configuration Tasks DNS Services Figure 14-65. Configuring the Local Host Table Configure the router’s local host table: In the Add/Modify/Delete DNS Host Entries window, enter a host- name and the corresponding IP address. The host should be in the router’s default domain, so you do not need to include the domain name.
Page 714 Using the Web Browser Interface for Basic Configuration Tasks DNS Services Your customers may need to access devices on your network, such as Web servers, whose addresses are linked to the dynamic public address. However, if this address changes, the hostname stored in DNS servers throughout the Internet will no longer match the device’s actual IP address.
Page 715 Using the Web Browser Interface for Basic Configuration Tasks DNS Services Figure 14-66.Configuring Dynamic DNS in the Configuration Window for an IP Interface Return to the Web browser interface. Click IP Interfaces under Router/Bridge in the left navigation bar. (If you have not yet configured the logical interface for the connection to the Internet, you must do so.
Page 716: Dynamic Host Configuration Protocol
Using the Web Browser Interface for Basic Configuration Tasks Dynamic Host Configuration Protocol Enter the hostname for the device in the Dynamic DNS Hostname box. Enter the username and password you created for your DynDNS account in the Dynamic DNS Username and Dynamic DNS Password boxes. Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) allows hosts, acting as DHCP clients, to receive temporary configurations (such as an IP address, default...
Page 717: Configuring A Dhcp Pool For A Subnet
Using the Web Browser Interface for Basic Configuration Tasks Dynamic Host Configuration Protocol Configuring a DHCP Pool for a Subnet Complete these steps: Under System in the left navigation bar, select DHCP Server. You should exclude all IP addresses permanently assigned to devices (such as routers, switches, and servers).
Page 718 Using the Web Browser Interface for Basic Configuration Tasks Dynamic Host Configuration Protocol Figure 14-68.Required Configurations for a DHCP Pool Click the Required Configuration tab: Under IP Addresses, select Assign IP addresses to all DHCP clients on a subnet and complete the Subnet Address and Subnet Mask fields. b.
Page 719: Assigning A Single Host A Fixed Address
Using the Web Browser Interface for Basic Configuration Tasks Dynamic Host Configuration Protocol Figure 14-69. Optional Configurations for a DHCP Pool Click the Optional Configuration tab to specify optional configurations that the router should send to clients, including: • domain name •...
Page 720: Configuring An Interface As A Dhcp Client
Using the Web Browser Interface for Basic Configuration Tasks Dynamic Host Configuration Protocol Figure 14-70. Assigning a Fixed Address to a Single Host Follow the process outlined in “Configuring a DHCP Pool for a Subnet” on page 14-95. However, in step 7a, select Reserve a fixed address for a single host.
Page 721 Using the Web Browser Interface for Basic Configuration Tasks Dynamic Host Configuration Protocol You can configure the following router interfaces to receive a dynamic address from a service provider or other DHCP server: Ethernet interfaces Frame Relay subinterfaces ATM subinterfaces bridged PPP interfaces You can prevent the router from receiving a default route, DNS server address, or domain name from the external DHCP server, but you must do so from the...
Page 722: Configuring Udp Relay
Using the Web Browser Interface for Basic Configuration Tasks Configuring UDP Relay Configuring UDP Relay You can configure the ProCurve Secure Router to forward packets destined to certain UDP ports to a helper address. For example, your LAN may include a DHCP server in only one of its VLANs.
Page 723 Using the Web Browser Interface for Basic Configuration Tasks Configuring UDP Relay Select the protocol for the packets that you want the router to forward from the UDP Protocol pull-down menu. For example, you could select bootps (67) to configure the router to forward DHCP requests. Click Add.
Page 724 Using the Web Browser Interface for Basic Configuration Tasks Configuring UDP Relay 14-102...
Page 725: Updating The Boot Process
Appendix A: Configuring the Router to Boot from Compact Flash Updating the Boot Process If your router was shipped before July 2005, your router can be updated to boot, by default, from compact flash. Follow these steps: Update the router Boot ROM to version J02_02A.biz or later. Load and boot from the updated Boot ROM file (J02_02A.biz or later).
Page 726 Appendix A: Configuring the Router to Boot from Compact Flash Updating the Boot Process...
Page 727 Appendix B: Glossary Numeric 2B+D 2 Bearer + 1 Data. A method for describing channel designations in ISDN lines. Bearer channels transmit data and voice. Data channels are reserved for signaling information and call control. See also ISDN. 2B1Q 2 Bits 1 Quaternary. A compressed encoding scheme used by BRI ISDN that provides for two bits to be encoded into one quaternary signal.
Page 728 Appendix B: Glossary AAL Asynchronous Transfer Mode (ATM) Adaptation Layer. The AAL is the interface between the higher layer protocols and the ATM layer. When relaying information it receives from the higher layer protocols, the AAL segments the data into ATM cells. When relaying information it receives from the ATM layer, the AAL reassembles the payload into a format the higher layers can understand.
Page 729 Appendix B: Glossary ACP Access Control Policy. An ACP filters the traffic that arrives on an interface, either dropping the traffic selected by an ACL or allowing that traffic to pass. Address and An LCP option that allows peers to compress the address and control fields Control Field in PPP frames and thus minimize overhead.
Page 730 Appendix B: Glossary AH Authentication Header. One of the IPSec protocols that can encapsulate packets sent over a VPN tunnel. AH uses authentication algorithms to ensure the integrity of the packet contents. AH authenticates the entire IPSec packet, including the delivery IP header. See also IPSec. ALG Application Level Gateway.
Page 731 Appendix B: Glossary The host on the network that has this IP address replies with its physical hardware address. Most often used in Ethernet networks using IPv4. For more information about ARP, see RFC 826 (at http://www.ietf.org/rfc/rfc0826.txt). ARPANET Advanced Research Projects Agency NETwork. The world’s first operational packet-switching network composed of mostly educational entities.
Page 732 Appendix B: Glossary BACP Bandwidth Allocation Control Protocol. An NCP in the PPP protocol suite that manages the BAP config option. BACP frames determine which peer will be favored in the event of a simultaneous submission. Because it is an NCP used in establishing a PPP connection, BACP frames must be exchanged before any BAP (LCP) frames are exchanged.
Page 733 Appendix B: Glossary BNC Connectors Bayonet Neill Concelman connectors. Also called British Naval Connector, or Bayonet Nut Connector. A type of connector used with coaxial cables such as the RG-58 A/U cable that is used in 10Base-2 Ethernet systems. The basic BNC connector is a male connector, which is placed at each end of a cable.
Page 734 Appendix B: Glossary CA Certificate Authority. A trusted third-party that verifies the identity of two parties that want to communicate with one another. CAs are responsible for generating, distributing, and revoking digital authentication certificates. Veri- Sign is an example of a CA. CAP Carrierless Amplitude/Phase.
Page 735 Appendix B: Glossary CEPT Conference of European Postal and Telecommunications. A standardizing body. For more information about CEPT, see the CEPT website at http:// www.cept.org. CEPT Hierarchy The signal hierarchy used with E-carrier lines. See also E1-carrier line and E-3 carrier line.
Page 736 Appendix B: Glossary Cipher Text Encrypted data. CIR Committed Information Rate. For Frame Relay networks, the CIR is the bandwidth that the carrier guarantees to be available for a particular PVC under normal circumstances. Typically, the CIR is specified in the Frame Relay SLA.
Page 737 Appendix B: Glossary CPE Customer Premises Equipment. The public carrier access equipment that a customer must purchase and maintain. This equipment is not maintained or owned by the Local Exchange Carrier. Some examples of this equipment are CSU/DSUs, modems and telephones. CRC Cyclic Redundancy Checking.
Page 738 Appendix B: Glossary D4 A superframe format used on T1-carrier lines. The D4 frames consists of 12 193-bit frames combined into a single superframe. DACS Digital Access and Cross-connect System (US). In the United States, a DACS is a telecommunications device used to route T1-carrier lines. A DACS uses D3/D4 framing to cross-connect any T1 DS0 channel (or a complete T1-carrier line) in the system with any other T1 DS0 channel or line also in the system.
Page 739 Appendix B: Glossary D-sub 9 female D-sub 9 male D-sub 9 connector DB-25 A 25-pin D-shaped serial connector. This connector is often used with printer serial cables and serial connections. DB-25 male DB-25 female DB-25 connector DCE Data Communications Equipment. A device that communicates with a DTE device.
Page 740 Appendix B: Glossary Demarc Point of demarcation. The point at which the public carrier’s network ends and the subscriber’s local network begins. DES Data Encryption Standard. DES is a published encryption algorithm that uses a 56-bit symmetric key to encrypt data in 64-bit blocks. IPSec, the industry standard for VPNs, supports 3DES.
Page 741 Appendix B: Glossary DLCI Data Link Connection Identifier. In a Frame Relay network, the DLCI is a 10- bit field within the address field that specifies the PVC path that a particular frame takes. DLCIs have only local significance; the value is changed at each switch.
Page 742 Appendix B: Glossary DSCP Differentiated Services Code Point. Six bits in the DiffServ header that can be set with values that define up to 63 traffic classes. For more information about DSCP values and usage, see RFC 2983 (at http://www.ietf.org/rfc/rfc2983.txt). See also DiffServ.
Page 743 Appendix B: Glossary Table 2-2. Digital Signal X (DSX) hierarchy Physical DSX interface DSO multiple T1 multiple Transmission carrier rate — — — 64 Kbps DSX-1 — 1.544 Mbps DSX-2 6.312 Mbps DSX-3 44.736 Mbps DSX-4 4032 274.176 Mbps DSX-5 8064 560.160 Mbps DSX-1 Digital Signal X-1.
Page 744 Appendix B: Glossary DWDM is also sometimes called Wave Division Multiplexing (WDM). For information about IP over optical networks, see RFC 3717 (at http:// www.ietf.org/rfc/rfc3717.txt). E0 The base bandwidth multiple of E-carrier systems. E0 channels can transmit at up to 64 Kbps. E1-carrier line Provides a dedicated WAN connection.
Page 745 Appendix B: Glossary to send WAN traffic, BGP replaced it as the routing protocol for the Internet. For more information about EGP, see RFC 827 (at http://www.ietf.org/rfc/ rfc0827.txt). See also BGP. EIR Excess Information Rate. In a Frame Relay network, the EIR is the bandwidth, in excess of the CIR, that the carrier attempts to deliver when the virtual circuit is not congested.
Page 746 Appendix B: Glossary FECN Forward Explicit Congestion Notification. The DTE sending data can set this bit to indicate that the network is experiencing congestion and the destination DTE should stop sending so many requests for data. See also Frame Relay and BECN.
Page 747 Appendix B: Glossary Frame A packet of information that has been encapsulated by a Data Link Layer protocol. Each Data Link Layer protocol defines a frame header, which includes the information that the receiver needs to process the frame and recover the data in the encapsulated packet.
Page 748 Appendix B: Glossary FTTC Fiber-To-The-Curb. Refers to the installation of fiber optic cable directly to the curbs near homes or businesses. Fiber optic cable, which provides much greater transmission speeds than copper wiring, is already used for much of the POTS long-distance infrastructure. By decreasing the time it takes data to travel from a customer to the customer’s provider, FTTC would greatly increase individual users’...
Page 749 Appendix B: Glossary eliminating bottlenecks in topologies with data rate mismatches. GTS is supported by Data Link Layer protocols like Ethernet, SMDS, and Frame Relay. GTS uses WFQ as the method for shaping the traffic. See also WFQ and QoS. GUI Graphical User Interface.
Page 750 Appendix B: Glossary HFC Hybrid Fiber Coax. A telecommunication technology in which fiber optic cable and coaxial cable are used in different portions of a network to carry broadband content (such as video, data, and voice). The service provider installs fiber optic cable from their distribution center to serving nodes located close to business and residential users.
Page 751 Appendix B: Glossary IDEA International Data Encryption Algorithm. A symmetric encryption algorithm supported by IPSec. IDEA, which is a block cipher, is a fast 3DES equivalent. IDSL ISDN DSL. A ISDN DSL service that uses 2B1Q but unlike traditional ISDN is always on.
Page 752 Appendix B: Glossary IP Internet Protocol. A Network Layer (Layer 3) protocol that controls how packets of data are addressed and routed from one device to another. IP is the network protocol used on the Internet, as well as in many private networks. Each host on the Internet has at least one IP address that uniquely identifies it.
Page 753 Appendix B: Glossary IPX Internetwork Packet eXchange. A Layer 3 networking protocol used in Novell NetWare operating system environments. Like UDP/IP, IPX is a datagram protocol used for routing packets in connectionless communications. For more information on IPX use in Ethernet networks, see RFC 1132 (at http:// www.ietf.org/rfc/rfc1132.txt).
Page 754 Appendix B: Glossary Japanese A digital signal hierarchy used in Japan for voice transmission. A J0 line is Hierarchy defines a one channel. The Japanese hierarchy closely matches the T-carrier system. Table 2-3. Japanese digital signal hierarchy Physical J0 multiple J1 multiple Transmission carrier...
Page 755 Appendix B: Glossary LAN Local Area Network. A group of computers and associated devices within a small geographic area that share a common communications line. The com- puters also often the resources of a single server or set of servers. LAPD Link Access Procedure for D-channel.
Page 756 Appendix B: Glossary Line The hardware that connects two devices. Materials for lines include fiber optic, coaxial, and phone-grade twisted pair cables. LLC/SNAP Logical Link Control/Subnetwork Access Protocol. An 8-byte packet encap- sulation header added by the WAN router to outgoing Ethernet or ATM traffic. The LLC/SNAP header enables devices in a connectionless network to send frames to the devices that can switch them to their destination.
Page 757 Appendix B: Glossary LSA Link-state advertisement (LSA). Packet sent by an OSPF router advertising its connections to a network or to another router. OSPF routers use LSAs to generate an OSPF database with the topology of the entire OSPF network. See also OSPF.
Page 758 Appendix B: Glossary MD5 Message Digest 5. A hash algorithm used to create digital signatures. MD5 is a one-way hash function, which transforms and condenses data into a fixed string of digits called a message digest. A variety of protocols, including AH and ESP, use MD5 to check a message’s data integrity as well as authenticate the sender.
Page 759 Appendix B: Glossary MPLS Multiprotocol Label Switching. A process that allows packets to be routed according to their pre-defined labels instead of according to their IP addresses and routing protocol table entries. Incoming packets are assigned a label by a label edge router (LER). Packets are forwarded along a label switch path (LSP), on which each label switch router (LSR) makes forwarding decisions based solely on the contents of the label.
Page 760 Appendix B: Glossary Multiplexing Combining and transmitting multiple signals over a single channel. Also known as “muxing.” The most important type of multiplexing for data transfer is time-division multiplexing (TDM), which is used with digital signals. See also TDM. Multiplexer Also known as a MUX. A communications device that multiplexes (combines) signals from multiple sources for transmission over a single medium.
Page 761 Appendix B: Glossary testing is required for vendors who wish to sell equipment to the Regional Bell Operating Companies (RBOCs) and the Competitive Local Exchange Carriers (CLECs). Level 3 testing is the most stringent level of testing. Network A generic term describing computers that are interconnected and can com- municate with each other.
Page 762 Appendix B: Glossary NT1 Network Termination 1. A device at the physical and electrical termination of the ISDN line. The NT1 monitors the line, maintains timing, and provides power to the ISDN line. This device is purchased and maintained by the subscriber.
Page 763 Appendix B: Glossary large systems, the operating system ensures that different programs and users running at the same time do not interfere with each other. The operating system is also responsible for security, ensuring that unauthorized users do not access the system. OSI Open Systems Interconnection.
Page 764 Appendix B: Glossary Packet A block of data encapsulated within one or more protocol headers. These headers provide information about the packet’s application and about how the packet is to be handled and routed as it travels through the network. A packet that has been encapsulated within a Data Link Layer protocol is called a frame or a cell (ATM).
Page 765 Appendix B: Glossary PDP Policy Decision Point. In QoS-managed systems, a PDP is a server that makes policy decisions. This server has global knowledge of network policies and is consulted by the network devices (like routers) that enforce the policies. PEM Format Privacy-Enhanced Mail Format.
Page 766 Appendix B: Glossary PON Passive Optical Network. A system that brings optical fiber cabling and signals all or most of the way to the end user using passive equipment, which saves power and cost. Depending on where the PON terminates, the system can be described as Fiber-To-The-Curb (FTTC), Fiber-To-The-Building (FTTB), or Fiber-To-The-Home (FTTH).
Page 767 Appendix B: Glossary Presentation Layer 6 of the OSI model. This layer is responsible for the delivery and Layer formatting of information to the Application Layer for further processing or display. This layer deals with issues such as how strings are represented. It also formats and encrypts data to be sent across a network, providing freedom from compatibility problems.
Page 768 Appendix B: Glossary QoS Quality of Service. The “quality” of the packet forwarding service provided to a packet. A value set in the packet’s ToS field can request a specific level of QoS. QoS mechanisms regulate and manage traffic across a WAN link to lower latency for high-priority packets and to increase the quality and speed of data transmissions.
Page 769 Appendix B: Glossary companies owned at least two Bell operating companies. The BOCs were given the right to provide local phone service while AT&T was allowed to retain its long distance service. The RBOCs and their constituent BOCs are LECs. RBS Robbed-Bit Signaling.
Page 770 Appendix B: Glossary RIP Routing Information Protocol. A routing protocol that manages routing infor- mation within a self-contained network such as a LAN or an interconnected group of LANs. RIP is an older routing protocol, best suited for smaller networks, that selects best routes based on lowest hop count. For more information on RIP, see RFC 2453 (at http://www.ietf.org/rfc/rfc2453.txt).
Page 771 Appendix B: Glossary RJ-45 connector—uses two twisted pairs T=tip, R=ring, P=pair TX1, transmit positive TX2, transmit negative RX1, receive positive — — RX2, receive negative — — WAN/LAN connector RJ-48C Registered Jack 48C. A miniature 8-position keyed jack/connector used with cable having four twisted-pairs.
Page 772 Appendix B: Glossary Router A device that forwards data packets from one network to another. A router connects at least two different networks. A WAN router often connects LANs to WANs or to an ISP. A router uses a packet’s Layer 3 header to determine the route over which it should send it.
Page 773 Appendix B: Glossary Figure 2-2. SC connector SCEP Simple Certificate Enrollment Protocol. A Cisco protocol that, used with LDAP, streamlines the process of acquiring a certificate from a CA. SCEP allows network devices to be issued certificates automatically in a scalable manner.
Page 774 Appendix B: Glossary SHDSL Symmetric High Bit Rate DSL. SHDSL provides a guaranteed level of high symmetric bandwidth and low interference with other telecommunications services. SHDSL is a single-wire HDSL and is also called G.SHDSL. SHDSL provides a higher transmission speed than HDSL2 or SDSL over longer dis- tances.
Page 775 Appendix B: Glossary SNACP SNA Control Protocol. An NCP in the PPP protocol suite that is used to establish a point-to-point connection between hosts sending SNA packets. For more information on SNACP, see RFC 2043 (at http://www.ietf.org/rfc/rfc2043.txt). SNMP Simple Network Management Protocol. An Application Layer protocol that supports the exchange of management information between network devices.
Page 776 Appendix B: Glossary SPID Service Profile IDentifications. A unique identifier used to identify a particular ISDN line and the service and features that line provides. The SPID is generally a 10+ digit number that includes the LDN. Splitter A splitter electronically isolates the lower frequencies of the telephone signal from the higher frequencies of the DSL signals.
Page 777 Appendix B: Glossary to detect suspicious activity and to drop packets prohibited by an organization’s policies. Many network security experts recommend stateful- inspection as the most trusted firewall technology. S/T Interface A common way of referring to either S or T Interfaces, which are often combined in ISDN connections.
Page 778 Appendix B: Glossary T-interface Connects the NT1 to the NT2 in an ISDN network. The T-interface is a four- wire/two twisted pair connection. Outside North America, the T-interface is the first interface at the subscriber’s premises. T1-carrier line A carrier-line that carries speech or data at the DS-1 rate. T1 lines operate with 24 DS0 channels of 64 Kbps each for a total of 1.544 Mbps bandwidth.
Page 779 Appendix B: Glossary Telnet TELephone NETwork. A TCP/IP protocol/program. The purpose of the Telnet Protocol is to provide a fairly general, bi-directional, 8-bit byte-oriented com- munications facility. It is typically used to provide user-oriented command line login sessions between hosts on the Internet. The name “Telnet” came about because the protocol was designed to emulate a single terminal attached to the other computer.
Page 780 Appendix B: Glossary UBR Unspecified Bit Rate. An ATM bandwidth-allocation service that does not guarantee any throughput levels and uses only available bandwidth. UBR is often used when transmitting data that can tolerate delays. U-interface In an ISDN connection, the U-interface is the connection between the local loop and NT1.
Page 781 Appendix B: Glossary VCI Virtual Channel Identifier. A 16-bit field in an ATM cell’s header that identifies the cell’s next destination. The VCI is similar to the DLCI in a Frame Relay network. VDSL Very high bit rate DSL. VDSL runs on fiber optic, providing extremely high- speed WAN connections.
Page 782 Appendix B: Glossary WFQ Weighted Fair Queue. A queuing mechanism where the administrator is able to create multiple queues for different traffic classes and assign a “weight” value to each queue in proportion to its traffic priority level. See also QoS. Wildcard Bits Wildcard bits use reverse logic to allow the user to specify bits within an IP address that must match (0) and that do not need to match (1).
Page 783 Appendix B: Glossary Fastforward Networks. Multimedia Terms (Handbook for MultiMediaCom 2000) IETF RFCs at http://www.ietf.org/ Inclusive.com at http://www.inclusive.com/mmr/prodtypes/pbx.htm/ Intelligent Network 2000: Comprehensive Report International Engineering Consortium. Digital Subscriber Line 2000: Compre- hensive Report. Iona.com at http://www.iona.com/support/docs/manuals/orbix/ 33/html/ orbixsslcxx33_pguide/Validating_Certificates_C++.html/ Javvin.com at http://www.javvin.com/protocolAAL.html/ mpirical.com at http://www.mpirical.com/ The MPLS Resource Center at http://mplsrc.com/ msdn.microsoft.com/...
Page 784 Appendix B: Glossary B-58...
Page 785 Master Index B = Basic Management and Configuration Guide ABM … B:6-39 access control A = Advanced Management and Configuration Guide AAA subsystem … B:2-14 ACLs and ACPs … A:5-4 Numerics management access to router … B:2-4 access policy sessions 100Base-T cable …...
Page 786 for VPN traffic viewing … A:5-49 applying to crypto map … A:8-38, A:8-45 active sessions … A:5-52 configuring … A:8-35 for NAT … A:6-16 matching an outgoing packet … A:8-22 statistics … A:5-53, A:6-18 restricting traffic … A:8-36 administrative distance troubleshooting …...
Page 787 ADSL module ATM interface ADSL2+ Annex A … B:7-11 activating … B:7-17 ADSL2+ Annex B … B:7-11 binding to ADSL interface … B:7-27 supported standards … B:7-11 configuring through Web browser AF … A:7-22 interface … B:14-63 DiffServ values … A:7-22 creating …...
Page 788 AutoSynch™ … B:1-34 local AS … B:13-73 configuring with Web browser interface … B:14-5, advertising external traffic … B:13-170 A:14-5 viewing … B:13-167 enabling … B:1-60, A:1-19 messages … B:13-68 troubleshooting … B:1-70 multihoming … B:13-67, B:13-82 troubleshooting … B:13-172 neighbor …...
Page 789 multiple carrier lines to Frame Relay LDN for BRI S/T module … B:8-43 interface … A:2-10 line maintenance … B:8-75 multiple carrier lines to PPP interface … A:2-6 See also BRI backup interface physical interface to Frame Relay signaling (switch) type … B:8-41 interface …...
Page 790 UTP ribbon … B:7-12 CIDR V.35 … B:5-9 DHCP pool … B:13-8, B:13-9 X.21 … B:5-10 IP address for ATM subinterface … B:7-21 call IP address for Frame Relay subinterface … B:6-29 ISDN, setup process … B:8-12 IP address for HDLC interface … B:6-42 caller ID IP address for PPP interface …...
Page 791 commands console basic mode … B:1-39 configuring password through Web browser clear commands … B:1-39, B:1-44 interface … B:14-23 clear event-history … A:4-25 establishing a terminal session with … A:1-9 clock … B:1-45 file transfer with … B:1-76 configure … B:1-46 password for …...
Page 792 default route configuring … B:11-17 D channel receiving from a DHCP server … B:13-24 ISDN … B:8-4 with dynamic routing … B:11-18 LAPD transmitted over … B:8-10 with OSPF … B:13-35, B:13-51 D4 frame format … B:4-16 demand interface data communications equipment … B:6-21 ACL for interesting traffic …...
Page 793 primary ISDN modules … B:8-16 default gateway … B:13-9 configuration steps … B:8-18 example configuration … B:13-14 connection instructions … B:8-30 lease time … B:13-10 example … B:8-53 multiple … B:13-8 initiating … B:8-26 network address … B:13-8 ISDN groups … B:8-44 parent …...
Page 794 Digital Subscriber Line DSX-1 module See DSL physical connection … B:9-13 Discard Eligible Bit … B:6-35 supported standards … B:9-3 DLCI … B:6-22 G.703 interface assigning to Frame Relay subinterface … B:6-28 assigning channels to E1 interface … B:9-5 DNS … B:12-8 setting clock source on E1 interface …...
Page 795 duplex setting E1-carrier line for Ethernet interface … B:3-10 2.048 Mbps bandwidth … B:4-3 dynamic DNS … B:12-15, B:13-25 32 channels … B:4-12 activating the client … B:12-16, B:12-17 analog voice on … B:4-3 configuration tasks … B:12-16 elements of … B:4-3 overview …...
Page 796 manually defining key for … A:8-67, A:8-68 specifying algorithm for … A:8-41, A:8-65 fair queuing with NAT-T … A:8-32 See WFQ without encryption … A:8-42 fast caching … B:11-12, B:11-22, A:7-10 et-clock setting … B:5-13 disabled … B:11-23 Ethernet frame disabled with PBR …...
Page 797 IP header … A:7-6, A:7-19, A:7-22, A:7-34 Frame Relay fragmentation … A:7-12, A:7-34, A:7-51, RTP compression … A:7-34 A:7-54 LAPD … B:8-10 configuring … A:7-64 LLDP … A:12-3 fragment size … A:7-54 MLFR packet header size … A:7-34 flag … A:7-34 Frame Relay interface header …...
Page 798 FTP server tunneling … A:9-5 enabling through the Web browser advantages and disadvantages of … A:9-3 interface … B:14-15, A:14-15 multicasts … A:9-9 full-duplex routing updates … A:9-8 Ethernet interface settings … B:3-11 VPN overlay … A:8-13 G.703 interface H.323 … A:7-35, A:7-58, A:7-62 accessing …...
Page 799 hostname report … A:10-6 adding to local table … B:12-9 show commands … A:10-20 definition … B:12-3 troubleshooting … A:10-19 interface … B:12-16, B:13-24 upstream interface … A:10-12, A:10-15 LLDP message, in … A:12-4 version … A:10-7, A:10-13, A:10-21 preventing LLDP advertisement of … A:12-13 setting router hostname …...
Page 800 IKE policy T, for ISDN … B:8-8, A:3-9 compatibility with peer … A:8-80 T1 … B:4-10, B:9-14 configuring … A:8-23, A:8-24 DSX-1 … B:9-16 default … A:8-26 tunnel … A:9-4, A:9-13 example configuration … A:8-29, A:8-30 filtering traffic … A:9-11 for multiple peers …...
Page 801 VPN peer’s, specifying … A:8-24 security parameters WFQ … A:7-11, A:7-14 compatibility with peer … A:8-82 IP precedence … A:7-5, A:7-6, A:7-7, A:7-37 configuring … A:8-40 CBWFQ value … A:7-7, A:7-21 configuring in crypto map … A:8-44, A:8-45 LLQ priority … A:7-7 configuring in transform set …...
Page 802 timers setting … A:12-14 viewing … A:12-11 definition of … A:8-6 LLQ … A:7-6, A:7-11, A:7-31 manually specifying for VPN tunnel … A:8-68 bandwidth guarantee … A:7-41, A:7-42 bridged traffic … A:7-40 CBWFQ … A:7-20, A:7-30 IP header value … A:7-38 RTP …...
Page 803 logical interface configuring … A:2-3 ATM … B:7-17 configuring with Web browser interface … A:14-18 demand interface … B:8-23, A:3-20 enabling … A:2-6 for persistent backup connection … A:3-54 example of, with demand routing … B:8-52 Frame Relay … B:6-19 for demand interface …...
Page 804 routing table, in … B:11-9 tunnel keys … A:9-14 named list multicast routing table accounting … B:2-25 (*, G) entry … A:11-7, A:11-8, A:11-49 authentication … B:2-18 (S, G) entry … A:11-8, A:11-11, A:11-13, A:11-49 authorization … B:2-23 flags … A:11-49, A:11-50, A:11-52 RP-bit …...
Page 805 LSA … B:13-30, B:13-34 intervals for … B:13-58 types … B:13-33, B:13-34, B:13-35 debug commands for … B:7-49 multicast routing, with … A:11-28 settings … B:7-26 network backbone or area 0 … B:13-33, B:13-43 office channel unit overview … B:13-29 carrier line …...
Page 806 Password Authentication Protocol join/prunes … A:11-18, A:11-19, A:11-61 See PAP periodic … A:11-24, A:11-38 triggered … A:11-22, A:11-23 monitoring … A:11-48, A:11-54, A:11-55, A:11-56, with NAT … A:6-3 A:11-61 PBR … B:13-123 multi-access networks, special considerations applying route map to router traffic … B:13-142 with …...
Page 807 port translation … A:6-14 PPPoA … B:7-11 port-mapping table … A:6-3 binding ATM subinterface to PPP POTS interface … B:7-38 and ADSL … B:7-9 configuring … B:7-37 power source, redundant … B:1-29 IP address … B:7-37 PPP interface for … B:7-37 authentication for demand interface …...
Page 808 match command … A:7-70 dscp … A:7-45, A:7-61 Q.931 … B:8-11 ip rtp … A:7-38, A:7-47, A:7-61 list … A:7-40, A:7-46, A:7-63, A:7-70 CBWFQ … A:7-11, A:7-18 precedence … A:7-45 configuration wizard … A:14-47 protocol bridge … A:7-25, A:7-41, A:7-48, configuring with Web browser interface …...
Page 809 reload command … A:5-37 deleting communities from … B:13-103 reload in command … B:1-72 entry in … B:13-87 rendezvous point filtering inbound routes … B:13-100 See RP filtering routes repeater … B:5-6 AS path … B:13-93 carrier line … B:4-6 community …...
Page 810 OSPF … B:13-157 SAPI … B:8-10 viewing … B:11-23, B:11-24, B:13-146, B:13-147 saving changes … B:1-56 with routing protocols … B:13-7 SCEP … A:8-56, A:8-57 routing, dynamic routing secure copy server See RIP, OSPF, and BGP enabling … B:2-13 RP … A:11-3, A:11-6 secure router operating system RP set …...
Page 811 troubleshooting … B:5-17 LLDP neighbors … A:12-6, A:12-7 problem with line going down … B:5-21 LLDP neighbors, real time … A:12-7 solutions to problems … B:5-19 LLDP timers … A:12-11 txclock, inverting … B:5-13 logical interfaces … B:6-53 viewing configuration of … B:5-16 persistent backup …...
Page 812 for E1 interfaces … B:4-11 for Ethernet interfaces … B:3-3 configuring password through Web browser for serial interface … B:5-12 interface … B:14-19, B:14-24 for T1 interfaces … B:4-11 lines … B:2-12 smart jack … B:4-5 local user list … B:2-10 for ISDN …...
Page 813 TACACS+ server accounting … B:2-25 T interface … B:8-8, A:3-9 authentication … B:2-18 T1 + DSX-1 authorization … B:2-23 See DSX-1 interface and drop-and-insert clear statistics … B:2-38 module … B:9-13 defining … B:2-31 T1 interface global settings … B:2-34 activating …...
Page 814 timers bridging … B:10-10 LLDP CHAP … B:6-64 setting … A:12-14 compact flash performance … B:1-70 viewing … A:12-11 debug commands … B:1-49 ToS … A:7-5, A:7-6, A:7-7, A:7-37 debug isdn commands … B:8-72, A:3-81 assured forwarding … A:7-9 demand routing … B:8-68, A:3-79 bits …...
Page 815 key … A:9-7 VLAN multicast … A:10-15 DHCP scopes … B:13-5, B:13-15, B:13-16 See also VPN tunnel enabling support for … B:3-17 source … A:9-4, A:9-5 ID for Ethernet subinterface … B:3-18 troubleshooting … A:9-13 IP address for Ethernet subinterface … B:3-19 Twinge attack …...
Page 816 troubleshooting … A:8-73 DSX-1 interface … B:14-74 comparing policies … A:8-80, A:8-84 E1 interface … B:14-39 debugging IKE … A:8-82 enable mode password … B:14-21 permitting all traffic … A:8-75 enabling access to … A:14-4 returning policies to defaults … A:8-86 enabling IP services …...
Page 817 WINS server DHCP pool, in … B:13-11 in IKE mode config pool … A:8-48 wizard QoS … A:14-47 X.21 cable … B:5-10 Xauth host configuration tasks … A:8-53 generic authentication … A:8-53 OTP authentication … A:8-54 RADIUS authentication … A:8-53 server configuration tasks …...

This manual is also suitable for:

Procurve 7102dl series Procurve 7103dl series

HP ProCurve Secure 7000dl Series Basic Management And Configuration Manual

Table of Contents

9 Configuring the E1 + G.703 and T1 + Dsx-1 Modules

A Appendix A: Configuring the Router to Boot from Compact Flash

2 Controlling Management Access to the Procurve Secure Router

3 Configuring Ethernet Interfaces

4 Configuring E1 and T1 Interfaces

5 Configuring Serial Interfaces for E1- and T1-Carrier Lines

6 Configuring the Data Link Layer Protocol for E1, T1, and Serial Interfaces

Quick Links

ProCurve Secure Router

Chapters

Troubleshooting

Related Manuals for HP ProCurve Secure 7000dl Series

Summary of Contents for HP ProCurve Secure 7000dl Series