Foundry Networks AR1204 Manual de usuario Pagina 1

June 2004 © 2004 Foundry Networks, Inc.Foundry AR-Series Router User GuideFor AR1202, AR1204, AR1208, AR1216, AR3201-CH/CL, and AR3202-CH/CL Routers

June 2004 © 2004 Foundry Networks, Inc. 1 - 1Chapter 1Getting StartedIntroductionThis guide describes how to configure the AccessIron routers in typic

BGP4 show CommandsJune 2004 © 2004 Foundry Networks, Inc. 8 - 7Table 8.2: Status and Origin CodesStatus codes* ( valid ) The table entry is valid.# (

Foundry AR-Series Router User Guide8 - 8 © 2004 Foundry Networks, Inc. June 2004applicable systems: All models.updates Number of sent BGP updatesMaxim

BGP4 show CommandsJune 2004 © 2004 Foundry Networks, Inc. 8 - 9show ip bgp paths This command shows all BGP paths in the database.syntax:show ip bgp

Foundry AR-Series Router User Guide8 - 10 © 2004 Foundry Networks, Inc. June 2004show ip bgp regexpThis command displays routes matching the regular e

BGP4 show CommandsJune 2004 © 2004 Foundry Networks, Inc. 8 - 11show ip bgp summaryThis command shows the BGP router’s identifying number, local AS nu

Foundry AR-Series Router User Guide8 - 12 © 2004 Foundry Networks, Inc. June 2004show ip bgp table This command shows entries in the BGP route table.s

BGP4 show CommandsJune 2004 © 2004 Foundry Networks, Inc. 8 - 13show policy This command provides access to the following next-level policy display co

Foundry AR-Series Router User Guide8 - 14 © 2004 Foundry Networks, Inc. June 2004show policy as_pathThis command displays the AS path access lists.Par

BGP4 show CommandsJune 2004 © 2004 Foundry Networks, Inc. 8 - 15show policy community_listThis command shows configured community lists.Parameter Des

Foundry AR-Series Router User Guide8 - 16 © 2004 Foundry Networks, Inc. June 2004show policy ip_access_listThis command show routes that comply with s

Foundry AR-Series Router User Guide1 - 2 © 2004 Foundry Networks, Inc. June 2004Related PublicationsThe following Foundry Networks documents supplemen

BGP4 show CommandsJune 2004 © 2004 Foundry Networks, Inc. 8 - 17show policy route_map This command shows route map information.Parameter Descriptions

Foundry AR-Series Router User Guide8 - 18 © 2004 Foundry Networks, Inc. June 2004

June 2004 © 2004 Foundry Networks, Inc. 9 - 1Chapter 9OSPF Configure CommandsUse OSPF configure commands to configure all OSPF routing parameters.NOTE

Foundry AR-Series Router User Guide9 - 2 © 2004 Foundry Networks, Inc. June 2004configure router ospfThis command configures a router for OSPF routing

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 3configure router ospf 1583 CompatibilityThis command establishes the route summary

Foundry AR-Series Router User Guide9 - 4 © 2004 Foundry Networks, Inc. June 2004configure router ospf areaThis command configures an OSPF area.Paramet

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 5configure router ospf area area_typeThis command accesses the following next-level

Foundry AR-Series Router User Guide9 - 6 © 2004 Foundry Networks, Inc. June 2004configure router ospf area area_type normalThis command specifies an a

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 7configure router ospf area area_type nssaThis command specifies an area type as (n

Foundry AR-Series Router User Guide9 - 8 © 2004 Foundry Networks, Inc. June 2004configure router ospf area area_type nssa no_summaryThis command preve

Getting StartedJune 2004 © 2004 Foundry Networks, Inc. 1 - 3PPP, PAP, Multilink PPP, Frame Relay, Multilink Frame Relay, (FRF.15, FRF.16.1) BCP, HDLCL

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 9configure router ospf area area_type stubThis command configures an area as a stub

Foundry AR-Series Router User Guide9 - 10 © 2004 Foundry Networks, Inc. June 2004configure router ospf area area_type stub no_summaryThis command prev

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 11configure router ospf area default_costThis command specifies a cost for the defa

Foundry AR-Series Router User Guide9 - 12 © 2004 Foundry Networks, Inc. June 2004configure router ospf area rangeThis command summarizes routes at the

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 13configure router ospf area virtual_linkThis command defines an OSPF virtual link

Foundry AR-Series Router User Guide9 - 14 © 2004 Foundry Networks, Inc. June 2004configure router ospf area virtual_link authenticationThis command co

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 15configure router ospf area virtual_link dead_intervalThis command sets the time,

Foundry AR-Series Router User Guide9 - 16 © 2004 Foundry Networks, Inc. June 2004configure router ospf area virtual_link hello_intervalThis command co

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 17configure router ospf area virtual_link retransmit_intervalThis command configure

Foundry AR-Series Router User Guide9 - 18 © 2004 Foundry Networks, Inc. June 2004configure router ospf area virtual_link transmit_delayThis command co

Foundry AR-Series Router User Guide1 - 4 © 2004 Foundry Networks, Inc. June 2004ACLsDHCPTFTPPAPRADIUSTACACS+SSH v2GRE TunnelingIPSec VPN with integrat

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 19configure router ospf distanceThis command accesses the following next-level comm

Foundry AR-Series Router User Guide9 - 20 © 2004 Foundry Networks, Inc. June 2004configure router ospf distance ospfThis command accesses next-level c

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 21configure router ospf distance ospf externalThis command configures the distance

Foundry AR-Series Router User Guide9 - 22 © 2004 Foundry Networks, Inc. June 2004configure router ospf distance ospf non_externalThis command configur

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 23configure router ospf interfaceThis command configures an interface for OSPF rout

Foundry AR-Series Router User Guide9 - 24 © 2004 Foundry Networks, Inc. June 2004configure router ospf interface authenticationThis command configures

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 25configure router ospf interface costThis command configures the OSPF metric cost

Foundry AR-Series Router User Guide9 - 26 © 2004 Foundry Networks, Inc. June 2004configure router ospf interface dead_intervalThis command sets the ti

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 27configure router ospf interface hello_intervalThis command sets the time interval

Foundry AR-Series Router User Guide9 - 28 © 2004 Foundry Networks, Inc. June 2004configure router ospf interface neighborThis command sets up an OSPF

Getting StartedJune 2004 © 2004 Foundry Networks, Inc. 1 - 5How to Get HelpFoundry Networks technical support will ensure that the fast and easy acces

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 29configure router ospf interface networkThis command configures the OSPF network t

Foundry AR-Series Router User Guide9 - 30 © 2004 Foundry Networks, Inc. June 2004applicable systems: All models.

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 31configure router ospf interface poll_intervalThis command, used for nonbroadcast

Foundry AR-Series Router User Guide9 - 32 © 2004 Foundry Networks, Inc. June 2004configure router ospf interface priorityThis command configures the p

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 33configure router ospf interface retransmit_intervalThis command configures the re

Foundry AR-Series Router User Guide9 - 34 © 2004 Foundry Networks, Inc. June 2004configure router ospf interface transmit_delayThis command configures

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 35configure router ospf redistributeThis command accesses next-level commands that

Foundry AR-Series Router User Guide9 - 36 © 2004 Foundry Networks, Inc. June 2004configure router ospf redistribute bgpThis command redistributes BGP

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 37configure router ospf redistribute connectedThis command redistributes connected

Foundry AR-Series Router User Guide9 - 38 © 2004 Foundry Networks, Inc. June 2004configure router ospf redistribute ripThis command redistributes RIP

Foundry AR-Series Router User Guide1 - 6 © 2004 Foundry Networks, Inc. June 2004

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 39configure router ospf redistribute staticThis command redistributes static routes

Foundry AR-Series Router User Guide9 - 40 © 2004 Foundry Networks, Inc. June 2004configure router ospf ref_bwThis command calculates OSPF interface co

OSPF Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 9 - 41configure router ospf timersThis command configures and adjusts ospf spf timers.P

Foundry AR-Series Router User Guide9 - 42 © 2004 Foundry Networks, Inc. June 2004

June 2004 © 2004 Foundry Networks, Inc. 10 - 1Chapter 10OSPF Show CommandsUse OSPF display/show commands to display all configured OSPF information.NO

Foundry AR-Series Router User Guide10 - 2 © 2004 Foundry Networks, Inc. June 2004related commands: applicable systems: All models.show ip ospf globals

OSPF Show CommandsJune 2004 © 2004 Foundry Networks, Inc. 10 - 3show ip ospf databaseThis command provides access to commands that display information

Foundry AR-Series Router User Guide10 - 4 © 2004 Foundry Networks, Inc. June 2004show ip ospf database allThis command displays information related to

OSPF Show CommandsJune 2004 © 2004 Foundry Networks, Inc. 10 - 5show ip ospf database asbr_summaryThis command displays information about ASBR summary

Foundry AR-Series Router User Guide10 - 6 © 2004 Foundry Networks, Inc. June 2004show ip ospf database database_summaryThis command displays OSPF data

June 2004 © 2004 Foundry Networks, Inc. 2 - 1Chapter 2Command Line InterfaceThis chapter introduces the Command Line Interface (CLI) hierarchy and the

OSPF Show CommandsJune 2004 © 2004 Foundry Networks, Inc. 10 - 7show ip ospf database externalThis command displays information about external LSAs in

Foundry AR-Series Router User Guide10 - 8 © 2004 Foundry Networks, Inc. June 2004show ip ospf database networkThis command displays database informati

OSPF Show CommandsJune 2004 © 2004 Foundry Networks, Inc. 10 - 9show ip ospf database nssa_externalThis command shows OSPF database information about

Foundry AR-Series Router User Guide10 - 10 © 2004 Foundry Networks, Inc. June 2004show ip ospf database routerThis command shows information about rou

OSPF Show CommandsJune 2004 © 2004 Foundry Networks, Inc. 10 - 11show ip ospf database self_originateThis command displays OSPF database information a

Foundry AR-Series Router User Guide10 - 12 © 2004 Foundry Networks, Inc. June 2004show ip ospf database summaryThis command displays information about

OSPF Show CommandsJune 2004 © 2004 Foundry Networks, Inc. 10 - 13show ip ospf globalThis command displays global OSPF information.syntax:global exam

Foundry AR-Series Router User Guide10 - 14 © 2004 Foundry Networks, Inc. June 2004show ip ospf interfaceThis command provides access to commands that

OSPF Show CommandsJune 2004 © 2004 Foundry Networks, Inc. 10 - 15show ip ospf interface allThis command displays configuration information about all c

Foundry AR-Series Router User Guide10 - 16 © 2004 Foundry Networks, Inc. June 2004show ip ospf interface bundleThis command displays configuration inf

Foundry AR-Series Router User Guide2 - 2 © 2004 Foundry Networks, Inc. June 2004NOTE: Command strings that require identification of a specific interf

OSPF Show CommandsJune 2004 © 2004 Foundry Networks, Inc. 10 - 17show ip ospf interface ethernetThis command displays OSPF configuration information a

Foundry AR-Series Router User Guide10 - 18 © 2004 Foundry Networks, Inc. June 2004show ip ospf neighborThis command provides access to next-level comm

OSPF Show CommandsJune 2004 © 2004 Foundry Networks, Inc. 10 - 19show ip ospf neighbor detailThis command displays detailed OSPF configuration informa

Foundry AR-Series Router User Guide10 - 20 © 2004 Foundry Networks, Inc. June 2004show ip ospf neighbor idThis command displays OSPF configuration inf

OSPF Show CommandsJune 2004 © 2004 Foundry Networks, Inc. 10 - 21show ip ospf neighbor interfaceThis command provides access to commands that display

Foundry AR-Series Router User Guide10 - 22 © 2004 Foundry Networks, Inc. June 2004show ip ospf neighbor interface bundleThis command displays informat

OSPF Show CommandsJune 2004 © 2004 Foundry Networks, Inc. 10 - 23show ip ospf neighbor interface ethernetThis command displays configuration informati

Foundry AR-Series Router User Guide10 - 24 © 2004 Foundry Networks, Inc. June 2004show ip ospf neighbor listThis command displays a list of neighbors

OSPF Show CommandsJune 2004 © 2004 Foundry Networks, Inc. 10 - 25show ip ospf request_listThis command displays the LSAs in the request list of the sp

Foundry AR-Series Router User Guide10 - 26 © 2004 Foundry Networks, Inc. June 2004show ip ospf retransmission_listThis command displays the LSAs in th

Command Line InterfaceJune 2004 © 2004 Foundry Networks, Inc. 2 - 3Abbreviated CommandsYou may enter commands by typing the first few characters of ea

OSPF Show CommandsJune 2004 © 2004 Foundry Networks, Inc. 10 - 27show ip ospf virtual_linksThis command displays information about configured OSPF vir

Foundry AR-Series Router User Guide10 - 28 © 2004 Foundry Networks, Inc. June 2004

June 2004 © 2004 Foundry Networks, Inc. 11 - 1Chapter 11RIP Configure CommandsUse RIP configure commands to configure all RIP parameters.NOTE: See the

Foundry AR-Series Router User Guide11 - 2 © 2004 Foundry Networks, Inc. June 2004configure router ripThis command enables the Routing Information Prot

RIP Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 11 - 3configure router rip default_metricThis command sets the global default metric val

Foundry AR-Series Router User Guide11 - 4 © 2004 Foundry Networks, Inc. June 2004configure router rip distanceThis command configures the distance val

RIP Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 11 - 5configure router rip interfaceThis command enables RIP for an interface. The inter

Foundry AR-Series Router User Guide11 - 6 © 2004 Foundry Networks, Inc. June 2004configure router rip interface authenticationThis command configures

RIP Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 11 - 7configure router rip interface distribute_listThis command configures the access l

Foundry AR-Series Router User Guide11 - 8 © 2004 Foundry Networks, Inc. June 2004configure router rip interface metricThis command configures the metr

Foundry AR-Series Router User Guide2 - 4 © 2004 Foundry Networks, Inc. June 2004CLI NavigationThe Tab, Esc, and Ctrl keyboard keys may be used to:• Mo

RIP Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 11 - 9configure router rip interface modeThis command configures RIP mode for the specif

Foundry AR-Series Router User Guide11 - 10 © 2004 Foundry Networks, Inc. June 2004configure router rip interface neighborThis command specifies a RIP

RIP Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 11 - 11configure router rip interface passiveThis command configures RIP mode for a spec

Foundry AR-Series Router User Guide11 - 12 © 2004 Foundry Networks, Inc. June 2004configure router rip interface split_horizonThis command configures

RIP Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 11 - 13configure router rip modeThis command globally configures RIP mode for all interf

Foundry AR-Series Router User Guide11 - 14 © 2004 Foundry Networks, Inc. June 2004configure router rip pacingThis command enables RIP updates sent fro

RIP Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 11 - 15configure router rip passiveThis command configures RIP passive (listen only) mod

Foundry AR-Series Router User Guide11 - 16 © 2004 Foundry Networks, Inc. June 2004configure router rip redistributeThis command accesses the following

RIP Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 11 - 17configure router rip redistribute bgpThis command configures RIP to redistribute

Foundry AR-Series Router User Guide11 - 18 © 2004 Foundry Networks, Inc. June 2004configure router rip redistribute connectedThis command configures R

Copyright © 2004 Foundry Networks, Inc. All rights reserved. No part of this work may be reproduced in any form or by any means – graphic, electronic

Command Line InterfaceJune 2004 © 2004 Foundry Networks, Inc. 2 - 5Figure 2.2 Help ScreenTree You may view a tree that shows all CLI commands, or a tr

RIP Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 11 - 19configure router rip redistribute ospfThis command configures RIP to redistribute

Foundry AR-Series Router User Guide11 - 20 © 2004 Foundry Networks, Inc. June 2004configure router rip redistribute staticThis command configures RIP

RIP Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 11 - 21configure router rip timersThis command accesses the following next-level command

Foundry AR-Series Router User Guide11 - 22 © 2004 Foundry Networks, Inc. June 2004configure router rip timers flushThis command configures the global

RIP Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 11 - 23configure router rip timers holddownThis command configures the global RIP hold d

Foundry AR-Series Router User Guide11 - 24 © 2004 Foundry Networks, Inc. June 2004configure router rip timers updateThis command configures the global

June 2004 © 2004 Foundry Networks, Inc. 12 - 1Chapter 12RIP show CommandsUse RIP display/show commands to display all configured RIP information.NOTE:

Foundry AR-Series Router User Guide12 - 2 © 2004 Foundry Networks, Inc. June 2004show ip ripThis command accesses the following next-level commands th

RIP show CommandsJune 2004 © 2004 Foundry Networks, Inc. 12 - 3show ip rip globalThis command displays global configured information about mode, dista

Foundry AR-Series Router User Guide12 - 4 © 2004 Foundry Networks, Inc. June 2004show ip rip interfaceThis command accesses the following next-level c

Foundry AR-Series Router User Guide2 - 6 © 2004 Foundry Networks, Inc. June 2004Figure 2.4 ? Help ScreenNOTE: The default parameters for specific comm

RIP show CommandsJune 2004 © 2004 Foundry Networks, Inc. 12 - 5show ip rip interface allThis command displays information about all configured RIP int

Foundry AR-Series Router User Guide12 - 6 © 2004 Foundry Networks, Inc. June 2004show ip rip interface bundleThis command displays RIP information for

RIP show CommandsJune 2004 © 2004 Foundry Networks, Inc. 12 - 7show ip rip interface ethernetThis command displays RIP information about the Ethernet

Foundry AR-Series Router User Guide12 - 8 © 2004 Foundry Networks, Inc. June 2004show ip rip interface statisticsThis command displays global RIP inte

RIP show CommandsJune 2004 © 2004 Foundry Networks, Inc. 12 - 9show ip rip statisticsThis command shows global RIP statistics, such as route changes a

Foundry AR-Series Router User Guide12 - 10 © 2004 Foundry Networks, Inc. June 2004

June 2004 © 2004 Foundry Networks, Inc. 13 - 1Chapter 13AS Path Regular ExpressionsThis appendix provides information about how to use and configure r

Foundry AR-Series Router User Guide13 - 2 © 2004 Foundry Networks, Inc. June 2004!AS Matches any AS number except the given one.AS1 -AS2 Is a range of

June 2004 © 2004 Foundry Networks, Inc. 14 - 1Chapter 14MulticastingMulticasting OverviewTraditional multicast routing mechanisms such as Distance Vec

Foundry AR-Series Router User Guide14 - 2 © 2004 Foundry Networks, Inc. June 2004Configure Join/Prune HoldtimeFoundry/configure/ip/pim#join-prune-hold

Command Line InterfaceJune 2004 © 2004 Foundry Networks, Inc. 2 - 7Figure 2.5 Global show Command NOTE: The CLI commands show and display can be used

MulticastingJune 2004 © 2004 Foundry Networks, Inc. 14 - 3The show and debug PIM commands are:Configure as candidate RP periodFoundry/configure/ip/pim

Foundry AR-Series Router User Guide14 - 4 © 2004 Foundry Networks, Inc. June 2004Protocol Independent Multicast - Source Specific Multicast (PIM-SSM)B

MulticastingJune 2004 © 2004 Foundry Networks, Inc. 14 - 5membership information enables the router to forward traffic only from those sources from wh

Foundry AR-Series Router User Guide14 - 6 © 2004 Foundry Networks, Inc. June 2004Traceroute Facility for IP MulticastWith multicast distribution trees

MulticastingJune 2004 © 2004 Foundry Networks, Inc. 14 - 7Multicast traceroute uses any information available to it in the router to try to determine

Foundry AR-Series Router User Guide14 - 8 © 2004 Foundry Networks, Inc. June 2004When multipath is disabled, Foundry selects the nexthop address with

June 2004 © 2004 Foundry Networks, Inc. 15 - 1Chapter 15Security FeaturesIntroduction to SecurityFoundry introduces a wide range of robust industry-st

Foundry AR-Series Router User Guide15 - 2 © 2004 Foundry Networks, Inc. June 2004Securing Remote Access Using IPSec VPNThe features allow administrato

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 3In tunnel mode, at each IKE end point, the IP traffic to be protected is completely enc

Step 2: Configure the Ethernet interface with trusted network type:Step 3: Display the crypto interfaces:Step 4: Add the route to the peer LAN:Step 5:

Foundry AR-Series Router User Guide2 - 8 © 2004 Foundry Networks, Inc. June 2004

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 5Step 6: Display the IKE policies:Step 7: Display the IKE policies in detail:Step 8: Con

Foundry AR-Series Router User Guide15 - 6 © 2004 Foundry Networks, Inc. June 2004Step 9: Display the IPSec policies:Step 10: Display IPSec policies in

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 7Step 11: Configure firewall policies to allow IKE negotiation through untrusted interfa

Foundry AR-Series Router User Guide15 - 8 © 2004 Foundry Networks, Inc. June 2004Step 14: Display firewall policies in the internet map in detail (app

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 9Step 15: Enable SNMP on the Router1 router:Step 16: Display SNMP communities:Step 17: R

Foundry AR-Series Router User Guide15 - 10 © 2004 Foundry Networks, Inc. June 2004Example 2: Joining Two Private Networks with an IP Security TunnelTh

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 11Figure 1 Tunnel Mode Between Two Foundry Security Gateways - Single ProposalsStep 1:

Foundry AR-Series Router User Guide15 - 12 © 2004 Foundry Networks, Inc. June 2004Step 5: Configure IKE to the peer gateway:Step 6: Display the IKE po

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 13Step 8: Configure IPSec tunnel to the remote host:NOTE: For IPSec only – when you crea

Foundry AR-Series Router User Guide15 - 14 © 2004 Foundry Networks, Inc. June 2004Step 10: Display IPSec policies detail:Step 11: Configure firewall p

June 2004 © 2004 Foundry Networks, Inc. 3 - 1Chapter 3Policy CommandsThis chapter provides information about routing policy commands that are supporte

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 15Step 12: Display firewall policies in the internet map (applicable only if firewall li

Foundry AR-Series Router User Guide15 - 16 © 2004 Foundry Networks, Inc. June 2004Step 15: Display firewall policies in the corp map (applicable only

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 17Step 16: Display firewall policies in the corp map in detail (applicable only if firew

Foundry AR-Series Router User Guide15 - 18 © 2004 Foundry Networks, Inc. June 2004Step17: Repeat steps 1 -16 with suitable modifications on Router2 pr

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 19Example 3: Joining Two Networks with an IPSec Tunnel using Multiple IPSec ProposalsThe

Foundry AR-Series Router User Guide15 - 20 © 2004 Foundry Networks, Inc. June 2004Figure 2 Tunnel Mode Between Two Foundry Security Gateways - Multip

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 21Step 5: Configure IKE to the peer gateway:Step 6: Display the IKE policies:Step 7: Dis

Foundry AR-Series Router User Guide15 - 22 © 2004 Foundry Networks, Inc. June 2004Step 8: Configure IPSec tunnel to the remote host:NOTE: For IPSec on

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 23Step 10: Configure firewall policies to allow IKE negotiation through untrusted interf

Foundry AR-Series Router User Guide15 - 24 © 2004 Foundry Networks, Inc. June 2004Step 11: Display firewall policies in the internet map (applicable o

Foundry AR-Series Router User Guide3 - 2 © 2004 Foundry Networks, Inc. June 2004configure policy as_pathThis command configures the autonomous system

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 25Step 14: Display firewall policies in the corp map (applicable only if firewall licens

Foundry AR-Series Router User Guide15 - 26 © 2004 Foundry Networks, Inc. June 2004Step 15: Display firewall policies in the corp map in detail (applic

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 27Step16: Repeat steps 1 -15 with suitable modifications on Router2 prior to passing bi-

Foundry AR-Series Router User Guide15 - 28 © 2004 Foundry Networks, Inc. June 2004Example 4: Supporting Remote User Access The following example demon

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 29Figure 15.2 IPSec Tunneling Using User Group MethodStep 1: Configure a WAN bundle of n

Foundry AR-Series Router User Guide15 - 30 © 2004 Foundry Networks, Inc. June 2004Step 3: Display the crypto interfaces:Step 4: Configure dynamic IKE

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 31Step 6: Display dynamic IKE policies in detail:Step 7: Configure dynamic IPSec policy

Foundry AR-Series Router User Guide15 - 32 © 2004 Foundry Networks, Inc. June 2004Step 9: Display dynamic IPSec policies in detail:Step 10: Configure

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 33Step 11: Configure firewall policies to allow IKE negotiation through untrusted interf

Foundry AR-Series Router User Guide15 - 34 © 2004 Foundry Networks, Inc. June 2004Step 14: Configure firewall policies for a group of mobile users to

Policy CommandsJune 2004 © 2004 Foundry Networks, Inc. 3 - 3configure policy community_listThis command accesses next-level commands for adding extend

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 35Step 16: Display firewall policies in the corp map in detail (applicable only if firew

Foundry AR-Series Router User Guide15 - 36 © 2004 Foundry Networks, Inc. June 2004Step 17: Test the IPSec tunnel between the VPN client and the server

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 37Example 5: Configuring IPSec Remote Access to Corporate LAN with Mode-Configuration Me

Foundry AR-Series Router User Guide15 - 38 © 2004 Foundry Networks, Inc. June 2004Figure 15.3 IPSec Tunneling Using Mode Configuration MethodStep 1: C

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 39Step 3: Display the crypto interfaces:Step 4: Configure dynamic IKE policy for a group

Foundry AR-Series Router User Guide15 - 40 © 2004 Foundry Networks, Inc. June 2004Step 6: Display dynamic IKE policies in detail:Step 7: Configure dyn

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 41Step 9: Display dynamic IPSec policies in detai:lStep 10: Configure firewall policies

Foundry AR-Series Router User Guide15 - 42 © 2004 Foundry Networks, Inc. June 2004Step 12: Display firewall policies in the internet map in detail (ap

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 43Step 15: Display firewall policies in the corp map in detail (applicable only if firew

Foundry AR-Series Router User Guide15 - 44 © 2004 Foundry Networks, Inc. June 2004Step 16: Test the IPSec tunnel between the VPN client and the server

Foundry AR-Series Router User Guide3 - 4 © 2004 Foundry Networks, Inc. June 2004configure policy community_list extended_communityThis command configu

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 45Configuring GREGeneric Routing Encapsulation (GRE) is a standards-based (RFC1701, RFC2

Foundry AR-Series Router User Guide15 - 46 © 2004 Foundry Networks, Inc. June 2004GRE Configuration ExamplesThis example explains how to configure a b

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 47NOTE: The peer of a local WAN interface cannot be used as a tunnel destination.4. Veri

Foundry AR-Series Router User Guide15 - 48 © 2004 Foundry Networks, Inc. June 20045. Configure the Cisco side:With the tunnel properly configured and

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 493. Configure the routes:4. Define the policy:5. Check the status of the tunnel by ente

Foundry AR-Series Router User Guide15 - 50 © 2004 Foundry Networks, Inc. June 2004NOTE: Using the redistribute connected command adds a recursive rout

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 51Step 1:Configure the Ethernet interfaces and the WAN interfaces with IP addresses:Step

Foundry AR-Series Router User Guide15 - 52 © 2004 Foundry Networks, Inc. June 2004Step 5: Verify the firewall policy for Security Zone CORP:Step 6: Ve

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 53Step 8:Verify the firewall policy for Security Zone DMZ:Step 9: Verify that the FTP fi

Foundry AR-Series Router User Guide15 - 54 © 2004 Foundry Networks, Inc. June 2004Step 11:Verify the system configuration by displaying the running co

Policy CommandsJune 2004 © 2004 Foundry Networks, Inc. 3 - 5configure policy community_list standard_communityThis command configures a standard commu

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 55 qos exit qos vrrp_mode 0 aaa exit aaa crypto trusted exit et

Foundry AR-Series Router User Guide15 - 56 © 2004 Foundry Networks, Inc. June 2004 load_balance per_flow multicast exit multicast route 0.0.0.0

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 57Packet ReassemblyTo configure the firewall to perform IP reassembly of oversized packe

Foundry AR-Series Router User Guide15 - 58 © 2004 Foundry Networks, Inc. June 2004NAT Configuration ExamplesDynamic NAT (many to many)In dynamic (many

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 59Static NAT (one to one)Figure 15.7 Static NATIn static (one-to-one) NAT type, for each

Foundry AR-Series Router User Guide15 - 60 © 2004 Foundry Networks, Inc. June 2004Figure 15.8 Mapping Multiple NAT Addresses to One Public IP AddressT

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 61Security Protocol DefaultsThis section provides information about IPSec supported prot

Foundry AR-Series Router User Guide15 - 62 © 2004 Foundry Networks, Inc. June 2004Foundry IKE and IPSec DefaultsTo minimize configuration required by

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 63IPSec DefaultsTable 15.6: lists IPSec defaults. When the user creates an IPSec policy

Foundry AR-Series Router User Guide15 - 64 © 2004 Foundry Networks, Inc. June 2004Direction No DefaultAction PermitTraffic type TransitSource Port Any

Foundry AR-Series Router User Guide3 - 6 © 2004 Foundry Networks, Inc. June 2004configure policy ip_access_listThis command configures the IP access l

Security FeaturesJune 2004 © 2004 Foundry Networks, Inc. 15 - 65Tunneling Default ValuesThis section provides the IP-IP and GRE tunneling protocol def

Foundry AR-Series Router User Guide15 - 66 © 2004 Foundry Networks, Inc. June 2004

June 2004 © 2004 Foundry Networks, Inc. Index - 1Aabbreviated commands 4-3Audience 3-1Bbold type 4-3Ccommand line interfaceconventions used 4-1getting

Foundry AR-Series Router User GuideIndex - 2 © 2004 Foundry Networks, Inc. June 2004

June 2004 © 2004 Foundry Networks, Inc. iiiContentsCHAPTER 1GETTING STARTED...

Policy CommandsJune 2004 © 2004 Foundry Networks, Inc. 3 - 7example:Foundry-AR1208/configure# policy ip_access_list 1 1 permit network 10.0.0.0 netmas

Foundry AR-Series Router User Guide3 - 8 © 2004 Foundry Networks, Inc. June 2004configure policy route_mapThis command configures the policy for route

Policy CommandsJune 2004 © 2004 Foundry Networks, Inc. 3 - 9related commands: applicable systems: All models.configure policy route_map commitconfigur

Foundry AR-Series Router User Guide3 - 10 © 2004 Foundry Networks, Inc. June 2004configure policy route_map matchThis command accesses next-level comm

Policy CommandsJune 2004 © 2004 Foundry Networks, Inc. 3 - 11configure policy route_map match as_pathThis command matches any of the specified BGP AS

Foundry AR-Series Router User Guide3 - 12 © 2004 Foundry Networks, Inc. June 2004configure policy route_map match communityThis command matches any of

Policy CommandsJune 2004 © 2004 Foundry Networks, Inc. 3 - 13configure policy route_map match ip ip_addressThis command distributes routes matching th

Foundry AR-Series Router User Guide3 - 14 © 2004 Foundry Networks, Inc. June 2004configure policy route_map setThis command provides access to next-le

Policy CommandsJune 2004 © 2004 Foundry Networks, Inc. 3 - 15configure policy route_map set as_pathThis command configures a character string for a BG

Foundry AR-Series Router User Guide3 - 16 © 2004 Foundry Networks, Inc. June 2004configure policy route_map set communityThis command configures the p

Foundry AR-Series Router User Guide iv © 2004 Foundry Networks, Inc. June 2004CONFIGURE POLICY ...

Policy CommandsJune 2004 © 2004 Foundry Networks, Inc. 3 - 17configure policy route_map set distanceThis command sets the BGP protocol preference for

Foundry AR-Series Router User Guide3 - 18 © 2004 Foundry Networks, Inc. June 2004configure policy route_map set local_preferenceThis command configure

Policy CommandsJune 2004 © 2004 Foundry Networks, Inc. 3 - 19configure policy route_map set metricThis command configures the metric value for the des

Foundry AR-Series Router User Guide3 - 20 © 2004 Foundry Networks, Inc. June 2004configure policy route_map set metric_typeThis command configures the

Policy CommandsJune 2004 © 2004 Foundry Networks, Inc. 3 - 21configure policy route_map set originThis command configures the origin value for the BGP

Foundry AR-Series Router User Guide3 - 22 © 2004 Foundry Networks, Inc. June 2004

June 2004 © 2004 Foundry Networks, Inc. 4 - 1Chapter 4Protocols OverviewBGP4Border Gateway Protocol Version 4 (also referred to as simply BGP) is an e

Foundry AR-Series Router User Guide4 - 2 © 2004 Foundry Networks, Inc. June 2004RFC ComplianceThe following table provides Foundry Network’s BGP RFC c

Protocols OverviewJune 2004 © 2004 Foundry Networks, Inc. 4 - 3RFC ComplianceThe following table provides Foundry Network’s OSPF RFC compliance inform

Multicasting Traditional multicast routing mechanisms such as Distance Vector Multicast Routing Protocol (DVMRP) and Multicast Open Shortest Path Firs

ContentsJune 2004 © 2004 Foundry Networks, Inc. vCHAPTER 7BGP4 CONFIGURE COMMANDS...

June 2004 © 2004 Foundry Networks, Inc. 5 - 1Chapter 5BGP4 Clear CommandsUse BGP clear commands to clear bgp configuration settings.clear ip bgpThis c

Foundry AR-Series Router User Guide5 - 2 © 2004 Foundry Networks, Inc. June 2004clear ip bgp allThis command removes all BGP neighbor connections.synt

BGP4 Clear CommandsJune 2004 © 2004 Foundry Networks, Inc. 5 - 3clear ip bgp groupThis command removes all connections for a BGP group.Parameter Desc

Foundry AR-Series Router User Guide5 - 4 © 2004 Foundry Networks, Inc. June 2004clear ip bgp neighbor This command removes a specified BGP neighbor co

June 2004 © 2004 Foundry Networks, Inc. 6 - 1Chapter 6Generic Routing CommandsThis chapter contains routing commands that are not protocol specific. T

Foundry AR-Series Router User Guide6 - 2 © 2004 Foundry Networks, Inc. June 2004configure router routeridThis command configures a router for routing

Generic Routing CommandsJune 2004 © 2004 Foundry Networks, Inc. 6 - 3show ip routesThis command displays IP routing information for Ethernet ports. Pa

Foundry AR-Series Router User Guide6 - 4 © 2004 Foundry Networks, Inc. June 2004example:To display all routes, issue the show ip routes command.exampl

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 1Chapter 7BGP4 Configure CommandsUse BGP configure commands to configure all BGP4 p

Foundry AR-Series Router User Guide7 - 2 © 2004 Foundry Networks, Inc. June 2004configure router bgp aggregate_addressThis command is used to aggregat

Foundry AR-Series Router User Guide vi © 2004 Foundry Networks, Inc. June 2004SHOW IP BGP REGEXP ...

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 3applicable systems: All models.configure router bgp default_metricconfigure router

Foundry AR-Series Router User Guide7 - 4 © 2004 Foundry Networks, Inc. June 2004configure router bgp always_compare_med This command configures a rout

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 5configure router bgp default_metric This command configures the default metric val

Foundry AR-Series Router User Guide7 - 6 © 2004 Foundry Networks, Inc. June 2004configure router bgp distanceThis command changes the default distance

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 7configure router bgp group This command configures BGP groups. Neighbors with the

Foundry AR-Series Router User Guide7 - 8 © 2004 Foundry Networks, Inc. June 2004configure router bgp group distribute_listThis command configures filt

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 9configure router bgp group filter_listThis command configures BGP filters for a sp

Foundry AR-Series Router User Guide7 - 10 © 2004 Foundry Networks, Inc. June 2004configure router bgp group next_hop_selfThis command disables the nex

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 11configure router bgp group passwordThis command configures the TCP MD5 password t

Foundry AR-Series Router User Guide7 - 12 © 2004 Foundry Networks, Inc. June 2004configure router bgp group remove_private_ASThis command removes the

ContentsJune 2004 © 2004 Foundry Networks, Inc. viiCONFIGURE ROUTER OSPF REDISTRIBUTE CONNECTED ...

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 13configure router bgp group route_mapThis command configures a route map to a BGP

Foundry AR-Series Router User Guide7 - 14 © 2004 Foundry Networks, Inc. June 2004configure router bgp neighborThis command configures a BGP neighbor.P

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 15applicable systems: All models.configure router bgp redistribute

Foundry AR-Series Router User Guide7 - 16 © 2004 Foundry Networks, Inc. June 2004configure router bgp neighbor advertisement_intervalThis command conf

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 17configure router bgp neighbor allowbadidThis command permits BGP sessions to be e

Foundry AR-Series Router User Guide7 - 18 © 2004 Foundry Networks, Inc. June 2004configure router bgp neighbor default_originateThis command sends the

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 19configure router bgp neighbor descriptionThis command describes or identifies a n

Foundry AR-Series Router User Guide7 - 20 © 2004 Foundry Networks, Inc. June 2004configure router bgp neighbor distribute_list This command configures

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 21configure router bgp neighbor ebgp_multihop This command configures multihop EBGP

Foundry AR-Series Router User Guide7 - 22 © 2004 Foundry Networks, Inc. June 2004configure router bgp neighbor filter_listThis command configures BGP

Foundry AR-Series Router User Guide viii © 2004 Foundry Networks, Inc. June 2004CONFIGURE ROUTER RIP INTERFACE NEIGHBOR ...

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 23configure router bgp neighbor keepThis command configures neighbor route storage

Foundry AR-Series Router User Guide7 - 24 © 2004 Foundry Networks, Inc. June 2004configure router bgp neighbor logupdownThis command configures loggin

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 25configure router bgp neighbor maximum_prefixThis command configures the maximum n

Foundry AR-Series Router User Guide7 - 26 © 2004 Foundry Networks, Inc. June 2004configure router bgp neighbor neighbor_group This command configures

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 27configure router bgp neighbor next_hop_selfThis command disables the next hop cal

Foundry AR-Series Router User Guide7 - 28 © 2004 Foundry Networks, Inc. June 2004configure router bgp neighbor passwordThis command configures a passw

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 29configure router bgp neighbor route_map This command applies a route map to a nei

Foundry AR-Series Router User Guide7 - 30 © 2004 Foundry Networks, Inc. June 2004configure router bgp neighbor timersThis command configure keepalive

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 31configure router bgp neighbor update_sourceThis command configures the source of

Foundry AR-Series Router User Guide7 - 32 © 2004 Foundry Networks, Inc. June 2004configure router bgp redistributeThis command provides access to the

ContentsJune 2004 © 2004 Foundry Networks, Inc. ixGENERIC ROUTING ENCAPSULATION (GRE) ...

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 33configure router bgp redistribute connectedThis command redistributes interface r

Foundry AR-Series Router User Guide7 - 34 © 2004 Foundry Networks, Inc. June 2004configure router bgp redistribute ospfThis command configures the rou

BGP4 Configure CommandsJune 2004 © 2004 Foundry Networks, Inc. 7 - 35configure router bgp redistribute ripThis command configures a router to redistri

Foundry AR-Series Router User Guide7 - 36 © 2004 Foundry Networks, Inc. June 2004configure router bgp redistribute staticThis command configures a rou

June 2004 © 2004 Foundry Networks, Inc. 8 - 1Chapter 8BGP4 show CommandsUse BGP show commands to display all configured BGP information.NOTE: The CLI

Foundry AR-Series Router User Guide8 - 2 © 2004 Foundry Networks, Inc. June 2004show ip bgp aggregate_addressThis command displays a list of configure

BGP4 show CommandsJune 2004 © 2004 Foundry Networks, Inc. 8 - 3show ip bgp community This command displays routes that match BGP communities.Parameter

Foundry AR-Series Router User Guide8 - 4 © 2004 Foundry Networks, Inc. June 2004applicable systems: All models.Table 8.1: Status and Origin CodesStatu

BGP4 show CommandsJune 2004 © 2004 Foundry Networks, Inc. 8 - 5show ip bgp groupsThis command provides information about BGP groups.syntax:show ip bgp

Foundry AR-Series Router User Guide8 - 6 © 2004 Foundry Networks, Inc. June 2004show ip bgp neighbors This command displays detailed information and s