Users Manual Part 2

ManualsBrandsMotorola Solutions ManualsElectronicsNon Broadcast Transmitter

KA timer 300(peer 300000) timeout 900

ID 2(peer 9)

If there is a performance issue with the Ethernet Site link, the “dropped” or “up/down” numbers are

high, and there is a big difference between RX and TX values. See the following example of UP and

DOWN Ethernet Site link sessions:

> Session:1 (172.24.16.6->172.24.16.5) UP

------------- RX ---------- TX -------------

ctrl 6961306 6961326

reply 3469091 3492215

-----------------------------------------

dropped 0

up/down 2 1

----------- session details -------------

KA timer 300(peer 300000) timeout 3000

ID 1(peer 1)

> Session:2 (172.24.20.6->172.24.20.5) DOWN

------------- RX ---------- TX -------------

ctrl 0 3469110

reply 0 0

-----------------------------------------

dropped 0

up/down 0 0

----------- session details -------------

KA timer 300(peer 0) timeout 3000

ID 2(peer 0)

NOTICE: Bidirectional Forwarding Detection (BFD) is a network protocol implemented on Base

Stations and Core/Exit Routers used for Ethernet links to detect failure of any active

component. BFD uses "keep-alive" packets and runs inside the IP tunnel established between a

particular site and the pairs of Core Routers.

13.1.3.3.8.1

Encrypted Ethernet Site Links

NOTICE: This content is applicable to 8.1 System Release and onward.

Link encryption is an extension to the Ethernet Site Links (ESL) feature. When link encryption is

implemented, a router/firewall and an MTS authenticate each other through a PreShared Key (PSK)

that is loaded on both the router/firewall and the MTS.

The PSK consists of a key phrase (text characters) or a series of hexadecimal characters. The key

authenticates the routers/gateways/firewalls/MTSs to enable a secure Internet Key Exchange (IKE)

session. The devices communicate in encrypted state across the WAN link. Therefore, to establish a

secure session, each peer router/gateway/firewall/MTS requires the same key. Each link can have a

separate PSK or PSKs can be shared, depending on the security policies of your organization. PSKs

cannot be only shared on encrypted Base Station links. If PSKs are not shared, a PSK is loaded on to

the router/gateway/firewall/MTS for each link. The number of PSKs needed on an MTS depends on the

number of links connected to that MTS.

Internet Key Exchange (IKE) generates keys that are used to encrypt, decrypt, and authenticate

packets. The keys used by IPsec tunnel connection are regenerated by IKE every 1 hour by default.

The keys used by IKE session to negotiate IPsec protocol keys are regenerated by IKE every 6 hours

by default. The PreShared Key (PSK) is used to authenticate the MTSs during the IKE session

establishing phase and are not used to encrypt, decrypt, or authenticate packets.

The following configuration parameters are specific to the Base Station Encrypted Ethernet site links:

• Encryption Enabled

6802800U74-AP

Chapter 13: MTS Troubleshooting

397