Network Router User Manual

ManualsBrandsCabletron Systems ManualsNetwork RouterSMARTSWITCH ROUTER 9032578-05

311

312

313

314

315

316

317

318

319

320

Table Of Contents

Notices
Contents
About This Manual
- Related Documentation
- Document Conventions
Introduction
- Configuration Files
- Using the Command Line Interface
- Displaying and Changing Configuration Information
- Port Names
Hot Swapping Line Cards and Control Modules
- Hot Swapping Overview
- Hot Swapping Line Cards
- Hot Swapping a Secondary Control Module
- Hot Swapping a Switching Fabric Module (SSR 8600 only)
  - Removing the Switching Fabric Module
  - Installing a Switching Fabric Module
Bridging Configuration Guide
- Bridging Overview
  - Spanning Tree (IEEE 802.1d)
  - Bridging Modes (Flow-Based and Address-Based)
- VLAN Overview
- Configuring SSR Bridging Functions
- Monitoring Bridging
- Configuration Examples
  - Creating an IP or IPX VLAN
  - Creating a non-IP/non-IPX VLAN
SmartTRUNK Configuration Guide
- Overview
- Configuring SmartTRUNKs
- Monitoring SmartTRUNKs
- Example Configurations
ATM Configuration Guide
- ATM Overview
- Virtual Channels
  - Creating a Virtual Channel
- Service Class Definition
  - Creating a Service Class Definition
  - Applying a Service Class Definition
- Cell Scrambling
  - Enabling Cell Scrambling
- Cell Mapping
  - Selecting the Cell Mapping Format
- Creating a Non-Zero VPI
  - Setting the Bit Allocation for VPI
- Displaying ATM Port Information
- ATM Sample Configuration 1
Packet-over-SONET Configuration Guide
- Overview
  - Configuring IP Interfaces for PoS Links
- Configuring Packet-over-SONET Links
- Configuring Automatic Protection Switching
  - Configuring Working and Protecting Ports
- Specifying Bit Error Rate Thresholds
- Monitoring PoS Ports
- Example Configurations
DHCP Configuration Guide
- DHCP Overview
- Configuring DHCP
- Updating the Lease Database
- Monitoring the DHCP Server
- DHCP Configuration Examples
IP Routing Configuration Guide
- IP Routing Protocols
  - Unicast Routing Protocols
  - Multicast Routing Protocols
- Configuring IP Interfaces and Parameters
- Configuring Router Discovery
- Configuration Examples
  - Assigning IP/IPX Interfaces
VRRP Configuration Guide
- VRRP Overview
- Configuring VRRP
- Monitoring VRRP
  - ip-redundancy trace
  - ip-redundancy show
- VRRP Configuration Notes
RIP Configuration Guide
- RIP Overview
- Configuring RIP
- Monitoring RIP
- Configuration Example
OSPF Configuration Guide
- OSPF Overview
  - OSPF Multipath
- Configuring OSPF
- Monitoring OSPF
- OSPF Configuration Examples
BGP Configuration Guide
- BGP Overview
  - The SSR BGP Implementation
- Basic BGP Tasks
- BGP Configuration Examples
Routing Policy Configuration Guide
- Route Import and Export Policy Overview
- Configuring Simple Routing Policies
- Configuring Advanced Routing Policies
Multicast Routing Configuration Guide
- IP Multicast Overview
  - IGMP Overview
  - DVMRP Overview
- Configuring IGMP
- Configuring DVMRP
- Monitoring IGMP & DVMRP
- Configuration Examples
IP Policy-Based Forwarding Configuration Guide
- Overview
- Configuring IP Policies
- IP Policy Configuration Examples
- Monitoring IP Policies
Network Address Translation Configuration Guide
- Overview
- Configuring NAT
  - Setting Inside and Outside Interfaces
  - Setting NAT Rules
    - Static
    - Dynamic
- Forcing Flows through NAT
- Managing Dynamic Bindings
- NAT and DNS
- NAT and ICMP Packets
- NAT and FTP
- Monitoring NAT
- Configuration Examples
Web Hosting Configuration Guide
- Overview
- Load Balancing
- Web Caching
IPX Routing Configuration Guide
- IPX Routing Overview
  - RIP (Routing Information Protocol)
  - SAP (Service Advertising Protocol)
- Configuring IPX RIP & SAP
- Configuring IPX Interfaces and Parameters
- Configuring IPX Routing
- Monitoring an IPX Network
- Configuration Examples
Access Control List Configuration Guide
- ACL Basics
- Creating and Modifying ACLs
  - Editing ACLs Offline
  - Maintaining ACLs Using the ACL Editor
- Using ACLs
- Enabling ACL Logging
- Monitoring ACLs
Security Configuration Guide
- Security Overview
- Configuring SSR Access Security
- Layer-2 Security Filters
- Layer-3 Access Control Lists (ACLs)
- Layer-4 Bridging and Filtering
QoS Configuration Guide
- QoS & Layer-2/Layer-3/Layer-4 Flow Overview
- Traffic Prioritization for Layer-2 Flows
  - Configuring Layer-2 QoS
  - 802.1p Priority Mapping
- Traffic Prioritization for Layer-3 & Layer-4 Flows
  - Configuring IP QoS Policies
    - Setting an IP QoS Policy
    - Specifying Precedence for an IP QoS Policy
  - Configuring IPX QoS Policies
    - Setting an IPX QoS Policy
    - Specifying Precedence for an IPX QoS Policy
- Configuring SSR Queueing Policy
  - Allocating Bandwidth for a Weighted-Fair Queuing Policy
- Weighted Random Early Detection (WRED)
- ToS Rewrite
  - Configuring ToS Rewrite for IP Packets
- Monitoring QoS
- Limiting Traffic Rate
Performance Monitoring Guide
- Performance Monitoring Overview
- Configuring the SSR for Port Mirroring
- Monitoring Broadcast Traffic
RMON Configuration Guide
- RMON Overview
- Configuring and Enabling RMON
- Using RMON
- Configuring RMON Groups
  - Configuration Examples
- Displaying RMON Information
  - RMON CLI Filters
    - Creating RMON CLI Filters
    - Using RMON CLI Filters
- Troubleshooting RMON
- Allocating Memory to RMON
LFAP Configuration Guide
- Overview
- Cabletron’s Traffic Accounting Services
- Configuring the LFAP Agent on the SSR
- Monitoring the LFAP Agent on the SSR
WAN Configuration Guide
- WAN Overview
- Frame Relay Overview
  - Virtual Circuits
    - Permanent Virtual Circuits (PVCs)
- Configuring Frame Relay Interfaces for the SSR
- Monitoring Frame Relay WAN Ports
- Frame Relay Port Configuration
- Point-to-Point Protocol (PPP) Overview
  - Use of LCP Magic Numbers
- Configuring PPP Interfaces
- Monitoring PPP WAN Ports
- PPP Port Configuration
- WAN Configuration Examples
  - Simple Configuration File
  - Multi-Router WAN Configuration
New Features Supported on Line Cards
- Introduction
- SSR 8000/8600 Line Cards
- SSR 2000 Line Cards
- New Features that Require Specific Line Cards
- Summary
- Identifying a Line Card

Chapter 20: Security Configuration Guide

286 SmartSwitch Router User Reference Manual

Layer-4 Bridging and Filtering

Layer-4 bridging is the SSR’s ability to use layer-3/4 information to perform filtering or

QoS during bridging. As described in “Layer-2 Security Filters” above, you can configure

ports to filter traffic using MAC addresses. Layer-4 bridging adds the ability to use IP

addresses, layer-4 protocol type, and port number to filter traffic in a bridged network.

Layer-4 bridging allows you to apply security filters on a “flat” network, where the client

and server may reside on the same subnet.

Note:

Ports that are included in a layer-4 bridging VLAN must reside on updated SSR

hardware. Please refer to Appendix A for details.

To illustrate this, the following diagram shows an SSR serving as a bridge for a consultant

host, file server, and an engineering host, all of which reside on a single subnet.

Figure 25. Sample VLAN for Layer-4 bridging

You may want to allow the consultant access to the file server for e-mail (SMTP) traffic,

but not for Web (HTTP) traffic and allow e-mail, Web, and FTP traffic between the

engineer and the file server. You can use Layer-4 bridging to set this up.

Setting up Layer-4 bridging consists of the following steps:

• Creating a port-based VLAN

• Placing the ports on the same VLAN

• Enabling Layer-4 Bridging on the VLAN

• Creating an ACL that specifies the selection criteria

• Applying an ACL to a port

et.1.1 et.1.2

Consultant File Server

SSR

1.1.1.1/24

1.1.1.2/24

Engineer

et.1.3

1.1.1.3/24