user manual

ManualsBrandsEnterasys Networks ManualsrouterRouter XSR-Series

Enterasys Networks

XSR-XPEDITION Security Routers

XSR-Series

IP-Function and Advanced Services

May 2004

Confi

uration Guide

Summary of content (55 pages)

PAGE 1
Configuration Guide Enterasys Networks XSR-XPEDITION Security Routers XSR-Series IP-Function and Advanced Services May 2004
PAGE 2
Table of Contents page 1.0 IP-Address and Secondary Addresses configuration .............................................. 4 1.1 IP-Static-routing..................................................................................................... 4 1.2 IP-Loopback Interface............................................................................................ 4 1.3 IP-OSPF-routing .................................................................................................... 5 1.
PAGE 3
9.0r1 VPN IPSEC site-to-site tunnel via pre-shared key .............................................. 31 9.0r2 VPN IPSEC site-to-site tunnel via pre-shared key .............................................. 32 9.1 VPN IPSEC site-to-site tunnel certification PKI...................................................... 33 9.1.1 Certification control / certificates / CRLS / CA identity ....................................... 35 9.3 VPN PPTP User termination ........................................................
PAGE 4
1.0 IP-Address and Secondary Addresses configuration XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.0 ip address 40.40.40.1 255.255.255.0 secondary no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 20.20.20.1 255.255.255.0 ip address 50.50.50.1 255.255.255.0 secondary no shutdown ! end XSR-1805# 1.1 IP-Static-routing 1.
PAGE 5
1.3 IP-OSPF-routing XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.0 ip address 40.40.40.1 255.255.255.0 secondary no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 20.20.20.1 255.255.255.0 ip address 50.50.50.1 255.255.255.0 secondary no shutdown ! interface Loopback0 ip address 192.168.222.1 255.255.255.255 no shutdown ! ip route 0.0.0.
PAGE 6
1.4 IP-RIPv1,v2-routing XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.0 ip address 40.40.40.1 255.255.255.0 secondary no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 20.20.20.1 255.255.255.0 ip address 50.50.50.1 255.255.255.0 secondary no shutdown ! interface Loopback0 ip address 192.168.222.1 255.255.255.255 no shutdown ! ip route 0.0.
PAGE 7
1.5 DHCP server, static / dynamic-pool 1.6 DHCP/Bootp relay argent / ip-helper XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.0 ip address 40.40.40.1 255.255.255.0 secondary ip dhcp server no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 20.20.20.1 255.255.255.0 ip address 50.50.50.1 255.255.255.0 secondary ip helper-address 51.51.51.
PAGE 8
1.7 SNTP Simple Network Time Protocol XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! sntp-client server 51.51.51.88 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.0 ip address 40.40.40.1 255.255.255.0 secondary ip dhcp server no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 20.20.20.1 255.255.255.0 ip address 50.50.50.1 255.255.255.0 secondary ip helper-address 51.51.51.
PAGE 9
2.0 Interface description 2.1 Duplex configuration on Fast Ethernet full/half 2.2 Speed configuration on Fast Ethernet 10/100MBit/s XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" speed 100 duplex full ip address 10.10.10.1 255.255.255.0 ip address 40.40.40.1 255.255.255.0 secondary no shutdown ! interface FastEthernet2 description "LAN-Interface2" speed 10 duplex half ip address 20.20.20.1 255.255.255.
PAGE 10
3.0 Access control list incoming outgoing 3.1 Access control list 1-99 (standard) 3.2 Access control list 100-199 (extended) XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! access-list 2 permit 20.20.20.0 0.0.0.255 ! access-list 110 deny ip 10.10.10.100 0.0.0.0 any access-list 110 deny ip 10.10.10.111 0.0.0.0 any access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip access-group 110 in ip address 10.10.10.1 255.255.
PAGE 11
3.3 Access control list moving online editing XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! access-list 110 deny ip 10.10.10.100 0.0.0.0 any access-list 110 deny ip 10.10.10.111 0.0.0.0 any access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip access-group 110 in ip address 10.10.10.1 255.255.255.0 no shutdown ! end XSR-1805(config)#access-list 110 move 1 2 !! ! Version 4.0.0.
PAGE 12
4.0 Virtual Router Redundancy Protocol (RFC 2338) Router-1-Master XSR-1805_1#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805_1 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.0 ip address 40.40.40.1 255.255.255.0 Secondary vrrp 1 ip 10.10.10.254 vrrp 1 ip 40.40.40.254 vrrp 1 priority 250 vrrp 1 master-respond-ping no shutdown ! end XSR-1805_1# Router-2-Backup XSR-1805_2#show running-config !! ! Version 4.0.0.
PAGE 13
4.1 VRRP monitor interface function, interface tracking Router-1-Master XSR-1805_1#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805_1 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.0 ip address 40.40.40.1 255.255.255.0 Secondary vrrp 1 ip 10.10.10.254 vrrp 1 ip 40.40.40.
PAGE 14
4.2 NAT static bindings XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.0 no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 134.161.208.1 255.255.255.0 no shutdown ! ip nat source static 10.10.10.100 134.161.208.100 ip nat source static 10.10.10.101 134.161.208.101 ! end XSR-1805# 4.
PAGE 15
5.0 Dialer Interface XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface bri 1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.0 no shutdown ! interface Dialer0 dialer pool 1 dialer string 112233 encapsulation ppp dialer idle-timeout 30 dialer-group 1 dialer map ip 11.11.11.2 112233 ip address 11.11.
PAGE 16
5.1 Dialer Backup interface function XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! controller e1 0/2/0 clock source internal no shutdown ! interface bri 1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.
PAGE 17
5.2 PAP for authentication PPP XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 username remote privilege 0 "password is not displayed" ! interface bri 1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.
PAGE 18
5.3 CHAP for authentication PPP XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 username remote privilege 0 cleartext iamRemote ! interface bri 1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.
PAGE 19
5.4.1 VPN via Dialer Interface rtr1 XSR-1805-1#show running-config !! ! Version 6.0.0.9, Built Dec 12 2003, 14:56:30 ! hostname XSR-1805-1 ! interface bri 0/1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 101 permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255 access-list 101 permit ip any host 1.1.1.2 access-list 121 permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255 ! crypto isakmp proposal ISDN authentication pre-share ! crypto isakmp peer 1.1.1.2 255.255.255.
PAGE 20
5.4.2 VPN via Dialer Interface rtr2 XSR-1805-2#show running-config !! ! Version 6.0.0.9, Built Dec 12 2003, 14:56:30 ! hostname XSR-1805-2 ! interface bri 0/2/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 102 permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255 access-list 102 permit ip any host 1.1.1.1 access-list 130 permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255 ! crypto isakmp proposal ISDN authentication pre-share ! crypto isakmp peer 1.1.1.1 255.255.255.
PAGE 21
5.5.1 Dialer Int. PRI to BRI with D-channel-callback central-site XSR-central#show running-config !! ! Version 6.0.0.9, Built Dec 12 2003, 14:56:30 ! hostname XSR-central ! username remote1 privilege 0 password cleartext xsr1 username remote2 privilege 0 password cleartext xsr2 ! controller e1 0/1/0 pri-group isdn bchan-number-order ascending no shutdown dialer pool-member 1 priority 10 ! access-list 120 permit ip any any ! interface FastEthernet 1 ip address 10.20.30.1 255.255.255.
PAGE 22
5.5.2 Dialer Int. PRI to BRI with D-channel-callback remote1-site remote1#show running-config !! ! Version 6.0.0.9, Built Dec 12 2003, 14:56:30 ! hostname remote1 ! username central privilege 0 password cleartext xsr ! interface bri 0/2/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 102 permit ip any any ! interface FastEthernet 1 ip address 10.10.10.1 255.255.255.
PAGE 23
5.5.3 Dialer Int. PRI to BRI with D-channel-callback remote2-site remote1#show running-config !! ! Version 6.0.0.9, Built Dec 12 2003, 14:56:30 ! hostname remote2 ! username central privilege 0 password cleartext xsr ! interface bri 0/1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 10 ! access-list 130 permit ip any any ! interface FastEthernet 1 ip address 20.20.20.1 255.255.255.
PAGE 24
6.0 ISDN config for BRIx/x 6.1 ISDN switch type changing XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface bri 1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.0 no shutdown ! interface Dialer0 dialer pool 1 dialer string 112233 encapsulation ppp dialer idle-timeout 30 dialer-group 1 ip address 11.
PAGE 25
6.2 ISDN callback XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface bri 1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.
PAGE 26
6.3 ISDN multilink / ISND channel bundling XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface bri 1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! interface bri 1/1 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 10 ! access-list 110 permit ip any any ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.
PAGE 27
7.0 PPPoE on Fast Ethernet interfaces 7.1 IP-address negotiation for PPPoE XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 ip address 10.10.10.1 255.255.255.0 no shutdown ! interface FastEthernet2 description "LAN-Interface2-4-PPPoE" no shutdown ! interface FastEthernet2.1 encapsulate ppp ip address negotiated ip mtu 1492 ip nat source assigned overload ppp pap sent-username my_online-AOL@AOL.
PAGE 28
8.0 AAA Authentication Authorization Accounting Radius XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.0 no shutdown ! aaa method radius logon default enable group DEFAULT address ip-address 10.10.10.
PAGE 29
8.1 SSH / Telnet SSH and Telnet are enabled by default XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! ip ssh server disable ip telnet server disable ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.0 no shutdown ! end XSR-1805# 8.2 SYSLOG function, Server local-buffer XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 logging 10.10.10.
PAGE 30
8.3 SNMP configuration /contact/location/parameter XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 logging 10.10.10.100 logging Console low logging Monitor high logging Buffered debug logging SNMP medium ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.0 no shutdown ! snmp-server community private rw snmp-server community public ro snmp-server enable traps snmp-server host 10.10.10.
PAGE 31
9.0r1 VPN IPSEC site-to-site tunnel via pre-shared key Router-1 XSR-1805_1#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805_1 ! crypto isakmp proposal prop-map1 authentication pre-share group 5 lifetime 10800 ! access-list 101 permit ip 10.10.10.0 0.0.0.255 80.80.80.0 0.0.0.255 ! crypto isakmp peer 20.20.20.2 255.255.255.
PAGE 32
9.0r2 VPN IPSEC site-to-site tunnel via pre-shared key Router-2 XSR-1805_2#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805_2 ! crypto isakmp proposal prop-map1 authentication pre-share group 5 lifetime 10800 ! access-list 101 permit ip 80.80.80.0 0.0.0.255 10.10.10.0 0.0.0.255 ! crypto isakmp peer 20.20.20.1 255.255.255.
PAGE 33
9.1 VPN IPSEC site-to-site tunnel certification PKI XSR-1805_1#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805_1 ! crypto isakmp proposal prop-map1 authentication rsa-sig group 5 lifetime 10800 ! access-list 101 permit ip 10.10.10.0 0.0.0.255 any ! crypto isakmp peer 20.20.20.1 255.255.255.
PAGE 34
Issue Certificate via SCEP protocol to XSR from Win Windows 2000 CA: CA: 1. XSR-1805_1(config)#crypto ca identity Enterasys-Networks-CA XSR-1805_1(ca-identity)#enrollment url http://192.168.224.22/certsrv/mscep/mscep.dll XSR-1805_1(ca-identity)#exit 2. XSR-1805_1(config)#crypto ca authenticate Enterasys-Networks-CA Certificate has the following attributes: Fingerprint: 6AEBAF4C 51B85B4C 297F12F0 D3442FF6 Do you accept this certificate (y/n) ? y 3.
PAGE 35
9.1.1 Certification control / certificates / CRLS / CA identity XSR-1805_1#show crypto ca certificates Certificate - issued by Enterasys-Networks-CA State: ENTITY-ACTIVE Version: V3 Serial Number: 458876448087542442491910 Issuer: MAILTO=support@enterasys.com,. . .
PAGE 36
9.3 VPN PPTP User termination XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 ip address 134.141.130.12 255.255.255.0 no shutdown ! interface FastEthernet2 ip address 192.168.1.1 255.255.255.0 ip nat source assigned overload no shutdown ! interface Vpn1 multi-point ip address 192.168.2.1 255.255.255.0 ! ip local pool VPN 192.168.2.0 255.255.255.0 ! aaa group DEFAULT dns server primary 0.0.0.0 dns server secondary 0.0.0.
PAGE 37
9.4r1 GRE encapsulated in IPSEC site-to-site tunnel via pre-shared key Router-1 XSR-1805_1#show running-config !! ! Version 6.0.0.0, Built Sep 14 2003, 11:09:28 ! hostname XSR-1805_1 ! crypto isakmp proposal prop-map1 authentication pre-share group 5 lifetime 10800 ! access-list 101 permit gre any any ! crypto isakmp peer 20.20.20.2 255.255.255.
PAGE 38
9.4r2 GRE encapsulated in IPSEC site-to-site tunnel via pre-shared key Router-2 XSR-1805_2#show running-config !! ! Version 6.0.0.0, Built Sep 14 2003, 11:09:28 ! hostname XSR-1805_2 ! crypto isakmp proposal prop-map1 authentication pre-share group 5 lifetime 10800 ! access-list 101 permit gre any any ! crypto isakmp peer 20.20.20.1 255.255.255.
PAGE 39
9.5r1 GRE native site-to-site tunnel Router-1 XSR-1805_1#show running-config !! ! Version 6.0.0.0, Built Sep 14 2003, 11:09:28 ! hostname XSR-1805_1 ! access-list 101 permit gre any any access-list 101 deny ip any any ! interface FastEthernet 1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.0 no shutdown ! interface FastEthernet 2 description "LAN-Interface2" ip access-group 101 out ip address 20.20.20.1 255.255.255.0 no shutdown ! interface Vpn1 point-to-point ip multicast-redirect 192.168.
PAGE 40
9.5r2 GRE native site-to-site tunnel Router-2 XSR-1805_2#show running-config !! ! Version 6.0.0.0, Built Sep 14 2003, 11:09:28 ! hostname XSR-1805_2 ! access-list 101 permit gre any any access-list 101 deny ip any any ! interface FastEthernet 1 description "LAN-Interface1" ip address 80.80.80.1 255.255.255.0 no shutdown ! interface FastEthernet 2 description "LAN-Interface2" ip access-group 101 out ip address 20.20.20.2 255.255.255.0 no shutdown ! interface Vpn1 point-to-point ip multicast-redirect 192.168.
PAGE 41
10.1 DIFFSERV DSCP field addressing XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! class-map DSCP_EF match access-group 2 match ip dscp EF ! policy-map DSCP_EF class DSCP_EF priority high 12000 ! access-list 2 permit 10.10.10.0 0.0.0.255 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.0 no shutdown ! interface FastEthernet2 description "LAN-Interface2" ip address 20.20.20.1 255.255.255.
PAGE 42
11.1 Firewall configuration XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "Interal_network_Private" ip address 10.10.10.1 255.255.0.0 no shutdown ! interface FastEthernet2 description "External_network_Intranet" ip address 192.168.224.133 255.255.255.0 no shutdown ! interface Loopback0 description "internal_loopback_Private" ip address 13.13.13.1 255.255.255.0 no shutdown ! ip firewall network 192 192.168.224.1 192.
PAGE 43
12.1 Vlan configuration 802.1q tagged routing XSR-1805#show running-config !! ! Version 6.0.0.0, Built Sep 14 2003, 11:09:28 ! hostname XSR-1805 ! interface FastEthernet 1 description "UnTagged-Native-Interface" ip address 11.11.11.1 255.255.255.0 no ip proxy-arp no shutdown interface FastEthernet 1.10 description "vlan 10 tagged" vlan 10 ip address 10.10.10.1 255.255.255.0 no ip proxy-arp no shutdown ! interface FastEthernet 1.20 description "vlan 20 tagged" vlan 20 ip address 20.20.20.1 255.255.255.
PAGE 44
Appendix: Appendix: Important commands for using the XSR platform: A1.1 show version - Software, Bootrom, RAM, Flash, System Uptime XSR-1805#show version Enterasys Networks Operating Software Copyright 2002 by Enterasys Networks Inc. Hardware: Processor board ID: 9002854-02 REV0A Serial Number: 361903091537210L Processor: IBM PowerPC 405GP Rev.
PAGE 45
A1.3 show interface - IP address, speed, duplex, statistics, errors XSR-1805#show interface FastEthernet1 is Admin Up Description: LAN-Interface1 Internet address is 10.10.10.1, subnet mask is 255.255.255.0 The name of this device is Eth1. The physical link is currently up. The device is in polling mode, and is active. The last driver error is '(null)'. The duplex mode is set to auto-negotiated. The current operational duplex mode is negotiated to full. The speed is set to auto-negotiated.
PAGE 46
A1.5 flash:/ cflash:/ - dir, rename, copy commands XSR-1805#dir Listing Directory flash:/ size -------4000669 1777 308 21 date -----JUN-26-2003 OCT-01-2003 OCT-01-2003 OCT-01-2003 time -----11:00:12 12:46:40 12:46:40 12:46:40 name -------xsr1800.
PAGE 47
B1.0 show ip route XSR-1805#show ip route Codes: C-connected, S-static, R-RIP, O-OSPF, IA-OSPF interarea N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - 0SPF external type 1, E2 - 0SPF external type 2 * - candidate default, D - default route originated from default net C * S 192.168.224.0/24 0.0.0.0/0 [0001] directly connected, FastEthernet2 [0001] via 192.168.224.1, FastEthernet2 XSR-1805# B1.1 show ip arp XSR-1805#show ip arp Protocol Internet Internet Address Age(min) 192.168.
PAGE 48
C1.0 show tunnels XSR-1805_2#show tunnels Tunnel MIB: ID Creation Time Peer IP Proto Username Packets In/Out 40000001 12/02/03, 13:21 IPSEC (Unknown) 0.0.0.0 0000003976/0000003949 XSR-1805_2# C1.1 show crypto isakmp sa XSR-1805_2#show crypto isakmp sa Connection-ID State Source ------------------------------1 QM_IDLE 20.20.20.2 XSR-1805_2# Destination ----------20.20.20.1 Lifetime ------10268 C1.2 show crypto ipsec sa XSR-1805_2#show crypto ipsec sa 10.10.10.0/24, ANY, 0 ==> 80.80.80.
PAGE 49
C1.4 show tunnels / GRE via IPSEC XSR-1805_2#show tunnels Tunnel MIB: ID Creation Time Peer IP Proto Username Packets In/Out 40000001 12/02/2003, 16:14 GRE 20.20.20.1 0000003528/0000002552 XSR-1805_2# C1.5 show interface vpn / GRE via IPSEC XSR-1805_2#show interface vpn Vpn1 is Admin Up Internet address is 192.168.1.2, subnet mask is 255.255.255.0 Multicast redirect to 192.168.1.1 is enabled. This interface includes the VPN tunnel 'VPN+GRE'. The tunnel peer's Internet IP address is 20.20.20.1.
PAGE 50
D1.1 show ip interface atm 1/0.1 XSR1805-ADSL#show ip interface atm 1/0.1 ATM 1/0.1 is Admin Up Internet address is 212.184.161.76, subnet mask is 255.255.255.255 Rcvd: 766 octets, 6 unicast packets, 0 discards, 0 errors, 0 unknown protocol. Sent: 800 octets, 8 unicast packets, 0 discards, 0 errors. MTU is 1492 bytes. Proxy ARP is enabled. Helper address is not set. Directed broadcast is enabled. Outgoing access list is not set. Inbound access list is not set. IP Policy Based Routing is not enabled.
PAGE 51
D1.3 show controllers atm 1/0.1 XSR1805-ADSL#show controllers atm 1/0.1 ********** ATM Sub-Interface Stats ********** ATM 1/0.
PAGE 52
D1.4 show interface atm 1/0 XSR1805-ADSL #show interface atm 1/0 ********** ATM Interface Stats ********** ATM 1/0 is Admin Up / Oper Up Description: "ADSL-connection" The name of this device is adsl. Administrative State is ENABLED Operational State is UP. The upstream data rate is 192 kbit/sec. The downstream data rate is 928 kbit/sec.
PAGE 53
D1.5 show interface atm 1/0.1 XSR1805-ADSL #show interface atm 1/0.1 ********** ATM Sub-Interface Stats ********** ATM 1/0.1 is Admin Up / Oper Up Internet address is 212.184.161.76, subnet mask is 255.255.255.255 LCP State: OPENED IPCP State: OPENED PPPoE is Oper Up The logical link is currently Up The Name of the Access Concentrator is ERX1400 The Session Id is 0x0054 The MAC Address of the Access Concentrator is 0x00:90:1a:01:03:84 The MTU is 1492 The name of this device is adsl-0.
PAGE 54
D1.6 show ppp interface atm 1/0.1 XSR1805-ADSL#show ppp interface atm 1/0.1 ********** PPP Stats ********** ATM 1/0.
PAGE 55
Getting Help For additional support related to the XSR, contact Enterasys Networks using one of the following methods: World Wide Web http://www.enterasys.com Phone (978) 684-1000 1-800-872-8440 (toll-free in U.S. and Canada) For the Enterasys Networks Support toll-free number in your country: http://www.enterasys.com/support/gtachttp://www.enterasys.com/support/gtac-all.html mail mailto:support@enterasys.com To expedite your message, please type [xsr] in the subject line. FTP ftp://ftp.enterasys.