omniaccess 5510 usg cliconfigurationguide release3.0 docs/routers/omniaccess... · the...
TRANSCRIPT
-
1
For final production, import color definitions from
\\daldoc01\docteam\templates\framemaker\book-template\color-defs\ production-colors.fm.
OmniAccess 5510Unified Services Gateway
CLI Configuration Guide
2
Release 3.0Beta
Notes on numbered items on banner & legal pages1 Man26801 West Agoura Road
Calabasas, CA 91301
(818) 880-3500
FAX (818) 880-3505
US Customer Support(800) 995-2696
International Customer Support(818) 878-4507
Internetservice.esd.alcatel-lucent.com
Website: www.alcatel-lucent.com
Part No: 060285-00, Rev B
-
34
5
This configuration guide documents release 3.0 of the OmniAccess 5510-AA/AB USG, OmniAccess 5510-SR USG, and OmniAccess 5510-TE USG. The functionality
described in this guide is subject to change without notice.
The specifications and information regarding the products in this manual are subject to change without notice. All statements, information, and recommendations in this manual are believed to be accurate but are presented without warranty of any kind, express or implied. Users must take full responsibility for their application of any products.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE.
This equipment has been tested and found to comply within the limits pursuant to the (Centre for Telecom) rules. These limits are designed to provide protection against harmful interference when the equipment is operated in a commercial environment.
The following information is for the Users of the OmniAccess 5510 Unified Services Gateway: If it is not installed in accordance with the installation instructions, it may not function exactly to the said specifications. Modifying the equipment without Alcatel-Lucents written authorization may result in the equipment no longer complying with the said dimensions.
Copyright 2010, Alcatel-Lucent. All rights reserved. Alcatel-Lucent and Alcatel-Lucent logo are registered trademarks of Alcatel-Lucent. The contents or specifications contained within this document are subject to change without notice.
Not withstanding any other warranty herein, all hardware and software are provided "as is" with all faults. Alcatel-Lucent disclaim all warranties, expressed or implied, including, without limitation, those of merchantability, fitness for a particular purpose and non-infringement or arising from a course of dealing, usage, or trade practice. In no event shall Alcatel-Lucent be liable for any indirect, special, consequential, or incidental damages, including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Alcatel-Lucent have been advised of the possibility of such damages.
-
Table of Contents
1 Preface.............................................................................................................1About This Guide ......................................................................................................................1Supported Platforms .................................................................................................................1Audience ...................................................................................................................................1Organization..............................................................................................................................2
Part I - Introduction .............................................................................................................2Part II - LAN Interfaces .......................................................................................................2Part III- WAN Interfaces......................................................................................................3Part IV - Packet Classification ............................................................................................4Part V - Routing Protocols ..................................................................................................4Part VI - Network Security CLI............................................................................................5Part VII - Quality Of Service ...............................................................................................5Part VIII - TCP/IP Services .................................................................................................6Part IX - License Manager..................................................................................................6
Document Conventions.............................................................................................................7Obtaining Documentation..........................................................................................................8Reference Publications .............................................................................................................8Obtaining Technical Assistance ................................................................................................9Documentation Feedback .........................................................................................................9
Part 1: Introduction
2 The Command Line Interface ......................................................................13CLI Overview...........................................................................................................................13Introduction to CLI Modes .......................................................................................................14
CLI User Mode .................................................................................................................14CLI Configuration Mode....................................................................................................14CLI Sub-Configuration Mode (SCM).................................................................................14
CLI Modes...............................................................................................................................15CLI Modes ........................................................................................................................16Exiting Configuration Modes.............................................................................................27Example............................................................................................................................27Initial Setup.......................................................................................................................28
Using the Command Line Interface.........................................................................................29CLI Help............................................................................................................................29Partial Help .......................................................................................................................32Partial Commands ............................................................................................................32Command Line Editing .....................................................................................................33Command History.............................................................................................................35
Configuring Interfaces .............................................................................................................36Interface Configuration Commands..................................................................................36Interface Types and Limitations........................................................................................36
-
Common Interface Configuration Commands ..................................................................36Interface Show Commands ..............................................................................................37Clear Interface Commands...............................................................................................39Shutting Down and Bring Up an Interface ........................................................................39Backup Interface...............................................................................................................40
3 System Configuration and Monitoring .......................................................43System Configuration and Monitoring Tasks ..........................................................................43
Chapter Conventions........................................................................................................44Management Plane Overview.................................................................................................45
Out of Band Management ................................................................................................45Inband Management (SSH and Telnet) ............................................................................46Idle Timeout......................................................................................................................49Example............................................................................................................................49Ping ..................................................................................................................................50Example............................................................................................................................50Traceroute ........................................................................................................................53Example............................................................................................................................53Show Inband Sessions .....................................................................................................56Example............................................................................................................................56
Terminal Settings ....................................................................................................................57Example............................................................................................................................57
System Name..........................................................................................................................57Example............................................................................................................................57
AAA Configuration on OmniAccess 5510 USG.......................................................................58To Enable AAA Services ..................................................................................................58Example............................................................................................................................58Authentication Commands ...............................................................................................59Show Commands .............................................................................................................73Clear Commands..............................................................................................................76
Setting and Displaying the System Time and Date.................................................................77Set Time zone ..................................................................................................................78Example............................................................................................................................78Clock Set ..........................................................................................................................78Example............................................................................................................................78Clock Synchronize............................................................................................................79Example............................................................................................................................79
System Logging and Debugging .............................................................................................80Example............................................................................................................................81Example 1.........................................................................................................................82Example 2.........................................................................................................................83Example 3.........................................................................................................................83Example 4.........................................................................................................................83
Rate Limiting in Statlog ...........................................................................................................84Example 1.........................................................................................................................85Example 2.........................................................................................................................85
-
Example 3.........................................................................................................................85Saving Log Messages.............................................................................................................86
Example............................................................................................................................86Viewing Tech Support ......................................................................................................87Example............................................................................................................................87
The File System ......................................................................................................................88Example 1.........................................................................................................................88Example 2.........................................................................................................................89Copying Files....................................................................................................................89Example............................................................................................................................89Deleting Files....................................................................................................................90Example............................................................................................................................90Configuration File Management .......................................................................................91
Software Package Management .............................................................................................98Package Types.................................................................................................................98To Install a Package on the System .................................................................................99Example............................................................................................................................99To Take a Backup of the Package .................................................................................100Example..........................................................................................................................100To Remove a Package ...................................................................................................101Example..........................................................................................................................101Package Set-default .......................................................................................................101Example..........................................................................................................................101To View Details of the Package......................................................................................102Example 1.......................................................................................................................102Example 2.......................................................................................................................103
Reloading the System...........................................................................................................104Example..........................................................................................................................104
System Monitoring and Troubleshooting...............................................................................105Core Generation .............................................................................................................105System Hardware and Environment Information............................................................105Example..........................................................................................................................105To View Process Information..........................................................................................107Example..........................................................................................................................107Hot Key Support .............................................................................................................109Rescue Mode Options ....................................................................................................111
Factory Default Configuration ...............................................................................................114To Reload Factory Default Configuration .......................................................................116Example..........................................................................................................................116
Importing Certificates ............................................................................................................117Example..........................................................................................................................117
SNMP (Simple Network Management Protocol) ...................................................................122SNMP Agent and Manager.............................................................................................123SNMP Version ................................................................................................................124SNMPv3 Protocol Overview ...........................................................................................124SNMP Configuration Commands ...................................................................................125
-
SNMP Show Commands................................................................................................130SNMP MIB CLI ...............................................................................................................134SNMP MIB GUI ..............................................................................................................135
4 Virtual Router Redundancy Protocol........................................................137Chapter Organization .....................................................................................................137Chapter Conventions......................................................................................................137
VRRP Overview ....................................................................................................................138VRRP Configuration..............................................................................................................139
VRRP Configuration Steps .............................................................................................139VRRP Configuration Flow...............................................................................................140VRRP CLI Commands....................................................................................................141Modify Global VRRP Group Parameters ........................................................................143Monitor and Debug VRRP ..............................................................................................148
VRRP Interface Tracking ......................................................................................................151Alcatel-Lucent's Interface Tracking Design ....................................................................151
VRRP Configuration Scenario using OmniAccess 5510 USG..............................................153Procedure .......................................................................................................................153VRRP Configuration .......................................................................................................154
Part 2: LAN Interfaces and Configuration
5 Fast Ethernet Interface...............................................................................157Chapter Conventions......................................................................................................157
Ethernet Overview.................................................................................................................158Ethernet Basics ..............................................................................................................158Ethernet Terminologies ..................................................................................................159Switched Ethernet ..........................................................................................................160Full-duplex Ethernet .......................................................................................................160
Fast Ethernet Configuration ..................................................................................................161Fast Ethernet Interface Configuration Steps ..................................................................161Fast Ethernet Interface Configuration Flow ....................................................................162Ethernet Interface Configuration Commands .................................................................163Configure Optional Parameters on the Interface ............................................................165Configure Fast Ethernet Sub-interface ...........................................................................167Fast Ethernet Interface Show Commands......................................................................168Fast Ethernet Interface Clear Commands ......................................................................171
6 Layer 2 Switching Configuration ..............................................................173Chapter Conventions......................................................................................................173
Switching Overview...............................................................................................................174Alcatel-Lucent Specific Overview on Switching..............................................................176
L2 Switching Configuration ...................................................................................................177L2 Switching Configuration Steps...................................................................................177
-
L2 Switching Configuration Flow ....................................................................................179L2 Switching Commands................................................................................................180L2 Switching Show Commands......................................................................................184L2 Switching Clear Commands ......................................................................................188
Switching Configuration using OmniAccess 5510 USG........................................................189OmniAccess 5510 USG as a Switch with no VLANs......................................................189OmniAccess 5510 USG as a Switch with VLANs...........................................................190
7 Spanning Tree Protocol .............................................................................193Chapter Conventions......................................................................................................193
Spanning Tree Protocol Overview ........................................................................................194STP Configuration.................................................................................................................195
STP Configuration Steps ................................................................................................195STP Configuration Commands.......................................................................................196Show Commands in Spanning Tree...............................................................................200
STP Configuration Example..................................................................................................202Topology.........................................................................................................................202Procedure .......................................................................................................................203Verification......................................................................................................................204
8 Integrated Routing and Bridging ..............................................................205Chapter Conventions......................................................................................................205
Integrated Routing and Bridging Overview ...........................................................................206Alcatel-Lucent Specific IRB Overview ............................................................................206
IRB Configuration..................................................................................................................207IRB Configuration Steps .................................................................................................207IRB Commands ..............................................................................................................208
IRB Configuration using OmniAccess 5510 USG .................................................................209Topology for IRB Configuration on OmniAccess 5510 USG ..........................................209
Part 3: WAN Interfaces and Protocols
9 ADSL (Asymmetric Digital Subscriber Line)............................................213Chapter Conventions......................................................................................................214
ADSL Overview.....................................................................................................................215ATM Configuration ................................................................................................................217
ATM Interface Configuration Steps ................................................................................217ATM Configuration Flow .................................................................................................219ATM Configuration Commands ......................................................................................220Set Encapsulation on the Sub-interface .........................................................................225
10 Universal Serial Port (USP)........................................................................237Chapter Conventions......................................................................................................238
USP (V.35/X.21/RS-232) Overview ......................................................................................239
-
Alcatel-Lucent Specific Overview ...................................................................................240V.35/X.21/RS-232 Configuration...........................................................................................241
V.35/X.21/RS-232 Interface Configuration Steps ...........................................................241V.35/X.21/RS-232 Configuration Flow............................................................................242V.35/X.21/RS-232 Configuration Commands.................................................................243V.35/X.21/RS-232 DTE Optional Parameters ................................................................245Show Command .............................................................................................................248Clear Command .............................................................................................................249
11 T1E1 Interface .............................................................................................251Chapter Conventions......................................................................................................251
T1 and E1 Overview..............................................................................................................252E1 Interface Overview...........................................................................................................252
E1 Timeslot Functionalities.............................................................................................253Mechanisms Supported by the E1 interface...................................................................253E1 Modes of Operation...................................................................................................254Alcatel-Lucent Specific Overview ...................................................................................254
E1 Configuration ...................................................................................................................255E1 Configuration Steps...................................................................................................255E1 Configuration Flow ....................................................................................................257E1 Configuration Commands .........................................................................................258E1 Show Commands......................................................................................................265Troubleshooting E1 Lines...............................................................................................267
T1 Interface Overview...........................................................................................................268Frame Formats Used in T1.............................................................................................268T1 Modes of Operation...................................................................................................269
T1 Configuration....................................................................................................................270T1 Configuration Steps...................................................................................................270T1 Configuration Flow ....................................................................................................272T1 Configuration Commands..........................................................................................273T1 Show Commands ......................................................................................................280Troubleshooting T1 Lines ...............................................................................................282
12 Third Generation (3G) Wireless WAN Interface .......................................283Chapter Conventions......................................................................................................284
3G Wireless Overview...........................................................................................................285Alcatel-Lucent Specific Overview ...................................................................................285
3G Wireless Configuration ....................................................................................................288Cellular Interface Configuration Steps............................................................................289Cellular Interface Configuration Flow .............................................................................291Cellular Interface Configuration Commands...................................................................292Cellular Interface Show Commands ...............................................................................302Cellular Interface Clear Commands ...............................................................................307
-
13 High-level Data Link Control .....................................................................309Chapter Conventions......................................................................................................309
HDLC Overview ....................................................................................................................310HDLC Frame Structure...................................................................................................310HDLC Frame Formats ....................................................................................................311HDLC Protocol Operation...............................................................................................311
HDLC Configuration ..............................................................................................................312HDLC Configuration Steps .............................................................................................313HDLC Configuration Flow...............................................................................................315HDLC Configuration Commands ....................................................................................316
14 Frame Relay ................................................................................................321Chapter Conventions......................................................................................................321
Frame Relay Overview..........................................................................................................322Frame Relay Devices .....................................................................................................322Frame Relay Virtual Circuits...........................................................................................322Frame Relay Network Deployments...............................................................................323
Frame Relay Configuration ...................................................................................................324Frame Relay Configuration Steps ..................................................................................325Frame Relay Configuration Flow ....................................................................................327Frame Relay Configuration Commands .........................................................................328
15 Point-to-Point Protocol ..............................................................................337Chapter Conventions......................................................................................................337
PPP Overview.......................................................................................................................339PPP Components ...........................................................................................................339PPP Operation................................................................................................................339
PPP Configuration.................................................................................................................340PPP Configuration Steps................................................................................................341PPP Configuration Flow .................................................................................................343PPP Configuration Commands.......................................................................................344PPP Optional Parameters ..............................................................................................345PPP Show Commands ...................................................................................................354PPP Debug Commands .................................................................................................362
16 Point-to-Point Protocol over Ethernet (PPPoE).......................................363Chapter Conventions......................................................................................................363
PPPoE Overview...................................................................................................................365PPPoE Operation ...........................................................................................................365OmniAccess 5510 USG Specific Overview on PPPoE Features ...................................365
PPPoE Configuration ............................................................................................................366PPPoE Configuration Steps ...........................................................................................367PPPoE Configuration Flow .............................................................................................369PPPoE Configuration Commands ..................................................................................370PPPoE Optional Parameters ..........................................................................................371
-
PPPoE Show Commands...............................................................................................375
17 Multilink Point to Point Protocol ...............................................................377Chapter Conventions......................................................................................................377
MLPPP Overview..................................................................................................................379MLPPP Components ......................................................................................................380MLPPP Operation...........................................................................................................380Alcatel-Lucent Specific Overview on MLPPP Features..................................................381
MLPPP Configuration............................................................................................................382MLPPP Configuration Steps...........................................................................................383MLPPP Configuration Flow ............................................................................................385MLPPP Configuration Commands..................................................................................386MLPPP Show Commands ..............................................................................................388
MLPPP Configuration Example.............................................................................................389
18 Ethernet OAM (Operations, Administration, and Maintenance).............391Chapter Conventions......................................................................................................391
OAM Overview......................................................................................................................393Alcatel-Lucent Specific Overview ...................................................................................394
OAM Configuration on OmniAccess 5510 USG....................................................................396OAM Configuration Steps...............................................................................................396OAM Configuration Flow ................................................................................................399OAM Configuration Commands......................................................................................400
OAM Configuration using OmniAccess 5510 USG...............................................................417Configuration Steps ........................................................................................................417
19 Bridging Configuration ..............................................................................419Chapter Conventions......................................................................................................419
Bridging overview..................................................................................................................420Alcatel-Lucent Specific Bridging Overview .....................................................................420
Bridging Configuration on PPP/MLPPP/FR/HDLC/FE Interface ...........................................422Bridging Configuration Steps..........................................................................................422Bridging Configuration Flow ...........................................................................................424Bridging Configuration Commands.................................................................................425
BCP Configuration using OmniAccess 5510 USG................................................................432Topology for BCP Configuration on OmniAccess 5510 USG.........................................432
20 Link Fragmentation and Interleaving (LFI)...............................................433Chapter Conventions......................................................................................................433
LFI Overview.........................................................................................................................435Alcatel-Lucent Specific Overview on LFI Features.........................................................435
Overview of LFI in MLPPP....................................................................................................436Packet Formats ..............................................................................................................436Configuration of LFI on MLPPP......................................................................................438
LFI Configuration on MLPPP ................................................................................................439
-
LFI - MLPPP Configuration Steps ..................................................................................440LFI - MLPPP Configuration Flow ....................................................................................442LFI - MLPPP Configuration Commands .........................................................................443LFI - MLPPP Show Commands......................................................................................446Configuration Example of LFI on MLPPP.......................................................................447
Overview of LFI in Frame Relay............................................................................................450End-to-End Fragmentation .............................................................................................450Packet Formats ..............................................................................................................450Configuration of LFI on FR (and FR Sub Interface)........................................................451
LFI Configuration on FR........................................................................................................452LFI - FR Configuration Steps..........................................................................................453LFI - FR Configuration Flow ...........................................................................................455LFI-FR Configuration Commands...................................................................................456LFI Configuration on FR Sub Interface...........................................................................458LFI - FR Show Commands .............................................................................................459Configuration Example of LFI on FR ..............................................................................462
Part 4: Common Classification
21 Common Classifiers...................................................................................467Chapter Conventions......................................................................................................467
CC Overview.........................................................................................................................468Benefits of Alcatel-Lucent Devices Common Classifiers ................................................469CC Architecture ..............................................................................................................469Before you Configure CC ...............................................................................................470
CC Configuration...................................................................................................................471CC Configuration Steps..................................................................................................471Elements Used in Configuring CC..................................................................................472To Configure a Match-list ...............................................................................................475Example..........................................................................................................................475Rules within Match-lists ..................................................................................................475To Configure Rules Using the Protocol Numbers...........................................................482Lists in CC ......................................................................................................................483Nesting Of Match-lists ....................................................................................................485Show commands in CC ..................................................................................................487Deletion Commands in CC .............................................................................................490
Sample examples on the usage of CC across applications ..................................................492Example 1.......................................................................................................................492Example 2.......................................................................................................................493Example 3.......................................................................................................................494
-
Part 5: Routing Protocols
22 Protocol Independent Features.................................................................497Protocol Independent Features Configuration ......................................................................497
Chapter Conventions......................................................................................................497Protocol-Independent Configuration...............................................................................498Protocol-Independent Configuration Commands ...........................................................499
23 Routing Information Protocol ....................................................................527Chapter Conventions......................................................................................................527
RIP Overview ........................................................................................................................528RIP Configuration..................................................................................................................529
RIP Configuration Steps .................................................................................................530RIP Configuration Flow...................................................................................................532RIP Configuration Commands........................................................................................533RIP Optional Parameters................................................................................................534RIP Show Commands ....................................................................................................547RIP Clear Commands.....................................................................................................551
24 Border Gateway Protocol ..........................................................................553Chapter Conventions......................................................................................................553
BGP Overview.......................................................................................................................554BGP Configuration ................................................................................................................555
BGP Configuration Steps ...............................................................................................555BGP Configuration Flow .................................................................................................557BGP Configuration Commands ......................................................................................558BGP Show Commands...................................................................................................560BGP Clear Commands ...................................................................................................563
A Typical BGP Example Using OmniAccess 5510 USG.......................................................566
25 Open Shortest Path First ...........................................................................569Chapter Conventions......................................................................................................569
OSPF Overview ....................................................................................................................570OSPF Configuration ..............................................................................................................571
OSPF Configuration Steps .............................................................................................571OSFP Configuration Flow...............................................................................................573OSPF Configuration Commands ....................................................................................574OSPF Optional Parameters............................................................................................575Show Commands in OSPF.............................................................................................593Clear Commands in OSPF .............................................................................................601
OSPF Configuration on OmniAccess 5510 USG..................................................................602Example..........................................................................................................................602
-
26 Multicast Routing .......................................................................................605Chapter Conventions......................................................................................................605
Multicast Overview................................................................................................................606Protocol Independent Multicast (PIM) ............................................................................606Internet Group Management Protocol (IGMP)................................................................607RFCs ..............................................................................................................................608
PIM Configuration .................................................................................................................609PIM Configuration Steps.................................................................................................609PIM Configuration Flow ..................................................................................................611PIM Configuration Commands .......................................................................................612Show Commands in PIM ................................................................................................617Clear Commands in PIM ................................................................................................620
IGMP Configuration...............................................................................................................621IGMP Configuration Steps..............................................................................................621IGMP Configuration Flow ...............................................................................................623IGMP Configuration Commands.....................................................................................624Show Commands in IGMP .............................................................................................628Show Commands in Multicast ........................................................................................629Clear Commands in Multicast.........................................................................................630
Multicast Configuration on OmniAccess 5510 USG..............................................................631Verifying Multicast Routing .............................................................................................636
27 Policy Based Routing.................................................................................637Chapter Conventions......................................................................................................637
PBR Overview.......................................................................................................................638Alcatel-Lucent Specific Overview ...................................................................................638
PBR Configuration ................................................................................................................639PBR Configuration Steps................................................................................................639PBR Configuration Flow .................................................................................................641PBR Configuration Commands ......................................................................................642Show Commands in PBR ...............................................................................................645Clear Commands............................................................................................................646
PBR Configuration Example .................................................................................................647Configuration Steps ........................................................................................................648Verification......................................................................................................................649
28 Virtual Routing and Forwarding................................................................651Chapter Conventions......................................................................................................652
VRF-CE Overview.................................................................................................................653VRF-CE Configuration ..........................................................................................................655
VRF-CE Configuration Steps..........................................................................................655VRF-CE Configuration Flow ...........................................................................................657VRF-CE CLI Commands ................................................................................................658VRF Show Commands ...................................................................................................667Example..........................................................................................................................667
-
VRF Clear Commands ...................................................................................................672Example..........................................................................................................................672
Part 6: Network Security
29 Network Address Translation....................................................................675Chapter Conventions......................................................................................................675
NAT Overview.......................................................................................................................676Types of NAT..................................................................................................................676Benefits of NAT ..............................................................................................................678Before You Configure NAT.............................................................................................678Alcatel-Lucent Specific Overview ...................................................................................678
Source NAT Configuration ....................................................................................................679SNAT Configuration Steps .............................................................................................680SNAT Configuration Flow ...............................................................................................682SNAT Configuration Commands ....................................................................................683Sample Configurations of SNAT on OmniAccess 5510 USG.........................................689
Destination NAT Configuration..............................................................................................690DNAT Configuration Steps .............................................................................................691DNAT Configuration Flow...............................................................................................693DNAT Configuration Commands ....................................................................................694Sample Configuration Example of DNAT on OmniAccess 5510 USG ...........................698Bypass............................................................................................................................699NAT Show Commands ...................................................................................................700NAT Clear Commands ...................................................................................................702NAT Debug Commands .................................................................................................703
Modifying NAT Configuration ................................................................................................704Insertions ........................................................................................................................704Updations .......................................................................................................................705NAT Deletion Commands...............................................................................................707
30 Filter and Firewall .......................................................................................709Chapter Conventions......................................................................................................709
Network Security - An overview ............................................................................................710Network Security Terminologies.....................................................................................711Firewall Mechanisms ......................................................................................................712Before You Configure Filters and Firewalls ....................................................................713Alcatel-Lucent Specific Overview ...................................................................................713
Filter Configuration................................................................................................................714Filter Configuration Steps ...............................................................................................714Filter Configuration Flow.................................................................................................716Filter Configuration Commands......................................................................................717Filter Show Commands ..................................................................................................721Filter Deletion Commands ..............................................................................................723Filter Clear Commands...................................................................................................724
-
L2 (Layer2) Filter Configuration Commands ..................................................................725L2 Filter Show Commands .............................................................................................728L2 Filter Clear Commands..............................................................................................729Sample Examples of Configuring Filters on OmniAccess 5510 USG ............................730
Managing Security Configuration..........................................................................................731Insertions ........................................................................................................................731Updations .......................................................................................................................732
Network Attacks - An Overview.............................................................................................734Types of Network Attacks...............................................................................................734Default Attacks (Rate-limiting / Stateful) .........................................................................735Default Attacks (Non-rate Limiting / Stateless)...............................................................737Optional Attacks .............................................................................................................739
Network Attack Prevention Configuration .............................................................................741Network Attack Prevention Configuration Steps.............................................................741Network Attack Prevention Configuration Flow ..............................................................743Network Attack Prevention Configuration Commands ...................................................744Firewall Show Commands..............................................................................................754Sample Firewall Policy Configurations on OmniAccess 5510 USG ...............................761
Zone Configuration................................................................................................................763Trusted Zone Configuration............................................................................................763Untrusted Zone Configuration ........................................................................................763Semi-trusted Zone or Demilitarized Zone.......................................................................764Three Zone Firewall Example.........................................................................................765Example 2: Simple Zone Configuration in OmniAccess 5510 USG ...............................773
Time-range/Timer Configuration ...........................................................................................775Time-range Configuration Commands ...........................................................................775Time-range Show Command..........................................................................................776
ALGs Supported in OmniAccess 5510 USG.........................................................................777ALG Configuration Commands.......................................................................................779
Customized-service Rule Based ALG Configuration ............................................................786Customizing ALG Commands ........................................................................................786
Typical Rule Based ALG and DNAT Example Using OmniAccess 5510 USG.....................789Security - Best Practices .......................................................................................................791
Rules for Configuring Packet Filters ...............................................................................791
31 IP Security - Virtual Private Network ........................................................795Chapter Conventions......................................................................................................796
IPsec VPN Overview.............................................................................................................797IPsec Enabled VPN ........................................................................................................799IPsec Connection Types.................................................................................................799IPsec Concepts ..............................................................................................................801Benefits of IPsec Enabled VPN ......................................................................................806Default Configuration Setting on OmniAccess 5510 USG..............................................807
IPsec VPN Configuration ......................................................................................................808IPsec VPN Configuration Steps......................................................................................808IPsec VPN Configuration Flow .......................................................................................810
-
IPsec Configuration Commands.....................................................................................811To Configure the Match-lists...........................................................................................811IPsec Configuration with Pre-shared Key.......................................................................811Example..........................................................................................................................812IPsec Configuration with X.509 Certificates ...................................................................812To Import a RSA Key......................................................................................................813Example..........................................................................................................................813Example..........................................................................................................................813To Export RSA Keys.......................................................................................................821Example..........................................................................................................................821To Delete a CA Certificate..............................................................................................821Example..........................................................................................................................821To Delete a Signed Certificate........................................................................................822Example..........................................................................................................................822To Delete a Peer Certificate ...........................................................................................822Example..........................................................................................................................822To Delete an RSA Key Pair ............................................................................................822Example..........................................................................................................................822Internet Key Exchange (IKE) Policy ...............................................................................823To Configure Transform-set in IPsec..............................................................................827To Configure IPsec Crypto Map .....................................................................................829Example..........................................................................................................................829To Attach Crypto Map to an Interface.............................................................................833Dead Peer Detection (DPD) ...........................................................................................834IPsec VPN Show Commands.........................................................................................836Clear Commands in IPsec..............................................................................................853
IPsec Scenarios on OmniAccess 5510 USG ........................................................................854Best Practices For Deploying IPsec VPN .............................................................................857
Identity ............................................................................................................................857IPsec Access Control .....................................................................................................858IPsec...............................................................................................................................858Network Address Translation .........................................................................................859Network Access Control .................................................................................................859Interoperability ................................................................................................................859Routing Entry..................................................................................................................859
IPsec NAT-Traversal.............................................................................................................860Scenarios Depicting IPsec Nat-traversal...............................................................................861IPsec Tunnel Interface ..........................................................................................................863
Before You Configure IPsec Tunnel Interface ................................................................863Default Configuration on OmniAccess 5510 USG for an IPsec Profile ..........................864
IPsec Tunnel Interface Configuration....................................................................................865IPsec Tunnel Interface Configuration Steps ...................................................................865IPsec Tunnel Interface Configuration Flow.....................................................................867IPsec Tunnel Interface Configuration Commands..........................................................868
IPsec Tunnel Configuration Scenarios using OmniAccess 5510 USG .................................876Dynamic Multipoint Virtual Private Network (DMVPN) Overview..........................................878
-
Alcatel-Lucent Specific Overview ...................................................................................879DMVPN Configuration...........................................................................................................880
DMVPN Configuration Steps ..........................................................................................880DMVPN Configuration Flow............................................................................................883DMVPN Configuration Commands.................................................................................884
DMVPN Configuration Scenarios using OmniAccess 5510 USG .........................................892IPsec VPN Server Overview .................................................................................................895
Alcatel-Lucent Specific Overview ...................................................................................895IPsec VPN Server Configuration...........................................................................................896
IPsec VPN Server Configuration Steps ..........................................................................896IPsec VPN Server Configuration Flow............................................................................900IPsec VPN Server Configuration Commands.................................................................901
Hardware Crypto Engine Support on OmniAccess 5510 USG .............................................910Overview.........................................................................................................................910To Enable/Disable Crypto Engine ..................................................................................910Example..........................................................................................................................910To View Crypto Engine Configuration ............................................................................910Example..........................................................................................................................910To View Crypto Engine Statistics ...................................................................................911Example..........................................................................................................................911To Clear Crypto Engine Statistics...................................................................................911Example..........................................................................................................................911
32 Intrusion Detection/Intrusion Prevention System...................................913Chapter Conventions......................................................................................................913
IDS/IPS Overview .................................................................................................................914Alcatel-Lucent Specific Overview ...................................................................................914
IDS/IPS Configuration ...........................................................................................................914IDS/IPS Configuration Steps ..........................................................................................915IDS/IPS Configuration Flow............................................................................................917IDS/IPS Configuration Commands .................................................................................918IDS/IPS Show Commands .............................................................................................924IDS/IPS Clear Commands..............................................................................................929IDS/IPS Debug Commands............................................................................................930
IDS/IPS Configuration Scenario Using OmniAccess 5510 USG...........................................931Configuration Steps ........................................................................................................931Show Commands ...........................................................................................................932IDS/IPS Topology ...........................................................................................................932
33 Generic Routing Encapsulation................................................................933Chapter Conventions......................................................................................................933
GRE Overview ......................................................................................................................934GRE Tunnel Setup .........................................................................................................934GRE Tunnel Features.....................................................................................................935Summary ........................................................................................................................936Alcatel-Lucent Specific Overview ...................................................................................936
-
GRE Tunnel Configuration ....................................................................................................937GRE Configuration Steps ...............................................................................................937GRE Configuration Flow.................................................................................................939GRE CLI Commands......................................................................................................940
GRE Configuration Scenarios using OmniAccess 5510 USG ..............................................9441. GRE Configuration .....................................................................................................9442. GRE + IP Filters + DoS Configuration ......................................................................9463. GRE over IPsec Configuration .................................................................................948
Part 7: Quality of Service
34 Quality of Service .......................................................................................953Chapter Conventions......................................................................................................953
QoS Overview.......................................................................................................................954Generic terms used in QoS ............................................................................................954Alcatel-Lucent Specific Overview on QoS ......................................................................956Traffic Without Policing and Shaping..............................................................................958Traffic with Policing.........................................................................................................959Traffic with Shaping ........................................................................................................960Hierarchical Queuing ......................................................................................................961Bandwidth Sharing in Tunnels........................................................................................963
QoS Configuration.................................................................................................................964QoS Configuration Steps................................................................................................964QoS Configuration Flow .................................................................................................967QoS Configuration Commands.......................................................................................969Class Map Configuration ................................................................................................969Policy Map Configuration................................................................................................971Attaching a Policy Map to an Interface ...........................................................................973Traffic Class Attributes Configuration .............................................................................975Auto QoS Configuration..................................................................................................986
Hierarchical Policy Configuration ..........................................................................................988QoS over Tunnel Interface....................................................................................................993
Example..........................................................................................................................993QoS Show Commands ...................................................................................................995QoS Clear Commands .................................................................................................1003QoS Debug Commands ...............................................................................................1003
QoS Test Scenarios on OmniAccess 5510 USG................................................................1004Traffic Shaping .............................................................................................................1004Priority Queuing............................................................................................................1006
QoS on Frame Relay (Per-PVC Queuing) ..........................................................................1008QoS on FR and FR Sub Interface ................................................................................1008Frame Relay Queuing and Fragmentation on the Interface .........................................1009Alcatel-Lucent Specific Overview .................................................................................1010QoS on FR Configuration Steps ...................................................................................1011QoS on FR Configuration Commands..........................................................................1013
-
QoS on FR Sub Interface Configuration Commands ...................................................1015QoS on FR Show Commands ......................................................................................1016
L2 QoS................................................................................................................................1017To Attach a L2 Policy Map to an Interface....................................................................1017
Part 8: TCP/IP Services
35 DHCP (Dynamic Host Configuration Protocol) Server..........................1021Chapter Conventions....................................................................................................1021
DHCP Server Overview ......................................................................................................1022Alcatel-Lucent Specific Overview .................................................................................1022
DHCP Server Configuration ................................................................................................1023DHCP Server Configuration Steps ...............................................................................1023DHCP Server Configuration Flow.................................................................................1025DHCP Server Configuration Commands ......................................................................1026DHCP Server Show Commands ..................................................................................1034
DHCP Server Test Scenarios using OmniAccess 5510 USG.............................................1038Configuration Steps ......................................................................................................1039
36 DHCP (Dynamic Host Configuration Protocol) Client...........................1041Chapter Conventions....................................................................................................1041
DHCP Client Overview........................................................................................................1042Alcatel-Lucent Specific Overview .................................................................................1042
DHCP Client Configuration .................................................................................................1044DHCP Client Configuration Steps.................................................................................1044DHCP Client Configuration Flow ..................................................................................1046DHCP Client Configuration Commands .......................................................................1047DHCP Client Show Commands....................................................................................1053
DHCP Client Test Scenarios using OmniAccess 5510 USG ..............................................1055Configuration Steps ......................................................................................................1055
37 TFTP (Trivial File Transfer Protocol) Server ..........................................1057Chapter Conventions....................................................................................................1057
TFTP Server Overview........................................................................................................1058Alcatel-Lucent Specific Overview .................................................................................1058
TFTP Server Configuration .................................................................................................1059TFTP Server Configuration Steps ................................................................................1059TFTP Server Configuration Flow ..................................................................................1060TFTP Server Configuration Commands .......................................................................1061TFTP Show Commands ...............................................................................................1062
38 DHCP (Dynamic Host Configuration Protocol) Relay ...........................1063Chapter Conventions....................................................................................................1063
DHCP Relay Overview........................................................................................................106