SmartSwitch Router User Reference Manual 9032578-02
Notice 2 SSR User Reference Manual
Notice Notice Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.
Notice VCCI Notice This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions.
Notice DECLARATION OF CONFORMITY ADDENDUM Application of Council Directive(s): Manufacturer’s Name: Manufacturer’s Address: European Representative Name: European Representative Address: Conformance to Directive(s)/Product Standards: Equipment Type/Environment: 89/336/EEC 73/23/EEC Cabletron Systems, Inc. 35 Industrial Way PO Box 5005 Rochester, NH 03867 Mr. J.
Notice 6 SSR User Reference Manual
Contents Preface ..................................................................................................... 15 About This Manual .............................................................................................................. ..15 Who Should Read This Manual? .........................................................................................15 How to Use This Manual ......................................................................................................
Contents Port-based VLANs .................................................................................................. 35 MAC-address-based VLANs................................................................................. 35 Protocol-based VLANs........................................................................................... 35 Subnet-based VLANs ............................................................................................. 35 Multicast-based VLANs.......................
Contents Assigning IP/IPX Interfaces..........................................................................................51 Chapter 4: RIP Configuration Guide ...................................................... 53 RIP Overview..........................................................................................................................53 Configure RIP .........................................................................................................................
Contents Notes on Using Communities ............................................................................... 97 Local_Pref Attribute Example ...................................................................................... 97 Notes on Using the Local_Pref Attribute ............................................................ 99 Multi-Exit Discriminator Attribute Example ............................................................. 99 EBGP Aggregation Example.....................................
Contents Creating an Aggregate Destination............................................................................126 Creating an Aggregate Source ....................................................................................126 Examples of Import Policies........................................................................................126 Example 1: Importing from RIP...........................................................................
Contents IPX Addresses............................................................................................................... 153 Configuring IPX Interfaces and Parameters.................................................................... 154 Configure IPX Addresses to Ports ............................................................................. 154 Configure IPX Interfaces for a VLAN .......................................................................
Contents Configure ACL ..............................................................................................................176 Defining an IP ACL ...............................................................................................176 Defining an IPX ACL.............................................................................................177 Applying an ACL to an Interface ........................................................................177 Applying an ACL to a Service ...
Contents Configuration for Router R2................................................................................ 197 Symmetrical Configuration ........................................................................................ 197 Configuration of Router R1 ................................................................................. 198 Configuration of Router R2 ................................................................................. 199 Multi-Backup Configuration ..................
Preface About This Manual This manual provides detailed information and procedures for configuring the SmartSwitch Router SSR software. If you have not yet installed the SSR, use the instructions in the SmartSwitch Router Getting Started Guide to install the chassis and perform basic setup tasks, then return to this manual for more detailed configuration information. Who Should Read This Manual? Read this manual if you are a network administrator responsible for configuring and monitoring the SSR.
Preface How to Use This Manual If You Want To See Read overview information Chapter 1 on page 17 Configure bridging Chapter 2 on page 33 Configure IP interfaces and global routing parameters Chapter 3 on page 45 Configure RIP routing Chapter 4 on page 53 Configure OSPF routing Chapter 5 on page 59 Configure BGP routing Chapter 6 on page 71 Configure routing policies Chapter 7 on page 107 Configure IP multicast routing Chapter 8 on page 143 Configure IPX routing Chapter 9 on page 151 Con
Chapter 1 SmartSwitch Router Product Overview The SmartSwitch Router (SSR) provides non-blocking, wire-speed Layer-2 (switching), Layer-3 (routing) and Layer-4 (application) switching. The hardware provides wire-speed performance regardless of the performance monitoring, filtering, and Quality of Service (QoS) features enabled by the software. You do not need to accept performance compromises to run QoS or access control lists (ACLs).
Chapter 1: SmartSwitch Router Product Overview The following table lists the basic hardware and software specifications for the SSR: Table 1.
Chapter 1: SmartSwitch Router Product Overview Table 1.
Chapter 1: SmartSwitch Router Product Overview – Service Advertising Protocol (SAP) Chapter 9: “IPX Routing Configuration Guide” on page 151 describes these protocols in detail. Configuring the Cabletron SmartSwitch Router The SSR provides a command line interface (CLI) that allows you to configure and manage the SSR. The CLI has several command modes, each of which provides a group of related commands that you can use to configure the SSR and display its status.
Chapter 1: SmartSwitch Router Product Overview Table 2. Common CLI key commands (continued) Key Sequence Command Ctrl+F Move cursor forward one character Ctrl+N Scroll to next command in command history (use the cli show history command to display the history) Ctrl+P Scroll to previous command in command history Ctrl+U Erase entire line Ctrl+X Erase from cursor to end of line Ctrl+Z Exit current access mode to previous access mode Access Modes The SSR CLI has four access modes.
Chapter 1: SmartSwitch Router Product Overview User Mode After you log in to the SSR, you are automatically in User mode. The User commands available are a subset of those available in Enable mode. In general, the User commands allow you to display basic information and use basic utilities such as ping information. To list the User commands, enter: List the User commands.
Chapter 1: SmartSwitch Router Product Overview To list the Enable commands, enter: List the Enable commands.
Chapter 1: SmartSwitch Router Product Overview To exit Enable mode and return to User mode, use one of the following commands: Exit Enable mode. exit Ctrl+Z Configure Mode Configure mode provides the capabilities to configure all features and functions on the SSR. You can configure features and functions within Configure mode including router configuration, access control lists and spanning tree. To list the Configure commands, enter: List the Configure commands.
Chapter 1: SmartSwitch Router Product Overview tacacs vlan - Configure TACACS related parameters - Configure VLAN-related parameters Special configuration mode commands: erase - Erase configuration information negate - Negate a command or a group of commands using line numbers no - Negate matching commands save - Save configuration information search - Look up a command in configuration show - Show configuration commands To exit Configure mode and return to Enable mode, use one of the following commands
Chapter 1: SmartSwitch Router Product Overview SSR boots, the boot image is executed first, followed by the system image and finishing with a configuration file. Boot and System Image Only one boot image exists on the internal flash of the SSR Control Module. Multiple system images can be stored on the external PC flash.
Chapter 1: SmartSwitch Router Product Overview Note: In this example, the location “pc-flash” indicates that the SSR is set to use the factory-installed software on the flash card. 2. Copy the software upgrade you want to install onto a TFTP server that the SSR can access. (Use the ping command to verify that the SSR can reach the TFTP server.) 3. Use the system image add command to copy the software upgrade onto the PCMCIA flash card in the Control Module.
Chapter 1: SmartSwitch Router Product Overview Here is an example: ctron-ssr-1# system show version Software Information Software Version : 1.0 Copyright : Copyright (c) 1996-1998 Cabletron Systems, Inc. Image Information : Version 1.0.B.13, built on Wed Mar 25 22:49:07 1998 Image Boot Location: file:/pc-flash/boot/ssr8/ Boot Prom Version : prom-1.0 In this example, the location “pc-flash” indicates that the SSR is set to use the factoryinstalled software on the flash card. 2.
Chapter 1: SmartSwitch Router Product Overview 4. The CLI displays the following message: Do you want to make the changes Active? [y] 5. Enter yes or y to activate the changes. Note: If you exit Configure mode (by entering the exit command or pressing Ctrl+Z), the CLI will ask you whether you want to make the changes in the scratchpad active.
Chapter 1: SmartSwitch Router Product Overview Set SSR Name The SSR name is set to ssr by default. You may customize the name for the SSR by entering the following command in Configure mode:. Set the SSR name. system set name Set SSR Date and Time The SSR system time can keep track of time as entered by the user or via NTP. To configure the SSR date and time manually, enter the following command in Enable mode: Set SSR date and time.
Chapter 1: SmartSwitch Router Product Overview Configure SNMP Services The SSR accepts SNMP sets and gets from an SNMP manager. You can configure SSR SNMP parameters including community strings and trap server target addresses. To configure the SSR SNMP community string, enter the following command in Configure mode: Configure the SNMP community string.
Chapter 1: SmartSwitch Router Product Overview Task 32 Command Show the SNMP community strings. snmp show community Show SNMP related statistics. snmp show statistics Show trap target related configuration. snmp show trap Show the active configuration of the system. system show active-config Show the contents of the boot log file, which contains all the system messages generated during bootup. system show bootlog Show the most recent Syslog messages kept in the local syslog message buffer.
Chapter 2 Bridging Configuration Guide Bridging Overview The SmartSwitch Router provides the following bridging functions: • Complies with the IEEE 802.
Chapter 2: Bridging Configuration Guide Note: WAN interfaces on the SSR do not currently support Spanning Tree operations. However, future implementations of WAN for the SSR family of routers will support Spanning Tree.
Chapter 2: Bridging Configuration Guide • MAC address based • Protocol based • Subnet based • Multicast based • Policy based Detailed information about these types of VLANs is beyond the scope of this manual. Each type of VLAN is briefly explained in the following subsections. Port-based VLANs Ports of L2 devices (switches, bridges) are assigned to VLANs. Any traffic received by a port is classified as belonging to the VLAN to which the port belongs.
Chapter 2: Bridging Configuration Guide Multicast-based VLANs Multicast-based VLANs are created dynamically for multicast groups. Typically, each multicast group corresponds to a different VLAN. This ensures that multicast frames are received only by those ports that are connected to members of the appropriate multicast group. Policy-based VLANs Policy-based VLANs are the most general definition of VLANs.
Chapter 2: Bridging Configuration Guide the SSR as a result of creating L3 interfaces for IP and/or IPX. However, these implicit VLANs do not need to be created or configured manually. The implicit VLANs created by the SSR are subnet-based VLANs. Most commonly, an SSR is used as a combined switch and router. For example, it may be connected to two subnets S1 and S2. Ports 1-8 belong to S1 and ports 9-16 belong to S2.
Chapter 2: Bridging Configuration Guide For example, if port 1 belongs to VLAN IPX_VLAN for IPX, VLAN IP_VLAN for IP and VLAN OTHER_VLAN for any other protocol, then an IP frame received by port 1 is classified as belonging to VLAN IP_VLAN. Trunk ports (802.1Q) are usually used to connect one VLAN-aware switch to another. They carry traffic belonging to several VLANs. For example, suppose that SSR A and B are both configured with VLANs V1 and V2.
Chapter 2: Bridging Configuration Guide SSR A B C The corresponding bridge tables for address-based and flow-based bridging are shown below. As shown, the bridge table contains more information on the traffic patterns when flow-based bridging enabled compared to address-based bridging.
Chapter 2: Bridging Configuration Guide Note: If you are running spanning tree on one or more VLANs, you must enable spanning tree on all ports belonging to each VLAN. Enable spanning tree on one or more ports. stp enable port Adjust Spanning-Tree Parameters You may need to adjust certain spanning-tree parameters if the default values are not suitable for your bridge configuration.
Chapter 2: Bridging Configuration Guide To set an interface priority, enter the following command in Configure mode: Establish a priority for a specified interface. stp set port priority Assign Port Costs Each interface has a port cost associated with it. By convention, the port cost is 1000/data rate of the attached LAN, in Mbps. You can set different port costs. To assign port costs, enter the following command in Configure mode: Set a different port cost other than the defaults.
Chapter 2: Bridging Configuration Guide Define the Maximum Age If a bridge does not hear BPDUs from the root bridge within a specified interval, it assumes that the network has changed and recomputes the spanning-tree topology. To change the default interval setting, enter the following command in Configure mode: Change the amount of time a bridge will wait to hear BPDUs from the root bridge.
Chapter 2: Bridging Configuration Guide Configure Bridging for Non-IP/IPX Protocols By default, all non-routable protocols (AppleTalk and DECnet) are bridged within the SSR. All physical ports containing non-routable protocols should be assigned to the same VLAN, thus allowing bridging between ports. Routing can still be performed on the defined VLAN by assigning an IP or IPX interface.
Chapter 2: Bridging Configuration Guide Show l2 table information on a specific port. l2-tables show port-macs Show information the master MAC table. l2-tables show mac-table-stats Show information on a specific MAC address. l2-tables show mac Show information on MACs registered. l2-table show bridge-management Show all VLANs.
Chapter 3 IP Routing Configuration Guide This chapter describes how to configure IP interfaces and general non-protocol-specific routing parameters. IP Routing Overview Internet Protocol (IP) is a packet-based protocol used to exchange data over computer networks. IP handles addressing, routing, fragmentation, reassembly, and protocol demultiplexing. In addition, IP specifies how hosts and routers should process packets, handle errors and discard packets.
Chapter 3: IP Routing Configuration Guide The SSR supports standards based TCP, UDP, and IP. IP Routing Protocols The SSR supports standards based unicast and multicast routing. Unicast routing protocol support include Interior Gateway Protocols and Exterior Gateway Protocols. Multicast routing protocols are used to determine how multicast data is transferred in a routed environment.
Chapter 3: IP Routing Configuration Guide Configuring IP Interfaces and Parameters This section provides an overview of configuring various IP parameters and setting up IP interfaces. Configure IP Addresses to Ports You can configure one IP interface directly to physical ports. Each port can be assigned multiple IP addresses representing multiple subnets connected to the physical port. To configure an IP interface to a port, enter one of the following commands in Configure mode.
Chapter 3: IP Routing Configuration Guide • 802.3 SNAP: SNAP IEEE 802.3 encapsulation, in which the type code becomes the frame length for the IEEE 802.2 LLC encapsulation (destination and source Service Access Points, and a control byte) To configure IP encapsulation, enter one of the following commands in Configure mode. Configure Ethernet II encapsulation. interface create ip output-macencapsulation ethernet_II Configure 802.3 SNAP encapsulation.
Chapter 3: IP Routing Configuration Guide Configure DNS Parameters The SSR can be configured to specify DNS servers which supply name services for DNS requests. You can specify up to three DNS servers. To configure DNS servers, enter the following command in Configure mode: Configure a DNS server. system set dns server [, [, ]] You can also specify a domain name for the SSR. The domain name is used by the SSR to respond to DNS requests.
Chapter 3: IP Routing Configuration Guide • NetBIOS Datagram Server (port 138) • TACACS Server (port 49) • Time Service (port 37) To configure a destination to which UDP packets will be forwarded, enter the following command in Configure mode: Specify local subnet interface, destination “helper” IP address, and UDP port number to forward ip helper-address interface Configure Direct Broadcast You can configure the SSR to forward all directed broadcast t
Chapter 3: IP Routing Configuration Guide Show ARP entries in routing table. ip show routes show-arps Show DNS parameters. system show dns Configuration Examples Assigning IP/IPX Interfaces To enable routing on the SSR, you must assign an IP or IPX interface to a VLAN. To assign an IP or IPX interface named ‘RED’ to the ‘BLUE’ VLAN, enter the following command: ssr(config)# interface create ip RED address-netmask 10.50.0.1/255.255.0.
Chapter 3: IP Routing Configuration Guide 52 SmartSwitch Router User Reference Manual
Chapter 4 RIP Configuration Guide RIP Overview This chapter describes how to configure Routing Information Protocol (RIP) in the SmartSwitch Router. RIP is a distance-vector routing protocol for use in small networks. RIP is described in RFC 1723. A router running RIP broadcasts updates at set intervals. Each update contains paired values where each pair consists of an IP network address and an integer distance to that network. RIP uses a hop count metric to measure the distance to a destination.
Chapter 4: RIP Configuration Guide Enabling and Disabling RIP To enable or disable RIP, enter one of the following commands in Configure mode. Enable RIP. rip start Disable RIP. rip stop Configuring RIP Interfaces To configure RIP in the SSR, you must first add interfaces to inform RIP about attached interfaces. To add RIP interfaces, enter the following commands in Configure mode. Add interfaces to the RIP process.
Chapter 4: RIP Configuration Guide RIP Parameter Default Value Authentication None Update interval 30 seconds To change RIP parameters, enter the following commands in Configure mode. Set RIP Version on an interface to RIP V1. rip set interface |all version 1 Set RIP Version on an interface to RIP V2. rip set interface |all version 2 Specify that RIP V2 packets should be multicast on this interface.
Chapter 4: RIP Configuration Guide Configure RIP Route Default-Metric You can define the metric used when advertising routes via RIP that were learned from other protocols. The default value for this parameter is 16 (unreachable). To export routes from other protocols into RIP, you must explicitly specify a value for the default-metric parameter. The metric specified by the default-metric parameter may be overridden by a metric specified in the export command.
Chapter 4: RIP Configuration Guide Show detailed information of response packets sent by the router. rip trace response send Show detailed information of request packets sent by the router. rip trace send request Show RIP timer information. rip show timers Configuration Example SSR 1 SSR 2 Interface 1.1.1.1 Interface 3.2.1.1 ! Example configuration ! ! Create interface ssr1-if1 with ip address 1.1.1.1/16 on port et.1.1 on SSR-1 interface create ip ssr1-if1 address-netmask 1.1.1.1/16 port et.1.
Chapter 4: RIP Configuration Guide 58 SmartSwitch Router User Reference Manual
Chapter 5 OSPF Configuration Guide OSPF Overview Open Shortest Path First (OSPF) is a link-state routing protocol that supports IP subnetting and authentication. The SSR supports OSPF Version 2.0 as defined in RFC 1583. Each link-state message contains all the links connected to the router with a specified cost associated with the link.
Chapter 5: OSPF Configuration Guide OSPF Multipath The SSR also supports OSPF and static Multi-path. If multiple equal-cost OSPF or static routes have been defined for any destination, then the SSR “discovers” and uses all of them. The SSR will automatically learn up to four equal-cost OSPF or static routes and retain them in its forwarding information base (FIB). The forwarding module then installs flows for these destinations in a round-robin fashion.
Chapter 5: OSPF Configuration Guide Configure OSPF Interface Parameters You can configure the OSPF interface parameters shown in the table below. Table 3. OSPF Interface Parameters OSPF Parameter Default Value Interface OSPF State (Enable/Disable) Enable (except for virtual links) Cost 1 No multicast Default is using multicast mechanism.
Chapter 5: OSPF Configuration Guide Specify the number of seconds required to transmit a link state update on an OSPF interface. ospf set interface |all transit-delay Specify the time a neighbor router will listen for OSPF hello packets before declaring the router down. ospf set interface |all router-dead-interval Disable IP multicast for sending OSPF packets to neighbors on an OSPF interface.
Chapter 5: OSPF Configuration Guide Add a stub host to an OSPF area. ospf add stub-host [to-area |backbone] [cost ] Add a network to an OSPF area for summarization. ospf add network [to-area |backbone] [restrict] [host-net] Configure OSPF Area Parameters The SSR allows configuration of various OSPF area parameters, including stub areas, stub cost and authentication method. Stub areas are areas into which information on external routes is not sent.
Chapter 5: OSPF Configuration Guide To configure virtual links, enter the following commands in the Configure mode. Create a virtual link. ospf add virtual-link [neighbor ] [transit-area ] Set virtual link parameters.
Chapter 5: OSPF Configuration Guide Monitoring OSPF The SSR provides display of OSPF statistics and configurations contained in the routing table. Information displayed provides routing and performance information. To display OSPF information, enter the following commands in Enable mode. Show IP routing table. ip show table routing Monitor OSPF error conditions. ospf monitor errors destination Show information on all interfaces configured for OSPF.
Chapter 5: OSPF Configuration Guide Show OSPF interfaces. ospf show interfaces Shows information about all valid next hops mostly derived from the SPF calculation. ospf show next-hop-list Show OSPF statistics. ospf show statistics Shows information about OSPF Border Routes. ospf show summary-asb Show OSPF timers. ospf show timers Show OSPF virtual-links. ospf show virtual-links OSPF Configuration Examples For all examples in this section, refer to the configuration shown in Figure 1 on page 70.
Chapter 5: OSPF Configuration Guide ospf add interface 140.1.2.1 to-area 140.1.0.0 ospf add interface 140.1.3.1 to-area 140.1.0.0 ospf add interface 130.1.1.1 to-area backbone Exporting All Interface & Static Routes to OSPF Router R1 has several static routes. We would export these static routes as type-2 OSPF routes. The interface routes would be redistributed as type-1 OSPF routes. 1.
Chapter 5: OSPF Configuration Guide Router R1 would like to redistribute its OSPF, OSPF-ASE, RIP, Static and Interface/Direct routes into RIP. 1. Enable RIP on interface 120.190.1.1/16. rip add interface 120.190.1.1 rip set interface 120.190.1.1 version 2 type multicast 2. Create a OSPF export destination for type-1 routes. ip-router policy create ospf-export-destination ospfExpDstType1 type 1 metric 1 3. Create a OSPF export destination for type-2 routes.
Chapter 5: OSPF Configuration Guide 9. Create a RIP export destination. ip-router policy create rip-export-destination ripExpDst 10. Create OSPF export source. ip-router policy create ospf-export-source ospfExpSrc type OSPF 11. Create OSPF-ASE export source. ip-router policy create ospf-export-source ospfAseExpSrc type OSPFASE 12. Create the Export-Policy for redistributing all interface, RIP, static, OSPF and OSPFASE routes into RIP.
SmartSwitch Router User Reference Manual Figure 1. Exporting to OSPF R6 140.1.5/24 BGP R41 140.1.1.2/24 A r e a 140.1.0.0 140.1.4/24 A r e a 150.20.3.1/16 140.1.1.1/24 140.1.3.1/24 140.1.2.1/24 R42 B a c k b o n e 130.1.1.1/16 R3 R1 190.1.1.1/16 R5 130.1.1.3/16 R7 R8 150.20.3.2/16 (RIP V2) R11 A r e a 150.20.0.0 120.190.1.2/16 202.1.2.2/16 R2 160.1.5.2/24 R10 160.1.5.2/24 70 Chapter 5: OSPF Configuration Guide 120.190.1.
Chapter 6 BGP Configuration Guide BGP Overview The Border Gateway Protocol (BGP) is an exterior gateway protocol that allows IP routers to exchange network reachability information. BGP became an internet standard in 1989 (RFC 1105) and the current version, BGP-4, was published in 1994 (RFC 1771). BGP is typically run between Internet Service Providers. It is also frequently used by multihomed ISP customers, as well as in large commercial networks.
Chapter 6: BGP Configuration Guide The SSR BGP Implementation The SSR routing protocol implementation is based on GateD 4.0.3 code (http://www.gated.org). GateD is a modular software program consisting of core services, a routing database, and protocol modules supporting multiple routing protocols (RIP versions 1 and 2, OSPF version 2, BGP version 2 through 4, and Integrated IS-IS). Since the SSR IP routing code is based upon GateD, BGP can also be configured using a GateD configuration file (gated.
Chapter 6: BGP Configuration Guide Setting the Autonomous System Number An autonomous system number identifies your autonomous system to other routers. To set the SSR’s autonomous system number, enter the following command in Configure mode. Set the SSR’s autonomous system number ip-router global set autonomous-system loops The autonomous-system parameter sets the AS number for the router. Specify a number from 1–65534.
Chapter 6: BGP Configuration Guide where: peer-group Is a group ID, which can be a number or a character string. type Specifies the type of BGP group you are adding. You can specify one of the following: external In the classic external BGP group, full policy checking is applied to all incoming and outgoing advertisements. The external neighbors must be directly reachable through one of the machine's local interfaces.
Chapter 6: BGP Configuration Guide Adding a BGP Peer There are two ways to add BGP peers to peer groups. You can explicitly add a peer host, or you can add a network. Adding a network allows for peer connections from any addresses in the range of network and mask pairs specified in the bgp add network command. To add BGP peers to BGP peer groups, enter one of the following commands in Configure mode. Add a host to a BGP peer group.
Chapter 6: BGP Configuration Guide aspath_term {m} A regular expression followed by {m} (where m is a positive integer) means exactly m repetitions. aspath_term {m,} A regular expression followed by {m,} (where m is a positive integer) means m or more repetitions. aspath_term * An AS path term followed by * means zero or more repetitions. This is shorthand for {0,}. aspath_term + A regular expression followed by + means one or more repetitions. This is shorthand for {1,}.
Chapter 6: BGP Configuration Guide To import all routes (.* matches all AS paths) with the default preference: ip-router policy create bgp-import-source allOthers aspath-regularexpression "(.*)" origin any sequence-number 20 ip-router policy import source allOthers network all To export all active routes from 284 or 813 or 814 or 815 or 816 or 3369 or 3561 to autonomous system 64800.
Chapter 6: BGP Configuration Guide Notes on Using the AS Path Prepend Feature • Use the as-count option for external peer-hosts only. • If the as-count option is entered for an active BGP session, routes will not be resent to reflect the new setting. To have routes reflect the new setting, you must restart the peer session. To do this: a. Enter Configure mode. b. Negate the command that adds the peer-host to the peer-group.
Chapter 6: BGP Configuration Guide a BGP neighbor relationship is the establishment of a TCP connection (using TCP port 179) between peers. A BGP Open message can then be sent between peers across the TCP connection to establish various BGP variables (BGP Version, AS number (ASN), hold time, BGP identifier, and optional parameters). Upon successful completion of the BGP Open negotiations, BGP Update messages containing the BGP routing table can be sent between peers.
Chapter 6: BGP Configuration Guide The CLI configuration for router SSR1 is as follows: interface create ip et.1.1 address-netmask 10.0.0.1/16 port et.1.1 # # Set the AS of the router # ip-router global set autonomous-system 1 # # Set the router ID # ip-router global set router-id 10.0.0.1 # # Create EBGP peer group pg1w2 for peering with AS 2 # bgp create peer-group pg1w2 type external autonomous-system 2 # # Add peer host 10.0.0.2 to group pg1w2 # bgp add peer-host 10.0.0.
Chapter 6: BGP Configuration Guide The gated.conf file for router SSR2 is as follows: autonomoussystem 2 ; routerid 10.0.0.2 ; bgp yes { group type external peeras 1 { peer 10.0.0.1 ; }; }; IBGP Configuration Example Connections between BGP speakers within the same AS are referred to as internal links. A peer in the same AS is an internal peer. Internal BGP is commonly abbreviated IBGP; external BGP is EBGP. An AS that has two or more EBGP peers is referred to as a multihomed AS.
Chapter 6: BGP Configuration Guide Note that for running IBGP using group-type Routing you must run an IGP such as OSPF to resolve the next hops that come with external routes. You could also use protocol any so that all protocols are eligible to resolve the BGP forwarding address. Figure 3 shows a sample BGP configuration that uses the Routing group type. AS-64801 10.12.1.1/30 Cisco 10.12.1.6/30 lo0 172.23.1.25/30 OSPF 10.12.1.5/30 10.12.1.2/30 SSR4 SSR1 IBGP 172.23.1.10/30 172.23.1.
Chapter 6: BGP Configuration Guide In this example, OSPF is configured as the IGP in the autonomous system. The following lines in the router SSR6 configuration file configure OSPF: # # Create a secondary address for the loopback interface # interface add ip lo0 address-netmask 172.23.1.26/30 ospf create area backbone ospf add interface to-SSR4 to-area backbone ospf add interface to-SSR1 to-area backbone # # This line is necessary because we want CISCO to peer with our loopback # address.
Chapter 6: BGP Configuration Guide The following lines on the Cisco router set up IBGP peering with router SSR6. router bgp 64801 ! ! Disable synchronization between BGP and IGP ! no synchronization neighbor 172.23.1.26 remote-as 64801 ! ! Allow internal BGP sessions to use any operational interface for TCP ! connections ! neighbor 172.23.1.
Chapter 6: BGP Configuration Guide Figure 4 illustrates a sample IBGP Internal group configuration. C2 C1 16.122.128.8/24 16.122.128.9/24 16.122.128.1/24 16.122.128.1/24 AS-1 SSR1 SSR2 17.122.128.1/24 17.122.128.2/24 Legend: Physical Link Peering Relationship Figure 4.
Chapter 6: BGP Configuration Guide The gated.conf file for router SSR1 is as follows: autonomoussystem 1 ; routerid 16.122.128.1 ; bgp yes { traceoptions aspath detail packets detail open detail update ; group type internal peeras 1 { peer 16.122.128.2 ; peer 16.122.128.8 ; peer 16.122.128.9 ; }; }; The CLI configuration for router SSR2 is as follows: ip-router global set autonomous-system 1 bgp create peer-group int-ibgp-1 type internal autonomous-system 1 bgp add peer-host 16.122.128.
Chapter 6: BGP Configuration Guide The configuration for router C1 (a Cisco router) is as follows: router bgp 1 no synchronization network 16.122.128.0 mask 255.255.255.0 network 17.122.128.0 mask 255.255.255.0 neighbor 16.122.128.1 remote-as 1 neighbor 16.122.128.1 next-hop-self neighbor 16.122.128.1 soft-reconfiguration inbound neighbor 16.122.128.2 remote-as 1 neighbor 16.122.128.2 next-hop-self neighbor 16.122.128.2 soft-reconfiguration inbound neighbor 16.122.128.9 remote-as 1 neighbor 16.122.128.
Chapter 6: BGP Configuration Guide This sample configuration shows External BGP peers, SSR1 and SSR4, which are not connected to the same subnet. AS-64800 16.122.128.3/16 SSR1 17.122.128.4/16 SSR2 16.122.128.1/16 SSR3 17.122.128.3/16 18.122.128.3/16 AS-64801 18.122.128.4/16 Legend: SSR4 Physical Link Peering Relationship The CLI configuration for router SSR1 is as follows: bgp create peer-group ebgp_multihop autonomous-system 64801 type external bgp add peer-host 18.122.128.
Chapter 6: BGP Configuration Guide The gated.conf file for router SSR1 is as follows: autonomoussystem 64800 ; routerid 0.0.0.1 ; bgp yes { traceoptions state ; group type external peeras 64801 { peer 18.122.128.2 gateway 16.122.128.3 ; }; }; static { 18.122.0.0 masklen 16 gateway 16.122.128.3 ; }; The CLI configuration for router SSR2 is as follows: interface create ip to-R1 address-netmask 16.122.128.3/16 port et.1.1 interface create ip to-R3 address-netmask 17.122.128.3/16 port et.1.
Chapter 6: BGP Configuration Guide The gated.conf file for router SSR3 is as follows: static { 16.122.0.0 masklen 16 gateway 17.122.128.3 ; }; The CLI configuration for router SSR4 is as follows: bgp create peer-group ebgp_multihop autonomous-system 64801 type external bgp add peer-host 18.122.128.2 group ebgp_multihop ! ! Specify the gateway option, which indicates EBGP multihop. Set the ! gateway option to the address of the router that has a route to the ! peer. ! bgp set peer-host 18.122.128.
Chapter 6: BGP Configuration Guide AS-64901 AS-64902 ISP2 ISP1 R11 1.6 172.25.1.1/16 172.25.1.2/16 1.1 1.1 1.6 192.168.20.2/16 AS-64900 100.200.13.1/24 172.26.1.2/16 AS-64899 192.168.20.1/16 100.200.12.1/24 R13 1.1 R10 1.3 192.169.20.1/16 1.6 1.8 CS1 172.26.1.1/16 192.169.20.2/16 1.8 1.6 CS2 10.200.14.1/24 1.1 R14 1.3 10.200.15.1/24 Legend: Physical Link Peering Relationship Information Flow Figure 5.
Chapter 6: BGP Configuration Guide AS-64901 AS-64902 ISP2 SSR11 172.25.1.1/16 172.25.1.2/16 SSR13 10.220.1.1/16 192.168.20.2/16 AS-64900 192.168.20.1/16 Legend: 100.200.12.20/24 100.200.13.1/24 Physical Link SSR10 Peering Relationship Information Flow Figure 6. Sample BGP Configuration (Well-Known Community) The Community attribute can be used in three ways: 1.
Chapter 6: BGP Configuration Guide In Figure 6, router SSR11 has the following configuration: # # Create an optional attribute list with identifier color1 for a community # attribute (community-id 160 AS 64901) # ip-router policy create optional-attributes-list color1 community-id 160 autonomous-system 64901 # # Create an optional attribute list with identifier color2 for a community # attribute (community-id 155 AS 64901) # ip-router policy create optional-attributes-list color2 community-id 155 autonomou
Chapter 6: BGP Configuration Guide In Figure 6, router SSR13 has the following configuration: ip-router policy create optional-attributes-list color1 community-id 160 autonomous-system 64902 ip-router policy create optional-attributes-list color2 community-id 155 autonomous-system 64902 ip-router policy create bgp-import-source 902color1 optional-attributes-list color1 autonomous-system 64899 sequence-number 1 ip-router policy create bgp-import-source 902color2 optional-attributes-list color2 autonomous-sy
Chapter 6: BGP Configuration Guide In Figure 6, router SSR10 has the following configuration: # # Create an optional attribute list with identifier color1 for a community # attribute (community-id 160 AS 64902) # ip-router policy create optional-attributes-list color1 community-id 160 autonomous-system 64902 # # Create an optional attribute list with identifier color2 for a community # attribute (community-id 155 AS 64902) # ip-router policy create optional-attributes-list color2 community-id 155 autonomou
Chapter 6: BGP Configuration Guide The community attribute may be a single community or a set of communities. A maximum of 10 communities may be specified. The community attribute can take any of the following forms: • Specific community The specific community consists of the combination of the AS-value and community ID.
Chapter 6: BGP Configuration Guide Notes on Using Communities When originating BGP communities, the set of communities that is actually sent is the union of the communities received with the route (if any), those specified in group policy (if any), and those specified in export policy (if any). When receiving BGP communities, the update is only matched if all communities specified in the optional-attributes-list option of the ip-router policy create command are present in the BGP update.
Chapter 6: BGP Configuration Guide In the sample network in Figure 7, all the traffic exits Autonomous System 64901 through the link between router SSR13 and router SSR11. This is accomplished by setting the Local_Pref attribute. 10.200.12.1/24 10.200.13.1/24 10.200.14.1/24 10.200.15.1/24 AS-64900 1.1 1.3 1.1 SSR10 192.169.20.2/16 192.169.20.1/16 1.6 1.6 192.168.20.1/16 172.28.1.1/16 EBGP EBGP 192.168.20.2/16 172.28.1.2/16 1.1 SSR12 1.3 SSR11 AS-64901 1.1 1.3 SSR13 1.3 172.25.1.
Chapter 6: BGP Configuration Guide In router SSR12’s CLI configuration file, the import preference is set to 160: # # Set the set-pref metric for the IBGP peer group # bgp set peer-group as901 set-pref 100 ip-router policy create bgp-import-source as900 autonomous-system 64900 preference 160 Using the formula for local preference [Local_Pref = 254 - (global protocol preference for this route) + metric], the Local_Pref value put out by router SSR12 is 254 - 160+100 = 194 For router SSR13, the import prefer
Chapter 6: BGP Configuration Guide 10.200.12.4/24 SSR4 172.16.200.4/24 172.16.200.6/24 SSR6 10.200.12.6/24 N1 10.200.12.0/24 AS 64752 10.200.12.15/24 Legend: C1 AS 64751 Physical Link Peering Relationship Information Flow Figure 8. Sample BGP Configuration (MED Attribute) Routers SSR4 and SSR6 inform router C1 about network 172.16.200.0/24 through External BGP (EBGP). Router SSR6 announced the route with a MED of 10, whereas router SSR4 announces the route with a MED of 20.
Chapter 6: BGP Configuration Guide EBGP Aggregation Example Figure 9 shows a simple EBGP configuration in which one peer is exporting an aggregated route to its upstream peer and restricting the advertisement of contributing routes to the same peer. The aggregated route is 212.19.192.0/19. AS-64900 AS-64901 212.19.199.62/24 212.19.198.1/24 SSR8 194.109.86.6 194.109.86.5 SSR9 212.19.192.2/24 Legend: Physical Link Peering Relationship Figure 9.
Chapter 6: BGP Configuration Guide Router SSR9 has the following CLI configuration: bgp create peer-group rtr8 type external autonomous system 64900 bgp add peer-host 194.109.86.6 group rtr8 Route Reflection Example In some ISP networks, the internal BGP mesh becomes quite large and the IBGP full mesh does not scale well. For such situations, route reflection provides a way to alleviate the need for a full IBGP mesh.
Chapter 6: BGP Configuration Guide Figure 10 shows a sample configuration that uses route reflection. AS-64900 AS-64902 192.68.222.1 SSR14 SSR8 192.68.20.2 EBGP Peer EBGP Peer AS-64901 192.68.20.1 SSR12 SSR9 SSR13 172.16.30.2 IBGP Cluster Client IBGP Cluster Client IBGP Cluster Client SSR11 SSR10 IBGP Non-Cluster Client Figure 10. Sample BGP Configuration (Route Reflection) In this example, there are two clusters.
Chapter 6: BGP Configuration Guide Router SSR11 has router SSR12 and router SSR13 as client peers and router SSR10 as nonclient peer. The following line in router SSR11’s configuration file specifies it to be a route reflector bgp set peer-group rtr11 reflector-client Even though the IBGP Peers are not fully meshed in AS 64901, the direct routes of router SSR14, that is, 192.68.222.
Chapter 6: BGP Configuration Guide Notes on Using Route Reflection • Two types of route reflection are supported: – By default, all routes received by the route reflector from a client are sent to all internal peers (including the client’s group, but not the client itself). – If the no-client-reflect option is enabled, routes received from a route reflection client are sent only to internal peers that are not members of the client's group. In this case, the client's group must itself be fully meshed.
Chapter 6: BGP Configuration Guide 106 SmartSwitch Router User Reference Manual
Chapter 7 Routing Policy Configuration Guide Route Import and Export Policy Overview The SSR family of routers supports extremely flexible routing policies.
Chapter 7: Routing Policy Configuration Guide Preference Preference is the value the SSR routing process uses to order preference of routes from one protocol or peer over another. Preference can be set using several different configuration commands. Preference can be set based on one network interface over another, from one protocol over another, or from one remote gateway over another.
Chapter 7: Routing Policy Configuration Guide Import Policies Import policies control the importation of routes from routing protocols and their installation in the routing databases (Routing Information Base and Forwarding Information Base). Import Policies determine which routes received from other systems are used by the SSR routing process. Every import policy can have up to two components: • Import-Source • Route-Filter Import-Source This component specifies the source of the imported routes.
Chapter 7: Routing Policy Configuration Guide It is only possible to restrict the importation of OSPF ASE routes when functioning as an AS border router. Like the other interior protocols, preference cannot be used to choose between OSPF ASE routes. That is done by the OSPF costs. Route-Filter This component specifies the individual routes which are to be imported or restricted. The preference to be associated with these routes can also be explicitly specified using this component.
Chapter 7: Routing Policy Configuration Guide The routes to be exported can be identified by their associated attributes: • Their protocol type (RIP, OSPF, BGP, Static, Direct, Aggregate). • Interface or the gateway from which the route was received. • Autonomous system from which the route was learned. • AS path associated with a route. When BGP is configured, all routes are assigned an AS path when they are added to the routing table.
Chapter 7: Routing Policy Configuration Guide A route will match the most specific filter that applies. Specifying more than one filter with the same destination, mask and modifiers generates an error. There are three possible formats for a route filter. Not all of these formats are available in all places. In most cases, it is possible to associate additional options with a filter.
Chapter 7: Routing Policy Configuration Guide Route aggregation is also used by regional and national networks to reduce the amount of routing information passed around. With careful allocation of network addresses to clients, regional networks can just announce one route to regional networks instead of hundreds. Aggregate routes are not actually used for packet forwarding by the originator of the aggregate route, but only by the receiver (if it wishes).
Chapter 7: Routing Policy Configuration Guide Route-Filter This component specifies the individual routes that are to be aggregated or summarized. The preference to be associated with these routes can also be explicitly specified using this component. The contributing routes are ordered according to the aggregation preference that applies to them. If there is more than one contributing route with the same aggregating preference, the route's own preferences are used to order the routes.
Chapter 7: Routing Policy Configuration Guide Many protocols allow the specification of two authentication keys per interface. Packets are always sent using the primary keys, but received packets are checked with both the primary and secondary keys before being discarded. Authentication Keys and Key Management An authentication key permits generation and verification of the authentication field in protocol packets.
Chapter 7: Routing Policy Configuration Guide The from-proto parameter specifies the protocol of the source routes. The values for the from-proto parameter are rip, ospf, bgp, direct, static, aggregate and ospf-ase. The toproto parameter specifies the destination protocol where the routes are to be exported. The values for the to-proto parameter are rip, ospf and bgp. The network parameter provides a means to define a filter for the routes to be distributed.
Chapter 7: Routing Policy Configuration Guide Redistributing RIP into RIP The SSR routing process requires RIP redistribution into RIP if a protocol is redistributed into RIP. To redistribute RIP into RIP, enter the following command in Configure mode: To redistribute RIP into RIP. ip-router policy redistribute from-proto rip to-proto rip Redistributing RIP into OSPF RIP routes may be redistributed to OSPF.
Chapter 7: Routing Policy Configuration Guide To redistribute aggregate routes, enter one of the following commands in Configure mode: To redistribute aggregate routes into RIP. ip-router policy redistribute from-proto aggregate to-proto rip To redistribute aggregate routes into OSPF.
Chapter 7: Routing Policy Configuration Guide !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! RIP Box Level Configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ rip start rip set default-metric 2 !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! RIP Interface Configuration. Create a RIP interfaces, and set ! their type to (version II, multicast).
Chapter 7: Routing Policy Configuration Guide • Specify the static routes configured on the router • Determine its OSPF configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Create the various IP interfaces. !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface create ip to-r2 address-netmask 120.190.1.1/16 port et.1.2 interface create ip to-r3 address-netmask 130.1.1.1/16 port et.1.3 interface create ip to-r41 address-netmask 140.1.1.
Chapter 7: Routing Policy Configuration Guide In the configuration shown in Figure 12 on page 131, suppose if we decide to run RIP Version 2 on network 120.190.0.0/16, connecting routers R1 and R2. Router R1 would like to export all RIP, interface, and static routes to OSPF.
Chapter 7: Routing Policy Configuration Guide routes to be exported can be identified by their associated attributes, such as protocol type, interface or the gateway from which the route was received, and so on. • Route Filter - This component provides the means to define a filter for the routes to be distributed. Routes that match a filter are considered as eligible for redistribution. This can be done using one of two methods: – Creating a route-filter and associating an identifier with it.
Chapter 7: Routing Policy Configuration Guide Creating an Export Destination To create an export destination, enter one the following commands in Configure mode: Create a RIP export destination. ip-router policy create rip-exportdestination Create an OSPF export destination. ip-router policy create ospf-exportdestination Creating an Export Source To create an export source, enter one of the following commands in Configure mode: Create a RIP export source.
Chapter 7: Routing Policy Configuration Guide To create route import policies, enter the following command in Configure mode: Create an import policy. ip-router policy import source [filter |[network [exact|refines|between ] [preference |restrict]]] The is the identifier of the import-source that determines the source of the imported routes.
Chapter 7: Routing Policy Configuration Guide • Aggregate-Destination - This component specifies the aggregate/summarized route. It also specifies the attributes associated with the aggregate route. The preference to be associated with an aggregate route can be specified using this component. • Aggregate-Source - This component specifies the source of the routes contributing to an aggregate/summarized route.
Chapter 7: Routing Policy Configuration Guide Creating an Aggregate Destination To create an aggregate destination, enter the following command in Configure mode: Create an aggregate destination. ip-router policy create aggr-gen-dest network Creating an Aggregate Source To create an aggregate source, enter the following command in Configure mode: Create an aggregate source.
Chapter 7: Routing Policy Configuration Guide R6 R42 160.1.1.1/16 R41 10.51.0.0/16 140.1.1.4/24 130.1.1.1/16 140.1.1.1/24 R1 170.1.1.1/16 Figure 11. Exporting to RIP 140.1.2.1/24 RIP v2 120.190.1.1/16 160.1.5.0/24 R2 120.190.1.2/16 202.1.0.0/10 RIP V2 R3 135.3.2.1/24 135.3.3.1/24 R7 135.3.1.1/24 (RIP V1) 130.1.1.3/16 de f a ul t 170.1.1.7/16 Internet The following configuration commands for router R1 • Determine the IP address for each interface.
Chapter 7: Routing Policy Configuration Guide !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Create the various IP interfaces. !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface create ip to-r2 address-netmask 120.190.1.1/16 port et.1.2 interface create ip to-r3 address-netmask 130.1.1.1/16 port et.1.3 interface create ip to-r41 address-netmask 140.1.1.1/24 port et.1.4 interface create ip to-r42 address-netmask 140.1.2.1/24 port et.1.
Chapter 7: Routing Policy Configuration Guide 1. Add the peer 140.1.1.41 to the list of trusted and source gateways. rip add source-gateways 140.1.1.41 rip add trusted-gateways 140.1.1.41 2. Create a RIP import source with the gateway as 140.1.1.4 since we would like to import all routes except the 10.51.0.0/16 route from this gateway. ip-router policy create rip-import-source ripImpSrc144 gateway 140.1.1.4 3. Create the Import-Policy, importing all routes except the 10.51.0.
Chapter 7: Routing Policy Configuration Guide It is only possible to restrict the importation of OSPF ASE routes when functioning as an AS border router. Like the other interior protocols, preference cannot be used to choose between OSPF ASE routes. That is done by the OSPF costs. Routes that are rejected by policy are stored in the table with a negative preference. For all examples in this section, refer to the configuration shown in Figure 12 on page 131.
R6 140.1.5/24 131 BGP R41 140.1.1.2/24 A r e a 140.1.0.0 140.1.4/24 A r e a 150.20.3.1/16 140.1.1.1/24 140.1.3.1/24 140.1.2.1/24 R42 B a c k b o n e 130.1.1.1/16 R3 R1 190.1.1.1/16 R5 130.1.1.3/16 R8 R7 150.20.3.2/16 120.190.1.1/16 (RIP V2) R11 A r e a 150.20.0.0 120.190.1.2/16 202.1.2.2/16 R2 160.1.5.2/24 160.1.5.
Chapter 7: Routing Policy Configuration Guide The following configuration commands for router R1: • Determine the IP address for each interface • Specify the static routes configured on the router • Determine its OSPF configuration !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Create the various IP interfaces. !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface create ip to-r2 address-netmask 120.190.1.1/16 port et.1.
Chapter 7: Routing Policy Configuration Guide Examples of Export Policies Example 1: Exporting to RIP Exporting to RIP is controlled by any of protocol, interface or gateway. If more than one is specified, they are processed from most general (protocol) to most specific (gateway). It is not possible to set metrics for exporting RIP routes into RIP. Attempts to do this are silently ignored. If no export policy is specified, RIP and interface routes are exported into RIP.
Chapter 7: Routing Policy Configuration Guide !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ip add route 135.3.1.0/24 gateway 130.1.1.3 ip add route 135.3.2.0/24 gateway 130.1.1.3 ip add route 135.3.3.0/24 gateway 130.1.1.3 !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Configure default routes to the other subnets reachable through R2. !+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ip add route 202.1.0.0/16 gateway 120.190.1.
Chapter 7: Routing Policy Configuration Guide 4. Create a Direct export source since we would like to export direct/interface routes. ip-router policy create direct-export-source directExpSrc 5. Create the export-policy redistributing the statically created default route, and all (RIP, Direct) routes into RIP.
Chapter 7: Routing Policy Configuration Guide Exporting All Static Routes Reachable Over a Given Interface to a Specific RIPInterface In this case, router R1 would export/redistribute all static routes accessible through its interface 130.1.1.1 to its RIP-interface 140.1.1.1 only. 1. Create a RIP export destination for interface with address 140.1.1.1, since we intend to change the rip export policy for interface 140.1.1.1 ip-router policy create rip-export-destination ripExpDst141 interface 140.1.1.1 2.
Chapter 7: Routing Policy Configuration Guide 1. Create an Aggregate-Destination which represents the aggregate/summarized route. ip-router policy create aggr-gen-dest aggrDst140 network 140.1.0.0/16 2. Create an Aggregate-Source which qualifies the source of the routes contributing to the aggregate. Since in this case, we do not care about the source of the contributing routes, we would specify the protocol as all. ip-router policy create aggr-gen-source allAggrSrc protocol all 3.
Chapter 7: Routing Policy Configuration Guide 8. Create the Export-Policy redistributing all (RIP, Direct) routes and the aggregate route 140.1.0.0/16 into RIP. ip-router policy export destination ripExpDst130 source aggrExpSrc network 140.1.0.
Chapter 7: Routing Policy Configuration Guide !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ! Create the various IP interfaces. !++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ interface create ip to-r2 address-netmask 120.190.1.1/16 port et.1.2 interface create ip to-r3 address-netmask 130.1.1.1/16 port et.1.3 interface create ip to-r41 address-netmask 140.1.1.1/24 port et.1.4 interface create ip to-r42 address-netmask 140.1.2.1/24 port et.1.
Chapter 7: Routing Policy Configuration Guide 4. Create a Direct export source since we would like to export interface/direct routes. ip-router policy create direct-export-source directExpSrc 5. Create the Export-Policy for redistributing all interface routes and static routes into OSPF.
Chapter 7: Routing Policy Configuration Guide 5. Create a RIP export source. ip-router policy export destination ripExpDst source ripExpSrc network all 6. Create a Static export source. ip-router policy create static-export-source statExpSrc 7. Create a Direct export source. ip-router policy create direct-export-source directExpSrc 8. Create the Export-Policy for redistributing all interface, RIP and static routes into OSPF.
Chapter 7: Routing Policy Configuration Guide 12. Create the Export-Policy for redistributing all interface, RIP, static, OSPF and OSPFASE routes into RIP.
Chapter 8 Multicast Routing Configuration Guide IP Multicast Overview Multicast routing on the SSR is supported through DVMRP and IGMP. IGMP is used to determine host membership on directly attached subnets. DVMRP is used to determine forwarding of multicast traffic between SSRs.
Chapter 8: Multicast Routing Configuration Guide The SSR allows per-interface control of the host query interval and response time. Query interval defines the time between IGMP queries. Response time defines the time the SSR will wait for host responses to IGMP queries. The SSR can be configured to deny or accept group membership filters. DVMRP Overview DVMRP is an IP multicast routing protocol. On the SSR, DVMRP routing is implemented as specified in the draft-ietf-idmr-dvmrp-v3-06.
Chapter 8: Multicast Routing Configuration Guide Configure IGMP You configure IGMP on the SSR by performing the following configuration tasks. • Creating IP interfaces • Setting global parameters that will be used for all the interfaces on which DVMRP is enabled • Configuring IGMP on individual interfaces. You do so by enabling and disabling IGMP on interfaces and then setting IGMP parameters on the interfaces on which IGMP is enabled • Start the multicast routing protocol (i.e.
Chapter 8: Multicast Routing Configuration Guide To configure the host response wait time, enter the following command in Configure mode: Configure the IGMP host response wait time. igmp set responsetime Configure Per-Interface Control of IGMP Membership You can configure the SSR to control IGMP membership on a per-interface basis. An interface can be configured to be allowed or not allowed membership to a particular group.
Chapter 8: Multicast Routing Configuration Guide To start or stop DVMRP, enter one of the following commands in Configure mode: Start DVMRP. dvmrp start Stop DVMRP. no dvmrp start Configure DVMRP on an Interface DVMRP can be controlled/configured on per-interface basis. An interface does not have to run both DVMRP and IGMP together. DVMRP can be started or stopped IGMP starts and stops automatically with DVMRP.
Chapter 8: Multicast Routing Configuration Guide Configure DVMRP TTL & Scope For control over internet traffic, per-interface control is allowed through Scopes and TTL thresholds. The TTL value controls whether packets are forwarded from an interface.
Chapter 8: Multicast Routing Configuration Guide DVMRP tunnels need to be created before being enabled. Tunnels are recognized by the tunnel name. Once a DVMRP tunnel is created, you can enable DVMRP on the interface. The SSR supports a maximum of eight tunnels. To configure a DVMRP tunnel, enter the following command in Configure mode: Configure a DVMRP tunnel to MBONE. dvmrp create tunnel local remote You can also control the rate of DVMRP traffic in a DVMRP tunnel.
Chapter 8: Multicast Routing Configuration Guide Show all interfaces running multicast protocols (IGMP, DVMRP). multicast show interfaces Show all multicast routes. multicast show mroutes Configuration Examples The following is a sample SSR configuration for DVMRP and IGMP. Seven subnets are created. IGMP is enabled on 4 IP interfaces. The IGMP query interval is set to 30 seconds. DVMRP is enabled on 5 IP interfaces. IGMP is not running on “downstream” interfaces. ! Create VLANS.
Chapter 9 IPX Routing Configuration Guide IPX Routing Overview The Internetwork Packet Exchange (IPX) is a datagram connectionless protocol for the Novell NetWare environment. You can configure the SSR for IPX routing and SAP. Routers interconnect different network segments and by definitions are network layer devices. Thus routers receive their instructions for forwarding a packet from one segment to another from a network layer protocol. IPX, with the help of RIP and SAP, perform these Network Layer Task.
Chapter 9: IPX Routing Configuration Guide this information is immediately broadcast to any neighboring routers. Routers also send periodic RIP broadcast packets containing all routing information known to the router. The SSR uses IPX RIP to create and maintain a database of internetwork routing information. The SSR's implementation of RIP allows the following exchanges of information: • Workstations locate the fastest route to a network number by broadcasting a route request.
Chapter 9: IPX Routing Configuration Guide Configuring IPX RIP & SAP This section provides an overview of configuring various IPX parameters and setting up IPX interfaces. IPX RIP On the SSR, RIP automatically runs on all IPX interfaces. The SSR will keep multiple routes to the same network having the lowest ticks and hop count. Static routes can be configured on the SSR using the CLI’s ipx add route command.
Chapter 9: IPX Routing Configuration Guide Configuring IPX Interfaces and Parameters This section provides an overview of configuring various IPX parameters and setting up IPX interfaces. Configure IPX Addresses to Ports You can configure one IPX interface directly to a physical port. To configure an IPX interface to a port, enter one of the following commands in Configure mode: Configure an IPX interface to a physical port.
Chapter 9: IPX Routing Configuration Guide • 802.2: 802.2 encapsulation method used within Novell IPX environments Configure Ethernet II encapsulation. interface create ipx output-mac-encapsulation ethernet_II Configure 802.3 SNAP encapsulation. interface create ipx output-mac-encapsulation ethernet_snap Configure 802.3 IPX encapsulation. interface create ipx output-mac-encapsulation ethernet_802.3 Configure 802.2 IPX encapsulation.
Chapter 9: IPX Routing Configuration Guide Configure Static SAP Table Entries Servers in an IPX network use SAP to advertise services via broadcast packets. Services from servers are stored in the Server Information Table. If you want to have a service explicitly advertised with different hops then you will need to configure a static entry. To add an entry into the Server Information Table, enter the following command in Configure mode: Add a SAP table entry.
Chapter 9: IPX Routing Configuration Guide Create an IPX Type 20 Access Control List IPX type 20 access control lists control the forwarding of IPX type 20 packets. To create an IPX type 20 access control list, enter the following command in Configure mode: Create an IPX type 20 access control list. acl permit|deny ipxtype20 Create an IPX SAP Access Control List IPX SAP access control lists control which SAP services are available on a server.
Chapter 9: IPX Routing Configuration Guide Create an IPX RIP Access Control List IPX RIP access control lists control which RIP updates are allowed. To create an IPX RIP access control list, perform the following task in the Configure mode: Create an IPX RIP access control list. acl permit|deny ipxrip Once an IPX RIP access control list has been created, you must apply the access control list to an IPX interface.
Chapter 9: IPX Routing Configuration Guide • Adds a SAP access list • Adds a GNS access list ! Create interface ipx1 with ipx address AAAAAAAA interface create ipx ipx1 address AAAAAAAA port et.1.1 output-macencapsulation ethernet_802.2_IPX ! ! Create interface ipx2 with ipx address BBBBBBBB interface create ipx ipx2 address BBBBBBBB port et.1.2 output-macencapsulation ethernet_802.3 ! !Add static route to network 9 ipx add route 9 BBBBBBBB.
Chapter 9: IPX Routing Configuration Guide 160 SmartSwitch Router User Reference Manual
Chapter 10 Security Configuration Guide Security Overview The SSR provides security features that help control access to the SSR and filter traffic going through the SSR. Access to the SSR can be controlled by: • Enabling RADIUS • Enabling TACACS • Enabling TACACS Plus • Login authentication Traffic filtering on the SSR enables: • Layer-2 security filters - Perform filtering on source or destination MAC addresses.
Chapter 10: Security Configuration Guide Configuring SSR Access Security Configure RADIUS You can secure login or Enable mode access to the SSR by enabling a Remote Authentication Dial-In Service (RADIUS) client. A RADIUS server responds to the SSR RADIUS client to provide authentication. You can configure up to five RADIUS server targets on the SSR. A timeout is set to tell the SSR how long to wait for a response from RADIUS servers.
Chapter 10: Security Configuration Guide To configure TACACS security, enter the following commands in the Configure mode: Specify a TACACS server. tacacs set host Set the TACACS time to wait for a TACACS server reply. tacacs set timeout Determine SSR action if no server responds. tacacs set last-resort password|succeed Enable TACACS. tacacs enable Monitor TACACS You can monitor TACACS configuration and statistics within the SSR.
Chapter 10: Security Configuration Guide To monitor TACACS Plus, enter the following commands in Enable mode: Show TACACS Plus server statistics. tacacs-plus show stats Show all TACACS Plus parameters. tacacs-plus show all Configure Passwords The SSR provides password authentication for accessing the User and Enable modes. If TACACS is not enabled on the SSR, only local password authentication is performed.
Chapter 10: Security Configuration Guide Configuring Layer-2 Address Filters If you want to control access to a source or destination on a per-MAC address basis, you can configure an address filter. Address filters are always configured and applied to the input port. You can set address filters on the following: • A source MAC address, which filters out any frame coming from a specific source MAC address.
Chapter 10: Security Configuration Guide Configuring Layer-2 Static Entry Filters Static entry filters allow or force traffic to go to a set of destination ports based on a frame's source MAC address, destination MAC address, or both source and destination MAC addresses in flow bridging mode. Static entries are always configured and applied at the input port.
Chapter 10: Security Configuration Guide • Combine a destination secure port filter with a flow static entry to drop all received traffic but allow any frame coming from specific source MAC address that is destined to specific destination MAC address to go through To configure Layer-2 secure port filters, enter the following commands in Configure mode: Configure a source secure port filter.
Chapter 10: Security Configuration Guide Layer-2 Filter Examples SSR et.1.1 et.1.2 et.1.3 Hub Engineers, Consultant Engineering File Servers Finance File Servers Figure 13. Source Filter Example Example 1: Address Filters Source filter: The consultant is not allowed to access any file servers. The consultant is only allowed to interact with the engineers on the same Ethernet segment – port et.1.1. All traffic coming from the consultant’s MAC address will be dropped.
Chapter 10: Security Configuration Guide Destination static entry: Restrict "login multicasts" originating from the engineering segment (port et.1.1) from reaching the finance servers. filters add static-entry name login-mcasts dest-mac 010000:334455 vlan 1 in-port-list et.1.1 out-port-list et.1.3 restriction disallow or filters add static-entry name login-mcasts dest-mac 010000:334455 vlan 1 in-port-list et.1.1 out-port-list et.1.
Chapter 10: Security Configuration Guide Destination secure port: To block access to all file servers on all ports from port et.1.1 use the following command: filters add secure-port name engineers direction dest vlan 1 in-port-list et.1.1 To allow all engineers access to the engineering servers, you must "punch" a hole through the secure-port wall. A "dest static-entry" overrides a "dest secure port". filters add static-entry name eng-server dest-mac 080060:abcdef vlan 1 in-port-list et.1.
Chapter 10: Security Configuration Guide • Type of Service (TOS) For IPX ACLs, the following fields can be specified: • Source network address • Destination network address • Source IPX socket • Destination IPX socket When defining an ACL rule, each field in the rule is position sensitive. For example, for TCP, the source address must be followed by the destination address, followed by the source socket and the destination socket and so on.
Chapter 10: Security Configuration Guide ahead of rules that are less specific. For example, the following ACL permits all TCP traffic except those from subnet 10.2.0.0/16: acl 101 deny tcp 10.2.0.0/16 any any any acl 101 permit tcp any any any any When a TCP packet comes from subnet 10.2.0.0/16, it finds a match with the first rule. This causes the packet to be dropped. A TCP packet coming from other subnets will not match the first rule.
Chapter 10: Security Configuration Guide If a packet comes in and doesn't match the first two rules, the packet will be dropped. This is because the third rule (implicit deny) will match all packets. Although the implicit deny rule seems obvious in the above example, this is not always the case. For example, consider the following ACL rule: acl 102 deny ip 10.1.20.0/24 any any any If a packet comes in from a network other than 10.1.20.
Chapter 10: Security Configuration Guide When a packet comes into a router at an interface where an inbound ACL is applied, the router compares the packet with the rules specified by that ACL. If it is permitted, the packet is allowed into the router. If not, the packet is dropped. If that packet is to be forwarded to go out of another interface (that is, the packet is to be routed) then a second ACL check is possible.
Chapter 10: Security Configuration Guide creating additional delay. Therefore, one should consider the potential performance impact before turning on ACL Logging. Maintaining ACLs Offline Using TFTP or RCP The SSR provides two mechanisms to maintain and manipulate ACLs. The traditional method used by some of the other popular routers require the use of TFTP or RCP. With this mechanism, the administrator is encouraged to create and modify ACLs on a remote host.
Chapter 10: Security Configuration Guide Maintaining ACLs Using the ACL Editor In addition to the traditional method of maintaining ACLs using TFTP or RCP, the SSR provides a simpler and more user-friendly mechanism to maintain ACL: the ACL Editor. The ACL Editor can only be accessed within Configure mode using the acl-edit command. You can specify the ACL you want to edit by specifying its name together with the acl-edit command. For example, to edit ACL “101”, you issue the command acl-edit 101.
Chapter 10: Security Configuration Guide Defining an IPX ACL To define an IPX ACL, perform the following in the Configure mode: Define an IPX ACL. acl permit|deny ipx|ipxrip|ipxsap Note: Additional fields depend on the protocol type you select. Applying an ACL to an Interface To apply an ACL to an interface, perform the following in the Configure mode: Apply ACL to an interface.
Chapter 10: Security Configuration Guide 178 Show ACLs on all IPX interfaces. acl show interface all-ipx Show static entry filters.
Chapter 11 QoS Configuration Guide QoS & Layer-2/Layer-3/Layer-4 Flow Overview The SSR allows network managers to identify traffic and set Quality of Service (QoS) policies without compromising wire speed performance. The SSR can guarantee bandwidth on an application by application basis, thus accommodating high-priority traffic even during peak periods of usage.
Chapter 11: QoS Configuration Guide For Layer-3 (IP and IPX) traffic, you can define “flows”, blueprints or templates of IP and IPX packet headers.
Chapter 11: QoS Configuration Guide Configure Layer-2 QoS QoS policies applied to layer-2 flows allow you to assign priorities based on source and destination MAC addresses.
Chapter 11: QoS Configuration Guide • Layer-3 source-destination flows • Layer-4 source-destination flows • Layer-4 application flows Configuring IP QoS Policies To configure an IP QoS policy, perform the following tasks: 1. Identify the Layer-3 or 4 flow and set the IP QoS policy. 2. Specify the precedence for the fields within an IP flow.
Chapter 11: QoS Configuration Guide Setting an IPX QoS Policy To set a QoS policy on an IPX traffic flow, enter the following command in Configure mode: Set an IPX QoS policy. qos set ipx |any |any |any |any |any |any |any Specifying Precedence for an IPX QoS Policy To specify the precedence for an IPX QoS policy, enter the following command in Configure mode: Specify precedence for an IPX QoS policy.
Chapter 11: QoS Configuration Guide Monitoring QoS The SSR provides display of QoS statistics and configurations contained in the SSR. To display QoS information, enter the following command in Enable mode: 184 Show all IP QoS flows qos show ip Show all IPX QoS flows. qos show ipx Show all Layer-2 QoS flows.
Chapter 12 Performance Monitoring Guide Performance Monitoring Overview The SSR is a full wire-speed layer-2, 3 and 4 switching router. As packets enter the SSR, layer-2, 3, and 4 flow tables are populated on each line card. The flow tables contain information on performance statistics and traffic forwarding. Thus the SSR provides the capability to monitor performance at Layer 2, 3, and 4.
Chapter 12: Performance Monitoring Guide 186 Show all L2 flows (for ports in flowbridging mode. l2-tables show all-flows Show information about the master MAC table. l2-tables show mac-table-stats Show information about a particular MAC address. l2-tables show mac Show info about multicasts registered by IGMP. l2-tables show igmp-mcast-registrations Show whether IGMP is on or off on a VLAN. l2-tables show vlan-igmp-status Show info about MACs registered by the system.
Chapter 12: Performance Monitoring Guide Configuring the SSR for Port Mirroring The SSR allows you to monitor port activity with Port Mirroring. Port Mirroring allows you to monitor the performance and activities of one or more ports on the SSR through just a single, separate port.
Chapter 12: Performance Monitoring Guide 188 SmartSwitch Router User Reference Manual
Chapter 13 Hot Swapping Line Cards and Control Modules Hot Swapping Overview This chapter describes the hot swapping functionality of the SSR. Hot swapping is the ability to replace a line card or Control Module while the SSR is operating. Hot swapping allows you to remove or install line cards without switching off or rebooting the SSR. Swapped-in line cards are recognized by the SSR and begin functioning immediately after they are installed.
Chapter 13: Hot Swapping Line Cards and Control Modules Deactivating the Line Card To deactivate the line card, do one of the following: • Press the Hot Swap button on the line card. The Hot Swap button is recessed in the line card's front panel. Use a pen or similar object to reach it. When you press the Hot Swap button, the Offline LED lights. Figure 14 shows the location of the Offline LED and Hot Swap button on a 1000 Base-SX line card.
Chapter 13: Hot Swapping Line Cards and Control Modules Warning: Do not remove the line card unless the Offline LED is lit. Doing so can cause the SSR to crash. 2. Loosen the captive screws on each side of the line card. 3. Carefully remove the line card from its slot in the SSR chassis. Installing a New Line Card To install a new line card: 1.
Chapter 13: Hot Swapping Line Cards and Control Modules The procedure for hot swapping a control module is similar to the procedure for hot swapping a line card. You must deactivate the Control Module, remove it from the SSR, and insert another Control Module or line card in the slot. Deactivating the Control Module To deactivate the Control Module: 1. Determine which is the secondary Control Module. Control Modules can reside in slot CM or slot CM/1 on the SSR.
Chapter 13: Hot Swapping Line Cards and Control Modules Installing the Control Module To install a new Control Module or line card into the slot: Note: 1. You can install either a line card or a Control Module in slot CM/1, but you can install only a Control Module in slot CM. Slide the Control Module or line card all the way into the slot, firmly but gently pressing it fully in place to ensure that the pins on the back of the card are completely seated in the backplane. Note: 2.
Chapter 13: Hot Swapping Line Cards and Control Modules The Online LED goes out and the Offline LED lights. Figure 16 shows the location of the Offline LED and Hot Swap button on a Switching Fabric Module. Offline LED SSR-SF-16 Switching Fabric Offline Online Hot Active Swap Hot Swap Button Figure 16. Location of Offline LED and Hot Swap button on a Switching Fabric Module To remove the Switching Fabric Module: 1. Loosen the captive screws on each side of the Switching Fabric Module. 2.
Chapter 14 VRRP Configuration Guide VRRP Overview This chapter explains how to set up and monitor the Virtual Router Redundancy Protocol (VRRP) on the SSR. VRRP is defined in RFC 2338. End host systems on a LAN are often configured to send packets to a statically configured default router. If this default router becomes unavailable, all the hosts that use it as their first hop router become isolated on the network. VRRP provides a way to ensure the availabilty of an end host’s default router.
Chapter 14: VRRP Configuration Guide Basic VRRP Configuration Figure 17 shows a basic VRRP configuration with a single virtual router. Routers R1 and R2 are both configured with one virtual router (VRID=1). Router R1 serves as the Master and Router R2 serves as the Backup. The four end hosts are configured to use 10.0.0.1/16 as the default route. IP address 10.0.0.1/16 is associated with virtual router VRID=1. Master Backup R1 R2 VRID=1 Interface Addr. = 10.0.0.1/16 VRID=1; Addr. = 10.0.0.
Chapter 14: VRRP Configuration Guide In VRRP, the router that owns the IP address associated with the virtual router is the Master. Any other routers that participate in this virtual router are Backups. In this configuration, Router R1 is the Master for virtual router VRID=1 because it owns 10.0.0.1/16, the IP address associated with virtual router VRID=1. Configuration for Router R2 The following is the configuration file for Router R2 in Figure 17.
Chapter 14: VRRP Configuration Guide Master for VRID=1 Backup for VRID=2 Master for VRID=2 Backup for VRID=1 R1 R2 Interface Addr. = 10.0.0.1/16 VRID=1; Addr. = 10.0.0.1/16 VRID=2; Addr. = 10.0.0.2/16 H1 VRID=1 10.0.0.1/16 H2 Default Route = 10.0.0.1/16 VRID=2 10.0.0.2/16 Interface Addr. = 10.0.0.2/16 VRID=1; Addr. = 10.0.0.1/16 VRID=2; Addr. = 10.0.0.2/16 H3 H4 Default Route = 10.0.0.2/16 Figure 18. Symmetrical VRRP Configuration In this configuration, half the hosts use 10.0.0.
Chapter 14: VRRP Configuration Guide On line 5, Router R1 associates IP address 10.0.0.2/16 with virtual router VRID=2. However, since Router R1 does not own IP address 10.0.0.2/16, it is not the default Master for virtual router VRID=2. Configuration of Router R2 The following is the configuration file for Router R2 in Figure 18. 1: interface create ip test address-netmask 10.0.0.2/16 port et.1.
Chapter 14: VRRP Configuration Guide Master for VRID=1 1st Backup for VRID=2 1st Backup for VRID=3 Master for VRID=2 1st Backup for VRID=1 2nd Backup for VRID=3 Master for VRID=3 2nd Backup for VRID=1 2nd Backup for VRID=2 R1 R2 R3 VRID=1 10.0.0.1/16 H1 H2 Default Route = 10.0.0.1/16 VRID=3 VRID=2 10.0.0.3/16 10.0.0.2/16 H3 H4 Default Route = 10.0.0.2/16 H5 H6 Default Route = 10.0.0.3/16 Figure 19.
Chapter 14: VRRP Configuration Guide Configuration of Router R1 The following is the configuration file for Router R1 in Figure 19. 1: interface create ip test address-netmask 10.0.0.1/16 port et.1.1 ! 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy create vrrp 2 interface test 4: ip-redundancy create vrrp 3 interface test ! 5: ip-redundancy associate vrrp 1 interface test address 10.0.0.1/16 6: ip-redundancy associate vrrp 2 interface test address 10.0.0.
Chapter 14: VRRP Configuration Guide The following table shows the priorities for each virtual router configured on Router R1. Virtual Router Default Priority Configured Priority VRID=1 – IP address=10.0.0.1/16 255 (address owner) 255 (address owner) VRID=2 – IP address=10.0.0.2/16 100 200 (see line 8) VRID=3 – IP address=10.0.0.3/16 100 200 (see line 9) Configuration of Router R2 The following is the configuration file for Router R2 in Figure 19.
Chapter 14: VRRP Configuration Guide Note: Since 100 is the default priority, line 9, which sets the priority to 100, is actually unnecessary. It is included for illustration purposes only. Configuration of Router R3 The following is the configuration file for Router R3 in Figure 19. 1: interface create ip test address-netmask 10.0.0.3/16 port et.1.
Chapter 14: VRRP Configuration Guide Setting the Backup Priority As described in “Multi-Backup Configuration” on page 199, you can specify which Backup router takes over when the Master router goes down by setting the priority for the Backup routers. To set the priority for a Backup router, enter the following command in Configure mode: Set the Backup priority for a virtual router. ip-redundancy set vrrp interface priority The priority can be between 1 (lowest) and 254.
Chapter 14: VRRP Configuration Guide Setting an Authentication Key By default, no authentication of VRRP packets is performed on the SSR. You can specify a clear-text password to be used to authenticate VRRP exchanges. To enable authentication, enter the following command in Configure mode: Set an authentication key for a virtual router. ip-redundancy set vrrp interface auth-type text auth-key where is a clear-text password.
Chapter 14: VRRP Configuration Guide ip-redundancy show The ip-redundancy show command reports information about a VRRP configuration. To display VRRP information, enter the following commands in Enable mode. Display information about all virtual routers. ip-redundancy show vrrp Display information about all virtual routers on a specified interface.
Chapter 14: VRRP Configuration Guide • A virtual router will respond to ARP requests with a virtual MAC address. This virtual MAC depends on the virtual router ID: virtual MAC address = 00005E:0001XX where XX is the virtual router ID This virtual MAC address is also used as the source MAC address of the keep-alive Advertisements transmitted by the Master router. • If multiple virtual routers are created on a single interface, the virtual routers must have unique identifiers.
