nn46205-523 02.02 configuration ip routing

Nortel Ethernet Routing Switch 8600

Configuration — IP RoutingRelease: 5.1Document Revision: 02.02

www.nortel.com

NN46205-523.

Nortel Ethernet Routing Switch 8600Release: 5.1Publication: NN46205-523Document release date: 9 December 2009

Copyright © 2009 Nortel Networks. All Rights Reserved.

LEGAL NOTICE

While the information in this document is believed to be accurate and reliable, except as otherwise expresslyagreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OFANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document aresubject to change without notice.

THE SOFTWARE DESCRIBED IN THIS DOCUMENT IS FURNISHED UNDER A LICENSE AGREEMENT ANDMAY BE USED ONLY IN ACCORDANCE WITH THE TERMS OF THAT LICENSE.

Nortel, the Nortel logo, and the Globemark are trademarks of Nortel Networks.

All other trademarks are the property of their respective owners.

.

3.

ContentsSoftware license 13

New in this release 17Features 17

Bidirectional Forwarding Detection 17Other changes 17

Document restructure 17Command defaults 18Configuration examples 18Document updates 18

Introduction 19

IP routing operations fundamentals 21IP addressing 21

Subnet addressing 23Supernet addressing and CIDR 24

VLANs and routing 26Virtual routing between VLANs 26Brouter ports 27

Static routes 27Static Route Tables 28

Black hole static routes 28IP address for the management port 29IP enhancements and policies navigation 30

Equal Cost Multipath (ECMP) 30Alternate route 30Route filtering and IP policies 32Prefix list 36Route policy definition 36Individual port routing control 36Reverse path checking 37Multihoming 39

PPPoE VLANs 39IP connectivity protocols 40

Nortel Ethernet Routing Switch 8600Configuration — IP Routing

NN46205-523 02.02 9 December 2009


.

4

IP connectivity protocols navigation 40Address Resolution Protocol (ARP) 41UDP broadcast forwarding 43Reverse Address Resolution Protocol 44Virtual Router Redundancy Protocol 45

Circuitless IP 51HA-CPU for Layer 3 CPU redundancy 52

OSPF 54RIP 54Prefix lists and route policies 54VRRP 58Route Discovery 58DHCP relay 59UDP forwarding 59IP filters 59

RSMLT 59SMLT/RSMLT operation in Layer 3 environments 60Failure scenarios 61RSMLT network design and configuration 63RSMLT -edge 64

Border Gateway Protocol 64Bidirectional Forwarding Detection 65

Bidirectional Forwarding Detection navigation 65BFD overview 65BFD restrictions 66

VRF Lite fundamentals 69Overview 69VRF Lite capability and functionality 71VRF Lite and interVRF route redistribution 73

Route redistribution operation 74VRF Lite and IP VPN 75VRF Lite requirements 75Ethernet modules and VRF Lite management 75VRF Lite configuration rules 75Virtualized protocols 77

IP routing configuration using Device Manager 79Changing a VRF instance 79Basic IP routing configuration 80

Enabling routing for a router or a VRF instance 80Enabling or disabling routing on a port 81Deleting a dynamically-learned route 81Configuring IP route preferences 84Flushing routing tables by VLAN 85


NN46205-523 02.02 9 December 2009


.

5

Flushing routing tables by port 85IP address configuration 86

Assigning an IP address to the management port 86Assigning an IP address to a port 87Assigning an IP address to a VLAN 89Viewing IP addresses for all router interfaces 90

Routing feature configuration 91Configuring IP routing features globally 92Configuring ECMP globally 94Enabling alternative routes globally 95Static route configuration 95ICMP Router Discovery configuration 99Circuitless IP interface configuration 105

IP routing configuration using the CLI 111Job aid: Roadmap of IP CLI commands 111Job aid: Roadmap of VRF Lite IP CLI commands 115Basic IP routing configuration 116

Enabling routing for a router or a VRF instance 116Enabling routing on a port 118Deleting a dynamically learned route 118Configuring IP route preferences 119Flushing routing tables by VLAN or port 120

IP address configuration 121Configuring an IP address for the management port 121Configuring a virtual IP address for the management port 123Assigning an IP address to a port 124Assigning an IP address to a VLAN 126Viewing IP information for all router interfaces 127

Routing feature configuration 128Configuring IP routing for a router or a VRF 129Static route configuration 132ICMP Router Discovery configuration 138

Configuring a CLIP interface 143Example of configuring an OSPF CLIP interface 145Job aid: show ip circuitless-ip-int info command 145

IP routing configuration using the NNCLI 147Job aid: Roadmap of IP NNCLI commands 147Job aid: Roadmap of VRF Lite IP NNCLI commands 150Basic IP routing configuration 150

Enabling routing for a router or a VRF instance 151Enabling routing on a port 151Deleting a dynamically learned route 152Configuring IP route preferences 153


NN46205-523 02.02 9 December 2009


.

6

Flushing routing tables by VLAN or port 154IP address configuration 155

Configuring an IP address for the management port 155Configuring a virtual IP address for the management port 156Assigning an IP address to a port 157Assigning an IP address to a VLAN 159Viewing IP addresses for all router interfaces 159

Routing feature configuration 160Configuring IP routing for a router or a VRF 160Static route configuration 164ICMP Router Discovery configuration 169

Configuring a CLIP interface 172

DHCP and UDP configuration using Device Manager 175Prerequisites 175DHCP configuration 176

Configuring DHCP on a brouter port or a VRF instance 176Configuring BootP/DHCP on a VLAN or VRF instance 177Configuring forwarding policies 178

Configuring UDP broadcast forwarding 179Managing UDP forwarding protocols 180

Protocols tab and the UDP Forwarding, Insert Protocols fields 181Managing UDP forwarding 181Creating the forwarding profile 182Managing the broadcast interface 183Viewing UDP Endpoint information 185

Job aid 185

DHCP and UDP configuration using the CLI 187Job aid 187Job aid 190Configuring DHCP relay 192

Configuring DHCP parameters globally 192Showing DHCP relay information 194Job aid 195Configuring DHCP relay on a port 196Job aid 198Configuring DHCP relay on a VLAN 199Showing DHCP relay information for a VLAN 201Job aid 202

UDP broadcast forwarding 202Setting up UDP broadcast forwarding 203Configuring UDP protocols 203Configuring a UDP port forward entry 204Configuring the UDP port forwarding list 205


NN46205-523 02.02 9 December 2009


.

7

Configuring UDP forward interfaces 206Showing UDP forward information 207

DHCP and UDP configuration using the NNCLI 211Job aid 211Configuring DHCP relay 213

Configuring DHCP parameters globally 213Showing DHCP relay information 215Configuring DHCP relay on a port or VLAN 216

Configuring UDP broadcast forwarding 218Setting up UDP broadcast forwarding 219Configuring UDP protocols 219Configuring a UDP port forward entry 220Configuring the UDP port forwarding list 221Showing UDP forward information 223

ARP configuration using Device Manager 225Enabling or disabling ARP on the brouter port or a VRF instance 226

Port dialog box, ARP tab fields 226Enabling or disabling ARP on a VLAN or a VRF instance 226

VLAN dialog box, ARP tab fields 227Viewing and managing ARP 227Creating static ARP entries 228Configuring Proxy ARP 229

ARP configuration using the CLI 231Job aid 231Configuring ARP on a port 233

Enabling ARP on a port 233Configuring an Proxy ARP on a port 233Configuring ARP loop detection 234Showing ARP port information 235Job aid 235

Configuring ARP on a VLAN 235Enabling ARP on a VLAN 235Configuring an ARP proxy on a VLAN 236Showing ARP VLAN information 237Job aid 237

Configuring IP ARP 237Configuring ARP static entries 238Clearing ARP timers 239Showing ARP information 240Job aid 240

ARP configuration using the NNCLI 243ARP configuration procedures 243


NN46205-523 02.02 9 December 2009


.

8

Job aid 244Enabling ARP on a port or a VLAN 245Enabling ARP proxy 245Configuring ARP loop detection 246Showing ARP information 247

Job aid 247Configuring IP ARP static entries 248Clearing ARP timers 249Showing ARP table information 250

Job aid 251

VRRP configuration using Device Manager 253Enabling VRRP global variables 254Configuring VRRP for the interface 255Configuring VRRP secondary features 258Configuring VRRP on a port or a VRF instance 259Configuring VRRP on a VLAN (or brouter port) or a VRF instance 262Configuring Fast Advertisement Interval on a port or a VRF instance 264Configuring Fast Advertisement Interval on a VLAN or a VRF instance 265

VRRP configuration using the CLI 267Prerequisites to VRRP configuration 267Navigation 267Job aid 268Job aid 269Configuring VRRP on a port 270Showing VRRP port information 273

Job aid 273Configuring VRRP on a VLAN 275Showing VLAN information 277

Job aid 278Showing VRRP interface information 280

Job aid 280

VRRP configuration using the NNCLI 283VRRP configuration prerequisites 283Navigation 283Job aid 284Configuring VRRP on a port or a VLAN 284Showing VRRP port or VLAN information 288

Job aid 288Showing extended VLAN VRRP 290

Job aid 291Showing VRRP interface information 292


NN46205-523 02.02 9 December 2009


.

9

VRF Lite configuration using Device Manager 295VRF Lite configuration procedures 295Configuring a VRF instance 296Configuring interVRF route redistribution policies 297Viewing brouter port and VRF associations 299Viewing global VRF status information 299Viewing VRF instance statistics and status information 300Viewing VRF statistics for a VRF 301

VRF Lite configuration using the CLI 303VRF Lite configuration tasks 303Job aid: Roadmap of VRF Lite CLI commands 304Configuring a VRF instance 305Associating a VLAN with a VRF instance 309Associating a brouter port with a VRF instance 310

VRF Lite configuration using the NNCLI 311VRF Lite configuration tasks 311Navigation 312Job aid: Roadmap of VRF Lite NNCLI commands 312Creating a VRF instance 313Associating a VLAN or port with a VRF instance 314Example of a simple VRF configuration 315Configuring interVRF route redistribution 316

IP policy configuration using Device Manager 317Configuring a prefix list 319Route policy configuration 320

Route policy configuration navigation 320Applying a route policy 324

Filtering routes 325IP Routes fields 326

Configuring an OSPF accept policy 327Configuring inbound/outbound filtering policies on a RIP interface 328Deleting inbound/outbound filtering policies on a RIP interface 329Configuring inbound/outbound filtering policies on a DVMRP interface 330Configuring IP routing features globally 331

IP Globals 331Viewing IP addresses for all router interfaces 333

Addresses 333Configuring static routes 334

Static Routes 335Configuring IP route preferences 337

RoutePref tab 337


NN46205-523 02.02 9 December 2009


.

10

Configuring a CLIP interface 338Procedure steps 338

Assigning an IP address to a port 339Port - GlobalRouter (vrf x), IP Address 339

Configuring ICMP Router Discovery for a port 340Edit, Port, IP - GlobalRouter (vrf x), Router Discovery 341

Enabling IP VPN on a CLIP interface 342Enabling PIM on a CLIP interface 343

IP policy configuration using the CLI 345Job aid 346Job aid 348Configuring prefix lists 350

Job aid 351Configuring IP route policies 351

Job aid 357Configuring a policy to accept external routes from a router 358Applying OSPF accept policy changes 359

Job aid 360

IP policy configuration using the NNCLI 361Job aid 362Configuring prefix lists 363

Job aid 364Configuring IP route policies 364

Job aid 373Configuring a policy to accept external routes from a router 374Applying OSPF accept policy changes 375

Job aid 376Configuring inter-VRF redistribution policies 377

RSMLT configuration using Device Manager 379Configuring RSMLT on a VLAN 379

IP VLAN RSMLT fields 380Viewing and editing RSMLT local information 380Viewing and editing RSMLT peer information 381Enabling RSMLT-edge 383Viewing RSMLT-edge 383

Job aid 383

RSMLT configuration using the CLI 385RSMLT configuration procedures 385Job aid 385Job aid 386Configuring RSMLT on a VLAN 386Showing IP RSMLT information 387


NN46205-523 02.02 9 December 2009


.

11

Job aid 388Configuring RSMLT-edge 388

RSMLT configuration using the NNCLI 391RSMLT configuration procedures 391Job aid 391Configuring RSMLT on a VLAN 392Showing IP RSMLT information 393

Variable definitions 394Job aid 394

Configuring RSMLT-edge 394

Bidirectional Forwarding Detection configuration using DeviceManager 397Navigation 397Enabling BFD globally 397Viewing global BFD session parameters 398Configuring BFD on a brouter port 399Configuring BFD on a VLAN 400Enabling BFD on an OSPF interface 402

Procedure steps 402Enabling BFD on a static route 402Viewing BFD statistics 403

Bidirectional Forwarding Detection configuration using CLI 405Navigation 405Enabling BFD globally 405Configuring BFD on a VLAN interface 406Configuring BFD on a brouter port 407Enabling BFD on an interface 408Viewing BFD session and statistical information 409

Bidirectional Forwarding Detection configuration usingNNCLI 411Enabling BFD globally 411Configuring BFD on a VLAN interface 412Configuring BFD on a brouter port 413Enabling BFD on an interface 415Viewing BFD session and statistical information 415

Customer service 417Updated versions of documentation 417Getting help 417Express Routing Codes 417Additional information 418


NN46205-523 02.02 9 December 2009


.

12


NN46205-523 02.02 9 December 2009


.

13.

Software licenseThis section contains the Nortel Networks software license.

Nortel Networks Inc. software license agreementThis Software License Agreement ("License Agreement") is betweenyou, the end-user ("Customer") and Nortel Networks Corporation andits subsidiaries and affiliates ("Nortel Networks"). PLEASE READ THEFOLLOWING CAREFULLY. YOU MUST ACCEPT THESE LICENSETERMS IN ORDER TO DOWNLOAD AND/OR USE THE SOFTWARE.USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OFTHIS LICENSE AGREEMENT. If you do not accept these terms andconditions, return the Software, unused and in the original shippingcontainer, within 30 days of purchase to obtain a credit for the fullpurchase price.

"Software" is owned or licensed by Nortel Networks, its parent or one ofits subsidiaries or affiliates, and is copyrighted and licensed, not sold.Software consists of machine-readable instructions, its components, data,audio-visual content (such as images, text, recordings or pictures) andrelated licensed materials including all whole or partial copies. NortelNetworks grants you a license to use the Software only in the countrywhere you acquired the Software. You obtain no rights other than thosegranted to you under this License Agreement. You are responsible for theselection of the Software and for the installation of, use of, and resultsobtained from the Software.

1. Licensed Use of Software. Nortel Networks grants Customer anonexclusive license to use a copy of the Software on only one machineat any one time or to the extent of the activation or authorized usage level,whichever is applicable. To the extent Software is furnished for use withdesignated hardware or Customer furnished equipment ("CFE"), Customeris granted a nonexclusive license to use Software only on such hardwareor CFE, as applicable. Software contains trade secrets and Customeragrees to treat Software as confidential information using the same careand discretion Customer uses with its own similar information that it doesnot wish to disclose, publish or disseminate. Customer will ensure thatanyone who uses the Software does so only in compliance with the terms


NN46205-523 02.02 9 December 2009


.

14 Software license

of this Agreement. Customer shall not a) use, copy, modify, transferor distribute the Software except as expressly authorized; b) reverseassemble, reverse compile, reverse engineer or otherwise translate theSoftware; c) create derivative works or modifications unless expresslyauthorized; or d) sublicense, rent or lease the Software. Licensors ofintellectual property to Nortel Networks are beneficiaries of this provision.Upon termination or breach of the license by Customer or in the eventdesignated hardware or CFE is no longer in use, Customer will promptlyreturn the Software to Nortel Networks or certify its destruction. NortelNetworks may audit by remote polling or other reasonable means todetermine Customer’s Software activation or usage levels. If suppliers ofthird party software included in Software require Nortel Networks to includeadditional or different terms, Customer agrees to abide by such termsprovided by Nortel Networks with respect to such third party software.

2. Warranty. Except as may be otherwise expressly agreed to inwriting between Nortel Networks and Customer, Software is provided"AS IS" without any warranties (conditions) of any kind. NORTELNETWORKS DISCLAIMS ALL WARRANTIES (CONDITIONS) FOR THESOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOTLIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY ANDFITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OFNON-INFRINGEMENT. Nortel Networks is not obligated to provide supportof any kind for the Software. Some jurisdictions do not allow exclusionof implied warranties, and, in such event, the above exclusions may notapply.

3. Limitation of Remedies. IN NO EVENT SHALL NORTELNETWORKS OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR ANYOF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTYCLAIM; b) LOSS OF, OR DAMAGE TO, CUSTOMER’S RECORDS,FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL, INCIDENTAL,PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOSTPROFITS OR SAVINGS), WHETHER IN CONTRACT, TORT OROTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OFYOUR USE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS,ITS AGENTS OR SUPPLIERS HAVE BEEN ADVISED OF THEIRPOSSIBILITY. The forgoing limitations of remedies also apply to anydeveloper and/or supplier of the Software. Such developer and/or supplieris an intended beneficiary of this Section. Some jurisdictions do not allowthese limitations or exclusions and, in such event, they may not apply.

4. General

1. If Customer is the United States Government, the following paragraphshall apply: All Nortel Networks Software available under this LicenseAgreement is commercial computer software and commercial computer


NN46205-523 02.02 9 December 2009


.

Nortel Networks Inc. software license agreement 15

software documentation and, in the event Software is licensed foror on behalf of the United States Government, the respective rightsto the software and software documentation are governed by NortelNetworks standard commercial license in accordance with U.S. FederalRegulations at 48 C.F.R. Sections 12.212 (for non-DoD entities) and48 C.F.R. 227.7202 (for DoD entities).

2. Customer may terminate the license at any time. Nortel Networksmay terminate the license if Customer fails to comply with the termsand conditions of this license. In either event, upon termination,Customer must either return the Software to Nortel Networks or certifyits destruction.

3. Customer is responsible for payment of any taxes, including personalproperty taxes, resulting from Customer’s use of the Software.Customer agrees to comply with all applicable laws including allapplicable export and import laws and regulations.

4. Neither party may bring an action, regardless of form, more than twoyears after the cause of the action arose.

5. The terms and conditions of this License Agreement form the completeand exclusive agreement between Customer and Nortel Networks.

6. This License Agreement is governed by the laws of the country inwhich Customer acquires the Software. If the Software is acquired inthe United States, then this License Agreement is governed by thelaws of the state of New York.


NN46205-523 02.02 9 December 2009


.

16 Software license


NN46205-523 02.02 9 December 2009


.

17.

New in this releaseThe following sections detail what’s new in Nortel Ethernet Routing Switch8600 Configuration — IP Routing (NN46205-523) for Release 5.1.

• “Features” (page 17)

• “Other changes” (page 17)

FeaturesSee the following section for information about feature changes:

Bidirectional Forwarding DetectionThe Ethernet Routing Switch 8600 supports Bidirectional ForwardingDetection (BFD).

BFD is a simple Hello protocol used between two peers. In BFD, eachpeer system periodically transmits BFD packets to each other. If one of thesystems does not receive a BFD packet after a certain period of time, thesystem assumes that the link or other system is down.

For more information about BFD, see “Bidirectional Forwarding Detection”(page 65). To configure BFD using the Device Manager, see “ConfiguringBFD on a brouter port” (page 399) and “Configuring BFD on a VLAN”(page 400). To configure BFD using CLI see, “Configuring BFD on aVLAN interface” (page 406) and “Configuring BFD on a brouter port” (page407). To configure BFD using NNCLI see, “Configuring BFD on a VLANinterface” (page 412) and “Configuring BFD on a brouter port” (page 413).

Other changesSee the following sections for information about changes that are notfeature-related:

Document restructureThis document includes parts of the obsolete document Configuring IPRouting Operations.


NN46205-523 02.02 9 December 2009


.

18 New in this release

The following configuration procedures are moved to Nortel EthernetRouting Switch 8600 Configuration — BGP Services (NN46205-510):

• Configuring an AS path list

• Configuring community lists

Command defaultsThe default values for command parameters have been added throughoutthe document.

Configuration examplesConfiguration examples from this document are moved to the ARPTechnical Configuration Guide and the VRRP Technical ConfigurationGuide.

Document updatesThis document is up-issued to 02.02 to clarify the VRF Lite support forBGP. VRF Lite supports BGP on any VRF. However, VRF Lite supportsInternal BGP (iBGP) on VRF 0 only. For more information, see “VRF Litecapability and functionality” (page 71).


NN46205-523 02.02 9 December 2009


.

19.

IntroductionThis guide provides instructions for using the Device Manager graphicaluser interface (GUI), the command line interface (CLI), and the NortelNetworks Command Line Interface (NNCLI) to perform general IP routingoperations on the Ethernet Routing Switch 8600.

For information about border gateway protocol (BGP), see Configuration– BGP Services (NN46205-510) .

Navigation• “IP routing operations fundamentals” (page 21)

• “VRF Lite fundamentals” (page 69)

• “IP routing configuration using Device Manager” (page 79)

• “IP routing configuration using the CLI” (page 111)

• “IP routing configuration using the NNCLI” (page 147)

• “DHCP and UDP configuration using Device Manager” (page 175)

• “DHCP and UDP configuration using the CLI” (page 187)

• “DHCP and UDP configuration using the NNCLI” (page 211)

• “ARP configuration using Device Manager” (page 225)

• “ARP configuration using the CLI” (page 231)

• “ARP configuration using the NNCLI” (page 243)

• “VRRP configuration using Device Manager” (page 253)

• “VRRP configuration using the CLI” (page 267)

• “VRRP configuration using the NNCLI” (page 283)

• “VRF Lite configuration using Device Manager” (page 295)

• “VRF Lite configuration using the CLI” (page 303)

• “VRF Lite configuration using the NNCLI” (page 311)

• “IP policy configuration using Device Manager” (page 317)


NN46205-523 02.02 9 December 2009


.

20 Introduction

• “IP policy configuration using the CLI” (page 345)

• “IP policy configuration using the NNCLI” (page 361)

• “RSMLT configuration using Device Manager” (page 379)

• “RSMLT configuration using the CLI” (page 385)

• “RSMLT configuration using the NNCLI” (page 391)

• “Bidirectional Forwarding Detection configuration using DeviceManager” (page 397)

• “Bidirectional Forwarding Detection configuration using CLI” (page 405)

• “Bidirectional Forwarding Detection configuration using NNCLI” (page411)

• “Customer service” (page 417)


NN46205-523 02.02 9 December 2009


.

21.

IP routing operations fundamentalsUse the information in these sections to help you understand IP routing.

For configuration examples, including commands, for most of the conceptsdescribed in this section.

For more information about RIP and OSPF, see Ethernet Routing Switch8600 Configuration — OSPF and RIP (NN46205-522).

Navigation• “IP addressing” (page 21)

• “VLANs and routing” (page 26)

• “Static routes” (page 27)

• “Black hole static routes” (page 28)

• “IP address for the management port” (page 29)

• “IP enhancements and policies navigation” (page 30)

• “PPPoE VLANs” (page 39)

• “IP connectivity protocols” (page 40)

• “Circuitless IP” (page 51)

• “HA-CPU for Layer 3 CPU redundancy” (page 52)

• “RSMLT” (page 59)

• “Border Gateway Protocol” (page 64)

IP addressingAn IP version 4 address consists of 32 bits expressed in dotted-decimalformat (x.x.x.x). The IP version 4 address space is divided into classes,with classes A, B, and C reserved for unicast addresses and accountingfor 87.5 percent of the 32-bit IP address space. Class D is reserved formulticast addressing. The following table lists the breakdown of IP addressspace by address range and mask.


NN46205-523 02.02 9 December 2009


.

22 IP routing operations fundamentals

Table 1IP addresses

Class Address range Mask Number of addresses

A 1.0.0.0—126.0.0.0 255.0.0.0 126

B 128.0.0.0—191.0.0.0 255.255.0.0 127 * 255

C 192.0.0.0—223.0.0.0 255.255.255.0 31 * 255 * 255

D 224.0.0.0—239.0.0.0

To express an IP address in dotted-decimal notation, you convert eachoctet of the IP address to a decimal number and separate the numbersby decimal points. For example, you specify the 32-bit IP address10000000 00100000 00001010 10100111 in dotted-decimal notation as128.32.10.167.

Each IP address class, when expressed in binary, has a different boundarypoint between the network and host portions of the address as illustratedin the following figure. The network portion is a network number field from8 through 24 bits. The remaining 8 through 24 bits identify a specific hoston the network.

Figure 1Network and host boundaries in IP address classes

IP addressing navigation

• “Subnet addressing” (page 23)

• “Supernet addressing and CIDR” (page 24)


NN46205-523 02.02 9 December 2009


.

IP addressing 23

Subnet addressingSubnetworks (or subnets) extend the IP addressing scheme used byan organization to one with an IP address range for multiple networks.Subnets are two or more physical networks that share a commonnetwork-identification field (the network portion of the 32-bit IP address).

You create a subnet address by increasing the network portion to includea subnet address, thus decreasing the host portion of the IP address. Forexample, in the address 128.32.10.0, the network portion is 128.32, whilethe subnet is found in the first octet of the host portion (10). A subnetmask is applied to the IP address and identifies the network and hostportions of the address.

The following table illustrates how subnet masks used with class B andclass C addresses can create differing numbers of subnets and hosts.This example includes the zero subnet, which is permitted on an EthernetRouting Switch 8600.

Table 2Subnet masks for class B and class C IP addresses

Numberof bits Subnet mask

Number of subnets(recommended)

Number of hosts foreach subnet

Class B

2 255.255.192.0 2 16 382

3 255.255.224.0 6 8 190

4 255.255.240.0 14 4 094

5 255.255.248.0 30 2 046

6 255.255.252.0 62 1 022

7 255.255.254.0 126 510

8 255.255.255.0 254 254

9 255.255.255.128 510 126

10 255.255.255.192 1 022 62

11 255.255.255.224 2 046 30

12 255.255.255.240 4 094 14

13 255.255.255.248 8 190 6

14 255.255.255.252 16 382 2

Class C

1 255.255.255.128 0 126

2 255.255.255.192 2 62

3 255.255.255.224 6 30


NN46205-523 02.02 9 December 2009


.


Table 2Subnet masks for class B and class C IP addresses (cont’d.)

Numberof bits Subnet mask

Number of subnets(recommended)

Number of hosts foreach subnet

4 255.255.255.240 14 14

5 255.255.255.248 30 6

6 255.255.255.252 62 2

You use variable-length subnet masking (VLSM) to divide your intranetinto pieces that match your requirements. Routing is based on the longestsubnet mask or network that matches. Routing Information Protocol (RIP)version 2 and Open Shortest Path First (OSPF) are routing protocols thatsupport VLSM.

Supernet addressing and CIDRA supernet, or classless interdomain routing (CIDR) address, is a group ofnetworks identified by contiguous network addresses. IP service providerscan assign customers blocks of contiguous addresses to define supernetsas needed. You can use supernetting to address an entire block of class Caddresses and avoid using large routing tables to track the addresses.

Each supernet has a unique supernet address that consists of the upperbits shared by all of the addresses in the contiguous block. For example,consider the class C addresses shown in the following figure. By addingthe mask 255.255.128.0 to IP address 192.32.128.0, you aggregatethe addresses 192.32.128.0 through 192.32.255.255 and 128 class Caddresses use a single routing advertisement. In the bottom half of thefollowing figure, you use 192.32.0.0/17 to aggregate the 128 addresses(192.32.0.0/24 to 192.32.127.0/24).


NN46205-523 02.02 9 December 2009


.

IP addressing 25

Figure 2Class C address supernet

Another example is the block of addresses 192.32.0.0 to 192.32.7.0. Thesupernet address for this block is 11000000 00100000 00000, with the 21upper bits shared by the 32-bit addresses.

A complete supernet address consists of an address/mask pair:

• The address is the first 32-bit IP address in the contiguous block. Inthis example, the address is 11000000 00100000 00000000 00000000(192.32.0.0 in dotted-decimal notation).

• The mask is a 32-bit string containing a set bit for each bit positionin the supernet part of the address. The mask for the supernetaddress in this example is 11111111 11111111 11111000 00000000(255.255.248.0 in dotted-decimal notation).

The complete supernet address in this example is 192.32.0.0/21.


NN46205-523 02.02 9 December 2009


.


Although classes prohibit using an address mask with the IP address, youcan use CIDR to create networks of various sizes using the address mask.You can also divide the address space using variable-length subnet mask(VLSM); the division is not visible outside your network. With CIDR, theaddresses are used by routers outside your network.

VLANs and routingWhen traffic is routed on a virtual local area network (VLAN), an IPaddress is assigned to the VLAN and is not associated with any particularphysical port. Brouter ports are VLANs that route IP packets and bridgenonroutable traffic in a single-port VLAN.

VLANs and routing navigation

• “Virtual routing between VLANs” (page 26)

• “Brouter ports” (page 27)

Virtual routing between VLANsThe Ethernet Routing Switch 8600 supports wire-speed IP routing betweenVLANs. As shown in the following figure, although VLAN 1 and VLAN 2are on the same switch, for traffic to flow from VLAN 1 to VLAN 2, thetraffic must be routed.

When you configure routing on a VLAN, you assign an IP address to theVLAN, which acts as a virtual router interface address for the VLAN (avirtual router interface is not associated with any particular port). You canreach the VLAN IP address through any of the VLAN ports, and framesare routed from the VLAN through the gateway IP address. Routed trafficis forwarded to another VLAN within the switch.

Figure 3IP routing between VLANs


NN46205-523 02.02 9 December 2009


.

Static routes 27

When Spanning Tree Protocol is enabled in a VLAN, the spanning treeconvergence must be stable before the routing protocol begins. Thisrequirement can lead to an additional delay in the IP traffic forwarding.

Because a port can belong to multiple VLANs (some of which areconfigured for routing on the switch and some of which are not), aone-to-one correspondence no longer exists between the physical port andthe router interface.

As with any IP address, virtual router interface addresses are also used fordevice management. For Simple Network Management Protocol (SNMP)or Telnet management, you can use any virtual router interface address toaccess the switch as long as routing is enabled on the VLAN.

Brouter portsThe Ethernet Routing Switch 8600 also supports brouter ports. Abrouter port is a single-port VLAN that routes IP packets and bridges allnonroutable traffic. The difference between a brouter port and a standardIP protocol-based VLAN configured to route traffic is that the routinginterface of the brouter port is not subject to the spanning tree state ofthe port. A brouter port can be in the blocking state for nonroutable trafficand still route IP traffic. This feature removes any interruptions caused bySpanning Tree Protocol recalculations in routed traffic.

Because a brouter port is a single-port VLAN, each brouter port decreasesthe number of available VLANs by one and uses one VLAN ID.

Static routesA static route is a route to a destination IP address that you manuallycreate.

Layer 3 redundancy supports the creation of static routes to enhancenetwork stability. When you configure a static route in primary siliconswitching fabric (SSF) cards, the secondary SSF cards have the samesetup through synchronization. You can use the local next hop option toconfigure a static route with or without local next hop.

You can configure static routes with a next hop that is not directlyconnected, but that hop must be reachable. Otherwise, the static route isnot enabled.

Layer 3 redundancy supports only address resolution protocol (ARP) andstatic route. Static ARP must configure non-local next-hop of static routes.No other dynamic routing protocols provide non-local next-hop.


NN46205-523 02.02 9 December 2009


.


You can use a default static route to specify a route to all networks forwhich no explicit routes exist in the Forwarding Information Base or therouting table. This route has the prefix length of zero (RFC 1812). You canconfigure the Ethernet Routing Switch 8600 with any route through theIP static routing table.

To create a default static route, you must set the destination address andsubnet mask to 0.0.0.0.

Static Route TablesA router uses the system routing table to make forwarding decisions. Inthe static route table, you can change static routes directly. Althoughthe two tables are separate, the static Route Table Manager entries areautomatically reflected in the system routing table if the next hop addressin the static route is reachable, and if the static route is enabled.

The system routing table displays only active static routes with a bestpreference. A static route is active only if the route is enabled and thenext-hop address is reachable (for example, if a valid ARP entry existsfor the next hop).

You can enter multiple routes (for example, multiple default routes) thathave different costs, and the routing table uses the lowest cost route thatis available. However, if you enter multiple next hops for the same routewith the same cost, the software does not replace the existing route. If youenter the same route with the same cost and a different next hop, the firstroute is used. If the first route becomes unreachable, the second route(with a different next hop) is activated with no connectivity loss.

Static routes that are configured for the management port are appliedwith the configured network mask. Switch management traffic areforwarded out of the port by using this route information and not throughswitch routing table from the Route Table Manager (RTM). Nortel alsorecommends that you connect the management port only to a trulyout-of-band (OOB) management network and not through a local cable toany in-band port of the same switch. There are many alternative methodsto obtain similar management functionality in-band. Such a configurationof the OOB can lead to potential file system corruption, which can only berecovered by a SF/CPU switchover or reboot.

Black hole static routesA black hole static route is a route with an invalid next hop, and the datapackets destined for this network are dropped by the switch.


NN46205-523 02.02 9 December 2009


.

IP address for the management port 29

While aggregating or injecting routes to other routers, the router does nothave a path to the aggregated destination. In such cases, the result is ablack hole and a routing loop. To avoid routing loops, configure a blackhole static route to the destination the router is advertising.

You can configure a preference value for a black hole route. However, youmust configure that preference value appropriately so that when you wantto use the black hole route, it is elected as the best route.

Before adding a black hole static route, perform a check to ensure thatno other static route to that identical destination is enabled. If such aroute exists, you cannot add the black hole route and an error messageis displayed.

If a black hole route is enabled, you cannot add another static route to thatdestination. You must first delete or disable the black hole route beforeadding a regular static route to that destination.

IP address for the management portAt startup, the system searches for the boot.cfg file and if the file ispresent, the system assigns the IP address for the management portfrom that file. If the boot.cfg file is not present at boot time, the networkmanagement port is assigned a default IP address.

If the boot.cfg file is not present in flash memory at startup, it sends a bootrequest for the management port to be assigned. If the management portis not assigned, the bootp server assigns the IP address or the MediaAccess Control (MAC) address.

The switch has the boot.cfg file in flash memory. This file contains all theconfiguration parameters, such as the IP address, gateway, and staticroutes assigned to the switch. If boot.cfg is not present, the switch getsthese parameters from the file pcmboot.cfg.

If neither of these two configuration files is loaded while booting, by defaultthe management port takes the static IP address of 192.168.168.168/24for the CPU card in slot 5 and 192.168.168.169/24 for the CPU card inslot 6.

Virtual Link Aggregation Control Protocol (VLACP) trap messages aresent to the management stations when the VLACP state changes fromup to down or the reverse for a failed link. Only port linkdown traps aregenerated. Linkup traps are generated if the failure is local.


NN46205-523 02.02 9 December 2009


.


IP enhancements and policies navigationIn the Ethernet Routing Switch 8600 software, the behavior of IP routepolicies is restructured to accommodate the following new scalabilityrequirements:

• “Equal Cost Multipath (ECMP)” (page 30)

• “ Alternate route” (page 30)

• “Route filtering and IP policies” (page 32)

• “Prefix list” (page 36)

• “Route policy definition” (page 36)

• “Individual port routing control” (page 36)

• “Reverse path checking” (page 37)

• “Multihoming” (page 39)

Equal Cost Multipath (ECMP)With Equal Cost Multipath (ECMP), the Ethernet Routing Switch 8600can determine up to eight equal-cost paths to the same destination prefixwhen the switch is in R mode. When the switch is not in R mode, it candetermine up to four equal-cost paths to the same destination prefix. Youcan use multiple paths for load sharing of traffic. These multiple pathsallow faster convergence to other active paths in case of network failure.By maximizing load sharing among equal-cost paths, you can use yourlinks between routers more efficiently when sending IP traffic. Equal CostMultipath is formed using routes from the same source or protocol.

The ECMP feature supports and complements the following protocols androute types:

• Open Shortest Path First (OSPF)

• Routing Information Protocol (RIP)

• Border Gateway Protocol (BGP)

• Static route

• Default route

Alternate routeRouters can learn several routes to a destination network through severalprotocols. If the alternate route feature is enabled, the Ethernet RoutingSwitch 8600 stores all of these alternate routes sorted in order by networkmask, cost, and route preference. The first route on this list is the bestroute. The hardware uses the first route. The rest of the routes arealternate routes.


NN46205-523 02.02 9 December 2009


.

IP enhancements and policies navigation 31

To avoid traffic interruption, you can enable alternate routes globally toreplace the best route with the next-best route if the best route becomesunavailable. The alternate route concept is applied between routingprotocols. For example, if an OSPF route becomes unavailable and analternate RIP route is available, the RIP route is immediately activatedwithout waiting for an update interval to expire.

The internal routing table manager records the route changes forprotocols. It maintains separate tables of static (user-configured) anddynamic (protocol-learned) routes and, in the Ethernet Routing Switch8600 software, you can configure preferences that determine theprecedence given to one type of route over another.

If a router learns a route with the same network mask and cost values frommultiple sources (protocols), the router uses preferences to select the bestroute to add to the forwarding database. Up to four other routes for eachdestination are held available as alternative routes.

When you configure a static route on the Ethernet Routing Switch 8600,you can specify a preference for the route. To modify the preference for astatic route, disable the route before you edit the configuration, and thenreenable the route.

ATTENTIONChanging route preferences is a process-oriented operation that can affectsystem performance and network reachability. Therefore, Nortel recommendsthat if you want to change preferences for static routes or routing protocols, youdo so when configuring routes or before enabling routing protocols.

On an Ethernet Routing Switch 8600, default preferences are assigned toall standard routing protocols. You can modify the default preference fora protocol to give it a higher or lower priority than other protocols. Whenyou change the preference for a route, if all best routes remain best routes,only the local route tables change. However, if changing the protocolpreference causes best routes to no longer be best routes, neighboringroute tables can be affected.

In addition, you can modify the preference value for dynamic routesthrough route filtering and IP policies, and this value overrides the globalpreference for the protocol. You can use alternative mechanisms tochange the behavior of specific routes to have a different preference ratherthan acquiring the global protocol preference. For a static route, you canspecify an individual route preference that overrides the global static routepreference. The preference value can be between 0 and 255, with 0reserved for local routes and 255 representing an unreachable route.


NN46205-523 02.02 9 December 2009


.


Route filtering and IP policiesWhen IP traffic is routed by the Ethernet Routing Switch 8600, you canapply a number of filters to manage, accept, redistribute, and announcepolicies for unicast routing table information. The filtering process relieson the IP prefix lists in the common routing table manager infrastructure.Filters apply differently to different unicast routing protocols.

The following figure shows how filters are applied to BGP, RIP, and OSPFprotocols.

Figure 4Route filtering for unicast routing protocols

Route filtering and IP policies navigation

• “Accept policies and in filters” (page 33)

• “Redistribution filters” (page 33)

• “Announce policies and out filters” (page 33)

• “Route filtering stages” (page 33)


NN46205-523 02.02 9 December 2009


.


Accept policies and in filtersAccept policies or in filters are applied to incoming traffic to determinewhether to add the route to the routing table. Accept policies and in filtersare applied in differently to different protocols, as follows:

• RIP and BGP—filters are applied to all incoming route information.

• OSPF—filters are applied only to external route information. Internalrouting information is not filtered because otherwise, other routers inthe OSPF domain can have inconsistent databases that can affect therouter view of the network topology.

In a network with multiple routing protocols, the network administrator canprefer specific routes from RIP instead of from OSPF. The network prefixis a commonly used match criterion for accept policies and in filters.

Redistribution filtersRedistribution filters notify changes in the route table to the routing protocol(within the device). In earlier releases of the Ethernet Routing Switch 8600software, redistribution was handled through announce policies. Announcepolicies must be strictly applied to link state advertisements (LSA), RIPupdates, or BGP network layer reachability information (NLRI) to theirrespective domains. With redistribution filters, providing you do not breachthe protocol rules, you can choose not to advertise everything that is in theprotocol database, or you can summarize or suppress route information.On the Ethernet Routing Switch 8600, by default, no external routes areleaked to protocols that are not configured.

Announce policies and out filtersAnnounce policies or out filters are applied to outgoing advertisementsto neighbors or peers in the protocol domain to determine whether toannounce specific route information. Out filtering applies to RIP updatesand BGP NLRI updates.

In contrast, out filtering is not applied to OSPF information becauseOSPF routing information must always be consistent across the domain.To restrict the flow of external route information in the OSPF protocoldatabase, apply redistribution filters instead of out filters.

Route filtering stagesThe following figure shows the three distinct filter stages that are appliedto IP traffic.


NN46205-523 02.02 9 December 2009


.


These stages are:

• Filter stage 1 is the accept policy/in filter that is applied to incomingtraffic to detect changes in the dynamic (protocol-learned) routinginformation, which are then submitted to the routing table.

• Filter stage 2 is the redistribution filter that is applied to the entries inthe routing table to the protocol during the leaking process.

• Filter stage 3 is the announce policy/out filter that is applied to outgoingtraffic within a protocol domain.

Figure 5Route filtering stages

The following figure shows the logical process for route filtering on theEthernet Routing Switch 8600.


NN46205-523 02.02 9 December 2009


.


Figure 6Route filtering logic


NN46205-523 02.02 9 December 2009


.


Prefix listIn previous releases of Ethernet Routing Switch 8600 software, youdefined lists for each routing protocol to which you wanted to apply a policyor policies. With the current release, you can create one or more IP prefixlists and apply these lists to any IP route policy.

ATTENTIONWhen you configure a prefix list for a route policy, be sure to add the prefix asa.b.c.d/32. You must enter the full 32-bit mask to exact a full match of a specificIP address.

Route policy definitionYou can define an IP route policy and its attributes globally and then applythem individually to interfaces and protocols. You can also form a unifieddatabase of route policies that Routing Independent Protocol (RIP) orOpen Shortest Path First (OSPF) protocol can use for any type of filteringpurpose. A name or ID identifies a policy.

Under a policy you can have several sequence numbers. If you do notconfigure a field in a policy, it appears as 0 or any when it is displayedusing the CLI info command. This value indicates that the switch ignoresthe field in the match criteria. Use the clear option to remove existingconfigurations for any field.

Each policy sequence number contains a set of fields. Only a subset ofthose fields is used when the policy is applied in a certain context. Forexample, if a policy has a set-preference field set, it is used only when thepolicy is applied for accept purposes. This field is ignored when the policyis applied for announce or redistribute purposes.

You can apply one policy for one purpose, for example, RIP Announce, ona given RIP interface. In this case, all sequence numbers under the policyapply to that filter. A sequence number also acts as an implicit preference;a lower sequence number is preferred.

Individual port routing controlYou can enable or disable routing capabilities on specified switch ports,even when the port is part of a routed VLAN. For example, when youdisable IP routing on a specific port, the IP traffic ingressing that port is notrouted to any other interface on the switch.

You can use this feature as a security measure to prevent untrusted VLANports from injecting IP traffic that is destined to be routed by the switch.


NN46205-523 02.02 9 December 2009


.


Reverse path checkingWhen enabled, reverse path checking (RPC) prevents packet forwardingfor incoming IP packets that have incorrect or forged (spoofed) IPaddresses. Reverse path checking guarantees that traffic received on oneinterface was sent by a station from the identified interface, which preventsaddress spoofing. The Ethernet Routing Switch 8600 performs a reversepath check to determine if the packet IP address is verifiable. If it is notverifiable, the packet is discarded.

Reverse path checking is supported only on R modules with R modeenabled.

You configure reverse path checking for each IP interface. When reversepath checking is enabled, the Ethernet Routing Switch 8600 checks allrouting packets that come through that interface. It ensures that the sourceaddress and source interface appear in the routing table, and that thevalue matches the interface on which the packet was received.

You can use one of two modes for reverse path checking (RPC):

• Exist-only mode: In this mode, RPC checks whether the source IPaddress for the incoming packet exists in the routing table. If thesource IP entry is found, the packet is forwarded as usual; otherwise,the packet is discarded.

• Strict mode: In this mode, RPC checks whether the source IP addressfor the incoming packet exists in the routing table. If the source IPentry is not found, RPC further checks if the source IP interfaceaddress matches the packet incoming interface address. If they match,the packet is forwarded as usual, otherwise, the packet is discarded.

Reverse path checking operational example

The following example illustrates how strict mode for reverse pathchecking works. The following figure shows the network configuration.


NN46205-523 02.02 9 December 2009


.


Figure 7Reverse path checking network configuration

Consider the following parameters:

• A router (Ethernet Routing Switch 8600) connects a server (32.57.5.10)to a client (192.32.45.10).

• The router has RPC enabled.

• The router has the following entries in its routing table.

Table 3Reverse path checking example routing table

Destination address Next-hop address Forward through port

32.57.5.10 173.56.42.2 3/7

192.32.45.10 145.34.87.2 7/2

192.32.46.10 145.34.88.2 7/1

Assuming a legitimate packet is sent, the following actions occur:

• A packet is sent from the client to the server. The packet has a sourceIP address of 192.32.45.10 and a destination IP address of 32.57.5.10.

• The packet arrives at router port 7/2 (brouter); the routing engineperforms a destination IP address lookup and finds the destinationport is 3/7.

• Reverse path checking operations begin. The routing engine performsa lookup for the source IP address of 192.32.45.10. It finds an entryin the routing table that specifies that the next-hop port is 7/2, which


NN46205-523 02.02 9 December 2009


.

PPPoE VLANs 39

matches the packet incoming port. Because the address and portinformation match, the packet is forwarded as usual.

Assuming a spoofed packet is sent, the following actions occur:

• The client sends a packet to the server with a forged IP address of192.32.46.10 through port 7/2.

• Reverse path checking finds that the source IP address next-hop portis 7/1, which does not match the packet incoming port of 7/2. In thiscase, the packet is discarded.

MultihomingThe Ethernet Routing Switch 8600 uses the multihoming feature to supportclients or servers that have multiple IP addresses associated with asingle MAC address. Multihomed hosts can be connected to port-based,policy-based, and IP subnet-based VLANs.

The IP addresses associated with a single MAC address on a host mustbe in the same IP subnet. The Ethernet Routing Switch 8600 supportsmultihomed hosts with up to 16 IP addresses for each MAC address.

PPPoE VLANsUse Point-to-Point Protocol over Ethernet (PPPoE) to connect multiplecomputers on an Ethernet to a remote site through a modem or similardevice. You can use PPPoE to allow multiple users (for example, anoffice environment, or a building with many users) to share a common lineconnection to the Internet.

PPPoE combines the Point-to-Point Protocol (PPP), commonly used indial-up connections, with the Ethernet protocol, which supports multipleusers in a local area network. The PPP information is encapsulated withinan Ethernet frame (see RFC 2516: Point-to-Point Protocol over Ethernet).

With the Ethernet Routing Switch 8600, you can configure PPPoE VLANsusing Protocol-based VLANs. The protocol types used by Ethernet RoutingSwitch 8600 to classify PPPoE packets within the VLANs are:

• 0x8863 (Discovery Stage)

• 0x8864 (PPP Session Stage)

In the following figure, VLAN 1 is a PPPoE VLAN that transports PPPoEtraffic to the Internet service provider (ISP) network. The traffic to theISP is bridged. IP traffic can also be routed to the local area network(LAN) using other types of VLANs (for example, port-based VLANs, IPprotocol-based VLANs, or IP subnet-based VLANs).


NN46205-523 02.02 9 December 2009


.


For more information about configuring PPPoE VLANs, see NortelEthernet Routing Switch 8600 Configuration - VLANs and Spanning Tree(NN46205-517).

Figure 8PPPoE and IP configuration

IP connectivity protocolsThis section describes the various protocols that are used for enhancedand resilient IP connectivity.

For information about using and configuring the Border Gateway Protocol(BGP), see Configuration — BGP Services (NN46205-510).

IP connectivity protocols navigation

• “Address Resolution Protocol (ARP)” (page 41)

• “UDP broadcast forwarding” (page 43)

• “Reverse Address Resolution Protocol ” (page 44)

• “Virtual Router Redundancy Protocol ” (page 45)


NN46205-523 02.02 9 December 2009


.

IP connectivity protocols 41

Address Resolution Protocol (ARP)Network stations using the IP protocol need both a physical addressand an IP address to transmit a packet. In situations where the stationknows only the network host IP address, the network station uses AddressResolution Protocol (ARP) to determine a network host physical addressby binding a 32-bit IP address to a 48-bit MAC address. A network stationcan use ARP across a single network only, and the network hardwaremust support physical broadcasts.

The network station uses ARP to determine the host physical address asfollows:

• The network station broadcasts a special packet, called an ARPrequest, that asks the host at the specified IP address to respond withits physical address.

• All network hosts receive the broadcast request.

• Only the specified host responds with its hardware address.

• The network station then maps the host’s IP address to its physicaladdress and saves the results in an address-resolution cache for futureuse.

• The network station ARP table displays the associations of the knownMAC address to IP address.

You can create ARP entries and you can delete individual ARP entries.

Enabling ARP trafficThe Ethernet Routing Switch 8600 accepts and processes ARP traffic,spanning tree bridge packet data units (BPDU), and Topology DiscoveryProtocol (TDP) packets on port-based VLANs with the default port actionset to drop. When a filter port action is set to drop for any type of packet,ARP packets are also dropped. As a result, ARP entries on that port arecleared and are not relearned when the ARP aging timer expires. Toprevent dropped ARP packets, configure the following:

• a user-defined protocol-based VLAN for ARP EtherType (byprotocolusrDefined 0x0806)

• ports as static members to this VLAN with the default port action setto drop

• the port default VLAN ID to the correct port-based VLAN where theARPs are processed.

It is not necessary to make configuration changes for the BPDU and TDPpackets.


NN46205-523 02.02 9 December 2009


.


The ARP configuration sequence is demonstrated in the example thatfollows.

Example of the ARP configuration sequence

Step Action

1 Create a user-defined protocol-based VLAN with EtherType0x0806 (specific to the ARP protocol), by using the followingcommand:config vlan 4000 create byprotocol 1 usrDefined2054 name ’ARP’

2054 is the ARP EtherType in decimal format.

2 Remove all ports from this user-defined protocol-based VLANwith the following command:config vlan 4000 ports remove 1/1-1/48,4/1-4/8member portmember

3 Add all of the ports with the default port action set to DROP forthis protocol-based VLAN with the following commands:config vlan 4000 ports add 1/26,1/32 memberportmemberconfig vlan 4000 ports add 1/26,1/32 member static

--End--

This configuration change is valid only with nontagged ports belonging toport-based VLANs.

Only one user-defined protocol-based VLAN for ARP is allowed for eachSpanning Tree Group (STG). If the ports with the default port action setto drop are in different STGs, you must create additional user-definedprotocol-based VLANs.

Proxy ARPA network station uses proxy ARP to respond to an ARP request from alocally attached host or end station for a remote destination. It does so bysending an ARP response back to the local host with its own MAC addressof the network station interface for the subnet on which the ARP requestwas received. The reply is generated only if the switch has an active routeto the destination network.

The following figure is an example of proxy ARP operation. In thisexample, host C with mask 24 appears to be locally attached to host Bwith mask 16, so host B sends an ARP request for host C. However,the Ethernet Routing Switch 8600 is between the two hosts. To enable


NN46205-523 02.02 9 December 2009


.


communication between the two hosts, the Ethernet Routing Switch 8600responds to the ARP request with host C’s IP address but with its ownMAC address.

Figure 9Proxy ARP operation

Loop detectionTo prevent cases of ARP looping, set the ARP loop detection flag todetect this situation. When a loop is detected, the port is shut down.ARP detection is also synchronized with the High Availability–CentralProcessing Unit (HA-CPU).

Flushing router tablesFor administrative or troubleshooting purposes, sometimes you must flushthe routing tables. Use the Device Manager to flush routing tables eitherby VLAN or by port. In a VLAN context, all entries associated with theVLAN are flushed. In a port context, all entries associated with the portare flushed.

UDP broadcast forwardingSome network applications, such as the NetBIOS name service, rely on aUser Datagram Protocol (UDP) broadcast to request a service or locatea server for an application. If a host is on a network, subnet segment,or VLAN that does not include a server for the service, UDP broadcastsare by default not forwarded to the server located on a different networksegment or VLAN. You can resolve this problem by forwarding thebroadcasts to the server through physical or virtual router interfaces.


NN46205-523 02.02 9 December 2009


.


UDP broadcast forwarding is a general mechanism for selectivelyforwarding limited UDP broadcasts received on an IP interface out to otherrouter IP interfaces as a rebroadcast or to a configured IP address.

• If the address is that of a server, the packet is sent as a unicast packetto this address.

• If the address is that of an interface on the router, the frame isrebroadcast.

When a UDP broadcast is received on a router interface, it must meet thefollowing criteria to be considered for forwarding:

• must be a MAC-level broadcast

• must be an IP limited broadcast

• must be for the specified UDP protocol

• must have a time-to-live (TTL) value of at least 2

For each ingress interface and protocol, the policy specifies how the UDPbroadcast is retransmitted: to a unicast host address or to a broadcastaddress.

Reverse Address Resolution ProtocolCertain devices use the Reverse Address Resolution Protocol (RARP) toobtain an IP address from a RARP server. MAC address information forthe port is broadcast on all ports associated with an IP protocol-based orport-based VLAN. To enable a device to request an IP address from aRARP server outside its IP VLAN, you must create a RARP protocol-basedVLAN.

RARP has the format of an Address Resolution Protocol (ARP) framebut its own Ethernet type (8035). So, RARP can be removed from the IPprotocol-based VLAN definition and treated as a separate protocol, thuscreating a RARP protocol-based VLAN.

A typical network topology provides desktop switches in wiring closets withone or more trunk ports extending to one or more data center switcheswhere attached servers provide file, print, and other services. Using RARPfunctionality, you can define all ports in a network requiring access to aRARP server as potential members of a RARP protocol-based VLAN.You must define all tagged ports and data center RARP servers as staticor permanent members of the RARP VLAN. Therefore, a desktop hostbroadcasts an RARP request to all other members of the RARP VLAN. Innormal operation, these members include only the requesting port, taggedports, and data center RARP server ports. Because all other ports arepotential members of this VLAN and RARP is only transmitted at bootup,


NN46205-523 02.02 9 December 2009


.


all other port VLAN memberships expire. With this feature, one or morecentrally located RARP servers extend RARP services across traditionalVLAN boundaries to reach desktops globally.

Virtual Router Redundancy ProtocolBecause end stations are often configured with a static default gateway IPaddress, a loss of the default gateway router causes a loss of connectivityto the remote networks.

The Virtual Router Redundancy Protocol (VRRP) (RFC 2338) is designedto eliminate the single point of failure that can occur when the single staticdefault gateway router for an end station is lost. VRRP introduces a virtualIP address (transparent to users) shared between two or more routersconnecting the common subnet to the enterprise network. With the virtualIP address as the default gateway on end hosts, VRRP provides dynamicdefault gateway redundancy in the event of failover.

The VRRP router controlling the IP addresses associated with a virtualrouter is called the primary router and forwards packets to these IPaddresses. The election process provides a dynamic transition offorwarding responsibility if the primary router becomes unavailable.

In the following figure, the first three hosts install a default route to the R1(virtual router 1) IP address and the other three hosts install a default routeto the R2 (virtual router 2) IP address.

This configuration not only shares the load of the outgoing traffic, butit also provides full redundancy. If either router fails, the other routerassumes responsibility for both addresses.


NN46205-523 02.02 9 December 2009


.


Figure 10Virtual Router Redundancy Protocol configuration

The Ethernet Routing Switch 8600 supports 255 VRRP interfaces for eachswitch. The following terms are specific to VRRP:

• VRRP router—a router running the VRRP protocol

• Virtual router—an abstract object acting as the default router for one ormore hosts, consisting of a virtual router ID and a set of addresses

• IP address owner—the VRRP router that has virtual router IPaddresses as real interface addresses (This router that responds topackets sent to this IP address.)

• Primary IP address—an IP address selected from the real addressesand used as the source address of packets sent from the routerinterface (The virtual primary router sends VRRP advertisements usingthis IP address as the source.)

• Virtual primary router—the router assuming responsibility for forwardingpackets sent to the IP address associated with the virtual router andanswering ARP requests for these IP addresses

• Virtual router backup—the virtual router that becomes the primaryrouter if the current primary router fails


NN46205-523 02.02 9 December 2009


.


When a VRRP router is initialized, if it is the IP address owner, its priorityis 255 and it sends a VRRP advertisement. The VRRP router alsobroadcasts a gratuitous ARP request containing the virtual router MACaddress for each IP address associated with the virtual router. The VRRProuter then transitions to the controlling state.

In the controlling state, the VRRP router functions as the forwarding routerfor the IP addresses associated with the virtual router. It responds to ARPrequests for these IP addresses, forwards packets with a destination MACaddress equal to the virtual router MAC address, and accepts only packetsaddressed to IP addresses associated with the virtual router if it is theIP address owner. If the priority is not 255, the router transitions to thebackup state to ensure that all Layer 2 switches in the down path relearnthe new origin of the VRRP MAC addresses.

In the backup state, a VRRP router monitors the availability and state ofthe primary router. It does not respond to ARP requests and must discardpackets with a MAC address equal to the virtual router MAC address.It does not accept packets addressed to IP addresses associated withthe virtual router. If a shutdown occurs, it transitions back to the initializestate. If the primary router goes down, the backup router sends the VRRPadvertisement and ARP request described in the preceding paragraph andtransitions to the controlling state.

Whenever a packet is redirected on the same IP subnet on which it isreceived, the Ethernet Routing Switch 8600 sends an Internet ControlMessages Protocol (ICMP) redirect packet data unit (PDU) to the IPaddress source of the packet. ICMP redirect uses the VRRP IP subnetas the source IP address for the end stations using the VRRP IP addressas the next hop.

If an advertisement timer activates, the router sends an advertisement.If an advertisement is received with a 0 priority, the router sends anadvertisement. The router transitions to the backup state in the followingsituations:

• if the priority is greater than the local priority

• if the priority is the same as the local priority and the primary IPaddress of the sender is greater than the local primary IP address

Otherwise, the router discards the advertisement. If a shutdown occurs,the primary router sends a VRRP advertisement with a priority of 0 andtransitions to the initialize state.


NN46205-523 02.02 9 December 2009


.


Virtual Router Redundancy Protocol navigation

• “Critical IP address” (page 48)

• “VRRP and SMLT” (page 48)

• “VRRP fast hello timers” (page 50)

Critical IP addressWithin a VRRP VLAN, one link can go down while the remaining links inthe VLAN remain operational. Because the VRRP VLAN continues tofunction, a virtual router associated with that VLAN does not register amaster router failure.

As a result, if the local router IP interface connecting the virtual router tothe external network fails, this does not automatically trigger a masterrouter failover.

The critical IP address resolves this issue. If the critical IP address fails, ittriggers a failover of the master router.

You can specify the local router IP interface uplink from the VRRP routerto the network as the critical IP address. This ensures that, if the localuplink interface fails, VRRP initiates a master router failover to one of thebackup routers.

In Figure 10 "Virtual Router Redundancy Protocol configuration" (page46), the local network uplink interface on router 1 is shown as the criticalIP address for router 1. As well, the same network uplink is shown as thecritical IP address for router 2. Router 2 also requires a critical IP addressfor cases in which it assumes the role of the master router.

With the support of VRRP and the critical IP interface linked to VRRP,the Ethernet Routing Switch 8600 lets customers build reliable small corenetworks, providing support for converged applications, such as voice andmultimedia.

VRRP and SMLTThe standard implementation of VRRP supports only one active masterswitch for each IP subnet. All other VRRP interfaces in a network are inbackup mode.

A deficiency occurs when VRRP-enabled switches use Split MultiLinkTrunking (SMLT). If VRRP switches are aggregated into two Split MultiLinkTrunk switches, the end host traffic is load-shared on all uplinks to theaggregation switches (based on the Multilink Trunk [MLT] traffic distributionalgorithm).


NN46205-523 02.02 9 December 2009


.


However, VRRP usually has only one active routing interface enabled. Allother VRRP routers are in backup mode. Therefore, all traffic that reachesthe backup VRRP router is forwarded over the interswitch trunk (IST) linktoward the master VRRP router. In this case, the IST link does not haveenough bandwidth to carry all the aggregated traffic.

To resolve this issue, assign the backup router as the master backuprouter. The master backup router can actively load-share the routing trafficwith a master router.

When the master backup router is enabled, the incoming host traffic isforwarded over the SMLT links as usual. When the master backup routeris configured along with the critical IP interface and the critical IP interfacegoes down, the VRRP router transitions to be the backup router withthe Backup Master state down. In this state, the VRRP router does notforward any traffic.

The following figure shows a sample VRRP configuration with SMLT.Because Router B is configured as the backup master, routing traffic isload-shared between the two devices.


NN46205-523 02.02 9 December 2009


.


Figure 11VRRP configuration with SMLT

VRRP fast hello timersWith the current implementation of VRRP, you can set the advertisementtime interval (in seconds) between sending advertisement messages. Thispermits faster network convergence with standardized VRRP failover.However, losing connections to servers for more than a second canresult in missing critical failures. Customer network uptime in many casesrequires faster network convergence, which means network problems mustbe detected within hundreds of milliseconds.

To meet these requirements, Nortel introduces two enhancements: FastAdvertisement Enable and Fast Advertisement Interval.


NN46205-523 02.02 9 December 2009


.

Circuitless IP 51

Fast Advertisement Enable acts like a toggle switch for the AdvertisementInterval and the Fast Advertisement Interval. When Fast AdvertisementEnable is enabled, the Fast Advertisement Interval is used instead of theAdvertisement Interval.

The Fast Advertisement Interval is similar to the current AdvertisementInterval parameter except for the unit of measure and the range. The FastAdvertisement Interval is expressed in milliseconds and the range is from200 to 1000 milliseconds. This unit of measure must be in multiples of 200milliseconds, otherwise an error is displayed.

When the Fast Advertisement Interval is enabled, VRRP can onlycommunicate with other Ethernet Routing Switch modules with the samesettings.

Circuitless IPCircuitless IP (CLIP) is a virtual (or loopback) interface that is notassociated with any physical port. You can use the CLIP interface toprovide uninterrupted connectivity to your switch as long as there is anactual path to reach the device.

For example, as shown in the following figure, a physical point-to-pointlink exists between R1 and R2 along with the associated addresses(195.39.1.1/30 and 195.39.1.2/30). Note also that an Interior BorderGateway Protocol (IBGP) session exists between two additionaladdresses, 195.39.128.1/30 (CLIP 1) and 195.39.281.2/30 (CLIP 2).

CLIP 1 and CLIP 2 represent the virtual CLIP addresses that areconfigured between R1 and R2. These virtual interfaces are notassociated with the physical link or hardware interface. This allows theBGP session to continue as long as there is a path between R1 and R2.An IGP (such as OSPF) is used to route addresses corresponding to theCLIP addresses. After all the CLIP addresses are learned by the routers inthe AS, the IBGP is established and routes can be exchanged.


NN46205-523 02.02 9 December 2009


.


Figure 12Routers with IBGP connections

The CLIP interface is treated as any other IP interface. The networkassociated with the CLIP is treated as a local network attached to thedevice. This route always exists and the circuit is always up because thereis no physical attachment.

Routes are advertised to other routers in the domain either as externalroutes using the route-redistribution process or after you enable OSPF inpassive mode to advertise an OSPF internal route. You can configure theOSPF protocol only on the circuitless IP interface.

After you create a CLIP interface, the system software programs a localroute with the CPU as the destination ID. The CPU processes all packetsthat are destined to the CLIP interface address. Any other packets withdestination addresses associated with this network (but not to the interfaceaddress) are treated as if they are from an unknown host.

You can use a CLIP address as source IP address in the IP header whilesending remote monitoring (RMON) traps.

HA-CPU for Layer 3 CPU redundancyHigh Availability-CPU (HA-CPU) for Layer 3 CPU redundancy providescontinuous operation of Ethernet Routing Switch 8600 features after aCPU failover occurs. The HA-CPU takes over in HA-CPU mode from themaster CPU that failed, so operations and processes are not interrupted.

To enable or disable HA-CPU mode, use the following commands:config bootconfig flags ha-cpu trueconfig bootconfig flags ha-cpu false

After you change the HA-CPU flag, reboot the router.


NN46205-523 02.02 9 December 2009


.

HA-CPU for Layer 3 CPU redundancy 53

The master CPU and the HA-CPU must run the same version of thesoftware because the hitless upgrade, or the automatic saving of theconfiguration, is not supported.

HA-CPU for Layer 3 CPU redundancy provides redundancy for thefollowing:

• OSPF version 2, including MD5

• RIP version 1 and RIP version 2

• Prefix lists and route policies

• ECMP/alternate routes

• VRRP

• RSMLT

• VRF Lite

• IRDP (ICMP Route Discovery Protocol)

• IEEE 802.3ad

• IEEE 802.1x

• DHCP relay agent

• UDP forwarding

• IP filters

The Packet Capture Tool (PCAP) is now supported in High Availabilitymode after you reboot the secondary CPU and enable PCAP.

HA-CPU for Layer 3 CPU redundancy navigation

• “OSPF” (page 54)

• “RIP” (page 54)

• “Prefix lists and route policies” (page 54)

• “VRRP” (page 58)

• “Route Discovery” (page 58)

• “DHCP relay” (page 59)

• “UDP forwarding” (page 59)

• “IP filters” (page 59)


NN46205-523 02.02 9 December 2009


.


OSPFHA-CPU for Layer 3 redundancy avoids disruption of network traffic aftera master CPU that is running OSPF fails over. It maintains an exactcopy of the OSPF instance of the master CPU on the HA-CPU. After theHA-CPU initializes, all OSPF information about the master CPU is tablesynchronized and all OSPF events are event synchronized to the HA-CPU.After a master CPU failover occurs, the OSPF instance on HA-CPUresumes without affecting router traffic and OSPF neighbors.

It can take up to 3 seconds for the new master CPU to transmit OSPFpackets during HA-CPU to master CPU transition. Therefore, Nortelrecommends that you use router dead intervals of 5 seconds or higher.

RIPHA-CPU for Layer 3 redundancy for RIP provides CPU failover withoutaltering any existing RIP routing information in the network and withoutdisrupting network traffic.

HA-CPU for Layer 3 redundancy for RIP synchronizes all RIP routing andinterface information from the master CPU to the HA-CPU so the RIPinstances on both CPUs are exactly the same. The RIP route time to live(TTL), however, can have different values between the master CPU andthe HA-CPU because of the nature of the synchronization process.

At failover transition, the new master CPU can miss some RIP Updatepackets if they were in the receiving queue of the old master CPU or if theEvent Synchronization message did not reach or finish processing in theprevious HA-CPU. RIP can recover this information.

Prefix lists and route policiesThe prefix list is a list of networks that route policies use to define anaction. You can create one or more IP prefix lists and apply that list to anyIP route policy.

A prefix list combines the address-list database and the net0lst database.

• A prefix list with a 32-bit mask is equivalent to an address.

• A prefix list with a mask less than 32 bits can be used as a network.

After you configure the masklengthFrom field to be less than the MaskLengthTo field, the masklengthFrom field value can also be used as arange.

Configurations related to the route policy and prefix list synchronize to theHA-CPU from the master CPU, so the routes announced or accepted fromone protocol domain to another are not affected after the master CPU fails


NN46205-523 02.02 9 December 2009


.


over. table synchronization synchronizes the configuration to the HA-CPUafter it initializes, and any events triggered in the master CPU are relayedto the HA-CPU by event synchronization.

After you create a route policy using Device Manager, you can select theID number. After you create a route policy using the CLI, the route-policyID is automatically generated.

Protocol Route Policy tablesThe following tables display the accept and announce policies for RIP,OSPF, and BGP. They also display which matching criteria are applicablefor a certain routing policy. In these tables, 1 denotes advertise router, 2denotes RIP gateway, and 3 denotes that externaltype1 and externaltype2are the only options.

Table 4Protocol Route Policy table for RIP

Announce Accept

OSPF Direct RIP BGP RIP

Match Protocol Yes Yes Yes Yes

Match Network Yes Yes Yes Yes Yes

Match IpRoute Source Yes1 Yes2

Match NextHop Yes Yes Yes Yes Yes

Match Interface Yes

Match Route Type Yes

Match Metric Yes Yes Yes Yes Yes

MatchAs Path

Match Community

Match Community Exact

MatchTag Yes

NssaPbit

SetRoute Preference Yes

SetMetric TypeInternal

SetMetric Yes Yes Yes Yes Yes

SetMetric Type

SetNextHop

SetInject NetList Yes Yes Yes Yes Yes

SetMask Yes

SetAsPath


NN46205-523 02.02 9 December 2009


.


Table 4Protocol Route Policy table for RIP (cont’d.)

Announce Accept

OSPF Direct RIP BGP RIP

SetAsPath Mode

Set Automatic Tag

Set CommunityNumber

Set CommunityMode

SetOrigin

SetLocal Pref

SetOrigin EgpAs

SetTag

SetWeight

Table 5Protocol Route Policy table for OSPF

Redistribute Accept

Direct Static RIP BGP OSPF

Match Protocol

Match Network Yes Yes Yes Yes Yes

Match IpRoute Source Yes2

Match NextHop Yes Yes Yes

Match Interface Yes

Match Route Type Yes3

Match Metric Yes Yes Yes Yes Yes

MatchAs Path

Match Community

Match Community Exact

MatchTag Yes

NssaPbit

SetRoute Preference Yes


SetMetric Yes Yes Yes Yes Yes

SetMetric Type Yes Yes Yes Yes

SetNextHop Yes

SetInject NetList Yes Yes Yes Yes Yes


NN46205-523 02.02 9 December 2009


.


Table 5Protocol Route Policy table for OSPF (cont’d.)

Redistribute Accept

Direct Static RIP BGP OSPF

SetMask

SetAsPath

SetAsPath Mode

Set Automatic Tag

Set CommunityNumber

Set CommunityMode

SetOrigin

SetLocal Pref

SetOrigin EgpAs

SetTag

SetWeight

Table 6Protocol Route Policy table for BGP

Redistribute AcceptAnnoun

ce

OSPF Static RIP Direct BGP BGP

Match Protocol

Match Network Yes Yes Yes Yes Yes Yes

Match IpRoute Source Yes2 Yes

Match NextHop Yes Yes Yes Yes Yes

Match Interface Yes

Match Route Type Yes Yes

Match Metric Yes Yes Yes Yes Yes Yes

MatchAs Path Yes Yes

Match Community Yes Yes

Match Community Exact Yes Yes

MatchTag

NssaPbit

SetRoute Preference


SetMetric Yes Yes Yes Yes Yes Yes


NN46205-523 02.02 9 December 2009


.


Table 6Protocol Route Policy table for BGP (cont’d.)

Redistribute AcceptAnnoun

ce

OSPF Static RIP Direct BGP BGP

SetMetric Type

SetNextHop Yes Yes

SetInject NetList

SetMask

SetAsPath Yes Yes

SetAsPath Mode Yes Yes

Set Automatic Tag

Set CommunityNumber Yes Yes

Set CommunityMode Yes Yes

SetOrigin Yes

SetLocal Pref Yes Yes

SetOrigin EgpAs

SetTag

SetWeight Yes

VRRPAfter the VRRP master router fails, the backup virtual router has a delaybefore functioning as the VRRP master. Layer 3 CPU redundancy ofVRRP prevents disruption of IP routing and forwarding operations, andprotects networks with virtual routers from interruption.

Layer 3 CPU redundancy of VRRP also provides protection and fasterfailover than protocol failover. VRRP statistics do not synchronize fromthe master CPU to the backup CPU. In HA-CPU mode, VRRP fastadvertisements are not supported.

Route DiscoveryLayer 3 redundancy for Route Discovery synchronizes the RouteDiscovery configuration from the master CPU to the HA-CPU so thatRouter Discovery advertisements are sent to the hosts without any delayafter the master CPU fails over. Layer 3 redundancy does this using TableSynchronization and Event Synchronization.


NN46205-523 02.02 9 December 2009


.

RSMLT 59

Router Solicitation messages do not synchronize from the master CPUto the HA-CPU. If the master CPU received a Solicitation message fromthe host and the master CPU fails over. The new master sends routeradvertisements only if the timer expires or it receives one more Solicitationmessage.

DHCP relayLayer 3 Redundancy for DHCP relay synchronizes the DHCP relayconfiguration of the master CPU to the relay configuration of the HA-CPUso that DHCP requests forward to the DHCP server without any delayafter the master CPU fails. Any event triggered in the master CPU thensynchronizes to the HA-CPU by Event Synchronization.

DHCP-related packets received in the master CPU do not synchronizeto the HA-CPU. If the master CPU receives a request, but it switchesover to the HA-CPU before forwarding the request, the information is lostafter the HA-CPU takes over. However, the client continues to send theDHCP Discover packet until it receives the DHCP Offer packet. The DHCPstatistics do not synchronize to the HA-CPU.

UDP forwardingTable synchronization and event synchronization permit the HA-CPU toreceive UDP forwarding configurations. The UDP broadcasts forward tothe required server without delay after the master CPU fails over.

UDP broadcast packets received in the master CPU do not synchronizeto the HA-CPU. If the master CPU receives a packet and failover occursbefore it forwards the packet, the forwarding does not occur until the clientsends one more broadcast.

IP filtersIP Traffic Filter Redundancy protects network filter activities after a masterCPU failover occurs. It uses existing HA-CPU table synchronization andevent synchronization (Event Sync) mechanisms to synchronize all IPtraffic filter information between the master CPU and the HA-CPU. Thisensures that the master CPU and HA-CPU have exactly the same IP filterinformation.

Because IP traffic Filter counter information is retrieved directly fromsystem hardware, only the master CPU can provide correct filter counterinformation, not the HA-CPU.

RSMLTIn many cases, core network convergence time depends on the length oftime a routing protocol requires to successfully converge. Depending onthe specific routing protocol, this convergence time can cause networkinterruptions ranging from seconds to minutes.


NN46205-523 02.02 9 December 2009


.


Nortel Routed Split MultiLink Trunking (RSMLT) permits rapid failover forcore topologies by providing an active-active router concept to core SplitMultiLink Trunking (SMLT) networks.

RSMLT scenarios include SMLT triangles, squares, and SMLT full-meshtopologies, with routing enabled on the core VLANs.

Routing protocols include the following protocol types:

• IP Unicast Static Routes

• RIP1

• RIP2

• OSPF

• BGP

• IPX RIP

In the event of core router failures, RSMLT manages packet forwarding,thus eliminating dropped packets during the routing protocol convergence.

RSMLT navigation

• “SMLT/RSMLT operation in Layer 3 environments” (page 60)

• “Failure scenarios” (page 61)

• “RSMLT network design and configuration” (page 63)

• “RSMLT -edge” (page 64)

SMLT/RSMLT operation in Layer 3 environmentsFigure 13 "SMLT and RSMLT in Layer 3 environments" (page 63) shows atypical redundant network example with user aggregation, core, and serveraccess layers. To minimize the creation of many IP subnets, one VLAN(VLAN 1, IP subnet A) spans all wiring closets.

SMLT provides the loop-free topology and forwards all links for VLAN 1,IP subnet A.

The aggregation layer switches are configured with routing enabled andprovide active-active default gateway functionality through RSMLT.


NN46205-523 02.02 9 December 2009


.

RSMLT 61

When you enable RSMLT on a vlan (on both aggregation devices) thecluster switches simply inform each other (over IST messaging) of theirphysical IP/MAC on that vlan; thereafter the 2 Cluster switches take mutualownership of each other’s IP address on that VLAN; which means eachcluster switch:

• will reply to ARP request for both it’s IP and it’s Peer’s IP on that vlan

• will reply to pings to it’s IP and it’s Peer’s IP on that vlan

• will IP route traffic which is being directed to the physical MAC of it’s IPor the physical MAC of it’s peer’s IP on that vlan

In this case, routers R1 and R2 forward traffic for IP subnet A. RSMLTprovides both router failover and link failover. For example, if the SplitMultiLink Trunk link between R2 and R4 is broken, the traffic fails over toR1 as well.

For IP subnet A, VRRP with a backup master can provide the samefunctionality as RSMLT, as long as no additional router is connected toIP subnet A.

RSMLT provides superior router redundancy in core networks (IP subnetB), where OSPF is used for the routing protocol. Routers R1 and R2provide router backup for each other, not only for the edge IP subnet A,but also for the core IP subnet B. Similarly routers R3 and R4 providerouter redundancy for IP subnet C and also for core IP subnet B.

Failure scenariosRefer to Figure 13 "SMLT and RSMLT in Layer 3 environments" (page63) for the following failure scenarios.

Router R1 failureR3 and R4 are both using R1 as their next hop to reach IP subnet A. Eventhough R4 sends the packets to R2, they are routed directly at R2 intosubnet A. R3 sends its packets to R1 and they are also sent directly intosubnet A. After R1 fails, all packets are directed to R2, with SMLT. R2 stillroutes for R2 and R1. After OSPF convergence, the routing tables in R3and R4 change their next hop to R2 to reach IP subnet A. The networkadministrator can set the hold-up timer (that is, for the amount of timeR2 routes for R1 in a failure) for a time period greater than the routingprotocol convergence, the administrator can set it as indefinite (that is, themembers of the pair always route for each other).

Nortel recommends that you use an indefinite hold-up timer value forapplications that use RSMLT at the edge instead of VRRP.


NN46205-523 02.02 9 December 2009


.


Router R1 recoveryAfter R1 reboots after a failure, it becomes active as a VLAN bridge first.Packets destined to R1 are switched, using the bridging forwarding table,to R2 for as long as the hold-down timer is configured. Those packets arerouted at R2 for R1. Similar to VRRP, the hold-down timer value must begreater than the time the routing protocol requires to converge its tables.

After the hold-down time expires and the routing tables converge, R1 startsrouting packets for itself and also for R2. Therefore, it does not matterwhich of the two routers is used as the next hop from R3 and R4 to reachIP subnet A.

If single-homed IP subnets are configured on R1 or R2, Nortelrecommends that you add another routed VLAN to the interswitch trunks(IST) with lower routing protocol metrics as a traversal VLAN/subnetto avoid unnecessary ICMP redirect generation messages. Thisrecommendation also applies to VRRP implementations.


NN46205-523 02.02 9 December 2009


.

RSMLT 63

Figure 13SMLT and RSMLT in Layer 3 environments

RSMLT network design and configurationBecause RSMLT is based on SMLT, all SMLT configuration rules apply. Inaddition, RSMLT is enabled on the SMLT aggregation switches for eachVLAN. The VLAN must be a member of SMLT links and the IST trunk. Formore information about configuring SMLT in a Layer 2 environment, seeNortel Ethernet Routing Switch 8600 Configuration – Link Aggregation,MLT and SMLT (NN46205-518).


NN46205-523 02.02 9 December 2009


.


The VLAN also must be routable (IP address configured) and an InteriorRouting Protocol (IGP) such as OSPF must be configured on all fourrouters, although it is independent of RSMLT. You can use any routingprotocol, even static routes, with RSMLT.

RSMLT pair switches provide backup for each other. As long as one of thetwo routers of an IST pair is active, traffic forwarding is available for bothnext hops R1/R2 and R3/R4.

RSMLT -edgeRSMLT-edge stores the RSMLT peer MAC/IP address pair in its localconfiguration file and restores the configuration if the peer does not restoreafter a simultaneous reboot of both RSMLT-peer switches.

RSMLT-Edge feature simply adds an enhancement whereby the peer’sMAC (for the IP on the vlan) gets committed to the config.cfg file after asave config; that way if you power off both switches, and then power uponly 1 of them, that single switch can still take ownership of its peer’s IP onthat VLAN even if it has not yet even seen that peer switch since it booted;this is necessary as you might have configured the peer (the switch whichis still down) IP as default gateway in end stations.

If you enable RSMLT-Edge, you must also ensure that the hold-up timerfor RSMLT on those edge vlans is set to infinity (9999). This is to ensurethat if one cluster switch fails, the remaining cluster switch will maintainownership of it’s failed peer IP indefinitely.

It does not matter if that edge vlan is tagged over SMLT links, singleattached links, or more SMLT links; what you could do with VRRP, youcan do with RSMLT Edge.

Border Gateway ProtocolBorder Gateway Protocol (BGP) is an interdomain routing protocol thatprovides loop-free interdomain routing between autonomous systems (AS)or within an AS. BGP systems can exchange network layer reachabilityinformation (NLRI) with other BGP systems to construct a graph of ASconnectivity. BGP uses this information to prune routing loops and enforceAS-level policy decisions. Border Gateway Protocol provides features withwhich you can consolidate routing information and control the flow of BGPupdates.

Nortel Ethernet Routing Switch 8600 Configuration — BGP Services(NN46205-510) explains BGP features.


NN46205-523 02.02 9 December 2009


.

Bidirectional Forwarding Detection 65

Bidirectional Forwarding DetectionUse Bidirectional Forwarding Detection (BFD) to provide a failure detectionmechanism between two systems.

ATTENTIONThe Ethernet Routing Switch 8600 supports BFD only in Ethernet RoutingSwitch 8600 Releases 4.1.5.9. Therefore, the material in this section onlyapplies to these releases. Release 4.1.5.9 is a special release for use only withCarrier VoIP solutions, including Succession Communication Server 2000.

Bidirectional Forwarding Detection navigation

• “BFD overview” (page 65)

• “BFD restrictions” (page 66)

BFD overviewBFD is a simple Hello protocol used between two peers. In BFD, eachpeer system periodically transmits BFD packets to each other. If one of thesystems does not receive a BFD packet after a certain period of time, thesystem assumes that the link or other system is down.

BFD provides low-overhead, short-duration failure detection between twosystems. BFD also provides a single mechanism for connectivity detectionover any media, at any protocol layer.

Because BFD sends rapid failure detection notifications to the routingprotocols that run on the local system, which initiates routing tablerecalculations, BFD helps reduce network convergence time.

BFD supports IPv4 single-hop detection for static routes, OSPF, and BGP.The Ethernet Routing Switch 8600 BFD implementation complies withIETF drafts draft-ietf-bfd-base-06 and draft-ietf-bfd-v4v6-1hop-06.

“Bidirectional Forwarding Detection configuration using Device Manager”(page 397) explains BGP configuration by using Device Manager.“Bidirectional Forwarding Detection configuration using CLI” (page405) explains BGP configuration by using CLI. “Bidirectional ForwardingDetection configuration using NNCLI” (page 411) explains BGPconfiguration by using NNCLI.

BFD operationThe Ethernet Routing Switch 8600 uses one BFD session for all protocolswith the same destination. For example, if a network runs OSPF andBGP across the same link with the same peer, only one BFD sessionis established, and BFD shares session information with both routingprotocols.


NN46205-523 02.02 9 December 2009


.


You can enable BFD over data paths with specified OSPF neighbors, BGPneighbors, and static routing next-hop addresses.

The Ethernet Routing Switch 8600 supports BFD asynchronous mode,which sends BFD control packets between two systems to activate andmaintain BFD neighbor sessions. To reach an agreement with its neighborabout how rapidly failure detection occurs, each system estimates howquickly it can send and receive BFD packets.

A session begins with the periodic, slow transmission of BFD Controlpackets. When bidirectional communication is achieved, the BFD sessioncomes up.

After the session is up, the transmission rate of Control packets canincrease to achieve detection time requirements. If Control packets arenot received within the calculated detection time, the session is declareddown. After a session is down, Control packet transmission returns to theslow rate.

If a session is declared down, it cannot come back up until the remoteend signals that it is down (three-way handshake). A session can be keptadministratively down by configuring the state of AdminDown.

In asynchronous mode, detection time is equal to the value of DetectMultreceived from the remote system multiplied by the agreed transmitinterval of the remote system (the greater of RequiredMinRxInterval andDesiredMinTxInterval.) DetectMult is approximately equal to the number ofsequential packets that must be missed to declare a session down.

To enable BFD between two peers:

• Configure BFD on required interfaces of both peer systems.

• To start a BFD session with a next-hop device, enable BFD on therequired routing protocols.

• Specify the next-hop device with which the switch initiates the BFDsession.

BFD requirementsBFD requires the 8692 SF/CPU. Although SuperMezz is not mandatory,Nortel recommends that you use it if you use BFD.

BFD restrictionsThe Ethernet Routing Switch 8600 supports either 256 Static BFD, 100OSPF BFD, or 150 BGP BFD. However, the number of BFD sessions plusthe number of VLACP sessions cannot exceed 256.


NN46205-523 02.02 9 December 2009


.

Bidirectional Forwarding Detection 67

The Ethernet Routing Switch 8600 does not support the following IETFBFD options:

• Echo packets

• BFD over IPv6

• Demand mode

• authentication

The Ethernet Routing Switch 8600 supports:

• partial High Availability (HA) for BFD

• BFD on VRF0

• changing the TX or RX interval during BFD session

ATTENTIONEthernet Routing Switch 8600 does not support BFD on a VRRP virtualinterface.


NN46205-523 02.02 9 December 2009


.



NN46205-523 02.02 9 December 2009


.

69.

VRF Lite fundamentalsUse the concepts described in this chapter to help you understand and usethe Virtual Router Forwarding (VRF) Lite feature. Use VRF Lite to providesecure customer data isolation.

Navigation• “Overview” (page 69)

• “VRF Lite capability and functionality” (page 71)

• “VRF Lite and interVRF route redistribution ” (page 73)

• “VRF Lite and IP VPN” (page 75)

• “VRF Lite requirements” (page 75)

• “Ethernet modules and VRF Lite management” (page 75)

• “VRF Lite configuration rules” (page 75)

• “Virtualized protocols” (page 77)

OverviewUse VRF Lite to offer networking capabilities and traffic isolation tocustomers that operate over the same node (router). Each virtual routeremulates the behavior of a dedicated hardware router; the network treatseach virtual router as a separate physical router. In effect, you can performthe functions of many routers using a single router that runs VRF Lite.The result is a substantial reduction in the cost associated with providingrouting and traffic isolation for multiple clients.

The following figures shows one router acting as multiple virtual routers,each serving a different customer network.


NN46205-523 02.02 9 December 2009


.

70 VRF Lite fundamentals

Figure 14Multiple virtual routers in one router

One Ethernet Routing Switch 8600 can support many virtual routers.Each virtual router instance is called a Virtual Routing and Forwarding(VRF) instance. A VRF represents a single instance of a virtual router.Each instance maintains its own routing table. The term Multiple VirtualRouter (MVR) is sometimes used to represent a router that contains manyVRF instances.

The Global Router, VRF 0, is the first instance of the router that is createdby default when the system boots. VRF 0 provides all nonvirtual andtraditional routing services. This instance cannot be deleted. Other VRFinstances must be created and configured, if required.

VRF 0 is the only VRF that you can log into through CLI, NNCLI or DeviceManager. In Device Manager, you can then change the VRF instanceto configure other VRFs. CLI and NNCLI require you to specify the VRFwhen entering commands.

One VRF instance is associated with many IP interfaces. These interfacesare unique for each VRF instance. An interface is an entity with an IPaddress that has the following characteristics:

• a unique association with a VLAN (and, therefore, VLAN ID)

• a unique association with a brouter, if not associated with a VLAN

• a unique association with a circuit and, therefore, a circuit ID

VLANs are unique within the system, therefore, there can be only oneinstance of a given VLAN within the switch and that VLAN can only beassociated with a single VRF instance.


NN46205-523 02.02 9 December 2009


.

VRF Lite capability and functionality 71

VRF Lite is available using R and RS modules. Although Classic modulesare supported on the Global Router, VRF operations from other VRFinstances to the Global Router (default VRF) is not supported for Classicmodules. Although R mode is not required to configure a VRF instance, allVLANs that are in a non-zero VRF can only be on R and RS modules.

VRF Lite capability and functionalityThe Ethernet Routing Switch 8600 supports what is termed VRF Lite."Lite" conveys the fact that the switch does not use MPLS for VRF; VRFLite is a switch virtualization feature, not a network-wide virtualizationfeature.

On any VRF instance, VRF Lite supports the following protocols:

• IP

• Internet Control Message Protocol (ICMP)

• Address Resolution Protocol (ARP)

• Static routes

• Default routes

• Routing Information Protocol (RIP)

• Open Shortest Path First (OSPF)

• Route Policies (RP)

• Virtual Router Redundancy Protocol (VRRP)

• Dynamic Host Configuration Protocol, and BootStrap Protocol relayagent.

• UDP forwarding

VRF Lite supports Border Gateway Protocol (BGP) on any VRF. However,VRF Lite supports Internal BGP (iBGP) on VRF 0 only.

One OSPF timer is used for all OSPF VRF instances, and one RIP timeris used for all RIP VRF instances.

IPv6 over IPv4 tunneling is only supported on the Global Router.

Using VRF Lite, the Ethernet Routing Switch 8600

• partitions traffic and data and represents an independent router in thenetwork

• provides virtual routers that are transparent to end-users


NN46205-523 02.02 9 December 2009


.


• supports overlapping IP address spaces in separate VRF instances

• supports addresses that are not restricted to the assigned addressspace provided by host Internet Service Providers (ISP).

VRF Lite interoperates with RFC 4364, Layer 3 VPNs. Split MultiLinkTrunking (SMLT) and Routed SMLT (RSMLT) are also supported for VRFinstances.

Although customer data separation into Layer 3 virtual routing domainsis usually a requirement, sometimes customers must access a commonnetwork infrastructure. For example, they want to access the Internet,data storage, VoIP-PSTN, or call signaling services. To interconnect VRFinstances, you can use an external firewall that supports virtualization, oruse interVRF forwarding for specific services. Using the interVRF solution,routing policies and static routes can be used to inject IP subnets fromone VRF instance to another, and filters can be used to restrict access tocertain protocols. The following figure depicts interVRF forwarding by theEthernet Routing Switch 8600.

Figure 15Inter-VRF forwarding

For the latest VRF Lite scalability information, see Nortel Ethernet RoutingSwitch 8600 Release Notes — Software Release 5.0 (NN46205-402).


NN46205-523 02.02 9 December 2009


.

VRF Lite and interVRF route redistribution 73

VRF Lite and interVRF route redistributionThere are three route redistribution functionalities supported by theEthernet Routing Switch 8600:

• intra-VRF inter-protocol route redistribution (redistribution within thesame VRF instance), for example, redistribute RIP to OSPF

• inter-VRF inter-protocol redistribution (redistribution between two VRFinstances), for example, redistribute RIP in VRF 2 to OSPF in VRF 4

• inter-VRF static routes, for example, a static route in a given VRFinstance, configured as is usually done but with the added parameterof a next-hop-vrf (the next-hop IP address is found in the next-hop-vrfinstance)

With interVRF route redistribution, a user in a VRF instance can accessroute data in other VRF instances. Routes can be redistributed within aVRF instance or between VRF instances; for example, one VRF instancecan redistribute routes to all other VRF instances. Local, static, OSPF,RIP, and BGP routes can be redistributed, and both dynamic (OSPF, BGP,and RIP) and static route redistribution is supported.

More than one routing protocol can be present in each VRF instance.Route redistribution can occur either between different protocol types, orbetween the same protocol types on different VRF instances.

An interface uses redistribution to announce routes that are learnedby other protocols, for example, OSPF or BGP. Route redistribution iscontrolled by using route policies. When routing policies are associatedwith route redistribution, the policy is checked before the target protocol isupdated. Across VRF instances, the policy is checked at the source VRFinstance, so only qualified routes are added to the routing table.

You can use static route commands to inject one specific route (includinga default route) from one VRF instance to another. The route is added tothe target VRF instance, while the next hop is resolved by the next-hopVRF instance.

Static routes are used to direct packets from a given source using anext-hop IP address. The next-hop-vrf option in a static route allows thispath to proceed from one VRF to another. Overlapping IP addresses aresupported within VRFs, thus it is possible for two VRFs to have identical IPaddresses.

InterVRF route redistribution is available using R series modules. AlthoughClassic modules are supported on the Global Router, route redistributionfrom other VRF instances to the Global Router (default VRF) is notsupported for Classic modules.


NN46205-523 02.02 9 December 2009


.


The following list describes interVRF route redistribution:

• Redistributed routes are added to the target VRF instance, and theirnext hop remains in the source VRF instance.

• If either the source or destination VRF instance is deleted, theredistribution configuration is automatically deleted.

• Redistributed routes are not further redistributed to another VRFinstance.

• Route redistribution is unidirectional. You must configure routeredistribution for the reverse direction if it is required. Different routepolicies can be configured for each direction.

• After interVRF route redistribution is configured between two VRFinstances, overlapping IP addresses must be avoided between thesetwo VRF instances.

Avoid overlapping addresses; the switch does not generate an error ifaddresses overlap.

• IntraVRF routes take precedence over interVRF routes.

• You can physically connect two VRF instances to distribute routeacross VRF instances (in this case, route redistribution need not beconfigured).

Route redistribution operationTo performs redistribution, the switch maintains a route change list. Thechange list contains all the best routes that are either added to or deletedfrom the forwarding table. When a best route is added to or deleted fromthe forwarding table, the change list is updated to reflect the change andnotify registered protocols. The registered protocols pick up the changefrom the change list when it becomes available.

An example scenario of interVRF redistribution follows. To redistributeOSPF routes in VRF 1 to RIP in VRF 0:

• A RIP redistribution instance is created, enabled, and applied. Thesource protocol is OSPF and the vrf-src is VRF 1.

• When an OSPF route is added in VRF 1, the Routing Table Manager(RTM) in VRF 1 puts the new route into the change list.

• The switch notifies RIP in VRF 0, because RIP is registered with theRTM of VRF 1 for OSPF route changes.

• To send OSPF routes from VRF 1 through the RIP interface in VRF 0,the interface has a route policy configured with the match-vrf parameterconfigured to VRF 1.


NN46205-523 02.02 9 December 2009


.

VRF Lite configuration rules 75

VRF Lite and IP VPNIP Virtual Private Network (IP VPN) functionality is based on VRF Lite VRFinstances and uses the virtual router infrastructure. IP VPN route learningand redistribution is performed by MultiProtocol Border Gateway Protocol(MP-BGP) on the Provider Edge (PE). Multiprotocol Label Switching(MPLS) is used as a transport mechanism for IP VPN.

For more information about IP VPN, see Nortel Ethernet Routing Switch8600 Configuration — IP VPN (NN46205-520).

VRF Lite requirementsTo use VRF Lite, the following hardware and software is required:

• Nortel Ethernet Routing Switch Software Release 5.0 or later

• R or RS modules

• SuperMezz CPU daughter card

• Premier Software License

Ethernet modules and VRF Lite managementYou can configure each VRF instance as a separate router; this meansthat you can configure different routing protocols and associatedparameters for each instance. You can associate non0 VRF instanceswith R series module ports (that is, 8648GTR; 8648GTRS; 8612XLRS;8630GBR; 8634XGRS; 8648GBRS; 8683XLR; 8683XZR).

The Ethernet parameters (Auto-negotiate; AdminDuplex; AdminSpeed, andso on) that a user can edit for a VRF instance depends on whether theport belongs to only one, or more than one, VRF instance. For example,if a port belongs to only one VRF, you can edit the Ethernet parametersof the VRF. If a port belongs to more than one VRF instance, then youcannot edit the Ethernet parameters of the VRF instance unless you area superuser accessing the port through the Global Router. If you are not,you can only edit the GlobalRouter port parameters. This means that if aport belongs to a single non0 VRF, then the port Ethernet parameters canbe changed by this VRF; if a port belongs to multiple VRF instances, thenonly a superuser accessing the port through the Global Router can changethis port configuration.

VRF Lite configuration rulesYou configure VRF-based routing parameters the same as you do for aphysical router, except that, in the CLI or NNCLI, vrf <vrfName> or vrf<WORD 0-16> is added to commands. You must select the VRF for globalIP options before entering commands.


NN46205-523 02.02 9 December 2009


.


In Device Manager, the VRF name is added to all applicable windows. Notall Global Router parameters are configurable on other VRF instances. Toconfigure a specific VRF, use the IP, VRF tab to switch between instances.Select a VRF, then click Set Current VRF.

For instructions about how to configure a Virtual Router Forwarding (VRF)instance, see the following paragraphs. For instructions to configure otherparameters, for example, OSPF, RIP, and ECMP for a VRF instance, seethe instructions to configure a router for OSPF, RIP, and ECMP.

Layer 1 and Layer 2 information (including VLAN information) is global andis not maintained for each VRF instance. However, you can associate aset of VLANs with a VRF instance.

One VLAN cannot belong to more than one VRF instance at one time.When you create a VLAN, more than one physical port can belong toit. You can associate a VRF instance with more than one IP interface (aphysical Ethernet port or a VLAN).

Perform physical port assignment at the VLAN and brouter port level.A VRF instance inherits all the ports assigned to its VLANs and brouterports. You cannot directly assign a physical port to a VRF instance, but itis implicitly assigned when you associate the VRF with VLANs or brouterports.

After you configure interVRF route redistribution between two VRFinstances, avoid overlapping IP addresses between these two VRFinstances.

To delete an OSPF instance, first disable OSPF, and then delete theOSPF instance.

To enable OSPF on an interface, first enable OSPF on the VRF instance(the VRF instance that the interface is bound to), and then enable OSPFon the interface. In non0 VRF instances, RIP and OSPF must be createdbefore they can be enabled.

When you configure VRF Lite, keep the following points in mind:

• You cannot associate a brouter port or VLAN with a VRF instance ifthe brouter port or VLAN has an IP address assigned to it. Configurethe association first, and then configure required IP addresses.

• You cannot configure an IP interface (VLAN or brouter port) for a VRFinstance until the VRF instance exists.

• You can delete a VRF instance only after all its interfaces and othersubcomponents are deleted.


NN46205-523 02.02 9 December 2009


.

Virtualized protocols 77

• Before you delete a VRF instance, disable OSPF. Deleting a VRFinstance deletes the OSPF instance if OSPF is disabled.

• When you create a VRF instance, an OSPF instance is notautomatically created. To enable OSPF on a VRF instance, first createan OSPF instance, and then enable OSPF.

• Any IP routable VLAN can become a member of a VRF. IPv6 VLANsand IPX VLANs cannot join.

• Support for IPv6 forwarding instances exist only in VRF 0.

• An IP interface can only belong to one VRF.

• A VRF can exist even if no interfaces are assigned to it.

• You can connect two VRFs from the same system with external cable.

• Routing policies (RPS) apply to VRFs on an individual basis.

• A VRF can have IP interfaces with OSPF, RIP, static routes, andpolicies all configured simultaneously.

• VRF Lite supports RIP in and out policies.

• VRF Lite supports OSPF in and out (accept/redistribute) policies.

• Multiple VRFs on the same node can function in different autonomoussystems.

• Support for multicast routing exists only for VRF 0 for Release 5.0;however, OSPF multicast Hellos are supported by all VRFs.

• VRF Lite supports High Availability mode.

• VRF Lite supports SMLT and RSMLT.

• If you configure an IP interface without specifying the VRF instance,it is mapped to VRF 0 by default.

• Every interface is a member of VRF 0 unless explicitly defined tobelong to another VRF.

Virtualized protocolsVRF Lite supports virtualization of the following protocols and features.Use this table to help you find applicable VRF command and procedureinformation.


NN46205-523 02.02 9 December 2009


.


Table 7Virtualized protocols and documentation

Virtualized protocol orfeature

Where to find information

Address ResolutionProtocol (ARP)

This document

Border Gateway Protocol(BGP)

Nortel Ethernet Routing Switch 8600 Configuration — BGP Services(NN46205-510)

Circuitless IP (CLIP) This document

Dynamic HostConfiguration ProtocolRelay

This document

IP Virtual PrivateNetworks (IP VPN)

Nortel Ethernet Routing Switch 8600 Configuration — IP VPN(NN46205-520)

Open Shortest Path First(OSPF)

Nortel Ethernet Routing Switch 8600 Configuration — OSPF and RIP(NN46205-522)

Routing InformationProtocol (RIP)

Nortel Ethernet Routing Switch 8600 Configuration — OSPF and RIP(NN46205-522)

Route policies Nortel Ethernet Routing Switch 8600 Configuration — IP Routing(NN46205-523)

Route preferences This document.

Router Discovery This document.

Static routes This document.

User Datagram Protocol(UDP)

This document.

Virtual Local AreaNetworks (VLAN)

Nortel Ethernet Routing Switch 8600 Configuration — VLANs andSpanning Tree (NN46205-517)

Virtual RouterRedundancy Protocol(VRRP)

This document.


NN46205-523 02.02 9 December 2009


.

79.

IP routing configuration using DeviceManager

Configure the IP router interface so that you can use routing protocols andfeatures on the interface. This section contains instructions for both theGlobal Router and Virtual Router Forwarding (VRF) instances.

Navigation• “Changing a VRF instance” (page 79)

• “Basic IP routing configuration” (page 80)

• “IP address configuration” (page 86)

• “Routing feature configuration” (page 91)

Changing a VRF instanceAfter you start Device Manager, by default you can view and configurethe Global Router, VRF 0. Switch to another VRF instance to view andconfigure parameters for another VRF.

Prerequisites

• A VRF other than VRF 0 is configured.

Procedure steps

Step Action

1 In Device Manager, choose IP, VRF.

2 In the VRF dialog box, select a VRF and click Set Current VRF.

3 Click Yes on the dialog box that appears asking you to confirmthe change.


NN46205-523 02.02 9 December 2009


.

80 IP routing configuration using Device Manager

Another dialog box also appears, asking if you would like toclose dialog boxes for the previous VRF instance. Configure thisbox as required.

--End--

Basic IP routing configurationConfigure basic IP routing parameters to determine how routing functionson the switch.

Select a topic:

• “Enabling routing for a router or a VRF instance” (page 80)

• “Enabling or disabling routing on a port ” (page 81)

• “Deleting a dynamically-learned route” (page 81)

• “Configuring IP route preferences” (page 84)

• “Flushing routing tables by VLAN” (page 85)

• “Flushing routing tables by port” (page 85)

Basic IP routing configuration navigation


• “Enabling or disabling routing on a port ” (page 81)

• “Deleting a dynamically-learned route” (page 81)


• “Flushing routing tables by VLAN” (page 85)

• “Flushing routing tables by port” (page 85)

Enabling routing for a router or a VRF instanceEnable IP forwarding (routing) on a router or a Virtual Router Forwarding(VRF) instance so that they support routing. You can use the IP addressof any physical or virtual router interface for an IP-based networkmanagement.

Procedure steps

Step Action

1 In Device Manager, choose IP, IP - GlobalRouter (vrf x).

2 To enable routing, select Forwarding.


NN46205-523 02.02 9 December 2009


.

Basic IP routing configuration 81

3 Click Apply.

--End--

For more information, see “IP Globals” (page 92).

Enabling or disabling routing on a portEnable or disable routing on a port to match your routing requirements.For example, you can disable routing on a particular port even if the port ispart of a routed VLAN.

Procedure steps

Step Action

1 In Device Manager, select a port, and then choose Edit, Port,General GlobalRouter (vrf x).

2 In the AdminRouting box, select enable to enable routing ordisable to configure the port for bridging (and disable routing onthis port).

3 Click Apply.

--End--

Deleting a dynamically-learned routeUse the Routes tab to view and manage the contents of the system routingtable. You can also delete a dynamically learned route using this table.Exercise caution if you delete entries from the route table.

To delete a static route, use the Static Route tab.

To delete dynamic routes from the table for a VRF instance, first select theappropriate instance.

Procedure steps

Step Action


2 Click the Routes tab.

3 To delete a route, select the route and click Delete.

--End--

For more information, see “Routes tab” (page 82).


NN46205-523 02.02 9 December 2009


.


Routes tabVariable definitions

Use the data in the following table to use the Routes tab.

Variable Value

Dest Specifies the destination IP network of this route.An entry with a value of 0.0.0.0 is a default route.Multiple routes to a single destination can appearin the table, but access to multiple entries dependson the table access mechanisms defined by thenetwork management protocol in use.

Mask Indicates the network mask to logically add withthe destination address before comparison to thedestination IP network.

NextHop Specifies the IP address of the next hop of thisroute.

AltSequence Indicates the alternative route sequence. The valueof 0 denotes the best route.

HopOrMetric Specifies the primary routing metric for this route.The semantics of this metric are specific to variousrouting protocols.

Interface Specifies the router interface for this route.

• Virtual router interfaces are identified by theVLAN number of the VLAN followed by the(VLAN) designation.

• Brouter interfaces are identified by the slot andport number of the brouter port.

Proto Specifies the routing mechanism through which thisroute was learned:

• other—none of the following

• local—nonprotocol information, for example,manually configured entries

• static

• ICMP

• EGP

• GGP

• Hello

• RIP

• IS-IS


NN46205-523 02.02 9 December 2009


.


Variable Value

• ES-IS

• Cisco IGRP

• bbnSpfIgp

• OSPF

• BGP

• Inter-VRF Redistributed Route

Age Specifies the number of seconds since this routewas last updated or otherwise determined correct.

PathType Indicates the route type, which is a combination ofdirect, indirect, best, alternative, and ECMP paths.

• iA indicates Indirect Alternative route without anECMP path

• iAE indicates Indirect Alternative ECMP path

• iB indicates Indirect Best route without ECMPpath

• iBE indicates Indirect Best ECMP path

• dB indicates Direct Best route

• iAN indicates Indirect Alternative route not inhardware

• iAEN indicates Indirect Alternative ECMP routenot in hardware

• iBN indicates Indirect Best route not in hardware

• iBEN indicates Indirect Best ECMP route not inhardware

• dBN indicates Direct Best route not in hardware

• iAU indicates Indirect Alternative RouteUnresolved

• iAEU indicates Indirect Alternative ECMPUnresolved

• iBU indicates Indirect Best Route Unresolved

• iBEU indicates Indirect Best ECMP Unresolved

• dBU indicates Direct Best Route Unresolved

• iBF indicates Indirect Best route replaced byFTN

• iBEF indicates Indirect Best ECMP routereplaced by FTN


NN46205-523 02.02 9 December 2009


.


Variable Value

• iBV indicates Indirect best IPVPN route

• iBEV indicates Indirect best ECMP IP VPN route

• iBVN indicates Indirect best IP VPN route not inhardware

• iBEVN indicates Indirect best ECMP IP VPNroute not in hardware

Pref Specifies the preference.

NextHopVrfId Specifies the VRF ID of the next-hop address.

Configuring IP route preferencesChange IP route preferences to force the routing protocols to prefer aroute over another. Configure IP route preferences to override defaultroute preferences and give preference to routes learned for a specificprotocol.

ATTENTIONChanging route preferences is a process-oriented operation that can affectsystem performance and network reachability while you perform the procedures.Therefore, Nortel recommends that if you want to change default preferences forrouting protocols, do so before you enable the protocols.

Prerequisites

• Disable ECMP before you configure route preferences.

Procedure steps

Step Action


2 Click the RoutePref tab.

3 In the Configured column, change the preference for the givenprotocol.

4 Click Apply.

--End--

For more information, see “RoutePref tab” (page 84).

RoutePref tabVariable definitions


NN46205-523 02.02 9 December 2009


.


Use the data in the following table to use the RoutePref tab.

Variable Value

Protocol Specifies the protocol name.

Default Specifies the default preference value for thespecified protocol.

Configured Changes the default preference value for thespecified protocol.

Flushing routing tables by VLANFor administrative and troubleshooting purposes, sometimes you mustflush the routing tables. You can use Device Manager to flush the routingtables by VLAN or flush them by port. Use this procedure to flush the IProuting table for a VLAN.

To flush routing tables by VLAN for a VRF instance, first select theappropriate instance.

Procedure steps

Step Action

1 In Device Manager, choose VLAN, VLANs - GlobalRouter(vrf x).

2 Click the Advanced tab.

3 In the Vlan Operation Action list, select a flush option.

In a VLAN context, all entries associated with the VLAN areflushed. You can flush the ARP entries and IP routes for theVLAN.

4 Click Apply.

--End--

Flushing routing tables by portFor administrative and troubleshooting purposes, sometimes you mustflush the routing tables. You can use Device Manager to flush the routingtables by VLAN or flush them by port. Use this procedure to flush the IProuting table for a port.

To flush routing tables by port for a VRF instance, first select theappropriate instance.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 Select a port, and then choose Edit, Port, General -GlobalRouter (vrf x).

2 In the Action section, select flushAll.

In a port context, all entries associated with the port are flushed.You can flush the ARP entries and IP routes for a port.

After you flush a routing table, it is not automatically repopulated.The repopulation time delay depends on the routing protocolsin use.

3 Click Apply.

--End--

IP address configurationConfigure IP addresses so that device interfaces can use IP and you canaccess the Ethernet Routing Switch 8600 remotely.

IP address configuration navigation

• “Assigning an IP address to the management port” (page 86)

• “Assigning an IP address to a port” (page 87)

• “Assigning an IP address to a VLAN” (page 89)

• “Viewing IP addresses for all router interfaces” (page 90)

Assigning an IP address to the management portAssign an IP address to the management port to remotely connect to theswitch through the port.

ATTENTIONUse caution when you change the management port IP address. Changingthe management port IP address may cause Device Manager to losecommunication with the switch.

Procedure steps

Step Action

1 Right-click the management port.

2 Choose Edit, Mgmt Port.

3 In Addr, assign an IP address to the port.


NN46205-523 02.02 9 December 2009


.

IP address configuration 87

4 In Mask, assign a subnet mask.

5 Configure other variables as required.

6 Click Apply.

--End--

For more information, see “Mgmt Port, Mgmt Port IP” (page 87).

Mgmt Port, Mgmt Port IPVariable definitions

Use the data in the following table to use the Mgmt Port, Mgmt Port IP tab.

Variable Value

IfIndex Specifies the management port interface indexnumber.

Descr Describes the management port.

AdminStatus Specifies the administrative status of the device.

OperStatus Specifies the operational status of the device.

MgmtMacAddr Specifies the MAC address of the managementdevice.

Addr Specifies the IP address of the device.

Mask Specifies the subnet IP mask.

AutoNegotiate Specifies whether Auto-Negotiation is used.

AdminDuplex Specifies the administrative duplex setting for thisport.

Changing the duplex setting for this port from full tohalf duplex for a 8648GTR port causes a 30-secondloss of bidirectional traffic while the software resets.

OperDuplex Specifies the administrative duplex setting for thisport.

AdminSpeed Specifies the administrative speed setting for thisport.

OperSpeed Indicates the operational duplex setting for this port.

EnableBootP Enables or disables the Bootstrap Protocol (BootP).

Assigning an IP address to a portAssign an IP address to a port so that it acts as a routable VLAN (abrouter port) and supports IP routing.


NN46205-523 02.02 9 December 2009


.


To configure a brouter port, assign an IP address to an IP policy-basedsingle-port VLAN.

ATTENTIONAfter the IP address is configured, you cannot edit the IP address, and you canassign only one IP address to any router interface (brouter or virtual).

You cannot assign an IP address to a brouter port that is a member of a routedVLAN. To assign an IP address to the brouter port, you must first remove theport from the routed VLAN.

If you want to assign a new IP address to a VLAN or brouter port that alreadyhas an IP address, first delete the existing IP address and then insert the new IPaddress.

Prerequisites

• Routing (forwarding) is globally enabled.

• The VLAN is configured.

• If required, the VRF instance exists.

Procedure steps

Step Action

1 Select the port, and then choose Edit, Port, IP - GlobalRouter(vrf x).

2 Click Insert.

3 In the Port, Insert IP Address dialog box, type the IP addressand network mask.

4 Click Insert.

--End--

For more information, see “Port - GlobalRouter (vrf x), IP Address” (page88).

Port - GlobalRouter (vrf x), IP AddressVariable definitions

Use the data in the following table to help use the Port - GlobalRouter(vrf x), IP Address tab.


NN46205-523 02.02 9 December 2009


.


Variable Value

Interface Specifies the router interface.

• The name of the VLAN followed by the VLANdesignation identifies virtual router interfaces.

• The slot and port number of the brouter portidentifies brouter interfaces.

Ip Address Specifies the IP address of the brouter interface onthis port. You can define only one IP address on agiven port interface.

Net Mask Specifies the subnet mask of the brouter interfaceon this port. The mask is an IP address with all thenetwork bits set to 1 and all the hosts bits set to 0.

BcastAddrFormat Specifies the IP broadcast address format used onthis interface.

ReasmMaxSize Specifies the size of the largest IP packet whichthe interface can reassemble from fragmentedincoming IP packets.

VlanId Specifies the ID of the VLAN associated with thebrouter port. This parameter is used to tag ports.

BrouterPort Indicates whether this is a brouter port.

VrfID Specifies the associated VRF interface. The VrfIdassociates VLANs or brouter ports to a VRF afterthe creation of VLANs or brouter ports. VRF ID 0 isreserved for the Global Router.

Assigning an IP address to a VLANSpecify an IP address for a VLAN so that the VLAN can perform IProuting.

Assign the VLAN to a VRF instance by configuring the VRF ID.

ATTENTIONYou can assign only one IP address to any router interface (brouter or VLAN).

You cannot assign an IP address to a VLAN if a brouter port is a member of theVLAN. To assign an IP address to the VLAN, you must first remove the brouterport member.

Prerequisites




NN46205-523 02.02 9 December 2009


.


• To configure an IP interface (VLAN or brouter port) for a VRF instance,you must first configure the VRF instance.

• To change a VRF instance, see “Changing a VRF instance” (page 79).

Procedure steps

Step Action


2 Select a VLAN.

3 Click IP.

4 Click Insert.

5 In the IP, VLAN, Insert IP Address dialog box, type the IPaddress, network mask, and VRF ID.

6 Click Insert.

--End--

Viewing IP addresses for all router interfacesUse the Addresses tab to view IP addresses (and their associated routerinterfaces) from one central location.

Procedure steps

Step Action


2 Click the Addresses tab.

--End--

For more information, see “Addresses” (page 90).

AddressesVariable definitions

Use the data in the following table to use the Addresses tab.


NN46205-523 02.02 9 December 2009


.

Routing feature configuration 91

Variable Value




Ip Address Specifies the IP address of the router interface.

Net Mask Specifies the subnet mask of the router interface.

BcastAddrFormat Specifies the IP broadcast address format usedon this interface; that is, whether 0 (zero) or oneis used for the broadcast address. The EthernetRouting Switch 8600 uses 1.

ReasmMaxSize Specifies the size of the largest IP packet thatthis interface can reassemble from incomingfragmented IP packets.

VlanId Identifies the VLAN associated with this entry. Thisvalue corresponds to the lower 12 bits in the IEEE802.1Q VLAN tag.

BrouterPort Indicates whether this is a brouter port (as opposedto a routable VLAN).

MacOffset Specifies a number by which to offset the MACaddress of the brouter port from the chassis MACaddress. This ensures that each IP address has adifferent MAC address.

VrfId Specifies the associated VRF interface. The VrfIdassociates VLANs or brouter ports to a VRF afterthe creation of VLANs or brouter ports. VRF ID 0 isreserved for the Global Router.

Routing feature configurationConfigure routing features to optimize routing operations on your network.

• “Configuring IP routing features globally” (page 92)

• “Configuring ECMP globally” (page 94)

• “Enabling alternative routes globally” (page 95)

• “Static route configuration” (page 95)

• “ICMP Router Discovery configuration” (page 99)

• “Circuitless IP interface configuration” (page 105)


NN46205-523 02.02 9 December 2009


.


Routing feature configuration navigation


• “Configuring ECMP globally” (page 94)

• “Enabling alternative routes globally” (page 95)



• “Circuitless IP interface configuration” (page 105)

Configuring IP routing features globallyConfigure the IP routing protocol stack to determine which routing featuresthe switch can use.

Procedure steps

Step Action


2 To globally enable routing, select Forwarding.

3 To globally enable the Alternative Route feature, selectAlternativeEnable.

4 To globally enable ICMP Router Discovery, selectRouteDiscoveryEnable.

5 To globally enable ECMP, select EcmpEnable.

6 Configure the default TTL parameter (DefaultTTL).

This value is placed into routed packets that have no TTLspecified.

7 Configure the remaining parameters as required.

8 Click Apply.

--End--


IP GlobalsVariable definitions

Use the data in the following table to use the Global tab.


NN46205-523 02.02 9 December 2009


.


Variable Value

Forwarding Configures the switch for forwarding (routing) ornonforwarding. The default value is forwarding.

DefaultTTL Configures the default time-to-live (TTL) value for arouted packet. TTL indicates the maximum numberof seconds elapsed before a packet is discarded.Enter an integer from 1 to 255. The default valueof 255 is used if a value is not supplied in thedatagram header.

ReasmTimeout Specifies the maximum number of seconds thatreceived fragments are held while they wait forreassembly. The default value is 30 seconds.(Read-only)

ARPLifeTime Specifies the lifetime of an ARP entry within thesystem, global to the switch. The default value is360 minutes. The range for this value is 1 to 32767minutes.

ICMPUnreachableMsgEnable

If selected, enables the generation of InternetControl Message Protocol (ICMP) networkunreachable messages if the destination networkis not reachable from this router. These messageshelp determine if the routing switch is reachableover the network. The default is disabled.

ATTENTIONNortel recommends that you only enableicmp-unreach-msg if it is absolutely required. Ificmp-unreach-msg is enabled and a packet isreceived for which there is no route in the routingtable, CPU utilization can dramatically increase.

ICMPRedirectMsgEnable Enables the switch to, or disables the switch from,sending ICMP destination redirect messages.

AlternativeEnable Globally enables or disables the Alternative Routefeature.

If the alternative-route parameter is disabled, allexisting alternative routes are removed. After theparameter is enabled, all alternative routes arere-added.

RouteDiscoveryEnable If selected, enables the ICMP Router Discoveryfeature. The default is disabled (not selected). UseICMP Router Discovery to enable hosts attached tomulticast or broadcast networks to discover the IPaddresses of neighboring routers.


NN46205-523 02.02 9 December 2009


.


Variable Value

AllowMoreSpecificNonLocalRouteEnable

Enables or disables a more-specific nonlocal route.If enabled, the switch can enter a more-specificnonlocal route into the routing table.

SuperNetEnable Enables or disables supernetting.

If supernetting is globally enabled, the switch canlearn routes with a route mask less than 8 bits.Routes with a mask length less than 8 bits cannothave ECMP paths, even if the ECMP feature isglobally enabled.

EcmpEnable Globally enables or disables the Equal CostMultipath (ECMP) feature. The default is disabled.

After ECMP is disabled, the EcmpMaxPath is resetto the default value of 1.

EcmpMaxPath Globally configures the maximum number of ECMPpaths.

• When the switch is in R mode, the interval is 1to 8.

• While the switch is not in R mode, the intervalis 1 to 4.

• The default value is 1.

You cannot configure this feature unless ECMP isenabled globally.

Ecmp1PathList Selects a preconfigured ECMP path.




EcmpPathListApply Applies changes in the ECMP path listconfiguration, or in the prefix lists configuredas the path lists.

Configuring ECMP globallyEnable Equal Cost MultiPath (ECMP) to permit routers to determine upto four (or eight using R mode) equal-cost paths to the same destinationprefix. You can use the multiple paths for load-sharing of traffic, whichallows fast convergence to alternative paths. By maximizing load sharingamong equal-cost paths, you can maximize the efficiency of your linksbetween routers.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action


2 Select the EcmpEnable check box.

3 Enter the preferred number of equal-cost paths.

4 Click Apply.

5 Click Close.

--End--


Enabling alternative routes globallyGlobally enable alternative routes so that you can subsequently enableit on interfaces.

To change a VRF instance, see “Changing a VRF instance” (page 79).

Procedure steps

Step Action


2 Select AlternativeEnable.

If the AlternativeEnable parameter is disabled, all existingalternative routes are removed. After you enable the parameter,all alternative routes are re-added.

3 Click Apply.

--End--


Static route configurationUse static routes to force the router to make certain forwarding decisions.Static routes require less system resources than dynamic routing, buttraffic can be lost if the static route goes down.


NN46205-523 02.02 9 December 2009


.


Static route configuration navigation

• “Configuring static routes ” (page 96)

• “Configuring a default static route” (page 98)

• “Configuring a black hole static route” (page 99)

Configuring static routesUse static routes to force the router to make certain forwarding decisions.Create IP static routes to manually provide a path to destination IPaddress prefixes. The maximum number of static routes is 2000.

Procedure steps

Step Action


2 Click the Static Routes tab.

3 Click Insert.

4 If required, in the OwnerVrfId box, select the appropriate VRFID.

5 In the Dest box, type the IP address.

6 In the Mask box, type the subnet mask.

7 In the NextHop box, type the IP address of the router throughwhich the specified route is accessible.

8 In the NextHopVrfId box, select the appropriate value.

9 To enable the static route, select the Enable check box.

10 In the Metric box, type the metric.

11 In the Preference box, type the route preference.

12 If required, select the LocalNextHop check box.

This option is used to create Layer 3 static routes.

13 Click Insert.

The new route appears in the IP dialog box, Static Routes tab.

14 To delete a static route, select the static route you want todelete.

15 Click Delete.

--End--

For more information, see “Static Routes” (page 97) .


NN46205-523 02.02 9 December 2009


.


Static Routes Variable definitions

Use the data in the following table to use the Static Routes tab.

Variable Value

OwnerVrfId Specifies the VRF ID for the static route.

Dest Specifies the destination IP address of this route. Avalue of 0.0.0.0 is a default route. Multiple routesto a single destination can appear in the table, butaccess to such multiple entries is dependent on thetable-access mechanisms defined by the networkmanagement protocol in use.

Mask Indicates the mask that is logically ANDed withthe destination address before comparison to theRoute Destination. For systems that do not supportarbitrary subnet masks, an agent constructs theRoute Mask by determining whether it belongs to aclass A, B, or C network, and then uses one of:

255.0.0.0—Class A

255.255.0.0—Class B

255.255.255.0—Class C

If the Route Destination is 0.0.0.0 (a default route)then the mask value is also 0.0.0.0.

NextHop Specifies the IP address of the next hop of thisroute. In the case of a route bound to an interfacewhich is realized through a broadcast media,the Next Hop is the agent’s IP address on thatinterface.

When you create a black hole static route,configure this parameter to 255.255.255.255.

NextHopVrfId Specifies the next-hop VRF ID in interVRF staticroute configurations. Identifies the VRF in whichthe ARP entry resides.

Enable Determines whether the static route is available onthe port. The default is enable.

If a static route is disabled, it must be enabledbefore it can be added to the system routing table.

Status Specifies the status of the route.


NN46205-523 02.02 9 December 2009


.


Variable Value

Metric Specifies the primary routing metric for this route.The semantics of this metric are determined by therouting protocol specified in the route RouteProtovalue. If this metric is not used, configure the valueto 1.

IfIndex Specifies the route index of the Next Hop. Theinterface index identifies the local interface throughwhich the next hop of this route is reached.

Preference Specifies the routing preference of the destinationIP address. If more than one route can be usedto forward IP traffic, the route that has the highestpreference is used. The higher the number, thehigher the preference.

LocalNextHop Enables and disables LocalNextHop. If enabled,the static route becomes active only if the switchhas a local route to the network. If disabled, thestatic route becomes active if the switch has a localroute or a dynamic route.

Configuring a default static routeThe default route specifies a route to all networks for which there noexplicit routes exist in the Forwarding Information Base or in the routingtable. This route has a prefix length of zero (RFC 1812). You canconfigure routing switches with a static default route, or they can learn itthrough a dynamic routing protocol.


To create a default static route, you configure the destination address andsubnet mask to 0.0.0.0.

Step Action



3 Click Insert.

4 In the OwnerVrfId box, select the appropriate VRF ID.

5 In the Dest box, type 0.0.0.0.

6 In the Mask box, type 0.0.0.0.


8 In the Metric box, type the HopOrMetric value.


NN46205-523 02.02 9 December 2009


.


9 Click Insert.

--End--

Configuring a black hole static routeCreate a black hole static route to the destination that a router advertisesto avoid routing loops when aggregating or injecting routes to otherrouters.

If an existing black hole route is enabled, you must first delete or disable itbefore you can add a regular static route to that destination.


Step Action



3 Click Insert.

4 In the OwnerVrfId box, select the appropriate VRF ID.

5 In the Dest box, enter the IP address.

6 In the Mask box, enter the network mask.

7 In the NextHop box, type 255.255.255.255.

To create a black hole static route, you must configure theNextHop address to 255.255.255.255.

8 In the Metric box, type the HopOrMetric value.

9 In the Preference box, select the route preference.

When you specify a route preference, be sure to appropriatelyconfigure the preference so that when the black hole route isused, it is elected as the best route.

10 Select the enable option.

11 Click Insert.

The black hole static route record is created in the routing table.

--End--

ICMP Router Discovery configurationUse Internet Control Message Protocol (ICMP) Router Discovery to enablehosts attached to multicast or broadcast networks to discover the IPaddresses of neighboring routers.


NN46205-523 02.02 9 December 2009


.


ICMP Router Discovery configuration navigation

• “Configuring ICMP Router Discovery globally” (page 100)

• “Configuring the ICMP Router Discovery table” (page 100)

• “Configuring ICMP Router Discovery for a port” (page 102)

• “Configuring ICMP Router Discovery on a VLAN” (page 104)

Configuring ICMP Router Discovery globallyEnable ICMP Router Discovery so that it can operate on the switch.

Step Action


2 Select RouteDiscoveryEnable.

3 To select a preconfigured ECMP path, click the EcmpPathListellipsis button and select the path.

4 Click OK.

5 Click Apply.

6 Click Close.

--End--


Configuring the ICMP Router Discovery tableConfigure the ICMP Router Discovery table to ensure correct ICMPoperation for all interfaces that use Router Discovery.


• ICMP Router Discovery must be globally enabled.

Step Action


2 Click the Router Discovery tab.

3 Configure the Router Discovery parameters to suit your network.


NN46205-523 02.02 9 December 2009


.


4 Click Apply.

--End--

For more information, see “IP, IP GlobalRouter (vrf x), Router Discovery”(page 101) .

IP, IP GlobalRouter (vrf x), Router Discovery Variable definitions

Use the data in the following table to use the IP, IP GlobalRouter (vrf x),Router Discovery tab.

Variable Value

Interface Indicates the VLAN ID or the port.

AdvAddress Specifies the IP destination address used forbroadcast or multicast router advertisementssent from the interface. The address is theall-systems multicast address 224.0.0.1, or thelimited-broadcast address 255.255.255.255.

The default value is 255.255.255.255.

AdvFlag Indicates whether (true) or not (false) the addressis advertised on the interface.

The default value is true (advertise address).

AdvLifetime Specifies the time to-live-value (TTL) of routeradvertisements (in seconds) sent from theinterface. The range is MaxAdvInterval to 9000seconds.

The default value is 1800 seconds.

MaxAdvInterval Specifies the maximum time (in seconds) thatelapses between unsolicited broadcast or multicastrouter advertisement transmissions from theinterface. The range is 4 to 1800 seconds.



NN46205-523 02.02 9 December 2009


.


Variable Value

MinAdvInterfal Specifies the minimum time (in seconds) thatelapses between unsolicited broadcast ormulticast router advertisement transmissionsfrom the interface. The range is 3 seconds toMaxAdvInterval.


PreferenceLevel Specifies the preference value (a higher numberindicates more preferred) of the address as adefault router address relative to other routeraddresses on the same subnet. The range is–2147483648 to 2147483647.

The default value is 0.

Configuring ICMP Router Discovery for a portUse this procedure to configure Router Discovery on a port. Whenenabled, the port sends Router Discovery advertisement packets.



Step Action

1 Select a port.

2 From the Device Manager menu, choose Edit, Port, IP -GlobalRouter (vrf x).


4 To enable Router Discovery, select AdvFlag.

5 Configure other parameters as required for proper operation.

6 Click Apply.

--End--

For more information, see “Edit, Port, IP - GlobalRouter (vrf x), RouterDiscovery” (page 102) .

Edit, Port, IP - GlobalRouter (vrf x), Router Discovery Variabledefinitions


NN46205-523 02.02 9 December 2009


.


Use the data in the following table to use the Edit, Port, IP GlobalRouter(vrf x), Router Discovery tab.

Variable Value

AdvAddress Specifies the destination IP address used forbroadcast or multicast router advertisements sentfrom the interface. The accepted values are theall-systems multicast address 224.0.0.1, or thelimited-broadcast address 255.255.255.255.



The default value is True (advertise address).

AdvLifetime Specifies the time to live value (TTL) of routeradvertisements (in seconds) sent from theinterface. The range is MaxAdvInterval to 9000seconds.


MaxAdvInterval Specifies the maximum time (in seconds) thatelapses between unsolicited broadcast or multicastrouter advertisement transmissions from theinterface. The range is 4 seconds to 1800seconds.


MinAdvInterval Specifies the minimum time (in seconds) thatelapses between unsolicited broadcast ormulticast router advertisement transmissionsfrom the interface. The range is 3 seconds toMaxAdvInterval.


PreferenceLevel Specifies the preference value (a higher numberindicates more preferred) of the address as adefault router address relative to other routeraddresses on the same subnet. The acceptedvalues are –2147483648 to 2147483647.



NN46205-523 02.02 9 December 2009


.


Configuring ICMP Router Discovery on a VLANConfigure Router Discovery on a VLAN so that the ICMP Router Discoveryfeature can run over the VLAN. When enabled, the switch sends RouterDiscovery advertisement packets to the VLAN.


Prerequisites


Step Action


2 Select the VLAN ID that you want to configure to participate inRouter Discovery.

3 Click IP.


5 To enable Router Discovery for the VLAN, select AdvFlag.


7 Click Apply.

--End--

For more information, see “IP, VLAN, Router Discovery” (page 104) .

IP, VLAN, Router Discovery Variable definitions

Use the data in the following table to use the IP, VLAN, Router Discoverytab.

Variable Value

AdvAddress Specifies the destination IP address used forbroadcast or multicast router advertisementssent from the interface. The address is theall-systems multicast address, 224.0.0.1, or thelimited-broadcast address, 255.255.255.255.The default value is 255.255.255.255.

AdvFlag Indicates whether (true) or not (false) the addressisadvertised on the interface.

The default value is true (advertise address).


NN46205-523 02.02 9 December 2009


.


Variable Value

AdvLifetime Specifies the time to-live-value (TTL) of routeradvertisements (in seconds) sent from theinterface. The range is MaxAdvInterval to 9000seconds.


MaxAdvInterval Specifies the maximum time (in seconds) allowedbetween sending unsolicited broadcast or multicastrouter advertisements from the interface. The rangeis 4 seconds to 1800 seconds.


MinAdvInterval The minimum time (in seconds) allowed betweenunsolicited broadcast or multicast routeradvertisements sent from the interface. The rangeis 3 seconds to MaxAdvInterval.


PreferenceLevel Specifies the preference value (a higher numberindicates more preferred) of the address as adefault router address, relative to other routeraddresses on the same subnet. The range is–2147483648 to 2147483647.


Circuitless IP interface configurationA circuitless IP (CLIP) interface is a virtual interface that is associated withno physical port. You can use a CLIP interface to provide uninterruptedconnectivity to your switch if an actual path is available to reach thedevice.

Circuitless IP interface configuration navigation

• “Configuring a CLIP interface” (page 106)

• “Enabling IP VPN on a CLIP interface” (page 106)

• “Enabling OSPF on a CLIP interface” (page 107)

• “Enabling PIM on a CLIP interface” (page 108)


NN46205-523 02.02 9 December 2009


.


Configuring a CLIP interfaceYou can use a CLIP interface to provide uninterrupted connectivity toyour switch. You can configure a maximum of 256 circuitless IP (CLIP)interfaces on each device.

Step Action


2 Click the Circuitless IP tab.

3 Click Insert.

4 Assign a CLIP interface number.

5 Enter the IP address.

6 Enter the network mask.

7 Click Insert.

8 To delete a CLIP interface, select the interface and click Delete.

--End--

For more information, see “Circuitless IP” (page 106) .

Circuitless IP Variable definitions

Use the data in the following table to use the Circuitless IP tab.

Variable Value

Interface Specifies the number assigned to the interface,from 1 to 256.

Ip Address Specifies the IP address of the CLIP.

Net Mask Specifies the network mask.

Enabling IP VPN on a CLIP interfaceEnable IP VPN on CLIP interfaces so that the CLIP interface supports IPVPN.


• A CLIP interface exists.


NN46205-523 02.02 9 December 2009


.


Step Action



3 Select an interface and click the IPVPN button.

4 Select IpVpnLiteEnable.

5 Click Apply.

--End--

IpVpn - GlobalRouter (vrf x) Variable definitions

Use the data in the following table to use the IpVpn - GlobalRouter (vrf x)tab.

Variable Value

IpVpnLiteEnable Enables IP VPN on the CLIP interface.

Enabling OSPF on a CLIP interfaceEnable Open Shortest Path First (OSPF) on a circuitless IP interface sothat it can participate in OSPF routing.

• OSPF must be globally enabled.

• The OSPF area already exists.

Step Action



3 Select the CLIP interface (for example: CLIP1).

4 Click the OSPF tab.

5 Select the Enable check box.

You must enable OSPF on the CLIP interface for circuitless IPto function.

6 In the current AreaId box, enter the IP address of the OSPFbackbone area.

7 Click Apply.


NN46205-523 02.02 9 December 2009


.


8 Click Close.

--End--

For more information, see “Circuitless OSPF - GlobalRouter (vrf x)” (page108) .

Circuitless OSPF - GlobalRouter (vrf x) Variable definitions

Use the data in the following table to use the Circuitless OSPF -GlobalRouter (vrf x) tab.

Variable Value

Enable Enables OSPF on the CLIP interface.

AreaID Specifies the OSPF area ID.

Enabling PIM on a CLIP interfaceEnable Protocol Independent Multicasting (PIM) on a CLIP interface sothat it can participate in PIM routing.

• PIM must be globally enabled.

Procedure steps

Step Action



3 Select the interface (for example, CLIP1).

4 Click PIM.


You must enable PIM on the CLIP interface for PIM to function.The mode is indicated on this tab.

6 Click Apply.

7 Click Close.

--End--

For more information, see “Circuitless PIM - GlobalRouter (vrf x)” (page108) .

Circuitless PIM - GlobalRouter (vrf x) Variable definitions


NN46205-523 02.02 9 December 2009


.


Use the data in the following table to use the Circuitless PIM -GlobalRouter (vrf x) tab.

Variable Value

Enable Enables PIM on the CLIP interface.

Mode Specifies the PIM mode.


NN46205-523 02.02 9 December 2009


.



NN46205-523 02.02 9 December 2009


.

111.

IP routing configuration using the CLIConfigure the IP router interface so that you can configure and use routingprotocols and features on the interface. This section contains instructionsfor the Global Router and the Virtual Router Forwarding (VRF) instances.

Navigation• “Job aid: Roadmap of IP CLI commands” (page 111)

• “Job aid: Roadmap of VRF Lite IP CLI commands” (page 115)





Job aid: Roadmap of IP CLI commandsThe following table lists the commands and their parameters that you useto complete the procedures in this section.

Table 8Job aid: Roadmap of IP CLI commands

Command Parameter

create <ipaddr/mask> <vid>[mac_offset <value>]

delete <ipaddr>

info

config ethernet <ports> ip

Rvs-Path-Chk <enable|disable> [mode<value>]


NN46205-523 02.02 9 December 2009


.

112 IP routing configuration using the CLI

Table 8Job aid: Roadmap of IP CLI commands (cont’d.)

Command Parameter

advertise-flag <true|false>

advertisement-address <244.0.0.1 OR255.255.255.255>

advertisement-lifetime <seconds>

info

max-advertisement-interval<seconds>

min-advertisement-interval<seconds>

config ethernet <ports> ip route-discovery

preference-level <preference-level_value>

config ethernet <ports> routing<enable|disable>

alternative-route <enable|disable>

default-ttl <seconds>

ecmp <enable|disable>

ecmp-1-pathlist <prefix-list-name>




ecmp-max-path <integer>

ecmp-pathlist-apply

icmp-redirect-msg <enable|disable>

icmp-unreach-msg <enable|disable>

info

ip-supernet <enable|disable>

max-routes-trap <enable|disable>

config ip

more-specific-non-local-route<enable|disable>


NN46205-523 02.02 9 December 2009


.

Job aid: Roadmap of IP CLI commands 113


Command Parameter

area <ipaddr>

create <ipaddr/mask>

delete <ipaddr>

info

ipvpn-lite-capability <enable|disable>

ospf <enable|disable>

config ip circuitless-ip-int

pim <enable|disable>

disable

enable

config ip forwarding

info

config ip route delete <ipaddr/mask>next-hop <value> [next-hop-vrf <value>]

disable

enable

config ip route-discovery

info

infoconfig ip route preference

protocol <protocol> <value>

create <ipaddr/mask> next-hop<value> cost <value> [preference<value>] [local-next-hop <value>][next-hop-vrf <value>]

delete <ipaddr/mask> next-hop<value>] [next-hop-vrf <value>]

disable <ipaddr/mask> next-hop<value>] [next-hop-vrf <value>]

enable <ipaddr/mask> next-hop<value>] [next-hop-vrf <value>]

info

local-next-hop <true|false><ipaddr/mask> next-hop <value>]

config ip static-route

preference <value> <ipaddr/mask>next-hop <value>] [next-hop-vrf<value>]

config ip static-route delete<ipaddr/mask> next-hop <value>[next-hop-vrf <value>]


NN46205-523 02.02 9 December 2009


.



Command Parameter

create <ipaddr/mask> [mac_offset<value>]

delete <ipaddr>

info

config vlan <vid> ip

Rvs-Path-Chk <enable|disable> [mode<value>]

advertise-flag <true|false>



info

max-advertisement-interval<seconds>

min-advertisement-interval<seconds>

config vlan <vid> ip route-discovery

preference-level <preference-level_value>

circuitless-ip-int info [vrf<value>] [vrfids <value>]

info [vrf <value>] [vrfids <value>]

interface [vrf <value>] [vrfids<value>]

forwarding [vrf <value>] [vrfids<value>]

route-discovery [vrf <value>][vrfids <value>]

route info [ip <value>] [-s <value>][alternative] [vrf <value>] [vrfids<value>]

route preference info [vrf <value>][vrfids <value>]

static-route info [<ip_address>][-s <value>] [vrf <value>] [vrfids<value>]

show ip

vrf info [vrf <value>] [vrfids<value>]

show ports info ip [vlan <value>] [port<value>] [vrf <value>] [vrfids <value>]


NN46205-523 02.02 9 December 2009


.

Job aid: Roadmap of VRF Lite IP CLI commands 115


Command Parameter

show port info route-discovery [vlan<value>] [port <value>]

show vlan info ip [<vid>] [vrf <value>][vrfids <value>]

show vlan info route-discovery [<vid>]

Job aid: Roadmap of VRF Lite IP CLI commandsThe following table lists the VRF Lite commands and their parameters thatyou use to perform the procedures in this section.

Table 9Job aid: Roadmap of VRF Lite IP CLI commands

Command Parameter

disable

enable

config ip vrf <vrfName> forwarding

info

config ip vrf <vrfName> route delete<ipaddr/mask> next-hop <value>[next-hop-vrf <value>]

infoconfig ip vrf <vrfName> route preference

protocol <protocol> <value>

disable

enable

config ip vrf <vrfName> route-discovery

info

create <ipaddr/mask> next-hop<value> cost <value> [preference<value>] [local-next-hop <value>][next-hop-vrf <value>]

delete <ipaddr/mask> next-hop<value>] [next-hop-vrf <value>]

disable <ipaddr/mask> next-hop<value>] [next-hop-vrf <value>]

enable <ipaddr/mask> next-hop<value>] [next-hop-vrf <value>]

info

local-next-hop <true|false><ipaddr/mask> next-hop <value>][next-hop-vrf <value>]

config ip vrf <vrfName> static-route


NN46205-523 02.02 9 December 2009


.


Table 9Job aid: Roadmap of VRF Lite IP CLI commands (cont’d.)

Command Parameter

preference <value> <ipaddr/mask>next-hop <value>] [next-hop-vrf<value>]

area <ipaddr>

create <ipaddr/mask>

delete <ipaddr>

info

config ip vrf <vrfName> circuitless-ip-int

ospf <enable|disable>

show ip vrf info [vrf <value>] [vrfids<value>]

Basic IP routing configurationConfigure basic IP routing parameters to specify how routing functions onthe switch.



• “Enabling routing on a port” (page 118)

• “Deleting a dynamically learned route” (page 118)


• “Flushing routing tables by VLAN or port” (page 120)

Enabling routing for a router or a VRF instanceGlobally enable IP forwarding (routing) so that the router supports routing.You can use the IP address of any router interface for IP-based networkmanagement.

You configure a VRF the same way as you configure the router, exceptthat you must replace config ip with config ip vrf <vrfName> in thefollowing procedure.

Procedure steps

Step Action

1 Enable IP forwarding entering the following command:

config ip forwarding enable


NN46205-523 02.02 9 December 2009


.


2 Confirm that IP forwarding is enabled by entering the followingcommand:

config ip forwarding info

3 View the global IP forwarding configuration on the switch byentering the following command:

show ip forwarding

--End--

Variable definitionsUse the data in the following table to use the following commands:

• config ip forwarding

• config ip vrf <vrfName> forwarding

Variable Value

disable Disables IP forwarding (routing) on the router orVRF.

enable Enables IP forwarding (routing) on the router orVRF. The default is enable.

info Displays current forwarding information for therouter or VRF.

vrf <vrfName> Specifies the VRF instance by name.

Example of enabling routing on a router and a VRF

Step Action

1 Enable routing on the router by entering the following command:

config ip forwarding enable

2 Enable routing on VRFs by entering the following commands:

config ip vrf VrfOne forwarding enable

config ip vrf VrfTwo forwarding enable

--End--


NN46205-523 02.02 9 December 2009


.


Enabling routing on a portYou can enable or disable routing capabilities on specified switch ports.The specified port can still be part of a routed VLAN. The default settingfor routing is enable.

Procedure steps

Step Action

1 Enable routing on a port by entering the following command:

config ethernet <ports> routing enable

--End--

Variable definitionsUse the data in the following table to use the config ethernet <ports>routing <enable|disable> command.

Variable Value

enable Enables routing for the specified port.

disable Disables routing for the specified port.

<ports> Indicates the slot and port number of the port youare configuring.

Deleting a dynamically learned routeDelete a dynamically learned route from the routing table if you do notwant the Ethernet Routing Switch to use the route. Exercise caution if youdelete entries from the routing table.

To delete a static route, see “Configuring static routes” (page 132).

You configure a VRF in the same way that you configure a router, exceptthat you must replace config ip with config ip vrf <vrfName> in thefollowing procedure.

Procedure steps

Step Action

1 Display IP route information by entering one of the followingcommands:config ip route infoshow ip route info [ip <value>] [-s <value>][alternative]


NN46205-523 02.02 9 December 2009


.


2 Delete the dynamically learned route by entering the followingcommand:config ip route delete <ipaddr/mask> next-hop<value> [next-hop-vrf <value>]

--End--


• show ip route info

• show ip route info vrf <vrfName>

Variable Value

alternative The alternative parameter displays thealternative routes.

ip <value> Specifies the IP address of the network (a.b.c.d).

-s <value> The -s <value> parameter indicates thesubnet in one of the following formats (a.b.c.d/x;a.b.c.d/x.x.x.x; default).

Use the data in the following table to use the following commands:

• config ip route delete

• config ip vrf <vrfName> route delete

Variable Value

<ipaddr/mask> Specifies the IP address and network mask of thedynamic route.

next-hop <value> next-hop <value> specifies the IP address ofthe next-hop router.

Configuring IP route preferencesConfigure IP route preferences to override default route preferences andgive preference to routes learned for a specific protocol. You must disableECMP before you configure route preferences.

You configure a VRF the same way you configure a router, except thatyou must replace config ip with config ip vrf <vrfName> in thefollowing procedure.

ATTENTIONChanging route preferences can affect system performance and networkaccessibility while you perform the procedure. Nortel recommends that youchange a prefix list or a routing protocol before you enable the protocols.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 Configure the route preference for a protocol by entering thefollowing command:config ip route preference protocol <protocol><value>

2 Confirm that the configuration is correct by entering one or bothof the following commands:config ip route preference infoshow ip route preference info

--End--


• config ip route preference

• config ip vrf <vrfName> route preference

Variable Value

info Displays the route preference configured forvarious protocols.

protocol <protocol><value>

Configures the preference value for the specifiedprotocol. If two protocols have the same configuredvalue, the default value is used as the tie-breaker.

• <protocol> must be one of the following:static, ospf-intra, ospf-inter, ebgp, ibgp,rip, ospf-extern1, ospf-extern2, staticv6,ospfv3-intra, ospfv3-inter, ospfv3-extern1, orospfv3-extern2.

• <value> is from 1 to 255. 0 is reserved forlocal routes.

Flushing routing tables by VLAN or portFor administrative and troubleshooting purposes, flush the routing tables.

Procedure steps

Step Action

1 Flush IP routing tables by port by entering the followingcommand:config ethernet <ports> action flushIp


NN46205-523 02.02 9 December 2009


.


2 Flush IP routing tables by VLAN by entering the followingcommand:config vlan <vid> action flushIp

--End--

Variable definitionsUse the data in the following table to flush IP routing tables.

Variable Value

<ports> Specifies the slot and port or list of slot and ports.

<vid> Specifies the VLAN ID.

IP address configurationConfigure IP addresses so that device interfaces can use IP and so thatyou can remotely access the Ethernet Routing Switch 8600.


• “Configuring an IP address for the management port” (page 121)

• “Configuring a virtual IP address for the management port” (page 123)



• “Viewing IP information for all router interfaces” (page 127)

Configuring an IP address for the management portConfigure the IP address for the management port so that you canremotely access the switch using the management port.

Procedure steps

Step Action

1 Configure the IP address and mask for the management port byentering the following commands:

config bootconfig net mgmt ip <ipaddr/mask> [cpu-slot<value>]

save bootconfig


NN46205-523 02.02 9 December 2009


.


ATTENTIONYou must use this command to save the bootconfig to retain yourconfiguration changes.

If the boot.cfg file is not loaded while booting, by default themanagement port uses the static IP address of 192.168.168.168/24for the CPU card in slot 5 and 192.168.168.169/24 for the CPU cardin slot 6.

2 Confirm that the IP address is correct by entering the followingcommand:

config bootconfig net mgmt info

3 Show the complete network management status by entering thefollowing command:

show boot net

--End--

Variable definitionsUse the data in the following table to use the config bootconfig net<cpu-net-port> command.

Variable Value

autonegotiate<true|false>

Enables or disables Auto-Negotiation.

bootp <true|false> Enables or disables bootp. If Bootstrap Protocolis enabled, the switch obtains its IP addressautomatically.

chk-src-route<true|false>

Enables or disables the switch to block packets thathave no route back to the source.

<cpu-net-port> Specifies the network port. <cpu-net-port>options include mgmt, cpu2cpu, or pccard.

enable <true|false> Enables or disables the port.

fullduplex<true|false>

Enables or disables full-duplex mode on the port.

Changing the duplex setting for this port fromfull to half duplex for a 8648GTR port causes a30-second loss of bidirectional traffic while thesoftware resets.

info Displays the current configuration.


NN46205-523 02.02 9 December 2009


.


Variable Value

ip <ipaddr/mask>[cpu-slot <value>]

Specifies the IP address for the networkmanagement port.

• <ipaddr/mask> is the IP address andnetwork mask that you assign to the networkmanagement port in one of the followingformats: a.b.c.d/x; a.b.c.d/x.x.x.x; default.

• <value> is the slot ID to which the IP addressapplies in the range of 3 to 6.

If the boot.cfg file is not present on the flash, thenetwork management port (also referred to as theOut of Band [OOB] interface) is assigned a defaultIP address (192.168.168.168/24 for slot 5 or slot 3[for an 8003 chassis] and 192.168.168.169/29 forslot 6). If an IP address is already configured forthis interface in the boot.cfg file, the switch usesthis address.

restart Shuts down and reinitializes the port.

route [add|del]<netaddr|mask><gateway>

Specifies the addition or deletion of the route forthe network management port.

• <netaddr|mask> is the IP address andnetwork mask that you assign to the networkmanagement port in one the following formats:a.b.c.d/x; a.b.c.d/x.x.x.x; default.

• <gateway> is the gateway IP address in theformat a.b.c.d.

speed <10|100> Configures the speed for the port as 10 or100 megabits for every second (Mbit/s).

tftp <ipaddr> Configures the Trivial File Transfer Protocol (TFTP)IP address in the format a.b.c.d.

Configuring a virtual IP address for the management portConfigure a virtual IP address for the management port to provide analternative method of connecting remotely. After you change the bootconfiguration, you must save the changes to both the Master and theStandby CPUs.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 Configure a virtual IP for the management port by entering thefollowing command:config sys set mgmt-virtual-ip <ipaddr/mask>

2 Save the configuration to the Master CPU by entering thefollowing command:save config

3 Save the configuration to the Standby CPU, if required, byentering the following command:save config standby

4 Use Telnet to connect to the Standby CPU and reset it byentering the following command:telnet <ipaddr>

5 Reset the Standby CPU by entering the following command:reset -y

--End--

Variable definitionsUse the data in the following table to use the config sys setmgmt-virtual-ip command.

Variable Value

<ipaddr> Specifies the IP address of the Standby CPU.

<ipaddr/mask> The <ipaddr/mask> parameter specifies the IPaddress and network mask that you assign to thenetwork management port (a.b.c.d/x; a.b.c.d/x.x.x.x;default).

Assigning an IP address to a portUse a brouter port to route IP packets and to bridge all nonroutable traffic.The routing interface of the brouter port is not subject to the spanning treestate of the port. A brouter port can be in the blocking state for nonroutabletraffic and still route IP traffic. This feature removes interruptions causedby Spanning Tree Protocol recalculations in routed traffic.

If an IP interface is configured without specifying the VRF instance, it mapsto VRF 0 by default.

Prerequisites

• A routed IP policy-based single-port VLAN is configured.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 Assign an IP address and VLAN ID to the port by entering thefollowing command:

config ethernet <ports> ip create <ipaddr/mask> <vid>[mac_offset <value>]

2 Confirm the configuration is correct by entering the followingcommand:

show ports info brouter port

--End--

Variable definitionsUse the data in the following table to use the config ethernet <ports>ip command.

Variable Value

create <ipaddr/mask><vid> [mac_offset<value>]

Assigns an IP address to a port to create a brouterport.

• <ipaddr/mask> is the IP address and maskin a.b.c.d format.

• <vid> is the VLAN ID in the range of 1 to 4094.

• mac_offset <value> specifies a number bywhich to offset the MAC address of the brouterport from the chassis MAC address. Thisensures that each IP address has a differentMAC address.

delete <ipaddr> Deletes an IP address from a brouter port.

info Displays configured IP characteristics on the port.

<ports> Indicates the slot and port number.

Rvs-Path-Chk<enable|disable>[mode <value>]

Enables or disables reverse path checking.

• mode <value> is either exist-only mode orstrict mode. In exist-only mode, RPC checkswhether the incoming packet source IP addressexists in the routing table. If the source IP entryis found, the packet is forwarded as usual;otherwise, the packet is discarded.In strict mode, RPC checks whether theincoming packet source IP address exists inthe routing table. If the source IP entry is not


NN46205-523 02.02 9 December 2009


.


Variable Value

found, RPC further checks to see if the sourceIP interface matches the packet incominginterface. If they match, the packet is forwardedas usual, otherwise, the packet is discarded.

Reverse path checking is supported only on Rseries modules with R mode enabled.

Assigning an IP address to a VLANSpecify an IP address for a VLAN so that the VLAN can perform IProuting.

Prerequisites



Procedure steps

Step Action

1 Assign an IP address to a VLAN by entering the followingcommand:config vlan <vid> ip create <ipaddr/mask>[mac_offset <value>]

2 Associate the VLAN with a VRF instance by entering thefollowing command:config vlan <vid> vrf <vrfName>

3 Use the following variable definitions table to configure otherparameters as required.

4 Confirm that your configuration is correct by entering one or all ofthe following commands:config vlan <vid> ip infoconfig vlan <vid> vrf <vrfName> ip infoshow vlan info ip [<vid>] [port <value>] [vrf<value>] [vrfids <value>]

--End--


• config vlan <vid> ip

• config vlan <vid> vrf <vrfName> ip


NN46205-523 02.02 9 December 2009


.


Variable Value

create <ipaddr/mask>[mac_offset <value>]

Assigns an IP address and subnet mask to theVLAN.

• <ipaddr/mask> is the IP address and mask{a.b.c.d}.

• mac_offset <value> specifies a number bywhich to offset the MAC address of the VLANfrom the chassis MAC address. This ensuresthat each IP address has a different MACaddress.

delete <ipaddr> Deletes the specified VLAN IP address.

info Displays VLAN routing characteristics.

Rvs-Path-Chk<enable|disable>[mode <value>]

Enables or disables reverse path checking.

mode <value> is either exist-only mode or strictmode. In exist-only mode, RPC checks whetherthe incoming packet source IP address exists inthe routing table. If the source IP entry is found,the packet is forwarded as usual; otherwise, thepacket is discarded.

In strict mode, RPC checks whether the incomingpacket source IP address exists in the routingtable. If the source IP entry is not found, RPCfurther checks if the source IP interface matchesthe packet incoming interface. If they match, thepacket is forwarded as usual; otherwise, the packetis discarded.

Reverse path checking is supported only on Rseries modules with R mode enabled.

<vid> <vid> is the VLAN ID (VID). The range is 1 to4094.

vrf <vrfName> Specifies the VRF name.

Viewing IP information for all router interfacesYou can display information about all IP interfaces configured on theswitch.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 Show the IP interfaces and addresses on the switch by enteringthe following command:show ip interface

--End--

Job aid: show ip interface commandThe following table shows the headings and descriptions for the show ipinterface command.

Table 10Job aid: show ip interface command

Parameter Description

INTERFACE Indicates the port or VLAN on which the interface isconfigured.

IP ADDRESS Indicates the IP address for the interface.

NET MASK Indicates the subnet mask associated with the IPaddress of this entry. The value of the mask is an IPaddress with all the network bits set to 1 and all thehosts bits set to 0.

BCASTADDR FORMAT Indicates the value of the least-significant bit in theIP broadcast address used to send datagrams onthe (logical) interface associated with the IP addressof this entry. For example, if the Internet standardall-ones broadcast address is used, the value is 1.This value applies to both the subnet and networkbroadcasts addresses used by the entity on this(logical) interface.

REASM MAXSIZE Indicates the size of the largest IP datagram that thisinterface can reassemble from incoming fragmentedIP datagrams.

VLAN ID Indicates the VLAN assigned to the interface.

BROUTER PORT Indicates if the interface is assigned as a brouterport.



NN46205-523 02.02 9 December 2009


.



• “Configuring IP routing for a router or a VRF” (page 129)



Configuring IP routing for a router or a VRFConfigure the IP routing protocol stack to determine which routing featuresthe switch can use. You can configure global parameters before or afteryou configure the routing protocols.

To globally configure IP routing for a VRF instance, replace the configip command structure with the config ip vrf <vrfName> commandstructure.

Procedure steps

Step Action

1 Configure the default TTL for all routing protocols by entering thefollowing command:config ip default-ttl <seconds>


2 Enable ECMP by entering the following command:

config ip ecmp enable

3 Enable the Alternative Route feature globally by entering thefollowing command:

config ip alternative-route enable

4 Configure the remaining config ip parameters as required.See the following variable definitions table for other parameters.

5 Confirm the correct configuration of global parameters byentering the following command:config ip info

--End--

Variable definitionsUse the data in the following table to use the config ip command.


NN46205-523 02.02 9 December 2009


.


Variable Value

alternative-route<enable|disable>

Enables or disables the Alternative Route feature.The default value is enabled.

If the alternative-route parameter is disabled, allexisting alternative routes are removed. If theparameter is enabled, all alternative routes areadded back.

default-ttl<seconds>

Configures the default time-to-live (TTL) value for arouted packet. The TTL is the maximum number ofseconds before a packet is discarded.

seconds is a number from 1 to 255. The defaultvalue of 255 is used if a time is not supplied in thedatagram header.


Enables or disables ECMP. The default is disabled.

If the ECMP parameter is disabled, all existingECMP routes are removed. After ECMP isenabled, all ECMP routes are re-added.

ecmp-1-pathlist<prefix-list-name>

Configures one equal-cost path to the samedestination prefix. After ECMP is disabled, thedefault value is 1. After ECMP is enabled, thedefault is 4. The range for this value is 1 to 4 paths(8 paths for R mode). To remove the policy, entera blank string.

prefix-list-name is the name of the policy witha range of 0 to 64 characters.

To configure this parameter, you must globallyenable ECMP.


Configures up to two equal-cost paths to the samedestination prefix. After ECMP is disabled, thedefault value is 1. After ECMP is enabled, thedefault is 4. The range for this value is 1 to 4paths. To remove the policy, enter a blank string.




NN46205-523 02.02 9 December 2009


.


Variable Value


Configures up to three equal-cost paths to thesame destination prefix. After ECMP is disabled,the default value is 1. After ECMP is enabled,the default is 4. The range for this value is 1 to 4paths. To remove the policy, enter a blank string.




Configures up to four equal-cost paths to thesame destination prefix. After you disable ECMP,the default value is 1. After you enable ECMP,the default is 4. The range for this value is 1 to 4paths. To remove the policy, enter a blank string.



ecmp-max-path<integer>

Configures the maximum number of ECMP paths.

integer is the maximum number of ECMP paths.The range for this number with R mode false is 1 to4, and with R mode true, the range is 1 to 8.

ecmp-pathlist-apply Applies changes to all ECMP pathlistconfigurations.

icmp-redirect-msg<enable|disable>

Enables or disables the switch to send ICMPdestination redirect messages.

icmp-unreach-msg<enable|disable>

Enables or disables the unreachable messagefeature. While enabled, generates Internet ControlMessage Protocol (ICMP) net unreachablemessages if the destination network is notreachable from this router. These messages helpdetermine if the routing switch is reachable overthe network. The default is disabled.



NN46205-523 02.02 9 December 2009


.


Variable Value

info Displays the current global IP configuration.

ip-supernet<enable|disable>

Enables or disables supernetting.

If supernetting is globally enabled, the switch canlearn routes with a route mask less then 8 bits.Routes with a mask length less than 8 bits cannothave ECMP paths, even if the ECMP feature isglobally enabled.

max-routes-trap<enable|disable>

Enables or disables the switch to send a trap if theswitch exceeds the maximum number of routes.


Enables or disables the more-specific-non-local-route feature. If enabled, the switch can enter amore-specific nonlocal route into the routing table.

Static route configurationConfigure an IP static route if you want to manually create a route to adestination IP address.


• “Configuring static routes” (page 132)



Configuring static routesConfigure an static route if you want to manually create a route to adestination IP address.

You configure a static route on a VRF the same way you configure arouter, except that you must replace config ip with config ip vrf<vrfName> in the following procedure.

To import one or a few routes from another VRF, instead of all the routesfor one protocol, you can use the config ip static-route command.When you configure the next-hop-vrf parameter, the static routeis created in the local VRF, and the next-hop route is resolved in thenext-hop VRF instance (next-hop-vrf).

Step Action

1 Create an IP static route by entering the following command:config ip static-route create <ipaddr/mask>


NN46205-523 02.02 9 December 2009


.


next-hop <value> cost <value> [preference <value>][local-next-hop <value>] [next-hop-vrf <value>]

2 Confirm that your configuration is correct by entering thefollowing command:config ip static-route info

3 View existing IP static routes for the switch, or for a specific netor subnet, by entering the following command:show ip static-route info[<ip_address>][-s<value>]

4 After you confirm that the configuration is correct, enable thestatic route by entering the following command:config ip static-route enable <ipaddr/mask>next-hop <value> [next-hop-vrf <value>]

5 Delete a static route by entering the following command:config ip static-route delete <ipaddr/mask>next-hop <value> [next-hop-vrf <value>]

--End--

Variable definitions Use the data in the following table to use thefollowing commands:

• config ip static-route

• config ip vrf <vrfName> static-route

Variable Value

create <ipaddr/mask>next-hop <value>cost <value>[preference <value>][local-next-hop <value>] [next-hop-vrf<value>]

Adds a static or default route to the router or VRFinstance.

• <ipaddr/mask> is the IP address and maskfor the route destination.

• next-hop <value> is the IP address ofthe next-hop router (the next router at whichpackets must arrive on this route). When youcreate a black hole static route, configurethis parameter to 255.255.255.255 as theIP address of the router through which thespecified route is accessible.

• cost <value> is the route metric.

• preference <value> is the route preference.


NN46205-523 02.02 9 December 2009


.


Variable Value

• next-hop <value> is the IP address ofthe next-hop router (the next router at whichpackets must arrive on this route).

• next-hop-vrf <value> specifies thenext-hop VRF.

delete <ipaddr/mask>next-hop <value>[next-hop-vrf<value>]

Deletes a static route.


• next-hop <value> is the IP address of thenext-hop router.


disable <ipaddr/mask> next-hop <value>[next-hop-vrf<value>]

Disables a static route.




enable <ipaddr/mask>next-hop <value>[next-hop-vrf<value>]

Enables a static route.




info Displays characteristics of the static route.

local-next-hop<true|false><ipaddr/mask>next-hop <value>[next-hop-vrf<value>]

Modifies the static route local-next-hop. A staticroute with a local next hop is a route that is validand up when the next hop is active (for example,the switch has a valid ARP entry of the next hop inits ARP database). The switch uses ARP for thenext hop to check its availability.

A static route with a nonlocal next hop is a routethat is active when the next hop is reachablethrough an IGP (that is, OSPF). You can enter astatic route with a next-hop address that is, forexample, an address of a remote Internet gateway


NN46205-523 02.02 9 December 2009


.


Variable Value

router. If this gateway router is reachable throughan IGP, this static route is activated. The switch inthis case checks whether the nonlocal next hop canbe reached through an IGP and if the IGP next hopARP address is active.




preference <value><ipaddr/mask>next-hop <value>[next-hop-vrf<value>]

Modifies the static route preference.




Use the data in the following table to use the following commands:

• show ip static-route info

• show ip static-route info vrf <vrfName>

Variable Value

<ip_address> Specifies the IP address of the network.

-s <value> Specifies the subnet in the format a.b.c.d/x.x.x.x ordefault.

Job aid: show ip static-route command outputThe following table shows the headings and descriptions for the show ipstatic-route info command.


NN46205-523 02.02 9 December 2009


.


Table 11Job aid: show ip static-route info command


DEST Indicates the destination IP address of thestatic route. An entry with a value of 0.0.0.0 isconsidered a default route. Multiple routes to asingle destination can appear in the table, butaccess to multiple entries depends on the tableaccess mechanisms defined by the networkmanagement protocol in use.

MASK Indicates the subnet mask associated with the IPaddress of this entry. The value of the mask is anIP address with all the network bits set to 1 and allthe hosts bits set to 0.

NEXT Indicates the IP address of the next hop of thisroute. In the case of a route bound to an interface,which is realized through a broadcast media, thevalue of this parameter is the agent IP address onthat interface.

NH-VRF Indicates the next-hop VRF. Identifies in which VRFthe ARP entry resides.

COST Indicates the metric.

PREF Indicates the route preference of this entry. If morethan one route can forward IP traffic, the route thathas a highest preference is used instead of a lowerpreference one. The higher the number, the higherthe preference.

LCLNHOP Indicates the state of the local next hop.

STATUS Indicates the status of this route.

ENABLE Indicates the validity of this route.

Example of configuring static routes for a VRF instance

Procedure steps

Step Action

1 Create an IP static route for a VRF instance called VrfCompanyby entering the following command:

ERS8610-5#config ip vrf VrfCompany static-routecreate 131.202.2.2/255.255.0.0 next-hop132.202.7.6

2 Ensure that the configuration is correct by entering the followingcommand:


NN46205-523 02.02 9 December 2009


.


ERS8610-5# config ip vrf VrfCompany static-routeinfo

3 Enable the static route by entering the following command:

ERS8610-5#config ip vrf VrfCompany static-routeenable 131.202.2.2/255.255.0.0 next-hop132.202.7.6

--End--

Configuring a black hole static routeConfigure a black hole static route to the destination a router advertises toavoid routing loops when aggregating or injecting routes to other routers.

If a black hole route is enabled, you must first delete or disable it beforeyou can add a regular static route to that destination.


Procedure steps

Step Action

1 Create a black hole static route by entering the followingcommand:config ip static-route create <ipaddr/mask>next-hop 255.255.255.255 cost <value> [preference<value>] [local-next-hop <value>] [next-hop-vrf<value>]

When you specify a route preference, appropriately configure thepreference value so that when the black-hole route is used, it iselected as the best route.


3 After you confirm the configuration is correct, enable the blackhole static route by entering the following command:config ip static-route enable <ipaddr/mask>next-hop 255.255.255.255 [next-hop-vrf <value>]

--End--

For a description of the variables, see “Variable definitions” (page 133) .


NN46205-523 02.02 9 December 2009


.


Configuring a default static routeThe default route specifies a route to all networks for which no explicitroutes exist in the Forwarding Information Base or in the routing table.This route has a prefix length of zero (RFC 1812). You can configurerouting switches with a static default route, or the switch can learn itthrough a dynamic routing protocol.



Step Action

1 Create a default static route by entering the following command:config ip static-route create 0.0.0.0/0.0.0.0next-hop <a.b.c.d> cost <value> [local-next-hop<value>] [next-hop-vrf <value>]

For a description of the variables, see “Variable definitions”(page 133)


3 After you confirm that the configuration is correct, enable thedefault static route by entering the following command:config ip static-route enable 0.0.0.0/0.0.0.0next-hop <a.b.c.d>

--End--

ICMP Router Discovery configurationUse ICMP Router Discovery to enable hosts attached to multicast orbroadcast networks to discover the IP addresses of their neighboringrouters.


• “Configuring ICMP Router Discovery globally” (page 139)

• “Configuring Router Discovery on a VLAN” (page 139)

• “Configuring Router Discovery on a port” (page 142)


NN46205-523 02.02 9 December 2009


.


Configuring ICMP Router Discovery globallyEnable Router Discovery globally so that the switch supports RouterDiscovery.


Step Action

1 Enable ICMP Router Discovery on the switch by entering thefollowing command:config ip route-discovery enable

2 Confirm that Router Discovery is enabled by entering one or bothof the following commands:config ip route-discovery infoshow ip route-discovery

--End--

Variable definitions Use the data in the following table to use thefollowing commands:

• config ip route-discovery

• config ip vrf <vrfName> route-discovery

Variable Value

disable Globally disables ICMP Router Discovery.

enable Globally enables ICMP Router Discovery.

info Displays the global status of the Router Discoveryfeature.

Configuring Router Discovery on a VLANEnable Router Discovery so that the switch forwards Router DiscoveryAdvertisement packets to the VLAN.

Step Action

1 Enable Router Discovery on a VLAN by entering the followingcommand:config vlan <vid> ip route-discovery advertise-flag true


NN46205-523 02.02 9 December 2009


.


2 Configure other Router Discovery parameters for the VLAN, asrequired, by entering the following variable definitions table.

3 Confirm that your configuration is correct by entering one of thefollowing commands:config vlan <vid> route-discovery infoshow vlan info route-discovery [<vid>] [port<value>]

--End--

Variable definitions Use the data in the following table to use theconfig vlan <vid> route-discovery command.

Variable Value

advertise-flag<true|false>

Advertises (true) or does not advertise (false) theaddress on the interface.

The default is true.


Specifies the destination IP address used forbroadcast or multicast router advertisements sentfrom the interface.

The accepted values are the all-systems multicastaddress, 224.0.0.1, or the limited-broadcastaddress, 255.255.255.255.



Specifies the time-to-live value (TTL) of routeradvertisements (in seconds) sent from theinterface.

<seconds> is MaxAdvInterval to 9000 seconds.The default value is 1800 seconds.

info Displays current configuration information about theVLAN ICMP Router Discovery parameters.

max-advertisement-interval <seconds>

Specifies the maximum time (in seconds) thatelapses between unsolicited broadcast or multicastrouter advertisement transmissions from the routerinterface.

<seconds> is 4 seconds to 1800 seconds. Thedefault value is 600 seconds.


NN46205-523 02.02 9 December 2009


.


Variable Value

min-advertisement-interval <seconds>

Specifies the minimum time (in seconds) thatelapses between sending unsolicited broadcastor multicast router advertisement transmissionsfrom the interface. The range is 3 seconds toMaxAdvInterval.


preference-level<preference-level_value>

Specifies the preference (a higher number indicatesmore preferred) of the address as a default routeraddress relative to other router addresses on thesame subnet.

<preference-level_value> is in the range of–2147483648 to 2147483647. The default value is0.

<vid> <vid> is a VLAN ID in the range of 1 to 4094.

Use the data in the following table to use the show vlan inforoute-discovery command.

Variable Value

port <value> port<value> is a slot and port or portlist{slot/port[-slot/port][,...]}

<vid> <vid> is a VLAN ID in the range of 1 to 4094.

Job: show vlan info route-discovery command The followingtable shows the headings and descriptions for the show vlan inforoute-discovery command.

Table 12Job aid: show vlan info route-discovery command


VLAN ID Indicates the VLAN ID.

ADV_ADDRESS Indicates the advertisement address to which theroute discovery advertisements are transmittedfrom this interface.

ADV_FLAG Indicates whether the address is advertised on thisinterface.

LIFETIME Indicates the lifetime of router advertisements sentfrom the interface.

MAX_INT Indicates the maximum time that elapses betweenrouter advertisement transmissions from thisinterface.


NN46205-523 02.02 9 December 2009


.


Table 12Job aid: show vlan info route-discovery command (cont’d.)


MIN_INT Indicates the minimum time that elapses betweenrouter advertisement transmissions from thisinterface.

PREF_LEVEL Indicates the preferability of the router address as adefault router.

Configuring Router Discovery on a portEnable Router Discovery on a port so that the port can send RouterDiscovery Advertisement Packets.

Step Action

1 Enable Router Discovery on a port by entering the followingcommand:config ethernet <ports> ip route-discoveryadvertise true

2 Configure other Router Discovery parameters for the port, asrequired, using the following variable definitions table.

3 Confirm that your configuration is correct by entering one or bothof the following commands:config ethernet <ports> ip route-discovery infoshow port info route-discovery [vlan <value>] [port<value>]

--End--

Variable definitions Use the data in the following table to use theconfig ethernet <ports> ip route-discovery command.

Variable Value

advertise-flag<true|false>

Indicates whether the address is advertised on theinterface. The default is true (advertise address).


Specifies the destination IP address used forbroadcast or multicast router advertisementssent from the interface. The address is theall-systems multicast address, 224.0.0.1, or thelimited-broadcast address, 255.255.255.255. Thedefault value is 255.255.255.255.


NN46205-523 02.02 9 December 2009


.


Variable Value


Specifies the time-to-live value (TTL) of routeradvertisements (in seconds) sent from theinterface. The range is max-advertisement-intervalto 9000 seconds. The default value is 1800seconds.

info Displays current configuration information about theICMP Router Discovery parameters.

max-advertisement-interval <seconds>

Specifies the maximum time (in seconds) thatelapses between unsolicited broadcast or multicastrouter advertisement transmissions from the routerinterface. The range is 4 seconds to 1800 seconds.The default value is 600 seconds.

min-advertisement-interval <seconds>

Specifies the minimum time (in seconds) thatelapses between unsolicited broadcast ormulticast router advertisement transmissionsfrom the interface. The range is 3 seconds tomax-advertisement-interval. The default value is450 seconds.

preference-level<preference-level_value>

Specifies the preference value (a higher numberindicates more preferred) of the address as adefault router address relative to other routeraddresses on the same subnet. The range is–2147483648 to 2147483647. The default value is0.

Use the data in the following table to use the show port inforoute-discovery command.

Variable Value

port <value> Specifies the port or list of ports.

vlan <value> Specifies the VLAN ID or list of VLAN IDs.

Configuring a CLIP interfaceConfigure a circuitless IP interface (CLIP) when you want to provide avirtual interface that is not associated with a physical port. You can use aCLIP interface to provide uninterrupted connectivity to your switch. Youcan configure a maximum of 256 CLIP interfaces on each device.



NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 Create a CLIP interface by entering the following command:config ip circuitless-ip-int <id> create<ipaddr/mask>

<id> is an integer in the range 1 to 256 that indicates theidentification number for the specific CLIP.

2 Enable PIM on the CLIP interface by entering the followingcommand:config ip circuitless-ip-int <id> pim enable

3 Enable OSPF on the CLIP interface by entering the followingcommand:config ip circuitless-ip-int <id> ospf enable

4 To enable IP VPN on the CLIP interface, enter the followingcommand:

config ip circuitless-ip-int <id> ipvpn-lite-capabilityenable

5 Define the area by entering the following command:config ip circuitless-ip-int <id> area <ipaddr>

6 Confirm that your configuration is correct by entering one or bothof the following commands:config ip circuitless-ip-int infoshow ip circuitless-ip-int info

--End--


• config ip vrf <vrfName> circuitless-ip-int <id>

• config ip circuitless-ip-int <id>

Variable Value

area <ipaddr> Designates an area for the CLIP interface.<ipaddr> is the IP address of the OSPFarea that is associated with the CLIP.

create <ipaddr/mask> Creates a CLIP interface. <ipaddr/mask> isthe IP address and net mask of the circuitlessIP interface.

delete <ipaddr> Deletes the specified CLIP interface.<ipaddr> is the IP address of the CLIP.


NN46205-523 02.02 9 December 2009


.


Variable Value

ipvpn-lite-capabilityenable

Enables IP VPN on the CLIP interface.

info Displays the configured parameters for theCLIP interface.

ospf <enable|disable> Enables or disables passive mode OSPF forthe CLIP interface.

pim <enable|disable> Enables or disables PIM for the CLIPinterface.

Example of configuring an OSPF CLIP interface

Procedure steps

Step Action

1 Configure a circuitless IP by entering the following command:

ERS-8606:5 config ip circuitless-ip-int 1 create11.126.205.1/255.0.0.0

2 Assign an interface number to the CLIP interface by entering thefollowing command:

ERS-8606:5 config ip circuitless-ip-int 1 area134.177.1.0

3 Enable OSPF support by entering the following command:

ERS-8606:5 config ip circuitless-ip-int 1 ospfenable

4 Display information about the CLIP configuration by entering thefollowing command:

ERS-8606:5 config ip circuitless-ip-int 1 info

--End--

Job aid: show ip circuitless-ip-int info commandThe following table shows the headings and descriptions for the showip circuitless-ip-int info [vrf <value>] [vrfids <value>]command.


NN46205-523 02.02 9 December 2009


.


Table 13Job aid: show ip circuitless-ip-int info command


INTF ID Indicates the port or VLAN (interface ID) on whichthe interface is configured.

IP_ADDRESS Indicates the IP address for the interface.

NET_MASK Indicates the subnet mask associated with the IPaddress of this entry. The value of the mask is anIP address with all the network bits set to 1 and allthe hosts bits set to 0.

OSPF STATUS Indicates the status of OSPF on the interface.

PIM STATUS Indicates the status of PIM on the interface.

AREA_ID Indicates the area ID address.

IPVPN-LITE STATUS Indicates the status of IP VPN Lite compatibility onthe interface.


NN46205-523 02.02 9 December 2009


.

147.

IP routing configuration using theNNCLI

Configure the IP router interface so that you can configure and use routingprotocols and features on the interface. This section contains instructionsfor both the Global Router and Virtual Router Forwarding (VRF) instances.

Navigation• “Job aid: Roadmap of IP NNCLI commands” (page 147)

• “Job aid: Roadmap of VRF Lite IP NNCLI commands” (page 150)





Job aid: Roadmap of IP NNCLI commandsThe following table lists the commands and their parameters that you useto perform the procedures in this section.

Table 14Job aid: Roadmap of IP NNCLI commands

Command Parameters

Privileged EXEC mode

fastethernet <portList>

gigabitethernet <portList>

clear ip route

vlan <1-4094>

show basic config


NN46205-523 02.02 9 December 2009


.

148 IP routing configuration using the NNCLI

Table 14Job aid: Roadmap of IP NNCLI commands (cont’d.)

Command Parameters

<cr>show brouter

<1-4094>

ecmp <pathlist-1| pathlist-2|pathlist-3|pathlist-4> [vrf <WORD 0-16>][vrfids <WORD 0-255>]

interface <fastethernet|gigabitethernet> [<vlanlist>] [<portList>]

show ip

route [-s <default|A.B.C.D/X>][alternative] [count-summary][preference] [static] [vrf <WORD0-16>] [vrfids <WORD 0-255>][<A.B.C.D>]

connections

properties

show ip tcp

statistics

show interfaces loopback [vrf <WORD0-16>] [vrfids <WORD 0-255>]

traceroute <A.B.C.D> [<1-1464>] [-m<1-255>] [-p <0-65535>] [-q <1-255>][-v] [-w <1-255>] [vrf <WORD 0-16>]

Global Configuration mode

interface loopback <1-256>

ip alternative-route

ip ttl <1-255>

<cr>

max-path <1-8>

pathlist-1 <WORD 1-64>



ip ecmp


ip routing

redirectip icmp

unreachable

ip irdp


NN46205-523 02.02 9 December 2009


.

Job aid: Roadmap of IP NNCLI commands 149

Table 14Job aid: Roadmap of IP NNCLI commands (cont’d.)

Command Parameters

ip max-routes-trap enable

ip more-specific-non-local-route[enable]

ip supernet

enable [next-hop-vrf <WORD 0-16>]

local-next-hop enable

preference <1-255> [next-hop-vrf<WORD 0-16>]

ip route <A.B.C.D> <A.B.C.D> <A.B.C.D>

weight <1-65535>

ip route preference protocol<static|ospf-intra|ospf-inter|ebgp|ibgp|rip|ospf-extern1|ospf-extern2|staticv6|ospfv3-intra|ospfv3-inter|ospfv3-extern1|ospfv3-extern2> <0-255>

Interface Configuration mode

brouter port <portList> vlan <1-4094>subnet <A.B.C.D/X> [mac-offset<0-65535>]

address <A.B.C.D>

holdtime <4-9000>

maxadvertinterval <4-1800>

minadvertinterval <3-1800>

multicast

ip irdp

preference <-2147483648-2147483647>

ip Rvs-Path-Chk [mode <exist-only|strict>]

routing [port <portList>] [enable]

Loopback Interface Configuration mode

ip address [<1-256>] <A.B.C.D/X> [vrf<WORD 0-16>]

ip pim [<1-256>]


NN46205-523 02.02 9 December 2009


.


Job aid: Roadmap of VRF Lite IP NNCLI commandsThe following table lists the VRF Lite commands and parameters thatyou use to perform the procedures in this section. These commands areavailable in VRF Router Configuration mode.

Table 15Job aid: Roadmap of VRF Lite IP NNCLI commands

Command Parameter

VRF Router Configuration mode


<cr>

max-path <1-8>




ip ecmp


ip routing

redirectip icmp

unreachable

ip irdp

enable [next-hop-vrf <WORD 0-16>]

local-next-hop enable

preference <1-255> [next-hop-vrf<WORD 0-16>]

ip route <A.B.C.D> <A.B.C.D> <A.B.C.D>

weight <1-65535>

ip route preference protocol<static|ospf-intra|ospf-inter|ebgp|ibgp|rip|ospf-extern1|ospf-extern2|staticv6|ospfv3-intra|ospfv3-inter|ospfv3-extern1|ospfv3-extern2> <0-255>

ip supernet

ip ttl <1-255>

Basic IP routing configurationConfigure basic IP routing parameters to determine how routing functionson the switch.


NN46205-523 02.02 9 December 2009


.




• “Enabling routing on a port” (page 151)


• “Deleting a dynamically learned route” (page 152)


• “Flushing routing tables by VLAN or port” (page 154)

Enabling routing for a router or a VRF instanceEnable IP forwarding (routing) on a global level so that the router supportsrouting. You can use the IP address of any router interface for IP-basednetwork management.

Prerequisites

• Access Global Configuration mode or VRF Router Configuration mode.

Procedure steps

Step Action

1 Enable IP forwarding by entering the following command:

ip routing

2 To view the forwarding configuration, enter the followingcommand:

show ip routing

--End--

Enabling routing on a portYou can enable or disable routing capabilities on specified switch ports.The specified port can be part of a routed VLAN, while routing is disabledonly on that port. The default setting for routing is enable.

Prerequisites

• Access Interface Configuration mode.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 To enable routing, use the following command:

routing enable

--End--

Deleting a dynamically learned routeDelete a dynamically learned route from the routing table if you do notwant the Ethernet Routing Switch to use the route. Exercise caution whenyou delete entries from the routing table.

To delete a static route, see “Configuring static routes” (page 164).

Prerequisites

• Access Global Configuration mode.

Procedure steps

Step Action

1 To view IP route information, enter the following command:

show ip route [<A.B.C.D>] [-s <A.B.C.D> <A.B.C.D>][alternative] [preference] [vrf <WORD 0-16>] [vrfids<WORD 0-255>]

2 Delete the dynamically learned route by entering the followingcommand:

no ip route <A.B.C.D> <A.B.C.D> <A.B.C.D> dynamic

In this command, <A.B.C.D> specifies the IP address, thesubnet mask, and the next-hop IP address, respectively.

--End--

Variable definitionsUse the data in the following table to use the show ip route commands.

Variable Value

<A.B.C.D> Specifies the IP address of the route to thenetwork.


NN46205-523 02.02 9 December 2009


.


Variable Value

-s <A.B.C.D><A.B.C.D>

Indicates the IP address and subnet mask for whichto display routes.

alternative alternative displays the alternative routes.

preference[next-hop-vrf <WORD0-16>]

preference displays the route preference.

vrf <WORD 0-16> Specifies a VRF instance by VRF name.

vrfids <WORD 0-255> Specifies a VRF instance by VRF number.

Use the data in the following table to use the no ip route <A.B.C.D><A.B.C.D> <A.B.C.D> command.

Variable Value

dynamic Specifies that a dynamic route is to be deleted.

enable Disables the route.

local-next-hopenable

Disables the local-next-hop option.

preference Deletes the value of the route preference.

next-hop-vrf <WORD0-16>

Specifies the name of the next-hop VRF router.

Configuring IP route preferencesConfigure IP route preferences to override default route preferences andgive preference to routes learned for a specific protocol. You must disableECMP before you configure route preferences.

To configure route preferences for a VRF, access VRF RouterConfiguration mode, rather than Global Configuration mode.

ATTENTIONChanging route preferences can affect system performance and networkaccessibility while you perform the procedure. Nortel recommends that youchange a prefix list or a routing protocol before you enable the protocols.

Prerequisites

• Access Global Configuration mode or VRF Router Configuration mode.

• ECMP is disabled.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 Configure the route preference for a protocol by entering thefollowing command:ip route preference protocol <static|ospf-intra|ospf-inter|ebgp|ibgp|rip|ospf-extern1|ospf-extern2|staticv6|ospfv3-intra|ospfv3-inter|ospfv3-extern1|ospfv3-extern2> <0-255>

2 To confirm that the configuration is correct, enter the followingcommand:show ip route preference [vrf <WORD 0-16>] [vrfids<WORD 0-255>]

--End--

Variable definitionsUse the data in the following table to use the ip route preference andthe show ip route preference commands.

The default form of the route preference command is default ip routepreference protocol <protocol>.

Variable Value

protocol <static|ospf-intra|ospf-inter|ebgp|ibgp|rip|ospf-extern1|ospf-extern2|staticv6|ospfv3-intra|ospfv3-inter|ospfv3-extern1|ospfv3-extern2> <0-255>

Configures the preference value for the specifiedprotocol. If two protocols have the same configuredvalue, the default value is used.

• The protocol must be one of the following:static, ospf-intra, ospf-inter, ebgp, ibgp,rip, ospf-extern1, ospf-extern2, staticv6,ospfv3-intra, ospfv3-inter, ospfv3-extern1, orospfv3-extern2.

• <0-255> configures the priority. 0 is reservedfor local routes.

vrf <WORD 0-16> Specifies a VRF instance by VRF name.

vrfids <WORD 0-255> Specifies a VRF instance by VRF number.

Flushing routing tables by VLAN or portFor administrative and troubleshooting purposes, flush the routing tables.

To flush tables on a VRF instance for a port or VLAN, ensure that the VRFis associated with the port or VLAN.


NN46205-523 02.02 9 December 2009


.


Prerequisites


Procedure steps

Step Action

1 Enter the following command:

action flushIp

--End--

IP address configurationConfigure IP addresses so that device interfaces can use IP, and so thatthe Ethernet Routing Switch 8600 can be accessed remotely.


• “Configuring an IP address for the management port” (page 155)

• “Configuring a virtual IP address for the management port” (page 156)




Configuring an IP address for the management portConfigure the IP address for the management port so that you canremotely access the switch using the management port.

Prerequisites


Procedure steps

Step Action

1 Configure the IP address and mask for the management port byentering the following command:

boot config net mgmt ip <A.B.C.D> <A.B.C.D> <5-6>

save bootconfig


NN46205-523 02.02 9 December 2009


.


ATTENTIONYou must save the bootconfig to retain the configuration changesmade using this command.

If the boot.cfg file is not loaded while booting, by default themanagement port uses the static IP address of 192.168.168.168/24for the CPU card in slot 5 and 192.168.168.169/24 for the CPU cardin slot 6.

2 To show the complete network management information, enterthe following command:

show boot config net

--End--

Variable definitionsUse the data in the following table to use the boot config net mgmtcommands.

Variable Value

ip <A.B.C.D><A.B.C.D>

Specifies the IP address and subnet mask for thenetwork management port.

If the boot.cfg file is not present on the flash, thenetwork management port (also referred to as theOut of Band [OOB] interface) is assigned a defaultIP address (192.168.168.168/24 for slot 5 or slot 3[for an 8003 chassis] and 192.168.168.169/29 forslot 6). If an IP address is already configured forthis interface in the boot.cfg file, the switch usesthis address.

<5-6> Specifies the CPU slot as slot 5 or slot 6.

Configuring a virtual IP address for the management portConfigure a virtual IP address for the management port so that you havean alternative way to remotely connect to it. After you change the bootconfiguration, you must save the changes to both the Master and theStandby CPUs.

Prerequisites



NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 Configure a virtual IP for the management port by entering thefollowing command:

sys mgmt-virtual-ip <A.B.C.D/0-32>

2 Save the configuration to the Master CPU by entering thefollowing command:

save config

3 Save the configuration to the Standby CPU, if required, byentering the following command:

save config standby

4 Use Telnet to connect to the Standby CPU and reset it byentering the following command:

peer telnet

5 Reset the Standby CPU by entering the following command:

reset

--End--

Variable definitionsUse the data in the following table to use the mgmt-virtual-ipcommand.

The default form of this command is default sys mgmt-virtual-ip.The no form of this command is no sys mgmt-virtual-ip.

Variable Value

<A.B.C.D/0-32> Specifies the IP address and network mask thatyou assign to the network management port.

Assigning an IP address to a portAssign an IP address to a port so that it supports routing operations.

Use a brouter port to route IP packets and to bridge all nonroutable traffic.The routing interface of the brouter port is not subject to the spanning treestate of the port. A brouter port can be in the blocking state for nonroutabletraffic and still route IP traffic. This feature removes interruptions causedby Spanning Tree Protocol recalculations in routed traffic.


NN46205-523 02.02 9 December 2009


.



Use the vrf parameter to associate the port or VLAN with a VRFinstance.

Prerequisites


Procedure steps

Step Action

1 Assign an IP address to the port by entering the followingcommand:

brouter port <portList> vlan <1-4094> subnet <A.B.C.D/X>[mac-offset <0-65535>]

2 If required, associate the port with a VRF:

vrf <WORD 0-16>

3 To confirm that the configuration is correct, enter the followingcommand:

show brouter [vlan <1-4094>]

--End--

Variable definitionsUse the data in the following table to use the brouter port <portList>command and the show brouter command.

Variable Value

mac-offset <0-65535> Specifies a number by which to offset the MACaddress of the brouter port from the chassis MACaddress. This ensures that each IP address has adifferent MAC address.

port <portList> Indicates the slot and port number of the port youare configuring.

subnet <A.B.C.D/0-32>

Specifies the IP address and subnet mask.

vlan <1-4094> Specifies the VLAN ID.


NN46205-523 02.02 9 December 2009


.


Assigning an IP address to a VLANAssign an IP address to a VLAN so that it supports routing operations.


Use the vrf parameter to associate the VLAN with a VRF instance.

Prerequisites

• IP forwarding is globally enabled.

• Access VLAN Interface Configuration mode.

Procedure steps

Step Action

1 Assign an IP address by entering the following command:

ip address <A.B.C.D> <A.B.C.D> [mac-offset <0-65535>]

2 If required, associate the VLAN with a VRF:

vrf <WORD 0-16>

--End--

Variable definitionsUse the data in the following table to complete the ip address<A.B.C.D> <A.B.C.D> commands, where <A.B.C.D> <A.B.C.D> arethe IP address and subnet mask, respectively.

Variable Value

<cr> Specifies the IP address and subnet mask of theVLAN.The no form is no ip address <A.B.C.D>.

mac-offset<0-65535>

mac-offset specifies a number by which to offsetthe MAC address of the brouter port or VLAN fromthe chassis MAC address. This ensures that eachIP address has a different MAC address. The rangeis 0 to 65535.

Viewing IP addresses for all router interfacesPerform the following procedure to display information about all IPinterfaces configured on the switch.


NN46205-523 02.02 9 December 2009


.


Prerequisites

• Access Privileged EXEC mode.

Procedure steps

Step Action

1 To show the IP interfaces and addresses on the switch, enter thefollowing command:show ip interface

--End--



• “Configuring IP routing for a router or a VRF” (page 160)



Configuring IP routing for a router or a VRFConfigure the IP routing protocol stack to specify which routing featuresthe switch can use. You can configure global parameters before or afteryou configure the routing protocols.

To configure IP routing globally for a VRF instance, use VRF RouterConfiguration mode rather than Global Configuration mode.

Prerequisites

• Access Global or VRF Router Configuration mode.

Procedure steps

Step Action

1 To configure the default TTL for all routing protocols to use, enterthe following command:ip ttl <1-255>



NN46205-523 02.02 9 December 2009


.


2 To enable ECMP, enter the following command:

ip ecmp

3 To enable the Alternative Route feature globally, enter thefollowing command:


4 Configure the remaining global parameters as required. See thefollowing variable definitions tables for other parameters.

--End--

Variable definitionsUse the data in the following table to use the ip commands.

Variable Value

alternative-route Enables or disables the Alternative Route feature.The default value is enabled.

If the alternative-route parameter is disabled, allexisting alternative routes are removed. When theparameter is enabled, all alternative routes arere-added.

The default form of this command is default ipalternative-route.The no form of this command is no ipalternative-route.

max-routes-trapenable

Enables the switch to send a trap when themaximum number of routes is exceeded.The no form of this command is no max-routes-trap enable.The default form of this command is defaultmax-routes-trap enable.

more-specific-non-local-route

Enables the more-specific-non-local-route feature.If enabled, the switch can enter a more-specificnonlocal route into the routing table.The default form of this command is default ipmore-specific-non-local-routeThe no form of this command is no ipmore-specific-non-local-route

routing Enables routing.The no form of this command is no ip routing.


NN46205-523 02.02 9 December 2009


.


Variable Value

supernet Enables or disables supernetting.

If supernetting is globally enabled, the switch canlearn routes with a route mask of less then eightbits. Routes with a mask length less than eightbits cannot have ECMP paths, even if the ECMPfeature is globally enabled.

The default form of this command is default ipsupernet.The no form of this command is no ip supernet.

ttl <1-255> Configures the default time-to-live (TTL) value fora routed packet. The TTL is the maximum numberof seconds before a packet is discarded. Thedefault value of 255 is used whenever a time is notsupplied in the datagram header.

The default form of this command is default ipttl.

Use the data in the following table to use the ip ecmp commands.

Variable Value

<cr> Enables or disables ECMP. The default is disabled.

If the ECMP parameter is disabled, all existingECMP routes are removed. When ECMP isenabled, all ECMP routes are re-added.

The no form of this command is no ip icmp.

pathlist-1 <WORD0-64>

Configures one equal-cost path to the samedestination prefix. To remove the policy, enter ablank string.


The no form of this command is no ip icmppathlist-1.


NN46205-523 02.02 9 December 2009


.


Variable Value


Configures up to two equal-cost paths to the samedestination prefix. To remove the policy, enter ablank string.




Configures up to three equal-cost paths to thesame destination prefix. To remove the policy,enter a blank string.




Configures up to four equal-cost paths to the samedestination prefix. To remove the policy, enter ablank string.



max-path <1-8> Configures the maximum number of ECMP paths.The range for this number with R mode false is 1 to4, and with R mode true, the range is 1 to 8.

The default form of this command is default ipicmp max-path.

Use the data in the following table to use the ip icmp commands.


NN46205-523 02.02 9 December 2009


.


Variable Value

redirect Enables the switch to send ICMP destinationredirect messages.The default form of this command is default ipicmp redirect.

unreachable Enables the switch to send ICMP unreachablemessages. When enabled, generates InternetControl Message Protocol (ICMP) networkunreachable messages if the destination networkis not reachable from this router. These messageshelp determine if the routing switch is reachableover the network. The default is disabled.The default form of this command is default ipicmp unreachable.

Static route configurationConfigure an IP static route when you want to manually create aroute to a destination IP address. Although static routes are lesscomputationally-intensive than dynamic routes, a loss of data can occur ifthe static route fails.





Configuring static routesConfigure an static route when you want to manually create a route to adestination IP address.


• Access either Global Configuration mode or VRF Router Configurationmode.

• No black hole static route exists.

Step Action

1 To create an IP static route, enter the following command:ip route <A.B.C.D> <A.B.C.D> <A.B.C.D> enable


NN46205-523 02.02 9 December 2009


.


2 Use the following variable definitions table to configure otherstatic route parameters as required.

3 To view existing IP static routes for the switch, or for a specificnet or subnet, enter the following command:

show ip route static

For more information about the show command output, see “Jobaid: show ip static-route command output” (page 135) .

4 To delete a static route, enter the following command:

no ip route <A.B.C.D> <A.B.C.D> <A.B.C.D>

--End--

Variable definitionsUse the data in the following table to use the ip route <A.B.C.D><A.B.C.D> <A.B.C.D> commands:

Variable Value

<cr> The first and second <A.B.C.D> specify the IPaddress and mask for the route destination. Thethird <A.B.C.D> specifies the IP address of thenext-hop router (the next router at which packetsmust arrive on this route). When you create ablack hole static route, configure this parameter to255.255.255.255 as the IP address of the routerthrough which the specified route is accessible.

disable Disables a route to the router or VRF.

enable Adds a static or default route to the router or VRF.

The no form of this command is no ip route<A.B.C.D> <A.B.C.D> <A.B.C.D> enableThedefault form of this command is default iproute <A.B.C.D> <A.B.C.D> <A.B.C.D>enable


Enables the local next hop for this static route.The default form of this command is defaultip route <A.B.C.D> <A.B.C.D> <A.B.C.D>local-next-hop enable.The no form of this command is no iproute <A.B.C.D> <A.B.C.D> <A.B.C.D>local-next-hop enable


NN46205-523 02.02 9 December 2009


.


Variable Value


Specifies the next-hop VRF instance by name.When you configure the next-hop-vrfparameter, the static route is created in the localVRF, and the next-hop route is resolved in thenext-hop VRF instance (next-hop-vrf).

The default form of this command is defaultip route <A.B.C.D> <A.B.C.D> <A.B.C.D>next-hop-vrf <WORD 0-16>The no form of this command is no iproute <A.B.C.D> <A.B.C.D> <A.B.C.D>next-hop-vrf <WORD 0-16>

weight <1-65535> Specifies the static route cost.The default form of this command is defaultip route <A.B.C.D> <A.B.C.D> <A.B.C.D>weight

preference <1-255> Specifies the route preference.The default form of this command is defaultip route <A.B.C.D> <A.B.C.D> <A.B.C.D>preference

Use the data in the following table to use the show ip route staticcommands:

Variable Value

<A.B.C.D> Specifies the route by IP address.

alternative Displays alternative routes.

preference Displays the route preference.

-s {<A.B.C.D><A.B.C.D> | default}

Specifies the route by IP address and subnet mask.

static Specifies that information is shown for static routes.

vrf <WORD 0-16> Specifies a VRF by name.

vrfids <WORD 0-255> Specifies a range of VRF IDs.

Configuring a black hole static routeConfigure a black hole static route to the destination a router advertises toavoid routing loops when aggregating or injecting routes to other routers.



NN46205-523 02.02 9 December 2009


.



Step Action

1 To create a black hole static route, enter the following command:

ip route <A.B.C.D> <A.B.C.D> 255.255.255.255 enable[next-hop-vrf <WORD 0-16>]

2 Use the following variable definitions table to configure otherblack hole static route parameters as required.

When you specify a route preference, appropriately configure thepreference so that when the black-hole route is used, it is electedas the best route.

--End--

Variable definitionsUse the data in the following table to use the ip route <A.B.C.D><A.B.C.D> 255.255.255.255 commands:

Variable Value

<cr> The first and second <A.B.C.D> specify theIP address and mask for the route destination.255.255.255.255 is the black hole route.


The no form of this command is no ip route<A.B.C.D> <A.B.C.D> 255.255.255.255enable


Enables the local next hop for this static route.The default form of this command is defaultip route <A.B.C.D> <A.B.C.D> <A.B.C.D>local-next-hop enable.The no form of this command is no ip route<A.B.C.D> <A.B.C.D> 255.255.255.255local-next-hop enable


NN46205-523 02.02 9 December 2009


.


Variable Value


Specifies the next-hop VRF instance by name.The default form of this command is defaultip route <A.B.C.D> <A.B.C.D>255.255.255.255 next-hop-vrf <WORD0-16>The no form of this command is no ip route<A.B.C.D> <A.B.C.D> 255.255.255.255next-hop-vrf <WORD 0-16>

weight <1-65535> Specifies the static route cost.The default form of this command isdefault ip route <A.B.C.D> <A.B.C.D>255.255.255.255 weight

preference <1-255> Specifies the route preference.The default form of this command isdefault ip route <A.B.C.D> <A.B.C.D>255.255.255.255 preference

Configuring a default static routeThe default route specifies a route to all networks for which there are noexplicit routes in the Forwarding Information Base or the routing table. Thisroute has a prefix length of zero (RFC 1812). You can configure routingswitches with a static default route, or they can learn it through a dynamicrouting protocol.



Step Action

1 To create a default static route, enter the following command:

ip route 0.0.0.0 0.0.0.0 <A.B.C.D> enable [next-hop-vrf<WORD 0-16>]

2 Use the following variable definitions table to configure otherdefault static route parameters as required.

--End--


NN46205-523 02.02 9 December 2009


.


Variable definitionsUse the data in the following table to use the ip route 0.0.0.00.0.0.0 <A.B.C.D> commands:

Variable Value

<cr> <A.B.C.D> specifies the IP address of thenext-hop router (the next router at which packetsmust arrive on this route).


The no form of this command is no ip route0.0.0.0 0.0.0.0 <A.B.C.D> enable


Enables the local next hop for this static route.The default form of this command is defaultip route 0.0.0.0 0.0.0.0 <A.B.C.D>local-next-hop enable.The no form of this command is no iproute 0.0.0.0 0.0.0.0 <A.B.C.D>local-next-hop enable


Specifies the next-hop VRF instance by name.The default form of this command is defaultip route 0.0.0.0 0.0.0.0 <A.B.C.D>next-hop-vrf <WORD 0-16>The no form of this command is no ip route0.0.0.0 0.0.0.0 <A.B.C.D> next-hop-vrf<WORD 0-16>

weight <1-65535> Specifies the static route cost.The default form of this command is default iproute 0.0.0.0 0.0.0.0 <A.B.C.D> weight

preference <1-255> Specifies the route preference.The default form of this command is defaultip route 0.0.0.0 0.0.0.0 <A.B.C.D>preference

ICMP Router Discovery configurationUse ICMP Router Discovery to enable hosts attached to multicast orbroadcast networks to discover the IP addresses of their neighboringrouters.


• “Enabling ICMP Router Discovery globally” (page 170)

• “Configuring Router Discovery on a port or VLAN ” (page 170)


NN46205-523 02.02 9 December 2009


.


Enabling ICMP Router Discovery globallyEnable Router Discovery globally so that the switch supports RouterDiscovery.


Step Action

1 To enable ICMP Router Discovery on the switch, enter thefollowing command:ip irdp

The no form of this command is no ip irdp; the default form isdefault ip irdp.

2 To confirm that Router Discovery is enabled, enter the followingcommand:

show ip irdp

--End--

Configuring Router Discovery on a port or VLANEnable Router Discovery so that the switch forwards Router DiscoveryAdvertisement packets to the VLAN or port.


Step Action

1 Specify the address placed in advertisement packets:

ip irdp address <A.B.C.D>

2 Enable the interface to send the advertisement packets:

ip irdp multicast

3 Use the following variable definitions table to configure otherRouter Discovery parameters for the interface as required.

--End--


NN46205-523 02.02 9 December 2009


.


Variable definitions Use the data in the following table to use the ipirdp commands.

Variable Value

address <A.B.C.D> Specifies the IP destination address use forbroadcast or multicast router advertisementssent from the interface. The address is theall-systems multicast address, 224.0.0.1, or thelimited-broadcast address, 255.255.255.255.

The default address is 255.255.255.255.

The default form of this command is default ipirdp address.

holdtime <4-9000> Configures the lifetime for advertisements. Thedefault form of this command is default ip irdpholdtime.

maxadvertinterval<4-1800>

Specifies the maximum time (in seconds) thatelapses between unsolicited broadcast or multicastrouter advertisement transmissions from the routerinterface. The default is 600 seconds.

The default form of this command is default ipirdp maxadvertinterval.

minadvertinterval<3-1800>

Specifies the minimum time (in seconds) thatelapses between unsolicited broadcast ormulticast router advertisement transmissionsfrom the interface. The range is 3 seconds tomaxadvertinterval.

The default is 450 seconds.

The default form of this command is default ipirdp minadvertinterval.

multicast Specifies if multicast advertisements are sent.The no form of this command is no ip irdpmulticast.

preference <-2147483648-2147483647>

Specifies the preference (a higher number indicatesmore preferred) of the address as a default routeraddress relative to other router addresses on thesame subnet The default is 0.

The default form of this command is default ipirdp preference.


NN46205-523 02.02 9 December 2009


.


Configuring a CLIP interfaceConfigure a circuitless IP interface (CLIP) when you want to provide avirtual interface that is not associated with a physical port. You can use aCLIP interface to provide uninterrupted connectivity to your switch. Youcan configure a maximum of 256 CLIP interfaces on each device.

Prerequisites

• Access Global Configuration mode and Interface Configuration mode.

Procedure steps

Step Action

1 Create or access a CLIP interface by entering the followingcommand:

interface loopback <1-256>

<1-256> indicates the identification number for the CLIP.

2 In Loopback Interface Configuration mode, configure an IPaddress for the interface:

ip address [<1-256>] <A.B.C.D/X> [vrf <WORD 0-16>]

The rest of this procedure uses Loopback InterfaceConfiguration.

3 To enable PIM on the CLIP interface, enter the followingcommand:

ip pim [<1-256>]

--End--

Variable definitionsUse the data in the following table to use theip commands.

Variable Value

address [<1-256>]<A.B.C.D/0-32> [vrf<WORD 0-16>]

Specifies the IP address for the CLIP interface.• <1-256> specifies the interface;

• <A.B.C.D/0-32> specifies the IP address andmask;

• vrf <WORD 0-16> specifies an associated VRFby name.


NN46205-523 02.02 9 December 2009


.


Variable Value

The no form of this command is no ip address[<1-32>] <A.B.C.D> [vrf <WORD 0-16>].

pim [<1-256>] Enables PIM for the circuitless IP interface. vrf<WORD 0-16> specifies an associated VRF byname.

The default form of this command is default ippim <1-256> .The no form of this command is no ip pim<1-256> .


NN46205-523 02.02 9 December 2009


.



NN46205-523 02.02 9 December 2009


.

175.

DHCP and UDP configuration usingDevice Manager

Dynamic Host Configuration Protocol (DHCP), an extension of theBootstrap Protocol (BootP), dynamically provides host configurationinformation to workstations. To lower administrative overhead, networkmanagers prefer to configure a small number of DHCP servers in a centrallocation. Using few DHCP servers requires the routers connecting to thesubnets or bridge (or VLAN) domains to support the BootP/DHCP relayfunction so that hosts can retrieve the configuration information fromservers several router hops away.

User datagram protocol (UDP) is a connectionless protocol that addsreliability and multiplexing to IP. It describes how messages reachapplication programs within a destination computer. Some networkapplications, such as the NetBIOS name service, rely on a UDP broadcastto request a service or to locate a service. By default, broadcasts arenot forwarded by a router. UDP broadcast forwarding is a generalizedmechanism for the router to selectively forward UDP broadcasts.

ATTENTIONBootP/DHCP relays are supported only on IP routed port-based VLANsand protocol-based VLANs. BootP/DHCP relays are not supported on IPsubnet-based VLANs.

For more information about DHCP and UDP concepts and terminology,see “IP routing operations fundamentals” (page 21).

Prerequisites• DHCP relay must be enabled on the path for port or VLAN

configuration to take effect.


NN46205-523 02.02 9 December 2009


.

176 DHCP and UDP configuration using Device Manager

Navigation• “DHCP configuration” (page 176)

• “Configuring UDP broadcast forwarding” (page 179)

• “Managing UDP forwarding protocols” (page 180)

• “Managing UDP forwarding” (page 181)

• “Creating the forwarding profile” (page 182)

• “Managing the broadcast interface” (page 183)

• “Viewing UDP Endpoint information” (page 185)

• “Viewing UDP Endpoint information” (page 185)

DHCP configurationUse the port DHCP relay commands to configure DHCP relay behavior ona port, and use the VLAN DHCP commands to set DHCP relay behavioron a VLAN.

DHCP configuration navigation

• “Configuring DHCP on a brouter port or a VRF instance” (page 176)

• “Configuring BootP/DHCP on a VLAN or VRF instance” (page 177)

• “Configuring forwarding policies” (page 178)

Configuring DHCP on a brouter port or a VRF instanceUse the DHCP tab to configure the DHCP behavior on a brouter port or aVRF instance. The DHCP tab is available only if the port is routed (thatis, assigned an IP address).

ATTENTIONYou must first enable BootP/DHCP relay on a port (or VLAN) and then enable itglobally.

Procedure steps

Step Action

1 Select a port.

2 From the Device Manager menu bar, choose Edit, Port, IPGlobalRouter (vrf x).

3 Click the DHCP tab.

4 Click Enable to select the DHCP option. The default is disable.


NN46205-523 02.02 9 December 2009


.

DHCP configuration 177

5 Enter the appropriate values.

6 Click Apply.

--End--

For more information, see “DHCP tab fields” (page 177).

DHCP tab fieldsVariable definitions

Use the data in the following table to use the DHCP tab fields.

Variable Value

Enable Lets you use BootP/DHCP on the port. The default isdisable.

MaxHop Sets the maximum number of hops before a BootP/DHCPpacket is discarded (1 to 16). The default is 4.

MinSec The secs field in the BootP/DHCP packet headerrepresents the elapsed time since the client first sent themessage. If the secs field in the packet header is greaterthan this value, the switch relays or forwards the packet;otherwise, the packet is dropped. The default is 0 seconds.

Mode Sets the interface to process only BootP, only DHCP, orboth types of packets. The default is both.

AlwaysBroadcast When enabled, the server reply is sent as a broadcast backto the end station. The default is disable.

Configuring BootP/DHCP on a VLAN or VRF instanceUse the DHCP tab to configure the DHCP behavior on a VLAN. The DHCPtab is available only if the VLAN is routed (that is, assigned an IP address).

Procedure steps

Step Action

1 From the Device Manager menu bar, select VLAN, VLANsGlobalRouter (vrf x).

2 In the Basic tab, select a VLAN.

3 Click IP.

4 When the IP, VLAN dialog box appears, select the DHCP tab.

5 Select Enable.

6 Enter the appropriate values.


NN46205-523 02.02 9 December 2009


.


7 Click Apply.

--End--

For more information, see “DHCP tab fields” (page 177).

Configuring forwarding policiesAfter you configure the BootP/DHCP relay on an IP interface, you canconfigure forwarding policies to indicate where packets are forwarded. Theforwarding policies are based on the type of packet and where the packetis received.

Procedure steps

Step Action

1 From the Device Manager menu bar, choose IP, DHCPGlobalRouter (vrf x).

2 Click Insert.

The DHCP, Insert Globals dialog box appears.

3 In the AgentAddr box, type the agent address.

4 In the ServerAddr list, type the server address.

5 Click Enable to enable BootP/DHCP relay. You can enableor disable each agent server forwarding policy. The default isenabled.

6 In the Mode box, select the type of messages to be relay.

Both the mode setting for the DHCP interface and the modesetting for the agent interface determine which packets areforwarded.

7 Click Insert.

--End--

For more information, see “DHCP, Insert Globals fields” (page 178).

DHCP, Insert Globals fieldsVariable definitions

Use the data in the following table to use the DHCP, Insert Globals fields.


NN46205-523 02.02 9 December 2009


.

Configuring UDP broadcast forwarding 179

Variable Value

AgentAddr The IP address of the input interface (agent) on which theBootP/DHCP request packets are received for forwarding. Thisaddress is the IP address of either a brouter port or a VLAN forwhich forwarding is enabled.

ServerAddr This parameter is either the IP address of the BootP/DHCPserver or the address of another local interface of the switch.

• If it is the address of the BootP/DHCP server, then therequest is unicast to the server address.

• If the address is one of the IP addresses of an interface onthe switch, the BootP/DHCP requests are broadcast out ofthat local interface.

Enable Enables BootP/DHCP relay on the routing switch.

Mode Specifies the type of messages relayed:

• Only BootP

• Only DHCP

• Both types of messages

The default is to forward both BootP and DHCP messages.

Configuring UDP broadcast forwardingSome network applications, such as the NetBIOS name service, rely on aUser Data Protocol (UDP) broadcast to request a service or to locate aservice. By default, a router does not forward broadcasts. UDP broadcastforwarding is a generalized mechanism for the router to selectively forwardUDP broadcasts.

The following procedure shows the basic steps for setting up UDPbroadcast forwarding.

Procedure steps

Step Action

1 Enter protocols into a table.

2 Create policies (protocol/server pairs).

3 Assemble these policies into lists or profiles.

4 Apply the list to the appropriate interfaces.

5 Enter a name for the protocol.

6 Click Insert.


NN46205-523 02.02 9 December 2009


.


The protocol is added to the Protocol table. After you createa protocol, you cannot change its name or number. You mustdelete the protocol first and then add one with a new name andnumber.

--End--

Managing UDP forwarding protocolsThe Ethernet Routing Switch 8600 is configured with the followingprotocols:

• Time Service

• Terminal Access Controller Access Control System (TACACS) Service

• DNS

• Trivial file transfer protocol (TFTP)

• Network Basic Input/Output System (NetBIOS) NameSrv

• NetBIOS DataSrv

You cannot delete these protocols; you can only add to the list ofprotocols.

Procedure steps

Step Action

1 From the Device Manager menu bar, choose IP, UDPForwarding GlobalRouter (vrf x).

The UDP_Forward dialog box appears with the Protocols tabopen, listing the UDP protocols with broadcasts that can beforwarded.

2 Click Insert.

The UDP_Forward, Insert Protocols dialog box appears.

3 In the PortNumber box, type a port number (UDP port).

This number defines the port (UDP port) used by the serverprocess as its contact port. The range is from 1 to 65535 andcannot be one of the UDP port numbers or a number previouslyassigned.

4 In the Name box, type a name for the protocol.

5 Click Insert.


NN46205-523 02.02 9 December 2009


.

Managing UDP forwarding 181

The protocol is added to the Protocol table. After you create aprotocol, you cannot change its name or number.

--End--

For more information, see “Protocols tab and the UDP Forwarding, InsertProtocols fields” (page 181).

Protocols tab and the UDP Forwarding, Insert Protocols fieldsVariable definitions

Use the data in the following table to use the Protocols tab and the UDPForwarding, Insert Protocols fields.

Variable Value

PortNumber A value that defines the UDP port (1 to 65535).

NameAn administratively assigned name for this list(0 to 15 characters).

Managing UDP forwardingYou manage UDP forwarding by defining the destination addresses forthe UDP protocol.

Procedure steps

Step Action


2 Click the Forwardings tab.

3 Click Insert.

4 In the UDP_Forward, Insert Forwardings dialog box, select adestination UDP port from the defined protocols.

5 Enter a destination IP address.

The destination address can be any IP server address for theprotocol application or the IP address of an interface on therouter.

6 Click Insert. The information is added to the Forwarding tab.

--End--

For more information, see “Forwarding tab and the UDP_Forward, InsertForwardings fields” (page 182).


NN46205-523 02.02 9 December 2009


.


Forwarding tab and the UDP_Forward, Insert Forwardings fieldsVariable definitions

Use the data in the following table to use the Forwarding tab and theUDP_Forward, Insert Forwardings fields.

Variable Value

DestPort The port number defined for UDP, depending uponthe protocol type.

DestAddr The destination address can be any IP serveraddress for the protocol application or the IPaddress of an interface on the router.

• If the address is that of a server, the packet issent as a unicast packet to this address.

• If the address is that of an interface on therouter, the frame is rebroadcast.

Id (Forwardings tab only) An integer that identifies this entry internally.

NumFwdPackets(Forwardings tab only)

The total number of UDP broadcast packetsforwarded using this policy.

NumDropPacketsTtlExpired (Forwardings tab only

The total number of UDP broadcast packetsdropped because the time-to-live value (TTL)expired.

NumDropPacketsDestUnreach (Forwardings tabonly)

The total number of UDP broadcast packetsdropped because the specified destination addresswas unreachable.

Creating the forwarding profileA forwarding profile is a collection of port and destination pairs. Whenyou configure UDP forwarding list entries, be sure to first configurethe UDP forwarding list. Then, configure your UDP forwarding listentries and assign them to a UDP forwarding list. If you do not assign aUDP forwarding list entry to at least one UDP forwarding list, the UDPforwarding list is lost after a reboot.

Procedure steps

Step Action


2 Click the Forwarding Lists tab.

3 To add a new list, click Insert.

The UDP_Forward, Insert Forwarding Lists dialog box appears.


NN46205-523 02.02 9 December 2009


.

Managing the broadcast interface 183

4 In the Id box, type the forwarding list ID.

5 In the Name box, type the name of the forwarding list (optional).

The forwarding list appears in the FwdIdList box.

--End--

For more information, see “UDP_Forwarding Lists dialog box andForwarding Lists fields” (page 183).

UDP_Forwarding Lists dialog box and Forwarding Lists fieldsVariable definitions

Use the data in the following table to use the UDP_Forwarding Lists dialogbox and Forwarding Lists fields.

Variable Value

Id A value that uniquely identifies this list of entries (1 to1000).

Name An administratively assigned name for this list (0 to 15characters).

FwdIdList The zero or more port forwarding entries associated withthis list. Each list identifier is stored as 2 bytes in this array,starting from 0 bytes (size=64). Clicking on the ellipsis (...)button in this field displays the ID list.

Managing the broadcast interfaceManage the broadcast interface by specifying and displaying which routerinterfaces can receive UDP broadcasts to forward.

Procedure steps

Step Action


2 Click the Broadcast Interfaces tab.

3 Click Insert.

The UDP_Forward, Insert Broadcast Interfaces dialog boxappears.

4 In the LocalIfAddr box, type a local interface IP address; or clickthe Addr button to select an address from the list.


NN46205-523 02.02 9 December 2009


.


5 In the UdpPortFwdListId box, type the forwarding list ID; or clickthe IdList button and choose an ID from list.

6 In the MaxTtl box, type the maximum number of hops an IPbroadcast can take from the source device to the destinationdevice (the default is 4; the range is 1 to 16).

7 In the BroadCastMask box, enter the subnet mask of the localinterface that broadcasts the UDP broadcast packets.

When you configure the UDP forwarding broadcast mask, thebroadcast mask must be less specific (shorter in length) orequally specific (equal in length) to the subnet mask of theIP interface on which it is configured. If the UDP forwardingbroadcast mask is more specific than the subnet mask of thecorresponding IP interface, UDP forwarding does not functionproperly.

--End--

For more information, see “UDP_Forward, Insert Broadcast Interfacefields” (page 184).

UDP_Forward, Insert Broadcast Interface fieldsVariable definitions

Use the data in the following table to use the UDP_Forward, InsertBroadcast Interface fields.

Variable Value

LocalIfAddr The IP address of the local router interface thatreceives forwarded UDP broadcast packets.

UdpPortFwdListId The number of the UDP lists or profiles that thisinterface is configured to forward (0 to100). Avalue of 0 indicates that the interface cannotforward any UDP broadcast packets.

MaxTtl The maximum number of hops an IP broadcastpacket can take from the source device to thedestination device (the default is 4; the range is1 to 16).

NumRxPkts The total number of UDP broadcast packetsreceived by this local interface.

NumFwdPkts The total number of UDP broadcast packetsforwarded by this local interface.

NumDropPacketsDestUnreach

The total number of UDP broadcast packetsdropped because the destination wasunreachable.


NN46205-523 02.02 9 December 2009


.

Viewing UDP Endpoint information 185

Variable Value

NumDropPacketsTtlExpired The total number of UDP broadcast packetsdropped because the time-to-live (TTL) valueexpired.

NumDropPacketsUnknownPort

The total number of UDP broadcast packetsdropped because the destination port or protocolspecified has no matching forwarding policy.

BroadCastMask The subnet mask of the local interface thatbroadcasts the UDP broadcast packets.

Viewing UDP Endpoint informationView UDP Endpoints to confirm correct configuration.

Procedure steps

Step Action

1 From the Device Manager menu, select IP, TCP/UDP

The Ipv4TcpUdp screen appears.

2 Select the UDP Endpoints tab.

--End--

See “Job aid” (page 185)for parameter descriptions.

Job aidThis table describes parameters on the UDP Endpoints tab.


LocalAddressType Displays the local address type (IPv6 or IPv4).

LocalAddress Displays the local IPv6 address.

LocalPort Displays the local port number.

RemoteAddressType Displays the remote address type (IPv6 orIPv4).

RemoteAddress Displays the remote IPv6 address.

RemotePort Displays the remote port number.

Instance Distinguishes between multiple processesconnected to the UDP endpoint.

Process Displays the ID for the UDP process.


NN46205-523 02.02 9 December 2009


.



NN46205-523 02.02 9 December 2009


.

187.

DHCP and UDP configuration using theCLI

Use Dynamic Host Configuration Protocol (DHCP), an extension of theBootstrap Protocol (BootP), to provide host configuration information to theworkstations dynamically. Use the DHCP relay commands to set DHCPrelay behavior on a port or on a VLAN.

This section describes the CLI commands for DHCP and User DatagramProtocol (UDP) configuration functions in the Ethernet Routing Switch8600.

For more information about DHCP and UDP concepts and terminology ,see “IP routing operations fundamentals” (page 21).

DHCP and UDP configuration navigation• “Job aid” (page 187)

• “Configuring DHCP relay” (page 192)

• “UDP broadcast forwarding” (page 202)

Job aidThe following table lists the commands and their parameters that you useto complete the procedures in this section.

Table 16Roadmap of DHCP and UDP IP commands

Command Parameter

config ip dhcp-relay info

create-fwd-path agent <value>server <value> [mode <value>] [state<value>]

delete-fwd-path agent <value> server<value>


NN46205-523 02.02 9 December 2009


.

188 DHCP and UDP configuration using the CLI

Table 16Roadmap of DHCP and UDP IP commands (cont’d.)

Command Parameter

disable-fwd-path agent <value> server<value>

enable-fwd-path agent <value> server<value>

mode <mode> agent <value> server<value>

config ethernet <ports> ip dhcp-relay info

broadcast <enable|disable>

create-fwd-path server <value>[vrid <value>] [mode <value>] [state<value>]

delete-fwd-path server <value> [vrid<value>]

disable

disable-fwd-path server <value> [vrid<value>]

enable

enable-fwd-path server <value> [vrid<value>]

fwd-path-mode <mode> server <value>[vrid <value>]

max-hop <max-hop>

min-sec <min-sec>

mode <mode>

config vlan <vlan-id> ip dhcp-relay info


create-fwd-path server <value>[vrid <value>] [mode<value>] [state<value>]


disable


enable



NN46205-523 02.02 9 December 2009


.

Job aid 189


Command Parameter


max-hop <max-hop>

min-sec <min-sec>

mode <mode>

config ip udpfwd protocol info

create <protoname>

delete

config ip udpfwd portfwd info

add-portfwd <udpport> <ipaddr>

remove-portfwd <udpport> <ipaddr>

config ip udpfwd portfwdlist info


create

delete

name <name>


config ip udpfwd interface info

broadcastmask <mask>

create <fwdlistid>

delete

maxttl <maxttl>

udpportfwdlist <fwdlistid>

show ip dhcp-relay fwd-path

show ip dhcp-relay counters

show ip dhcp-relay show-all [file<value>]

show ports info dhcp-relay

show ports stats dhcp-relay

show vlan info dhcp-relay

show ip udpfwd show-all [file <value>]

show ip udpfwd interface info

show ip udpfwd portfwd info


NN46205-523 02.02 9 December 2009


.



Command Parameter

show ip udpfwd portfwdlist info

show ip udpfwd protocol info

Job aidThe following table lists the VRF Lite commands and their parameters thatyou use to complete the procedures in this section.

Table 17DHCP VRF Lite configuration commands

Command Parameter

config ip vrf <vrfName> dhcp-relay info

create-fwd-path agent <value>server <value> [mode <value>] [state<value>]

delete-fwd-path agent <value> server<value>

disable-fwd-path agent <value> server<value>

enable-fwd-path agent <value> server<value>

mode <mode> agent <value> server<value>

config ethernet <ports> vrf <vrfName>ip dhcp-relay

info


create-fwd-path server <value>[vrid <value>] [mode <value>] [state<value>]


disable


enable




NN46205-523 02.02 9 December 2009


.

Job aid 191

Table 17DHCP VRF Lite configuration commands (cont’d.)

Command Parameter

max-hop <max-hop>

min-sec <min-sec>

mode <mode>

config vlan <vlan-id> vrf <vrfName>ipdhcp-relay

info


create-fwd-path server <value>[vrid <value>] [mode<value>] [state<value>]


disable


enable



max-hop <max-hop>

min-sec <min-sec>

mode <mode>

config ip vrf <vrfName> udpfwdprotocol

info

create <protoname>

delete

config ip vrf <vrfName> udpfwd portfwd info



config ip vrf <vrfName> udpfwdportfwdlist

info


create

delete

name <name>



NN46205-523 02.02 9 December 2009


.


Table 17DHCP VRF Lite configuration commands (cont’d.)

Command Parameter

config ip vrf <vrfName> udpfwdinterface

info

broadcastmask <mask>

create <fwdlistid>

delete

maxttl <maxttl>

udpportfwdlist <fwdlistid>

Configuring DHCP relayDHCP relay must be enabled on the path for the port or VLANconfiguration to take effect.


• “Configuring DHCP parameters globally” (page 192)

• “Showing DHCP relay information” (page 194)

• “Configuring DHCP relay on a port” (page 196)

• “Configuring DHCP relay on a VLAN” (page 199)

• “Showing DHCP relay information for a VLAN” (page 201)

Configuring DHCP parameters globallyDHCP relay must be enabled on the path for the port, VLAN, or VRFconfiguration to take effect.

You configure a VRF in exactly the same manner as a router, exceptthat you must replace config ip dhcp-relay with config ip vrf<vrfName> dhcp-relay in the following procedure.

Procedure steps

Step Action

1 View and configure DHCP parameters globally with the followingcommand:config ip dhcp-relay


NN46205-523 02.02 9 December 2009


.

Configuring DHCP relay 193

2 Confirm your configuration with the following command:config ip dhcp-relay info

--End--


• config ip dhcp-relay

• config ip vrf <vrfName> dhcp-relay

Variable Value

create-fwd-path agent<value> server <value>[mode <value>] [state<value>]

Configures the forwarding path from theclient to the server.

• agent <value> is the IP addressconfigured on an interface (a locallyconfigured IP address) that must beconfigured to forward or relay BootP orDHCP messages.

• server <value> is the IP address ofthe DHCP server in the network. If thisIP address corresponds to the locallyconfigured IP network, the DHCPpacket is broadcast out of the interface.

• mode <value> indicates whether toforward BootP messages only, DHCPmessages only, or both {bootp | dhcp |bootp_dhcp}.

• state <value> enables or disablesthe forwarding path.

delete-fwd-path agent<value> server <value>

Deletes the forwarding path from the clientto the server.

• agent <value> is the IP addressconfigured on an interface (a locallyconfigured IP address).

• server <value> is the IP address ofthe DHCP server in the network.


NN46205-523 02.02 9 December 2009


.


Variable Value

disable-fwd-path agent<value> server <value>

Disables DHCP relaying on the path fromthe IP address to the server. This is thedefault.



enable-fwd-path agent<value> server <value>

Enables DHCP relaying on the path fromthe IP address to the server.


• server <value> is the IP addressof the DHCP server in the network.If this IP address corresponds to thelocally configured IP network, theDHCP packet is broadcast out from theinterface.

info Displays the current DHCP globalconfiguration on the switch.

mode <mode> agent <value>server <value>

Modifies DHCP mode to forward BootPmessages only, DHCP messages only, orboth. The default is both.

• mode is {bootp | dhcp | bootp_dhcp}.



Showing DHCP relay informationDisplay relay information to show relay information about DHCP routesand counters.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 Display information about the DHCP relay forward path with thefollowing command:show ip dhcp-relay fwd-path

2 Display information about DHCP relay counters by using thefollowing command:show ip dhcp-relay counters

3 Show all DHCP relay information by using the followingcommand:show ip dhcp-relay show-all [file <value>]

--End--


• show ip dhcp-relay show-all

• show ip dhcp-relay route show all vrf <vrfName>

Variable Value

file The file name to which the output is redirected.

vrfName Identifies the VRF.

vrfids Identifies the range of VRF ids.

Job aidThe following table shows the field descriptions for the show ipdhcp-relay show-all command.

Table 18show ip dhcp-relay show-all command


INTERFACE Indicates the interface IP address.

REQUEST Indicates the total number of DHCP requests received onthis interface.

REPLIES Indicates the total number of DHCP replies received on thisinterface.

SERVER Indicates the DHCP server IP address.


NN46205-523 02.02 9 December 2009


.


Table 18show ip dhcp-relay show-all command (cont’d.)


ENABLE Indicates if DHCP is enabled on the port.

MODE Indicates what type of DHCP packets this interfacesupports. A value of none (1) results in all incoming DHCPand BootP packets being dropped. Options include none,bootp, dhcp, and both.

Configuring DHCP relay on a portYou can view and configure DHCP parameters on specific ports.

You configure a VRF in exactly the same manner as a router, except thatyou must replace config ethernet <ports> ip dhcp-relay withconfig ethernet <ports> vrf <vrfName> ip dhcp-relay in thefollowing procedure.

Procedure steps

Step Action

1 Configure DHCP parameters on specified ports by using thefollowing command:config ethernet <ports> ip dhcp-relay

2 Confirm your configuration by using the following command:config ethernet ip dhcp-relay info

--End--

Variable definitionsUse the data in the following table to use the config ethernet <ports>ip dhcp-relay command.

Variable Value


When enabled, sends the server reply as abroadcast to the end station. When disabled,sends the server reply as a unicast to the endstation.


NN46205-523 02.02 9 December 2009


.


Variable Value

create-fwd-path server<value> [vrid <value>][mode <value>] [state<value>]

Creates a forward path server with a virtualrouter ID (or VRRP ID), a mode, and a state.

• value is the IP address in the formata.b.c.d.

• vrid <value> is the ID of the virtualrouter and is an integer between 0 and 255.

• mode <value> is a choice of bootp, dhcp,or bootp_dhcp.

• state <value> enables or disables theforward path server.

delete-fwd-path server<value> [vrid <value>]

Deletes a forward path server with a specificvalue and virtual router ID.


• vrid <value> is the ID of the virtualrouter (or VRRP ID) and is an integerbetween 0 and 255.

disable Disables DHCP relay on the port. This is thedefault state.

disable-fwd-path server<value> [vrid <value>]

Disables a forward path server with a specificvalue and virtual router ID.



enable Enables DHCP relay on the port.

enable-fwd-path server<value> [vrid <value>]

Enables a forward path server with a specificvalue and virtual router ID (or VRRP ID).

• value is the IP address in the form a.b.c.d.

• vrid <value> is the ID of the virtualrouter and is an integer between 0 and 255.


NN46205-523 02.02 9 December 2009


.


Variable Value

fwd-path-mode <mode>server <value> [vrid<value>]

Sets the forward path mode.

• mode is a choice of bootp, dhcp, orbootp_dhcp.

• server <value> is the IP address in theform a.b.c.d.


info Displays the current DHCP configuration onthe port.

max-hop <max-hop> Sets the maximum number of hops before aBootP/DHCP packet is discarded (1 to 16).The default is 4.

min-sec <min-sec> Sets the minimum seconds count for DHCP.If the secs field in the BootP/DHCP packetheader is greater than this value, the switchrelays or forwards the packet; otherwise, thepacket is dropped (0 to 65535). The default is0 seconds.

mode <mode> Sets DHCP mode to forward BootP messagesonly, DHCP messages only, or both. Thedefault is both.

Job aidThe following table shows the field descriptions for the show ports infodhcp-relay command.

Table 19show ports info dhcp-relay command


PORT_NUM Indicates the port number.

VRF NAME Indicates the name of the VRF.


MAX_HOP Indicates the maximum number of hops a DHCPpacket can take from the source device (DHCP client)to the destination device (DHCP server).

MIN_SEC Indicates the minimum number of seconds to waitbetween receiving a DHCP packet and forwarding theDHCP packet to the destination device. A value of zeroindicates forwarding occurs immediately without delay.


NN46205-523 02.02 9 December 2009


.


Table 19show ports info dhcp-relay command (cont’d.)


MODE Indicates the type of DHCP packets this interfacesupports. A value of none (1) results in all incomingDHCP and BootP packets being dropped. Optionsinclude none, bootp, dhcp, and both.

ALWAYS_BROADCAST

Indicates if DHCP reply packets are broadcast to theDHCP client on this interface.

Configuring DHCP relay on a VLANYou can configure DHCP relay on a VLAN.

You configure a VRF in exactly the same manner as a router, except thatyou must replace config vlan <vid> ip dhcp-relay with configvlan <vid> vrf <vrfName>ip dhcp-relay in the following procedure.

Procedure steps

Step Action

1 Configure DHCP routing on a VLAN by using the followingcommand:config vlan <vid> ip dhcp-relay

2 Confirm your configuration by using the following command:config vlan ip dhcp-relay info

--End--

Variable definitionsUse the data in the following table to use the config vlan ipdhcp-relay info command.

Variable Value

broadcast<enable|disable>

Sets whether the server reply is broadcast back tothe end station. Default is disabled.


NN46205-523 02.02 9 December 2009


.


Variable Value

create-fwd-pathserver <value> [vrid<value>] [mode<value>] [state<value>]

Creates a forward path server with a virtual routerID, a mode, and a state.


• vrid <value> is the ID of the virtual routerand is an integer between 0 and 255.

• mode <value> is a choice of bootp, dhcp, orbootp_dhcp.

• state <value> enables or disables theforward path server.

delete-fwd-pathserver <value> [vrid<value>]

Deletes a forward path server with a specific valueand virtual router ID.



disable Disables DHCP relaying on the VLAN. This is thedefault state.

disable-fwd-pathserver <value> [vrid<value>]




enable Enables DHCP relay on the VLAN.

enable-fwd-pathserver <value> [vrid<value>]

Enables a forward path server with a specific valueand virtual router ID.

• value is the IP address in the format a.b.c.d.


fwd-path-mode <mode>server <value> [vrid<value>]



• server <value> is the IP address in the forma.b.c.d.


info Displays DHCP characteristics on the VLAN.


NN46205-523 02.02 9 December 2009


.


Variable Value

max-hop <max-hop> Sets the maximum number of hops before theBootP/DHCP packet is dropped (1 to 16). Defaultis 4.

min-sec <min-sec> Sets the minimum seconds count for DHCP. If thesecs field in the packet header is greater than thisvalue, the switch forwards the packet; otherwise itis dropped (0 to 65535). Default is 0.

mode <mode> Sets DHCP mode to forward BootP messagesonly, DHCP messages only, or both. The default isboth.

Showing DHCP relay information for a VLANYou can display the DHCP parameters for a specified VLAN or for allVLANs.

You show VRF information in exactly the same manner, except that youmust replace show vlan info dhcp-relay [<vid>][port <value>]with show vlan info dhcp-relay [<vid>][port <value>] [vrf<value>] [vrfids <value>] in the following procedure.

Procedure steps

Step Action

1 Display the DHCP parameters for all VLANs or for the specifiedVLAN by using the following command:show vlan info dhcp-relay [<vid>][port <value>]

--End--

Variable definitionsUse the data in the following table to use the show vlan infodhcp-relay [<vid>][port <value>]command and the showvlan info dhcp-relay [<vid>][port <value>] [vrf <value>][vrfids <value>]command.

Variable Value

port <value> The port list {slot/port[-slot/port][,...]}.

vid The VLAN ID, which is a value from 1 to 4094.

vrf <value> The VRF name, which is a string lengthbetween 0 and 16 characters.

vrfids <value> The VRF ID range.


NN46205-523 02.02 9 December 2009


.


Job aidThe following table shows the field descriptions for the show vlan infodhcp-relay command.

Table 20show vlan info dhcp-relay command


VLAN ID Indicates the VLAN ID number.

VRF NAME Indicates the name of the VRF.

IF INDEX Indicates the interface index number. Numbers 1 to256 are ports; numbers above 257 are VLANs.


MAX HOP Indicates the maximum number of hops a DHCPpacket can take from the source device (DHCP client)to the destination device (DHCP server).

MIN SEC Indicates the minimum number of seconds to waitbetween receiving a DHCP packet and forwarding theDHCP packet to the destination device. A value of zeroindicates forwarding occurs immediately without delay.

MODE Indicates the type of DHCP packets this interfacesupports. A value of none (1) results in all incomingDHCP and BootP packets dropped. Options includenone, bootp, dhcp, and both.

ALWAYS BCAST Indicates if DHCP reply packets are broadcast to theDHCP client on this interface.

UDP broadcast forwardingBy default, broadcasts are not forwarded by a router. UDP broadcastforwarding is a generalized mechanism for the router to selectively forwardUDP broadcasts. You must set up UDP broadcast forwarding on theswitch.

UDP broadcast forwarding navigation

• “Setting up UDP broadcast forwarding” (page 203)

• “Configuring UDP protocols” (page 203)

• “Configuring a UDP port forward entry” (page 204)

• “Configuring the UDP port forwarding list” (page 205)

• “Configuring UDP forward interfaces” (page 206)

• “Showing UDP forward information” (page 207)


NN46205-523 02.02 9 December 2009


.

UDP broadcast forwarding 203

Setting up UDP broadcast forwardingSet up UDP broadcast forwarding to enable user datagram protocolforwarding on your network.

Procedure steps

Step Action





--End--

Configuring UDP protocolsConfigure UDP to determine which UDP broadcasts are forwarded.

You configure a VRF in exactly the same manner, except that you mustreplace config ip udpfwd protocol <udpport> with config ip vrf<vrfName> udpfwd protocol <udpport> in the following procedure.

Procedure steps

Step Action

1 Configure a UDP protocol by using the following command:config ip udpfwd protocol <udpport>

2 Confirm your configuration by using the following command:config ip udpfwd protocol info

--End--

Variable definitionsUse the data in the following table to use the config ip udpfwdprotocol <udpport> and config ip vrf <vrfName> udpfwdprotocol <udpport> commands.

Variable Value

create <protoname> Creates a new UDP protocol.

• protoname is the UDP protocol name as astring.

delete Deletes a UDP port protocol.


NN46205-523 02.02 9 December 2009


.


Variable Value

info Displays created or deleted UDP protocols.

udpport The UDP protocol port number in the range of 1 to65535.

Configuring a UDP port forward entryConfigure a UDP port forward entry to add or remove a port forward entry.

You configure a VRF in exactly the same manner, except that you mustreplace config ip udpfwd portfwd with config ip vrf <vrfName>udpfwd portfwd in the following procedure.

Procedure steps

Step Action

1 Configure a UDP port forward entry by using the followingcommand:config ip udpfwd portfwd

2 Confirm your configuration by using the following command:config ip udpfwd portfwd info

--End--

Variable definitionsUse the data in the following table to use the config ip udpfwdportfwd info and config ip vrf <vrfName> udpfwd portfwdcommands.

Variable Value

add-portfwd<udpport> <ipaddr>

Adds a UDP protocol port to the specified portforwarding list.

• udpport is a UDP protocol port in the range of1 to 65535.

• ipaddr is an IP address in a.b.c.d format.

info Displays the current configuration for the portforward list ID.

remove-portfwd<udpport> <ipaddr>

Removes a protocol port forwarding entry and IPaddress from the list.




NN46205-523 02.02 9 December 2009


.


Configuring the UDP port forwarding listConfigure the UDP port forwarding list to create and name the port forwardlist and to assign protocols and servers to the port forward list.

You configure a VRF in exactly the same manner, except that you mustreplace config ip udpfwd portfwdlist <fwdlistid> with configip vrf <vrfName> udpfwd portfwdlist <fwdlistid> in thefollowing procedure.

Procedure steps

Step Action

1 Configure the UDP port forwarding list by using the followingcommand:config ip udpfwd portfwdlist <fwdlistid>

2 Confirm your configuration by using the following command:config ip udpfwd portfwdlist info

--End--

Variable definitionsUse the data in the following table to use the config ip udpfwdportfwdlist <fwdlistid> and config ip vrf <vrfName> udpfwdportfwdlist <fwdlistid> commands.

Variable Value

add-portfwd<udpport> <ipaddr>

Adds a UDP protocol port to the specified portforwarding list.



create Creates a UDP port forwarding list.

delete Deletes a port forwarding list ID.

fwdlistid The port forwarding list number in the range of 1 to1000.

info Displays the current configuration for the portforward list ID.


NN46205-523 02.02 9 December 2009


.


Variable Value

name <name> Assigns a name to the UDP port forwarding list.

• name is an alphabetic string.

remove-portfwd<udpport> <ipaddr>

Removes a protocol port forwarding entry and IPaddress from the list.



Configuring UDP forward interfacesConfigure UDP forward interfaces to apply the port forward list to theappropriate interfaces.

You configure a VRF in exactly the same manner, except that you mustreplace config ip udpfwd interface <ipaddr> with config ip vrf<vrfName> udpfwd interface <ipaddr> in the following procedure.

Procedure steps

Step Action

1 Apply the port forward list to the appropriate interfaces by usingthe following command:config ip udpfwd interface <ipaddr>

2 Confirm your configuration by using the following command:config ip udpfwd interface info

--End--

Variable definitionsUse the data in the following table to use the config ip udpfwdinterface <ipaddr> command.

Variable Value

broadcastmask <mask> Sets the interface broadcast mask (theinterface broadcast mask can be differentfrom the interface mask)

• mask is an IP address in a.b.c.dformat.

create <fwdlistid> Assigns a forwarding list ID in the range of1 to 1000 to an interface IP address.


NN46205-523 02.02 9 December 2009


.


Variable Value

delete Removes the forwarding list from the IPaddress.

info Displays the current configuration of theUDP interface.

ipaddr Indicates the IP address of the selectedinterface.

maxttl <maxttl> Sets maximum time-to-live value (TTL)for the UDP broadcast forwarded by theinterface.

udpportfwdlist <fwdlistid> The port forwarding list, in the range of 1through 1000.

Showing UDP forward informationShow UDP forwarding information to view information about the UDPforwarding characteristics of the switch. There are five show options:

• show all information

• show the interface information

• show the port forward information

• show the port forward list information

• show the protocol information

Procedure steps

Step Action

1 Show all IP UDP forwarding information by using the followingcommand:show ip udpfwd show-all [file <value>]

2 Display information about the UDP interface for all IP addressesor a specified IP address by using the following command:show ip udpfwd interface info [<ipaddr>]

3 Display the UDP port forwarding table by using the followingcommand:show ip udpfwd portfwd info

4 Display the UDP port forwarding list table for the specified list orall lists on the switch by using the following command:show ip udpfwd portfwdlist info [<fwdlistid>]

5 Display the UDP protocol table with the UDP port numbers foreach supported or designated protocol by using the following


NN46205-523 02.02 9 December 2009


.


command:show ip udpfwd protocol info

--End--

Variable definitionsUse the data in the following table to use the show ip udpfwd command.

Variable Value

fwdlistid A list ID number with a range of 1 to 1000.

ipaddr The IP address for the interface in a.b.c.d format.

value The file name to which the output is redirected (/pcmcia/<file> | /flash/ <file> where file is a string of 1 to99 characters).

Job aidThe following table shows the field descriptions for the show ip udpfwdshow-all command.

Table 21show ip udpfwd show-all command


INTF_ADDR Indicates the IP address of the local router interfacethat can receive forwarded UDP broadcast packets.

FWD LIST ID Indicates the number of UDP lists or profiles that thisinterface is configured to forward (0 to 100). A value of0 indicates that the interface cannot forward any UDPbroadcast packets.

MAXTTL Indicates the maximum number of hops an IPbroadcast packet can take from the source device tothe destination device. The default is 4; the range is 1to 16.

RXPKTS Indicates the total number of UDP broadcast packetsreceived by this local interface.

FWDPKTS Indicates the total number of UDP broadcast packetsforwarded by this local interface.

DRPTTLEX Indicates the total number of UDP broadcast packetsdropped because the time to live (TTL) has expired.

DRPDEST UNREACH Indicates the total number of UDP broadcast packetsdropped because the destination was unreachable.

DRP_UNKNOWN Indicates the total number of UDP broadcast packetsdropped because the destination port/protocol specifiedhas no matching forwarding policy.


NN46205-523 02.02 9 December 2009


.


Table 21show ip udpfwd show-all command (cont’d.)


PROTOCOL Indicates the name of the protocol that is running ontop of UDP.

BDCASTMASK Indicates the subnet mask of the local interface that isused for broadcasting the UDP broadcast packets.

UDP_PORT Indicates the local port number for this UDP listener.

FORWARDING_ADDR

Indicates the destination address can be any IP serveraddress for the protocol application or the IP addressof an interface on the router.

• If the address is that of a server, the packet is sentas a unicast packet to this address.

• If the address is that of an interface on the router,the frame is rebroadcast.

FWDPKTS Indicates the total number of UDP broadcast packetsforwarded using this policy.

DRPTTLEX Indicates the total number of UDP broadcast packetsdropped because the TTL expired.

DRPDEST_UNKNOWN

Indicates the total number of UDP broadcast packetsdropped because the destination port or protocolspecified has no matching forwarding policy.

LIST_ID Indicates the number of the UDP lists or profiles thatthis interface is configured to forward (0 to100). Avalue of 0 indicates that the interface cannot forwardany UDP broadcast packets.

NAME Indicates the name of a current UDP listener.

PROTOCOL_NAME Indicates the name of the protocol that is running ontop of UDP protocol.


NN46205-523 02.02 9 December 2009


.



NN46205-523 02.02 9 December 2009


.

211.

DHCP and UDP configuration using theNNCLI

Use Dynamic Host Configuration Protocol (DHCP), an extension of theBootstrap Protocol (BootP), to provide host configuration information to theworkstations dynamically. Use the DHCP relay commands to set DHCPrelay behavior on a port or on a VLAN.

This section describes the NNCLI commands for DHCP and UserDatagram Protocol (UDP) configuration functions in the Ethernet RoutingSwitch 8600.

For more information about DHCP and UDP concepts and terminology ,see “IP routing operations fundamentals” (page 21).

DHCP and UDP configuration navigation• “Job aid” (page 211)

• “Configuring DHCP relay” (page 213)

• “Configuring UDP broadcast forwarding” (page 218)


Table 22Roadmap of DHCP and UDP IP commands

Command Parameter

VLAN Configuration mode

ip dhcp-relay fwd-path <A.B.C.D><A.B.C.D>

fwd-path <A.B.C.D><A.B.C.D> disable

fwd-path <A.B.C.D><A.B.C.D> enable


NN46205-523 02.02 9 December 2009


.

212 DHCP and UDP configuration using the NNCLI


Command Parameter

fwd-path <A.B.C.D><A.B.C.D> mode<bootp |bootp-dhcp|dhcp>

broadcast

fwd-path <A.B.C.D> [vrid <1-255>]

fwd-path <A.B.C.D> disable [vrid<1-255>]

fwd-path <A.B.C.D> enable [vrid<1-255>]

fwd-path mode <A.B.C.D> mode <bootp|bootp_dhcp|dhcp> [vrid <1-255>]

max-hop <1-16>

min-sec <0-65535>

mode <boo tp|bootp_dhcp|dhcp>

ip forward-protocol udp portfwdlist <1-1000>

VRF Router Configuration Mode

ip dhcp-relay fwd-path <A.B.C.D><A.B.C.D>



fwd-path <A.B.C.D><A.B.C.D> mode<bootp |bootp-dhcp|dhcp>


ip forward-protocol udp <1-65535>

ip forward-protocol udp portfwd <1-65535>

PrivExec or VRF Router Configuration Mode

show ip dhcp-relay fwd-path [vrf <WORD/0-32>]

[vrfids <0-255>]

show ip dhcp-relay counters [vrf <WORD/0-32>]

[vrfids <0-255>]

show interfaces [interface-type]

dhcp-relay [slot/port]

[vrf <WORD/0-32>]

[vrfids <0-255>]

show ip dhcp-relay interface [interface-type]

[interface-id]

[vrf <WORD/0-32>]


NN46205-523 02.02 9 December 2009


.



Command Parameter

[vrfids <0-255>]

show ip forward-protocol udp [vrf <WORD/0-32>]

[vrfids <0-255>]

show ip forward-protocol udpinterface

[<A.B.C.D>]

[vrf <WORD/0-32>]

[vrfids <0-255>]

show ip forward-protocol udp portfwd [vrf <WORD/0-32>]

[vrfids <0-255>]

show ip forward-protocol udpportfwdlist

[vrf <WORD/0-32>]

[vrfids <0-255>]


ip forward-protocol udp <1-65535>

ip forward-protocol udp portfwd <1-65535>


Configuring DHCP relayDHCP relay must be enabled on the path for the port or VLANconfiguration to take effect.


• “Configuring DHCP parameters globally” (page 213)

• “Showing DHCP relay information” (page 215)

• “Configuring DHCP relay on a port or VLAN” (page 216)

Configuring DHCP parameters globallyDHCP relay must be enabled on the path for the port or VLANconfiguration to take effect.

Prerequisites

• Access VLAN Interface configuration mode.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 View and configure DHCP parameters globally by using thefollowing command:ip dhcp-relay

2 Create the forwarding path from the client to the server by usingthe following command:ip dhcp-relay fwd-path <A.B.C.D> <A.B.C.D>

3 Enable the forwarding path from the client to the server by usingthe following command:ip dhcp-relay fwd-path <A.B.C.D> <A.B.C.D> enable

4 Modify DHCP mode to forward BootP messages only, DHCPmessages only, or both by using the following command:ip dhcp-relay fwd-path <A.B.C.D> <A.B.C.D> mode<bootp|bootp-dhcp|dhcp>

--End--

Variable definitionsUse the data in the following table to use the preceding commands.

Use the no operator to disable DHCP:no dhcp-relay

To set this option to the default value, use the default operator with theip dhcp-relay command.

Variable Value

fwd-path <A.B.C.D><A.B.C.D>

Configures the forwarding path from the clientto the server.

• A.B.C.D is the IP address configured on aninterface (a locally configured IP address) toforward or relay BootP or DHCP.

• A.B.C.D is the IP address of the DHCPserver in the network. If this IP addresscorresponds to the locally configured IPnetwork, the DHCP packet is broadcast outfrom the interface.

Use the no operator to delete the forwardingpath from the client to the server:no ip dhcp-relay fwd-path <A.B.C.D><A.B.C.D>


NN46205-523 02.02 9 December 2009


.


Variable Value


Disables DHCP relaying on the path from the IPaddress to the server. This is the default.

• A.B.C.D is the IP address configured on aninterface (a locally configured IP address).

• A.B.C.D is the IP address of the DHCPserver in the network.


Enables DHCP relaying on the path from the IPaddress to the server.

• A.B.C.D is the IP address configured on aninterface (a locally configured IP address).

• A.B.C.D is the IP address of the DHCPserver in the network. If this IP addresscorresponds to the locally configured IPnetwork, the DHCP packet is broadcast outfrom the interface.

fwd-path <A.B.C.D><A.B.C.D> mode <bootp|bootp-dhcp|dhcp>

Modifies DHCP mode to forward BootPmessages only, DHCP messages only, or both.The default is both.

• mode is {bootp | bootp_dhcp | dhcp}.

Showing DHCP relay informationDisplay relay information to show relay information about DHCP routesand counters.

Prerequisites

• Access privExec Configuration Mode or VRF Router configurationmode.

Procedure steps

Step Action

1 Display information about DHCP relay forward paths by using thefollowing command:show ip dhcp-relay fwd-path [vrf <WORD/0-32>][vrfids <0-255>]

2 Display information about DHCP relay counters by using thefollowing command:


NN46205-523 02.02 9 December 2009


.


show ip dhcp-relay counters [vrf <WORD/0-32>][vrfids <0-255>]

--End--

Variable definitionsUse the data in the following table to use the show ip dhcp-relayfwd-path [vrf <WORD/0-32>] [vrfids <0-255>] command andthe show ip dhcp-relay counters [vrf <WORD/0-32>] [vrfids<0-255>]command.

Variable Value

vrf <WORD/0-32> The name of the VRF.

vrfids <0-255> The ID of the VRF. Thevalue is aninteger in the range of 0 to 255.

Configuring DHCP relay on a port or VLANYou can view and configure DHCP parameters on specific ports or ona VLAN.

Prerequisites

• Access VLAN Interface configuration mode.

Procedure steps

Step Action

1 Enable DHCP parameters on specified ports by using thefollowing command:ip dhcp-relay

--End--

Variable definitionsUse the data in the following table to use the ip dhcp-relay command.

Use the no operator to disable DHCP parameters on specified ports:no ip dhcp-relay

To set this option to the default value, use the default operator with thiscommand.


NN46205-523 02.02 9 December 2009


.


Variable Value

broadcast When enabled, sends the server reply as abroadcast to the end station. When disabled,sends the server reply as a unicast to theend station. Use the no operator to disablebroadcast:no ip dhcp-relay broadcastTo set this option to the default value, use thedefault operator with this command.

fwd-path <A.B.C.D>[vrid <1-255>]

Creates a forward path server with a virtualrouter ID (or VRRP ID), a mode, and a state.

• A.B.C.D is the IP address.

• vrid <1-255> is the ID of the virtualrouter and is an integer between 1 and 255.

Use the no operator to delete a forward pathserver with a specific value and virtual routerID:no ip dhcp-relay fwd-path <A.B.C.D>[vrid <1-255>]

To set this option to the default value, use thedefault operator with this command.

fwd-path <A.B.C.D>disable [vrid <1-255>]


• A.B.C.D is the IP address.

• vrid <1-255> is the ID of the virtualrouter (or VRRP ID) and is an integerbetween 1 and 255.

fwd-path <A.B.C.D>enable [vrid <1-255>]

Enables a forward path server with a specificvalue and virtual router ID (or VRRP ID).

• A.B.C.D is the IP address in the forma.b.c.d.

• vrid <1-255> is the ID of the virtualrouter and is an integer between 1 and 255.


NN46205-523 02.02 9 December 2009


.


Variable Value

fwd-path-mode <A.B.C.D>mode <bootp|bootp_dhcp|dhcp> [vrid <1-255>]


• A.B.C.D is the IP address in the forma.b.c.d.


• vrid <1-255> is the ID of the virtualrouter (or VRRP ID) and is an integerbetween 1 and 255.


max-hop <1-16> Sets the maximum number of hops before aBootP/DHCP packet is discarded (1 to 16).The default is 4.To set this option to the default value, use thedefault operator with this command.

min-sec <0-65535> Sets the minimum seconds count for DHCP.If the secs field in the BootP/DHCP packetheader is greater than this value, the switchrelays or forwards the packet; otherwise, thepacket is dropped (0 to 65535). The default is0 seconds.To set this option to the default value, use thedefault operator with this command.

mode <bootp|bootp_dhcp|dhcp>

Sets DHCP mode to forward BootP messagesonly, DHCP messages only, or both. Thedefault is both.To set this option to the default value, use thedefault operator with this command.

Configuring UDP broadcast forwardingBy default, broadcasts are not forwarded by a router. UDP broadcastforwarding is a generalized mechanism for the router to selectively forwardUDP broadcasts. You must set up UDP broadcast forwarding on theswitch.

UDP broadcast forwarding navigation

• “Setting up UDP broadcast forwarding” (page 219)

• “Configuring UDP protocols” (page 203)

• “Configuring a UDP port forward entry” (page 204)


NN46205-523 02.02 9 December 2009


.


• “Configuring the UDP port forwarding list” (page 221)

• “Showing UDP forward information” (page 207)

Setting up UDP broadcast forwardingThe following procedure gives the steps to set up UDP broadcastforwarding:

Procedure steps

Step Action





--End--

Configuring UDP protocolsConfigure UDP protocols to determine which UDP broadcasts areforwarded.

PrerequisitesEnter Global Configuration Mode or VRF Router Configuration Mode.

Procedure steps

Step Action

1 Configure a UDP protocol by using the following command:ip forward-protocol udp

2 Confirm your configuration by using the following command:show ip forward-protocol udp [vrf <WORD/0-32>][vrfids <0-255>]

--End--

Variable definitionsUse the data in the following table to use the ip forward-protocoludp command.


NN46205-523 02.02 9 December 2009


.


Variable Value

<1-65535> <WORD/1-15>

Creates a new UDP protocol.

• <1-65535> <WORD/1-15> is the UDP protocolname as a string.

Use the no operator to delete a UDP protocol:no ip forward-protocol udp <1-65535>

[vrf <WORD/0-32>] The name of the VRF.

[vrfids <0-255>] The ID of the VRF. The value is an integer between0 and 255.

Configuring a UDP port forward entryConfigure a UDP port forward entry to add or remove a port forward entry.

PrerequisitesEnter Global Configuration Mode or VRF Router Configuration Mode.

Procedure steps

Step Action

1 Configure a UDP port forward entry by using the followingcommand:ip forward-protocol udp portfwd

2 Confirm your configuration by using the following command:show ip forward-protocol udp portfwd [vrf<WORD/0-32>] [vrfids <0-255>]

--End--

Variable definitionsUse the data in the following table to use the ip forward-protocol udpportfwd command.

Variable Value

<1-65535> <A.B.C.D> Adds a UDP protocol port to the specified portforwarding list.

• 1-65535 is a UDP protocol port in the range of1 to 65535.

• A.B.C.D is an IP address in a.b.c.d format.


NN46205-523 02.02 9 December 2009


.


Variable Value

Use the no operator to remove a protocol portforwarding entry and IP address from the list:no ip forward-protocol udp portfwd<1-65535> <A.B.C.D>



[vrfids <0-255>] The ID of VRF and is an integer between 0 and255.

Configuring the UDP port forwarding listConfigure the UDP port forwarding list to create and name the port forwardlist and to assign protocols and servers to the port forward list.

Prerequisites

• Access to VLAN Interface Configuration mode.

Procedure steps

Step Action

1 In VLAN Interface Configuration Mode, or VRF Routerconfiguration mode, configure the UDP port forwarding list byusing the following command:ip forward-protocol udp portfwdlist <1-1000>

ATTENTIONThe following steps are not available in VRF Router configurationmode.

2 Set the broadcast mask by using the following command:ip forward-protocol udp broadcastmask <A.B.C.D>

3 Set the maximum time to live by using the following command:ip forward-protocol udp maxttl <1-16>

4 Confirm your configuration by using the following command:show ip forward-protocol udp portfwdlist [vrf<WORD/0-32>] [vrfids <0-255>]

--End--


NN46205-523 02.02 9 December 2009


.


Variable definitionsUse the data in the following table to use the ip forward-protocol udpportfwdlist <1-1000> command.

Variable Value

<1-65535> <A.B.C.D> Adds a UDP protocol port to the specified portforwarding list.

• 1-65535 is a UDP protocol port in the range of1 to 65535.


Use the no operator to remove or delete a portforwarding list ID:no ip forward-protocol udp portfwdlist<1-1000> <1-65535> <A.B.C.D>

To set this option to use the default value, use thedefault operator with this command.

<1-1000> Creates a UDP port forwarding list in the range of 1to 1000.

<A.B.C.D> Sets the interface broadcast mask (the interfacebroadcast mask can be different from the interfacemask).


Use the no operator to delete the broadcast mask:no ip forward-protocol udp broadcastmask<A.B.C.D>


maxttl <1-16> Sets the maximum time-to-live value (TTL) for theUDP broadcast forwarded by the interface. Therange is 1 to 16.

name <WORD/0-15> Assigns a name to the UDP port forwarding list.

• WORD/0-15 is an alphabetic string.


[vrfids <0-255>] The ID of the VRF and is an integer in the range of0 to 255.


NN46205-523 02.02 9 December 2009


.


Showing UDP forward informationShow UDP forward information to view information about the UDPforwarding characteristics of the switch. There are four show options:

• show the interface information

• show the port forward information

• show the port forward list information

• show the protocol information

Prerequisites

• Access privExec Configuration Mode, Global configuration mode, orVRF Router configuration mode.

Procedure steps

Step Action

1 Display information about the UDP interface for all IP addressesor a specified IP address by using the following command:show ip forward-protocol udp interface [<A.B.C.D>][vrf <WORD/0-32>] [vrfids <0-255>]

2 Display the UDP port forwarding table by using the followingcommand:show ip forward-protocol udp portfwd [vrf<WORD/0-32>] [vrfids <0-255>]

3 Display the UDP port forwarding list table for the specified list orall lists on the switch by using the following command:show ip forward-protocol udp portfwdlist [vrf<WORD/0-32>] [vrfids <0-255>]

4 Display the UDP protocol table with the UDP port numbers foreach supported or designated protocol by using the followingcommand:show ip forward-protocol udp [vrf <WORD/0-32>][vrfids <0-255>]

--End--

Variable definitionsUse the data in the following table to use the show ip forward-protocol udp interface command.


NN46205-523 02.02 9 December 2009


.


Variable Value

<A.B.C.D> The IP address for the interface in a.b.c.dformat.


[vrfids <0-255>] The ID of the VRF and is an integer in therange of 0 to 255.


NN46205-523 02.02 9 December 2009


.

225.

ARP configuration using DeviceManager

Network stations using the IP protocol need both a physical address andan IP address to transmit a packet. In situations where the station knowsonly the network host IP address, the network station can use AddressResolution Protocol (ARP) to determine a network host physical addressby binding a 32-bit IP address to a 48-bit MAC address. A network stationcan use ARP across a single network only, and the network hardwaremust support physical broadcasts. If a network station wants to send apacket to a host but knows only the host IP address, the network stationuses ARP to determine the host physical address.

For more information about ARP concepts and terminology, see “IP routingoperations fundamentals” (page 21).

Select a topic:

• “Enabling or disabling ARP on the brouter port or a VRF instance”(page 226)

• “Enabling or disabling ARP on a VLAN or a VRF instance” (page 226)

• “Viewing and managing ARP” (page 227)

• “Creating static ARP entries” (page 228)

• “Configuring Proxy ARP” (page 229)

Navigation• “Enabling or disabling ARP on the brouter port or a VRF instance”

(page 226)

• “Enabling or disabling ARP on a VLAN or a VRF instance” (page 226)

• “Viewing and managing ARP” (page 227)

• “Creating static ARP entries” (page 228)

• “Configuring Proxy ARP” (page 229)


NN46205-523 02.02 9 December 2009


.

226 ARP configuration using Device Manager

Enabling or disabling ARP on the brouter port or a VRF instanceAfter you assign the IP address, you can configure ARP. By default, ARPResponse is enabled and Proxy ARP is disabled.

Procedure steps

Step Action

1 Select a port.


3 Click the ARP tab.

4 In the DoProxy box, click enable to enable the Proxy ARPfunction.

5 In the DoResp box, click disable or enable to select whether torespond to an ARP. The default is enabled.

6 Click Apply.

The ARP dialog box is available only when the port or VLAN isrouted; that is, it is assigned an IP address.

--End--

For more information, see “Port dialog box, ARP tab fields” (page 226).

Port dialog box, ARP tab fieldsVariable definitions

Use the data in the following table to use the Port dialog box, ARP tabfields.

Variable Value

DoProxy Sets the switch to respond to an ARP request from a locallyattached host or end station for a remote destination. The defaultvalue is disable.

DoResp Sets the switch to send ARP responses for this IP interfaceaddress. The default value is enable.

Enabling or disabling ARP on a VLAN or a VRF instanceTo prevent dropped ARP packets, you must enable ARP on the VLANbefore you enable ARP on the port.


NN46205-523 02.02 9 December 2009


.

Viewing and managing ARP 227

Procedure steps

Step Action

1 From the Device Manager menu bar, choose VLAN, VLANsGlobalRouter (vrf x).

2 Select a VLAN.

3 Click IP.


5 In the DoProxy box, click enable to enable the Proxy ARPfunction.

6 In the DoResp box, click disable or enable to select whether torespond to an ARP. The default is enabled.

7 Click Apply.

The ARP dialog box is available only if the port or VLAN isrouted; that is, it is assigned an IP address.

--End--

VLAN dialog box, ARP tab fieldsVariable definitions

Use the data in the following table to use the VLAN dialog box, ARP tabfields.

Variable Value

DoProxy Sets the switch to respond to an ARP request from a locallyattached host or end station for a remote destination. The defaultvalue is disable.

DoResp Sets the switch to send ARP responses for this IP interfaceaddress. The default value is enable.

Viewing and managing ARPYou can view and manage known MAC address to IP addressassociations. In addition, you can create or delete individual ARP entries.

Procedure steps

Step Action

1 From the Device Manager menu bar, choose IP, IPGlobalRouter (vrf x).



NN46205-523 02.02 9 December 2009


.


The IP dialog box, ARP tab appears with the MAC addressesand IP addresses displayed.

--End--

For more information, see “IP dialog box, ARP tab fields” (page 228).

IP dialog box, ARP tab fieldsVariable definitions

Use the data in the following table to use the IP dialog box, ARP tab fields.

Variable Value

Interface The router interface for this ARP entry:

• Brouter interfaces are identified by the slot/port number ofthe brouter port.

• Virtual router interfaces are identified by the brouterslot/port and the name of the VLAN followed by the (VLAN)designation are specified.

MacAddress The media-dependent physical address (that is, the Ethernetaddress).

IpAddress The IP address corresponding to the media-dependent physicaladdress.

Type Type of ARP entry:

• local—a locally configured ARP entry

• static—a statically configured ARP entry

• dynamic—a learned ARP entry

Creating static ARP entriesUse the following procedure to create a static ARP entry.

Procedure steps

Step Action

1 From the Device Manager menu bar, choose IP, IPGlobalRouter (vrf x).


3 Click Insert.

4 In the Interface box, click the ellipsis button to select the brouterinterface from the ipNetToMediaIfIndex dialog box.


NN46205-523 02.02 9 December 2009


.

Configuring Proxy ARP 229

5 In the Port in VLAN box, use the menu to associate the brouterport with a VLAN.

6 Click OK.

This action specifies the VLAN interface connected to the stationfor which a static ARP entry is defined.

7 In the IpAddress box, type the IP address.

8 In the MacAddress box, type the MAC address.

9 Click Insert.

--End--

Configuring Proxy ARPWith Proxy ARP, the Ethernet Routing Switch 8600 can respond to anARP request from a locally attached host or end station for a remotedestination. Proxy ARP does so by sending an ARP response back to thelocal host with its own MAC address of the router interface for the subneton which the ARP request was received. The reply is generated only if theswitch has an active route to the destination network.

Procedure steps

Step Action


2 Choose a VLAN.

3 Click IP.

4 Select the ARP tab.

5 Click the DoProxy enable button.

6 Click Apply. Proxy ARP is enabled for the VLAN.

--End--


NN46205-523 02.02 9 December 2009


.



NN46205-523 02.02 9 December 2009


.

231.

ARP configuration using the CLINetwork stations that use IP protocol require both a physical address andan IP address to transmit packets. In situations where the station knowsonly the network host IP address, the Address Resolution Protocol (ARP)lets you use the network station to determine a network host physicaladdress by binding a 32-bit IP address to a 48-bit MAC address.

A network station can use ARP across a single network only, and thenetwork hardware must support physical broadcasts. If a network stationwants to send a packet to a host but knows only the host IP address, thenetwork station uses ARP to determine the host physical address.

• For conceptual information about ARP management, see “IP routingoperations fundamentals” (page 21).

• See the ARP Technical Configuration Guide for ARP configurationexamples. You can find this Technical Configuration Guide atwww.nortel.com/documentation. Choose Routers & Routing Switchesand then Ethernet Routing Switch 8600.

ARP configuration navigation• “Job aid” (page 231)

• “Configuring ARP on a port” (page 233)

• “Configuring ARP on a VLAN” (page 235)

• “Configuring IP ARP” (page 237)



NN46205-523 02.02 9 December 2009


.

232 ARP configuration using the CLI

Table 23Roadmap of ARP commands

Command Parameter

config ethernet <ports> ip arp-response info

enable

disable

config ethernet <ports> ip proxy info

disable

enable

config ethernet <ports> loop-detect<enable|disable> [action <value>][arp-detect]

config vlan <vid> ip arp-response info

disable

enable

config vlan <vid> ip proxy info

disable

enable

config ip arp info

add ports <value> ip <value> mac<value> [vlan <value>]

arpreqthreshold <integer>

aging <minutes>

delete <ipaddr>

multicast-mac-flooding<enable|disable>

clear ip arp vlan <vid>

clear ip arp ports <port>

show ports info arp [vlan <value>] [ports<value>]

show vlan info arp [<vid>] [port <value>]

show ip arp info [<ipaddress>] [-s <value>]

show-all [file <value>]

static-mcastmac [<ipaddress>] [-s<value>]


NN46205-523 02.02 9 December 2009


.

Configuring ARP on a port 233

Configuring ARP on a portYou can enable or disable ARP responses on a specified port on theswitch. You can also enable Proxy ARP on a port, which lets a routeranswer a local ARP request for a remote destination.

ARP configuration on a port navigation

• “Enabling ARP on a port” (page 233)

• “Configuring an Proxy ARP on a port” (page 233)

• “Configuring ARP loop detection” (page 234)

• “Showing ARP port information” (page 235)

Enabling ARP on a portEnable ARP on a port to allow a router to answer a local ARP request for adestination.

Procedure steps

Step Action

1 Enable ARP on specific ports by using the following command:config ethernet <ports> ip arp-response

2 Confirm your configuration by using the following command:config ethernet <ports> ip arp-response info

--End--

Variable definitionsUse the data in the following table to use the config ethernet <ports>ip arp-response command.

Variable Value

disable Disables ARP responses on the port.

enable Enables ARP responses on the port.

info Displays ARP response status on the port.

Configuring an Proxy ARP on a portConfigure an Proxy ARP on a port to allow a router to answer a local ARPrequest for a remote destination.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 Configure Proxy ARP on a port by using the following command:config ethernet <ports> ip proxy

2 Confirm your configuration by using the following command:config ethernet <ports> ip proxy info

--End--

Variable definitionsUse the data in the following table to use the config ethernet <ports>ip proxy command.

Variable Value

disable Disables ARP proxy responses on the port.

enable Enables ARP proxy responses on the port.

info Displays ARP proxy status on the port.

Configuring ARP loop detectionLoop detection works only when loop-detect is enabled. To clear thisoption, you must disable loop detection.

Procedure steps

Step Action

1 Configure ARP loop detection by using the following command:config ethernet <ports> loop-detect <enable|disable> [action <value>] [arp-detect]

--End--

Variable definitionsUse the data in the following table to use the config ethernet<ports> loop-detect <enable|disable> [action <value>][arp-detect]command.

Variable Value

ports The port numbers, shown as slot/port.

value port-down|vlan-block or mac-discard.


NN46205-523 02.02 9 December 2009


.

Configuring ARP on a VLAN 235

Showing ARP port informationShow ARP port information to display data for a specified port or for allports.

Procedure steps

Step Action

1 Display ARP information for the specified port or for all ports byusing the following command:show ports info arp [<ports>]

--End--

Job aidThe following table shows the field descriptions for the show ports infoarp command.

Table 24show ports info arp command



DOPROXY Indicates if ARP proxy responses are enabled ordisabled on the specified interface.

DORESP Indicates if the sending of ARP responses is enabledor disabled on the specified interface.

Configuring ARP on a VLANTo prevent dropped ARP packets because the port filter is set to drop, youmust enable ARP on the VLAN before you enable ARP on the port.

ARP configuration on a VLAN navigation

• “Enabling ARP on a VLAN” (page 235)

• “Configuring an ARP proxy on a VLAN” (page 236)

• “Showing ARP VLAN information” (page 237)

Enabling ARP on a VLANYou can enable or disable ARP VLAN responses on a specified port onthe switch. You can also enable proxy ARP on the VLAN, which lets arouter answer a local ARP request for a remote destination.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 Enable ARP on specific VLAN by using the following command:config vlan <vid> ip arp-response

2 Confirm your configuration by using the following command:config vlan <vid> ip arp-response info

--End--

Variable definitionsUse the data in the following table to use the config vlan <vid> iparp-response command.

Variable Value

disable Disables ARP responses on the VLAN.

enable Enables ARP responses on the VLAN.

info Displays ARP response status on the VLAN.

Configuring an ARP proxy on a VLANConfigure an ARP proxy on a VLAN to allow a router to answer a localARP request for a remote destination.

Procedure steps

Step Action

1 Configure proxy ARP on a VLAN by using the followingcommand:config vlan <vid> ip proxy

2 Confirm your configuration by using the following command:config vlan <vid> ip proxy info

--End--

Variable definitionsUse the data in the following table to use the config vlan <vid> ipproxy command.

Variable Value

disable Disables proxy ARP on the VLAN.


NN46205-523 02.02 9 December 2009


.

Configuring IP ARP 237

Variable Value

enable Enables proxy ARP on the VLAN, allowing a router toanswer a local ARP request for a remote destination.

info Displays ARP proxy status on the VLAN.

Showing ARP VLAN informationShow ARP VLAN information to display ARP information for the specifiedport or for all ports.

Procedure steps

Step Action

1 Display ARP information for the specified port or for all ports byusing the following command:show vlan info arp [<vid>][port <value>]

--End--

Job aidThe following table shows the field descriptions for the show vlan infoarp command.

Table 25show vlan info arp command


VLAN ID Indicates the VLAN ID.

DOPROXY Indicates if ARP proxy responses are enabled ordisabled on the specified interface.

DORESP Indicates if the sending of ARP responses is enabledor disabled on the specified interface.

Configuring IP ARPUse the ARP commands to add and delete static entries in the ARP tableand to display the ARP table. The ARP table maps MAC addresses to IPaddresses. If you add an ARP entry for a VLAN, the VLAN is associatedwith the MAC address you specify. All entries appear (static and dynamic)when you display the ARP table. Before you can add an ARP entry to aport or port-based VLAN, you must first assign an IP address to the port orVLAN and enable routing.


NN46205-523 02.02 9 December 2009


.


The only way to change a static ARP is to delete the old static ARP entryand create a new entry with new information. When you create a staticARP entry using an IP address that belongs to another static ARP entryand then run the show config module ip command, the output displaysyour new entry.

IP ARP configuration navigation

• “Configuring ARP static entries” (page 238)

• “Clearing ARP timers” (page 239)

• “Showing ARP information” (page 240)

Configuring ARP static entriesConfigure ARP static entries to modify the ARP parameters on the switch.

Procedure steps

Step Action

1 Configure ARP static entries on the switch by using the followingcommand:config ip arp

2 Confirm your configuration by using the following command:config ip arp info

--End--

Variable definitionsUse the data in the following table to use the config ip arp command.

Variable Value

add ports <value> ip <value> mac<value> [vlan <value>]

Adds a static entry to theARP table.

• ports <value> are theport numbers, shown asslot/port.

• ip <value> is theIP address in format{a.b.c.d}.

• mac <value> is the48-bit hardware MACaddress in the format


NN46205-523 02.02 9 December 2009


.


Variable Value

{0x00:0x00:0x00:0x00:0x00:0x00}.

• vlan <value> is thename or number of aVLAN.

aging <minutes> Sets the length of time inseconds an entry remainsin the ARP table beforetimeout.

• minutes is a numberbetween 1 and 32767.

arpreqthreshold <integer> Configures the maximumnumber of outstanding ARPrequests that a switch cangenerate.

• integer is in the rangeof 50 to 1000. Thedefault value is 500.

delete <ipaddr> Removes an entry from theARP table.

• ipaddr is the IP addressin a.b.c.d format.

info Displays ARP characteristics.

multicast-mac-flooding <enable|disable>

Determines whether ARPentries for multicast MACaddresses are associatedwith the VLAN or the portinterface on which they werelearned.

Clearing ARP timersUse this procedure to clear ARP timers.

Procedure steps

Step Action

1 Clear ARP timers for a VLAN by using the following command:clear ip arp vlan <vid>


NN46205-523 02.02 9 December 2009


.


2 Clear ARP timers for a port by using the following command:clear ip arp ports <port>

--End--

Variable definitionsUse the data in the following table to use the clear ip arp vlan <vid>command.

Variable Value

<port> The port number.

<vid> The VLAN ID.

Showing ARP informationShow ARP information to view the configuration information in the ARPtable.

Procedure steps

Step Action

1 Display the ARP table by using the following command:show ip arp info [<ip address>] [-s <value>

--End--

Variable definitionsUse the data in the following table to use the show ip arp info [<ipaddress>] [-s <value>]command.

Variable Value

ip address The network IP address for the table.

-s <value> The subnet in the format(a.b.c.d/x|a.b.c.d/x.x.x.x|default).

Job aidThe following table shows the field descriptions for the show ip arp infocommand.

Table 26show ip arp info command


IP_ADDRESS Indicates the IP address where ARP is configured.


NN46205-523 02.02 9 December 2009


.


Table 26show ip arp info command (cont’d.)


MAC_ADDRESS Indicates the MAC address where ARP is configured.

VLAN Indicates the VLAN address where ARP is configured.

PORT Indicates the port where ARP is configured.

TYPE Indicates the type of learning (dynamic or local) where ARPis configured.

TTL<10 secs> Indicates the time to live as tenths of a second where ARPis configured.


NN46205-523 02.02 9 December 2009


.



NN46205-523 02.02 9 December 2009


.

243.

ARP configuration using the NNCLINetwork stations that use IP protocol require both a physical address andan IP address to transmit packets. In situations where the station knowsonly the network host IP address, the Address Resolution Protocol (ARP)lets you use the network station to determine a network host physicaladdress by binding a 32-bit IP address to a 48-bit MAC address.

A network station can use ARP across a single network only, and thenetwork hardware must support physical broadcasts. If a network stationwants to send a packet to a host but knows only the host IP address, thenetwork station uses ARP to determine the host physical address.

See the ARP Technical Configuration Guide for ARP configurationexamples. You can find this Technical Configuration Guide atwww.nortel.com/documentation. Choose Routers & Routing Switches andthen Ethernet Routing Switch 8600.

ARP configuration proceduresThis task flow shows you the sequence of procedures to perform toconfigure ARP.

ARP configuration navigation• “Job aid” (page 244)

• “Enabling ARP on a port or a VLAN” (page 245)

• “Enabling ARP proxy” (page 245)

• “Configuring ARP loop detection” (page 246)

• “Showing ARP information” (page 247)

• “Configuring IP ARP static entries” (page 248)

• “Clearing ARP timers” (page 249)

• “Showing ARP table information” (page 250)


NN46205-523 02.02 9 December 2009


.

244 ARP configuration using the NNCLI


Table 27Roadmap of ARP commands

Command Parameter

Interface Configuration Mode

ip arp-response

default ip arp-response

ip arp-proxy enable

no ip arp-proxy enable

loop-detect [action {port-down|vlan-block|macdiscard}]

[arp-detect]

no loop detect

Global Configuration Mode

ip arp multicast-mac-flooding

request-threshold

static-mcast

timeout

<A.B.C.D>

ip arp timeout <1-32767>

[arp-detect]

no ip arp <A.B.C.D>

no ip arp multicast-mac-flooding enable

PrivExec Configuration Mode and VRF Router Configuration Mode

clear ip arp interface <interface-type>

<interface-id>

show ip arp interface <interface-type>

<interface-id>

show ip arp -s <A.B.C.D> <A.B.C.D>

<A.B.C.D>

static

vrf <WORD/1-16>

vrfids <0-255>

show ip arp static-mcast <A.B.C.D>


NN46205-523 02.02 9 December 2009


.

Enabling ARP proxy 245

Table 27Roadmap of ARP commands (cont’d.)

Command Parameter

-s <A.B.C.D>

vrf <WORD/1-16>

vrfids <0-255>


ip arp timeout

<A.B.C.D>

no ip arp <A.B.C.D>

clear ip arp interface <interface-type>

Enabling ARP on a port or a VLANYou can enable or disable ARP responses on the switch. You can alsoenable ARP proxy, which lets a router answer a local ARP request fora remote destination.

Enable ARP on the switch to allow a router to answer a local ARP request.

Prerequisites

• Access VLAN/FastEthernet/GigabitEthernet Interface ConfigurationMode.

Procedure steps

Step Action

1 Enable ARP on the switch by using the following command:ip arp-response

Use the no operator to disable ARP:no ip arp-response

To set this option to the default value, use the default operatorwith this command.

--End--

Enabling ARP proxyConfigure an ARP proxy to allow a router to answer a local ARP requestfor a remote destination.


NN46205-523 02.02 9 December 2009


.


Prerequisites


Procedure steps

Step Action

1 Enable ARP proxy on the switch by using the followingcommand:ip arp-proxy enable

Use the no operator to disable ARP proxy:no ip arp-proxy [enable]


--End--

Configuring ARP loop detectionLoop detection works only when loop-detect is enabled. To clear thisoption, you must disable the loop detection.

Prerequisites


Procedure steps

Step Action

1 Configure ARP loop detection by using the following command:loop-detect [action {port-down|vlan-block|mac-discard}] [arp-detect]

Use the no operator to disable ARP proxy:no loop detect


--End--


NN46205-523 02.02 9 December 2009


.

Showing ARP information 247

Variable definitionsUse the data in the following table to use the loop-detect [action{port-down|vlan-block|mac-discard}] [arp-detect]command.

Variable Value

action Indicates the action that the switch takes: port-down|vlan-block|mac-discard.

Showing ARP informationShow ARP port information to display data about the specified port, allports, or the VLAN.

Prerequisites

• Access privExec Configuration Mode or VRF Router configurationmode.

Procedure steps

Step Action

1 Display ARP information for the specified port or for all ports, orthe VLAN by using the following command:show ip arp interface <interface-type><interface-id>

--End--

Variable definitionsUse the data in the following table to use the show ip arp interfacecommand.

Variable Value

interface-id ID of the interface.

interface-type Type of interface, either a port or aVLAN.

Job aidThe following tables show the field descriptions for ports and VLANs.

Table 28show ip arp interface command for ports




NN46205-523 02.02 9 December 2009


.


Table 28show ip arp interface command for ports (cont’d.)


DOPROXY Indicates if ARP proxy responses are enabled or disabledon the specified interface.

DORESP Indicates if the sending of ARP responses is enabled ordisabled on the specified interface.

Table 29show ip arp interface command for VLANs


VLAN_ID Indicates the VLAN ID.

DOPROXY Indicates if ARP proxy responses are enabled or disabledon the specified interface.

DORESP Indicates if the sending of ARP responses is enabled ordisabled on the specified interface.

Configuring IP ARP static entriesConfigure ARP static entries to modify the ARP parameters on the switch.The only way to change a static ARP is to delete the static ARP entry andcreate a new entry with new information.

Prerequisites

• Access Global configuration mode or VRF Router configuration mode.

Procedure steps

Step Action

1 Configure ARP static entries on the switch by using the followingcommand:ip arp

2 Confirm your configuration by using the following command:show ip arp

--End--

Variable definitionsUse the data in the following table to use the ip arp command.


NN46205-523 02.02 9 December 2009


.

Clearing ARP timers 249

Variable Value

multicast-mac-flooding[enable]

Determines whether ARP entries formulticast MAC addresses are associatedwith the VLAN or the port interface onwhich they were learned.

Use the no operator to delete a staticentry from the ARP table:no ip arp multicast-mac-flooding[enable]

To set this option to the default value,use the default operator with thiscommand.

request-threshold <50-1000> Configures the maximum number ofoutstanding ARP requests that a switchcan generate. The range is 50 to 1000.The default value is 500.


static-mcast Configures static multicast MAC entries.

timeout <1-32767> Sets the length of time in seconds anentry remains in the ARP table beforetimeout. The range is between 1 and32767.


<A.B.C.D> Adds ARP entries.

Clearing ARP timersUse this procedure to clear ARP timers.

Prerequisites

• Access privExec Configuration Mode or VRF Router configuationmode.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 Clear ARP timers by using the following command:clear ip arp interface <interface-type><interface-id>

--End--

Showing ARP table informationShow ARP information to view the configuration information in the ARPtable.

Prerequisites

• Access privExec Configuration Mode or VRF Router ConfigurationMode.

Procedure steps

Step Action

1 Display the ARP table by using the following command:show ip arp [<A.B.C.D>] [-s <A.B.C.D> <A.B.C.D>][vrf <WORD/0-32>] [vrfids <0-255>]

--End--

Variable definitionsUse the data in the following table to use the show ip arp [<A.B.C.D>][-s <A.B.C.D> <A.B.C.D>] [vrf <WORD/0-32>] [vrfids<0-255>]command.

Variable Value

<A.B.C.D> The specific network IP address forthe table.

-s <A.B.C.D> <A.B.C.D> The specific subnet for the table.


vrfids <0-255> The VRF ID in the range of 0 to 255.


NN46205-523 02.02 9 December 2009


.

Showing ARP table information 251

Job aidThe following table shows the field descriptions for the show ip arp[<A.B.C.D>] [-s <A.B.C.D> <A.B.C.D>] [vrf <WORD/0-32>][vrfids <0-255>] command.

Table 30show ip arp command


IP_ADDRESS Indicates the IP address where ARP is configured.

MAC_ADDRESS Indicates the MAC address where ARP is configured.

VLAN Indicates the VLAN address where ARP is configured.

PORT Indicates the port where ARP is configured.

TYPE Indicates the type of learning (dynamic or local) where ARPis configured.

TTL<10 secs> Indicates the time to live as tenths of a second where ARPis configured.


NN46205-523 02.02 9 December 2009


.



NN46205-523 02.02 9 December 2009


.

253.

VRRP configuration using DeviceManager

With the current implementation of virtual router redundancy protocol(VRRP), one active master switch exists for each IP subnet. All otherVRRP interfaces in a network are in backup mode.

On an Ethernet Routing Switch 8600, you cannot directly check or set thevirtual IP address on the standby CPU module. To check or set the virtualIP address on the standby CPU, you must configure the virtual IP addresson the master CPU, save it to the config.cfg file, and then copy that file tothe standby CPU module.

If you have VRRP and IP routing protocols (for example, Open ShortestPath First [OSPF]) configured on the same IP physical interface, youcannot select the interface address as the VRRP virtual IP address (logicalIP address). Use a separate dedicated IP address for VRRP.

To modify the behavior of the VRRP failover mechanism, use thehold-down timer to allow the router enough time to detect and update theOSPF or RIP routes. The timer delays the preemption of the master overthe backup, when the master becomes available. The hold-down timerhas a default value of 0 seconds. Nortel recommends that you set all ofyour routers to the identical number of seconds for the hold-down timer. Inaddition, you can manually force the preemption of the master over thebackup before the delay timer expires.

ATTENTIONAn Ethernet Routing Switch 8600 acting as a VRRP Master does not reply toSNMP Get requests to the VRRP virtual interface address. It will, however,respond to SNMP Get requests to its physical IP address.

For more information about VRRP concepts and terminology, see “IProuting operations fundamentals” (page 21).

Select a topic:


NN46205-523 02.02 9 December 2009


.

254 VRRP configuration using Device Manager

• “Enabling VRRP global variables” (page 254)

• “Configuring VRRP on a VLAN (or brouter port) or a VRF instance”(page 262)

• “Configuring VRRP for the interface” (page 255)

• “Configuring VRRP secondary features” (page 258)

• “Configuring Fast Advertisement Interval on a port or a VRF instance”(page 264)

• “Configuring Fast Advertisement Interval on a VLAN or a VRFinstance” (page 265)

Prerequisites to VRRP configuration• Assign an IP address to the interface.

• Enable VRRP globally.

• RSMLT is not configured on the VLAN.

Navigation• “Enabling VRRP global variables” (page 254)






Enabling VRRP global variablesUse this procedure to enable VRRP global variables.

Procedure steps

Step Action

1 From the Device Manager menu bar, choose IP, VRRPGlobalRouter (vrf x).

2 Click the variables you want to enable.


NN46205-523 02.02 9 December 2009


.

Configuring VRRP for the interface 255

3 Click Apply.

--End--

For more information, see “Globals tab fields” (page 255).

Globals tab fieldsVariable definitions

Use the data in the following table to use the Globals tab fields.

Variable Value

PingVirtualAddrEnable

Configures whether this device responds to pingsdirected to a virtual router IP address.

NotificationCntl Indicates whether the VRRP-enabled router generatesSNMP traps for events.• enabled—SNMP traps are generated

• disabled—no SNMP traps are sent

To continue, go to:




Configuring VRRP for the interfaceYou can manage and configure VRRP parameters for the routing interface.

Procedure steps

Step Action


2 Click the Interface tab.

3 Click the HoldDownTimer box, and enter the number ofseconds for the timer.

The HoldDownState box displays active when the hold-downtimer is counting down and preemption occurs. The text boxdisplays dormant when preemption is not pending. When thehold-down timer is active, the HoldDownTimeRemaining boxdisplays the seconds remaining before preemption.


NN46205-523 02.02 9 December 2009


.


4 On the OperAction box, click the heading to display an arrow.Click the text box, and a list appears. Choose preemption topreempt the timer, or choose none to allow the timer to keepworking.

5 Click the text box to display a list.

6 Choose preemption to preempt the timer, or choose none toallow the timer to keep working.

7 Click Apply.

--End--

For more information, see “Interface tab fields” (page 256).

Interface tab fieldsVariable definitions

Use the data in the following table to use the Interface tab fields.

Variable Value

IfIndex The index value that uniquely identifies the interface towhich this entry is applicable.

VrId A number that uniquely identifies a virtual router ona VRRP router. The virtual router acts as the defaultrouter for one or more assigned addresses (1 to 255).

IpAddr The assigned IP addresses that a virtual router isresponsible for backing up.

VirtualMacAddr The MAC address of the virtual router interface.

State The state of the virtual router interface:

• initialize—waiting for a startup event

• backup—monitoring availability and state of themaster router

• master—functioning as the forwarding router for thevirtual router IP addresses.

Control Displays whether VRRP is enabled or disabled for theport (or VLAN).

Priority The priority value used by this VRRP router. Set avalue from 1 to 255, where 255 is reserved for therouter that owns the IP addresses associated with thevirtual router. The default is 100.


NN46205-523 02.02 9 December 2009


.

Configuring VRRP for the interface 257

Variable Value

AdvertisementInterval The time interval (in seconds) between sendingadvertisement messages. The range is 1 to 255seconds with a default of 1 second. Only the masterrouter sends advertisements.

MasterIpAddr The IP address of the physical interface of the mastervirtual router that forwards packets sent to the virtual IPaddresses associated with the virtual router.

VirtualRouterUpTime The time interval (in hundredths of a second) since thevirtual router was initialized.

Action Lists options to override the delay timer manually andforce preemption:

• none does not override the timer

• preemptHoldDownTimer preempts the timer

HoldDownTimer Configures the amount of time (in seconds) to waitbefore preempting the current VRRP master.

HoldDownState Indicates the hold-down state of this VRRP interface. Ifthe hold-down timer is operational, this variable is setto active; otherwise, this variable is set to dormant.

HoldDownTimeRemaining

Indicates the amount of time (in seconds) left beforethe HoldDownTimer expires.

CriticalIpAddr An IP interface on the local router configured so that achange in its state causes a role switch in the virtualrouter (for example, from master to backup) in case theinterface stops responding.

CriticalIpAddrEnable Sets the IP interface on the local router to enable ordisable the backup.

BackUpMaster Lets you use the backup VRRP switch trafficforwarding. This reduces the traffic on the IST link. Thedefault is disabled.

BackUpMasterState Indicates whether the backup VRRP switch trafficforwarding is enabled or disabled.

FasterAdvInterval Sets the Fast Advertisement Interval between sendingVRRP advertisement messages. The interval isbetween 200 and 1000 milliseconds, and you mustenter the same value on all participating routers. Thedefault is 200. You must enter the values in multiplesof 200 milliseconds.

FasterAdvIntervalEnable

Enables or disables the Fast Advertisement Interval.When disabled, the regular advertisement interval isused. The default is disable.

To continue, go to:


NN46205-523 02.02 9 December 2009


.




Configuring VRRP secondary featuresYou can manage and configure VRRP secondary features.

Procedure steps

Step Action


2 Click the Secondary Feature tab.

3 Click the HoldDownTimer box, and enter the desired numberof seconds for the timer.

The HoldDownState box displays active when the hold-downtimer is counting down and preemption occurs; the text boxdisplays dormant when preemption is not pending. When thehold-down timer is active, the HoldDownTimeRemaining boxdisplays the seconds remaining before preemption.

4 Use the OperAction option to manually override the delaytimer and to force preemption. When you click the heading, anarrow appears. Click the text box, and a list appears. Choosepreemption to preempt the timer, or choose none to allow thetimer to keep working.

5 In the BackUpMaster box, enable or disable the backup masterfeature.

ATTENTIONDo not enable BackupMaster if Critical IP is also enabled.

6 Click Apply.

--End--

For more information, see the following table.

Secondary Feature tab fieldsVariable definitions

Use the data in the following table to use the Secondary Feature tab.


NN46205-523 02.02 9 December 2009


.

Configuring VRRP on a port or a VRF instance 259

Variable Value

BackUpMaster Indicates if the VRRP backup master is enabled ordisabled. Nortel recommends that you use this optiononly for Split MultiLink Trunking (SMLT) ports.

BackUpMastrState Displays the BackupMaster operational state.

When VRRP is enabled on a switch in a master statethe BackUpMaster state is down.

When VRRP is enabled on a switch that is in a backupstate, the BackUpMaster state is up.

HoldDownState Status is active when the hold-down timer is countingdown and preemption occurs; the text box appearsdormant when preemption is not pending.

HoldDownTimer The time interval (in seconds) a router is delayed forthe following conditions:

• The VRRP hold-down timer runs when the switchtransitions from initialization to backup to master.This occurs only on a switch bootup.

• The VRRP hold-down timer does not run under thefollowing condition: In a nonbootup condition, thebackup switch becomes master after the MasterDowntime Interval (3 * hello interval), if the mastervirtual router goes down.

• The VRRP hold-down timer also applies to theVRRP BackupMaster feature.


The seconds remaining before preemption.

OperAction Lists options to override the delay timer manually andforce preemption:

• preemption—preempt the timer

• none—allow the timer to keep working

VrId A number that uniquely identifies a virtual router (VR)on a VRRP router. The virtual router acts as the defaultrouter for one or more assigned addresses (1 to 255).

Configuring VRRP on a port or a VRF instanceYou can configure VRRP on a port, a brouter port (or a VLAN), or aVRF instance only if the port or brouter port (or VLAN) is assigned an IPaddress.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 From the Device Manager menu bar, choose Edit, Port, IPGlobalRouter (vrf).

2 Click the VRRP tab.

3 Click Insert.

The Port, Insert VRRP dialog box appears.

4 In the VrId text box, enter a virtual router ID.

5 Enter an IP address.

6 In the Control section, select enabled.

7 Enter an advertisement interval.

8 Select CriticalIpAddrEnable.

ATTENTIONDo not enable Critical IP if Backup Master is enabled.

9 Enter a critical IP address.

10 Specify the number of seconds for the HoldDown timer.

11 If required, select an OperAction.

12 In BackUpMaster, select enabled.

13 Click Insert.

14 Click Close.

--End--

For more information, see “Port, Insert VRRP fields” (page 260).

Port, Insert VRRP fieldsVariable definitions

Use the data in the following table to use the Port, Insert VRRP tab.

Variable Value


IpAddr The IP address of the virtual router interface.

Control Displays whether VRRP is enabled or disabled for theport or VLAN.


NN46205-523 02.02 9 December 2009


.

Configuring VRRP on a port or a VRF instance 261

Variable Value

Priority Priority value used by this VRRP router. Set a valuefrom 1 to 255, where 255 is reserved for the routerthat owns the IP addresses associated with the virtualrouter. The default is 100.

AdvertisementInterval The time interval (in seconds) between sendingadvertisement messages. The range is 1 to 255seconds with a default of 1 second. Only the masterrouter sends advertisements.

Action Use the action list to manually override the delay timerand force preemption:

• none does not override the timer

• preemptHoldDownTimer preempts the timer





CriticalIpAddr Indicates if a user-defined critical IP address must beenabled. There is no effect if a user-defined IP addressdoes not exist. Use the default IP address (0.0.0.0)


BackUpMaster Lets you use the VRRP backup master feature. Thisoption is only supported on SMLT ports.

FasterAdvInterval Sets the Fast Advertisement Interval between sendingVRRP advertisement messages. The interval can bebetween 200 and 1000 milliseconds, and it must be thesame on all participating routers. The default is 200.You must enter values in multiples of 200 milliseconds.


Enables or disables the Fast Advertisement Interval.

When disabled, the regular advertisement interval isused. The default is disabled.

To continue, go to:


NN46205-523 02.02 9 December 2009


.







Configuring VRRP on a VLAN (or brouter port) or a VRF instanceBefore you configure VRRP on a VLAN or a VRF instance, you must firstset VRRP globally. You can configure VRRP on a VLAN or brouter portonly if the port or VLAN is assigned an IP address.

Procedure steps

Step Action


2 On the Basic tab, select a VLAN.

3 Click IP.

The IP, VLAN dialog box appears with the IP Address tabdisplayed.

4 Select the VRRP tab.

5 Click Insert.

The IP, VLAN, Insert VRRP dialog box appears.

6 Edit the fields as required.

7 Click Insert.

--End--

For more information, see “IP, VLAN, Insert VRRP field” (page 262).

IP, VLAN, Insert VRRP fieldVariable definitions

Use the data in the following table to use the IP, VLAN, Insert VRRP field.


NN46205-523 02.02 9 December 2009


.

Configuring VRRP on a VLAN (or brouter port) or a VRF instance 263

Variable Value

IfIndex The index value that uniquely identifies the interface towhich this entry is applicable.


IpAddr The IP address of the virtual router interface.

VirtualMacAddr The MAC address of the virtual router interface.

State The state of the virtual router interface:


• backup—monitoring availability and state of themaster router

• master—functioning as the forwarding router for thevirtual router IP addresses.

Control Displays whether VRRP is enabled or disabled for theport or VLAN.

Priority Priority value used by this VRRP router. The rangeis from 1 to 255, where 255 is reserved for the routerthat owns the IP addresses associated with the virtualrouter. The default is 100.

AdvertisementInterval The time interval (in seconds) between sendingadvertisement messages. The range is from 1 to 255seconds with a default of 1 second. Only the masterrouter sends advertisements.

MasterIPAddr The IP address of the master router.

VirtualRouterUpTime The time interval (in hundredths of a second) since thevirtual router was initialized.

Action Use the action list to manually override the delay timerand force preemption:

• preemptHoldDownTimer—preempt the timer

• none—allow the timer to keep working


NN46205-523 02.02 9 December 2009


.


Variable Value





HoldDownState Status is active when the hold-down timer is countingdown and preemption occurs; the status displaysdormant when preemption is not pending.


The seconds remaining before preemption.

CriticalIpAddr Indicates if a user-defined critical IP address must beenabled. There is no effect if a user-defined IP addressdoes not exist.


BackUpMaster Lets you use the VRRP backup master switch.

BackUpMasterState Indicates whether the backup VRRP switch trafficforwarding is enabled or disabled.

FasterAdvInterval Sets the Fast Advertisement Interval between sendingVRRP advertisement messages. The interval can bebetween 200 and 1000 milliseconds, and it must be thesame on all participating routers. The default is 200.Enter the values in multiples of 200 milliseconds.


Lets you use the Fast Advertisement Interval. Whendisabled, the regular advertisement interval is used.The default is disabled.

Configuring Fast Advertisement Interval on a port or a VRFinstance

Configure the Fast Advertisement Interval to send VRRP advertisementmessages. The interval can be between 200 and 1000 milliseconds, and itmust be the same on all participating routers. The default is 200. Enter thevalues in multiples of 200 milliseconds.


NN46205-523 02.02 9 December 2009


.

Configuring Fast Advertisement Interval on a VLAN or a VRF instance 265

Procedure steps

Step Action



3 Click Insert.

4 In the IP, VLAN, Insert VRRP dialog box, enableFasterAdvIntervalEnable.

5 In the FasterAdvInterval box, enter a value. You must set thisvalue using multiples of 200 milliseconds.

6 Click Insert. The new entry appears in the VRRP tab of the Portdialog box.

--End--

For more information, see the variable definitions table for “ConfiguringVRRP on a VLAN (or brouter port) or a VRF instance” (page 262).

Configuring Fast Advertisement Interval on a VLAN or a VRFinstance

Configure the Fast Advertisement Interval to send VRRP advertisementmessages. The interval can be between 200 and 1000 milliseconds, and itmust be the same on all participating routers. The default is 200. Enter thevalues in multiples of 200 milliseconds.

Procedure steps

Step Action


2 Select a VLAN.

3 Click IP.


5 Click Insert.

6 In the IP, VLAN, Insert VRRP dialog box, click theFasterAdvIntervalEnable enable option.

7 In the FasterAdvInterval, box, enter a value. You must set thevalue using multiples of 200 milliseconds.


NN46205-523 02.02 9 December 2009


.


8 Click Insert. The new entry appears in the VRRP tab of the IP,VLAN dialog box.

--End--

For more information, see the variable definitions table for “ConfiguringVRRP on a VLAN (or brouter port) or a VRF instance” (page 262).


NN46205-523 02.02 9 December 2009


.

267.

VRRP configuration using the CLIVirtual Router Redundancy Protocol (VRRP) eliminates the single point offailure that can occur when the single static default gateway router for anend station is lost. VRRP introduces the concept of a virtual IP addressshared between two or more routers connecting the common subnet tothe enterprise network.



When you use the Fast Advertisement Interval option to configure a masterand backup switch, you must enable the Fast Advertisement Intervaloption on both switches for VRRP to work correctly. If you configure oneswitch with the regular advertisement interval, and the other switch withthe Fast Advertisement Interval, it causes an unstable state and dropsadvertisements.

See the VRRP Technical Configuration Guide for VRRP configurationexamples. You can find this Technical Configuration Guide atwww.nortel.com/documentation. Choose Routers & Routing Switches andthen Ethernet Routing Switch 8600.

Prerequisites to VRRP configuration• Ensure that RSMLT is not configured on the VLAN.

Navigation• “Job aid” (page 268)

• “Configuring VRRP on a port” (page 270)

• “Showing VRRP port information” (page 273)


NN46205-523 02.02 9 December 2009


.

268 VRRP configuration using the CLI

• “Configuring VRRP on a VLAN” (page 275)

• “Showing VLAN information” (page 277)

• “Showing VRRP interface information” (page 280)


Table 31Roadmap of Ethernet IP commands

Command Parameter

config ethernet <ports> ip vrrp <vrid> info

action <action_choice>

address <ipaddr>

adver-int <seconds>

backup-master <enable|disable>

critical-ip <ipaddr>

critical-ip-enable <enable|disable>

delete

disable

enable

fast-adv-enable <enable|disable>

fast-adv-int <milliseconds>

holddown-timer <seconds>

priority <prio>

config vlan <vid> ip vrrp <vrid> info


address <ipaddr>

adver-int <seconds>




delete

disable

enable



NN46205-523 02.02 9 December 2009


.

Job aid 269

Table 31Roadmap of Ethernet IP commands (cont’d.)

Command Parameter



priority <prio>

show ip vrrp info [vrid <value>] [ip<value>]

show ip vrrp info [vrid <value>] [ip<value>]

show vlan info vrrp extended<vid>][port <value>]

Job aidThe following table lists the VRF Lite RIP commands and parameters thatyou use to perform the procedures in this section.

Table 32Roadmap of VRF Lite VRRP commands

Command Parameter

config ethernet <ports> vrf <vrfName>ip vrrp <vrid>

info


address <ipaddr>

adver-int <seconds>




delete

disable

enable




priority <prio>

config vlan <vid> vrf <vrfName> ipvrrp <vrid>

info


address <ipaddr>


NN46205-523 02.02 9 December 2009


.


Table 32Roadmap of VRF Lite VRRP commands (cont’d.)

Command Parameter

adver-int <seconds>




delete

disable

enable




priority <prio>

Configuring VRRP on a portUse the following procedure to configure VRRP on a port.

You configure a VRF in exactly the same manner as a router, except thatyou must replace config ethernet <ports> ip vrrp <vrid> withconfig ethernet <ports> vrf <vrfName> ip vrrp <vrid> in thefollowing procedure.

Procedures steps

Step Action

1 To configure VRRP on a port, enter:config ethernet <ports> ip vrrp <vrid>

2 To confirm your configuration, enter:config ethernet <ports> ip vrrp <vrid> info

--End--

Variable definitionsUse the data in the following table to use the config ethernet <ports>ip vrrp <vrid> and config ethernet <ports> vrf <vrfName> ipvrrp <vrid> commands.


NN46205-523 02.02 9 December 2009


.

Configuring VRRP on a port 271

Variable Value

action <action_choice> Indicates options to override thehold-down timer manually and forcepreemption.

• action_choice can be set topreemption to preempt the timeror set to none to allow the timer tokeep working.

address <ipaddr> Sets the IP address of the VRRPphysical interface that forwardspackets to the virtual IP addressesassociated with the virtual router.

• ipaddr is the IP address of themaster VRRP.

adver-int <seconds> Sets the the time interval betweensending VRRP advertisementmessages.

• seconds is between 1 and 255seconds. The value must be thesame on all participating routers.The default is 1.


Enables or disables the VRRP backupmaster.

This option is supported only on SplitMultiLink Trunking (SMLT) ports.

ATTENTIONDo not enable Backup Master ifCritical IP is enabled.

critical-ip <ipaddr> Sets the critical IP address for VRRP.

• ipaddr is the IP address on thelocal router, which is configured sothat a change in its state causes arole switch in the virtual router (forexample, from master to backup incase the interface goes down).


NN46205-523 02.02 9 December 2009


.


Variable Value

critical-ip-enable<enable|disable>

Enables or disables the critical IPaddress option.

ATTENTIONDo not enable Critical IP if BackupMaster is enabled.

delete Deletes VRRP from the port.

disable Disables VRRP on the port.

enable Enables VRRP on the port.


Enables or disables the FastAdvertisement Interval. The default isdisabled.

• enable means use the FastAdvertisement Interval.

• disable means use the regularadvertisement interval.

fast-adv-int <milliseconds> Sets the Fast Advertisement Interval,the time interval between sendingVRRP advertisement messages.

• milliseconds can be between200 and 1000 milliseconds,and must be the same on allparticipating routers. The defaultis 200. You must enter values inmultiples of 200 milliseconds.

holddown-timer <seconds> Modifies the behavior of the VRRPfailover mechanism by allowing therouter enough time to detect the OpenShortest Path First (OSPF) or RoutingInformation Protocol (RIP) routes.

• seconds is the time interval (inseconds) a router is delayed whenchanging to master state.

info Displays the current port VRRPconfiguration.

ports Specifies the ports for which you areentering the command in the port listformat {slot/port[-slot/port][, ...]}.


NN46205-523 02.02 9 December 2009


.

Showing VRRP port information 273

Variable Value

priority <prio> Sets the port VRRP priority.

• prio is the value (between 1 and254) used by the VRRP router.The default is 100. Assign thevalue 255 to the router that ownsthe IP address associated with thevirtual router.

vrid A unique integer value that representsthe virtual router ID in the range 1to 255. The virtual router acts asthe default router for one or moreassigned addresses.

Showing VRRP port informationUse this procedure to show VRRP port information.

Procedure steps

Step Action

1 Display basic VRRP configuration information for the specifiedport or for all ports by using the following command:show ip vrrp info [vrid <value>] [ip <value>]

--End--

Variable definitionsUse the data in the following table to use the show ip vrrp info [vrid][ip <value>] command.

Variable Value

ip The IP address of the master VRRP.

vrid <value> A unique integer value that representsthe virtual router ID in the range 1to 255. The virtual router acts asthe default router for one or moreassigned addresses.

Job aidThe following table shows the field descriptions for the show ip vrrpinfo command.


NN46205-523 02.02 9 December 2009


.


Table 33show ip vrrp info command


ADV Indicates the advertisement interval, in milliseconds,between sending advertisement messages.

BACKUPMASTER

Indicates the backup master IP address.

BACKUPMASTERSTATE

Indicates the backup master state.

CONTROL Indicates the virtual router function. Set the valueto enabled to transition the state of the routerfrom initialize to backup. Set the value to disabledto transition the router from master or backup toinitialize.

CRITICAL IP Indicates the IP address of the interface that causes ashutdown event.

CRITICAL IP(ENABLED)

Indicates if the critical IP address is enabled.

FAST ADV Indicates the Fast Advertisement Interval, inmilliseconds, between sending advertisementmessages. When the Fast Advertisement Intervalis enabled, the Fast Advertisement Interval is usedinstead of the regular advertisement interval.

FAST ADV(ENABLED)

Indicates the state of fast advertisement.

HLD DWN Indicates the amount of time (in seconds) to waitbefore preempting the current VRRP master.

IP Indicates the assigned IP addresses that a virtualrouter backs up.

MAC Indicates the virtual MAC address of the virtual routerin the format 00-00-5E-00-01-<VRID>, where thefirst three octets consist of the IANA OUI; the nexttwo octets indicate the address block of the VRRPprotocol; and the remaining octets consist of theVRID.

MASTER Indicates the master router real (primary) IP address.This is the IP address listed as the source in theVRRP advertisement last received by this virtualrouter.


NN46205-523 02.02 9 December 2009


.

Configuring VRRP on a VLAN 275

Table 33show ip vrrp info command (cont’d.)


PRIO Indicates the priority for the virtual router (for example,master election) with respect to other virtual routersthat are backing up one or more associated IPaddresses. Higher values indicate higher priority.

A priority of 0, which you cannot set, indicates thatthis router stopped participating in VRRP and abackup virtual router transitions to become the newmaster.

A priority of 255 is used for the router that owns theassociated IP addresses.

P/V Indicates whether this device responds to pingsdirected to a virtual router IP address.

STATE Indicates the current state of the virtual router.


• backup—monitoring the state and availability of themaster router

• master—forwarding IP addresses associated withthis virtual router.

UP TIME Indicates the time interval (in hundredths of a second)since this virtual router was initialized.

VRID Indicates the virtual router ID on a VRRP router.

Configuring VRRP on a VLANUse this procedure to configure VRRP on a VLAN.

You configure a VRF in exactly the same manner as a router, exceptthat you must replace config vlan <vid> ip vrrp <vrid> withconfig vlan <vid> vrf <vrfName> ip vrrp <vrid> in the followingprocedure.

Procedure steps

Step Action

1 Configure VRRP on a VLAN by using the following command:config vlan <vid> ip vrrp <vrid>


NN46205-523 02.02 9 December 2009


.


2 Confirm your configuration by using the following command:config vlan <vid> ip vrrp <vrid> info

--End--

Variable definitionsUse the data in the following table to use the config vlan <vid> ipvrrp <vrid> and config vlan <vid> vrf <vrfName> ip vrrp<vrid> commands.

Variable Value

action <action_choice> Sets the manual override of the delay timerfor the virtual router interface.

address <ipaddr> Sets the IP address of the virtual routerinterface.

adver-int <seconds> Sets the time interval (in seconds) betweensending advertisement messages.

• seconds is in the range of 1 to 255. Thedefault is 1.

backup-master<enable|disable>

Enables or disables the VRRP backup masterfor a VLAN.

This option is only supported on SMLT ports.

ATTENTIONDo not enable Backup Master if Critical IPis enabled.

critical-ip-enable<enable|disable>

Enables or disables the critical IP addressoption.

ATTENTIONDo not enable Critical IP if Backup Masteris enabled.

critical-ip <ipaddr> Sets the critical IP address for VRRP.

• ipaddr is the IP address on the localrouter configured so that a change in itsstate causes a role switch in the virtualrouter (for example, from master tobackup in case the interface goes down).

delete Deletes the VRRP from the VLAN.

disable Disables the VRRP on the VLAN.

enable Enables VRRP on the VLAN.


NN46205-523 02.02 9 December 2009


.

Showing VLAN information 277

Variable Value

fast-adv-enable<enable|disable>

Enables or disables the Fast AdvertisementInterval. The default is disabled.

• enable enables the Fast AdvertisementInterval.

• disable enables the RegularAdvertisement Interval.

fast-adv-int<milliseconds>

Sets the time interval between sending FastAdvertisement messages.

• milliseconds is the interval between200 and 1000 milliseconds. This intervalmust be the same on all participatingrouters. The default is 200. Youmust enter values in multiples of 200milliseconds.

holddown-timer <seconds> Sets the time interval (in seconds) that arouter is delayed when changing to masterstate.

info Displays the current VLAN VRRP settings.

priority <prio> Sets the port VRRP priority value used by thisVRRP router.

• prio is between 1 and 254. The defaultis 100. Assign the value 255 to the routerthat owns the IP address associated withthe virtual router.

vid The VLAN ID in the range of 1 to 4094.

vrid The virtual router ID in the range of 1 to 255,a number that uniquely identifies a virtualrouter on a VRRP router. The virtual routeracts as the default router for one or moreassigned addresses.

Showing VLAN informationShow VLAN information to display the extended VRRP configuration for allVLANs or a specified VLAN on the switch.

Procedure steps

Step Action

1 Show the extended VRRP configuration for all VLANs on theswitch or for a specified VLAN by using the following command:


NN46205-523 02.02 9 December 2009


.


show vlan info vrrp <extended|main> [<vid>] [vrf<value>] [vrfids <value>]

--End--

Variable definitionsUse the data in the following table to use the show vlan infovrrp <main|extended> [<vid>] [vrf <value>] [vrfids<value>]command.

Variable Value

<main|extended> Indicates values for extended or main VRRPconfigurations.

vid The VLAN ID in the range of 1 to 4094.

[<vid>] [vrf <value>] Indicates the VRF name.

[vrfids <value>] Indicates a range of VRF IDs.

Job aidThe following table shows the field descriptions for the show vlan infovrrp command.

Table 34show vlan info vrrp extended command


VID Indicates the VLAN ID.



• backup—monitoring the state or availability of themaster router

• master—forwarding IP addresses associated withthis virtual router

CONTROL Indicates the virtual router function. Set the valueto enabled to transition the state of the router frominitialize to backup. Set the value to disabled totransition the router from master or backup to initialize.


NN46205-523 02.02 9 December 2009


.

Showing VLAN information 279

Table 34show vlan info vrrp extended command (cont’d.)


PRIORITY Indicates the priority for the virtual router (for example,master election) with respect to other virtual routersthat are backing up one or more associated IPaddresses. Higher values indicates higher priority.

A priority of 0, which you cannot set, indicates that thisrouter ceased to participate in VRRP and a backupvirtual router transitions to become a new master.

Use a priority of 255 for the router that owns theassociated IP addresses.

MASTERIPDDR

Indicates the master router real (primary) IP address.This is the IP address listed as the source in the VRRPadvertisement last received by this virtual router.

ADVERTISEINTERVAL

Indicates the time interval, in seconds, betweensending advertisement messages. Only the masterrouter sends VRRP advertisements.

CRITICALIPADDR

Indicates the IP address of the interface that causes ashutdown event.

HOLDDOWN_TIME Indicates the amount of time (in seconds) to waitbefore preempting the current VRRP master.

ACTION Indicates the trigger for an action on thisVRRP interface. Options include none andpreemptHoldDownTimer.

CRITICALIP ENABLE

Indicates that a user-defined critical IP address isenabled. No indicates the use of the default IP address(0.0.0.0).

BACKUPMASTER

Indicates the state of designating a backup masterrouter.

BACKUPMASTERSTATE

Indicates the state of the backup master router.

FAST ADVINTERVAL

Indicates the time interval, in milliseconds, betweensending Fast Advertisement messages. When theFast Advertisement Interval is enabled, the FastAdvertisement Interval is used instead of the regularadvertisement interval.

FAST ADV ENABLE Indicates the Fast Advertisement Interval status.


NN46205-523 02.02 9 December 2009


.


Showing VRRP interface informationIf you enter a virtual router ID or an IP address when showing VRRPinterface information, the information displays only for that virtual router IDor for that interface.

See Table 33 "show ip vrrp info command" (page 274) for explanations ofparameters for this command.

Procedure steps

Step Action

1 To display VRRP information about the interface, enter:show ip vrrp info [vrid <value>] [ip <value>] [vrf<value>] [vrfids <value>]

--End--

Variable definitionsUse the data in the following table to use the show ip vrrp info[vrid <value>] [ip <value>] [vrf <value>] [vrfids <value>]command.

Variable Value

ip <value> The IP address of the master VRRP.

vrid <value> A unique integer value that representsthe virtual router ID in the range 1to 255. The virtual router acts asthe default router for one or moreassigned addresses.

[vrf <value>] Indicates the VRF name.

[vrfids <value>] Indicates a range of VRF IDs.

Job aidThe following table describes parameters for the show ip vrrp info[vrid <value>] [ip <value>] [vrf <value>] [vrfids <value>]command.

Variable Value

VRID Indicates the virtual router ID.

P/V Indicates whether this device responds to pingsdirected to a virtual router IP address.


NN46205-523 02.02 9 December 2009


.

Showing VRRP interface information 281

Variable Value

MAC Indicates the virtual MAC address of the virtualrouter in the format 00-00-5E-00-01-<VRID>,where the first three octets consist of the IANAOUI; the next two octets indicate the addressblock of the VRRP protocol; and the remainingoctets consist of the VRID.

State

Control

PRIO Indicates the priority for the virtual router (forexample, master election) with respect toother virtual routers that are backing up one ormore associated IP addresses. Higher valuesindicates higher priority.

A priority of 0, which you cannot set, indicatesthat this router ceased to participate in VRRPand a backup virtual router transitions tobecome a new master.


ADV Indicates the advertisement interval, inmilliseconds, between sending advertisementmessages.

MASTER Indicates the master router real (primary) IPaddress. This is the IP address listed as thesource in the VRRP advertisement last receivedby this virtual router.

UP TIME Indicates the time interval (in hundredths of asecond) since this virtual router was initialized.

HLD DWN Indicates the amount of time (in seconds) towait before preempting the current VRRPmaster.

CRITICAL IP Indicates the IP address of the interface thatcauses a shutdown event.

ENABLED Indicates if the critical IP address is enabled.

BACKUP MASTER Indicates the backup master IP address.

BACKUP MASTER STATE Indicates the backup master state.


NN46205-523 02.02 9 December 2009


.


Variable Value

FAST ADV Indicates the Fast Advertisement Interval, inmilliseconds, between sending advertisementmessages. When the Fast AdvertisementInterval is enabled, the Fast AdvertisementInterval is used instead of the regularadvertisement interval.

ENABLED Indicates the state of fast advertisement.


NN46205-523 02.02 9 December 2009


.

283.

VRRP configuration using the NNCLIVirtual Router Redundancy Protocol (VRRP) eliminates the single point offailure that can occur when the single static default gateway router for anend station is lost. VRRP introduces the concept of a virtual IP addressshared between two or more routers connecting the common subnet tothe enterprise network.



When you use the Fast Advertisement Interval option to configure a masterand backup switch, you must enable the Fast Advertisement Intervaloption on both switches for VRRP to work correctly. If you configure oneswitch with the regular advertisement interval, and the other switch withthe Fast Advertisement Interval, it causes an unstable state and dropsadvertisements.

See the VRRP Technical Configuration Guide for VRRP configurationexamples.You can find this Technical Configuration Guide atwww.nortel.com/documentation. Choose Routers & Routing Switches andthen Ethernet Routing Switch 8600.

VRRP configuration prerequisites• Ensure that RSMLT is not configured on the VLAN.

Navigation• “Job aid” (page 284)

• “Configuring VRRP on a port or a VLAN” (page 284)

• “Showing VRRP port or VLAN information” (page 288)


NN46205-523 02.02 9 December 2009


.

284 VRRP configuration using the NNCLI

• “Showing extended VLAN VRRP” (page 290)

• “Showing VRRP interface information” (page 292)


Table 35Roadmap of Ethernet IP commands

Command Parameter

FastEthernet/Gigabit Ethernet Interface Configuration Mode

ip vrrp <1-255> action {none|preempt }

adver-int <1-255>

backup-master enable

critical-ip-addr <A.B.C.D>

critical-ip enable

enable

fast-adv enable

fast-adv-int <200-1000>

holddown-timer <0-21600>

priority <1-255>

ip vrrp address addr <A.B.C.D>

priority <1-255>

show ip vrrp address

addr <A.B.C.D>

vrid <1-255>

vrf <WORD/0-32>

vrfids <0-255>

show ip vrrp interface vlan [portList]

verbose

vrf <WORD/1-16>

vrfids <0-255>

Configuring VRRP on a port or a VLANUse the following procedure to configure VRRP on a port or a VLAN.


NN46205-523 02.02 9 December 2009


.

Configuring VRRP on a port or a VLAN 285

Prerequisites

• Access FastEthernet/Gigabit Ethernet Interface configuration mode.

Procedure steps

Step Action

1 Configure VRRP on a port by using the following command:ip vrrp <1-255> enable

2 Delete VRRP from the port by using the following command:no ip vrrp <1-255>

3 Show the global VRRP settings by using the following command:show ip vrrp

--End--

Variable definitionsUse the data in the following table to use the ip vrrp <1-255>command.

Variable Value

action {none|preempt} Use the action choice option to manually overridethe hold-down timer and force preemption.

• none|preempt can be set to preempt thetimer or set to none to allow the timer to keepworking.


address <1-255><A.B.C.D>

Sets the IP address of the VRRP physicalinterface that forwards packets to the virtual IPaddresses associated with the virtual router.

• A.B.C.D is the IP address of the masterVRRP.

Use the no operator to remove the IP address ofthe VRRP physical interface:no ip vrrp address <1-255> <A.B.C.D>



NN46205-523 02.02 9 December 2009


.


Variable Value

adver-int <1-255> Sets the the time interval between sending VRRPadvertisement messages. The range is between1 and 255 seconds. This value must be the sameon all participating routers. The default is 1.


backup-master enable Enables the VRRP backup master.

This option is supported only on Split MultiLinkTrunking (SMLT) ports.

Use the no operator to disable the VRRP backupmaster:no ip vrrp <1-255> backup-master enable


ATTENTIONDo not enable Backup Master if Critical IP isenabled.

critical-ip-addr<A.B.C.D>

Sets the critical IP address for VRRP.

• A.B.C.D is the IP address on the local router,which is configured so that a change in itsstate causes a role switch in the virtual router(for example, from master to backup in casethe interface goes down).

critical-ip enable Enables the critical IP address option.Use the no operator to disable the critical IPaddress option:no ip vrrp <1-255> critical-ip enable


ATTENTIONDo not enable Critical IP if Backup Master isenabled.


NN46205-523 02.02 9 December 2009


.

Configuring VRRP on a port or a VLAN 287

Variable Value

enable Enables VRRP on the port.Use the no operator to disable VRRP on the port:no ip vrrp <1-255> enable


fast-adv enable Enables the Fast Advertisement Interval. Thedefault is disabled.

Use the no operator to disable VRRP on the port:no ip vrrp <1-255> fast-adv enable


fast-adv-int<200-1000>

Sets the Fast Advertisement Interval, the timeinterval between sending VRRP advertisementmessages.

• 200-1000 is the range in milliseconds, andmust be the same on all participating routers.The default is 200. You must enter values inmultiples of 200 milliseconds.


holddown-timer<0-21600>

Modifies the behavior of the VRRP failovermechanism by allowing the router enough time todetect the Open Shortest Path First (OSPF) orRouting Information Protocol (RIP) routes.

• 0-21600 is the time interval (in seconds) arouter is delayed when changing to masterstate.


priority <1-255> Sets the port VRRP priority.

• 1-255 is the value used by the VRRProuter. The default is 100. Assign the value255 to the router that owns the IP addressassociated with the virtual router.



NN46205-523 02.02 9 December 2009


.


Showing VRRP port or VLAN informationUse this procedure to show VRRP port or VLAN information.

Prerequisites

• Access privExec Configuration Mode.

Procedure steps

Step Action

1 Display basic VRRP configuration information about the specifiedport, all ports, or the VLAN by using the following command:show ip vrrp address [vrid <1-255>] [addr<A.B.C.D>] [vrf <WORD/0-32>] [vrfids <0-255>]

--End--

Variable definitionsUse the data in the following table to use the show ip vrrp address[vrid <1-255>] [addr <A.B.C.D>] [vrf <WORD/0-32>] [vrfids<0-255>] command.

Variable Value

addr <A.B.C.D> The IP address of the master VRRP.


vrid <1-255> A unique integer value that representsthe virtual router ID in the range 1to 255. The virtual router acts asthe default router for one or moreassigned addresses.

vrfids <0-255> The ID of the VRF and is an integer inthe range of 0 to 255.

Job aidThe following table shows the field descriptions for the show ip vrrpaddress [vrid <1-255>] [addr <A.B.C.D>] [vrf <WORD/0-32>][vrfids <0-255>] command.


ADV Indicates the Advertisement Interval, in milliseconds,between sending advertisement messages.

BACKUPMASTER

Indicates the backup master IP address.


NN46205-523 02.02 9 December 2009


.

Showing VRRP port or VLAN information 289


BACKUPMASTERSTATE

Indicates the backup master state.

CONTROL Indicates the virtual router function. Set the valueto enabled to transition the state of the routerfrom initialize to backup. Set the value to disabledto transition the router from master or backup toinitialize.

CRITICAL IP Indicates the IP address of the interface that causes ashutdown event.

CRITICAL IP(ENABLED)

Indicates if the critical IP address is enabled.

FAST ADV Indicates the Fast Advertisement Interval, inmilliseconds, between sending advertisementmessages. When the Fast Advertisement Intervalis enabled, the Fast Advertisement Interval is usedinstead of the regular advertisement interval.

FAST ADV(ENABLED)

Indicates the state of fast advertisement.

HLD DWN Indicates the amount of time (in seconds) to waitbefore preempting the current VRRP master.

IP Indicates the assigned IP addresses that a virtualrouter backs up.

MAC Indicates the virtual MAC address of the virtual routerin the format 00-00-5E-00-01-<VRID>, where thefirst three octets consist of the IANA OUI; the nexttwo octets indicate the address block of the VRRPprotocol; and the remaining octets consist of theVRID.

MASTER Indicates the master router real (primary) IP address.This is the IP address listed as the source in theVRRP advertisement last received by this virtualrouter.

PRIO Indicates the priority for the virtual router (for example,master election) with respect to other virtual routersthat are backing up one or more associated IPaddresses. Higher values indicate higher priority.

A priority of 0, which you cannot set, indicates thatthis router has stopped participating in VRRP and abackup virtual router transitions to become the newmaster.


NN46205-523 02.02 9 December 2009


.



A priority of 255 is used for the router that owns theassociated IP addresses.

P/V Indicates whether this device responds to pingsdirected to a virtual router’s IP address.

STAT Indicates the current state of the virtual router.



• master—forwarding IP addresses associated withthis virtual router.

UP TIME Indicates the time interval (in hundredths of a second)since this virtual router was initialized.

VRID Indicates the virtual router ID on a VRRP router.

Showing extended VLAN VRRPUse the show VLAN vrrp extended command to display the extendedVRRP configuration for all VLANs or a specified VLAN on the switch.

Prerequisites


Procedure steps

Step Action

1 Show the extended VRRP configuration for all VLANs onthe switch or for the specified VLAN by using the followingcommand:show ip vrrp interface vlan [<1-4094>] [portList]verbose [vrf <WORD/1-16>] [vrfids <0-255>]

--End--

Variable definitionsUse the data in the following table to use the show ip vrrp interfacevlan [<1-4094>] [portList] verbose [vrf <WORD/1-16>][vrfids <0-255>]command.


NN46205-523 02.02 9 December 2009


.

Showing extended VLAN VRRP 291

Variable Value

<1-4094> The VLAN ID in the range of 1 to4094.

portList The slot/port number of a range ofports.


vrfids <0-255> The ID of the VRF and is an integer inthe range of 0 to 255.

Job aidThe following table shows the field descriptions for the show ipvrrp interface vlan [<1-4094>] [portList] verbose [vrf<WORD/1-16>] [vrfids <0-255>]command.






• master—forwarding IP addresses associated withthis virtual router

CONTROL Indicates the virtual router function. Set the valueto enabled to transition the state of the router frominitialize to backup. Set the value to disabled totransition the router from master or backup to initialize.

PRIORITY Indicates the priority for the virtual router (for example,master election) with respect to other virtual routersthat are backing up one or more associated IPaddresses. Higher values indicate higher priority.

A priority of 0, which you cannot set, indicates that thisrouter ceased to participate in VRRP and a backupvirtual router transitions to become a new master.


MASTERIPDDR

Indicates the master router real (primary) IP address.This is the IP address listed as the source in the VRRPadvertisement last received by this virtual router.


NN46205-523 02.02 9 December 2009


.



ADVERTISEINTERVAL

Indicates the time interval, in seconds, betweensending advertisement messages. Only the masterrouter sends VRRP advertisements.

CRITICALIPADDR

Indicates the IP address of the interface that causes ashutdown event.

HOLDDOWN_TIME Indicates the amount of time (in seconds) to waitbefore preempting the current VRRP master.

ACTION Indicates the trigger for an action on thisVRRP interface. Options include none andpreemptHoldDownTimer.

CRITICALIP ENABLE

Indicates that a user-defined critical IP address isenabled. No indicates the use of the default IP address(0.0.0.0).

BACKUPMASTER

Indicates the state of designating a backup masterrouter.

BACKUPMASTERSTATE

Indicates the state of the backup master router.

FAST ADVINTERVAL

Indicates the time interval, in milliseconds, betweensending Fast Advertisement messages. When theFast Advertisement Interval is enabled, the FastAdvertisement Interval is used instead of the regularadvertisement interval.

FAST ADV ENABLE Indicates the Fast Advertisement Interval status.

Showing VRRP interface informationIf you enter a virtual router ID or an IP address when showing VRRPinterface information, the information displays only for that virtual router IDor for that interface.

Prerequisites


Procedure steps

Step Action

1 Display VRRP information about the interface by using thefollowing command:


NN46205-523 02.02 9 December 2009


.

Showing VRRP interface information 293

show ip vrrp address [vrid <1-255>] [addr<A.B.C.D>] [vrf <WORD/0-32>] [vrfids <0-255>]

--End--

Variable definitionsUse the data in the following table to use the show ip vrrp address[vrid <1-255>] [addr <A.B.C.D>] [vrf <WORD/0-32>] [vrfids<0-255>] command.

Variable Value

addr <A.B.C.D> The IP address of the master VRRP.


vrid <1-255> A unique integer value that represents thevirtual router ID in the range 1 to 255. Thevirtual router acts as the default router forone or more assigned addresses.

vrfids <0-255> The ID of the VRF and is an integer in therange of 0 to 255.


NN46205-523 02.02 9 December 2009


.



NN46205-523 02.02 9 December 2009


.

295.

VRF Lite configuration using DeviceManager

Use VRF Lite to provide many virtual routers using one Ethernet RoutingSwitch 8600.

VRF Lite requires R series modules, a Premier Routing license, SoftwareRelease 5.0 or later, and the SuperMezz CPU daughter card.

VRF Lite configuration proceduresThis task flow shows you the sequence of procedures you perform toconfigure VRF Lite. To link to any task, go to “Navigation” (page 296).

Figure 16VRF Lite configuration tasks


NN46205-523 02.02 9 December 2009


.

296 VRF Lite configuration using Device Manager

Navigation• “Configuring a VRF instance” (page 296)

• “Configuring interVRF route redistribution policies” (page 297)

• “Viewing brouter port and VRF associations” (page 299)

• “Viewing global VRF status information” (page 299)

• “Viewing VRF instance statistics and status information” (page 300)

• “Viewing VRF statistics for a VRF” (page 301)

Configuring a VRF instanceConfigure a VRF instance to provide a virtual routing interface for a user.

Procedure steps

Step Action


2 Click Insert.

3 Specify the VRF ID.

4 Name the VRF instance.

5 To enable the VRF to send VRF Lite-related traps, selectTrapEnable.

6 Configure MaxRoutes, RpTrigger, and MaxRoutesTrapEnableas required.

7 Click Insert.

--End--

For more information about the VRF parameters, see “VRF dialog boxparameters” (page 296).

VRF dialog box parametersVariable definitions

Use the data in the following table to help you configure a VRF instance.

Variable Value

Id Specifies the ID number of the VRF instance. VRFID 0 is reserved for the GlobalRouter.

Name Names the VRF instance.


NN46205-523 02.02 9 December 2009


.

Configuring interVRF route redistribution policies 297

Variable Value

ContextName Identifies the VRF. The SNMPv2 Community Stringor SNMPv3 contextName denotes the VRF contextand is used to logically separate the MIB modulemanagement.

TrapEnable Enables the VRF to send VRF Lite-related traps(VrfUp and VrfDown).

MaxRoutes Configures the maximum number of routes allowedfor the VRF. The default value is 10000, except forthe GlobalRouter, which is 250000.

RpTrigger Specifies the Routing Protocol (RP) triggers for theVRF. The triggers are used to initiate or shutdownrouting protocols on a VRF. The protocols includeRIP, OSPF and BGP.

Multiple RPs can be acted upon simultaneously.Also, you can use this option to bring individualRPs up in steps.

MaxRoutesTrapEnable Enables the generation of the VRF Max RoutesExceeded traps.

Configuring interVRF route redistribution policiesUse route redistribution so that a VRF interface can announce routes thatare learned by other protocols, for example, OSPF or BGP. The EthernetRouting Switch 8600 supports interVRF route redistribution.

ATTENTIONinterVRF route redistribution is not supported on VRFs with IPVPN enabled.

Prerequisites

• VRF instances exist.

• Route policies are configured, if required.

Procedure steps

Step Action

1 Choose the VRF instance to configure.

2 In Device Manager, choose IP, Policy - GlobalRouter (vrf x).

3 Click the Route Redistribution tab.

4 Click Insert.

5 Choose the source and destination VRF IDs.


NN46205-523 02.02 9 December 2009


.


6 Choose the protocol and route source.

7 Select enable.

8 Choose the route policy to apply to the redistributed routes.

9 Configure the other parameters as required.

10 Click Insert.

11 To apply the redistribution configuration, click the ApplyingPolicy tab.

12 Select RedistributeApply, and then click Apply.

--End--

For more information, see “Route Redistribution tab” (page 298).

Route Redistribution tabVariable definitions

Use the data in the following table to help you configure routeredistribution.

Variable Value

DstVrfId Specifies the destination VRF ID used in theredistribution.

Protocol Specifies the protocols for which you want to receiveexternal routing information.

SrcVrfId Specifies the source VRF ID used in the redistribution.

RouteSource Indicates that the protocol is notified or not notifiedabout the routed learned from this source. The routesource is equivalent to the owner in the routing table.

Enable Enables or disables route redistribution.

RoutePolicy Specifies the route policies to apply to theredistributed routes from the source VRF. Use theroute policy to determine whether a specific routeshould be advertised to the specified protocol.

Metric Specifies the metric announced in advertisements.

MetricType Specifies the metric type (applicable to OSPF andBGP only). Specifies a type 1 or a type 2 metric. Formetric type 1, the cost of the external routes is equalto the sum of all internal costs and the external cost.For metric type 2, the cost of the external routes isequal to the external cost alone.

Subnets Indicates that subnets must be advertised individually(applicable to OSPF only).


NN46205-523 02.02 9 December 2009


.

Viewing global VRF status information 299

Viewing brouter port and VRF associationsYou can view each port and associated VRFs. You can also change theVRFs associated with the port if the port has no IP address.

Procedure steps

Step Action


2 Click the VRF-Ports tab.

3 To change the VRF, double-click the BrouterVrfId field for theport.

You can associate a port with more than one VRF.

4 Choose the VRF and click Ok.

5 Click Apply.

--End--

For more information, see “VRF, VRF-Ports” (page 299).

VRF, VRF-PortsVariable definitions

Use the data in the following table to help you configure a VRF portinstance.

Variable Value

Index Specifies the slot and port.

Type Specifies the port type.

VrfIds Identifies the set of VRF IDs to which this portbelongs.

VrfNames Identifies the set of VRF names to which this portbelongs.

VrfCount Shows the number of VRF instances associatedwith this port.

BrouterVrfId Shows the VRF ID for this brouter port.

BrouterVrfName Shows the VRF name for this brouter port.

Viewing global VRF status informationView global VRF status information to determine the number of VRFs thatare configured and active on the switch.


NN46205-523 02.02 9 December 2009


.


Procedure stepsProcedure steps

Step Action


2 Click the Global Status tab.

--End--

For more information, see “VRF, Global Status” (page 300).

VRF, Global StatusVariable definitions

Use the data in the following table to help you learn information about VRFLite on the router.

Variable Value

ConfigNextAvailableVrfId Specifies the number of the next available VirtualRouter ID (index).

ConfiguredVRFs Specifies the number of VRFs configured on thisnetwork element.

ActiveVRFs Specifies the number of VRFs that are active onthe network element. These are VRFs for which theOperStatus is up.

Viewing VRF instance statistics and status informationView VRF instance status information to determine the operational statusof each VRF, as well as other operational parameters.


Step Action


2 Click the VRF Stats tab.

--End--

For more information, see “VRF, VRF Stats tab” (page 300).

VRF, VRF Stats tabVariable definitions


NN46205-523 02.02 9 December 2009


.

Viewing VRF statistics for a VRF 301

Use the data in the following table to help you understand the VRFstatistics.

Variable Value

VrfId Specifies the ID number of the VRF instance.

StatRouteEntries Specifies the total number of routes for this VRF.

StatFIBEntries Specifies the total number of ForwardingInformation Base (FIB) entries for this VRF.

StatUpTime Specifies the time in (in hundredths of a second)since this VRF entry has been operational.

OperStatus Shows the operational status of the Virtual Router.

RpStatus Shows the status of the routing protocols used onthis VRF that correspond to the list specified inVrfRpTrigger.

RouterAddressType Specifies the router address type of this VRF.

Router Address Specifies the router address of this VRF, derivedfrom one of the interfaces. If a loopback interfaceis present, the loopback interface address can beused.

Viewing VRF statistics for a VRFView VRF statistics to ensure the instance is performing as expected.


Step Action


2 Select a VRF.

3 Click the Stats button.

--End--

For more information, see “VRF Stats tab” (page 301).

VRF Stats tabVariable definitions

Use the data in the following table to help you understand the VRFstatistics.


NN46205-523 02.02 9 December 2009


.


Variable Value

RouteEntries Specifies the total number of routes for this VRF.

FIBEntries Specifies the total number of ForwardingInformation Base (FIB) entries for this VRF.

StatUpTime Specifies the amount of time that the VRF hasbeen operational.

OperStatus Specifies the VRF operational status.

RPStatus Specifies the routing protocols.

RouterAddressType Specifies the router address type.

RouterAddress Specifies the router address.


NN46205-523 02.02 9 December 2009


.

303.

VRF Lite configuration using the CLIUse VRF Lite to provide many virtual routers using one Ethernet RoutingSwitch 8600.

VRF Lite requires R series modules, the 8692 SF/CPU, the Premierrouting license, Software Release 5.0 or later, and the SuperMezz CPUdaughter card.

You configure VRF-based parameters the same way you configure aphysical router, except that, in the CLI or NNCLI, the existing commandstructure has been modified with vrf <vrfName> for applicablecommands.

This section shows you how to configure a Virtual Router Forwarding(VRF) instance and how to associate ports and VLANs with VRFinstances. For instructions to configure other parameters, for example,OSPF, RIP, and ECMP for a VRF, see the instructions to configure arouter for OSPF, RIP, and ECMP.

VRF Lite configuration tasksThis task flow shows you the sequence of procedures to configure VRFLite. To link to any task, go to “VRF Lite configuration navigation” (page304).



NN46205-523 02.02 9 December 2009


.

304 VRF Lite configuration using the CLI

VRF Lite configuration navigation

• “Job aid: Roadmap of VRF Lite CLI commands” (page 304)

• “Configuring a VRF instance” (page 305)

• “Associating a VLAN with a VRF instance” (page 309)

• “Associating a brouter port with a VRF instance” (page 310)

Navigation• “Job aid: Roadmap of VRF Lite CLI commands” (page 304)

• “Configuring a VRF instance” (page 305)

• “Associating a VLAN with a VRF instance” (page 309)

• “Associating a brouter port with a VRF instance” (page 310)

Job aid: Roadmap of VRF Lite CLI commandsThe following table lists the commands and their parameters that you useto perform the procedures in this section.

Table 36Job aid: Roadmap of VRF Lite CLI commands

Command Parameter

config ip vrf <dst-vrf> <ospf|bgp|rip>redistribute <ospf|bgp|static|direct|rip>

config ip vrf <vrfName> alternative-route <enable|disable>

create [id <value>]

default-ttl <seconds>

delete






ecmp-max-path <integer>

ecmp-pathlist-apply

icmp-redirect-msg <enable|disable>

icmp-unreach-msg <enable|disable>


NN46205-523 02.02 9 December 2009


.

Configuring a VRF instance 305

Table 36Job aid: Roadmap of VRF Lite CLI commands (cont’d.)

Command Parameter

info

ip-supernet <enable|disable>

max-routes <max-routes>

max-routes-trap <enable|disable>


name <name>

vrf-trap <enable|disable>

config ethernet <slot/port> vrf<vrfName>

config vlan <vid> vrf <vrfName>

show ip vrf info [vrf <value>] [vrfids<value>]

Configuring a VRF instanceCreate and configure a VRF instance to provide a virtual routing interfacefor a user.

Procedure steps

Step Action

1 To create a VRF instance, enter the following command:

config ip vrf <vrfName> create [id <value>]

2 Set the Routing Protocol (RP) triggers for the VRF using thefollowing commands:

config ip vrf <vrfName> bgp create

config ip vrf <vrfName> ospf create

config ip vrf <vrfName> rip create

You cannot configure BGP, OSPF, or RIP on a VRF instanceunless the RP trigger is configured.

3 To configure the default TTL for all routing protocols to use, enterthe following command:

config ip vrf <vrfName> default-ttl <seconds>


4 To enable ECMP, enter the following command:


NN46205-523 02.02 9 December 2009


.


config ip vrf <vrfName> ecmp enable

5 To enable the Alternative Route feature globally, enter thefollowing command:

config ip vrf <vrfName> alternative-route enable

6 Configure the remaining config ip vrf <vrfName>parameters as required. See the following variable definitionstable for other parameters.

7 Ensure that the instance is configured correctly by entering thefollowing commands:

config ip vrf <vrfName> info

8 To show a list of all configured VRFs, enter the followingcommand:

show ip vrf info [vrf <vrfName>] [vrfids <value>]

--End--

Variable definitionsUse the information in the following table to help you use the config ipvrf <vrfName> command.

Variable Value

alternative-route<enable|disable>

Enables or disables the Alternative Route feature.If the alternative-route parameter is disabled, allexisting alternative routes are removed. When theparameter is enabled, all alternative routes arere-added.

create [id <value>] Creates a VLAN VRF instance. If no VRF ID isspecified, the system autogenerates one using thelowest available ID.

default-ttl<seconds>

Configures the default time-to-live (TTL) value for arouted packet. TTL indicates the maximum numberof seconds elapsed before a packet is discarded.Enter an integer from 1 to 255. The default value of255 is used whenever a value is not supplied in thedatagram header.

delete Deletes a VLAN VRF instance. Before deleting aVRF instance, first remove all associated VLANsand interfaces. Deleting a VRF instance deletes allprotocol instances and configuration for the VRF.


NN46205-523 02.02 9 December 2009


.

Configuring a VRF instance 307

Variable Value


Globally enables or disables the Equal CostMultipath (ECMP) feature. The default is disabled.

When ECMP is disabled, the EcmpMaxPath isreset to the default value of 1.


Configures one equal-cost path to the samedestination prefix. When ECMP is disabled, thedefault value is 1. When ECMP is enabled, thedefault is 4. The range for this value is 1 to 4 paths(1 to 8 paths for R mode). To remove the policy,enter a blank string.

<prefix-list-name> is the name of the policywith a range of 0 to 64 characters.



Configures up to two equal-cost paths to the samedestination prefix. When ECMP is disabled, thedefault value is 1. When ECMP is enabled, thedefault is 4. The range for this value is 1 to 4 paths.To remove the policy, enter a blank string.




Configures up to three equal-cost paths to thesame destination prefix. When ECMP is disabled,the default value is 1. When ECMP is enabled, thedefault is 4. The range for this value is 1 to 4 paths.To remove the policy, enter a blank string.




NN46205-523 02.02 9 December 2009


.


Variable Value


Configures up to four equal-cost paths to the samedestination prefix. When ECMP is disabled, thedefault value is 1. When ECMP is enabled, thedefault is 4. The range for this value is 1 to 4 paths.To remove the policy, enter a blank string.



ecmp-max-path<integer>

Globally configures the maximum number of ECMPpaths.


• When the switch is not in R mode, the intervalis 1 to 4.



ecmp-pathlist-apply Apply changes to all ECMP pathlist configurations.

icmp-redirect-msg<enable|disable>

Enables the virtual router to, or disables the virtualrouter from, sending ICMP destination redirectmessages.

icmp-unreach-msg<enable|disable>

Enables the virtual router to generate InternetControl Message Protocol (ICMP) networkunreachable messages if the destination networkis not reachable from this virtual router. Thesemessages help determine if the routing switchis reachable over the network. The default isdisabled.


info Shows information about the VRF.


NN46205-523 02.02 9 December 2009


.

Associating a VLAN with a VRF instance 309

Variable Value

ip-supernet<enable|disable>

Enables or disables supernetting.

If supernetting is globally enabled, the switch canlearn routes with a route mask less then 8 bits.Routes with a mask length less than 8 bits cannothave ECMP paths, even if the ECMP feature isglobally enabled.

max-routes<max-routes>

Configures the maximum number of routes allowedfor the VRF. The default value is 10000, except forthe Global Router, which is 25000.

max-routes-trap<enable|disable>

Enables the generation of the VRF Max RoutesExceeded traps.


Enables or disables a more-specific nonlocalroute. If enabled, the virtual router can enter amore-specific nonlocal route into the routing table.

name <name> Names the VRF instance.

vrf-trap <enable|disable>

Enables the VRF instance to send VRF Lite-relatedtraps (VrfUp and VrfDown).

Associating a VLAN with a VRF instanceYou can assign a VRF instance to a VLAN after you create it. You cannotassociate a VLAN and a VRF instance if the VLAN has an IP addressconfigured.

Prerequisites

• A VLAN of type byport exists.

• The VRF is already configured.

Procedure steps

Step Action

1 To associate a VRF with an existing VLAN, enter the followingcommand:

config vlan <vid> vrf <vrfName>

2 To ensure that the correct VRFs are associated, use thefollowing command:

show vlan <vid> info all

--End--


NN46205-523 02.02 9 December 2009


.


Variable definitionsUse the information in the following table to help you use the VLAN VRFcommands.

Variable Value

vlan <vid> Specifies the VLAN ID.

vrf <vrfName> Specifies the VRF instance by name.

Associating a brouter port with a VRF instanceYou can assign a VRF instance to a brouter port after you create it. Youcannot associate a brouter port and a VRF instance if the port has an IPaddress configured. Configure the IP address after you associate thebrouter port and VRF instance.

Prerequisites


Procedure steps

Step Action

1 To associate a VRF with a brouter port, enter the followingcommand:

config ethernet <slot/port> vrf <vrfName>

2 To ensure that the correct VRFs are associated, enter thefollowing command:

show ports info ip [port <value>] [vrf <vrfName>] [vrfids<value>]

--End--

Variable definitionsUse the information in the following table to help you use the port VRFcommands.

Variable Value

port <value> <value> specifies a slot and port or range of ports.

vrf <vrfName> <name> specifies the name of the VRF.

vrfids <value> Specifies a VRF by ID.


NN46205-523 02.02 9 December 2009


.

311.

VRF Lite configuration using theNNCLI

Use Virtual Router Forwarding (VRF) Lite to provide many virtual routersusing one Ethernet Routing Switch 8600.

VRF Lite requires R series modules, the 8692 SF/CPU, the Premierrouting license, Software Release 5.0 or later, and the SuperMezz CPUdaughter card.

This section shows you how to configure a VRF instance and how toassociate ports and VLANs with VRF instances. For instructions toconfigure other parameters, for example, OSPF, RIP, and ECMP for aVRF, see the instructions to configure a router for OSPF, RIP, and ECMP.

VRF Lite configuration tasksThis task flow shows you the sequence of procedures to configure VRFLite. To link to any task, go to “VRF Lite configuration navigation” (page312).



NN46205-523 02.02 9 December 2009


.

312 VRF Lite configuration using the NNCLI

VRF Lite configuration navigation

• “Job aid: Roadmap of VRF Lite NNCLI commands” (page 312)

• “Creating a VRF instance” (page 313)

• “Associating a VLAN or port with a VRF instance” (page 314)

• “Configuring interVRF route redistribution” (page 316)

• “Example of a simple VRF configuration” (page 315)

Navigation• “Job aid: Roadmap of VRF Lite NNCLI commands” (page 312)

• “Creating a VRF instance” (page 313)

• “Associating a VLAN or port with a VRF instance” (page 314)

• “Example of a simple VRF configuration” (page 315)

Job aid: Roadmap of VRF Lite NNCLI commandsThe following table lists the commands and their parameters that you useto perform the procedures in this section.

Table 37Job aid: Roadmap of VRF Lite NNCLI configuration commands

Command Parameter

Privileged EXEC mode

show ip vrf <cr>

max-routes [vrfids <WORD 0-255>][<WORD 0-16>]

[vrfids <WORD 0-255>]

[<WORD 0-16>]


ip vrf <WORD 0-16> <cr>

max-routes <0-25000>

max-routes-trap enable

name <WORD 0-32>

vrf-trap enable

vrfid <1-255>

router vrf <WORD 0-16>


NN46205-523 02.02 9 December 2009


.

Creating a VRF instance 313

Creating a VRF instanceCreate a VRF instance to provide a virtual routing interface for a user.

Prerequisites


Procedure steps

Step Action

1 To create a VRF instance, specify a VRF name in the followingcommand:

ip vrf <WORD 0-16>

2 To configure the maximum number of routes, enter the followingcommand:

ip vrf <WORD 0-16> max-routes <0-25000>

3 To enable max-routes traps:

ip vrf <WORD 0-16> max-routes-trap enable

4 Enter Router Configuration mode:

router vrf <WORD 0-16>

5 Set the Routing Protocol (RP) triggers for the VRF using thefollowing commands:

ip bgp

ip ospf

ip rip

You cannot configure BGP, OSPF, or RIP on a VRF instanceunless the RP trigger is configured.

6 Ensure that the instance is configured correctly by entering thefollowing command:

show ip vrf [<WORD 0-16>]

--End--

Variable definitionsUse the information in the following table to help you use the ip vrf<WORD 0-16> commands.

Variable Value

<cr> Creates the VRF instance with the name specified.


NN46205-523 02.02 9 December 2009


.


Variable Value

max-routes <0-25000> Specifies the maximum number of routes for theVRF. The default value is 10000, except for theGlobal Router, which is 25000.

max-routes-trapenable

Enables the sending of traps when the maximumnumber of routes is reached.

name <WORD 0-32> Renames the VRF instance.

vrf-trap enable Enables the switch to send VRF-related traps.

Use the information in the following table to help you use the show ip vrfcommands.

Variable Value

<cr> Displays information about all VRF instances.

max-routes [vrfids<WORD 0-255>] [<WORD0-16>]

Displays the maximum number of routes for thespecified VRFs.• vrfids <WORD 0-255> specifies a list of VRFs

by VRF IDs.

• <WORD 0-16> specifies a VRF by name.

vrfids <WORD 0-255> Specifies a list of VRFs by VRF IDs.

<WORD 0-16> Specifies a VRF by name.

Associating a VLAN or port with a VRF instanceYou can assign a VRF instance to a port or VLAN. You cannot associate aVLAN or port and a VRF instance if the VLAN or port has an IP addressconfigured. You can configure the IP address after you associate the portand VRF instance.

Prerequisites



Procedure steps

Step Action

1 To associate a VLAN with a VRF, in VLAN InterfaceConfiguration mode, enter the following command:

vrf <WORD 0-16>

2 To associate a port with a VRF, in Gigabit Ethernet InterfaceConfiguration mode, enter the following command:


NN46205-523 02.02 9 December 2009


.

Example of a simple VRF configuration 315

vrf <WORD 0-16>

--End--

Variable definitionsUse the information in the following table to help you use the vrfcommand.

Variable Value

vrf <WORD 0-16> Specifies the VRF instance by name.

Example of a simple VRF configurationProcedure steps

Step Action

1 Create a VRF called Two:

ERS-8606:5(config)#ip vrf Two

2 Create a VLAN of type byport:

ERS-8606:5(config)#vlan create 33 type port 1

3 Enter VLAN Interface Configuration mode:

ERS-8606:5(config)#interface vlan 33

4 Give the VLAN an IP address:

ERS-8606:5(config-if)#ip address 32.22.12.2255.255.255.0

5 Assign the VLAN to VRF Two

ERS-8606:5(config-if)#vrf Two

6 Enter VRF configuration mode:

ERS-8606:5(config-if)#router vrf Two

7 Enable OSPF on the VRF:

ERS-8606:5(router-vrf)#ip ospf

8 Specify OSPF compatibility:

ERS-8606:5(router-vrf)#ip ospf rfc1583-compatibility enable

--End--


NN46205-523 02.02 9 December 2009


.


Configuring interVRF route redistributionUse route redistribution between VRFs so that an instance can announceroutes that are learned by other protocols, for example, OSPF or BGP.


NN46205-523 02.02 9 December 2009


.

317.

IP policy configuration using DeviceManager

Prior to Ethernet Routing Switch 8600 software release 3.2, you configuredseparate policy databases for Routing Information Protocol (RIP) accept,RIP Announce, Open Shortest Path First (OSPF) accept, and OSPFannounce filtering purposes. Now, you can form a unified database ofroute policies that the protocols (RIP, OSPF or Border Gateway Protocol[BGP]) can use for any type of filtering task.

For information about configuring a prefix list, community list, or AS pathlist, see Nortel Ethernet Routing Switch 8600 Configuration — BGPServices (NN46205-510)

A name or an ID identifies a policy. Under a policy you can have severalsequence numbers, each of which is equal to one policy in the oldconvention. If a field in a policy is not configured, it appears as 0 or anywhen it appears in Device Manager. This means that the field is ignoredin the match criteria. You can use the clear option to remove existingconfigurations for any field.

Each policy sequence number contains a set of fields. Only a subset ofthose fields is used when the policy is applied in a certain context. Forexample, if a policy has a set-preference field set, it is used only when thepolicy is applied for accept purposes. This field is ignored when the policyis applied for announce and redistribute purposes.

You can apply only one policy for one purpose (for example, RIPAnnounce on a given RIP interface). In that example, all sequencenumbers under the given policy are applicable for that filter. A sequencenumber also acts as an implicit preference: a lower sequence number ispreferred.

For more information about IP policies concepts and terminology, see “IProuting operations fundamentals” (page 21).


NN46205-523 02.02 9 December 2009


.

318 IP policy configuration using Device Manager

Select a topic:

• “Prerequisites to IP policy configuration” (page 318)

• “Configuring a prefix list” (page 319)

• “Route policy configuration” (page 320)

• “Filtering routes” (page 325)

• “Configuring an OSPF accept policy” (page 327)

• “Configuring inbound/outbound filtering policies on a RIP interface”(page 328)

• “Deleting inbound/outbound filtering policies on a RIP interface” (page329)

• “Configuring inbound/outbound filtering policies on a DVMRP interface”(page 330)

Prerequisites to IP policy configuration• Define the prefix list.

• Define a route policy.

• Apply the route policy to the routing protocol.

Navigation• “Configuring a prefix list” (page 319)

• “Route policy configuration” (page 320)

• “Filtering routes” (page 325)

• “Configuring an OSPF accept policy” (page 327)

• “Configuring inbound/outbound filtering policies on a RIP interface”(page 328)

• “Deleting inbound/outbound filtering policies on a RIP interface” (page329)

• “Configuring inbound/outbound filtering policies on a DVMRP interface”(page 330)






NN46205-523 02.02 9 December 2009


.

Configuring a prefix list 319



• “Configuring ICMP Router Discovery for a port” (page 340)

• “Enabling IP VPN on a CLIP interface” (page 342)

• “Enabling PIM on a CLIP interface” (page 343)

Configuring a prefix listA prefix list is a list of routes that you can apply to one or more routepolicies. It contains a set of contiguous or noncontiguous routes. Prefixlists are referenced by name from within the routing policies.

Procedure steps

Step Action

1 From the Device Manager menu bar, choose IP, Policy -GlobalRouter (vrf x).

2 On the Prefix List tab, click Insert.

3 Edit the fields as required.

4 Click Insert.

--End--

For more information, see “Policy, Insert Prefix List fields” (page 319).

Policy, Insert Prefix List fieldsVariable definitions

Use the data in the following table to use the Policy, Insert Prefix Listfields.

Variable Value

ID The list identifier.

Prefix The IP address.

PrefixMaskLen The specified length of the prefix mask.

You must enter the full 32-bit mask to exact a full match ofa specific IP address (for example, when creating a policyto match on next hop).


NN46205-523 02.02 9 December 2009


.


Variable Value

Name Names a specified prefix list during the creation processor renames the specified prefix list. The name length canbe from 1 to 64 characters.

MaskLenFrom The lower bound of the mask length. The default is themask length. Lower bound and higher bound masklengths together can define a range of networks.

MaskLenUpto The higher bound mask length. The default is the masklength. Lower bound and higher bound mask lengthstogether can define a range of networks.

Route policy configurationYou can configure route policies so that all protocols use them for In, Out,and redistribute purposes.

ATTENTIONChanging route preferences is a process-oriented operation that can affectsystem performance and network reachability while you perform the procedures.Therefore, Nortel recommends that if you want to change a prefix list or arouting protocol, you configure all route policies and prefix lists before youenable the protocols.

To continue, go to:

• “Configuring a route policy” (page 320)

Route policy configuration navigation

• “Configuring a route policy” (page 320)

• “Applying a route policy” (page 324)

Configuring a route policyConfigure a route policy so that all protocols use them for In, Out, andRedistribute purposes.

Procedure steps

Step Action

1 From the Device Manager menu bar, choose IP, Policy -GlobalRouter (vrf x).

2 Click the Route Policy tab.

3 Click Insert.


NN46205-523 02.02 9 December 2009


.

Route policy configuration 321

4 Enter the appropriate information for your configuration in thePolicy, Insert Route Policy dialog box.

5 Click Insert.

--End--

For more information, see “Policy, Insert Route Policy fields” (page 321).

Policy, Insert Route Policy fieldsVariable definitions

Use the data in the following table to use the Policy, Insert Route Policyfields.

Variable Value

Id The ID of an entry in the Prefix list table.

SequenceNumber A second index used to identify a specific policy withina route policy group.

Name Used to create a policy or to rename a policy after it iscreated. This command changes the name field for allsequence numbers under the given policy.

Enable Indicates whether this policy sequence number isenabled or disabled. If disabled, the policy sequencenumber is ignored.

Mode Specifies the action to take when a policy is selectedfor a specific route. Select permit (allow the route) ordeny (ignore the route).

MatchProtocol Select the appropriate protocol. If configured, matchesthe protocol through which the route is learned. Thisfield is used only for RIP Announce purposes.

MatchNetwork If configured, the switch matches the destinationnetwork against the contents of the specified prefix list.

MatchIpRouteSource If configured, matches the next-hop IP address forRIP routes and advertising router IDs for OSPF routesagainst the contents of the specified prefix list. Thisoption is ignored for all other route types.

Click the ellipsis button and choose from the list in theMatch Route Source dialog box. You can select up tofour entries. To clear an entry, use the ALT key.

You can also change this field in the Route Policy tabof the Policy dialog box.


NN46205-523 02.02 9 December 2009


.


Variable Value

MatchNextHop If configured, matches the next-hop IP address of theroute against the contents of the specified prefix list.This field applies only to nonlocal routes.

Click the ellipsis button and choose from the list in theMatch Next Hop dialog box. You can select up to fourentries. To clear an entry, use the ALT key.

MatchInterface If configured, the switch matches the IP address of theinterface by which the RIP route was learned againstthe contents of the specified prefix list. This field isused only for RIP routes and ignored for all other typeof route.

Click the ellipsis button and choose from the list in theMatch Interface dialog box. You can select up to fourentries. To clear an entry, use the ALT key.

MatchRouteType Sets a specific route type to match (applies only toOSPF routes).

Externaltype1 and Externaltype2 specify the OSPFroutes of the specified type only. OSPF internal refersto intra- and inter-area routes.

MatchMetric If configured, the switch matches the metric of theincoming advertisement or existing route against thespecified value (1 to 65535). If 0, this field is ignored.The default is 0.

MatchAsPath Applicable to BGP only. Matches the BGP autonomoussystem path. This overrides the BGP neighbor filter listinformation.

MatchCommunity Applicable to BGP only. Filters incoming and outgoingupdates based on a Community List.

MatchCommunityExtract

Applicable to BGP only. If enabled, it indicates thematch to exact (that is, all of the communities specifiedin the path must match). The default is disabled.

MatchTag Applicable to BGP only. Specifies a list of tags usedduring the match criteria process. It contains one ormore tag values.

MatchVrf An array which identifies the source VRFs that leaksroutes to the local VRF.


NN46205-523 02.02 9 December 2009


.

Route policy configuration 323

Variable Value

NssaPbit Sets or resets the P bit in specified type 7 link stateadvertisements (LSA). By default, the Pbit is always setin case the user set it to a disable state for a particularroute policy other than all type 7. LSAs associated withthat route policy have the Pbit cleared. With this intact,not so stubby area (NSSA) area border router (ABR)does not perform translation of these LSAs to type 5.The default is disabled.

SetRoutePreference When set to greater than zero, specifies the routepreference value assigned to the routes that matchesthe policy. This setting applies to accept policies only.

Set a value from 0 to 255. The default value is 0. If thedefault is configured, the global preference value isused.

SetMetricTypeInternal The MED value for routes advertised to BGP numbersto the Interior Gateway Protocol (IGP) metric value.The default is 0.

SetMetric If configured, the switch sets the metric value forthe route while announcing or redistributing. Thedefault-import-metric is 0. If the default is configured,the original cost of the route is advertised into OSPF;for RIP, the original cost of the route or the defaultvalue is used.

SetMetricType Applicable to OSPF protocol only. If configured, setsthe metric type for the routes to announce into theOSPF routing protocol that matches this policy. Thedefault is type 2. This field is applicable only for OSPFannounce policies.

SetNextHop Applicable to BGP only. This is the IP address ofthe next-hop router. It is ignored for Distance VectorMulticast Routing Protocol (DVMRP) routes. Thedefault is 0.0.0.0.

SetInjectNetList If configured, the switch replaces the destinationnetwork of the route that matches this policy with thecontents of the specified prefix list. Click the ellipsisbutton and choose from the list in the Set Inject NetListdialog box.

SetMask Applicable to RIP protocol only. If configured, theswitch sets the mask of the route that matches thispolicy. This applies only to RIP accept policies.

SetAsPath Applicable to BGP only. Indicates the AS path valueto use whether the SetAsPathMode field is Tag orPrepend.


NN46205-523 02.02 9 December 2009


.


Variable Value

SetAsPathMode Applicable to BGP protocol only. The mode is eitherTag or Prepend tag. The value is applicable only whileredistributing routes to BGP. It converts the tag of aroute into an AS path.

SetAutomaticTag Applicable to BGP protocol only. Default is disable.

SetCommunityNumber

Applicable to BGP protocol only. This value canbe a number (1 to 42949672000) or no-export orno-advertise. Applicable to BGP advertisements.

SetCommunityMode Applicable to BGP protocol only. This value can beeither append, none, or unchanged.• Unchanged—keep the community attribute in the

route path as it is.

• None—remove the community in the route pathadditive.

• Append—add the community number specifiedin SetCommunityNumber to the community listattribute. The default is unchanged.

SetOrigin Applicable to BGP protocol only. Set to IGP, EGP,incomplete, or unchanged. If not set, the system usesthe route origin from the IP routing table (protocol). Thedefault is unchanged.

SetLocalPref Applicable to BGP protocol only. This value is usedduring the route decision process in the BGP protocol.The default is 0.

SetOriginEgpAs Applicable to BGP protocol only. Indicates the remoteautonomous system number. The default is 0.

SetWeight Applicable to BGP protocol only. This field mustbe used with the match as-path condition. It isthe weight value for the routing table. For BGP,this value overrides the weight configured throughthe NetworkTableEntry, FilterListWeight, orNeighborWeight. The default is 0.

SetTag Applicable to BGP protocol only. Sets the list of tagsused during the match criteria process.

Applying a route policyApply route policies to define route behavior.

ATTENTIONChanging route policies or prefix lists that affect OSPF accept or redistribute isa process-oriented operation that can affect system performance and networkreachability while you perform the procedures. Therefore, Nortel recommendsthat if you want to change a prefix list or a routing protocol, you configure allroute policies and prefix lists before enabling the protocols.


NN46205-523 02.02 9 December 2009


.

Filtering routes 325

Procedure steps

Step Action

1 From the Device Manager menu bar, choose IP, PolicyGlobalRouter (vrf x).

2 Click the Applying Policy tab.

3 Select the type of policy to apply.

4 Click Apply.

--End--

For more information, see “Policy, Applying Policy fields” (page 325).

Policy, Applying Policy fieldsVariable definitions

Use the data in the following table to use the Policy, Applying Policy fields.

Variable Value

RoutePolicyApply When selected, configuration changes in the policy takeeffect in an OSPF route policy context. This keeps theswitch from attempting to apply the changes one by oneafter each configuration change.

RedistributeApply When selected, configuration changes in the policy takeeffect for an OSPF Redistribute context. This keeps theswitch from attempting to apply the changes one-by-oneafter each configuration change.

OspfInFilterApply When selected, the configuration changes in a routepolicy or a prefix list take effect in an OSPF Acceptcontext. This keeps the switch from attempting to applythe changes one by one after each configuration change.

Filtering routesFilter routes to control traffic based on routing parameters.

Procedure steps

Step Action

1 From the Device Manger menu bar, choose IP, IP GlobalRouter(vrf x).

2 Click the Routes tab.

3 ClickFilter .


NN46205-523 02.02 9 December 2009


.


4 In the IP - GlobalRouter (vrf x), Routes - Filter dialog box, selectAll records to display all the routes, including alternate routes.

Only the best routes appear if the Path Type is option B.

5 Configure the fields on which the filter is to act.

6 Click Filter.

--End--

For more information, see “IP Routes fields” (page 326).

IP Routes fieldsVariable definitions

Use the data in the following table to use the Routes tab fields.

Variable Value

Condition Includes the following options:• AND adds the filter to the existing filter

conditions

• OR selects one filter condition or another

Ignore case Lets you use both uppercase or lowercase.

Column Includes the following options:• contains

• does not contain

• equals to

• does not equal to

All records Displays all the routes, including alternate routes.

Dest The destination IP address.

Mask The subnet mask IP address.

NextHop The next-hop IP address.

HopOrMetric The primary routing metric for this route. Thesemantics of this metric are specific to differentrouting protocols.

Interface Filters by interface.

Proto The routing mechanism through which this routewas learned.

Age The number of seconds since this route was lastupdated or otherwise determined to be correct.

PathType Indicates the route type. It is a combination ofdirect, indirect, best, alternative, and ECMP paths.


NN46205-523 02.02 9 December 2009


.

Configuring an OSPF accept policy 327

Variable Value

Pref Specifies the preference.

NextHopVrfId Specifies the VRF identifier for the next hop.

Configuring an OSPF accept policyUse the following procedure to set up or edit an OSPF accept policy.

Procedure steps

Step Action


2 Click the OSPF Accept tab.

3 Click Insert.

4 Edit fields as required.

5 Click Insert.

--End--

For more information, see “Policy, Insert OSPF Accept fields” (page 327).

Policy, Insert OSPF Accept fieldsVariable definitions

Use the data in the following table to use the Policy, Insert OSPF Acceptfields.

Variable Value

AdvertisingRtr The routing ID of the advertising router.

Enable enables and disables the advertising router.

You can also enable or disable advertising in the OSPFAccept tab of the Policy dialog box by clicking in the fieldand selecting enable or disable from the menu.


NN46205-523 02.02 9 December 2009


.


Variable Value

MetricType The OSPF external type. This parameter describes whichtypes of OSPF ASE routes match this entry.

• any means match either ASE type 1 or 2

• type1 means match any external type 1

• type2 means match any external type 2

You can also select your entry in the OSPF Accept tab ofthe Policy dialog box by clicking in the field and selectingany, type1, or type2 from the menu.

PolicyName The name of the OSPF in filter policy.

Click the ellipsis button and choose from the list in thePolicy Name dialog box. To clear an entry, use the ALTkey.

Configuring inbound/outbound filtering policies on a RIP interfaceConfigure inbound filtering on a RIP interface to determine whether tolearn a route on a specified interface and to specify the parameters of theroute when it is added to the routing table. Configure outbound filteringon a RIP interface to determine whether to advertise a route from therouting table on a specified interface and to specify the parameters of theadvertisement.

The port on which the multimedia filter is enabled becomes a DIFFSERVaccess port.

Procedure steps

Step Action


2 Click the RIP In/Out Policy tab.

3 In the desired row, double-click the InPolicy or OutPolicycolumn.

4 Select a preconfigured In/Out policy and click OK.

--End--

For more information, see “Policy RIP In/Out Policy fields” (page 329).


NN46205-523 02.02 9 December 2009


.

Deleting inbound/outbound filtering policies on a RIP interface 329

Policy RIP In/Out Policy fieldsVariable definitions

Use the data in the following table to use the Policy RIP In/Out Policyfields.

Variable Value

Address The IP address of the RIP interface.

IfIndex The internal index of the RIP interface.

InPolicy The policy name is used for inbound filtering on this RIPinterface. This policy determines whether to learn a routeon this interface and specifies the parameters of the routewhen it is added to the routing table.

OutPolicy The policy name is used for outbound filtering on this RIPinterface. This policy determines whether to advertise aroute from the routing table on this interface and specifiesthe parameters of the advertisement.

Deleting inbound/outbound filtering policies on a RIP interfaceDelete a RIP In/Out policy when you no longer want to learn a route on aspecified interface or advertise a route from the routing table on a specifiedinterface.

Procedure steps

Step Action

1 From the Device Manager menu bar, select IP, PolicyGlobalRouter (vrf x).

2 Click the RIP In/Out Policy tab.

3 In the desired row, double-click the InPolicy or OutPolicy columnfor the policy you want to delete.

4 In the InPolicy or OutPolicy dialog box, press CTRL and click onthe policy you want to delete.

5 Click OK.

The policy is deleted and you are returned to the RIP In/OutPolicy tab.

6 Click Apply.

--End--


NN46205-523 02.02 9 December 2009


.


Configuring inbound/outbound filtering policies on a DVMRPinterface

Configure inbound filtering on a Distance Vector Multicast Routing Protocol(DVMRP) interface to determine whether to learn a route on a specifiedinterface and to specify the parameters of the route when it is added tothe routing table. Configure outbound filtering on a DVMRP interfaceto determine whether to advertise a route from the routing table on aspecified interface and to specify the parameters of the advertisement.

Procedure steps

Step Action

1 From the Device Manager menu bar, choose IP, PolicyGlobalRouter.

2 Click the DVMRP In/Out Policy tab.

3 In the desired row, double-click the InPolicy or OutPolicycolumn.

4 Select the required In/Out policy and click OK.

--End--

For more information, see “Policy DVMRP In/Out Policy fields” (page 330).

Policy DVMRP In/Out Policy fieldsVariable definitions

Use the data in the following table to use the Policy DVMRP In/Out Policyfields.

Variable Value

IfIndex The internal index of the DVMRP interface.

LocalAddr The IP address of the DVMRP interface.

Enable The administrative status of DVMRP in the router,either enabled or disabled.

InPolicy The policy name is used for inbound filtering on thisDVMRP interface. This policy determines whetherto learn a route on this interface and specifies theparameters of the route when it is added to the routingtable.

OutPolicy The policy name is used for outbound filtering on thisDVMRP interface. This policy determines whether toadvertise a route from the routing table on this interfaceand specifies the parameters of the advertisement.


NN46205-523 02.02 9 December 2009


.

Configuring IP routing features globally 331

Configuring IP routing features globallyConfigure the IP routing protocol stack to determine which routing featuresthe switch can use.

Procedure steps

Step Action


2 To globally enable routing, select Forwarding.

3 To globally enable the Alternative Route feature, selectAlternativeEnable.

4 To globally enable ICMP Router Discovery, selectRouteDiscoveryEnable.

5 To globally enable ECMP, select EcmpEnable.

6 Configure the default TTL parameter (DefaultTTL).


7 Configure the remaining parameters as required.

8 Click Apply.

--End--


IP GlobalsVariable definitions

Use the data in the following table to use the Global tab.

Variable Value

Forwarding Configures the switch for forwarding (routing) ornonforwarding. The default value is forwarding.

DefaultTTL Configures the default time-to-live (TTL) value for arouted packet. TTL indicates the maximum numberof seconds elapsed before a packet is discarded.Enter an integer from 1 to 255. The default valueof 255 is used if a value is not supplied in thedatagram header.

ReasmTimeout Specifies the maximum number of seconds thatreceived fragments are held while they wait forreassembly. The default value is 30 seconds.(Read-only)


NN46205-523 02.02 9 December 2009


.


Variable Value

ARPLifeTime Specifies the lifetime of an ARP entry within thesystem, global to the switch. The default value is360 minutes. The range for this value is 1 to 32767minutes.

ICMPUnreachableMsgEnable

If selected, enables the generation of InternetControl Message Protocol (ICMP) networkunreachable messages if the destination networkis not reachable from this router. These messageshelp determine if the routing switch is reachableover the network. The default is disabled.


ICMPRedirectMsgEnable Enables the switch to, or disables the switch from,sending ICMP destination redirect messages.

AlternativeEnable Globally enables or disables the Alternative Routefeature.

If the alternative-route parameter is disabled, allexisting alternative routes are removed. After theparameter is enabled, all alternative routes arere-added.

RouteDiscoveryEnable If selected, enables the ICMP Router Discoveryfeature. The default is disabled (not selected). UseICMP Router Discovery to enable hosts attached tomulticast or broadcast networks to discover the IPaddresses of neighboring routers.

AllowMoreSpecificNonLocalRouteEnable

Enables or disables a more-specific nonlocal route.If enabled, the switch can enter a more-specificnonlocal route into the routing table.

SuperNetEnable Enables or disables supernetting.

If supernetting is globally enabled, the switch canlearn routes with a route mask less than 8 bits.Routes with a mask length less than 8 bits cannothave ECMP paths, even if the ECMP feature isglobally enabled.


NN46205-523 02.02 9 December 2009


.

Viewing IP addresses for all router interfaces 333

Variable Value

EcmpEnable Globally enables or disables the Equal CostMultipath (ECMP) feature. The default is disabled.

After ECMP is disabled, the EcmpMaxPath is resetto the default value of 1.

EcmpMaxPath Globally configures the maximum number of ECMPpaths.


• While the switch is not in R mode, the intervalis 1 to 4.


You cannot configure this feature unless ECMP isenabled globally.





EcmpPathListApply Applies changes in the ECMP path listconfiguration, or in the prefix lists configuredas the path lists.

Viewing IP addresses for all router interfacesUse the Addresses tab to view IP addresses (and their associated routerinterfaces) from one central location.

Procedure steps

Step Action


2 Click the Addresses tab.

--End--

For more information, see “Addresses” (page 333).

AddressesVariable definitions


NN46205-523 02.02 9 December 2009


.


Use the data in the following table to use the Addresses tab.

Variable Value




Ip Address Specifies the IP address of the router interface.

Net Mask Specifies the subnet mask of the router interface.

BcastAddrFormat Specifies the IP broadcast address format usedon this interface; that is, whether 0 (zero) or oneis used for the broadcast address. The EthernetRouting Switch 8600 uses 1.

ReasmMaxSize Specifies the size of the largest IP packet thatthis interface can reassemble from incomingfragmented IP packets.

VlanId Identifies the VLAN associated with this entry. Thisvalue corresponds to the lower 12 bits in the IEEE802.1Q VLAN tag.

BrouterPort Indicates whether this is a brouter port (as opposedto a routable VLAN).

MacOffset Specifies a number by which to offset the MACaddress of the brouter port from the chassis MACaddress. This ensures that each IP address has adifferent MAC address.

VrfId Specifies the associated VRF interface. The VrfIdassociates VLANs or brouter ports to a VRF afterthe creation of VLANs or brouter ports. VRF ID 0 isreserved for the Global Router.

Configuring static routesUse static routes to force the router to make certain forwarding decisions.Create IP static routes to manually provide a path to destination IPaddress prefixes. The maximum number of static routes is 2000.

Procedure steps

Step Action



3 Click Insert.


NN46205-523 02.02 9 December 2009


.

Configuring static routes 335

4 If required, in the OwnerVrfId box, select the appropriate VRFID.

5 In the Dest box, type the IP address.

6 In the Mask box, type the subnet mask.


8 In the NextHopVrfId box, select the appropriate value.

9 To enable the static route, select the Enable check box.

10 In the Metric box, type the metric.

11 In the Preference box, type the route preference.

12 If required, select the LocalNextHop check box.

This option is used to create Layer 3 static routes.

13 Click Insert.

The new route appears in the IP dialog box, Static Routes tab.

14 To delete a static route, select the static route you want todelete.

15 Click Delete.

--End--

For more information, see “Static Routes” (page 335).

Static RoutesVariable definitions

Use the data in the following table to use the Static Routes tab.

Variable Value

OwnerVrfId Specifies the VRF ID for the static route.

Dest Specifies the destination IP address of this route. Avalue of 0.0.0.0 is a default route. Multiple routesto a single destination can appear in the table, butaccess to such multiple entries is dependent on thetable-access mechanisms defined by the networkmanagement protocol in use.


NN46205-523 02.02 9 December 2009


.


Variable Value

Mask Indicates the mask that is logically ANDed withthe destination address before comparison to theRoute Destination. For systems that do not supportarbitrary subnet masks, an agent constructs theRoute Mask by determining whether it belongs to aclass A, B, or C network, and then uses one of:

255.0.0.0—Class A

255.255.0.0—Class B

255.255.255.0—Class C

If the Route Destination is 0.0.0.0 (a default route)then the mask value is also 0.0.0.0.

NextHop Specifies the IP address of the next hop of thisroute. In the case of a route bound to an interfacewhich is realized through a broadcast media,the Next Hop is the agent’s IP address on thatinterface.

When you create a black hole static route,configure this parameter to 255.255.255.255.

NextHopVrfId Specifies the next-hop VRF ID in interVRF staticroute configurations. Identifies the VRF in whichthe ARP entry resides.

Enable Determines whether the static route is available onthe port. The default is enable.

If a static route is disabled, it must be enabledbefore it can be added to the system routing table.

Status Specifies the status of the route.

Metric Specifies the primary routing metric for this route.The semantics of this metric are determined by therouting protocol specified in the route RouteProtovalue. If this metric is not used, configure the valueto 1.

IfIndex Specifies the route index of the Next Hop. Theinterface index identifies the local interface throughwhich the next hop of this route is reached.


NN46205-523 02.02 9 December 2009


.

Configuring IP route preferences 337

Variable Value

Preference Specifies the routing preference of the destinationIP address. If more than one route can be usedto forward IP traffic, the route that has the highestpreference is used. The higher the number, thehigher the preference.

LocalNextHop Enables and disables LocalNextHop. If enabled,the static route becomes active only if the switchhas a local route to the network. If disabled, thestatic route becomes active if the switch has a localroute or a dynamic route.

Configuring IP route preferencesChange IP route preferences to force the routing protocols to prefer aroute over another. Configure IP route preferences to override defaultroute preferences and give preference to routes learned for a specificprotocol.

ATTENTIONChanging route preferences is a process-oriented operation that can affectsystem performance and network reachability while you perform the procedures.Therefore, Nortel recommends that if you want to change default preferences forrouting protocols, do so before you enable the protocols.

Prerequisites

• Disable ECMP before you configure route preferences.

Procedure steps

Step Action


2 Click the RoutePref tab.

3 In the Configured column, change the preference for the givenprotocol.

4 Click Apply.

--End--

For more information, see “RoutePref tab” (page 337).

RoutePref tabVariable definitions


NN46205-523 02.02 9 December 2009


.


Use the data in the following table to use the RoutePref tab.

Variable Value

Protocol Specifies the protocol name.

Default Specifies the default preference value for thespecified protocol.

Configured Changes the default preference value for thespecified protocol.

Configuring a CLIP interfaceYou can use a CLIP interface to provide uninterrupted connectivity toyour switch. You can configure a maximum of 256 circuitless IP (CLIP)interfaces on each device.

Procedure steps

Step Action



3 Click Insert.

4 Assign a CLIP interface number.

5 Enter the IP address.

6 Enter the network mask.

7 Click Insert.

8 To delete a CLIP interface, select the interface and click Delete.

--End--

For more information, see “Circuitless IP” (page 338).

Circuitless IPVariable definitions

Use the data in the following table to use the Circuitless IP tab.

Variable Value

Interface Specifies the number assigned to the interface,from 1 to 256.

Ip Address Specifies the IP address of the CLIP.

Net Mask Specifies the network mask.


NN46205-523 02.02 9 December 2009


.

Assigning an IP address to a port 339

Assigning an IP address to a portAssign an IP address to a port so that it acts as a routable VLAN (abrouter port) and supports IP routing.

To configure a brouter port, assign an IP address to an IP policy-basedsingle-port VLAN.

ATTENTIONAfter the IP address is configured, you cannot edit the IP address, and you canassign only one IP address to any router interface (brouter or virtual).

You cannot assign an IP address to a brouter port that is a member of a routedVLAN. To assign an IP address to the brouter port, you must first remove theport from the routed VLAN.

If you want to assign a new IP address to a VLAN or brouter port that alreadyhas an IP address, first delete the existing IP address and then insert the new IPaddress.

Prerequisites



• If required, the VRF instance exists.

Procedure steps

Step Action

1 Select the port, and then choose Edit, Port, IP - GlobalRouter(vrf x).

2 Click Insert.

3 In the Port, Insert IP Address dialog box, type the IP addressand network mask.

4 Click Insert.

--End--

For more information, see “Port - GlobalRouter (vrf x), IP Address” (page339).

Port - GlobalRouter (vrf x), IP AddressVariable definitions

Use the data in the following table to help use the Port - GlobalRouter(vrf x), IP Address tab.


NN46205-523 02.02 9 December 2009


.


Variable Value




Ip Address Specifies the IP address of the brouter interface onthis port. You can define only one IP address on agiven port interface.

Net Mask Specifies the subnet mask of the brouter interfaceon this port. The mask is an IP address with all thenetwork bits set to 1 and all the hosts bits set to 0.

BcastAddrFormat Specifies the IP broadcast address format used onthis interface.

ReasmMaxSize Specifies the size of the largest IP packet whichthe interface can reassemble from fragmentedincoming IP packets.

VlanId Specifies the ID of the VLAN associated with thebrouter port. This parameter is used to tag ports.

BrouterPort Indicates whether this is a brouter port.

VrfID Specifies the associated VRF interface. The VrfIdassociates VLANs or brouter ports to a VRF afterthe creation of VLANs or brouter ports. VRF ID 0 isreserved for the Global Router.

Configuring ICMP Router Discovery for a portUse this procedure to configure Router Discovery on a port. Whenenabled, the port sends Router Discovery advertisement packets.

Prerequisites


Procedure steps

Step Action

1 Select a port.

2 From the Device Manager menu, choose Edit, Port, IP -GlobalRouter (vrf x).


4 To enable Router Discovery, select AdvFlag.


NN46205-523 02.02 9 December 2009


.

Configuring ICMP Router Discovery for a port 341


6 Click Apply.

--End--

For more information, see “Edit, Port, IP - GlobalRouter (vrf x), RouterDiscovery” (page 341).

Edit, Port, IP - GlobalRouter (vrf x), Router DiscoveryVariable definitions

Use the data in the following table to use the Edit, Port, IP GlobalRouter(vrf x), Router Discovery tab.

Variable Value

AdvAddress Specifies the destination IP address used forbroadcast or multicast router advertisements sentfrom the interface. The accepted values are theall-systems multicast address 224.0.0.1, or thelimited-broadcast address 255.255.255.255.



The default value is True (advertise address).

AdvLifetime Specifies the time to live value (TTL) of routeradvertisements (in seconds) sent from theinterface. The range is MaxAdvInterval to 9000seconds.


MaxAdvInterval Specifies the maximum time (in seconds) thatelapses between unsolicited broadcast or multicastrouter advertisement transmissions from theinterface. The range is 4 seconds to 1800seconds.



NN46205-523 02.02 9 December 2009


.


Variable Value

MinAdvInterval Specifies the minimum time (in seconds) thatelapses between unsolicited broadcast ormulticast router advertisement transmissionsfrom the interface. The range is 3 seconds toMaxAdvInterval.


PreferenceLevel Specifies the preference value (a higher numberindicates more preferred) of the address as adefault router address relative to other routeraddresses on the same subnet. The acceptedvalues are –2147483648 to 2147483647.


Enabling IP VPN on a CLIP interfaceEnable IP VPN on CLIP interfaces so that the CLIP interface supports IPVPN.


Prerequisites

• A CLIP interface exists.

Procedure steps

Step Action



3 Select an interface and click the IPVPN button.

4 Select IpVpnLiteEnable.

5 Click Apply.

--End--

For more information, see “IpVpn - GlobalRouter (vrf x)” (page 342).

IpVpn - GlobalRouter (vrf x)Variable definitions


NN46205-523 02.02 9 December 2009


.

Enabling PIM on a CLIP interface 343

Use the data in the following table to use the IpVpn - GlobalRouter (vrf x)tab.

Variable Value

IpVpnLiteEnable Enables IP VPN on the CLIP interface.

Enabling PIM on a CLIP interfaceEnable Protocol Independent Multicasting (PIM) on a CLIP interface sothat it can participate in PIM routing.

Prerequisites

• PIM must be globally enabled.

Procedure steps

Step Action



3 Select the interface (for example, CLIP1).

4 Click PIM.


You must enable PIM on the CLIP interface for PIM to function.The mode is indicated on this tab.

6 Click Apply.

7 Click Close.

--End--

For more information, see “Circuitless PIM - GlobalRouter (vrf x)” (page343).

Circuitless PIM - GlobalRouter (vrf x)Variable definitions

Use the data in the following table to use the Circuitless PIM -GlobalRouter (vrf x) tab.

Variable Value

Enable Enables PIM on the CLIP interface.

Mode Specifies the PIM mode.


NN46205-523 02.02 9 December 2009


.



NN46205-523 02.02 9 December 2009


.

345.

IP policy configuration using the CLIIn previous releases, you configured separate policy databases for RoutingInformation Protocol (RIP) accept, RIP Announce, Open Shortest PathFirst (OSPF) accept, and OSPF announce filtering purposes. Now, youcan form a unified database of route policies that RIP or OSPF can usefor any type of filtering task.

A policy is identified by a name or an ID. Under a given policy you canhave several sequence numbers, each of which is equal to one policy inthe old convention. Each policy sequence number contains a set of fields.Only a subset of those fields is used when the policy is applied in a certaincontext. For example, if a policy has a set-preference field set, it is usedonly when the policy is applied for accept purposes. This field is ignoredwhen the policy is applied for announce and redistribute purposes.

You can apply one policy for one purpose, for example, RIP Announceon a given RIP interface. All sequence numbers under the given policyare applied to that filter. A sequence number also acts as an implicitpreference; a lower sequence number is preferred.

For more information about concepts and terminology about IP policies,see “IP routing operations fundamentals” (page 21).

IP policy configuration navigation• “Job aid” (page 346)

• “Configuring prefix lists” (page 350)

• “Configuring IP route policies” (page 351)

• “Configuring a policy to accept external routes from a router” (page358)

• “Applying OSPF accept policy changes” (page 359)


NN46205-523 02.02 9 December 2009


.

346 IP policy configuration using the CLI


Table 38Roadmap of IP policy commands

Command Parameter

config ip prefix-list <name> info

add-prefix [maskLenFrom <value>]

delete

name <name>

remove-prefix <ipaddr/mask>

config ip route-policy <policy_name>seq <seq_number>

info

action <permit|deny>

create

delete

disable

enable

match-as-path <as-list> [clear]

match-community <community-list>[clear]

match-community-exact <enable|disable> [clear]

match-interface <prefix-list>[clear]

match-metric <metric> [clear]

match-network <prefix-list> [clear]

match-next-hop <prefix-list> [clear]

match-protocol <protocol_name>[clear]

match-route-src <prefix-list>[clear]

match-route-type <route-type>

match-tag <tag> [clear]

name <policy_name>

set-as-path <as-list-id> [clear]

set-as-path-mode <tag|prepend>[clear]


NN46205-523 02.02 9 December 2009


.

Job aid 347

Table 38Roadmap of IP policy commands (cont’d.)

Command Parameter

set-automatic-tag <enable|disable>[clear]

set-community <community-list>[clear]

set-community-mode <unchanged|additive|none> [clear]

set injectlist <prefix-list> [clear]

set-local-pref <pref-value> [clear]

set-mask <ipaddr>

set-metric <metric-value> [clear]

set-metric-type <metric-type>[clear]

set-nssa-pbit <enable|disable>

set-next-hop <ipaddr> [clear]

set-origin <origin> [clear]

set-origin-egp-as <origin-egp-as>[clear]

set-preference <pref-value> [clear]

set-tag <tag> [clear]

set-weight <weight> [clear]

config ip ospf accept adv-rtr <ipaddr> info

apply

create

delete

disable

enable

metric-type <type1|type2|any>

route-policy <policy_name>

config ip ospf accept apply

config ip vrf <dst-vrf> <ospf|bgp|rip> redistribute <ospf|bgp|static|direct|rip>

apply

create

disable

delete


NN46205-523 02.02 9 December 2009


.



Command Parameter

enable

info

metric <metric-value> [vrf-src<value>]

metric-type <type1|type2> [vrf-src<value>]

route-policy <policy name> [vrf-src<value>]

subnets <allow|suppress> [vrf-src<value>]

show ip prefix-list

show ip route-policy info

show ip ospf accept info

show ip ospf redistribute info

Job aidThe following table lists the VRF Lite IP policy commands and parametersthat you use to perform the procedures in this section.

Table 39Roadmap of VRF Lite IP policy commands

Command Parameter

config ip vrf <vrfName> prefix-list<name>

info

add-prefix [maskLenFrom <value>]

delete

name <name>

remove-prefix <ipaddr/mask>

config ip vrf <vrfName> route-policy<policy_name> seq <seq_number>

info

action <permit|deny>

create

delete

disable

enable

match-as-path <as-list> [clear]


NN46205-523 02.02 9 December 2009


.

Job aid 349

Table 39Roadmap of VRF Lite IP policy commands (cont’d.)

Command Parameter

match-community <community-list>[clear]

match-community-exact <enable|disable> [clear]

match-interface <prefix-list>[clear]

match-metric <metric> [clear]

match-network <prefix-list> [clear]

match-next-hop <prefix-list> [clear]

match-protocol <protocol_name>[clear]

match-route-src <prefix-list>[clear]

match-route-type <route-type>

match-tag <tag> [clear]

name <policy_name>

set-as-path <as-list-id> [clear]

set-as-path-mode <tag|prepend>[clear]

set-automatic-tag <enable|disable>[clear]

set-community <community-list>[clear]

set-community-mode <unchanged|additive|none> [clear]

set injectlist <prefix-list> [clear]

set-local-pref <pref-value> [clear]

set-mask <ipaddr>

set-metric <metric-value> [clear]

set-metric-type <metric-type>[clear]

set-nssa-pbit <enable|disable>

set-next-hop <ipaddr> [clear]

set-origin <origin> [clear]

set-origin-egp-as <origin-egp-as>[clear]


NN46205-523 02.02 9 December 2009


.


Table 39Roadmap of VRF Lite IP policy commands (cont’d.)

Command Parameter

set-preference <pref-value> [clear]

set-tag <tag> [clear]

set-weight <weight> [clear]

config ip vrf <vrfName> ospf acceptadv-rtr <ipaddr>

info

apply

create

delete

disable

enable

metric-type <type1|type2|any>

route-policy <policy_name>

config ip vrf <vrfName> ospf accept apply

Configuring prefix listsYou can create one or more IP prefix lists and apply lists to any IP routepolicy.

When you configure the masklengthFrom field to be less than theMaskLengthTo field, the field can also be used as a range.

Procedure steps

Step Action

1 Configure a prefix list by using the following command:config ip prefix-list <name>

2 Confirm your configuration by using the following command:config ip prefix-list <name> info

3 Display the prefix list by using the following command:show ip prefix-list

--End--

Variable definitionsUse the data in the following table to use the config ip prefix-list<name> command.


NN46205-523 02.02 9 December 2009


.

Configuring IP route policies 351

Variable Value

add-prefix <ipaddr|mask> [maskLenFrom <value>][maskLenTo <value>]

Adds a prefix entry to the prefix list.

• ipaddr|mask is the IP address and mask.

• maskLenFrom <value> is the lowerbound mask length. The default is themask length.

• maskLenTo <value> is the higher boundmask length. The default is the masklength.

Lower bound and higher bound mask lengthstogether can define a range of networks.

delete Deletes the prefix list.

info Displays all of the prefixes in a given list.

name <name> Renames the specified prefix list. The namelength is from 1 to 64 characters.

remove-prefix<ipaddr/mask>

Removes a prefix entry from the prefix list.

• <ipaddr/mask> is the IP address andmask.

Job aidThe following table shows the field descriptions for theshow ipprefix-list command.

Table 40show ip prefix-list command


PREFIX Indicates the member of a specific prefix list.

MASKLEN Indicates the prefix mask length in bits.

FROM Indicates the prefix mask starting point in bits.

TO Indicates the prefix mask endpoint in bits.

Configuring IP route policiesConfigure a route policy so that the switch can control routes that certainpackets can take. For example, you can use a route policy to deny certainBGP routes.

The route policy defines the matching criteria and the actions taken if thepolicy matches.


NN46205-523 02.02 9 December 2009


.


You configure IP policies on a VRF the same way you configure theGlobal Router, except that you must replace config ip route-policy<policy_name> seq <seq_number> create with config ip vrf<vrfName> route-policy <policy_name> seq <seq_number>create.

Procedure steps

Step Action

1 Create a route policy by using the following command:config ip route-policy <policy_name> seq<seq_number> create

2 Define the fields the policy enforces by using the followingcommand:config ip route-policy <policy_name> seq<seq_number> match-metric <metric>

In this case, the metric field is used. You can configure morethan one field.

3 Define the action the policy takes by using the followingcommand:config ip route-policy <policy_name> seq<seq_number> action <permit|deny>

4 Configure other policy parameters as required. Use the followingvariable definitions table for other parameters.

5 Display current information about the IP route policy using one orboth of the following commands:config ip route-policy <policy_name> seq<seq_number> infoshow ip route-policy info

6 Enable the policy by using the following command:config ip route-policy <policy_name> seq<seq_number> enable

After the policy is created and enabled, you can apply it toan interface. You can apply one policy for one purpose, forexample, RIP Announce, on a given RIP interface. In this case,all sequence numbers under the given policy apply to that filter.

7 Display information about the route policies configured on theswitch by using the following command:show ip route-policy info

--End--


NN46205-523 02.02 9 December 2009


.


Variable definitionsUse the data in the following table to use the config ip route-policy<policy_name> seq <seq_number> and config ip vrf <vrfName>route-policy <policy_name> seq <seq_number> createcommands.

Variable Value

action <permit|deny> Specifies the action to take when a permit or deny policy isselected for a specific route. Permit allows the route, denyignores the route.

create Creates a route policy with a policy name and a sequencenumber.

When you create a route policy in the CLI, the ID is internallygenerated using an automated algorithm. When you create aroute policy in Device Manager, you can manually assign theID number.

delete Deletes a route policy with a policy name and a sequencenumber.

disable Disables a route policy with a policy name and a sequencenumber.

enable Enables a route policy with a policy name and a sequencenumber.

info Displays current configuration information about the policysequence number.

match-as-path <as-list>[clear]

If configured, the switch matches the as-path attribute of theBorder Gateway Protocol (BGP) routes against the contents ofthe specified AS-lists. This field is used only for BGP routesand ignored for all other route types.

• as-list specifies the list IDs of up to four AS-lists, separatedby a comma.

• [clear] removes the configured value for match-as-path.

match-community<community-list> [clear]

If configured, the switch matches the community attribute of theBGP routes against the contents of the specified communitylists. This field is used only for BGP routes and ignored for allother route types.

• community-list specifies the list IDs of up to four definedcommunity lists, separated by a comma.

• [clear]removes the configured value for match-community.


NN46205-523 02.02 9 December 2009


.


Variable Value

match-community-exact<enable|disable> [clear]

When disabled, match-community-exact results in a matchwhen the community attribute of the BGP routes matches anyentry of any community-list specified in match-community.

When enabled, match-community-exact results in a matchwhen the community attribute of the BGP routes matchesall of the entries of all the community lists specified inmatch-community.

• [clear] removes the configured value for match-community-exact.

match-interface<prefix-list> [clear]

If configured, the switch matches the IP address of theinterface by which the RIP route was learned against thecontents of the specified prefix list. This field is used only forRIP routes and ignored for all other route types.

• prefix-list specifies the name of up to four defined prefixlists, separated by a comma.

• [clear] removes the configured value for match-interface.

match-metric <metric>[clear]

If configured, the switch matches the metric of the incomingadvertisement or existing route against the specified value. If0, this field is ignored.

• metric is 1 to 65535. The default is 0.

• [clear] removes the configured value for match-metric.

match-network<prefix-list> [clear]

If configured, the switch matches the destination networkagainst the contents of the specified prefix lists.


• [clear] removes the configured value for match-network.

match-next-hop<prefix-list> [clear]

If configured, matches the next-hop IP address of the routeagainst the contents of the specified prefix list. This fieldapplies only to nonlocal routes.

• prefix-listspecifies the name of up to four defined prefix lists,separated by a comma.

• [clear] removes the configured value for match-next-hop.


NN46205-523 02.02 9 December 2009


.


Variable Value

match-protocol <protocolname> [clear]

If configured, matches the protocol through which the route islearned.

• protocol name is any|xxx, where xxx is local, OSPF,External BGP (EBGP), Internal BGP (IBGP), RIP, DistanceVector Multicast Routing Protocol (DVMRP), static, or anycombination. The value is a string length 0 to 40.

match-route-src<prefix-list> [clear]

If configured, matches the next-hop IP address for RIProutes and advertising router IDs for OSPF routes against thecontents of the specified prefix list. This option is ignored for allother route types.


• [clear] removes the configured value for match-route-src.

match-route-type<route-type>

Sets a specific route type to match (applies only to OSPFroutes).

• route-type specifies OSPF routes of the specified type only(External-1 or External-2). Any other value is ignored.

match-tag <tag> [clear] Specifies a list of tags used during the match criteria process.Contains one or more tag values.

• tag is a value from 0 to 256.

• [clear] removes the configured values for match-tag.

match vrf [vrf <value>][vrfids <value>] [clear]

Sets a specific VRF to match (applies only to OSPF routes).

name <policy_name> Renames a created policy and changes the name field for allsequence numbers under the given policy.

<policy-name> The route policy name (1 to 64 characters in length).

<seq_number> The integer sequence number in the range of 1 to 65 535.A sequence number acts as an implicit preference; a lowersequence number is preferred.

set-as-path <as-list-id>[clear]

If configured, the switch adds the AS number of the AS-list tothe BGP routes that match this policy.

• as-list-id specifies the list ID of up to four defined as-listsseparated by a comma.

• [clear] removes the configured value for set-as-path.

set-as-path-mode<tag|prepend> [clear]

Indicates the path mode.


NN46205-523 02.02 9 December 2009


.


Variable Value

set-automatic-tag<enable|disable> [clear]

Sets the tag automatically. Used for BGP routes only.

set-community<community-list> [clear]

If configured, the switch adds the community number of thecommunity list to the BGP routes that match this policy.

• community-list specifies the list ID of up to four definedcommunity lists separated by a comma.

• [clear] removes the configured value for set-community.

set-community-mode <unchanged|additive|none>[clear]

Sets the community mode.

• additive—the switch prepends the community number ofthe community list specified in set-community to the oldcommunity path attribute of the BGP routes that match thispolicy.

• none—the switch removes the community path attribute ofthe BGP routes that match this policy to the specified value.

• [clear]removes the configured value for set-community-mode.

set-injectlist<prefix-list> [clear]

If configured, the switch replaces the destination network of theroute that matches this policy with the contents of the specifiedprefix list.

• prefix-listspecifies one prefix list by name.

• [clear] removes the configured value for set-injectlist.

set-local-pref<pref-value> [clear]

A value used during the route decision process in the BGPprotocol. Applicable to BGP only.

set-mask <ipaddr> If configured, sets the mask of the route that matches thispolicy. This applies only to RIP accept policies.

• ipaddr is a valid contiguous IP mask.

set-metric <metric-value>[clear]

If configured, sets the metric value for the route whileannouncing a redistribution. The default is 0. If the defaultis configured, the original cost of the route is advertisedinto OSPF; for RIP, the original cost of the route ordefault-import-metric is used.

set-metric-type<metric-type> [clear]

If configured, sets the metric type for the routes to announceinto the OSPF domain that matches this policy. The defaultis type 2. This field is applicable only for OSPF announcepolicies.

set-next-hop <ipaddr>[clear]

Specifies the IP address of the next-hop router. Ignored forDistance Vector Multicast Routing Protocol (DVMRP) routes.


NN46205-523 02.02 9 December 2009


.


Variable Value

set-nssa-pbit<enable|disable>

Sets the not so stubby area (NSSA) translation P bit.Applicable to OSPF announce policies only.

set-origin <origin>[clear]

If configured, the switch changes the origin path attribute of theBGP routes that match this policy to the specified value.

set-origin-egp-as<origin-egp-as> [clear]

Indicates the remote autonomous system number. Applicableto BGP only.

set-preference<pref-value> [clear]

Setting the preference to a value greater than 0 specifies theroute preference value to assign to the routes that match thispolicy. This applies to accept policies only.

• pref-value is a value from 0 to 255. The default is 0. If thedefault is configured, the global preference value is used.

• [clear] removes the configured value for set-preference.

set-tag <tag> [clear] Sets the tag of the destination routing protocol. If not specified,the switch forwards the tag value in the source routing protocol.A value of 0 indicates that this parameter is not set.

set-weight <weight>[clear]

The weight value for the routing table. For BGP, this valueoverrides the weight configured through NetworkTableEntry,FilterListWeight, or NeighborWeight. Used for BGP only. Avalue of 0 indicates that this parameter is not set.

Job aidThe following table shows the field descriptions for theshow iproute-policy info command.

Table 41show ip route-policy info command


NAME Indicates the name of the route policy.

SEQ Indicates the second index used to identify a specific policywithin the route policy group (grouped by ID). Use this field tospecify different match and set parameters and an action.

MODE Indicates the action to take when this policy is selected for aspecific route. Options are permit, deny, or continue. Permitindicates to allow the route. Deny indicates to ignore the route.Continue means continue checking the next match criteria setin the next policy sequence; if none, take the default action inthe given context.

EN Indicates whether this policy is enabled. If disabled, the policyis not used.


NN46205-523 02.02 9 December 2009


.


Configuring a policy to accept external routes from a routerUse this procedure to configure a policy to accept external routes from aspecified advertising router.

You configure IP policies on a VRF the same way you configure the GlobalRouter, except that you must replace config ip ospf accept adv-rtr<ipaddr> with config ip vrf <vrfName> ospf accept adv-rtr<ipaddr>.

PrerequisitesYou must be in Router-OSPF Configuraion Mode to complete thisprocedure.

Procedure steps

Step Action

1 In router-ospf mode, configure a policy for accepting externalroutes from a specified advertising route by using the followingcommand:config ip ospf accept adv-rtr <ipaddr>

2 Confirm your configuration by using the following command:config ip ospf accept adv-rtr <ipaddr> info

--End--

Variable definitionsUse the data in the following table to use the config ip ospf acceptadv-rtr <ipaddr> and config ip ospf accept adv-rtr <ipaddr>commands.

Variable Value

apply Applies the OSPF accept policy changes.

create Creates an OSPF accept entry for a specifiedadvertising router.

delete Deletes an OSPF accept entry for a specifiedadvertising router.

disable Disables an OSPF accept entry for a specifiedadvertising router.

enable Enables an OSPF accept entry for a specifiedadvertising router.

info Displays OSPF accept configuration information for aspecified advertising router.


NN46205-523 02.02 9 December 2009


.

Applying OSPF accept policy changes 359

Variable Value

metric-type<type1|type2|any>

Indicates the OSPF external type. This parameterdescribes which types of OSPF external routes matchthis entry.

• any means match all external routes.

• type1 means match external type 1 only.


route-policy<policy_name>

Specifies the name of the route policy to be used forfiltering external routes advertised by the specifiedadvertising router before accepting into the routingtable.

Applying OSPF accept policy changesApply OSPF accept policy changes to allow the configuration changesin the policy to take effect in an OSPF Accept context (and to preventthe switch from attempting to apply the changes one by one after eachconfiguration change).

ATTENTIONChanging OSPF Accept contexts is a process-oriented operation that canaffect system performance and network accessibility while you perform theprocedures. If you want to change the default preferences for an OSPF Acceptor a prefix-list configuration (as opposed to the default preference), Nortelrecommends that you do so before enabling the protocols.

Procedure steps

Step Action

1 Apply an OSPF accept policy change by using the followingcommand:config ip ospf accept

2 Display information about the configured OSPF entries by usingthe following command:show ip ospf accept info

--End--

Variable definitionsUse the data in the following table to use the config ip ospf acceptcommand.


NN46205-523 02.02 9 December 2009


.


Variable Value

apply Configures the entered changes.

Job aidThe following table shows the field descriptions for the show ip ospfaccept info command.

Table 42show ip ospf accept info command


ADV_RTR Indicates the router advancing the packets.

MET_TYPE Indicates the metric type for the routes to import into OSPFrouting protocol, which passed the matching criteria configuredin this route policy. Options include any, local, internal,external, externaltype1, and externaltype2.

ENABLE Indicates if the policy is enabled.

POLICY Indicates the type of policy.


NN46205-523 02.02 9 December 2009


.

361.

IP policy configuration using theNNCLI

In previous releases, you configured separate policy databases for RoutingInformation Protocol (RIP) accept, RIP Announce, Open Shortest PathFirst (OSPF) accept, and OSPF announce filtering purposes. Now, youcan form a unified database of route policies that RIP or OSPF can usefor any type of filtering task.

A policy is identified by a name or an ID. Under a given policy you canhave several sequence numbers, each of which is equal to one policy inthe old convention. Each policy sequence number contains a set of fields.Only a subset of those fields is used when the policy is applied in a certaincontext. For example, if a policy has a set-preference field set, it is usedonly when the policy is applied for accept purposes. This field is ignoredwhen the policy is applied for announce and redistribute purposes.

You can apply one policy for one purpose, for example, RIP Announceon a given RIP interface. All sequence numbers under the given policyare applied to that filter. A sequence number also acts as an implicitpreference; a lower sequence number is preferred.

For more information about concepts and terminology about IP Policies,see “IP routing operations fundamentals” (page 21).

IP policy navigation• “Job aid” (page 362)

• “Configuring prefix lists” (page 363)

• “Configuring IP route policies” (page 364)

• “Configuring a policy to accept external routes from a router” (page374)

• “Applying OSPF accept policy changes” (page 375)


NN46205-523 02.02 9 December 2009


.

362 IP policy configuration using the NNCLI


Table 43Roadmap of IP policy commands

Command Parameter

Global Configuration Mode and VRF Router Configuration Mode

ip prefix-list <WORD/1-64> <A.B.C.D/0-32> [<ge|le> <0-32>]

name <WORD/1-64>

route-map <WORD/1-64> <1-65535> enable

match condition

name <WORD/1-64>

<permit|deny>

set command

<WORD/1-64> <1-65535>

Router OSPF Configuration Mode

accept adv-rtr <A.B.C.D> enable

metric-type {type1|type2|any}

route-policy <WORD>

ip ospf apply accept adv-rtr [vrf<WORD/0-32>]

apply

vrf <WORD/0-32>

vrfids <0-255>

ip ospf redistribute apply

enable

metric <1-65535>

metric-type <type1|type2>

route-policy

<WORD/0-64>

subnets <allow|supress>


ip <bgp|rip|ospf> vrf <WORD 0-16> redistribute <direct|enable|rip|static>

<cr>

enable [vrf-src <WORD 0-16>]

metric <0-65535> [vrf-src <WORD0-16>]


NN46205-523 02.02 9 December 2009


.

Configuring prefix lists 363


Command Parameter

metric-type <type1|type2|any>[vrf-src <WORD 0-16>]

route-policy <WORD 0-64> [vrf-src<WORD 0-16>]

subnets <allow|suppress> [vrf-src<WORD 0-16>]

Configuring prefix listsYou can create one or more IP prefix lists and apply lists to any IP routepolicy.

When you configure the masklengthFrom field to be less than theMaskLengthTo field, you can also use the value as a range.

Prerequisites

• Access Global Configuration Mode and VRF Router ConfigurationMode.

Procedure steps

Step Action

1 Configure a prefix list by using the following command:ip prefix-list <WORD/1-64>

2 Delete a prefix list by using the following command:no ip prefix-list <WORD/1-64>

3 Display the prefix list by using the following command:show ip prefix-list [<WORD/1-64>] [prefix<A.B.C.D>] [vrf <WORD/0-32>] [vrfids <0-255>]

--End--

Variable definitionsUse the data in the following table to use the ip prefix-list<WORD/1-64> command.


NN46205-523 02.02 9 December 2009


.


Variable Value

<A.B.C.D/0-32> [<ge|le><0-32>]

Adds a prefix entry to the prefix list.

• A.B.C.D/0-32 is the IP address andmask.

• <ge|le> <0-32>

Lower bound and higher bound mask lengthstogether can define a range of networks.

Use the no operator to remove a prefix entryfrom the prefix list:no ip prefix-list <WORD/1-64><A.B.C.D/0-32>

name <WORD/1-64> Renames the specified prefix list. The namelength is from 1 to 64 characters.


vrfids <0-255> The ID of the VRF and is an integer in therange of 0 to 255.

Job aidThe following table shows the field descriptions for the show ipprefix-list command.

Table 44show ip prefix-list command


PREFIX Indicates the member of a specific prefix list.

MASKLEN Indicates the prefix mask length in bits.

FROM Indicates the prefix mask starting point in bits.

TO Indicates the prefix mask endpoint in bits.

Configuring IP route policiesConfigure a route policy so that the switch can control routes that certainpackets can take. For example, you can use a route policy to deny certainBGP routes.

The route policy defines the matching criteria and the actions taken if thepolicy matches.

Prerequisites

• Access Global configuration mode and VRF Router configurationmode.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 Create a route policy by using the following command:route-map <WORD/1-64> <1-65535>

2 At the route-map prompt, define the fields the policy enforces byusing the following command:match metric <0-65535>

In this case, the metric field is used. You can configure morethan one field.

3 Define the action the policy takes by using the followingcommand:route-map <WORD/1-64> <permit|deny> <1-65535>

4 Configure other policy parameters as required. Use the followingvariable definitions table for other parameters.

5 Display current information about the IP route policy by using thefollowing command:show route-map [<WORD/1-64>] [<1-65535>] [vrf<WORD/0-32>] [vrfids <0-255>]

6 Enable the policy by using the following command:route-map <WORD/1-64> <1-65535> enable

After the policy is created and enabled, you can apply it toan interface. You can apply one policy for one purpose, forexample, RIP Announce, on a given RIP interface. In this case,all sequence numbers under the given policy apply to that filter.

--End--

Variable definitionsUse the data in the following table to use the route-map <WORD/1-64><1-65535> command.

Variable Value

enable Enables a route policy with a policy name and asequence number.Use the no operator to disable the route policy:no route-map <WORD/1-64> <1-65535>enable



NN46205-523 02.02 9 December 2009


.


Variable Value

match as-path<WORD/0-1027>

If configured, the switch matches the as-pathattribute of the Border Gateway Protocol (BGP)routes against the contents of the specifiedAS-lists. This field is used only for BGP routes andignored for all other route types.

• WORD/0-1027 specifies the list IDs of up tofour AS-lists, separated by a comma.

Use the no operator to disable match as-path:no route-map <WORD/1-64> <1-65535> matchas-path


match community<WORD/0-1027>

If configured, the switch matches the communityattribute of the BGP routes against the contentsof the specified community lists. This field is usedonly for BGP routes and ignored for all other routetypes.

• WORD/0-1027 specifies the list IDs of up tofour defined community lists, separated by acomma.

Use the no operator to disable match community:no route-map <WORD/1-64> <1-65535> matchcommunity


match community-exact enable

When disabled, match community-exact resultsin a match when the community attribute of theBGP routes match any entry of any community-listspecified in match-community.

When enabled, match-community-exact resultsin a match when the community attribute of theBGP routes matches all of the entries of all thecommunity lists specified in match-community.

• enable enables match community-exact.

Use the no operator to disable matchcommunity-exact:no route-map <WORD/1-64> <1-65535> matchcommunity-exact enable


NN46205-523 02.02 9 December 2009


.


Variable Value


community-exact Matches community exactly, applicable for BGPonly, ignored in all other cases.

match interface<WORD 0-1027>

If configured, the switch matches the IP address ofthe interface by which the RIP route was learnedagainst the contents of the specified prefix list. Thisfield is used only for RIP routes and ignored for allother route types.

• word 0-1027 specifies the name of up to fourdefined prefix lists, separated by a comma.

Use the no operator to disable match-interface:no route-map <WORD/1-64> <1-65535> matchinterface


local-preference Matches the local preference, applicable to allprotocols.

match metric<0-65535>

If configured, the switch matches the metric of theincoming advertisement or existing route againstthe specified value. If 0, this field is ignored.

• 0-65535 The default is 0.


match network<WORD/0-1027>

If configured, the switch matches the destinationnetwork against the contents of the specified prefixlists.

• WORD/0-1027 specifies the name of up to fourdefined prefix lists, separated by a comma.

Use the no operator to disable match network:no route-map <WORD/1-64> <1-65535> matchnetwork



NN46205-523 02.02 9 December 2009


.


Variable Value

match next-hop<WORD/0-1027>

If configured, matches the next-hop IP addressof the route against the contents of the specifiedprefix list. This field applies only to nonlocal routes.


Use the no operator to disable match next hop:no route-map <WORD/1-64> <1-65535> matchnext-hop


match protocol<WORD/0-40>

If configured, matches the protocol through whichthe route is learned.

• WORD/0-40 is any|xxx, where xxx is local,OSPF, External BGP (EBGP), Internal BGP(IBGP), RIP, Distance Vector Multicast RoutingProtocol (DVMRP), static, or any combination,in a string length 0 to 40.

Use the no operator to disable match protocol:no route-map <WORD/1-64> <1-65535> matchprotocol


match route-source<WORD/0-1027>

If configured, matches the next-hop IP address forRIP routes and advertising router IDs for OSPFroutes against the contents of the specified prefixlist. This option is ignored for all other route types.


Use the no operator to disable match route source:no route-map <WORD/1-64> <1-65535> matchroute-source



NN46205-523 02.02 9 December 2009


.


Variable Value

match-route-type{any|local|internal|external|external-1|external-2}

Sets a specific route type to match (applies only toOSPF routes).

• any|local|internal|external|external-1|external-2 specifies OSPFroutes of the specified type only (External-1 orExternal-2). Any other value is ignored.


match tag <WORD/0-256>

Specifies a list of tags used during the matchcriteria process. Contains one or more tag values.

• WORD/0-256 is a value from 0 to 256.


match [vrf<WORD/0-32>] [vrfids<0-255>]

Sets a specific VRF to match (applies only toOSPF routes).

name <WORD/1-64> Renames a policy and changes the name field forall sequence numbers under the given policy.

<permit|deny> Specifies the action to take when a permit or denypolicy is selected for a specific route. Permit allowsthe route, deny ignores the route.

set as-path<WORD/0-256>

If configured, the switch adds the AS number of theAS-list to the BGP routes that match this policy.

• WORD/0-256 specifies the list ID of up to fourdefined AS-lists separated by a comma.

Use the no operator to delete the AS number:no route-map <WORD/1-64> <1-65535> setas-path



NN46205-523 02.02 9 December 2009


.


Variable Value

set as-path-mode<tag|prepend>

Sets the AS path mode.Prepend is the default configuration. The switchprepends the AS number of the AS-list specified inset-as-path to the old as-path attribute of the BGProutes that match this policy.

Use the no operator to delete the AS number:no route-map <WORD/1-64> <1-65535> setas-path-mode


set automatic-tagenable

Sets the tag automatically. Used for BGP routesonly.Use the no operator to disable the tag:no route-map <WORD/1-64> <1-65535> setautomatic-tag enable


set community<WORD/0-256>

If configured, the switch adds the communitynumber of the community list to the BGP routesthat match this policy.

• WORD/0-256 specifies the list ID of up to fourdefined community lists separated by a comma.

Use the no operator to delete the communitynumber:no route-map <WORD/1-64> <1-65535> setcommunity


set community-mode<unchanged|additive|none>

Sets the community mode.

• additive—the switch prepends thecommunity number of the communitylist specified in set-community to the oldcommunity path attribute of the BGP routes thatmatch this policy.

• none—the switch removes the communitypath attribute of the BGP routes that match thispolicy to the specified value.


NN46205-523 02.02 9 December 2009


.


Variable Value


set injectlist<WORD/0-1027>

If configured, the switch replaces the destinationnetwork of the route that matches this policy withthe contents of the specified prefix list.

• WORD/0-1027 specifies one prefix list byname.

Use the no operator to disable set injectlist:no route-map <WORD/1-64> <1-65535> setinjectlist


set ip preference<0-255>

Setting the preference to a value greater than 0specifies the route preference value to assign tothe routes that match this policy. This applies toaccept policies only.

• 0-255 is the range you can assign to theroutes. The default is 0. If the default isconfigured, the global preference value is used.


set local-preference<0-65535>

A value used during the route decision process inthe BGP protocol. Applicable to BGP only.To set this option to the default value, use thedefault operator with this command.

set mask <A.B.C.D> If configured, sets the mask of the route thatmatches this policy. This applies only to RIPaccept policies.

• A.B.C.D is a valid contiguous IP mask.

Use the no operator to disable set mask:no route-map <WORD/1-64> <1-65535> setmask



NN46205-523 02.02 9 December 2009


.


Variable Value

set metric <0-65535> If configured, sets the metric value for the routewhile announcing a redistribution. The default is 0.If the default is configured, the original cost of theroute is advertised into OSPF; for RIP, the originalcost of the route or default-import-metric is used.To set this option to the default value, use thedefault operator with this command.

set metric-type{type1|type2}

If configured, sets the metric type for the routes toannounce into the OSPF domain that matches thispolicy. The default is type 2. This field is applicableonly for OSPF announce policies.To set this option to the default value, use thedefault operator with this command.

set next-hop<A.B.C.D>

Specifies the IP address of the next-hop router.Ignored for Distance Vector Multicast RoutingProtocol (DVMRP) routes.Use the no operator to disable set next-hop:no route-map <WORD/1-64> <1-65535> setnext-hop


set nssa-pbit enable Sets the not so stubby area (NSSA) translation Pbit. Applicable to OSPF announce policies only.Use the no operator to disable set nssa-pbit:no route-map <WORD/1-64> <1-65535> setnssa-pbit enable


set origin {igp|egp|incomplete}

If configured, the switch changes the origin pathattribute of the BGP routes that match this policy tothe specified value.To set this option to the default value, use thedefault operator with this command.

set origin-egp-as<0-65535>

Indicates the remote autonomous system number.Applicable to BGP only.To set this option to the default value, use thedefault operator with this command.


NN46205-523 02.02 9 December 2009


.


Variable Value

set tag <0-65535> Sets the tag of the destination routing protocol. Ifnot specified, the switch forwards the tag value inthe source routing protocol. A value of 0 indicatesthat this parameter is not set.To set this option to the default value, use thedefault operator with this command.

set weight <0-65535> The weight value for the routing table. ForBGP, this value overrides the weight configuredthrough NetworkTableEntry, FilterListWeight, orNeighborWeight. Used for BGP only. A value of 0indicates that this parameter is not set.To set this option to the default value, use thedefault operator with this command.

<WORD/1-64><1-65535>

Creates a route policy with a policy name and asequence number.

• WORD/1-64 is the policy name.

• 1-65535 is the sequence number.

When you create a route policy in the NNCLI, theID is internally generated using an automatedalgorithm. When you create a route policy inDevice Manager, you can manually assign the IDnumber.

Use the no operator to delete the route policy:no route-map <WORD/1-64> <1-65535>


Job aidThe following table shows the field descriptions for the show route-map[<WORD/1-64>] [<1-65535> [vrf <WORD/0-32>] [vrfids<0-255>]command.

Table 45show route-map command


NAME Indicates the name of the route policy.

SEQ Indicates the second index used to identify a specific policywithin the route policy group (grouped by ID). Use this field tospecify different match and set parameters and an action.


NN46205-523 02.02 9 December 2009


.


Table 45show route-map command (cont’d.)


MODE Indicates the action to take when this policy is selected for aspecific route. Options are permit, deny, or continue. Permitindicates to allow the route. Deny indicates to ignore the route.Continue means continue checking the next match criteria setin the next policy sequence; if none, take the default action inthe given context.

EN Indicates whether this policy is enabled. If disabled, the policyis not used.

Configuring a policy to accept external routes from a routerUse this procedure to configure a policy to accept external routes from aspecified advertising router.

Prerequisites

• Access Router OSPF Configuration Mode.

Procedure steps

Step Action

1 Create a policy to accept external routes from a specifiedadvertising route by using the following command:accept adv-rtr <A.B.C.D>

Use the no operator to delete an OSPF accept entry:no accept adv-rtr <A.B.C.D>


2 Switch to privileged EXEC mode.

3 Apply the OSPF accept policy change by using the followingcommand:ip ospf apply accept adv-rtr <A.B.C.D>

4 Confirm your configuration by using the following command:show ip ospf accept

--End--

Variable definitionsUse the data in the following table to use the accept adv-rtr<A.B.C.D> command.


NN46205-523 02.02 9 December 2009


.

Applying OSPF accept policy changes 375

Variable Value

enable Enables an OSPF accept entry for a specifiedadvertising router.Use the no operator to disable an OSPF acceptentry:no accept adv-rtr <A.B.C.D> enable


metric-type{type1|type2|any}

Indicates the OSPF external type. This parameterdescribes which types of OSPF external routes matchthis entry.

• any means match all external routes.



Use the no operator to disable metric-type:no ip ospf accept adv-rtr <A.B.C.D>metric-type


route-policy<WORD>

Specifies the name of the route policy to use forfiltering external routes advertised by the specifiedadvertising router before accepting into the routingtable.To set this option to the default value, use thedefault operator with this command.

Applying OSPF accept policy changesApply OSPF accept policy changes to allow the configuration changesin the policy to take effect in an OSPF Accept context (and to preventthe switch from attempting to apply the changes one by one after eachconfiguration change).

ATTENTIONChanging OSPF Accept contexts is a process-oriented operation that canaffect system performance and network accessibility while you perform theprocedures. If you want to change the default preferences for an OSPF Acceptor a prefix-list configuration (as opposed to the default preference), Nortelrecommends that you do so before enabling the protocols.

Prerequisites



NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 Apply an OSPF accept policy change by using the followingcommand:ip ospf apply accept [vrf <WORD/0-32>]

2 Display information about the configured OSPF entries by usingthe following command:show ip ospf accept [vrf <WORD/0-32>] [vrfids<0-255>]

--End--

Variable definitionsUse the data in the following table to use the ip ospf apply acceptadv-rtr [vrf <WORD/0-32>] command.

Variable Value

apply Commits entered changes. Issue this commandafter modifying any policy configuration that affectsan OSPF accept policy.


[vrfids <0-255>] The ID of the VRF. The value is an integerbetween 0 and 255.

Job aidThe following table shows the field descriptions for theshow ip ospfaccept command.

Table 46show ip ospf accept info command


ADV_RTR Indicates the router advancing the packets.

MET_TYPE Indicates the metric type for the routes to import into OSPFrouting protocol, which passed the matching criteria configuredin this route policy. Options include any, local, internal,external, externaltype1, and externaltype2.

ENABLE Indicates if the policy is enabled.

POLICY Indicates the type of policy.


NN46205-523 02.02 9 December 2009


.

Configuring inter-VRF redistribution policies 377

Configuring inter-VRF redistribution policiesConfigure redistribution entries to allow a protocol to announce routes of acertain source type, for example, static, RIP, or direct.

Prerequisites

• The routing protocols are globally enabled.

• A route policy is configured, if required.

• The VRFs exist.

• You must be in Router VRF Configuration Mode to complete thisprocedure.

Procedure steps

Step Action

1 Create the redistribution instance:

ip <rip|ospf|bgp> redistribute <ospf|bgp|static|direct|rip>

2 Apply a route policy if required:

ip <rip|ospf|bgp> redistribute <ospf|bgp|static|direct|rip> route-policy <WORD 0-64> [vrf-src <WORD 0-16>]

3 Use the following variable definitions table to configure otherparameters as required.

4 Enable the redistribution.

ip <rip|ospf|bgp> redistribute <ospf|bgp|static|direct|rip> enable [vrf-src <WORD 0-16>]

5 Ensure that the configuration is correct:

show ip <rip|ospf|bgp> redistribute [vrf <WORD 0-16>][vrfids <0-255>]

6 Apply the redistribution.

ip <rip|ospf|bgp> apply redistribute <ospf|bgp|static|direct|rip> [vrf <WORD 0-16>] [vrf-src <WORD 0-16>]

--End--

Variable definitionsUse the data in the following table to use the redistribution commands.


NN46205-523 02.02 9 December 2009


.


Variable Value

<ospf|bgp|static|direct|rip>

Specifies the type of routes to redistribute—theprotocol source.

vrf <WORD 0-16> Specifies the VRF instance.

vrfids <0-255> Specifies a list of VRF IDs.

vrf-src <WORD 0-16> Specifies the source VRF instance. This parameteris not required for redistribution within the sameVRF.

Use the data in the following table to help you use the ip<bgp|ospf|rip> redistribute <ospf|bgp|static|direct|rip>command.

Variable Value

apply [vrf-src<vrf-name>]

Applies the redistribution configuration.

enable [vrf-src<vrf-name>]

Enables the OSPF route redistribution instance.

metric <metric-value> [vrf-src<vrf-name>]

Configures the metric to apply to redistributedroutes.

metric-type <type1|type2> [vrf-src<vrf-name>]

Specifies a type 1 or a type 2 metric. For metric type1, the cost of the external routes is equal to the sumof all internal costs and the external cost. For metrictype 2, the cost of the external routes is equal to theexternal cost alone.

route-policy <policy-name> [vrf-src<vrf-name>]

Configures the route policy to apply to redistributedroutes.

subnets <allow|suppress> [vrf-src<vrf-name>]

Allows or suppresses external subnet routeadvertisements when routes are redistributed into anOSPF domain.


NN46205-523 02.02 9 December 2009


.

379.

RSMLT configuration using DeviceManager

Routed Split MultiLink Trunking (RSMLT) forwards packets in the event ofcore router failures, thus eliminating dropped packets during the routingprotocol convergence.

For more information about RSMLT concepts and terminology, see “IProuting operations fundamentals” (page 21).

Select a topic:

• “Configuring RSMLT on a VLAN” (page 379)

• “Viewing and editing RSMLT local information” (page 380)

• “Viewing and editing RSMLT peer information” (page 381)

• “Viewing RSMLT-edge” (page 383)

Navigation• “Configuring RSMLT on a VLAN” (page 379)

• “Viewing and editing RSMLT local information” (page 380)

• “Viewing and editing RSMLT peer information” (page 381)

• “Viewing RSMLT-edge” (page 383)

Configuring RSMLT on a VLANYou can configure RSMLT on each IP VLAN interface.

Prerequisites

• IP routing protocol on VLAN Layer 3 interfaces is enabled.

• VLANs with Layer 3 interfaces participate in Split MultiLink Trunking(SMLT).


NN46205-523 02.02 9 December 2009


.

380 RSMLT configuration using Device Manager

Procedure steps

Step Action


2 On the VLANs Basic tab, select a VLAN.

3 Click IP.

4 Click the RSMLT tab.

5 Select Enable.

6 In the HoldDownTimer box, enter a hold-down timer value.

7 In the HoldUpTimer box, enter a hold-up timer value.

8 Click Apply.

--End--

IP VLAN RSMLT fieldsVariable definitions

Use the data in the following table to use the IP VLAN RSMLT fields.

Variable Value

Enable Enables RSMLT.

HoldDownTimer Defines how long the recovering or rebootingswitch remains in a non-Layer 3 forwarding modefor the peer router MAC address.

The range of this value is from 0 to 3600seconds.

HoldUpTimer Defines how long the RSMLT switch maintainsforwarding for its peer. The value is a range from0 to 3600 seconds or 9999. 9999 means infinity.

Viewing and editing RSMLT local informationUse the following procedure to view and edit RSMLT local VLAN switchinformation.

Procedure steps

Step Action

1 From the Device Manager menu bar, choose IP, RSMLT.


NN46205-523 02.02 9 December 2009


.

Viewing and editing RSMLT peer information 381

2 Click the Local tab.


4 Click Apply.

--End--

For more information, see “RSMLT Local tab fields” (page 381).

RSMLT Local tab fieldsVariable definitions

Use the data in the following table to use the RSMLT Local tab fields.

Variable Value

IfIndex The IP route SMLT operation index.

VlanId The VLAN ID of the chosen VLAN.

IpAddr The IP address of the VLAN when RSMLT is enabled.

MacAddr The MAC address of the selected VLAN.

Enable Displays the RSMLT operating status as enabled or disabled.

OperStatus Displays the RSMLT operating status as either up or down.

HoldDownTimer

Defines how long the recovering/rebooting switch remains in anon-Layer 3 forwarding mode for the peer router MAC address.

The range of this value is from 0 to 3600 seconds.

HoldUpTimer Defines how long the RSMLT switch maintains forwarding forits peer. The value is a range from 0 to 3600 seconds or 9999.9999 means infinity.

SmltId The ID range for the SMLT. A valid range is 1 to 32.

SltId The ID range for the SMLT. A valid range is 1 to 512.

VrfId Identifies the VRF.

VrfName Indicates the VRF name.

Viewing and editing RSMLT peer informationUse this procedure to view and edit RSMLT peer switch information.

Procedure steps

Step Action


2 Click the Peer tab.


NN46205-523 02.02 9 December 2009


.



4 Click Refresh.

--End--

For more information, see “RSMLT Peer tab fields” (page 382).

RSMLT Peer tab fieldsVariable definitions

The following table describes the RSMLT Peer tab fields.

Variable Value

IfIndex The IP route SMLT operation index.


IpAddr The IP address of the VLAN when RSMLT is enabled.

MacAddr The MAC address of the selected VLAN.

Enable Displays the RSMLT operating status as enabled ordisabled.

OperStatus Displays the RSMLT operating status as either up ordown.

HoldDownTimer Defines how long the recovering/rebooting switchremains in a non-Layer 3 forwarding mode for the peerrouter MAC address.

The range of this value is from 0 to 3600 seconds.

HoldUpTimer Defines how long the RSMLT switch maintainsforwarding for its peer.

The value is a range from 0 to 3600 seconds or 9999.9999 means infinity.


Displays the time remaining of the HoldDownTimer.

HoldUpTimeRemaining

Displays the time remaining of the HoldUpTimer.

SmltId The ID range for the Split MultiLink Trunk. A validrange is 1 to 32.

SltId The ID range for the Split MultiLink Trunk. A validrange is 1 to 512.

VrfId Identifies the VRF.

VrfName Indicates the VRF name.


NN46205-523 02.02 9 December 2009


.

Viewing RSMLT-edge 383

Enabling RSMLT-edgeEnable RSMLT-edge to store the RSMLT peer MAC/IP address-pair in itslocal configuration file and restore the configuration if the peer does notrestore after a simultaneous reboot of both RSMLT peer switches.

Procedure steps

Step Action


2 Click the Globals tab.

3 Select the EdgeSupportEnable option box.

4 Click Apply.

--End--

Viewing RSMLT-edgeView RSMLT-edge to verify the RSMLT peer MAC/IP address-pair in itslocal config file and restore the configuration if the peer does not restoreafter a simultaneous reboot of booth RSMLT-peer switches.

Procedure steps

Step Action


2 Click the Edge Peers tab.

--End--

For more information, see “Job aid” (page 383).

Job aidUse the data in the following table to use the RSMLT Peer tab fields.



PeerIpAddress The peer IP address.

PeerMacAddress The peer MAC address.

PeerVrfId Identifies the Peer VRF.

PeerVrfName The Peer VRF name.


NN46205-523 02.02 9 December 2009


.



NN46205-523 02.02 9 December 2009


.

385.

RSMLT configuration using the CLIRouted Split MultiLink Trunking (RSMLT) forwards packets in the event ofcore router failures, thus eliminating dropped packets during the routingprotocol convergence.


RSMLT configuration proceduresThis task flow shows you the sequence of procedures you perform toconfigure RSMLT.

RSMLT configuration navigation

• “Job aid” (page 385)


• “Showing IP RSMLT information” (page 387)

• “Configuring RSMLT-edge” (page 388)


Table 47Roadmap of VLAN IP commands

Command Parameter

config vlan <vid> ip rsmlt info

disable

enable


holdup-timer <seconds>

show ip rsmlt info [<local|peer>]


NN46205-523 02.02 9 December 2009


.

386 RSMLT configuration using the CLI

Table 47Roadmap of VLAN IP commands (cont’d.)

Command Parameter

config ip rsmlt rsmlt-edge-support <enable|disable>

config ip rsmlt clear-rsmlt-peer<vlanId>

<vlanId>

config ip rsmlt info

Job aidThe following table lists the VRF Lite RSMLT commands and parametersthat you use to perform the procedures in this section.

Table 48Roadmap of VRF Lite RSMLT commands

Command Parameter

config vlan <vid> ip rsmlt info

disable

enable


holdup-timer <seconds>


You configure RIP on a VRF the same way you configure the GlobalRouter, except that you must replace config vlan <vid> ip rsmlt withconfig vlan <vid> vrf <vrfName> ip rsmlt.

Prerequisites

• The IP routing protocol must be enabled on VLAN Layer 3 interfaces.

• VLANs with Layer 3 interfaces must also participate in Split MultiLinkTrunking (SMLT).


Step Action

1 Create an RSMLT on a VLAN by using the following command:config vlan <vid> ip rsmlt


NN46205-523 02.02 9 December 2009


.

Showing IP RSMLT information 387

2 Confirm your configuration by using the following command:config vlan <vid> ip rsmlt info

--End--

Variable definitionsUse the data in the following table to use the config vlan ip rsmlt andconfig vlan <vid> vrf <vrfName> ip rsmlt commands.

Variable Value

disable Disables RSMLT on the VLAN.

enable Enables RSMLT on the VLAN.

holddown-timer <seconds> Defines how long the recovering/rebooting switch remains in a non-Layer3 forwarding mode for the peer routerMAC address.

• seconds is the timer value inseconds. The range of the value isfrom 0 to 3600 seconds.

holdup-timer <seconds> Defines how long the RSMLT switchmaintains forwarding for its peer.

• seconds is the timer value inseconds. The value is a range from0 to 3600 seconds or 9999. 9999means infinity.

info Displays the RSMLT local and peerinformation.

vid The VLAN ID in the range of 1 to4094.

Showing IP RSMLT informationShow RSMLT information to view data for all RSMLT interfaces. If youenter a VLAN ID or an IP address, the information is displayed only forthat VID or for that interface.

Procedure steps

Step Action

1 Display RSMLT information about the interface by using thefollowing command:


NN46205-523 02.02 9 December 2009


.


show ip rsmlt info [<local|peer>] [vrf <value>][vrifids <value>]

--End--

Variable definitionsUse the data in the following table to use the show ip rsmlt info[<local|peer>] [vrf <value>] [vrifids <value>] command.

Variable Value

[<local|peer>] Specifies the local or peer switch.

[vrf <value>] Specifies the VRF name.

[vrifids <value>] Specifies the VRF ID range.

Job aidThe following table shows the field descriptions for the show ip rsmltinfo command.

Table 49show ip rsmlt info command



IP Indicates the IP address of the router.

MAC Indicates the MAC address assigned.

ADMIN Indicates the administrative status of RSMLT on the router.

OPER Indicates the operational status of RSMLT on the router.

HDTMR Indicates the hold-down timer value in the range of 0 to 3600seconds.

HUTMR Indicates the range of the hold-up timer in the range of 0 to3600 seconds or 9999. 9999 means infinity.

HDT REMAIN Indicates the time remaining of the hold-down timer.

HUT REMAIN Indicates the time remaining of the hold-up timer.

SMLT ID Indicates the Split MultiLink Trunk ID.

SLT ID Indicates the SLT ID.

Configuring RSMLT-edgeConfigure RSMLT-edge to store the RSMLT peer MAC/IP address pairin its local configuration file and restore the configuration if the peer doesnot restore after a simultaneous reboot of both RSMLT peer switches. Ifenabled, all peer MAC/IP information for all RSMLT-enabled VLANs savedduring next the save configuration command.


NN46205-523 02.02 9 December 2009


.


Procedure steps

Step Action

1 Enable or disable RSMLT-edge by using the following command:config ip rsmlt rsmlt-edge-support <enable|disable>

2 Clear the peer MAC/IP information for the VLAN by using thefollowing command:config ip rsmlt clear-rsmlt-peer <vlanId>

3 Display RSMLT configuration and status information by using thefollowing command:config ip rsmlt info

--End--

Variable definitionsUse the data in the following table to use the config ip rsmltrsmlt-edge-support command.

Variable Value

disable Disables RSMLT peer forwarding.

enable Enables RSMLT peer forwarding.


NN46205-523 02.02 9 December 2009


.



NN46205-523 02.02 9 December 2009


.

391.

RSMLT configuration using the NNCLIRouted Split MultiLink Trunking (RSMLT) forwards packets in the event ofcore router failures, thus eliminating dropped packets during the routingprotocol convergence.


RSMLT configuration proceduresThis task flow shows you the sequence of procedures you perform toconfigure RSMLT.

RSMLT navigation

• “Job aid” (page 391)


• “Showing IP RSMLT information” (page 393)

• “Configuring RSMLT-edge” (page 394)


Table 50Roadmap of VLAN IP commands

Command Parameter

Global Configuration Mode

ip rsmlt holddown-timer <0-3600>

holdup-timer <0-9999>

show ip rsmlt [<local|peer>]

ip rsmlt edge-support show ip vlan id



NN46205-523 02.02 9 December 2009


.

392 RSMLT configuration using the NNCLI

Table 50Roadmap of VLAN IP commands (cont’d.)

Command Parameter

show ip rsmlt [<local|peer>]

ip rsmlt edge-support show ip vlan id


Prerequisites

• Access VLAN Interface Configuration Mode.

• The IP routing protocol must be enabled on VLAN Layer 3 interfaces.

• VLANs with Layer 3 interfaces must also participate in Split MultiLinkTrunking (SMLT).

Procedure steps

Step Action

1 Enable RSMLT on a VLAN by using the following command:ip rsmlt

Use the no operator to disable RSMLT:no ip rsmlt

To set this value to the default value, use the default operatorwith this command.

--End--

Variable definitionsUse the data in the following table to use the ip rsmlt command.


NN46205-523 02.02 9 December 2009


.

Showing IP RSMLT information 393

Variable Value

holddown-timer <0-3600> Defines how long the RSMLT switch does notparticipate in Layer 3 forwarding.

• 0-3600 is the timer value in seconds.

To set this value to the default value, use thedefault operator with this command.

Nortel recommends that you configure thisvalue to be longer than the anticipated routingprotocol convergence.

holdup-timer <0-9999> Defines how long the RSMLT switch maintainsforwarding for its peer.

• 0-9999 is the timer value in seconds. 9999means infinity.

To set this value to the default value, use thedefault operator with this command.

<local|peer> Indicates a configuration for a local or peerdevice.

Showing IP RSMLT informationShow IP RSMLT information to view data about all RSMLT interfaces. Ifyou enter a VLAN ID or an IP address, the information is displayed only forthat VID or for that interface.

Prerequisites

• Access privExec Configuration Mode, Global Configuration Mode, orVRF Router Configuration Mode.

Procedure steps

Step Action

1 Display RSMLT information about the interface by using thefollowing command:show ip rsmlt [<local|peer>] [vrf <value>] [vrfids<value>]

--End--


NN46205-523 02.02 9 December 2009


.


Variable definitionsUse the information in the following command to complete the show iprsmlt command.


Variable Value

[<local|peer>]

Specifies values for the local or peer switch.

[vrf <value>]

Displays IP routing for a VRF.

[vrfids<value>]

Displays IP routing for a range of VRFs.

Job aidThe following table shows the field descriptions for theshow ip rsmlt[<local|peer>]command.




IP Indicates the IP address of the router.

MAC Indicates the MAC address assigned.

ADMIN Indicates the administrative status of RSMLT on the router.

OPER Indicates the operational status of RSMLT on the router.

HDTMR Indicates the hold-down timer value in the range of 0 to 3600seconds.

HUTMR Indicates the hold-up timer value in the range of 0 to 3600seconds or 9999. 9999 means infinity.

HDT REMAIN Indicates the time remaining of the hold-down timer.

HUT REMAIN Indicates the time remaining of the hold-up timer.

SMLT ID Indicates the Split MultiLink Trunk ID.

SLT ID Indicates the SLT ID.

Configuring RSMLT-edgeConfigure RSMLT-edge to store the RSMLT peer MAC/IP address-pair inits local config file and restore the configuration if the peer does not restoreafter a simultaneous reboot of both RSMLT-peer switches. If enabled, allpeer MAC/IP information for all RSMLT-enabled VLANs are saved duringnext the save config command.


NN46205-523 02.02 9 December 2009


.


Prerequisites

• Access Global configuration mode or VRF Router configuration mode.

Procedure steps

Step Action

1 Enable RSMLT-edge by using the following command:ip rsmlt edge-support

Use the no operator to disable RSMLT-edge:no ip rsmlt edge-support

2 Clear RSMLT peer information and delete the RSMLT peeraddress by using the following command:no ip rsmlt peer-address <vlan ID>

3 Display RSMLT-edge status information by using the followingcommand:show ip rsmlt edge-support

--End--

Variable definitionsUse the data in the following table to use the no ip rsmltpeer-address command.

Variable Value

vlan ID The ID of the VLAN in the range of 0 to 4094.


NN46205-523 02.02 9 December 2009


.



NN46205-523 02.02 9 December 2009


.

397.

Bidirectional Forwarding Detectionconfiguration using Device Manager

Use Bidirectional Forwarding Detection (BFD) to help speed convergencetime and to provide connectivity detection with a minimum of overhead.

ATTENTIONThe Ethernet Routing Switch 8600 supports BFD only in Ethernet RoutingSwitch 8600 Releases 4.1.5.9 and 5.1. But the material in this section onlyapplies to Release 5.1. Release 4.1.5.9 is a special release for use only withCarrier VoIP solutions, including Succession Communication Server 2000.

Navigation• “Enabling BFD globally” (page 397)

• “Viewing global BFD session parameters” (page 398)

• “Configuring BFD on a brouter port” (page 399)

• “Configuring BFD on a VLAN” (page 400)

• “Enabling BFD on a static route” (page 402)

• “Viewing BFD statistics” (page 403)

Enabling BFD globallyEnable BFD so that it runs on the Ethernet Routing Switch 8600.

Procedure steps

Step Action

1 From the Device Manager menu bar, choose IP,BFD.

2 In AdminStatus, select enabled.

3 Select TrapEnable for the switch to send Simple NetworkManagement Protocol (SNMP) traps for BFD.


NN46205-523 02.02 9 December 2009


.

398 Bidirectional Forwarding Detection configuration using Device Manager

4 Click Apply.

--End--

For more information, see “BFD tab fields” (page 398).

BFD tab fieldsVariable definitions

The following table describes the BFD tab fields.

Variable Value

AdminStatus Enables or disables BFD globally.

VersionNumber Specifies the version of the BFDprotocol in use.

TrapEnable Enables the switch to sendBFD-related SNMP traps.

Viewing global BFD session parametersYou can view information about BFD operations on your switch.

Procedure steps

Step Action

1 From the Device Manager menu bar, choose IP, BFD and thenclick theSession tab.

--End--

For more information, see “Session tab fields” (page 398).

Session tab fieldsVariable definitions

The following table describes the Session tab.

Variable Value

Discriminator Specifies a unique, nonzerodiscriminator value used to demultiplexmultiple BFD sessions between thesame pair of systems.


NN46205-523 02.02 9 December 2009


.

Configuring BFD on a brouter port 399

Variable Value

RemoteDiscr Specifies the discriminator receivedfrom the remote system. This is thereceived value of Discriminator or zeroif it is unknown.

Addr Specifies the IP address of the peerBFD system.

State Shows the state of the BFD session:• 0 (AdminDown)

• 1 (Down)

• 2 (Init)

• 3 (Up)

DetectMult Specifies the detection timemultiplier for asynchronous mode.The negotiated transmit interval,multiplied by this multiplier, providesthe detection time for the transmittingsystem.The range is 1 to 20.

DesiredMinTxInterval Specifies the minimum interval that thelocal switch would like to use when ittransmits BFD Control packets. Zerois reserved.The range is 100 to 65535milliseconds, with a default of 200.

ReqMinRxInterval Specifies the minimum requiredinterval that the switch supportsbetween received BFD Controlpackets. If configured to zero, thetransmitting switch does not want theremote system to send periodic BFDControl packets.The range is 100 to 65535milliseconds, with a default of 200.

Configuring BFD on a brouter portConfigure BFD so that it runs optimally on the brouter port.

Procedure steps

Step Action

1 From the Device Manager menu bar, choose a port, and thenchoose Edit, Port, IP - GlobalRouter (vrf 0).


NN46205-523 02.02 9 December 2009


.


2 Click the BFD tab.

3 Enable BFD by selecting enable.

4 Configure the MinRxInterval, TxInterval, Multiplier, andHoldOffInterval parameters as required.

5 Click Apply.

--End--

For more information, see “BFD tab fields” (page 400).



Variable Value

Enable Enables or disables BFD on theinterface.

MinRxInterval Specifies the minimum requiredinterval that the switch supportsbetween received BFD Controlpackets.The range is 100 to 65535milliseconds, with a default of 200.

TxInterval Specifies the minimum interval that thelocal switch would like to use when ittransmits BFD Control packets.The range is 100 to 65535milliseconds, with a default of 200.

Multiplier Specifies the detection timemultiplier for asynchronous mode.The negotiated transmit interval,multiplied by this multiplier, providesthe detection time for the transmittingsystem.The range is 2 to 20. The default is 3.

HoldOffInterval Specifies the hold off timer intervalfrom 0 to 65535 seconds. 0 meansthat the hold off timer is disabled.

Configuring BFD on a VLANConfigure BFD so that it runs optimally on the VLAN.


NN46205-523 02.02 9 December 2009


.

Configuring BFD on a VLAN 401

Procedure steps

Step Action

1 From the Device Manager menu bar, choose VLAN,VLANs -GlobalRouter (vrf 0).

2 Select a VLAN, and then click IP - GlobalRouter (vrf 0).


4 Enable BFD by selecting enable.

5 Configure the MinRxInterval,TxInterval, Multiplier, andHoldOffInterval parameters as required.

6 Click Apply.

--End--

For more information, see, “BFD tab fields” (page 401).



Variable Value

Enable Enables or disables BFD on the interface.

MinRxInterval Specifies the minimum required interval that theswitch supports between received BFD Controlpackets.The range is 100 to 65535 milliseconds, with adefault of 200.

TxInterval Specifies the minimum interval that the localswitch would like to use when it transmits BFDControl packets.The range is 100 to 65535 milliseconds, with adefault of 200.

Multiplier Specifies the detection time multiplier forasynchronous mode. The negotiated transmitinterval, multiplied by this multiplier, provides thedetection time for the transmitting system.The range is 2 to 20. The default is 3.

HoldOffInterval Specifies the hold off timer interval from 0 to65535 seconds. Zero means that the hold offtimer is disabled.


NN46205-523 02.02 9 December 2009


.


Enabling BFD on an OSPF interfaceEnable BFD so that it runs on an OSPF interface.

Procedure steps

Step Action

1 To enable BFD on an OSPF interface, select a port, then chooseEdit , Port, IP - GlobalRouter (vrf 0).

2 Click the OSPF tab.

3 Click the Enable tab.


5 Select enable.

6 To enable BFD on a port, select a port, and then chooseEdit,Port, IP.


8 Select enable.

9 To enable BFD on a BGP peer, choose IP, BGP.

10 Click the Peers tab.

11 Configure BfdEnable for the required peer.

--End--

Enabling BFD on a static routeEnable BFD so that it runs on the interface.

Procedure steps

Step Action

1 To enable BFD on a static route, choose IP, IP - GlobalRouter(vrf 0).

2 Click the Static BFD tab.

3 Click the Insert tab.

The IP - GlobalRouter (vrf 0), Insert Static BFD window appears.

4 Enter the required static route next hop in theBfdNextHop field.

5 Click Insert.

--End--


NN46205-523 02.02 9 December 2009


.

Viewing BFD statistics 403

Viewing BFD statisticsPerform this procedure to view BFD statistics.

Procedure steps

Step Action

1 From the Device Manager menu bar, choose IP ,BFD.

2 Click the Statistics tab.

--End--

For more information, see, “Statistics tab fields” (page 403).

Statistics tab fieldsVariable definitions

The following table describes the BFD Statistics tab fields.

Variable Value

Discriminator Specifies the local discriminator forthis BFD session, which is used touniquely identify it.

RemoteDiscr Specifies the session discriminatorchosen by the remote system for thisBFD session.

Addr Specifies the IP address of theinterface.

PerfPktIn Specifies the total number of BFDmessages received for this BFDsession.

PerfPktOut Specifies the total number of BFDmessages sent for this BFD session.


NN46205-523 02.02 9 December 2009


.



NN46205-523 02.02 9 December 2009


.

405.

Bidirectional Forwarding Detectionconfiguration using CLI


ATTENTIONThe Ethernet Routing Switch 8600 supports BFD only in Ethernet RoutingSwitch 8600 Releases 4.1.5.9 and 5.1. But the material in this section onlyapplies to Release 5.1. Release 4.1.5.9 is a special release for use only withCarrier VoIP solutions, including Succession Communication Server 2000.


• “Configuring BFD on a VLAN interface” (page 406)


• “Enabling BFD on an interface” (page 408)

• “Viewing BFD session and statistical information” (page 409)

Enabling BFD globallyEnable BFD so that it runs on the switch.

Procedure steps

Step Action

1 Enable the BFD globally by using the following command:

config ip bfd enable

2 Enable the BFD traps if required by using the followingcommand:


NN46205-523 02.02 9 December 2009


.

406 Bidirectional Forwarding Detection configuration using CLI

config ip bfd traps enable

--End--

Variables definitionsUse the data in the following table to help you use the config ip bfdcommand.

Variable Value

disable Disables BFD globally.

enable Enables BFD globally.

info Shows information about the BFD configuration.

traps <enable|disable> Enables Simple Network Management Protocol(SNMP) traps for BFD.

Configuring BFD on a VLAN interfaceConfigure BFD so that it runs optimally on the VLAN interface.

Procedure steps

Step Action

1 Enable BFD on the VLAN by using the following command:

config vlan <vlan-id> ip bfd enable

2 Configure the minimum receive interval by using the followingcommand:

config vlan <vlan-id> ip bfd rx-interval <milliseconds>

3 Configure the minimum transmit interval by using the followingcommand:

config vlan <vlan-id> ip bfd tx-interval <milliseconds>

4 Configure the multiplier by using the following command:

config vlan <vlan-id> ip bfd multiplier <value>

5 Configure the hold-off by using the following command:

config vlan <port> ip bfd hold-off <seconds>

--End--

Variable definitionsUse the data in the following table to help you use the config vlan<vlan-id> ip bfd command.


NN46205-523 02.02 9 December 2009


.


Variable Value

disable Disables BFD on the VLAN.

enable Enables BFD on the VLAN.

hold-off <seconds> Specifies the BFD hold off time interval, from 0 to65535 seconds. If set to 0, the hold-down timer isdisabled.


multiplier <value> Specifies the detection time multiplier for asynchronousmode. The negotiated transmit interval, multipliedby this multiplier, provides the detection time for thetransmitting system.The range is 2 to 20.

rx-interval <milliseconds> Specifies the minimum required interval that the switchsupports between received BFD Control packets.The range is 100 to 65535 milliseconds, with a defaultof 200.

tx-interval <milliseconds> Specifies the minimum interval that the local switchwould like to use when it transmits BFD Controlpackets.The range is 100 to 65535 milliseconds, with a defaultof 200.


Procedure steps

Step Action

1 Enable BFD on the port by using the following command:

config ethernet <port> ip bfd enable


config ethernet <port> ip bfd rx-interval <milliseconds>


config ethernet <port> ip bfd tx-interval <milliseconds>


config ethernet <port> ip bfd multiplier <value>



NN46205-523 02.02 9 December 2009


.


config ethernet <port> ip bfd hold-off <seconds>

--End--

Variable definitionsUse the data in the following table to help you use the config ethernet<port> ip bfd command.

Variable Value

disable Disables BFD on the interface.

enable Enables BFD on the interface.

hold-off <seconds> Specifies BFD hold-off interval in the range of0 to 65535.


multiplier <value> Specifies the detection time multiplier forasynchronous mode. The negotiated transmitinterval, multiplied by this multiplier, provides thedetection time for the transmitting system.The range is 2 to 20.

rx-interval <milliseconds> Specifies the minimum required interval that theswitch supports between received BFD Controlpackets.The range is 100 to 65535 milliseconds, with adefault of 200.

tx-interval <milliseconds> Specifies the minimum interval that the localswitch would like to use when it transmits BFDControl packets.The range is 100 to 65535 milliseconds, with adefault of 200.

Enabling BFD on an interfaceEnable BFD so that it runs on the interface.

Procedure steps

Step Action

1 Enable BFD on an OSPF interface by using the followingcommand:

config ip ospf interface <ip-addr> bfd <enable|disable>

2 Enable BFD on a BGP peer by using the following command:

config ip bgp neighbor <ip-addr> bfd <enable|disable>


NN46205-523 02.02 9 December 2009


.

Viewing BFD session and statistical information 409

3 Enable BFD on a static route by using the following command:

config ip static-route next-hop <ip-addr> bfd<enable|disable>

--End--

Viewing BFD session and statistical informationYou can view all active BFD sessions on the switch, as well as statisticalinformation.

Procedure steps

Step Action

1 View BFD session information by using the following command:

show ip bfd session info

show ip bfd session next-hop <NextHop>

2 View BFD statistics by using the following command:

show ip bfd stats

3 View BFD information by using the following command:

show ip bfd info

--End--


NN46205-523 02.02 9 December 2009


.



NN46205-523 02.02 9 December 2009


.

411.

Bidirectional Forwarding Detectionconfiguration using NNCLI


ATTENTIONThe Ethernet Routing Switch 8600 supports BFD only in Ethernet RoutingSwitch 8600 Releases 4.1.5.9. Therefore, the material in this section onlyapplies to these releases. Release 4.1.5.9 is a special release for use only withCarrier VoIP solutions, including Succession Communication Server 2000.


• “Configuring BFD on a VLAN interface” (page 412)


• “Enabling BFD on an interface” (page 415)

• “Viewing BFD session and statistical information” (page 415)

Enabling BFD globallyEnable BFD so that it runs on the switch.

Prerequisites

• You must log on to Router Configuration mode in NNCLI.

Procedure steps

Step Action

1 Enable the BFD globally by using the following command:

[no] router bfd enable

Use the no form of this command to disable.


NN46205-523 02.02 9 December 2009


.

412 Bidirectional Forwarding Detection configuration using NNCLI

2 Enable the BFD traps if required by using the followingcommand:

traps [enable|disable]

3 Reset the holdoff interval to default value using the followingcommand:

default holdoff-time

--End--

Variables definitionsUse the data in the following table to help you use the router bfdcommand.

Variable Value

enable Enables BFD globally.

traps [enable|disable] Enables Simple Network Management Protocol(SNMP) traps for BFD.

Configuring BFD on a VLAN interfaceConfigure BFD so that it runs optimally on the VLAN interface.

Prerequisites

• You must log on to VLAN configuration mode in NNCLI.

Procedure steps

Step Action

1 Enable BFD on the VLAN by using the following command:

ip bfd [vlan <1-4094>] enable



ip bfd [vlan <1-4094>] min_rx <100-65535>


ip bfd [vlan <1-4094>] interval <100-65535>


ip bfd [vlan <1-4094>] multiplier <1-20>

5 Configure the holdoff by using the following command:


NN46205-523 02.02 9 December 2009


.


ip vlan <vlan id> ip bfd hold-off <seconds>

--End--

Variable definitionsUse the data in the following table to help you use the ip bfd vlancommand.

Variable Value

enable Enables BFD on the VLAN.

holdoff-time <0-65535> Specifies the BFD hold off time interval, from 0 to65535 seconds. If set to 0, the hold-down timer isdisabled.

The default version of this command sets the timer tothe default value: 0.

interval <100-65535> Specifies the minimum interval that the local switchwould like to use when it transmits BFD Controlpackets.The range is 100 to 65535 milliseconds, with a defaultof 200.

multiplier <2-20> Specifies the detection time multiplier for asynchronousmode. The negotiated transmit interval, multipliedby this multiplier, provides the detection time for thetransmitting system.The range is 2 to 20.

min_rx <100-65535> Specifies the minimum required interval that the switchsupports between received BFD Control packets.The range is 100 to 65535 milliseconds, with a defaultof 200.


PrerequisitesYou must log on to Gigabit Ethernet Interface Configuration Mode in theNNCLI.

Procedure steps

Step Action

1 Enable BFD on the port by using the following command:

[no] ip bfd [port <portlist>] enable


NN46205-523 02.02 9 December 2009


.




ip bfd [port <portlist>] min_rx <100-65535>


ip bfd [port <portlist>] interval <100-65535>


ip bfd [port <portlist>] multiplier <1-20>


ip bfd [port <portlist>] hold-off <0-65535>

--End--

Variable definitionsUse the data in the following table to help you use the config ethernet<port> ip bfd command.

Variable Value

enable Enables BFD on the interface.

holdoff-time <0-65535> Specifies the BFD holdoff time interval, from 0to 65535 seconds. If set to 0, the hold-downtimer is disabled.

The default version of this command sets thetimer to the default value: 0.

interval <100-65535> Specifies the minimum interval that the localswitch would like to use when it transmits BFDControl packets.The range is 100 to 65535 milliseconds, with adefault of 200.

multiplier <2-20> Specifies the detection time multiplier forasynchronous mode. The negotiated transmitinterval, multiplied by this multiplier, provides thedetection time for the transmitting system.The range is 2 to 20.

min_rx <100-65535> Specifies the minimum required interval that theswitch supports between received BFD Controlpackets.The range is 100 to 65535 milliseconds, with adefault of 200.


NN46205-523 02.02 9 December 2009


.

Viewing BFD session and statistical information 415

Enabling BFD on an interfaceEnable BFD so that it runs on the interface.

Prerequisites

• You must log on to VLAN interface mode in NNCLI.

Procedure steps

Step Action

1 Enable BFD on an OSPF interface by using the followingcommand:

ip ospf bfd


Use the default form of this command to reset to default.

2 Enable BFD on a BGP peer by using the following command:

neighbor {<A.B.C.D> | <word/0-1536>} fall-over bfd



3 Enable BFD on a static route by using the following command:

ip route bfd <A.B.C.D>



--End--

Viewing BFD session and statistical informationYou can view all active BFD sessions on the switch, as well as statisticalinformation.

PrerequisitesProcedure steps

Step Action

1 View BFD session information by using the following command:

show ip bfd neighbors

show ip bfd neighbors next-hop <A.B.C.D>

2 View BFD statistics by using the following command:

show ip bfd stats


NN46205-523 02.02 9 December 2009


.


3 View BFD information by using the following command:

show ip bfd

--End--


NN46205-523 02.02 9 December 2009


.

417.

Customer serviceVisit the Nortel Web site to access the complete range of services andsupport that Nortel provides. Go to www.nortel.com, or go to one of thepages listed in the following sections.

Navigation• “Updated versions of documentation” (page 417)

• “Getting help” (page 417)

• “Express Routing Codes” (page 417)

• “Additional information” (page 418)

Updated versions of documentationYou can download and print the latest versions of Nortel Ethernet RoutingSwitch 8600 NTPs and Release Notes directly from the Internet atwww.nortel.com/documentation.

Getting helpIf you purchased a service contract for your Nortel product from adistributor or authorized reseller, contact the technical support staff for thatdistributor or reseller for assistance.

If you purchased a Nortel service program, you can get help bycontacting one of the Nortel Technical Solutions Centers foundat www.nortel.com/callus; or visit our Technical Support site atwww.nortel.com/support.

Express Routing CodesAn Express Routing Code (ERC) is available for many Nortel products andservices.

When you use an ERC, your call is routed to a technical support personwho specializes in supporting that particular product or service. To locatean ERC for a product or service, go to www.nortel.com/erc.


NN46205-523 02.02 9 December 2009


.

http://www.nortel.com

http://www.nortel.com/documentation

http://www.nortel.com/callus

http://www.nortel.com/support

http://www.nortel.com/erc

418 Customer service

Additional informationUse the information in the following table to access other areas of theNortel Web site.

For information about Contact

Contact Us www.nortel.com/contactus

Documentation feedback www.nortel.com/documentfeedback

Products (marketing) www.nortel.com/products

Partner Information Center (PIC) www.nortel.com/pic

Register www.nortel.com/register

Search www.nortel.com/search

Services www.nortel.com/services

Training www.nortel.com/training


NN46205-523 02.02 9 December 2009


.

http://www.nortel.com/contactus

http://www.nortel.com/documentfeedback

http://www.nortel.com/products

http://www.nortel.com/pic

http://www.nortel.com/register

http://www.nortel.com/search

http://www.nortel.com/services

http://www.nortel.com/training

419.

Index

AActiveVRFs 300Addr 87, 403Address field 329AdminDuplex 87AdminSpeed 87AdminStatus 87AdvAddress 101, 103, 341AdvertisementInterval field

Interface tab 257IP, VLAN, Insert VRRP dialog box 263Port, Insert VRRP dialog box 261

advertising interval, VRRP 271, 286AdvertisingRtr field 327AdvFlag 101, 103, 341AdvLifetime 101, 103, 341Age 83Agent Addr field 178AllowMoreSpecificNonLocalRouteEn-

able 94, 332alternate route 30alternative routes 130, 306

enabling globally using DeviceManager 92, 95, 331

enabling globally using the CLI 129enabling globally using the NNCLI 160

AlternativeEnable 93, 332AltSequence 82AlwaysBroadcast field 177ARP

address-resolution cache 41disabling on brouter ports 226enabling on brouter ports 226IP address 41MAC address 41managing 227proxy ARP 42

request 41table 41viewing 227

ARP commandsconfigure 237IP 238

ARP loop detection 43ARP tab

accessing 227fields 228

ARP table, adding static entry 239ARP table, displaying 240ARPLifeTime 93, 332AutoNegotiate 87

BBackUpMaster field 259

IP,VLAN, Insert VRRP dialog box 264Port, Insert VRRP dialog box 261

BackUpMastrState field 259BcastAddrFormat 89, 91, 334, 340BFD:

configuring port interface using theCLI 407, 413

configuring VLAN interface using theCLI 406, 412

enabling globally using the CLI 405, 411enabling on interfaces using the

CLI 408, 415viewing session and statistical

information using the CLI 409, 415black hole static routes 29BootP/DHCP 177BootP/DHCP relay

overview 176Bootstrap Protocol. See BootP. 176Broadcast Interface tab


NN46205-523 02.02 9 December 2009


.

420


brouter portbridging traffic 27description 27IP routing 27nonroutable traffic 26spanning tree state 27

BrouterPort 89, 91, 334, 340BrouterVrfId 299BrouterVrfName 299

CCLIP

enabling IP VPN on, using the CLI 143enabling OSPF on, using the CLI 143enabling PIM on, using the CLI 143

CLIP interfaceconfiguring using Device

Manager 106, 338configuring using the CLI 143configuring using the NNCLI 172enabling IP VPN on, using Device

Manager 106, 342enabling IP VPN using the NNCLI 172enabling OSPF on, using Device

Manager 107enabling OSPF on, using the NNCLI 172enabling PIM on, using Device

Manager 108, 343enabling PIM using the NNCLI 172

config ethernet ip dhcp-relaycommand 196

config ip arp command 238config ip ospf accept adv-rtr command 358config ip ospf accept apply command 359config ip prefix-list command 350, 363config ip udpfwd interface command 206config ip udpfwd portfwd command 204config ip udpfwd portfwdlist command 205config ip udpfwd protocol

command 203, 219config vlan ip dhcp-relay command 199config vlan ip proxy command 236ConfigNextAvailableVrfId 300configuration

Vrrp on a VLAN 261Configured 85, 338ConfiguredVRFs 300ContextName 297

Control fieldInterface tab 256IP, VLAN, Insert VRRP dialog box 263Port, Insert VRRP dialog box 260

CriticalIpAddr fieldIP, VLAN, Insert VRRP dialog box 264Port, Insert VRRP dialog box 261

CriticalIPAddr fieldInterface tab 257

CriticalIpAddrEnable field 264Interface tab 257Port, Insert VRRP dialog box 261

DDefault 85, 338default TTL 306DefaultTTL 93, 331Descr 87Dest 82, 97, 335DestAddr field 182DestPort field 182DHCP

parametersconfiguring 196displaying 201

DHCP dialog boxaccessing 178

DHCP relay commandsport 196show 194VLAN 199

DHCP tabaccessing 176

DHCP, configuring on a brouter port 176DHCP, Insert Globals dialog box

accessing 178Discriminator 403DoProxy field 226DoResp field 226DstVrfId 298Dynamic Host Configuration Protocol.

See DHCP 175dynamic route

deleting using the CLI 118deleting using the NNCLI 152

dynamic routesdeleting using Device Manager 81


NN46205-523 02.02 9 December 2009


.

421

EECMP 307

configuring globally using DeviceManager 94

description 30enabling globally using Device

Manager 92, 331enabling globally using the CLI 129enabling globally using the NNCLI 160

Ecmp1PathList 94, 333EcmpEnable 94, 333EcmpMaxPath 94, 333EcmpPathListApply 94, 333Enable 97, 298, 336Enable DHCP field 177Enable field

DHCP, Insert Globals dialog box 179EnableBootP 87Equal Cost MultiPath. See ECMP 30

FFastAdvertisementEnable field

IP, VLAN, Insert VRRP dialog box 264Port, Insert VRRP dialog box 261

FastAdvertisementInterval fieldIP, VLAN, Insert VRRP dialog box 264Port, Insert VRRP dialog box 261

FIBEntries 302filtering

inbound/outbound traffic on a RIPinterface 328, 330

Forwarding 93, 331Forwarding List tab


forwarding path, DHCP 193, 214Forwardings tab


FwdIdList field 183

Gglobal configuration, DHCP 194Global Router 70Globals tab


HHoldDownState field 259HoldDownTimer field

IP, VLAN, Insert VRRP dialog box 264Port, Insert VRRP dialog box 261Secondary Feature tab 259

HoldDownTimeRemaining field 259HopOrMetric 82

IICMP

configuring Router Discoveryfor a port, using DeviceManager 102, 340

configuring Router Discovery for aVLAN, using Device Manager 104

configuring Router Discoveryglobally, using Device Manager 100

configuring Router Discoveryglobally, using the CLI 139

configuring Router Discoveryglobally, using the NNCLI 170

configuring Router Discovery on aport or VLAN, using the NNCLI 170

configuring Router Discovery on aport, using the CLI 142

configuring Router Discovery on aVLAN, using the CLI 139

configuring Router Discovery table,using Device Manager 100

ICMP redirect 308ICMP unreachable 308ICMPRedirectMsgEnable 93, 332ICMPUnreachableMsgEnable 93, 332Id 296Id field

Forwarding Lists tab 183UDP_Forward, Insert Forwarding

Lists dialog box 183ID field 319IfIndex 87, 98, 336Index 299InPolicy field 329–330Interface 82, 89, 91, 101, 334, 340Interface field

ARP tab 228interface information, VRRP,

displaying 280, 387Interface tab

accessing 255


NN46205-523 02.02 9 December 2009


.

422

fields 256, 258interVRF redistribution

configuring using Device Manager 297Ip Address 89, 91, 334, 340IP address

configuring for a port using the CLI 124configuring for a port using the

NNCLI 157configuring for a VLAN using the

CLI 126configuring for a VLAN using the

NNCLI 159configuring for management port

using Device Manager 86configuring for management port,

using the CLI 121configuring for management port,

using the NNCLI 155configuring for port using Device

Manager 87, 339configuring for VLAN using Device

Manager 89configuring virtual IP address for

management port using theCLI 123

configuring virtual IP address formanagement port, using theNNCLI 156

viewing using Device Manager 90, 333viewing using the CLI 127viewing using the NNCLI 159

IP enhancements and policiesalternate route 30description 30ECMP 30IP prefix list 36IP route policy 36

IP routingaddress classes 22Address Resolution Protocol (ARP) 41address, in dotted-decimal notation 22alternate routes 30brouter ports 27connectivity protocols 40IP enhancements and policies 30multicast addresses 21static routes 28UDP broadcast 43unicast addresses 21virtual address 45

VRRP 45IP, VLAN, Insert VRRP

fields 262IP, VLAN, Insert VRRP dialog box

accessing 262IpAddr field

Interface tab 256IP, VLAN Insert VRRP dialog box 263Port, Insert VRRP dialog box 260

IpAddress fieldARP tab 228

LLocalAddr field 330LocalIfAddr field 184LocalNextHop 98, 337

MMacAddress field

ARP tab 228MacOffset 91, 334Mask 82, 87, 97, 336MaskLenFrom field 320MaskLenUpto field 320MasterIpAddr field 257MatchAsPath field 322MatchCommunity field 322MatchCommunityExtract field 322MatchInterface field 322MatchMetric field 322MatchProtocol field 321MatchRouteType field 322MatchTag field 322MaxAdvInterval 101, 103, 341MaxHop field 177MaxRoutes 297MaxRoutesTrapEnable 297MaxTtl field 184Metric 98, 298, 336MetricType 298MetricType field 328MgmtMacAddr 87MinAdvInterfal 102MinAdvInterval 103, 342MinSec field 177Mode field

DHCP tab 177DHCP, Insert Globals dialog box 179

more-specific nonlocal route 309


NN46205-523 02.02 9 December 2009


.

423

MVR 70

NName 296Name field 320

Forwarding Lists tab 183UDP_Forward, Insert Forwarding

Lists dialog box 183Net Mask 89, 91, 334, 340NetBIOS

name service 43NextHop 82, 97, 336NextHopVrfId 97, 336NssaPbit field 323NumDropPacketsDestUnreach field 184NumDropPacketsTtl Expired field 185NumDropPacketsUnknownPort field 185NumFwdPkts field

Broadcast Iinterface dialog box 184UDP_Forward, Insert Broadcast

Interface dialog box 184NumRxPkts field 184

OOperAction field

Secondary Feature tab 259OperDuplex 87OperSpeed 87OperStatus 87, 301OspfInFilterApply field 325OutPolicy field 329–330OwnerVrfId 97, 335

PPathType 84PerfPktIn 403PerfPktOut 403PingVirtualAddress field 255PolicyName field 328port DHCP commands

configure 196Port, Insert VRRP dialog box

accessing 259Pref 84Preference 98, 337PreferenceLevel 102–103, 342Prefix field 319prefix list, configuring 319PrefixMaskLen field 319

priorityVRRP 273, 287

Priority fieldInterface tab 256IP, VLAN, Insert VRRP dialog box 263Port, Insert VRRP dialog box 261

Proto 83Protocol 85, 298, 338Protocols tab

accessing 180proxy ARP, enabling 237

RRARP (Reverse Address Resolution

Protocol)ARP 44Ethernet type 44protocol-based VLAN 44request 44server 44VLAN 44

ReasmMaxSize 89, 91, 334, 340ReasmTimeout 93, 331RedistributeApply field 325redistribution

interVRF 73relaying, DHCP 200RemoteDiscr 403RIP

filtering inbound/outboundtraffic 328, 330

roadmapIP CLI commands 111IP NNCLI commands 147VRF Lite CLI commands 304VRF Lite IP CLI commands 115VRF Lite IP NNCLI commands 150VRF Lite NNCLI commands 312

route preferenceconfiguring using the CLI 119configuring using the NNCLI 153

route preferencesconfiguring using Device

Manager 84, 337RouteDiscoveryEnable 93, 332RouteEntries 302RoutePolicy 298router

enabling routing on, using DeviceManager 80


NN46205-523 02.02 9 December 2009


.

424

enabling routing on, using theNNCLI 151

enabling routing on,using the CLI 116Router Address 301Router Discovery

enabling globally using DeviceManager 92, 331

RouterAddressType 301RouteSource 298routing

enabling on a port using DeviceManager 81

enabling on a port using the CLI 118enabling on a port using the NNCLI 151

routing tableflushing by VLAN or port, using the

CLI 120flushing per-port using Device

Manager 85flushing per-VLAN using Device

Manager 85flushing using the NNCLI 154

routing tables flushing 43RP trigger

configuring using the CLI 305configuring using the NNCLI 313

RpStatus 301RpTrigger 297

SSecondary Features tab

accessing 258Server Addr field 178ServerAddr field 179SetAsPath field 323SetAsPathMode field 324SetAutomaticTag field 324SetCommunityMode field 324SetCommunityNumber field 324SetInjectNetList field 323SetLocalPref field 324SetMask field 323SetMetric field 323SetMetricType field 323SetMetricTypeInternal field 323SetNextHop field 323SetOrigin field 324SetOriginEgpAs field 324SetRoutePreference field 323SetWeight field 324

show ip arp info command 240show ip dhcp-relay command 194show ip prefix-list command 350show ip route-policy info command 352show ip vrrp info command 280, 387show port vrrp commands 273show vlan info arp command 237show vlan info dhcp-relay command 201show vlan info vrrp extended

command 277SrcVrfId 84, 298State field 256StatFIBEntries 301Static ARP

static entries 41static ARP entries 228static entry in ARP table 239static route

configuring a black hole, usingDevice Manager 99

configuring a black hole, using theCLI 137

configuring a black hole, using theNNCLI 166

configuring a default, using DeviceManager 98

configuring a default, using the CLI 138configuring using Device

Manager 96, 334configuring using the CLI 132configuring using the NNCLI 164default, configuring using the NNCLI 168deleting using Device Manager 96, 335deleting using the CLI 133deleting using the NNCLI 165

static routes 27black hole static routes 29

StatRouteEntries 301StatUpTime 301Status 97, 336STP

spanning tree convergence 27subnet

mask 23variable-length 24

Subnets 298supernet

address/mask pair 25contiguous network addresses 24enabling on router using the CLI 132


NN46205-523 02.02 9 December 2009


.

425

enabling on router using the NNCLI 162enabling on VRF using the CLI 309enabling using Device Manager 94, 332

SuperNetEnable 94, 332

Ttime to live, setting 130TrapEnable 297Type 299Type field

ARP tab 228

UUDP 179

broadcast forwarding 43IP limited broadcast 44MAC-level broadcast 44specified protocol 44TTL value 44

UDP broadcast forwarding 179UDP dialog box 183

Broadcast Interface tabfields 184

Forwarding List tabfields 183

UDP Forward, Insert Protocols dialogbox

accessing 180UDP forwarding, managing 181UDP protocol, creating 203, 220UDP_Foward, Insert Forwardings dialog

boxaccessing 181fields 182

UdpPortFwdListId field 184User Data Protocol. See UDP

commands 175User Data Protocol. See UDP. 179

Vvirtual IP address

configuring for management port,using the CLI 123

configuring for management port,using the NNCLI 156

VirtualMacAddr field 256VirtualRouter UpTime field 257VLAN

RARP 44

VLAN DHCP commandsconfigure 199show 201

VlanId 89, 91, 334, 340VLANs

BootP/DHCP 177VRRP 261

VRF 70VRF associations

viewing using Device Manager 299VRF global status

viewing using Device Manager 299VRF instance

associating a VLAN or port with,using the NNCLI 314

associating brouter with, using theCLI 310

associating VLAN with, using theCLI 309

changing using Device Manager 79configuring using Device Manager 296configuring using the CLI 305configuring using the NNCLI 313creating using the CLI 305enabling routing on, using Device

Manager 80enabling routing on, using the CLI 116enabling routing on, using the

NNCLI 151VRF instance status

viewing using Device Manager 300VRF Lite

and High Availability mode 77and IPv6 77and multicast 77and policies 77and SMLT 72capabilities 71configuration rules 75Ethernet modules 75IP VPN 75overview 69requirements 75traps 309virtualized protocols 77

VRF redistributionconfiguring using Device Manager 297

VRF statisticsviewing using Device Manager 301

VrfCount 299


NN46205-523 02.02 9 December 2009


.

426

VrfId 91, 301, 334VrfIds 299VrfNames 299Vrid field 260, 263VrId field 256, 259VRRP 261

advertisement timer 47advertisements 46ARP request 47backup state 47configuring 254–255, 258–259, 262controlling state 47default gateway 45dynamic default gateway 45forwarding router 47load sharing 45MAC address 47primary router 45primary router backup 46router 45–46virtual primary router 46virtual router ID 46virtual router IP address 46virtual router MAC address 47

VRRP commandsshow 280, 292, 387, 393

VRRP configurationextended, displaying 277

VRRP failover mechanism 272, 287VRRP tab

accessing 259, 262fields 262

VRRPs, Hold Down Timer feature 253


NN46205-523 02.02 9 December 2009


.

Nortel Ethernet Routing Switch 8600

Configuration — IP RoutingRelease: 5.1Publication: NN46205-523Document revision: 02.02Document release date: 9 December 2009


LEGAL NOTICE

While the information in this document is believed to be accurate and reliable, except as otherwise expressly agreed to in writingNORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESSOR IMPLIED. The information and/or products described in this document are subject to change without notice.

THE SOFTWARE DESCRIBED IN THIS DOCUMENT IS FURNISHED UNDER A LICENSE AGREEMENT AND MAY BE USEDONLY IN ACCORDANCE WITH THE TERMS OF THAT LICENSE.

Nortel, the Nortel logo, and the Globemark are trademarks of Nortel Networks.

All other trademarks are the property of their respective owners.

To provide feedback or to report a problem in this document, go to www.nortel.com/documentfeedback.

www.nortel.com

nn46205-523 02.02 configuration ip routing

Documents